Bug Summary

File:src/usr.sbin/ldapd/obj/parse.c
Warning:line 1391, column 13
Attempt to free released memory

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name parse.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/ldapd/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.sbin/ldapd -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/ldapd/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c parse.c
1#include <stdlib.h>
2#include <string.h>
3#define YYBYACC1 1
4#define YYMAJOR1 1
5#define YYMINOR9 9
6#define YYLEXyylex() yylex()
7#define YYEMPTY-1 -1
8#define yyclearin(yychar=(-1)) (yychar=(YYEMPTY-1))
9#define yyerrok(yyerrflag=0) (yyerrflag=0)
10#define YYRECOVERING()(yyerrflag!=0) (yyerrflag!=0)
11#define YYPREFIX"yy" "yy"
12#line 25 "/usr/src/usr.sbin/ldapd/parse.y"
13#include <sys/types.h>
14#include <sys/queue.h>
15#include <sys/tree.h>
16#include <sys/socket.h>
17#include <sys/stat.h>
18#include <sys/un.h>
19#include <netinet/in.h>
20#include <arpa/inet.h>
21
22#include <ctype.h>
23#include <err.h>
24#include <errno(*__errno()).h>
25#include <ifaddrs.h>
26#include <limits.h>
27#include <netdb.h>
28#include <stdarg.h>
29#include <stdio.h>
30#include <stdlib.h>
31#include <string.h>
32#include <syslog.h>
33#include <unistd.h>
34
35#include "ldapd.h"
36#include "log.h"
37
38TAILQ_HEAD(files, file)struct files { struct file *tqh_first; struct file **tqh_last
; } files = TAILQ_HEAD_INITIALIZER(files){ ((void*)0), &(files).tqh_first };
39static struct file {
40 TAILQ_ENTRY(file)struct { struct file *tqe_next; struct file **tqe_prev; } entry;
41 FILE *stream;
42 char *name;
43 size_t ungetpos;
44 size_t ungetsize;
45 u_char *ungetbuf;
46 int eof_reached;
47 int lineno;
48 int errors;
49} *file, *topfile;
50struct file *pushfile(const char *, int);
51int popfile(void);
52int check_file_secrecy(int, const char *);
53int yyparse(void);
54int yylex(void);
55int yyerror(const char *, ...)
56 __attribute__((__format__ (printf, 1, 2)))
57 __attribute__((__nonnull__ (1)));
58int kw_cmp(const void *, const void *);
59int lookup(char *);
60int igetc(void);
61int lgetc(int);
62void lungetc(int);
63int findeol(void);
64
65struct listener *host_unix(const char *path);
66struct listener *host_v4(const char *, in_port_t);
67struct listener *host_v6(const char *, in_port_t);
68int host_dns(const char *, const char *,
69 struct listenerlist *, in_port_t, u_int8_t);
70int host(const char *, const char *,
71 struct listenerlist *, in_port_t, u_int8_t);
72int interface(const char *, const char *,
73 struct listenerlist *, in_port_t, u_int8_t);
74int load_certfile(struct ldapd_config *, const char *, u_int8_t, u_int8_t);
75
76TAILQ_HEAD(symhead, sym)struct symhead { struct sym *tqh_first; struct sym **tqh_last
; } symhead = TAILQ_HEAD_INITIALIZER(symhead){ ((void*)0), &(symhead).tqh_first };
77struct sym {
78 TAILQ_ENTRY(sym)struct { struct sym *tqe_next; struct sym **tqe_prev; } entry;
79 int used;
80 int persist;
81 char *nam;
82 char *val;
83};
84int symset(const char *, const char *, int);
85char *symget(const char *);
86
87struct ldapd_config *conf;
88
89SPLAY_GENERATE(ssltree, ssl, ssl_nodes, ssl_cmp)struct ssl * ssltree_SPLAY_INSERT(struct ssltree *head, struct
ssl *elm) { if (((head)->sph_root == ((void*)0))) { (elm)
->ssl_nodes.spe_left = (elm)->ssl_nodes.spe_right = ((void
*)0); } else { int __comp; ssltree_SPLAY(head, elm); __comp =
(ssl_cmp)(elm, (head)->sph_root); if(__comp < 0) { (elm
)->ssl_nodes.spe_left = ((head)->sph_root)->ssl_nodes
.spe_left; (elm)->ssl_nodes.spe_right = (head)->sph_root
; ((head)->sph_root)->ssl_nodes.spe_left = ((void*)0); }
else if (__comp > 0) { (elm)->ssl_nodes.spe_right = ((
head)->sph_root)->ssl_nodes.spe_right; (elm)->ssl_nodes
.spe_left = (head)->sph_root; ((head)->sph_root)->ssl_nodes
.spe_right = ((void*)0); } else return ((head)->sph_root);
} (head)->sph_root = (elm); return (((void*)0)); } struct
ssl * ssltree_SPLAY_REMOVE(struct ssltree *head, struct ssl *
elm) { struct ssl *__tmp; if (((head)->sph_root == ((void*
)0))) return (((void*)0)); ssltree_SPLAY(head, elm); if ((ssl_cmp
)(elm, (head)->sph_root) == 0) { if (((head)->sph_root)
->ssl_nodes.spe_left == ((void*)0)) { (head)->sph_root =
((head)->sph_root)->ssl_nodes.spe_right; } else { __tmp
= ((head)->sph_root)->ssl_nodes.spe_right; (head)->
sph_root = ((head)->sph_root)->ssl_nodes.spe_left; ssltree_SPLAY
(head, elm); ((head)->sph_root)->ssl_nodes.spe_right = __tmp
; } return (elm); } return (((void*)0)); } void ssltree_SPLAY
(struct ssltree *head, struct ssl *elm) { struct ssl __node, *
__left, *__right, *__tmp; int __comp; (&__node)->ssl_nodes
.spe_left = (&__node)->ssl_nodes.spe_right = ((void*)0
); __left = __right = &__node; while ((__comp = (ssl_cmp)
(elm, (head)->sph_root))) { if (__comp < 0) { __tmp = (
(head)->sph_root)->ssl_nodes.spe_left; if (__tmp == ((void
*)0)) break; if ((ssl_cmp)(elm, __tmp) < 0){ do { ((head)->
sph_root)->ssl_nodes.spe_left = (__tmp)->ssl_nodes.spe_right
; (__tmp)->ssl_nodes.spe_right = (head)->sph_root; (head
)->sph_root = __tmp; } while (0); if (((head)->sph_root
)->ssl_nodes.spe_left == ((void*)0)) break; } do { (__right
)->ssl_nodes.spe_left = (head)->sph_root; __right = (head
)->sph_root; (head)->sph_root = ((head)->sph_root)->
ssl_nodes.spe_left; } while (0); } else if (__comp > 0) { __tmp
= ((head)->sph_root)->ssl_nodes.spe_right; if (__tmp ==
((void*)0)) break; if ((ssl_cmp)(elm, __tmp) > 0){ do { (
(head)->sph_root)->ssl_nodes.spe_right = (__tmp)->ssl_nodes
.spe_left; (__tmp)->ssl_nodes.spe_left = (head)->sph_root
; (head)->sph_root = __tmp; } while (0); if (((head)->sph_root
)->ssl_nodes.spe_right == ((void*)0)) break; } do { (__left
)->ssl_nodes.spe_right = (head)->sph_root; __left = (head
)->sph_root; (head)->sph_root = ((head)->sph_root)->
ssl_nodes.spe_right; } while (0); } } do { (__left)->ssl_nodes
.spe_right = ((head)->sph_root)->ssl_nodes.spe_left; (__right
)->ssl_nodes.spe_left = ((head)->sph_root)->ssl_nodes
.spe_right; ((head)->sph_root)->ssl_nodes.spe_left = (&
__node)->ssl_nodes.spe_right; ((head)->sph_root)->ssl_nodes
.spe_right = (&__node)->ssl_nodes.spe_left; } while (0
); } void ssltree_SPLAY_MINMAX(struct ssltree *head, int __comp
) { struct ssl __node, *__left, *__right, *__tmp; (&__node
)->ssl_nodes.spe_left = (&__node)->ssl_nodes.spe_right
= ((void*)0); __left = __right = &__node; while (1) { if
(__comp < 0) { __tmp = ((head)->sph_root)->ssl_nodes
.spe_left; if (__tmp == ((void*)0)) break; if (__comp < 0)
{ do { ((head)->sph_root)->ssl_nodes.spe_left = (__tmp)
->ssl_nodes.spe_right; (__tmp)->ssl_nodes.spe_right = (
head)->sph_root; (head)->sph_root = __tmp; } while (0);
if (((head)->sph_root)->ssl_nodes.spe_left == ((void*)
0)) break; } do { (__right)->ssl_nodes.spe_left = (head)->
sph_root; __right = (head)->sph_root; (head)->sph_root =
((head)->sph_root)->ssl_nodes.spe_left; } while (0); }
else if (__comp > 0) { __tmp = ((head)->sph_root)->
ssl_nodes.spe_right; if (__tmp == ((void*)0)) break; if (__comp
> 0) { do { ((head)->sph_root)->ssl_nodes.spe_right
= (__tmp)->ssl_nodes.spe_left; (__tmp)->ssl_nodes.spe_left
= (head)->sph_root; (head)->sph_root = __tmp; } while (
0); if (((head)->sph_root)->ssl_nodes.spe_right == ((void
*)0)) break; } do { (__left)->ssl_nodes.spe_right = (head)
->sph_root; __left = (head)->sph_root; (head)->sph_root
= ((head)->sph_root)->ssl_nodes.spe_right; } while (0)
; } } do { (__left)->ssl_nodes.spe_right = ((head)->sph_root
)->ssl_nodes.spe_left; (__right)->ssl_nodes.spe_left = (
(head)->sph_root)->ssl_nodes.spe_right; ((head)->sph_root
)->ssl_nodes.spe_left = (&__node)->ssl_nodes.spe_right
; ((head)->sph_root)->ssl_nodes.spe_right = (&__node
)->ssl_nodes.spe_left; } while (0); };
90
91static struct aci *mk_aci(int type, int rights, enum scope scope,
92 char *target, char *subject, char *attr);
93
94typedef struct {
95 union {
96 int64_t number;
97 char *string;
98 struct aci *aci;
99 } v;
100 int lineno;
101} YYSTYPE;
102
103static struct namespace *current_ns = NULL((void*)0);
104
105#line 106 "parse.c"
106#define ERROR257 257
107#define LISTEN258 258
108#define ON259 259
109#define LEGACY260 260
110#define TLS261 261
111#define LDAPS262 262
112#define PORT263 263
113#define NAMESPACE264 264
114#define ROOTDN265 265
115#define ROOTPW266 266
116#define INDEX267 267
117#define SECURE268 268
118#define RELAX269 269
119#define STRICT270 270
120#define SCHEMA271 271
121#define USE272 272
122#define COMPRESSION273 273
123#define LEVEL274 274
124#define INCLUDE275 275
125#define CERTIFICATE276 276
126#define FSYNC277 277
127#define CACHE_SIZE278 278
128#define INDEX_CACHE_SIZE279 279
129#define DENY280 280
130#define ALLOW281 281
131#define READ282 282
132#define WRITE283 283
133#define BIND284 284
134#define ACCESS285 285
135#define TO286 286
136#define ROOT287 287
137#define REFERRAL288 288
138#define ANY289 289
139#define CHILDREN290 290
140#define OF291 291
141#define ATTRIBUTE292 292
142#define IN293 293
143#define SUBTREE294 294
144#define BY295 295
145#define SELF296 296
146#define STRING297 297
147#define NUMBER298 298
148#define YYERRCODE256 256
149const short yylhs[] =
150 { -1,
151 0, 0, 0, 0, 0, 0, 0, 0, 0, 5,
152 5, 6, 6, 6, 6, 2, 15, 15, 1, 1,
153 1, 19, 19, 19, 19, 23, 20, 3, 3, 22,
154 22, 22, 24, 24, 24, 24, 24, 24, 24, 24,
155 24, 24, 24, 4, 4, 16, 16, 7, 7, 8,
156 8, 8, 9, 9, 10, 10, 10, 11, 11, 11,
157 12, 12, 12, 13, 13, 14, 14, 14, 14, 17,
