Mercurial > hg > freeDiameter
view libfdcore/fdd.y @ 1513:73e563165594
Add 3GPP TS 29.468 V15.8.0 (2019-12)
Add AVPs:
- BMSC-Address, Address, code 3500, section 6.4.2
- BMSC-Port, Unsigned32, code 3501, section 6.4.3
- Common-Tunnel-Endpoint-Identifier, OctetString, code 3524, section 6.4.26
- FEC-Request, OctetString, code 3525, section 6.4.27
- FEC-Result, Unsigned32, code 3531, section 6.4.33
- Local-M1-Information, Grouped, code 3518, section 6.4.20
- Local-MB2-U-Information, Grouped, code 3519, section 6.4.21
- MB2U-Security, Unsigned32, code 3517, section 6.4.19
- MBMS-Bearer-Event, Unsigned32, code 3502, section 6.4.4
- MBMS-Bearer-Event-Notification, Grouped, code 3503, section 6.4.5
- MBMS-Bearer-Request, Grouped, code 3504, section 6.4.6
- MBMS-Bearer-Response, Grouped, code 3505, section 6.4.7
- MBMS-Bearer-Result, Unsigned32, code 3506, section 6.4.8
- MBMS-eNB-IP-Multicast-Address, Address, code 3520, section 6.4.22
- MBMS-eNB-IPv6-Multicast-Address, Address, code 3521, section 6.4.23
- MBMS-GW-SSM-IP-Address-29.468, Address, code 3522, section 6.4.24
- MBMS-GW-SSM-IPv6-Address-29.468, Address, code 3523, section 6.4.25
- MBMS-Start-Time, Time, code 3507, section 6.4.9
- Radio-Frequency-29.468, Unsigned32, code 3508, section 6.4.10
- ROHC-Full-Header-Periodicity, Float32, code 3527, section 6.4.29
- ROHC-Max-CID, Unsigned32, code 3532, section 6.4.34
- ROHC-Profile, Unsigned32, code 3528, section 6.4.30
- ROHC-Request, Grouped, code 3526, section 6.4.28
- ROHC-Result, Unsigned32, code 3530, section 6.4.32
- TMGI-Allocation-Request, Grouped, code 3509, section 6.4.11
- TMGI-Allocation-Response, Grouped, code 3510, section 6.4.12
- TMGI-Allocation-Result, Unsigned32, code 3511, section 6.4.13
- TMGI-Deallocation-Request, Grouped, code 3512, section 6.4.14
- TMGI-Deallocation-Response, Grouped, code 3513, section 6.4.15
- TMGI-Deallocation-Result, Unsigned32, code 3514, section 6.4.16
- TMGI-Expiry, Grouped, code 3515, section 6.4.17
- TMGI-Number, Unsigned32, code 3516, section 6.4.18
- Userplane-Protocol-Result, Grouped, code 3529, section 6.4.31
Note: Name conflict with 3GPP TS 29.061 MBMS-GW-SSM-IP-Address (924).
3GPP TS 29.061 V10.4.0 (2011-09) CR 0355 added MBMS-GW-SSM-IP-Address (924).
3GPP TS 29.468 V14.0.0 (2016-12) CR 0021 added MBMS-GW-SSM-IP-Address (3522).
Fix: MBMS-GW-SSM-IP-Address (3522) renamed to MBMS-GW-SSM-IP-Address-29.468 (3522).
Note: Name conflict with 3GPP TS 29.061 MBMS-GW-SSM-IPv6-Address (925).
3GPP TS 29.061 V10.4.0 (2011-09) CR 0355 added MBMS-GW-SSM-IPv6-Address (925).
3GPP TS 29.468 V14.0.0 (2016-12) CR 0021 added MBMS-GW-SSM-IPv6-Address (3523).
Fix: MBMS-GW-SSM-IPv6-Address (3523) renamed to MBMS-GW-SSM-IPv6-Address-29.468 (3523).
Note: Name conflict with 3GPP TS 32.299 Radio-Frequency (3462).
3GPP TS 29.468 V12.0.0 (2014-09) added Radio-Frequency (3508).
3GPP TS 32.299 V13.1.0 (2015-06) CR 0638 added Radio-Frequency (3462).
