Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/zonecfg/zonecfg_lex.l
+++ new/usr/src/cmd/zonecfg/zonecfg_lex.l
1 1 %{
2 2 /*
3 3 * CDDL HEADER START
4 4 *
5 5 * The contents of this file are subject to the terms of the
6 6 * Common Development and Distribution License (the "License").
7 7 * You may not use this file except in compliance with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22
23 23 /*
24 24 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
25 25 */
26 26
27 27 #include <assert.h>
28 28 #include <string.h>
29 29 #include <libintl.h>
30 30 #include "zonecfg.h"
31 31 #include "zonecfg_grammar.tab.h"
32 32
33 33 /*
34 34 * This constant defines the number of entries added to unclaimed_tokens[]
35 35 * when it runs out of space.
36 36 */
37 37 #define UNCLAIMED_TOKENS_BUFFER_GROWTH 4
38 38
39 39 /*
40 40 * Invariants:
41 41 *
42 42 * unclaimed_tokens == NULL IFF unclaimed_tokens_size == 0
43 43 * unclaimed_tokens_size == 0 IFF num_unclaimed_tokens == 0
44 44 */
45 45 static char **unclaimed_tokens; /* TOKENs produced by Lex (see below) */
46 46 /* but not claimed by YACC reduction */
47 47 /* rules */
48 48 static unsigned int unclaimed_tokens_size; /* size of unclaimed_tokens */
49 49 static unsigned int num_unclaimed_tokens; /* number of unclaimed TOKENs */
50 50
51 51 int lex_lineno = 1; /* line number for error reporting */
52 52 static int state = INITIAL;
53 53 extern boolean_t cmd_file_mode;
54 54 extern boolean_t saw_error;
55 55 extern void yyerror(char *s);
56 56
57 57 static char *create_token(char *s);
58 58 %}
59 59
60 60 %a 7000
61 61 %p 5000
62 62 %e 2000
63 63 %n 1000
64 64
65 65 %{
66 66 /*
67 67 * The three states below are for tokens, lists and complex property values.
68 68 * Note that simple property values are a subset of tokens.
69 69 */
70 70 %}
71 71 %s TSTATE
72 72 %s LSTATE
73 73 %s CSTATE
74 74 %%
75 75
76 76 <INITIAL>"#"[^\n]* { }
77 77
78 78 <INITIAL>add {
79 79 BEGIN TSTATE;
80 80 state = TSTATE;
81 81 return ADD;
82 82 }
83 83
84 84 <INITIAL>cancel {
85 85 BEGIN TSTATE;
86 86 state = TSTATE;
87 87 return CANCEL;
88 88 }
89 89
90 90 <INITIAL>commit {
91 91 BEGIN TSTATE;
92 92 state = TSTATE;
93 93 return COMMIT;
94 94 }
95 95
96 96 <INITIAL>create {
97 97 BEGIN TSTATE;
98 98 state = TSTATE;
99 99 return CREATE;
100 100 }
101 101
102 102 <INITIAL>delete {
103 103 BEGIN TSTATE;
104 104 state = TSTATE;
105 105 return DELETE;
106 106 }
107 107
108 108 <INITIAL>end {
109 109 BEGIN TSTATE;
110 110 state = TSTATE;
111 111 return END;
112 112 }
113 113
114 114 <INITIAL>exit {
115 115 BEGIN TSTATE;
116 116 state = TSTATE;
117 117 return EXIT;
118 118 }
119 119
120 120 <INITIAL>export {
121 121 BEGIN TSTATE;
122 122 state = TSTATE;
123 123 return EXPORT;
124 124 }
125 125
126 126 <INITIAL>"?"|help {
127 127 BEGIN TSTATE;
128 128 state = TSTATE;
129 129 return HELP;
130 130 }
131 131
