gotwebd/parse.y

   1 /*
   2  * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
   3  * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
   4  * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
   5  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
   6  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
   7  * Copyright (c) 2001 Daniel Hartmeier.  All rights reserved.
   8  * Copyright (c) 2001 Theo de Raadt.  All rights reserved.
   9  *
  10  * Permission to use, copy, modify, and distribute this software for any
  11  * purpose with or without fee is hereby granted, provided that the above
  12  * copyright notice and this permission notice appear in all copies.
  13  *
  14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  21  */
  22
  23 %{
  24 #include "got_compat.h"
  25
  26 #include <sys/ioctl.h>
  27 #include <sys/types.h>
  28 #include <sys/queue.h>
  29 #include <sys/socket.h>
  30 #include <sys/stat.h>
  31
  32 #include <net/if.h>
  33 #include <netinet/in.h>
  34
  35 #include <arpa/inet.h>
  36
  37 #include <ctype.h>
  38 #include <err.h>
  39 #include <errno.h>
  40 #include <event.h>
  41 #include <ifaddrs.h>
  42 #include <limits.h>
  43 #include <netdb.h>
  44 #include <stdarg.h>
  45 #include <stdlib.h>
  46 #include <stdio.h>
  47 #include <string.h>
  48 #include <syslog.h>
  49 #include <unistd.h>
  50
  51 #include "proc.h"
  52 #include "gotwebd.h"
  53 #include "got_sockaddr.h"
  54
  55 TAILQ_HEAD(files, file)          files = TAILQ_HEAD_INITIALIZER(files);
  56 static struct file {
  57         TAILQ_ENTRY(file)        entry;
  58         FILE                    *stream;
  59         char                    *name;
  60         int                      lineno;
  61         int                      errors;
  62 } *file;
  63 struct file     *newfile(const char *, int);
  64 static void      closefile(struct file *);
  65 int              check_file_secrecy(int, const char *);
  66 int              yyparse(void);
  67 int              yylex(void);
  68 int              yyerror(const char *, ...)
  69     __attribute__((__format__ (printf, 1, 2)))
  70     __attribute__((__nonnull__ (1)));
  71 int              kw_cmp(const void *, const void *);
  72 int              lookup(char *);
  73 int              lgetc(int);
  74 int              lungetc(int);
  75 int              findeol(void);
  76
  77 TAILQ_HEAD(symhead, sym)         symhead = TAILQ_HEAD_INITIALIZER(symhead);
  78 struct sym {
  79         TAILQ_ENTRY(sym)         entry;
  80         int                      used;
  81         int                      persist;
  82         char                    *nam;
  83         char                    *val;
  84 };
  85
  86 int      symset(const char *, const char *, int);
  87 char    *symget(const char *);
  88
  89 static int               errors;
  90
  91 static struct gotwebd           *gotwebd;
  92 static struct server            *new_srv;
  93 static struct server            *conf_new_server(const char *);
  94 int                              getservice(const char *);
  95 int                              n;
  96
  97 int              get_addrs(const char *, struct server *, in_port_t);
  98 int              addr_dup_check(struct addresslist *, struct address *,
  99                     const char *, const char *);
 100 int              add_addr(struct server *, struct address *);
 101 struct address  *host_v4(const char *);
 102 struct address  *host_v6(const char *);
 103 int              host_dns(const char *, struct server *,
 104                     int, in_port_t, const char *, int);
 105 int              host_if(const char *, struct server *,
 106                     int, in_port_t, const char *, int);
 107 int              host(const char *, struct server *,
 108                     int, in_port_t, const char *, int);
 109 int              is_if_in_group(const char *, const char *);
 110
 111 typedef struct {
 112         union {
 113                 long long        number;
 114                 char            *string;
 115                 in_port_t        port;
 116         } v;
 117         int lineno;
 118 } YYSTYPE;
 119
 120 %}
 121
 122 %token  LISTEN WWW_PATH MAX_REPOS SITE_NAME SITE_OWNER SITE_LINK LOGO
 123 %token  LOGO_URL SHOW_REPO_OWNER SHOW_REPO_AGE SHOW_REPO_DESCRIPTION
 124 %token  MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR
 125 %token  SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK RESPECT_EXPORTOK
 126 %token  UNIX_SOCKET UNIX_SOCKET_NAME SERVER CHROOT CUSTOM_CSS SOCKET
 127
 128 %token  <v.string>      STRING
 129 %type   <v.port>        fcgiport
 130 %token  <v.number>      NUMBER
 131 %type   <v.number>      boolean
 132
 133 %%
 134
 135 grammar         : /* empty */
 136                 | grammar '\n'
 137                 | grammar varset '\n'
 138                 | grammar main '\n'
 139                 | grammar server '\n'
 140                 | grammar error '\n'            { file->errors++; }
 141                 ;
 142
 143 varset          : STRING '=' STRING     {
 144                         char *s = $1;
 145                         while (*s++) {
 146                                 if (isspace((unsigned char)*s)) {
 147                                         yyerror("macro name cannot contain "
 148                                             "whitespace");
 149                                         free($1);
 150                                         free($3);
 151                                         YYERROR;
 152                                 }
 153                         }
 154                         if (symset($1, $3, 0) == -1)
 155                                 fatal("cannot store variable");
 156                         free($1);
 157                         free($3);
 158                 }
 159                 ;
 160
 161 boolean         : STRING {
 162                         if (strcasecmp($1, "1") == 0 ||
 163                             strcasecmp($1, "yes") == 0 ||
 164                             strcasecmp($1, "on") == 0)
 165                                 $$ = 1;
 166                         else if (strcasecmp($1, "0") == 0 ||
 167                             strcasecmp($1, "off") == 0 ||
 168                             strcasecmp($1, "no") == 0)
 169                                 $$ = 0;
 170                         else {
 171                                 yyerror("invalid boolean value '%s'", $1);
 172                                 free($1);
 173                                 YYERROR;
 174                         }
 175                         free($1);
 176                 }
 177                 | ON { $$ = 1; }
 178                 | NUMBER { $$ = $1; }
 179                 ;
 180
 181 fcgiport        : PORT NUMBER {
 182                         if ($2 <= 0 || $2 > (int)USHRT_MAX) {
 183                                 yyerror("invalid port: %lld", $2);
 184                                 YYERROR;
 185                         }
 186                         $$ = $2;
 187                 }
 188                 | PORT STRING {
 189                         int      val;
 190
 191                         if ((val = getservice($2)) == -1) {
 192                                 yyerror("invalid port: %s", $2);
 193                                 free($2);
 194                                 YYERROR;
 195                         }
 196                         free($2);
 197
 198                         $$ = val;
 199                 }
 200                 ;
 201
 202 main            : PREFORK NUMBER {
 203                         gotwebd->prefork_gotwebd = $2;
 204                 }
 205                 | CHROOT STRING {
 206                         n = strlcpy(gotwebd->httpd_chroot, $2,
 207                             sizeof(gotwebd->httpd_chroot));
 208                         if (n >= sizeof(gotwebd->httpd_chroot)) {
 209                                 yyerror("%s: httpd_chroot truncated", __func__);
 210                                 free($2);
 211                                 YYERROR;
 212                         }
 213                         free($2);
 214                 }
 215                 | UNIX_SOCKET boolean {
 216                         gotwebd->unix_socket = $2;
 217                 }
 218                 | UNIX_SOCKET_NAME STRING {
 219                         n = snprintf(gotwebd->unix_socket_name,
 220                             sizeof(gotwebd->unix_socket_name), "%s%s",
 221                             strlen(gotwebd->httpd_chroot) ?
