summaryrefslogtreecommitdiffstats
path: root/ipsec-tools/src/racoon/cfparse.c
diff options
context:
space:
mode:
Diffstat (limited to 'ipsec-tools/src/racoon/cfparse.c')
-rw-r--r--ipsec-tools/src/racoon/cfparse.c5871
1 files changed, 5871 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/cfparse.c b/ipsec-tools/src/racoon/cfparse.c
new file mode 100644
index 00000000..19c60e78
--- /dev/null
+++ b/ipsec-tools/src/racoon/cfparse.c
@@ -0,0 +1,5871 @@
+/* A Bison parser, made by GNU Bison 2.6.2. */
+
+/* Bison implementation for Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.6.2"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Push parsers. */
+#define YYPUSH 0
+
+/* Pull parsers. */
+#define YYPULL 1
+
+
+
+
+/* Copy the first part of user declarations. */
+/* Line 336 of yacc.c */
+#line 5 "cfparse.y"
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/queue.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+#include PATH_IPSEC_H
+
+#ifdef ENABLE_HYBRID
+#include <arpa/inet.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "var.h"
+#include "misc.h"
+#include "vmbuf.h"
+#include "plog.h"
+#include "sockmisc.h"
+#include "str2val.h"
+#include "genlist.h"
+#include "debug.h"
+
+#include "admin.h"
+#include "privsep.h"
+#include "cfparse_proto.h"
+#include "cftoken_proto.h"
+#include "algorithm.h"
+#include "localconf.h"
+#include "policy.h"
+#include "sainfo.h"
+#include "oakley.h"
+#include "pfkey.h"
+#include "remoteconf.h"
+#include "grabmyaddr.h"
+#include "isakmp_var.h"
+#include "handler.h"
+#include "isakmp.h"
+#include "nattraversal.h"
+#include "isakmp_frag.h"
+#ifdef ENABLE_HYBRID
+#include "resolv.h"
+#include "isakmp_unity.h"
+#include "isakmp_xauth.h"
+#include "isakmp_cfg.h"
+#endif
+#include "ipsec_doi.h"
+#include "strnames.h"
+#include "gcmalloc.h"
+#ifdef HAVE_GSSAPI
+#include "gssapi.h"
+#endif
+#include "vendorid.h"
+#include "rsalist.h"
+#include "crypto_openssl.h"
+
+struct secprotospec {
+ int prop_no;
+ int trns_no;
+ int strength; /* for isakmp/ipsec */
+ int encklen; /* for isakmp/ipsec */
+ time_t lifetime; /* for isakmp */
+ int lifebyte; /* for isakmp */
+ int proto_id; /* for ipsec (isakmp?) */
+ int ipsec_level; /* for ipsec */
+ int encmode; /* for ipsec */
+ int vendorid; /* for isakmp */
+ char *gssid;
+ struct sockaddr *remote;
+ int algclass[MAXALGCLASS];
+
+ struct secprotospec *next; /* the tail is the most prefiered. */
+ struct secprotospec *prev;
+};
+
+static int num2dhgroup[] = {
+ 0,
+ OAKLEY_ATTR_GRP_DESC_MODP768,
+ OAKLEY_ATTR_GRP_DESC_MODP1024,
+ OAKLEY_ATTR_GRP_DESC_EC2N155,
+ OAKLEY_ATTR_GRP_DESC_EC2N185,
+ OAKLEY_ATTR_GRP_DESC_MODP1536,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ OAKLEY_ATTR_GRP_DESC_MODP2048,
+ OAKLEY_ATTR_GRP_DESC_MODP3072,
+ OAKLEY_ATTR_GRP_DESC_MODP4096,
+ OAKLEY_ATTR_GRP_DESC_MODP6144,
+ OAKLEY_ATTR_GRP_DESC_MODP8192
+};
+
+static struct remoteconf *cur_rmconf;
+static int tmpalgtype[MAXALGCLASS];
+static struct sainfo *cur_sainfo;
+static int cur_algclass;
+static int oldloglevel = LLV_BASE;
+
+static struct secprotospec *newspspec __P((void));
+static void insspspec __P((struct remoteconf *, struct secprotospec *));
+void dupspspec_list __P((struct remoteconf *dst, struct remoteconf *src));
+void flushspspec __P((struct remoteconf *));
+static void adminsock_conf __P((vchar_t *, vchar_t *, vchar_t *, int));
+
+static int set_isakmp_proposal __P((struct remoteconf *));
+static void clean_tmpalgtype __P((void));
+static int expand_isakmpspec __P((int, int, int *,
+ int, int, time_t, int, int, int, char *, struct remoteconf *));
+
+void freeetypes (struct etypes **etypes);
+
+static int load_x509(const char *file, char **filenameptr,
+ vchar_t **certptr)
+{
+ char path[PATH_MAX];
+
+ getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file);
+ *certptr = eay_get_x509cert(path);
+ if (*certptr == NULL)
+ return -1;
+
+ *filenameptr = racoon_strdup(file);
+ STRDUP_FATAL(*filenameptr);
+
+ return 0;
+}
+
+static int process_rmconf()
+{
+
+ /* check a exchange mode */
+ if (cur_rmconf->etypes == NULL) {
+ yyerror("no exchange mode specified.\n");
+ return -1;
+ }
+
+ if (cur_rmconf->idvtype == IDTYPE_UNDEFINED)
+ cur_rmconf->idvtype = IDTYPE_ADDRESS;
+
+ if (cur_rmconf->idvtype == IDTYPE_ASN1DN) {
+ if (cur_rmconf->mycertfile) {
+ if (cur_rmconf->idv)
+ yywarn("Both CERT and ASN1 ID "
+ "are set. Hope this is OK.\n");
+ /* TODO: Preparse the DN here */
+ } else if (cur_rmconf->idv) {
+ /* OK, using asn1dn without X.509. */
+ } else {
+ yyerror("ASN1 ID not specified "
+ "and no CERT defined!\n");
+ return -1;
+ }
+ }
+
+ if (duprmconf_finish(cur_rmconf))
+ return -1;
+
+ if (set_isakmp_proposal(cur_rmconf) != 0)
+ return -1;
+
+ /* DH group settting if aggressive mode is there. */
+ if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) {
+ struct isakmpsa *p;
+ int b = 0;
+
+ /* DH group */
+ for (p = cur_rmconf->proposal; p; p = p->next) {
+ if (b == 0 || (b && b == p->dh_group)) {
+ b = p->dh_group;
+ continue;
+ }
+ yyerror("DH group must be equal "
+ "in all proposals "
+ "when aggressive mode is "
+ "used.\n");
+ return -1;
+ }
+ cur_rmconf->dh_group = b;
+
+ if (cur_rmconf->dh_group == 0) {
+ yyerror("DH group must be set in the proposal.\n");
+ return -1;
+ }
+
+ /* DH group settting if PFS is required. */
+ if (oakley_setdhgroup(cur_rmconf->dh_group,
+ &cur_rmconf->dhgrp) < 0) {
+ yyerror("failed to set DH value.\n");
+ return -1;
+ }
+ }
+
+ insrmconf(cur_rmconf);
+
+ return 0;
+}
+
+
+/* Line 336 of yacc.c */
+#line 310 "cfparse.c"
+
+# ifndef YY_NULL
+# if defined __cplusplus && 201103L <= __cplusplus
+# define YY_NULL nullptr
+# else
+# define YY_NULL 0
+# endif
+# endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* In a future release of Bison, this section will be replaced
+ by #include "y.tab.h". */
+#ifndef YY_Y_TAB_H
+# define YY_Y_TAB_H
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+#if YYDEBUG
+extern int yydebug;
+#endif
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ PRIVSEP = 258,
+ USER = 259,
+ GROUP = 260,
+ CHROOT = 261,
+ PATH = 262,
+ PATHTYPE = 263,
+ INCLUDE = 264,
+ PFKEY_BUFFER = 265,
+ LOGGING = 266,
+ LOGLEV = 267,
+ PADDING = 268,
+ PAD_RANDOMIZE = 269,
+ PAD_RANDOMIZELEN = 270,
+ PAD_MAXLEN = 271,
+ PAD_STRICT = 272,
+ PAD_EXCLTAIL = 273,
+ LISTEN = 274,
+ X_ISAKMP = 275,
+ X_ISAKMP_NATT = 276,
+ X_ADMIN = 277,
+ STRICT_ADDRESS = 278,
+ ADMINSOCK = 279,
+ DISABLED = 280,
+ LDAPCFG = 281,
+ LDAP_HOST = 282,
+ LDAP_PORT = 283,
+ LDAP_PVER = 284,
+ LDAP_BASE = 285,
+ LDAP_BIND_DN = 286,
+ LDAP_BIND_PW = 287,
+ LDAP_SUBTREE = 288,
+ LDAP_ATTR_USER = 289,
+ LDAP_ATTR_ADDR = 290,
+ LDAP_ATTR_MASK = 291,
+ LDAP_ATTR_GROUP = 292,
+ LDAP_ATTR_MEMBER = 293,
+ RADCFG = 294,
+ RAD_AUTH = 295,
+ RAD_ACCT = 296,
+ RAD_TIMEOUT = 297,
+ RAD_RETRIES = 298,
+ MODECFG = 299,
+ CFG_NET4 = 300,
+ CFG_MASK4 = 301,
+ CFG_DNS4 = 302,
+ CFG_NBNS4 = 303,
+ CFG_DEFAULT_DOMAIN = 304,
+ CFG_AUTH_SOURCE = 305,
+ CFG_AUTH_GROUPS = 306,
+ CFG_SYSTEM = 307,
+ CFG_RADIUS = 308,
+ CFG_PAM = 309,
+ CFG_LDAP = 310,
+ CFG_LOCAL = 311,
+ CFG_NONE = 312,
+ CFG_GROUP_SOURCE = 313,
+ CFG_ACCOUNTING = 314,
+ CFG_CONF_SOURCE = 315,
+ CFG_MOTD = 316,
+ CFG_POOL_SIZE = 317,
+ CFG_AUTH_THROTTLE = 318,
+ CFG_SPLIT_NETWORK = 319,
+ CFG_SPLIT_LOCAL = 320,
+ CFG_SPLIT_INCLUDE = 321,
+ CFG_SPLIT_DNS = 322,
+ CFG_PFS_GROUP = 323,
+ CFG_SAVE_PASSWD = 324,
+ RETRY = 325,
+ RETRY_COUNTER = 326,
+ RETRY_INTERVAL = 327,
+ RETRY_PERSEND = 328,
+ RETRY_PHASE1 = 329,
+ RETRY_PHASE2 = 330,
+ NATT_KA = 331,
+ ALGORITHM_CLASS = 332,
+ ALGORITHMTYPE = 333,
+ STRENGTHTYPE = 334,
+ SAINFO = 335,
+ FROM = 336,
+ REMOTE = 337,
+ ANONYMOUS = 338,
+ CLIENTADDR = 339,
+ INHERIT = 340,
+ REMOTE_ADDRESS = 341,
+ EXCHANGE_MODE = 342,
+ EXCHANGETYPE = 343,
+ DOI = 344,
+ DOITYPE = 345,
+ SITUATION = 346,
+ SITUATIONTYPE = 347,
+ CERTIFICATE_TYPE = 348,
+ CERTTYPE = 349,
+ PEERS_CERTFILE = 350,
+ CA_TYPE = 351,
+ VERIFY_CERT = 352,
+ SEND_CERT = 353,
+ SEND_CR = 354,
+ MATCH_EMPTY_CR = 355,
+ IDENTIFIERTYPE = 356,
+ IDENTIFIERQUAL = 357,
+ MY_IDENTIFIER = 358,
+ PEERS_IDENTIFIER = 359,
+ VERIFY_IDENTIFIER = 360,
+ DNSSEC = 361,
+ CERT_X509 = 362,
+ CERT_PLAINRSA = 363,
+ NONCE_SIZE = 364,
+ DH_GROUP = 365,
+ KEEPALIVE = 366,
+ PASSIVE = 367,
+ INITIAL_CONTACT = 368,
+ NAT_TRAVERSAL = 369,
+ REMOTE_FORCE_LEVEL = 370,
+ PROPOSAL_CHECK = 371,
+ PROPOSAL_CHECK_LEVEL = 372,
+ GENERATE_POLICY = 373,
+ GENERATE_LEVEL = 374,
+ SUPPORT_PROXY = 375,
+ PROPOSAL = 376,
+ EXEC_PATH = 377,
+ EXEC_COMMAND = 378,
+ EXEC_SUCCESS = 379,
+ EXEC_FAILURE = 380,
+ GSS_ID = 381,
+ GSS_ID_ENC = 382,
+ GSS_ID_ENCTYPE = 383,
+ COMPLEX_BUNDLE = 384,
+ DPD = 385,
+ DPD_DELAY = 386,
+ DPD_RETRY = 387,
+ DPD_MAXFAIL = 388,
+ PH1ID = 389,
+ XAUTH_LOGIN = 390,
+ WEAK_PHASE1_CHECK = 391,
+ REKEY = 392,
+ PREFIX = 393,
+ PORT = 394,
+ PORTANY = 395,
+ UL_PROTO = 396,
+ ANY = 397,
+ IKE_FRAG = 398,
+ ESP_FRAG = 399,
+ MODE_CFG = 400,
+ PFS_GROUP = 401,
+ LIFETIME = 402,
+ LIFETYPE_TIME = 403,
+ LIFETYPE_BYTE = 404,
+ STRENGTH = 405,
+ REMOTEID = 406,
+ SCRIPT = 407,
+ PHASE1_UP = 408,
+ PHASE1_DOWN = 409,
+ PHASE1_DEAD = 410,
+ NUMBER = 411,
+ SWITCH = 412,
+ BOOLEAN = 413,
+ HEXSTRING = 414,
+ QUOTEDSTRING = 415,
+ ADDRSTRING = 416,
+ ADDRRANGE = 417,
+ UNITTYPE_BYTE = 418,
+ UNITTYPE_KBYTES = 419,
+ UNITTYPE_MBYTES = 420,
+ UNITTYPE_TBYTES = 421,
+ UNITTYPE_SEC = 422,
+ UNITTYPE_MIN = 423,
+ UNITTYPE_HOUR = 424,
+ EOS = 425,
+ BOC = 426,
+ EOC = 427,
+ COMMA = 428
+ };
+#endif
+/* Tokens. */
+#define PRIVSEP 258
+#define USER 259
+#define GROUP 260
+#define CHROOT 261
+#define PATH 262
+#define PATHTYPE 263
+#define INCLUDE 264
+#define PFKEY_BUFFER 265
+#define LOGGING 266
+#define LOGLEV 267
+#define PADDING 268
+#define PAD_RANDOMIZE 269
+#define PAD_RANDOMIZELEN 270
+#define PAD_MAXLEN 271
+#define PAD_STRICT 272
+#define PAD_EXCLTAIL 273
+#define LISTEN 274
+#define X_ISAKMP 275
+#define X_ISAKMP_NATT 276
+#define X_ADMIN 277
+#define STRICT_ADDRESS 278
+#define ADMINSOCK 279
+#define DISABLED 280
+#define LDAPCFG 281
+#define LDAP_HOST 282
+#define LDAP_PORT 283
+#define LDAP_PVER 284
+#define LDAP_BASE 285
+#define LDAP_BIND_DN 286
+#define LDAP_BIND_PW 287
+#define LDAP_SUBTREE 288
+#define LDAP_ATTR_USER 289
+#define LDAP_ATTR_ADDR 290
+#define LDAP_ATTR_MASK 291
+#define LDAP_ATTR_GROUP 292
+#define LDAP_ATTR_MEMBER 293
+#define RADCFG 294
+#define RAD_AUTH 295
+#define RAD_ACCT 296
+#define RAD_TIMEOUT 297
+#define RAD_RETRIES 298
+#define MODECFG 299
+#define CFG_NET4 300
+#define CFG_MASK4 301
+#define CFG_DNS4 302
+#define CFG_NBNS4 303
+#define CFG_DEFAULT_DOMAIN 304
+#define CFG_AUTH_SOURCE 305
+#define CFG_AUTH_GROUPS 306
+#define CFG_SYSTEM 307
+#define CFG_RADIUS 308
+#define CFG_PAM 309
+#define CFG_LDAP 310
+#define CFG_LOCAL 311
+#define CFG_NONE 312
+#define CFG_GROUP_SOURCE 313
+#define CFG_ACCOUNTING 314
+#define CFG_CONF_SOURCE 315
+#define CFG_MOTD 316
+#define CFG_POOL_SIZE 317
+#define CFG_AUTH_THROTTLE 318
+#define CFG_SPLIT_NETWORK 319
+#define CFG_SPLIT_LOCAL 320
+#define CFG_SPLIT_INCLUDE 321
+#define CFG_SPLIT_DNS 322
+#define CFG_PFS_GROUP 323
+#define CFG_SAVE_PASSWD 324
+#define RETRY 325
+#define RETRY_COUNTER 326
+#define RETRY_INTERVAL 327
+#define RETRY_PERSEND 328
+#define RETRY_PHASE1 329
+#define RETRY_PHASE2 330
+#define NATT_KA 331
+#define ALGORITHM_CLASS 332
+#define ALGORITHMTYPE 333
+#define STRENGTHTYPE 334
+#define SAINFO 335
+#define FROM 336
+#define REMOTE 337
+#define ANONYMOUS 338
+#define CLIENTADDR 339
+#define INHERIT 340
+#define REMOTE_ADDRESS 341
+#define EXCHANGE_MODE 342
+#define EXCHANGETYPE 343
+#define DOI 344
+#define DOITYPE 345
+#define SITUATION 346
+#define SITUATIONTYPE 347
+#define CERTIFICATE_TYPE 348
+#define CERTTYPE 349
+#define PEERS_CERTFILE 350
+#define CA_TYPE 351
+#define VERIFY_CERT 352
+#define SEND_CERT 353
+#define SEND_CR 354
+#define MATCH_EMPTY_CR 355
+#define IDENTIFIERTYPE 356
+#define IDENTIFIERQUAL 357
+#define MY_IDENTIFIER 358
+#define PEERS_IDENTIFIER 359
+#define VERIFY_IDENTIFIER 360
+#define DNSSEC 361
+#define CERT_X509 362
+#define CERT_PLAINRSA 363
+#define NONCE_SIZE 364
+#define DH_GROUP 365
+#define KEEPALIVE 366
+#define PASSIVE 367
+#define INITIAL_CONTACT 368
+#define NAT_TRAVERSAL 369
+#define REMOTE_FORCE_LEVEL 370
+#define PROPOSAL_CHECK 371
+#define PROPOSAL_CHECK_LEVEL 372
+#define GENERATE_POLICY 373
+#define GENERATE_LEVEL 374
+#define SUPPORT_PROXY 375
+#define PROPOSAL 376
+#define EXEC_PATH 377
+#define EXEC_COMMAND 378
+#define EXEC_SUCCESS 379
+#define EXEC_FAILURE 380
+#define GSS_ID 381
+#define GSS_ID_ENC 382
+#define GSS_ID_ENCTYPE 383
+#define COMPLEX_BUNDLE 384
+#define DPD 385
+#define DPD_DELAY 386
+#define DPD_RETRY 387
+#define DPD_MAXFAIL 388
+#define PH1ID 389
+#define XAUTH_LOGIN 390
+#define WEAK_PHASE1_CHECK 391
+#define REKEY 392
+#define PREFIX 393
+#define PORT 394
+#define PORTANY 395
+#define UL_PROTO 396
+#define ANY 397
+#define IKE_FRAG 398
+#define ESP_FRAG 399
+#define MODE_CFG 400
+#define PFS_GROUP 401
+#define LIFETIME 402
+#define LIFETYPE_TIME 403
+#define LIFETYPE_BYTE 404
+#define STRENGTH 405
+#define REMOTEID 406
+#define SCRIPT 407
+#define PHASE1_UP 408
+#define PHASE1_DOWN 409
+#define PHASE1_DEAD 410
+#define NUMBER 411
+#define SWITCH 412
+#define BOOLEAN 413
+#define HEXSTRING 414
+#define QUOTEDSTRING 415
+#define ADDRSTRING 416
+#define ADDRRANGE 417
+#define UNITTYPE_BYTE 418
+#define UNITTYPE_KBYTES 419
+#define UNITTYPE_MBYTES 420
+#define UNITTYPE_TBYTES 421
+#define UNITTYPE_SEC 422
+#define UNITTYPE_MIN 423
+#define UNITTYPE_HOUR 424
+#define EOS 425
+#define BOC 426
+#define EOC 427
+#define COMMA 428
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+{
+/* Line 350 of yacc.c */
+#line 247 "cfparse.y"
+
+ unsigned long num;
+ vchar_t *val;
+ struct remoteconf *rmconf;
+ struct sockaddr *saddr;
+ struct sainfoalg *alg;
+
+
+/* Line 350 of yacc.c */
+#line 708 "cfparse.c"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+#endif
+
+extern YYSTYPE yylval;
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+#endif /* !YY_Y_TAB_H */
+
+/* Copy the second part of user declarations. */
+
+/* Line 353 of yacc.c */
+#line 736 "cfparse.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int yyi)
+#else
+static int
+YYID (yyi)
+ int yyi;
+#endif
+{
+ return yyi;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+ /* Use EXIT_SUCCESS as a witness for stdlib.h. */
+# ifndef EXIT_SUCCESS
+# define EXIT_SUCCESS 0
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined EXIT_SUCCESS \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef EXIT_SUCCESS
+# define EXIT_SUCCESS 0
