in all these programs using the same pfctl-derived parse.y, re-unify the

yylex implementation and the code which interacts with yylex.  this also
brings the future potential for include support to all of the parsers.
in the future please do not silly modifications to one of these files
without checking if you are de-unifying the code.
checked by developers in all these areas.

1 files changed, 144 insertions, 64 deletions

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 1b995e11516..0a09a74ce0f 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.62 2007/10/11 14:39:17 deraadt Exp $	*/
+/*	$OpenBSD: parse.y,v 1.63 2007/10/13 16:35:21 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -25,6 +25,7 @@
 %{
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/queue.h>
 #include <netinet/in.h>
 #include <net/if.h>
@@ -32,6 +33,7 @@
 #include <arpa/nameser.h>
 
 #include <ctype.h>
+#include <unistd.h>
 #include <err.h>
 #include <errno.h>
 #include <event.h>
@@ -46,44 +48,51 @@
 
 #include "hoststated.h"
 
-struct hoststated		*conf = NULL;
-static FILE			*fin = NULL;
-static int			 lineno = 1;
-static int			 errors = 0;
-const char			*infile;
-objid_t				 last_service_id = 0;
-objid_t				 last_table_id = 0;
-objid_t				 last_host_id = 0;
-objid_t				 last_relay_id = 0;
-objid_t				 last_proto_id = 0;
-
-static struct service		*service = NULL;
-static struct table		*table = NULL;
-static struct relay		*rlay = NULL;
-static struct protocol		*proto = NULL;
-static struct protonode		 node;
-
-int	 yyerror(const char *, ...);
-int	 yyparse(void);
-int	 kw_cmp(const void *, const void *);
-int	 lookup(char *);
-int	 lgetc(int);
-int	 lungetc(int);
-int	 findeol(void);
-int	 yylex(void);
+TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);
+static struct file {
+	TAILQ_ENTRY(file)	 entry;
+	FILE			*stream;
+	char			*name;
+	int			 lineno;
+	int			 errors;
+} *file;
+struct file	*pushfile(const char *, int);
+int		 popfile(void);
+int		 check_file_secrecy(int, const char *);
+int		 yyparse(void);
+int		 yylex(void);
+int		 yyerror(const char *, ...);
+int		 kw_cmp(const void *, const void *);
+int		 lookup(char *);
+int		 lgetc(int);
+int		 lungetc(int);
+int		 findeol(void);
 
 TAILQ_HEAD(symhead, sym)	 symhead = TAILQ_HEAD_INITIALIZER(symhead);
 struct sym {
-	TAILQ_ENTRY(sym)	 entries;
+	TAILQ_ENTRY(sym)	 entry;
 	int			 used;
 	int			 persist;
 	char			*nam;
 	char			*val;
 };
-
 int		 symset(const char *, const char *, int);
 char		*symget(const char *);
 
+struct hoststated	*conf = NULL;
+static int		 errors = 0;
+objid_t			 last_service_id = 0;
+objid_t			 last_table_id = 0;
+objid_t			 last_host_id = 0;
+objid_t			 last_relay_id = 0;
+objid_t			 last_proto_id = 0;
+
+static struct service	*service = NULL;
+static struct table	*table = NULL;
+static struct relay	*rlay = NULL;
+static struct protocol	*proto = NULL;
+static struct protonode	 node;
+
 struct address	*host_v4(const char *);
 struct address	*host_v6(const char *);
 int		 host_dns(const char *, struct addresslist *,
@@ -132,7 +141,7 @@ grammar		: /* empty */
 		| grammar table '\n'
 		| grammar relay '\n'
 		| grammar proto '\n'
-		| grammar error '\n'		{ errors++; }
+		| grammar error '\n'		{ file->errors++; }
 		;
 
 optssl		: /*empty*/	{ $$ = 0; }
@@ -1151,11 +1160,11 @@ struct keywords {
 int
 yyerror(const char *fmt, ...)
 {
-	va_list	ap;
+	va_list		 ap;
 