158 18, 21,
159};
160const short yylen[] =
161 { 2,
162 0, 2, 3, 3, 3, 3, 3, 3, 3, 0,
163 1, 0, 1, 1, 1, 2, 0, 2, 2, 2,
164 0, 6, 2, 2, 2, 0, 7, 1, 1, 0,
165 2, 3, 2, 2, 2, 2, 2, 2, 1, 2,
166 2, 3, 2, 0, 2, 7, 2, 1, 1, 0,
167 1, 2, 1, 3, 1, 1, 1, 0, 1, 2,
168 1, 1, 1, 0, 2, 0, 2, 2, 2, 2,
169 3, 2,
170};
171const short yydefred[] =
172 { 1,
173 0, 0, 0, 0, 0, 0, 0, 0, 48, 49,
174 0, 0, 2, 0, 0, 0, 0, 0, 0, 0,
175 6, 0, 0, 24, 25, 72, 70, 23, 0, 55,
176 56, 57, 51, 0, 0, 53, 8, 3, 4, 5,
177 7, 9, 0, 0, 71, 0, 52, 0, 0, 0,
178 26, 0, 59, 0, 54, 19, 20, 11, 0, 0,
179 30, 60, 62, 61, 63, 0, 0, 22, 13, 14,
180 15, 16, 0, 0, 0, 18, 0, 0, 0, 0,
181 0, 0, 0, 0, 0, 0, 31, 27, 39, 0,
182 65, 0, 46, 33, 34, 35, 40, 41, 0, 29,
183 28, 38, 36, 37, 43, 32, 67, 69, 68, 0,
184 42, 45,
185};
186const short yydgoto[] =
187 { 1,
188 50, 59, 102, 111, 60, 72, 14, 34, 35, 36,
189 54, 66, 75, 93, 68, 15, 16, 17, 18, 19,
190 20, 73, 61, 90,
191};
192const short yysindex[] =
193 { 0,
194 -10, 8, -238, -269, -265, -261, -260, -259, 0, 0,
195 -257, -22, 0, -258, 31, 32, 34, 35, 36, 37,
196 0, -249, -74, 0, 0, 0, 0, 0, -247, 0,
197 0, 0, 0, -235, -40, 0, 0, 0, 0, 0,
198 0, 0, -211, 43, 0, -271, 0, -253, -263, -206,
199 0, -236, 0, -280, 0, 0, 0, 0, -220, -246,
200 0, 0, 0, 0, 0, -234, -240, 0, 0, 0,
201 0, 0, 23, -237, -233, 0, -232, -231, -230, -212,
202 -210, -209, -254, -229, -228, -226, 0, 0, 0, 53,
203 0, -283, 0, 0, 0, 0, 0, 0, -202, 0,
204 0, 0, 0, 0, 0, 0, 0, 0, 0, -225,
205 0, 0,};
206const short yyrindex[] =
207 { 0,
208 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
209 0, 0, 0, -7, 0, 0, 0, 0, 0, 0,
210 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
211 0, 0, 0, 58, 0, 0, 0, 0, 0, 0,
212 0, 0, -2, 0, 0, -277, 0, 0, 0, 1,
213 0, 0, 0, 0, 0, 0, 0, 0, 64, -8,
214 0, 0, 0, 0, 0, -9, 0, 0, 0, 0,
215 0, 0, 0, 0, 65, 0, 0, 0, 0, 0,
216 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
217 0, 0, 0, 0, 0, 0, 0, 0, 66, 0,
218 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
219 0, 0,};
220const short yygindex[] =
221 { 0,
222 0, 0, 0, 0, 0, 0, 0, 0, 0, 29,
223 0, 0, 0, 0, 0, 5, 0, 0, 0, 0,
224 0, 0, 0, 0,
225};
226#define YYTABLESIZE311 311
227const short yytable[] =
228 { 13,
229 64, 12, 50, 48, 100, 107, 63, 21, 64, 58,
230 10, 58, 108, 109, 69, 70, 65, 21, 52, 58,
231 22, 71, 53, 30, 31, 32, 33, 23, 30, 31,
232 32, 24, 87, 56, 57, 25, 26, 27, 29, 28,
233 37, 38, 101, 39, 40, 41, 42, 43, 44, 45,
234 46, 49, 51, 58, 62, 67, 76, 74, 97, 91,
235 98, 92, 106, 99, 94, 95, 96, 47, 103, 104,
236 105, 110, 112, 17, 66, 44, 55, 89, 0, 0,
237 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
238 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
239 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
240 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
241 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
242 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
243 0, 0, 0, 0, 0, 0, 0, 88, 0, 0,
244 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
245 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
246 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
247 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
248 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
249 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
250 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
252 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
253 0, 0, 0, 0, 47, 2, 0, 3, 0, 0,
254 0, 0, 0, 4, 5, 6, 0, 21, 21, 21,
255 7, 10, 10, 0, 8, 21, 0, 12, 10, 9,
256 10, 0, 0, 21, 0, 0, 10, 11, 50, 0,
257 0, 0, 0, 0, 0, 64, 12, 77, 78, 79,
258 0, 80, 81, 0, 82, 0, 0, 0, 0, 83,
259 84, 85, 9, 10, 0, 0, 0, 0, 0, 0,
260 86,
261};
262const short yycheck[] =
263 { 10,
264 10, 10, 10, 44, 259, 289, 287, 10, 289, 287,
265 10, 289, 296, 297, 261, 262, 297, 10, 290, 297,
266 259, 268, 294, 282, 283, 284, 285, 297, 282, 283,
267 284, 297, 10, 297, 298, 297, 297, 297, 61, 297,
268 10, 10, 297, 10, 10, 10, 10, 297, 123, 297,
269 286, 263, 10, 260, 291, 276, 297, 292, 271, 297,
270 271, 295, 10, 273, 297, 297, 297, 10, 298, 298,
271 297, 274, 298, 10, 10, 10, 48, 73, -1, -1,
272 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
273 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
274 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
275 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
276 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
277 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
278 -1, -1, -1, -1, -1, -1, -1, 125, -1, -1,
279 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
280 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
281 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
282 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
283 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
284 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
285 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
286 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
287 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
288 -1, -1, -1, -1, 285, 256, -1, 258, -1, -1,
289 -1, -1, -1, 264, 265, 266, -1, 260, 261, 262,
290 271, 261, 262, -1, 275, 268, -1, 276, 268, 280,
291 281, -1, -1, 276, -1, -1, 276, 288, 286, -1,
292 -1, -1, -1, -1, -1, 295, 297, 265, 266, 267,
293 -1, 269, 270, -1, 272, -1, -1, -1, -1, 277,
294 278, 279, 280, 281, -1, -1, -1, -1, -1, -1,
295 288,
296};
297#define YYFINAL1 1
298#ifndef YYDEBUG0
299#define YYDEBUG0 0
300#endif
301#define YYMAXTOKEN298 298
302#if YYDEBUG0
303const char * const yyname[] =
304 {
305"end-of-file",0,0,0,0,0,0,0,0,0,"'\\n'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
3060,0,0,0,0,0,0,0,0,0,0,0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'='",0,0,0,0,0,
3070,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
3080,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'{'",0,"'}'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
3090,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
3100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
3110,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"ERROR",
312"LISTEN","ON","LEGACY","TLS","LDAPS","PORT","NAMESPACE","ROOTDN","ROOTPW",
313"INDEX","SECURE","RELAX","STRICT","SCHEMA","USE","COMPRESSION","LEVEL",
314"INCLUDE","CERTIFICATE","FSYNC","CACHE_SIZE","INDEX_CACHE_SIZE","DENY","ALLOW",
315"READ","WRITE","BIND","ACCESS","TO","ROOT","REFERRAL","ANY","CHILDREN","OF",
316"ATTRIBUTE","IN","SUBTREE","BY","SELF","STRING","NUMBER",
317};
318const char * const yyrule[] =
319 {"$accept : grammar",
320"grammar :",
321"grammar : grammar '\\n'",
322"grammar : grammar include '\\n'",
323"grammar : grammar varset '\\n'",
324"grammar : grammar conf_main '\\n'",
325"grammar : grammar error '\\n'",
326"grammar : grammar namespace '\\n'",
327"grammar : grammar aci '\\n'",
328"grammar : grammar schema '\\n'",
329"legacy :",
330"legacy : LEGACY",
331"protocol :",
332"protocol : TLS",
333"protocol : LDAPS",
334"protocol : SECURE",
335"ssl : legacy protocol",
336"certname :",
337"certname : CERTIFICATE STRING",
338"port : PORT STRING",
339"port : PORT NUMBER",
340"port :",
341"conf_main : LISTEN ON STRING port ssl certname",
342"conf_main : REFERRAL STRING",
343"conf_main : ROOTDN STRING",
344"conf_main : ROOTPW STRING",
345"$$1 :",
346"namespace : NAMESPACE STRING '{' '\\n' $$1 ns_opts '}'",
347"boolean : STRING",
348"boolean : ON",
349"ns_opts :",
350"ns_opts : ns_opts '\\n'",
351"ns_opts : ns_opts ns_opt '\\n'",
352"ns_opt : ROOTDN STRING",
353"ns_opt : ROOTPW STRING",
354"ns_opt : INDEX STRING",
355"ns_opt : CACHE_SIZE NUMBER",
356"ns_opt : INDEX_CACHE_SIZE NUMBER",
357"ns_opt : FSYNC boolean",
358"ns_opt : aci",
359"ns_opt : RELAX SCHEMA",
360"ns_opt : STRICT SCHEMA",
361"ns_opt : USE COMPRESSION comp_level",
362"ns_opt : REFERRAL STRING",
363"comp_level :",
364"comp_level : LEVEL NUMBER",
365"aci : aci_type aci_access TO aci_scope aci_target aci_attr aci_subject",
366"aci : aci_type aci_access",
367"aci_type : DENY",
368"aci_type : ALLOW",
369"aci_access :",
370"aci_access : ACCESS",
371"aci_access : aci_rights ACCESS",
372"aci_rights : aci_right",
373"aci_rights : aci_rights ',' aci_right",
374"aci_right : READ",
375"aci_right : WRITE",
376"aci_right : BIND",
377"aci_scope :",
378"aci_scope : SUBTREE",
379"aci_scope : CHILDREN OF",
380"aci_target : ANY",
381"aci_target : ROOT",
382"aci_target : STRING",
383"aci_attr :",
384"aci_attr : ATTRIBUTE STRING",
385"aci_subject :",
386"aci_subject : BY ANY",
387"aci_subject : BY STRING",
388"aci_subject : BY SELF",
389"include : INCLUDE STRING",
390"varset : STRING '=' STRING",
391"schema : SCHEMA STRING",
392};
393#endif
394#ifdef YYSTACKSIZE10000
395#undef YYMAXDEPTH10000
396#define YYMAXDEPTH10000 YYSTACKSIZE10000
397#else
398#ifdef YYMAXDEPTH10000
399#define YYSTACKSIZE10000 YYMAXDEPTH10000
400#else
401#define YYSTACKSIZE10000 10000
402#define YYMAXDEPTH10000 10000
403#endif
404#endif
405#define YYINITSTACKSIZE200 200
406/* LINTUSED */
407int yydebug;
408int yynerrs;
409int yyerrflag;
410int yychar;
411short *yyssp;
412YYSTYPE *yyvsp;
413YYSTYPE yyval;
414YYSTYPE yylval;
415short *yyss;
416short *yysslim;
417YYSTYPE *yyvs;
418unsigned int yystacksize;
419int yyparse(void);
420#line 408 "/usr/src/usr.sbin/ldapd/parse.y"
421
422struct keywords {
423 const char *k_name;
424 int k_val;
425};
426
427int
428yyerror(const char *fmt, ...)