132 132 <INITIAL>info {
133 133 BEGIN TSTATE;
134 134 state = TSTATE;
135 135 return INFO;
136 136 }
137 137
138 138 <INITIAL>remove {
139 139 BEGIN TSTATE;
140 140 state = TSTATE;
141 141 return REMOVE;
142 142 }
143 143
144 144 <INITIAL>revert {
145 145 BEGIN TSTATE;
146 146 state = TSTATE;
147 147 return REVERT;
148 148 }
149 149
150 150 <INITIAL>select {
151 151 BEGIN TSTATE;
152 152 state = TSTATE;
153 153 return SELECT;
154 154 }
155 155
156 156 <INITIAL>set {
157 157 BEGIN TSTATE;
158 158 state = TSTATE;
159 159 return SET;
160 160 }
161 161
162 162 <INITIAL>clear {
163 163 BEGIN TSTATE;
164 164 state = TSTATE;
165 165 return CLEAR;
166 166 }
167 167
168 168 <INITIAL>verify {
169 169 BEGIN TSTATE;
170 170 state = TSTATE;
171 171 return VERIFY;
172 172 }
173 173
174 174 <TSTATE>net { return NET; }
175 175
|
↓ open down ↓ |
175 lines elided |
↑ open up ↑ |
176 176 <TSTATE>fs { return FS; }
177 177
178 178 <TSTATE>device { return DEVICE; }
179 179
180 180 <TSTATE>rctl { return RCTL; }
181 181
182 182 <TSTATE>attr { return ATTR; }
183 183
184 184 <TSTATE>admin { return ADMIN; }
185 185
186 +<TSTATE>security-flags { return SECFLAGS; }
187 +
186 188 <TSTATE>zonename { return ZONENAME; }
187 189 <CSTATE>zonename { return ZONENAME; }
188 190
189 191 <TSTATE>dataset { return DATASET; }
190 192
191 193 <TSTATE>dedicated-cpu { return PSET; }
192 194
193 195 <TSTATE>capped-cpu { return PCAP; }
194 196
195 197 <TSTATE>capped-memory { return MCAP; }
196 198
197 199 <TSTATE>zonepath { return ZONEPATH; }
198 200 <CSTATE>zonepath { return ZONEPATH; }
199 201
200 202 <TSTATE>brand { return BRAND; }
201 203 <CSTATE>brand { return BRAND; }
202 204
203 205 <TSTATE>autoboot { return AUTOBOOT; }
204 206 <CSTATE>autoboot { return AUTOBOOT; }
205 207
206 208 <TSTATE>ip-type { return IPTYPE; }
207 209 <CSTATE>ip-type { return IPTYPE; }
208 210
209 211 <TSTATE>pool { return POOL; }
210 212 <CSTATE>pool { return POOL; }
211 213
212 214 <TSTATE>limitpriv { return LIMITPRIV; }
213 215 <CSTATE>limitpriv { return LIMITPRIV; }
214 216
215 217 <TSTATE>bootargs { return BOOTARGS; }
216 218 <CSTATE>bootargs { return BOOTARGS; }
217 219
218 220 <TSTATE>type { return TYPE; }
219 221 <CSTATE>type { return TYPE; }
220 222
221 223 <TSTATE>value { return VALUE; }
222 224 <CSTATE>value { return VALUE; }
223 225
224 226 <TSTATE>options { return OPTIONS; }
225 227 <CSTATE>options { return OPTIONS; }
226 228
227 229 <TSTATE>allowed-address { return ALLOWED_ADDRESS; }
228 230 <CSTATE>allowed-address { return ALLOWED_ADDRESS; }
229 231
230 232 <TSTATE>address { return ADDRESS; }
231 233 <CSTATE>address { return ADDRESS; }
232 234
233 235 <TSTATE>physical { return PHYSICAL; }
234 236 <CSTATE>physical { return PHYSICAL; }
235 237
236 238 <TSTATE>defrouter { return DEFROUTER; }
237 239 <CSTATE>defrouter { return DEFROUTER; }
238 240
239 241 <TSTATE>dir { return DIR; }