 222                             gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2);
 223                         if (n < 0 ||
 224                             (size_t)n >= sizeof(gotwebd->unix_socket_name)) {
 225                                 yyerror("%s: unix_socket_name truncated",
 226                                     __func__);
 227                                 free($2);
 228                                 YYERROR;
 229                         }
 230                         free($2);
 231                 }
 232                 ;
 233
 234 server          : SERVER STRING {
 235                         struct server *srv;
 236
 237                         TAILQ_FOREACH(srv, &gotwebd->servers, entry) {
 238                                 if (strcmp(srv->name, $2) == 0) {
 239                                         yyerror("server name exists '%s'", $2);
 240                                         free($2);
 241                                         YYERROR;
 242                                 }
 243                         }
 244
 245                         new_srv = conf_new_server($2);
 246                         log_debug("adding server %s", $2);
 247                         free($2);
 248                 }
 249                 | SERVER STRING {
 250                         struct server *srv;
 251
 252                         TAILQ_FOREACH(srv, &gotwebd->servers, entry) {
 253                                 if (strcmp(srv->name, $2) == 0) {
 254                                         yyerror("server name exists '%s'", $2);
 255                                         free($2);
 256                                         YYERROR;
 257                                 }
 258                         }
 259
 260                         new_srv = conf_new_server($2);
 261                         log_debug("adding server %s", $2);
 262                         free($2);
 263                 } '{' optnl serveropts2 '}' {
 264                 }
 265                 ;
 266
 267 serveropts1     : REPOS_PATH STRING {
 268                         n = strlcpy(new_srv->repos_path, $2,
 269                             sizeof(new_srv->repos_path));
 270                         if (n >= sizeof(new_srv->repos_path)) {
 271                                 yyerror("%s: repos_path truncated", __func__);
 272                                 free($2);
 273                                 YYERROR;
 274                         }
 275                         free($2);
 276                 }
 277                 | SITE_NAME STRING {
 278                         n = strlcpy(new_srv->site_name, $2,
 279                             sizeof(new_srv->site_name));
 280                         if (n >= sizeof(new_srv->site_name)) {
 281                                 yyerror("%s: site_name truncated", __func__);
 282                                 free($2);
 283                                 YYERROR;
 284                         }
 285                         free($2);
 286                 }
 287                 | SITE_OWNER STRING {
 288                         n = strlcpy(new_srv->site_owner, $2,
 289                             sizeof(new_srv->site_owner));
 290                         if (n >= sizeof(new_srv->site_owner)) {
 291                                 yyerror("%s: site_owner truncated", __func__);
 292                                 free($2);
 293                                 YYERROR;
 294                         }
 295                         free($2);
 296                 }
 297                 | SITE_LINK STRING {
 298                         n = strlcpy(new_srv->site_link, $2,
 299                             sizeof(new_srv->site_link));
 300                         if (n >= sizeof(new_srv->site_link)) {
 301                                 yyerror("%s: site_link truncated", __func__);
 302                                 free($2);
 303                                 YYERROR;
 304                         }
 305                         free($2);
 306                 }
 307                 | LOGO STRING {
 308                         n = strlcpy(new_srv->logo, $2, sizeof(new_srv->logo));
 309                         if (n >= sizeof(new_srv->logo)) {
 310                                 yyerror("%s: logo truncated", __func__);
 311                                 free($2);
 312                                 YYERROR;
 313                         }
 314                         free($2);
 315                 }
 316                 | LOGO_URL STRING {
 317                         n = strlcpy(new_srv->logo_url, $2,
 318                             sizeof(new_srv->logo_url));
 319                         if (n >= sizeof(new_srv->logo_url)) {
 320                                 yyerror("%s: logo_url truncated", __func__);
 321                                 free($2);
 322                                 YYERROR;
 323                         }
 324                         free($2);
 325                 }
 326                 | CUSTOM_CSS STRING {
 327                         n = strlcpy(new_srv->custom_css, $2,
 328                             sizeof(new_srv->custom_css));
 329                         if (n >= sizeof(new_srv->custom_css)) {
 330                                 yyerror("%s: custom_css truncated", __func__);
 331                                 free($2);
 332                                 YYERROR;
 333                         }
 334                         free($2);
 335                 }
 336                 | LISTEN ON STRING fcgiport {
 337                         if (get_addrs($3, new_srv, $4) == -1) {
 338                                 yyerror("could not get addrs");
 339                                 YYERROR;
 340                         }
 341                         new_srv->fcgi_socket = 1;
 342                 }
 343                 | LISTEN ON SOCKET STRING {
 344                         if (!strcasecmp($4, "off") ||
 345                             !strcasecmp($4, "no")) {
 346                                 new_srv->unix_socket = 0;
 347                                 free($4);
 348                                 YYACCEPT;
 349                         }
 350
 351                         new_srv->unix_socket = 1;
 352
 353                         n = snprintf(new_srv->unix_socket_name,
 354                             sizeof(new_srv->unix_socket_name), "%s%s",
 355                             strlen(gotwebd->httpd_chroot) ?