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss_alloc;
+ YYSTYPE yyvs_alloc;
+};
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+# define YYCOPY_NEEDED 1
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack_alloc, Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
+ Stack = &yyptr->Stack_alloc; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
+/* Copy COUNT objects from SRC to DST. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(Dst, Src, Count) \
+ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
+# else
+# define YYCOPY(Dst, Src, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (Dst)[yyi] = (Src)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+#endif /* !YYCOPY_NEEDED */
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 2
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 534
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 174
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 204
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 381
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 691
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 428
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
+ 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
+ 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
+ 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
+ 65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
+ 75, 76, 77, 78, 79, 80, 81, 82, 83, 84,
+ 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
+ 95, 96, 97, 98, 99, 100, 101, 102, 103, 104,
+ 105, 106, 107, 108, 109, 110, 111, 112, 113, 114,
+ 115, 116, 117, 118, 119, 120, 121, 122, 123, 124,
+ 125, 126, 127, 128, 129, 130, 131, 132, 133, 134,
+ 135, 136, 137, 138, 139, 140, 141, 142, 143, 144,
+ 145, 146, 147, 148, 149, 150, 151, 152, 153, 154,
+ 155, 156, 157, 158, 159, 160, 161, 162, 163, 164,
+ 165, 166, 167, 168, 169, 170, 171, 172, 173
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint16 yyprhs[] =
+{
+ 0, 0, 3, 4, 7, 9, 11, 13, 15, 17,
+ 19, 21, 23, 25, 27, 29, 31, 33, 35, 37,
+ 42, 43, 46, 47, 52, 53, 58, 59, 64, 65,
+ 70, 71, 76, 77, 83, 84, 89, 93, 97, 101,
+ 105, 107, 112, 113, 116, 117, 122, 123, 128, 129,
+ 134, 135, 140, 141, 146, 151, 152, 155, 156, 161,
+ 162, 167, 168, 176, 177, 182, 183, 188, 189, 193,
+ 196, 197, 199, 200, 206, 207, 210, 211, 217, 218,
+ 225, 226, 232, 233, 240, 241, 246, 247, 252, 253,
+ 259, 260, 263, 264, 269, 270, 275, 276, 281, 282,
+ 287, 288, 293, 294, 299, 300, 305, 306, 311, 312,
+ 317, 318, 323, 324, 329, 330, 335, 340, 341, 344,
+ 345, 350, 351, 356, 360, 364, 365, 371, 372, 378,
+ 379, 384, 385, 390, 391, 396, 397, 402, 403, 408,
+ 409, 414, 415, 420, 421, 426, 427, 432, 433, 438,
+ 439, 444, 445, 450, 451, 456, 457, 462, 463, 468,
+ 469, 474, 475, 480, 481, 486, 487, 492, 493, 498,
+ 499, 504, 506, 510, 512, 514, 518, 520, 522, 526,
+ 529, 531, 535, 537, 539, 543, 545, 550, 551, 554,
+ 555, 560, 561, 567, 568, 573, 574, 580, 581, 587,
+ 588, 594, 595, 596, 605, 607, 610, 613, 616, 619,
+ 622, 628, 635, 638, 639, 643, 646, 647, 650, 651,
+ 656, 657, 662, 663, 670, 671, 678, 679, 684, 686,
+ 687, 692, 695, 696, 698, 699, 701, 703, 705, 707,
+ 709, 710, 712, 713, 720, 721, 726, 727, 734, 735,
+ 740, 742, 744, 748, 751, 753, 754, 757, 758, 763,
+ 764, 769, 770, 775, 776, 781, 784, 785, 790, 791,
+ 797, 798, 804, 805, 810, 811, 817, 818, 823, 824,
+ 829, 830, 835, 836, 841, 842, 848, 849, 856, 857,
+ 862, 863, 869, 870, 877, 878, 883, 884, 889, 890,
+ 895, 896, 901, 902, 907, 908, 913, 914, 919, 920,
+ 926, 927, 933, 934, 940, 941, 946, 947, 952, 953,
+ 958, 959, 964, 965, 970, 971, 976, 977, 982, 983,
+ 988, 989, 994, 995, 1000, 1001, 1006, 1007, 1012, 1013,
+ 1018, 1019, 1024, 1025, 1030, 1031, 1038, 1039, 1044, 1045,
+ 1052, 1053, 1059, 1060, 1063, 1064, 1070, 1071, 1076, 1078,
+ 1080, 1081, 1083, 1085, 1086, 1089, 1090, 1097, 1098, 1105,
+ 1106, 1111, 1112, 1117, 1118, 1124, 1126, 1128, 1130, 1132,
+ 1134, 1136
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int16 yyrhs[] =
+{
+ 175, 0, -1, -1, 175, 176, -1, 177, -1, 185,
+ -1, 189, -1, 190, -1, 191, -1, 192, -1, 194,
+ -1, 202, -1, 223, -1, 213, -1, 239, -1, 277,
+ -1, 286, -1, 306, -1, 187, -1, 3, 171, 178,
+ 172, -1, -1, 178, 179, -1, -1, 4, 160, 180,
+ 170, -1, -1, 4, 156, 181, 170, -1, -1, 5,
+ 160, 182, 170, -1, -1, 5, 156, 183, 170, -1,
+ -1, 6, 160, 184, 170, -1, -1, 7, 8, 160,
+ 186, 170, -1, -1, 129, 157, 188, 170, -1, 9,
+ 160, 170, -1, 10, 156, 170, -1, 127, 128, 170,
+ -1, 11, 193, 170, -1, 12, -1, 13, 171, 195,
+ 172, -1, -1, 195, 196, -1, -1, 14, 157, 197,
+ 170, -1, -1, 15, 157, 198, 170, -1, -1, 16,
+ 156, 199, 170, -1, -1, 17, 157, 200, 170, -1,
+ -1, 18, 157, 201, 170, -1, 19, 171, 203, 172,
+ -1, -1, 203, 204, -1, -1, 20, 211, 205, 170,
+ -1, -1, 21, 211, 206, 170, -1, -1, 24, 160,
+ 160, 160, 156, 207, 170, -1, -1, 24, 160, 208,
+ 170, -1, -1, 24, 25, 209, 170, -1, -1, 23,
+ 210, 170, -1, 161, 212, -1, -1, 139, -1, -1,
+ 39, 214, 171, 215, 172, -1, -1, 215, 216, -1,
+ -1, 40, 160, 160, 217, 170, -1, -1, 40, 160,
+ 156, 160, 218, 170, -1, -1, 41, 160, 160, 219,
+ 170, -1, -1, 41, 160, 156, 160, 220, 170, -1,
+ -1, 42, 156, 221, 170, -1, -1, 43, 156, 222,
+ 170, -1, -1, 26, 224, 171, 225, 172, -1, -1,
+ 225, 226, -1, -1, 29, 156, 227, 170, -1, -1,
+ 27, 160, 228, 170, -1, -1, 28, 156, 229, 170,
+ -1, -1, 30, 160, 230, 170, -1, -1, 33, 157,
+ 231, 170, -1, -1, 31, 160, 232, 170, -1, -1,
+ 32, 160, 233, 170, -1, -1, 34, 160, 234, 170,
+ -1, -1, 35, 160, 235, 170, -1, -1, 36, 160,
+ 236, 170, -1, -1, 37, 160, 237, 170, -1, -1,
+ 38, 160, 238, 170, -1, 44, 171, 240, 172, -1,
+ -1, 240, 241, -1, -1, 45, 161, 242, 170, -1,
+ -1, 46, 161, 243, 170, -1, 47, 267, 170, -1,
+ 48, 269, 170, -1, -1, 64, 65, 271, 244, 170,
+ -1, -1, 64, 66, 271, 245, 170, -1, -1, 67,
+ 275, 246, 170, -1, -1, 49, 160, 247, 170, -1,
+ -1, 50, 52, 248, 170, -1, -1, 50, 53, 249,
+ 170, -1, -1, 50, 54, 250, 170, -1, -1, 50,
+ 55, 251, 170, -1, -1, 51, 273, 252, 170, -1,
+ -1, 58, 52, 253, 170, -1, -1, 58, 55, 254,
+ 170, -1, -1, 59, 57, 255, 170, -1, -1, 59,
+ 52, 256, 170, -1, -1, 59, 53, 257, 170, -1,
+ -1, 59, 54, 258, 170, -1, -1, 62, 156, 259,
+ 170, -1, -1, 68, 156, 260, 170, -1, -1, 69,
+ 157, 261, 170, -1, -1, 63, 156, 262, 170, -1,
+ -1, 60, 56, 263, 170, -1, -1, 60, 53, 264,
+ 170, -1, -1, 60, 55, 265, 170, -1, -1, 61,
+ 160, 266, 170, -1, 268, -1, 268, 173, 267, -1,
+ 161, -1, 270, -1, 270, 173, 269, -1, 161, -1,
+ 272, -1, 271, 173, 272, -1, 161, 138, -1, 274,
+ -1, 274, 173, 273, -1, 160, -1, 276, -1, 276,
+ 173, 275, -1, 160, -1, 70, 171, 278, 172, -1,
+ -1, 278, 279, -1, -1, 71, 156, 280, 170, -1,
+ -1, 72, 156, 376, 281, 170, -1, -1, 73, 156,
+ 282, 170, -1, -1, 74, 156, 376, 283, 170, -1,
+ -1, 75, 156, 376, 284, 170, -1, -1, 76, 156,
+ 376, 285, 170, -1, -1, -1, 80, 287, 289, 291,
+ 171, 292, 288, 172, -1, 83, -1, 83, 84, -1,
+ 83, 290, -1, 290, 83, -1, 290, 84, -1, 290,
+ 290, -1, 101, 161, 302, 303, 304, -1, 101, 161,
+ 162, 302, 303, 304, -1, 101, 160, -1, -1, 81,
+ 101, 368, -1, 5, 160, -1, -1, 292, 293, -1,
+ -1, 146, 367, 294, 170, -1, -1, 151, 156, 295,
+ 170, -1, -1, 147, 148, 156, 376, 296, 170, -1,
+ -1, 147, 149, 156, 377, 297, 170, -1, -1, 77,
+ 298, 299, 170, -1, 301, -1, -1, 301, 300, 173,
+ 299, -1, 78, 305, -1, -1, 138, -1, -1, 139,
+ -1, 140, -1, 156, -1, 141, -1, 142, -1, -1,
+ 156, -1, -1, 82, 160, 85, 160, 307, 311, -1,
+ -1, 82, 160, 308, 312, -1, -1, 82, 313, 85,
+ 313, 309, 311, -1, -1, 82, 313, 310, 312, -1,
+ 312, -1, 170, -1, 171, 314, 172, -1, 83, 212,
+ -1, 211, -1, -1, 314, 315, -1, -1, 86, 211,
+ 316, 170, -1, -1, 87, 317, 363, 170, -1, -1,
+ 89, 90, 318, 170, -1, -1, 91, 92, 319, 170,
+ -1, 93, 364, -1, -1, 95, 160, 320, 170, -1,
+ -1, 95, 107, 160, 321, 170, -1, -1, 95, 108,
+ 160, 322, 170, -1, -1, 95, 106, 323, 170, -1,
+ -1, 96, 107, 160, 324, 170, -1, -1, 97, 157,
+ 325, 170, -1, -1, 98, 157, 326, 170, -1, -1,
+ 99, 157, 327, 170, -1, -1, 100, 157, 328, 170,
+ -1, -1, 103, 101, 368, 329, 170, -1, -1, 103,
+ 101, 102, 368, 330, 170, -1, -1, 135, 368, 331,
+ 170, -1, -1, 104, 101, 368, 332, 170, -1, -1,
+ 104, 101, 102, 368, 333, 170, -1, -1, 105, 157,
+ 334, 170, -1, -1, 109, 156, 335, 170, -1, -1,
+ 110, 336, 367, 170, -1, -1, 112, 157, 337, 170,
+ -1, -1, 143, 157, 338, 170, -1, -1, 143, 115,
+ 339, 170, -1, -1, 144, 156, 340, 170, -1, -1,
+ 152, 160, 153, 341, 170, -1, -1, 152, 160, 154,
+ 342, 170, -1, -1, 152, 160, 155, 343, 170, -1,
+ -1, 145, 157, 344, 170, -1, -1, 136, 157, 345,
+ 170, -1, -1, 118, 157, 346, 170, -1, -1, 118,
+ 119, 347, 170, -1, -1, 120, 157, 348, 170, -1,
+ -1, 113, 157, 349, 170, -1, -1, 114, 157, 350,
+ 170, -1, -1, 114, 115, 351, 170, -1, -1, 130,
+ 157, 352, 170, -1, -1, 131, 156, 353, 170, -1,
+ -1, 132, 156, 354, 170, -1, -1, 133, 156, 355,
+ 170, -1, -1, 137, 157, 356, 170, -1, -1, 137,
+ 115, 357, 170, -1, -1, 134, 156, 358, 170, -1,
+ -1, 147, 148, 156, 376, 359, 170, -1, -1, 116,
+ 117, 360, 170, -1, -1, 147, 149, 156, 377, 361,
+ 170, -1, -1, 121, 362, 171, 369, 172, -1, -1,
+ 363, 88, -1, -1, 107, 160, 160, 365, 170, -1,
+ -1, 108, 160, 366, 170, -1, 78, -1, 156, -1,
+ -1, 161, -1, 160, -1, -1, 369, 370, -1, -1,
+ 147, 148, 156, 376, 371, 170, -1, -1, 147, 149,
+ 156, 377, 372, 170, -1, -1, 110, 367, 373, 170,
+ -1, -1, 126, 160, 374, 170, -1, -1, 77, 78,
+ 305, 375, 170, -1, 167, -1, 168, -1, 169, -1,
+ 163, -1, 164, -1, 165, -1, 166, -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint16 yyrline[] =
+{
+ 0, 336, 336, 338, 341, 342, 343, 344, 345, 346,
+ 347, 348, 349, 350, 351, 352, 353, 354, 355, 360,
+ 362, 364, 368, 367, 378, 378, 380, 379, 390, 390,
+ 391, 391, 397, 396, 417, 417, 422, 436, 443, 455,
+ 458, 472, 474, 476, 479, 479, 480, 480, 481, 481,
+ 482, 482, 483, 483, 488, 490, 492, 496, 495, 502,
+ 501, 513, 512, 522, 521, 531, 530, 539, 539, 542,
+ 554, 555, 560, 560, 577, 579, 583, 582, 601, 600,
+ 619, 618, 637, 636, 655, 654, 664, 663, 676, 676,
+ 687, 689, 693, 692, 704, 703, 715, 714, 724, 723,
+ 735, 734, 744, 743, 755, 754, 766, 765, 777, 776,
+ 788, 787, 799, 798, 810, 809, 824, 826, 828, 832,
+ 831, 843, 842, 853, 855, 858, 857, 867, 866, 876,
+ 875, 883, 882, 895, 894, 904, 903, 917, 916, 930,
+ 929, 943, 942, 950, 949, 959, 958, 972, 971, 981,
+ 980, 990, 989, 1003, 1002, 1016, 1015, 1026, 1025, 1035,
+ 1034, 1044, 1043, 1053, 1052, 1062, 1061, 1075, 1074, 1088,
+ 1087, 1101, 1102, 1105, 1122, 1123, 1126, 1143, 1144, 1147,
+ 1170, 1171, 1174, 1208, 1209, 1212, 1249, 1251, 1253, 1257,
+ 1256, 1262, 1261, 1267, 1266, 1272, 1271, 1277, 1276, 1282,
+ 1281, 1298, 1306, 1297, 1345, 1350, 1355, 1360, 1365, 1370,
+ 1377, 1426, 1491, 1520, 1523, 1548, 1561, 1563, 1567, 1566,
+ 1572, 1571, 1577, 1576, 1582, 1581, 1593, 1593, 1600, 1605,
+ 1604, 1611, 1667, 1668, 1671, 1672, 1673, 1676, 1677, 1678,
+ 1681, 1682, 1688, 1687, 1718, 1717, 1738, 1737, 1761, 1760,
+ 1777, 1778, 1786, 1793, 1799, 1808, 1810, 1814, 1813, 1823,
+ 1822, 1827, 1827, 1828, 1828, 1829, 1831, 1830, 1851, 1850,
+ 1868, 1867, 1898, 1897, 1912, 1911, 1928, 1928, 1929, 1929,
+ 1930, 1930, 1931, 1931, 1933, 1932, 1942, 1941, 1951, 1950,
+ 1968, 1967, 1985, 1984, 2001, 2001, 2002, 2002, 2004, 2003,
+ 2009, 2009, 2010, 2010, 2011, 2011, 2012, 2012, 2022, 2022,
+ 2029, 2029, 2036, 2036, 2043, 2043, 2044, 2044, 2047, 2047,
+ 2048, 2048, 2049, 2049, 2050, 2050, 2052, 2051, 2063, 2062,
+ 2074, 2073, 2082, 2081, 2091, 2090, 2100, 2099, 2108, 2108,
+ 2109, 2109, 2111, 2110, 2116, 2115, 2120, 2120, 2122, 2121,
+ 2136, 2135, 2146, 2148, 2172, 2171, 2193, 2192, 2226, 2234,
+ 2246, 2247, 2248, 2250, 2252, 2256, 2255, 2261, 2260, 2273,
+ 2272, 2278, 2277, 2291, 2290, 2388, 2389, 2390, 2393, 2394,
+ 2395, 2396
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || 0
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "PRIVSEP", "USER", "GROUP", "CHROOT",
+ "PATH", "PATHTYPE", "INCLUDE", "PFKEY_BUFFER", "LOGGING", "LOGLEV",
+ "PADDING", "PAD_RANDOMIZE", "PAD_RANDOMIZELEN", "PAD_MAXLEN",
+ "PAD_STRICT", "PAD_EXCLTAIL", "LISTEN", "X_ISAKMP", "X_ISAKMP_NATT",
+ "X_ADMIN", "STRICT_ADDRESS", "ADMINSOCK", "DISABLED", "LDAPCFG",
+ "LDAP_HOST", "LDAP_PORT", "LDAP_PVER", "LDAP_BASE", "LDAP_BIND_DN",
+ "LDAP_BIND_PW", "LDAP_SUBTREE", "LDAP_ATTR_USER", "LDAP_ATTR_ADDR",
+ "LDAP_ATTR_MASK", "LDAP_ATTR_GROUP", "LDAP_ATTR_MEMBER", "RADCFG",
+ "RAD_AUTH", "RAD_ACCT", "RAD_TIMEOUT", "RAD_RETRIES", "MODECFG",
+ "CFG_NET4", "CFG_MASK4", "CFG_DNS4", "CFG_NBNS4", "CFG_DEFAULT_DOMAIN",
+ "CFG_AUTH_SOURCE", "CFG_AUTH_GROUPS", "CFG_SYSTEM", "CFG_RADIUS",
+ "CFG_PAM", "CFG_LDAP", "CFG_LOCAL", "CFG_NONE", "CFG_GROUP_SOURCE",
+ "CFG_ACCOUNTING", "CFG_CONF_SOURCE", "CFG_MOTD", "CFG_POOL_SIZE",
+ "CFG_AUTH_THROTTLE", "CFG_SPLIT_NETWORK", "CFG_SPLIT_LOCAL",
+ "CFG_SPLIT_INCLUDE", "CFG_SPLIT_DNS", "CFG_PFS_GROUP", "CFG_SAVE_PASSWD",
+ "RETRY", "RETRY_COUNTER", "RETRY_INTERVAL", "RETRY_PERSEND",
+ "RETRY_PHASE1", "RETRY_PHASE2", "NATT_KA", "ALGORITHM_CLASS",
+ "ALGORITHMTYPE", "STRENGTHTYPE", "SAINFO", "FROM", "REMOTE", "ANONYMOUS",
+ "CLIENTADDR", "INHERIT", "REMOTE_ADDRESS", "EXCHANGE_MODE",
+ "EXCHANGETYPE", "DOI", "DOITYPE", "SITUATION", "SITUATIONTYPE",
+ "CERTIFICATE_TYPE", "CERTTYPE", "PEERS_CERTFILE", "CA_TYPE",
+ "VERIFY_CERT", "SEND_CERT", "SEND_CR", "MATCH_EMPTY_CR",
+ "IDENTIFIERTYPE", "IDENTIFIERQUAL", "MY_IDENTIFIER", "PEERS_IDENTIFIER",
+ "VERIFY_IDENTIFIER", "DNSSEC", "CERT_X509", "CERT_PLAINRSA",
+ "NONCE_SIZE", "DH_GROUP", "KEEPALIVE", "PASSIVE", "INITIAL_CONTACT",
+ "NAT_TRAVERSAL", "REMOTE_FORCE_LEVEL", "PROPOSAL_CHECK",
+ "PROPOSAL_CHECK_LEVEL", "GENERATE_POLICY", "GENERATE_LEVEL",
+ "SUPPORT_PROXY", "PROPOSAL", "EXEC_PATH", "EXEC_COMMAND", "EXEC_SUCCESS",
+ "EXEC_FAILURE", "GSS_ID", "GSS_ID_ENC", "GSS_ID_ENCTYPE",
+ "COMPLEX_BUNDLE", "DPD", "DPD_DELAY", "DPD_RETRY", "DPD_MAXFAIL",
+ "PH1ID", "XAUTH_LOGIN", "WEAK_PHASE1_CHECK", "REKEY", "PREFIX", "PORT",
+ "PORTANY", "UL_PROTO", "ANY", "IKE_FRAG", "ESP_FRAG", "MODE_CFG",
+ "PFS_GROUP", "LIFETIME", "LIFETYPE_TIME", "LIFETYPE_BYTE", "STRENGTH",
+ "REMOTEID", "SCRIPT", "PHASE1_UP", "PHASE1_DOWN", "PHASE1_DEAD",
+ "NUMBER", "SWITCH", "BOOLEAN", "HEXSTRING", "QUOTEDSTRING", "ADDRSTRING",
+ "ADDRRANGE", "UNITTYPE_BYTE", "UNITTYPE_KBYTES", "UNITTYPE_MBYTES",
+ "UNITTYPE_TBYTES", "UNITTYPE_SEC", "UNITTYPE_MIN", "UNITTYPE_HOUR",
+ "EOS", "BOC", "EOC", "COMMA", "$accept", "statements", "statement",
+ "privsep_statement", "privsep_stmts", "privsep_stmt", "$@1", "$@2",
+ "$@3", "$@4", "$@5", "path_statement", "$@6", "special_statement", "$@7",
+ "include_statement", "pfkey_statement", "gssenc_statement",
+ "logging_statement", "log_level", "padding_statement", "padding_stmts",
