diff options
Diffstat (limited to 'ipsec-tools/src/racoon/cfparse.c')
| -rw-r--r-- | ipsec-tools/src/racoon/cfparse.c | 7128 |
1 files changed, 2806 insertions, 4322 deletions
diff --git a/ipsec-tools/src/racoon/cfparse.c b/ipsec-tools/src/racoon/cfparse.c index 19c60e78..24ef12da 100644 --- a/ipsec-tools/src/racoon/cfparse.c +++ b/ipsec-tools/src/racoon/cfparse.c @@ -1,70 +1,103 @@ -/* A Bison parser, made by GNU Bison 2.6.2. */ - -/* Bison implementation for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* C LALR(1) parser skeleton written by Richard Stallman, by - simplifying the original so-called "semantic" parser. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output. */ -#define YYBISON 1 - -/* Bison version. */ -#define YYBISON_VERSION "2.6.2" - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Push parsers. */ -#define YYPUSH 0 - -/* Pull parsers. */ -#define YYPULL 1 - - - +/* original parser id follows */ +/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ +/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ + +#define YYBYACC 1 +#define YYMAJOR 1 +#define YYMINOR 9 +#define YYPATCH 20170201 + +#define YYEMPTY (-1) +#define yyclearin (yychar = YYEMPTY) +#define yyerrok (yyerrflag = 0) +#define YYRECOVERING() (yyerrflag != 0) +#define YYENOMEM (-2) +#define YYEOF 0 + +#ifndef yyparse +#define yyparse racoonyyparse +#endif /* yyparse */ + +#ifndef yylex +#define yylex racoonyylex +#endif /* yylex */ + +#ifndef yyerror +#define yyerror racoonyyerror +#endif /* yyerror */ + +#ifndef yychar +#define yychar racoonyychar +#endif /* yychar */ + +#ifndef yyval +#define yyval racoonyyval +#endif /* yyval */ + +#ifndef yylval +#define yylval racoonyylval +#endif /* yylval */ + +#ifndef yydebug +#define yydebug racoonyydebug +#endif /* yydebug */ + +#ifndef yynerrs +#define yynerrs racoonyynerrs +#endif /* yynerrs */ + +#ifndef yyerrflag +#define yyerrflag racoonyyerrflag +#endif /* yyerrflag */ + +#ifndef yylhs +#define yylhs racoonyylhs +#endif /* yylhs */ + +#ifndef yylen +#define yylen racoonyylen +#endif /* yylen */ + +#ifndef yydefred +#define yydefred racoonyydefred +#endif /* yydefred */ + +#ifndef yydgoto +#define yydgoto racoonyydgoto +#endif /* yydgoto */ + +#ifndef yysindex +#define yysindex racoonyysindex +#endif /* yysindex */ + +#ifndef yyrindex +#define yyrindex racoonyyrindex +#endif /* yyrindex */ + +#ifndef yygindex +#define yygindex racoonyygindex +#endif /* yygindex */ + +#ifndef yytable +#define yytable racoonyytable +#endif /* yytable */ + +#ifndef yycheck +#define yycheck racoonyycheck +#endif /* yycheck */ + +#ifndef yyname +#define yyname racoonyyname +#endif /* yyname */ + +#ifndef yyrule +#define yyrule racoonyyrule +#endif /* yyrule */ +#define YYPREFIX "racoonyy" -/* Copy the first part of user declarations. */ -/* Line 336 of yacc.c */ -#line 5 "cfparse.y" +#define YYPURE 0 +#line 6 "../../ipsec-tools/src/racoon/cfparse.y" /* * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. * All rights reserved. @@ -304,2596 +337,1991 @@ static int process_rmconf() return 0; } - -/* Line 336 of yacc.c */ -#line 310 "cfparse.c" - -# ifndef YY_NULL -# if defined __cplusplus && 201103L <= __cplusplus -# define YY_NULL nullptr -# else -# define YY_NULL 0 -# endif -# endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - -/* In a future release of Bison, this section will be replaced - by #include "y.tab.h". */ -#ifndef YY_Y_TAB_H -# define YY_Y_TAB_H -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif -#if YYDEBUG -extern int yydebug; -#endif - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - PRIVSEP = 258, - USER = 259, - GROUP = 260, - CHROOT = 261, - PATH = 262, - PATHTYPE = 263, - INCLUDE = 264, - PFKEY_BUFFER = 265, - LOGGING = 266, - LOGLEV = 267, - PADDING = 268, - PAD_RANDOMIZE = 269, - PAD_RANDOMIZELEN = 270, - PAD_MAXLEN = 271, - PAD_STRICT = 272, - PAD_EXCLTAIL = 273, - LISTEN = 274, - X_ISAKMP = 275, - X_ISAKMP_NATT = 276, - X_ADMIN = 277, - STRICT_ADDRESS = 278, - ADMINSOCK = 279, - DISABLED = 280, - LDAPCFG = 281, - LDAP_HOST = 282, - LDAP_PORT = 283, - LDAP_PVER = 284, - LDAP_BASE = 285, - LDAP_BIND_DN = 286, - LDAP_BIND_PW = 287, - LDAP_SUBTREE = 288, - LDAP_ATTR_USER = 289, - LDAP_ATTR_ADDR = 290, - LDAP_ATTR_MASK = 291, - LDAP_ATTR_GROUP = 292, - LDAP_ATTR_MEMBER = 293, - RADCFG = 294, - RAD_AUTH = 295, - RAD_ACCT = 296, - RAD_TIMEOUT = 297, - RAD_RETRIES = 298, - MODECFG = 299, - CFG_NET4 = 300, - CFG_MASK4 = 301, - CFG_DNS4 = 302, - CFG_NBNS4 = 303, - CFG_DEFAULT_DOMAIN = 304, - CFG_AUTH_SOURCE = 305, - CFG_AUTH_GROUPS = 306, - CFG_SYSTEM = 307, - CFG_RADIUS = 308, - CFG_PAM = 309, - CFG_LDAP = 310, - CFG_LOCAL = 311, - CFG_NONE = 312, - CFG_GROUP_SOURCE = 313, - CFG_ACCOUNTING = 314, - CFG_CONF_SOURCE = 315, - CFG_MOTD = 316, - CFG_POOL_SIZE = 317, - CFG_AUTH_THROTTLE = 318, - CFG_SPLIT_NETWORK = 319, - CFG_SPLIT_LOCAL = 320, - CFG_SPLIT_INCLUDE = 321, - CFG_SPLIT_DNS = 322, - CFG_PFS_GROUP = 323, - CFG_SAVE_PASSWD = 324, - RETRY = 325, - RETRY_COUNTER = 326, - RETRY_INTERVAL = 327, - RETRY_PERSEND = 328, - RETRY_PHASE1 = 329, - RETRY_PHASE2 = 330, - NATT_KA = 331, - ALGORITHM_CLASS = 332, - ALGORITHMTYPE = 333, - STRENGTHTYPE = 334, - SAINFO = 335, - FROM = 336, - REMOTE = 337, - ANONYMOUS = 338, - CLIENTADDR = 339, - INHERIT = 340, - REMOTE_ADDRESS = 341, - EXCHANGE_MODE = 342, - EXCHANGETYPE = 343, - DOI = 344, - DOITYPE = 345, - SITUATION = 346, - SITUATIONTYPE = 347, - CERTIFICATE_TYPE = 348, - CERTTYPE = 349, - PEERS_CERTFILE = 350, - CA_TYPE = 351, - VERIFY_CERT = 352, - SEND_CERT = 353, - SEND_CR = 354, - MATCH_EMPTY_CR = 355, - IDENTIFIERTYPE = 356, - IDENTIFIERQUAL = 357, - MY_IDENTIFIER = 358, - PEERS_IDENTIFIER = 359, - VERIFY_IDENTIFIER = 360, - DNSSEC = 361, - CERT_X509 = 362, - CERT_PLAINRSA = 363, - NONCE_SIZE = 364, - DH_GROUP = 365, - KEEPALIVE = 366, - PASSIVE = 367, - INITIAL_CONTACT = 368, - NAT_TRAVERSAL = 369, - REMOTE_FORCE_LEVEL = 370, - PROPOSAL_CHECK = 371, - PROPOSAL_CHECK_LEVEL = 372, - GENERATE_POLICY = 373, - GENERATE_LEVEL = 374, - SUPPORT_PROXY = 375, - PROPOSAL = 376, - EXEC_PATH = 377, - EXEC_COMMAND = 378, - EXEC_SUCCESS = 379, - EXEC_FAILURE = 380, - GSS_ID = 381, - GSS_ID_ENC = 382, - GSS_ID_ENCTYPE = 383, - COMPLEX_BUNDLE = 384, - DPD = 385, - DPD_DELAY = 386, - DPD_RETRY = 387, - DPD_MAXFAIL = 388, - PH1ID = 389, - XAUTH_LOGIN = 390, - WEAK_PHASE1_CHECK = 391, - REKEY = 392, - PREFIX = 393, - PORT = 394, - PORTANY = 395, - UL_PROTO = 396, - ANY = 397, - IKE_FRAG = 398, - ESP_FRAG = 399, - MODE_CFG = 400, - PFS_GROUP = 401, - LIFETIME = 402, - LIFETYPE_TIME = 403, - LIFETYPE_BYTE = 404, - STRENGTH = 405, - REMOTEID = 406, - SCRIPT = 407, - PHASE1_UP = 408, - PHASE1_DOWN = 409, - PHASE1_DEAD = 410, - NUMBER = 411, - SWITCH = 412, - BOOLEAN = 413, - HEXSTRING = 414, - QUOTEDSTRING = 415, - ADDRSTRING = 416, - ADDRRANGE = 417, - UNITTYPE_BYTE = 418, - UNITTYPE_KBYTES = 419, - UNITTYPE_MBYTES = 420, - UNITTYPE_TBYTES = 421, - UNITTYPE_SEC = 422, - UNITTYPE_MIN = 423, - UNITTYPE_HOUR = 424, - EOS = 425, - BOC = 426, - EOC = 427, - COMMA = 428 - }; +#ifdef YYSTYPE +#undef YYSTYPE_IS_DECLARED +#define YYSTYPE_IS_DECLARED 1 #endif -/* Tokens. */ -#define PRIVSEP 258 -#define USER 259 -#define GROUP 260 -#define CHROOT 261 -#define PATH 262 -#define PATHTYPE 263 -#define INCLUDE 264 -#define PFKEY_BUFFER 265 -#define LOGGING 266 -#define LOGLEV 267 -#define PADDING 268 -#define PAD_RANDOMIZE 269 -#define PAD_RANDOMIZELEN 270 -#define PAD_MAXLEN 271 -#define PAD_STRICT 272 -#define PAD_EXCLTAIL 273 -#define LISTEN 274 -#define X_ISAKMP 275 -#define X_ISAKMP_NATT 276 -#define X_ADMIN 277 -#define STRICT_ADDRESS 278 -#define ADMINSOCK 279 -#define DISABLED 280 -#define LDAPCFG 281 -#define LDAP_HOST 282 -#define LDAP_PORT 283 -#define LDAP_PVER 284 -#define LDAP_BASE 285 -#define LDAP_BIND_DN 286 -#define LDAP_BIND_PW 287 -#define LDAP_SUBTREE 288 -#define LDAP_ATTR_USER 289 -#define LDAP_ATTR_ADDR 290 -#define LDAP_ATTR_MASK 291 -#define LDAP_ATTR_GROUP 292 -#define LDAP_ATTR_MEMBER 293 -#define RADCFG 294 -#define RAD_AUTH 295 -#define RAD_ACCT 296 -#define RAD_TIMEOUT 297 -#define RAD_RETRIES 298 -#define MODECFG 299 -#define CFG_NET4 300 -#define CFG_MASK4 301 -#define CFG_DNS4 302 -#define CFG_NBNS4 303 -#define CFG_DEFAULT_DOMAIN 304 -#define CFG_AUTH_SOURCE 305 -#define CFG_AUTH_GROUPS 306 -#define CFG_SYSTEM 307 -#define CFG_RADIUS 308 -#define CFG_PAM 309 -#define CFG_LDAP 310 -#define CFG_LOCAL 311 -#define CFG_NONE 312 -#define CFG_GROUP_SOURCE 313 -#define CFG_ACCOUNTING 314 -#define CFG_CONF_SOURCE 315 -#define CFG_MOTD 316 -#define CFG_POOL_SIZE 317 -#define CFG_AUTH_THROTTLE 318 -#define CFG_SPLIT_NETWORK 319 -#define CFG_SPLIT_LOCAL 320 -#define CFG_SPLIT_INCLUDE 321 -#define CFG_SPLIT_DNS 322 -#define CFG_PFS_GROUP 323 -#define CFG_SAVE_PASSWD 324 -#define RETRY 325 -#define RETRY_COUNTER 326 -#define RETRY_INTERVAL 327 -#define RETRY_PERSEND 328 -#define RETRY_PHASE1 329 -#define RETRY_PHASE2 330 -#define NATT_KA 331 -#define ALGORITHM_CLASS 332 -#define ALGORITHMTYPE 333 -#define STRENGTHTYPE 334 -#define SAINFO 335 -#define FROM 336 -#define REMOTE 337 -#define ANONYMOUS 338 -#define CLIENTADDR 339 -#define INHERIT 340 -#define REMOTE_ADDRESS 341 -#define EXCHANGE_MODE 342 -#define EXCHANGETYPE 343 -#define DOI 344 -#define DOITYPE 345 -#define SITUATION 346 -#define SITUATIONTYPE 347 -#define CERTIFICATE_TYPE 348 -#define CERTTYPE 349 -#define PEERS_CERTFILE 350 -#define CA_TYPE 351 -#define VERIFY_CERT 352 -#define SEND_CERT 353 -#define SEND_CR 354 -#define MATCH_EMPTY_CR 355 -#define IDENTIFIERTYPE 356 -#define IDENTIFIERQUAL 357 -#define MY_IDENTIFIER 358 -#define PEERS_IDENTIFIER 359 -#define VERIFY_IDENTIFIER 360 -#define DNSSEC 361 -#define CERT_X509 362 -#define CERT_PLAINRSA 363 -#define NONCE_SIZE 364 -#define DH_GROUP 365 -#define KEEPALIVE 366 -#define PASSIVE 367 -#define INITIAL_CONTACT 368 -#define NAT_TRAVERSAL 369 -#define REMOTE_FORCE_LEVEL 370 -#define PROPOSAL_CHECK 371 -#define PROPOSAL_CHECK_LEVEL 372 -#define GENERATE_POLICY 373 -#define GENERATE_LEVEL 374 -#define SUPPORT_PROXY 375 -#define PROPOSAL 376 -#define EXEC_PATH 377 -#define EXEC_COMMAND 378 -#define EXEC_SUCCESS 379 -#define EXEC_FAILURE 380 -#define GSS_ID 381 -#define GSS_ID_ENC 382 -#define GSS_ID_ENCTYPE 383 -#define COMPLEX_BUNDLE 384 -#define DPD 385 -#define DPD_DELAY 386 -#define DPD_RETRY 387 -#define DPD_MAXFAIL 388 -#define PH1ID 389 -#define XAUTH_LOGIN 390 -#define WEAK_PHASE1_CHECK 391 -#define REKEY 392 -#define PREFIX 393 -#define PORT 394 -#define PORTANY 395 -#define UL_PROTO 396 -#define ANY 397 -#define IKE_FRAG 398 -#define ESP_FRAG 399 -#define MODE_CFG 400 -#define PFS_GROUP 401 -#define LIFETIME 402 -#define LIFETYPE_TIME 403 -#define LIFETYPE_BYTE 404 -#define STRENGTH 405 -#define REMOTEID 406 -#define SCRIPT 407 -#define PHASE1_UP 408 -#define PHASE1_DOWN 409 -#define PHASE1_DEAD 410 -#define NUMBER 411 -#define SWITCH 412 -#define BOOLEAN 413 -#define HEXSTRING 414 -#define QUOTEDSTRING 415 -#define ADDRSTRING 416 -#define ADDRRANGE 417 -#define UNITTYPE_BYTE 418 -#define UNITTYPE_KBYTES 419 -#define UNITTYPE_MBYTES 420 -#define UNITTYPE_TBYTES 421 -#define UNITTYPE_SEC 422 -#define UNITTYPE_MIN 423 -#define UNITTYPE_HOUR 424 -#define EOS 425 -#define BOC 426 -#define EOC 427 -#define COMMA 428 - - - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -{ -/* Line 350 of yacc.c */ -#line 247 "cfparse.y" - +#ifndef YYSTYPE_IS_DECLARED +#define YYSTYPE_IS_DECLARED 1 +#line 247 "../../ipsec-tools/src/racoon/cfparse.y" +typedef union { unsigned long num; vchar_t *val; struct remoteconf *rmconf; struct sockaddr *saddr; struct sainfoalg *alg; - - -/* Line 350 of yacc.c */ -#line 708 "cfparse.c" } YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -#endif - -extern YYSTYPE yylval; +#endif /* !YYSTYPE_IS_DECLARED */ +#line 356 "racoonyy.tab.c" +/* compatibility with bison */ #ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (void); +/* compatibility with FreeBSD */ +# ifdef YYPARSE_PARAM_TYPE +# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) +# else +# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) +# endif #else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - -#endif /* !YY_Y_TAB_H */ - -/* Copy the second part of user declarations. */ - -/* Line 353 of yacc.c */ -#line 736 "cfparse.c" - -#ifdef short -# undef short +# define YYPARSE_DECL() yyparse(void) #endif -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; +/* Parameters sent to lex. */ +#ifdef YYLEX_PARAM +# define YYLEX_DECL() yylex(void *YYLEX_PARAM) +# define YYLEX yylex(YYLEX_PARAM) #else -typedef unsigned char yytype_uint8; +# define YYLEX_DECL() yylex(void) +# define YYLEX yylex() #endif -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; -#else -typedef short int yytype_int8; +/* Parameters sent to yyerror. */ +#ifndef YYERROR_DECL +#define YYERROR_DECL() yyerror(const char *s) #endif - -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; -#else -typedef unsigned short int yytype_uint16; +#ifndef YYERROR_CALL +#define YYERROR_CALL(msg) yyerror(msg) #endif -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; +extern int YYPARSE_DECL(); + +#define PRIVSEP 257 +#define USER 258 +#define GROUP 259 +#define CHROOT 260 +#define PATH 261 +#define PATHTYPE 262 +#define INCLUDE 263 +#define PFKEY_BUFFER 264 +#define LOGGING 265 +#define LOGLEV 266 +#define PADDING 267 +#define PAD_RANDOMIZE 268 +#define PAD_RANDOMIZELEN 269 +#define PAD_MAXLEN 270 +#define PAD_STRICT 271 +#define PAD_EXCLTAIL 272 +#define LISTEN 273 +#define X_ISAKMP 274 +#define X_ISAKMP_NATT 275 +#define X_ADMIN 276 +#define STRICT_ADDRESS 277 +#define ADMINSOCK 278 +#define DISABLED 279 +#define LDAPCFG 280 +#define LDAP_HOST 281 +#define LDAP_PORT 282 +#define LDAP_PVER 283 +#define LDAP_BASE 284 +#define LDAP_BIND_DN 285 +#define LDAP_BIND_PW 286 +#define LDAP_SUBTREE 287 +#define LDAP_ATTR_USER 288 +#define LDAP_ATTR_ADDR 289 +#define LDAP_ATTR_MASK 290 +#define LDAP_ATTR_GROUP 291 +#define LDAP_ATTR_MEMBER 292 +#define RADCFG 293 +#define RAD_AUTH 294 +#define RAD_ACCT 295 +#define RAD_TIMEOUT 296 +#define RAD_RETRIES 297 +#define MODECFG 298 +#define CFG_NET4 299 +#define CFG_MASK4 300 +#define CFG_DNS4 301 +#define CFG_NBNS4 302 +#define CFG_DEFAULT_DOMAIN 303 +#define CFG_AUTH_SOURCE 304 +#define CFG_AUTH_GROUPS 305 +#define CFG_SYSTEM 306 +#define CFG_RADIUS 307 +#define CFG_PAM 308 +#define CFG_LDAP 309 +#define CFG_LOCAL 310 +#define CFG_NONE 311 +#define CFG_GROUP_SOURCE 312 +#define CFG_ACCOUNTING 313 +#define CFG_CONF_SOURCE 314 +#define CFG_MOTD 315 +#define CFG_POOL_SIZE 316 +#define CFG_AUTH_THROTTLE 317 +#define CFG_SPLIT_NETWORK 318 +#define CFG_SPLIT_LOCAL 319 +#define CFG_SPLIT_INCLUDE 320 +#define CFG_SPLIT_DNS 321 +#define CFG_PFS_GROUP 322 +#define CFG_SAVE_PASSWD 323 +#define RETRY 324 +#define RETRY_COUNTER 325 +#define RETRY_INTERVAL 326 +#define RETRY_PERSEND 327 +#define RETRY_PHASE1 328 +#define RETRY_PHASE2 329 +#define NATT_KA 330 +#define ALGORITHM_CLASS 331 +#define ALGORITHMTYPE 332 +#define STRENGTHTYPE 333 +#define SAINFO 334 +#define FROM 335 +#define REMOTE 336 +#define ANONYMOUS 337 +#define CLIENTADDR 338 +#define INHERIT 339 +#define REMOTE_ADDRESS 340 +#define EXCHANGE_MODE 341 +#define EXCHANGETYPE 342 +#define DOI 343 +#define DOITYPE 344 +#define SITUATION 345 +#define SITUATIONTYPE 346 +#define CERTIFICATE_TYPE 347 +#define CERTTYPE 348 +#define PEERS_CERTFILE 349 +#define CA_TYPE 350 +#define VERIFY_CERT 351 +#define SEND_CERT 352 +#define SEND_CR 353 +#define MATCH_EMPTY_CR 354 +#define IDENTIFIERTYPE 355 +#define IDENTIFIERQUAL 356 +#define MY_IDENTIFIER 357 +#define PEERS_IDENTIFIER 358 +#define VERIFY_IDENTIFIER 359 +#define DNSSEC 360 +#define CERT_X509 361 +#define CERT_PLAINRSA 362 +#define NONCE_SIZE 363 +#define DH_GROUP 364 +#define KEEPALIVE 365 +#define PASSIVE 366 +#define INITIAL_CONTACT 367 +#define NAT_TRAVERSAL 368 +#define REMOTE_FORCE_LEVEL 369 +#define PROPOSAL_CHECK 370 +#define PROPOSAL_CHECK_LEVEL 371 +#define GENERATE_POLICY 372 +#define GENERATE_LEVEL 373 +#define SUPPORT_PROXY 374 +#define PROPOSAL 375 +#define EXEC_PATH 376 +#define EXEC_COMMAND 377 +#define EXEC_SUCCESS 378 +#define EXEC_FAILURE 379 +#define GSS_ID 380 +#define GSS_ID_ENC 381 +#define GSS_ID_ENCTYPE 382 +#define COMPLEX_BUNDLE 383 +#define DPD 384 +#define DPD_DELAY 385 +#define DPD_RETRY 386 +#define DPD_MAXFAIL 387 +#define PH1ID 388 +#define XAUTH_LOGIN 389 +#define WEAK_PHASE1_CHECK 390 +#define REKEY 391 +#define PREFIX 392 +#define PORT 393 +#define PORTANY 394 +#define UL_PROTO 395 +#define ANY 396 +#define IKE_FRAG 397 +#define ESP_FRAG 398 +#define MODE_CFG 399 +#define PFS_GROUP 400 +#define LIFETIME 401 +#define LIFETYPE_TIME 402 +#define LIFETYPE_BYTE 403 +#define STRENGTH 404 +#define REMOTEID 405 +#define SCRIPT 406 +#define PHASE1_UP 407 +#define PHASE1_DOWN 408 +#define PHASE1_DEAD 409 +#define NUMBER 410 +#define SWITCH 411 +#define BOOLEAN 412 +#define HEXSTRING 413 +#define QUOTEDSTRING 414 +#define ADDRSTRING 415 +#define ADDRRANGE 416 +#define UNITTYPE_BYTE 417 +#define UNITTYPE_KBYTES 418 +#define UNITTYPE_MBYTES 419 +#define UNITTYPE_TBYTES 420 +#define UNITTYPE_SEC 421 +#define UNITTYPE_MIN 422 +#define UNITTYPE_HOUR 423 +#define EOS 424 +#define BOC 425 +#define EOC 426 +#define COMMA 427 +#define YYERRCODE 256 +typedef int YYINT; +static const YYINT racoonyylhs[] = { -1, + 0, 0, 14, 14, 14, 14, 14, 14, 14, 14, + 14, 14, 14, 14, 14, 14, 14, 15, 30, 30, + 32, 31, 33, 31, 34, 31, 35, 31, 36, 31, + 37, 16, 38, 29, 17, 18, 19, 20, 39, 21, + 40, 40, 42, 41, 43, 41, 44, 41, 45, 41, + 46, 41, 22, 47, 47, 49, 48, 50, 48, 51, + 48, 52, 48, 53, 48, 54, 48, 12, 5, 5, + 55, 24, 56, 56, 58, 57, 59, 57, 60, 57, + 61, 57, 62, 57, 63, 57, 64, 23, 65, 65, + 67, 66, 68, 66, 69, 66, 70, 66, 71, 66, + 72, 66, 73, 66, 74, 66, 75, 66, 76, 66, + 77, 66, 78, 66, 25, 79, 79, 81, 80, 82, + 80, 80, 80, 86, 80, 87, 80, 89, 80, 90, + 80, 91, 80, 92, 80, 93, 80, 94, 80, 96, + 80, 97, 80, 98, 80, 99, 80, 100, 80, 101, + 80, 102, 80, 103, 80, 104, 80, 105, 80, 106, + 80, 107, 80, 108, 80, 109, 80, 110, 80, 83, + 83, 111, 84, 84, 112, 85, 85, 113, 95, 95, + 114, 88, 88, 115, 26, 116, 116, 118, 117, 119, + 117, 120, 117, 121, 117, 122, 117, 123, 117, 125, + 128, 27, 124, 124, 124, 124, 124, 124, 9, 9, + 9, 126, 126, 126, 127, 127, 130, 129, 131, 129, + 132, 129, 133, 129, 135, 129, 134, 136, 134, 13, + 3, 3, 4, 4, 4, 6, 6, 6, 1, 1, + 138, 28, 140, 28, 141, 28, 142, 28, 137, 137, + 139, 11, 11, 143, 143, 145, 144, 147, 144, 148, + 144, 149, 144, 144, 151, 144, 152, 144, 153, 144, + 154, 144, 155, 144, 156, 144, 157, 144, 158, 144, + 159, 144, 160, 144, 161, 144, 162, 144, 163, 144, + 164, 144, 165, 144, 166, 144, 167, 144, 168, 144, + 169, 144, 170, 144, 171, 144, 172, 144, 173, 144, + 174, 144, 175, 144, 176, 144, 177, 144, 178, 144, + 179, 144, 180, 144, 181, 144, 182, 144, 183, 144, + 184, 144, 185, 144, 186, 144, 187, 144, 188, 144, + 189, 144, 190, 144, 191, 144, 192, 144, 193, 144, + 146, 146, 195, 150, 196, 150, 2, 2, 10, 10, + 10, 194, 194, 198, 197, 199, 197, 200, 197, 201, + 197, 202, 197, 7, 7, 7, 8, 8, 8, 8, +}; +static const YYINT racoonyylen[] = { 2, + 0, 2, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 4, 0, 2, + 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 5, 0, 4, 3, 3, 3, 3, 1, 4, + 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 4, 0, 2, 0, 4, 0, 4, 0, + 7, 0, 4, 0, 4, 0, 3, 2, 0, 1, + 0, 5, 0, 2, 0, 5, 0, 6, 0, 5, + 0, 6, 0, 4, 0, 4, 0, 5, 0, 2, + 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 4, 4, 0, 2, 0, 4, 0, + 4, 3, 3, 0, 5, 0, 5, 0, 4, 0, + 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, + 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, + 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, + 4, 0, 4, 0, 4, 0, 4, 0, 4, 1, + 3, 1, 1, 3, 1, 1, 3, 2, 1, 3, + 1, 1, 3, 1, 4, 0, 2, 0, 4, 0, + 5, 0, 4, 0, 5, 0, 5, 0, 5, 0, + 0, 8, 1, 2, 2, 2, 2, 2, 5, 6, + 2, 0, 3, 2, 0, 2, 0, 4, 0, 4, + 0, 6, 0, 6, 0, 4, 1, 0, 4, 2, + 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, + 0, 6, 0, 4, 0, 6, 0, 4, 1, 1, + 3, 2, 1, 0, 2, 0, 4, 0, 4, 0, + 4, 0, 4, 2, 0, 4, 0, 5, 0, 5, + 0, 4, 0, 5, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 5, 0, 6, 0, 4, 0, 5, + 0, 6, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 4, 0, 4, 0, 5, 0, 5, + 0, 5, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, + 0, 4, 0, 6, 0, 4, 0, 6, 0, 5, + 0, 2, 0, 5, 0, 4, 1, 1, 0, 1, + 1, 0, 2, 0, 6, 0, 6, 0, 4, 0, + 4, 0, 5, 1, 1, 1, 1, 1, 1, 1, +}; +static const YYINT racoonyydefred[] = { 1, + 0, 0, 0, 0, 0, 0, 0, 0, 87, 71, + 0, 0, 200, 0, 0, 0, 2, 3, 4, 5, + 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 19, 0, 0, 0, 39, 0, 41, 54, + 0, 0, 116, 186, 0, 0, 0, 0, 0, 253, + 0, 33, 0, 31, 35, 36, 38, 0, 0, 89, + 73, 0, 0, 0, 0, 0, 0, 70, 252, 0, + 0, 68, 0, 0, 37, 0, 0, 0, 0, 18, + 20, 0, 0, 0, 0, 0, 0, 40, 42, 0, + 0, 66, 0, 53, 55, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 115, 117, 0, 0, 0, 0, + 0, 0, 185, 187, 204, 205, 211, 0, 206, 207, + 208, 0, 0, 0, 241, 254, 244, 245, 248, 34, + 23, 21, 27, 25, 29, 32, 43, 45, 47, 49, + 51, 56, 58, 0, 64, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 88, 90, + 0, 0, 0, 0, 72, 74, 118, 120, 172, 0, + 0, 175, 0, 0, 130, 132, 134, 136, 138, 181, + 140, 0, 142, 144, 148, 150, 152, 146, 164, 166, + 162, 168, 154, 160, 0, 0, 184, 128, 0, 156, + 158, 188, 0, 192, 0, 0, 0, 232, 0, 0, + 214, 0, 215, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 67, 0, + 0, 0, 93, 95, 91, 97, 101, 103, 99, 105, + 107, 109, 111, 113, 0, 0, 83, 85, 0, 0, + 122, 0, 123, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, + 0, 0, 374, 375, 376, 190, 0, 194, 196, 198, + 0, 234, 235, 0, 361, 360, 213, 0, 250, 242, + 249, 0, 258, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 297, 0, 0, 0, + 0, 0, 0, 349, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 251, 255, 246, + 24, 22, 28, 26, 30, 44, 46, 48, 50, 52, + 57, 59, 65, 0, 63, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 75, 0, + 79, 0, 0, 119, 121, 171, 174, 131, 133, 135, + 137, 139, 141, 180, 143, 145, 149, 151, 153, 147, + 165, 167, 163, 169, 155, 161, 178, 0, 0, 0, + 129, 183, 157, 159, 189, 0, 193, 0, 0, 0, + 0, 237, 238, 236, 209, 225, 0, 0, 0, 0, + 216, 256, 351, 260, 262, 0, 0, 264, 271, 0, + 0, 265, 0, 275, 277, 279, 281, 0, 0, 293, + 295, 0, 299, 323, 327, 325, 345, 319, 317, 321, + 0, 329, 331, 333, 335, 341, 287, 315, 339, 337, + 303, 301, 305, 313, 0, 0, 0, 60, 94, 96, + 92, 98, 102, 104, 100, 106, 108, 110, 112, 114, + 77, 0, 81, 0, 84, 86, 177, 125, 127, 191, + 195, 197, 199, 210, 0, 357, 358, 217, 0, 0, + 219, 202, 0, 0, 0, 0, 0, 355, 0, 267, + 269, 0, 273, 0, 0, 0, 0, 0, 283, 0, + 289, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 362, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 307, 309, + 311, 0, 0, 76, 0, 80, 0, 0, 0, 0, + 0, 0, 0, 257, 352, 259, 261, 263, 353, 0, + 272, 0, 0, 266, 0, 276, 278, 280, 282, 285, + 0, 291, 0, 294, 296, 298, 300, 324, 328, 326, + 346, 320, 318, 322, 0, 330, 332, 334, 336, 342, + 288, 316, 340, 338, 304, 302, 306, 314, 343, 377, + 378, 379, 380, 347, 0, 0, 0, 61, 78, 82, + 240, 230, 0, 226, 218, 221, 223, 220, 0, 356, + 268, 270, 274, 0, 284, 0, 290, 0, 0, 0, + 0, 350, 363, 0, 0, 308, 310, 312, 0, 0, + 0, 354, 286, 292, 0, 368, 370, 0, 0, 344, + 348, 229, 222, 224, 372, 0, 0, 0, 0, 0, + 369, 371, 364, 366, 373, 0, 0, 365, 367, +}; +static const YYINT racoonyydgoto[] = { 1, + 632, 508, 220, 304, 69, 425, 296, 624, 66, 307, + 49, 50, 568, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, 28, 29, 30, 31, 32, 53, + 81, 228, 227, 230, 229, 231, 82, 76, 38, 58, + 89, 232, 233, 234, 235, 236, 59, 95, 237, 238, + 562, 242, 240, 154, 42, 97, 176, 492, 563, 494, + 565, 382, 383, 41, 96, 170, 368, 366, 367, 369, + 372, 370, 371, 373, 374, 375, 376, 377, 62, 116, + 259, 260, 180, 183, 285, 409, 410, 208, 288, 265, + 266, 267, 268, 269, 191, 270, 272, 273, 277, 274, + 275, 276, 282, 290, 291, 283, 280, 278, 279, 281, + 181, 184, 286, 192, 209, 63, 124, 292, 416, 297, + 418, 419, 420, 67, 45, 134, 308, 430, 431, 570, + 573, 660, 661, 569, 505, 633, 310, 224, 311, 71, + 226, 74, 225, 349, 513, 514, 433, 515, 516, 438, + 522, 582, 583, 519, 585, 524, 525, 526, 527, 591, + 644, 549, 593, 646, 532, 533, 452, 535, 554, 553, + 555, 625, 626, 627, 556, 550, 541, 540, 542, 536, + 538, 537, 544, 545, 546, 547, 552, 551, 548, 654, + 539, 655, 461, 605, 639, 580, 653, 686, 687, 676, + 677, 680, +}; +static const YYINT racoonyysindex[] = { 0, + -193, -348, -174, -292, -306, -130, -266, -246, 0, 0, + -244, -234, 0, -268, -217, -216, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -264, -220, -191, 0, -168, 0, 0, + -219, -196, 0, 0, -252, -185, -146, -185, -108, 0, + -164, 0, -251, 0, 0, 0, 0, -257, -258, 0, + 0, -256, -275, -231, -321, -242, -218, 0, 0, -171, + -163, 0, -255, -163, 0, -159, -284, -282, -143, 0, + 0, -152, -138, -137, -134, -132, -131, 0, 0, -128, + -128, 0, -261, 0, 0, -260, -259, -127, -126, -125, + -124, -129, -122, -121, -200, -209, -136, -120, -118, -115, + -165, -117, -114, -113, 0, 0, -111, -110, -109, -106, + -105, -104, 0, 0, 0, 0, 0, -308, 0, 0, + 0, -112, -80, -148, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -142, 0, -103, -102, -101, -100, -99, + -98, -97, -93, -95, -94, -92, -91, -90, 