check a unit of the timer in the configuration file.

Wrong configuration could be defined such like "lifetime byte 1 min".
kame · Mar 15, 2001 · 55caa09 · 55caa09
1 parent 7c50a4e
commit 55caa09
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 96 deletions.
diff --git a/kame/kame/racoon/cfparse.h b/kame/kame/racoon/cfparse.h
@@ -1,4 +1,4 @@
-/*	$KAME: cfparse.h,v 1.10 2001/01/31 05:45:23 sakane Exp $	*/
+/*	$KAME: cfparse.h,v 1.11 2001/03/15 11:44:08 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -29,17 +29,6 @@
  * SUCH DAMAGE.
  */
 
-#define CF_LIFETYPE_TIME	0
-#define CF_LIFETYPE_BYTE	1
-
-#define CF_UNITTYPE_B	1
-#define CF_UNITTYPE_KB	1024
-#define CF_UNITTYPE_MB	(1024*1024)
-#define CF_UNITTYPE_TB	(1024*1024*1024)
-#define CF_UNITTYPE_S	1
-#define CF_UNITTYPE_M	60
-#define CF_UNITTYPE_H	(60*60)
-
 /* cfparse.y */
 extern int yyparse __P((void));
 extern int cfparse __P((void));

diff --git a/kame/kame/racoon/cfparse.y b/kame/kame/racoon/cfparse.y
@@ -1,4 +1,4 @@
-/*	$KAME: cfparse.y,v 1.90 2001/03/14 11:40:42 sakane Exp $	*/
+/*	$KAME: cfparse.y,v 1.91 2001/03/15 11:44:08 sakane Exp $	*/
 
 %{
 #include <sys/types.h>
@@ -104,6 +104,8 @@ static int set_isakmp_proposal
 static void clean_tmpalgtype __P((void));
 static int expand_isakmpspec __P((int, int, int *,
 	int, int, time_t, int, int, char *, struct remoteconf *));
+
+static int fix_lifebyte __P((u_long));
 %}
 
 %union {
@@ -152,10 +154,12 @@ static int expand_isakmpspec __P((int, int, int *,
 %token GSSAPI_ID
 
 %token PREFIX PORT PORTANY UL_PROTO ANY
-%token PFS_GROUP LIFETIME LIFETYPE UNITTYPE STRENGTH
+%token PFS_GROUP LIFETIME LIFETYPE_TIME LIFETYPE_BYTE STRENGTH
 
 %token NUMBER SWITCH BOOLEAN
 %token HEXSTRING QUOTEDSTRING ADDRSTRING
+%token UNITTYPE_BYTE UNITTYPE_KBYTES UNITTYPE_MBYTES UNITTYPE_TBYTES
+%token UNITTYPE_SEC UNITTYPE_MIN UNITTYPE_HOUR
 %token EOS BOC EOC COMMA
 
