/* original parser id follows */ /* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ /* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 #define YYPATCH 20170201 #define YYEMPTY (-1) #define yyclearin (yychar = YYEMPTY) #define yyerrok (yyerrflag = 0) #define YYRECOVERING() (yyerrflag != 0) #define YYENOMEM (-2) #define YYEOF 0 #ifndef yyparse #define yyparse racoonyyparse #endif /* yyparse */ #ifndef yylex #define yylex racoonyylex #endif /* yylex */ #ifndef yyerror #define yyerror racoonyyerror #endif /* yyerror */ #ifndef yychar #define yychar racoonyychar #endif /* yychar */ #ifndef yyval #define yyval racoonyyval #endif /* yyval */ #ifndef yylval #define yylval racoonyylval #endif /* yylval */ #ifndef yydebug #define yydebug racoonyydebug #endif /* yydebug */ #ifndef yynerrs #define yynerrs racoonyynerrs #endif /* yynerrs */ #ifndef yyerrflag #define yyerrflag racoonyyerrflag #endif /* yyerrflag */ #ifndef yylhs #define yylhs racoonyylhs #endif /* yylhs */ #ifndef yylen #define yylen racoonyylen #endif /* yylen */ #ifndef yydefred #define yydefred racoonyydefred #endif /* yydefred */ #ifndef yydgoto #define yydgoto racoonyydgoto #endif /* yydgoto */ #ifndef yysindex #define yysindex racoonyysindex #endif /* yysindex */ #ifndef yyrindex #define yyrindex racoonyyrindex #endif /* yyrindex */ #ifndef yygindex #define yygindex racoonyygindex #endif /* yygindex */ #ifndef yytable #define yytable racoonyytable #endif /* yytable */ #ifndef yycheck #define yycheck racoonyycheck #endif /* yycheck */ #ifndef yyname #define yyname racoonyyname #endif /* yyname */ #ifndef yyrule #define yyrule racoonyyrule #endif /* yyrule */ #define YYPREFIX "racoonyy" #define YYPURE 0 #line 6 "../../ipsec-tools/src/racoon/cfparse.y" /* * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include #include PATH_IPSEC_H #ifdef ENABLE_HYBRID #include #endif #include #include #include #include #include #include #include #include "var.h" #include "misc.h" #include "vmbuf.h" #include "plog.h" #include "sockmisc.h" #include "str2val.h" #include "genlist.h" #include "debug.h" #include "admin.h" #include "privsep.h" #include "cfparse_proto.h" #include "cftoken_proto.h" #include "algorithm.h" #include "localconf.h" #include "policy.h" #include "sainfo.h" #include "oakley.h" #include "pfkey.h" #include "remoteconf.h" #include "grabmyaddr.h" #include "isakmp_var.h" #include "handler.h" #include "isakmp.h" #include "nattraversal.h" #include "isakmp_frag.h" #ifdef ENABLE_HYBRID #include "resolv.h" #include "isakmp_unity.h" #include "isakmp_xauth.h" #include "isakmp_cfg.h" #endif #include "ipsec_doi.h" #include "strnames.h" #include "gcmalloc.h" #ifdef HAVE_GSSAPI #include "gssapi.h" #endif #include "vendorid.h" #include "rsalist.h" #include "crypto_openssl.h" struct secprotospec { int prop_no; int trns_no; int strength; /* for isakmp/ipsec */ int encklen; /* for isakmp/ipsec */ time_t lifetime; /* for isakmp */ int lifebyte; /* for isakmp */ int proto_id; /* for ipsec (isakmp?) */ int ipsec_level; /* for ipsec */ int encmode; /* for ipsec */ int vendorid; /* for isakmp */ char *gssid; struct sockaddr *remote; int algclass[MAXALGCLASS]; struct secprotospec *next; /* the tail is the most prefiered. */ struct secprotospec *prev; }; static int num2dhgroup[] = { 0, OAKLEY_ATTR_GRP_DESC_MODP768, OAKLEY_ATTR_GRP_DESC_MODP1024, OAKLEY_ATTR_GRP_DESC_EC2N155, OAKLEY_ATTR_GRP_DESC_EC2N185, OAKLEY_ATTR_GRP_DESC_MODP1536, 0, 0, 0, 0, 0, 0, 0, 0, OAKLEY_ATTR_GRP_DESC_MODP2048, OAKLEY_ATTR_GRP_DESC_MODP3072, OAKLEY_ATTR_GRP_DESC_MODP4096, OAKLEY_ATTR_GRP_DESC_MODP6144, OAKLEY_ATTR_GRP_DESC_MODP8192 }; static struct remoteconf *cur_rmconf; static int tmpalgtype[MAXALGCLASS]; static struct sainfo *cur_sainfo; static int cur_algclass; static int oldloglevel = LLV_BASE; static struct secprotospec *newspspec __P((void)); static void insspspec __P((struct remoteconf *, struct secprotospec *)); void dupspspec_list __P((struct remoteconf *dst, struct remoteconf *src)); void flushspspec __P((struct remoteconf *)); static void adminsock_conf __P((vchar_t *, vchar_t *, vchar_t *, int)); static int set_isakmp_proposal __P((struct remoteconf *)); static void clean_tmpalgtype __P((void)); static int expand_isakmpspec __P((int, int, int *, int, int, time_t, int, int, int, char *, struct remoteconf *)); void freeetypes (struct etypes **etypes); static int load_x509(const char *file, char **filenameptr, vchar_t **certptr) { char path[PATH_MAX]; getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file); *certptr = eay_get_x509cert(path); if (*certptr == NULL) return -1; *filenameptr = racoon_strdup(file); STRDUP_FATAL(*filenameptr); return 0; } static int process_rmconf() { /* check a exchange mode */ if (cur_rmconf->etypes == NULL) { yyerror("no exchange mode specified.\n"); return -1; } if (cur_rmconf->idvtype == IDTYPE_UNDEFINED) cur_rmconf->idvtype = IDTYPE_ADDRESS; if (cur_rmconf->idvtype == IDTYPE_ASN1DN) { if (cur_rmconf->mycertfile) { if (cur_rmconf->idv) yywarn("Both CERT and ASN1 ID " "are set. Hope this is OK.\n"); /* TODO: Preparse the DN here */ } else if (cur_rmconf->idv) { /* OK, using asn1dn without X.509. */ } else { yyerror("ASN1 ID not specified " "and no CERT defined!\n"); return -1; } } if (duprmconf_finish(cur_rmconf)) return -1; if (set_isakmp_proposal(cur_rmconf) != 0) return -1; /* DH group settting if aggressive mode is there. */ if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) { struct isakmpsa *p; int b = 0; /* DH group */ for (p = cur_rmconf->proposal; p; p = p->next) { if (b == 0 || (b && b == p->dh_group)) { b = p->dh_group; continue; } yyerror("DH group must be equal " "in all proposals " "when aggressive mode is " "used.\n"); return -1; } cur_rmconf->dh_group = b; if (cur_rmconf->dh_group == 0) { yyerror("DH group must be set in the proposal.\n"); return -1; } /* DH group settting if PFS is required. */ if (oakley_setdhgroup(cur_rmconf->dh_group, &cur_rmconf->dhgrp) < 0) { yyerror("failed to set DH value.\n"); return -1; } } insrmconf(cur_rmconf); return 0; } #ifdef YYSTYPE #undef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 #endif #ifndef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 #line 247 "../../ipsec-tools/src/racoon/cfparse.y" typedef union { unsigned long num; vchar_t *val; struct remoteconf *rmconf; struct sockaddr *saddr; struct sainfoalg *alg; } YYSTYPE; #endif /* !YYSTYPE_IS_DECLARED */ #line 356 "racoonyy.tab.c" /* compatibility with bison */ #ifdef YYPARSE_PARAM /* compatibility with FreeBSD */ # ifdef YYPARSE_PARAM_TYPE # define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) # else # define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) # endif #else # define YYPARSE_DECL() yyparse(void) #endif /* Parameters sent to lex. */ #ifdef YYLEX_PARAM # define YYLEX_DECL() yylex(void *YYLEX_PARAM) # define YYLEX yylex(YYLEX_PARAM) #else # define YYLEX_DECL() yylex(void) # define YYLEX yylex() #endif /* Parameters sent to yyerror. */ #ifndef YYERROR_DECL #define YYERROR_DECL() yyerror(const char *s) #endif #ifndef YYERROR_CALL #define YYERROR_CALL(msg) yyerror(msg) #endif extern int YYPARSE_DECL(); #define PRIVSEP 257 #define USER 258 #define GROUP 259 #define CHROOT 260 #define PATH 261 #define PATHTYPE 262 #define INCLUDE 263 #define PFKEY_BUFFER 264 #define LOGGING 265 #define LOGLEV 266 #define PADDING 267 #define PAD_RANDOMIZE 268 #define PAD_RANDOMIZELEN 269 #define PAD_MAXLEN 270 #define PAD_STRICT 271 #define PAD_EXCLTAIL 272 #define LISTEN 273 #define X_ISAKMP 274 #define X_ISAKMP_NATT 275 #define X_ADMIN 276 #define STRICT_ADDRESS 277 #define ADMINSOCK 278 #define DISABLED 279 #define LDAPCFG 280 #define LDAP_HOST 281 #define LDAP_PORT 282 #define LDAP_PVER 283 #define LDAP_BASE 284 #define LDAP_BIND_DN 285 #define LDAP_BIND_PW 286 #define LDAP_SUBTREE 287 #define LDAP_ATTR_USER 288 #define LDAP_ATTR_ADDR 289 #define LDAP_ATTR_MASK 290 #define LDAP_ATTR_GROUP 291 #define LDAP_ATTR_MEMBER 292 #define RADCFG 293 #define RAD_AUTH 294 #define RAD_ACCT 295 #define RAD_TIMEOUT 296 #define RAD_RETRIES 297 #define MODECFG 298 #define CFG_NET4 299 #define CFG_MASK4 300 #define CFG_DNS4 301 #define CFG_NBNS4 302 #define CFG_DEFAULT_DOMAIN 303 #define CFG_AUTH_SOURCE 304 #define CFG_AUTH_GROUPS 305 #define CFG_SYSTEM 306 #define CFG_RADIUS 307 #define CFG_PAM 308 #define CFG_LDAP 309 #define CFG_LOCAL 310 #define CFG_NONE 311 #define CFG_GROUP_SOURCE 312 #define CFG_ACCOUNTING 313 #define CFG_CONF_SOURCE 314 #define CFG_MOTD 315 #define CFG_POOL_SIZE 316 #define CFG_AUTH_THROTTLE 317 #define CFG_SPLIT_NETWORK 318 #define CFG_SPLIT_LOCAL 319 #define CFG_SPLIT_INCLUDE 320 #define CFG_SPLIT_DNS 321 #define CFG_PFS_GROUP 322 #define CFG_SAVE_PASSWD 323 #define RETRY 324 #define RETRY_COUNTER 325 #define RETRY_INTERVAL 326 #define RETRY_PERSEND 327 #define RETRY_PHASE1 328 #define RETRY_PHASE2 329 #define NATT_KA 330 #define ALGORITHM_CLASS 331 #define ALGORITHMTYPE 332 #define STRENGTHTYPE 333 #define SAINFO 334 #define FROM 335 #define REMOTE 336 #define ANONYMOUS 337 #define CLIENTADDR 338 #define INHERIT 339 #define REMOTE_ADDRESS 340 #define EXCHANGE_MODE 341 #define EXCHANGETYPE 342 #define DOI 343 #define DOITYPE 344 #define SITUATION 345 #define SITUATIONTYPE 346 #define CERTIFICATE_TYPE 347 #define CERTTYPE 348 #define PEERS_CERTFILE 349 #define CA_TYPE 350 #define VERIFY_CERT 351 #define SEND_CERT 352 #define SEND_CR 353 #define MATCH_EMPTY_CR 354 #define IDENTIFIERTYPE 355 #define IDENTIFIERQUAL 356 #define MY_IDENTIFIER 357 #define PEERS_IDENTIFIER 358 #define VERIFY_IDENTIFIER 359 #define DNSSEC 360 #define CERT_X509 361 #define CERT_PLAINRSA 362 #define NONCE_SIZE 363 #define DH_GROUP 364 #define KEEPALIVE 365 #define PASSIVE 366 #define INITIAL_CONTACT 367 #define NAT_TRAVERSAL 368 #define REMOTE_FORCE_LEVEL 369 #define PROPOSAL_CHECK 370 #define PROPOSAL_CHECK_LEVEL 371 #define GENERATE_POLICY 372 #define GENERATE_LEVEL 373 #define SUPPORT_PROXY 374 #define PROPOSAL 375 #define EXEC_PATH 376 #define EXEC_COMMAND 377 #define EXEC_SUCCESS 378 #define EXEC_FAILURE 379 #define GSS_ID 380 #define GSS_ID_ENC 381 #define GSS_ID_ENCTYPE 382 #define COMPLEX_BUNDLE 383 #define DPD 384 #define DPD_DELAY 385 #define DPD_RETRY 386 #define DPD_MAXFAIL 387 #define PH1ID 388 #define XAUTH_LOGIN 389 #define WEAK_PHASE1_CHECK 390 #define REKEY 391 #define PREFIX 392 #define PORT 393 #define PORTANY 394 #define UL_PROTO 395 #define ANY 396 #define IKE_FRAG 397 #define ESP_FRAG 398 #define MODE_CFG 399 #define PFS_GROUP 400 #define LIFETIME 401 #define LIFETYPE_TIME 402 #define LIFETYPE_BYTE 403 #define STRENGTH 404 #define REMOTEID 405 #define SCRIPT 406 #define PHASE1_UP 407 #define PHASE1_DOWN 408 #define PHASE1_DEAD 409 #define NUMBER 410 #define SWITCH 411 #define BOOLEAN 412 #define HEXSTRING 413 #define QUOTEDSTRING 414 #define ADDRSTRING 415 #define ADDRRANGE 416 #define UNITTYPE_BYTE 417 #define UNITTYPE_KBYTES 418 #define UNITTYPE_MBYTES 419 #define UNITTYPE_TBYTES 420 #define UNITTYPE_SEC 421 #define UNITTYPE_MIN 422 #define UNITTYPE_HOUR 423 #define EOS 424 #define BOC 425 #define EOC 426 #define COMMA 427 #define YYERRCODE 256 typedef int YYINT; static const YYINT racoonyylhs[] = { -1, 0, 0, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 30, 30, 32, 31, 33, 31, 34, 31, 35, 31, 36, 31, 37, 16, 38, 29, 17, 18, 19, 20, 39, 21, 40, 40, 42, 41, 43, 41, 44, 41, 45, 41, 46, 41, 22, 47, 47, 49, 48, 50, 48, 51, 48, 52, 48, 53, 48, 54, 48, 12, 5, 5, 55, 24, 56, 56, 58, 57, 59, 57, 60, 57, 61, 57, 62, 57, 63, 57, 64, 23, 65, 65, 67, 66, 68, 66, 69, 66, 70, 66, 71, 66, 72, 66, 73, 66, 74, 66, 75, 66, 76, 66, 77, 66, 78, 66, 25, 79, 79, 81, 80, 82, 80, 80, 80, 86, 80, 87, 80, 89, 80, 90, 80, 91, 80, 92, 80, 93, 80, 94, 80, 96, 80, 97, 80, 98, 80, 99, 80, 100, 80, 101, 80, 102, 80, 103, 80, 104, 80, 105, 80, 106, 80, 107, 80, 108, 80, 109, 80, 110, 80, 83, 83, 111, 84, 84, 112, 85, 85, 113, 95, 95, 114, 88, 88, 115, 26, 116, 116, 118, 117, 119, 117, 120, 117, 121, 117, 122, 117, 123, 117, 125, 128, 27, 124, 124, 124, 124, 124, 124, 9, 9, 9, 126, 126, 126, 127, 127, 130, 129, 131, 129, 132, 129, 133, 129, 135, 129, 134, 136, 134, 13, 3, 3, 4, 4, 4, 6, 6, 6, 1, 1, 138, 28, 140, 28, 141, 28, 142, 28, 137, 137, 139, 11, 11, 143, 143, 145, 144, 147, 144, 148, 144, 149, 144, 144, 151, 144, 152, 144, 153, 144, 154, 144, 155, 144, 156, 144, 157, 144, 158, 144, 159, 144, 160, 144, 161, 144, 162, 144, 163, 144, 164, 144, 165, 144, 166, 144, 167, 144, 168, 144, 169, 144, 170, 144, 171, 144, 172, 144, 173, 144, 174, 144, 175, 144, 176, 144, 177, 144, 