429{
430 va_list ap;
431 char *msg;
432
433 file->errors++;
434 va_start(ap, fmt)__builtin_va_start(ap, fmt);
435 if (vasprintf(&msg, fmt, ap) == -1)
436 fatalx("yyerror vasprintf");
437 va_end(ap)__builtin_va_end(ap);
438 logit(LOG_CRIT2, "%s:%d: %s", file->name, yylval.lineno, msg);
439 free(msg);
440 return (0);
441}
442
443int
444kw_cmp(const void *k, const void *e)
445{
446 return (strcmp(k, ((const struct keywords *)e)->k_name));
447}
448
449int
450lookup(char *s)
451{
452 /* this has to be sorted always */
453 static const struct keywords keywords[] = {
454 { "access", ACCESS285 },
455 { "allow", ALLOW281 },
456 { "any", ANY289 },
457 { "attribute", ATTRIBUTE292 },
458 { "bind", BIND284 },
459 { "by", BY295 },
460 { "cache-size", CACHE_SIZE278 },
461 { "certificate", CERTIFICATE276 },
462 { "children", CHILDREN290 },
463 { "compression", COMPRESSION273 },
464 { "deny", DENY280 },
465 { "fsync", FSYNC277 },
466 { "in", IN293 },
467 { "include", INCLUDE275 },
468 { "index", INDEX267 },
469 { "index-cache-size", INDEX_CACHE_SIZE279 },
470 { "ldaps", LDAPS262 },
471 { "legacy", LEGACY260 },
472 { "level", LEVEL274 },
473 { "listen", LISTEN258 },
474 { "namespace", NAMESPACE264 },
475 { "of", OF291 },
476 { "on", ON259 },
477 { "port", PORT263 },
478 { "read", READ282 },
479 { "referral", REFERRAL288 },
480 { "relax", RELAX269 },
481 { "root", ROOT287 },
482 { "rootdn", ROOTDN265 },
483 { "rootpw", ROOTPW266 },
484 { "schema", SCHEMA271 },
485 { "secure", SECURE268 },
486 { "self", SELF296 },
487 { "strict", STRICT270 },
488 { "subtree", SUBTREE294 },
489 { "tls", TLS261 },
490 { "to", TO286 },
491 { "use", USE272 },
492 { "write", WRITE283 },
493
494 };
495 const struct keywords *p;
496
497 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
498 sizeof(keywords[0]), kw_cmp);
499
500 if (p)
501 return (p->k_val);
502 else
503 return (STRING297);
504}
505
506#define START_EXPAND1 1
507#define DONE_EXPAND2 2
508
509static int expanding;
510
511int
512igetc(void)
513{
514 int c;
515
516 while (1) {
517 if (file->ungetpos > 0)
518 c = file->ungetbuf[--file->ungetpos];
519 else
520 c = getc(file->stream)(!__isthreaded ? (--(file->stream)->_r < 0 ? __srget
(file->stream) : (int)(*(file->stream)->_p++)) : (getc
)(file->stream));
521
522 if (c == START_EXPAND1)
523 expanding = 1;
524 else if (c == DONE_EXPAND2)
525 expanding = 0;
526 else
527 break;
528 }
529 return (c);
530}
531
532int
533lgetc(int quotec)
534{
535 int c, next;
536
537 if (quotec) {
538 if ((c = igetc()) == EOF(-1)) {
539 yyerror("reached end of file while parsing "
540 "quoted string");
541 if (file == topfile || popfile() == EOF(-1))
542 return (EOF(-1));
543 return (quotec);
544 }
545 return (c);
546 }
547
548 while ((c = igetc()) == '\\') {
549 next = igetc();
550 if (next != '\n') {
551 c = next;
552 break;
553 }
554 yylval.lineno = file->lineno;
555 file->lineno++;
556 }
557
558 if (c == EOF(-1)) {
559 /*
560 * Fake EOL when hit EOF for the first time. This gets line
561 * count right if last line in included file is syntactically
562 * invalid and has no newline.
563 */
564 if (file->eof_reached == 0) {
565 file->eof_reached = 1;
566 return ('\n');
567 }
568 while (c == EOF(-1)) {
569 if (file == topfile || popfile() == EOF(-1))
570 return (EOF(-1));
571 c = igetc();
572 }
573 }
574 return (c);
575}
576
577void
578lungetc(int c)
579{
580 if (c == EOF(-1))
581 return;
582
583 if (file->ungetpos >= file->ungetsize) {
584 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
585 if (p == NULL((void*)0))
586 err(1, "%s", __func__);
587 file->ungetbuf = p;
588 file->ungetsize *= 2;
589 }
590 file->ungetbuf[file->ungetpos++] = c;
591}
592
593int
594findeol(void)
595{
596 int c;
597
598 /* skip to either EOF or the first real EOL */
599 while (1) {
600 c = lgetc(0);
601 if (c == '\n') {
602 file->lineno++;
603 break;
604 }
605 if (c == EOF(-1))
606 break;
607 }
608 return (ERROR257);
609}
610
611int
612yylex(void)
613{
614 char buf[4096];
615 char *p, *val;
616 int quotec, next, c;
617 int token;
618
619top:
620 p = buf;
621 while ((c = lgetc(0)) == ' ' || c == '\t')
622 ; /* nothing */
623
624 yylval.lineno = file->lineno;
625 if (c == '#')
626 while ((c = lgetc(0)) != '\n' && c != EOF(-1))
627 ; /* nothing */
628 if (c == '$' && !expanding) {
629 while (1) {
630 if ((c = lgetc(0)) == EOF(-1))
631 return (0);
632
633 if (p + 1 >= buf + sizeof(buf) - 1) {
634 yyerror("string too long");
635 return (findeol());
636 }
637 if (isalnum(c) || c == '_') {
638 *p++ = c;
639 continue;
640 }
641 *p = '\0';
642 lungetc(c);
643 break;
644 }
645 val = symget(buf);
646 if (val == NULL((void*)0)) {
647 yyerror("macro '%s' not defined", buf);
648 return (findeol());
649 }
650 p = val + strlen(val) - 1;
651 lungetc(DONE_EXPAND2);
652 while (p >= val) {
653 lungetc((unsigned char)*p);
654 p--;
655 }
656 lungetc(START_EXPAND1);
657 goto top;
658 }
659
660 switch (c) {
661 case '\'':
662 case '"':
663 quotec = c;
664 while (1) {
665 if ((c = lgetc(quotec)) == EOF(-1))
666 return (0);
667 if (c == '\n') {
668 file->lineno++;
669 continue;
670 } else if (c == '\\') {
671 if ((next = lgetc(quotec)) == EOF(-1))
672 return (0);
673 if (next == quotec || next == ' ' ||
674 next == '\t')
675 c = next;
676 else if (next == '\n') {
677 file->lineno++;
678 continue;
679 } else
680 lungetc(next);
681 } else if (c == quotec) {
682 *p = '\0';
683 break;
684 } else if (c == '\0') {
685 yyerror("syntax error");
686 return (findeol());
687 }
688 if (p + 1 >= buf + sizeof(buf) - 1) {
689 log_warnx("string too long");
690 return (findeol());
691 }
692 *p++ = c;
693 }
694 yylval.v.string = strdup(buf);
695 if (yylval.v.string == NULL((void*)0))
696 fatal("yylex: strdup");
697 return (STRING297);
698 }
699
700#define allowed_to_end_number(x)(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' ||
x == '=') \
701 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
702
703 if (c == '-' || isdigit(c)) {
704 do {
705 *p++ = c;
706 if ((size_t)(p-buf) >= sizeof(buf)) {
707 yyerror("string too long");
708 return (findeol());
709 }
710 } while ((c = lgetc(0)) != EOF(-1) && isdigit(c));
711 lungetc(c);
712 if (p == buf + 1 && buf[0] == '-')
713 goto nodigits;
714 if (c == EOF(-1) || allowed_to_end_number(c)(isspace(c) || c == ')' || c ==',' || c == '/' || c == '}' ||
c == '=')) {
715 const char *errstr = NULL((void*)0);
716
717 *p = '\0';
718 yylval.v.number = strtonum(buf, LLONG_MIN(-9223372036854775807LL -1LL),
719 LLONG_MAX9223372036854775807LL, &errstr);
720 if (errstr) {
721 yyerror("\"%s\" invalid number: %s",
722 buf, errstr);
723 return (findeol());
724 }
725 return (NUMBER298);
726 } else {
727nodigits:
728 while (p > buf + 1)
729 lungetc((unsigned char)*--p);
730 c = (unsigned char)*--p;
731 if (c == '-')
732 return (c);
733 }
734 }
735
736#define allowed_in_string(x)(isalnum(x) || (ispunct(x) && x != '(' && x !=
')' && x != '{' && x != '}' && x != '<'
&& x != '>' && x != '!' && x != '='
&& x != '/' && x != '#' && x != ',')
) \
737 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
738 x != '{' && x != '}' && x != '<' && x != '>' && \
739 x != '!' && x != '=' && x != '/' && x != '#' && \
740 x != ','))
741
742 if (isalnum(c) || c == ':' || c == '_' || c == '*') {
743 do {
744 *p++ = c;
745 if ((size_t)(p-buf) >= sizeof(buf)) {
746 yyerror("string too long");
747 return (findeol());
748 }
749 } while ((c = lgetc(0)) != EOF(-1) && (allowed_in_string(c)(isalnum(c) || (ispunct(c) && c != '(' && c !=
')' && c != '{' && c != '}' && c != '<'
&& c != '>' && c != '!' && c != '='
&& c != '/' && c != '#' && c != ',')
)));
750 lungetc(c);
751 *p = '\0';
752 if ((token = lookup(buf)) == STRING297)
753 if ((yylval.v.string = strdup(buf)) == NULL((void*)0))
754 fatal("yylex: strdup");
755 return (token);
756 }
757 if (c == '\n') {
758 yylval.lineno = file->lineno;