240 242 <CSTATE>dir { return DIR; }
241 243
242 244 <TSTATE>special { return SPECIAL; }
243 245 <CSTATE>special { return SPECIAL; }
244 246
245 247 <TSTATE>raw { return RAW; }
246 248 <CSTATE>raw { return RAW; }
247 249
248 250 <TSTATE>name { return NAME; }
249 251 <CSTATE>name { return NAME; }
250 252
251 253 <TSTATE>match { return MATCH; }
252 254 <CSTATE>match { return MATCH; }
253 255
254 256 <TSTATE>priv { return PRIV; }
255 257 <CSTATE>priv { return PRIV; }
256 258
257 259 <TSTATE>limit { return LIMIT; }
258 260 <CSTATE>limit { return LIMIT; }
259 261
260 262 <TSTATE>action { return ACTION; }
261 263 <CSTATE>action { return ACTION; }
262 264
263 265 <TSTATE>ncpus { return NCPUS; }
264 266 <CSTATE>ncpus { return NCPUS; }
265 267
266 268 <TSTATE>locked { return LOCKED; }
267 269 <CSTATE>locked { return LOCKED; }
268 270
269 271 <TSTATE>swap { return SWAP; }
270 272 <CSTATE>swap { return SWAP; }
271 273
272 274 <TSTATE>importance { return IMPORTANCE; }
273 275 <CSTATE>importance { return IMPORTANCE; }
274 276
275 277 <TSTATE>cpu-shares { return SHARES; }
276 278 <CSTATE>cpu-shares { return SHARES; }
277 279
278 280 <TSTATE>max-lwps { return MAXLWPS; }
279 281 <CSTATE>max-lwps { return MAXLWPS; }
280 282
281 283 <TSTATE>max-processes { return MAXPROCS; }
282 284 <CSTATE>max-processes { return MAXPROCS; }
283 285
284 286 <TSTATE>max-shm-memory { return MAXSHMMEM; }
285 287 <CSTATE>max-shm-memory { return MAXSHMMEM; }
286 288
287 289 <TSTATE>max-shm-ids { return MAXSHMIDS; }
288 290 <CSTATE>max-shm-ids { return MAXSHMIDS; }
289 291
290 292 <TSTATE>max-msg-ids { return MAXMSGIDS; }
291 293 <CSTATE>max-msg-ids { return MAXMSGIDS; }
292 294
293 295 <TSTATE>max-sem-ids { return MAXSEMIDS; }
294 296 <CSTATE>max-sem-ids { return MAXSEMIDS; }
295 297
296 298 <TSTATE>scheduling-class { return SCHED; }
297 299 <CSTATE>scheduling-class { return SCHED; }
298 300
299 301 <TSTATE>hostid { return HOSTID; }
300 302 <CSTATE>hostid { return HOSTID; }
|
↓ open down ↓ |
105 lines elided |
↑ open up ↑ |
301 303
302 304 <TSTATE>user { return USER; }
303 305 <CSTATE>user { return USER; }
304 306
305 307 <TSTATE>auths { return AUTHS; }
306 308 <CSTATE>auths { return AUTHS; }
307 309
308 310 <TSTATE>fs-allowed { return FS_ALLOWED; }
309 311 <CSTATE>fs-allowed { return FS_ALLOWED; }
310 312
313 +<TSTATE>default { return DEFAULT; }
314 +<CSTATE>default { return DEFAULT; }
315 +
316 +<TSTATE>lower { return LOWER; }
317 +<CSTATE>lower { return LOWER; }
318 +
319 +<TSTATE>upper { return UPPER; }
320 +<CSTATE>upper { return UPPER; }
321 +
311 322 <TSTATE>= { return EQUAL; }
312 323 <LSTATE>= { return EQUAL; }
313 324 <CSTATE>= { return EQUAL; }
314 325
315 326 <TSTATE>"[" {
316 327 BEGIN LSTATE;
317 328 state = LSTATE;
318 329 return OPEN_SQ_BRACKET;
319 330 }
320 331
321 332 <LSTATE>"]" {
322 333 BEGIN TSTATE;
323 334 state = TSTATE;
324 335 return CLOSE_SQ_BRACKET;