178, 144, 179, 144, 180, 144, 181, 144, 182, 144, 183, 144, 184, 144, 185, 144, 186, 144, 187, 144, 188, 144, 189, 144, 190, 144, 191, 144, 192, 144, 193, 144, 146, 146, 195, 150, 196, 150, 2, 2, 10, 10, 10, 194, 194, 198, 197, 199, 197, 200, 197, 201, 197, 202, 197, 7, 7, 7, 8, 8, 8, 8, }; static const YYINT racoonyylen[] = { 2, 0, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 4, 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 5, 0, 4, 3, 3, 3, 3, 1, 4, 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 4, 0, 2, 0, 4, 0, 4, 0, 7, 0, 4, 0, 4, 0, 3, 2, 0, 1, 0, 5, 0, 2, 0, 5, 0, 6, 0, 5, 0, 6, 0, 4, 0, 4, 0, 5, 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 4, 0, 2, 0, 4, 0, 4, 3, 3, 0, 5, 0, 5, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 1, 3, 1, 1, 3, 1, 1, 3, 2, 1, 3, 1, 1, 3, 1, 4, 0, 2, 0, 4, 0, 5, 0, 4, 0, 5, 0, 5, 0, 5, 0, 0, 8, 1, 2, 2, 2, 2, 2, 5, 6, 2, 0, 3, 2, 0, 2, 0, 4, 0, 4, 0, 6, 0, 6, 0, 4, 1, 0, 4, 2, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 6, 0, 4, 0, 6, 0, 4, 1, 1, 3, 2, 1, 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, 2, 0, 4, 0, 5, 0, 5, 0, 4, 0, 5, 0, 4, 0, 4, 0, 4, 0, 4, 0, 5, 0, 6, 0, 4, 0, 5, 0, 6, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 5, 0, 5, 0, 5, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 6, 0, 4, 0, 6, 0, 5, 0, 2, 0, 5, 0, 4, 1, 1, 0, 1, 1, 0, 2, 0, 6, 0, 6, 0, 4, 0, 4, 0, 5, 1, 1, 1, 1, 1, 1, 1, }; static const YYINT racoonyydefred[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 87, 71, 0, 0, 200, 0, 0, 0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 0, 0, 0, 39, 0, 41, 54, 0, 0, 116, 186, 0, 0, 0, 0, 0, 253, 0, 33, 0, 31, 35, 36, 38, 0, 0, 89, 73, 0, 0, 0, 0, 0, 0, 70, 252, 0, 0, 68, 0, 0, 37, 0, 0, 0, 0, 18, 20, 0, 0, 0, 0, 0, 0, 40, 42, 0, 0, 66, 0, 53, 55, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 117, 0, 0, 0, 0, 0, 0, 185, 187, 204, 205, 211, 0, 206, 207, 208, 0, 0, 0, 241, 254, 244, 245, 248, 34, 23, 21, 27, 25, 29, 32, 43, 45, 47, 49, 51, 56, 58, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 88, 90, 0, 0, 0, 0, 72, 74, 118, 120, 172, 0, 0, 175, 0, 0, 130, 132, 134, 136, 138, 181, 140, 0, 142, 144, 148, 150, 152, 146, 164, 166, 162, 168, 154, 160, 0, 0, 184, 128, 0, 156, 158, 188, 0, 192, 0, 0, 0, 232, 0, 0, 214, 0, 215, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67, 0, 0, 0, 93, 95, 91, 97, 101, 103, 99, 105, 107, 109, 111, 113, 0, 0, 83, 85, 0, 0, 122, 0, 123, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 374, 375, 376, 190, 0, 194, 196, 198, 0, 234, 235, 0, 361, 360, 213, 0, 250, 242, 249, 0, 258, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 297, 0, 0, 0, 0, 0, 0, 349, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 251, 255, 246, 24, 22, 28, 26, 30, 44, 46, 48, 50, 52, 57, 59, 65, 0, 63, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75, 0, 79, 0, 0, 119, 121, 171, 174, 131, 133, 135, 137, 139, 141, 180, 143, 145, 149, 151, 153, 147, 165, 167, 163, 169, 155, 161, 178, 0, 0, 0, 129, 183, 157, 159, 189, 0, 193, 0, 0, 0, 0, 237, 238, 236, 209, 225, 0, 0, 0, 0, 216, 256, 351, 260, 262, 0, 0, 264, 271, 0, 0, 265, 0, 275, 277, 279, 281, 0, 0, 293, 295, 0, 299, 323, 327, 325, 345, 319, 317, 321, 0, 329, 331, 333, 335, 341, 287, 315, 339, 337, 303, 301, 305, 313, 0, 0, 0, 60, 94, 96, 92, 98, 102, 104, 100, 106, 108, 110, 112, 114, 77, 0, 81, 0, 84, 86, 177, 125, 127, 191, 195, 197, 199, 210, 0, 357, 358, 217, 0, 0, 219, 202, 0, 0, 0, 0, 0, 355, 0, 267, 269, 0, 273, 0, 0, 0, 0, 0, 283, 0, 289, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 307, 309, 311, 0, 0, 76, 0, 80, 0, 0, 0, 0, 0, 0, 0, 257, 352, 259, 261, 263, 353, 0, 272, 0, 0, 266, 0, 276, 278, 280, 282, 285, 0, 291, 0, 294, 296, 298, 300, 324, 328, 326, 346, 320, 318, 322, 0, 330, 332, 334, 336, 342, 288, 316, 340, 338, 304, 302, 306, 314, 343, 377, 378, 379, 380, 347, 0, 0, 0, 61, 78, 82, 240, 230, 0, 226, 218, 221, 223, 220, 0, 356, 268, 270, 274, 0, 284, 0, 290, 0, 0, 0, 0, 350, 363, 0, 0, 308, 310, 312, 0, 0, 0, 354, 286, 292, 0, 368, 370, 0, 0, 344, 348, 229, 222, 224, 372, 0, 0, 0, 0, 0, 369, 371, 364, 366, 373, 0, 0, 365, 367, }; static const YYINT racoonyydgoto[] = { 1, 632, 508, 220, 304, 69, 425, 296, 624, 66, 307, 49, 50, 568, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 53, 81, 228, 227, 230, 229, 231, 82, 76, 38, 58, 89, 232, 233, 234, 235, 236, 59, 95, 237, 238, 562, 242, 240, 154, 42, 97, 176, 492, 563, 494, 565, 382, 383, 41, 96, 170, 368, 366, 367, 369, 372, 370, 371, 373, 374, 375, 376, 377, 62, 116, 259, 260, 180, 183, 285, 409, 410, 208, 288, 265, 266, 267, 268, 269, 191, 270, 272, 273, 277, 274, 275, 276, 282, 290, 291, 283, 280, 278, 279, 281, 181, 184, 286, 192, 209, 63, 124, 292, 416, 297, 418, 419, 420, 67, 45, 134, 308, 430, 431, 570, 573, 660, 661, 569, 505, 633, 310, 224, 311, 71, 226, 74, 225, 349, 513, 514, 433, 515, 516, 438, 522, 582, 583, 519, 585, 524, 525, 526, 527, 591, 644, 549, 593, 646, 532, 533, 452, 535, 554, 553, 555, 625, 626, 627, 556, 550, 541, 540, 542, 536, 538, 537, 544, 545, 546, 547, 552, 551, 548, 654, 539, 655, 461, 605, 639, 580, 653, 686, 687, 676, 677, 680, }; static const YYINT racoonyysindex[] = { 0, -193, -348, -174, -292, -306, -130, -266, -246, 0, 0, -244, -234, 0, -268, -217, -216, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -264, -220, -191, 0, -168, 0, 0, -219, -196, 0, 0, -252, -185, -146, -185, -108, 0, -164, 0, -251, 0, 0, 0, 0, -257, -258, 0, 0, -256, -275, -231, -321, -242, -218, 0, 0, -171, -163, 0, -255, -163, 0, -159, -284, -282, -143, 0, 0, -152, -138, -137, -134, -132, -131, 0, 0, -128, -128, 0, -261, 0, 0, -260, -259, -127, -126, -125, -124, -129, -122, -121, -200, -209, -136, -120, -118, -115, -165, -117, -114, -113, 0, 0, -111, -110, -109, -106, -105, -104, 0, 0, 0, 0, 0, -308, 0, 0, 0, -112, -80, -148, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -142, 0, -103, -102, -101, -100, -99, -98, -97, -93, -95, -94, -92, -91, -90, 0, 0, -89, -88, -96, -83, 0, 0, 0, 0, 0, -141, -149, 0, -116, -86, 0, 0, 0, 0, 0, 0, 0, -84, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -85, -85, 0, 0, -82, 0, 0, 0, -201, 0, -201, -201, -201, 0, -79, -195, 0, -199, 0, -172, -140, -172, -78, -77, -76, -75, -74, -73, -72, -71, -70, -69, -67, -66, 0, -65, -81, -64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -265, -262, 0, 0, -63, -62, 0, -125, 0, -124, -61, -60, -59, -58, -57, -56, -121, -55, -54, -53, -52, -51, -50, -49, -48, -47, -46, -45, -44, -11, -43, 0, -43, -42, -117, -41, -39, -38, 0, 0, 0, 0, -37, 0, 0, 0, -195, 0, 0, -238, 0, 0, 0, -289, 0, 0, 0, -128, 0, -23, -18, -107, -270, -32, -22, -21, -20, -19, -24, -17, -16, -14, 0, -13, -12, -293, -68, -310, -10, 0, -9, -7, -6, -5, -4, -199, -3, -288, -286, -1, 1, -139, -26, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, -31, -30, -27, -8, -2, 2, 4, 5, 6, 7, 8, 9, 10, 0, 11, 0, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -85, 14, 15, 0, 0, 0, 0, 0, 16, 0, 17, 18, 19, -238, 0, 0, 0, 0, 0, -254, -135, 24, -145, 0, 0, 0, 0, 0, 21, 30, 0, 0, 31, 32, 0, 33, 0, 0, 0, 0, -281, -277, 0, 0, -254, 0, 0, 0, 0, 0, 0, 0, 0, -25, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 38, 39, -167, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, 27, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75, 0, 0, 0, 42, 43, 0, 0, 34, -303, 35, 36, 40, 0, 37, 0, 0, 41, 0, 44, 45, 46, 47, -199, 0, -199, 0, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 0, 59, 60, 61, 62, 64, 65, 66, 67, 68, 69, 70, 71, 72, -201, -181, 0, 0, 0, 73, 74, 0, 76, 0, 77, 0, 78, 79, -201, -181, 80, 0, 0, 0, 0, 0, 0, 81, 0, 82, 83, 0, 84, 0, 0, 0, 0, 0, 85, 0, 86, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -291, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 87, 88, 89, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 90, 0, 0, 0, 0, 91, 0, 92, 0, 95, -254, 103, -133, 0, 0, 94, 96, 0, 0, 0, 75, 97, 98, 0, 0, 0, 77, 0, 0, 109, 113, 0, 0, 0, 0, 0, 0, 100, 101, -201, -181, 102, 0, 0, 0, 0, 0, 104, 105, 0, 0, }; static const YYINT racoonyyrindex[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -305, -15, -305, 106, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -249, 0, 0, 107, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -232, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 110, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 111, 0, 0, 112, 0, 0, 0, 0, 0, 0, 0, 114, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, 0, 0, 0, 0, 0, 0, 0, 0, -232, -213, 0, 108, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 116, 0, 117, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -213, 0, 0, 0, 0, 0, 0, -119, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -70, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -70, -70, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -70, 0, -70, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -285, -247, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -142, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; static const YYINT racoonyygindex[] = { 0, -381, -447, 120, 119, 284, 121, -215, -539, 63, -334, 261, -87, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 149, 150, 129, 0, 0, 126, 0, 0, 0, 0, 0, 0, 146, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -323, 0, 0, 192, 0, 118, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; #define YYTABLESIZE 542 static const YYINT racoonyytable[] = { 298, 299, 300, 152, 153, 534, 467, 77, 78, 79, 203, 83, 84, 85, 86, 87, 90, 91, 155, 92, 93, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 637, 69, 171, 172, 173, 174, 575, 648, 132, 426, 98, 99, 100, 101, 102, 103, 104, 117, 118, 119, 120, 121, 122, 105, 106, 107, 108, 109, 110, 111, 458, 2, 112, 113, 114, 3, 46, 4, 5, 6, 649, 7, 528, 455, 33, 506, 530, 8, 469, 46, 471, 218, 64, 203, 9, 34, 650, 439, 440, 441, 127, 128, 129, 130, 195, 196, 197, 10, 459, 198, 65, 36, 11, 193, 125, 219, 194, 651, 427, 428, 65, 529, 531, 429, 133, 456, 69, 69, 576, 35, 470, 65, 472, 141, 126, 143, 131, 142, 12, 144, 305, 306, 652, 37, 305, 306, 239, 684, 13, 239, 14, 442, 378, 47, 48, 380, 379, 54, 123, 381, 156, 205, 206, 507, 422, 423, 39, 48, 231, 231, 231, 231, 51, 169, 175, 94, 88, 115, 199, 424, 200, 201, 80, 203, 227, 231, 40, 228, 43, 233, 233, 186, 187, 188, 189, 15, 137, 16, 44, 139, 70, 590, 52, 592, 233, 302, 303, 312, 313, 666, 314, 55, 315, 60, 316, 68, 317, 318, 319, 320, 321, 322, 305, 306, 323, 324, 325, 293, 294, 295, 326, 327, 432, 328, 329, 330, 61, 331, 73, 332, 56, 333, 334, 620, 621, 622, 623, 559, 560, 561, 135, 335, 336, 337, 338, 339, 340, 341, 342, 309, 136, 436, 437, 57, 343, 344, 345, 75, 346, 136, 475, 476, 140, 347, 509, 510, 668, 669, 145, 146, 147, 148, 222, 149, 223, 262, 150, 151, 512, 239, 261, 675, 185, 348, 48, 177, 178, 179, 182, 203, 190, 202, 204, 210, 207, 211, 212, 213, 214, 221, 457, 215, 216, 217, 201, 263, 244, 245, 241, 243, 218, 257, 246, 247, 248, 249, 250, 251, 434, 252, 253, 254, 255, 256, 258, 435, 443, 284, 448, 72, 364, 138, 287, 672, 0, 449, 301, 0, 264, 619, 271, 0, 289, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 636, 361, 362, 363, 365, 384, 385, 388, 389, 390, 391, 392, 393, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 411, 413, 408, 414, 415, 417, 477, 444, 445, 446, 447, 479, 480, 450, 451, 481, 453, 454, 543, 460, 462, 463, 464, 465, 466, 567, 468, 473, 243, 386, 474, 478, 387, 412, 482, 394, 350, 0, 421, 0, 483, 0, 491, 493, 484, 665, 485, 486, 487, 488, 489, 490, 511, 517, 495, 496, 498, 499, 500, 501, 502, 503, 518, 520, 521, 523, 557, 558, 564, 566, 571, 572, 579, 659, 0, 0, 574, 577, 578, 581, 0, 683, 0, 584, 0, 0, 586, 587, 588, 589, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 606, 607, 608, 609, 631, 610, 611, 612, 613, 614, 615, 616, 617, 618, 628, 629, 0, 630, 497, 634, 635, 638, 640, 641, 642, 643, 645, 647, 656, 657, 658, 662, 663, 664, 667, 670, 678, 671, 673, 674, 679, 681, 682, 685, 0, 688, 689, 0, 247, 212, 359, 62, 170, 173, 0, 179, 182, 124, 126, 504, }; static const YYINT racoonyycheck[] = { 215, 216, 217, 90, 91, 452, 340, 258, 259, 260, 259, 268, 269, 270, 271, 272, 274, 275, 279, 277, 278, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 572, 339, 294, 295, 296, 297, 342, 331, 259, 331, 299, 300, 301, 302, 303, 304, 305, 325, 326, 327, 328, 329, 330, 312, 313, 314, 315, 316, 317, 318, 373, 257, 321, 322, 323, 261, 337, 263, 264, 265, 364, 267, 356, 369, 425, 332, 356, 273, 369, 337, 369, 392, 337, 335, 280, 262, 380, 360, 361, 362, 414, 415, 337, 338, 306, 307, 308, 293, 411, 311, 355, 410, 298, 306, 338, 416, 