759 file->lineno++;
760 }
761 if (c == EOF(-1))
762 return (0);
763 return (c);
764}
765
766int
767check_file_secrecy(int fd, const char *fname)
768{
769 struct stat st;
770
771 if (fstat(fd, &st)) {
772 log_warn("cannot stat %s", fname);
773 return (-1);
774 }
775 if (st.st_uid != 0 && st.st_uid != getuid()) {
776 log_warnx("%s: owner not root or current user", fname);
777 return (-1);
778 }
779 if (st.st_mode & (S_IWGRP0000020 | S_IXGRP0000010 | S_IRWXO0000007)) {
780 log_warnx("%s: group writable or world read/writable", fname);
781 return (-1);
782 }
783 return (0);
784}
785
786struct file *
787pushfile(const char *name, int secret)
788{
789 struct file *nfile;
790
791 log_debug("parsing config %s", name);
792
793 if ((nfile = calloc(1, sizeof(struct file))) == NULL((void*)0)) {
794 log_warn("%s", __func__);
795 return (NULL((void*)0));
796 }
797 if ((nfile->name = strdup(name)) == NULL((void*)0)) {
798 log_warn("%s", __func__);
799 free(nfile);
800 return (NULL((void*)0));
801 }
802 if ((nfile->stream = fopen(nfile->name, "r")) == NULL((void*)0)) {
803 log_warn("%s: %s", __func__, nfile->name);
804 free(nfile->name);
805 free(nfile);
806 return (NULL((void*)0));
807 }
808 if (secret &&
809 check_file_secrecy(fileno(nfile->stream)(!__isthreaded ? ((nfile->stream)->_file) : (fileno)(nfile
->stream)), nfile->name)) {
810 fclose(nfile->stream);
811 free(nfile->name);
812 free(nfile);
813 return (NULL((void*)0));
814 }
815 nfile->lineno = TAILQ_EMPTY(&files)(((&files)->tqh_first) == ((void*)0)) ? 1 : 0;
816 nfile->ungetsize = 16;
817 nfile->ungetbuf = malloc(nfile->ungetsize);
818 if (nfile->ungetbuf == NULL((void*)0)) {
819 log_warn("%s", __func__);
820 fclose(nfile->stream);
821 free(nfile->name);
822 free(nfile);
823 return (NULL((void*)0));
824 }
825 TAILQ_INSERT_TAIL(&files, nfile, entry)do { (nfile)->entry.tqe_next = ((void*)0); (nfile)->entry
.tqe_prev = (&files)->tqh_last; *(&files)->tqh_last
= (nfile); (&files)->tqh_last = &(nfile)->entry
.tqe_next; } while (0);
826 return (nfile);
827}
828
829int
830popfile(void)
831{
832 struct file *prev;
833
834 if ((prev = TAILQ_PREV(file, files, entry)(*(((struct files *)((file)->entry.tqe_prev))->tqh_last
))) != NULL((void*)0))
835 prev->errors += file->errors;
836
837 TAILQ_REMOVE(&files, file, entry)do { if (((file)->entry.tqe_next) != ((void*)0)) (file)->
entry.tqe_next->entry.tqe_prev = (file)->entry.tqe_prev
; else (&files)->tqh_last = (file)->entry.tqe_prev;
*(file)->entry.tqe_prev = (file)->entry.tqe_next; ; ; }
while (0);
838 fclose(file->stream);
839 free(file->name);
840 free(file->ungetbuf);
841 free(file);
842 file = prev;
843 return (file ? 0 : EOF(-1));
844}
845
846int
847parse_config(char *filename)
848{
849 struct sym *sym, *next;
850 int errors = 0;
851
852 if ((conf = calloc(1, sizeof(struct ldapd_config))) == NULL((void*)0))
853 fatal(NULL((void*)0));
854
855 conf->schema = schema_new();
856 if (conf->schema == NULL((void*)0))
857 fatal("schema_new");
858
859 TAILQ_INIT(&conf->namespaces)do { (&conf->namespaces)->tqh_first = ((void*)0); (
&conf->namespaces)->tqh_last = &(&conf->
namespaces)->tqh_first; } while (0);
860 TAILQ_INIT(&conf->listeners)do { (&conf->listeners)->tqh_first = ((void*)0); (&
conf->listeners)->tqh_last = &(&conf->listeners
)->tqh_first; } while (0);
861 if ((conf->sc_ssl = calloc(1, sizeof(*conf->sc_ssl))) == NULL((void*)0))
862 fatal(NULL((void*)0));
863 SPLAY_INIT(conf->sc_ssl)do { (conf->sc_ssl)->sph_root = ((void*)0); } while (0);
864 SIMPLEQ_INIT(&conf->acl)do { (&conf->acl)->sqh_first = ((void*)0); (&conf
->acl)->sqh_last = &(&conf->acl)->sqh_first
; } while (0);
865 SLIST_INIT(&conf->referrals){ ((&conf->referrals)->slh_first) = ((void*)0); };
866
867 if ((file = pushfile(filename, 1)) == NULL((void*)0)) {
868 free(conf);
869 return (-1);
870 }
871 topfile = file;
872
873 yyparse();
874 errors = file->errors;
875 popfile();
876
877 /* Free macros and check which have not been used. */
878 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next)for ((sym) = ((&symhead)->tqh_first); (sym) != ((void*
)0) && ((next) = ((sym)->entry.tqe_next), 1); (sym
) = (next)) {
879 log_debug("warning: macro \"%s\" not used", sym->nam);
880 if (!sym->persist) {
881 free(sym->nam);
882 free(sym->val);
883 TAILQ_REMOVE(&symhead, sym, entry)do { if (((sym)->entry.tqe_next) != ((void*)0)) (sym)->
entry.tqe_next->entry.tqe_prev = (sym)->entry.tqe_prev;
else (&symhead)->tqh_last = (sym)->entry.tqe_prev;
*(sym)->entry.tqe_prev = (sym)->entry.tqe_next; ; ; } while
(0);
884 free(sym);
885 }
886 }
887
888 return (errors ? -1 : 0);
889}
890
891int
892symset(const char *nam, const char *val, int persist)
893{
894 struct sym *sym;
895
896 TAILQ_FOREACH(sym, &symhead, entry)for((sym) = ((&symhead)->tqh_first); (sym) != ((void*)
0); (sym) = ((sym)->entry.tqe_next)) {
897 if (strcmp(nam, sym->nam) == 0)
898 break;
899 }
900
901 if (sym != NULL((void*)0)) {
902 if (sym->persist == 1)
903 return (0);
904 else {
905 free(sym->nam);
906 free(sym->val);
907 TAILQ_REMOVE(&symhead, sym, entry)do { if (((sym)->entry.tqe_next) != ((void*)0)) (sym)->
entry.tqe_next->entry.tqe_prev = (sym)->entry.tqe_prev;
else (&symhead)->tqh_last = (sym)->entry.tqe_prev;
*(sym)->entry.tqe_prev = (sym)->entry.tqe_next; ; ; } while
(0);
908 free(sym);
909 }
910 }
911 if ((sym = calloc(1, sizeof(*sym))) == NULL((void*)0))
912 return (-1);
913
914 sym->nam = strdup(nam);
915 if (sym->nam == NULL((void*)0)) {
916 free(sym);
917 return (-1);
918 }
919 sym->val = strdup(val);
920 if (sym->val == NULL((void*)0)) {
921 free(sym->nam);
922 free(sym);
923 return (-1);
924 }
925 sym->used = 0;
926 sym->persist = persist;
927 TAILQ_INSERT_TAIL(&symhead, sym, entry)do { (sym)->entry.tqe_next = ((void*)0); (sym)->entry.tqe_prev
= (&symhead)->tqh_last; *(&symhead)->tqh_last =
(sym); (&symhead)->tqh_last = &(sym)->entry.tqe_next
; } while (0);
928 return (0);
929}
930
931int
932cmdline_symset(char *s)
933{
934 char *sym, *val;
935 int ret;
936
937 if ((val = strrchr(s, '=')) == NULL((void*)0))
938 return (-1);
939 sym = strndup(s, val - s);
940 if (sym == NULL((void*)0))
941 fatal("%s: strndup", __func__);
942 ret = symset(sym, val + 1, 1);
943 free(sym);
944
945 return (ret);
946}
947
948char *
949symget(const char *nam)
950{
951 struct sym *sym;
952
953 TAILQ_FOREACH(sym, &symhead, entry)for((sym) = ((&symhead)->tqh_first); (sym) != ((void*)
0); (sym) = ((sym)->entry.tqe_next)) {
954 if (strcmp(nam, sym->nam) == 0) {
955 sym->used = 1;
956 return (sym->val);
957 }
958 }
959 return (NULL((void*)0));
960}
961
962struct listener *
963host_unix(const char *path)
964{
965 struct sockaddr_un *saun;
966 struct listener *h;
967
968 if (*path != '/')
969 return (NULL((void*)0));
970
971 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
972 fatal(NULL((void*)0));
973 saun = (struct sockaddr_un *)&h->ss;
974 saun->sun_len = sizeof(struct sockaddr_un);
975 saun->sun_family = AF_UNIX1;
976 if (strlcpy(saun->sun_path, path, sizeof(saun->sun_path)) >=
977 sizeof(saun->sun_path))
978 fatal("socket path too long");
979 h->flags = F_SECURE0x04;
980
981 return (h);
982}
983
984struct listener *
985host_v4(const char *s, in_port_t port)
986{
987 struct in_addr ina;
988 struct sockaddr_in *sain;
989 struct listener *h;
990
991 memset(&ina, 0, sizeof(ina));
992 if (inet_pton(AF_INET2, s, &ina) != 1)
993 return (NULL((void*)0));
994
995 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
996 fatal(NULL((void*)0));
997 sain = (struct sockaddr_in *)&h->ss;
998 sain->sin_len = sizeof(struct sockaddr_in);
999 sain->sin_family = AF_INET2;
1000 sain->sin_addr.s_addr = ina.s_addr;
1001 sain->sin_port = port;
1002
1003 return (h);
1004}
1005
1006struct listener *
1007host_v6(const char *s, in_port_t port)
1008{
1009 struct in6_addr ina6;
1010 struct sockaddr_in6 *sin6;
1011 struct listener *h;