0, 0, + -89, -88, -96, -83, 0, 0, 0, 0, 0, -141, + -149, 0, -116, -86, 0, 0, 0, 0, 0, 0, + 0, -84, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, -85, -85, 0, 0, -82, 0, + 0, 0, -201, 0, -201, -201, -201, 0, -79, -195, + 0, -199, 0, -172, -140, -172, -78, -77, -76, -75, + -74, -73, -72, -71, -70, -69, -67, -66, 0, -65, + -81, -64, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, -265, -262, 0, 0, -63, -62, + 0, -125, 0, -124, -61, -60, -59, -58, -57, -56, + -121, -55, -54, -53, -52, -51, -50, -49, -48, -47, + -46, -45, -44, -11, -43, 0, -43, -42, -117, -41, + -39, -38, 0, 0, 0, 0, -37, 0, 0, 0, + -195, 0, 0, -238, 0, 0, 0, -289, 0, 0, + 0, -128, 0, -23, -18, -107, -270, -32, -22, -21, + -20, -19, -24, -17, -16, -14, 0, -13, -12, -293, + -68, -310, -10, 0, -9, -7, -6, -5, -4, -199, + -3, -288, -286, -1, 1, -139, -26, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 3, 0, -31, -30, -27, -8, -2, + 2, 4, 5, 6, 7, 8, 9, 10, 0, 11, + 0, 12, 13, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -85, 14, 15, + 0, 0, 0, 0, 0, 16, 0, 17, 18, 19, + -238, 0, 0, 0, 0, 0, -254, -135, 24, -145, + 0, 0, 0, 0, 0, 21, 30, 0, 0, 31, + 32, 0, 33, 0, 0, 0, 0, -281, -277, 0, + 0, -254, 0, 0, 0, 0, 0, 0, 0, 0, + -25, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 38, 39, -167, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 26, 0, 27, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 75, 0, 0, 0, 42, 43, + 0, 0, 34, -303, 35, 36, 40, 0, 37, 0, + 0, 41, 0, 44, 45, 46, 47, -199, 0, -199, + 0, 48, 49, 50, 51, 52, 53, 54, 55, 56, + 57, 58, 0, 59, 60, 61, 62, 64, 65, 66, + 67, 68, 69, 70, 71, 72, -201, -181, 0, 0, + 0, 73, 74, 0, 76, 0, 77, 0, 78, 79, + -201, -181, 80, 0, 0, 0, 0, 0, 0, 81, + 0, 82, 83, 0, 84, 0, 0, 0, 0, 0, + 85, 0, 86, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, -291, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 87, 88, 89, 0, 0, 0, + 0, 0, 28, 0, 0, 0, 0, 0, 90, 0, + 0, 0, 0, 91, 0, 92, 0, 95, -254, 103, + -133, 0, 0, 94, 96, 0, 0, 0, 75, 97, + 98, 0, 0, 0, 77, 0, 0, 109, 113, 0, + 0, 0, 0, 0, 0, 100, 101, -201, -181, 102, + 0, 0, 0, 0, 0, 104, 105, 0, 0, +}; +static const YYINT racoonyyrindex[] = { 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, -305, -15, -305, 106, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -249, 0, 0, 107, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -232, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 110, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 111, 0, 0, 112, 0, 0, 0, 0, 0, 0, + 0, 114, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, + 0, 0, 0, 0, 0, 0, 0, 0, -232, -213, + 0, 108, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 116, 0, 117, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + -213, 0, 0, 0, 0, 0, 0, -119, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, -70, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -70, -70, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -70, 0, -70, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, -285, -247, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, -142, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, +}; +static const YYINT racoonyygindex[] = { 0, + -381, -447, 120, 119, 284, 121, -215, -539, 63, -334, + 261, -87, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 149, 150, 129, 0, 0, 126, 0, 0, + 0, 0, 0, 0, 146, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 93, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -323, 0, 0, 192, 0, 118, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, +}; +#define YYTABLESIZE 542 +static const YYINT racoonyytable[] = { 298, + 299, 300, 152, 153, 534, 467, 77, 78, 79, 203, + 83, 84, 85, 86, 87, 90, 91, 155, 92, 93, + 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, + 167, 168, 637, 69, 171, 172, 173, 174, 575, 648, + 132, 426, 98, 99, 100, 101, 102, 103, 104, 117, + 118, 119, 120, 121, 122, 105, 106, 107, 108, 109, + 110, 111, 458, 2, 112, 113, 114, 3, 46, 4, + 5, 6, 649, 7, 528, 455, 33, 506, 530, 8, + 469, 46, 471, 218, 64, 203, 9, 34, 650, 439, + 440, 441, 127, 128, 129, 130, 195, 196, 197, 10, + 459, 198, 65, 36, 11, 193, 125, 219, 194, 651, + 427, 428, 65, 529, 531, 429, 133, 456, 69, 69, + 576, 35, 470, 65, 472, 141, 126, 143, 131, 142, + 12, 144, 305, 306, 652, 37, 305, 306, 239, 684, + 13, 239, 14, 442, 378, 47, 48, 380, 379, 54, + 123, 381, 156, 205, 206, 507, 422, 423, 39, 48, + 231, 231, 231, 231, 51, 169, 175, 94, 88, 115, + 199, 424, 200, 201, 80, 203, 227, 231, 40, 228, + 43, 233, 233, 186, 187, 188, 189, 15, 137, 16, + 44, 139, 70, 590, 52, 592, 233, 302, 303, 312, + 313, 666, 314, 55, 315, 60, 316, 68, 317, 318, + 319, 320, 321, 322, 305, 306, 323, 324, 325, 293, + 294, 295, 326, 327, 432, 328, 329, 330, 61, 331, + 73, 332, 56, 333, 334, 620, 621, 622, 623, 559, + 560, 561, 135, 335, 336, 337, 338, 339, 340, 341, + 342, 309, 136, 436, 437, 57, 343, 344, 345, 75, + 346, 136, 475, 476, 140, 347, 509, 510, 668, 669, + 145, 146, 147, 148, 222, 149, 223, 262, 150, 151, + 512, 239, 261, 675, 185, 348, 48, 177, 178, 179, + 182, 203, 190, 202, 204, 210, 207, 211, 212, 213, + 214, 221, 457, 215, 216, 217, 201, 263, 244, 245, + 241, 243, 218, 257, 246, 247, 248, 249, 250, 251, + 434, 252, 253, 254, 255, 256, 258, 435, 443, 284, + 448, 72, 364, 138, 287, 672, 0, 449, 301, 0, + 264, 619, 271, 0, 289, 351, 352, 353, 354, 355, + 356, 357, 358, 359, 360, 636, 361, 362, 363, 365, + 384, 385, 388, 389, 390, 391, 392, 393, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 411, 413, 408, 414, 415, 417, 477, 444, 445, + 446, 447, 479, 480, 450, 451, 481, 453, 454, 543, + 460, 462, 463, 464, 465, 466, 567, 468, 473, 243, + 386, 474, 478, 387, 412, 482, 394, 350, 0, 421, + 0, 483, 0, 491, 493, 484, 665, 485, 486, 487, + 488, 489, 490, 511, 517, 495, 496, 498, 499, 500, + 501, 502, 503, 518, 520, 521, 523, 557, 558, 564, + 566, 571, 572, 579, 659, 0, 0, 574, 577, 578, + 581, 0, 683, 0, 584, 0, 0, 586, 587, 588, + 589, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 606, 607, 608, 609, 631, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 628, 629, 0, 630, + 497, 634, 635, 638, 640, 641, 642, 643, 645, 647, + 656, 657, 658, 662, 663, 664, 667, 670, 678, 671, + 673, 674, 679, 681, 682, 685, 0, 688, 689, 0, + 247, 212, 359, 62, 170, 173, 0, 179, 182, 124, + 126, 504, +}; +static const YYINT racoonyycheck[] = { 215, + 216, 217, 90, 91, 452, 340, 258, 259, 260, 259, + 268, 269, 270, 271, 272, 274, 275, 279, 277, 278, + 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, + 291, 292, 572, 339, 294, 295, 296, 297, 342, 331, + 259, 331, 299, 300, 301, 302, 303, 304, 305, 325, + 326, 327, 328, 329, 330, 312, 313, 314, 315, 316, + 317, 318, 373, 257, 321, 322, 323, 261, 337, 263, + 264, 265, 364, 267, 356, 369, 425, 332, 356, 273, + 369, 337, 369, 392, 337, 335, 280, 262, 380, 360, + 361, 362, 414, 415, 337, 338, 306, 307, 308, 293, + 411, 311, 355, 410, 298, 306, 338, 416, 309, 401, + 400, 401, 355, 448, 449, 405, 335, 411, 424, 425, + 424, 414, 411, 355, 411, 410, 64, 410, 66, 414, + 324, 414, 414, 415, 426, 266, 414, 415, 424, 679, + 334, 427, 336, 414, 410, 414, 415, 410, 414, 414, + 426, 414, 414, 319, 320, 410, 395, 396, 425, 415, + 393, 394, 395, 396, 382, 426, 426, 426, 426, 426, + 307, 410, 309, 310, 426, 425, 424, 410, 425, 427, + 425, 395, 396, 306, 307, 308, 309, 381, 71, 383, + 425, 74, 339, 528, 411, 530, 410, 393, 394, 340, + 341, 649, 343, 424, 345, 425, 347, 393, 349, 350, + 351, 352, 353, 354, 414, 415, 357, 358, 359, 421, + 422, 423, 363, 364, 312, 366, 367, 368, 425, 370, + 339, 372, 424, 374, 375, 417, 418, 419, 420, 407, + 408, 409, 414, 384, 385, 386, 387, 388, 389, 390, + 391, 424, 425, 361, 362, 424, 397, 398, 399, 424, + 401, 425, 402, 403, 424, 406, 402, 403, 402, 403, + 414, 424, 411, 411, 355, 410, 425, 427, 411, 411, + 426, 424, 424, 665, 414, 426, 415, 415, 415, 415, + 415, 410, 414, 414, 410, 410, 414, 411, 410, 410, + 410, 414, 371, 410, 410, 410, 426, 424, 410, 410, + 414, 414, 392, 410, 414, 414, 414, 411, 414, 414, + 344, 414, 414, 414, 414, 414, 410, 346, 361, 415, + 355, 48, 414, 73, 206, 659, -1, 355, 219, -1, + 427, 557, 427, -1, 427, 424, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 571, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, + 392, 424, 424, 427, 424, 424, 424, 414, 411, 411, + 411, 411, 424, 424, 411, 410, 424, 411, 411, 425, + 411, 411, 410, 410, 410, 410, 332, 411, 410, 425, + 262, 411, 410, 264, 289, 424, 271, 226, -1, 301, + -1, 424, -1, 414, 414, 424, 332, 424, 424, 424, + 424, 424, 424, 410, 414, 424, 424, 424, 424, 424, + 424, 424, 424, 414, 414, 414, 414, 410, 410, 424, + 424, 410, 410, 414, 427, -1, -1, 424, 424, 424, + 424, -1, 678, -1, 424, -1, -1, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 410, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 424, 424, -1, 424, + 408, 424, 424, 424, 424, 424, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 414, 424, 410, 424, + 424, 424, 410, 424, 424, 424, -1, 424, 424, -1, + 425, 425, 425, 424, 424, 424, -1, 424, 424, 424, + 424, 421, +}; +#define YYFINAL 1 +#ifndef YYDEBUG +#define YYDEBUG 0 #endif +#define YYMAXTOKEN 427 +#define YYUNDFTOKEN 632 +#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) +#if YYDEBUG +static const char *const racoonyyname[] = { + +"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"PRIVSEP","USER","GROUP","CHROOT", +"PATH","PATHTYPE","INCLUDE","PFKEY_BUFFER","LOGGING","LOGLEV","PADDING", +"PAD_RANDOMIZE","PAD_RANDOMIZELEN","PAD_MAXLEN","PAD_STRICT","PAD_EXCLTAIL", +"LISTEN","X_ISAKMP","X_ISAKMP_NATT","X_ADMIN","STRICT_ADDRESS","ADMINSOCK", +"DISABLED","LDAPCFG","LDAP_HOST","LDAP_PORT","LDAP_PVER","LDAP_BASE", +"LDAP_BIND_DN","LDAP_BIND_PW","LDAP_SUBTREE","LDAP_ATTR_USER","LDAP_ATTR_ADDR", +"LDAP_ATTR_MASK","LDAP_ATTR_GROUP","LDAP_ATTR_MEMBER","RADCFG","RAD_AUTH", +"RAD_ACCT","RAD_TIMEOUT","RAD_RETRIES","MODECFG","CFG_NET4","CFG_MASK4", +"CFG_DNS4","CFG_NBNS4","CFG_DEFAULT_DOMAIN","CFG_AUTH_SOURCE","CFG_AUTH_GROUPS", +"CFG_SYSTEM","CFG_RADIUS","CFG_PAM","CFG_LDAP","CFG_LOCAL","CFG_NONE", +"CFG_GROUP_SOURCE","CFG_ACCOUNTING","CFG_CONF_SOURCE","CFG_MOTD", +"CFG_POOL_SIZE","CFG_AUTH_THROTTLE","CFG_SPLIT_NETWORK","CFG_SPLIT_LOCAL", +"CFG_SPLIT_INCLUDE","CFG_SPLIT_DNS","CFG_PFS_GROUP","CFG_SAVE_PASSWD","RETRY", +"RETRY_COUNTER","RETRY_INTERVAL","RETRY_PERSEND","RETRY_PHASE1","RETRY_PHASE2", +"NATT_KA","ALGORITHM_CLASS","ALGORITHMTYPE","STRENGTHTYPE","SAINFO","FROM", +"REMOTE","ANONYMOUS","CLIENTADDR","INHERIT","REMOTE_ADDRESS","EXCHANGE_MODE", +"EXCHANGETYPE","DOI","DOITYPE","SITUATION","SITUATIONTYPE","CERTIFICATE_TYPE", +"CERTTYPE","PEERS_CERTFILE","CA_TYPE","VERIFY_CERT","SEND_CERT","SEND_CR", +"MATCH_EMPTY_CR","IDENTIFIERTYPE","IDENTIFIERQUAL","MY_IDENTIFIER", +"PEERS_IDENTIFIER","VERIFY_IDENTIFIER","DNSSEC","CERT_X509","CERT_PLAINRSA", +"NONCE_SIZE","DH_GROUP","KEEPALIVE","PASSIVE","INITIAL_CONTACT","NAT_TRAVERSAL", +"REMOTE_FORCE_LEVEL","PROPOSAL_CHECK","PROPOSAL_CHECK_LEVEL","GENERATE_POLICY", +"GENERATE_LEVEL","SUPPORT_PROXY","PROPOSAL","EXEC_PATH","EXEC_COMMAND", +"EXEC_SUCCESS","EXEC_FAILURE","GSS_ID","GSS_ID_ENC","GSS_ID_ENCTYPE", +"COMPLEX_BUNDLE","DPD","DPD_DELAY","DPD_RETRY","DPD_MAXFAIL","PH1ID", +"XAUTH_LOGIN","WEAK_PHASE1_CHECK","REKEY","PREFIX","PORT","PORTANY","UL_PROTO", +"ANY","IKE_FRAG","ESP_FRAG","MODE_CFG","PFS_GROUP","LIFETIME","LIFETYPE_TIME", +"LIFETYPE_BYTE","STRENGTH","REMOTEID","SCRIPT","PHASE1_UP","PHASE1_DOWN", +"PHASE1_DEAD","NUMBER","SWITCH","BOOLEAN","HEXSTRING","QUOTEDSTRING", +"ADDRSTRING","ADDRRANGE","UNITTYPE_BYTE","UNITTYPE_KBYTES","UNITTYPE_MBYTES", +"UNITTYPE_TBYTES","UNITTYPE_SEC","UNITTYPE_MIN","UNITTYPE_HOUR","EOS","BOC", +"EOC","COMMA",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol", +}; +static const char *const racoonyyrule[] = { +"$accept : statements", +"statements :", +"statements : statements statement", +"statement : privsep_statement", +"statement : path_statement", +"statement : include_statement", +"statement : pfkey_statement", +"statement : gssenc_statement", +"statement : logging_statement", +"statement : padding_statement", +"statement : listen_statement", +"statement : ldapcfg_statement", +"statement : radcfg_statement", +"statement : modecfg_statement", +"statement : timer_statement", +"statement : sainfo_statement", +"statement : remote_statement", +"statement : special_statement", +"privsep_statement : PRIVSEP BOC privsep_stmts EOC", +"privsep_stmts :", +"privsep_stmts : privsep_stmts privsep_stmt", +"$$1 :", +"privsep_stmt : USER QUOTEDSTRING $$1 EOS", +"$$2 :", +"privsep_stmt : USER NUMBER $$2 EOS", +"$$3 :", +"privsep_stmt : GROUP QUOTEDSTRING $$3 EOS", +"$$4 :", +"privsep_stmt : GROUP NUMBER $$4 EOS", +"$$5 :", +"privsep_stmt : CHROOT QUOTEDSTRING $$5 EOS", +"$$6 :", +"path_statement : PATH PATHTYPE QUOTEDSTRING $$6 EOS", +"$$7 :", +"special_statement : COMPLEX_BUNDLE SWITCH $$7 EOS", +"include_statement : INCLUDE QUOTEDSTRING EOS", +"pfkey_statement : PFKEY_BUFFER NUMBER EOS", +"gssenc_statement : GSS_ID_ENC GSS_ID_ENCTYPE EOS", +"logging_statement : LOGGING log_level EOS", +"log_level : LOGLEV", +"padding_statement : PADDING BOC padding_stmts EOC", +"padding_stmts :", +"padding_stmts : padding_stmts padding_stmt", +"$$8 :", +"padding_stmt : PAD_RANDOMIZE SWITCH $$8 EOS", +"$$9 :", +"padding_stmt : PAD_RANDOMIZELEN SWITCH $$9 EOS", +"$$10 :", +"padding_stmt : PAD_MAXLEN NUMBER $$10 EOS", +"$$11 :", +"padding_stmt : PAD_STRICT SWITCH $$11 EOS", +"$$12 :", +"padding_stmt : PAD_EXCLTAIL SWITCH $$12 EOS", +"listen_statement : LISTEN BOC listen_stmts EOC", +"listen_stmts :", +"listen_stmts : listen_stmts listen_stmt", +"$$13 :", +"listen_stmt : X_ISAKMP ike_addrinfo_port $$13 EOS", +"$$14 :", +"listen_stmt : X_ISAKMP_NATT ike_addrinfo_port $$14 EOS", +"$$15 :", +"listen_stmt : ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER $$15 EOS", +"$$16 :", +"listen_stmt : ADMINSOCK QUOTEDSTRING $$16 EOS", +"$$17 :", +"listen_stmt : ADMINSOCK DISABLED $$17 EOS", +"$$18 :", +"listen_stmt : STRICT_ADDRESS $$18 EOS", +"ike_addrinfo_port : ADDRSTRING ike_port", +"ike_port :", +"ike_port : PORT", +"$$19 :", +"radcfg_statement : RADCFG $$19 BOC radcfg_stmts EOC", +"radcfg_stmts :", +"radcfg_stmts : radcfg_stmts radcfg_stmt", +"$$20 :", +"radcfg_stmt : RAD_AUTH QUOTEDSTRING QUOTEDSTRING $$20 EOS", +"$$21 :", +"radcfg_stmt : RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING $$21 EOS", +"$$22 :", +"radcfg_stmt : RAD_ACCT QUOTEDSTRING QUOTEDSTRING $$22 EOS", +"$$23 :", +"radcfg_stmt : RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING $$23 EOS", +"$$24 :", +"radcfg_stmt : RAD_TIMEOUT NUMBER $$24 EOS", +"$$25 :", +"radcfg_stmt : RAD_RETRIES NUMBER $$25 EOS", +"$$26 :", +"ldapcfg_statement : LDAPCFG $$26 BOC ldapcfg_stmts EOC", +"ldapcfg_stmts :", +"ldapcfg_stmts : ldapcfg_stmts ldapcfg_stmt", +"$$27 :", +"ldapcfg_stmt : LDAP_PVER NUMBER $$27 EOS", +"$$28 :", +"ldapcfg_stmt : LDAP_HOST QUOTEDSTRING $$28 EOS", +"$$29 :", +"ldapcfg_stmt : LDAP_PORT NUMBER $$29 EOS", +"$$30 :", +"ldapcfg_stmt : LDAP_BASE QUOTEDSTRING $$30 EOS", +"$$31 :", +"ldapcfg_stmt : LDAP_SUBTREE SWITCH $$31 EOS", +"$$32 :", +"ldapcfg_stmt : LDAP_BIND_DN QUOTEDSTRING $$32 EOS", +"$$33 :", +"ldapcfg_stmt : LDAP_BIND_PW QUOTEDSTRING $$33 EOS", +"$$34 :", +"ldapcfg_stmt : LDAP_ATTR_USER QUOTEDSTRING $$34 EOS", +"$$35 :", +"ldapcfg_stmt : LDAP_ATTR_ADDR QUOTEDSTRING $$35 EOS", +"$$36 :", +"ldapcfg_stmt : LDAP_ATTR_MASK QUOTEDSTRING $$36 EOS", +"$$37 :", +"ldapcfg_stmt : LDAP_ATTR_GROUP QUOTEDSTRING $$37 EOS", +"$$38 :", +"ldapcfg_stmt : LDAP_ATTR_MEMBER QUOTEDSTRING $$38 EOS", +"modecfg_statement : MODECFG BOC modecfg_stmts EOC", +"modecfg_stmts :", +"modecfg_stmts : modecfg_stmts modecfg_stmt", +"$$39 :", +"modecfg_stmt : CFG_NET4 ADDRSTRING $$39 EOS", +"$$40 :", +"modecfg_stmt : CFG_MASK4 ADDRSTRING $$40 EOS", +"modecfg_stmt : CFG_DNS4 addrdnslist EOS", +"modecfg_stmt : CFG_NBNS4 addrwinslist EOS", +"$$41 :", +"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL splitnetlist $$41 EOS", +"$$42 :", +"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_INCLUDE splitnetlist $$42 EOS", +"$$43 :", +"modecfg_stmt : CFG_SPLIT_DNS splitdnslist $$43 EOS", +"$$44 :", +"modecfg_stmt : CFG_DEFAULT_DOMAIN QUOTEDSTRING $$44 EOS", +"$$45 :", +"modecfg_stmt : CFG_AUTH_SOURCE CFG_SYSTEM $$45 EOS", +"$$46 :", +"modecfg_stmt : CFG_AUTH_SOURCE CFG_RADIUS $$46 EOS", +"$$47 :", +"modecfg_stmt : CFG_AUTH_SOURCE CFG_PAM $$47 EOS", +"$$48 :", +"modecfg_stmt : CFG_AUTH_SOURCE CFG_LDAP $$48 EOS", +"$$49 :", +"modecfg_stmt : CFG_AUTH_GROUPS authgrouplist $$49 EOS", +"$$50 :", +"modecfg_stmt : CFG_GROUP_SOURCE CFG_SYSTEM $$50 EOS", +"$$51 :", +"modecfg_stmt : CFG_GROUP_SOURCE CFG_LDAP $$51 EOS", +"$$52 :", +"modecfg_stmt : CFG_ACCOUNTING CFG_NONE $$52 EOS", +"$$53 :", +"modecfg_stmt : CFG_ACCOUNTING CFG_SYSTEM $$53 EOS", +"$$54 :", +"modecfg_stmt : CFG_ACCOUNTING CFG_RADIUS $$54 EOS", +"$$55 :", +"modecfg_stmt : CFG_ACCOUNTING CFG_PAM $$55 EOS", +"$$56 :", +"modecfg_stmt : CFG_POOL_SIZE NUMBER $$56 EOS", +"$$57 :", +"modecfg_stmt : CFG_PFS_GROUP NUMBER $$57 EOS", +"$$58 :", +"modecfg_stmt : CFG_SAVE_PASSWD SWITCH $$58 EOS", +"$$59 :", +"modecfg_stmt : CFG_AUTH_THROTTLE NUMBER $$59 EOS", +"$$60 :", +"modecfg_stmt : CFG_CONF_SOURCE CFG_LOCAL $$60 EOS", +"$$61 :", +"modecfg_stmt : CFG_CONF_SOURCE CFG_RADIUS $$61 EOS", +"$$62 :", +"modecfg_stmt : CFG_CONF_SOURCE CFG_LDAP $$62 EOS", +"$$63 :", +"modecfg_stmt : CFG_MOTD QUOTEDSTRING $$63 EOS", +"addrdnslist : addrdns", +"addrdnslist : addrdns COMMA addrdnslist", +"addrdns : ADDRSTRING", +"addrwinslist : addrwins", +"addrwinslist : addrwins COMMA addrwinslist", +"addrwins : ADDRSTRING", +"splitnetlist : splitnet", +"splitnetlist : splitnetlist COMMA splitnet", +"splitnet : ADDRSTRING PREFIX", +"authgrouplist : authgroup", +"authgrouplist : authgroup COMMA authgrouplist", +"authgroup : QUOTEDSTRING", +"splitdnslist : splitdns", +"splitdnslist : splitdns COMMA splitdnslist", +"splitdns : QUOTEDSTRING", +"timer_statement : RETRY BOC timer_stmts EOC", +"timer_stmts :", +"timer_stmts : timer_stmts timer_stmt", +"$$64 :", +"timer_stmt : RETRY_COUNTER NUMBER $$64 EOS", +"$$65 :", +"timer_stmt : RETRY_INTERVAL NUMBER unittype_time $$65 EOS", +"$$66 :", +"timer_stmt : RETRY_PERSEND NUMBER $$66 EOS", +"$$67 :", +"timer_stmt : RETRY_PHASE1 NUMBER unittype_time $$67 EOS", +"$$68 :", +"timer_stmt : RETRY_PHASE2 NUMBER unittype_time $$68 EOS", +"$$69 :", +"timer_stmt : NATT_KA NUMBER unittype_time $$69 EOS", +"$$70 :", +"$$71 :", +"sainfo_statement : SAINFO $$70 sainfo_name sainfo_param BOC sainfo_specs $$71 EOC", +"sainfo_name : ANONYMOUS", +"sainfo_name : ANONYMOUS CLIENTADDR", +"sainfo_name : ANONYMOUS sainfo_id", +"sainfo_name : sainfo_id ANONYMOUS", +"sainfo_name : sainfo_id CLIENTADDR", +"sainfo_name : sainfo_id sainfo_id", +"sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto", +"sainfo_id : IDENTIFIERTYPE ADDRSTRING ADDRRANGE prefix port ul_proto", +"sainfo_id : IDENTIFIERTYPE QUOTEDSTRING", +"sainfo_param :", +"sainfo_param : FROM IDENTIFIERTYPE identifierstring", +"sainfo_param : GROUP QUOTEDSTRING", +"sainfo_specs :", +"sainfo_specs : sainfo_specs sainfo_spec", +"$$72 :", +"sainfo_spec : PFS_GROUP dh_group_num $$72 EOS", +"$$73 :", +"sainfo_spec : REMOTEID NUMBER $$73 EOS", +"$$74 :", +"sainfo_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$74 EOS", +"$$75 :", +"sainfo_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$75 EOS", +"$$76 :", +"sainfo_spec : ALGORITHM_CLASS $$76 algorithms EOS", +"algorithms : algorithm", +"$$77 :", +"algorithms : algorithm $$77 COMMA algorithms", +"algorithm : ALGORITHMTYPE keylength", +"prefix :", +"prefix : PREFIX", +"port :", +"port : PORT", +"port : PORTANY", +"ul_proto : NUMBER", +"ul_proto : UL_PROTO", +"ul_proto : ANY", +"keylength :", +"keylength : NUMBER", +"$$78 :", +"remote_statement : REMOTE QUOTEDSTRING INHERIT QUOTEDSTRING $$78 remote_specs_inherit_block", +"$$79 :", +"remote_statement : REMOTE QUOTEDSTRING $$79 remote_specs_block", +"$$80 :", +"remote_statement : REMOTE remote_index INHERIT remote_index $$80 remote_specs_inherit_block", +"$$81 :", +"remote_statement : REMOTE remote_index $$81 remote_specs_block", +"remote_specs_inherit_block : remote_specs_block", +"remote_specs_inherit_block : EOS", +"remote_specs_block : BOC remote_specs EOC", +"remote_index : ANONYMOUS ike_port", +"remote_index : ike_addrinfo_port", +"remote_specs :", +"remote_specs : remote_specs remote_spec", +"$$82 :", +"remote_spec : REMOTE_ADDRESS ike_addrinfo_port $$82 EOS", +"$$83 :", +"remote_spec : EXCHANGE_MODE $$83 exchange_types EOS", +"$$84 :", +"remote_spec : DOI DOITYPE $$84 EOS", +"$$85 :", +"remote_spec : SITUATION SITUATIONTYPE $$85 EOS", +"remote_spec : CERTIFICATE_TYPE cert_spec", +"$$86 :", +"remote_spec : PEERS_CERTFILE QUOTEDSTRING $$86 EOS", +"$$87 :", +"remote_spec : PEERS_CERTFILE CERT_X509 QUOTEDSTRING $$87 EOS", +"$$88 :", +"remote_spec : PEERS_CERTFILE CERT_PLAINRSA QUOTEDSTRING $$88 EOS", +"$$89 :", +"remote_spec : PEERS_CERTFILE DNSSEC $$89 EOS", +"$$90 :", +"remote_spec : CA_TYPE CERT_X509 QUOTEDSTRING $$90 EOS", +"$$91 :", +"remote_spec : VERIFY_CERT SWITCH $$91 EOS", +"$$92 :", +"remote_spec : SEND_CERT SWITCH $$92 EOS", +"$$93 :", +"remote_spec : SEND_CR SWITCH $$93 EOS", +"$$94 :", +"remote_spec : MATCH_EMPTY_CR SWITCH $$94 EOS", +"$$95 :", +"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE identifierstring $$95 EOS", +"$$96 :", +"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$96 EOS", +"$$97 :", +"remote_spec : XAUTH_LOGIN identifierstring $$97 EOS", +"$$98 :", +"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring $$98 EOS", +"$$99 :", +"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$99 EOS", +"$$100 :", +"remote_spec : VERIFY_IDENTIFIER SWITCH $$100 EOS", +"$$101 :", +"remote_spec : NONCE_SIZE NUMBER $$101 EOS", +"$$102 :", +"remote_spec : DH_GROUP $$102 dh_group_num EOS", +"$$103 :", +"remote_spec : PASSIVE SWITCH $$103 EOS", +"$$104 :", +"remote_spec : IKE_FRAG SWITCH $$104 EOS", +"$$105 :", +"remote_spec : IKE_FRAG REMOTE_FORCE_LEVEL $$105 EOS", +"$$106 :", +"remote_spec : ESP_FRAG NUMBER $$106 EOS", +"$$107 :", +"remote_spec : SCRIPT QUOTEDSTRING PHASE1_UP $$107 EOS", +"$$108 :", +"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DOWN $$108 EOS", +"$$109 :", +"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DEAD $$109 EOS", +"$$110 :", +"remote_spec : MODE_CFG SWITCH $$110 EOS", +"$$111 :", +"remote_spec : WEAK_PHASE1_CHECK SWITCH $$111 EOS", +"$$112 :", +"remote_spec : GENERATE_POLICY SWITCH $$112 EOS", +"$$113 :", +"remote_spec : GENERATE_POLICY GENERATE_LEVEL $$113 EOS", +"$$114 :", +"remote_spec : SUPPORT_PROXY SWITCH $$114 EOS", +"$$115 :", +"remote_spec : INITIAL_CONTACT SWITCH $$115 EOS", +"$$116 :", +"remote_spec : NAT_TRAVERSAL SWITCH $$116 EOS", +"$$117 :", +"remote_spec : NAT_TRAVERSAL REMOTE_FORCE_LEVEL $$117 EOS", +"$$118 :", +"remote_spec : DPD SWITCH $$118 EOS", +"$$119 :", +"remote_spec : DPD_DELAY NUMBER $$119 EOS", +"$$120 :", +"remote_spec : DPD_RETRY NUMBER $$120 EOS", +"$$121 :", +"remote_spec : DPD_MAXFAIL NUMBER $$121 EOS", +"$$122 :", +"remote_spec : REKEY SWITCH $$122 EOS", +"$$123 :", +"remote_spec : REKEY REMOTE_FORCE_LEVEL $$123 EOS", +"$$124 :", +"remote_spec : PH1ID NUMBER $$124 EOS", +"$$125 :", +"remote_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$125 EOS", +"$$126 :", +"remote_spec : PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL $$126 EOS", +"$$127 :", +"remote_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$127 EOS", +"$$128 :", +"remote_spec : PROPOSAL $$128 BOC isakmpproposal_specs EOC", +"exchange_types :", +"exchange_types : exchange_types EXCHANGETYPE", +"$$129 :", +"cert_spec : CERT_X509 QUOTEDSTRING QUOTEDSTRING $$129 EOS", +"$$130 :", +"cert_spec : CERT_PLAINRSA QUOTEDSTRING $$130 EOS", +"dh_group_num : ALGORITHMTYPE", +"dh_group_num : NUMBER", +"identifierstring :", +"identifierstring : ADDRSTRING", +"identifierstring : QUOTEDSTRING", +"isakmpproposal_specs :", +"isakmpproposal_specs : isakmpproposal_specs isakmpproposal_spec", +"$$131 :", +"isakmpproposal_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$131 EOS", +"$$132 :", +"isakmpproposal_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$132 EOS", +"$$133 :", +"isakmpproposal_spec : DH_GROUP dh_group_num $$133 EOS", +"$$134 :", +"isakmpproposal_spec : GSS_ID QUOTEDSTRING $$134 EOS", +"$$135 :", +"isakmpproposal_spec : ALGORITHM_CLASS ALGORITHMTYPE keylength $$135 EOS", +"unittype_time : UNITTYPE_SEC", +"unittype_time : UNITTYPE_MIN", +"unittype_time : UNITTYPE_HOUR", +"unittype_byte : UNITTYPE_BYTE", +"unittype_byte : UNITTYPE_KBYTES", +"unittype_byte : UNITTYPE_MBYTES", +"unittype_byte : UNITTYPE_TBYTES", -#ifndef YYSIZE_T -# ifdef __SIZE_TYPE__ -# define YYSIZE_T __SIZE_TYPE__ -# elif defined size_t -# define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include <stddef.h> /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# else -# define YYSIZE_T unsigned int -# endif +}; #endif -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) +int yydebug; +int yynerrs; -#ifndef YY_ -# if defined YYENABLE_NLS && YYENABLE_NLS -# if ENABLE_NLS -# include <libintl.h> /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) -# endif -# endif -# ifndef YY_ -# define YY_(msgid) msgid -# endif -#endif - -/* Suppress unused-variable warnings by "using" E. */ -#if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) -#else -# define YYUSE(e) /* empty */ -#endif +int yyerrflag; +int yychar; +YYSTYPE yyval; +YYSTYPE yylval; -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) +/* define the initial stack-sizes */ +#ifdef YYSTACKSIZE +#undef YYMAXDEPTH +#define YYMAXDEPTH YYSTACKSIZE #else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int yyi) +#ifdef YYMAXDEPTH +#define YYSTACKSIZE YYMAXDEPTH #else -static int -YYID (yyi) - int yyi; +#define YYSTACKSIZE 10000 +#define YYMAXDEPTH 10000 #endif -{ - return yyi; -} #endif -#if ! defined yyoverflow || YYERROR_VERBOSE - -/* The parser invokes alloca or malloc; define the necessary symbols. */ - -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# elif defined __BUILTIN_VA_ARG_INCR -# include <alloca.h> /* INFRINGES ON USER NAME SPACE */ -# elif defined _AIX -# define YYSTACK_ALLOC __alloca -# elif defined _MSC_VER -# include <malloc.h> /* INFRINGES ON USER NAME SPACE */ -# define alloca _alloca -# else -# define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ - /* Use EXIT_SUCCESS as a witness for stdlib.h. */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# endif -# endif -# endif - -# ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ -# endif -# else -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM -# endif -# if (defined __cplusplus && ! defined EXIT_SUCCESS \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) -# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - +#define YYINITSTACKSIZE 200 -#if (! defined yyoverflow \ - && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) +typedef struct { + unsigned stacksize; + YYINT *s_base; + YYINT *s_mark; + YYINT *s_last; + YYSTYPE *l_base; + YYSTYPE *l_mark; +} YYSTACKDATA; +/* variables for the parser stack */ +static YYSTACKDATA yystack; +#line 2399 "../../ipsec-tools/src/racoon/cfparse.y" -/* A type that is properly aligned for any stack member. */ -union yyalloc +static struct secprotospec * +newspspec() { - yytype_int16 yyss_alloc; - YYSTYPE yyvs_alloc; -}; + struct secprotospec *new; -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -# define YYCOPY_NEEDED 1 - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) + new = racoon_calloc(1, sizeof(*new)); + if (new == NULL) { + yyerror("failed to allocate spproto"); + return NULL; + } -#endif + new->encklen = 0; /*XXX*/ -#if defined YYCOPY_NEEDED && YYCOPY_NEEDED -/* Copy COUNT objects from SRC to DST. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(Dst, Src, Count) \ - __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) -# else -# define YYCOPY(Dst, Src, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (Dst)[yyi] = (Src)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif -#endif /* !YYCOPY_NEEDED */ - -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 2 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 534 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 174 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 204 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 381 -/* YYNRULES -- Number of states. */ -#define YYNSTATES 691 - -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 -#define YYMAXUTOK 428 - -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) - -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, - 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, - 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 170, 171, 172, 173 -}; + /* + * Default to "uknown" vendor -- we will override this + * as necessary. When we send a Vendor ID payload, an + * "unknown" will be translated to a KAME/racoon ID. + */ + new->vendorid = VENDORID_UNKNOWN; -#if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint16 yyprhs[] = -{ - 0, 0, 3, 4, 7, 9, 11, 13, 15, 17, - 19, 21, 23, 25, 27, 29, 31, 33, 35, 37, - 42, 43, 46, 47, 52, 53, 58, 59, 64, 65, - 70, 71, 76, 77, 83, 84, 89, 93, 97, 101, - 105, 107, 112, 113, 116, 117, 122, 123, 128, 129, - 134, 135, 140, 141, 146, 151, 152, 155, 156, 161, - 162, 167, 168, 176, 177, 182, 183, 188, 189, 193, - 196, 197, 199, 200, 206, 207, 210, 211, 217, 218, - 225, 226, 232, 233, 240, 241, 246, 247, 252, 253, - 259, 260, 263, 264, 269, 270, 275, 276, 281, 282, - 287, 288, 293, 294, 299, 300, 305, 306, 311, 312, - 317, 318, 323, 324, 329, 330, 335, 340, 341, 344, - 345, 350, 351, 356, 360, 364, 365, 371, 372, 378, - 379, 384, 385, 390, 391, 396, 397, 402, 403, 408, - 409, 414, 415, 420, 421, 426, 427, 432, 433, 438, - 439, 444, 445, 450, 451, 456, 457, 462, 463, 468, - 469, 474, 475, 480, 481, 486, 487, 492, 493, 498, - 499, 504, 506, 510, 512, 514, 518, 520, 522, 526, - 529, 531, 535, 537, 539, 543, 545, 550, 551, 554, - 555, 560, 561, 567, 568, 573, 574, 580, 581, 587, - 588, 594, 595, 596, 605, 607, 610, 613, 616, 619, - 622, 628, 635, 638, 639, 643, 646, 647, 650, 651, - 656, 657, 662, 663, 670, 671, 678, 679, 684, 686, - 687, 692, 695, 696, 698, 699, 701, 703, 705, 707, - 709, 710, 712, 713, 720, 721, 726, 727, 734, 735, - 740, 742, 744, 748, 751, 753, 754, 757, 758, 763, - 764, 769, 770, 775, 776, 781, 784, 785, 790, 791, - 797, 798, 804, 805, 810, 811, 817, 818, 823, 824, - 829, 830, 835, 836, 841, 842, 848, 849, 856, 857, - 862, 863, 869, 870, 877, 878, 883, 884, 889, 890, - 895, 896, 901, 902, 907, 908, 913, 914, 919, 920, - 926, 927, 933, 934, 940, 941, 946, 947, 952, 953, - 958, 959, 964, 965, 970, 971, 976, 977, 982, 983, - 988, 989, 994, 995, 1000, 1001, 1006, 1007, 1012, 1013, - 1018, 1019, 1024, 1025, 1030, 1031, 1038, 1039, 1044, 1045, - 1052, 1053, 1059, 1060, 1063, 1064, 1070, 1071, 1076, 1078, - 1080, 1081, 1083, 1085, 1086, 1089, 1090, 1097, 1098, 1105, - 1106, 1111, 1112, 1117, 1118, 1124, 1126, 1128, 1130, 1132, - 1134, 1136 -}; + return new; +} -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int16 yyrhs[] = +/* + * insert into head of list. + */ +static void +insspspec(rmconf, spspec) + struct remoteconf *rmconf; + struct secprotospec *spspec; { - 175, 0, -1, -1, 175, 176, -1, 177, -1, 185, - -1, 189, -1, 190, -1, 191, -1, 192, -1, 194, - -1, 202, -1, 223, -1, 213, -1, 239, -1, 277, - -1, 286, -1, 306, -1, 187, -1, 3, 171, 178, - 172, -1, -1, 178, 179, -1, -1, 4, 160, 180, - 170, -1, -1, 4, 156, 181, 170, -1, -1, 5, - 160, 182, 170, -1, -1, 5, 156, 183, 170, -1, - -1, 6, 160, 184, 170, -1, -1, 7, 8, 160, - 186, 170, -1, -1, 129, 157, 188, 170, -1, 9, - 160, 170, -1, 10, 156, 170, -1, 127, 128, 170, - -1, 11, 193, 170, -1, 12, -1, 13, 171, 195, - 172, -1, -1, 195, 196, -1, -1, 14, 157, 197, - 170, -1, -1, 15, 157, 198, 170, -1, -1, 16, - 156, 199, 170, -1, -1, 17, 157, 200, 170, -1, - -1, 18, 157, 201, 170, -1, 19, 171, 203, 172, - -1, -1, 203, 204, -1, -1, 20, 211, 205, 170, - -1, -1, 21, 211, 206, 170, -1, -1, 24, 160, - 160, 160, 156, 207, 170, -1, -1, 24, 160, 208, - 170, -1, -1, 24, 25, 209, 170, -1, -1, 23, - 210, 170, -1, 161, 212, -1, -1, 139, -1, -1, - 39, 214, 171, 215, 172, -1, -1, 215, 216, -1, - -1, 40, 160, 160, 217, 170, -1, -1, 40, 160, - 156, 160, 218, 170, -1, -1, 41, 160, 160, 219, - 170, -1, -1, 41, 160, 156, 160, 220, 170, -1, - -1, 42, 156, 221, 170, -1, -1, 43, 156, 222, - 170, -1, -1, 26, 224, 171, 225, 172, -1, -1, - 225, 226, -1, -1, 29, 156, 227, 170, -1, -1, - 27, 160, 228, 170, -1, -1, 28, 156, 229, 170, - -1, -1, 30, 160, 230, 170, -1, -1, 33, 157, - 231, 170, -1, -1, 31, 160, 232, 170, -1, -1, - 32, 160, 233, 170, -1, -1, 34, 160, 234, 170, - -1, -1, 35, 160, 235, 170, -1, -1, 36, 160, - 236, 170, -1, -1, 37, 160, 237, 170, -1, -1, - 38, 160, 238, 170, -1, 44, 171, 240, 172, -1, - -1, 240, 241, -1, -1, 45, 161, 242, 170, -1, - -1, 46, 161, 243, 170, -1, 47, 267, 170, -1, - 48, 269, 170, -1, -1, 64, 65, 271, 244, 170, - -1, -1, 64, 66, 271, 245, 170, -1, -1, 67, - 275, 246, 170, -1, -1, 49, 160, 247, 170, -1, - -1, 50, 52, 248, 170, -1, -1, 50, 53, 249, - 170, -1, -1, 50, 54, 250, 170, -1, -1, 50, - 55, 251, 170, -1, -1, 51, 273, 252, 170, -1, - -1, 58, 52, 253, 170, -1, -1, 58, 55, 254, - 170, -1, -1, 59, 57, 255, 170, -1, -1, 59, - 52, 256, 170, -1, -1, 59, 53, 257, 170, -1, - -1, 59, 54, 258, 170, -1, -1, 62, 156, 259, - 170, -1, -1, 68, 156, 260, 170, -1, -1, 69, - 157, 261, 170, -1, -1, 63, 156, 262, 170, -1, - -1, 60, 56, 263, 170, -1, -1, 60, 53, 264, - 170, -1, -1, 60, 55, 265, 170, -1, -1, 61, - 160, 266, 170, -1, 268, -1, 268, 173, 267, -1, - 161, -1, 270, -1, 270, 173, 269, -1, 161, -1, - 272, -1, 271, 173, 272, -1, 161, 138, -1, 274, - -1, 274, 173, 273, -1, 160, -1, 276, -1, 276, - 173, 275, -1, 160, -1, 70, 171, 278, 172, -1, - -1, 278, 279, -1, -1, 71, 156, 280, 170, -1, - -1, 72, 156, 376, 281, 170, -1, -1, 73, 156, - 282, 170, -1, -1, 74, 156, 376, 283, 170, -1, - -1, 75, 156, 376, 284, 170, -1, -1, 76, 156, - 376, 285, 170, -1, -1, -1, 80, 287, 289, 291, - 171, 292, 288, 172, -1, 83, -1, 83, 84, -1, - 83, 290, -1, 290, 83, -1, 290, 84, -1, 290, - 290, -1, 101, 161, 302, 303, 304, -1, 101, 161, - 162, 302, 303, 304, -1, 101, 160, -1, -1, 81, - 101, 368, -1, 5, 160, -1, -1, 292, 293, -1, - -1, 146, 367, 294, 170, -1, -1, 151, 156, 295, - 170, -1, -1, 147, 148, 156, 376, 296, 170, -1, - -1, 147, 149, 156, 377, 297, 170, -1, -1, 77, - 298, 299, 170, -1, 301, -1, -1, 301, 300, 173, - 299, -1, 78, 305, -1, -1, 138, -1, -1, 139, - -1, 140, -1, 156, -1, 141, -1, 142, -1, -1, - 156, -1, -1, 82, 160, 85, 160, 307, 311, -1, - -1, 82, 160, 308, 312, -1, -1, 82, 313, 85, - 313, 309, 311, -1, -1, 82, 313, 310, 312, -1, - 312, -1, 170, -1, 171, 314, 172, -1, 83, 212, - -1, 211, -1, -1, 314, 315, -1, -1, 86, 211, - 316, 170, -1, -1, 87, 317, 363, 170, -1, -1, - 89, 90, 318, 170, -1, -1, 91, 92, 319, 170, - -1, 93, 364, -1, -1, 95, 160, 320, 170, -1, - -1, 95, 107, 160, 321, 170, -1, -1, 95, 108, - 160, 322, 170, -1, -1, 95, 106, 323, 170, -1, - -1, 96, 107, 160, 324, 170, -1, -1, 97, 157, - 325, 170, -1, -1, 98, 157, 326, 170, -1, -1, - 99, 157, 327, 170, -1, -1, 100, 157, 328, 170, - -1, -1, 103, 101, 368, 329, 170, -1, -1, 103, - 101, 102, 368, 330, 170, -1, -1, 135, 368, 331, - 170, -1, -1, 104, 101, 368, 332, 170, -1, -1, - 104, 101, 102, 368, 333, 170, -1, -1, 105, 157, - 334, 170, -1, -1, 109, 156, 335, 170, -1, -1, - 110, 336, 367, 170, -1, -1, 112, 157, 337, 170, - -1, -1, 143, 157, 338, 170, -1, -1, 143, 115, - 339, 170, -1, -1, 144, 156, 340, 170, -1, -1, - 152, 160, 153, 341, 170, -1, -1, 152, 160, 154, - 342, 170, -1, -1, 152, 160, 155, 343, 170, -1, - -1, 145, 157, 344, 170, -1, -1, 136, 157, 345, - 170, -1, -1, 118, 157, 346, 170, -1, -1, 118, - 119, 347, 170, -1, -1, 120, 157, 348, 170, -1, - -1, 113, 157, 349, 170, -1, -1, 114, 157, 350, - 170, -1, -1, 114, 115, 351, 170, -1, -1, 130, - 157, 352, 170, -1, -1, 131, 156, 353, 170, -1, - -1, 132, 156, 354, 170, -1, -1, 133, 156, 355, - 170, -1, -1, 137, 157, 356, 170, -1, -1, 137, - 115, 357, 170, -1, -1, 134, 156, 358, 170, -1, - -1, 147, 148, 156, 376, 359, 170, -1, -1, 116, - 117, 360, 170, -1, -1, 147, 149, 156, 377, 361, - 170, -1, -1, 121, 362, 171, 369, 172, -1, -1, - 363, 88, -1, -1, 107, 160, 160, 365, 170, -1, - -1, 108, 160, 366, 170, -1, 78, -1, 156, -1, - -1, 161, -1, 160, -1, -1, 369, 370, -1, -1, - 147, 148, 156, 376, 371, 170, -1, -1, 147, 149, - 156, 377, 372, 170, -1, -1, 110, 367, 373, 170, - -1, -1, 126, 160, 374, 170, -1, -1, 77, 78, - 305, 375, 170, -1, 167, -1, 168, -1, 169, -1, - 163, -1, 164, -1, 165, -1, 166, -1 -}; + if (rmconf->spspec != NULL) + rmconf->spspec->prev = spspec; + spspec->next = rmconf->spspec; + rmconf->spspec = spspec; +} -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const yytype_uint16 yyrline[] = +static struct secprotospec * +dupspspec(spspec) + struct secprotospec *spspec; { - 0, 336, 336, 338, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 360, - 362, 364, 368, 367, 378, 378, 380, 379, 390, 390, - 391, 391, 397, 396, 417, 417, 422, 436, 443, 455, - 458, 472, 474, 476, 479, 479, 480, 480, 481, 481, - 482, 482, 483, 483, 488, 490, 492, 496, 495, 502, - 501, 513, 512, 522, 521, 531, 530, 539, 539, 542, - 554, 555, 560, 560, 577, 579, 583, 582, 601, 600, - 619, 618, 637, 636, 655, 654, 664, 663, 676, 676, - 687, 689, 693, 692, 704, 703, 715, 714, 724, 723, - 735, 734, 744, 743, 755, 754, 766, 765, 777, 776, - 788, 787, 799, 798, 810, 809, 824, 826, 828, 832, - 831, 843, 842, 853, 855, 858, 857, 867, 866, 876, - 875, 883, 882, 895, 894, 904, 903, 917, 916, 930, - 929, 943, 942, 950, 949, 959, 958, 972, 971, 981, - 980, 990, 989, 1003, 1002, 1016, 1015, 1026, 1025, 1035, - 1034, 1044, 1043, 1053, 1052, 1062, 1061, 1075, 1074, 1088, - 1087, 1101, 1102, 1105, 1122, 1123, 1126, 1143, 1144, 1147, - 1170, 1171, 1174, 1208, 1209, 1212, 1249, 1251, 1253, 1257, - 1256, 1262, 1261, 1267, 1266, 1272, 1271, 1277, 1276, 1282, - 1281, 1298, 1306, 1297, 1345, 1350, 1355, 1360, 1365, 1370, - 1377, 1426, 1491, 1520, 1523, 1548, 1561, 1563, 1567, 1566, - 1572, 1571, 1577, 1576, 1582, 1581, 1593, 1593, 1600, 1605, - 1604, 1611, 1667, 1668, 1671, 1672, 1673, 1676, 1677, 1678, - 1681, 1682, 1688, 1687, 1718, 1717, 1738, 1737, 1761, 1760, - 1777, 1778, 1786, 1793, 1799, 1808, 1810, 1814, 1813, 1823, - 1822, 1827, 1827, 1828, 1828, 1829, 1831, 1830, 1851, 1850, - 1868, 1867, 1898, 1897, 1912, 1911, 1928, 1928, 1929, 1929, - 1930, 1930, 1931, 1931, 1933, 1932, 1942, 1941, 1951, 1950, - 1968, 1967, 1985, 1984, 2001, 2001, 2002, 2002, 2004, 2003, - 2009, 2009, 2010, 2010, 2011, 2011, 2012, 2012, 2022, 2022, - 2029, 2029, 2036, 2036, 2043, 2043, 2044, 2044, 2047, 2047, - 2048, 2048, 2049, 2049, 2050, 2050, 2052, 2051, 2063, 2062, - 2074, 2073, 2082, 2081, 2091, 2090, 2100, 2099, 2108, 2108, - 2109, 2109, 2111, 2110, 2116, 2115, 2120, 2120, 2122, 2121, - 2136, 2135, 2146, 2148, 2172, 2171, 2193, 2192, 2226, 2234, - 2246, 2247, 2248, 2250, 2252, 2256, 2255, 2261, 2260, 2273, - 2272, 2278, 2277, 2291, 2290, 2388, 2389, 2390, 2393, 2394, - 2395, 2396 -}; -#endif + struct secprotospec *new; -#if YYDEBUG || YYERROR_VERBOSE || 0 -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "$end", "error", "$undefined", "PRIVSEP", "USER", "GROUP", "CHROOT", - "PATH", "PATHTYPE", "INCLUDE", "PFKEY_BUFFER", "LOGGING", "LOGLEV", - "PADDING", "PAD_RANDOMIZE", "PAD_RANDOMIZELEN", "PAD_MAXLEN", - "PAD_STRICT", "PAD_EXCLTAIL", "LISTEN", "X_ISAKMP", "X_ISAKMP_NATT", - "X_ADMIN", "STRICT_ADDRESS", "ADMINSOCK", "DISABLED", "LDAPCFG", - "LDAP_HOST", "LDAP_PORT", "LDAP_PVER", "LDAP_BASE", "LDAP_BIND_DN", - "LDAP_BIND_PW", "LDAP_SUBTREE", "LDAP_ATTR_USER", "LDAP_ATTR_ADDR", - "LDAP_ATTR_MASK", "LDAP_ATTR_GROUP", "LDAP_ATTR_MEMBER", "RADCFG", - "RAD_AUTH", "RAD_ACCT", "RAD_TIMEOUT", "RAD_RETRIES", "MODECFG", - "CFG_NET4", "CFG_MASK4", "CFG_DNS4", "CFG_NBNS4", "CFG_DEFAULT_DOMAIN", - "CFG_AUTH_SOURCE", "CFG_AUTH_GROUPS", "CFG_SYSTEM", "CFG_RADIUS", - "CFG_PAM", "CFG_LDAP", "CFG_LOCAL", "CFG_NONE", "CFG_GROUP_SOURCE", - "CFG_ACCOUNTING", "CFG_CONF_SOURCE", "CFG_MOTD", "CFG_POOL_SIZE", - "CFG_AUTH_THROTTLE", "CFG_SPLIT_NETWORK", "CFG_SPLIT_LOCAL", - "CFG_SPLIT_INCLUDE", "CFG_SPLIT_DNS", "CFG_PFS_GROUP", "CFG_SAVE_PASSWD", - "RETRY", "RETRY_COUNTER", "RETRY_INTERVAL", "RETRY_PERSEND", - "RETRY_PHASE1", "RETRY_PHASE2", "NATT_KA", "ALGORITHM_CLASS", - "ALGORITHMTYPE", "STRENGTHTYPE", "SAINFO", "FROM", "REMOTE", "ANONYMOUS", - "CLIENTADDR", "INHERIT", "REMOTE_ADDRESS", "EXCHANGE_MODE", - "EXCHANGETYPE", "DOI", "DOITYPE", "SITUATION", "SITUATIONTYPE", - "CERTIFICATE_TYPE", "CERTTYPE", "PEERS_CERTFILE", "CA_TYPE", - "VERIFY_CERT", "SEND_CERT", "SEND_CR", "MATCH_EMPTY_CR", - "IDENTIFIERTYPE", "IDENTIFIERQUAL", "MY_IDENTIFIER", "PEERS_IDENTIFIER", - "VERIFY_IDENTIFIER", "DNSSEC", "CERT_X509", "CERT_PLAINRSA", - "NONCE_SIZE", "DH_GROUP", "KEEPALIVE", "PASSIVE", "INITIAL_CONTACT", - "NAT_TRAVERSAL", "REMOTE_FORCE_LEVEL", "PROPOSAL_CHECK", - "PROPOSAL_CHECK_LEVEL", "GENERATE_POLICY", "GENERATE_LEVEL", - "SUPPORT_PROXY", "PROPOSAL", "EXEC_PATH", "EXEC_COMMAND", "EXEC_SUCCESS", - "EXEC_FAILURE", "GSS_ID", "GSS_ID_ENC", "GSS_ID_ENCTYPE", - "COMPLEX_BUNDLE", "DPD", "DPD_DELAY", "DPD_RETRY", "DPD_MAXFAIL", - "PH1ID", "XAUTH_LOGIN", "WEAK_PHASE1_CHECK", "REKEY", "PREFIX", "PORT", - "PORTANY", "UL_PROTO", "ANY", "IKE_FRAG", "ESP_FRAG", "MODE_CFG", - "PFS_GROUP", "LIFETIME", "LIFETYPE_TIME", "LIFETYPE_BYTE", "STRENGTH", - "REMOTEID", "SCRIPT", "PHASE1_UP", "PHASE1_DOWN", "PHASE1_DEAD", - "NUMBER", "SWITCH", "BOOLEAN", "HEXSTRING", "QUOTEDSTRING", "ADDRSTRING", - "ADDRRANGE", "UNITTYPE_BYTE", "UNITTYPE_KBYTES", "UNITTYPE_MBYTES", - "UNITTYPE_TBYTES", "UNITTYPE_SEC", "UNITTYPE_MIN", "UNITTYPE_HOUR", - "EOS", "BOC", "EOC", "COMMA", "$accept", "statements", "statement", - "privsep_statement", "privsep_stmts", "privsep_stmt", "$@1", "$@2", - "$@3", "$@4", "$@5", "path_statement", "$@6", "special_statement", "$@7", - "include_statement", "pfkey_statement", "gssenc_statement", - "logging_statement", "log_level", "padding_statement", "padding_stmts", - "padding_stmt", "$@8", "$@9", "$@10", "$@11", "$@12", "listen_statement", - "listen_stmts", "listen_stmt", "$@13", "$@14", "$@15", "$@16", "$@17", - "$@18", "ike_addrinfo_port", "ike_port", "radcfg_statement", "$@19", - "radcfg_stmts", "radcfg_stmt", "$@20", "$@21", "$@22", "$@23", "$@24", - "$@25", "ldapcfg_statement", "$@26", "ldapcfg_stmts", "ldapcfg_stmt", - "$@27", "$@28", "$@29", "$@30", "$@31", "$@32", "$@33", "$@34", "$@35", - "$@36", "$@37", "$@38", "modecfg_statement", "modecfg_stmts", - "modecfg_stmt", "$@39", "$@40", "$@41", "$@42", "$@43", "$@44", "$@45", - "$@46", "$@47", "$@48", "$@49", "$@50", "$@51", "$@52", "$@53", "$@54", - "$@55", "$@56", "$@57", "$@58", "$@59", "$@60", "$@61", "$@62", "$@63", - "addrdnslist", "addrdns", "addrwinslist", "addrwins", "splitnetlist", - "splitnet", "authgrouplist", "authgroup", "splitdnslist", "splitdns", - "timer_statement", "timer_stmts", "timer_stmt", "$@64", "$@65", "$@66", - "$@67", "$@68", "$@69", "sainfo_statement", "$@70", "$@71", - "sainfo_name", "sainfo_id", "sainfo_param", "sainfo_specs", - "sainfo_spec", "$@72", "$@73", "$@74", "$@75", "$@76", "algorithms", - "$@77", "algorithm", "prefix", "port", "ul_proto", "keylength", - "remote_statement", "$@78", "$@79", "$@80", "$@81", - "remote_specs_inherit_block", "remote_specs_block", "remote_index", - "remote_specs", "remote_spec", "$@82", "$@83", "$@84", "$@85", "$@86", - "$@87", "$@88", "$@89", "$@90", "$@91", "$@92", "$@93", "$@94", "$@95", - "$@96", "$@97", "$@98", "$@99", "$@100", "$@101", "$@102", "$@103", - "$@104", "$@105", "$@106", "$@107", "$@108", "$@109", "$@110", "$@111", - "$@112", "$@113", "$@114", "$@115", "$@116", "$@117", "$@118", "$@119", - "$@120", "$@121", "$@122", "$@123", "$@124", "$@125", "$@126", "$@127", - "$@128", "exchange_types", "cert_spec", "$@129", "$@130", "dh_group_num", - "identifierstring", "isakmpproposal_specs", "isakmpproposal_spec", - "$@131", "$@132", "$@133", "$@134", "$@135", "unittype_time", - "unittype_byte", YY_NULL -}; -#endif + new = newspspec(); + if (new == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "dupspspec: malloc failed\n"); + return NULL; + } + memcpy(new, spspec, sizeof(*new)); -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428 -}; -# endif + if (spspec->gssid) { + new->gssid = racoon_strdup(spspec->gssid); + STRDUP_FATAL(new->gssid); + } + if (spspec->remote) { + new->remote = racoon_malloc(sizeof(*new->remote)); + if (new->remote == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "dupspspec: malloc failed (remote)\n"); + return NULL; + } + memcpy(new->remote, spspec->remote, sizeof(*new->remote)); + } -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint16 yyr1[] = -{ - 0, 174, 175, 175, 176, 176, 176, 176, 176, 176, - 176, 176, 176, 176, 176, 176, 176, 176, 176, 177, - 178, 178, 180, 179, 181, 179, 182, 179, 183, 179, - 184, 179, 186, 185, 188, 187, 189, 190, 191, 192, - 193, 194, 195, 195, 197, 196, 198, 196, 199, 196, - 200, 196, 201, 196, 202, 203, 203, 205, 204, 206, - 204, 207, 204, 208, 204, 209, 204, 210, 204, 211, - 212, 212, 214, 213, 215, 215, 217, 216, 218, 216, - 219, 216, 220, 216, 221, 216, 222, 216, 224, 223, - 225, 225, 227, 226, 228, 226, 229, 226, 230, 226, - 231, 226, 232, 226, 233, 226, 234, 226, 235, 226, - 236, 226, 237, 226, 238, 226, 239, 240, 240, 242, - 241, 243, 241, 241, 241, 244, 241, 245, 241, 246, - 241, 247, 241, 248, 241, 249, 241, 250, 241, 251, - 241, 252, 241, 253, 241, 254, 241, 255, 241, 256, - 241, 257, 241, 258, 241, 259, 241, 260, 241, 261, - 241, 262, 241, 263, 241, 264, 241, 265, 241, 266, - 241, 267, 267, 268, 269, 269, 270, 271, 271, 272, - 273, 273, 274, 275, 275, 276, 277, 278, 278, 280, - 279, 281, 279, 282, 279, 283, 279, 284, 279, 285, - 279, 287, 288, 286, 289, 289, 289, 289, 289, 289, - 290, 290, 290, 291, 291, 291, 292, 292, 294, 293, - 295, 293, 296, 293, 297, 293, 298, 293, 299, 300, - 299, 301, 302, 302, 303, 303, 303, 304, 304, 304, - 305, 305, 307, 306, 308, 306, 309, 306, 310, 306, - 311, 311, 312, 313, 313, 314, 314, 316, 315, 317, - 315, 318, 315, 319, 315, 315, 320, 315, 321, 315, - 322, 315, 323, 315, 324, 315, 325, 315, 326, 315, - 327, 315, 328, 315, 329, 315, 330, 315, 331, 315, - 332, 315, 333, 315, 334, 315, 335, 315, 336, 315, - 337, 315, 338, 315, 339, 315, 340, 315, 341, 315, - 342, 315, 343, 315, 344, 315, 345, 315, 346, 315, - 347, 315, 348, 315, 349, 315, 350, 315, 351, 315, - 352, 315, 353, 315, 354, 315, 355, 315, 356, 315, - 357, 315, 358, 315, 359, 315, 360, 315, 361, 315, - 362, 315, 363, 363, 365, 364, 366, 364, 367, 367, - 368, 368, 368, 369, 369, 371, 370, 372, 370, 373, - 370, 374, 370, 375, 370, 376, 376, 376, 377, 377, - 377, 377 -}; + return new; +} -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = +/* + * copy the whole list + */ +void +dupspspec_list(dst, src) + struct remoteconf *dst, *src; { - 0, 2, 0, 2, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 4, - 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 5, 0, 4, 3, 3, 3, 3, - 1, 4, 0, 2, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 4, 0, 2, 0, 4, 0, - 4, 0, 7, 0, 4, 0, 4, 0, 3, 2, - 0, 1, 0, 5, 0, 2, 0, 5, 0, 6, - 0, 5, 0, 6, 0, 4, 0, 4, 0, 5, - 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 4, 4, 0, 2, 0, - 4, 0, 4, 3, 3, 0, 5, 0, 5, 0, - 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, - 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, - 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, - 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, - 4, 1, 3, 1, 1, 3, 1, 1, 3, 2, - 1, 3, 1, 1, 3, 1, 4, 0, 2, 0, - 4, 0, 5, 0, 4, 0, 5, 0, 5, 0, - 5, 0, 0, 8, 1, 2, 2, 2, 2, 2, - 5, 6, 2, 0, 3, 2, 0, 2, 0, 4, - 0, 4, 0, 6, 0, 6, 0, 4, 1, 0, - 4, 2, 0, 1, 0, 1, 1, 1, 1, 1, - 0, 1, 0, 6, 0, 4, 0, 6, 0, 4, - 1, 1, 3, 2, 1, 0, 2, 0, 4, 0, - 4, 0, 4, 0, 4, 2, 0, 4, 0, 5, - 0, 5, 0, 4, 0, 5, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 5, 0, 6, 0, 4, - 0, 5, 0, 6, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 4, 0, 4, 0, 5, - 0, 5, 0, 5, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, - 0, 4, 0, 4, 0, 6, 0, 4, 0, 6, - 0, 5, 0, 2, 0, 5, 0, 4, 1, 1, - 0, 1, 1, 0, 2, 0, 6, 0, 6, 0, - 4, 0, 4, 0, 5, 1, 1, 1, 1, 1, - 1, 1 -}; + struct secprotospec *p, *new, *last; -/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. - Performed when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint16 yydefact[] = -{ - 2, 0, 1, 0, 0, 0, 0, 0, 0, 0, - 88, 72, 0, 0, 201, 0, 0, 0, 3, 4, - 5, 18, 6, 7, 8, 9, 10, 11, 13, 12, - 14, 15, 16, 17, 20, 0, 0, 0, 40, 0, - 42, 55, 0, 0, 117, 187, 0, 70, 244, 70, - 254, 248, 0, 34, 0, 32, 36, 37, 39, 0, - 0, 90, 74, 0, 0, 204, 0, 213, 0, 71, - 253, 0, 0, 69, 0, 0, 38, 0, 0, 0, - 0, 19, 21, 0, 0, 0, 0, 0, 0, 41, - 43, 0, 0, 67, 0, 54, 56, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 116, 118, 0, 0, - 0, 0, 0, 0, 186, 188, 205, 206, 212, 232, - 0, 0, 0, 207, 208, 209, 242, 255, 245, 246, - 249, 35, 24, 22, 28, 26, 30, 33, 44, 46, - 48, 50, 52, 57, 59, 0, 65, 63, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 89, 91, 0, 0, 0, 0, 73, 75, 119, 121, - 173, 0, 171, 176, 0, 174, 131, 133, 135, 137, - 139, 182, 141, 180, 143, 145, 149, 151, 153, 147, - 165, 167, 163, 169, 155, 161, 0, 0, 185, 129, - 183, 157, 159, 189, 0, 193, 0, 0, 0, 233, - 232, 234, 215, 360, 216, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 68, 0, 0, 0, 94, 96, 92, 98, 102, 104, - 100, 106, 108, 110, 112, 114, 0, 0, 84, 86, - 0, 0, 123, 0, 124, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 125, 177, 127, 0, - 0, 0, 0, 0, 375, 376, 377, 191, 0, 195, - 197, 199, 234, 235, 236, 0, 362, 361, 214, 202, - 251, 243, 250, 0, 259, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 298, 0, - 0, 0, 0, 0, 0, 350, 0, 0, 0, 0, - 0, 360, 0, 0, 0, 0, 0, 0, 0, 252, - 256, 247, 25, 23, 29, 27, 31, 45, 47, 49, - 51, 53, 58, 60, 66, 0, 64, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 76, 0, 80, 0, 0, 120, 122, 172, 175, 132, - 134, 136, 138, 140, 142, 181, 144, 146, 150, 152, - 154, 148, 166, 168, 164, 170, 156, 162, 179, 0, - 0, 0, 130, 184, 158, 160, 190, 0, 194, 0, - 0, 0, 0, 238, 239, 237, 210, 226, 0, 0, - 0, 0, 217, 257, 352, 261, 263, 0, 0, 265, - 272, 0, 0, 266, 0, 276, 278, 280, 282, 360, - 360, 294, 296, 0, 300, 324, 328, 326, 346, 320, - 318, 322, 0, 330, 332, 334, 336, 342, 288, 316, - 340, 338, 304, 302, 306, 314, 0, 0, 0, 61, - 95, 97, 93, 99, 103, 105, 101, 107, 109, 111, - 113, 115, 78, 0, 82, 0, 85, 87, 178, 126, - 128, 192, 196, 198, 200, 