309, 401, 400, 401, 355, 448, 449, 405, 335, 411, 424, 425, 424, 414, 411, 355, 411, 410, 64, 410, 66, 414, 324, 414, 414, 415, 426, 266, 414, 415, 424, 679, 334, 427, 336, 414, 410, 414, 415, 410, 414, 414, 426, 414, 414, 319, 320, 410, 395, 396, 425, 415, 393, 394, 395, 396, 382, 426, 426, 426, 426, 426, 307, 410, 309, 310, 426, 425, 424, 410, 425, 427, 425, 395, 396, 306, 307, 308, 309, 381, 71, 383, 425, 74, 339, 528, 411, 530, 410, 393, 394, 340, 341, 649, 343, 424, 345, 425, 347, 393, 349, 350, 351, 352, 353, 354, 414, 415, 357, 358, 359, 421, 422, 423, 363, 364, 312, 366, 367, 368, 425, 370, 339, 372, 424, 374, 375, 417, 418, 419, 420, 407, 408, 409, 414, 384, 385, 386, 387, 388, 389, 390, 391, 424, 425, 361, 362, 424, 397, 398, 399, 424, 401, 425, 402, 403, 424, 406, 402, 403, 402, 403, 414, 424, 411, 411, 355, 410, 425, 427, 411, 411, 426, 424, 424, 665, 414, 426, 415, 415, 415, 415, 415, 410, 414, 414, 410, 410, 414, 411, 410, 410, 410, 414, 371, 410, 410, 410, 426, 424, 410, 410, 414, 414, 392, 410, 414, 414, 414, 411, 414, 414, 344, 414, 414, 414, 414, 414, 410, 346, 361, 415, 355, 48, 414, 73, 206, 659, -1, 355, 219, -1, 427, 557, 427, -1, 427, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 571, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 392, 424, 424, 427, 424, 424, 424, 414, 411, 411, 411, 411, 424, 424, 411, 410, 424, 411, 411, 425, 411, 411, 410, 410, 410, 410, 332, 411, 410, 425, 262, 411, 410, 264, 289, 424, 271, 226, -1, 301, -1, 424, -1, 414, 414, 424, 332, 424, 424, 424, 424, 424, 424, 410, 414, 424, 424, 424, 424, 424, 424, 424, 424, 414, 414, 414, 414, 410, 410, 424, 424, 410, 410, 414, 427, -1, -1, 424, 424, 424, 424, -1, 678, -1, 424, -1, -1, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 410, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, -1, 424, 408, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 414, 424, 410, 424, 424, 424, 410, 424, 424, 424, -1, 424, 424, -1, 425, 425, 425, 424, 424, 424, -1, 424, 424, 424, 424, 421, }; #define YYFINAL 1 #ifndef YYDEBUG #define YYDEBUG 0 #endif #define YYMAXTOKEN 427 #define YYUNDFTOKEN 632 #define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) #if YYDEBUG static const char *const racoonyyname[] = { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"PRIVSEP","USER","GROUP","CHROOT", "PATH","PATHTYPE","INCLUDE","PFKEY_BUFFER","LOGGING","LOGLEV","PADDING", "PAD_RANDOMIZE","PAD_RANDOMIZELEN","PAD_MAXLEN","PAD_STRICT","PAD_EXCLTAIL", "LISTEN","X_ISAKMP","X_ISAKMP_NATT","X_ADMIN","STRICT_ADDRESS","ADMINSOCK", "DISABLED","LDAPCFG","LDAP_HOST","LDAP_PORT","LDAP_PVER","LDAP_BASE", "LDAP_BIND_DN","LDAP_BIND_PW","LDAP_SUBTREE","LDAP_ATTR_USER","LDAP_ATTR_ADDR", "LDAP_ATTR_MASK","LDAP_ATTR_GROUP","LDAP_ATTR_MEMBER","RADCFG","RAD_AUTH", "RAD_ACCT","RAD_TIMEOUT","RAD_RETRIES","MODECFG","CFG_NET4","CFG_MASK4", "CFG_DNS4","CFG_NBNS4","CFG_DEFAULT_DOMAIN","CFG_AUTH_SOURCE","CFG_AUTH_GROUPS", "CFG_SYSTEM","CFG_RADIUS","CFG_PAM","CFG_LDAP","CFG_LOCAL","CFG_NONE", "CFG_GROUP_SOURCE","CFG_ACCOUNTING","CFG_CONF_SOURCE","CFG_MOTD", "CFG_POOL_SIZE","CFG_AUTH_THROTTLE","CFG_SPLIT_NETWORK","CFG_SPLIT_LOCAL", "CFG_SPLIT_INCLUDE","CFG_SPLIT_DNS","CFG_PFS_GROUP","CFG_SAVE_PASSWD","RETRY", "RETRY_COUNTER","RETRY_INTERVAL","RETRY_PERSEND","RETRY_PHASE1","RETRY_PHASE2", "NATT_KA","ALGORITHM_CLASS","ALGORITHMTYPE","STRENGTHTYPE","SAINFO","FROM", "REMOTE","ANONYMOUS","CLIENTADDR","INHERIT","REMOTE_ADDRESS","EXCHANGE_MODE", "EXCHANGETYPE","DOI","DOITYPE","SITUATION","SITUATIONTYPE","CERTIFICATE_TYPE", "CERTTYPE","PEERS_CERTFILE","CA_TYPE","VERIFY_CERT","SEND_CERT","SEND_CR", "MATCH_EMPTY_CR","IDENTIFIERTYPE","IDENTIFIERQUAL","MY_IDENTIFIER", "PEERS_IDENTIFIER","VERIFY_IDENTIFIER","DNSSEC","CERT_X509","CERT_PLAINRSA", "NONCE_SIZE","DH_GROUP","KEEPALIVE","PASSIVE","INITIAL_CONTACT","NAT_TRAVERSAL", "REMOTE_FORCE_LEVEL","PROPOSAL_CHECK","PROPOSAL_CHECK_LEVEL","GENERATE_POLICY", "GENERATE_LEVEL","SUPPORT_PROXY","PROPOSAL","EXEC_PATH","EXEC_COMMAND", "EXEC_SUCCESS","EXEC_FAILURE","GSS_ID","GSS_ID_ENC","GSS_ID_ENCTYPE", "COMPLEX_BUNDLE","DPD","DPD_DELAY","DPD_RETRY","DPD_MAXFAIL","PH1ID", "XAUTH_LOGIN","WEAK_PHASE1_CHECK","REKEY","PREFIX","PORT","PORTANY","UL_PROTO", "ANY","IKE_FRAG","ESP_FRAG","MODE_CFG","PFS_GROUP","LIFETIME","LIFETYPE_TIME", "LIFETYPE_BYTE","STRENGTH","REMOTEID","SCRIPT","PHASE1_UP","PHASE1_DOWN", "PHASE1_DEAD","NUMBER","SWITCH","BOOLEAN","HEXSTRING","QUOTEDSTRING", "ADDRSTRING","ADDRRANGE","UNITTYPE_BYTE","UNITTYPE_KBYTES","UNITTYPE_MBYTES", "UNITTYPE_TBYTES","UNITTYPE_SEC","UNITTYPE_MIN","UNITTYPE_HOUR","EOS","BOC", "EOC","COMMA",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol", }; static const char *const racoonyyrule[] = { "$accept : statements", "statements :", "statements : statements statement", "statement : privsep_statement", "statement : path_statement", "statement : include_statement", "statement : pfkey_statement", "statement : gssenc_statement", "statement : logging_statement", "statement : padding_statement", "statement : listen_statement", "statement : ldapcfg_statement", "statement : radcfg_statement", "statement : modecfg_statement", "statement : timer_statement", "statement : sainfo_statement", "statement : remote_statement", "statement : special_statement", "privsep_statement : PRIVSEP BOC privsep_stmts EOC", "privsep_stmts :", "privsep_stmts : privsep_stmts privsep_stmt", "$$1 :", "privsep_stmt : USER QUOTEDSTRING $$1 EOS", "$$2 :", "privsep_stmt : USER NUMBER $$2 EOS", "$$3 :", "privsep_stmt : GROUP QUOTEDSTRING $$3 EOS", "$$4 :", "privsep_stmt : GROUP NUMBER $$4 EOS", "$$5 :", "privsep_stmt : CHROOT QUOTEDSTRING $$5 EOS", "$$6 :", "path_statement : PATH PATHTYPE QUOTEDSTRING $$6 EOS", "$$7 :", "special_statement : COMPLEX_BUNDLE SWITCH $$7 EOS", "include_statement : INCLUDE QUOTEDSTRING EOS", "pfkey_statement : PFKEY_BUFFER NUMBER EOS", "gssenc_statement : GSS_ID_ENC GSS_ID_ENCTYPE EOS", "logging_statement : LOGGING log_level EOS", "log_level : LOGLEV", "padding_statement : PADDING BOC padding_stmts EOC", "padding_stmts :", "padding_stmts : padding_stmts padding_stmt", "$$8 :", "padding_stmt : PAD_RANDOMIZE SWITCH $$8 EOS", "$$9 :", "padding_stmt : PAD_RANDOMIZELEN SWITCH $$9 EOS", "$$10 :", "padding_stmt : PAD_MAXLEN NUMBER $$10 EOS", "$$11 :", "padding_stmt : PAD_STRICT SWITCH $$11 EOS", "$$12 :", "padding_stmt : PAD_EXCLTAIL SWITCH $$12 EOS", "listen_statement : LISTEN BOC listen_stmts EOC", "listen_stmts :", "listen_stmts : listen_stmts listen_stmt", "$$13 :", "listen_stmt : X_ISAKMP ike_addrinfo_port $$13 EOS", "$$14 :", "listen_stmt : X_ISAKMP_NATT ike_addrinfo_port $$14 EOS", "$$15 :", "listen_stmt : ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER $$15 EOS", "$$16 :", "listen_stmt : ADMINSOCK QUOTEDSTRING $$16 EOS", "$$17 :", "listen_stmt : ADMINSOCK DISABLED $$17 EOS", "$$18 :", "listen_stmt : STRICT_ADDRESS $$18 EOS", "ike_addrinfo_port : ADDRSTRING ike_port", "ike_port :", "ike_port : PORT", "$$19 :", "radcfg_statement : RADCFG $$19 BOC radcfg_stmts EOC", "radcfg_stmts :", "radcfg_stmts : radcfg_stmts radcfg_stmt", "$$20 :", "radcfg_stmt : RAD_AUTH QUOTEDSTRING QUOTEDSTRING $$20 EOS", "$$21 :", "radcfg_stmt : RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING $$21 EOS", "$$22 :", "radcfg_stmt : RAD_ACCT QUOTEDSTRING QUOTEDSTRING $$22 EOS", "$$23 :", "radcfg_stmt : RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING $$23 EOS", "$$24 :", "radcfg_stmt : RAD_TIMEOUT NUMBER $$24 EOS", "$$25 :", "radcfg_stmt : RAD_RETRIES NUMBER $$25 EOS", "$$26 :", "ldapcfg_statement : LDAPCFG $$26 BOC ldapcfg_stmts EOC", "ldapcfg_stmts :", "ldapcfg_stmts : ldapcfg_stmts ldapcfg_stmt", "$$27 :", "ldapcfg_stmt : LDAP_PVER NUMBER $$27 EOS", "$$28 :", "ldapcfg_stmt : LDAP_HOST QUOTEDSTRING $$28 EOS", "$$29 :", "ldapcfg_stmt : LDAP_PORT NUMBER $$29 EOS", "$$30 :", "ldapcfg_stmt : LDAP_BASE QUOTEDSTRING $$30 EOS", "$$31 :", "ldapcfg_stmt : LDAP_SUBTREE SWITCH $$31 EOS", "$$32 :", "ldapcfg_stmt : LDAP_BIND_DN QUOTEDSTRING $$32 EOS", "$$33 :", "ldapcfg_stmt : LDAP_BIND_PW QUOTEDSTRING $$33 EOS", "$$34 :", "ldapcfg_stmt : LDAP_ATTR_USER QUOTEDSTRING $$34 EOS", "$$35 :", "ldapcfg_stmt : LDAP_ATTR_ADDR QUOTEDSTRING $$35 EOS", "$$36 :", "ldapcfg_stmt : LDAP_ATTR_MASK QUOTEDSTRING $$36 EOS", "$$37 :", "ldapcfg_stmt : LDAP_ATTR_GROUP QUOTEDSTRING $$37 EOS", "$$38 :", "ldapcfg_stmt : LDAP_ATTR_MEMBER QUOTEDSTRING $$38 EOS", "modecfg_statement : MODECFG BOC modecfg_stmts EOC", "modecfg_stmts :", "modecfg_stmts : modecfg_stmts modecfg_stmt", "$$39 :", "modecfg_stmt : CFG_NET4 ADDRSTRING $$39 EOS", "$$40 :", "modecfg_stmt : CFG_MASK4 ADDRSTRING $$40 EOS", "modecfg_stmt : CFG_DNS4 addrdnslist EOS", "modecfg_stmt : CFG_NBNS4 addrwinslist EOS", "$$41 :", "modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL splitnetlist $$41 EOS", "$$42 :", "modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_INCLUDE splitnetlist $$42 EOS", "$$43 :", "modecfg_stmt : CFG_SPLIT_DNS splitdnslist $$43 EOS", "$$44 :", "modecfg_stmt : CFG_DEFAULT_DOMAIN QUOTEDSTRING $$44 EOS", "$$45 :", "modecfg_stmt : CFG_AUTH_SOURCE CFG_SYSTEM $$45 EOS", "$$46 :", "modecfg_stmt : CFG_AUTH_SOURCE CFG_RADIUS $$46 EOS", "$$47 :", "modecfg_stmt : CFG_AUTH_SOURCE CFG_PAM $$47 EOS", "$$48 :", "modecfg_stmt : CFG_AUTH_SOURCE CFG_LDAP $$48 EOS", "$$49 :", "modecfg_stmt : CFG_AUTH_GROUPS authgrouplist $$49 EOS", "$$50 :", "modecfg_stmt : CFG_GROUP_SOURCE CFG_SYSTEM $$50 EOS", "$$51 :", "modecfg_stmt : CFG_GROUP_SOURCE CFG_LDAP $$51 EOS", "$$52 :", "modecfg_stmt : CFG_ACCOUNTING CFG_NONE $$52 EOS", "$$53 :", "modecfg_stmt : CFG_ACCOUNTING CFG_SYSTEM $$53 EOS", "$$54 :", "modecfg_stmt : CFG_ACCOUNTING CFG_RADIUS $$54 EOS", "$$55 :", "modecfg_stmt : CFG_ACCOUNTING CFG_PAM $$55 EOS", "$$56 :", "modecfg_stmt : CFG_POOL_SIZE NUMBER $$56 EOS", "$$57 :", "modecfg_stmt : CFG_PFS_GROUP NUMBER $$57 EOS", "$$58 :", "modecfg_stmt : CFG_SAVE_PASSWD SWITCH $$58 EOS", "$$59 :", "modecfg_stmt : CFG_AUTH_THROTTLE NUMBER $$59 EOS", "$$60 :", "modecfg_stmt : CFG_CONF_SOURCE CFG_LOCAL $$60 EOS", "$$61 :", "modecfg_stmt : CFG_CONF_SOURCE CFG_RADIUS $$61 EOS", "$$62 :", "modecfg_stmt : CFG_CONF_SOURCE CFG_LDAP $$62 EOS", "$$63 :", "modecfg_stmt : CFG_MOTD QUOTEDSTRING $$63 EOS", "addrdnslist : addrdns", "addrdnslist : addrdns COMMA addrdnslist", "addrdns : ADDRSTRING", "addrwinslist : addrwins", "addrwinslist : addrwins COMMA addrwinslist", "addrwins : ADDRSTRING", "splitnetlist : splitnet", "splitnetlist : splitnetlist COMMA splitnet", "splitnet : ADDRSTRING PREFIX", "authgrouplist : authgroup", "authgrouplist : authgroup COMMA authgrouplist", "authgroup : QUOTEDSTRING", "splitdnslist : splitdns", "splitdnslist : splitdns COMMA splitdnslist", "splitdns : QUOTEDSTRING", "timer_statement : RETRY BOC timer_stmts EOC", "timer_stmts :", "timer_stmts : timer_stmts timer_stmt", "$$64 :", "timer_stmt : RETRY_COUNTER NUMBER $$64 EOS", "$$65 :", "timer_stmt : RETRY_INTERVAL NUMBER unittype_time $$65 EOS", "$$66 :", "timer_stmt : RETRY_PERSEND NUMBER $$66 EOS", "$$67 :", "timer_stmt : RETRY_PHASE1 NUMBER unittype_time $$67 EOS", "$$68 :", "timer_stmt : RETRY_PHASE2 NUMBER unittype_time $$68 EOS", "$$69 :", "timer_stmt : NATT_KA NUMBER unittype_time $$69 EOS", "$$70 :", "$$71 :", "sainfo_statement : SAINFO $$70 sainfo_name sainfo_param BOC sainfo_specs $$71 EOC", "sainfo_name : ANONYMOUS", "sainfo_name : ANONYMOUS CLIENTADDR", "sainfo_name : ANONYMOUS sainfo_id", "sainfo_name : sainfo_id ANONYMOUS", "sainfo_name : sainfo_id CLIENTADDR", "sainfo_name : sainfo_id sainfo_id", "sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto", "sainfo_id : IDENTIFIERTYPE ADDRSTRING ADDRRANGE prefix port ul_proto", "sainfo_id : IDENTIFIERTYPE QUOTEDSTRING", "sainfo_param :", "sainfo_param : FROM IDENTIFIERTYPE identifierstring", "sainfo_param : GROUP QUOTEDSTRING", "sainfo_specs :", "sainfo_specs : sainfo_specs sainfo_spec", "$$72 :", "sainfo_spec : PFS_GROUP dh_group_num $$72 EOS", "$$73 :", "sainfo_spec : REMOTEID NUMBER $$73 EOS", "$$74 :", "sainfo_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$74 EOS", "$$75 :", "sainfo_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$75 EOS", "$$76 :", "sainfo_spec : ALGORITHM_CLASS $$76 algorithms EOS", "algorithms : algorithm", "$$77 :", "algorithms : algorithm $$77 COMMA algorithms", "algorithm : ALGORITHMTYPE keylength", "prefix :", "prefix : PREFIX", "port :", "port : PORT", "port : PORTANY", "ul_proto : NUMBER", "ul_proto : UL_PROTO", "ul_proto : ANY", "keylength :", "keylength : NUMBER", "$$78 :", "remote_statement : REMOTE QUOTEDSTRING INHERIT QUOTEDSTRING $$78 