1012
1013 memset(&ina6, 0, sizeof(ina6));
1014 if (inet_pton(AF_INET624, s, &ina6) != 1)
1015 return (NULL((void*)0));
1016
1017 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
1018 fatal(NULL((void*)0));
1019 sin6 = (struct sockaddr_in6 *)&h->ss;
1020 sin6->sin6_len = sizeof(struct sockaddr_in6);
1021 sin6->sin6_family = AF_INET624;
1022 sin6->sin6_port = port;
1023 memcpy(&sin6->sin6_addr, &ina6, sizeof(ina6));
1024
1025 return (h);
1026}
1027
1028int
1029host_dns(const char *s, const char *cert,
1030 struct listenerlist *al, in_port_t port, u_int8_t flags)
1031{
1032 struct addrinfo hints, *res0, *res;
1033 int error;
1034 struct sockaddr_in *sain;
1035 struct sockaddr_in6 *sin6;
1036 struct listener *h;
1037
1038 memset(&hints, 0, sizeof(hints));
1039 hints.ai_family = PF_UNSPEC0;
1040 hints.ai_socktype = SOCK_DGRAM2; /* DUMMY */
1041 error = getaddrinfo(s, NULL((void*)0), &hints, &res0);
1042 if (error == EAI_AGAIN-3 || error == EAI_NODATA-5 || error == EAI_NONAME-2)
1043 return (0);
1044 if (error) {
1045 log_warnx("host_dns: could not parse \"%s\": %s", s,
1046 gai_strerror(error));
1047 return (-1);
1048 }
1049
1050 for (res = res0; res; res = res->ai_next) {
1051 if (res->ai_family != AF_INET2 &&
1052 res->ai_family != AF_INET624)
1053 continue;
1054 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
1055 fatal(NULL((void*)0));
1056
1057 h->port = port;
1058 h->flags = flags;
1059 h->ss.ss_family = res->ai_family;
1060 h->ssl = NULL((void*)0);
1061 h->ssl_cert_name[0] = '\0';
1062 if (cert != NULL((void*)0))
1063 (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1064
1065 if (res->ai_family == AF_INET2) {
1066 sain = (struct sockaddr_in *)&h->ss;
1067 sain->sin_len = sizeof(struct sockaddr_in);
1068 sain->sin_addr.s_addr = ((struct sockaddr_in *)
1069 res->ai_addr)->sin_addr.s_addr;
1070 sain->sin_port = port;
1071 } else {
1072 sin6 = (struct sockaddr_in6 *)&h->ss;
1073 sin6->sin6_len = sizeof(struct sockaddr_in6);
1074 memcpy(&sin6->sin6_addr, &((struct sockaddr_in6 *)
1075 res->ai_addr)->sin6_addr, sizeof(struct in6_addr));
1076 sin6->sin6_port = port;
1077 }
1078
1079 TAILQ_INSERT_HEAD(al, h, entry)do { if (((h)->entry.tqe_next = (al)->tqh_first) != ((void
*)0)) (al)->tqh_first->entry.tqe_prev = &(h)->entry
.tqe_next; else (al)->tqh_last = &(h)->entry.tqe_next
; (al)->tqh_first = (h); (h)->entry.tqe_prev = &(al
)->tqh_first; } while (0);
1080 }
1081 freeaddrinfo(res0);
1082 return 1;
1083}
1084
1085int
1086host(const char *s, const char *cert, struct listenerlist *al,
1087 in_port_t port, u_int8_t flags)
1088{
1089 struct listener *h;
1090
1091 /* Unix socket path? */
1092 h = host_unix(s);
1093
1094 /* IPv4 address? */
1095 if (h == NULL((void*)0))
1096 h = host_v4(s, port);
1097
1098 /* IPv6 address? */
1099 if (h == NULL((void*)0))
1100 h = host_v6(s, port);
1101
1102 if (h != NULL((void*)0)) {
1103 h->port = port;
1104 h->flags |= flags;
1105 h->ssl = NULL((void*)0);
1106 h->ssl_cert_name[0] = '\0';
1107 if (cert != NULL((void*)0))
1108 strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1109
1110 TAILQ_INSERT_HEAD(al, h, entry)do { if (((h)->entry.tqe_next = (al)->tqh_first) != ((void
*)0)) (al)->tqh_first->entry.tqe_prev = &(h)->entry
.tqe_next; else (al)->tqh_last = &(h)->entry.tqe_next
; (al)->tqh_first = (h); (h)->entry.tqe_prev = &(al
)->tqh_first; } while (0);
1111 return (1);
1112 }
1113
1114 return (host_dns(s, cert, al, port, flags));
1115}
1116
1117int
1118interface(const char *s, const char *cert,
1119 struct listenerlist *al, in_port_t port, u_int8_t flags)
1120{
1121 int ret = 0;
1122 struct ifaddrs *ifap, *p;
1123 struct sockaddr_in *sain;
1124 struct sockaddr_in6 *sin6;
1125 struct listener *h;
1126
1127 if (getifaddrs(&ifap) == -1)
1128 fatal("getifaddrs");
1129
1130 for (p = ifap; p != NULL((void*)0); p = p->ifa_next) {
1131 if (strcmp(s, p->ifa_name) != 0)
1132 continue;
1133 if (p->ifa_addr == NULL((void*)0))
1134 continue;
1135
1136 switch (p->ifa_addr->sa_family) {
1137 case AF_INET2:
1138 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
1139 fatal(NULL((void*)0));
1140 sain = (struct sockaddr_in *)&h->ss;
1141 *sain = *(struct sockaddr_in *)p->ifa_addr;
1142 sain->sin_len = sizeof(struct sockaddr_in);
1143 sain->sin_port = port;
1144
1145 h->fd = -1;
1146 h->port = port;
1147 h->flags = flags;
1148 h->ssl = NULL((void*)0);
1149 h->ssl_cert_name[0] = '\0';
1150 if (cert != NULL((void*)0))
1151 (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1152
1153 ret = 1;
1154 TAILQ_INSERT_HEAD(al, h, entry)do { if (((h)->entry.tqe_next = (al)->tqh_first) != ((void
*)0)) (al)->tqh_first->entry.tqe_prev = &(h)->entry
.tqe_next; else (al)->tqh_last = &(h)->entry.tqe_next
; (al)->tqh_first = (h); (h)->entry.tqe_prev = &(al
)->tqh_first; } while (0);
1155
1156 break;
1157
1158 case AF_INET624:
1159 if ((h = calloc(1, sizeof(*h))) == NULL((void*)0))
1160 fatal(NULL((void*)0));
1161 sin6 = (struct sockaddr_in6 *)&h->ss;
1162 *sin6 = *(struct sockaddr_in6 *)p->ifa_addr;
1163 sin6->sin6_len = sizeof(struct sockaddr_in6);
1164 sin6->sin6_port = port;
1165
1166 h->fd = -1;
1167 h->port = port;
1168 h->flags = flags;
1169 h->ssl = NULL((void*)0);
1170 h->ssl_cert_name[0] = '\0';
1171 if (cert != NULL((void*)0))
1172 (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1173
1174 ret = 1;
1175 TAILQ_INSERT_HEAD(al, h, entry)do { if (((h)->entry.tqe_next = (al)->tqh_first) != ((void
*)0)) (al)->tqh_first->entry.tqe_prev = &(h)->entry
.tqe_next; else (al)->tqh_last = &(h)->entry.tqe_next
; (al)->tqh_first = (h); (h)->entry.tqe_prev = &(al
)->tqh_first; } while (0);
1176
1177 break;
1178 }
1179 }
1180
1181 freeifaddrs(ifap);
1182
1183 return ret;
1184}
1185
1186static struct aci *
1187mk_aci(int type, int rights, enum scope scope, char *target, char *attr,
1188 char *subject)
1189{
1190 struct aci *aci;
1191
1192 if ((aci = calloc(1, sizeof(*aci))) == NULL((void*)0)) {
1193 yyerror("calloc");
1194 return NULL((void*)0);
1195 }
1196 aci->type = type;
1197 aci->rights = rights;
1198 aci->scope = scope;
1199 aci->target = target;
1200 aci->attribute = attr;
1201 aci->subject = subject;
1202
1203 log_debug("%s %02X access to %s%s%s scope %d by %s",
1204 aci->type == ACI_DENY0 ? "deny" : "allow",
1205 aci->rights,
1206 aci->target ? aci->target : "any",
1207 aci->attribute ? " attribute " : "",
1208 aci->attribute ? aci->attribute : "",
1209 aci->scope,
1210 aci->subject ? aci->subject : "any");
1211
1212 return aci;
1213}
1214
1215struct namespace *
1216namespace_new(const char *suffix)
1217{
1218 struct namespace *ns;
1219
1220 if ((ns = calloc(1, sizeof(*ns))) == NULL((void*)0))
1221 return NULL((void*)0);
1222 ns->sync = 1;
1223 ns->cache_size = 1024;
1224 ns->index_cache_size = 512;
1225 ns->suffix = strdup(suffix);
1226 if (ns->suffix == NULL((void*)0)) {
1227 free(ns->suffix);
1228 free(ns);
1229 return NULL((void*)0);
1230 }
1231 normalize_dn(ns->suffix);
1232 TAILQ_INIT(&ns->indices)do { (&ns->indices)->tqh_first = ((void*)0); (&
ns->indices)->tqh_last = &(&ns->indices)->
tqh_first; } while (0);
1233 TAILQ_INIT(&ns->request_queue)do { (&ns->request_queue)->tqh_first = ((void*)0); (
&ns->request_queue)->tqh_last = &(&ns->request_queue
)->tqh_first; } while (0);
1234 SIMPLEQ_INIT(&ns->acl)do { (&ns->acl)->sqh_first = ((void*)0); (&ns->
acl)->sqh_last = &(&ns->acl)->sqh_first; } while
(0);
1235 SLIST_INIT(&ns->referrals){ ((&ns->referrals)->slh_first) = ((void*)0); };
1236
1237 return ns;
1238}
1239
1240int
1241ssl_cmp(struct ssl *s1, struct ssl *s2)
1242{
1243 return (strcmp(s1->ssl_name, s2->ssl_name));
1244}
1245
1246int
1247load_certfile(struct ldapd_config *env, const char *name, u_int8_t flags,
1248 u_int8_t protocol)
1249{
1250 struct ssl *s;
1251 struct ssl key;
1252 char certfile[PATH_MAX1024];
1253 uint32_t tls_protocols = TLS_PROTOCOLS_DEFAULT((1 << 3)|(1 << 4));