-	errors = 1;
+	file->errors++;
 	va_start(ap, fmt);
-	fprintf(stderr, "%s:%d: ", infile, yylval.lineno);
+	fprintf(stderr, "%s:%d: ", file->name, yylval.lineno);
 	vfprintf(stderr, fmt, ap);
 	fprintf(stderr, "\n");
 	va_end(ap);
@@ -1165,7 +1174,6 @@ yyerror(const char *fmt, ...)
 int
 kw_cmp(const void *k, const void *e)
 {
-
 	return (strcmp(k, ((const struct keywords *)e)->k_name));
 }
 
@@ -1258,10 +1266,9 @@ char	 pushback_buffer[MAXPUSHBACK];
 int	 pushback_index = 0;
 
 int
-lgetc(int inquot)
+lgetc(int quotec)
 {
-	int	c, next;
-	FILE *f = fin;
+	int		c, next;
 
 	if (parsebuf) {
 		/* Read character from the parsebuffer instead of input. */
@@ -1277,29 +1284,39 @@ lgetc(int inquot)
 	if (pushback_index)
 		return (pushback_buffer[--pushback_index]);
 
-	if (inquot) {
-		c = getc(f);
+	if (quotec) {
+		if ((c = getc(file->stream)) == EOF) {
+			yyerror("reached end of file while parsing quoted string");
+			if (popfile() == EOF)
+				return (EOF);
+			return (quotec);
+		}
 		return (c);
 	}
 
-	while ((c = getc(f)) == '\\') {
-		next = getc(f);
+	while ((c = getc(file->stream)) == '\\') {
+		next = getc(file->stream);
 		if (next != '\n') {
 			c = next;
 			break;
 		}
-		yylval.lineno = lineno;
-		lineno++;
+		yylval.lineno = file->lineno;
+		file->lineno++;
 	}
 	if (c == '\t' || c == ' ') {
 		/* Compress blanks to a single space. */
 		do {
-			c = getc(f);
+			c = getc(file->stream);
 		} while (c == '\t' || c == ' ');
-		ungetc(c, f);
+		ungetc(c, file->stream);
 		c = ' ';
 	}
 
+	while (c == EOF) {
+		if (popfile() == EOF)
+			return (EOF);
+		c = getc(file->stream);
+	}
 	return (c);
 }
 
@@ -1331,7 +1348,7 @@ findeol(void)
 	while (1) {
 		c = lgetc(0);
 		if (c == '\n') {
-			lineno++;
+			file->lineno++;
 			break;
 		}
 		if (c == EOF)
@@ -1345,7 +1362,7 @@ yylex(void)
 {
 	char	 buf[8096];
 	char	*p, *val;
-	int	 endc, next, c;
+	int	 quotec, next, c;
 	int	 token;
 
 top:
@@ -1353,7 +1370,7 @@ top:
 	while ((c = lgetc(0)) == ' ')
 		; /* nothing */
 
-	yylval.lineno = lineno;
+	yylval.lineno = file->lineno;
 	if (c == '#')
 		while ((c = lgetc(0)) != '\n' && c != EOF)
 			; /* nothing */
@@ -1387,21 +1404,21 @@ top:
 	switch (c) {
 	case '\'':
 	case '"':
-		endc = c;
+		quotec = c;
 		while (1) {
-			if ((c = lgetc(1)) == EOF)
+			if ((c = lgetc(quotec)) == EOF)
 				return (0);
 			if (c == '\n') {
-				lineno++;
+				file->lineno++;
 				continue;
 			} else if (c == '\\') {
-				if ((next = lgetc(1)) == EOF)
+				if ((next = lgetc(quotec)) == EOF)
 					return (0);
-				if (next == endc)
+				if (next == quotec)
 					c = next;
 				else
 					lungetc(next);
-			} else if (c == endc) {
+			} else if (c == quotec) {
 				*p = '\0';
 				break;
 			}
@@ -1475,14 +1492,75 @@ nodigits:
 		return (token);
 	}
 	if (c == '\n') {
-		yylval.lineno = lineno;
-		lineno++;
+		yylval.lineno = file->lineno;
+		file->lineno++;
 	}
 	if (c == EOF)
 		return (0);
 	return (c);
 }
 
