Got Mirror

Blob

Date:: Sat Jul 16 14:33:55 2022 UTC
Message:: gotwebd: remove tls.h TLS isn't currently being used within gotwebd, so this include can be removed. Notice by naddy, and OK stsp@
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
3  * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
4  * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
5  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
6  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
7  * Copyright (c) 2001 Daniel Hartmeier.  All rights reserved.
8  * Copyright (c) 2001 Theo de Raadt.  All rights reserved.
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 %{
24 #include <sys/ioctl.h>
25 #include <sys/types.h>
26 #include <sys/socket.h>
27 #include <sys/stat.h>
28 
29 #include <net/if.h>
30 #include <netinet/in.h>
31 
32 #include <arpa/inet.h>
33 
34 #include <ctype.h>
35 #include <err.h>
36 #include <errno.h>
37 #include <event.h>
38 #include <ifaddrs.h>
39 #include <limits.h>
40 #include <netdb.h>
41 #include <stdarg.h>
42 #include <stdlib.h>
43 #include <stdio.h>
44 #include <string.h>
45 #include <syslog.h>
46 #include <unistd.h>
47 
48 #include "proc.h"
49 #include "gotwebd.h"
50 #include "got_compat.h"
51 
52 TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);
53 static struct file {
54 	TAILQ_ENTRY(file)	 entry;
55 	FILE			*stream;
56 	char			*name;
57 	int			 lineno;
58 	int			 errors;
59 } *file;
60 struct file	*newfile(const char *, int);
61 static void	 closefile(struct file *);
62 int		 check_file_secrecy(int, const char *);
63 int		 yyparse(void);
64 int		 yylex(void);
65 int		 yyerror(const char *, ...)
66     __attribute__((__format__ (printf, 1, 2)))
67     __attribute__((__nonnull__ (1)));
68 int		 kw_cmp(const void *, const void *);
69 int		 lookup(char *);
70 int		 lgetc(int);
71 int		 lungetc(int);
72 int		 findeol(void);
73 
74 TAILQ_HEAD(symhead, sym)	 symhead = TAILQ_HEAD_INITIALIZER(symhead);
75 struct sym {
76 	TAILQ_ENTRY(sym)	 entry;
77 	int			 used;
78 	int			 persist;
79 	char			*nam;
80 	char			*val;
81 };
82 
83 int	 symset(const char *, const char *, int);
84 char	*symget(const char *);
85 
86 static int		 errors;
87 
88 static struct gotwebd		*gotwebd;
89 static struct server		*new_srv;
90 static struct server		*conf_new_server(const char *);
91 int				 getservice(const char *);
92 int				 n;
93 
94 int		 get_addrs(const char *, struct addresslist *, in_port_t);
95 struct address	*host_v4(const char *);
96 struct address	*host_v6(const char *);
97 int		 host_dns(const char *, struct addresslist *,
98 		    int, in_port_t, const char *, int);
99 int		 host_if(const char *, struct addresslist *,
100 		    int, in_port_t, const char *, int);
101 int		 host(const char *, struct addresslist *,
102 		    int, in_port_t, const char *, int);
103 int		 is_if_in_group(const char *, const char *);
104 
105 typedef struct {
106 	union {
107 		long long	 number;
108 		char		*string;
109 		in_port_t	 port;
110 	} v;
111 	int lineno;
112 } YYSTYPE;
113 
114 %}
115 
116 %token	BIND INTERFACE WWW_PATH MAX_REPOS SITE_NAME SITE_OWNER SITE_LINK LOGO
117 %token	LOGO_URL SHOW_REPO_OWNER SHOW_REPO_AGE SHOW_REPO_DESCRIPTION
118 %token	MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR
119 %token	SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK FCGI_SOCKET
120 %token	UNIX_SOCKET UNIX_SOCKET_NAME SERVER CHROOT CUSTOM_CSS
121 
122 %token	<v.string>	STRING
123 %type	<v.port>	fcgiport
124 %token	<v.number>	NUMBER
125 %type	<v.number>	boolean
126 
127 %%
128 
129 grammar		:
130 		| grammar '\n'
131 		| grammar main '\n'
132 		| grammar server '\n'
133 		;
134 
135 boolean		: STRING {
136 			if (strcasecmp($1, "1") == 0 ||
137 			    strcasecmp($1, "yes") == 0 ||
138 			    strcasecmp($1, "on") == 0)
139 				$$ = 1;
140 			else if (strcasecmp($1, "0") == 0 ||
141 			    strcasecmp($1, "off") == 0 ||
142 			    strcasecmp($1, "no") == 0)
143 				$$ = 0;
144 			else {
145 				yyerror("invalid boolean value '%s'", $1);
146 				free($1);
147 				YYERROR;
148 			}
149 			free($1);
150 		}
151 		| ON { $$ = 1; }
152 		| NUMBER { $$ = $1; }
153 		;
154 
155 fcgiport	: NUMBER {
156 			if ($1 <= 0 || $1 > (int)USHRT_MAX) {
157 				yyerror("invalid port: %lld", $1);
158 				YYERROR;
159 			}
160 			$$ = htons($1);
161 		}
162 		| STRING {
163 			int	 val;
164 
165 			if ((val = getservice($1)) == -1) {
166 				yyerror("invalid port: %s", $1);
167 				free($1);
168 				YYERROR;
169 			}
170 			free($1);
171 
172 			$$ = val;
173 		}
174 		;
175 
176 main		: PREFORK NUMBER {
177 			gotwebd->prefork_gotwebd = $2;
178 		}
179 		| CHROOT STRING {
180 			n = strlcpy(gotwebd->httpd_chroot, $2,
181 			    sizeof(gotwebd->httpd_chroot));
182 			if (n >= sizeof(gotwebd->httpd_chroot)) {
183 				yyerror("%s: httpd_chroot truncated", __func__);
184 				free($2);
185 				YYERROR;
186 			}
187 			free($2);
188 		}
189 		| FCGI_SOCKET boolean {
190 			gotwebd->fcgi_socket = $2;
191 		}
192 		| FCGI_SOCKET boolean  {
193 			gotwebd->fcgi_socket = $2;
194 		} '{' optnl socketopts4 '}'
195 		| UNIX_SOCKET boolean {
196 			gotwebd->unix_socket = $2;
197 		}
198 		| UNIX_SOCKET_NAME STRING {
199 			n = snprintf(gotwebd->unix_socket_name,
200 			    sizeof(gotwebd->unix_socket_name), "%s%s",
201 			    strlen(gotwebd->httpd_chroot) ?