1254 const char *tls_ciphers = "default";
1255
1256 if (strlcpy(key.ssl_name, name, sizeof(key.ssl_name))
1257 >= sizeof(key.ssl_name)) {
1258 log_warn("load_certfile: certificate name truncated");
1259 return -1;
1260 }
1261
1262 s = SPLAY_FIND(ssltree, env->sc_ssl, &key)ssltree_SPLAY_FIND(env->sc_ssl, &key);
1263 if (s != NULL((void*)0)) {
1264 s->flags |= flags;
1265 return 0;
1266 }
1267
1268 if ((s = calloc(1, sizeof(*s))) == NULL((void*)0))
1269 fatal(NULL((void*)0));
1270
1271 s->flags = flags;
1272 (void)strlcpy(s->ssl_name, key.ssl_name, sizeof(s->ssl_name));
1273
1274 s->config = tls_config_new();
1275 if (s->config == NULL((void*)0))
1276 goto err;
1277
1278 if (protocol & F_LEGACY0x08) {
1279 tls_protocols = TLS_PROTOCOLS_ALL((1 << 1)|(1 << 2)| (1 << 3)|(1 << 4)
);
1280 tls_ciphers = "all";
1281 }
1282 if (tls_config_set_protocols(s->config, tls_protocols) != 0) {
1283 log_warn("load_certfile: failed to set tls protocols: %s",
1284 tls_config_error(s->config));
1285 goto err;
1286 }
1287 if (tls_config_set_ciphers(s->config, tls_ciphers)) {
1288 log_warn("load_certfile: failed to set tls ciphers: %s",
1289 tls_config_error(s->config));
1290 goto err;
1291 }
1292
1293 if (name[0] == '/') {
1294 if (!bsnprintf(certfile, sizeof(certfile), "%s.crt", name)) {
1295 log_warn("load_certfile: path truncated");
1296 goto err;
1297 }
1298 } else {
1299 if (!bsnprintf(certfile, sizeof(certfile),
1300 "/etc/ldap/certs/%s.crt", name)) {
1301 log_warn("load_certfile: path truncated");
1302 goto err;
1303 }
1304 }
1305
1306 log_debug("loading certificate file %s", certfile);
1307 s->ssl_cert = tls_load_file(certfile, &s->ssl_cert_len, NULL((void*)0));
1308 if (s->ssl_cert == NULL((void*)0))
1309 goto err;
1310
1311 if (tls_config_set_cert_mem(s->config, s->ssl_cert, s->ssl_cert_len)) {
1312 log_warn("load_certfile: failed to set tls certificate: %s",
1313 tls_config_error(s->config));
1314 goto err;
1315 }
1316
1317 if (name[0] == '/') {
1318 if (!bsnprintf(certfile, sizeof(certfile), "%s.key", name)) {
1319 log_warn("load_certfile: path truncated");
1320 goto err;
1321 }
1322 } else {
1323 if (!bsnprintf(certfile, sizeof(certfile),
1324 "/etc/ldap/certs/%s.key", name)) {
1325 log_warn("load_certfile: path truncated");
1326 goto err;
1327 }
1328 }
1329
1330 log_debug("loading key file %s", certfile);
1331 s->ssl_key = tls_load_file(certfile, &s->ssl_key_len, NULL((void*)0));
1332 if (s->ssl_key == NULL((void*)0))
1333 goto err;
1334
1335 if (tls_config_set_key_mem(s->config, s->ssl_key, s->ssl_key_len)) {
1336 log_warn("load_certfile: failed to set tls key: %s",
1337 tls_config_error(s->config));
1338 goto err;
1339 }
1340
1341 SPLAY_INSERT(ssltree, env->sc_ssl, s)ssltree_SPLAY_INSERT(env->sc_ssl, s);
1342
1343 return (0);
1344err:
1345 free(s->ssl_cert);
1346 free(s->ssl_key);
1347 tls_config_free(s->config);
1348 free(s);
1349 return (-1);
1350}
1351#line 1344 "parse.c"
1352/* allocate initial stack or double stack size, up to YYMAXDEPTH */
1353static int yygrowstack(void)
1354{
1355 unsigned int newsize;
1356 long sslen;
1357 short *newss;
1358 YYSTYPE *newvs;
1359
1360 if ((newsize = yystacksize) == 0)
22
Assuming the condition is false
23
Taking false branch
1361 newsize = YYINITSTACKSIZE200;
1362 else if (newsize >= YYMAXDEPTH10000)
24
Assuming 'newsize' is < YYMAXDEPTH
25
Taking false branch
1363 return -1;
1364 else if ((newsize *= 2) > YYMAXDEPTH10000)
26
Assuming the condition is false
27
Taking false branch
1365 newsize = YYMAXDEPTH10000;
1366 sslen = yyssp - yyss;
1367#ifdef SIZE_MAX0xffffffffffffffffUL
1368#define YY_SIZE_MAX0xffffffffffffffffUL SIZE_MAX0xffffffffffffffffUL
1369#else
1370#define YY_SIZE_MAX0xffffffffffffffffUL 0xffffffffU
1371#endif
1372 if (newsize && YY_SIZE_MAX0xffffffffffffffffUL / newsize < sizeof *newss)
28
Assuming 'newsize' is 0
1373 goto bail;
1374 newss = (short *)realloc(yyss, newsize * sizeof *newss);
29
Memory is released
1375 if (newss == NULL((void*)0))
30
Assuming 'newss' is equal to NULL
31
Taking true branch
1376 goto bail;
32
Control jumps to line 1390
1377 yyss = newss;
1378 yyssp = newss + sslen;
1379 if (newsize && YY_SIZE_MAX0xffffffffffffffffUL / newsize < sizeof *newvs)
1380 goto bail;
1381 newvs = (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs);
1382 if (newvs == NULL((void*)0))
1383 goto bail;
1384 yyvs = newvs;
1385 yyvsp = newvs + sslen;
1386 yystacksize = newsize;
1387 yysslim = yyss + newsize - 1;
1388 return 0;
1389bail:
1390 if (yyss)
33
Assuming 'yyss' is non-null
34
Taking true branch
1391 free(yyss);
35
Attempt to free released memory
1392 if (yyvs)
1393 free(yyvs);
1394 yyss = yyssp = NULL((void*)0);
1395 yyvs = yyvsp = NULL((void*)0);
1396 yystacksize = 0;
1397 return -1;
1398}
1399
1400#define YYABORTgoto yyabort goto yyabort
1401#define YYREJECTgoto yyabort goto yyabort
1402#define YYACCEPTgoto yyaccept goto yyaccept
1403#define YYERRORgoto yyerrlab goto yyerrlab
1404int
1405yyparse(void)
1406{
1407 int yym, yyn, yystate;
1408#if YYDEBUG0
1409 const char *yys;
1410
1411 if ((yys = getenv("YYDEBUG")))
1412 {
1413 yyn = *yys;
1414 if (yyn >= '0' && yyn <= '9')
1415 yydebug = yyn - '0';
1416 }
1417#endif /* YYDEBUG */
1418
1419 yynerrs = 0;
1420 yyerrflag = 0;
1421 yychar = (-1);
1422
1423 if (yyss == NULL((void*)0) && yygrowstack()) goto yyoverflow;
1
Assuming 'yyss' is not equal to NULL
1424 yyssp = yyss;
1425 yyvsp = yyvs;
1426 *yyssp = yystate = 0;
1427
1428yyloop:
1429 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
2
Taking true branch
3
Control jumps to line 1536
13
Taking false branch
1430 if (yychar
13.1
'yychar' is >= 0
 < 0)
14
Taking false branch
1431 {
1432 if ((yychar = yylex()) < 0) yychar = 0;
1433#if YYDEBUG0
1434 if (yydebug)
1435 {
1436 yys = 0;
1437 if (yychar <= YYMAXTOKEN298) yys = yyname[yychar];
1438 if (!yys) yys = "illegal-symbol";
1439 printf("%sdebug: state %d, reading %d (%s)\n",
1440 YYPREFIX"yy", yystate, yychar, yys);
1441 }
1442#endif
1443 }
1444 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
15
Assuming 'yyn' is not equal to 0
16
Assuming the condition is true
19
Taking true branch
1445 yyn <= YYTABLESIZE311 && yycheck[yyn] == yychar)
17
Assuming 'yyn' is <= YYTABLESIZE
18
Assuming the condition is true
1446 {
1447#if YYDEBUG0
1448 if (yydebug)
1449 printf("%sdebug: state %d, shifting to state %d\n",
1450 YYPREFIX"yy", yystate, yytable[yyn]);
1451#endif
1452 if (yyssp >= yysslim && yygrowstack())
20
Assuming 'yyssp' is >= 'yysslim'
21
Calling 'yygrowstack'
1453 {
1454 goto yyoverflow;
1455 }
1456 *++yyssp = yystate = yytable[yyn];
1457 *++yyvsp = yylval;
1458 yychar = (-1);
1459 if (yyerrflag > 0) --yyerrflag;
1460 goto yyloop;
1461 }
1462 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
1463 yyn <= YYTABLESIZE311 && yycheck[yyn] == yychar)
1464 {
1465 yyn = yytable[yyn];
1466 goto yyreduce;
1467 }
1468 if (yyerrflag) goto yyinrecovery;
1469#if defined(__GNUC__4)
1470 goto yynewerror;
1471#endif
1472yynewerror:
1473 yyerror("syntax error");
1474#if defined(__GNUC__4)
1475 goto yyerrlab;
1476#endif
1477yyerrlab:
1478 ++yynerrs;
1479yyinrecovery:
1480 if (yyerrflag < 3)
1481 {
1482 yyerrflag = 3;
1483 for (;;)
1484 {
1485 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE256) >= 0 &&
1486 yyn <= YYTABLESIZE311 && yycheck[yyn] == YYERRCODE256)
1487 {
1488#if YYDEBUG0
1489 if (yydebug)
1490 printf("%sdebug: state %d, error recovery shifting\
1491 to state %d\n", YYPREFIX"yy", *yyssp, yytable[yyn]);
1492#endif
1493 if (yyssp >= yysslim && yygrowstack())
1494 {
1495 goto yyoverflow;
1496 }
1497 *++yyssp = yystate = yytable[yyn];
1498 *++yyvsp = yylval;
1499 goto yyloop;
1500 }
1501 else
1502 {
1503#if YYDEBUG0
1504 if (yydebug)
1505 printf("%sdebug: error recovery discarding state %d\n",
1506 YYPREFIX"yy", *yyssp);
1507#endif