 356                             gotwebd->httpd_chroot : D_HTTPD_CHROOT, $4);
 357                         if (n < 0 ||
 358                             (size_t)n >= sizeof(new_srv->unix_socket_name)) {
 359                                 yyerror("%s: unix_socket_name truncated",
 360                                     __func__);
 361                                 free($4);
 362                                 YYERROR;
 363                         }
 364                         free($4);
 365                 }
 366                 | MAX_REPOS NUMBER {
 367                         if ($2 > 0)
 368                                 new_srv->max_repos = $2;
 369                 }
 370                 | SHOW_SITE_OWNER boolean {
 371                         new_srv->show_site_owner = $2;
 372                 }
 373                 | SHOW_REPO_OWNER boolean {
 374                         new_srv->show_repo_owner = $2;
 375                 }
 376                 | SHOW_REPO_AGE boolean {
 377                         new_srv->show_repo_age = $2;
 378                 }
 379                 | SHOW_REPO_DESCRIPTION boolean {
 380                         new_srv->show_repo_description = $2;
 381                 }
 382                 | SHOW_REPO_CLONEURL boolean {
 383                         new_srv->show_repo_cloneurl = $2;
 384                 }
 385                 | RESPECT_EXPORTOK boolean {
 386                         new_srv->respect_exportok = $2;
 387                 }
 388                 | MAX_REPOS_DISPLAY NUMBER {
 389                                 new_srv->max_repos_display = $2;
 390                 }
 391                 | MAX_COMMITS_DISPLAY NUMBER {
 392                         if ($2 > 0)
 393                                 new_srv->max_commits_display = $2;
 394                 }
 395                 ;
 396
 397 serveropts2     : serveropts2 serveropts1 nl
 398                 | serveropts1 optnl
 399                 ;
 400
 401 nl              : '\n' optnl
 402                 ;
 403
 404 optnl           : '\n' optnl            /* zero or more newlines */
 405                 | /* empty */
 406                 ;
 407
 408 %%
 409
 410 struct keywords {
 411         const char      *k_name;
 412         int              k_val;
 413 };
 414
 415 int
 416 yyerror(const char *fmt, ...)
 417 {
 418         va_list ap;
 419         char *msg;
 420
 421         file->errors++;
 422         va_start(ap, fmt);
 423         if (vasprintf(&msg, fmt, ap) == -1)
 424                 fatalx("yyerror vasprintf");
 425         va_end(ap);
 426         logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
 427         free(msg);
 428         return (0);
 429 }
 430
 431 int
 432 kw_cmp(const void *k, const void *e)
 433 {
 434         return (strcmp(k, ((const struct keywords *)e)->k_name));
 435 }
 436
 437 int
 438 lookup(char *s)
 439 {
 440         /* This has to be sorted always. */
 441         static const struct keywords keywords[] = {
 442                 { "chroot",                     CHROOT },
 443                 { "custom_css",                 CUSTOM_CSS },
 444                 { "listen",                     LISTEN },
 445                 { "logo",                       LOGO },
 446                 { "logo_url",                   LOGO_URL },
 447                 { "max_commits_display",        MAX_COMMITS_DISPLAY },
 448                 { "max_repos",                  MAX_REPOS },
 449                 { "max_repos_display",          MAX_REPOS_DISPLAY },
 450                 { "on",                         ON },
 451                 { "port",                       PORT },
 452                 { "prefork",                    PREFORK },
 453                 { "repos_path",                 REPOS_PATH },
 454                 { "respect_exportok",           RESPECT_EXPORTOK },
 455                 { "server",                     SERVER },
 456                 { "show_repo_age",              SHOW_REPO_AGE },
 457                 { "show_repo_cloneurl",         SHOW_REPO_CLONEURL },
 458                 { "show_repo_description",      SHOW_REPO_DESCRIPTION },
 459                 { "show_repo_owner",            SHOW_REPO_OWNER },
 460                 { "show_site_owner",            SHOW_SITE_OWNER },
 461                 { "site_link",                  SITE_LINK },
 462                 { "site_name",                  SITE_NAME },
 463                 { "site_owner",                 SITE_OWNER },
 464                 { "socket",                     SOCKET },
 465                 { "unix_socket",                UNIX_SOCKET },
 466                 { "unix_socket_name",           UNIX_SOCKET_NAME },
 467         };
 468         const struct keywords *p;
 469
 470         p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
 471             sizeof(keywords[0]), kw_cmp);
 472
 473         if (p)
 474                 return (p->k_val);
 475         else
 476                 return (STRING);
 477 }
 478
 479 #define MAXPUSHBACK     128
 480
 481 unsigned char *parsebuf;
 482 int parseindex;
 483 unsigned char pushback_buffer[MAXPUSHBACK];
 484 int pushback_index = 0;
 485
 486 int
 487 lgetc(int quotec)
 488 {
 489         int c, next;
 490
 491         if (parsebuf) {
 492                 /* Read character from the parsebuffer instead of input. */
 493                 if (parseindex >= 0) {
 494                         c = parsebuf[parseindex++];
 495                         if (c != '\0')
 496                                 return (c);
 497                         parsebuf = NULL;
 498                 } else
 499                         parseindex++;
 500         }
 501
 502         if (pushback_index)
 503                 return (pushback_buffer[--pushback_index]);
 504
 505         if (quotec) {
 506                 c = getc(file->stream);
 507                 if (c == EOF)
 508                         yyerror("reached end of file while parsing "
 509                             "quoted string");
 510                 return (c);
 511         }
 512
 513         c = getc(file->stream);
 514         while (c == '\\') {
 515                 next = getc(file->stream);
 516                 if (next != '\n') {
 517                         c = next;
 518                         break;
 519                 }