202 			    gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2);
203 			if (n < 0) {
204 				yyerror("%s: unix_socket_name truncated",
205 				    __func__);
206 				free($2);
207 				YYERROR;
208 			}
209 			free($2);
210 		}
211 		;
212 
213 server		: SERVER STRING {
214 			struct server *srv;
215 
216 			TAILQ_FOREACH(srv, gotwebd->servers, entry) {
217 				if (strcmp(srv->name, $2) == 0) {
218 					yyerror("server name exists '%s'", $2);
219 					free($2);
220 					YYERROR;
221 				}
222 			}
223 
224 			new_srv = conf_new_server($2);
225 			if (new_srv->fcgi_socket)
226 				if (get_addrs(new_srv->fcgi_socket_bind,
227 				    new_srv->al,
228 				    new_srv->fcgi_socket_port) == -1) {
229 					yyerror("could not get tcp iface "
230 					    "addrs");
231 					YYERROR;
232 				}
233 			log_debug("adding server %s", $2);
234 			free($2);
235 		}
236 		| SERVER STRING {
237 			struct server *srv;
238 
239 			TAILQ_FOREACH(srv, gotwebd->servers, entry) {
240 				if (strcmp(srv->name, $2) == 0) {
241 					yyerror("server name exists '%s'", $2);
242 					free($2);
243 					YYERROR;
244 				}
245 			}
246 
247 			new_srv = conf_new_server($2);
248 			log_debug("adding server %s", $2);
249 			free($2);
250 		} '{' optnl serveropts2 '}' {
251 			if (get_addrs(new_srv->fcgi_socket_bind,
252 			    new_srv->al, new_srv->fcgi_socket_port) == -1) {
253 				yyerror("could not get tcp iface addrs");
254 				YYERROR;
255 			}
256 		}
257 		;
258 
259 serveropts1	: REPOS_PATH STRING {
260 			n = strlcpy(new_srv->repos_path, $2,
261 			    sizeof(new_srv->repos_path));
262 			if (n >= sizeof(new_srv->repos_path)) {
263 				yyerror("%s: repos_path truncated", __func__);
264 				free($2);
265 				YYERROR;
266 			}
267 			free($2);
268 		}
269 		| SITE_NAME STRING {
270 			n = strlcpy(new_srv->site_name, $2,
271 			    sizeof(new_srv->site_name));
272 			if (n >= sizeof(new_srv->site_name)) {
273 				yyerror("%s: site_name truncated", __func__);
274 				free($2);
275 				YYERROR;
276 			}
277 			free($2);
278 		}
279 		| SITE_OWNER STRING {
280 			n = strlcpy(new_srv->site_owner, $2,
281 			    sizeof(new_srv->site_owner));
282 			if (n >= sizeof(new_srv->site_owner)) {
283 				yyerror("%s: site_owner truncated", __func__);
284 				free($2);
285 				YYERROR;
286 			}
287 			free($2);
288 		}
289 		| SITE_LINK STRING {
290 			n = strlcpy(new_srv->site_link, $2,
291 			    sizeof(new_srv->site_link));
292 			if (n >= sizeof(new_srv->site_link)) {
293 				yyerror("%s: site_link truncated", __func__);
294 				free($2);
295 				YYERROR;
296 			}
297 			free($2);
298 		}
299 		| LOGO STRING {
300 			n = strlcpy(new_srv->logo, $2, sizeof(new_srv->logo));
301 			if (n >= sizeof(new_srv->logo)) {
302 				yyerror("%s: logo truncated", __func__);
303 				free($2);
304 				YYERROR;
305 			}
306 			free($2);
307 		}
308 		| LOGO_URL STRING {
309 			n = strlcpy(new_srv->logo_url, $2,
310 			    sizeof(new_srv->logo_url));
311 			if (n >= sizeof(new_srv->logo_url)) {
312 				yyerror("%s: logo_url truncated", __func__);
313 				free($2);
314 				YYERROR;
315 			}
316 			free($2);
317 		}
318 		| CUSTOM_CSS STRING {
319 			n = strlcpy(new_srv->custom_css, $2,
320 			    sizeof(new_srv->custom_css));
321 			if (n >= sizeof(new_srv->custom_css)) {
322 				yyerror("%s: custom_css truncated", __func__);
323 				free($2);
324 				YYERROR;
325 			}
326 			free($2);
327 		}
328 		| MAX_REPOS NUMBER {
329 			if ($2 > 0)
330 				new_srv->max_repos = $2;
331 		}
332 		| SHOW_SITE_OWNER boolean {
333 			new_srv->show_site_owner = $2;
334 		}
335 		| SHOW_REPO_OWNER boolean {
336 			new_srv->show_repo_owner = $2;
337 		}
338 		| SHOW_REPO_AGE boolean {
339 			new_srv->show_repo_age = $2;
340 		}
341 		| SHOW_REPO_DESCRIPTION boolean {
342 			new_srv->show_repo_description = $2;
343 		}
344 		| SHOW_REPO_CLONEURL boolean {
345 			new_srv->show_repo_cloneurl = $2;
346 		}
347 		| MAX_REPOS_DISPLAY NUMBER {
348 				new_srv->max_repos_display = $2;
349 		}
350 		| MAX_COMMITS_DISPLAY NUMBER {
351 			if ($2 > 0)
352 				new_srv->max_commits_display = $2;
353 		}
354 		| FCGI_SOCKET boolean {
355 			new_srv->fcgi_socket = $2;
356 		}
357 		| FCGI_SOCKET boolean  {
358 			new_srv->fcgi_socket = $2;
359 		} '{' optnl socketopts2 '}'
360 		| UNIX_SOCKET boolean {
361 			new_srv->unix_socket = $2;
362 		}
363 		| UNIX_SOCKET_NAME STRING {
364 			n = snprintf(new_srv->unix_socket_name,
365 			    sizeof(new_srv->unix_socket_name), "%s%s",
366 			    strlen(gotwebd->httpd_chroot) ?