1508 if (yyssp <= yyss) goto yyabort;
1509 --yyssp;
1510 --yyvsp;
1511 }
1512 }
1513 }
1514 else
1515 {
1516 if (yychar == 0) goto yyabort;
1517#if YYDEBUG0
1518 if (yydebug)
1519 {
1520 yys = 0;
1521 if (yychar <= YYMAXTOKEN298) yys = yyname[yychar];
1522 if (!yys) yys = "illegal-symbol";
1523 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1524 YYPREFIX"yy", yystate, yychar, yys);
1525 }
1526#endif
1527 yychar = (-1);
1528 goto yyloop;
1529 }
1530yyreduce:
1531#if YYDEBUG0
1532 if (yydebug)
1533 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1534 YYPREFIX"yy", yystate, yyn, yyrule[yyn]);
1535#endif
1536 yym = yylen[yyn];
1537 if (yym
3.1
'yym' is 0
)
4
Taking false branch
1538 yyval = yyvsp[1-yym];
1539 else
1540 memset(&yyval, 0, sizeof yyval);
1541 switch (yyn)
5
'Default' branch taken. Execution continues on line 1947
1542 {
1543case 6:
1544#line 138 "/usr/src/usr.sbin/ldapd/parse.y"
1545{ file->errors++; }
1546break;
1547case 8:
1548#line 140 "/usr/src/usr.sbin/ldapd/parse.y"
1549{
1550 SIMPLEQ_INSERT_TAIL(&conf->acl, yyvsp[-1].v.aci, entry)do { (yyvsp[-1].v.aci)->entry.sqe_next = ((void*)0); *(&
conf->acl)->sqh_last = (yyvsp[-1].v.aci); (&conf->
acl)->sqh_last = &(yyvsp[-1].v.aci)->entry.sqe_next
; } while (0);
1551 }
1552break;
1553case 10:
1554#line 146 "/usr/src/usr.sbin/ldapd/parse.y"
1555{ yyval.v.number = 0; }
1556break;
1557case 11:
1558#line 147 "/usr/src/usr.sbin/ldapd/parse.y"
1559{ yyval.v.number = F_LEGACY0x08; }
1560break;
1561case 12:
1562#line 150 "/usr/src/usr.sbin/ldapd/parse.y"
1563{ yyval.v.number = 0; }
1564break;
1565case 13:
1566#line 151 "/usr/src/usr.sbin/ldapd/parse.y"
1567{ yyval.v.number = F_STARTTLS0x01; }
1568break;
1569case 14:
1570#line 152 "/usr/src/usr.sbin/ldapd/parse.y"
1571{ yyval.v.number = F_LDAPS0x02; }
1572break;
1573case 15:
1574#line 153 "/usr/src/usr.sbin/ldapd/parse.y"
1575{ yyval.v.number = F_SECURE0x04; }
1576break;
1577case 16:
1578#line 156 "/usr/src/usr.sbin/ldapd/parse.y"
1579{ yyval.v.number = yyvsp[-1].v.number | yyvsp[0].v.number; }
1580break;
1581case 17:
1582#line 159 "/usr/src/usr.sbin/ldapd/parse.y"
1583{ yyval.v.string = NULL((void*)0); }
1584break;
1585case 18:
1586#line 160 "/usr/src/usr.sbin/ldapd/parse.y"
1587{ yyval.v.string = yyvsp[0].v.string; }
1588break;
1589case 19:
1590#line 163 "/usr/src/usr.sbin/ldapd/parse.y"
1591{
1592 struct servent *servent;
1593
1594 servent = getservbyname(yyvsp[0].v.string, "tcp");
1595 if (servent == NULL((void*)0)) {
1596 yyerror("port %s is invalid", yyvsp[0].v.string);
1597 free(yyvsp[0].v.string);
1598 YYERRORgoto yyerrlab;
1599 }
1600 yyval.v.number = servent->s_port;
1601 free(yyvsp[0].v.string);
1602 }
1603break;
1604case 20:
1605#line 175 "/usr/src/usr.sbin/ldapd/parse.y"
1606{
1607 if (yyvsp[0].v.number <= 0 || yyvsp[0].v.number > (int)USHRT_MAX(32767 *2 +1)) {
1608 yyerror("invalid port: %lld", yyvsp[0].v.number);
1609 YYERRORgoto yyerrlab;
1610 }
1611 yyval.v.number = htons(yyvsp[0].v.number)(__uint16_t)(__builtin_constant_p(yyvsp[0].v.number) ? (__uint16_t
)(((__uint16_t)(yyvsp[0].v.number) & 0xffU) << 8 | (
(__uint16_t)(yyvsp[0].v.number) & 0xff00U) >> 8) : __swap16md
(yyvsp[0].v.number));
1612 }
1613break;
1614case 21:
1615#line 182 "/usr/src/usr.sbin/ldapd/parse.y"
1616{
1617 yyval.v.number = 0;
1618 }
1619break;
1620case 22:
1621#line 187 "/usr/src/usr.sbin/ldapd/parse.y"
1622{
1623 char *cert;
1624
1625 if (yyvsp[-2].v.number == 0) {
1626 if (yyvsp[-1].v.number & F_LDAPS0x02)
1627 yyvsp[-2].v.number = htons(LDAPS_PORT)(__uint16_t)(__builtin_constant_p(636) ? (__uint16_t)(((__uint16_t
)(636) & 0xffU) << 8 | ((__uint16_t)(636) & 0xff00U
) >> 8) : __swap16md(636));
1628 else
1629 yyvsp[-2].v.number = htons(LDAP_PORT)(__uint16_t)(__builtin_constant_p(389) ? (__uint16_t)(((__uint16_t
)(389) & 0xffU) << 8 | ((__uint16_t)(389) & 0xff00U
) >> 8) : __swap16md(389));
1630 }
1631
1632 cert = (yyvsp[0].v.string != NULL((void*)0)) ? yyvsp[0].v.string : yyvsp[-3].v.string;
1633
1634 if ((yyvsp[-1].v.number & F_SSL(0x02|0x01)) &&
1635 load_certfile(conf, cert, F_SCERT0x01, yyvsp[-1].v.number) < 0) {
1636 yyerror("cannot load certificate: %s", cert);
1637 free(yyvsp[0].v.string);
1638 free(yyvsp[-3].v.string);
1639 YYERRORgoto yyerrlab;
1640 }
1641
1642 if (! interface(yyvsp[-3].v.string, cert, &conf->listeners,
1643 yyvsp[-2].v.number, yyvsp[-1].v.number)) {
1644 if (host(yyvsp[-3].v.string, cert, &conf->listeners,
1645 yyvsp[-2].v.number, yyvsp[-1].v.number) != 1) {
1646 yyerror("invalid virtual ip or interface: %s", yyvsp[-3].v.string);
1647 free(yyvsp[0].v.string);
1648 free(yyvsp[-3].v.string);
1649 YYERRORgoto yyerrlab;
1650 }
1651 }
1652 free(yyvsp[0].v.string);
1653 free(yyvsp[-3].v.string);
1654 }
1655break;
1656case 23:
1657#line 220 "/usr/src/usr.sbin/ldapd/parse.y"
1658{
1659 struct referral *ref;
1660 if ((ref = calloc(1, sizeof(*ref))) == NULL((void*)0)) {
1661 yyerror("calloc");
1662 free(yyvsp[0].v.string);
1663 YYERRORgoto yyerrlab;
1664 }
1665 ref->url = yyvsp[0].v.string;
1666 SLIST_INSERT_HEAD(&conf->referrals, ref, next)do { (ref)->next.sle_next = (&conf->referrals)->
slh_first; (&conf->referrals)->slh_first = (ref); }
while (0);
1667 }
1668break;
1669case 24:
1670#line 230 "/usr/src/usr.sbin/ldapd/parse.y"
1671{
1672 conf->rootdn = yyvsp[0].v.string;
1673 normalize_dn(conf->rootdn);
1674 }
1675break;
1676case 25:
1677#line 234 "/usr/src/usr.sbin/ldapd/parse.y"
1678{ conf->rootpw = yyvsp[0].v.string; }
1679break;
1680case 26:
1681#line 237 "/usr/src/usr.sbin/ldapd/parse.y"
1682{
1683 log_debug("parsing namespace %s", yyvsp[-2].v.string);
1684 current_ns = namespace_new(yyvsp[-2].v.string);
1685 free(yyvsp[-2].v.string);
1686 TAILQ_INSERT_TAIL(&conf->namespaces, current_ns, next)do { (current_ns)->next.tqe_next = ((void*)0); (current_ns
)->next.tqe_prev = (&conf->namespaces)->tqh_last
; *(&conf->namespaces)->tqh_last = (current_ns); (&
conf->namespaces)->tqh_last = &(current_ns)->next
.tqe_next; } while (0);
1687 }
1688break;
1689case 27:
1690#line 242 "/usr/src/usr.sbin/ldapd/parse.y"
1691{ current_ns = NULL((void*)0); }
1692break;
1693case 28:
1694#line 245 "/usr/src/usr.sbin/ldapd/parse.y"
1695{
1696 if (strcasecmp(yyvsp[0].v.string, "true") == 0 ||
1697 strcasecmp(yyvsp[0].v.string, "yes") == 0)
1698 yyval.v.number = 1;
1699 else if (strcasecmp(yyvsp[0].v.string, "false") == 0 ||
1700 strcasecmp(yyvsp[0].v.string, "off") == 0 ||
1701 strcasecmp(yyvsp[0].v.string, "no") == 0)
1702 yyval.v.number = 0;
1703 else {
1704 yyerror("invalid boolean value '%s'", yyvsp[0].v.string);
1705 free(yyvsp[0].v.string);
1706 YYERRORgoto yyerrlab;
1707 }
1708 free(yyvsp[0].v.string);
1709 }
1710break;
1711case 29:
1712#line 260 "/usr/src/usr.sbin/ldapd/parse.y"
1713{ yyval.v.number = 1; }
1714break;
1715case 33:
1716#line 268 "/usr/src/usr.sbin/ldapd/parse.y"
1717{
1718 current_ns->rootdn = yyvsp[0].v.string;
1719 normalize_dn(current_ns->rootdn);
1720 }
1721break;
1722case 34:
1723#line 272 "/usr/src/usr.sbin/ldapd/parse.y"
1724{ current_ns->rootpw = yyvsp[0].v.string; }
1725break;
1726case 35:
1727#line 273 "/usr/src/usr.sbin/ldapd/parse.y"
1728{
1729 struct attr_index *ai;
1730 if ((ai = calloc(1, sizeof(*ai))) == NULL((void*)0)) {
1731 yyerror("calloc");
1732 free(yyvsp[0].v.string);
1733 YYERRORgoto yyerrlab;
1734 }
1735 ai->attr = yyvsp[0].v.string;
1736 ai->type = INDEX_EQUAL;
1737 TAILQ_INSERT_TAIL(&current_ns->indices, ai, next)do { (ai)->next.tqe_next = ((void*)0); (ai)->next.tqe_prev
= (&current_ns->indices)->tqh_last; *(&current_ns
->indices)->tqh_last = (ai); (&current_ns->indices
)->tqh_last = &(ai)->next.tqe_next; } while (0);
1738 }
1739break;
1740case 36:
1741#line 284 "/usr/src/usr.sbin/ldapd/parse.y"
1742{ current_ns->cache_size = yyvsp[0].v.number; }
1743break;
1744case 37:
1745#line 285 "/usr/src/usr.sbin/ldapd/parse.y"
1746{ current_ns->index_cache_size = yyvsp[0].v.number; }