+ "padding_stmt", "$@8", "$@9", "$@10", "$@11", "$@12", "listen_statement",
+ "listen_stmts", "listen_stmt", "$@13", "$@14", "$@15", "$@16", "$@17",
+ "$@18", "ike_addrinfo_port", "ike_port", "radcfg_statement", "$@19",
+ "radcfg_stmts", "radcfg_stmt", "$@20", "$@21", "$@22", "$@23", "$@24",
+ "$@25", "ldapcfg_statement", "$@26", "ldapcfg_stmts", "ldapcfg_stmt",
+ "$@27", "$@28", "$@29", "$@30", "$@31", "$@32", "$@33", "$@34", "$@35",
+ "$@36", "$@37", "$@38", "modecfg_statement", "modecfg_stmts",
+ "modecfg_stmt", "$@39", "$@40", "$@41", "$@42", "$@43", "$@44", "$@45",
+ "$@46", "$@47", "$@48", "$@49", "$@50", "$@51", "$@52", "$@53", "$@54",
+ "$@55", "$@56", "$@57", "$@58", "$@59", "$@60", "$@61", "$@62", "$@63",
+ "addrdnslist", "addrdns", "addrwinslist", "addrwins", "splitnetlist",
+ "splitnet", "authgrouplist", "authgroup", "splitdnslist", "splitdns",
+ "timer_statement", "timer_stmts", "timer_stmt", "$@64", "$@65", "$@66",
+ "$@67", "$@68", "$@69", "sainfo_statement", "$@70", "$@71",
+ "sainfo_name", "sainfo_id", "sainfo_param", "sainfo_specs",
+ "sainfo_spec", "$@72", "$@73", "$@74", "$@75", "$@76", "algorithms",
+ "$@77", "algorithm", "prefix", "port", "ul_proto", "keylength",
+ "remote_statement", "$@78", "$@79", "$@80", "$@81",
+ "remote_specs_inherit_block", "remote_specs_block", "remote_index",
+ "remote_specs", "remote_spec", "$@82", "$@83", "$@84", "$@85", "$@86",
+ "$@87", "$@88", "$@89", "$@90", "$@91", "$@92", "$@93", "$@94", "$@95",
+ "$@96", "$@97", "$@98", "$@99", "$@100", "$@101", "$@102", "$@103",
+ "$@104", "$@105", "$@106", "$@107", "$@108", "$@109", "$@110", "$@111",
+ "$@112", "$@113", "$@114", "$@115", "$@116", "$@117", "$@118", "$@119",
+ "$@120", "$@121", "$@122", "$@123", "$@124", "$@125", "$@126", "$@127",
+ "$@128", "exchange_types", "cert_spec", "$@129", "$@130", "dh_group_num",
+ "identifierstring", "isakmpproposal_specs", "isakmpproposal_spec",
+ "$@131", "$@132", "$@133", "$@134", "$@135", "unittype_time",
+ "unittype_byte", YY_NULL
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
+ 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
+ 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
+ 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
+ 305, 306, 307, 308, 309, 310, 311, 312, 313, 314,
+ 315, 316, 317, 318, 319, 320, 321, 322, 323, 324,
+ 325, 326, 327, 328, 329, 330, 331, 332, 333, 334,
+ 335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
+ 345, 346, 347, 348, 349, 350, 351, 352, 353, 354,
+ 355, 356, 357, 358, 359, 360, 361, 362, 363, 364,
+ 365, 366, 367, 368, 369, 370, 371, 372, 373, 374,
+ 375, 376, 377, 378, 379, 380, 381, 382, 383, 384,
+ 385, 386, 387, 388, 389, 390, 391, 392, 393, 394,
+ 395, 396, 397, 398, 399, 400, 401, 402, 403, 404,
+ 405, 406, 407, 408, 409, 410, 411, 412, 413, 414,
+ 415, 416, 417, 418, 419, 420, 421, 422, 423, 424,
+ 425, 426, 427, 428
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint16 yyr1[] =
+{
+ 0, 174, 175, 175, 176, 176, 176, 176, 176, 176,
+ 176, 176, 176, 176, 176, 176, 176, 176, 176, 177,
+ 178, 178, 180, 179, 181, 179, 182, 179, 183, 179,
+ 184, 179, 186, 185, 188, 187, 189, 190, 191, 192,
+ 193, 194, 195, 195, 197, 196, 198, 196, 199, 196,
+ 200, 196, 201, 196, 202, 203, 203, 205, 204, 206,
+ 204, 207, 204, 208, 204, 209, 204, 210, 204, 211,
+ 212, 212, 214, 213, 215, 215, 217, 216, 218, 216,
+ 219, 216, 220, 216, 221, 216, 222, 216, 224, 223,
+ 225, 225, 227, 226, 228, 226, 229, 226, 230, 226,
+ 231, 226, 232, 226, 233, 226, 234, 226, 235, 226,
+ 236, 226, 237, 226, 238, 226, 239, 240, 240, 242,
+ 241, 243, 241, 241, 241, 244, 241, 245, 241, 246,
+ 241, 247, 241, 248, 241, 249, 241, 250, 241, 251,
+ 241, 252, 241, 253, 241, 254, 241, 255, 241, 256,
+ 241, 257, 241, 258, 241, 259, 241, 260, 241, 261,
+ 241, 262, 241, 263, 241, 264, 241, 265, 241, 266,
+ 241, 267, 267, 268, 269, 269, 270, 271, 271, 272,
+ 273, 273, 274, 275, 275, 276, 277, 278, 278, 280,
+ 279, 281, 279, 282, 279, 283, 279, 284, 279, 285,
+ 279, 287, 288, 286, 289, 289, 289, 289, 289, 289,
+ 290, 290, 290, 291, 291, 291, 292, 292, 294, 293,
+ 295, 293, 296, 293, 297, 293, 298, 293, 299, 300,
+ 299, 301, 302, 302, 303, 303, 303, 304, 304, 304,
+ 305, 305, 307, 306, 308, 306, 309, 306, 310, 306,
+ 311, 311, 312, 313, 313, 314, 314, 316, 315, 317,
+ 315, 318, 315, 319, 315, 315, 320, 315, 321, 315,
+ 322, 315, 323, 315, 324, 315, 325, 315, 326, 315,
+ 327, 315, 328, 315, 329, 315, 330, 315, 331, 315,
+ 332, 315, 333, 315, 334, 315, 335, 315, 336, 315,
+ 337, 315, 338, 315, 339, 315, 340, 315, 341, 315,
+ 342, 315, 343, 315, 344, 315, 345, 315, 346, 315,
+ 347, 315, 348, 315, 349, 315, 350, 315, 351, 315,
+ 352, 315, 353, 315, 354, 315, 355, 315, 356, 315,
+ 357, 315, 358, 315, 359, 315, 360, 315, 361, 315,
+ 362, 315, 363, 363, 365, 364, 366, 364, 367, 367,
+ 368, 368, 368, 369, 369, 371, 370, 372, 370, 373,
+ 370, 374, 370, 375, 370, 376, 376, 376, 377, 377,
+ 377, 377
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 0, 2, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 4,
+ 0, 2, 0, 4, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 5, 0, 4, 3, 3, 3, 3,
+ 1, 4, 0, 2, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 4, 0, 2, 0, 4, 0,
+ 4, 0, 7, 0, 4, 0, 4, 0, 3, 2,
+ 0, 1, 0, 5, 0, 2, 0, 5, 0, 6,
+ 0, 5, 0, 6, 0, 4, 0, 4, 0, 5,
+ 0, 2, 0, 4, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 4, 4, 0, 2, 0,
+ 4, 0, 4, 3, 3, 0, 5, 0, 5, 0,
+ 4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
+ 4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
+ 4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
+ 4, 0, 4, 0, 4, 0, 4, 0, 4, 0,
+ 4, 1, 3, 1, 1, 3, 1, 1, 3, 2,
+ 1, 3, 1, 1, 3, 1, 4, 0, 2, 0,
+ 4, 0, 5, 0, 4, 0, 5, 0, 5, 0,
+ 5, 0, 0, 8, 1, 2, 2, 2, 2, 2,
+ 5, 6, 2, 0, 3, 2, 0, 2, 0, 4,
+ 0, 4, 0, 6, 0, 6, 0, 4, 1, 0,
+ 4, 2, 0, 1, 0, 1, 1, 1, 1, 1,
+ 0, 1, 0, 6, 0, 4, 0, 6, 0, 4,
+ 1, 1, 3, 2, 1, 0, 2, 0, 4, 0,
+ 4, 0, 4, 0, 4, 2, 0, 4, 0, 5,
+ 0, 5, 0, 4, 0, 5, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 5, 0, 6, 0, 4,
+ 0, 5, 0, 6, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 4, 0, 4, 0, 5,
+ 0, 5, 0, 5, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 4, 0, 4, 0, 4,
+ 0, 4, 0, 4, 0, 6, 0, 4, 0, 6,
+ 0, 5, 0, 2, 0, 5, 0, 4, 1, 1,
+ 0, 1, 1, 0, 2, 0, 6, 0, 6, 0,
+ 4, 0, 4, 0, 5, 1, 1, 1, 1, 1,
+ 1, 1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM.
+ Performed when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint16 yydefact[] =
+{
+ 2, 0, 1, 0, 0, 0, 0, 0, 0, 0,
+ 88, 72, 0, 0, 201, 0, 0, 0, 3, 4,
+ 5, 18, 6, 7, 8, 9, 10, 11, 13, 12,
+ 14, 15, 16, 17, 20, 0, 0, 0, 40, 0,
+ 42, 55, 0, 0, 117, 187, 0, 70, 244, 70,
+ 254, 248, 0, 34, 0, 32, 36, 37, 39, 0,
+ 0, 90, 74, 0, 0, 204, 0, 213, 0, 71,
+ 253, 0, 0, 69, 0, 0, 38, 0, 0, 0,
+ 0, 19, 21, 0, 0, 0, 0, 0, 0, 41,
+ 43, 0, 0, 67, 0, 54, 56, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 116, 118, 0, 0,
+ 0, 0, 0, 0, 186, 188, 205, 206, 212, 232,
+ 0, 0, 0, 207, 208, 209, 242, 255, 245, 246,
+ 249, 35, 24, 22, 28, 26, 30, 33, 44, 46,
+ 48, 50, 52, 57, 59, 0, 65, 63, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 89, 91, 0, 0, 0, 0, 73, 75, 119, 121,
+ 173, 0, 171, 176, 0, 174, 131, 133, 135, 137,
+ 139, 182, 141, 180, 143, 145, 149, 151, 153, 147,
+ 165, 167, 163, 169, 155, 161, 0, 0, 185, 129,
+ 183, 157, 159, 189, 0, 193, 0, 0, 0, 233,
+ 232, 234, 215, 360, 216, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 68, 0, 0, 0, 94, 96, 92, 98, 102, 104,
+ 100, 106, 108, 110, 112, 114, 0, 0, 84, 86,
+ 0, 0, 123, 0, 124, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 125, 177, 127, 0,
+ 0, 0, 0, 0, 375, 376, 377, 191, 0, 195,
+ 197, 199, 234, 235, 236, 0, 362, 361, 214, 202,
+ 251, 243, 250, 0, 259, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 298, 0,
+ 0, 0, 0, 0, 0, 350, 0, 0, 0, 0,
+ 0, 360, 0, 0, 0, 0, 0, 0, 0, 252,
+ 256, 247, 25, 23, 29, 27, 31, 45, 47, 49,
+ 51, 53, 58, 60, 66, 0, 64, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 76, 0, 80, 0, 0, 120, 122, 172, 175, 132,
+ 134, 136, 138, 140, 142, 181, 144, 146, 150, 152,
+ 154, 148, 166, 168, 164, 170, 156, 162, 179, 0,
+ 0, 0, 130, 184, 158, 160, 190, 0, 194, 0,
+ 0, 0, 0, 238, 239, 237, 210, 226, 0, 0,
+ 0, 0, 217, 257, 352, 261, 263, 0, 0, 265,
+ 272, 0, 0, 266, 0, 276, 278, 280, 282, 360,
+ 360, 294, 296, 0, 300, 324, 328, 326, 346, 320,
+ 318, 322, 0, 330, 332, 334, 336, 342, 288, 316,
+ 340, 338, 304, 302, 306, 314, 0, 0, 0, 61,
+ 95, 97, 93, 99, 103, 105, 101, 107, 109, 111,
+ 113, 115, 78, 0, 82, 0, 85, 87, 178, 126,
+ 128, 192, 196, 198, 200, 211, 0, 358, 359, 218,
+ 0, 0, 220, 203, 0, 0, 0, 0, 0, 356,
+ 0, 268, 270, 0, 274, 0, 0, 0, 0, 360,
+ 284, 360, 290, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 363, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 308, 310, 312, 0, 0, 77, 0, 81, 240, 0,
+ 228, 0, 0, 0, 0, 258, 353, 260, 262, 264,
+ 354, 0, 273, 0, 0, 267, 0, 277, 279, 281,
+ 283, 286, 0, 292, 0, 295, 297, 299, 301, 325,
+ 329, 327, 347, 321, 319, 323, 0, 331, 333, 335,
+ 337, 343, 289, 317, 341, 339, 305, 303, 307, 315,
+ 344, 378, 379, 380, 381, 348, 0, 0, 0, 62,
+ 79, 83, 241, 231, 227, 0, 219, 222, 224, 221,
+ 0, 357, 269, 271, 275, 0, 285, 0, 291, 0,
+ 0, 0, 0, 351, 364, 0, 0, 309, 311, 313,
+ 0, 0, 0, 355, 287, 293, 240, 369, 371, 0,
+ 0, 345, 349, 230, 223, 225, 373, 0, 0, 0,
+ 0, 0, 370, 372, 365, 367, 374, 0, 0, 366,
+ 368
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int16 yydefgoto[] =
+{
+ -1, 1, 18, 19, 54, 82, 229, 228, 231, 230,
+ 232, 20, 83, 21, 77, 22, 23, 24, 25, 39,
+ 26, 59, 90, 233, 234, 235, 236, 237, 27, 60,
+ 96, 238, 239, 563, 243, 241, 155, 50, 70, 28,
+ 43, 98, 177, 493, 564, 495, 566, 383, 384, 29,
+ 42, 97, 171, 369, 367, 368, 370, 373, 371, 372,
+ 374, 375, 376, 377, 378, 30, 63, 117, 260, 261,
+ 410, 411, 289, 266, 267, 268, 269, 270, 271, 273,
+ 274, 278, 275, 276, 277, 283, 291, 292, 284, 281,
+ 279, 280, 282, 181, 182, 184, 185, 286, 287, 192,
+ 193, 209, 210, 31, 64, 125, 293, 417, 298, 419,
+ 420, 421, 32, 46, 431, 67, 68, 132, 309, 432,
+ 571, 574, 661, 662, 506, 569, 635, 570, 221, 305,
+ 426, 633, 33, 225, 72, 227, 75, 311, 312, 51,
+ 226, 350, 514, 434, 516, 517, 523, 583, 584, 520,
+ 586, 525, 526, 527, 528, 592, 645, 550, 594, 647,
+ 533, 534, 453, 536, 555, 554, 556, 626, 627, 628,
+ 557, 551, 542, 541, 543, 537, 539, 538, 545, 546,
+ 547, 548, 553, 552, 549, 655, 540, 656, 462, 515,
+ 439, 640, 581, 509, 308, 606, 654, 687, 688, 677,
+ 678, 681, 297, 625
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -542
+static const yytype_int16 yypact[] =
+{
+ -542, 42, -542, -124, 46, -87, -72, 82, -63, -39,
+ -542, -542, -29, -15, -542, -50, 34, 7, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, 12, 10, 21, -542, 25,
+ -542, -542, 38, 40, -542, -542, 30, 66, 89, 66,
+ -542, 143, 37, -542, 3, -542, -542, -542, -542, -4,
+ -5, -542, -542, 29, -9, 35, -11, 36, 45, -542,
+ -542, 72, 63, -542, -45, 63, -542, 71, -53, -13,
+ 76, -542, -542, 73, 85, 87, 90, 88, 99, -542,
+ -542, 94, 94, -542, -8, -542, -542, -7, -6, 96,
+ 97, 102, 104, 107, 106, 108, 54, 81, 4, 110,
+ 103, 115, 122, 112, 118, 109, -542, -542, 119, 120,
+ 121, 123, 124, 125, -542, -542, -542, -542, -542, -90,
+ 113, 177, 111, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, 114, -542, 126, 127, 129,
+ 132, 130, 131, 133, 135, 134, 136, 137, 138, 139,
+ -542, -542, 140, 141, 146, 147, -542, -542, -542, -542,
+ -542, 142, 144, -542, 145, 148, -542, -542, -542, -542,
+ -542, -542, -542, 149, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, 150, 150, -542, -542,
+ 151, -542, -542, -542, 14, -542, 14, 14, 14, -542,
+ 157, 50, -542, 32, -542, 27, 117, 27, 153, 155,
+ 156, 158, 159, 160, 161, 162, 163, 164, 165, 166,
+ -542, 167, 154, 168, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -12, -3, -542, -542,
+ 169, 170, -542, 102, -542, 104, 171, 173, 174, 175,
+ 176, 178, 108, 179, 180, 181, 182, 183, 184, 185,
+ 187, 188, 189, 190, 191, 172, 192, -542, 192, 193,
+ 112, 194, 196, 197, -542, -542, -542, -542, 198, -542,
+ -542, -542, 50, -542, -542, -1, -542, -542, -542, -21,
+ -542, -542, -542, 94, -542, 214, 213, 92, -37, 199,
+ 152, 205, 212, 215, 206, 207, 216, 218, -542, 219,
+ 220, -57, 201, -75, 221, -542, 222, 224, 225, 226,
+ 227, 32, 228, -30, -20, 230, 231, 70, 210, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, 233, -542, 217, 223, 229,
+ 232, 234, 235, 236, 237, 238, 239, 240, 241, 211,
+ -542, 243, -542, 242, 244, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, 150,
+ 245, 246, -542, -542, -542, -542, -542, 247, -542, 248,
+ 249, 250, -1, -542, -542, -542, -542, -542, -38, 75,
+ 257, 203, -542, -542, -542, -542, -542, 261, 262, -542,
+ -542, 263, 264, -542, 265, -542, -542, -542, -542, -59,
+ -56, -542, -542, -38, -542, -542, -542, -542, -542, -542,
+ -542, -542, 255, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, 271, 272, 31, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, 259, -542, 260, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, 269, -542, -542, -542,
+ 275, 276, -542, -542, 266, -49, 267, 268, 273, -542,
+ 270, -542, -542, 274, -542, 277, 278, 279, 280, 32,
+ -542, 32, -542, 281, 282, 283, 284, 285, 286, 287,
+ 288, 289, 290, 291, -542, 292, 294, 295, 296, 297,
+ 298, 299, 300, 301, 302, 303, 304, 305, 14, 13,
+ -542, -542, -542, 306, 307, -542, 308, -542, 323, 310,
+ 309, 311, 14, 13, 313, -542, -542, -542, -542, -542,
+ -542, 314, -542, 315, 316, -542, 317, -542, -542, -542,
+ -542, -542, 318, -542, 319, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -27, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, 320, 321, 322, -542,
+ -542, -542, -542, -542, -542, 324, -542, -542, -542, -542,
+ 325, -542, -542, -542, -542, 326, -542, 328, -542, 312,
+ -38, 333, 91, -542, -542, 329, 330, -542, -542, -542,
+ 269, 331, 332, -542, -542, -542, 323, -542, -542, 338,
+ 347, -542, -542, -542, -542, -542, -542, 334, 335, 14,
+ 13, 336, -542, -542, -542, -542, -542, 337, 339, -542,
+ -542
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int16 yypgoto[] =
+{
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -88, 342, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, 20, -542, 48, -542, 327, -93, 47,
+ -542, 105, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, 86, -542, -542, -542,
+ -542, -542, -542, -542, -542, -340, -542, -542, 293, 95,
+ -95, -282, -542, -542, -542, -542, -542, 208, 98, 360,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -542, -542, -542, -542, -542, -542, -542,
+ -542, -542, -542, -448, -335, -542, -542, -542, -542, -542,
+ -542, -542, -216, -541
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -230
+static const yytype_int16 yytable[] =
+{
+ 299, 300, 301, 153, 154, 535, 468, 78, 79, 80,
+ 84, 85, 86, 87, 88, 91, 92, 156, 93, 94,
+ 158, 159, 160, 161, 162, 163, 164, 165, 166, 167,
+ 168, 169, 638, 47, 172, 173, 174, 175, 47, 576,
+ 507, 130, 2, 529, 459, 3, 531, 34, 219, 4,
+ 649, 5, 6, 7, 35, 8, 427, 200, 456, 201,
+ 202, 9, 118, 119, 120, 121, 122, 123, 10, 440,
+ 441, 442, 220, 36, 99, 100, 101, 102, 103, 104,
+ 105, 11, 460, 650, 37, 470, 12, 106, 107, 108,
+ 109, 110, 111, 112, 38, 472, 113, 114, 115, 651,
+ 457, 306, 307, 142, 306, 307, 194, 143, 40, 195,
+ 48, 49, 13, 65, 530, 532, 49, 131, 508, 126,
+ 652, 577, 14, 443, 15, 428, 429, 471, 133, 134,
+ 430, 66, 41, 196, 197, 198, 66, 473, 199, 685,
+ 423, 424, 44, 144, 379, 653, 66, 145, 380, 128,
+ 129, 127, 157, 381, 135, 425, 45, 382, 187, 188,
+ 189, 190, 52, 124, 53, 170, 176, 95, 89, 16,
+ 138, 17, 55, 140, 71, 81, 621, 622, 623, 624,
+ 56, 294, 295, 296, 560, 561, 562, 206, 207, 303,
+ 304, 57, 306, 307, 591, 58, 593, 310, 137, 437,
+ 438, 116, 667, 313, 314, 69, 315, 76, 316, 61,
+ 317, 62, 318, 319, 320, 321, 322, 323, 476, 477,
+ 324, 325, 326, 510, 511, 433, 327, 328, 74, 329,
+ 330, 331, 136, 332, 137, 333, 146, 334, 335, 669,
+ 670, 141, 148, 147, 149, 151, 150, 336, 337, 338,
+ 339, 340, 341, 342, 343, 49, 152, 178, 179, 204,
+ 344, 345, 346, 180, 347, 183, 212, 186, 191, 348,
+ 203, 205, 208, 222, 211, 213, 214, 215, 223, 216,
+ 217, 218, 224, 387, 240, 245, 242, 244, 246, 349,
+ 247, 248, 250, 249, 251, 219, 252, 253, 254, 255,
+ 256, 257, 258, 259, 435, 436, 444, 449, 450, 445,
+ 408, 285, 262, 388, 365, 264, 498, 263, 458, 395,
+ 673, 265, 272, 352, 290, 353, 354, 505, 355, 356,
+ 357, 358, 359, 360, 361, 362, 363, 364, 366, 385,
+ 386, 389, 620, 390, 391, 392, 393, 568, 394, 396,
+ 397, 398, 399, 400, 401, 402, 637, 403, 404, 405,
+ 406, 407, 446, 412, 414, 409, 415, 416, 418, 447,
+ 478, 492, 448, 451, 452, 513, 454, 455, 461, 463,
+ 464, 465, 466, 467, 676, 469, 474, 480, 475, 479,
+ 666, 73, 0, 481, 0, 413, 0, 422, 0, 482,
+ 0, 0, 483, 494, 484, 485, 486, 487, 488, 489,
+ 490, 491, 496, 512, 497, 499, 500, 501, 502, 503,
+ 504, 518, 519, 521, 522, 524, 544, 558, 559, 565,
+ 567, 572, 573, 580, 139, 351, 575, 578, 579, 0,
+ 582, 0, 0, 0, 585, 0, 0, 587, 588, 589,
+ 590, 595, 596, 597, 598, 599, 600, 601, 602, 603,
+ 604, 605, 607, 684, 608, 609, 610, 611, 612, 613,
+ 614, 615, 616, 617, 618, 619, 629, 630, 631, 632,
+ 634, 636, -229, 639, 641, 642, 643, 644, 646, 648,
+ 657, 658, 659, 668, 679, 663, 664, 660, 665, 671,
+ 672, 674, 675, 680, 682, 683, 686, 689, 0, 690,
+ 0, 0, 0, 302, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 288
+};
+
+#define yypact_value_is_default(yystate) \
+ ((yystate) == (-542))
+
+#define yytable_value_is_error(yytable_value) \
+ YYID (0)
+
+static const yytype_int16 yycheck[] =
+{
+ 216, 217, 218, 91, 92, 453, 341, 4, 5, 6,
+ 14, 15, 16, 17, 18, 20, 21, 25, 23, 24,
+ 27, 28, 29, 30, 31, 32, 33, 34, 35, 36,
+ 37, 38, 573, 83, 40, 41, 42, 43, 83, 88,
+ 78, 5, 0, 102, 119, 3, 102, 171, 138, 7,
+ 77, 9, 10, 11, 8, 13, 77, 53, 115, 55,
+ 56, 19, 71, 72, 73, 74, 75, 76, 26, 106,
+ 107, 108, 162, 160, 45, 46, 47, 48, 49, 50,
+ 51, 39, 157, 110, 156, 115, 44, 58, 59, 60,
+ 61, 62, 63, 64, 12, 115, 67, 68, 69, 126,
+ 157, 160, 161, 156, 160, 161, 52, 160, 171, 55,
+ 160, 161, 70, 83, 449, 450, 161, 81, 156, 84,
+ 147, 170, 80, 160, 82, 146, 147, 157, 83, 84,
+ 151, 101, 171, 52, 53, 54, 101, 157, 57, 680,
+ 141, 142, 171, 156, 156, 172, 101, 160, 160, 160,
+ 161, 65, 160, 156, 68, 156, 171, 160, 52, 53,
+ 54, 55, 128, 172, 157, 172, 172, 172, 172, 127,
+ 72, 129, 160, 75, 85, 172, 163, 164, 165, 166,
+ 170, 167, 168, 169, 153, 154, 155, 65, 66, 139,
+ 140, 170, 160, 161, 529, 170, 531, 170, 171, 107,
+ 108, 172, 650, 86, 87, 139, 89, 170, 91, 171,
+ 93, 171, 95, 96, 97, 98, 99, 100, 148, 149,
+ 103, 104, 105, 148, 149, 313, 109, 110, 85, 112,
+ 113, 114, 160, 116, 171, 118, 160, 120, 121, 148,
+ 149, 170, 157, 170, 157, 157, 156, 130, 131, 132,
+ 133, 134, 135, 136, 137, 161, 157, 161, 161, 156,
+ 143, 144, 145, 161, 147, 161, 157, 160, 160, 152,
+ 160, 156, 160, 160, 156, 156, 156, 156, 101, 156,
+ 156, 156, 171, 263, 170, 156, 160, 160, 156, 172,
+ 160, 160, 157, 160, 160, 138, 160, 160, 160, 160,
+ 160, 160, 156, 156, 90, 92, 107, 101, 101, 157,
+ 138, 161, 170, 265, 160, 170, 409, 173, 117, 272,
+ 660, 173, 173, 170, 173, 170, 170, 422, 170, 170,
+ 170, 170, 170, 170, 170, 170, 170, 170, 170, 170,
+ 170, 170, 558, 170, 170, 170, 170, 78, 170, 170,
+ 170, 170, 170, 170, 170, 170, 572, 170, 170, 170,
+ 170, 170, 157, 170, 170, 173, 170, 170, 170, 157,
+ 160, 160, 157, 157, 156, 172, 157, 157, 157, 157,
+ 156, 156, 156, 156, 666, 157, 156, 170, 157, 156,
+ 78, 49, -1, 170, -1, 290, -1, 302, -1, 170,
+ -1, -1, 170, 160, 170, 170, 170, 170, 170, 170,
+ 170, 170, 170, 156, 170, 170, 170, 170, 170, 170,
+ 170, 160, 160, 160, 160, 160, 171, 156, 156, 170,
+ 170, 156, 156, 160, 74, 227, 170, 170, 170, -1,
+ 170, -1, -1, -1, 170, -1, -1, 170, 170, 170,
+ 170, 170, 170, 170, 170, 170, 170, 170, 170, 170,
+ 170, 170, 170, 679, 170, 170, 170, 170, 170, 170,
+ 170, 170, 170, 170, 170, 170, 170, 170, 170, 156,
+ 170, 170, 173, 170, 170, 170, 170, 170, 170, 170,
+ 170, 170, 170, 160, 156, 170, 170, 173, 170, 170,
+ 170, 170, 170, 156, 170, 170, 170, 170, -1, 170,
+ -1, -1, -1, 220, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 207
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint16 yystos[] =
+{
+ 0, 175, 0, 3, 7, 9, 10, 11, 13, 19,
+ 26, 39, 44, 70, 80, 82, 127, 129, 176, 177,
+ 185, 187, 189, 190, 191, 192, 194, 202, 213, 223,
+ 239, 277, 286, 306, 171, 8, 160, 156, 12, 193,
+ 171, 171, 224, 214, 171, 171, 287, 83, 160, 161,
+ 211, 313, 128, 157, 178, 160, 170, 170, 170, 195,
+ 203, 171, 171, 240, 278, 83, 101, 289, 290, 139,
+ 212, 85, 308, 212, 85, 310, 170, 188, 4, 5,
+ 6, 172, 179, 186, 14, 15, 16, 17, 18, 172,
+ 196, 20, 21, 23, 24, 172, 204, 225, 215, 45,
+ 46, 47, 48, 49, 50, 51, 58, 59, 60, 61,
+ 62, 63, 64, 67, 68, 69, 172, 241, 71, 72,
+ 73, 74, 75, 76, 172, 279, 84, 290, 160, 161,
+ 5, 81, 291, 83, 84, 290, 160, 171, 312, 313,
+ 312, 170, 156, 160, 156, 160, 160, 170, 157, 157,
+ 156, 157, 157, 211, 211, 210, 25, 160, 27, 28,
+ 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
+ 172, 226, 40, 41, 42, 43, 172, 216, 161, 161,
+ 161, 267, 268, 161, 269, 270, 160, 52, 53, 54,
+ 55, 160, 273, 274, 52, 55, 52, 53, 54, 57,
+ 53, 55, 56, 160, 156, 156, 65, 66, 160, 275,
+ 276, 156, 157, 156, 156, 156, 156, 156, 156, 138,
+ 162, 302, 160, 101, 171, 307, 314, 309, 181, 180,
+ 183, 182, 184, 197, 198, 199, 200, 201, 205, 206,
+ 170, 209, 160, 208, 160, 156, 156, 160, 160, 160,
+ 157, 160, 160, 160, 160, 160, 160, 160, 156, 156,
+ 242, 243, 170, 173, 170, 173, 247, 248, 249, 250,
+ 251, 252, 173, 253, 254, 256, 257, 258, 255, 264,
+ 265, 263, 266, 259, 262, 161, 271, 272, 271, 246,
+ 173, 260, 261, 280, 167, 168, 169, 376, 282, 376,
+ 376, 376, 302, 139, 140, 303, 160, 161, 368, 292,
+ 170, 311, 312, 86, 87, 89, 91, 93, 95, 96,
+ 97, 98, 99, 100, 103, 104, 105, 109, 110, 112,
+ 113, 114, 116, 118, 120, 121, 130, 131, 132, 133,
+ 134, 135, 136, 137, 143, 144, 145, 147, 152, 172,
+ 315, 311, 170, 170, 170, 170, 170, 170, 170, 170,
+ 170, 170, 170, 170, 170, 160, 170, 228, 229, 227,
+ 230, 232, 233, 231, 234, 235, 236, 237, 238, 156,
+ 160, 156, 160, 221, 222, 170, 170, 267, 269, 170,
+ 170, 170, 170, 170, 170, 273, 170, 170, 170, 170,
+ 170, 170, 170, 170, 170, 170, 170, 170, 138, 173,
+ 244, 245, 170, 275, 170, 170, 170, 281, 170, 283,
+ 284, 285, 303, 141, 142, 156, 304, 77, 146, 147,
+ 151, 288, 293, 211, 317, 90, 92, 107, 108, 364,
+ 106, 107, 108, 160, 107, 157, 157, 157, 157, 101,
+ 101, 157, 156, 336, 157, 157, 115, 157, 117, 119,
+ 157, 157, 362, 157, 156, 156, 156, 156, 368, 157,
+ 115, 157, 115, 157, 156, 157, 148, 149, 160, 156,
+ 170, 170, 170, 170, 170, 170, 170, 170, 170, 170,
+ 170, 170, 160, 217, 160, 219, 170, 170, 272, 170,
+ 170, 170, 170, 170, 170, 304, 298, 78, 156, 367,
+ 148, 149, 156, 172, 316, 363, 318, 319, 160, 160,
+ 323, 160, 160, 320, 160, 325, 326, 327, 328, 102,
+ 368, 102, 368, 334, 335, 367, 337, 349, 351, 350,
+ 360, 347, 346, 348, 171, 352, 353, 354, 355, 358,
+ 331, 345, 357, 356, 339, 338, 340, 344, 156, 156,
+ 153, 154, 155, 207, 218, 170, 220, 170, 78, 299,
+ 301, 294, 156, 156, 295, 170, 88, 170, 170, 170,
+ 160, 366, 170, 321, 322, 170, 324, 170, 170, 170,
+ 170, 368, 329, 368, 332, 170, 170, 170, 170, 170,
+ 170, 170, 170, 170, 170, 170, 369, 170, 170, 170,
+ 170, 170, 170, 170, 170, 170, 170, 170, 170, 170,
+ 376, 163, 164, 165, 166, 377, 341, 342, 343, 170,
+ 170, 170, 156, 305, 170, 300, 170, 376, 377, 170,
+ 365, 170, 170, 170, 170, 330, 170, 333, 170, 77,
+ 110, 126, 147, 172, 370, 359, 361, 170, 170, 170,
+ 173, 296, 297, 170, 170, 170, 78, 367, 160, 148,
+ 149, 170, 170, 299, 170, 170, 305, 373, 374, 156,
+ 156, 375, 170, 170, 376, 377, 170, 371, 372, 170,
+ 170
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. However,
+ YYFAIL appears to be in use. Nevertheless, it is formally deprecated
+ in Bison 2.4.2's NEWS entry, where a plan to phase it out is
+ discussed. */
+
+#define YYFAIL goto yyerrlab
+#if defined YYFAIL
+ /* This is here to suppress warnings from the GCC cpp's
+ -Wunused-macros. Normally we don't worry about that warning, but
+ some users do, and we want to make it easy for users to remove
+ YYFAIL uses, which will produce warnings from Bison 2.5. */
+#endif
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ YYPOPSTACK (yylen); \
+ yystate = *yyssp; \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+
+
+
+/* This macro is provided for backward compatibility. */
+
+#ifndef YY_LOCATION_PRINT
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ FILE *yyo = yyoutput;
+ YYUSE (yyo);
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
+#else
+static void
+yy_stack_print (yybottom, yytop)
+ yytype_int16 *yybottom;
+ yytype_int16 *yytop;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; yybottom <= yytop; yybottom++)
+ {
+ int yybot = *yybottom;
+ YYFPRINTF (stderr, " %d", yybot);
+ }
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ YYFPRINTF (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ YYFPRINTF (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message
+ about the unexpected token YYTOKEN for the state stack whose top is
+ YYSSP.
+
+ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is
+ not large enough to hold the message. In that case, also set
+ *YYMSG_ALLOC to the required number of bytes. Return 2 if the
+ required number of bytes is too large to store. */
+static int
+yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
+ yytype_int16 *yyssp, int yytoken)
+{
+ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ /* Internationalized format string. */
+ const char *yyformat = YY_NULL;
+ /* Arguments of yyformat. */
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ /* Number of reported tokens (one for the "unexpected", one per
+ "expected"). */
+ int yycount = 0;
+
+ /* There are many possibilities here to consider:
+ - Assume YYFAIL is not used. It's too flawed to consider. See
+ <http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html>
+ for details. YYERROR is fine as it does not invoke this
+ function.
+ - If this state is a consistent state with a default action, then
+ the only way this function was invoked is if the default action
+ is an error action. In that case, don't check for expected
+ tokens because there are none.
+ - The only way there can be no lookahead present (in yychar) is if
+ this state is a consistent state with a default action. Thus,
+ detecting the absence of a lookahead is sufficient to determine
+ that there is no unexpected or expected token to report. In that
+ case, just report a simple "syntax error".
+ - Don't assume there isn't a lookahead just because this state is a
+ consistent state with a default action. There might have been a
+ previous inconsistent state, consistent state with a non-default
+ action, or user semantic action that manipulated yychar.
+ - Of course, the expected token list depends on states to have
+ correct lookahead information, and it depends on the parser not
+ to perform extra reductions after fetching a lookahead from the
+ scanner and before detecting a syntax error. Thus, state merging
+ (from LALR or IELR) and default reductions corrupt the expected
+ token list. However, the list is correct for canonical LR with
+ one exception: it will still contain any token that will not be
+ accepted due to an error action in a later state.
+ */
+ if (yytoken != YYEMPTY)
+ {
+ int yyn = yypact[*yyssp];
+ yyarg[yycount++] = yytname[yytoken];
+ if (!yypact_value_is_default (yyn))
+ {
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. In other words, skip the first -YYN actions for
+ this state because they are default actions. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yyx;
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR
+ && !yytable_value_is_error (yytable[yyx + yyn]))
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
+ if (! (yysize <= yysize1
+ && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
+ return 2;
+ yysize = yysize1;
+ }
+ }
+ }
+
+ switch (yycount)
+ {
+# define YYCASE_(N, S) \
+ case N: \
+ yyformat = S; \
+ break
+ YYCASE_(0, YY_("syntax error"));
+ YYCASE_(1, YY_("syntax error, unexpected %s"));
+ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s"));
+ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s"));
+ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s"));
+ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"));
+# undef YYCASE_
+ }
+
+ yysize1 = yysize + yystrlen (yyformat);
+ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
+ return 2;
+ yysize = yysize1;
+
+ if (*yymsg_alloc < yysize)
+ {
+ *yymsg_alloc = 2 * yysize;
+ if (! (yysize <= *yymsg_alloc
+ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
+ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
+ return 1;
+ }
+
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ {
+ char *yyp = *yymsg;
+ int yyi = 0;
+ while ((*yyp = *yyformat) != '\0')
+ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyformat += 2;
+ }
+ else
+ {
+ yyp++;
+ yyformat++;
+ }
+ }
+ return 0;
+}
+#endif /* YYERROR_VERBOSE */
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+
+
+/* The lookahead symbol. */
+int yychar;
+
+/* The semantic value of the lookahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+ int yystate;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+
+ /* The stacks and their tools:
+ `yyss': related to states.