367 			    gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2);
368 			if (n < 0) {
369 				yyerror("%s: unix_socket_name truncated",
370 				    __func__);
371 				free($2);
372 				YYERROR;
373 			}
374 			free($2);
375 		}
376 		;
377 
378 serveropts2	: serveropts2 serveropts1 nl
379 		| serveropts1 optnl
380 		;
381 
382 socketopts1	: BIND INTERFACE STRING {
383 			n = strlcpy(new_srv->fcgi_socket_bind, $3,
384 			    sizeof(new_srv->fcgi_socket_bind));
385 			if (n >= sizeof(new_srv->fcgi_socket_bind)) {
386 				yyerror("%s: fcgi_socket_bind truncated",
387 				    __func__);
388 				free($3);
389 				YYERROR;
390 			}
391 			free($3);
392 		}
393 		| PORT fcgiport {
394 			struct server	*srv;
395 
396 			TAILQ_FOREACH(srv, gotwebd->servers, entry) {
397 				if (srv->fcgi_socket_port == $2) {
398 					yyerror("port already assigned");
399 					YYERROR;
400 				}
401 			}
402 			new_srv->fcgi_socket_port = $2;
403 		}
404 		;
405 
406 socketopts2	: socketopts2 socketopts1 nl
407 		| socketopts1 optnl
408 		;
409 
410 socketopts3	: BIND INTERFACE STRING {
411 			n = strlcpy(gotwebd->fcgi_socket_bind, $3,
412 			    sizeof(gotwebd->fcgi_socket_bind));
413 			if (n >= sizeof(gotwebd->fcgi_socket_bind)) {
414 				yyerror("%s: fcgi_socket_bind truncated",
415 				    __func__);
416 				free($3);
417 				YYERROR;
418 			}
419 			free($3);
420 		}
421 		| PORT fcgiport {
422 			gotwebd->fcgi_socket_port = $2;
423 		}
424 		;
425 
426 socketopts4	: socketopts4 socketopts3 nl
427 		| socketopts3 optnl
428 		;
429 
430 nl		: '\n' optnl
431 		;
432 
433 optnl		: '\n' optnl		/* zero or more newlines */
434 		| /* empty */
435 		;
436 
437 %%
438 
439 struct keywords {
440 	const char	*k_name;
441 	int		 k_val;
442 };
443 
444 int
445 yyerror(const char *fmt, ...)
446 {
447 	va_list ap;
448 	char *msg;
449 
450 	file->errors++;
451 	va_start(ap, fmt);
452 	if (vasprintf(&msg, fmt, ap) == -1)
453 		fatalx("yyerror vasprintf");
454 	va_end(ap);
455 	logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
456 	free(msg);
457 	return (0);
458 }
459 
460 int
461 kw_cmp(const void *k, const void *e)
462 {
463 	return (strcmp(k, ((const struct keywords *)e)->k_name));
464 }
465 
466 int
467 lookup(char *s)
468 {
469 	/* This has to be sorted always. */
470 	static const struct keywords keywords[] = {
471 		{ "bind",			BIND },
472 		{ "chroot",			CHROOT },
473 		{ "custom_css",			CUSTOM_CSS },
474 		{ "fcgi_socket",		FCGI_SOCKET },
475 		{ "interface",			INTERFACE },
476 		{ "logo",			LOGO },
477 		{ "logo_url"	,		LOGO_URL },
478 		{ "max_commits_display",	MAX_COMMITS_DISPLAY },
479 		{ "max_repos",			MAX_REPOS },
480 		{ "max_repos_display",		MAX_REPOS_DISPLAY },
481 		{ "port",			PORT },
482 		{ "prefork",			PREFORK },
483 		{ "repos_path",			REPOS_PATH },
484 		{ "server",			SERVER },
485 		{ "show_repo_age",		SHOW_REPO_AGE },
486 		{ "show_repo_cloneurl",		SHOW_REPO_CLONEURL },
487 		{ "show_repo_description",	SHOW_REPO_DESCRIPTION },
488 		{ "show_repo_owner",		SHOW_REPO_OWNER },
489 		{ "show_site_owner",		SHOW_SITE_OWNER },
490 		{ "site_link",			SITE_LINK },
491 		{ "site_name",			SITE_NAME },
492 		{ "site_owner",			SITE_OWNER },
493 		{ "unix_socket",		UNIX_SOCKET },
494 		{ "unix_socket_name",		UNIX_SOCKET_NAME },
495 	};
496 	const struct keywords *p;
497 
498 	p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
499 	    sizeof(keywords[0]), kw_cmp);
500 
501 	if (p)
502 		return (p->k_val);
503 	else
504 		return (STRING);
505 }
506 
507 #define MAXPUSHBACK	128
508 
509 unsigned char *parsebuf;
510 int parseindex;
511 unsigned char pushback_buffer[MAXPUSHBACK];
512 int pushback_index = 0;
513 
514 int
515 lgetc(int quotec)
516 {
517 	int c, next;
518 
519 	if (parsebuf) {
520 		/* Read character from the parsebuffer instead of input. */
521 		if (parseindex >= 0) {
522 			c = parsebuf[parseindex++];
523 			if (c != '\0')
524 				return (c);
525 			parsebuf = NULL;
526 		} else
527 			parseindex++;
528 	}
529 
530 	if (pushback_index)
531 		return (pushback_buffer[--pushback_index]);
532 
533 	if (quotec) {
534 		c = getc(file->stream);
535 		if (c == EOF)
536 			yyerror("reached end of file while parsing "
537 			    "quoted string");
538 		return (c);
539 	}
540 
541 	c = getc(file->stream);
542 	while (c == '\\') {
543 		next = getc(file->stream);
544 		if (next != '\n') {
545 			c = next;
546 			break;
547 		}
548 		yylval.lineno = file->lineno;