 520                 yylval.lineno = file->lineno;
 521                 file->lineno++;
 522                 c = getc(file->stream);
 523         }
 524
 525         return (c);
 526 }
 527
 528 int
 529 lungetc(int c)
 530 {
 531         if (c == EOF)
 532                 return (EOF);
 533         if (parsebuf) {
 534                 parseindex--;
 535                 if (parseindex >= 0)
 536                         return (c);
 537         }
 538         if (pushback_index < MAXPUSHBACK-1)
 539                 return (pushback_buffer[pushback_index++] = c);
 540         else
 541                 return (EOF);
 542 }
 543
 544 int
 545 findeol(void)
 546 {
 547         int c;
 548
 549         parsebuf = NULL;
 550
 551         /* Skip to either EOF or the first real EOL. */
 552         while (1) {
 553                 if (pushback_index)
 554                         c = pushback_buffer[--pushback_index];
 555                 else
 556                         c = lgetc(0);
 557                 if (c == '\n') {
 558                         file->lineno++;
 559                         break;
 560                 }
 561                 if (c == EOF)
 562                         break;
 563         }
 564         return (ERROR);
 565 }
 566
 567 int
 568 yylex(void)
 569 {
 570         unsigned char buf[8096];
 571         unsigned char *p, *val;
 572         int quotec, next, c;
 573         int token;
 574
 575 top:
 576         p = buf;
 577         c = lgetc(0);
 578         while (c == ' ' || c == '\t')
 579                 c = lgetc(0); /* nothing */
 580
 581         yylval.lineno = file->lineno;
 582         if (c == '#') {
 583                 c = lgetc(0);
 584                 while (c != '\n' && c != EOF)
 585                         c = lgetc(0); /* nothing */
 586         }
 587         if (c == '$' && parsebuf == NULL) {
 588                 while (1) {
 589                         c = lgetc(0);
 590                         if (c == EOF)
 591                                 return (0);
 592
 593                         if (p + 1 >= buf + sizeof(buf) - 1) {
 594                                 yyerror("string too long");
 595                                 return (findeol());
 596                         }
 597                         if (isalnum(c) || c == '_') {
 598                                 *p++ = c;
 599                                 continue;
 600                         }
 601                         *p = '\0';
 602                         lungetc(c);
 603                         break;
 604                 }
 605                 val = symget(buf);
 606                 if (val == NULL) {
 607                         yyerror("macro '%s' not defined", buf);
 608                         return (findeol());
 609                 }
 610                 parsebuf = val;
 611                 parseindex = 0;
 612                 goto top;
 613         }
 614
 615         switch (c) {
 616         case '\'':
 617         case '"':
 618                 quotec = c;
 619                 while (1) {
 620                         c = lgetc(quotec);
 621                         if (c == EOF)
 622                                 return (0);
 623                         if (c == '\n') {
 624                                 file->lineno++;
 625                                 continue;
 626                         } else if (c == '\\') {
 627                                 next = lgetc(quotec);
 628                                 if (next == EOF)
 629                                         return (0);
 630                                 if (next == quotec || c == ' ' || c == '\t')
 631                                         c = next;
 632                                 else if (next == '\n') {
 633                                         file->lineno++;
 634                                         continue;
 635                                 } else
 636                                         lungetc(next);
 637                         } else if (c == quotec) {
 638                                 *p = '\0';
 639                                 break;
 640                         } else if (c == '\0') {
 641                                 yyerror("syntax error");
 642                                 return (findeol());
 643                         }
 644                         if (p + 1 >= buf + sizeof(buf) - 1) {
 645                                 yyerror("string too long");
 646                                 return (findeol());
 647                         }
 648                         *p++ = c;
 649                 }
 650                 yylval.v.string = strdup(buf);
 651                 if (yylval.v.string == NULL)
 652                         err(1, "yylex: strdup");
 653                 return (STRING);
 654         }
 655
 656 #define allowed_to_end_number(x) \
 657         (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
 658
 659         if (c == '-' || isdigit(c)) {
 660                 do {
 661                         *p++ = c;
 662                         if ((unsigned)(p-buf) >= sizeof(buf)) {
 663                                 yyerror("string too long");
 664                                 return (findeol());
 665                         }
 666                         c = lgetc(0);
 667                 } while (c != EOF && isdigit(c));
 668                 lungetc(c);
 669                 if (p == buf + 1 && buf[0] == '-')
 670                         goto nodigits;
 671                 if (c == EOF || allowed_to_end_number(c)) {
 672                         const char *errstr = NULL;
 673
 674                         *p = '\0';
 675                         yylval.v.number = strtonum(buf, LLONG_MIN,
 676                             LLONG_MAX, &errstr);
 677                         if (errstr) {
 678                                 yyerror("\"%s\" invalid number: %s",
 679                                     buf, errstr);
 680                                 return (findeol());
 681                         }
 682                         return (NUMBER);
 683                 } else {
 684 nodigits:
 685                         while (p > buf + 1)
 686                                 lungetc(*--p);
 687                         c = *--p;
 688                         if (c == '-')
