xref: /src/sbin/veriexecctl/veriexecctl_parse.y

%{
/*	$NetBSD: veriexecctl_parse.y,v 1.21 2007/05/15 19:47:47 elad Exp $	*/

/*-
 * Copyright 2005 Elad Efrat <elad@NetBSD.org>
 * Copyright 2005 Brett Lymn <blymn@netbsd.org>
 *
 * All rights reserved.
 *
 * This code has been donated to The NetBSD Foundation by the Author.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. The name of the author may not be used to endorse or promote products
 *    derived from this software withough specific prior written permission
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
 */

#include <sys/stat.h>
#include <sys/verified_exec.h>

#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <err.h>

#include <prop/proplib.h>

#include "veriexecctl.h"

extern int yylex(void);
extern size_t line;
extern int verbose, error;

boolean_t keep_filename = FALSE, eval_on_load = FALSE;
prop_dictionary_t load_params;

%}

%union {
	char *string;
	int intval;
}

%token <string> PATH
%token <string> STRING
%token EOL TOKEN_COMMA

%%

statement	:	/* empty */
		|	statement path type fingerprint flags eol {
	extern int gfd;
	struct stat sb;

	if (stat(dict_gets(load_params, "file"), &sb) == -1) {
		if (verbose)
			warnx("Line %zu: Can't stat `%s'", line,
			    dict_gets(load_params, "file"));
		error = EXIT_FAILURE;
		goto skip;
	}

	/* Only regular files */
	if (!S_ISREG(sb.st_mode)) {
		if (verbose)
			warnx("Line %zu: %s is not a regular file", line,
			    dict_gets(load_params, "file"));
		error = EXIT_FAILURE;
		goto skip;
	}

	if (verbose) {
		(void)printf( "Adding file `%s'.\n",
		    dict_gets(load_params, "file"));
	}

	prop_dictionary_set(load_params, "keep-filename",
	    prop_bool_create(keep_filename));

	prop_dictionary_set(load_params, "eval-on-load",
	    prop_bool_create(eval_on_load));

	if (prop_dictionary_send_ioctl(load_params, gfd, VERIEXEC_LOAD) != 0) {
		if (verbose)
			warn("Cannot load params from `%s'",
			    dict_gets(load_params, "file"));
		error = EXIT_FAILURE;
	}

 skip:
	prop_object_release(load_params);
	load_params = NULL;
}
		|	statement eol
		|	statement error eol {
	yyerrok;
}
		;

path		:	PATH {
	if (load_params == NULL)
		load_params = prop_dictionary_create();

	dict_sets(load_params, "file", $1);
}
		;

type		:	STRING {
	dict_sets(load_params, "fp-type", $1);
}
		;


fingerprint	:	STRING {
	char *fp;
	size_t n;

	fp = malloc(strlen($1) / 2);
	if (fp == NULL)
		err(1, "Cannot allocate memory for fingerprint");

	n = convert($1, fp);
	if (n == -1) {
		free(fp);
		if (verbose)
			warnx("Bad fingerprint `%s' in line %zu", $1, line);
		error = EXIT_FAILURE;
		YYERROR;
	}

	dict_setd(load_params, "fp", fp, n);
	free(fp);
}
	    ;

flags		:	/* empty */
		|	flags_spec
		;

flags_spec	:	flag_spec
		|	flags_spec TOKEN_COMMA flag_spec
		;

flag_spec	:	STRING {
	uint8_t t = 0;

	prop_dictionary_get_uint8(load_params, "entry-type", &t);

	if (strcasecmp($1, "direct") == 0) {
		t |= VERIEXEC_DIRECT;
	} else if (strcasecmp($1, "indirect") == 0) {
		t |= VERIEXEC_INDIRECT;
	} else if (strcasecmp($1, "file") == 0) {
		t |= VERIEXEC_FILE;
	} else if (strcasecmp($1, "program") == 0) {
		t |= VERIEXEC_DIRECT;
	} else if (strcasecmp($1, "interpreter") == 0) {
		t |= VERIEXEC_INDIRECT;
	} else if (strcasecmp($1, "script") == 0) {
		t |= (VERIEXEC_FILE | VERIEXEC_DIRECT);
	} else if (strcasecmp($1, "library") == 0) {
		t |= (VERIEXEC_FILE | VERIEXEC_INDIRECT);
	} else if (strcasecmp($1, "untrusted") == 0) {
		t |= VERIEXEC_UNTRUSTED;
	} else {
		if (verbose)
			warnx("Bad flag `%s' in line %zu", $1, line);
		error = EXIT_FAILURE;
		YYERROR;
	}

	prop_dictionary_set_uint8(load_params, "entry-type", t);
}
		;

eol		:	EOL
		;

%%

/*
 * Takes the hexadecimal string pointed to by "fp" and converts it to a
 * "count" byte binary number which is stored in the array pointed to
 * by "out".  Returns the number of bytes converted or -1 if the conversion
 * fails.
 */
static size_t
convert(u_char *fp, u_char *out)
{
	size_t i, count;
	u_char value;

	count = strlen(fp);

	/*
	 * if there are not an even number of hex digits then there is
	 * not an integral number of bytes in the fingerprint.
	 */
	if ((count % 2) != 0)
		return -1;

	count /= 2;

#define cvt(cv) \
	if (isdigit(cv)) \
		value += (cv) - '0'; \
	else if (isxdigit(cv)) \
		value += 10 + tolower(cv) - 'a'; \
	else \
		return -1

	for (i = 0; i < count; i++) {
		value = 0;
		cvt(fp[2 * i]);
		value <<= 4;
		cvt(fp[2 * i + 1]);
		out[i] = value;
	}

	return count;
}

static void
yyerror(const char *msg)
{
	if (verbose)
		warnx("%s in line %zu", msg, line);
}