549 		file->lineno++;
550 		c = getc(file->stream);
551 	}
552 
553 	return (c);
554 }
555 
556 int
557 lungetc(int c)
558 {
559 	if (c == EOF)
560 		return (EOF);
561 	if (parsebuf) {
562 		parseindex--;
563 		if (parseindex >= 0)
564 			return (c);
565 	}
566 	if (pushback_index < MAXPUSHBACK-1)
567 		return (pushback_buffer[pushback_index++] = c);
568 	else
569 		return (EOF);
570 }
571 
572 int
573 findeol(void)
574 {
575 	int c;
576 
577 	parsebuf = NULL;
578 
579 	/* Skip to either EOF or the first real EOL. */
580 	while (1) {
581 		if (pushback_index)
582 			c = pushback_buffer[--pushback_index];
583 		else
584 			c = lgetc(0);
585 		if (c == '\n') {
586 			file->lineno++;
587 			break;
588 		}
589 		if (c == EOF)
590 			break;
591 	}
592 	return (ERROR);
593 }
594 
595 int
596 yylex(void)
597 {
598 	unsigned char buf[8096];
599 	unsigned char *p, *val;
600 	int quotec, next, c;
601 	int token;
602 
603 top:
604 	p = buf;
605 	c = lgetc(0);
606 	while (c == ' ' || c == '\t')
607 		c = lgetc(0); /* nothing */
608 
609 	yylval.lineno = file->lineno;
610 	if (c == '#') {
611 		c = lgetc(0);
612 		while (c != '\n' && c != EOF)
613 			c = lgetc(0); /* nothing */
614 	}
615 	if (c == '$' && parsebuf == NULL) {
616 		while (1) {
617 			c = lgetc(0);
618 			if (c == EOF)
619 				return (0);
620 
621 			if (p + 1 >= buf + sizeof(buf) - 1) {
622 				yyerror("string too long");
623 				return (findeol());
624 			}
625 			if (isalnum(c) || c == '_') {
626 				*p++ = c;
627 				continue;
628 			}
629 			*p = '\0';
630 			lungetc(c);
631 			break;
632 		}
633 		val = symget(buf);
634 		if (val == NULL) {
635 			yyerror("macro '%s' not defined", buf);
636 			return (findeol());
637 		}
638 		parsebuf = val;
639 		parseindex = 0;
640 		goto top;
641 	}
642 
643 	switch (c) {
644 	case '\'':
645 	case '"':
646 		quotec = c;
647 		while (1) {
648 			c = lgetc(quotec);
649 			if (c == EOF)
650 				return (0);
651 			if (c == '\n') {
652 				file->lineno++;
653 				continue;
654 			} else if (c == '\\') {
655 				next = lgetc(quotec);
656 				if (next == EOF)
657 					return (0);
658 				if (next == quotec || c == ' ' || c == '\t')
659 					c = next;
660 				else if (next == '\n') {
661 					file->lineno++;
662 					continue;
663 				} else
664 					lungetc(next);
665 			} else if (c == quotec) {
666 				*p = '\0';
667 				break;
668 			} else if (c == '\0') {
669 				yyerror("syntax error");
670 				return (findeol());
671 			}
672 			if (p + 1 >= buf + sizeof(buf) - 1) {
673 				yyerror("string too long");
674 				return (findeol());
675 			}
676 			*p++ = c;
677 		}
678 		yylval.v.string = strdup(buf);
679 		if (yylval.v.string == NULL)
680 			err(1, "yylex: strdup");
681 		return (STRING);
682 	}
683 
684 #define allowed_to_end_number(x) \
685 	(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
686 
687 	if (c == '-' || isdigit(c)) {
688 		do {
689 			*p++ = c;
690 			if ((unsigned)(p-buf) >= sizeof(buf)) {
691 				yyerror("string too long");
692 				return (findeol());
693 			}
694 			c = lgetc(0);
695 		} while (c != EOF && isdigit(c));
696 		lungetc(c);
697 		if (p == buf + 1 && buf[0] == '-')
698 			goto nodigits;
699 		if (c == EOF || allowed_to_end_number(c)) {
700 			const char *errstr = NULL;
701 
702 			*p = '\0';
703 			yylval.v.number = strtonum(buf, LLONG_MIN,
704 			    LLONG_MAX, &errstr);
705 			if (errstr) {
706 				yyerror("\"%s\" invalid number: %s",
707 				    buf, errstr);
708 				return (findeol());
709 			}
710 			return (NUMBER);
711 		} else {
712 nodigits:
713 			while (p > buf + 1)
714 				lungetc(*--p);
715 			c = *--p;
716 			if (c == '-')
717 				return (c);
718 		}
719 	}
720 
721 #define allowed_in_string(x) \
722 	(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
723 	x != '{' && x != '}' && \
724 	x != '!' && x != '=' && x != '#' && \
725 	x != ','))
726 
727 	if (isalnum(c) || c == ':' || c == '_') {
728 		do {
729 			*p++ = c;
730 			if ((unsigned)(p-buf) >= sizeof(buf)) {
731 				yyerror("string too long");
732 				return (findeol());
733 			}
734 			c = lgetc(0);
735 		} while (c != EOF && (allowed_in_string(c)));
736 		lungetc(c);
737 		*p = '\0';
738 		token = lookup(buf);
739 		if (token == STRING) {
740 			yylval.v.string = strdup(buf);
741 			if (yylval.v.string == NULL)
742 				err(1, "yylex: strdup");
743 		}
744 		return (token);
745 	}
746 	if (c == '\n') {
747 		yylval.lineno = file->lineno;