 689                                 return (c);
 690                 }
 691         }
 692
 693 #define allowed_in_string(x) \
 694         (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
 695         x != '{' && x != '}' && \
 696         x != '!' && x != '=' && x != '#' && \
 697         x != ','))
 698
 699         if (isalnum(c) || c == ':' || c == '_') {
 700                 do {
 701                         *p++ = c;
 702                         if ((unsigned)(p-buf) >= sizeof(buf)) {
 703                                 yyerror("string too long");
 704                                 return (findeol());
 705                         }
 706                         c = lgetc(0);
 707                 } while (c != EOF && (allowed_in_string(c)));
 708                 lungetc(c);
 709                 *p = '\0';
 710                 token = lookup(buf);
 711                 if (token == STRING) {
 712                         yylval.v.string = strdup(buf);
 713                         if (yylval.v.string == NULL)
 714                                 err(1, "yylex: strdup");
 715                 }
 716                 return (token);
 717         }
 718         if (c == '\n') {
 719                 yylval.lineno = file->lineno;
 720                 file->lineno++;
 721         }
 722         if (c == EOF)
 723                 return (0);
 724         return (c);
 725 }
 726
 727 int
 728 check_file_secrecy(int fd, const char *fname)
 729 {
 730         struct stat st;
 731
 732         if (fstat(fd, &st)) {
 733                 log_warn("cannot stat %s", fname);
 734                 return (-1);
 735         }
 736         if (st.st_uid != 0 && st.st_uid != getuid()) {
 737                 log_warnx("%s: owner not root or current user", fname);
 738                 return (-1);
 739         }
 740         if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
 741                 log_warnx("%s: group writable or world read/writable", fname);
 742                 return (-1);
 743         }
 744         return (0);
 745 }
 746
 747 struct file *
 748 newfile(const char *name, int secret)
 749 {
 750         struct file *nfile;
 751
 752         nfile = calloc(1, sizeof(struct file));
 753         if (nfile == NULL) {
 754                 log_warn("calloc");
 755                 return (NULL);
 756         }
 757         nfile->name = strdup(name);
 758         if (nfile->name == NULL) {
 759                 log_warn("strdup");
 760                 free(nfile);
 761                 return (NULL);
 762         }
 763         nfile->stream = fopen(nfile->name, "r");
 764         if (nfile->stream == NULL) {
 765                 /* no warning, we don't require a conf file */
 766                 free(nfile->name);
 767                 free(nfile);
 768                 return (NULL);
 769         } else if (secret &&
 770             check_file_secrecy(fileno(nfile->stream), nfile->name)) {
 771                 fclose(nfile->stream);
 772                 free(nfile->name);
 773                 free(nfile);
 774                 return (NULL);
 775         }
 776         nfile->lineno = 1;
 777         return (nfile);
 778 }
 779
 780 static void
 781 closefile(struct file *xfile)
 782 {
 783         fclose(xfile->stream);
 784         free(xfile->name);
 785         free(xfile);
 786 }
 787
 788 static void
 789 add_default_server(void)
 790 {
 791         new_srv = conf_new_server(D_SITENAME);
 792         log_debug("%s: adding default server %s", __func__, D_SITENAME);
 793 }
 794
 795 int
 796 parse_config(const char *filename, struct gotwebd *env)
 797 {
 798         struct sym *sym, *next;
 799
 800         if (config_init(env) == -1)
 801                 fatalx("failed to initialize configuration");
 802
 803         gotwebd = env;
 804
 805         file = newfile(filename, 0);
 806         if (file == NULL) {
 807                 add_default_server();
 808                 sockets_parse_sockets(env);
 809                 /* just return, as we don't require a conf file */
 810                 return (0);
 811         }
 812
 813         yyparse();
 814         errors = file->errors;
 815         closefile(file);
 816
 817         /* Free macros and check which have not been used. */
 818         TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
 819                 if ((gotwebd->gotwebd_verbose > 1) && !sym->used)
 820                         fprintf(stderr, "warning: macro '%s' not used\n",
 821                             sym->nam);
 822                 if (!sym->persist) {
 823                         free(sym->nam);
 824                         free(sym->val);
 825                         TAILQ_REMOVE(&symhead, sym, entry);
 826                         free(sym);
 827                 }
 828         }
 829
 830         if (errors)
 831                 return (-1);
 832
 833         /* just add default server if no config specified */
 834         if (gotwebd->server_cnt == 0)
 835                 add_default_server();
 836
 837         /* setup our listening sockets */
 838         sockets_parse_sockets(env);
 839
 840         return (0);
 841 }
 842
 843 struct server *
 844 conf_new_server(const char *name)
 845 {
 846         struct server *srv = NULL;
 847
 848         srv = calloc(1, sizeof(*srv));
 849         if (srv == NULL)
 850                 fatalx("%s: calloc", __func__);
 851
 852         n = strlcpy(srv->name, name, sizeof(srv->name));
 853         if (n >= sizeof(srv->name))
 854                 fatalx("%s: strlcpy", __func__);
 855         n = snprintf(srv->unix_socket_name,
 856             sizeof(srv->unix_socket_name), "%s%s", D_HTTPD_CHROOT,
 857             D_UNIX_SOCKET);
 858         if (n < 0 || (size_t)n >= sizeof(srv->unix_socket_name))
 859                 fatalx("%s: snprintf", __func__);
 860         n = strlcpy(srv->repos_path, D_GOTPATH,
 861             sizeof(srv->repos_path));
 862         if (n >= sizeof(srv->repos_path))
 863                 fatalx("%s: strlcpy", __func__);
 864         n = strlcpy(srv->site_name, D_SITENAME,
 865             sizeof(srv->site_name));
 866         if (n >= sizeof(srv->site_name))
 867                 fatalx("%s: strlcpy", __func__);
 868         n = strlcpy(srv->site_owner, D_SITEOWNER,
 869             sizeof(srv->site_owner));
 870         if (n >= sizeof(srv->site_owner))