remote_specs_inherit_block", "$$79 :", "remote_statement : REMOTE QUOTEDSTRING $$79 remote_specs_block", "$$80 :", "remote_statement : REMOTE remote_index INHERIT remote_index $$80 remote_specs_inherit_block", "$$81 :", "remote_statement : REMOTE remote_index $$81 remote_specs_block", "remote_specs_inherit_block : remote_specs_block", "remote_specs_inherit_block : EOS", "remote_specs_block : BOC remote_specs EOC", "remote_index : ANONYMOUS ike_port", "remote_index : ike_addrinfo_port", "remote_specs :", "remote_specs : remote_specs remote_spec", "$$82 :", "remote_spec : REMOTE_ADDRESS ike_addrinfo_port $$82 EOS", "$$83 :", "remote_spec : EXCHANGE_MODE $$83 exchange_types EOS", "$$84 :", "remote_spec : DOI DOITYPE $$84 EOS", "$$85 :", "remote_spec : SITUATION SITUATIONTYPE $$85 EOS", "remote_spec : CERTIFICATE_TYPE cert_spec", "$$86 :", "remote_spec : PEERS_CERTFILE QUOTEDSTRING $$86 EOS", "$$87 :", "remote_spec : PEERS_CERTFILE CERT_X509 QUOTEDSTRING $$87 EOS", "$$88 :", "remote_spec : PEERS_CERTFILE CERT_PLAINRSA QUOTEDSTRING $$88 EOS", "$$89 :", "remote_spec : PEERS_CERTFILE DNSSEC $$89 EOS", "$$90 :", "remote_spec : CA_TYPE CERT_X509 QUOTEDSTRING $$90 EOS", "$$91 :", "remote_spec : VERIFY_CERT SWITCH $$91 EOS", "$$92 :", "remote_spec : SEND_CERT SWITCH $$92 EOS", "$$93 :", "remote_spec : SEND_CR SWITCH $$93 EOS", "$$94 :", "remote_spec : MATCH_EMPTY_CR SWITCH $$94 EOS", "$$95 :", "remote_spec : MY_IDENTIFIER IDENTIFIERTYPE identifierstring $$95 EOS", "$$96 :", "remote_spec : MY_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$96 EOS", "$$97 :", "remote_spec : XAUTH_LOGIN identifierstring $$97 EOS", "$$98 :", "remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring $$98 EOS", "$$99 :", "remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$99 EOS", "$$100 :", "remote_spec : VERIFY_IDENTIFIER SWITCH $$100 EOS", "$$101 :", "remote_spec : NONCE_SIZE NUMBER $$101 EOS", "$$102 :", "remote_spec : DH_GROUP $$102 dh_group_num EOS", "$$103 :", "remote_spec : PASSIVE SWITCH $$103 EOS", "$$104 :", "remote_spec : IKE_FRAG SWITCH $$104 EOS", "$$105 :", "remote_spec : IKE_FRAG REMOTE_FORCE_LEVEL $$105 EOS", "$$106 :", "remote_spec : ESP_FRAG NUMBER $$106 EOS", "$$107 :", "remote_spec : SCRIPT QUOTEDSTRING PHASE1_UP $$107 EOS", "$$108 :", "remote_spec : SCRIPT QUOTEDSTRING PHASE1_DOWN $$108 EOS", "$$109 :", "remote_spec : SCRIPT QUOTEDSTRING PHASE1_DEAD $$109 EOS", "$$110 :", "remote_spec : MODE_CFG SWITCH $$110 EOS", "$$111 :", "remote_spec : WEAK_PHASE1_CHECK SWITCH $$111 EOS", "$$112 :", "remote_spec : GENERATE_POLICY SWITCH $$112 EOS", "$$113 :", "remote_spec : GENERATE_POLICY GENERATE_LEVEL $$113 EOS", "$$114 :", "remote_spec : SUPPORT_PROXY SWITCH $$114 EOS", "$$115 :", "remote_spec : INITIAL_CONTACT SWITCH $$115 EOS", "$$116 :", "remote_spec : NAT_TRAVERSAL SWITCH $$116 EOS", "$$117 :", "remote_spec : NAT_TRAVERSAL REMOTE_FORCE_LEVEL $$117 EOS", "$$118 :", "remote_spec : DPD SWITCH $$118 EOS", "$$119 :", "remote_spec : DPD_DELAY NUMBER $$119 EOS", "$$120 :", "remote_spec : DPD_RETRY NUMBER $$120 EOS", "$$121 :", "remote_spec : DPD_MAXFAIL NUMBER $$121 EOS", "$$122 :", "remote_spec : REKEY SWITCH $$122 EOS", "$$123 :", "remote_spec : REKEY REMOTE_FORCE_LEVEL $$123 EOS", "$$124 :", "remote_spec : PH1ID NUMBER $$124 EOS", "$$125 :", "remote_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$125 EOS", "$$126 :", "remote_spec : PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL $$126 EOS", "$$127 :", "remote_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$127 EOS", "$$128 :", "remote_spec : PROPOSAL $$128 BOC isakmpproposal_specs EOC", "exchange_types :", "exchange_types : exchange_types EXCHANGETYPE", "$$129 :", "cert_spec : CERT_X509 QUOTEDSTRING QUOTEDSTRING $$129 EOS", "$$130 :", "cert_spec : CERT_PLAINRSA QUOTEDSTRING $$130 EOS", "dh_group_num : ALGORITHMTYPE", "dh_group_num : NUMBER", "identifierstring :", "identifierstring : ADDRSTRING", "identifierstring : QUOTEDSTRING", "isakmpproposal_specs :", "isakmpproposal_specs : isakmpproposal_specs isakmpproposal_spec", "$$131 :", "isakmpproposal_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$131 EOS", "$$132 :", "isakmpproposal_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$132 EOS", "$$133 :", "isakmpproposal_spec : DH_GROUP dh_group_num $$133 EOS", "$$134 :", "isakmpproposal_spec : GSS_ID QUOTEDSTRING $$134 EOS", "$$135 :", "isakmpproposal_spec : ALGORITHM_CLASS ALGORITHMTYPE keylength $$135 EOS", "unittype_time : UNITTYPE_SEC", "unittype_time : UNITTYPE_MIN", "unittype_time : UNITTYPE_HOUR", "unittype_byte : UNITTYPE_BYTE", "unittype_byte : UNITTYPE_KBYTES", "unittype_byte : UNITTYPE_MBYTES", "unittype_byte : UNITTYPE_TBYTES", }; #endif int yydebug; int yynerrs; int yyerrflag; int yychar; YYSTYPE yyval; YYSTYPE yylval; /* define the initial stack-sizes */ #ifdef YYSTACKSIZE #undef YYMAXDEPTH #define YYMAXDEPTH YYSTACKSIZE #else #ifdef YYMAXDEPTH #define YYSTACKSIZE YYMAXDEPTH #else #define YYSTACKSIZE 10000 #define YYMAXDEPTH 10000 #endif #endif #define YYINITSTACKSIZE 200 typedef struct { unsigned stacksize; YYINT *s_base; YYINT *s_mark; YYINT *s_last; YYSTYPE *l_base; YYSTYPE *l_mark; } YYSTACKDATA; /* variables for the parser stack */ static YYSTACKDATA yystack; #line 2399 "../../ipsec-tools/src/racoon/cfparse.y" static struct secprotospec * newspspec() { struct secprotospec *new; new = racoon_calloc(1, sizeof(*new)); if (new == NULL) { yyerror("failed to allocate spproto"); return NULL; } new->encklen = 0; /*XXX*/ /* * Default to "uknown" vendor -- we will override this * as necessary. When we send a Vendor ID payload, an * "unknown" will be translated to a KAME/racoon ID. */ new->vendorid = VENDORID_UNKNOWN; return new; } /* * insert into head of list. */ static void insspspec(rmconf, spspec) struct remoteconf *rmconf; struct secprotospec *spspec; { if (rmconf->spspec != NULL) rmconf->spspec->prev = spspec; spspec->next = rmconf->spspec; rmconf->spspec = spspec; } static struct secprotospec * dupspspec(spspec) struct secprotospec *spspec; { struct secprotospec *new; new = newspspec(); if (new == NULL) { plog(LLV_ERROR, LOCATION, NULL, "dupspspec: malloc failed\n"); return NULL; } memcpy(new, spspec, sizeof(*new)); if (spspec->gssid) { new->gssid = racoon_strdup(spspec->gssid); STRDUP_FATAL(new->gssid); } if (spspec->remote) { new->remote = racoon_malloc(sizeof(*new->remote)); if (new->remote == NULL) { plog(LLV_ERROR, LOCATION, NULL, "dupspspec: malloc failed (remote)\n"); return NULL; } memcpy(new->remote, spspec->remote, sizeof(*new->remote)); } return new; } /* * copy the whole list */ void dupspspec_list(dst, src) struct remoteconf *dst, *src; { struct secprotospec *p, *new, *last; for(p = src->spspec, last = NULL; p; p = p->next, last = new) { new = dupspspec(p); if (new == NULL) exit(1); new->prev = last; new->next = NULL; /* not necessary but clean */ if (last) last->next = new; else /* first element */ dst->spspec = new; } } /* * delete the whole list */ void flushspspec(rmconf) struct remoteconf *rmconf; { struct secprotospec *p; while(rmconf->spspec != NULL) { p = rmconf->spspec; rmconf->spspec = p->next; if (p->next != NULL) p->next->prev = NULL; /* not necessary but clean */ if (p->gssid) racoon_free(p->gssid); if (p->remote) racoon_free(p->remote); racoon_free(p); } rmconf->spspec = NULL; } /* set final acceptable proposal */ static int set_isakmp_proposal(rmconf) struct remoteconf *rmconf; { struct secprotospec *s; int prop_no = 1; int trns_no = 1; int32_t types[MAXALGCLASS]; /* mandatory check */ if (rmconf->spspec == NULL) { yyerror("no remote specification found: %s.\n", saddr2str(rmconf->remote)); return -1; } for (s = rmconf->spspec; s != NULL; s = s->next) { /* XXX need more to check */ if (s->algclass[algclass_isakmp_enc] == 0) { yyerror("encryption algorithm required."); return -1; } if (s->algclass[algclass_isakmp_hash] == 0) { yyerror("hash algorithm required."); return -1; } if (s->algclass[algclass_isakmp_dh] == 0) { yyerror("DH group required."); return -1; } if (s->algclass[algclass_isakmp_ameth] == 0) { yyerror("authentication method required."); return -1; } } /* skip to last part */ for (s = rmconf->spspec; s->next != NULL; s = s->next) ; while (s != NULL) { plog(LLV_DEBUG2, LOCATION, NULL, "lifetime = %ld\n", (long) (s->lifetime ? s->lifetime : rmconf->lifetime)); plog(LLV_DEBUG2, LOCATION, NULL, "lifebyte = %d\n", s->lifebyte ? s->lifebyte : rmconf->lifebyte); plog(LLV_DEBUG2, LOCATION, NULL, "encklen=%d\n", s->encklen); memset(types, 0, ARRAYLEN(types)); types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; types[algclass_isakmp_ameth] = s->algclass[algclass_isakmp_ameth]; /* expanding spspec */ clean_tmpalgtype(); trns_no = expand_isakmpspec(prop_no, trns_no, types, algclass_isakmp_enc, algclass_isakmp_ameth + 1, s->lifetime ? s->lifetime : rmconf->lifetime, s->lifebyte ? s->lifebyte : rmconf->lifebyte, s->encklen, s->vendorid, s->gssid, rmconf); if (trns_no == -1) { plog(LLV_ERROR, LOCATION, NULL, "failed to expand isakmp proposal.\n"); return -1; } s = s->prev; } if (rmconf->proposal == NULL) { plog(LLV_ERROR, LOCATION, NULL, "no proposal found.\n"); return -1; } return 0; } static void clean_tmpalgtype() { int i; for (i = 0; i < MAXALGCLASS; i++) tmpalgtype[i] = 0; /* means algorithm undefined. */ } static int expand_isakmpspec(prop_no, trns_no, types, class, last, lifetime, lifebyte, encklen, vendorid, gssid, rmconf) int prop_no, trns_no; int *types, class, last; time_t lifetime; int lifebyte; int encklen; int vendorid; char *gssid; struct remoteconf *rmconf; { struct isakmpsa *new; /* debugging */ { int j; char tb[10]; plog(LLV_DEBUG2, LOCATION, NULL, "p:%d t:%d\n", prop_no, trns_no); for (j = class; j < MAXALGCLASS; j++) { snprintf(tb, sizeof(tb), "%d", types[j]); plog(LLV_DEBUG2, LOCATION, NULL, "%s%s%s%s\n", s_algtype(j, types[j]), types[j] ? "(" : "", tb[0] == '0' ? "" : tb, types[j] ? ")" : ""); } plog(LLV_DEBUG2, LOCATION, NULL, "\n"); } #define TMPALGTYPE2STR(n) \ s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n]) /* check mandatory values */ if (types[algclass_isakmp_enc] == 0 || types[algclass_isakmp_ameth] == 0 || types[algclass_isakmp_hash] == 0 || types[algclass_isakmp_dh] == 0) { yyerror("few definition of algorithm " "enc=%s ameth=%s hash=%s dhgroup=%s.\n", TMPALGTYPE2STR(enc), TMPALGTYPE2STR(ameth), TMPALGTYPE2STR(hash), TMPALGTYPE2STR(dh)); return -1; } #undef TMPALGTYPE2STR /* set new sa */ new = newisakmpsa(); if (new == NULL) { yyerror("failed to allocate isakmp sa"); return -1; } new->prop_no = prop_no; new->trns_no = trns_no++; new->lifetime = lifetime; new->lifebyte = lifebyte; new->enctype = types[algclass_isakmp_enc]; new->encklen = encklen; new->authmethod = types[algclass_isakmp_ameth]; new->hashtype = types[algclass_isakmp_hash]; new->dh_group = types[algclass_isakmp_dh]; new->vendorid = vendorid; #ifdef HAVE_GSSAPI if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) { if (gssid != NULL) { if ((new->gssid = vmalloc(strlen(gssid))) == NULL) { racoon_free(new); yyerror("failed to allocate gssid"); return -1; } memcpy(new->gssid->v, gssid, new->gssid->l); racoon_free(gssid); } else { /* * Allocate the default ID so that it gets put * into a GSS ID attribute during the Phase 1 * exchange. */ new->gssid = gssapi_get_default_gss_id(); } } #endif insisakmpsa(new, rmconf); return trns_no; } #if 0 /* * fix lifebyte. * Must be more than 1024B because its unit is kilobytes. * That is defined RFC2407. */ static int fix_lifebyte(t) unsigned long t; { if (t < 1024) { yyerror("byte size should be more than 1024B."); return 0; } return(t / 1024); } #endif int cfparse() { int error; yyerrorcount = 0; yycf_init_buffer(); if (yycf_switch_buffer(lcconf->racoon_conf) != 0) { plog(LLV_ERROR, LOCATION, NULL, "could not read configuration file \"%s\"\n", lcconf->racoon_conf); return -1; } error = yyparse(); if (error != 0) { if (yyerrorcount) { plog(LLV_ERROR, LOCATION, NULL, "fatal parse failure (%d errors)\n", yyerrorcount); } else { plog(LLV_ERROR, LOCATION, NULL, "fatal parse failure.\n"); } return -1; } if (error == 0 && yyerrorcount) { plog(LLV_ERROR, LOCATION, NULL, "parse error is nothing, but yyerrorcount is %d.