 %type <num> NUMBER BOOLEAN SWITCH keylength
@@ -164,10 +168,10 @@ static int expand_isakmpspec __P((int, int, int *,
 %type <num> ALGORITHMTYPE STRENGTHTYPE
 %type <num> PREFIX prefix PORT port ike_port DIRTYPE ACTION PLADDRTYPE WHICHSIDE
 %type <num> ul_proto UL_PROTO secproto
-%type <num> LIFETYPE UNITTYPE
 %type <num> SECLEVELTYPE SECMODETYPE 
 %type <num> EXCHANGETYPE DOITYPE SITUATIONTYPE
 %type <num> CERTTYPE CERT_X509 PROPOSAL_CHECK_LEVEL
+%type <num> unittype_time unittype_byte
 %type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id
 %type <val> identifierstring
 %type <spidx> policy_index
@@ -369,7 +373,7 @@ timer_stmt
 			lcconf->retry_counter = $2;
 		}
 		EOS
-	|	RETRY_INTERVAL NUMBER UNITTYPE
+	|	RETRY_INTERVAL NUMBER unittype_time
 		{
 			lcconf->retry_interval = $2 * $3;
 		}
@@ -379,12 +383,12 @@ timer_stmt
 			lcconf->count_persend = $2;
 		}
 		EOS
-	|	RETRY_PHASE1 NUMBER UNITTYPE
+	|	RETRY_PHASE1 NUMBER unittype_time
 		{
 			lcconf->retry_checkph1 = $2 * $3;
 		}
 		EOS
-	|	RETRY_PHASE2 NUMBER UNITTYPE
+	|	RETRY_PHASE2 NUMBER unittype_time
 		{
 			lcconf->wait_ph2complete = $2 * $3;
 		}
@@ -547,20 +551,16 @@ ipsecproposal_specs
 	|	ipsecproposal_specs ipsecproposal_spec
 	;
 ipsecproposal_spec
-	:	LIFETIME LIFETYPE NUMBER UNITTYPE
+	:	LIFETIME LIFETYPE_TIME NUMBER unittype_time
 		{
-			if ($2 == CF_LIFETYPE_TIME)
-				prhead->lifetime = $3 * $4;
-			else {
-				/* i.e. CF_LIFETYPE_BYTE */
-				prhead->lifebyte = $3 * $4;
-				if (prhead->lifebyte < 1024) {
-					yyerror("byte size should be more "
-						"than 1024B.");
-					return -1;
-				}
-				prhead->lifebyte /= 1024;
-			}
+			prhead->lifetime = $3 * $4;
+		}
+		EOS
+	|	LIFETIME LIFETYPE_BYTE NUMBER unittype_byte
+		{
+			prhead->lifebyte = fix_lifebyte($3 * $4);
+			if (prhead->lifebyte == 0)
+				return -1;
 		}
 		EOS
 	|	PROTOCOL secproto
@@ -832,20 +832,16 @@ sainfo_spec
 			cur_sainfo->pfs_group = doi;
 		}
 		EOS
-	|	LIFETIME LIFETYPE NUMBER UNITTYPE
+	|	LIFETIME LIFETYPE_TIME NUMBER unittype_time
 		{
-			if ($2 == CF_LIFETYPE_TIME)
-				cur_sainfo->lifetime = $3 * $4;
-			else {
-				/* i.e. CF_LIFETYPE_BYTE */
-				cur_sainfo->lifebyte = $3 * $4;
-				if (cur_sainfo->lifebyte < 1024) {
-					yyerror("byte size should be more "
-						"than 1024B.");
-					return -1;
-				}
-				cur_sainfo->lifebyte /= 1024;
-			}
+			cur_sainfo->lifetime = $3 * $4;
+		}
+		EOS
+	|	LIFETIME LIFETYPE_BYTE NUMBER unittype_byte
+		{
+			cur_sainfo->lifebyte = fix_lifebyte($3 * $4);
+			if (cur_sainfo->lifebyte == 0)
+				return -1;
 		}
 		EOS
 	|	ALGORITHM_CLASS {
@@ -1093,25 +1089,16 @@ remote_spec
 	|	SUPPORT_MIP6 SWITCH { cur_rmconf->support_mip6 = $2; } EOS
 	|	INITIAL_CONTACT SWITCH { cur_rmconf->ini_contact = $2; } EOS
 	|	PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL { cur_rmconf->pcheck_level = $2; } EOS
-	|	LIFETIME LIFETYPE NUMBER UNITTYPE
+	|	LIFETIME LIFETYPE_TIME NUMBER unittype_time
 		{
-			if ($2 == CF_LIFETYPE_TIME)
-				prhead->lifetime = $3 * $4;
-			else {
-				/* i.e. CF_LIFETYPE_BYTE */
-				prhead->lifebyte = $3 * $4;
-				/*
-				 * check size.
-				 * Must be more than 1024B because its unit
-				 * is kilobytes.  That is defined RFC2407.
-				 */
-				if (prhead->lifebyte < 1024) {
-					yyerror("byte size should be more "
-						"than 1024B.");
-					return -1;
-				}
-				prhead->lifebyte /= 1024;
-			}
+			prhead->lifetime = $3 * $4;
+		}
+		EOS
+	|	LIFETIME LIFETYPE_BYTE NUMBER unittype_byte
+		{
+			prhead->lifebyte = fix_lifebyte($3 * $4);
+			if (prhead->lifebyte == 0)
+				return -1;
 		}
 		EOS
 	|	PROPOSAL
@@ -1197,25 +1184,16 @@ isakmpproposal_spec
 		{
 			yyerror("strength directive is obsoleted.");
 		} STRENGTHTYPE EOS
-	|	LIFETIME LIFETYPE NUMBER UNITTYPE
+	|	LIFETIME LIFETYPE_TIME NUMBER unittype_time
 		{
-			if ($2 == CF_LIFETYPE_TIME)
-				prhead->spspec->lifetime = $3 * $4;
-			else {
-				/* i.e. CF_LIFETYPE_BYTE */
-				prhead->spspec->lifebyte = $3 * $4;
-				/*
-				 * check size.
-				 * Must be more than 1024B because its unit
-				 * is kilobytes.  That is defined RFC2407.
-				 */
-				if (prhead->spspec->lifebyte < 1024) {
-					yyerror("byte size should be "
-						"more than 1024B.");
-					return -1;
-				}
-				prhead->spspec->lifebyte /= 1024;
-			}
+			prhead->spspec->lifetime = $3 * $4;
+		}
+		EOS
+	|	LIFETIME LIFETYPE_BYTE NUMBER unittype_byte
+		{
+			prhead->spspec->lifebyte = fix_lifebyte($3 * $4);
+			if (prhead->spspec->lifebyte == 0)
+				return -1;
 		}
 		EOS
 	|	DH_GROUP dh_group_num
@@ -1289,6 +1267,17 @@ isakmpproposal_spec
 		EOS
 	;
 