+int
+check_file_secrecy(int fd, const char *fname)
+{
+	struct stat	st;
+
+	if (fstat(fd, &st)) {
+		log_warn("cannot stat %s", fname);
+		return (-1);
+	}
+	if (st.st_uid != 0 && st.st_uid != getuid()) {
+		log_warnx("%s: owner not root or current user", fname);
+		return (-1);
+	}
+	if (st.st_mode & (S_IRWXG | S_IRWXO)) {
+		log_warnx("%s: group/world readable/writeable", fname);
+		return (-1);
+	}
+	return (0);
+}
+
+struct file *
+pushfile(const char *name, int secret)
+{
+	struct file	*nfile;
+
+	if ((nfile = calloc(1, sizeof(struct file))) == NULL ||
+	    (nfile->name = strdup(name)) == NULL)
+		return (NULL);
+	if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
+		free(nfile->name);
+		free(nfile);
+		return (NULL);
+	} else if (secret &&
+	    check_file_secrecy(fileno(nfile->stream), nfile->name)) {
+		fclose(nfile->stream);
+		free(nfile->name);
+		free(nfile);
+		return (NULL);
+	}
+	nfile->lineno = 1;
+	TAILQ_INSERT_TAIL(&files, nfile, entry);
+	return (nfile);
+}
+
+int
+popfile(void)
+{
+	struct file	*prev;
+
+	if ((prev = TAILQ_PREV(file, files, entry)) != NULL) {
+		prev->errors += file->errors;
+		TAILQ_REMOVE(&files, file, entry);
+		fclose(file->stream);
+		free(file->name);
+		free(file);
+		file = prev;
+		return (0);
+	}
+	return (EOF);
+}
+
 struct hoststated *
 parse_config(const char *filename, int opts)
 {
@@ -1530,27 +1608,29 @@ parse_config(const char *filename, int opts)
 	conf->opts = opts;
 	conf->confpath = filename;
 
-	if ((fin = fopen(filename, "r")) == NULL) {
+	if ((file = pushfile(filename, 1)) == NULL) {
 		warn("%s", filename);
 		free(conf);
 		return (NULL);
 	}
-	infile = filename;
 	setservent(1);
+
 	yyparse();
+	errors = file->errors;
+	popfile();
+
 	endservent();
-	fclose(fin);
 
 	/* Free macros and check which have not been used. */
 	for (sym = TAILQ_FIRST(&symhead); sym != NULL; sym = next) {
-		next = TAILQ_NEXT(sym, entries);
+		next = TAILQ_NEXT(sym, entry);
 		if ((conf->opts & HOSTSTATED_OPT_VERBOSE) && !sym->used)
 			fprintf(stderr, "warning: macro '%s' not "
 			    "used\n", sym->nam);
 		if (!sym->persist) {
 			free(sym->nam);
 			free(sym->val);
-			TAILQ_REMOVE(&symhead, sym, entries);
+			TAILQ_REMOVE(&symhead, sym, entry);
 			free(sym);
 		}
 	}
@@ -1616,7 +1696,7 @@ symset(const char *nam, const char *val, int persist)
 	struct sym	*sym;
 
 	for (sym = TAILQ_FIRST(&symhead); sym && strcmp(nam, sym->nam);
-	    sym = TAILQ_NEXT(sym, entries))
+	    sym = TAILQ_NEXT(sym, entry))
 		;	/* nothing */
 
 	if (sym != NULL) {
@@ -1625,7 +1705,7 @@ symset(const char *nam, const char *val, int persist)
 		else {
 			free(sym->nam);
 			free(sym->val);
-			TAILQ_REMOVE(&symhead, sym, entries);
+			TAILQ_REMOVE(&symhead, sym, entry);
 			free(sym);
 		}
 	}
@@ -1645,7 +1725,7 @@ symset(const char *nam, const char *val, int persist)
 	}
 	sym->used = 0;
 	sym->persist = persist;
-	TAILQ_INSERT_TAIL(&symhead, sym, entries);
+	TAILQ_INSERT_TAIL(&symhead, sym, entry);
 	return (0);
 }
 
@@ -1676,7 +1756,7 @@ symget(const char *nam)
 {
 	struct sym	*sym;
 
-	TAILQ_FOREACH(sym, &symhead, entries)
+	TAILQ_FOREACH(sym, &symhead, entry)
 		if (strcmp(nam, sym->nam) == 0) {
 			sym->used = 1;
 			return (sym->val);