 871                 fatalx("%s: strlcpy", __func__);
 872         n = strlcpy(srv->site_link, D_SITELINK,
 873             sizeof(srv->site_link));
 874         if (n >= sizeof(srv->site_link))
 875                 fatalx("%s: strlcpy", __func__);
 876         n = strlcpy(srv->logo, D_GOTLOGO,
 877             sizeof(srv->logo));
 878         if (n >= sizeof(srv->logo))
 879                 fatalx("%s: strlcpy", __func__);
 880         n = strlcpy(srv->logo_url, D_GOTURL, sizeof(srv->logo_url));
 881         if (n >= sizeof(srv->logo_url))
 882                 fatalx("%s: strlcpy", __func__);
 883         n = strlcpy(srv->custom_css, D_GOTWEBCSS, sizeof(srv->custom_css));
 884         if (n >= sizeof(srv->custom_css))
 885                 fatalx("%s: strlcpy", __func__);
 886
 887         srv->show_site_owner = D_SHOWSOWNER;
 888         srv->show_repo_owner = D_SHOWROWNER;
 889         srv->show_repo_age = D_SHOWAGE;
 890         srv->show_repo_description = D_SHOWDESC;
 891         srv->show_repo_cloneurl = D_SHOWURL;
 892         srv->respect_exportok = D_RESPECTEXPORTOK;
 893
 894         srv->max_repos_display = D_MAXREPODISP;
 895         srv->max_commits_display = D_MAXCOMMITDISP;
 896         srv->max_repos = D_MAXREPO;
 897
 898         srv->unix_socket = 1;
 899         srv->fcgi_socket = 0;
 900
 901         TAILQ_INIT(&srv->al);
 902         TAILQ_INSERT_TAIL(&gotwebd->servers, srv, entry);
 903         gotwebd->server_cnt++;
 904
 905         return srv;
 906 };
 907
 908 int
 909 symset(const char *nam, const char *val, int persist)
 910 {
 911         struct sym *sym;
 912
 913         TAILQ_FOREACH(sym, &symhead, entry) {
 914                 if (strcmp(nam, sym->nam) == 0)
 915                         break;
 916         }
 917
 918         if (sym != NULL) {
 919                 if (sym->persist == 1)
 920                         return (0);
 921                 else {
 922                         free(sym->nam);
 923                         free(sym->val);
 924                         TAILQ_REMOVE(&symhead, sym, entry);
 925                         free(sym);
 926                 }
 927         }
 928         sym = calloc(1, sizeof(*sym));
 929         if (sym == NULL)
 930                 return (-1);
 931
 932         sym->nam = strdup(nam);
 933         if (sym->nam == NULL) {
 934                 free(sym);
 935                 return (-1);
 936         }
 937         sym->val = strdup(val);
 938         if (sym->val == NULL) {
 939                 free(sym->nam);
 940                 free(sym);
 941                 return (-1);
 942         }
 943         sym->used = 0;
 944         sym->persist = persist;
 945         TAILQ_INSERT_TAIL(&symhead, sym, entry);
 946         return (0);
 947 }
 948
 949 int
 950 cmdline_symset(char *s)
 951 {
 952         char *sym, *val;
 953         int ret;
 954
 955         val = strrchr(s, '=');
 956         if (val == NULL)
 957                 return (-1);
 958
 959         sym = strndup(s, val - s);
 960         if (sym == NULL)
 961                 fatal("%s: strndup", __func__);
 962
 963         ret = symset(sym, val + 1, 1);
 964         free(sym);
 965
 966         return (ret);
 967 }
 968
 969 char *
 970 symget(const char *nam)
 971 {
 972         struct sym *sym;
 973
 974         TAILQ_FOREACH(sym, &symhead, entry) {
 975                 if (strcmp(nam, sym->nam) == 0) {
 976                         sym->used = 1;
 977                         return (sym->val);
 978                 }
 979         }
 980         return (NULL);
 981 }
 982
 983 int
 984 getservice(const char *n)
 985 {
 986         struct servent *s;
 987         const char *errstr;
 988         long long llval;
 989
 990         llval = strtonum(n, 0, UINT16_MAX, &errstr);
 991         if (errstr) {
 992                 s = getservbyname(n, "tcp");
 993                 if (s == NULL)
 994                         s = getservbyname(n, "udp");
 995                 if (s == NULL)
 996                         return (-1);
 997                 return ntohs(s->s_port);
 998         }
 999
1000         return (unsigned short)llval;
1001 }
1002
1003 struct address *
1004 host_v4(const char *s)
1005 {
1006         struct in_addr ina;
1007         struct sockaddr_in *sain;
1008         struct address *h;
1009
1010         memset(&ina, 0, sizeof(ina));
1011         if (inet_pton(AF_INET, s, &ina) != 1)
1012                 return (NULL);
1013
1014         if ((h = calloc(1, sizeof(*h))) == NULL)
1015                 fatal(__func__);
1016         sain = (struct sockaddr_in *)&h->ss;
1017         got_sockaddr_inet_init(sain, &ina);
1018         if (sain->sin_addr.s_addr == INADDR_ANY)
1019                 h->prefixlen = 0; /* 0.0.0.0 address */
1020         else
1021                 h->prefixlen = -1; /* host address */
1022         return (h);
1023 }
1024
1025 struct address *
1026 host_v6(const char *s)
1027 {
1028         struct addrinfo hints, *res;
1029         struct sockaddr_in6 *sa_in6, *ra;
1030         struct address *h = NULL;
1031
1032         memset(&hints, 0, sizeof(hints));
1033         hints.ai_family = AF_INET6;
1034         hints.ai_socktype = SOCK_DGRAM; /* dummy */
1035         hints.ai_flags = AI_NUMERICHOST;
1036         if (getaddrinfo(s, "0", &hints, &res) == 0) {
1037                 if ((h = calloc(1, sizeof(*h))) == NULL)
1038                         fatal(__func__);
1039                 sa_in6 = (struct sockaddr_in6 *)&h->ss;
1040                 ra = (struct sockaddr_in6 *)res->ai_addr;
1041                 got_sockaddr_inet6_init(sa_in6, &ra->sin6_addr,
1042                     ra->sin6_scope_id);
1043                 if (memcmp(&sa_in6->sin6_addr, &in6addr_any,
1044                     sizeof(sa_in6->sin6_addr)) == 0)
1045                         h->prefixlen = 0; /* any address */
1046                 else
1047                         h->prefixlen = -1; /* host address */
1048                 freeaddrinfo(res);
1049         }
1050
1051         return (h);
1052 }
1053
1054 int
1055 host_dns(const char *s, struct server *new_srv, int max,
1056     in_port_t port, const char *ifname, int ipproto)
1057 {
1058         struct addrinfo hints, *res0, *res;
1059         int error, cnt = 0;
1060         struct sockaddr_in *sain;
1061         struct sockaddr_in6 *sin6;