748 		file->lineno++;
749 	}
750 	if (c == EOF)
751 		return (0);
752 	return (c);
753 }
754 
755 int
756 check_file_secrecy(int fd, const char *fname)
757 {
758 	struct stat st;
759 
760 	if (fstat(fd, &st)) {
761 		log_warn("cannot stat %s", fname);
762 		return (-1);
763 	}
764 	if (st.st_uid != 0 && st.st_uid != getuid()) {
765 		log_warnx("%s: owner not root or current user", fname);
766 		return (-1);
767 	}
768 	if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
769 		log_warnx("%s: group writable or world read/writable", fname);
770 		return (-1);
771 	}
772 	return (0);
773 }
774 
775 struct file *
776 newfile(const char *name, int secret)
777 {
778 	struct file *nfile;
779 
780 	nfile = calloc(1, sizeof(struct file));
781 	if (nfile == NULL) {
782 		log_warn("calloc");
783 		return (NULL);
784 	}
785 	nfile->name = strdup(name);
786 	if (nfile->name == NULL) {
787 		log_warn("strdup");
788 		free(nfile);
789 		return (NULL);
790 	}
791 	nfile->stream = fopen(nfile->name, "r");
792 	if (nfile->stream == NULL) {
793 		/* no warning, we don't require a conf file */
794 		free(nfile->name);
795 		free(nfile);
796 		return (NULL);
797 	} else if (secret &&
798 	    check_file_secrecy(fileno(nfile->stream), nfile->name)) {
799 		fclose(nfile->stream);
800 		free(nfile->name);
801 		free(nfile);
802 		return (NULL);
803 	}
804 	nfile->lineno = 1;
805 	return (nfile);
806 }
807 
808 static void
809 closefile(struct file *xfile)
810 {
811 	fclose(xfile->stream);
812 	free(xfile->name);
813 	free(xfile);
814 }
815 
816 int
817 parse_config(const char *filename, struct gotwebd *env)
818 {
819 	struct sym *sym, *next;
820 
821 	file = newfile(filename, 0);
822 	if (file == NULL)
823 		/* just return, as we don't require a conf file */
824 		return (0);
825 
826 	if (config_init(env) == -1)
827 		fatalx("failed to initialize configuration");
828 
829 	gotwebd = env;
830 
831 	yyparse();
832 	errors = file->errors;
833 	closefile(file);
834 
835 	/* Free macros and check which have not been used. */
836 	TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
837 		if ((gotwebd->gotwebd_verbose > 1) && !sym->used)
838 			fprintf(stderr, "warning: macro '%s' not used\n",
839 			    sym->nam);
840 		if (!sym->persist) {
841 			free(sym->nam);
842 			free(sym->val);
843 			TAILQ_REMOVE(&symhead, sym, entry);
844 			free(sym);
845 		}
846 	}
847 
848 	if (errors)
849 		return (-1);
850 
851 	/* just add default server if no config specified */
852 	if (gotwebd->server_cnt == 0) {
853 		new_srv = conf_new_server(D_SITENAME);
854 		log_debug("%s: adding default server %s", __func__, D_SITENAME);
855 	}
856 
857 	/* setup our listening sockets */
858 	sockets_parse_sockets(env);
859 
860 	return (0);
861 }
862 
863 struct server *
864 conf_new_server(const char *name)
865 {
866 	struct server *srv = NULL;
867 	int val;
868 
869 	srv = calloc(1, sizeof(*srv));
870 	if (srv == NULL)
871 		fatalx("%s: calloc", __func__);
872 
873 	n = strlcpy(srv->name, name, sizeof(srv->name));
874 	if (n >= sizeof(srv->name))
875 		fatalx("%s: strlcpy", __func__);
876 	n = snprintf(srv->unix_socket_name,
877 	    sizeof(srv->unix_socket_name), "%s%s", D_HTTPD_CHROOT,
878 	    D_UNIX_SOCKET);
879 	if (n < 0)
880 		fatalx("%s: snprintf", __func__);
881 	n = strlcpy(srv->repos_path, D_GOTPATH,
882 	    sizeof(srv->repos_path));
883 	if (n >= sizeof(srv->repos_path))
884 		fatalx("%s: strlcpy", __func__);
885 	n = strlcpy(srv->site_name, D_SITENAME,
886 	    sizeof(srv->site_name));
887 	if (n >= sizeof(srv->site_name))
888 		fatalx("%s: strlcpy", __func__);
889 	n = strlcpy(srv->site_owner, D_SITEOWNER,
890 	    sizeof(srv->site_owner));
891 	if (n >= sizeof(srv->site_owner))
892 		fatalx("%s: strlcpy", __func__);
893 	n = strlcpy(srv->site_link, D_SITELINK,
894 	    sizeof(srv->site_link));
895 	if (n >= sizeof(srv->site_link))
896 		fatalx("%s: strlcpy", __func__);
897 	n = strlcpy(srv->logo, D_GOTLOGO,
898 	    sizeof(srv->logo));
899 	if (n >= sizeof(srv->logo))
900 		fatalx("%s: strlcpy", __func__);
901 	n = strlcpy(srv->logo_url, D_GOTURL, sizeof(srv->logo_url));
902 	if (n >= sizeof(srv->logo_url))
903 		fatalx("%s: strlcpy", __func__);
904 	n = strlcpy(srv->custom_css, D_GOTWEBCSS, sizeof(srv->custom_css));
905 	if (n >= sizeof(srv->custom_css))
906 		fatalx("%s: strlcpy", __func__);
907 
908 	val = getservice(D_FCGI_PORT);
909 	srv->fcgi_socket_port = gotwebd->fcgi_socket_port ?