\n", yyerrorcount); exit(1); } yycf_clean_buffer(); plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n"); return 0; } int cfreparse() { flushph2(); flushph1(); flushrmconf(); flushsainfo(); clean_tmpalgtype(); return(cfparse()); } #ifdef ENABLE_ADMINPORT static void adminsock_conf(path, owner, group, mode_dec) vchar_t *path; vchar_t *owner; vchar_t *group; int mode_dec; { struct passwd *pw = NULL; struct group *gr = NULL; mode_t mode = 0; uid_t uid; gid_t gid; int isnum; adminsock_path = path->v; if (owner == NULL) return; errno = 0; uid = atoi(owner->v); isnum = !errno; if (((pw = getpwnam(owner->v)) == NULL) && !isnum) yyerror("User \"%s\" does not exist", owner->v); if (pw) adminsock_owner = pw->pw_uid; else adminsock_owner = uid; if (group == NULL) return; errno = 0; gid = atoi(group->v); isnum = !errno; if (((gr = getgrnam(group->v)) == NULL) && !isnum) yyerror("Group \"%s\" does not exist", group->v); if (gr) adminsock_group = gr->gr_gid; else adminsock_group = gid; if (mode_dec == -1) return; if (mode_dec > 777) yyerror("Mode 0%03o is invalid", mode_dec); if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; } if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; } if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; } if (mode_dec > 77) yyerror("Mode 0%03o is invalid", mode_dec); if (mode_dec >= 40) { mode += 040; mode_dec -= 40; } if (mode_dec >= 20) { mode += 020; mode_dec -= 20; } if (mode_dec >= 10) { mode += 020; mode_dec -= 10; } if (mode_dec > 7) yyerror("Mode 0%03o is invalid", mode_dec); if (mode_dec >= 4) { mode += 04; mode_dec -= 4; } if (mode_dec >= 2) { mode += 02; mode_dec -= 2; } if (mode_dec >= 1) { mode += 02; mode_dec -= 1; } adminsock_mode = mode; return; } #endif #line 1933 "racoonyy.tab.c" #if YYDEBUG #include /* needed for printf */ #endif #include /* needed for malloc, etc */ #include /* needed for memset */ /* allocate initial stack or double stack size, up to YYMAXDEPTH */ static int yygrowstack(YYSTACKDATA *data) { int i; unsigned newsize; YYINT *newss; YYSTYPE *newvs; if ((newsize = data->stacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return YYENOMEM; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; i = (int) (data->s_mark - data->s_base); newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); if (newss == 0) return YYENOMEM; data->s_base = newss; data->s_mark = newss + i; newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); if (newvs == 0) return YYENOMEM; data->l_base = newvs; data->l_mark = newvs + i; data->stacksize = newsize; data->s_last = data->s_base + newsize - 1; return 0; } #if YYPURE || defined(YY_NO_LEAKS) static void yyfreestack(YYSTACKDATA *data) { free(data->s_base); free(data->l_base); memset(data, 0, sizeof(*data)); } #else #define yyfreestack(data) /* nothing */ #endif #define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept #define YYERROR goto yyerrlab int YYPARSE_DECL() { int yym, yyn, yystate; #if YYDEBUG const char *yys; if ((yys = getenv("YYDEBUG")) != 0) { yyn = *yys; if (yyn >= '0' && yyn <= '9') yydebug = yyn - '0'; } #endif yym = 0; yyn = 0; yynerrs = 0; yyerrflag = 0; yychar = YYEMPTY; yystate = 0; #if YYPURE memset(&yystack, 0, sizeof(yystack)); #endif if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; yystack.s_mark = yystack.s_base; yystack.l_mark = yystack.l_base; yystate = 0; *yystack.s_mark = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { yychar = YYLEX; if (yychar < 0) yychar = YYEOF; #if YYDEBUG if (yydebug) { if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif } if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; yystate = yytable[yyn]; *++yystack.s_mark = yytable[yyn]; *++yystack.l_mark = yylval; yychar = YYEMPTY; if (yyerrflag > 0) --yyerrflag; goto yyloop; } if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) { yyn = yytable[yyn]; goto yyreduce; } if (yyerrflag != 0) goto yyinrecovery; YYERROR_CALL("syntax error"); goto yyerrlab; /* redundant goto avoids 'unused label' warning */ yyerrlab: ++yynerrs; yyinrecovery: if (yyerrflag < 3) { yyerrflag = 3; for (;;) { if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); #endif if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; yystate = yytable[yyn]; *++yystack.s_mark = yytable[yyn]; *++yystack.l_mark = yylval; goto yyloop; } else { #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", YYPREFIX, *yystack.s_mark); #endif if (yystack.s_mark <= yystack.s_base) goto yyabort; --yystack.s_mark; --yystack.l_mark; } } } else { if (yychar == YYEOF) goto yyabort; #if YYDEBUG if (yydebug) { if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; printf("%sdebug: state %d, error recovery discards token %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif yychar = YYEMPTY; goto yyloop; } yyreduce: #if YYDEBUG if (yydebug) printf("%sdebug: state %d, reducing by rule %d (%s)\n", YYPREFIX, yystate, yyn, yyrule[yyn]); #endif yym = yylen[yyn]; if (yym > 0) yyval = yystack.l_mark[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 21: #line 368 "../../ipsec-tools/src/racoon/cfparse.y" { struct passwd *pw; if ((pw = getpwnam(yystack.l_mark[0].val->v)) == NULL) { yyerror("unknown user \"%s\"", yystack.l_mark[0].val->v); return -1; } lcconf->uid = pw->pw_uid; } break; case 23: #line 378 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->uid = yystack.l_mark[0].num; } break; case 25: #line 380 "../../ipsec-tools/src/racoon/cfparse.y" { struct group *gr; if ((gr = getgrnam(yystack.l_mark[0].val->v)) == NULL) { yyerror("unknown group \"%s\"", yystack.l_mark[0].val->v); return -1; } lcconf->gid = gr->gr_gid; } break; case 27: #line 390 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->gid = yystack.l_mark[0].num; } break; case 29: #line 391 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->chroot = yystack.l_mark[0].val->v; } break; case 31: #line 397 "../../ipsec-tools/src/racoon/cfparse.y" { if (yystack.l_mark[-1].num >= LC_PATHTYPE_MAX) { yyerror("invalid path type %d", yystack.l_mark[-1].num); return -1; } /* free old pathinfo */ if (lcconf->pathinfo[yystack.l_mark[-1].num]) racoon_free(lcconf->pathinfo[yystack.l_mark[-1].num]); /* set new pathinfo */ lcconf->pathinfo[yystack.l_mark[-1].num] = racoon_strdup(yystack.l_mark[0].val->v); STRDUP_FATAL(lcconf->pathinfo[yystack.l_mark[-1].num]); vfree(yystack.l_mark[0].val); } break; case 33: #line 417 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->complex_bundle = yystack.l_mark[0].num; } break; case 35: #line 423 "../../ipsec-tools/src/racoon/cfparse.y" { char path[MAXPATHLEN]; getpathname(path, sizeof(path), LC_PATHTYPE_INCLUDE, yystack.l_mark[-1].val->v); vfree(yystack.l_mark[-1].val); if (yycf_switch_buffer(path) != 0) return -1; } break; case 36: #line 437 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pfkey_buffer_size = yystack.l_mark[-1].num; } break; case 37: #line 444 "../../ipsec-tools/src/racoon/cfparse.y" { if (yystack.l_mark[-1].num >= LC_GSSENC_MAX) { yyerror("invalid GSS ID encoding %d", yystack.l_mark[-1].num); return -1; } lcconf->gss_id_enc = yystack.l_mark[-1].num; } break; case 39: #line 459 "../../ipsec-tools/src/racoon/cfparse.y" { /* * set the loglevel to the value specified * in the configuration file plus the number * of -d options specified on the command line */ loglevel += yystack.l_mark[0].num - oldloglevel; oldloglevel = yystack.l_mark[0].num; } break; case 43: #line 479 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pad_random = yystack.l_mark[0].num; } break; case 45: #line 480 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pad_randomlen = yystack.l_mark[0].num; } break; case 47: #line 481 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pad_maxsize = yystack.l_mark[0].num; } break; case 49: #line 482 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pad_strict = yystack.l_mark[0].num; } break; case 51: #line 483 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->pad_excltail = yystack.l_mark[0].num; } break; case 56: #line 496 "../../ipsec-tools/src/racoon/cfparse.y" { myaddr_listen(yystack.l_mark[0].saddr, FALSE); racoon_free(yystack.l_mark[0].saddr); } break; case 58: #line 502 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_NATT myaddr_listen(yystack.l_mark[0].saddr, TRUE); racoon_free(yystack.l_mark[0].saddr); #else racoon_free(yystack.l_mark[0].saddr); yyerror("NAT-T support not compiled in."); #endif } break; case 60: #line 513 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_ADMINPORT adminsock_conf(yystack.l_mark[-3].val, yystack.l_mark[-2].val, yystack.l_mark[-1].val, yystack.l_mark[0].num); #else yywarn("admin port support not compiled in"); #endif } break; case 62: #line 522 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_ADMINPORT adminsock_conf(yystack.l_mark[0].val, NULL, NULL, -1); #else yywarn("admin port support not compiled in"); #endif } break; case 64: #line 531 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_ADMINPORT adminsock_path = NULL; #else yywarn("admin port support not compiled in"); #endif } break; case 66: #line 539 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->strict_address = TRUE; } break; case 68: #line 543 "../../ipsec-tools/src/racoon/cfparse.y" { char portbuf[10]; snprintf(portbuf, sizeof(portbuf), "%ld", yystack.l_mark[0].num); yyval.saddr = str2saddr(yystack.l_mark[-1].val->v, portbuf); vfree(yystack.l_mark[-1].val); if (!yyval.saddr) return -1; } break; case 69: #line 554 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = PORT_ISAKMP; } break; case 70: #line 555 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 71: #line 560 "../../ipsec-tools/src/racoon/cfparse.y" { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); return -1; #endif #ifndef HAVE_LIBRADIUS yyerror("racoon not configured with --with-libradius"); return -1; #endif #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS xauth_rad_config.timeout = 3; xauth_rad_config.retries = 3; #endif #endif } break; case 75: #line 583 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.auth_server_count; if (i == RADIUS_MAX_SERVERS) { yyerror("maximum radius auth servers exceeded"); return -1; } xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-1].val); xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); xauth_rad_config.auth_server_list[i].port = 0; /* default port*/ xauth_rad_config.auth_server_count++; #endif #endif } break; case 77: #line 601 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.auth_server_count; if (i == RADIUS_MAX_SERVERS) { yyerror("maximum radius auth servers exceeded"); return -1; } xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-2].val); xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); xauth_rad_config.auth_server_list[i].port = yystack.l_mark[-1].num; xauth_rad_config.auth_server_count++; #endif #endif } break; case 79: #line 619 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.acct_server_count; if (i == RADIUS_MAX_SERVERS) { yyerror("maximum radius account servers exceeded"); return -1; } xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-1].val); xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); xauth_rad_config.acct_server_list[i].port = 0; /* default port*/ xauth_rad_config.acct_server_count++; #endif #endif } break; case 81: #line 637 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.acct_server_count; if (i == RADIUS_MAX_SERVERS) { yyerror("maximum radius account servers exceeded"); return -1; } xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-2].val); xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); xauth_rad_config.acct_server_list[i].port = yystack.l_mark[-1].num; xauth_rad_config.acct_server_count++; #endif #endif } break; case 83: #line 655 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS xauth_rad_config.timeout = yystack.l_mark[0].num; #endif #endif } break; case 85: #line 664 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS xauth_rad_config.retries = yystack.l_mark[0].num; #endif #endif } break; case 87: #line 676 "../../ipsec-tools/src/racoon/cfparse.y" { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); return -1; #endif #ifndef HAVE_LIBLDAP yyerror("racoon not configured with --with-libldap"); return -1; #endif } break; case 91: #line 693 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if ((yystack.l_mark[0].num<2)||(yystack.l_mark[0].num>3)) yyerror("invalid ldap protocol version (2|3)"); xauth_ldap_config.pver = yystack.l_mark[0].num; #endif #endif } break; case 93: #line 704 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.host != NULL) vfree(xauth_ldap_config.host); xauth_ldap_config.host = vdup(yystack.l_mark[0].val); #endif #endif } break; case 95: #line 715 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP xauth_ldap_config.port = yystack.l_mark[0].num; #endif #endif } break; case 97: #line 724 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.base != NULL) vfree(xauth_ldap_config.base); xauth_ldap_config.base = vdup(yystack.l_mark[0].val); #endif #endif } break; case 99: #line 735 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP xauth_ldap_config.subtree = yystack.l_mark[0].num; #endif #endif } break; case 101: #line 744 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.bind_dn != NULL) vfree(xauth_ldap_config.bind_dn); xauth_ldap_config.bind_dn = vdup(yystack.l_mark[0].val); #endif #endif } break; case 103: #line 755 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.bind_pw != NULL) vfree(xauth_ldap_config.bind_pw); xauth_ldap_config.bind_pw = vdup(yystack.l_mark[0].val); #endif #endif } break; case 105: #line 766 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_user != NULL) vfree(xauth_ldap_config.attr_user); xauth_ldap_config.attr_user = vdup(yystack.l_mark[0].val); #endif #endif } break; case 107: #line 777 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_addr != NULL) vfree(xauth_ldap_config.attr_addr); xauth_ldap_config.attr_addr = vdup(yystack.l_mark[0].val); #endif #endif } break; case 109: #line 788 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_mask != NULL) vfree(xauth_ldap_config.attr_mask); xauth_ldap_config.attr_mask = vdup(yystack.l_mark[0].val); #endif #endif } break; case 111: #line 799 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_group != NULL) vfree(xauth_ldap_config.attr_group); xauth_ldap_config.attr_group = vdup(yystack.l_mark[0].val); #endif #endif } break; case 113: #line 810 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_member != NULL) vfree(xauth_ldap_config.attr_member); xauth_ldap_config.attr_member = vdup(yystack.l_mark[0].val); #endif #endif } break; case 118: #line 832 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &isakmp_cfg_config.network4) != 1) yyerror("bad IPv4 network address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 120: #line 843 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &isakmp_cfg_config.netmask4) != 1) yyerror("bad IPv4 netmask address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 124: #line 858 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 126: #line 867 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 128: #line 876 "../../ipsec-tools/src/racoon/cfparse.y" { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 130: #line 883 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID strncpy(&isakmp_cfg_config.default_domain[0], yystack.l_mark[0].val->v, MAXPATHLEN); isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0'; vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 132: #line 895 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 134: #line 904 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS; #else /* HAVE_LIBRADIUS */ yyerror("racoon not configured with --with-libradius"); #endif /* HAVE_LIBRADIUS */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 136: #line 917 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBPAM isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM; #else /* HAVE_LIBPAM */ yyerror("racoon not configured with --with-libpam"); #endif /* HAVE_LIBPAM */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 138: #line 930 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP; #else /* HAVE_LIBLDAP */ yyerror("racoon not configured with --with-libldap"); #endif /* HAVE_LIBLDAP */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 140: #line 943 "../../ipsec-tools/src/racoon/cfparse.y" { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 142: #line 950 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 144: #line 959 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP; #else /* HAVE_LIBLDAP */ yyerror("racoon not configured with --with-libldap"); #endif /* HAVE_LIBLDAP */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 146: #line 972 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 148: #line 981 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 150: #line 990 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS; #else /* HAVE_LIBRADIUS */ yyerror("racoon not configured with --with-libradius"); #endif /* HAVE_LIBRADIUS */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 152: #line 1003 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBPAM isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM; #else /* HAVE_LIBPAM */ yyerror("racoon not configured with --with-libpam"); #endif /* HAVE_LIBPAM */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 154: #line 1016 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID if (isakmp_cfg_resize_pool(yystack.l_mark[0].num) != 0) yyerror("cannot allocate memory for pool"); #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 156: #line 1026 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.pfs_group = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 158: #line 1035 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.save_passwd = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 160: #line 1044 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.auth_throttle = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 162: #line 1053 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 164: #line 1062 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS; #else /* HAVE_LIBRADIUS */ yyerror("racoon not configured with --with-libradius"); #endif /* HAVE_LIBRADIUS */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 166: #line 1075 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP; #else /* HAVE_LIBLDAP */ yyerror("racoon not configured with --with-libldap"); #endif /* HAVE_LIBLDAP */ #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } break; case 168: #line 1088 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID strncpy(&isakmp_cfg_config.motd[0], yystack.l_mark[0].val->v, MAXPATHLEN); isakmp_cfg_config.motd[MAXPATHLEN] = '\0'; vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 172: #line 1106 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (icc->dns4_index > MAXNS) yyerror("No more than %d DNS", MAXNS); if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &icc->dns4[icc->dns4_index++]) != 1) yyerror("bad IPv4 DNS address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 175: #line 1127 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (icc->nbns4_index > MAXWINS) yyerror("No more than %d WINS", MAXWINS); if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &icc->nbns4[icc->nbns4_index++]) != 1) yyerror("bad IPv4 WINS address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 178: #line 1148 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; struct unity_network network; memset(&network,0,sizeof(network)); if (inet_pton(AF_INET, yystack.l_mark[-1].val->v, &network.addr4) != 1) yyerror("bad IPv4 SPLIT address."); /* Turn $2 (the prefix) into a subnet mask */ network.mask4.s_addr = (yystack.l_mark[0].num) ? htonl(~((1 << (32 - yystack.l_mark[0].num)) - 1)) : 0; /* add the network to our list */ if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count)) yyerror("Unable to allocate split network"); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 181: #line 1175 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID char * groupname = NULL; char ** grouplist = NULL; struct isakmp_cfg_config *icc = &isakmp_cfg_config; grouplist = racoon_realloc(icc->grouplist, sizeof(char**)*(icc->groupcount+1)); if (grouplist == NULL) { yyerror("unable to allocate auth group list"); return -1; } groupname = racoon_malloc(yystack.l_mark[0].val->l+1); if (groupname == NULL) { yyerror("unable to allocate auth group name"); return -1; } memcpy(groupname,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); groupname[yystack.l_mark[0].val->l]=0; grouplist[icc->groupcount]=groupname; icc->grouplist = grouplist; icc->groupcount++; vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 184: #line 1213 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (!icc->splitdns_len) { icc->splitdns_list = racoon_malloc(yystack.l_mark[0].val->l); if(icc->splitdns_list == NULL) { yyerror("error allocating splitdns list buffer"); return -1; } memcpy(icc->splitdns_list,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); icc->splitdns_len = yystack.l_mark[0].val->l; } else { int len = icc->splitdns_len + yystack.l_mark[0].val->l + 1; icc->splitdns_list = racoon_realloc(icc->splitdns_list,len); if(icc->splitdns_list == NULL) { yyerror("error allocating splitdns list buffer"); return -1; } icc->splitdns_list[icc->splitdns_len] = ','; memcpy(icc->splitdns_list + icc->splitdns_len + 1, yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); icc->splitdns_len = len; } vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 188: #line 1257 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->retry_counter = yystack.l_mark[0].num; } break; case 190: #line 1262 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->retry_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 192: #line 1267 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->count_persend = yystack.l_mark[0].num; } break; case 194: #line 1272 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->retry_checkph1 = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 196: #line 1277 "../../ipsec-tools/src/racoon/cfparse.y" { lcconf->wait_ph2complete = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 198: #line 1282 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) lcconf->natt_ka_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; else yyerror("libipsec lacks NAT-T support"); #else yyerror("NAT-T support not compiled in."); #endif } break; case 200: #line 1298 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo = newsainfo(); if (cur_sainfo == NULL) { yyerror("failed to allocate sainfo"); return -1; } } break; case 201: #line 1306 "../../ipsec-tools/src/racoon/cfparse.y" { struct sainfo *check; /* default */ if (cur_sainfo->algs[algclass_ipsec_enc] == 0) { yyerror("no encryption algorithm at %s", sainfo2str(cur_sainfo)); return -1; } if (cur_sainfo->algs[algclass_ipsec_auth] == 0) { yyerror("no authentication algorithm at %s", sainfo2str(cur_sainfo)); return -1; } if (cur_sainfo->algs[algclass_ipsec_comp] == 0) { yyerror("no compression algorithm at %s", sainfo2str(cur_sainfo)); return -1; } /* duplicate check */ check = getsainfo(cur_sainfo->idsrc, cur_sainfo->iddst, cur_sainfo->id_i, NULL, cur_sainfo->remoteid); if (check && ((check->idsrc != SAINFO_ANONYMOUS) && (cur_sainfo->idsrc != SAINFO_ANONYMOUS))) { yyerror("duplicated sainfo: %s", sainfo2str(cur_sainfo)); return -1; } inssainfo(cur_sainfo); } break; case 203: #line 1346 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = SAINFO_ANONYMOUS; cur_sainfo->iddst = SAINFO_ANONYMOUS; } break; case 204: #line 1351 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = SAINFO_ANONYMOUS; cur_sainfo->iddst = SAINFO_CLIENTADDR; } break; case 205: #line 1356 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = SAINFO_ANONYMOUS; cur_sainfo->iddst = yystack.l_mark[0].val; } break; case 206: #line 1361 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = yystack.l_mark[-1].val; cur_sainfo->iddst = SAINFO_ANONYMOUS; } break; case 207: #line 1366 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = yystack.l_mark[-1].val; cur_sainfo->iddst = SAINFO_CLIENTADDR; } break; case 208: #line 1371 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->idsrc = yystack.l_mark[-1].val; cur_sainfo->iddst = yystack.l_mark[0].val; } break; case 209: #line 1378 "../../ipsec-tools/src/racoon/cfparse.y" { char portbuf[10]; struct sockaddr *saddr; if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { yyerror("port number must be \"any\"."); return -1; } snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); saddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); vfree(yystack.l_mark[-3].val); if (saddr == NULL) return -1; switch (saddr->sa_family) { case AF_INET: if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { yyerror("upper layer protocol mismatched.\n"); racoon_free(saddr); return -1; } yyval.val = ipsecdoi_sockaddr2id(saddr, yystack.l_mark[-2].num == ~0 ? (sizeof(struct in_addr) << 3): yystack.l_mark[-2].num, yystack.l_mark[0].num); break; #ifdef INET6 case AF_INET6: if (yystack.l_mark[0].num == IPPROTO_ICMP) { yyerror("upper layer protocol mismatched.\n"); racoon_free(saddr); return -1; } yyval.val = ipsecdoi_sockaddr2id(saddr, yystack.l_mark[-2].num == ~0 ? (sizeof(struct in6_addr) << 3): yystack.l_mark[-2].num, yystack.l_mark[0].num); break; #endif default: yyerror("invalid family: %d", saddr->sa_family); yyval.val = NULL; break; } racoon_free(saddr); if (yyval.val == NULL) return -1; } break; case 210: #line 1427 "../../ipsec-tools/src/racoon/cfparse.y" { char portbuf[10]; struct sockaddr *laddr = NULL, *haddr = NULL; char *cur = NULL; if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { yyerror("port number must be \"any\"."); return -1; } snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); laddr = str2saddr(yystack.l_mark[-4].val->v, portbuf); if (laddr == NULL) { return -1; } vfree(yystack.l_mark[-4].val); haddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); if (haddr == NULL) { racoon_free(laddr); return -1; } vfree(yystack.l_mark[-3].val); switch (laddr->sa_family) { case AF_INET: if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { yyerror("upper layer protocol mismatched.\n"); if (laddr) racoon_free(laddr); if (haddr) racoon_free(haddr); return -1; } yyval.val = ipsecdoi_sockrange2id(laddr, haddr, yystack.l_mark[0].num); break; #ifdef INET6 case AF_INET6: if (yystack.l_mark[0].num == IPPROTO_ICMP) { yyerror("upper layer protocol mismatched.\n"); if (laddr) racoon_free(laddr); if (haddr) racoon_free(haddr); return -1; } yyval.val = ipsecdoi_sockrange2id(laddr, haddr, yystack.l_mark[0].num); break; #endif default: yyerror("invalid family: %d", laddr->sa_family); yyval.val = NULL; break; } if (laddr) racoon_free(laddr); if (haddr) racoon_free(haddr); if (yyval.val == NULL) return -1; } break; case 211: #line 1492 "../../ipsec-tools/src/racoon/cfparse.y" { struct ipsecdoi_id_b *id_b; if (yystack.l_mark[-1].num == IDTYPE_ASN1DN) { yyerror("id type forbidden: %d", yystack.l_mark[-1].num); yyval.val = NULL; return -1; } yystack.l_mark[0].val->l--; yyval.val = vmalloc(sizeof(*id_b) + yystack.l_mark[0].val->l); if (yyval.val == NULL) { yyerror("failed to allocate identifier"); return -1; } id_b = (struct ipsecdoi_id_b *)yyval.val->v; id_b->type = idtype2doi(yystack.l_mark[-1].num); id_b->proto_id = 0; id_b->port = 0; memcpy(yyval.val->v + sizeof(*id_b), yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); } break; case 212: #line 1520 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->id_i = NULL; } break; case 213: #line 1524 "../../ipsec-tools/src/racoon/cfparse.y" { struct ipsecdoi_id_b *id_b; vchar_t *idv; if (set_identifier(&idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); return -1; } cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l); if (cur_sainfo->id_i == NULL) { yyerror("failed to allocate identifier"); return -1; } id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v; id_b->type = idtype2doi(yystack.l_mark[-1].num); id_b->proto_id = 0; id_b->port = 0; memcpy(cur_sainfo->id_i->v + sizeof(*id_b), idv->v, idv->l); vfree(idv); } break; case 214: #line 1549 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID if ((cur_sainfo->group = vdup(yystack.l_mark[0].val)) == NULL) { yyerror("failed to set sainfo xauth group.\n"); return -1; } #else yyerror("racoon not configured with --enable-hybrid"); return -1; #endif } break; case 217: #line 1567 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->pfs_group = yystack.l_mark[0].num; } break; case 219: #line 1572 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->remoteid = yystack.l_mark[0].num; } break; case 221: #line 1577 "../../ipsec-tools/src/racoon/cfparse.y" { cur_sainfo->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 223: #line 1582 "../../ipsec-tools/src/racoon/cfparse.y" { #if 1 yyerror("byte lifetime support is deprecated"); return -1; #else cur_sainfo->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_sainfo->lifebyte == 0) return -1; #endif } break; case 225: #line 1593 "../../ipsec-tools/src/racoon/cfparse.y" { cur_algclass = yystack.l_mark[0].num; } break; case 227: #line 1601 "../../ipsec-tools/src/racoon/cfparse.y" { inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); } break; case 228: #line 1605 "../../ipsec-tools/src/racoon/cfparse.y" { inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); } break; case 230: #line 1612 "../../ipsec-tools/src/racoon/cfparse.y" { int defklen; yyval.alg = newsainfoalg(); if (yyval.alg == NULL) { yyerror("failed to get algorithm allocation"); return -1; } yyval.alg->alg = algtype2doi(cur_algclass, yystack.l_mark[-1].num); if (yyval.alg->alg == -1) { yyerror("algorithm mismatched"); racoon_free(yyval.alg); yyval.alg = NULL; return -1; } defklen = default_keylen(cur_algclass, yystack.l_mark[-1].num); if (defklen == 0) { if (yystack.l_mark[0].num) { yyerror("keylen not allowed"); racoon_free(yyval.alg); yyval.alg = NULL; return -1; } } else { if (yystack.l_mark[0].num && check_keylen(cur_algclass, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { yyerror("invalid keylen %d", yystack.l_mark[0].num); racoon_free(yyval.alg); yyval.alg = NULL; return -1; } } if (yystack.l_mark[0].num) yyval.alg->encklen = yystack.l_mark[0].num; else yyval.alg->encklen = defklen; /* check if it's supported algorithm by kernel */ if (!(cur_algclass == algclass_ipsec_auth && yystack.l_mark[-1].num == algtype_non_auth) && pk_checkalg(cur_algclass, yystack.l_mark[-1].num, yyval.alg->encklen)) { int a = algclass2doi(cur_algclass); int b = algtype2doi(cur_algclass, yystack.l_mark[-1].num); if (a == IPSECDOI_ATTR_AUTH) a = IPSECDOI_PROTO_IPSEC_AH; yyerror("algorithm %s not supported by the kernel (missing module?)", s_ipsecdoi_trns(a, b)); racoon_free(yyval.alg); yyval.alg = NULL; return -1; } } break; case 231: #line 1667 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = ~0; } break; case 232: #line 1668 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 233: #line 1671 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = IPSEC_PORT_ANY; } break; case 234: #line 1672 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 235: #line 1673 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = IPSEC_PORT_ANY; } break; case 236: #line 1676 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 237: #line 1677 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 238: #line 1678 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = IPSEC_ULPROTO_ANY; } break; case 239: #line 1681 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = 0; } break; case 240: #line 1682 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = yystack.l_mark[0].num; } break; case 241: #line 1688 "../../ipsec-tools/src/racoon/cfparse.y" { struct remoteconf *from, *new; if (getrmconf_by_name(yystack.l_mark[-2].val->v) != NULL) { yyerror("named remoteconf \"%s\" already exists."); return -1; } from = getrmconf_by_name(yystack.l_mark[0].val->v); if (from == NULL) { yyerror("named parent remoteconf \"%s\" does not exist.", yystack.l_mark[0].val->v); return -1; } new = duprmconf_shallow(from); if (new == NULL) { yyerror("failed to duplicate remoteconf from \"%s\".", yystack.l_mark[0].val->v); return -1; } new->name = racoon_strdup(yystack.l_mark[-2].val->v); cur_rmconf = new; vfree(yystack.l_mark[-2].val); vfree(yystack.l_mark[0].val); } break; case 243: #line 1718 "../../ipsec-tools/src/racoon/cfparse.y" { struct remoteconf *new; if (getrmconf_by_name(yystack.l_mark[0].val->v) != NULL) { yyerror("Named remoteconf \"%s\" already exists."); return -1; } new = newrmconf(); if (new == NULL) { yyerror("failed to get new remoteconf."); return -1; } new->name = racoon_strdup(yystack.l_mark[0].val->v); cur_rmconf = new; vfree(yystack.l_mark[0].val); } break; case 245: #line 1738 "../../ipsec-tools/src/racoon/cfparse.y" { struct remoteconf *from, *new; from = getrmconf(yystack.l_mark[0].saddr, GETRMCONF_F_NO_ANONYMOUS); if (from == NULL) { yyerror("failed to get remoteconf for %s.", saddr2str(yystack.l_mark[0].saddr)); return -1; } new = duprmconf_shallow(from); if (new == NULL) { yyerror("failed to duplicate remoteconf from %s.", saddr2str(yystack.l_mark[0].saddr)); return -1; } racoon_free(yystack.l_mark[0].saddr); new->remote = yystack.l_mark[-2].saddr; cur_rmconf = new; } break; case 247: #line 1761 "../../ipsec-tools/src/racoon/cfparse.y" { struct remoteconf *new; new = newrmconf(); if (new == NULL) { yyerror("failed to get new remoteconf."); return -1; } new->remote = yystack.l_mark[0].saddr; cur_rmconf = new; } break; case 250: #line 1779 "../../ipsec-tools/src/racoon/cfparse.y" { if (process_rmconf() != 0) return -1; } break; case 251: #line 1787 "../../ipsec-tools/src/racoon/cfparse.y" { if (process_rmconf() != 0) return -1; } break; case 252: #line 1794 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.saddr = newsaddr(sizeof(struct sockaddr)); yyval.saddr->sa_family = AF_UNSPEC; ((struct sockaddr_in *)yyval.saddr)->sin_port = htons(yystack.l_mark[0].num); } break; case 253: #line 1800 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.saddr = yystack.l_mark[0].saddr; if (yyval.saddr == NULL) { yyerror("failed to allocate sockaddr"); return -1; } } break; case 256: #line 1814 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->remote != NULL) { yyerror("remote_address already specified"); return -1; } cur_rmconf->remote = yystack.l_mark[0].saddr; } break; case 258: #line 1823 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->etypes = NULL; } break; case 260: #line 1827 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->doitype = yystack.l_mark[0].num; } break; case 262: #line 1828 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->sittype = yystack.l_mark[0].num; } break; case 265: #line 1831 "../../ipsec-tools/src/racoon/cfparse.y" { yywarn("This directive without certtype will be removed!\n"); yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", yystack.l_mark[0].val->v); if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, &cur_rmconf->peerscert)) { yyerror("failed to load certificate \"%s\"\n", yystack.l_mark[0].val->v); return -1; } vfree(yystack.l_mark[0].val); } break; case 267: #line 1851 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, &cur_rmconf->peerscert)) { yyerror("failed to load certificate \"%s\"\n", yystack.l_mark[0].val->v); return -1; } vfree(yystack.l_mark[0].val); } break; case 269: #line 1868 "../../ipsec-tools/src/racoon/cfparse.y" { char path[MAXPATHLEN]; int ret = 0; if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } cur_rmconf->peerscert = vmalloc(1); if (cur_rmconf->peerscert == NULL) { yyerror("failed to allocate peerscert"); return -1; } cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA; getpathname(path, sizeof(path), LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); if (rsa_parse_file(cur_rmconf->rsa_public, path, RSA_TYPE_PUBLIC)) { yyerror("Couldn't parse keyfile.\n", path); return -1; } plog(LLV_DEBUG, LOCATION, NULL, "Public PlainRSA keyfile parsed: %s\n", path); vfree(yystack.l_mark[0].val); } break; case 271: #line 1898 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } cur_rmconf->peerscert = vmalloc(1); if (cur_rmconf->peerscert == NULL) { yyerror("failed to allocate peerscert"); return -1; } cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS; } break; case 273: #line 1912 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->cacert != NULL) { yyerror("ca_type already defined\n"); return -1; } if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->cacertfile, &cur_rmconf->cacert)) { yyerror("failed to load certificate \"%s\"\n", yystack.l_mark[0].val->v); return -1; } vfree(yystack.l_mark[0].val); } break; case 275: #line 1928 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->verify_cert = yystack.l_mark[0].num; } break; case 277: #line 1929 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->send_cert = yystack.l_mark[0].num; } break; case 279: #line 1930 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->send_cr = yystack.l_mark[0].num; } break; case 281: #line 1931 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->match_empty_cr = yystack.l_mark[0].num; } break; case 283: #line 1933 "../../ipsec-tools/src/racoon/cfparse.y" { if (set_identifier(&cur_rmconf->idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); return -1; } cur_rmconf->idvtype = yystack.l_mark[-1].num; } break; case 285: #line 1942 "../../ipsec-tools/src/racoon/cfparse.y" { if (set_identifier_qual(&cur_rmconf->idv, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { yyerror("failed to set identifer.\n"); return -1; } cur_rmconf->idvtype = yystack.l_mark[-2].num; } break; case 287: #line 1951 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_HYBRID /* formerly identifier type login */ if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) { yyerror("failed to allocate xauth state\n"); return -1; } if ((cur_rmconf->xauth->login = vdup(yystack.l_mark[0].val)) == NULL) { yyerror("failed to set identifer.\n"); return -1; } #else yyerror("racoon not configured with --enable-hybrid"); #endif } break; case 289: #line 1968 "../../ipsec-tools/src/racoon/cfparse.y" { struct idspec *id; id = newidspec(); if (id == NULL) { yyerror("failed to allocate idspec"); return -1; } if (set_identifier(&id->id, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); racoon_free(id); return -1; } id->idtype = yystack.l_mark[-1].num; genlist_append (cur_rmconf->idvl_p, id); } break; case 291: #line 1985 "../../ipsec-tools/src/racoon/cfparse.y" { struct idspec *id; id = newidspec(); if (id == NULL) { yyerror("failed to allocate idspec"); return -1; } if (set_identifier_qual(&id->id, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { yyerror("failed to set identifer.\n"); racoon_free(id); return -1; } id->idtype = yystack.l_mark[-2].num; genlist_append (cur_rmconf->idvl_p, id); } break; case 293: #line 2001 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->verify_identifier = yystack.l_mark[0].num; } break; case 295: #line 2002 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->nonce_size = yystack.l_mark[0].num; } break; case 297: #line 2004 "../../ipsec-tools/src/racoon/cfparse.y" { yyerror("dh_group cannot be defined here."); return -1; } break; case 299: #line 2009 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->passive = yystack.l_mark[0].num; } break; case 301: #line 2010 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->ike_frag = yystack.l_mark[0].num; } break; case 303: #line 2011 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; } break; case 305: #line 2012 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef SADB_X_EXT_NAT_T_FRAG if (libipsec_opt & LIBIPSEC_OPT_FRAG) cur_rmconf->esp_frag = yystack.l_mark[0].num; else yywarn("libipsec lacks IKE frag support"); #else yywarn("Your kernel does not support esp_frag"); #endif } break; case 307: #line 2022 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]); cur_rmconf->script[SCRIPT_PHASE1_UP] = script_path_add(vdup(yystack.l_mark[-1].val)); } break; case 309: #line 2029 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]); cur_rmconf->script[SCRIPT_PHASE1_DOWN] = script_path_add(vdup(yystack.l_mark[-1].val)); } break; case 311: #line 2036 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]); cur_rmconf->script[SCRIPT_PHASE1_DEAD] = script_path_add(vdup(yystack.l_mark[-1].val)); } break; case 313: #line 2043 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->mode_cfg = yystack.l_mark[0].num; } break; case 315: #line 2044 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->weak_phase1_check = yystack.l_mark[0].num; } break; case 317: #line 2047 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->gen_policy = yystack.l_mark[0].num; } break; case 319: #line 2048 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->gen_policy = yystack.l_mark[0].num; } break; case 321: #line 2049 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->support_proxy = yystack.l_mark[0].num; } break; case 323: #line 2050 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->ini_contact = yystack.l_mark[0].num; } break; case 325: #line 2052 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) cur_rmconf->nat_traversal = yystack.l_mark[0].num; else yyerror("libipsec lacks NAT-T support"); #else yyerror("NAT-T support not compiled in."); #endif } break; case 327: #line 2063 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) cur_rmconf->nat_traversal = NATT_FORCE; else yyerror("libipsec lacks NAT-T support"); #else yyerror("NAT-T support not compiled in."); #endif } break; case 329: #line 2074 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_DPD cur_rmconf->dpd = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } break; case 331: #line 2082 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_DPD cur_rmconf->dpd_interval = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } break; case 333: #line 2091 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_DPD cur_rmconf->dpd_retry = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } break; case 335: #line 2100 "../../ipsec-tools/src/racoon/cfparse.y" { #ifdef ENABLE_DPD cur_rmconf->dpd_maxfails = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } break; case 337: #line 2108 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->rekey = yystack.l_mark[0].num; } break; case 339: #line 2109 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->rekey = REKEY_FORCE; } break; case 341: #line 2111 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->ph1id = yystack.l_mark[0].num; } break; case 343: #line 2116 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 345: #line 2120 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->pcheck_level = yystack.l_mark[0].num; } break; case 347: #line 2122 "../../ipsec-tools/src/racoon/cfparse.y" { #if 1 yyerror("byte lifetime support is deprecated in Phase1"); return -1; #else yywarn("the lifetime of bytes in phase 1 " "will be ignored at the moment."); cur_rmconf->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_rmconf->lifebyte == 0) return -1; #endif } break; case 349: #line 2136 "../../ipsec-tools/src/racoon/cfparse.y" { struct secprotospec *spspec; spspec = newspspec(); if (spspec == NULL) return -1; insspspec(cur_rmconf, spspec); } break; case 352: #line 2149 "../../ipsec-tools/src/racoon/cfparse.y" { struct etypes *new; new = racoon_malloc(sizeof(struct etypes)); if (new == NULL) { yyerror("failed to allocate etypes"); return -1; } new->type = yystack.l_mark[0].num; new->next = NULL; if (cur_rmconf->etypes == NULL) cur_rmconf->etypes = new; else { struct etypes *p; for (p = cur_rmconf->etypes; p->next != NULL; p = p->next) ; p->next = new; } } break; case 353: #line 2172 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->mycert != NULL) { yyerror("certificate_type already defined\n"); return -1; } if (load_x509(yystack.l_mark[-1].val->v, &cur_rmconf->mycertfile, &cur_rmconf->mycert)) { yyerror("failed to load certificate \"%s\"\n", yystack.l_mark[-1].val->v); return -1; } cur_rmconf->myprivfile = racoon_strdup(yystack.l_mark[0].val->v); STRDUP_FATAL(cur_rmconf->myprivfile); vfree(yystack.l_mark[-1].val); vfree(yystack.l_mark[0].val); } break; case 355: #line 2193 "../../ipsec-tools/src/racoon/cfparse.y" { char path[MAXPATHLEN]; int ret = 0; if (cur_rmconf->mycert != NULL) { yyerror("certificate_type already defined\n"); return -1; } cur_rmconf->mycert = vmalloc(1); if (cur_rmconf->mycert == NULL) { yyerror("failed to allocate mycert"); return -1; } cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA; getpathname(path, sizeof(path), LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); cur_rmconf->send_cr = FALSE; cur_rmconf->send_cert = FALSE; cur_rmconf->verify_cert = FALSE; if (rsa_parse_file(cur_rmconf->rsa_private, path, RSA_TYPE_PRIVATE)) { yyerror("Couldn't parse keyfile.\n", path); return -1; } plog(LLV_DEBUG, LOCATION, NULL, "Private PlainRSA keyfile parsed: %s\n", path); vfree(yystack.l_mark[0].val); } break; case 357: #line 2227 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = algtype2doi(algclass_isakmp_dh, yystack.l_mark[0].num); if (yyval.num == -1) { yyerror("must be DH group"); return -1; } } break; case 358: #line 2235 "../../ipsec-tools/src/racoon/cfparse.y" { if (ARRAYLEN(num2dhgroup) > yystack.l_mark[0].num && num2dhgroup[yystack.l_mark[0].num] != 0) { yyval.num = num2dhgroup[yystack.l_mark[0].num]; } else { yyerror("must be DH group"); yyval.num = 0; return -1; } } break; case 359: #line 2246 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.val = NULL; } break; case 360: #line 2247 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.val = yystack.l_mark[0].val; } break; case 361: #line 2248 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.val = yystack.l_mark[0].val; } break; case 364: #line 2256 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->spspec->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; } break; case 366: #line 2261 "../../ipsec-tools/src/racoon/cfparse.y" { #if 1 yyerror("byte lifetime support is deprecated"); return -1; #else cur_rmconf->spspec->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_rmconf->spspec->lifebyte == 0) return -1; #endif } break; case 368: #line 2273 "../../ipsec-tools/src/racoon/cfparse.y" { cur_rmconf->spspec->algclass[algclass_isakmp_dh] = yystack.l_mark[0].num; } break; case 370: #line 2278 "../../ipsec-tools/src/racoon/cfparse.y" { if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) { yyerror("wrong Vendor ID for gssapi_id"); return -1; } if (cur_rmconf->spspec->gssid != NULL) racoon_free(cur_rmconf->spspec->gssid); cur_rmconf->spspec->gssid = racoon_strdup(yystack.l_mark[0].val->v); STRDUP_FATAL(cur_rmconf->spspec->gssid); } break; case 372: #line 2291 "../../ipsec-tools/src/racoon/cfparse.y" { int doi; int defklen; doi = algtype2doi(yystack.l_mark[-2].num, yystack.l_mark[-1].num); if (doi == -1) { yyerror("algorithm mismatched 1"); return -1; } switch (yystack.l_mark[-2].num) { case algclass_isakmp_enc: /* reject suppressed algorithms */ #ifndef HAVE_OPENSSL_RC5_H if (yystack.l_mark[-1].num == algtype_rc5) { yyerror("algorithm %s not supported", s_attr_isakmp_enc(doi)); return -1; } #endif #ifndef HAVE_OPENSSL_IDEA_H if (yystack.l_mark[-1].num == algtype_idea) { yyerror("algorithm %s not supported", s_attr_isakmp_enc(doi)); return -1; } #endif cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi; defklen = default_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num); if (defklen == 0) { if (yystack.l_mark[0].num) { yyerror("keylen not allowed"); return -1; } } else { if (yystack.l_mark[0].num && check_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { yyerror("invalid keylen %d", yystack.l_mark[0].num); return -1; } } if (yystack.l_mark[0].num) cur_rmconf->spspec->encklen = yystack.l_mark[0].num; else cur_rmconf->spspec->encklen = defklen; break; case algclass_isakmp_hash: cur_rmconf->spspec->algclass[algclass_isakmp_hash] = doi; break; case algclass_isakmp_ameth: cur_rmconf->spspec->algclass[algclass_isakmp_ameth] = doi; /* * We may have to set the Vendor ID for the * authentication method we're using. */ switch (yystack.l_mark[-1].num) { case algtype_gssapikrb: if (cur_rmconf->spspec->vendorid != VENDORID_UNKNOWN) { yyerror("Vendor ID mismatch " "for auth method"); return -1; } /* * For interoperability with Win2k, * we set the Vendor ID to "GSSAPI". */ cur_rmconf->spspec->vendorid = VENDORID_GSSAPI; break; case algtype_rsasig: if (oakley_get_certtype(cur_rmconf->peerscert) == ISAKMP_CERT_PLAINRSA) { if (rsa_list_count(cur_rmconf->rsa_private) == 0) { yyerror ("Private PlainRSA key not set. " "Use directive 'certificate_type plainrsa ...'\n"); return -1; } if (rsa_list_count(cur_rmconf->rsa_public) == 0) { yyerror ("Public PlainRSA keys not set. " "Use directive 'peers_certfile plainrsa ...'\n"); return -1; } } break; default: break; } break; default: yyerror("algorithm mismatched 2"); return -1; } } break; case 374: #line 2388 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = 1; } break; case 375: #line 2389 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = 60; } break; case 376: #line 2390 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = (60 * 60); } break; case 377: #line 2393 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = 1; } break; case 378: #line 2394 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = 1024; } break; case 379: #line 2395 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = (1024 * 1024); } break; case 380: #line 2396 "../../ipsec-tools/src/racoon/cfparse.y" { yyval.num = (1024 * 1024 * 1024); } break; #line 4299 "racoonyy.tab.c" } yystack.s_mark -= yym; yystate = *yystack.s_mark; yystack.l_mark -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state 0 to\ state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; *++yystack.s_mark = YYFINAL; *++yystack.l_mark = yyval; if (yychar < 0) { yychar = YYLEX; if (yychar < 0) yychar = YYEOF; #if YYDEBUG if (yydebug) { if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, YYFINAL, yychar, yys); } #endif } if (yychar == YYEOF) goto yyaccept; goto yyloop; } if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate) yystate = yytable[yyn]; else yystate = yydgoto[yym]; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; *++yystack.s_mark = (YYINT) yystate; *++yystack.l_mark = yyval; goto yyloop; yyoverflow: YYERROR_CALL("yacc stack overflow"); yyabort: yyfreestack(&yystack); return (1); yyaccept: yyfreestack(&yystack); return (0); }