1062         struct address *h;
1063
1064         if ((cnt = host_if(s, new_srv, max, port, ifname, ipproto)) != 0)
1065                 return (cnt);
1066
1067         memset(&hints, 0, sizeof(hints));
1068         hints.ai_family = PF_UNSPEC;
1069         hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
1070         hints.ai_flags = AI_ADDRCONFIG;
1071         error = getaddrinfo(s, NULL, &hints, &res0);
1072         if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
1073                 return (0);
1074         if (error) {
1075                 log_warnx("%s: could not parse \"%s\": %s", __func__, s,
1076                     gai_strerror(error));
1077                 return (-1);
1078         }
1079
1080         for (res = res0; res && cnt < max; res = res->ai_next) {
1081                 if (res->ai_family != AF_INET &&
1082                     res->ai_family != AF_INET6)
1083                         continue;
1084                 if ((h = calloc(1, sizeof(*h))) == NULL)
1085                         fatal(__func__);
1086
1087                 if (port)
1088                         h->port = port;
1089                 if (ifname != NULL) {
1090                         if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1091                             sizeof(h->ifname)) {
1092                                 log_warnx("%s: interface name truncated",
1093                                     __func__);
1094                                 freeaddrinfo(res0);
1095                                 free(h);
1096                                 return (-1);
1097                         }
1098                 }
1099                 if (ipproto != -1)
1100                         h->ipproto = ipproto;
1101                 h->ss.ss_family = res->ai_family;
1102                 h->prefixlen = -1; /* host address */
1103
1104                 if (res->ai_family == AF_INET) {
1105                         struct sockaddr_in *ra;
1106                         sain = (struct sockaddr_in *)&h->ss;
1107                         ra = (struct sockaddr_in *)res->ai_addr;
1108                         got_sockaddr_inet_init(sain, &ra->sin_addr);
1109                 } else {
1110                         struct sockaddr_in6 *ra;
1111                         sin6 = (struct sockaddr_in6 *)&h->ss;
1112                         ra = (struct sockaddr_in6 *)res->ai_addr;
1113                         got_sockaddr_inet6_init(sin6, &ra->sin6_addr, 0);
1114                 }
1115
1116                 if (add_addr(new_srv, h))
1117                         return -1;
1118                 cnt++;
1119         }
1120         if (cnt == max && res) {
1121                 log_warnx("%s: %s resolves to more than %d hosts", __func__,
1122                     s, max);
1123         }
1124         freeaddrinfo(res0);
1125         return (cnt);
1126 }
1127
1128 int
1129 host_if(const char *s, struct server *new_srv, int max,
1130     in_port_t port, const char *ifname, int ipproto)
1131 {
1132         struct ifaddrs *ifap, *p;
1133         struct sockaddr_in *sain;
1134         struct sockaddr_in6 *sin6;
1135         struct address *h;
1136         int cnt = 0, af;
1137
1138         if (getifaddrs(&ifap) == -1)
1139                 fatal("getifaddrs");
1140
1141         /* First search for IPv4 addresses */
1142         af = AF_INET;
1143
1144  nextaf:
1145         for (p = ifap; p != NULL && cnt < max; p = p->ifa_next) {
1146                 if (p->ifa_addr == NULL ||
1147                     p->ifa_addr->sa_family != af ||
1148                     (strcmp(s, p->ifa_name) != 0 &&
1149                     !is_if_in_group(p->ifa_name, s)))
1150                         continue;
1151                 if ((h = calloc(1, sizeof(*h))) == NULL)
1152                         fatal("calloc");
1153
1154                 if (port)
1155                         h->port = port;
1156                 if (ifname != NULL) {
1157                         if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1158                             sizeof(h->ifname)) {
1159                                 log_warnx("%s: interface name truncated",
1160                                     __func__);
1161                                 free(h);
1162                                 freeifaddrs(ifap);
1163                                 return (-1);
1164                         }
1165                 }
1166                 if (ipproto != -1)
1167                         h->ipproto = ipproto;
1168                 h->ss.ss_family = af;
1169                 h->prefixlen = -1; /* host address */
1170
1171                 if (af == AF_INET) {
1172                         struct sockaddr_in *ra;
1173                         sain = (struct sockaddr_in *)&h->ss;
1174                         ra = (struct sockaddr_in *)p->ifa_addr;
1175                         got_sockaddr_inet_init(sain, &ra->sin_addr);
1176                 } else {
1177                         struct sockaddr_in6 *ra;
1178                         sin6 = (struct sockaddr_in6 *)&h->ss;
1179                         ra = (struct sockaddr_in6 *)p->ifa_addr;
1180                         got_sockaddr_inet6_init(sin6, &ra->sin6_addr,
1181                             ra->sin6_scope_id);
1182                 }
1183
1184                 if (add_addr(new_srv, h))
1185                         return -1;
1186                 cnt++;
1187         }
1188         if (af == AF_INET) {
1189                 /* Next search for IPv6 addresses */
1190                 af = AF_INET6;
1191                 goto nextaf;
1192         }
1193
1194         if (cnt > max) {
1195                 log_warnx("%s: %s resolves to more than %d hosts", __func__,
1196                     s, max);
1197         }
1198         freeifaddrs(ifap);
1199         return (cnt);
1200 }
1201
1202 int
1203 host(const char *s, struct server *new_srv, int max,
1204     in_port_t port, const char *ifname, int ipproto)
1205 {
1206         struct address *h;
1207
1208         h = host_v4(s);
1209
1210         /* IPv6 address? */
1211         if (h == NULL)
1212                 h = host_v6(s);
1213
1214         if (h != NULL) {
1215                 if (port)
1216                         h->port = port;
1217                 if (ifname != NULL) {