910 	    gotwebd->fcgi_socket_port: htons(val);
911 
912 	srv->show_site_owner = D_SHOWSOWNER;
913 	srv->show_repo_owner = D_SHOWROWNER;
914 	srv->show_repo_age = D_SHOWAGE;
915 	srv->show_repo_description = D_SHOWDESC;
916 	srv->show_repo_cloneurl = D_SHOWURL;
917 
918 	srv->max_repos_display = D_MAXREPODISP;
919 	srv->max_commits_display = D_MAXCOMMITDISP;
920 	srv->max_repos = D_MAXREPO;
921 
922 	srv->unix_socket = 1;
923 	srv->fcgi_socket = gotwebd->fcgi_socket ? gotwebd->fcgi_socket : 0;
924 
925 	if ((srv->al = calloc(1, sizeof(*srv->al))) == NULL)
926 		fatalx("%s: calloc", __func__);
927 
928 	TAILQ_INIT(srv->al);
929 	TAILQ_INSERT_TAIL(gotwebd->servers, srv, entry);
930 	gotwebd->server_cnt++;
931 
932 	return srv;
933 };
934 
935 int
936 symset(const char *nam, const char *val, int persist)
937 {
938 	struct sym *sym;
939 
940 	TAILQ_FOREACH(sym, &symhead, entry) {
941 		if (strcmp(nam, sym->nam) == 0)
942 			break;
943 	}
944 
945 	if (sym != NULL) {
946 		if (sym->persist == 1)
947 			return (0);
948 		else {
949 			free(sym->nam);
950 			free(sym->val);
951 			TAILQ_REMOVE(&symhead, sym, entry);
952 			free(sym);
953 		}
954 	}
955 	sym = calloc(1, sizeof(*sym));
956 	if (sym == NULL)
957 		return (-1);
958 
959 	sym->nam = strdup(nam);
960 	if (sym->nam == NULL) {
961 		free(sym);
962 		return (-1);
963 	}
964 	sym->val = strdup(val);
965 	if (sym->val == NULL) {
966 		free(sym->nam);
967 		free(sym);
968 		return (-1);
969 	}
970 	sym->used = 0;
971 	sym->persist = persist;
972 	TAILQ_INSERT_TAIL(&symhead, sym, entry);
973 	return (0);
974 }
975 
976 int
977 cmdline_symset(char *s)
978 {
979 	char *sym, *val;
980 	int ret;
981 	size_t len;
982 
983 	val = strrchr(s, '=');
984 	if (val == NULL)
985 		return (-1);
986 
987 	len = strlen(s) - strlen(val) + 1;
988 	sym = malloc(len);
989 	if (sym == NULL)
990 		fatal("%s: malloc", __func__);
991 
992 	memcpy(&sym, s, len);
993 
994 	ret = symset(sym, val + 1, 1);
995 	free(sym);
996 
997 	return (ret);
998 }
999 
1000 char *
1001 symget(const char *nam)
1002 {
1003 	struct sym *sym;
1004 
1005 	TAILQ_FOREACH(sym, &symhead, entry) {
1006 		if (strcmp(nam, sym->nam) == 0) {
1007 			sym->used = 1;
1008 			return (sym->val);
1009 		}
1010 	}
1011 	return (NULL);
1012 }
1013 
1014 int
1015 getservice(const char *n)
1016 {
1017 	struct servent *s;
1018 	const char *errstr;
1019 	long long llval;
1020 
1021 	llval = strtonum(n, 0, UINT16_MAX, &errstr);
1022 	if (errstr) {
1023 		s = getservbyname(n, "tcp");
1024 		if (s == NULL)
1025 			s = getservbyname(n, "udp");
1026 		if (s == NULL)
1027 			return (-1);
1028 		return (s->s_port);
1029 	}
1030 
1031 	return (htons((unsigned short)llval));
1032 }
1033 
1034 struct address *
1035 host_v4(const char *s)
1036 {
1037 	struct in_addr ina;
1038 	struct sockaddr_in *sain;
1039 	struct address *h;
1040 
1041 	memset(&ina, 0, sizeof(ina));
1042 	if (inet_pton(AF_INET, s, &ina) != 1)
1043 		return (NULL);
1044 
1045 	if ((h = calloc(1, sizeof(*h))) == NULL)
1046 		fatal(__func__);
1047 	sain = (struct sockaddr_in *)&h->ss;
1048 /* TA:  Iffy... */
1049 #ifndef __linux__
1050 	sain->sin_len = sizeof(struct sockaddr_in);
1051 #endif
1052 	sain->sin_family = AF_INET;
1053 	sain->sin_addr.s_addr = ina.s_addr;
1054 	if (sain->sin_addr.s_addr == INADDR_ANY)
1055 		h->prefixlen = 0; /* 0.0.0.0 address */
1056 	else
1057 		h->prefixlen = -1; /* host address */
1058 	return (h);
1059 }
1060 
1061 struct address *
1062 host_v6(const char *s)
1063 {
1064 	struct addrinfo hints, *res;
1065 	struct sockaddr_in6 *sa_in6;
1066 	struct address *h = NULL;
1067 
1068 	memset(&hints, 0, sizeof(hints));
1069 	hints.ai_family = AF_INET6;
1070 	hints.ai_socktype = SOCK_DGRAM; /* dummy */
1071 	hints.ai_flags = AI_NUMERICHOST;
1072 	if (getaddrinfo(s, "0", &hints, &res) == 0) {
1073 		if ((h = calloc(1, sizeof(*h))) == NULL)
1074 			fatal(__func__);
1075 		sa_in6 = (struct sockaddr_in6 *)&h->ss;
1076 /* TA:  Iffy... */
1077 #ifndef __linux__
1078 		sa_in6->sin6_len = sizeof(struct sockaddr_in6);
1079 #endif
1080 		sa_in6->sin6_family = AF_INET6;
1081 		memcpy(&sa_in6->sin6_addr,
1082 		    &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
1083 		    sizeof(sa_in6->sin6_addr));
1084 		sa_in6->sin6_scope_id =
1085 		    ((struct sockaddr_in6 *)res->ai_addr)->sin6_scope_id;
1086 		if (memcmp(&sa_in6->sin6_addr, &in6addr_any,
1087 		    sizeof(sa_in6->sin6_addr)) == 0)
1088 			h->prefixlen = 0; /* any address */
1089 		else
1090 			h->prefixlen = -1; /* host address */
1091 		freeaddrinfo(res);
1092 	}
1093 
1094 	return (h);
1095 }
1096 
1097 int
1098 host_dns(const char *s, struct addresslist *al, int max,
1099     in_port_t port, const char *ifname, int ipproto)
1100 {
1101 	struct addrinfo hints, *res0, *res;
1102 	int error, cnt = 0;
1103 	struct sockaddr_in *sain;
1104 	struct sockaddr_in6 *sin6;
1105 	struct address *h;
1106 
1107 	if ((cnt = host_if(s, al, max, port, ifname, ipproto)) != 0)
1108 		return (cnt);
1109 
1110 	memset(&hints, 0, sizeof(hints));
1111 	hints.ai_family = PF_UNSPEC;
1112 	hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
1113 	hints.ai_flags = AI_ADDRCONFIG;
1114 	error = getaddrinfo(s, NULL, &hints, &res0);
1115 	if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
1116 		return (0);
1117 	if (error) {
1118 		log_warnx("%s: could not parse \"%s\": %s", __func__, s,
1119 		    gai_strerror(error));
1120 		return (-1);
1121 	}
1122 
1123 	for (res = res0; res && cnt < max; res = res->ai_next) {
1124 		if (res->ai_family != AF_INET &&
1125 		    res->ai_family != AF_INET6)
1126 			continue;
1127 		if ((h = calloc(1, sizeof(*h))) == NULL)
1128 			fatal(__func__);
1129 
1130 		if (port)
1131 			h->port = port;
1132 		if (ifname != NULL) {
1133 			if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1134 			    sizeof(h->ifname)) {
1135 				log_warnx("%s: interface name truncated",
1136 				    __func__);
1137 				freeaddrinfo(res0);
1138 				free(h);
1139 				return (-1);
1140 			}
1141 		}
1142 		if (ipproto != -1)
1143 			h->ipproto = ipproto;
1144 		h->ss.ss_family = res->ai_family;
1145 		h->prefixlen = -1; /* host address */
1146 
1147 		if (res->ai_family == AF_INET) {
1148 			sain = (struct sockaddr_in *)&h->ss;
1149 /* TA:  Iffy... */
1150 #ifndef __linux__
1151 			sain->sin_len = sizeof(struct sockaddr_in);
1152 #endif
1153 			sain->sin_addr.s_addr = ((struct sockaddr_in *)
1154 			    res->ai_addr)->sin_addr.s_addr;
1155 		} else {
1156 			sin6 = (struct sockaddr_in6 *)&h->ss;
1157 /* TA:  Iffy... */
1158 #ifndef __linux__
1159 			sin6->sin6_len = sizeof(struct sockaddr_in6);
1160 #endif
1161 			memcpy(&sin6->sin6_addr, &((struct sockaddr_in6 *)
1162 			    res->ai_addr)->sin6_addr, sizeof(struct in6_addr));
1163 		}
1164 
1165 		TAILQ_INSERT_HEAD(al, h, entry);
1166 		cnt++;
1167 	}
1168 	if (cnt == max && res) {
1169 		log_warnx("%s: %s resolves to more than %d hosts", __func__,
1170 		    s, max);
1171 	}
1172 	freeaddrinfo(res0);
1173 	return (cnt);
1174 }
1175 
1176 int
1177 host_if(const char *s, struct addresslist *al, int max,
1178     in_port_t port, const char *ifname, int ipproto)
1179 {
1180 	struct ifaddrs *ifap, *p;
1181 	struct sockaddr_in *sain;
1182 	struct sockaddr_in6 *sin6;
1183 	struct address *h;
1184 	int cnt = 0, af;
1185 
1186 	if (getifaddrs(&ifap) == -1)
1187 		fatal("getifaddrs");
1188 
1189 	/* First search for IPv4 addresses */
1190 	af = AF_INET;
1191 
1192  nextaf:
1193 	for (p = ifap; p != NULL && cnt < max; p = p->ifa_next) {
1194 		if (p->ifa_addr == NULL ||
1195 		    p->ifa_addr->sa_family != af ||
1196 		    (strcmp(s, p->ifa_name) != 0 &&
1197 		    !is_if_in_group(p->ifa_name, s)))
1198 			continue;
1199 		if ((h = calloc(1, sizeof(*h))) == NULL)
1200 			fatal("calloc");
1201 
1202 		if (port)
1203 			h->port = port;
1204 		if (ifname != NULL) {
1205 			if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1206 			    sizeof(h->ifname)) {
1207 				log_warnx("%s: interface name truncated",
1208 				    __func__);
1209 				free(h);
1210 				freeifaddrs(ifap);
1211 				return (-1);
1212 			}
1213 		}
1214 		if (ipproto != -1)
1215 			h->ipproto = ipproto;
1216 		h->ss.ss_family = af;
1217 		h->prefixlen = -1; /* host address */
1218 
1219 		if (af == AF_INET) {
1220 			sain = (struct sockaddr_in *)&h->ss;
1221 /* TA:  Iffy... */
1222 #ifndef __linux__
1223 			sain->sin_len = sizeof(struct sockaddr_in);
1224 #endif
1225 			sain->sin_addr.s_addr = ((struct sockaddr_in *)
1226 			    p->ifa_addr)->sin_addr.s_addr;
1227 		} else {
1228 			sin6 = (struct sockaddr_in6 *)&h->ss;
1229 /* TA:  Iffy... */
1230 #ifndef __linux__
1231 			sin6->sin6_len = sizeof(struct sockaddr_in6);
1232 #endif
1233 			memcpy(&sin6->sin6_addr, &((struct sockaddr_in6 *)
1234 			    p->ifa_addr)->sin6_addr, sizeof(struct in6_addr));
1235 			sin6->sin6_scope_id = ((struct sockaddr_in6 *)
1236 			    p->ifa_addr)->sin6_scope_id;
1237 		}
1238 
1239 		TAILQ_INSERT_HEAD(al, h, entry);
1240 		cnt++;
1241 	}
1242 	if (af == AF_INET) {
1243 		/* Next search for IPv6 addresses */
1244 		af = AF_INET6;
1245 		goto nextaf;
1246 	}
1247 
1248 	if (cnt > max) {
1249 		log_warnx("%s: %s resolves to more than %d hosts", __func__,
1250 		    s, max);
1251 	}
1252 	freeifaddrs(ifap);
1253 	return (cnt);
1254 }
1255 
1256 int
1257 host(const char *s, struct addresslist *al, int max,
1258     in_port_t port, const char *ifname, int ipproto)
1259 {
1260 	struct address *h;
1261 
1262 	h = host_v4(s);
1263 
1264 	/* IPv6 address? */
1265 	if (h == NULL)
1266 		h = host_v6(s);
1267 
1268 	if (h != NULL) {
1269 		if (port)
1270 			h->port = port;
1271 		if (ifname != NULL) {
1272 			if (strlcpy(h->ifname, ifname, sizeof(h->ifname)) >=
1273 			    sizeof(h->ifname)) {
1274 				log_warnx("%s: interface name truncated",
1275 				    __func__);
1276 				free(h);
1277 				return (-1);
1278 			}
1279 		}
1280 		if (ipproto != -1)
1281 			h->ipproto = ipproto;
1282 
1283 		TAILQ_INSERT_HEAD(al, h, entry);
1284 		return (1);
1285 	}
1286 
1287 	return (host_dns(s, al, max, port, ifname, ipproto));
1288 }
1289 
1290 int
1291 is_if_in_group(const char *ifname, const char *groupname)
1292 {
1293 /* TA: Check this... */
1294 #ifdef HAVE_STRUCT_IFGROUPREQ
1295 	unsigned int len;
1296 	struct ifgroupreq ifgr;
1297 	struct ifg_req *ifg;
1298 	int s;
1299 	int ret = 0;
1300 
1301 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
1302 		err(1, "socket");
1303 
1304 	memset(&ifgr, 0, sizeof(ifgr));
1305 	if (strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ) >= IFNAMSIZ)
1306 		err(1, "IFNAMSIZ");
1307 	if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1) {
1308 		if (errno == EINVAL || errno == ENOTTY)
1309 			goto end;
1310 		err(1, "SIOCGIFGROUP");
1311 	}
1312 
1313 	len = ifgr.ifgr_len;
1314 	ifgr.ifgr_groups = calloc(len / sizeof(struct ifg_req),
1315 	    sizeof(struct ifg_req));
1316 	if (ifgr.ifgr_groups == NULL)
1317 		err(1, "getifgroups");
1318 	if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1)
1319 		err(1, "SIOCGIFGROUP");
1320 
1321 	ifg = ifgr.ifgr_groups;
1322 	for (; ifg && len >= sizeof(struct ifg_req); ifg++) {
1323 		len -= sizeof(struct ifg_req);
1324 		if (strcmp(ifg->ifgrq_group, groupname) == 0) {
1325 			ret = 1;
1326 			break;
1327 		}
1328 	}
1329 	free(ifgr.ifgr_groups);
1330 
1331 end:
1332 	close(s);
1333 	return (ret);
1334 #else
1335 	return (0);
1336 #endif
1337 }
1338 
1339 int
1340 get_addrs(const char *addr, struct addresslist *al, in_port_t port)
1341 {
1342 	if (strcmp("", addr) == 0) {
1343 		if (host("0.0.0.0", al, 1, port, "0.0.0.0", -1) <= 0) {
1344 			yyerror("invalid listen ip: %s",
1345 			    "0.0.0.0");
1346 			return (-1);
1347 		}
1348 		if (host("::", al, 1, port, "::", -1) <= 0) {
1349 			yyerror("invalid listen ip: %s", "::");
1350 			return (-1);
1351 		}
1352 	} else {
1353 		if (host(addr, al, GOTWEBD_MAXIFACE, port, addr,
1354 		    -1) <= 0) {
1355 			yyerror("invalid listen ip: %s", addr);
1356 			return (-1);
1357 		}
1358 	}
1359 	return (0);
1360 }