+unittype_time
+	:	UNITTYPE_SEC	{ $$ = 1; }
+	|	UNITTYPE_MIN	{ $$ = 60; }
+	|	UNITTYPE_HOUR	{ $$ = (60 * 60); }
+	;
+unittype_byte
+	:	UNITTYPE_BYTE	{ $$ = 1; }
+	|	UNITTYPE_KBYTES	{ $$ = 1024; }
+	|	UNITTYPE_MBYTES	{ $$ = (1024 * 1024); }
+	|	UNITTYPE_TBYTES	{ $$ = (1024 * 1024 * 1024); }
+	;
 %%
 
 static struct proposalspec *
@@ -1543,6 +1532,23 @@ expand_isakmpspec(prop_no, trns_no, types,
 	return trns_no;
 }
 
+/*
+ * fix lifebyte.
+ * Must be more than 1024B because its unit is kilobytes.
+ * That is defined RFC2407.
+ */
+static int
+fix_lifebyte(t)
+	unsigned long t;
+{
+	if (t < 1024) {
+		yyerror("byte size should be more than 1024B.");
+		return 0;
+	}
+
+	return(t / 1024);
+}
+
 int
 cfparse()
 {

diff --git a/kame/kame/racoon/cftoken.l b/kame/kame/racoon/cftoken.l
@@ -1,4 +1,4 @@
-/*	$KAME: cftoken.l,v 1.52 2001/02/22 03:10:40 itojun Exp $	*/
+/*	$KAME: cftoken.l,v 1.53 2001/03/15 11:44:08 sakane Exp $	*/
 
 %{
 #include <sys/types.h>
@@ -212,8 +212,8 @@ octetstring	{octet}({dot}{octet})+
 <S_PLCYP>{bcl}		{ return(BOC); }
 <S_PLCYP>{ecl}		{ BEGIN S_PLCYS; return(EOC); }
 <S_PLCYP>lifetime	{ YYD; return(LIFETIME); }
-<S_PLCYP>time		{ YYD; yylval.num = CF_LIFETYPE_TIME; return(LIFETYPE); }
-<S_PLCYP>byte		{ YYD; yylval.num = CF_LIFETYPE_BYTE; return(LIFETYPE); }
+<S_PLCYP>time		{ YYD; return(LIFETYPE_TIME); }
+<S_PLCYP>byte		{ YYD; return(LIFETYPE_BYTE); }
 	/* policy protocol */
 <S_PLCYP>protocol	{ BEGIN S_PLCYT; YYDB; return(PROTOCOL); }
 <S_PLCYT>{bcl}		{ return(BOC); }
@@ -247,8 +247,8 @@ octetstring	{octet}({dot}{octet})+
 <S_SAINFS>identifier	{ YYD; yywarn("it is obsoleted.  use \"my_identifier\"."); return(IDENTIFIER); }
 <S_SAINFS>my_identifier	{ YYD; return(MY_IDENTIFIER); }
 <S_SAINFS>lifetime	{ YYD; return(LIFETIME); }
-<S_SAINFS>time		{ YYD; yylval.num = CF_LIFETYPE_TIME; return(LIFETYPE); }
-<S_SAINFS>byte		{ YYD; yylval.num = CF_LIFETYPE_BYTE; return(LIFETYPE); }
+<S_SAINFS>time		{ YYD; return(LIFETYPE_TIME); }
+<S_SAINFS>byte		{ YYD; return(LIFETYPE_BYTE); }
 <S_SAINFS>encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
 <S_SAINFS>authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
 <S_SAINFS>compression_algorithm	{ YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
@@ -292,15 +292,15 @@ octetstring	{octet}({dot}{octet})+
 <S_RMTS>claim		{ YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); }
 <S_RMTS>keepalive	{ YYD; return(KEEPALIVE); }
 <S_RMTS>lifetime	{ YYD; return(LIFETIME); }
-<S_RMTS>time		{ YYD; yylval.num = CF_LIFETYPE_TIME; return(LIFETYPE); }
-<S_RMTS>byte		{ YYD; yylval.num = CF_LIFETYPE_BYTE; return(LIFETYPE); }
+<S_RMTS>time		{ YYD; return(LIFETYPE_TIME); }
+<S_RMTS>byte		{ YYD; return(LIFETYPE_BYTE); }
 	/* remote proposal */
 <S_RMTS>proposal	{ BEGIN S_RMTP; YYDB; return(PROPOSAL); }
 <S_RMTP>{bcl}		{ return(BOC); }
 <S_RMTP>{ecl}		{ BEGIN S_RMTS; return(EOC); }
 <S_RMTP>lifetime	{ YYD; return(LIFETIME); }
-<S_RMTP>time		{ YYD; yylval.num = CF_LIFETYPE_TIME; return(LIFETYPE); }
-<S_RMTP>byte		{ YYD; yylval.num = CF_LIFETYPE_BYTE; return(LIFETYPE); }
+<S_RMTP>time		{ YYD; return(LIFETYPE_TIME); }
+<S_RMTP>byte		{ YYD; return(LIFETYPE_BYTE); }
 <S_RMTP>strength	{ YYD; return(STRENGTH); }
 <S_RMTP>extra_high	{ YYD; yylval.num = algstrength_ehigh; return(STRENGTHTYPE); }
 <S_RMTP>high		{ YYD; yylval.num = algstrength_high; return(STRENGTHTYPE); }
@@ -390,13 +390,13 @@ asn1dn		{ YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
 certname	{ YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
 
 	/* units */
-B|byte|bytes		{ YYD; yylval.num = CF_UNITTYPE_B; return(UNITTYPE); }
-KB			{ YYD; yylval.num = CF_UNITTYPE_KB; return(UNITTYPE); }
-MB			{ YYD; yylval.num = CF_UNITTYPE_MB; return(UNITTYPE); }
-TB			{ YYD; yylval.num = CF_UNITTYPE_TB; return(UNITTYPE); }
-sec|secs|second|seconds	{ YYD; yylval.num = CF_UNITTYPE_S; return(UNITTYPE); }
-min|mins|minute|minutes	{ YYD; yylval.num = CF_UNITTYPE_M; return(UNITTYPE); }
-hour|hours		{ YYD; yylval.num = CF_UNITTYPE_H; return(UNITTYPE); }
+B|byte|bytes		{ YYD; return(UNITTYPE_BYTE); }
+KB			{ YYD; return(UNITTYPE_KBYTES); }
+MB			{ YYD; return(UNITTYPE_MBYTES); }
+TB			{ YYD; return(UNITTYPE_TBYTES); }
+sec|secs|second|seconds	{ YYD; return(UNITTYPE_SEC); }
+min|mins|minute|minutes	{ YYD; return(UNITTYPE_MIN); }
+hour|hours		{ YYD; return(UNITTYPE_HOUR); }
 
 	/* boolean */
 yes		{ YYD; yylval.num = TRUE; return(BOOLEAN); }