1218                         if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1219                             sizeof(h->ifname)) {
1220                                 log_warnx("%s: interface name truncated",
1221                                     __func__);
1222                                 free(h);
1223                                 return (-1);
1224                         }
1225                 }
1226                 if (ipproto != -1)
1227                         h->ipproto = ipproto;
1228
1229                 if (add_addr(new_srv, h))
1230                         return -1;
1231                 return (1);
1232         }
1233
1234         return (host_dns(s, new_srv, max, port, ifname, ipproto));
1235 }
1236
1237 int
1238 is_if_in_group(const char *ifname, const char *groupname)
1239 {
1240 /* TA: Check this... */
1241 #ifdef HAVE_STRUCT_IFGROUPREQ
1242         unsigned int len;
1243         struct ifgroupreq ifgr;
1244         struct ifg_req *ifg;
1245         int s;
1246         int ret = 0;
1247
1248         if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
1249                 err(1, "socket");
1250
1251         memset(&ifgr, 0, sizeof(ifgr));
1252         if (strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ) >= IFNAMSIZ)
1253                 err(1, "IFNAMSIZ");
1254         if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1) {
1255                 if (errno == EINVAL || errno == ENOTTY)
1256                         goto end;
1257                 err(1, "SIOCGIFGROUP");
1258         }
1259
1260         len = ifgr.ifgr_len;
1261         ifgr.ifgr_groups = calloc(len / sizeof(struct ifg_req),
1262             sizeof(struct ifg_req));
1263         if (ifgr.ifgr_groups == NULL)
1264                 err(1, "getifgroups");
1265         if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1)
1266                 err(1, "SIOCGIFGROUP");
1267
1268         ifg = ifgr.ifgr_groups;
1269         for (; ifg && len >= sizeof(struct ifg_req); ifg++) {
1270                 len -= sizeof(struct ifg_req);
1271                 if (strcmp(ifg->ifgrq_group, groupname) == 0) {
1272                         ret = 1;
1273                         break;
1274                 }
1275         }
1276         free(ifgr.ifgr_groups);
1277
1278 end:
1279         close(s);
1280         return (ret);
1281 #else
1282         return (0);
1283 #endif
1284 }
1285
1286 int
1287 get_addrs(const char *addr, struct server *new_srv, in_port_t port)
1288 {
1289         if (strcmp("", addr) == 0) {
1290                 if (host("127.0.0.1", new_srv, 1, port, "127.0.0.1",
1291                     -1) <= 0) {
1292                         yyerror("invalid listen ip: %s",
1293                             "127.0.0.1");
1294                         return (-1);
1295                 }
1296                 if (host("::1", new_srv, 1, port, "::1", -1) <= 0) {
1297                         yyerror("invalid listen ip: %s", "::1");
1298                         return (-1);
1299                 }
1300         } else {
1301                 if (host(addr, new_srv, GOTWEBD_MAXIFACE, port, addr,
1302                     -1) <= 0) {
1303                         yyerror("invalid listen ip: %s", addr);
1304                         return (-1);
1305                 }
1306         }
1307         return (0);
1308 }
1309
1310 int
1311 addr_dup_check(struct addresslist *al, struct address *h, const char *new_srv,
1312     const char *other_srv)
1313 {
1314         struct address *a;
1315         void *ia;
1316         char buf[INET6_ADDRSTRLEN];
1317         const char *addrstr;
1318
1319         TAILQ_FOREACH(a, al, entry) {
1320                 if (memcmp(&a->ss, &h->ss, sizeof(h->ss)) != 0 ||
1321                     a->port != h->port)
1322                         continue;
1323
1324                 switch (h->ss.ss_family) {
1325                 case AF_INET:
1326                         ia = &((struct sockaddr_in *)(&h->ss))->sin_addr;
1327                         break;
1328                 case AF_INET6:
1329                         ia = &((struct sockaddr_in6 *)(&h->ss))->sin6_addr;
1330                         break;
1331                 default:
1332                         yyerror("unknown address family: %d", h->ss.ss_family);
1333                         return -1;
1334                 }
1335                 addrstr = inet_ntop(h->ss.ss_family, ia, buf, sizeof(buf));
1336                 if (addrstr) {
1337                         if (other_srv) {
1338                                 yyerror("server %s: duplicate fcgi listen "
1339                                     "address %s:%d, already used by server %s",
1340                                     new_srv, addrstr, h->port, other_srv);
1341                         } else {
1342                                 log_warnx("server: %s: duplicate fcgi listen "
1343                                     "address %s:%d", new_srv, addrstr, h->port);
1344                         }
1345                 } else {
1346                         if (other_srv) {
1347                                 yyerror("server: %s: duplicate fcgi listen "
1348                                     "address, already used by server %s",
1349                                     new_srv, other_srv);
1350                         } else {
1351                                 log_warnx("server %s: duplicate fcgi listen "
1352                                     "address", new_srv);
1353                         }
1354                 }
1355
1356                 return -1;
1357         }
1358
1359         return 0;
1360 }
1361
1362 int
1363 add_addr(struct server *new_srv, struct address *h)
1364 {
1365         struct server *srv;
1366
1367         /* Address cannot be shared between different servers. */
1368         TAILQ_FOREACH(srv, &gotwebd->servers, entry) {
1369                 if (srv == new_srv)
1370                         continue;
1371                 if (addr_dup_check(&srv->al, h, new_srv->name, srv->name))
1372                         return -1;
1373         }
1374
1375         /* Tolerate duplicate address lines within the scope of a server. */
1376         if (addr_dup_check(&new_srv->al, h, NULL, NULL) == 0)
1377                 TAILQ_INSERT_TAIL(&new_srv->al, h, entry);
1378         else
1379                 free(h);
1380
1381         return 0;
1382 }