211, 0, 358, 359, 218, - 0, 0, 220, 203, 0, 0, 0, 0, 0, 356, - 0, 268, 270, 0, 274, 0, 0, 0, 0, 360, - 284, 360, 290, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 363, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 308, 310, 312, 0, 0, 77, 0, 81, 240, 0, - 228, 0, 0, 0, 0, 258, 353, 260, 262, 264, - 354, 0, 273, 0, 0, 267, 0, 277, 279, 281, - 283, 286, 0, 292, 0, 295, 297, 299, 301, 325, - 329, 327, 347, 321, 319, 323, 0, 331, 333, 335, - 337, 343, 289, 317, 341, 339, 305, 303, 307, 315, - 344, 378, 379, 380, 381, 348, 0, 0, 0, 62, - 79, 83, 241, 231, 227, 0, 219, 222, 224, 221, - 0, 357, 269, 271, 275, 0, 285, 0, 291, 0, - 0, 0, 0, 351, 364, 0, 0, 309, 311, 313, - 0, 0, 0, 355, 287, 293, 240, 369, 371, 0, - 0, 345, 349, 230, 223, 225, 373, 0, 0, 0, - 0, 0, 370, 372, 365, 367, 374, 0, 0, 366, - 368 -}; + for(p = src->spspec, last = NULL; p; p = p->next, last = new) { + new = dupspspec(p); + if (new == NULL) + exit(1); -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int16 yydefgoto[] = -{ - -1, 1, 18, 19, 54, 82, 229, 228, 231, 230, - 232, 20, 83, 21, 77, 22, 23, 24, 25, 39, - 26, 59, 90, 233, 234, 235, 236, 237, 27, 60, - 96, 238, 239, 563, 243, 241, 155, 50, 70, 28, - 43, 98, 177, 493, 564, 495, 566, 383, 384, 29, - 42, 97, 171, 369, 367, 368, 370, 373, 371, 372, - 374, 375, 376, 377, 378, 30, 63, 117, 260, 261, - 410, 411, 289, 266, 267, 268, 269, 270, 271, 273, - 274, 278, 275, 276, 277, 283, 291, 292, 284, 281, - 279, 280, 282, 181, 182, 184, 185, 286, 287, 192, - 193, 209, 210, 31, 64, 125, 293, 417, 298, 419, - 420, 421, 32, 46, 431, 67, 68, 132, 309, 432, - 571, 574, 661, 662, 506, 569, 635, 570, 221, 305, - 426, 633, 33, 225, 72, 227, 75, 311, 312, 51, - 226, 350, 514, 434, 516, 517, 523, 583, 584, 520, - 586, 525, 526, 527, 528, 592, 645, 550, 594, 647, - 533, 534, 453, 536, 555, 554, 556, 626, 627, 628, - 557, 551, 542, 541, 543, 537, 539, 538, 545, 546, - 547, 548, 553, 552, 549, 655, 540, 656, 462, 515, - 439, 640, 581, 509, 308, 606, 654, 687, 688, 677, - 678, 681, 297, 625 -}; + new->prev = last; + new->next = NULL; /* not necessary but clean */ -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -542 -static const yytype_int16 yypact[] = -{ - -542, 42, -542, -124, 46, -87, -72, 82, -63, -39, - -542, -542, -29, -15, -542, -50, 34, 7, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, 12, 10, 21, -542, 25, - -542, -542, 38, 40, -542, -542, 30, 66, 89, 66, - -542, 143, 37, -542, 3, -542, -542, -542, -542, -4, - -5, -542, -542, 29, -9, 35, -11, 36, 45, -542, - -542, 72, 63, -542, -45, 63, -542, 71, -53, -13, - 76, -542, -542, 73, 85, 87, 90, 88, 99, -542, - -542, 94, 94, -542, -8, -542, -542, -7, -6, 96, - 97, 102, 104, 107, 106, 108, 54, 81, 4, 110, - 103, 115, 122, 112, 118, 109, -542, -542, 119, 120, - 121, 123, 124, 125, -542, -542, -542, -542, -542, -90, - 113, 177, 111, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, 114, -542, 126, 127, 129, - 132, 130, 131, 133, 135, 134, 136, 137, 138, 139, - -542, -542, 140, 141, 146, 147, -542, -542, -542, -542, - -542, 142, 144, -542, 145, 148, -542, -542, -542, -542, - -542, -542, -542, 149, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, 150, 150, -542, -542, - 151, -542, -542, -542, 14, -542, 14, 14, 14, -542, - 157, 50, -542, 32, -542, 27, 117, 27, 153, 155, - 156, 158, 159, 160, 161, 162, 163, 164, 165, 166, - -542, 167, 154, 168, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -12, -3, -542, -542, - 169, 170, -542, 102, -542, 104, 171, 173, 174, 175, - 176, 178, 108, 179, 180, 181, 182, 183, 184, 185, - 187, 188, 189, 190, 191, 172, 192, -542, 192, 193, - 112, 194, 196, 197, -542, -542, -542, -542, 198, -542, - -542, -542, 50, -542, -542, -1, -542, -542, -542, -21, - -542, -542, -542, 94, -542, 214, 213, 92, -37, 199, - 152, 205, 212, 215, 206, 207, 216, 218, -542, 219, - 220, -57, 201, -75, 221, -542, 222, 224, 225, 226, - 227, 32, 228, -30, -20, 230, 231, 70, 210, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, 233, -542, 217, 223, 229, - 232, 234, 235, 236, 237, 238, 239, 240, 241, 211, - -542, 243, -542, 242, 244, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, 150, - 245, 246, -542, -542, -542, -542, -542, 247, -542, 248, - 249, 250, -1, -542, -542, -542, -542, -542, -38, 75, - 257, 203, -542, -542, -542, -542, -542, 261, 262, -542, - -542, 263, 264, -542, 265, -542, -542, -542, -542, -59, - -56, -542, -542, -38, -542, -542, -542, -542, -542, -542, - -542, -542, 255, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, 271, 272, 31, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, 259, -542, 260, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, 269, -542, -542, -542, - 275, 276, -542, -542, 266, -49, 267, 268, 273, -542, - 270, -542, -542, 274, -542, 277, 278, 279, 280, 32, - -542, 32, -542, 281, 282, 283, 284, 285, 286, 287, - 288, 289, 290, 291, -542, 292, 294, 295, 296, 297, - 298, 299, 300, 301, 302, 303, 304, 305, 14, 13, - -542, -542, -542, 306, 307, -542, 308, -542, 323, 310, - 309, 311, 14, 13, 313, -542, -542, -542, -542, -542, - -542, 314, -542, 315, 316, -542, 317, -542, -542, -542, - -542, -542, 318, -542, 319, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -27, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, 320, 321, 322, -542, - -542, -542, -542, -542, -542, 324, -542, -542, -542, -542, - 325, -542, -542, -542, -542, 326, -542, 328, -542, 312, - -38, 333, 91, -542, -542, 329, 330, -542, -542, -542, - 269, 331, 332, -542, -542, -542, 323, -542, -542, 338, - 347, -542, -542, -542, -542, -542, -542, 334, 335, 14, - 13, 336, -542, -542, -542, -542, -542, 337, 339, -542, - -542 -}; + if (last) + last->next = new; + else /* first element */ + dst->spspec = new; -/* YYPGOTO[NTERM-NUM]. */ -static const yytype_int16 yypgoto[] = -{ - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -88, 342, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, 20, -542, 48, -542, 327, -93, 47, - -542, 105, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, 86, -542, -542, -542, - -542, -542, -542, -542, -542, -340, -542, -542, 293, 95, - -95, -282, -542, -542, -542, -542, -542, 208, 98, 360, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -542, -542, -542, -542, -542, -542, -542, - -542, -542, -542, -448, -335, -542, -542, -542, -542, -542, - -542, -542, -216, -541 -}; + } +} -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -230 -static const yytype_int16 yytable[] = +/* + * delete the whole list + */ +void +flushspspec(rmconf) + struct remoteconf *rmconf; { - 299, 300, 301, 153, 154, 535, 468, 78, 79, 80, - 84, 85, 86, 87, 88, 91, 92, 156, 93, 94, - 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, - 168, 169, 638, 47, 172, 173, 174, 175, 47, 576, - 507, 130, 2, 529, 459, 3, 531, 34, 219, 4, - 649, 5, 6, 7, 35, 8, 427, 200, 456, 201, - 202, 9, 118, 119, 120, 121, 122, 123, 10, 440, - 441, 442, 220, 36, 99, 100, 101, 102, 103, 104, - 105, 11, 460, 650, 37, 470, 12, 106, 107, 108, - 109, 110, 111, 112, 38, 472, 113, 114, 115, 651, - 457, 306, 307, 142, 306, 307, 194, 143, 40, 195, - 48, 49, 13, 65, 530, 532, 49, 131, 508, 126, - 652, 577, 14, 443, 15, 428, 429, 471, 133, 134, - 430, 66, 41, 196, 197, 198, 66, 473, 199, 685, - 423, 424, 44, 144, 379, 653, 66, 145, 380, 128, - 129, 127, 157, 381, 135, 425, 45, 382, 187, 188, - 189, 190, 52, 124, 53, 170, 176, 95, 89, 16, - 138, 17, 55, 140, 71, 81, 621, 622, 623, 624, - 56, 294, 295, 296, 560, 561, 562, 206, 207, 303, - 304, 57, 306, 307, 591, 58, 593, 310, 137, 437, - 438, 116, 667, 313, 314, 69, 315, 76, 316, 61, - 317, 62, 318, 319, 320, 321, 322, 323, 476, 477, - 324, 325, 326, 510, 511, 433, 327, 328, 74, 329, - 330, 331, 136, 332, 137, 333, 146, 334, 335, 669, - 670, 141, 148, 147, 149, 151, 150, 336, 337, 338, - 339, 340, 341, 342, 343, 49, 152, 178, 179, 204, - 344, 345, 346, 180, 347, 183, 212, 186, 191, 348, - 203, 205, 208, 222, 211, 213, 214, 215, 223, 216, - 217, 218, 224, 387, 240, 245, 242, 244, 246, 349, - 247, 248, 250, 249, 251, 219, 252, 253, 254, 255, - 256, 257, 258, 259, 435, 436, 444, 449, 450, 445, - 408, 285, 262, 388, 365, 264, 498, 263, 458, 395, - 673, 265, 272, 352, 290, 353, 354, 505, 355, 356, - 357, 358, 359, 360, 361, 362, 363, 364, 366, 385, - 386, 389, 620, 390, 391, 392, 393, 568, 394, 396, - 397, 398, 399, 400, 401, 402, 637, 403, 404, 405, - 406, 407, 446, 412, 414, 409, 415, 416, 418, 447, - 478, 492, 448, 451, 452, 513, 454, 455, 461, 463, - 464, 465, 466, 467, 676, 469, 474, 480, 475, 479, - 666, 73, 0, 481, 0, 413, 0, 422, 0, 482, - 0, 0, 483, 494, 484, 485, 486, 487, 488, 489, - 490, 491, 496, 512, 497, 499, 500, 501, 502, 503, - 504, 518, 519, 521, 522, 524, 544, 558, 559, 565, - 567, 572, 573, 580, 139, 351, 575, 578, 579, 0, - 582, 0, 0, 0, 585, 0, 0, 587, 588, 589, - 590, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 607, 684, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 629, 630, 631, 632, - 634, 636, -229, 639, 641, 642, 643, 644, 646, 648, - 657, 658, 659, 668, 679, 663, 664, 660, 665, 671, - 672, 674, 675, 680, 682, 683, 686, 689, 0, 690, - 0, 0, 0, 302, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 288 -}; - -#define yypact_value_is_default(yystate) \ - ((yystate) == (-542)) + struct secprotospec *p; -#define yytable_value_is_error(yytable_value) \ - YYID (0) + while(rmconf->spspec != NULL) { + p = rmconf->spspec; + rmconf->spspec = p->next; + if (p->next != NULL) + p->next->prev = NULL; /* not necessary but clean */ -static const yytype_int16 yycheck[] = -{ - 216, 217, 218, 91, 92, 453, 341, 4, 5, 6, - 14, 15, 16, 17, 18, 20, 21, 25, 23, 24, - 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 573, 83, 40, 41, 42, 43, 83, 88, - 78, 5, 0, 102, 119, 3, 102, 171, 138, 7, - 77, 9, 10, 11, 8, 13, 77, 53, 115, 55, - 56, 19, 71, 72, 73, 74, 75, 76, 26, 106, - 107, 108, 162, 160, 45, 46, 47, 48, 49, 50, - 51, 39, 157, 110, 156, 115, 44, 58, 59, 60, - 61, 62, 63, 64, 12, 115, 67, 68, 69, 126, - 157, 160, 161, 156, 160, 161, 52, 160, 171, 55, - 160, 161, 70, 83, 449, 450, 161, 81, 156, 84, - 147, 170, 80, 160, 82, 146, 147, 157, 83, 84, - 151, 101, 171, 52, 53, 54, 101, 157, 57, 680, - 141, 142, 171, 156, 156, 172, 101, 160, 160, 160, - 161, 65, 160, 156, 68, 156, 171, 160, 52, 53, - 54, 55, 128, 172, 157, 172, 172, 172, 172, 127, - 72, 129, 160, 75, 85, 172, 163, 164, 165, 166, - 170, 167, 168, 169, 153, 154, 155, 65, 66, 139, - 140, 170, 160, 161, 529, 170, 531, 170, 171, 107, - 108, 172, 650, 86, 87, 139, 89, 170, 91, 171, - 93, 171, 95, 96, 97, 98, 99, 100, 148, 149, - 103, 104, 105, 148, 149, 313, 109, 110, 85, 112, - 113, 114, 160, 116, 171, 118, 160, 120, 121, 148, - 149, 170, 157, 170, 157, 157, 156, 130, 131, 132, - 133, 134, 135, 136, 137, 161, 157, 161, 161, 156, - 143, 144, 145, 161, 147, 161, 157, 160, 160, 152, - 160, 156, 160, 160, 156, 156, 156, 156, 101, 156, - 156, 156, 171, 263, 170, 156, 160, 160, 156, 172, - 160, 160, 157, 160, 160, 138, 160, 160, 160, 160, - 160, 160, 156, 156, 90, 92, 107, 101, 101, 157, - 138, 161, 170, 265, 160, 170, 409, 173, 117, 272, - 660, 173, 173, 170, 173, 170, 170, 422, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, - 170, 170, 558, 170, 170, 170, 170, 78, 170, 170, - 170, 170, 170, 170, 170, 170, 572, 170, 170, 170, - 170, 170, 157, 170, 170, 173, 170, 170, 170, 157, - 160, 160, 157, 157, 156, 172, 157, 157, 157, 157, - 156, 156, 156, 156, 666, 157, 156, 170, 157, 156, - 78, 49, -1, 170, -1, 290, -1, 302, -1, 170, - -1, -1, 170, 160, 170, 170, 170, 170, 170, 170, - 170, 170, 170, 156, 170, 170, 170, 170, 170, 170, - 170, 160, 160, 160, 160, 160, 171, 156, 156, 170, - 170, 156, 156, 160, 74, 227, 170, 170, 170, -1, - 170, -1, -1, -1, 170, -1, -1, 170, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, - 170, 170, 170, 679, 170, 170, 170, 170, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 170, 156, - 170, 170, 173, 170, 170, 170, 170, 170, 170, 170, - 170, 170, 170, 160, 156, 170, 170, 173, 170, 170, - 170, 170, 170, 156, 170, 170, 170, 170, -1, 170, - -1, -1, -1, 220, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 207 -}; + if (p->gssid) + racoon_free(p->gssid); + if (p->remote) + racoon_free(p->remote); + racoon_free(p); + } + rmconf->spspec = NULL; +} -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint16 yystos[] = +/* set final acceptable proposal */ +static int +set_isakmp_proposal(rmconf) + struct remoteconf *rmconf; { - 0, 175, 0, 3, 7, 9, 10, 11, 13, 19, - 26, 39, 44, 70, 80, 82, 127, 129, 176, 177, - 185, 187, 189, 190, 191, 192, 194, 202, 213, 223, - 239, 277, 286, 306, 171, 8, 160, 156, 12, 193, - 171, 171, 224, 214, 171, 171, 287, 83, 160, 161, - 211, 313, 128, 157, 178, 160, 170, 170, 170, 195, - 203, 171, 171, 240, 278, 83, 101, 289, 290, 139, - 212, 85, 308, 212, 85, 310, 170, 188, 4, 5, - 6, 172, 179, 186, 14, 15, 16, 17, 18, 172, - 196, 20, 21, 23, 24, 172, 204, 225, 215, 45, - 46, 47, 48, 49, 50, 51, 58, 59, 60, 61, - 62, 63, 64, 67, 68, 69, 172, 241, 71, 72, - 73, 74, 75, 76, 172, 279, 84, 290, 160, 161, - 5, 81, 291, 83, 84, 290, 160, 171, 312, 313, - 312, 170, 156, 160, 156, 160, 160, 170, 157, 157, - 156, 157, 157, 211, 211, 210, 25, 160, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 172, 226, 40, 41, 42, 43, 172, 216, 161, 161, - 161, 267, 268, 161, 269, 270, 160, 52, 53, 54, - 55, 160, 273, 274, 52, 55, 52, 53, 54, 57, - 53, 55, 56, 160, 156, 156, 65, 66, 160, 275, - 276, 156, 157, 156, 156, 156, 156, 156, 156, 138, - 162, 302, 160, 101, 171, 307, 314, 309, 181, 180, - 183, 182, 184, 197, 198, 199, 200, 201, 205, 206, - 170, 209, 160, 208, 160, 156, 156, 160, 160, 160, - 157, 160, 160, 160, 160, 160, 160, 160, 156, 156, - 242, 243, 170, 173, 170, 173, 247, 248, 249, 250, - 251, 252, 173, 253, 254, 256, 257, 258, 255, 264, - 265, 263, 266, 259, 262, 161, 271, 272, 271, 246, - 173, 260, 261, 280, 167, 168, 169, 376, 282, 376, - 376, 376, 302, 139, 140, 303, 160, 161, 368, 292, - 170, 311, 312, 86, 87, 89, 91, 93, 95, 96, - 97, 98, 99, 100, 103, 104, 105, 109, 110, 112, - 113, 114, 116, 118, 120, 121, 130, 131, 132, 133, - 134, 135, 136, 137, 143, 144, 145, 147, 152, 172, - 315, 311, 170, 170, 170, 170, 170, 170, 170, 170, - 170, 170, 170, 170, 170, 160, 170, 228, 229, 227, - 230, 232, 233, 231, 234, 235, 236, 237, 238, 156, - 160, 156, 160, 221, 222, 170, 170, 267, 269, 170, - 170, 170, 170, 170, 170, 273, 170, 170, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 138, 173, - 244, 245, 170, 275, 170, 170, 170, 281, 170, 283, - 284, 285, 303, 141, 142, 156, 304, 77, 146, 147, - 151, 288, 293, 211, 317, 90, 92, 107, 108, 364, - 106, 107, 108, 160, 107, 157, 157, 157, 157, 101, - 101, 157, 156, 336, 157, 157, 115, 157, 117, 119, - 157, 157, 362, 157, 156, 156, 156, 156, 368, 157, - 115, 157, 115, 157, 156, 157, 148, 149, 160, 156, - 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, - 170, 170, 160, 217, 160, 219, 170, 170, 272, 170, - 170, 170, 170, 170, 170, 304, 298, 78, 156, 367, - 148, 149, 156, 172, 316, 363, 318, 319, 160, 160, - 323, 160, 160, 320, 160, 325, 326, 327, 328, 102, - 368, 102, 368, 334, 335, 367, 337, 349, 351, 350, - 360, 347, 346, 348, 171, 352, 353, 354, 355, 358, - 331, 345, 357, 356, 339, 338, 340, 344, 156, 156, - 153, 154, 155, 207, 218, 170, 220, 170, 78, 299, - 301, 294, 156, 156, 295, 170, 88, 170, 170, 170, - 160, 366, 170, 321, 322, 170, 324, 170, 170, 170, - 170, 368, 329, 368, 332, 170, 170, 170, 170, 170, - 170, 170, 170, 170, 170, 170, 369, 170, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, - 376, 163, 164, 165, 166, 377, 341, 342, 343, 170, - 170, 170, 156, 305, 170, 300, 170, 376, 377, 170, - 365, 170, 170, 170, 170, 330, 170, 333, 170, 77, - 110, 126, 147, 172, 370, 359, 361, 170, 170, 170, - 173, 296, 297, 170, 170, 170, 78, 367, 160, 148, - 149, 170, 170, 299, 170, 170, 305, 373, 374, 156, - 156, 375, 170, 170, 376, 377, 170, 371, 372, 170, - 170 -}; - -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. However, - YYFAIL appears to be in use. Nevertheless, it is formally deprecated - in Bison 2.4.2's NEWS entry, where a plan to phase it out is - discussed. */ - -#define YYFAIL goto yyerrlab -#if defined YYFAIL - /* This is here to suppress warnings from the GCC cpp's - -Wunused-macros. Normally we don't worry about that warning, but - some users do, and we want to make it easy for users to remove - YYFAIL uses, which will produce warnings from Bison 2.5. */ -#endif - -#define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - YYPOPSTACK (yylen); \ - yystate = *yyssp; \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) - - + struct secprotospec *s; + int prop_no = 1; + int trns_no = 1; + int32_t types[MAXALGCLASS]; -/* This macro is provided for backward compatibility. */ + /* mandatory check */ + if (rmconf->spspec == NULL) { + yyerror("no remote specification found: %s.\n", + saddr2str(rmconf->remote)); + return -1; + } + for (s = rmconf->spspec; s != NULL; s = s->next) { + /* XXX need more to check */ + if (s->algclass[algclass_isakmp_enc] == 0) { + yyerror("encryption algorithm required."); + return -1; + } + if (s->algclass[algclass_isakmp_hash] == 0) { + yyerror("hash algorithm required."); + return -1; + } + if (s->algclass[algclass_isakmp_dh] == 0) { + yyerror("DH group required."); + return -1; + } + if (s->algclass[algclass_isakmp_ameth] == 0) { + yyerror("authentication method required."); + return -1; + } + } -#ifndef YY_LOCATION_PRINT -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -#endif + /* skip to last part */ + for (s = rmconf->spspec; s->next != NULL; s = s->next) + ; + while (s != NULL) { + plog(LLV_DEBUG2, LOCATION, NULL, + "lifetime = %ld\n", (long) + (s->lifetime ? s->lifetime : rmconf->lifetime)); + plog(LLV_DEBUG2, LOCATION, NULL, + "lifebyte = %d\n", + s->lifebyte ? s->lifebyte : rmconf->lifebyte); + plog(LLV_DEBUG2, LOCATION, NULL, + "encklen=%d\n", s->encklen); -/* YYLEX -- calling `yylex' with the right arguments. */ + memset(types, 0, ARRAYLEN(types)); + types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; + types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; + types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; + types[algclass_isakmp_ameth] = + s->algclass[algclass_isakmp_ameth]; -#ifdef YYLEX_PARAM -# define YYLEX yylex (YYLEX_PARAM) -#else -# define YYLEX yylex () -#endif + /* expanding spspec */ + clean_tmpalgtype(); + trns_no = expand_isakmpspec(prop_no, trns_no, types, + algclass_isakmp_enc, algclass_isakmp_ameth + 1, + s->lifetime ? s->lifetime : rmconf->lifetime, + s->lifebyte ? s->lifebyte : rmconf->lifebyte, + s->encklen, s->vendorid, s->gssid, + rmconf); + if (trns_no == -1) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to expand isakmp proposal.\n"); + return -1; + } -/* Enable debugging if requested. */ -#if YYDEBUG + s = s->prev; + } -# ifndef YYFPRINTF -# include <stdio.h> /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif + if (rmconf->proposal == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "no proposal found.\n"); + return -1; + } -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif -{ - FILE *yyo = yyoutput; - YYUSE (yyo); - if (!yyvaluep) - return; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); -# endif - switch (yytype) - { - default: - break; - } + return 0; } - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif +clean_tmpalgtype() { - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); - - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); + int i; + for (i = 0; i < MAXALGCLASS; i++) + tmpalgtype[i] = 0; /* means algorithm undefined. */ } -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) -#else -static void -yy_stack_print (yybottom, yytop) - yytype_int16 *yybottom; - yytype_int16 *yytop; -#endif +static int +expand_isakmpspec(prop_no, trns_no, types, + class, last, lifetime, lifebyte, encklen, vendorid, gssid, + rmconf) + int prop_no, trns_no; + int *types, class, last; + time_t lifetime; + int lifebyte; + int encklen; + int vendorid; + char *gssid; + struct remoteconf *rmconf; { - YYFPRINTF (stderr, "Stack now"); - for (; yybottom <= yytop; yybottom++) - { - int yybot = *yybottom; - YYFPRINTF (stderr, " %d", yybot); - } - YYFPRINTF (stderr, "\n"); -} - -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) - - -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ + struct isakmpsa *new; -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule) -#else -static void -yy_reduce_print (yyvsp, yyrule) - YYSTYPE *yyvsp; - int yyrule; -#endif -{ - int yynrhs = yyr2[yyrule]; - int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) + /* debugging */ { - YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); - YYFPRINTF (stderr, "\n"); + int j; + char tb[10]; + plog(LLV_DEBUG2, LOCATION, NULL, + "p:%d t:%d\n", prop_no, trns_no); + for (j = class; j < MAXALGCLASS; j++) { + snprintf(tb, sizeof(tb), "%d", types[j]); + plog(LLV_DEBUG2, LOCATION, NULL, + "%s%s%s%s\n", + s_algtype(j, types[j]), + types[j] ? "(" : "", + tb[0] == '0' ? "" : tb, + types[j] ? ")" : ""); + } + plog(LLV_DEBUG2, LOCATION, NULL, "\n"); } -} - -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule); \ -} while (YYID (0)) - -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ - - -/* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH -# define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). - Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ +#define TMPALGTYPE2STR(n) \ + s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n]) + /* check mandatory values */ + if (types[algclass_isakmp_enc] == 0 + || types[algclass_isakmp_ameth] == 0 + || types[algclass_isakmp_hash] == 0 + || types[algclass_isakmp_dh] == 0) { + yyerror("few definition of algorithm " + "enc=%s ameth=%s hash=%s dhgroup=%s.\n", + TMPALGTYPE2STR(enc), + TMPALGTYPE2STR(ameth), + TMPALGTYPE2STR(hash), + TMPALGTYPE2STR(dh)); + return -1; + } +#undef TMPALGTYPE2STR -#ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 + /* set new sa */ + new = newisakmpsa(); + if (new == NULL) { + yyerror("failed to allocate isakmp sa"); + return -1; + } + new->prop_no = prop_no; + new->trns_no = trns_no++; + new->lifetime = lifetime; + new->lifebyte = lifebyte; + new->enctype = types[algclass_isakmp_enc]; + new->encklen = encklen; + new->authmethod = types[algclass_isakmp_ameth]; + new->hashtype = types[algclass_isakmp_hash]; + new->dh_group = types[algclass_isakmp_dh]; + new->vendorid = vendorid; +#ifdef HAVE_GSSAPI + if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) { + if (gssid != NULL) { + if ((new->gssid = vmalloc(strlen(gssid))) == NULL) { + racoon_free(new); + yyerror("failed to allocate gssid"); + return -1; + } + memcpy(new->gssid->v, gssid, new->gssid->l); + racoon_free(gssid); + } else { + /* + * Allocate the default ID so that it gets put + * into a GSS ID attribute during the Phase 1 + * exchange. + */ + new->gssid = gssapi_get_default_gss_id(); + } + } #endif + insisakmpsa(new, rmconf); - -#if YYERROR_VERBOSE - -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T -yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif -{ - YYSIZE_T yylen; - for (yylen = 0; yystr[yylen]; yylen++) - continue; - return yylen; + return trns_no; } -# endif -# endif -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static char * -yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif +#if 0 +/* + * fix lifebyte. + * Must be more than 1024B because its unit is kilobytes. + * That is defined RFC2407. + */ +static int +fix_lifebyte(t) + unsigned long t; { - char *yyd = yydest; - const char *yys = yysrc; - - while ((*yyd++ = *yys++) != '\0') - continue; + if (t < 1024) { + yyerror("byte size should be more than 1024B."); + return 0; + } - return yyd - 1; + return(t / 1024); } -# endif -# endif +#endif -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) +int +cfparse() { - if (*yystr == '"') - { - YYSIZE_T yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); + int error; - return yystpcpy (yyres, yystr) - yyres; -} -# endif + yyerrorcount = 0; + yycf_init_buffer(); -/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message - about the unexpected token YYTOKEN for the state stack whose top is - YYSSP. + if (yycf_switch_buffer(lcconf->racoon_conf) != 0) { + plog(LLV_ERROR, LOCATION, NULL, + "could not read configuration file \"%s\"\n", + lcconf->racoon_conf); + return -1; + } - Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is - not large enough to hold the message. In that case, also set - *YYMSG_ALLOC to the required number of bytes. Return 2 if the - required number of bytes is too large to store. */ -static int -yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, - yytype_int16 *yyssp, int yytoken) -{ - YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - /* Internationalized format string. */ - const char *yyformat = YY_NULL; - /* Arguments of yyformat. */ - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - /* Number of reported tokens (one for the "unexpected", one per - "expected"). */ - int yycount = 0; - - /* There are many possibilities here to consider: - - Assume YYFAIL is not used. It's too flawed to consider. See - <http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html> - for details. YYERROR is fine as it does not invoke this - function. - - If this state is a consistent state with a default action, then - the only way this function was invoked is if the default action - is an error action. In that case, don't check for expected - tokens because there are none. - - The only way there can be no lookahead present (in yychar) is if - this state is a consistent state with a default action. Thus, - detecting the absence of a lookahead is sufficient to determine - that there is no unexpected or expected token to report. In that - case, just report a simple "syntax error". - - Don't assume there isn't a lookahead just because this state is a - consistent state with a default action. There might have been a - previous inconsistent state, consistent state with a non-default - action, or user semantic action that manipulated yychar. - - Of course, the expected token list depends on states to have - correct lookahead information, and it depends on the parser not - to perform extra reductions after fetching a lookahead from the - scanner and before detecting a syntax error. Thus, state merging - (from LALR or IELR) and default reductions corrupt the expected - token list. However, the list is correct for canonical LR with - one exception: it will still contain any token that will not be - accepted due to an error action in a later state. - */ - if (yytoken != YYEMPTY) - { - int yyn = yypact[*yyssp]; - yyarg[yycount++] = yytname[yytoken]; - if (!yypact_value_is_default (yyn)) - { - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. In other words, skip the first -YYN actions for - this state because they are default actions. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yyx; - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR - && !yytable_value_is_error (yytable[yyx + yyn])) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]); - if (! (yysize <= yysize1 - && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) - return 2; - yysize = yysize1; - } - } - } + error = yyparse(); + if (error != 0) { + if (yyerrorcount) { + plog(LLV_ERROR, LOCATION, NULL, + "fatal parse failure (%d errors)\n", + yyerrorcount); + } else { + plog(LLV_ERROR, LOCATION, NULL, + "fatal parse failure.\n"); + } + return -1; + } - switch (yycount) - { -# define YYCASE_(N, S) \ - case N: \ - yyformat = S; \ - break - YYCASE_(0, YY_("syntax error")); - YYCASE_(1, YY_("syntax error, unexpected %s")); - YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); - YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); - YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); - YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); -# undef YYCASE_ - } + if (error == 0 && yyerrorcount) { + plog(LLV_ERROR, LOCATION, NULL, + "parse error is nothing, but yyerrorcount is %d.\n", + yyerrorcount); + exit(1); + } - yysize1 = yysize + yystrlen (yyformat); - if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) - return 2; - yysize = yysize1; + yycf_clean_buffer(); - if (*yymsg_alloc < yysize) - { - *yymsg_alloc = 2 * yysize; - if (! (yysize <= *yymsg_alloc - && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) - *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; - return 1; - } + plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n"); - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - { - char *yyp = *yymsg; - int yyi = 0; - while ((*yyp = *yyformat) != '\0') - if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyformat += 2; - } - else - { - yyp++; - yyformat++; - } - } - return 0; + return 0; } -#endif /* YYERROR_VERBOSE */ -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ +int +cfreparse() +{ + flushph2(); + flushph1(); + flushrmconf(); + flushsainfo(); + clean_tmpalgtype(); + return(cfparse()); +} -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -#else +#ifdef ENABLE_ADMINPORT static void -yydestruct (yymsg, yytype, yyvaluep) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; -#endif +adminsock_conf(path, owner, group, mode_dec) + vchar_t *path; + vchar_t *owner; + vchar_t *group; + int mode_dec; { - YYUSE (yyvaluep); + struct passwd *pw = NULL; + struct group *gr = NULL; + mode_t mode = 0; + uid_t uid; + gid_t gid; + int isnum; - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + adminsock_path = path->v; - switch (yytype) - { + if (owner == NULL) + return; - default: - break; - } -} + errno = 0; + uid = atoi(owner->v); + isnum = !errno; + if (((pw = getpwnam(owner->v)) == NULL) && !isnum) + yyerror("User \"%s\" does not exist", owner->v); + if (pw) + adminsock_owner = pw->pw_uid; + else + adminsock_owner = uid; + if (group == NULL) + return; + errno = 0; + gid = atoi(group->v); + isnum = !errno; + if (((gr = getgrnam(group->v)) == NULL) && !isnum) + yyerror("Group \"%s\" does not exist", group->v); -/* The lookahead symbol. */ -int yychar; + if (gr) + adminsock_group = gr->gr_gid; + else + adminsock_group = gid; -/* The semantic value of the lookahead symbol. */ -YYSTYPE yylval; + if (mode_dec == -1) + return; -/* Number of syntax errors so far. */ -int yynerrs; + if (mode_dec > 777) + yyerror("Mode 0%03o is invalid", mode_dec); + if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; } + if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; } + if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; } + if (mode_dec > 77) + yyerror("Mode 0%03o is invalid", mode_dec); + if (mode_dec >= 40) { mode += 040; mode_dec -= 40; } + if (mode_dec >= 20) { mode += 020; mode_dec -= 20; } + if (mode_dec >= 10) { mode += 020; mode_dec -= 10; } -/*----------. -| yyparse. | -`----------*/ + if (mode_dec > 7) + yyerror("Mode 0%03o is invalid", mode_dec); + if (mode_dec >= 4) { mode += 04; mode_dec -= 4; } + if (mode_dec >= 2) { mode += 02; mode_dec -= 2; } + if (mode_dec >= 1) { mode += 02; mode_dec -= 1; } + + adminsock_mode = mode; -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; + return; +} #endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void) -#else -int -yyparse () +#line 1933 "racoonyy.tab.c" +#if YYDEBUG +#include <stdio.h> /* needed for printf */ #endif -#endif -{ - int yystate; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - - /* The stacks and their tools: - `yyss': related to states. - `yyvs': related to semantic values. - - Refer to the stacks through separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; - - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs; - YYSTYPE *yyvsp; - - YYSIZE_T yystacksize; - - int yyn; - int yyresult; - /* Lookahead token as an internal (translated) token number. */ - int yytoken; - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; - -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif - -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; +#include <stdlib.h> /* needed for malloc, etc */ +#include <string.h> /* needed for memset */ - yytoken = 0; - yyss = yyssa; - yyvs = yyvsa; - yystacksize = YYINITDEPTH; - - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; - yychar = YYEMPTY; /* Cause a token to be read. */ +/* allocate initial stack or double stack size, up to YYMAXDEPTH */ +static int yygrowstack(YYSTACKDATA *data) +{ + int i; + unsigned newsize; + YYINT *newss; + YYSTYPE *newvs; + + if ((newsize = data->stacksize) == 0) + newsize = YYINITSTACKSIZE; + else if (newsize >= YYMAXDEPTH) + return YYENOMEM; + else if ((newsize *= 2) > YYMAXDEPTH) + newsize = YYMAXDEPTH; + + i = (int) (data->s_mark - data->s_base); + newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); + if (newss == 0) + return YYENOMEM; + + data->s_base = newss; + data->s_mark = newss + i; + + newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); + if (newvs == 0) + return YYENOMEM; + + data->l_base = newvs; + data->l_mark = newvs + i; + + data->stacksize = newsize; + data->s_last = data->s_base + newsize - 1; + return 0; +} - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - yyssp = yyss; - yyvsp = yyvs; - goto yysetstate; +#if YYPURE || defined(YY_NO_LEAKS) +static void yyfreestack(YYSTACKDATA *data) +{ + free(data->s_base); + free(data->l_base); + memset(data, 0, sizeof(*data)); +} +#else +#define yyfreestack(data) /* nothing */ +#endif -/*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | -`------------------------------------------------------------*/ - yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. So pushing a state here evens the stacks. */ - yyssp++; +#define YYABORT goto yyabort +#define YYREJECT goto yyabort +#define YYACCEPT goto yyaccept +#define YYERROR goto yyerrlab - yysetstate: - *yyssp = yystate; +int +YYPARSE_DECL() +{ + int yym, yyn, yystate; +#if YYDEBUG + const char *yys; - if (yyss + yystacksize - 1 <= yyssp) + if ((yys = getenv("YYDEBUG")) != 0) { - /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; - -#ifdef yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; - } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else - /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; - yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; - - { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif -#endif /* no yyoverflow */ - - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - - if (yyss + yystacksize - 1 <= yyssp) - YYABORT; + yyn = *yys; + if (yyn >= '0' && yyn <= '9') + yydebug = yyn - '0'; } +#endif - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - - if (yystate == YYFINAL) - YYACCEPT; - - goto yybackup; - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: - - /* Do appropriate processing given the current state. Read a - lookahead token if we need one and don't already have one. */ - - /* First try to decide what to do without reference to lookahead token. */ - yyn = yypact[yystate]; - if (yypact_value_is_default (yyn)) - goto yydefault; + yym = 0; + yyn = 0; + yynerrs = 0; + yyerrflag = 0; + yychar = YYEMPTY; + yystate = 0; - /* Not known => get a lookahead token if don't already have one. */ +#if YYPURE + memset(&yystack, 0, sizeof(yystack)); +#endif - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; - } + if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; + yystack.s_mark = yystack.s_base; + yystack.l_mark = yystack.l_base; + yystate = 0; + *yystack.s_mark = 0; - if (yychar <= YYEOF) +yyloop: + if ((yyn = yydefred[yystate]) != 0) goto yyreduce; + if (yychar < 0) { - yychar = yytoken = YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); + yychar = YYLEX; + if (yychar < 0) yychar = YYEOF; +#if YYDEBUG + if (yydebug) + { + if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; + printf("%sdebug: state %d, reading %d (%s)\n", + YYPREFIX, yystate, yychar, yys); + } +#endif } - else + if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 && + yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); +#if YYDEBUG + if (yydebug) + printf("%sdebug: state %d, shifting to state %d\n", + YYPREFIX, yystate, yytable[yyn]); +#endif + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; + yychar = YYEMPTY; + if (yyerrflag > 0) --yyerrflag; + goto yyloop; } - - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) - goto yydefault; - yyn = yytable[yyn]; - if (yyn <= 0) + if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 && + yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) { - if (yytable_value_is_error (yyn)) - goto yyerrlab; - yyn = -yyn; - goto yyreduce; + yyn = yytable[yyn]; + goto yyreduce; } + if (yyerrflag != 0) goto yyinrecovery; - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - /* Shift the lookahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - - yystate = yyn; - *++yyvsp = yylval; + YYERROR_CALL("syntax error"); - goto yynewstate; - - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ -yydefault: - yyn = yydefact[yystate]; - if (yyn == 0) - goto yyerrlab; - goto yyreduce; + goto yyerrlab; /* redundant goto avoids 'unused label' warning */ +yyerrlab: + ++yynerrs; +yyinrecovery: + if (yyerrflag < 3) + { + yyerrflag = 3; + for (;;) + { + if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 && + yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE) + { +#if YYDEBUG + if (yydebug) + printf("%sdebug: state %d, error recovery shifting\ + to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); +#endif + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; + goto yyloop; + } + else + { +#if YYDEBUG + if (yydebug) + printf("%sdebug: error recovery discarding state %d\n", + YYPREFIX, *yystack.s_mark); +#endif + if (yystack.s_mark <= yystack.s_base) goto yyabort; + --yystack.s_mark; + --yystack.l_mark; + } + } + } + else + { + if (yychar == YYEOF) goto yyabort; +#if YYDEBUG + if (yydebug) + { + if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; + printf("%sdebug: state %d, error recovery discards token %d (%s)\n", + YYPREFIX, yystate, yychar, yys); + } +#endif + yychar = YYEMPTY; + goto yyloop; + } -/*-----------------------------. -| yyreduce -- Do a reduction. | -`-----------------------------*/ yyreduce: - /* yyn is the number of a rule to reduce with. */ - yylen = yyr2[yyn]; - - /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - +#if YYDEBUG + if (yydebug) + printf("%sdebug: state %d, reducing by rule %d (%s)\n", + YYPREFIX, yystate, yyn, yyrule[yyn]); +#endif + yym = yylen[yyn]; + if (yym > 0) + yyval = yystack.l_mark[1-yym]; + else + memset(&yyval, 0, sizeof yyval); - YY_REDUCE_PRINT (yyn); - switch (yyn) - { - case 22: -/* Line 1787 of yacc.c */ -#line 368 "cfparse.y" + switch (yyn) { +case 21: +#line 368 "../../ipsec-tools/src/racoon/cfparse.y" + { struct passwd *pw; - if ((pw = getpwnam((yyvsp[(2) - (2)].val)->v)) == NULL) { - yyerror("unknown user \"%s\"", (yyvsp[(2) - (2)].val)->v); + if ((pw = getpwnam(yystack.l_mark[0].val->v)) == NULL) { + yyerror("unknown user \"%s\"", yystack.l_mark[0].val->v); return -1; } lcconf->uid = pw->pw_uid; } - break; - - case 24: -/* Line 1787 of yacc.c */ -#line 378 "cfparse.y" - { lcconf->uid = (yyvsp[(2) - (2)].num); } - break; - - case 26: -/* Line 1787 of yacc.c */ -#line 380 "cfparse.y" - { +break; +case 23: +#line 378 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->uid = yystack.l_mark[0].num; } +break; +case 25: +#line 380 "../../ipsec-tools/src/racoon/cfparse.y" + { struct group *gr; - if ((gr = getgrnam((yyvsp[(2) - (2)].val)->v)) == NULL) { - yyerror("unknown group \"%s\"", (yyvsp[(2) - (2)].val)->v); + if ((gr = getgrnam(yystack.l_mark[0].val->v)) == NULL) { + yyerror("unknown group \"%s\"", yystack.l_mark[0].val->v); return -1; } lcconf->gid = gr->gr_gid; } - break; - - case 28: -/* Line 1787 of yacc.c */ -#line 390 "cfparse.y" - { lcconf->gid = (yyvsp[(2) - (2)].num); } - break; - - case 30: -/* Line 1787 of yacc.c */ -#line 391 "cfparse.y" - { lcconf->chroot = (yyvsp[(2) - (2)].val)->v; } - break; - - case 32: -/* Line 1787 of yacc.c */ -#line 397 "cfparse.y" - { - if ((yyvsp[(2) - (3)].num) >= LC_PATHTYPE_MAX) { - yyerror("invalid path type %d", (yyvsp[(2) - (3)].num)); +break; +case 27: +#line 390 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->gid = yystack.l_mark[0].num; } +break; +case 29: +#line 391 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->chroot = yystack.l_mark[0].val->v; } +break; +case 31: +#line 397 "../../ipsec-tools/src/racoon/cfparse.y" + { + if (yystack.l_mark[-1].num >= LC_PATHTYPE_MAX) { + yyerror("invalid path type %d", yystack.l_mark[-1].num); return -1; } /* free old pathinfo */ - if (lcconf->pathinfo[(yyvsp[(2) - (3)].num)]) - racoon_free(lcconf->pathinfo[(yyvsp[(2) - (3)].num)]); + if (lcconf->pathinfo[yystack.l_mark[-1].num]) + racoon_free(lcconf->pathinfo[yystack.l_mark[-1].num]); /* set new pathinfo */ - lcconf->pathinfo[(yyvsp[(2) - (3)].num)] = racoon_strdup((yyvsp[(3) - (3)].val)->v); - STRDUP_FATAL(lcconf->pathinfo[(yyvsp[(2) - (3)].num)]); - vfree((yyvsp[(3) - (3)].val)); - } - break; - - case 34: -/* Line 1787 of yacc.c */ -#line 417 "cfparse.y" - { lcconf->complex_bundle = (yyvsp[(2) - (2)].num); } - break; - - case 36: -/* Line 1787 of yacc.c */ -#line 423 "cfparse.y" - { + lcconf->pathinfo[yystack.l_mark[-1].num] = racoon_strdup(yystack.l_mark[0].val->v); + STRDUP_FATAL(lcconf->pathinfo[yystack.l_mark[-1].num]); + vfree(yystack.l_mark[0].val); + } +break; +case 33: +#line 417 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->complex_bundle = yystack.l_mark[0].num; } +break; +case 35: +#line 423 "../../ipsec-tools/src/racoon/cfparse.y" + { char path[MAXPATHLEN]; getpathname(path, sizeof(path), - LC_PATHTYPE_INCLUDE, (yyvsp[(2) - (3)].val)->v); - vfree((yyvsp[(2) - (3)].val)); + LC_PATHTYPE_INCLUDE, yystack.l_mark[-1].val->v); + vfree(yystack.l_mark[-1].val); if (yycf_switch_buffer(path) != 0) return -1; } - break; - - case 37: -/* Line 1787 of yacc.c */ -#line 437 "cfparse.y" - { - lcconf->pfkey_buffer_size = (yyvsp[(2) - (3)].num); +break; +case 36: +#line 437 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->pfkey_buffer_size = yystack.l_mark[-1].num; } - break; - - case 38: -/* Line 1787 of yacc.c */ -#line 444 "cfparse.y" - { - if ((yyvsp[(2) - (3)].num) >= LC_GSSENC_MAX) { - yyerror("invalid GSS ID encoding %d", (yyvsp[(2) - (3)].num)); +break; +case 37: +#line 444 "../../ipsec-tools/src/racoon/cfparse.y" + { + if (yystack.l_mark[-1].num >= LC_GSSENC_MAX) { + yyerror("invalid GSS ID encoding %d", yystack.l_mark[-1].num); return -1; } - lcconf->gss_id_enc = (yyvsp[(2) - (3)].num); + lcconf->gss_id_enc = yystack.l_mark[-1].num; } - break; - - case 40: -/* Line 1787 of yacc.c */ -#line 459 "cfparse.y" - { +break; +case 39: +#line 459 "../../ipsec-tools/src/racoon/cfparse.y" + { /* * set the loglevel to the value specified * in the configuration file plus the number * of -d options specified on the command line */ - loglevel += (yyvsp[(1) - (1)].num) - oldloglevel; - oldloglevel = (yyvsp[(1) - (1)].num); - } - break; - - case 44: -/* Line 1787 of yacc.c */ -#line 479 "cfparse.y" - { lcconf->pad_random = (yyvsp[(2) - (2)].num); } - break; - - case 46: -/* Line 1787 of yacc.c */ -#line 480 "cfparse.y" - { lcconf->pad_randomlen = (yyvsp[(2) - (2)].num); } - break; - - case 48: -/* Line 1787 of yacc.c */ -#line 481 "cfparse.y" - { lcconf->pad_maxsize = (yyvsp[(2) - (2)].num); } - break; - - case 50: -/* Line 1787 of yacc.c */ -#line 482 "cfparse.y" - { lcconf->pad_strict = (yyvsp[(2) - (2)].num); } - break; - - case 52: -/* Line 1787 of yacc.c */ -#line 483 "cfparse.y" - { lcconf->pad_excltail = (yyvsp[(2) - (2)].num); } - break; - - case 57: -/* Line 1787 of yacc.c */ -#line 496 "cfparse.y" - { - myaddr_listen((yyvsp[(2) - (2)].saddr), FALSE); - racoon_free((yyvsp[(2) - (2)].saddr)); + loglevel += yystack.l_mark[0].num - oldloglevel; + oldloglevel = yystack.l_mark[0].num; + } +break; +case 43: +#line 479 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->pad_random = yystack.l_mark[0].num; } +break; +case 45: +#line 480 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->pad_randomlen = yystack.l_mark[0].num; } +break; +case 47: +#line 481 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->pad_maxsize = yystack.l_mark[0].num; } +break; +case 49: +#line 482 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->pad_strict = yystack.l_mark[0].num; } +break; +case 51: +#line 483 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->pad_excltail = yystack.l_mark[0].num; } +break; +case 56: +#line 496 "../../ipsec-tools/src/racoon/cfparse.y" + { + myaddr_listen(yystack.l_mark[0].saddr, FALSE); + racoon_free(yystack.l_mark[0].saddr); } - break; - - case 59: -/* Line 1787 of yacc.c */ -#line 502 "cfparse.y" - { +break; +case 58: +#line 502 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_NATT - myaddr_listen((yyvsp[(2) - (2)].saddr), TRUE); - racoon_free((yyvsp[(2) - (2)].saddr)); + myaddr_listen(yystack.l_mark[0].saddr, TRUE); + racoon_free(yystack.l_mark[0].saddr); #else - racoon_free((yyvsp[(2) - (2)].saddr)); + racoon_free(yystack.l_mark[0].saddr); yyerror("NAT-T support not compiled in."); #endif } - break; - - case 61: -/* Line 1787 of yacc.c */ -#line 513 "cfparse.y" - { +break; +case 60: +#line 513 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_ADMINPORT - adminsock_conf((yyvsp[(2) - (5)].val), (yyvsp[(3) - (5)].val), (yyvsp[(4) - (5)].val), (yyvsp[(5) - (5)].num)); + adminsock_conf(yystack.l_mark[-3].val, yystack.l_mark[-2].val, yystack.l_mark[-1].val, yystack.l_mark[0].num); #else yywarn("admin port support not compiled in"); #endif } - break; - - case 63: -/* Line 1787 of yacc.c */ -#line 522 "cfparse.y" - { +break; +case 62: +#line 522 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_ADMINPORT - adminsock_conf((yyvsp[(2) - (2)].val), NULL, NULL, -1); + adminsock_conf(yystack.l_mark[0].val, NULL, NULL, -1); #else yywarn("admin port support not compiled in"); #endif } - break; - - case 65: -/* Line 1787 of yacc.c */ -#line 531 "cfparse.y" - { +break; +case 64: +#line 531 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_ADMINPORT adminsock_path = NULL; #else yywarn("admin port support not compiled in"); #endif } - break; - - case 67: -/* Line 1787 of yacc.c */ -#line 539 "cfparse.y" - { lcconf->strict_address = TRUE; } - break; - - case 69: -/* Line 1787 of yacc.c */ -#line 543 "cfparse.y" - { +break; +case 66: +#line 539 "../../ipsec-tools/src/racoon/cfparse.y" + { lcconf->strict_address = TRUE; } +break; +case 68: +#line 543 "../../ipsec-tools/src/racoon/cfparse.y" + { char portbuf[10]; - snprintf(portbuf, sizeof(portbuf), "%ld", (yyvsp[(2) - (2)].num)); - (yyval.saddr) = str2saddr((yyvsp[(1) - (2)].val)->v, portbuf); - vfree((yyvsp[(1) - (2)].val)); - if (!(yyval.saddr)) + snprintf(portbuf, sizeof(portbuf), "%ld", yystack.l_mark[0].num); + yyval.saddr = str2saddr(yystack.l_mark[-1].val->v, portbuf); + vfree(yystack.l_mark[-1].val); + if (!yyval.saddr) return -1; } - break; - - case 70: -/* Line 1787 of yacc.c */ -#line 554 "cfparse.y" - { (yyval.num) = PORT_ISAKMP; } - break; - - case 71: -/* Line 1787 of yacc.c */ -#line 555 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 72: -/* Line 1787 of yacc.c */ -#line 560 "cfparse.y" - { +break; +case 69: +#line 554 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = PORT_ISAKMP; } +break; +case 70: +#line 555 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 71: +#line 560 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); return -1; @@ -2909,12 +2337,10 @@ yyreduce: #endif #endif } - break; - - case 76: -/* Line 1787 of yacc.c */ -#line 583 "cfparse.y" - { +break; +case 75: +#line 583 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.auth_server_count; @@ -2923,19 +2349,17 @@ yyreduce: return -1; } - xauth_rad_config.auth_server_list[i].host = vdup((yyvsp[(2) - (3)].val)); - xauth_rad_config.auth_server_list[i].secret = vdup((yyvsp[(3) - (3)].val)); - xauth_rad_config.auth_server_list[i].port = 0; // default port + xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-1].val); + xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); + xauth_rad_config.auth_server_list[i].port = 0; /* default port*/ xauth_rad_config.auth_server_count++; #endif #endif } - break; - - case 78: -/* Line 1787 of yacc.c */ -#line 601 "cfparse.y" - { +break; +case 77: +#line 601 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.auth_server_count; @@ -2944,19 +2368,17 @@ yyreduce: return -1; } - xauth_rad_config.auth_server_list[i].host = vdup((yyvsp[(2) - (4)].val)); - xauth_rad_config.auth_server_list[i].secret = vdup((yyvsp[(4) - (4)].val)); - xauth_rad_config.auth_server_list[i].port = (yyvsp[(3) - (4)].num); + xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-2].val); + xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); + xauth_rad_config.auth_server_list[i].port = yystack.l_mark[-1].num; xauth_rad_config.auth_server_count++; #endif #endif } - break; - - case 80: -/* Line 1787 of yacc.c */ -#line 619 "cfparse.y" - { +break; +case 79: +#line 619 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.acct_server_count; @@ -2965,19 +2387,17 @@ yyreduce: return -1; } - xauth_rad_config.acct_server_list[i].host = vdup((yyvsp[(2) - (3)].val)); - xauth_rad_config.acct_server_list[i].secret = vdup((yyvsp[(3) - (3)].val)); - xauth_rad_config.acct_server_list[i].port = 0; // default port + xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-1].val); + xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); + xauth_rad_config.acct_server_list[i].port = 0; /* default port*/ xauth_rad_config.acct_server_count++; #endif #endif } - break; - - case 82: -/* Line 1787 of yacc.c */ -#line 637 "cfparse.y" - { +break; +case 81: +#line 637 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS int i = xauth_rad_config.acct_server_count; @@ -2986,43 +2406,37 @@ yyreduce: return -1; } - xauth_rad_config.acct_server_list[i].host = vdup((yyvsp[(2) - (4)].val)); - xauth_rad_config.acct_server_list[i].secret = vdup((yyvsp[(4) - (4)].val)); - xauth_rad_config.acct_server_list[i].port = (yyvsp[(3) - (4)].num); + xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-2].val); + xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); + xauth_rad_config.acct_server_list[i].port = yystack.l_mark[-1].num; xauth_rad_config.acct_server_count++; #endif #endif } - break; - - case 84: -/* Line 1787 of yacc.c */ -#line 655 "cfparse.y" - { +break; +case 83: +#line 655 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS - xauth_rad_config.timeout = (yyvsp[(2) - (2)].num); + xauth_rad_config.timeout = yystack.l_mark[0].num; #endif #endif } - break; - - case 86: -/* Line 1787 of yacc.c */ -#line 664 "cfparse.y" - { +break; +case 85: +#line 664 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS - xauth_rad_config.retries = (yyvsp[(2) - (2)].num); + xauth_rad_config.retries = yystack.l_mark[0].num; #endif #endif } - break; - - case 88: -/* Line 1787 of yacc.c */ -#line 676 "cfparse.y" - { +break; +case 87: +#line 676 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); return -1; @@ -3032,265 +2446,225 @@ yyreduce: return -1; #endif } - break; - - case 92: -/* Line 1787 of yacc.c */ -#line 693 "cfparse.y" - { +break; +case 91: +#line 693 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP - if (((yyvsp[(2) - (2)].num)<2)||((yyvsp[(2) - (2)].num)>3)) + if ((yystack.l_mark[0].num<2)||(yystack.l_mark[0].num>3)) yyerror("invalid ldap protocol version (2|3)"); - xauth_ldap_config.pver = (yyvsp[(2) - (2)].num); + xauth_ldap_config.pver = yystack.l_mark[0].num; #endif #endif } - break; - - case 94: -/* Line 1787 of yacc.c */ -#line 704 "cfparse.y" - { +break; +case 93: +#line 704 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.host != NULL) vfree(xauth_ldap_config.host); - xauth_ldap_config.host = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.host = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 96: -/* Line 1787 of yacc.c */ -#line 715 "cfparse.y" - { +break; +case 95: +#line 715 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP - xauth_ldap_config.port = (yyvsp[(2) - (2)].num); + xauth_ldap_config.port = yystack.l_mark[0].num; #endif #endif } - break; - - case 98: -/* Line 1787 of yacc.c */ -#line 724 "cfparse.y" - { +break; +case 97: +#line 724 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.base != NULL) vfree(xauth_ldap_config.base); - xauth_ldap_config.base = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.base = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 100: -/* Line 1787 of yacc.c */ -#line 735 "cfparse.y" - { +break; +case 99: +#line 735 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP - xauth_ldap_config.subtree = (yyvsp[(2) - (2)].num); + xauth_ldap_config.subtree = yystack.l_mark[0].num; #endif #endif } - break; - - case 102: -/* Line 1787 of yacc.c */ -#line 744 "cfparse.y" - { +break; +case 101: +#line 744 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.bind_dn != NULL) vfree(xauth_ldap_config.bind_dn); - xauth_ldap_config.bind_dn = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.bind_dn = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 104: -/* Line 1787 of yacc.c */ -#line 755 "cfparse.y" - { +break; +case 103: +#line 755 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.bind_pw != NULL) vfree(xauth_ldap_config.bind_pw); - xauth_ldap_config.bind_pw = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.bind_pw = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 106: -/* Line 1787 of yacc.c */ -#line 766 "cfparse.y" - { +break; +case 105: +#line 766 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_user != NULL) vfree(xauth_ldap_config.attr_user); - xauth_ldap_config.attr_user = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.attr_user = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 108: -/* Line 1787 of yacc.c */ -#line 777 "cfparse.y" - { +break; +case 107: +#line 777 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_addr != NULL) vfree(xauth_ldap_config.attr_addr); - xauth_ldap_config.attr_addr = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.attr_addr = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 110: -/* Line 1787 of yacc.c */ -#line 788 "cfparse.y" - { +break; +case 109: +#line 788 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_mask != NULL) vfree(xauth_ldap_config.attr_mask); - xauth_ldap_config.attr_mask = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.attr_mask = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 112: -/* Line 1787 of yacc.c */ -#line 799 "cfparse.y" - { +break; +case 111: +#line 799 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_group != NULL) vfree(xauth_ldap_config.attr_group); - xauth_ldap_config.attr_group = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.attr_group = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 114: -/* Line 1787 of yacc.c */ -#line 810 "cfparse.y" - { +break; +case 113: +#line 810 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP if (xauth_ldap_config.attr_member != NULL) vfree(xauth_ldap_config.attr_member); - xauth_ldap_config.attr_member = vdup((yyvsp[(2) - (2)].val)); + xauth_ldap_config.attr_member = vdup(yystack.l_mark[0].val); #endif #endif } - break; - - case 119: -/* Line 1787 of yacc.c */ -#line 832 "cfparse.y" - { +break; +case 118: +#line 832 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - if (inet_pton(AF_INET, (yyvsp[(2) - (2)].val)->v, + if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &isakmp_cfg_config.network4) != 1) yyerror("bad IPv4 network address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 121: -/* Line 1787 of yacc.c */ -#line 843 "cfparse.y" - { +break; +case 120: +#line 843 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - if (inet_pton(AF_INET, (yyvsp[(2) - (2)].val)->v, + if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &isakmp_cfg_config.netmask4) != 1) yyerror("bad IPv4 netmask address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 125: -/* Line 1787 of yacc.c */ -#line 858 "cfparse.y" - { +break; +case 124: +#line 858 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 127: -/* Line 1787 of yacc.c */ -#line 867 "cfparse.y" - { +break; +case 126: +#line 867 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 129: -/* Line 1787 of yacc.c */ -#line 876 "cfparse.y" - { +break; +case 128: +#line 876 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 131: -/* Line 1787 of yacc.c */ -#line 883 "cfparse.y" - { +break; +case 130: +#line 883 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID strncpy(&isakmp_cfg_config.default_domain[0], - (yyvsp[(2) - (2)].val)->v, MAXPATHLEN); + yystack.l_mark[0].val->v, MAXPATHLEN); isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0'; - vfree((yyvsp[(2) - (2)].val)); + vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 133: -/* Line 1787 of yacc.c */ -#line 895 "cfparse.y" - { +break; +case 132: +#line 895 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 135: -/* Line 1787 of yacc.c */ -#line 904 "cfparse.y" - { +break; +case 134: +#line 904 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS; @@ -3301,12 +2675,10 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 137: -/* Line 1787 of yacc.c */ -#line 917 "cfparse.y" - { +break; +case 136: +#line 917 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBPAM isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM; @@ -3317,12 +2689,10 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 139: -/* Line 1787 of yacc.c */ -#line 930 "cfparse.y" - { +break; +case 138: +#line 930 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP; @@ -3333,34 +2703,28 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 141: -/* Line 1787 of yacc.c */ -#line 943 "cfparse.y" - { +break; +case 140: +#line 943 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifndef ENABLE_HYBRID yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 143: -/* Line 1787 of yacc.c */ -#line 950 "cfparse.y" - { +break; +case 142: +#line 950 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 145: -/* Line 1787 of yacc.c */ -#line 959 "cfparse.y" - { +break; +case 144: +#line 959 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP; @@ -3371,36 +2735,30 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 147: -/* Line 1787 of yacc.c */ -#line 972 "cfparse.y" - { +break; +case 146: +#line 972 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 149: -/* Line 1787 of yacc.c */ -#line 981 "cfparse.y" - { +break; +case 148: +#line 981 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM; #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 151: -/* Line 1787 of yacc.c */ -#line 990 "cfparse.y" - { +break; +case 150: +#line 990 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS; @@ -3411,12 +2769,10 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 153: -/* Line 1787 of yacc.c */ -#line 1003 "cfparse.y" - { +break; +case 152: +#line 1003 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBPAM isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM; @@ -3427,73 +2783,61 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 155: -/* Line 1787 of yacc.c */ -#line 1016 "cfparse.y" - { +break; +case 154: +#line 1016 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - if (isakmp_cfg_resize_pool((yyvsp[(2) - (2)].num)) != 0) + if (isakmp_cfg_resize_pool(yystack.l_mark[0].num) != 0) yyerror("cannot allocate memory for pool"); #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 157: -/* Line 1787 of yacc.c */ -#line 1026 "cfparse.y" - { +break; +case 156: +#line 1026 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - isakmp_cfg_config.pfs_group = (yyvsp[(2) - (2)].num); + isakmp_cfg_config.pfs_group = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 159: -/* Line 1787 of yacc.c */ -#line 1035 "cfparse.y" - { +break; +case 158: +#line 1035 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - isakmp_cfg_config.save_passwd = (yyvsp[(2) - (2)].num); + isakmp_cfg_config.save_passwd = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 161: -/* Line 1787 of yacc.c */ -#line 1044 "cfparse.y" - { +break; +case 160: +#line 1044 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - isakmp_cfg_config.auth_throttle = (yyvsp[(2) - (2)].num); + isakmp_cfg_config.auth_throttle = yystack.l_mark[0].num; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 163: -/* Line 1787 of yacc.c */ -#line 1053 "cfparse.y" - { +break; +case 162: +#line 1053 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL; #else /* ENABLE_HYBRID */ yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 165: -/* Line 1787 of yacc.c */ -#line 1062 "cfparse.y" - { +break; +case 164: +#line 1062 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBRADIUS isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS; @@ -3504,12 +2848,10 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 167: -/* Line 1787 of yacc.c */ -#line 1075 "cfparse.y" - { +break; +case 166: +#line 1075 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID #ifdef HAVE_LIBLDAP isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP; @@ -3520,72 +2862,64 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif /* ENABLE_HYBRID */ } - break; - - case 169: -/* Line 1787 of yacc.c */ -#line 1088 "cfparse.y" - { +break; +case 168: +#line 1088 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - strncpy(&isakmp_cfg_config.motd[0], (yyvsp[(2) - (2)].val)->v, MAXPATHLEN); + strncpy(&isakmp_cfg_config.motd[0], yystack.l_mark[0].val->v, MAXPATHLEN); isakmp_cfg_config.motd[MAXPATHLEN] = '\0'; - vfree((yyvsp[(2) - (2)].val)); + vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 173: -/* Line 1787 of yacc.c */ -#line 1106 "cfparse.y" - { +break; +case 172: +#line 1106 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (icc->dns4_index > MAXNS) yyerror("No more than %d DNS", MAXNS); - if (inet_pton(AF_INET, (yyvsp[(1) - (1)].val)->v, + if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &icc->dns4[icc->dns4_index++]) != 1) yyerror("bad IPv4 DNS address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 176: -/* Line 1787 of yacc.c */ -#line 1127 "cfparse.y" - { +break; +case 175: +#line 1127 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (icc->nbns4_index > MAXWINS) yyerror("No more than %d WINS", MAXWINS); - if (inet_pton(AF_INET, (yyvsp[(1) - (1)].val)->v, + if (inet_pton(AF_INET, yystack.l_mark[0].val->v, &icc->nbns4[icc->nbns4_index++]) != 1) yyerror("bad IPv4 WINS address."); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 179: -/* Line 1787 of yacc.c */ -#line 1148 "cfparse.y" - { +break; +case 178: +#line 1148 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; struct unity_network network; memset(&network,0,sizeof(network)); - if (inet_pton(AF_INET, (yyvsp[(1) - (2)].val)->v, &network.addr4) != 1) + if (inet_pton(AF_INET, yystack.l_mark[-1].val->v, &network.addr4) != 1) yyerror("bad IPv4 SPLIT address."); /* Turn $2 (the prefix) into a subnet mask */ - network.mask4.s_addr = ((yyvsp[(2) - (2)].num)) ? htonl(~((1 << (32 - (yyvsp[(2) - (2)].num))) - 1)) : 0; + network.mask4.s_addr = (yystack.l_mark[0].num) ? htonl(~((1 << (32 - yystack.l_mark[0].num)) - 1)) : 0; /* add the network to our list */ if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count)) @@ -3594,12 +2928,10 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 182: -/* Line 1787 of yacc.c */ -#line 1175 "cfparse.y" - { +break; +case 181: +#line 1175 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID char * groupname = NULL; char ** grouplist = NULL; @@ -3612,132 +2944,114 @@ yyreduce: return -1; } - groupname = racoon_malloc((yyvsp[(1) - (1)].val)->l+1); + groupname = racoon_malloc(yystack.l_mark[0].val->l+1); if (groupname == NULL) { yyerror("unable to allocate auth group name"); return -1; } - memcpy(groupname,(yyvsp[(1) - (1)].val)->v,(yyvsp[(1) - (1)].val)->l); - groupname[(yyvsp[(1) - (1)].val)->l]=0; + memcpy(groupname,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); + groupname[yystack.l_mark[0].val->l]=0; grouplist[icc->groupcount]=groupname; icc->grouplist = grouplist; icc->groupcount++; - vfree((yyvsp[(1) - (1)].val)); + vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 185: -/* Line 1787 of yacc.c */ -#line 1213 "cfparse.y" - { +break; +case 184: +#line 1213 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID struct isakmp_cfg_config *icc = &isakmp_cfg_config; if (!icc->splitdns_len) { - icc->splitdns_list = racoon_malloc((yyvsp[(1) - (1)].val)->l); + icc->splitdns_list = racoon_malloc(yystack.l_mark[0].val->l); if(icc->splitdns_list == NULL) { yyerror("error allocating splitdns list buffer"); return -1; } - memcpy(icc->splitdns_list,(yyvsp[(1) - (1)].val)->v,(yyvsp[(1) - (1)].val)->l); - icc->splitdns_len = (yyvsp[(1) - (1)].val)->l; + memcpy(icc->splitdns_list,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); + icc->splitdns_len = yystack.l_mark[0].val->l; } else { - int len = icc->splitdns_len + (yyvsp[(1) - (1)].val)->l + 1; + int len = icc->splitdns_len + yystack.l_mark[0].val->l + 1; icc->splitdns_list = racoon_realloc(icc->splitdns_list,len); if(icc->splitdns_list == NULL) { yyerror("error allocating splitdns list buffer"); return -1; } icc->splitdns_list[icc->splitdns_len] = ','; - memcpy(icc->splitdns_list + icc->splitdns_len + 1, (yyvsp[(1) - (1)].val)->v, (yyvsp[(1) - (1)].val)->l); + memcpy(icc->splitdns_list + icc->splitdns_len + 1, yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); icc->splitdns_len = len; } - vfree((yyvsp[(1) - (1)].val)); + vfree(yystack.l_mark[0].val); #else yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 189: -/* Line 1787 of yacc.c */ -#line 1257 "cfparse.y" - { - lcconf->retry_counter = (yyvsp[(2) - (2)].num); +break; +case 188: +#line 1257 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->retry_counter = yystack.l_mark[0].num; } - break; - - case 191: -/* Line 1787 of yacc.c */ -#line 1262 "cfparse.y" - { - lcconf->retry_interval = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num); +break; +case 190: +#line 1262 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->retry_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; } - break; - - case 193: -/* Line 1787 of yacc.c */ -#line 1267 "cfparse.y" - { - lcconf->count_persend = (yyvsp[(2) - (2)].num); +break; +case 192: +#line 1267 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->count_persend = yystack.l_mark[0].num; } - break; - - case 195: -/* Line 1787 of yacc.c */ -#line 1272 "cfparse.y" - { - lcconf->retry_checkph1 = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num); +break; +case 194: +#line 1272 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->retry_checkph1 = yystack.l_mark[-1].num * yystack.l_mark[0].num; } - break; - - case 197: -/* Line 1787 of yacc.c */ -#line 1277 "cfparse.y" - { - lcconf->wait_ph2complete = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num); +break; +case 196: +#line 1277 "../../ipsec-tools/src/racoon/cfparse.y" + { + lcconf->wait_ph2complete = yystack.l_mark[-1].num * yystack.l_mark[0].num; } - break; - - case 199: -/* Line 1787 of yacc.c */ -#line 1282 "cfparse.y" - { +break; +case 198: +#line 1282 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) - lcconf->natt_ka_interval = (yyvsp[(2) - (3)].num) * (yyvsp[(3) - (3)].num); + lcconf->natt_ka_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; else yyerror("libipsec lacks NAT-T support"); #else yyerror("NAT-T support not compiled in."); #endif } - break; - - case 201: -/* Line 1787 of yacc.c */ -#line 1298 "cfparse.y" - { +break; +case 200: +#line 1298 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_sainfo = newsainfo(); if (cur_sainfo == NULL) { yyerror("failed to allocate sainfo"); return -1; } } - break; - - case 202: -/* Line 1787 of yacc.c */ -#line 1306 "cfparse.y" - { +break; +case 201: +#line 1306 "../../ipsec-tools/src/racoon/cfparse.y" + { struct sainfo *check; /* default */ @@ -3773,146 +3087,130 @@ yyreduce: inssainfo(cur_sainfo); } - break; - - case 204: -/* Line 1787 of yacc.c */ -#line 1346 "cfparse.y" - { +break; +case 203: +#line 1346 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_sainfo->idsrc = SAINFO_ANONYMOUS; cur_sainfo->iddst = SAINFO_ANONYMOUS; } - break; - - case 205: -/* Line 1787 of yacc.c */ -#line 1351 "cfparse.y" - { +break; +case 204: +#line 1351 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_sainfo->idsrc = SAINFO_ANONYMOUS; cur_sainfo->iddst = SAINFO_CLIENTADDR; } - break; - - case 206: -/* Line 1787 of yacc.c */ -#line 1356 "cfparse.y" - { +break; +case 205: +#line 1356 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_sainfo->idsrc = SAINFO_ANONYMOUS; - cur_sainfo->iddst = (yyvsp[(2) - (2)].val); + cur_sainfo->iddst = yystack.l_mark[0].val; } - break; - - case 207: -/* Line 1787 of yacc.c */ -#line 1361 "cfparse.y" - { - cur_sainfo->idsrc = (yyvsp[(1) - (2)].val); +break; +case 206: +#line 1361 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->idsrc = yystack.l_mark[-1].val; cur_sainfo->iddst = SAINFO_ANONYMOUS; } - break; - - case 208: -/* Line 1787 of yacc.c */ -#line 1366 "cfparse.y" - { - cur_sainfo->idsrc = (yyvsp[(1) - (2)].val); +break; +case 207: +#line 1366 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->idsrc = yystack.l_mark[-1].val; cur_sainfo->iddst = SAINFO_CLIENTADDR; } - break; - - case 209: -/* Line 1787 of yacc.c */ -#line 1371 "cfparse.y" - { - cur_sainfo->idsrc = (yyvsp[(1) - (2)].val); - cur_sainfo->iddst = (yyvsp[(2) - (2)].val); +break; +case 208: +#line 1371 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->idsrc = yystack.l_mark[-1].val; + cur_sainfo->iddst = yystack.l_mark[0].val; } - break; - - case 210: -/* Line 1787 of yacc.c */ -#line 1378 "cfparse.y" - { +break; +case 209: +#line 1378 "../../ipsec-tools/src/racoon/cfparse.y" + { char portbuf[10]; struct sockaddr *saddr; - if (((yyvsp[(5) - (5)].num) == IPPROTO_ICMP || (yyvsp[(5) - (5)].num) == IPPROTO_ICMPV6) - && ((yyvsp[(4) - (5)].num) != IPSEC_PORT_ANY || (yyvsp[(4) - (5)].num) != IPSEC_PORT_ANY)) { + if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) + && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { yyerror("port number must be \"any\"."); return -1; } - snprintf(portbuf, sizeof(portbuf), "%lu", (yyvsp[(4) - (5)].num)); - saddr = str2saddr((yyvsp[(2) - (5)].val)->v, portbuf); - vfree((yyvsp[(2) - (5)].val)); + snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); + saddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); + vfree(yystack.l_mark[-3].val); if (saddr == NULL) return -1; switch (saddr->sa_family) { case AF_INET: - if ((yyvsp[(5) - (5)].num) == IPPROTO_ICMPV6) { + if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { yyerror("upper layer protocol mismatched.\n"); racoon_free(saddr); return -1; } - (yyval.val) = ipsecdoi_sockaddr2id(saddr, - (yyvsp[(3) - (5)].num) == ~0 ? (sizeof(struct in_addr) << 3): (yyvsp[(3) - (5)].num), - (yyvsp[(5) - (5)].num)); + yyval.val = ipsecdoi_sockaddr2id(saddr, + yystack.l_mark[-2].num == ~0 ? (sizeof(struct in_addr) << 3): yystack.l_mark[-2].num, + yystack.l_mark[0].num); break; #ifdef INET6 case AF_INET6: - if ((yyvsp[(5) - (5)].num) == IPPROTO_ICMP) { + if (yystack.l_mark[0].num == IPPROTO_ICMP) { yyerror("upper layer protocol mismatched.\n"); racoon_free(saddr); return -1; } - (yyval.val) = ipsecdoi_sockaddr2id(saddr, - (yyvsp[(3) - (5)].num) == ~0 ? (sizeof(struct in6_addr) << 3): (yyvsp[(3) - (5)].num), - (yyvsp[(5) - (5)].num)); + yyval.val = ipsecdoi_sockaddr2id(saddr, + yystack.l_mark[-2].num == ~0 ? (sizeof(struct in6_addr) << 3): yystack.l_mark[-2].num, + yystack.l_mark[0].num); break; #endif default: yyerror("invalid family: %d", saddr->sa_family); - (yyval.val) = NULL; + yyval.val = NULL; break; } racoon_free(saddr); - if ((yyval.val) == NULL) + if (yyval.val == NULL) return -1; } - break; - - case 211: -/* Line 1787 of yacc.c */ -#line 1427 "cfparse.y" - { +break; +case 210: +#line 1427 "../../ipsec-tools/src/racoon/cfparse.y" + { char portbuf[10]; struct sockaddr *laddr = NULL, *haddr = NULL; char *cur = NULL; - if (((yyvsp[(6) - (6)].num) == IPPROTO_ICMP || (yyvsp[(6) - (6)].num) == IPPROTO_ICMPV6) - && ((yyvsp[(5) - (6)].num) != IPSEC_PORT_ANY || (yyvsp[(5) - (6)].num) != IPSEC_PORT_ANY)) { + if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) + && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { yyerror("port number must be \"any\"."); return -1; } - snprintf(portbuf, sizeof(portbuf), "%lu", (yyvsp[(5) - (6)].num)); + snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); - laddr = str2saddr((yyvsp[(2) - (6)].val)->v, portbuf); + laddr = str2saddr(yystack.l_mark[-4].val->v, portbuf); if (laddr == NULL) { return -1; } - vfree((yyvsp[(2) - (6)].val)); - haddr = str2saddr((yyvsp[(3) - (6)].val)->v, portbuf); + vfree(yystack.l_mark[-4].val); + haddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); if (haddr == NULL) { racoon_free(laddr); return -1; } - vfree((yyvsp[(3) - (6)].val)); + vfree(yystack.l_mark[-3].val); switch (laddr->sa_family) { case AF_INET: - if ((yyvsp[(6) - (6)].num) == IPPROTO_ICMPV6) { + if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { yyerror("upper layer protocol mismatched.\n"); if (laddr) racoon_free(laddr); @@ -3920,12 +3218,12 @@ yyreduce: racoon_free(haddr); return -1; } - (yyval.val) = ipsecdoi_sockrange2id(laddr, haddr, - (yyvsp[(6) - (6)].num)); + yyval.val = ipsecdoi_sockrange2id(laddr, haddr, + yystack.l_mark[0].num); break; #ifdef INET6 case AF_INET6: - if ((yyvsp[(6) - (6)].num) == IPPROTO_ICMP) { + if (yystack.l_mark[0].num == IPPROTO_ICMP) { yyerror("upper layer protocol mismatched.\n"); if (laddr) racoon_free(laddr); @@ -3933,70 +3231,64 @@ yyreduce: racoon_free(haddr); return -1; } - (yyval.val) = ipsecdoi_sockrange2id(laddr, haddr, - (yyvsp[(6) - (6)].num)); + yyval.val = ipsecdoi_sockrange2id(laddr, haddr, + yystack.l_mark[0].num); break; #endif default: yyerror("invalid family: %d", laddr->sa_family); - (yyval.val) = NULL; + yyval.val = NULL; break; } if (laddr) racoon_free(laddr); if (haddr) racoon_free(haddr); - if ((yyval.val) == NULL) + if (yyval.val == NULL) return -1; } - break; - - case 212: -/* Line 1787 of yacc.c */ -#line 1492 "cfparse.y" - { +break; +case 211: +#line 1492 "../../ipsec-tools/src/racoon/cfparse.y" + { struct ipsecdoi_id_b *id_b; - if ((yyvsp[(1) - (2)].num) == IDTYPE_ASN1DN) { - yyerror("id type forbidden: %d", (yyvsp[(1) - (2)].num)); - (yyval.val) = NULL; + if (yystack.l_mark[-1].num == IDTYPE_ASN1DN) { + yyerror("id type forbidden: %d", yystack.l_mark[-1].num); + yyval.val = NULL; return -1; } - (yyvsp[(2) - (2)].val)->l--; + yystack.l_mark[0].val->l--; - (yyval.val) = vmalloc(sizeof(*id_b) + (yyvsp[(2) - (2)].val)->l); - if ((yyval.val) == NULL) { + yyval.val = vmalloc(sizeof(*id_b) + yystack.l_mark[0].val->l); + if (yyval.val == NULL) { yyerror("failed to allocate identifier"); return -1; } - id_b = (struct ipsecdoi_id_b *)(yyval.val)->v; - id_b->type = idtype2doi((yyvsp[(1) - (2)].num)); + id_b = (struct ipsecdoi_id_b *)yyval.val->v; + id_b->type = idtype2doi(yystack.l_mark[-1].num); id_b->proto_id = 0; id_b->port = 0; - memcpy((yyval.val)->v + sizeof(*id_b), (yyvsp[(2) - (2)].val)->v, (yyvsp[(2) - (2)].val)->l); + memcpy(yyval.val->v + sizeof(*id_b), yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); } - break; - - case 213: -/* Line 1787 of yacc.c */ -#line 1520 "cfparse.y" - { +break; +case 212: +#line 1520 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_sainfo->id_i = NULL; } - break; - - case 214: -/* Line 1787 of yacc.c */ -#line 1524 "cfparse.y" - { +break; +case 213: +#line 1524 "../../ipsec-tools/src/racoon/cfparse.y" + { struct ipsecdoi_id_b *id_b; vchar_t *idv; - if (set_identifier(&idv, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) { + if (set_identifier(&idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); return -1; } @@ -4007,7 +3299,7 @@ yyreduce: } id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v; - id_b->type = idtype2doi((yyvsp[(2) - (3)].num)); + id_b->type = idtype2doi(yystack.l_mark[-1].num); id_b->proto_id = 0; id_b->port = 0; @@ -4016,14 +3308,12 @@ yyreduce: idv->v, idv->l); vfree(idv); } - break; - - case 215: -/* Line 1787 of yacc.c */ -#line 1549 "cfparse.y" - { +break; +case 214: +#line 1549 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID - if ((cur_sainfo->group = vdup((yyvsp[(2) - (2)].val))) == NULL) { + if ((cur_sainfo->group = vdup(yystack.l_mark[0].val)) == NULL) { yyerror("failed to set sainfo xauth group.