325 336 }
326 337
327 338 <TSTATE>"(" {
328 339 BEGIN CSTATE;
329 340 return OPEN_PAREN;
330 341 }
331 342
332 343 <LSTATE>"(" {
333 344 BEGIN CSTATE;
334 345 return OPEN_PAREN;
335 346 }
336 347
337 348 <CSTATE>")" {
338 349 BEGIN state;
339 350 return CLOSE_PAREN;
340 351 }
341 352
342 353 <LSTATE>"," { return COMMA; }
343 354 <CSTATE>"," { return COMMA; }
344 355
345 356 <TSTATE>[^ \t\n\";=\[\]\(\)]+ {
346 357 yylval.strval = create_token(yytext);
347 358 return TOKEN;
348 359 }
349 360
350 361 <LSTATE>[^ \t\n\",;=\[\]\(\)]+ {
351 362 yylval.strval = create_token(yytext);
352 363 return TOKEN;
353 364 }
354 365
355 366 <CSTATE>[^ \t\n\",;=\(\)]+ {
356 367 yylval.strval = create_token(yytext);
357 368 return TOKEN;
358 369 }
359 370
360 371 <TSTATE>\"[^\"\n]*[\"\n] {
361 372 yylval.strval = create_token(yytext + 1);
362 373 if (yylval.strval[yyleng - 2] == '"')
363 374 yylval.strval[yyleng - 2] = 0;
364 375 return TOKEN;
365 376 }
366 377
367 378 <LSTATE>\"[^\"\n]*[\"\n] {
368 379 yylval.strval = create_token(yytext + 1);
369 380 if (yylval.strval[yyleng - 2] == '"')
370 381 yylval.strval[yyleng - 2] = 0;
371 382 return TOKEN;
372 383 }
373 384
374 385 ";" {
375 386 BEGIN INITIAL;
376 387 return (yytext[0]);
377 388 }
378 389
379 390 \n {
380 391 lex_lineno++;
381 392 BEGIN INITIAL;
382 393 return (yytext[0]);
383 394 }
384 395
385 396 [ \t] ; /* Ignore whitespace */
386 397
387 398 . {
388 399 return (yytext[0]);
389 400 }
390 401
391 402 %%
392 403
393 404 /*
394 405 * Assert that there are no unclaimed tokens. This function enforces the
395 406 * invariants mentioned at the top of this file.
396 407 */
397 408 void
398 409 assert_no_unclaimed_tokens(void)
399 410 {
400 411 assert(num_unclaimed_tokens == 0);
401 412 assert(unclaimed_tokens == NULL);
402 413 assert(unclaimed_tokens_size == 0);
403 414 }
404 415
405 416 /*
406 417 * Claim the specified unclaimed TOKEN. YACC reduction rules that
407 418 * use TOKENs should invoke this function immediately before freeing the TOKENs
408 419 * or adding them to data structures that will be cleaned up when the YACC
409 420 * parser finishes or encounters errors. Reduction rules should only claim the
410 421 * TOKENs that they use.
411 422 *
412 423 * This function returns its argument but does not free its memory.
413 424 */
414 425 char *
415 426 claim_token(char *token)
416 427 {
417 428 unsigned int index;
418 429
419 430 /*
420 431 * Find the token in the list of unclaimed tokens.
421 432 */
422 433 assert(num_unclaimed_tokens > 0);
423 434 for (index = 0; index < num_unclaimed_tokens; index++) {
424 435 if (unclaimed_tokens[index] == token)
425 436 break;
426 437 }
427 438
428 439 /*
429 440 * Abort if we didn't find the token.
430 441 */
431 442 assert(index != num_unclaimed_tokens);
432 443
433 444 /*
434 445 * Replace the token with the last unclaimed token.