Fix: Radio-Frequency (3508) renamed to Radio-Frequency-29.468 (3508).
author | Luke Mewburn <luke@mewburn.net> |
---|---|
date | Tue, 07 Apr 2020 19:38:33 +1000 |
parents | 239ba25870d8 |
children | 566bb46cc73f |
line wrap: on
line source
/********************************************************************************************************* * Software License Agreement (BSD License) * * Author: Sebastien Decugis <sdecugis@freediameter.net> * * * * Copyright (c) 2015, WIDE Project and NICT * * All rights reserved. * * * * Redistribution and use of this software in source and binary forms, with or without modification, are * * permitted provided that the following conditions are met: * * * * * Redistributions of source code must retain the above * * copyright notice, this list of conditions and the * * following disclaimer. * * * * * Redistributions in binary form must reproduce the above * * copyright notice, this list of conditions and the * * following disclaimer in the documentation and/or other * * materials provided with the distribution. * * * * * Neither the name of the WIDE Project or NICT nor the * * names of its contributors may be used to endorse or * * promote products derived from this software without * * specific prior written permission of WIDE Project and * * NICT. * * * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ /* Yacc configuration parser. * * This file defines the grammar of the configuration file. * Note that each extension has a separate independant configuration file. * * Note : This module is NOT thread-safe. All processing must be done from one thread only. */ /* For development only : */ %debug %error-verbose %parse-param {struct fd_config * conf} /* Keep track of location */ %locations %pure-parser %{ #include "fdcore-internal.h" #include "fdd.tab.h" /* bug : bison does not define the YYLTYPE before including this bloc, so... */ /* The Lex parser prototype */ int fddlex(YYSTYPE *lvalp, YYLTYPE *llocp); /* Function to report error */ void yyerror (YYLTYPE *ploc, struct fd_config * conf, char const *s) { if (ploc->first_line != ploc->last_line) { TRACE_ERROR("%s:%d.%d-%d.%d : %s", conf->cnf_file, ploc->first_line, ploc->first_column, ploc->last_line, ploc->last_column, s); } else if (ploc->first_column != ploc->last_column) { TRACE_ERROR("%s:%d.%d-%d : %s", conf->cnf_file, ploc->first_line, ploc->first_column, ploc->last_column, s); } else { TRACE_ERROR("%s:%d.%d : %s", conf->cnf_file, ploc->first_line, ploc->first_column, s); } } int got_peer_noip = 0; int got_peer_noipv6 = 0; int got_peer_notcp = 0; int got_peer_nosctp = 0; struct peer_info fddpi; %} /* Values returned by lex for token */ %union { char *string; /* The string is allocated by strdup in lex.*/ int integer; /* Store integer values */ } /* In case of error in the lexical analysis */ %token LEX_ERROR %token <string> QSTRING %token <integer> INTEGER %type <string> extconf %token IDENTITY %token REALM %token PORT %token SECPORT %token SEC3436 %token NOIP %token NOIP6 %token NOTCP %token NOSCTP %token PREFERTCP %token OLDTLS %token NOTLS %token SCTPSTREAMS %token APPSERVTHREADS %token ROUTINGINTHREADS %token ROUTINGOUTTHREADS %token QINLIMIT %token QOUTLIMIT %token QLOCALLIMIT %token LISTENON %token THRPERSRV %token PROCESSINGPEERSPATTERN %token PROCESSINGPEERSMINIMUM %token TCTIMER %token TWTIMER %token NORELAY %token LOADEXT %token CONNPEER %token CONNTO %token TLS_CRED %token TLS_CA %token TLS_CRL %token TLS_PRIO %token TLS_DH_BITS %token TLS_DH_FILE %token RR_IN_ANSWERS %token ALWAYS %token NEVER /* -------------------------------------- */ %% /* The grammar definition - Sections blocs. */ conffile: /* Empty is OK -- for simplicity here, we reject in daemon later */ | conffile identity | conffile realm | conffile tctimer | conffile twtimer | conffile port | conffile secport | conffile sec3436 | conffile sctpstreams | conffile listenon | conffile thrpersrv | conffile processingpeerspattern | conffile processingpeersminimum | conffile norelay | conffile appservthreads | conffile routinginthreads | conffile routingoutthreads | conffile qinlimit | conffile qoutlimit | conffile qlocallimit | conffile noip | conffile noip6 | conffile notcp | conffile nosctp | conffile prefertcp | conffile oldtls | conffile loadext | conffile connpeer | conffile tls_cred | conffile tls_ca | conffile tls_crl | conffile tls_prio | conffile tls_dh | conffile rr_in_answers | conffile errors { yyerror(&yylloc, conf, "An error occurred while parsing the configuration file"); return EINVAL; } ; /* Lexical or syntax error */ errors: LEX_ERROR | error ; identity: IDENTITY '=' QSTRING ';' { conf->cnf_diamid = $3; } ; realm: REALM '=' QSTRING ';' { conf->cnf_diamrlm = $3; } ; tctimer: TCTIMER '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_timer_tc = (unsigned int)$3; } ; twtimer: TWTIMER '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 5), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_timer_tw = (unsigned int)$3; } ; port: PORT '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0) && ($3 < 1<<16), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_port = (uint16_t)$3; } ; secport: SECPORT '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0) && ($3 < 1<<16), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_port_tls = (uint16_t)$3; } ; sec3436: SEC3436 '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0) && ($3 < 1<<16), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_port_3436 = (uint16_t)$3; } ; sctpstreams: SCTPSTREAMS '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0) && ($3 < 1<<16), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_sctp_str = (uint16_t)$3; } ; listenon: LISTENON '=' QSTRING ';' { struct addrinfo hints, *ai; int ret; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ret = getaddrinfo($3, NULL, &hints, &ai); if (ret) { yyerror (&yylloc, conf, gai_strerror(ret)); YYERROR; } CHECK_FCT_DO( fd_ep_add_merge( &conf->cnf_endpoints, ai->ai_addr, ai->ai_addrlen, EP_FL_CONF ), YYERROR ); freeaddrinfo(ai); free($3); } ; thrpersrv: THRPERSRV '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_thr_srv = $3; } ; processingpeerspattern: PROCESSINGPEERSPATTERN '=' QSTRING ';' { char *pattern = $3; int err; CHECK_FCT_DO( err=regcomp(&conf->cnf_processing_peers_pattern_regex, pattern, REG_EXTENDED | REG_NOSUB), { char * buf; size_t bl; /* Error while compiling the regex */ TRACE_DEBUG(INFO, "error while compiling the regular expression '%s':", pattern); /* Get the error message size */ bl = regerror(err, &conf->cnf_processing_peers_pattern_regex, NULL, 0); /* Alloc the buffer for error message */ CHECK_MALLOC( buf = malloc(bl) ); /* Get the error message content */ regerror(err, &conf->cnf_processing_peers_pattern_regex, buf, bl); TRACE_DEBUG(INFO, "\t%s", buf); /* Free the buffer, return the error */ free(buf); yyerror (&yylloc, conf, "Invalid regular expression in ProcessingPeersPattern"); YYERROR; } ); } ; processingpeersminimum: PROCESSINGPEERSMINIMUM '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_processing_peers_minimum = $3; } ; norelay: NORELAY ';' { conf->cnf_flags.no_fwd = 1; } ; appservthreads: APPSERVTHREADS '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0) && ($3 < 256), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_dispthr = (uint16_t)$3; } ; routinginthreads: ROUTINGINTHREADS '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0) && ($3 < 256), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_rtinthr = (uint16_t)$3; } ; routingoutthreads: ROUTINGOUTTHREADS '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 > 0) && ($3 < 256), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_rtoutthr = (uint16_t)$3; } ; qinlimit: QINLIMIT '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_qin_limit = $3; } ; qoutlimit: QOUTLIMIT '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_qout_limit = $3; } ; qlocallimit: QLOCALLIMIT '=' INTEGER ';' { CHECK_PARAMS_DO( ($3 >= 0), { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } ); conf->cnf_qlocal_limit = $3; } ; noip: NOIP ';' { if (got_peer_noipv6) { yyerror (&yylloc, conf, "No_IP conflicts with a ConnectPeer directive No_IPv6."); YYERROR; } conf->cnf_flags.no_ip4 = 1; } ; noip6: NOIP6 ';' { if (got_peer_noip) { yyerror (&yylloc, conf, "No_IP conflicts with a ConnectPeer directive No_IP."); YYERROR; } conf->cnf_flags.no_ip6 = 1; } ; notcp: NOTCP ';' { #ifdef DISABLE_SCTP yyerror (&yylloc, conf, "No_TCP cannot be specified for daemon compiled with DISABLE_SCTP option."); YYERROR; #endif if (conf->cnf_flags.no_sctp) { yyerror (&yylloc, conf, "No_TCP conflicts with No_SCTP directive." ); YYERROR; } if (got_peer_nosctp) { yyerror (&yylloc, conf, "No_TCP conflicts with a ConnectPeer directive No_SCTP."); YYERROR; } conf->cnf_flags.no_tcp = 1; } ; nosctp: NOSCTP ';' { if (conf->cnf_flags.no_tcp) { yyerror (&yylloc, conf, "No_SCTP conflicts with No_TCP directive." ); YYERROR; } if (got_peer_notcp) { yyerror (&yylloc, conf, "No_SCTP conflicts with a ConnectPeer directive No_TCP."); YYERROR; } conf->cnf_flags.no_sctp = 1; } ; prefertcp: PREFERTCP ';' { conf->cnf_flags.pr_tcp = 1; } ; oldtls: OLDTLS ';' { conf->cnf_flags.tls_alg = 1; } ; loadext: LOADEXT '=' QSTRING extconf ';' { char * fname; char * cfname; FILE * fd; /* Try and open the extension file */ fname = $3; fd = fopen(fname, "r"); if ((fd == NULL) && (*fname != '/')) { char * bkp = fname; CHECK_MALLOC_DO( fname = malloc( strlen(bkp) + strlen(DEFAULT_EXTENSIONS_PATH) + 2 ), { yyerror (&yylloc, conf, "Not enough memory"); YYERROR; } ); sprintf(fname, DEFAULT_EXTENSIONS_PATH "/%s", bkp); fd = fopen(fname, "r"); if (fd == NULL) { free(fname); fname = bkp; } else { free(bkp); } } if (fd != NULL) { fclose(fd); } /* otherwise, LD_LIBRARY_PATH will be tested by dl_open. This should not give any security issue, otherwise we can add an "else fail" here. */ /* Try and open the configuration file (optional) */ cfname = $4; if (cfname) { fd = fopen(cfname, "r"); if ((fd == NULL) && (*cfname != '/')) { char * test; CHECK_MALLOC_DO( test = malloc( strlen(cfname) + strlen(DEFAULT_CONF_PATH) + 2 ), { yyerror (&yylloc, conf, "Not enough memory"); YYERROR; } ); sprintf(test, DEFAULT_CONF_PATH "/%s", cfname); fd = fopen(test, "r"); if (fd) { free(cfname); cfname=test; } else { /* This is not an error, we allow an extension to wait for something else than a real conf file. */ free(test); } } if (fd) fclose(fd); } CHECK_FCT_DO( fd_ext_add( fname, cfname ), { yyerror (&yylloc, conf, "Error adding extension"); YYERROR; } ); } ; extconf: /* empty */ { $$ = NULL; } | ':' QSTRING { $$ = $2; } ; connpeer: { memset(&fddpi, 0, sizeof(fddpi)); fddpi.config.pic_flags.persist = PI_PRST_ALWAYS; fd_list_init( &fddpi.pi_endpoints, NULL ); } CONNPEER '=' QSTRING peerinfo ';' { fddpi.pi_diamid = $4; CHECK_FCT_DO( fd_peer_add ( &fddpi, conf->cnf_file, NULL, NULL ), { yyerror (&yylloc, conf, "Error adding ConnectPeer information"); YYERROR; } ); /* Now destroy any content in the structure */ free(fddpi.pi_diamid); free(fddpi.config.pic_realm); free(fddpi.config.pic_priority); while (!FD_IS_LIST_EMPTY(&fddpi.pi_endpoints)) { struct fd_list * li = fddpi.pi_endpoints.next; fd_list_unlink(li); free(li); } } ; peerinfo: /* empty */ | '{' peerparams '}' ; peerparams: /* empty */ | peerparams NOIP ';' { if ((conf->cnf_flags.no_ip6) || (fddpi.config.pic_flags.pro3 == PI_P3_IP)) { yyerror (&yylloc, conf, "No_IP conflicts with a No_IPv6 directive."); YYERROR; } got_peer_noip++; fddpi.config.pic_flags.pro3 = PI_P3_IPv6; } | peerparams NOIP6 ';' { if ((conf->cnf_flags.no_ip4) || (fddpi.config.pic_flags.pro3 == PI_P3_IPv6)) { yyerror (&yylloc, conf, "No_IPv6 conflicts with a No_IP directive."); YYERROR; } got_peer_noipv6++; fddpi.config.pic_flags.pro3 = PI_P3_IP; } | peerparams NOTCP ';' { #ifdef DISABLE_SCTP yyerror (&yylloc, conf, "No_TCP cannot be specified in daemon compiled with DISABLE_SCTP option."); YYERROR; #endif if ((conf->cnf_flags.no_sctp) || (fddpi.config.pic_flags.pro4 == PI_P4_TCP)) { yyerror (&yylloc, conf, "No_TCP conflicts with a No_SCTP directive."); YYERROR; } got_peer_notcp++; fddpi.config.pic_flags.pro4 = PI_P4_SCTP; } | peerparams NOSCTP ';' { if ((conf->cnf_flags.no_tcp) || (fddpi.config.pic_flags.pro4 == PI_P4_SCTP)) { yyerror (&yylloc, conf, "No_SCTP conflicts with a No_TCP directive."); YYERROR; } got_peer_nosctp++; fddpi.config.pic_flags.pro4 = PI_P4_TCP; } | peerparams PREFERTCP ';' { fddpi.config.pic_flags.alg = PI_ALGPREF_TCP; } | peerparams OLDTLS ';' { fddpi.config.pic_flags.sec |= PI_SEC_TLS_OLD; } | peerparams NOTLS ';' { fddpi.config.pic_flags.sec |= PI_SEC_NONE; } | peerparams SEC3436 ';' { fddpi.config.pic_flags.sctpsec |= PI_SCTPSEC_3436; } | peerparams REALM '=' QSTRING ';' { fddpi.config.pic_realm = $4; } | peerparams PORT '=' INTEGER ';' { CHECK_PARAMS_DO( ($4 > 0) && ($4 < 1<<16), { yyerror (&yylloc, conf, "Invalid port value"); YYERROR; } ); fddpi.config.pic_port = (uint16_t)$4; } | peerparams TCTIMER '=' INTEGER ';' { fddpi.config.pic_tctimer = $4; } | peerparams TWTIMER '=' INTEGER ';' { fddpi.config.pic_twtimer = $4; } | peerparams TLS_PRIO '=' QSTRING ';' { fddpi.config.pic_priority = $4; } | peerparams CONNTO '=' QSTRING ';' { struct addrinfo hints, *ai; int ret; int disc = 0; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST; ret = getaddrinfo($4, NULL, &hints, &ai); if (ret == EAI_NONAME) { /* The name was maybe not numeric, try again */ disc = EP_FL_DISC; hints.ai_flags &= ~ AI_NUMERICHOST; ret = getaddrinfo($4, NULL, &hints, &ai); } if (ret) { yyerror (&yylloc, conf, gai_strerror(ret)); YYERROR; } CHECK_FCT_DO( fd_ep_add_merge( &fddpi.pi_endpoints, ai->ai_addr, ai->ai_addrlen, EP_FL_CONF | (disc ?: EP_ACCEPTALL) ), YYERROR ); free($4); freeaddrinfo(ai); } ; tls_cred: TLS_CRED '=' QSTRING ',' QSTRING ';' { FILE * fd; fd = fopen($3, "r"); if (fd == NULL) { int ret = errno; TRACE_ERROR("Unable to open certificate file %s for reading: %s", $3, strerror(ret)); yyerror (&yylloc, conf, "Error on file name"); YYERROR; } fclose(fd); fd = fopen($5, "r"); if (fd == NULL) { int ret = errno; TRACE_ERROR("Unable to open private key file %s for reading: %s", $5, strerror(ret)); yyerror (&yylloc, conf, "Error on file name"); YYERROR; } fclose(fd); conf->cnf_sec_data.cert_file = $3; conf->cnf_sec_data.key_file = $5; CHECK_GNUTLS_DO( gnutls_certificate_set_x509_key_file( conf->cnf_sec_data.credentials, conf->cnf_sec_data.cert_file, conf->cnf_sec_data.key_file, GNUTLS_X509_FMT_PEM), { yyerror (&yylloc, conf, "Error opening certificate or private key file."); YYERROR; } ); } ; tls_ca: TLS_CA '=' QSTRING ';' { FILE * fd; fd = fopen($3, "rb"); if (fd == NULL) { int ret = errno; TRACE_ERROR("Unable to open CA file %s for reading: %s", $3, strerror(ret)); yyerror (&yylloc, conf, "Error on file name"); YYERROR; } #ifdef GNUTLS_VERSION_300 { /* We import these CA in the trust list */ gnutls_x509_crt_t * calist; unsigned int cacount; gnutls_datum_t cafile; CHECK_FCT_DO( fd_conf_stream_to_gnutls_datum(fd, &cafile), { yyerror (&yylloc, conf, "Error reading CA file."); YYERROR; } ); CHECK_GNUTLS_DO( gnutls_x509_crt_list_import2(&calist, &cacount, &cafile, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED), { yyerror (&yylloc, conf, "Error importing CA file."); YYERROR; } ); free(cafile.data); CHECK_GNUTLS_DO( gnutls_x509_trust_list_add_cas (fd_g_config->cnf_sec_data.trustlist, calist, cacount, 0), { yyerror (&yylloc, conf, "Error saving CA in trust list."); YYERROR; } ); } #endif /* GNUTLS_VERSION_300 */ fclose(fd); conf->cnf_sec_data.ca_file = $3; CHECK_GNUTLS_DO( conf->cnf_sec_data.ca_file_nr += gnutls_certificate_set_x509_trust_file( conf->cnf_sec_data.credentials, conf->cnf_sec_data.ca_file, GNUTLS_X509_FMT_PEM), { yyerror (&yylloc, conf, "Error setting CA parameters."); YYERROR; } ); } ; tls_crl: TLS_CRL '=' QSTRING ';' { FILE * fd; fd = fopen($3, "rb"); if (fd == NULL) { int ret = errno; TRACE_ERROR("Unable to open CRL file %s for reading: %s", $3, strerror(ret)); yyerror (&yylloc, conf, "Error on file name"); YYERROR; } #ifdef GNUTLS_VERSION_300 { /* We import these CRL in the trust list */ gnutls_x509_crl_t * crllist; unsigned int crlcount; gnutls_datum_t crlfile; CHECK_FCT_DO( fd_conf_stream_to_gnutls_datum(fd, &crlfile), { yyerror (&yylloc, conf, "Error reading CRL file."); YYERROR; } ); CHECK_GNUTLS_DO( gnutls_x509_crl_list_import2(&crllist, &crlcount, &crlfile, GNUTLS_X509_FMT_PEM, 0), { yyerror (&yylloc, conf, "Error importing CRL file."); YYERROR; } ); free(crlfile.data); CHECK_GNUTLS_DO( gnutls_x509_trust_list_add_crls (fd_g_config->cnf_sec_data.trustlist, crllist, crlcount, GNUTLS_TL_VERIFY_CRL, 0), { yyerror (&yylloc, conf, "Error importing CRL in trust list."); YYERROR; } ); } #endif /* GNUTLS_VERSION_300 */ fclose(fd); conf->cnf_sec_data.crl_file = $3; CHECK_GNUTLS_DO( gnutls_certificate_set_x509_crl_file( conf->cnf_sec_data.credentials, conf->cnf_sec_data.crl_file, GNUTLS_X509_FMT_PEM), { yyerror (&yylloc, conf, "Error setting CRL parameters."); YYERROR; } ); } ; tls_prio: TLS_PRIO '=' QSTRING ';' { const char * err_pos = NULL; conf->cnf_sec_data.prio_string = $3; CHECK_GNUTLS_DO( gnutls_priority_init( &conf->cnf_sec_data.prio_cache, conf->cnf_sec_data.prio_string, &err_pos), { yyerror (&yylloc, conf, "Error setting Priority parameter."); TRACE_ERROR("Error at position : %s", err_pos); YYERROR; } ); } ; tls_dh: TLS_DH_BITS '=' INTEGER ';' { conf->cnf_sec_data.dh_bits = $3; } | TLS_DH_FILE '=' QSTRING ';' { FILE * fd; free(conf->cnf_sec_data.dh_file); conf->cnf_sec_data.dh_file = $3; fd = fopen($3, "r"); if (fd == NULL) { int ret = errno; TRACE_ERROR("Unable to open DH file %s for reading: %s", $3, strerror(ret)); yyerror (&yylloc, conf, "Error on file name"); YYERROR; } fclose(fd); } ; rr_values: ALWAYS { conf->cnf_rr_in_answers = 1; } | NEVER { conf->cnf_rr_in_answers = 0; } ; rr_in_answers: RR_IN_ANSWERS '=' rr_values ';' ;