1747break;
1748case 38:
1749#line 286 "/usr/src/usr.sbin/ldapd/parse.y"
1750{ current_ns->sync = yyvsp[0].v.number; }
1751break;
1752case 39:
1753#line 287 "/usr/src/usr.sbin/ldapd/parse.y"
1754{
1755 SIMPLEQ_INSERT_TAIL(&current_ns->acl, yyvsp[0].v.aci, entry)do { (yyvsp[0].v.aci)->entry.sqe_next = ((void*)0); *(&
current_ns->acl)->sqh_last = (yyvsp[0].v.aci); (&current_ns
->acl)->sqh_last = &(yyvsp[0].v.aci)->entry.sqe_next
; } while (0);
1756 }
1757break;
1758case 40:
1759#line 290 "/usr/src/usr.sbin/ldapd/parse.y"
1760{ current_ns->relax = 1; }
1761break;
1762case 41:
1763#line 291 "/usr/src/usr.sbin/ldapd/parse.y"
1764{ current_ns->relax = 0; }
1765break;
1766case 42:
1767#line 292 "/usr/src/usr.sbin/ldapd/parse.y"
1768{ current_ns->compression_level = yyvsp[0].v.number; }
1769break;
1770case 43:
1771#line 293 "/usr/src/usr.sbin/ldapd/parse.y"
1772{
1773 struct referral *ref;
1774 if ((ref = calloc(1, sizeof(*ref))) == NULL((void*)0)) {
1775 yyerror("calloc");
1776 free(yyvsp[0].v.string);
1777 YYERRORgoto yyerrlab;
1778 }
1779 ref->url = yyvsp[0].v.string;
1780 SLIST_INSERT_HEAD(&current_ns->referrals, ref, next)do { (ref)->next.sle_next = (&current_ns->referrals
)->slh_first; (&current_ns->referrals)->slh_first
= (ref); } while (0);
1781 }
1782break;
1783case 44:
1784#line 305 "/usr/src/usr.sbin/ldapd/parse.y"
1785{ yyval.v.number = 6; }
1786break;
1787case 45:
1788#line 306 "/usr/src/usr.sbin/ldapd/parse.y"
1789{ yyval.v.number = yyvsp[0].v.number; }
1790break;
1791case 46:
1792#line 309 "/usr/src/usr.sbin/ldapd/parse.y"
1793{
1794 if ((yyval.v.aci = mk_aci(yyvsp[-6].v.number, yyvsp[-5].v.number, yyvsp[-3].v.number, yyvsp[-2].v.string, yyvsp[-1].v.string, yyvsp[0].v.string)) == NULL((void*)0)) {
1795 free(yyvsp[-2].v.string);
1796 free(yyvsp[-1].v.string);
1797 YYERRORgoto yyerrlab;
1798 }
1799 }
1800break;
1801case 47:
1802#line 316 "/usr/src/usr.sbin/ldapd/parse.y"
1803{
1804 if ((yyval.v.aci = mk_aci(yyvsp[-1].v.number, yyvsp[0].v.number, LDAP_SCOPE_SUBTREE, NULL((void*)0),
1805 NULL((void*)0), NULL((void*)0))) == NULL((void*)0)) {
1806 YYERRORgoto yyerrlab;
1807 }
1808 }
1809break;
1810case 48:
1811#line 324 "/usr/src/usr.sbin/ldapd/parse.y"
1812{ yyval.v.number = ACI_DENY0; }
1813break;
1814case 49:
1815#line 325 "/usr/src/usr.sbin/ldapd/parse.y"
1816{ yyval.v.number = ACI_ALLOW1; }
1817break;
1818case 50:
1819#line 328 "/usr/src/usr.sbin/ldapd/parse.y"
1820{ yyval.v.number = ACI_ALL0x1F; }
1821break;
1822case 51:
1823#line 329 "/usr/src/usr.sbin/ldapd/parse.y"
1824{ yyval.v.number = ACI_ALL0x1F; }
1825break;
1826case 52:
1827#line 330 "/usr/src/usr.sbin/ldapd/parse.y"
1828{ yyval.v.number = yyvsp[-1].v.number; }
1829break;
1830case 53:
1831#line 333 "/usr/src/usr.sbin/ldapd/parse.y"
1832{ yyval.v.number = yyvsp[0].v.number; }
1833break;
1834case 54:
1835#line 334 "/usr/src/usr.sbin/ldapd/parse.y"
1836{ yyval.v.number = yyvsp[-2].v.number | yyvsp[0].v.number; }
1837break;
1838case 55:
1839#line 337 "/usr/src/usr.sbin/ldapd/parse.y"
1840{ yyval.v.number = ACI_READ0x01; }
1841break;
1842case 56:
1843#line 338 "/usr/src/usr.sbin/ldapd/parse.y"
1844{ yyval.v.number = ACI_WRITE0x02; }
1845break;
1846case 57:
1847#line 339 "/usr/src/usr.sbin/ldapd/parse.y"
1848{ yyval.v.number = ACI_BIND0x10; }
1849break;
1850case 58:
1851#line 343 "/usr/src/usr.sbin/ldapd/parse.y"
1852{ yyval.v.number = LDAP_SCOPE_BASE; }
1853break;
1854case 59:
1855#line 344 "/usr/src/usr.sbin/ldapd/parse.y"
1856{ yyval.v.number = LDAP_SCOPE_SUBTREE; }
1857break;
1858case 60:
1859#line 345 "/usr/src/usr.sbin/ldapd/parse.y"
1860{ yyval.v.number = LDAP_SCOPE_ONELEVEL; }
1861break;
1862case 61:
1863#line 348 "/usr/src/usr.sbin/ldapd/parse.y"
1864{ yyval.v.string = NULL((void*)0); }
1865break;
1866case 62:
1867#line 349 "/usr/src/usr.sbin/ldapd/parse.y"
1868{ yyval.v.string = strdup(""); }
1869break;
1870case 63:
1871#line 350 "/usr/src/usr.sbin/ldapd/parse.y"
1872{ yyval.v.string = yyvsp[0].v.string; normalize_dn(yyval.v.string); }
1873break;
1874case 64:
1875#line 353 "/usr/src/usr.sbin/ldapd/parse.y"
1876{ yyval.v.string = NULL((void*)0); }
1877break;
1878case 65:
1879#line 354 "/usr/src/usr.sbin/ldapd/parse.y"
1880{ yyval.v.string = yyvsp[0].v.string; }
1881break;
1882case 66:
1883#line 357 "/usr/src/usr.sbin/ldapd/parse.y"
1884{ yyval.v.string = NULL((void*)0); }
1885break;
1886case 67:
1887#line 358 "/usr/src/usr.sbin/ldapd/parse.y"
1888{ yyval.v.string = NULL((void*)0); }
1889break;
1890case 68:
1891#line 359 "/usr/src/usr.sbin/ldapd/parse.y"
1892{ yyval.v.string = yyvsp[0].v.string; normalize_dn(yyval.v.string); }
1893break;
1894case 69:
1895#line 360 "/usr/src/usr.sbin/ldapd/parse.y"
1896{ yyval.v.string = strdup("@"); }
1897break;
1898case 70:
1899#line 363 "/usr/src/usr.sbin/ldapd/parse.y"
1900{
1901 struct file *nfile;
1902
1903 if ((nfile = pushfile(yyvsp[0].v.string, 1)) == NULL((void*)0)) {
1904 yyerror("failed to include file %s", yyvsp[0].v.string);
1905 free(yyvsp[0].v.string);
1906 YYERRORgoto yyerrlab;
1907 }
1908 free(yyvsp[0].v.string);
1909
1910 file = nfile;
1911 lungetc('\n');
1912 }
1913break;
1914case 71:
1915#line 378 "/usr/src/usr.sbin/ldapd/parse.y"
1916{
1917 char *s = yyvsp[-2].v.string;
1918 while (*s++) {
1919 if (isspace((unsigned char)*s)) {
1920 yyerror("macro name cannot contain "
1921 "whitespace");
1922 free(yyvsp[-2].v.string);
1923 free(yyvsp[0].v.string);
1924 YYERRORgoto yyerrlab;
1925 }
1926 }
1927 if (symset(yyvsp[-2].v.string, yyvsp[0].v.string, 0) == -1)
1928 fatal("cannot store variable");
1929 free(yyvsp[-2].v.string);
1930 free(yyvsp[0].v.string);
1931 }
1932break;
1933case 72:
1934#line 396 "/usr/src/usr.sbin/ldapd/parse.y"
1935{
1936 int ret;
1937
1938 ret = schema_parse(conf->schema, yyvsp[0].v.string);
1939 free(yyvsp[0].v.string);
1940 if (ret != 0) {
1941 YYERRORgoto yyerrlab;
1942 }
1943 }
1944break;
1945#line 1938 "parse.c"
1946 }
1947 yyssp -= yym;
1948 yystate = *yyssp;
1949 yyvsp -= yym;
1950 yym = yylhs[yyn];
1951 if (yystate
5.1
'yystate' is equal to 0
 == 0 && yym
5.2
'yym' is equal to 0
 == 0)
6
Taking true branch
1952 {
1953#if YYDEBUG0
1954 if (yydebug)
1955 printf("%sdebug: after reduction, shifting from state 0 to\
1956 state %d\n", YYPREFIX"yy", YYFINAL1);
1957#endif
1958 yystate = YYFINAL1;
1959 *++yyssp = YYFINAL1;
1960 *++yyvsp = yyval;
1961 if (yychar
6.1
'yychar' is < 0
 < 0)
7
Taking true branch
1962 {
1963 if ((yychar = yylex()) < 0) yychar = 0;
8
Assuming the condition is false
9
Taking false branch
1964#if YYDEBUG0
1965 if (yydebug)
1966 {
1967 yys = 0;
1968 if (yychar <= YYMAXTOKEN298) yys = yyname[yychar];
1969 if (!yys) yys = "illegal-symbol";
1970 printf("%sdebug: state %d, reading %d (%s)\n",
1971 YYPREFIX"yy", YYFINAL1, yychar, yys);
1972 }
1973#endif
1974 }
1975 if (yychar == 0) goto yyaccept;
10
Assuming 'yychar' is not equal to 0
11
Taking false branch
1976 goto yyloop;
12
Control jumps to line 1429
1977 }
1978 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1979 yyn <= YYTABLESIZE311 && yycheck[yyn] == yystate)
1980 yystate = yytable[yyn];
1981 else
1982 yystate = yydgoto[yym];
1983#if YYDEBUG0
1984 if (yydebug)
1985 printf("%sdebug: after reduction, shifting from state %d \
1986to state %d\n", YYPREFIX"yy", *yyssp, yystate);
1987#endif
1988 if (yyssp >= yysslim && yygrowstack())
1989 {
1990 goto yyoverflow;
1991 }
1992 *++yyssp = yystate;
1993 *++yyvsp = yyval;
1994 goto yyloop;
1995yyoverflow:
1996 yyerror("yacc stack overflow");
1997yyabort:
1998 if (yyss)
1999 free(yyss);
2000 if (yyvs)
2001 free(yyvs);
2002 yyss = yyssp = NULL((void*)0);
2003 yyvs = yyvsp = NULL((void*)0);
2004 yystacksize = 0;
2005 return (1);
2006yyaccept:
2007 if (yyss)
2008 free(yyss);
2009 if (yyvs)
2010 free(yyvs);
2011 yyss = yyssp = NULL((void*)0);
2012 yyvs = yyvsp = NULL((void*)0);
2013 yystacksize = 0;
2014 return (0);
2015}