\n"); return -1; } @@ -4032,229 +3322,189 @@ yyreduce: return -1; #endif } - break; - - case 218: -/* Line 1787 of yacc.c */ -#line 1567 "cfparse.y" - { - cur_sainfo->pfs_group = (yyvsp[(2) - (2)].num); +break; +case 217: +#line 1567 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->pfs_group = yystack.l_mark[0].num; } - break; - - case 220: -/* Line 1787 of yacc.c */ -#line 1572 "cfparse.y" - { - cur_sainfo->remoteid = (yyvsp[(2) - (2)].num); +break; +case 219: +#line 1572 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->remoteid = yystack.l_mark[0].num; } - break; - - case 222: -/* Line 1787 of yacc.c */ -#line 1577 "cfparse.y" - { - cur_sainfo->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num); +break; +case 221: +#line 1577 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_sainfo->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; } - break; - - case 224: -/* Line 1787 of yacc.c */ -#line 1582 "cfparse.y" - { +break; +case 223: +#line 1582 "../../ipsec-tools/src/racoon/cfparse.y" + { #if 1 yyerror("byte lifetime support is deprecated"); return -1; #else - cur_sainfo->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num)); + cur_sainfo->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_sainfo->lifebyte == 0) return -1; #endif } - break; - - case 226: -/* Line 1787 of yacc.c */ -#line 1593 "cfparse.y" - { - cur_algclass = (yyvsp[(1) - (1)].num); +break; +case 225: +#line 1593 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_algclass = yystack.l_mark[0].num; } - break; - - case 228: -/* Line 1787 of yacc.c */ -#line 1601 "cfparse.y" - { - inssainfoalg(&cur_sainfo->algs[cur_algclass], (yyvsp[(1) - (1)].alg)); +break; +case 227: +#line 1601 "../../ipsec-tools/src/racoon/cfparse.y" + { + inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); } - break; - - case 229: -/* Line 1787 of yacc.c */ -#line 1605 "cfparse.y" - { - inssainfoalg(&cur_sainfo->algs[cur_algclass], (yyvsp[(1) - (1)].alg)); +break; +case 228: +#line 1605 "../../ipsec-tools/src/racoon/cfparse.y" + { + inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); } - break; - - case 231: -/* Line 1787 of yacc.c */ -#line 1612 "cfparse.y" - { +break; +case 230: +#line 1612 "../../ipsec-tools/src/racoon/cfparse.y" + { int defklen; - (yyval.alg) = newsainfoalg(); - if ((yyval.alg) == NULL) { + yyval.alg = newsainfoalg(); + if (yyval.alg == NULL) { yyerror("failed to get algorithm allocation"); return -1; } - (yyval.alg)->alg = algtype2doi(cur_algclass, (yyvsp[(1) - (2)].num)); - if ((yyval.alg)->alg == -1) { + yyval.alg->alg = algtype2doi(cur_algclass, yystack.l_mark[-1].num); + if (yyval.alg->alg == -1) { yyerror("algorithm mismatched"); - racoon_free((yyval.alg)); - (yyval.alg) = NULL; + racoon_free(yyval.alg); + yyval.alg = NULL; return -1; } - defklen = default_keylen(cur_algclass, (yyvsp[(1) - (2)].num)); + defklen = default_keylen(cur_algclass, yystack.l_mark[-1].num); if (defklen == 0) { - if ((yyvsp[(2) - (2)].num)) { + if (yystack.l_mark[0].num) { yyerror("keylen not allowed"); - racoon_free((yyval.alg)); - (yyval.alg) = NULL; + racoon_free(yyval.alg); + yyval.alg = NULL; return -1; } } else { - if ((yyvsp[(2) - (2)].num) && check_keylen(cur_algclass, (yyvsp[(1) - (2)].num), (yyvsp[(2) - (2)].num)) < 0) { - yyerror("invalid keylen %d", (yyvsp[(2) - (2)].num)); - racoon_free((yyval.alg)); - (yyval.alg) = NULL; + if (yystack.l_mark[0].num && check_keylen(cur_algclass, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { + yyerror("invalid keylen %d", yystack.l_mark[0].num); + racoon_free(yyval.alg); + yyval.alg = NULL; return -1; } } - if ((yyvsp[(2) - (2)].num)) - (yyval.alg)->encklen = (yyvsp[(2) - (2)].num); + if (yystack.l_mark[0].num) + yyval.alg->encklen = yystack.l_mark[0].num; else - (yyval.alg)->encklen = defklen; + yyval.alg->encklen = defklen; /* check if it's supported algorithm by kernel */ - if (!(cur_algclass == algclass_ipsec_auth && (yyvsp[(1) - (2)].num) == algtype_non_auth) - && pk_checkalg(cur_algclass, (yyvsp[(1) - (2)].num), (yyval.alg)->encklen)) { + if (!(cur_algclass == algclass_ipsec_auth && yystack.l_mark[-1].num == algtype_non_auth) + && pk_checkalg(cur_algclass, yystack.l_mark[-1].num, yyval.alg->encklen)) { int a = algclass2doi(cur_algclass); - int b = algtype2doi(cur_algclass, (yyvsp[(1) - (2)].num)); + int b = algtype2doi(cur_algclass, yystack.l_mark[-1].num); if (a == IPSECDOI_ATTR_AUTH) a = IPSECDOI_PROTO_IPSEC_AH; yyerror("algorithm %s not supported by the kernel (missing module?)", s_ipsecdoi_trns(a, b)); - racoon_free((yyval.alg)); - (yyval.alg) = NULL; + racoon_free(yyval.alg); + yyval.alg = NULL; return -1; } } - break; - - case 232: -/* Line 1787 of yacc.c */ -#line 1667 "cfparse.y" - { (yyval.num) = ~0; } - break; - - case 233: -/* Line 1787 of yacc.c */ -#line 1668 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 234: -/* Line 1787 of yacc.c */ -#line 1671 "cfparse.y" - { (yyval.num) = IPSEC_PORT_ANY; } - break; - - case 235: -/* Line 1787 of yacc.c */ -#line 1672 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 236: -/* Line 1787 of yacc.c */ -#line 1673 "cfparse.y" - { (yyval.num) = IPSEC_PORT_ANY; } - break; - - case 237: -/* Line 1787 of yacc.c */ -#line 1676 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 238: -/* Line 1787 of yacc.c */ -#line 1677 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 239: -/* Line 1787 of yacc.c */ -#line 1678 "cfparse.y" - { (yyval.num) = IPSEC_ULPROTO_ANY; } - break; - - case 240: -/* Line 1787 of yacc.c */ -#line 1681 "cfparse.y" - { (yyval.num) = 0; } - break; - - case 241: -/* Line 1787 of yacc.c */ -#line 1682 "cfparse.y" - { (yyval.num) = (yyvsp[(1) - (1)].num); } - break; - - case 242: -/* Line 1787 of yacc.c */ -#line 1688 "cfparse.y" - { +break; +case 231: +#line 1667 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = ~0; } +break; +case 232: +#line 1668 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 233: +#line 1671 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = IPSEC_PORT_ANY; } +break; +case 234: +#line 1672 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 235: +#line 1673 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = IPSEC_PORT_ANY; } +break; +case 236: +#line 1676 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 237: +#line 1677 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 238: +#line 1678 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = IPSEC_ULPROTO_ANY; } +break; +case 239: +#line 1681 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = 0; } +break; +case 240: +#line 1682 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = yystack.l_mark[0].num; } +break; +case 241: +#line 1688 "../../ipsec-tools/src/racoon/cfparse.y" + { struct remoteconf *from, *new; - if (getrmconf_by_name((yyvsp[(2) - (4)].val)->v) != NULL) { + if (getrmconf_by_name(yystack.l_mark[-2].val->v) != NULL) { yyerror("named remoteconf \"%s\" already exists."); return -1; } - from = getrmconf_by_name((yyvsp[(4) - (4)].val)->v); + from = getrmconf_by_name(yystack.l_mark[0].val->v); if (from == NULL) { yyerror("named parent remoteconf \"%s\" does not exist.", - (yyvsp[(4) - (4)].val)->v); + yystack.l_mark[0].val->v); return -1; } new = duprmconf_shallow(from); if (new == NULL) { yyerror("failed to duplicate remoteconf from \"%s\".", - (yyvsp[(4) - (4)].val)->v); + yystack.l_mark[0].val->v); return -1; } - new->name = racoon_strdup((yyvsp[(2) - (4)].val)->v); + new->name = racoon_strdup(yystack.l_mark[-2].val->v); cur_rmconf = new; - vfree((yyvsp[(2) - (4)].val)); - vfree((yyvsp[(4) - (4)].val)); + vfree(yystack.l_mark[-2].val); + vfree(yystack.l_mark[0].val); } - break; - - case 244: -/* Line 1787 of yacc.c */ -#line 1718 "cfparse.y" - { +break; +case 243: +#line 1718 "../../ipsec-tools/src/racoon/cfparse.y" + { struct remoteconf *new; - if (getrmconf_by_name((yyvsp[(2) - (2)].val)->v) != NULL) { + if (getrmconf_by_name(yystack.l_mark[0].val->v) != NULL) { yyerror("Named remoteconf \"%s\" already exists."); return -1; } @@ -4264,43 +3514,39 @@ yyreduce: yyerror("failed to get new remoteconf."); return -1; } - new->name = racoon_strdup((yyvsp[(2) - (2)].val)->v); + new->name = racoon_strdup(yystack.l_mark[0].val->v); cur_rmconf = new; - vfree((yyvsp[(2) - (2)].val)); + vfree(yystack.l_mark[0].val); } - break; - - case 246: -/* Line 1787 of yacc.c */ -#line 1738 "cfparse.y" - { +break; +case 245: +#line 1738 "../../ipsec-tools/src/racoon/cfparse.y" + { struct remoteconf *from, *new; - from = getrmconf((yyvsp[(4) - (4)].saddr), GETRMCONF_F_NO_ANONYMOUS); + from = getrmconf(yystack.l_mark[0].saddr, GETRMCONF_F_NO_ANONYMOUS); if (from == NULL) { yyerror("failed to get remoteconf for %s.", - saddr2str((yyvsp[(4) - (4)].saddr))); + saddr2str(yystack.l_mark[0].saddr)); return -1; } new = duprmconf_shallow(from); if (new == NULL) { yyerror("failed to duplicate remoteconf from %s.", - saddr2str((yyvsp[(4) - (4)].saddr))); + saddr2str(yystack.l_mark[0].saddr)); return -1; } - racoon_free((yyvsp[(4) - (4)].saddr)); - new->remote = (yyvsp[(2) - (4)].saddr); + racoon_free(yystack.l_mark[0].saddr); + new->remote = yystack.l_mark[-2].saddr; cur_rmconf = new; } - break; - - case 248: -/* Line 1787 of yacc.c */ -#line 1761 "cfparse.y" - { +break; +case 247: +#line 1761 "../../ipsec-tools/src/racoon/cfparse.y" + { struct remoteconf *new; new = newrmconf(); @@ -4309,130 +3555,108 @@ yyreduce: return -1; } - new->remote = (yyvsp[(2) - (2)].saddr); + new->remote = yystack.l_mark[0].saddr; cur_rmconf = new; } - break; - - case 251: -/* Line 1787 of yacc.c */ -#line 1779 "cfparse.y" - { +break; +case 250: +#line 1779 "../../ipsec-tools/src/racoon/cfparse.y" + { if (process_rmconf() != 0) return -1; } - break; - - case 252: -/* Line 1787 of yacc.c */ -#line 1787 "cfparse.y" - { +break; +case 251: +#line 1787 "../../ipsec-tools/src/racoon/cfparse.y" + { if (process_rmconf() != 0) return -1; } - break; - - case 253: -/* Line 1787 of yacc.c */ -#line 1794 "cfparse.y" - { - (yyval.saddr) = newsaddr(sizeof(struct sockaddr)); - (yyval.saddr)->sa_family = AF_UNSPEC; - ((struct sockaddr_in *)(yyval.saddr))->sin_port = htons((yyvsp[(2) - (2)].num)); +break; +case 252: +#line 1794 "../../ipsec-tools/src/racoon/cfparse.y" + { + yyval.saddr = newsaddr(sizeof(struct sockaddr)); + yyval.saddr->sa_family = AF_UNSPEC; + ((struct sockaddr_in *)yyval.saddr)->sin_port = htons(yystack.l_mark[0].num); } - break; - - case 254: -/* Line 1787 of yacc.c */ -#line 1800 "cfparse.y" - { - (yyval.saddr) = (yyvsp[(1) - (1)].saddr); - if ((yyval.saddr) == NULL) { +break; +case 253: +#line 1800 "../../ipsec-tools/src/racoon/cfparse.y" + { + yyval.saddr = yystack.l_mark[0].saddr; + if (yyval.saddr == NULL) { yyerror("failed to allocate sockaddr"); return -1; } } - break; - - case 257: -/* Line 1787 of yacc.c */ -#line 1814 "cfparse.y" - { +break; +case 256: +#line 1814 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->remote != NULL) { yyerror("remote_address already specified"); return -1; } - cur_rmconf->remote = (yyvsp[(2) - (2)].saddr); + cur_rmconf->remote = yystack.l_mark[0].saddr; } - break; - - case 259: -/* Line 1787 of yacc.c */ -#line 1823 "cfparse.y" - { +break; +case 258: +#line 1823 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->etypes = NULL; } - break; - - case 261: -/* Line 1787 of yacc.c */ -#line 1827 "cfparse.y" - { cur_rmconf->doitype = (yyvsp[(2) - (2)].num); } - break; - - case 263: -/* Line 1787 of yacc.c */ -#line 1828 "cfparse.y" - { cur_rmconf->sittype = (yyvsp[(2) - (2)].num); } - break; - - case 266: -/* Line 1787 of yacc.c */ -#line 1831 "cfparse.y" - { +break; +case 260: +#line 1827 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->doitype = yystack.l_mark[0].num; } +break; +case 262: +#line 1828 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->sittype = yystack.l_mark[0].num; } +break; +case 265: +#line 1831 "../../ipsec-tools/src/racoon/cfparse.y" + { yywarn("This directive without certtype will be removed!\n"); - yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", (yyvsp[(2) - (2)].val)->v); + yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", yystack.l_mark[0].val->v); if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } - if (load_x509((yyvsp[(2) - (2)].val)->v, &cur_rmconf->peerscertfile, + if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, &cur_rmconf->peerscert)) { yyerror("failed to load certificate \"%s\"\n", - (yyvsp[(2) - (2)].val)->v); + yystack.l_mark[0].val->v); return -1; } - vfree((yyvsp[(2) - (2)].val)); + vfree(yystack.l_mark[0].val); } - break; - - case 268: -/* Line 1787 of yacc.c */ -#line 1851 "cfparse.y" - { +break; +case 267: +#line 1851 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; } - if (load_x509((yyvsp[(3) - (3)].val)->v, &cur_rmconf->peerscertfile, + if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, &cur_rmconf->peerscert)) { yyerror("failed to load certificate \"%s\"\n", - (yyvsp[(3) - (3)].val)->v); + yystack.l_mark[0].val->v); return -1; } - vfree((yyvsp[(3) - (3)].val)); + vfree(yystack.l_mark[0].val); } - break; - - case 270: -/* Line 1787 of yacc.c */ -#line 1868 "cfparse.y" - { +break; +case 269: +#line 1868 "../../ipsec-tools/src/racoon/cfparse.y" + { char path[MAXPATHLEN]; int ret = 0; @@ -4449,7 +3673,7 @@ yyreduce: cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA; getpathname(path, sizeof(path), - LC_PATHTYPE_CERT, (yyvsp[(3) - (3)].val)->v); + LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); if (rsa_parse_file(cur_rmconf->rsa_public, path, RSA_TYPE_PUBLIC)) { yyerror("Couldn't parse keyfile.\n", path); @@ -4458,14 +3682,12 @@ yyreduce: plog(LLV_DEBUG, LOCATION, NULL, "Public PlainRSA keyfile parsed: %s\n", path); - vfree((yyvsp[(3) - (3)].val)); + vfree(yystack.l_mark[0].val); } - break; - - case 272: -/* Line 1787 of yacc.c */ -#line 1898 "cfparse.y" - { +break; +case 271: +#line 1898 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->peerscert != NULL) { yyerror("peers_certfile already defined\n"); return -1; @@ -4477,87 +3699,71 @@ yyreduce: } cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS; } - break; - - case 274: -/* Line 1787 of yacc.c */ -#line 1912 "cfparse.y" - { +break; +case 273: +#line 1912 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->cacert != NULL) { yyerror("ca_type already defined\n"); return -1; } - if (load_x509((yyvsp[(3) - (3)].val)->v, &cur_rmconf->cacertfile, + if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->cacertfile, &cur_rmconf->cacert)) { yyerror("failed to load certificate \"%s\"\n", - (yyvsp[(3) - (3)].val)->v); + yystack.l_mark[0].val->v); return -1; } - vfree((yyvsp[(3) - (3)].val)); - } - break; - - case 276: -/* Line 1787 of yacc.c */ -#line 1928 "cfparse.y" - { cur_rmconf->verify_cert = (yyvsp[(2) - (2)].num); } - break; - - case 278: -/* Line 1787 of yacc.c */ -#line 1929 "cfparse.y" - { cur_rmconf->send_cert = (yyvsp[(2) - (2)].num); } - break; - - case 280: -/* Line 1787 of yacc.c */ -#line 1930 "cfparse.y" - { cur_rmconf->send_cr = (yyvsp[(2) - (2)].num); } - break; - - case 282: -/* Line 1787 of yacc.c */ -#line 1931 "cfparse.y" - { cur_rmconf->match_empty_cr = (yyvsp[(2) - (2)].num); } - break; - - case 284: -/* Line 1787 of yacc.c */ -#line 1933 "cfparse.y" - { - if (set_identifier(&cur_rmconf->idv, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) { + vfree(yystack.l_mark[0].val); + } +break; +case 275: +#line 1928 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->verify_cert = yystack.l_mark[0].num; } +break; +case 277: +#line 1929 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->send_cert = yystack.l_mark[0].num; } +break; +case 279: +#line 1930 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->send_cr = yystack.l_mark[0].num; } +break; +case 281: +#line 1931 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->match_empty_cr = yystack.l_mark[0].num; } +break; +case 283: +#line 1933 "../../ipsec-tools/src/racoon/cfparse.y" + { + if (set_identifier(&cur_rmconf->idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); return -1; } - cur_rmconf->idvtype = (yyvsp[(2) - (3)].num); + cur_rmconf->idvtype = yystack.l_mark[-1].num; } - break; - - case 286: -/* Line 1787 of yacc.c */ -#line 1942 "cfparse.y" - { - if (set_identifier_qual(&cur_rmconf->idv, (yyvsp[(2) - (4)].num), (yyvsp[(4) - (4)].val), (yyvsp[(3) - (4)].num)) != 0) { +break; +case 285: +#line 1942 "../../ipsec-tools/src/racoon/cfparse.y" + { + if (set_identifier_qual(&cur_rmconf->idv, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { yyerror("failed to set identifer.\n"); return -1; } - cur_rmconf->idvtype = (yyvsp[(2) - (4)].num); + cur_rmconf->idvtype = yystack.l_mark[-2].num; } - break; - - case 288: -/* Line 1787 of yacc.c */ -#line 1951 "cfparse.y" - { +break; +case 287: +#line 1951 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_HYBRID /* formerly identifier type login */ if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) { yyerror("failed to allocate xauth state\n"); return -1; } - if ((cur_rmconf->xauth->login = vdup((yyvsp[(2) - (2)].val))) == NULL) { + if ((cur_rmconf->xauth->login = vdup(yystack.l_mark[0].val)) == NULL) { yyerror("failed to set identifer.\n"); return -1; } @@ -4565,195 +3771,155 @@ yyreduce: yyerror("racoon not configured with --enable-hybrid"); #endif } - break; - - case 290: -/* Line 1787 of yacc.c */ -#line 1968 "cfparse.y" - { +break; +case 289: +#line 1968 "../../ipsec-tools/src/racoon/cfparse.y" + { struct idspec *id; id = newidspec(); if (id == NULL) { yyerror("failed to allocate idspec"); return -1; } - if (set_identifier(&id->id, (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].val)) != 0) { + if (set_identifier(&id->id, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { yyerror("failed to set identifer.\n"); racoon_free(id); return -1; } - id->idtype = (yyvsp[(2) - (3)].num); + id->idtype = yystack.l_mark[-1].num; genlist_append (cur_rmconf->idvl_p, id); } - break; - - case 292: -/* Line 1787 of yacc.c */ -#line 1985 "cfparse.y" - { +break; +case 291: +#line 1985 "../../ipsec-tools/src/racoon/cfparse.y" + { struct idspec *id; id = newidspec(); if (id == NULL) { yyerror("failed to allocate idspec"); return -1; } - if (set_identifier_qual(&id->id, (yyvsp[(2) - (4)].num), (yyvsp[(4) - (4)].val), (yyvsp[(3) - (4)].num)) != 0) { + if (set_identifier_qual(&id->id, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { yyerror("failed to set identifer.\n"); racoon_free(id); return -1; } - id->idtype = (yyvsp[(2) - (4)].num); + id->idtype = yystack.l_mark[-2].num; genlist_append (cur_rmconf->idvl_p, id); } - break; - - case 294: -/* Line 1787 of yacc.c */ -#line 2001 "cfparse.y" - { cur_rmconf->verify_identifier = (yyvsp[(2) - (2)].num); } - break; - - case 296: -/* Line 1787 of yacc.c */ -#line 2002 "cfparse.y" - { cur_rmconf->nonce_size = (yyvsp[(2) - (2)].num); } - break; - - case 298: -/* Line 1787 of yacc.c */ -#line 2004 "cfparse.y" - { +break; +case 293: +#line 2001 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->verify_identifier = yystack.l_mark[0].num; } +break; +case 295: +#line 2002 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->nonce_size = yystack.l_mark[0].num; } +break; +case 297: +#line 2004 "../../ipsec-tools/src/racoon/cfparse.y" + { yyerror("dh_group cannot be defined here."); return -1; } - break; - - case 300: -/* Line 1787 of yacc.c */ -#line 2009 "cfparse.y" - { cur_rmconf->passive = (yyvsp[(2) - (2)].num); } - break; - - case 302: -/* Line 1787 of yacc.c */ -#line 2010 "cfparse.y" - { cur_rmconf->ike_frag = (yyvsp[(2) - (2)].num); } - break; - - case 304: -/* Line 1787 of yacc.c */ -#line 2011 "cfparse.y" - { cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; } - break; - - case 306: -/* Line 1787 of yacc.c */ -#line 2012 "cfparse.y" - { +break; +case 299: +#line 2009 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->passive = yystack.l_mark[0].num; } +break; +case 301: +#line 2010 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->ike_frag = yystack.l_mark[0].num; } +break; +case 303: +#line 2011 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; } +break; +case 305: +#line 2012 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef SADB_X_EXT_NAT_T_FRAG if (libipsec_opt & LIBIPSEC_OPT_FRAG) - cur_rmconf->esp_frag = (yyvsp[(2) - (2)].num); + cur_rmconf->esp_frag = yystack.l_mark[0].num; else yywarn("libipsec lacks IKE frag support"); #else yywarn("Your kernel does not support esp_frag"); #endif } - break; - - case 308: -/* Line 1787 of yacc.c */ -#line 2022 "cfparse.y" - { +break; +case 307: +#line 2022 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]); cur_rmconf->script[SCRIPT_PHASE1_UP] = - script_path_add(vdup((yyvsp[(2) - (3)].val))); + script_path_add(vdup(yystack.l_mark[-1].val)); } - break; - - case 310: -/* Line 1787 of yacc.c */ -#line 2029 "cfparse.y" - { +break; +case 309: +#line 2029 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]); cur_rmconf->script[SCRIPT_PHASE1_DOWN] = - script_path_add(vdup((yyvsp[(2) - (3)].val))); + script_path_add(vdup(yystack.l_mark[-1].val)); } - break; - - case 312: -/* Line 1787 of yacc.c */ -#line 2036 "cfparse.y" - { +break; +case 311: +#line 2036 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL) vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]); cur_rmconf->script[SCRIPT_PHASE1_DEAD] = - script_path_add(vdup((yyvsp[(2) - (3)].val))); - } - break; - - case 314: -/* Line 1787 of yacc.c */ -#line 2043 "cfparse.y" - { cur_rmconf->mode_cfg = (yyvsp[(2) - (2)].num); } - break; - - case 316: -/* Line 1787 of yacc.c */ -#line 2044 "cfparse.y" - { - cur_rmconf->weak_phase1_check = (yyvsp[(2) - (2)].num); - } - break; - - case 318: -/* Line 1787 of yacc.c */ -#line 2047 "cfparse.y" - { cur_rmconf->gen_policy = (yyvsp[(2) - (2)].num); } - break; - - case 320: -/* Line 1787 of yacc.c */ -#line 2048 "cfparse.y" - { cur_rmconf->gen_policy = (yyvsp[(2) - (2)].num); } - break; - - case 322: -/* Line 1787 of yacc.c */ -#line 2049 "cfparse.y" - { cur_rmconf->support_proxy = (yyvsp[(2) - (2)].num); } - break; - - case 324: -/* Line 1787 of yacc.c */ -#line 2050 "cfparse.y" - { cur_rmconf->ini_contact = (yyvsp[(2) - (2)].num); } - break; - - case 326: -/* Line 1787 of yacc.c */ -#line 2052 "cfparse.y" - { + script_path_add(vdup(yystack.l_mark[-1].val)); + } +break; +case 313: +#line 2043 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->mode_cfg = yystack.l_mark[0].num; } +break; +case 315: +#line 2044 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_rmconf->weak_phase1_check = yystack.l_mark[0].num; + } +break; +case 317: +#line 2047 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->gen_policy = yystack.l_mark[0].num; } +break; +case 319: +#line 2048 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->gen_policy = yystack.l_mark[0].num; } +break; +case 321: +#line 2049 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->support_proxy = yystack.l_mark[0].num; } +break; +case 323: +#line 2050 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->ini_contact = yystack.l_mark[0].num; } +break; +case 325: +#line 2052 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) - cur_rmconf->nat_traversal = (yyvsp[(2) - (2)].num); + cur_rmconf->nat_traversal = yystack.l_mark[0].num; else yyerror("libipsec lacks NAT-T support"); #else yyerror("NAT-T support not compiled in."); #endif } - break; - - case 328: -/* Line 1787 of yacc.c */ -#line 2063 "cfparse.y" - { +break; +case 327: +#line 2063 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_NATT if (libipsec_opt & LIBIPSEC_OPT_NATT) cur_rmconf->nat_traversal = NATT_FORCE; @@ -4763,111 +3929,89 @@ yyreduce: yyerror("NAT-T support not compiled in."); #endif } - break; - - case 330: -/* Line 1787 of yacc.c */ -#line 2074 "cfparse.y" - { +break; +case 329: +#line 2074 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_DPD - cur_rmconf->dpd = (yyvsp[(2) - (2)].num); + cur_rmconf->dpd = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } - break; - - case 332: -/* Line 1787 of yacc.c */ -#line 2082 "cfparse.y" - { +break; +case 331: +#line 2082 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_DPD - cur_rmconf->dpd_interval = (yyvsp[(2) - (2)].num); + cur_rmconf->dpd_interval = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } - break; - - case 334: -/* Line 1787 of yacc.c */ -#line 2091 "cfparse.y" - { +break; +case 333: +#line 2091 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_DPD - cur_rmconf->dpd_retry = (yyvsp[(2) - (2)].num); + cur_rmconf->dpd_retry = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } - break; - - case 336: -/* Line 1787 of yacc.c */ -#line 2100 "cfparse.y" - { +break; +case 335: +#line 2100 "../../ipsec-tools/src/racoon/cfparse.y" + { #ifdef ENABLE_DPD - cur_rmconf->dpd_maxfails = (yyvsp[(2) - (2)].num); + cur_rmconf->dpd_maxfails = yystack.l_mark[0].num; #else yyerror("DPD support not compiled in."); #endif } - break; - - case 338: -/* Line 1787 of yacc.c */ -#line 2108 "cfparse.y" - { cur_rmconf->rekey = (yyvsp[(2) - (2)].num); } - break; - - case 340: -/* Line 1787 of yacc.c */ -#line 2109 "cfparse.y" - { cur_rmconf->rekey = REKEY_FORCE; } - break; - - case 342: -/* Line 1787 of yacc.c */ -#line 2111 "cfparse.y" - { - cur_rmconf->ph1id = (yyvsp[(2) - (2)].num); - } - break; - - case 344: -/* Line 1787 of yacc.c */ -#line 2116 "cfparse.y" - { - cur_rmconf->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num); +break; +case 337: +#line 2108 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->rekey = yystack.l_mark[0].num; } +break; +case 339: +#line 2109 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->rekey = REKEY_FORCE; } +break; +case 341: +#line 2111 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_rmconf->ph1id = yystack.l_mark[0].num; } - break; - - case 346: -/* Line 1787 of yacc.c */ -#line 2120 "cfparse.y" - { cur_rmconf->pcheck_level = (yyvsp[(2) - (2)].num); } - break; - - case 348: -/* Line 1787 of yacc.c */ -#line 2122 "cfparse.y" - { +break; +case 343: +#line 2116 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_rmconf->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; + } +break; +case 345: +#line 2120 "../../ipsec-tools/src/racoon/cfparse.y" + { cur_rmconf->pcheck_level = yystack.l_mark[0].num; } +break; +case 347: +#line 2122 "../../ipsec-tools/src/racoon/cfparse.y" + { #if 1 yyerror("byte lifetime support is deprecated in Phase1"); return -1; #else yywarn("the lifetime of bytes in phase 1 " "will be ignored at the moment."); - cur_rmconf->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num)); + cur_rmconf->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_rmconf->lifebyte == 0) return -1; #endif } - break; - - case 350: -/* Line 1787 of yacc.c */ -#line 2136 "cfparse.y" - { +break; +case 349: +#line 2136 "../../ipsec-tools/src/racoon/cfparse.y" + { struct secprotospec *spspec; spspec = newspspec(); @@ -4875,19 +4019,17 @@ yyreduce: return -1; insspspec(cur_rmconf, spspec); } - break; - - case 353: -/* Line 1787 of yacc.c */ -#line 2149 "cfparse.y" - { +break; +case 352: +#line 2149 "../../ipsec-tools/src/racoon/cfparse.y" + { struct etypes *new; new = racoon_malloc(sizeof(struct etypes)); if (new == NULL) { yyerror("failed to allocate etypes"); return -1; } - new->type = (yyvsp[(2) - (2)].num); + new->type = yystack.l_mark[0].num; new->next = NULL; if (cur_rmconf->etypes == NULL) cur_rmconf->etypes = new; @@ -4900,36 +4042,32 @@ yyreduce: p->next = new; } } - break; - - case 354: -/* Line 1787 of yacc.c */ -#line 2172 "cfparse.y" - { +break; +case 353: +#line 2172 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->mycert != NULL) { yyerror("certificate_type already defined\n"); return -1; } - if (load_x509((yyvsp[(2) - (3)].val)->v, &cur_rmconf->mycertfile, + if (load_x509(yystack.l_mark[-1].val->v, &cur_rmconf->mycertfile, &cur_rmconf->mycert)) { yyerror("failed to load certificate \"%s\"\n", - (yyvsp[(2) - (3)].val)->v); + yystack.l_mark[-1].val->v); return -1; } - cur_rmconf->myprivfile = racoon_strdup((yyvsp[(3) - (3)].val)->v); + cur_rmconf->myprivfile = racoon_strdup(yystack.l_mark[0].val->v); STRDUP_FATAL(cur_rmconf->myprivfile); - vfree((yyvsp[(2) - (3)].val)); - vfree((yyvsp[(3) - (3)].val)); + vfree(yystack.l_mark[-1].val); + vfree(yystack.l_mark[0].val); } - break; - - case 356: -/* Line 1787 of yacc.c */ -#line 2193 "cfparse.y" - { +break; +case 355: +#line 2193 "../../ipsec-tools/src/racoon/cfparse.y" + { char path[MAXPATHLEN]; int ret = 0; @@ -4946,7 +4084,7 @@ yyreduce: cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA; getpathname(path, sizeof(path), - LC_PATHTYPE_CERT, (yyvsp[(2) - (2)].val)->v); + LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); cur_rmconf->send_cr = FALSE; cur_rmconf->send_cert = FALSE; cur_rmconf->verify_cert = FALSE; @@ -4957,89 +4095,71 @@ yyreduce: } plog(LLV_DEBUG, LOCATION, NULL, "Private PlainRSA keyfile parsed: %s\n", path); - vfree((yyvsp[(2) - (2)].val)); + vfree(yystack.l_mark[0].val); } - break; - - case 358: -/* Line 1787 of yacc.c */ -#line 2227 "cfparse.y" - { - (yyval.num) = algtype2doi(algclass_isakmp_dh, (yyvsp[(1) - (1)].num)); - if ((yyval.num) == -1) { +break; +case 357: +#line 2227 "../../ipsec-tools/src/racoon/cfparse.y" + { + yyval.num = algtype2doi(algclass_isakmp_dh, yystack.l_mark[0].num); + if (yyval.num == -1) { yyerror("must be DH group"); return -1; } } - break; - - case 359: -/* Line 1787 of yacc.c */ -#line 2235 "cfparse.y" - { - if (ARRAYLEN(num2dhgroup) > (yyvsp[(1) - (1)].num) && num2dhgroup[(yyvsp[(1) - (1)].num)] != 0) { - (yyval.num) = num2dhgroup[(yyvsp[(1) - (1)].num)]; +break; +case 358: +#line 2235 "../../ipsec-tools/src/racoon/cfparse.y" + { + if (ARRAYLEN(num2dhgroup) > yystack.l_mark[0].num && num2dhgroup[yystack.l_mark[0].num] != 0) { + yyval.num = num2dhgroup[yystack.l_mark[0].num]; } else { yyerror("must be DH group"); - (yyval.num) = 0; + yyval.num = 0; return -1; } } - break; - - case 360: -/* Line 1787 of yacc.c */ -#line 2246 "cfparse.y" - { (yyval.val) = NULL; } - break; - - case 361: -/* Line 1787 of yacc.c */ -#line 2247 "cfparse.y" - { (yyval.val) = (yyvsp[(1) - (1)].val); } - break; - - case 362: -/* Line 1787 of yacc.c */ -#line 2248 "cfparse.y" - { (yyval.val) = (yyvsp[(1) - (1)].val); } - break; - - case 365: -/* Line 1787 of yacc.c */ -#line 2256 "cfparse.y" - { - cur_rmconf->spspec->lifetime = (yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num); +break; +case 359: +#line 2246 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.val = NULL; } +break; +case 360: +#line 2247 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.val = yystack.l_mark[0].val; } +break; +case 361: +#line 2248 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.val = yystack.l_mark[0].val; } +break; +case 364: +#line 2256 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_rmconf->spspec->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; } - break; - - case 367: -/* Line 1787 of yacc.c */ -#line 2261 "cfparse.y" - { +break; +case 366: +#line 2261 "../../ipsec-tools/src/racoon/cfparse.y" + { #if 1 yyerror("byte lifetime support is deprecated"); return -1; #else - cur_rmconf->spspec->lifebyte = fix_lifebyte((yyvsp[(3) - (4)].num) * (yyvsp[(4) - (4)].num)); + cur_rmconf->spspec->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); if (cur_rmconf->spspec->lifebyte == 0) return -1; #endif } - break; - - case 369: -/* Line 1787 of yacc.c */ -#line 2273 "cfparse.y" - { - cur_rmconf->spspec->algclass[algclass_isakmp_dh] = (yyvsp[(2) - (2)].num); +break; +case 368: +#line 2273 "../../ipsec-tools/src/racoon/cfparse.y" + { + cur_rmconf->spspec->algclass[algclass_isakmp_dh] = yystack.l_mark[0].num; } - break; - - case 371: -/* Line 1787 of yacc.c */ -#line 2278 "cfparse.y" - { +break; +case 370: +#line 2278 "../../ipsec-tools/src/racoon/cfparse.y" + { if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) { yyerror("wrong Vendor ID for gssapi_id"); return -1; @@ -5047,36 +4167,34 @@ yyreduce: if (cur_rmconf->spspec->gssid != NULL) racoon_free(cur_rmconf->spspec->gssid); cur_rmconf->spspec->gssid = - racoon_strdup((yyvsp[(2) - (2)].val)->v); + racoon_strdup(yystack.l_mark[0].val->v); STRDUP_FATAL(cur_rmconf->spspec->gssid); } - break; - - case 373: -/* Line 1787 of yacc.c */ -#line 2291 "cfparse.y" - { +break; +case 372: +#line 2291 "../../ipsec-tools/src/racoon/cfparse.y" + { int doi; int defklen; - doi = algtype2doi((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num)); + doi = algtype2doi(yystack.l_mark[-2].num, yystack.l_mark[-1].num); if (doi == -1) { yyerror("algorithm mismatched 1"); return -1; } - switch ((yyvsp[(1) - (3)].num)) { + switch (yystack.l_mark[-2].num) { case algclass_isakmp_enc: /* reject suppressed algorithms */ #ifndef HAVE_OPENSSL_RC5_H - if ((yyvsp[(2) - (3)].num) == algtype_rc5) { + if (yystack.l_mark[-1].num == algtype_rc5) { yyerror("algorithm %s not supported", s_attr_isakmp_enc(doi)); return -1; } #endif #ifndef HAVE_OPENSSL_IDEA_H - if ((yyvsp[(2) - (3)].num) == algtype_idea) { + if (yystack.l_mark[-1].num == algtype_idea) { yyerror("algorithm %s not supported", s_attr_isakmp_enc(doi)); return -1; @@ -5084,20 +4202,20 @@ yyreduce: #endif cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi; - defklen = default_keylen((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num)); + defklen = default_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num); if (defklen == 0) { - if ((yyvsp[(3) - (3)].num)) { + if (yystack.l_mark[0].num) { yyerror("keylen not allowed"); return -1; } } else { - if ((yyvsp[(3) - (3)].num) && check_keylen((yyvsp[(1) - (3)].num), (yyvsp[(2) - (3)].num), (yyvsp[(3) - (3)].num)) < 0) { - yyerror("invalid keylen %d", (yyvsp[(3) - (3)].num)); + if (yystack.l_mark[0].num && check_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { + yyerror("invalid keylen %d", yystack.l_mark[0].num); return -1; } } - if ((yyvsp[(3) - (3)].num)) - cur_rmconf->spspec->encklen = (yyvsp[(3) - (3)].num); + if (yystack.l_mark[0].num) + cur_rmconf->spspec->encklen = yystack.l_mark[0].num; else cur_rmconf->spspec->encklen = defklen; break; @@ -5110,7 +4228,7 @@ yyreduce: * We may have to set the Vendor ID for the * authentication method we're using. */ - switch ((yyvsp[(2) - (3)].num)) { + switch (yystack.l_mark[-1].num) { case algtype_gssapikrb: if (cur_rmconf->spspec->vendorid != VENDORID_UNKNOWN) { @@ -5148,724 +4266,90 @@ yyreduce: return -1; } } - break; - - case 375: -/* Line 1787 of yacc.c */ -#line 2388 "cfparse.y" - { (yyval.num) = 1; } - break; - - case 376: -/* Line 1787 of yacc.c */ -#line 2389 "cfparse.y" - { (yyval.num) = 60; } - break; - - case 377: -/* Line 1787 of yacc.c */ -#line 2390 "cfparse.y" - { (yyval.num) = (60 * 60); } - break; - - case 378: -/* Line 1787 of yacc.c */ -#line 2393 "cfparse.y" - { (yyval.num) = 1; } - break; - - case 379: -/* Line 1787 of yacc.c */ -#line 2394 "cfparse.y" - { (yyval.num) = 1024; } - break; - - case 380: -/* Line 1787 of yacc.c */ -#line 2395 "cfparse.y" - { (yyval.num) = (1024 * 1024); } - break; - - case 381: -/* Line 1787 of yacc.c */ -#line 2396 "cfparse.y" - { (yyval.num) = (1024 * 1024 * 1024); } - break; - - -/* Line 1787 of yacc.c */ -#line 5198 "cfparse.c" - default: break; - } - /* User semantic actions sometimes alter yychar, and that requires - that yytoken be updated with the new translation. We take the - approach of translating immediately before every use of yytoken. - One alternative is translating here after every semantic action, - but that translation would be missed if the semantic action invokes - YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or - if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an - incorrect destructor might then be invoked immediately. In the - case of YYERROR or YYBACKUP, subsequent parser actions might lead - to an incorrect destructor call or verbose syntax error message - before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - - *++yyvsp = yyval; - - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; - - goto yynewstate; - - -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ -yyerrlab: - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); - - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { - ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); -#else -# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ - yyssp, yytoken) - { - char const *yymsgp = YY_("syntax error"); - int yysyntax_error_status; - yysyntax_error_status = YYSYNTAX_ERROR; - if (yysyntax_error_status == 0) - yymsgp = yymsg; - else if (yysyntax_error_status == 1) - { - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); - if (!yymsg) - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - yysyntax_error_status = 2; - } - else - { - yysyntax_error_status = YYSYNTAX_ERROR; - yymsgp = yymsg; - } - } - yyerror (yymsgp); - if (yysyntax_error_status == 2) - goto yyexhaustedlab; - } -# undef YYSYNTAX_ERROR -#endif - } - - - - if (yyerrstatus == 3) - { - /* If just tried and failed to reuse lookahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } - else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } - } - - /* Else will try to reuse lookahead token after shifting the error - token. */ - goto yyerrlab1; - - -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: - - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered - this YYERROR. */ - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - yystate = *yyssp; - goto yyerrlab1; - - -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ - - for (;;) - { - yyn = yypact[yystate]; - if (!yypact_value_is_default (yyn)) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } - - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; - - - yydestruct ("Error: popping", - yystos[yystate], yyvsp); - YYPOPSTACK (1); - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); - } - - *++yyvsp = yylval; - - - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); - - yystate = yyn; - goto yynewstate; - - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturn; - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yyresult = 1; - goto yyreturn; - -#if !defined yyoverflow || YYERROR_VERBOSE -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); - yyresult = 2; - /* Fall through. */ -#endif - -yyreturn: - if (yychar != YYEMPTY) - { - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = YYTRANSLATE (yychar); - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); +break; +case 374: +#line 2388 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = 1; } +break; +case 375: +#line 2389 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = 60; } +break; +case 376: +#line 2390 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = (60 * 60); } +break; +case 377: +#line 2393 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = 1; } +break; +case 378: +#line 2394 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = 1024; } +break; +case 379: +#line 2395 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = (1024 * 1024); } +break; +case 380: +#line 2396 "../../ipsec-tools/src/racoon/cfparse.y" + { yyval.num = (1024 * 1024 * 1024); } +break; +#line 4299 "racoonyy.tab.c" } - /* Do not reclaim the symbols of the rule which action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); - YY_STACK_PRINT (yyss, yyssp); - while (yyssp != yyss) + yystack.s_mark -= yym; + yystate = *yystack.s_mark; + yystack.l_mark -= yym; + yym = yylhs[yyn]; + if (yystate == 0 && yym == 0) { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK (1); - } -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); +#if YYDEBUG + if (yydebug) + printf("%sdebug: after reduction, shifting from state 0 to\ + state %d\n", YYPREFIX, YYFINAL); #endif -#if YYERROR_VERBOSE - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); + yystate = YYFINAL; + *++yystack.s_mark = YYFINAL; + *++yystack.l_mark = yyval; + if (yychar < 0) + { + yychar = YYLEX; + if (yychar < 0) yychar = YYEOF; +#if YYDEBUG + if (yydebug) + { + if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; + printf("%sdebug: state %d, reading %d (%s)\n", + YYPREFIX, YYFINAL, yychar, yys); + } #endif - /* Make sure YYID is used. */ - return YYID (yyresult); -} - - -/* Line 2048 of yacc.c */ -#line 2398 "cfparse.y" - - -static struct secprotospec * -newspspec() -{ - struct secprotospec *new; - - new = racoon_calloc(1, sizeof(*new)); - if (new == NULL) { - yyerror("failed to allocate spproto"); - return NULL; - } - - new->encklen = 0; /*XXX*/ - - /* - * Default to "uknown" vendor -- we will override this - * as necessary. When we send a Vendor ID payload, an - * "unknown" will be translated to a KAME/racoon ID. - */ - new->vendorid = VENDORID_UNKNOWN; - - return new; -} - -/* - * insert into head of list. - */ -static void -insspspec(rmconf, spspec) - struct remoteconf *rmconf; - struct secprotospec *spspec; -{ - if (rmconf->spspec != NULL) - rmconf->spspec->prev = spspec; - spspec->next = rmconf->spspec; - rmconf->spspec = spspec; -} - -static struct secprotospec * -dupspspec(spspec) - struct secprotospec *spspec; -{ - struct secprotospec *new; - - new = newspspec(); - if (new == NULL) { - plog(LLV_ERROR, LOCATION, NULL, - "dupspspec: malloc failed\n"); - return NULL; - } - memcpy(new, spspec, sizeof(*new)); - - if (spspec->gssid) { - new->gssid = racoon_strdup(spspec->gssid); - STRDUP_FATAL(new->gssid); - } - if (spspec->remote) { - new->remote = racoon_malloc(sizeof(*new->remote)); - if (new->remote == NULL) { - plog(LLV_ERROR, LOCATION, NULL, - "dupspspec: malloc failed (remote)\n"); - return NULL; - } - memcpy(new->remote, spspec->remote, sizeof(*new->remote)); - } - - return new; -} - -/* - * copy the whole list - */ -void -dupspspec_list(dst, src) - struct remoteconf *dst, *src; -{ - struct secprotospec *p, *new, *last; - - for(p = src->spspec, last = NULL; p; p = p->next, last = new) { - new = dupspspec(p); - if (new == NULL) - exit(1); - - new->prev = last; - new->next = NULL; /* not necessary but clean */ - - if (last) - last->next = new; - else /* first element */ - dst->spspec = new; - - } -} - -/* - * delete the whole list - */ -void -flushspspec(rmconf) - struct remoteconf *rmconf; -{ - struct secprotospec *p; - - while(rmconf->spspec != NULL) { - p = rmconf->spspec; - rmconf->spspec = p->next; - if (p->next != NULL) - p->next->prev = NULL; /* not necessary but clean */ - - if (p->gssid) - racoon_free(p->gssid); - if (p->remote) - racoon_free(p->remote); - racoon_free(p); - } - rmconf->spspec = NULL; -} - -/* set final acceptable proposal */ -static int -set_isakmp_proposal(rmconf) - struct remoteconf *rmconf; -{ - struct secprotospec *s; - int prop_no = 1; - int trns_no = 1; - int32_t types[MAXALGCLASS]; - - /* mandatory check */ - if (rmconf->spspec == NULL) { - yyerror("no remote specification found: %s.\n", - saddr2str(rmconf->remote)); - return -1; - } - for (s = rmconf->spspec; s != NULL; s = s->next) { - /* XXX need more to check */ - if (s->algclass[algclass_isakmp_enc] == 0) { - yyerror("encryption algorithm required."); - return -1; - } - if (s->algclass[algclass_isakmp_hash] == 0) { - yyerror("hash algorithm required."); - return -1; - } - if (s->algclass[algclass_isakmp_dh] == 0) { - yyerror("DH group required."); - return -1; - } - if (s->algclass[algclass_isakmp_ameth] == 0) { - yyerror("authentication method required."); - return -1; - } - } - - /* skip to last part */ - for (s = rmconf->spspec; s->next != NULL; s = s->next) - ; - - while (s != NULL) { - plog(LLV_DEBUG2, LOCATION, NULL, - "lifetime = %ld\n", (long) - (s->lifetime ? s->lifetime : rmconf->lifetime)); - plog(LLV_DEBUG2, LOCATION, NULL, - "lifebyte = %d\n", - s->lifebyte ? s->lifebyte : rmconf->lifebyte); - plog(LLV_DEBUG2, LOCATION, NULL, - "encklen=%d\n", s->encklen); - - memset(types, 0, ARRAYLEN(types)); - types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; - types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; - types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; - types[algclass_isakmp_ameth] = - s->algclass[algclass_isakmp_ameth]; - - /* expanding spspec */ - clean_tmpalgtype(); - trns_no = expand_isakmpspec(prop_no, trns_no, types, - algclass_isakmp_enc, algclass_isakmp_ameth + 1, - s->lifetime ? s->lifetime : rmconf->lifetime, - s->lifebyte ? s->lifebyte : rmconf->lifebyte, - s->encklen, s->vendorid, s->gssid, - rmconf); - if (trns_no == -1) { - plog(LLV_ERROR, LOCATION, NULL, - "failed to expand isakmp proposal.\n"); - return -1; - } - - s = s->prev; - } - - if (rmconf->proposal == NULL) { - plog(LLV_ERROR, LOCATION, NULL, - "no proposal found.\n"); - return -1; - } - - return 0; -} - -static void -clean_tmpalgtype() -{ - int i; - for (i = 0; i < MAXALGCLASS; i++) - tmpalgtype[i] = 0; /* means algorithm undefined. */ -} - -static int -expand_isakmpspec(prop_no, trns_no, types, - class, last, lifetime, lifebyte, encklen, vendorid, gssid, - rmconf) - int prop_no, trns_no; - int *types, class, last; - time_t lifetime; - int lifebyte; - int encklen; - int vendorid; - char *gssid; - struct remoteconf *rmconf; -{ - struct isakmpsa *new; - - /* debugging */ - { - int j; - char tb[10]; - plog(LLV_DEBUG2, LOCATION, NULL, - "p:%d t:%d\n", prop_no, trns_no); - for (j = class; j < MAXALGCLASS; j++) { - snprintf(tb, sizeof(tb), "%d", types[j]); - plog(LLV_DEBUG2, LOCATION, NULL, - "%s%s%s%s\n", - s_algtype(j, types[j]), - types[j] ? "(" : "", - tb[0] == '0' ? "" : tb, - types[j] ? ")" : ""); - } - plog(LLV_DEBUG2, LOCATION, NULL, "\n"); + } + if (yychar == YYEOF) goto yyaccept; + goto yyloop; } - -#define TMPALGTYPE2STR(n) \ - s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n]) - /* check mandatory values */ - if (types[algclass_isakmp_enc] == 0 - || types[algclass_isakmp_ameth] == 0 - || types[algclass_isakmp_hash] == 0 - || types[algclass_isakmp_dh] == 0) { - yyerror("few definition of algorithm " - "enc=%s ameth=%s hash=%s dhgroup=%s.\n", - TMPALGTYPE2STR(enc), - TMPALGTYPE2STR(ameth), - TMPALGTYPE2STR(hash), - TMPALGTYPE2STR(dh)); - return -1; - } -#undef TMPALGTYPE2STR - - /* set new sa */ - new = newisakmpsa(); - if (new == NULL) { - yyerror("failed to allocate isakmp sa"); - return -1; - } - new->prop_no = prop_no; - new->trns_no = trns_no++; - new->lifetime = lifetime; - new->lifebyte = lifebyte; - new->enctype = types[algclass_isakmp_enc]; - new->encklen = encklen; - new->authmethod = types[algclass_isakmp_ameth]; - new->hashtype = types[algclass_isakmp_hash]; - new->dh_group = types[algclass_isakmp_dh]; - new->vendorid = vendorid; -#ifdef HAVE_GSSAPI - if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) { - if (gssid != NULL) { - if ((new->gssid = vmalloc(strlen(gssid))) == NULL) { - racoon_free(new); - yyerror("failed to allocate gssid"); - return -1; - } - memcpy(new->gssid->v, gssid, new->gssid->l); - racoon_free(gssid); - } else { - /* - * Allocate the default ID so that it gets put - * into a GSS ID attribute during the Phase 1 - * exchange. - */ - new->gssid = gssapi_get_default_gss_id(); - } - } -#endif - insisakmpsa(new, rmconf); - - return trns_no; -} - -#if 0 -/* - * fix lifebyte. - * Must be more than 1024B because its unit is kilobytes. - * That is defined RFC2407. - */ -static int -fix_lifebyte(t) - unsigned long t; -{ - if (t < 1024) { - yyerror("byte size should be more than 1024B."); - return 0; - } - - return(t / 1024); -} + if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 && + yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate) + yystate = yytable[yyn]; + else + yystate = yydgoto[yym]; +#if YYDEBUG + if (yydebug) + printf("%sdebug: after reduction, shifting from state %d \ +to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; + *++yystack.s_mark = (YYINT) yystate; + *++yystack.l_mark = yyval; + goto yyloop; -int -cfparse() -{ - int error; - - yyerrorcount = 0; - yycf_init_buffer(); - - if (yycf_switch_buffer(lcconf->racoon_conf) != 0) { - plog(LLV_ERROR, LOCATION, NULL, - "could not read configuration file \"%s\"\n", - lcconf->racoon_conf); - return -1; - } - - error = yyparse(); - if (error != 0) { - if (yyerrorcount) { - plog(LLV_ERROR, LOCATION, NULL, - "fatal parse failure (%d errors)\n", - yyerrorcount); - } else { - plog(LLV_ERROR, LOCATION, NULL, - "fatal parse failure.\n"); - } - return -1; - } - - if (error == 0 && yyerrorcount) { - plog(LLV_ERROR, LOCATION, NULL, - "parse error is nothing, but yyerrorcount is %d.\n", - yyerrorcount); - exit(1); - } - - yycf_clean_buffer(); - - plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n"); +yyoverflow: + YYERROR_CALL("yacc stack overflow"); - return 0; -} +yyabort: + yyfreestack(&yystack); + return (1); -int -cfreparse() -{ - flushph2(); - flushph1(); - flushrmconf(); - flushsainfo(); - clean_tmpalgtype(); - return(cfparse()); +yyaccept: + yyfreestack(&yystack); + return (0); } - -#ifdef ENABLE_ADMINPORT -static void -adminsock_conf(path, owner, group, mode_dec) - vchar_t *path; - vchar_t *owner; - vchar_t *group; - int mode_dec; -{ - struct passwd *pw = NULL; - struct group *gr = NULL; - mode_t mode = 0; - uid_t uid; - gid_t gid; - int isnum; - - adminsock_path = path->v; - - if (owner == NULL) - return; - - errno = 0; - uid = atoi(owner->v); - isnum = !errno; - if (((pw = getpwnam(owner->v)) == NULL) && !isnum) - yyerror("User \"%s\" does not exist", owner->v); - - if (pw) - adminsock_owner = pw->pw_uid; - else - adminsock_owner = uid; - - if (group == NULL) - return; - - errno = 0; - gid = atoi(group->v); - isnum = !errno; - if (((gr = getgrnam(group->v)) == NULL) && !isnum) - yyerror("Group \"%s\" does not exist", group->v); - - if (gr) - adminsock_group = gr->gr_gid; - else - adminsock_group = gid; - - if (mode_dec == -1) - return; - - if (mode_dec > 777) - yyerror("Mode 0%03o is invalid", mode_dec); - if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; } - if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; } - if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; } - - if (mode_dec > 77) - yyerror("Mode 0%03o is invalid", mode_dec); - if (mode_dec >= 40) { mode += 040; mode_dec -= 40; } - if (mode_dec >= 20) { mode += 020; mode_dec -= 20; } - if (mode_dec >= 10) { mode += 020; mode_dec -= 10; } - - if (mode_dec > 7) - yyerror("Mode 0%03o is invalid", mode_dec); - if (mode_dec >= 4) { mode += 04; mode_dec -= 4; } - if (mode_dec >= 2) { mode += 02; mode_dec -= 2; } - if (mode_dec >= 1) { mode += 02; mode_dec -= 1; } - - adminsock_mode = mode; - - return; -} -#endif |