+ `yyvs': related to semantic values.
+
+ Refer to the stacks through separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs;
+ YYSTYPE *yyvsp;
+
+ YYSIZE_T yystacksize;
+
+ int yyn;
+ int yyresult;
+ /* Lookahead token as an internal (translated) token number. */
+ int yytoken;
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ yytoken = 0;
+ yyss = yyssa;
+ yyvs = yyvsa;
+ yystacksize = YYINITDEPTH;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+ yyssp = yyss;
+ yyvsp = yyvs;
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss_alloc, yyss);
+ YYSTACK_RELOCATE (yyvs_alloc, yyvs);
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ if (yystate == YYFINAL)
+ YYACCEPT;
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ lookahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to lookahead token. */
+ yyn = yypact[yystate];
+ if (yypact_value_is_default (yyn))
+ goto yydefault;
+
+ /* Not known => get a lookahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yytable_value_is_error (yyn))
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the lookahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token. */
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 22:
+/* Line 1787 of yacc.c */
+#line 368 "cfparse.y"
+ {
+ struct passwd *pw;
+
+ if ((pw = getpwnam((yyvsp[(2) - (2)].val)->v)) == NULL) {
+ yyerror("unknown user \"%s\"", (yyvsp[(2) - (2)].val)->v);
+ return -1;
+ }
+ lcconf->uid = pw->pw_uid;
+ }
+ break;
+
+ case 24:
+/* Line 1787 of yacc.c */
+#line 378 "cfparse.y"
+ { lcconf->uid = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 26:
+/* Line 1787 of yacc.c */
+#line 380 "cfparse.y"
+ {
+ struct group *gr;
+
+ if ((gr = getgrnam((yyvsp[(2) - (2)].val)->v)) == NULL) {
+ yyerror("unknown group \"%s\"", (yyvsp[(2) - (2)].val)->v);
+ return -1;
+ }
+ lcconf->gid = gr->gr_gid;
+ }
+ break;
+
+ case 28:
+/* Line 1787 of yacc.c */
+#line 390 "cfparse.y"
+ { lcconf->gid = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 30:
+/* Line 1787 of yacc.c */
+#line 391 "cfparse.y"
+ { lcconf->chroot = (yyvsp[(2) - (2)].val)->v; }
+ break;
+
+ case 32:
+/* Line 1787 of yacc.c */
+#line 397 "cfparse.y"
+ {
+ if ((yyvsp[(2) - (3)].num) >= LC_PATHTYPE_MAX) {
+ yyerror("invalid path type %d", (yyvsp[(2) - (3)].num));
+ return -1;
+ }
+
+ /* free old pathinfo */
+ if (lcconf->pathinfo[(yyvsp[(2) - (3)].num)])
+ racoon_free(lcconf->pathinfo[(yyvsp[(2) - (3)].num)]);
+
+ /* set new pathinfo */
+ lcconf->pathinfo[(yyvsp[(2) - (3)].num)] = racoon_strdup((yyvsp[(3) - (3)].val)->v);
+ STRDUP_FATAL(lcconf->pathinfo[(yyvsp[(2) - (3)].num)]);
+ vfree((yyvsp[(3) - (3)].val));
+ }
+ break;
+
+ case 34:
+/* Line 1787 of yacc.c */
+#line 417 "cfparse.y"
+ { lcconf->complex_bundle = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 36:
+/* Line 1787 of yacc.c */
+#line 423 "cfparse.y"
+ {
+ char path[MAXPATHLEN];
+
+ getpathname(path, sizeof(path),
+ LC_PATHTYPE_INCLUDE, (yyvsp[(2) - (3)].val)->v);
+ vfree((yyvsp[(2) - (3)].val));
+ if (yycf_switch_buffer(path) != 0)
+ return -1;
+ }
+ break;
+
+ case 37:
+/* Line 1787 of yacc.c */
+#line 437 "cfparse.y"
+ {
+ lcconf->pfkey_buffer_size = (yyvsp[(2) - (3)].num);
+ }
+ break;
+
+ case 38:
+/* Line 1787 of yacc.c */
+#line 444 "cfparse.y"
+ {
+ if ((yyvsp[(2) - (3)].num) >= LC_GSSENC_MAX) {
+ yyerror("invalid GSS ID encoding %d", (yyvsp[(2) - (3)].num));
+ return -1;
+ }
+ lcconf->gss_id_enc = (yyvsp[(2) - (3)].num);
+ }
+ break;
+
+ case 40:
+/* Line 1787 of yacc.c */
+#line 459 "cfparse.y"
+ {
+ /*
+ * set the loglevel to the value specified
+ * in the configuration file plus the number
+ * of -d options specified on the command line
+ */
+ loglevel += (yyvsp[(1) - (1)].num) - oldloglevel;
+ oldloglevel = (yyvsp[(1) - (1)].num);
+ }
+ break;
+
+ case 44:
+/* Line 1787 of yacc.c */
+#line 479 "cfparse.y"
+ { lcconf->pad_random = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 46:
+/* Line 1787 of yacc.c */
+#line 480 "cfparse.y"
+ { lcconf->pad_randomlen = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 48:
+/* Line 1787 of yacc.c */
+#line 481 "cfparse.y"
+ { lcconf->pad_maxsize = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 50:
+/* Line 1787 of yacc.c */
+#line 482 "cfparse.y"
+ { lcconf->pad_strict = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 52:
+/* Line 1787 of yacc.c */
+#line 483 "cfparse.y"
+ { lcconf->pad_excltail = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 57:
+/* Line 1787 of yacc.c */
+#line 496 "cfparse.y"
+ {
+ myaddr_listen((yyvsp[(2) - (2)].saddr), FALSE);
+ racoon_free((yyvsp[(2) - (2)].saddr));
+ }
+ break;
+
+ case 59:
+/* Line 1787 of yacc.c */
+#line 502 "cfparse.y"
+ {
+#ifdef ENABLE_NATT
+ myaddr_listen((yyvsp[(2) - (2)].saddr), TRUE);
+ racoon_free((yyvsp[(2) - (2)].saddr));
+#else
+ racoon_free((yyvsp[(2) - (2)].saddr));
+ yyerror("NAT-T support not compiled in.");
+#endif
+ }
+ break;
+
+ case 61:
+/* Line 1787 of yacc.c */
+#line 513 "cfparse.y"
+ {
+#ifdef ENABLE_ADMINPORT
+ adminsock_conf((yyvsp[(2) - (5)].val), (yyvsp[(3) - (5)].val), (yyvsp[(4) - (5)].val), (yyvsp[(5) - (5)].num));
+#else
+ yywarn("admin port support not compiled in");
+#endif
+ }
+ break;
+
+ case 63:
+/* Line 1787 of yacc.c */
+#line 522 "cfparse.y"
+ {
+#ifdef ENABLE_ADMINPORT
+ adminsock_conf((yyvsp[(2) - (2)].val), NULL, NULL, -1);
+#else
+ yywarn("admin port support not compiled in");
+#endif
+ }
+ break;
+
+ case 65:
+/* Line 1787 of yacc.c */
+#line 531 "cfparse.y"
+ {
+#ifdef ENABLE_ADMINPORT
+ adminsock_path = NULL;
+#else
+ yywarn("admin port support not compiled in");
+#endif
+ }
+ break;
+
+ case 67:
+/* Line 1787 of yacc.c */
+#line 539 "cfparse.y"
+ { lcconf->strict_address = TRUE; }
+ break;
+
+ case 69:
+/* Line 1787 of yacc.c */
+#line 543 "cfparse.y"
+ {
+ char portbuf[10];
+
+ snprintf(portbuf, sizeof(portbuf), "%ld", (yyvsp[(2) - (2)].num));
+ (yyval.saddr) = str2saddr((yyvsp[(1) - (2)].val)->v, portbuf);
+ vfree((yyvsp[(1) - (2)].val));
+ if (!(yyval.saddr))
+ return -1;
+ }
+ break;
+
+ case 70:
+/* Line 1787 of yacc.c */
+#line 554 "cfparse.y"
+ { (yyval.num) = PORT_ISAKMP; }
+ break;
+
+ case 71:
+/* Line 1787 of yacc.c */
+#line 555 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 72:
+/* Line 1787 of yacc.c */
+#line 560 "cfparse.y"
+ {
+#ifndef ENABLE_HYBRID
+ yyerror("racoon not configured with --enable-hybrid");
+ return -1;
+#endif
+#ifndef HAVE_LIBRADIUS
+ yyerror("racoon not configured with --with-libradius");
+ return -1;
+#endif
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ xauth_rad_config.timeout = 3;
+ xauth_rad_config.retries = 3;
+#endif
+#endif
+ }
+ break;
+
+ case 76:
+/* Line 1787 of yacc.c */
+#line 583 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ int i = xauth_rad_config.auth_server_count;
+ if (i == RADIUS_MAX_SERVERS) {
+ yyerror("maximum radius auth servers exceeded");
+ return -1;
+ }
+
+ xauth_rad_config.auth_server_list[i].host = vdup((yyvsp[(2) - (3)].val));
+ xauth_rad_config.auth_server_list[i].secret = vdup((yyvsp[(3) - (3)].val));
+ xauth_rad_config.auth_server_list[i].port = 0; // default port
+ xauth_rad_config.auth_server_count++;
+#endif
+#endif
+ }
+ break;
+
+ case 78:
+/* Line 1787 of yacc.c */
+#line 601 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ int i = xauth_rad_config.auth_server_count;
+ if (i == RADIUS_MAX_SERVERS) {
+ yyerror("maximum radius auth servers exceeded");
+ return -1;
+ }
+
+ xauth_rad_config.auth_server_list[i].host = vdup((yyvsp[(2) - (4)].val));
+ xauth_rad_config.auth_server_list[i].secret = vdup((yyvsp[(4) - (4)].val));
+ xauth_rad_config.auth_server_list[i].port = (yyvsp[(3) - (4)].num);
+ xauth_rad_config.auth_server_count++;
+#endif
+#endif
+ }
+ break;
+
+ case 80:
+/* Line 1787 of yacc.c */
+#line 619 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ int i = xauth_rad_config.acct_server_count;
+ if (i == RADIUS_MAX_SERVERS) {
+ yyerror("maximum radius account servers exceeded");
+ return -1;
+ }
+
+ xauth_rad_config.acct_server_list[i].host = vdup((yyvsp[(2) - (3)].val));
+ xauth_rad_config.acct_server_list[i].secret = vdup((yyvsp[(3) - (3)].val));
+ xauth_rad_config.acct_server_list[i].port = 0; // default port
+ xauth_rad_config.acct_server_count++;
+#endif
+#endif
+ }
+ break;
+
+ case 82:
+/* Line 1787 of yacc.c */
+#line 637 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ int i = xauth_rad_config.acct_server_count;
+ if (i == RADIUS_MAX_SERVERS) {
+ yyerror("maximum radius account servers exceeded");
+ return -1;
+ }
+
+ xauth_rad_config.acct_server_list[i].host = vdup((yyvsp[(2) - (4)].val));
+ xauth_rad_config.acct_server_list[i].secret = vdup((yyvsp[(4) - (4)].val));
+ xauth_rad_config.acct_server_list[i].port = (yyvsp[(3) - (4)].num);
+ xauth_rad_config.acct_server_count++;
+#endif
+#endif
+ }
+ break;
+
+ case 84:
+/* Line 1787 of yacc.c */
+#line 655 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ xauth_rad_config.timeout = (yyvsp[(2) - (2)].num);
+#endif
+#endif
+ }
+ break;
+
+ case 86:
+/* Line 1787 of yacc.c */
+#line 664 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ xauth_rad_config.retries = (yyvsp[(2) - (2)].num);
+#endif
+#endif
+ }
+ break;
+
+ case 88:
+/* Line 1787 of yacc.c */
+#line 676 "cfparse.y"
+ {
+#ifndef ENABLE_HYBRID
+ yyerror("racoon not configured with --enable-hybrid");
+ return -1;
+#endif
+#ifndef HAVE_LIBLDAP
+ yyerror("racoon not configured with --with-libldap");
+ return -1;
+#endif
+ }
+ break;
+
+ case 92:
+/* Line 1787 of yacc.c */
+#line 693 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (((yyvsp[(2) - (2)].num)<2)||((yyvsp[(2) - (2)].num)>3))
+ yyerror("invalid ldap protocol version (2|3)");
+ xauth_ldap_config.pver = (yyvsp[(2) - (2)].num);
+#endif
+#endif
+ }
+ break;
+
+ case 94:
+/* Line 1787 of yacc.c */
+#line 704 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.host != NULL)
+ vfree(xauth_ldap_config.host);
+ xauth_ldap_config.host = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 96:
+/* Line 1787 of yacc.c */
+#line 715 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ xauth_ldap_config.port = (yyvsp[(2) - (2)].num);
+#endif
+#endif
+ }
+ break;
+
+ case 98:
+/* Line 1787 of yacc.c */
+#line 724 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.base != NULL)
+ vfree(xauth_ldap_config.base);
+ xauth_ldap_config.base = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 100:
+/* Line 1787 of yacc.c */
+#line 735 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ xauth_ldap_config.subtree = (yyvsp[(2) - (2)].num);
+#endif
+#endif
+ }
+ break;
+
+ case 102:
+/* Line 1787 of yacc.c */
+#line 744 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.bind_dn != NULL)
+ vfree(xauth_ldap_config.bind_dn);
+ xauth_ldap_config.bind_dn = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 104:
+/* Line 1787 of yacc.c */
+#line 755 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.bind_pw != NULL)
+ vfree(xauth_ldap_config.bind_pw);
+ xauth_ldap_config.bind_pw = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 106:
+/* Line 1787 of yacc.c */
+#line 766 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.attr_user != NULL)
+ vfree(xauth_ldap_config.attr_user);
+ xauth_ldap_config.attr_user = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 108:
+/* Line 1787 of yacc.c */
+#line 777 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.attr_addr != NULL)
+ vfree(xauth_ldap_config.attr_addr);
+ xauth_ldap_config.attr_addr = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 110:
+/* Line 1787 of yacc.c */
+#line 788 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.attr_mask != NULL)
+ vfree(xauth_ldap_config.attr_mask);
+ xauth_ldap_config.attr_mask = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 112:
+/* Line 1787 of yacc.c */
+#line 799 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.attr_group != NULL)
+ vfree(xauth_ldap_config.attr_group);
+ xauth_ldap_config.attr_group = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 114:
+/* Line 1787 of yacc.c */
+#line 810 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.attr_member != NULL)
+ vfree(xauth_ldap_config.attr_member);
+ xauth_ldap_config.attr_member = vdup((yyvsp[(2) - (2)].val));
+#endif
+#endif
+ }
+ break;
+
+ case 119:
+/* Line 1787 of yacc.c */
+#line 832 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ if (inet_pton(AF_INET, (yyvsp[(2) - (2)].val)->v,
+ &isakmp_cfg_config.network4) != 1)
+ yyerror("bad IPv4 network address.");
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 121:
+/* Line 1787 of yacc.c */
+#line 843 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ if (inet_pton(AF_INET, (yyvsp[(2) - (2)].val)->v,
+ &isakmp_cfg_config.netmask4) != 1)
+ yyerror("bad IPv4 netmask address.");
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 125:
+/* Line 1787 of yacc.c */
+#line 858 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 127:
+/* Line 1787 of yacc.c */
+#line 867 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 129:
+/* Line 1787 of yacc.c */
+#line 876 "cfparse.y"
+ {
+#ifndef ENABLE_HYBRID
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 131:
+/* Line 1787 of yacc.c */
+#line 883 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ strncpy(&isakmp_cfg_config.default_domain[0],
+ (yyvsp[(2) - (2)].val)->v, MAXPATHLEN);
+ isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0';
+ vfree((yyvsp[(2) - (2)].val));
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 133:
+/* Line 1787 of yacc.c */
+#line 895 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 135:
+/* Line 1787 of yacc.c */
+#line 904 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS;
+#else /* HAVE_LIBRADIUS */
+ yyerror("racoon not configured with --with-libradius");
+#endif /* HAVE_LIBRADIUS */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 137:
+/* Line 1787 of yacc.c */
+#line 917 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBPAM
+ isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM;
+#else /* HAVE_LIBPAM */
+ yyerror("racoon not configured with --with-libpam");
+#endif /* HAVE_LIBPAM */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 139:
+/* Line 1787 of yacc.c */
+#line 930 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP;
+#else /* HAVE_LIBLDAP */
+ yyerror("racoon not configured with --with-libldap");
+#endif /* HAVE_LIBLDAP */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 141:
+/* Line 1787 of yacc.c */
+#line 943 "cfparse.y"
+ {
+#ifndef ENABLE_HYBRID
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 143:
+/* Line 1787 of yacc.c */
+#line 950 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 145:
+/* Line 1787 of yacc.c */
+#line 959 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP;
+#else /* HAVE_LIBLDAP */
+ yyerror("racoon not configured with --with-libldap");
+#endif /* HAVE_LIBLDAP */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 147:
+/* Line 1787 of yacc.c */
+#line 972 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 149:
+/* Line 1787 of yacc.c */
+#line 981 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM;
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 151:
+/* Line 1787 of yacc.c */
+#line 990 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS;
+#else /* HAVE_LIBRADIUS */
+ yyerror("racoon not configured with --with-libradius");
+#endif /* HAVE_LIBRADIUS */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 153:
+/* Line 1787 of yacc.c */
+#line 1003 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBPAM
+ isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM;
+#else /* HAVE_LIBPAM */
+ yyerror("racoon not configured with --with-libpam");
+#endif /* HAVE_LIBPAM */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 155:
+/* Line 1787 of yacc.c */
+#line 1016 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ if (isakmp_cfg_resize_pool((yyvsp[(2) - (2)].num)) != 0)
+ yyerror("cannot allocate memory for pool");
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 157:
+/* Line 1787 of yacc.c */
+#line 1026 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.pfs_group = (yyvsp[(2) - (2)].num);
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 159:
+/* Line 1787 of yacc.c */
+#line 1035 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.save_passwd = (yyvsp[(2) - (2)].num);
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 161:
+/* Line 1787 of yacc.c */
+#line 1044 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.auth_throttle = (yyvsp[(2) - (2)].num);
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 163:
+/* Line 1787 of yacc.c */
+#line 1053 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL;
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 165:
+/* Line 1787 of yacc.c */
+#line 1062 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBRADIUS
+ isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS;
+#else /* HAVE_LIBRADIUS */
+ yyerror("racoon not configured with --with-libradius");
+#endif /* HAVE_LIBRADIUS */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 167:
+/* Line 1787 of yacc.c */
+#line 1075 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP;
+#else /* HAVE_LIBLDAP */
+ yyerror("racoon not configured with --with-libldap");
+#endif /* HAVE_LIBLDAP */
+#else /* ENABLE_HYBRID */
+ yyerror("racoon not configured with --enable-hybrid");
+#endif /* ENABLE_HYBRID */
+ }
+ break;
+
+ case 169:
+/* Line 1787 of yacc.c */
+#line 1088 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ strncpy(&isakmp_cfg_config.motd[0], (yyvsp[(2) - (2)].val)->v, MAXPATHLEN);
+ isakmp_cfg_config.motd[MAXPATHLEN] = '\0';
+ vfree((yyvsp[(2) - (2)].val));
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 173:
+/* Line 1787 of yacc.c */
+#line 1106 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ struct isakmp_cfg_config *icc = &isakmp_cfg_config;
+
+ if (icc->dns4_index > MAXNS)
+ yyerror("No more than %d DNS", MAXNS);
+ if (inet_pton(AF_INET, (yyvsp[(1) - (1)].val)->v,
+ &icc->dns4[icc->dns4_index++]) != 1)
+ yyerror("bad IPv4 DNS address.");
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 176:
+/* Line 1787 of yacc.c */
+#line 1127 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ struct isakmp_cfg_config *icc = &isakmp_cfg_config;
+
+ if (icc->nbns4_index > MAXWINS)
+ yyerror("No more than %d WINS", MAXWINS);
+ if (inet_pton(AF_INET, (yyvsp[(1) - (1)].val)->v,
+ &icc->nbns4[icc->nbns4_index++]) != 1)
+ yyerror("bad IPv4 WINS address.");
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 179:
+/* Line 1787 of yacc.c */
+#line 1148 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ struct isakmp_cfg_config *icc = &isakmp_cfg_config;
+ struct unity_network network;
+ memset(&network,0,sizeof(network));
+
+ if (inet_pton(AF_INET, (yyvsp[(1) - (2)].val)->v, &network.addr4) != 1)
+ yyerror("bad IPv4 SPLIT address.");
+
+ /* Turn $2 (the prefix) into a subnet mask */
+ network.mask4.s_addr = ((yyvsp[(2) - (2)].num)) ? htonl(~((1 << (32 - (yyvsp[(2) - (2)].num))) - 1)) : 0;
+
+ /* add the network to our list */
+ if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count))
+ yyerror("Unable to allocate split network");
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 182:
+/* Line 1787 of yacc.c */
+#line 1175 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ char * groupname = NULL;
+ char ** grouplist = NULL;
+ struct isakmp_cfg_config *icc = &isakmp_cfg_config;
+
+ grouplist = racoon_realloc(icc->grouplist,
+ sizeof(char**)*(icc->groupcount+1));
+ if (grouplist == NULL) {
+ yyerror("unable to allocate auth group list");
+ return -1;
+ }
+
+ groupname = racoon_malloc((yyvsp[(1) - (1)].val)->l+1);
+ if (groupname == NULL) {
+ yyerror("unable to allocate auth group name");
+ return -1;
+ }
+
+ memcpy(groupname,(yyvsp[(1) - (1)].val)->v,(yyvsp[(1) - (1)].val)->l);
+ groupname[(yyvsp[(1) - (1)].val)->l]=0;
+ grouplist[icc->groupcount]=groupname;
+ icc->grouplist = grouplist;
+ icc->groupcount++;
+
+ vfree((yyvsp[(1) - (1)].val));
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 185:
+/* Line 1787 of yacc.c */
+#line 1213 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ struct isakmp_cfg_config *icc = &isakmp_cfg_config;
+
+ if (!icc->splitdns_len)
+ {
+ icc->splitdns_list = racoon_malloc((yyvsp[(1) - (1)].val)->l);
+ if(icc->splitdns_list == NULL) {
+ yyerror("error allocating splitdns list buffer");
+ return -1;
+ }
+ memcpy(icc->splitdns_list,(yyvsp[(1) - (1)].val)->v,(yyvsp[(1) - (1)].val)->l);
+ icc->splitdns_len = (yyvsp[(1) - (1)].val)->l;
+ }
+ else
+ {
+ int len = icc->splitdns_len + (yyvsp[(1) - (1)].val)->l + 1;
+ icc->splitdns_list = racoon_realloc(icc->splitdns_list,len);
+ if(icc->splitdns_list == NULL) {
+ yyerror("error allocating splitdns list buffer");
+ return -1;
+ }
+ icc->splitdns_list[icc->splitdns_len] = ',';
+ memcpy(icc->splitdns_list + icc->splitdns_len + 1, (yyvsp[(1) - (1)].val)->v, (yyvsp[(1) - (1)].val)->l);
+ icc->splitdns_len = len;
+ }
+ vfree((yyvsp[(1) - (1)].val));
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 189:
+/* Line 1787 of yacc.c */
+#line 1257 "cfparse.y"
+ {
+ lcconf->retry_counter = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 191:
+/* Line 1787 of yacc.c */
+#line 1262 "cfparse.y"
+ {
+ lcconf->retry_interval = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num);
+ }
+ break;
+
+ case 193:
+/* Line 1787 of yacc.c */
+#line 1267 "cfparse.y"
+ {
+ lcconf->count_persend = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 195:
+/* Line 1787 of yacc.c */
+#line 1272 "cfparse.y"
+ {
+ lcconf->retry_checkph1 = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num);
+ }
+ break;
+
+ case 197:
+/* Line 1787 of yacc.c */
+#line 1277 "cfparse.y"
+ {
+ lcconf->wait_ph2complete = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num);
+ }
+ break;
+
+ case 199:
+/* Line 1787 of yacc.c */
+#line 1282 "cfparse.y"
+ {
+#ifdef ENABLE_NATT
+ if (libipsec_opt & LIBIPSEC_OPT_NATT)
+ lcconf->natt_ka_interval = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num);
+ else
+ yyerror("libipsec lacks NAT-T support");
+#else
+ yyerror("NAT-T support not compiled in.");
+#endif
+ }
+ break;
+
+ case 201:
+/* Line 1787 of yacc.c */
+#line 1298 "cfparse.y"
+ {
+ cur_sainfo = newsainfo();
+ if (cur_sainfo == NULL) {
+ yyerror("failed to allocate sainfo");
+ return -1;
+ }
+ }
+ break;
+
+ case 202:
+/* Line 1787 of yacc.c */
+#line 1306 "cfparse.y"
+ {
+ struct sainfo *check;
+
+ /* default */
+ if (cur_sainfo->algs[algclass_ipsec_enc] == 0) {
+ yyerror("no encryption algorithm at %s",
+ sainfo2str(cur_sainfo));
+ return -1;
+ }
+ if (cur_sainfo->algs[algclass_ipsec_auth] == 0) {
+ yyerror("no authentication algorithm at %s",
+ sainfo2str(cur_sainfo));
+ return -1;
+ }
+ if (cur_sainfo->algs[algclass_ipsec_comp] == 0) {
+ yyerror("no compression algorithm at %s",
+ sainfo2str(cur_sainfo));
+ return -1;
+ }
+
+ /* duplicate check */
+ check = getsainfo(cur_sainfo->idsrc,
+ cur_sainfo->iddst,
+ cur_sainfo->id_i,
+ NULL,
+ cur_sainfo->remoteid);
+
+ if (check && ((check->idsrc != SAINFO_ANONYMOUS) &&
+ (cur_sainfo->idsrc != SAINFO_ANONYMOUS))) {
+ yyerror("duplicated sainfo: %s",
+ sainfo2str(cur_sainfo));
+ return -1;
+ }
+
+ inssainfo(cur_sainfo);
+ }
+ break;
+
+ case 204:
+/* Line 1787 of yacc.c */
+#line 1346 "cfparse.y"
+ {
+ cur_sainfo->idsrc = SAINFO_ANONYMOUS;
+ cur_sainfo->iddst = SAINFO_ANONYMOUS;
+ }
+ break;
+
+ case 205:
+/* Line 1787 of yacc.c */
+#line 1351 "cfparse.y"
+ {
+ cur_sainfo->idsrc = SAINFO_ANONYMOUS;
+ cur_sainfo->iddst = SAINFO_CLIENTADDR;
+ }
+ break;
+
+ case 206:
+/* Line 1787 of yacc.c */
+#line 1356 "cfparse.y"
+ {
+ cur_sainfo->idsrc = SAINFO_ANONYMOUS;
+ cur_sainfo->iddst = (yyvsp[(2) - (2)].val);
+ }
+ break;
+
+ case 207:
+/* Line 1787 of yacc.c */
+#line 1361 "cfparse.y"
+ {
+ cur_sainfo->idsrc = (yyvsp[(1) - (2)].val);
+ cur_sainfo->iddst = SAINFO_ANONYMOUS;
+ }
+ break;
+
+ case 208:
+/* Line 1787 of yacc.c */
+#line 1366 "cfparse.y"
+ {
+ cur_sainfo->idsrc = (yyvsp[(1) - (2)].val);
+ cur_sainfo->iddst = SAINFO_CLIENTADDR;
+ }
+ break;
+
+ case 209:
+/* Line 1787 of yacc.c */
+#line 1371 "cfparse.y"
+ {
+ cur_sainfo->idsrc = (yyvsp[(1) - (2)].val);
+ cur_sainfo->iddst = (yyvsp[(2) - (2)].val);
+ }
+ break;
+
+ case 210:
+/* Line 1787 of yacc.c */
+#line 1378 "cfparse.y"
+ {
+ char portbuf[10];
+ struct sockaddr *saddr;
+
+ if (((yyvsp[(5) - (5)].num) == IPPROTO_ICMP || (yyvsp[(5) - (5)].num) == IPPROTO_ICMPV6)
+ && ((yyvsp[(4) - (5)].num) != IPSEC_PORT_ANY || (yyvsp[(4) - (5)].num) != IPSEC_PORT_ANY)) {
+ yyerror("port number must be \"any\".");
+ return -1;
+ }
+
+ snprintf(portbuf, sizeof(portbuf), "%lu", (yyvsp[(4) - (5)].num));
+ saddr = str2saddr((yyvsp[(2) - (5)].val)->v, portbuf);
+ vfree((yyvsp[(2) - (5)].val));
+ if (saddr == NULL)
+ return -1;
+
+ switch (saddr->sa_family) {
+ case AF_INET:
+ if ((yyvsp[(5) - (5)].num) == IPPROTO_ICMPV6) {
+ yyerror("upper layer protocol mismatched.\n");
+ racoon_free(saddr);
+ return -1;
+ }
+ (yyval.val) = ipsecdoi_sockaddr2id(saddr,
+ (yyvsp[(3) - (5)].num) == ~0 ? (sizeof(struct in_addr) << 3): (yyvsp[(3) - (5)].num),
+ (yyvsp[(5) - (5)].num));
+ break;
+#ifdef INET6
+ case AF_INET6:
+ if ((yyvsp[(5) - (5)].num) == IPPROTO_ICMP) {
+ yyerror("upper layer protocol mismatched.\n");
+ racoon_free(saddr);
+ return -1;
+ }
+ (yyval.val) = ipsecdoi_sockaddr2id(saddr,
+ (yyvsp[(3) - (5)].num) == ~0 ? (sizeof(struct in6_addr) << 3): (yyvsp[(3) - (5)].num),
+ (yyvsp[(5) - (5)].num));
+ break;
+#endif
+ default:
+ yyerror("invalid family: %d", saddr->sa_family);
+ (yyval.val) = NULL;
+ break;
+ }
+ racoon_free(saddr);
+ if ((yyval.val) == NULL)
+ return -1;
+ }
+ break;
+
+ case 211:
+/* Line 1787 of yacc.c */
+#line 1427 "cfparse.y"
+ {
+ char portbuf[10];
+ struct sockaddr *laddr = NULL, *haddr = NULL;
+ char *cur = NULL;
+
+ if (((yyvsp[(6) - (6)].num) == IPPROTO_ICMP || (yyvsp[(6) - (6)].num) == IPPROTO_ICMPV6)
+ && ((yyvsp[(5) - (6)].num) != IPSEC_PORT_ANY || (yyvsp[(5) - (6)].num) != IPSEC_PORT_ANY)) {
+ yyerror("port number must be \"any\".");
+ return -1;
+ }
+
+ snprintf(portbuf, sizeof(portbuf), "%lu", (yyvsp[(5) - (6)].num));
+
+ laddr = str2saddr((yyvsp[(2) - (6)].val)->v, portbuf);
+ if (laddr == NULL) {
+ return -1;
+ }
+ vfree((yyvsp[(2) - (6)].val));
+ haddr = str2saddr((yyvsp[(3) - (6)].val)->v, portbuf);
+ if (haddr == NULL) {
+ racoon_free(laddr);
+ return -1;
+ }
+ vfree((yyvsp[(3) - (6)].val));
+
+ switch (laddr->sa_family) {
+ case AF_INET:
+ if ((yyvsp[(6) - (6)].num) == IPPROTO_ICMPV6) {
+ yyerror("upper layer protocol mismatched.\n");
+ if (laddr)
+ racoon_free(laddr);
+ if (haddr)
+ racoon_free(haddr);
+ return -1;
+ }
+ (yyval.val) = ipsecdoi_sockrange2id(laddr, haddr,
+ (yyvsp[(6) - (6)].num));
+ break;
+#ifdef INET6
+ case AF_INET6:
+ if ((yyvsp[(6) - (6)].num) == IPPROTO_ICMP) {
+ yyerror("upper layer protocol mismatched.\n");
+ if (laddr)
+ racoon_free(laddr);
+ if (haddr)
+ racoon_free(haddr);
+ return -1;
+ }
+ (yyval.val) = ipsecdoi_sockrange2id(laddr, haddr,
+ (yyvsp[(6) - (6)].num));
+ break;
+#endif
+ default:
+ yyerror("invalid family: %d", laddr->sa_family);
+ (yyval.val) = NULL;
+ break;
+ }
+ if (laddr)
+ racoon_free(laddr);
+ if (haddr)
+ racoon_free(haddr);
+ if ((yyval.val) == NULL)
+ return -1;
+ }
+ break;
+
+ case 212:
+/* Line 1787 of yacc.c */
+#line 1492 "cfparse.y"
+ {
+ struct ipsecdoi_id_b *id_b;
+
+ if ((yyvsp[(1) - (2)].num) == IDTYPE_ASN1DN) {
+ yyerror("id type forbidden: %d", (yyvsp[(1) - (2)].num));
+ (yyval.val) = NULL;
+ return -1;
+ }
+
+ (yyvsp[(2) - (2)].val)->l--;
+
+ (yyval.val) = vmalloc(sizeof(*id_b) + (yyvsp[(2) - (2)].val)->l);
+ if ((yyval.val) == NULL) {
+ yyerror("failed to allocate identifier");
+ return -1;
+ }
+
+ id_b = (struct ipsecdoi_id_b *)(yyval.val)->v;
+ id_b->type = idtype2doi((yyvsp[(1) - (2)].num));
+
+ id_b->proto_id = 0;
+ id_b->port = 0;
+
+ memcpy((yyval.val)->v + sizeof(*id_b), (yyvsp[(2) - (2)].val)->v, (yyvsp[(2) - (2)].val)->l);
+ }
+ break;
+
+ case 213:
+/* Line 1787 of yacc.c */
+#line 1520 "cfparse.y"
+ {
+ cur_sainfo->id_i = NULL;
+ }
+ break;
+
+ case 214:
+/* Line 1787 of yacc.c */
+#line 1524 "cfparse.y"
+ {
+ struct ipsecdoi_id_b *id_b;
+ vchar_t *idv;
+
+ if (set_identifier(&idv, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) {
+ yyerror("failed to set identifer.\n");
+ return -1;
+ }
+ cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l);
+ if (cur_sainfo->id_i == NULL) {
+ yyerror("failed to allocate identifier");
+ return -1;
+ }
+
+ id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
+ id_b->type = idtype2doi((yyvsp[(2) - (3)].num));
+
+ id_b->proto_id = 0;
+ id_b->port = 0;
+
+ memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
+ idv->v, idv->l);
+ vfree(idv);
+ }
+ break;
+
+ case 215:
+/* Line 1787 of yacc.c */
+#line 1549 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ if ((cur_sainfo->group = vdup((yyvsp[(2) - (2)].val))) == NULL) {
+ yyerror("failed to set sainfo xauth group.\n");
+ return -1;
+ }
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+ return -1;
+#endif
+ }
+ break;
+
+ case 218:
+/* Line 1787 of yacc.c */
+#line 1567 "cfparse.y"
+ {
+ cur_sainfo->pfs_group = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 220:
+/* Line 1787 of yacc.c */
+#line 1572 "cfparse.y"
+ {
+ cur_sainfo->remoteid = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 222:
+/* Line 1787 of yacc.c */
+#line 1577 "cfparse.y"
+ {
+ cur_sainfo->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num);
+ }
+ break;
+
+ case 224:
+/* Line 1787 of yacc.c */
+#line 1582 "cfparse.y"
+ {
+#if 1
+ yyerror("byte lifetime support is deprecated");
+ return -1;
+#else
+ cur_sainfo->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num));
+ if (cur_sainfo->lifebyte == 0)
+ return -1;
+#endif
+ }
+ break;
+
+ case 226:
+/* Line 1787 of yacc.c */
+#line 1593 "cfparse.y"
+ {
+ cur_algclass = (yyvsp[(1) - (1)].num);
+ }
+ break;
+
+ case 228:
+/* Line 1787 of yacc.c */
+#line 1601 "cfparse.y"
+ {
+ inssainfoalg(&cur_sainfo->algs[cur_algclass], (yyvsp[(1) - (1)].alg));
+ }
+ break;
+
+ case 229:
+/* Line 1787 of yacc.c */
+#line 1605 "cfparse.y"
+ {
+ inssainfoalg(&cur_sainfo->algs[cur_algclass], (yyvsp[(1) - (1)].alg));
+ }
+ break;
+
+ case 231:
+/* Line 1787 of yacc.c */
+#line 1612 "cfparse.y"
+ {
+ int defklen;
+
+ (yyval.alg) = newsainfoalg();
+ if ((yyval.alg) == NULL) {
+ yyerror("failed to get algorithm allocation");
+ return -1;
+ }
+
+ (yyval.alg)->alg = algtype2doi(cur_algclass, (yyvsp[(1) - (2)].num));
+ if ((yyval.alg)->alg == -1) {
+ yyerror("algorithm mismatched");
+ racoon_free((yyval.alg));
+ (yyval.alg) = NULL;
+ return -1;
+ }
+
+ defklen = default_keylen(cur_algclass, (yyvsp[(1) - (2)].num));
+ if (defklen == 0) {
+ if ((yyvsp[(2) - (2)].num)) {
+ yyerror("keylen not allowed");
+ racoon_free((yyval.alg));
+ (yyval.alg) = NULL;
+ return -1;
+ }
+ } else {
+ if ((yyvsp[(2) - (2)].num) && check_keylen(cur_algclass, (yyvsp[(1) - (2)].num), (yyvsp[(2) - (2)].num)) < 0) {
+ yyerror("invalid keylen %d", (yyvsp[(2) - (2)].num));
+ racoon_free((yyval.alg));
+ (yyval.alg) = NULL;
+ return -1;
+ }
+ }
+
+ if ((yyvsp[(2) - (2)].num))
+ (yyval.alg)->encklen = (yyvsp[(2) - (2)].num);
+ else
+ (yyval.alg)->encklen = defklen;
+
+ /* check if it's supported algorithm by kernel */
+ if (!(cur_algclass == algclass_ipsec_auth && (yyvsp[(1) - (2)].num) == algtype_non_auth)
+ && pk_checkalg(cur_algclass, (yyvsp[(1) - (2)].num), (yyval.alg)->encklen)) {
+ int a = algclass2doi(cur_algclass);
+ int b = algtype2doi(cur_algclass, (yyvsp[(1) - (2)].num));
+ if (a == IPSECDOI_ATTR_AUTH)
+ a = IPSECDOI_PROTO_IPSEC_AH;
+ yyerror("algorithm %s not supported by the kernel (missing module?)",
+ s_ipsecdoi_trns(a, b));
+ racoon_free((yyval.alg));
+ (yyval.alg) = NULL;
+ return -1;
+ }
+ }
+ break;
+
+ case 232:
+/* Line 1787 of yacc.c */
+#line 1667 "cfparse.y"
+ { (yyval.num) = ~0; }
+ break;
+
+ case 233:
+/* Line 1787 of yacc.c */
+#line 1668 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 234:
+/* Line 1787 of yacc.c */
+#line 1671 "cfparse.y"
+ { (yyval.num) = IPSEC_PORT_ANY; }
+ break;
+
+ case 235:
+/* Line 1787 of yacc.c */
+#line 1672 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 236:
+/* Line 1787 of yacc.c */
+#line 1673 "cfparse.y"
+ { (yyval.num) = IPSEC_PORT_ANY; }
+ break;
+
+ case 237:
+/* Line 1787 of yacc.c */
+#line 1676 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 238:
+/* Line 1787 of yacc.c */
+#line 1677 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 239:
+/* Line 1787 of yacc.c */
+#line 1678 "cfparse.y"
+ { (yyval.num) = IPSEC_ULPROTO_ANY; }
+ break;
+
+ case 240:
+/* Line 1787 of yacc.c */
+#line 1681 "cfparse.y"
+ { (yyval.num) = 0; }
+ break;
+
+ case 241:
+/* Line 1787 of yacc.c */
+#line 1682 "cfparse.y"
+ { (yyval.num) = (yyvsp[(1) - (1)].num); }
+ break;
+
+ case 242:
+/* Line 1787 of yacc.c */
+#line 1688 "cfparse.y"
+ {
+ struct remoteconf *from, *new;
+
+ if (getrmconf_by_name((yyvsp[(2) - (4)].val)->v) != NULL) {
+ yyerror("named remoteconf \"%s\" already exists.");
+ return -1;
+ }
+
+ from = getrmconf_by_name((yyvsp[(4) - (4)].val)->v);
+ if (from == NULL) {
+ yyerror("named parent remoteconf \"%s\" does not exist.",
+ (yyvsp[(4) - (4)].val)->v);
+ return -1;
+ }
+
+ new = duprmconf_shallow(from);
+ if (new == NULL) {
+ yyerror("failed to duplicate remoteconf from \"%s\".",
+ (yyvsp[(4) - (4)].val)->v);
+ return -1;
+ }
+
+ new->name = racoon_strdup((yyvsp[(2) - (4)].val)->v);
+ cur_rmconf = new;
+
+ vfree((yyvsp[(2) - (4)].val));
+ vfree((yyvsp[(4) - (4)].val));
+ }
+ break;
+
+ case 244:
+/* Line 1787 of yacc.c */
+#line 1718 "cfparse.y"
+ {
+ struct remoteconf *new;
+
+ if (getrmconf_by_name((yyvsp[(2) - (2)].val)->v) != NULL) {
+ yyerror("Named remoteconf \"%s\" already exists.");
+ return -1;
+ }
+
+ new = newrmconf();
+ if (new == NULL) {
+ yyerror("failed to get new remoteconf.");
+ return -1;
+ }
+ new->name = racoon_strdup((yyvsp[(2) - (2)].val)->v);
+ cur_rmconf = new;
+
+ vfree((yyvsp[(2) - (2)].val));
+ }
+ break;
+
+ case 246:
+/* Line 1787 of yacc.c */
+#line 1738 "cfparse.y"
+ {
+ struct remoteconf *from, *new;
+
+ from = getrmconf((yyvsp[(4) - (4)].saddr), GETRMCONF_F_NO_ANONYMOUS);
+ if (from == NULL) {
+ yyerror("failed to get remoteconf for %s.",
+ saddr2str((yyvsp[(4) - (4)].saddr)));
+ return -1;
+ }
+
+ new = duprmconf_shallow(from);
+ if (new == NULL) {
+ yyerror("failed to duplicate remoteconf from %s.",
+ saddr2str((yyvsp[(4) - (4)].saddr)));
+ return -1;
+ }
+
+ racoon_free((yyvsp[(4) - (4)].saddr));
+ new->remote = (yyvsp[(2) - (4)].saddr);
+ cur_rmconf = new;
+ }
+ break;
+
+ case 248:
+/* Line 1787 of yacc.c */
+#line 1761 "cfparse.y"
+ {
+ struct remoteconf *new;
+
+ new = newrmconf();
+ if (new == NULL) {
+ yyerror("failed to get new remoteconf.");
+ return -1;
+ }
+
+ new->remote = (yyvsp[(2) - (2)].saddr);
+ cur_rmconf = new;
+ }
+ break;
+
+ case 251:
+/* Line 1787 of yacc.c */
+#line 1779 "cfparse.y"
+ {
+ if (process_rmconf() != 0)
+ return -1;
+ }
+ break;
+
+ case 252:
+/* Line 1787 of yacc.c */
+#line 1787 "cfparse.y"
+ {
+ if (process_rmconf() != 0)
+ return -1;
+ }
+ break;
+
+ case 253:
+/* Line 1787 of yacc.c */
+#line 1794 "cfparse.y"
+ {
+ (yyval.saddr) = newsaddr(sizeof(struct sockaddr));
+ (yyval.saddr)->sa_family = AF_UNSPEC;
+ ((struct sockaddr_in *)(yyval.saddr))->sin_port = htons((yyvsp[(2) - (2)].num));
+ }
+ break;
+
+ case 254:
+/* Line 1787 of yacc.c */
+#line 1800 "cfparse.y"
+ {
+ (yyval.saddr) = (yyvsp[(1) - (1)].saddr);
+ if ((yyval.saddr) == NULL) {
+ yyerror("failed to allocate sockaddr");
+ return -1;
+ }
+ }
+ break;
+
+ case 257:
+/* Line 1787 of yacc.c */
+#line 1814 "cfparse.y"
+ {
+ if (cur_rmconf->remote != NULL) {
+ yyerror("remote_address already specified");
+ return -1;
+ }
+ cur_rmconf->remote = (yyvsp[(2) - (2)].saddr);
+ }
+ break;
+
+ case 259:
+/* Line 1787 of yacc.c */
+#line 1823 "cfparse.y"
+ {
+ cur_rmconf->etypes = NULL;
+ }
+ break;
+
+ case 261:
+/* Line 1787 of yacc.c */
+#line 1827 "cfparse.y"
+ { cur_rmconf->doitype = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 263:
+/* Line 1787 of yacc.c */
+#line 1828 "cfparse.y"
+ { cur_rmconf->sittype = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 266:
+/* Line 1787 of yacc.c */
+#line 1831 "cfparse.y"
+ {
+ yywarn("This directive without certtype will be removed!\n");
+ yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", (yyvsp[(2) - (2)].val)->v);
+
+ if (cur_rmconf->peerscert != NULL) {
+ yyerror("peers_certfile already defined\n");
+ return -1;
+ }
+
+ if (load_x509((yyvsp[(2) - (2)].val)->v, &cur_rmconf->peerscertfile,
+ &cur_rmconf->peerscert)) {
+ yyerror("failed to load certificate \"%s\"\n",
+ (yyvsp[(2) - (2)].val)->v);
+ return -1;
+ }
+
+ vfree((yyvsp[(2) - (2)].val));
+ }
+ break;
+
+ case 268:
+/* Line 1787 of yacc.c */
+#line 1851 "cfparse.y"
+ {
+ if (cur_rmconf->peerscert != NULL) {
+ yyerror("peers_certfile already defined\n");
+ return -1;
+ }
+
+ if (load_x509((yyvsp[(3) - (3)].val)->v, &cur_rmconf->peerscertfile,
+ &cur_rmconf->peerscert)) {
+ yyerror("failed to load certificate \"%s\"\n",
+ (yyvsp[(3) - (3)].val)->v);
+ return -1;
+ }
+
+ vfree((yyvsp[(3) - (3)].val));
+ }
+ break;
+
+ case 270:
+/* Line 1787 of yacc.c */
+#line 1868 "cfparse.y"
+ {
+ char path[MAXPATHLEN];
+ int ret = 0;
+
+ if (cur_rmconf->peerscert != NULL) {
+ yyerror("peers_certfile already defined\n");
+ return -1;
+ }
+
+ cur_rmconf->peerscert = vmalloc(1);
+ if (cur_rmconf->peerscert == NULL) {
+ yyerror("failed to allocate peerscert");
+ return -1;
+ }
+ cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA;
+
+ getpathname(path, sizeof(path),
+ LC_PATHTYPE_CERT, (yyvsp[(3) - (3)].val)->v);
+ if (rsa_parse_file(cur_rmconf->rsa_public, path,
+ RSA_TYPE_PUBLIC)) {
+ yyerror("Couldn't parse keyfile.\n", path);
+ return -1;
+ }
+ plog(LLV_DEBUG, LOCATION, NULL,
+ "Public PlainRSA keyfile parsed: %s\n", path);
+
+ vfree((yyvsp[(3) - (3)].val));
+ }
+ break;
+
+ case 272:
+/* Line 1787 of yacc.c */
+#line 1898 "cfparse.y"
+ {
+ if (cur_rmconf->peerscert != NULL) {
+ yyerror("peers_certfile already defined\n");
+ return -1;
+ }
+ cur_rmconf->peerscert = vmalloc(1);
+ if (cur_rmconf->peerscert == NULL) {
+ yyerror("failed to allocate peerscert");
+ return -1;
+ }
+ cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS;
+ }
+ break;
+
+ case 274:
+/* Line 1787 of yacc.c */
+#line 1912 "cfparse.y"
+ {
+ if (cur_rmconf->cacert != NULL) {
+ yyerror("ca_type already defined\n");
+ return -1;
+ }
+
+ if (load_x509((yyvsp[(3) - (3)].val)->v, &cur_rmconf->cacertfile,
+ &cur_rmconf->cacert)) {
+ yyerror("failed to load certificate \"%s\"\n",
+ (yyvsp[(3) - (3)].val)->v);
+ return -1;
+ }
+
+ vfree((yyvsp[(3) - (3)].val));
+ }
+ break;
+
+ case 276:
+/* Line 1787 of yacc.c */
+#line 1928 "cfparse.y"
+ { cur_rmconf->verify_cert = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 278:
+/* Line 1787 of yacc.c */
+#line 1929 "cfparse.y"
+ { cur_rmconf->send_cert = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 280:
+/* Line 1787 of yacc.c */
+#line 1930 "cfparse.y"
+ { cur_rmconf->send_cr = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 282:
+/* Line 1787 of yacc.c */
+#line 1931 "cfparse.y"
+ { cur_rmconf->match_empty_cr = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 284:
+/* Line 1787 of yacc.c */
+#line 1933 "cfparse.y"
+ {
+ if (set_identifier(&cur_rmconf->idv, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) {
+ yyerror("failed to set identifer.\n");
+ return -1;
+ }
+ cur_rmconf->idvtype = (yyvsp[(2) - (3)].num);
+ }
+ break;
+
+ case 286:
+/* Line 1787 of yacc.c */
+#line 1942 "cfparse.y"
+ {
+ if (set_identifier_qual(&cur_rmconf->idv, (yyvsp[(2) - (4)].num), (yyvsp[(4) - (4)].val), (yyvsp[(3) - (4)].num)) != 0) {
+ yyerror("failed to set identifer.\n");
+ return -1;
+ }
+ cur_rmconf->idvtype = (yyvsp[(2) - (4)].num);
+ }
+ break;
+
+ case 288:
+/* Line 1787 of yacc.c */
+#line 1951 "cfparse.y"
+ {
+#ifdef ENABLE_HYBRID
+ /* formerly identifier type login */
+ if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) {
+ yyerror("failed to allocate xauth state\n");
+ return -1;
+ }
+ if ((cur_rmconf->xauth->login = vdup((yyvsp[(2) - (2)].val))) == NULL) {
+ yyerror("failed to set identifer.\n");
+ return -1;
+ }
+#else
+ yyerror("racoon not configured with --enable-hybrid");
+#endif
+ }
+ break;
+
+ case 290:
+/* Line 1787 of yacc.c */
+#line 1968 "cfparse.y"
+ {
+ struct idspec *id;
+ id = newidspec();
+ if (id == NULL) {
+ yyerror("failed to allocate idspec");
+ return -1;
+ }
+ if (set_identifier(&id->id, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) {
+ yyerror("failed to set identifer.\n");
+ racoon_free(id);
+ return -1;
+ }
+ id->idtype = (yyvsp[(2) - (3)].num);
+ genlist_append (cur_rmconf->idvl_p, id);
+ }
+ break;
+
+ case 292:
+/* Line 1787 of yacc.c */
+#line 1985 "cfparse.y"
+ {
+ struct idspec *id;
+ id = newidspec();
+ if (id == NULL) {
+ yyerror("failed to allocate idspec");
+ return -1;
+ }
+ if (set_identifier_qual(&id->id, (yyvsp[(2) - (4)].num), (yyvsp[(4) - (4)].val), (yyvsp[(3) - (4)].num)) != 0) {
+ yyerror("failed to set identifer.\n");
+ racoon_free(id);
+ return -1;
+ }
+ id->idtype = (yyvsp[(2) - (4)].num);
+ genlist_append (cur_rmconf->idvl_p, id);
+ }
+ break;
+
+ case 294:
+/* Line 1787 of yacc.c */
+#line 2001 "cfparse.y"
+ { cur_rmconf->verify_identifier = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 296:
+/* Line 1787 of yacc.c */
+#line 2002 "cfparse.y"
+ { cur_rmconf->nonce_size = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 298:
+/* Line 1787 of yacc.c */
+#line 2004 "cfparse.y"
+ {
+ yyerror("dh_group cannot be defined here.");
+ return -1;
+ }
+ break;
+
+ case 300:
+/* Line 1787 of yacc.c */
+#line 2009 "cfparse.y"
+ { cur_rmconf->passive = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 302:
+/* Line 1787 of yacc.c */
+#line 2010 "cfparse.y"
+ { cur_rmconf->ike_frag = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 304:
+/* Line 1787 of yacc.c */
+#line 2011 "cfparse.y"
+ { cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; }
+ break;
+
+ case 306:
+/* Line 1787 of yacc.c */
+#line 2012 "cfparse.y"
+ {
+#ifdef SADB_X_EXT_NAT_T_FRAG
+ if (libipsec_opt & LIBIPSEC_OPT_FRAG)
+ cur_rmconf->esp_frag = (yyvsp[(2) - (2)].num);
+ else
+ yywarn("libipsec lacks IKE frag support");
+#else
+ yywarn("Your kernel does not support esp_frag");
+#endif
+ }
+ break;
+
+ case 308:
+/* Line 1787 of yacc.c */
+#line 2022 "cfparse.y"
+ {
+ if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL)
+ vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]);
+
+ cur_rmconf->script[SCRIPT_PHASE1_UP] =
+ script_path_add(vdup((yyvsp[(2) - (3)].val)));
+ }
+ break;
+
+ case 310:
+/* Line 1787 of yacc.c */
+#line 2029 "cfparse.y"
+ {
+ if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL)
+ vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]);
+
+ cur_rmconf->script[SCRIPT_PHASE1_DOWN] =
+ script_path_add(vdup((yyvsp[(2) - (3)].val)));
+ }
+ break;
+
+ case 312:
+/* Line 1787 of yacc.c */
+#line 2036 "cfparse.y"
+ {
+ if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL)
+ vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]);
+
+ cur_rmconf->script[SCRIPT_PHASE1_DEAD] =
+ script_path_add(vdup((yyvsp[(2) - (3)].val)));
+ }
+ break;
+
+ case 314:
+/* Line 1787 of yacc.c */
+#line 2043 "cfparse.y"
+ { cur_rmconf->mode_cfg = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 316:
+/* Line 1787 of yacc.c */
+#line 2044 "cfparse.y"
+ {
+ cur_rmconf->weak_phase1_check = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 318:
+/* Line 1787 of yacc.c */
+#line 2047 "cfparse.y"
+ { cur_rmconf->gen_policy = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 320:
+/* Line 1787 of yacc.c */
+#line 2048 "cfparse.y"
+ { cur_rmconf->gen_policy = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 322:
+/* Line 1787 of yacc.c */
+#line 2049 "cfparse.y"
+ { cur_rmconf->support_proxy = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 324:
+/* Line 1787 of yacc.c */
+#line 2050 "cfparse.y"
+ { cur_rmconf->ini_contact = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 326:
+/* Line 1787 of yacc.c */
+#line 2052 "cfparse.y"
+ {
+#ifdef ENABLE_NATT
+ if (libipsec_opt & LIBIPSEC_OPT_NATT)
+ cur_rmconf->nat_traversal = (yyvsp[(2) - (2)].num);
+ else
+ yyerror("libipsec lacks NAT-T support");
+#else
+ yyerror("NAT-T support not compiled in.");
+#endif
+ }
+ break;
+
+ case 328:
+/* Line 1787 of yacc.c */
+#line 2063 "cfparse.y"
+ {
+#ifdef ENABLE_NATT
+ if (libipsec_opt & LIBIPSEC_OPT_NATT)
+ cur_rmconf->nat_traversal = NATT_FORCE;
+ else
+ yyerror("libipsec lacks NAT-T support");
+#else
+ yyerror("NAT-T support not compiled in.");
+#endif
+ }
+ break;
+
+ case 330:
+/* Line 1787 of yacc.c */
+#line 2074 "cfparse.y"
+ {
+#ifdef ENABLE_DPD
+ cur_rmconf->dpd = (yyvsp[(2) - (2)].num);
+#else
+ yyerror("DPD support not compiled in.");
+#endif
+ }
+ break;
+
+ case 332:
+/* Line 1787 of yacc.c */
+#line 2082 "cfparse.y"
+ {
+#ifdef ENABLE_DPD
+ cur_rmconf->dpd_interval = (yyvsp[(2) - (2)].num);
+#else
+ yyerror("DPD support not compiled in.");
+#endif
+ }
+ break;
+
+ case 334:
+/* Line 1787 of yacc.c */
+#line 2091 "cfparse.y"
+ {
+#ifdef ENABLE_DPD
+ cur_rmconf->dpd_retry = (yyvsp[(2) - (2)].num);
+#else
+ yyerror("DPD support not compiled in.");
+#endif
+ }
+ break;
+
+ case 336:
+/* Line 1787 of yacc.c */
+#line 2100 "cfparse.y"
+ {
+#ifdef ENABLE_DPD
+ cur_rmconf->dpd_maxfails = (yyvsp[(2) - (2)].num);
+#else
+ yyerror("DPD support not compiled in.");
+#endif
+ }
+ break;
+
+ case 338:
+/* Line 1787 of yacc.c */
+#line 2108 "cfparse.y"
+ { cur_rmconf->rekey = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 340:
+/* Line 1787 of yacc.c */
+#line 2109 "cfparse.y"
+ { cur_rmconf->rekey = REKEY_FORCE; }
+ break;
+
+ case 342:
+/* Line 1787 of yacc.c */
+#line 2111 "cfparse.y"
+ {
+ cur_rmconf->ph1id = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 344:
+/* Line 1787 of yacc.c */
+#line 2116 "cfparse.y"
+ {
+ cur_rmconf->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num);
+ }
+ break;
+
+ case 346:
+/* Line 1787 of yacc.c */
+#line 2120 "cfparse.y"
+ { cur_rmconf->pcheck_level = (yyvsp[(2) - (2)].num); }
+ break;
+
+ case 348:
+/* Line 1787 of yacc.c */
+#line 2122 "cfparse.y"
+ {
+#if 1
+ yyerror("byte lifetime support is deprecated in Phase1");
+ return -1;
+#else
+ yywarn("the lifetime of bytes in phase 1 "
+ "will be ignored at the moment.");
+ cur_rmconf->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num));
+ if (cur_rmconf->lifebyte == 0)
+ return -1;
+#endif
+ }
+ break;
+
+ case 350:
+/* Line 1787 of yacc.c */
+#line 2136 "cfparse.y"
+ {
+ struct secprotospec *spspec;
+
+ spspec = newspspec();
+ if (spspec == NULL)
+ return -1;
+ insspspec(cur_rmconf, spspec);
+ }
+ break;
+
+ case 353:
+/* Line 1787 of yacc.c */
+#line 2149 "cfparse.y"
+ {
+ struct etypes *new;
+ new = racoon_malloc(sizeof(struct etypes));
+ if (new == NULL) {
+ yyerror("failed to allocate etypes");
+ return -1;
+ }
+ new->type = (yyvsp[(2) - (2)].num);
+ new->next = NULL;
+ if (cur_rmconf->etypes == NULL)
+ cur_rmconf->etypes = new;
+ else {
+ struct etypes *p;
+ for (p = cur_rmconf->etypes;
+ p->next != NULL;
+ p = p->next)
+ ;
+ p->next = new;
+ }
+ }
+ break;
+
+ case 354:
+/* Line 1787 of yacc.c */
+#line 2172 "cfparse.y"
+ {
+ if (cur_rmconf->mycert != NULL) {
+ yyerror("certificate_type already defined\n");
+ return -1;
+ }
+
+ if (load_x509((yyvsp[(2) - (3)].val)->v, &cur_rmconf->mycertfile,
+ &cur_rmconf->mycert)) {
+ yyerror("failed to load certificate \"%s\"\n",
+ (yyvsp[(2) - (3)].val)->v);
+ return -1;
+ }
+
+ cur_rmconf->myprivfile = racoon_strdup((yyvsp[(3) - (3)].val)->v);
+ STRDUP_FATAL(cur_rmconf->myprivfile);
+
+ vfree((yyvsp[(2) - (3)].val));
+ vfree((yyvsp[(3) - (3)].val));
+ }
+ break;
+
+ case 356:
+/* Line 1787 of yacc.c */
+#line 2193 "cfparse.y"
+ {
+ char path[MAXPATHLEN];
+ int ret = 0;
+
+ if (cur_rmconf->mycert != NULL) {
+ yyerror("certificate_type already defined\n");
+ return -1;
+ }
+
+ cur_rmconf->mycert = vmalloc(1);
+ if (cur_rmconf->mycert == NULL) {
+ yyerror("failed to allocate mycert");
+ return -1;
+ }
+ cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA;
+
+ getpathname(path, sizeof(path),
+ LC_PATHTYPE_CERT, (yyvsp[(2) - (2)].val)->v);
+ cur_rmconf->send_cr = FALSE;
+ cur_rmconf->send_cert = FALSE;
+ cur_rmconf->verify_cert = FALSE;
+ if (rsa_parse_file(cur_rmconf->rsa_private, path,
+ RSA_TYPE_PRIVATE)) {
+ yyerror("Couldn't parse keyfile.\n", path);
+ return -1;
+ }
+ plog(LLV_DEBUG, LOCATION, NULL,
+ "Private PlainRSA keyfile parsed: %s\n", path);
+ vfree((yyvsp[(2) - (2)].val));
+ }
+ break;
+
+ case 358:
+/* Line 1787 of yacc.c */
+#line 2227 "cfparse.y"
+ {
+ (yyval.num) = algtype2doi(algclass_isakmp_dh, (yyvsp[(1) - (1)].num));
+ if ((yyval.num) == -1) {
+ yyerror("must be DH group");
+ return -1;
+ }
+ }
+ break;
+
+ case 359:
+/* Line 1787 of yacc.c */
+#line 2235 "cfparse.y"
+ {
+ if (ARRAYLEN(num2dhgroup) > (yyvsp[(1) - (1)].num) && num2dhgroup[(yyvsp[(1) - (1)].num)] != 0) {
+ (yyval.num) = num2dhgroup[(yyvsp[(1) - (1)].num)];
+ } else {
+ yyerror("must be DH group");
+ (yyval.num) = 0;
+ return -1;
+ }
+ }
+ break;
+
+ case 360:
+/* Line 1787 of yacc.c */
+#line 2246 "cfparse.y"
+ { (yyval.val) = NULL; }
+ break;
+
+ case 361:
+/* Line 1787 of yacc.c */
+#line 2247 "cfparse.y"
+ { (yyval.val) = (yyvsp[(1) - (1)].val); }
+ break;
+
+ case 362:
+/* Line 1787 of yacc.c */
+#line 2248 "cfparse.y"
+ { (yyval.val) = (yyvsp[(1) - (1)].val); }
+ break;
+
+ case 365:
+/* Line 1787 of yacc.c */
+#line 2256 "cfparse.y"
+ {
+ cur_rmconf->spspec->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num);
+ }
+ break;
+
+ case 367:
+/* Line 1787 of yacc.c */
+#line 2261 "cfparse.y"
+ {
+#if 1
+ yyerror("byte lifetime support is deprecated");
+ return -1;
+#else
+ cur_rmconf->spspec->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num));
+ if (cur_rmconf->spspec->lifebyte == 0)
+ return -1;
+#endif
+ }
+ break;
+
+ case 369:
+/* Line 1787 of yacc.c */
+#line 2273 "cfparse.y"
+ {
+ cur_rmconf->spspec->algclass[algclass_isakmp_dh] = (yyvsp[(2) - (2)].num);
+ }
+ break;
+
+ case 371:
+/* Line 1787 of yacc.c */
+#line 2278 "cfparse.y"
+ {
+ if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) {
+ yyerror("wrong Vendor ID for gssapi_id");
+ return -1;
+ }
+ if (cur_rmconf->spspec->gssid != NULL)
+ racoon_free(cur_rmconf->spspec->gssid);
+ cur_rmconf->spspec->gssid =
+ racoon_strdup((yyvsp[(2) - (2)].val)->v);
+ STRDUP_FATAL(cur_rmconf->spspec->gssid);
+ }
+ break;
+
+ case 373:
+/* Line 1787 of yacc.c */
+#line 2291 "cfparse.y"
+ {
+ int doi;
+ int defklen;
+
+ doi = algtype2doi((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num));
+ if (doi == -1) {
+ yyerror("algorithm mismatched 1");
+ return -1;
+ }
+
+ switch ((yyvsp[(1) - (3)].num)) {
+ case algclass_isakmp_enc:
+ /* reject suppressed algorithms */
+#ifndef HAVE_OPENSSL_RC5_H
+ if ((yyvsp[(2) - (3)].num) == algtype_rc5) {
+ yyerror("algorithm %s not supported",
+ s_attr_isakmp_enc(doi));
+ return -1;
+ }
+#endif
+#ifndef HAVE_OPENSSL_IDEA_H
+ if ((yyvsp[(2) - (3)].num) == algtype_idea) {
+ yyerror("algorithm %s not supported",
+ s_attr_isakmp_enc(doi));
+ return -1;
+ }
+#endif
+
+ cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi;
+ defklen = default_keylen((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num));
+ if (defklen == 0) {
+ if ((yyvsp[(3) - (3)].num)) {
+ yyerror("keylen not allowed");
+ return -1;
+ }
+ } else {
+ if ((yyvsp[(3) - (3)].num) && check_keylen((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].num)) < 0) {
+ yyerror("invalid keylen %d", (yyvsp[(3) - (3)].num));
+ return -1;
+ }
+ }
+ if ((yyvsp[(3) - (3)].num))
+ cur_rmconf->spspec->encklen = (yyvsp[(3) - (3)].num);
+ else
+ cur_rmconf->spspec->encklen = defklen;
+ break;
+ case algclass_isakmp_hash:
+ cur_rmconf->spspec->algclass[algclass_isakmp_hash] = doi;
+ break;
+ case algclass_isakmp_ameth:
+ cur_rmconf->spspec->algclass[algclass_isakmp_ameth] = doi;
+ /*
+ * We may have to set the Vendor ID for the
+ * authentication method we're using.
+ */
+ switch ((yyvsp[(2) - (3)].num)) {
+ case algtype_gssapikrb:
+ if (cur_rmconf->spspec->vendorid !=
+ VENDORID_UNKNOWN) {
+ yyerror("Vendor ID mismatch "
+ "for auth method");
+ return -1;
+ }
+ /*
+ * For interoperability with Win2k,
+ * we set the Vendor ID to "GSSAPI".
+ */
+ cur_rmconf->spspec->vendorid =
+ VENDORID_GSSAPI;
+ break;
+ case algtype_rsasig:
+ if (oakley_get_certtype(cur_rmconf->peerscert) == ISAKMP_CERT_PLAINRSA) {
+ if (rsa_list_count(cur_rmconf->rsa_private) == 0) {
+ yyerror ("Private PlainRSA key not set. "
+ "Use directive 'certificate_type plainrsa ...'\n");
+ return -1;
+ }
+ if (rsa_list_count(cur_rmconf->rsa_public) == 0) {
+ yyerror ("Public PlainRSA keys not set. "
+ "Use directive 'peers_certfile plainrsa ...'\n");
+ return -1;
+ }
+ }
+ break;
+ default:
+ break;
+ }
+ break;
+ default:
+ yyerror("algorithm mismatched 2");
+ return -1;
+ }
+ }
+ break;
+
+ case 375:
+/* Line 1787 of yacc.c */
+#line 2388 "cfparse.y"
+ { (yyval.num) = 1; }
+ break;
+
+ case 376:
+/* Line 1787 of yacc.c */
+#line 2389 "cfparse.y"
+ { (yyval.num) = 60; }
+ break;
+
+ case 377:
+/* Line 1787 of yacc.c */
+#line 2390 "cfparse.y"
+ { (yyval.num) = (60 * 60); }
+ break;
+
+ case 378:
+/* Line 1787 of yacc.c */
+#line 2393 "cfparse.y"
+ { (yyval.num) = 1; }
+ break;
+
+ case 379:
+/* Line 1787 of yacc.c */
+#line 2394 "cfparse.y"
+ { (yyval.num) = 1024; }
+ break;
+
+ case 380:
+/* Line 1787 of yacc.c */
+#line 2395 "cfparse.y"
+ { (yyval.num) = (1024 * 1024); }
+ break;
+
+ case 381:
+/* Line 1787 of yacc.c */
+#line 2396 "cfparse.y"
+ { (yyval.num) = (1024 * 1024 * 1024); }
+ break;
+
+
+/* Line 1787 of yacc.c */
+#line 5198 "cfparse.c"
+ default: break;
+ }
+ /* User semantic actions sometimes alter yychar, and that requires
+ that yytoken be updated with the new translation. We take the
+ approach of translating immediately before every use of yytoken.
+ One alternative is translating here after every semantic action,
+ but that translation would be missed if the semantic action invokes
+ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
+ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an
+ incorrect destructor might then be invoked immediately. In the
+ case of YYERROR or YYBACKUP, subsequent parser actions might lead
+ to an incorrect destructor call or verbose syntax error message
+ before the lookahead is translated. */
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* Make sure we have latest lookahead translation. See comments at
+ user semantic actions for why this is necessary. */
+ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
+
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \
+ yyssp, yytoken)
+ {
+ char const *yymsgp = YY_("syntax error");
+ int yysyntax_error_status;
+ yysyntax_error_status = YYSYNTAX_ERROR;
+ if (yysyntax_error_status == 0)
+ yymsgp = yymsg;
+ else if (yysyntax_error_status == 1)
+ {
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc);
+ if (!yymsg)
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ yysyntax_error_status = 2;
+ }
+ else
+ {
+ yysyntax_error_status = YYSYNTAX_ERROR;
+ yymsgp = yymsg;
+ }
+ }
+ yyerror (yymsgp);
+ if (yysyntax_error_status == 2)
+ goto yyexhaustedlab;
+ }
+# undef YYSYNTAX_ERROR
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse lookahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse lookahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (!yypact_value_is_default (yyn))
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#if !defined yyoverflow || YYERROR_VERBOSE
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEMPTY)
+ {
+ /* Make sure we have latest lookahead translation. See comments at
+ user semantic actions for why this is necessary. */
+ yytoken = YYTRANSLATE (yychar);
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ }
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+/* Line 2048 of yacc.c */
+#line 2398 "cfparse.y"
+
+
+static struct secprotospec *
+newspspec()
+{
+ struct secprotospec *new;
+
+ new = racoon_calloc(1, sizeof(*new));
+ if (new == NULL) {
+ yyerror("failed to allocate spproto");
+ return NULL;
+ }
+
+ new->encklen = 0; /*XXX*/
+
+ /*
+ * Default to "uknown" vendor -- we will override this
+ * as necessary. When we send a Vendor ID payload, an
+ * "unknown" will be translated to a KAME/racoon ID.
+ */
+ new->vendorid = VENDORID_UNKNOWN;
+
+ return new;
+}
+
+/*
+ * insert into head of list.
+ */
+static void
+insspspec(rmconf, spspec)
+ struct remoteconf *rmconf;
+ struct secprotospec *spspec;
+{
+ if (rmconf->spspec != NULL)
+ rmconf->spspec->prev = spspec;
+ spspec->next = rmconf->spspec;
+ rmconf->spspec = spspec;
+}
+
+static struct secprotospec *
+dupspspec(spspec)
+ struct secprotospec *spspec;
+{
+ struct secprotospec *new;
+
+ new = newspspec();
+ if (new == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "dupspspec: malloc failed\n");
+ return NULL;
+ }
+ memcpy(new, spspec, sizeof(*new));
+
+ if (spspec->gssid) {
+ new->gssid = racoon_strdup(spspec->gssid);
+ STRDUP_FATAL(new->gssid);
+ }
+ if (spspec->remote) {
+ new->remote = racoon_malloc(sizeof(*new->remote));
+ if (new->remote == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "dupspspec: malloc failed (remote)\n");
+ return NULL;
+ }
+ memcpy(new->remote, spspec->remote, sizeof(*new->remote));
+ }
+
+ return new;
+}
+
+/*
+ * copy the whole list
+ */
+void
+dupspspec_list(dst, src)
+ struct remoteconf *dst, *src;
+{
+ struct secprotospec *p, *new, *last;
+
+ for(p = src->spspec, last = NULL; p; p = p->next, last = new) {
+ new = dupspspec(p);
+ if (new == NULL)
+ exit(1);
+
+ new->prev = last;
+ new->next = NULL; /* not necessary but clean */
+
+ if (last)
+ last->next = new;
+ else /* first element */
+ dst->spspec = new;
+
+ }
+}
+
+/*
+ * delete the whole list
+ */
+void
+flushspspec(rmconf)
+ struct remoteconf *rmconf;
+{
+ struct secprotospec *p;
+
+ while(rmconf->spspec != NULL) {
+ p = rmconf->spspec;
+ rmconf->spspec = p->next;
+ if (p->next != NULL)
+ p->next->prev = NULL; /* not necessary but clean */
+
+ if (p->gssid)
+ racoon_free(p->gssid);
+ if (p->remote)
+ racoon_free(p->remote);
+ racoon_free(p);
+ }
+ rmconf->spspec = NULL;
+}
+
+/* set final acceptable proposal */
+static int
+set_isakmp_proposal(rmconf)
+ struct remoteconf *rmconf;
+{
+ struct secprotospec *s;
+ int prop_no = 1;
+ int trns_no = 1;
+ int32_t types[MAXALGCLASS];
+
+ /* mandatory check */
+ if (rmconf->spspec == NULL) {
+ yyerror("no remote specification found: %s.\n",
+ saddr2str(rmconf->remote));
+ return -1;
+ }
+ for (s = rmconf->spspec; s != NULL; s = s->next) {
+ /* XXX need more to check */
+ if (s->algclass[algclass_isakmp_enc] == 0) {
+ yyerror("encryption algorithm required.");
+ return -1;
+ }
+ if (s->algclass[algclass_isakmp_hash] == 0) {
+ yyerror("hash algorithm required.");
+ return -1;
+ }
+ if (s->algclass[algclass_isakmp_dh] == 0) {
+ yyerror("DH group required.");
+ return -1;
+ }
+ if (s->algclass[algclass_isakmp_ameth] == 0) {
+ yyerror("authentication method required.");
+ return -1;
+ }
+ }
+
+ /* skip to last part */
+ for (s = rmconf->spspec; s->next != NULL; s = s->next)
+ ;
+
+ while (s != NULL) {
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "lifetime = %ld\n", (long)
+ (s->lifetime ? s->lifetime : rmconf->lifetime));
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "lifebyte = %d\n",
+ s->lifebyte ? s->lifebyte : rmconf->lifebyte);
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "encklen=%d\n", s->encklen);
+
+ memset(types, 0, ARRAYLEN(types));
+ types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
+ types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
+ types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
+ types[algclass_isakmp_ameth] =
+ s->algclass[algclass_isakmp_ameth];
+
+ /* expanding spspec */
+ clean_tmpalgtype();
+ trns_no = expand_isakmpspec(prop_no, trns_no, types,
+ algclass_isakmp_enc, algclass_isakmp_ameth + 1,
+ s->lifetime ? s->lifetime : rmconf->lifetime,
+ s->lifebyte ? s->lifebyte : rmconf->lifebyte,
+ s->encklen, s->vendorid, s->gssid,
+ rmconf);
+ if (trns_no == -1) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "failed to expand isakmp proposal.\n");
+ return -1;
+ }
+
+ s = s->prev;
+ }
+
+ if (rmconf->proposal == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "no proposal found.\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static void
+clean_tmpalgtype()
+{
+ int i;
+ for (i = 0; i < MAXALGCLASS; i++)
+ tmpalgtype[i] = 0; /* means algorithm undefined. */
+}
+
+static int
+expand_isakmpspec(prop_no, trns_no, types,
+ class, last, lifetime, lifebyte, encklen, vendorid, gssid,
+ rmconf)
+ int prop_no, trns_no;
+ int *types, class, last;
+ time_t lifetime;
+ int lifebyte;
+ int encklen;
+ int vendorid;
+ char *gssid;
+ struct remoteconf *rmconf;
+{
+ struct isakmpsa *new;
+
+ /* debugging */
+ {
+ int j;
+ char tb[10];
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "p:%d t:%d\n", prop_no, trns_no);
+ for (j = class; j < MAXALGCLASS; j++) {
+ snprintf(tb, sizeof(tb), "%d", types[j]);
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "%s%s%s%s\n",
+ s_algtype(j, types[j]),
+ types[j] ? "(" : "",
+ tb[0] == '0' ? "" : tb,
+ types[j] ? ")" : "");
+ }
+ plog(LLV_DEBUG2, LOCATION, NULL, "\n");
+ }
+
+#define TMPALGTYPE2STR(n) \
+ s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n])
+ /* check mandatory values */
+ if (types[algclass_isakmp_enc] == 0
+ || types[algclass_isakmp_ameth] == 0
+ || types[algclass_isakmp_hash] == 0
+ || types[algclass_isakmp_dh] == 0) {
+ yyerror("few definition of algorithm "
+ "enc=%s ameth=%s hash=%s dhgroup=%s.\n",
+ TMPALGTYPE2STR(enc),
+ TMPALGTYPE2STR(ameth),
+ TMPALGTYPE2STR(hash),
+ TMPALGTYPE2STR(dh));
+ return -1;
+ }
+#undef TMPALGTYPE2STR
+
+ /* set new sa */
+ new = newisakmpsa();
+ if (new == NULL) {
+ yyerror("failed to allocate isakmp sa");
+ return -1;
+ }
+ new->prop_no = prop_no;
+ new->trns_no = trns_no++;
+ new->lifetime = lifetime;
+ new->lifebyte = lifebyte;
+ new->enctype = types[algclass_isakmp_enc];
+ new->encklen = encklen;
+ new->authmethod = types[algclass_isakmp_ameth];
+ new->hashtype = types[algclass_isakmp_hash];
+ new->dh_group = types[algclass_isakmp_dh];
+ new->vendorid = vendorid;
+#ifdef HAVE_GSSAPI
+ if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
+ if (gssid != NULL) {
+ if ((new->gssid = vmalloc(strlen(gssid))) == NULL) {
+ racoon_free(new);
+ yyerror("failed to allocate gssid");
+ return -1;
+ }
+ memcpy(new->gssid->v, gssid, new->gssid->l);
+ racoon_free(gssid);
+ } else {
+ /*
+ * Allocate the default ID so that it gets put
+ * into a GSS ID attribute during the Phase 1
+ * exchange.
+ */
+ new->gssid = gssapi_get_default_gss_id();
+ }
+ }
+#endif
+ insisakmpsa(new, rmconf);
+
+ return trns_no;
+}
+
+#if 0
+/*
+ * fix lifebyte.
+ * Must be more than 1024B because its unit is kilobytes.
+ * That is defined RFC2407.
+ */
+static int
+fix_lifebyte(t)
+ unsigned long t;
+{
+ if (t < 1024) {
+ yyerror("byte size should be more than 1024B.");
+ return 0;
+ }
+
+ return(t / 1024);
+}
+#endif
+
+int
+cfparse()
+{
+ int error;
+
+ yyerrorcount = 0;
+ yycf_init_buffer();
+
+ if (yycf_switch_buffer(lcconf->racoon_conf) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "could not read configuration file \"%s\"\n",
+ lcconf->racoon_conf);
+ return -1;
+ }
+
+ error = yyparse();
+ if (error != 0) {
+ if (yyerrorcount) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "fatal parse failure (%d errors)\n",
+ yyerrorcount);
+ } else {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "fatal parse failure.\n");
+ }
+ return -1;
+ }
+
+ if (error == 0 && yyerrorcount) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "parse error is nothing, but yyerrorcount is %d.\n",
+ yyerrorcount);
+ exit(1);
+ }
+
+ yycf_clean_buffer();
+
+ plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n");
+
+ return 0;
+}
+
+int
+cfreparse()
+{
+ flushph2();
+ flushph1();
+ flushrmconf();
+ flushsainfo();
+ clean_tmpalgtype();
+ return(cfparse());
+}
+
+#ifdef ENABLE_ADMINPORT
+static void
+adminsock_conf(path, owner, group, mode_dec)
+ vchar_t *path;
+ vchar_t *owner;
+ vchar_t *group;
+ int mode_dec;
+{
+ struct passwd *pw = NULL;
+ struct group *gr = NULL;
+ mode_t mode = 0;
+ uid_t uid;
+ gid_t gid;
+ int isnum;
+
+ adminsock_path = path->v;
+
+ if (owner == NULL)
+ return;
+
+ errno = 0;
+ uid = atoi(owner->v);
+ isnum = !errno;
+ if (((pw = getpwnam(owner->v)) == NULL) && !isnum)
+ yyerror("User \"%s\" does not exist", owner->v);
+
+ if (pw)
+ adminsock_owner = pw->pw_uid;
+ else
+ adminsock_owner = uid;
+
+ if (group == NULL)
+ return;
+
+ errno = 0;
+ gid = atoi(group->v);
+ isnum = !errno;
+ if (((gr = getgrnam(group->v)) == NULL) && !isnum)
+ yyerror("Group \"%s\" does not exist", group->v);
+
+ if (gr)
+ adminsock_group = gr->gr_gid;
+ else
+ adminsock_group = gid;
+
+ if (mode_dec == -1)
+ return;
+
+ if (mode_dec > 777)
+ yyerror("Mode 0%03o is invalid", mode_dec);
+ if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; }
+ if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; }
+ if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; }
+
+ if (mode_dec > 77)
+ yyerror("Mode 0%03o is invalid", mode_dec);
+ if (mode_dec >= 40) { mode += 040; mode_dec -= 40; }
+ if (mode_dec >= 20) { mode += 020; mode_dec -= 20; }
+ if (mode_dec >= 10) { mode += 020; mode_dec -= 10; }
+
+ if (mode_dec > 7)
+ yyerror("Mode 0%03o is invalid", mode_dec);
+ if (mode_dec >= 4) { mode += 04; mode_dec -= 4; }
+ if (mode_dec >= 2) { mode += 02; mode_dec -= 2; }
+ if (mode_dec >= 1) { mode += 02; mode_dec -= 1; }
+
+ adminsock_mode = mode;
+
+ return;
+}
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 01:36:36 +0000