435 446 */
436 447 num_unclaimed_tokens--;
437 448 unclaimed_tokens[index] = unclaimed_tokens[num_unclaimed_tokens];
438 449
439 450 /*
440 451 * Delete the list of unclaimed tokens if it's empty.
441 452 */
442 453 if (num_unclaimed_tokens == 0) {
443 454 free(unclaimed_tokens);
444 455 unclaimed_tokens = NULL;
445 456 unclaimed_tokens_size = 0;
446 457 }
447 458
448 459 return (token);
449 460 }
450 461
451 462 /*
452 463 * Free all unclaimed TOKENs. This should only be invoked when the YACC
453 464 * parser encounters errors.
454 465 */
455 466 static void
456 467 free_tokens(void)
457 468 {
458 469 if (unclaimed_tokens != NULL) {
459 470 while (num_unclaimed_tokens > 0)
460 471 free(unclaimed_tokens[--num_unclaimed_tokens]);
461 472 free(unclaimed_tokens);
462 473 unclaimed_tokens = NULL;
463 474 unclaimed_tokens_size = 0;
464 475 }
465 476 assert_no_unclaimed_tokens();
466 477 }
467 478
468 479 /*
469 480 * Create a TOKEN from the specified string. The TOKEN is merely a duplicate
470 481 * of the specified string. TOKENs must be claimed by the YACC reduction rules
471 482 * that use them; see claim_token() above.
472 483 */
473 484 char *
474 485 create_token(char *s)
475 486 {
476 487 char *result;
477 488
478 489 if ((result = strdup(s)) == NULL) {
479 490 yyerror("Out of memory");
480 491 exit(Z_ERR);
481 492 }
482 493
483 494 /*
484 495 * Add the new TOKEN to the list of unclaimed TOKENs. The list might
485 496 * have to be resized.
486 497 *
487 498 * Reduction rules should claim TOKENs via claim_token() (see above).
488 499 */
489 500 if (num_unclaimed_tokens == unclaimed_tokens_size) {
490 501 char **new_unclaimed_tokens;
491 502
492 503 unclaimed_tokens_size += UNCLAIMED_TOKENS_BUFFER_GROWTH;
493 504 new_unclaimed_tokens = (char **)realloc(unclaimed_tokens,
494 505 unclaimed_tokens_size * sizeof (char *));
495 506 if (new_unclaimed_tokens == NULL) {
496 507 yyerror("Out of memory");
497 508 free(result);
498 509 exit(Z_ERR);
499 510 }
500 511 unclaimed_tokens = new_unclaimed_tokens;
501 512 }
502 513 unclaimed_tokens[num_unclaimed_tokens] = result;
503 514 num_unclaimed_tokens++;
504 515 return (result);
505 516 }
506 517
507 518 void
508 519 yyerror(char *s)
509 520 {
510 521 /*
511 522 * Ensure that we won't leak unclaimed tokens.
512 523 */
513 524 free_tokens();
514 525
515 526 /* feof(yyin) is not an error; anything else is, so we set saw_error */
516 527 if (yytext[0] == '\0') {
517 528 if (!feof(yyin)) {
518 529 saw_error = B_TRUE;
519 530 (void) fprintf(stderr, gettext("%s, token expected\n"),
520 531 s);
521 532 }
522 533 return;
523 534 }
524 535
525 536 saw_error = B_TRUE;
526 537 if (cmd_file_mode)
527 538 (void) fprintf(stderr, gettext("%s on line %d at '%s'\n"), s,
528 539 lex_lineno, (yytext[0] == '\n') ? "\\n" : yytext);
529 540 else
530 541 (void) fprintf(stderr, gettext("%s at '%s'\n"), s,
531 542 (yytext[0] == '\n') ? "\\n" : yytext);
532 543 usage(B_FALSE, HELP_SUBCMDS);
533 544 }
|
↓ open down ↓ |
213 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX