1 /* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */ 2 /* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 29 #include <sys/types.h> 30 #include <sys/ioctl.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 #include <sys/sysctl.h> 34 #include <sys/time.h> 35 #include <sys/wait.h> 36 #include <sys/un.h> 37 38 #include <limits.h> 39 #ifdef HAVE_LIBGEN_H 40 # include <libgen.h> 41 #endif 42 #include <signal.h> 43 #include <stdarg.h> 44 #include <stdio.h> 45 #include <stdlib.h> 46 #include <string.h> 47 #include <time.h> 48 #include <unistd.h> 49 50 #include <netinet/in.h> 51 #include <netinet/in_systm.h> 52 #include <netinet/ip.h> 53 #include <netinet/tcp.h> 54 55 #include <ctype.h> 56 #include <errno.h> 57 #include <fcntl.h> 58 #include <netdb.h> 59 #ifdef HAVE_PATHS_H 60 # include <paths.h> 61 #include <pwd.h> 62 #endif 63 #ifdef SSH_TUN_OPENBSD 64 #include <net/if.h> 65 #endif 66 67 #include "xmalloc.h" 68 #include "misc.h" 69 #include "log.h" 70 #include "ssh.h" 71 #include "sshbuf.h" 72 #include "ssherr.h" 73 #include "platform.h" 74 75 /* remove newline at end of string */ 76 char * 77 chop(char *s) 78 { 79 char *t = s; 80 while (*t) { 81 if (*t == '\n' || *t == '\r') { 82 *t = '\0'; 83 return s; 84 } 85 t++; 86 } 87 return s; 88 89 } 90 91 /* set/unset filedescriptor to non-blocking */ 92 int 93 set_nonblock(int fd) 94 { 95 int val; 96 97 val = fcntl(fd, F_GETFL); 98 if (val < 0) { 99 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 100 return (-1); 101 } 102 if (val & O_NONBLOCK) { 103 debug3("fd %d is O_NONBLOCK", fd); 104 return (0); 105 } 106 debug2("fd %d setting O_NONBLOCK", fd); 107 val |= O_NONBLOCK; 108 if (fcntl(fd, F_SETFL, val) == -1) { 109 debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, 110 strerror(errno)); 111 return (-1); 112 } 113 return (0); 114 } 115 116 int 117 unset_nonblock(int fd) 118 { 119 int val; 120 121 val = fcntl(fd, F_GETFL); 122 if (val < 0) { 123 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 124 return (-1); 125 } 126 if (!(val & O_NONBLOCK)) { 127 debug3("fd %d is not O_NONBLOCK", fd); 128 return (0); 129 } 130 debug("fd %d clearing O_NONBLOCK", fd); 131 val &= ~O_NONBLOCK; 132 if (fcntl(fd, F_SETFL, val) == -1) { 133 debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", 134 fd, strerror(errno)); 135 return (-1); 136 } 137 return (0); 138 } 139 140 const char * 141 ssh_gai_strerror(int gaierr) 142 { 143 if (gaierr == EAI_SYSTEM && errno != 0) 144 return strerror(errno); 145 return gai_strerror(gaierr); 146 } 147 148 /* disable nagle on socket */ 149 void 150 set_nodelay(int fd) 151 { 152 int opt; 153 socklen_t optlen; 154 155 optlen = sizeof opt; 156 if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { 157 debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); 158 return; 159 } 160 if (opt == 1) { 161 debug2("fd %d is TCP_NODELAY", fd); 162 return; 163 } 164 opt = 1; 165 debug2("fd %d setting TCP_NODELAY", fd); 166 if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) 167 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 168 } 169 170 /* Allow local port reuse in TIME_WAIT */ 171 int 172 set_reuseaddr(int fd) 173 { 174 int on = 1; 175 176 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) { 177 error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); 178 return -1; 179 } 180 return 0; 181 } 182 183 /* Get/set routing domain */ 184 char * 185 get_rdomain(int fd) 186 { 187 #if defined(HAVE_SYS_GET_RDOMAIN) 188 return sys_get_rdomain(fd); 189 #elif defined(__OpenBSD__) 190 int rtable; 191 char *ret; 192 socklen_t len = sizeof(rtable); 193 194 if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) { 195 error("Failed to get routing domain for fd %d: %s", 196 fd, strerror(errno)); 197 return NULL; 198 } 199 xasprintf(&ret, "%d", rtable); 200 return ret; 201 #else /* defined(__OpenBSD__) */ 202 return NULL; 203 #endif 204 } 205 206 int 207 set_rdomain(int fd, const char *name) 208 { 209 #if defined(HAVE_SYS_SET_RDOMAIN) 210 return sys_set_rdomain(fd, name); 211 #elif defined(__OpenBSD__) 212 int rtable; 213 const char *errstr; 214 215 if (name == NULL) 216 return 0; /* default table */ 217 218 rtable = (int)strtonum(name, 0, 255, &errstr); 219 if (errstr != NULL) { 220 /* Shouldn't happen */ 221 error("Invalid routing domain \"%s\": %s", name, errstr); 222 return -1; 223 } 224 if (setsockopt(fd, SOL_SOCKET, SO_RTABLE, 225 &rtable, sizeof(rtable)) == -1) { 226 error("Failed to set routing domain %d on fd %d: %s", 227 rtable, fd, strerror(errno)); 228 return -1; 229 } 230 return 0; 231 #else /* defined(__OpenBSD__) */ 232 error("Setting routing domain is not supported on this platform"); 233 return -1; 234 #endif 235 } 236 237 /* Characters considered whitespace in strsep calls. */ 238 #define WHITESPACE " \t\r\n" 239 #define QUOTE "\"" 240 241 /* return next token in configuration line */ 242 static char * 243 strdelim_internal(char **s, int split_equals) 244 { 245 char *old; 246 int wspace = 0; 247 248 if (*s == NULL) 249 return NULL; 250 251 old = *s; 252 253 *s = strpbrk(*s, 254 split_equals ? WHITESPACE QUOTE "=" : WHITESPACE QUOTE); 255 if (*s == NULL) 256 return (old); 257 258 if (*s[0] == '\"') { 259 memmove(*s, *s + 1, strlen(*s)); /* move nul too */ 260 /* Find matching quote */ 261 if ((*s = strpbrk(*s, QUOTE)) == NULL) { 262 return (NULL); /* no matching quote */ 263 } else { 264 *s[0] = '\0'; 265 *s += strspn(*s + 1, WHITESPACE) + 1; 266 return (old); 267 } 268 } 269 270 /* Allow only one '=' to be skipped */ 271 if (split_equals && *s[0] == '=') 272 wspace = 1; 273 *s[0] = '\0'; 274 275 /* Skip any extra whitespace after first token */ 276 *s += strspn(*s + 1, WHITESPACE) + 1; 277 if (split_equals && *s[0] == '=' && !wspace) 278 *s += strspn(*s + 1, WHITESPACE) + 1; 279 280 return (old); 281 } 282 283 /* 284 * Return next token in configuration line; splts on whitespace or a 285 * single '=' character. 286 */ 287 char * 288 strdelim(char **s) 289 { 290 return strdelim_internal(s, 1); 291 } 292 293 /* 294 * Return next token in configuration line; splts on whitespace only. 295 */ 296 char * 297 strdelimw(char **s) 298 { 299 return strdelim_internal(s, 0); 300 } 301 302 struct passwd * 303 pwcopy(struct passwd *pw) 304 { 305 struct passwd *copy = xcalloc(1, sizeof(*copy)); 306 307 copy->pw_name = xstrdup(pw->pw_name); 308 copy->pw_passwd = xstrdup(pw->pw_passwd); 309 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS 310 copy->pw_gecos = xstrdup(pw->pw_gecos); 311 #endif 312 copy->pw_uid = pw->pw_uid; 313 copy->pw_gid = pw->pw_gid; 314 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE 315 copy->pw_expire = pw->pw_expire; 316 #endif 317 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE 318 copy->pw_change = pw->pw_change; 319 #endif 320 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS 321 copy->pw_class = xstrdup(pw->pw_class); 322 #endif 323 copy->pw_dir = xstrdup(pw->pw_dir); 324 copy->pw_shell = xstrdup(pw->pw_shell); 325 return copy; 326 } 327 328 /* 329 * Convert ASCII string to TCP/IP port number. 330 * Port must be >=0 and <=65535. 331 * Return -1 if invalid. 332 */ 333 int 334 a2port(const char *s) 335 { 336 long long port; 337 const char *errstr; 338 339 port = strtonum(s, 0, 65535, &errstr); 340 if (errstr != NULL) 341 return -1; 342 return (int)port; 343 } 344 345 int 346 a2tun(const char *s, int *remote) 347 { 348 const char *errstr = NULL; 349 char *sp, *ep; 350 int tun; 351 352 if (remote != NULL) { 353 *remote = SSH_TUNID_ANY; 354 sp = xstrdup(s); 355 if ((ep = strchr(sp, ':')) == NULL) { 356 free(sp); 357 return (a2tun(s, NULL)); 358 } 359 ep[0] = '\0'; ep++; 360 *remote = a2tun(ep, NULL); 361 tun = a2tun(sp, NULL); 362 free(sp); 363 return (*remote == SSH_TUNID_ERR ? *remote : tun); 364 } 365 366 if (strcasecmp(s, "any") == 0) 367 return (SSH_TUNID_ANY); 368 369 tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); 370 if (errstr != NULL) 371 return (SSH_TUNID_ERR); 372 373 return (tun); 374 } 375 376 #define SECONDS 1 377 #define MINUTES (SECONDS * 60) 378 #define HOURS (MINUTES * 60) 379 #define DAYS (HOURS * 24) 380 #define WEEKS (DAYS * 7) 381 382 /* 383 * Convert a time string into seconds; format is 384 * a sequence of: 385 * time[qualifier] 386 * 387 * Valid time qualifiers are: 388 * <none> seconds 389 * s|S seconds 390 * m|M minutes 391 * h|H hours 392 * d|D days 393 * w|W weeks 394 * 395 * Examples: 396 * 90m 90 minutes 397 * 1h30m 90 minutes 398 * 2d 2 days 399 * 1w 1 week 400 * 401 * Return -1 if time string is invalid. 402 */ 403 long 404 convtime(const char *s) 405 { 406 long total, secs, multiplier = 1; 407 const char *p; 408 char *endp; 409 410 errno = 0; 411 total = 0; 412 p = s; 413 414 if (p == NULL || *p == '\0') 415 return -1; 416 417 while (*p) { 418 secs = strtol(p, &endp, 10); 419 if (p == endp || 420 (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) || 421 secs < 0) 422 return -1; 423 424 switch (*endp++) { 425 case '\0': 426 endp--; 427 break; 428 case 's': 429 case 'S': 430 break; 431 case 'm': 432 case 'M': 433 multiplier = MINUTES; 434 break; 435 case 'h': 436 case 'H': 437 multiplier = HOURS; 438 break; 439 case 'd': 440 case 'D': 441 multiplier = DAYS; 442 break; 443 case 'w': 444 case 'W': 445 multiplier = WEEKS; 446 break; 447 default: 448 return -1; 449 } 450 if (secs >= LONG_MAX / multiplier) 451 return -1; 452 secs *= multiplier; 453 if (total >= LONG_MAX - secs) 454 return -1; 455 total += secs; 456 if (total < 0) 457 return -1; 458 p = endp; 459 } 460 461 return total; 462 } 463 464 /* 465 * Returns a standardized host+port identifier string. 466 * Caller must free returned string. 467 */ 468 char * 469 put_host_port(const char *host, u_short port) 470 { 471 char *hoststr; 472 473 if (port == 0 || port == SSH_DEFAULT_PORT) 474 return(xstrdup(host)); 475 if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) 476 fatal("put_host_port: asprintf: %s", strerror(errno)); 477 debug3("put_host_port: %s", hoststr); 478 return hoststr; 479 } 480 481 /* 482 * Search for next delimiter between hostnames/addresses and ports. 483 * Argument may be modified (for termination). 484 * Returns *cp if parsing succeeds. 485 * *cp is set to the start of the next field, if one was found. 486 * The delimiter char, if present, is stored in delim. 487 * If this is the last field, *cp is set to NULL. 488 */ 489 static char * 490 hpdelim2(char **cp, char *delim) 491 { 492 char *s, *old; 493 494 if (cp == NULL || *cp == NULL) 495 return NULL; 496 497 old = s = *cp; 498 if (*s == '[') { 499 if ((s = strchr(s, ']')) == NULL) 500 return NULL; 501 else 502 s++; 503 } else if ((s = strpbrk(s, ":/")) == NULL) 504 s = *cp + strlen(*cp); /* skip to end (see first case below) */ 505 506 switch (*s) { 507 case '\0': 508 *cp = NULL; /* no more fields*/ 509 break; 510 511 case ':': 512 case '/': 513 if (delim != NULL) 514 *delim = *s; 515 *s = '\0'; /* terminate */ 516 *cp = s + 1; 517 break; 518 519 default: 520 return NULL; 521 } 522 523 return old; 524 } 525 526 char * 527 hpdelim(char **cp) 528 { 529 return hpdelim2(cp, NULL); 530 } 531 532 char * 533 cleanhostname(char *host) 534 { 535 if (*host == '[' && host[strlen(host) - 1] == ']') { 536 host[strlen(host) - 1] = '\0'; 537 return (host + 1); 538 } else 539 return host; 540 } 541 542 char * 543 colon(char *cp) 544 { 545 int flag = 0; 546 547 if (*cp == ':') /* Leading colon is part of file name. */ 548 return NULL; 549 if (*cp == '[') 550 flag = 1; 551 552 for (; *cp; ++cp) { 553 if (*cp == '@' && *(cp+1) == '[') 554 flag = 1; 555 if (*cp == ']' && *(cp+1) == ':' && flag) 556 return (cp+1); 557 if (*cp == ':' && !flag) 558 return (cp); 559 if (*cp == '/') 560 return NULL; 561 } 562 return NULL; 563 } 564 565 /* 566 * Parse a [user@]host:[path] string. 567 * Caller must free returned user, host and path. 568 * Any of the pointer return arguments may be NULL (useful for syntax checking). 569 * If user was not specified then *userp will be set to NULL. 570 * If host was not specified then *hostp will be set to NULL. 571 * If path was not specified then *pathp will be set to ".". 572 * Returns 0 on success, -1 on failure. 573 */ 574 int 575 parse_user_host_path(const char *s, char **userp, char **hostp, char **pathp) 576 { 577 char *user = NULL, *host = NULL, *path = NULL; 578 char *sdup, *tmp; 579 int ret = -1; 580 581 if (userp != NULL) 582 *userp = NULL; 583 if (hostp != NULL) 584 *hostp = NULL; 585 if (pathp != NULL) 586 *pathp = NULL; 587 588 sdup = xstrdup(s); 589 590 /* Check for remote syntax: [user@]host:[path] */ 591 if ((tmp = colon(sdup)) == NULL) 592 goto out; 593 594 /* Extract optional path */ 595 *tmp++ = '\0'; 596 if (*tmp == '\0') 597 tmp = "."; 598 path = xstrdup(tmp); 599 600 /* Extract optional user and mandatory host */ 601 tmp = strrchr(sdup, '@'); 602 if (tmp != NULL) { 603 *tmp++ = '\0'; 604 host = xstrdup(cleanhostname(tmp)); 605 if (*sdup != '\0') 606 user = xstrdup(sdup); 607 } else { 608 host = xstrdup(cleanhostname(sdup)); 609 user = NULL; 610 } 611 612 /* Success */ 613 if (userp != NULL) { 614 *userp = user; 615 user = NULL; 616 } 617 if (hostp != NULL) { 618 *hostp = host; 619 host = NULL; 620 } 621 if (pathp != NULL) { 622 *pathp = path; 623 path = NULL; 624 } 625 ret = 0; 626 out: 627 free(sdup); 628 free(user); 629 free(host); 630 free(path); 631 return ret; 632 } 633 634 /* 635 * Parse a [user@]host[:port] string. 636 * Caller must free returned user and host. 637 * Any of the pointer return arguments may be NULL (useful for syntax checking). 638 * If user was not specified then *userp will be set to NULL. 639 * If port was not specified then *portp will be -1. 640 * Returns 0 on success, -1 on failure. 641 */ 642 int 643 parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) 644 { 645 char *sdup, *cp, *tmp; 646 char *user = NULL, *host = NULL; 647 int port = -1, ret = -1; 648 649 if (userp != NULL) 650 *userp = NULL; 651 if (hostp != NULL) 652 *hostp = NULL; 653 if (portp != NULL) 654 *portp = -1; 655 656 if ((sdup = tmp = strdup(s)) == NULL) 657 return -1; 658 /* Extract optional username */ 659 if ((cp = strrchr(tmp, '@')) != NULL) { 660 *cp = '\0'; 661 if (*tmp == '\0') 662 goto out; 663 if ((user = strdup(tmp)) == NULL) 664 goto out; 665 tmp = cp + 1; 666 } 667 /* Extract mandatory hostname */ 668 if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0') 669 goto out; 670 host = xstrdup(cleanhostname(cp)); 671 /* Convert and verify optional port */ 672 if (tmp != NULL && *tmp != '\0') { 673 if ((port = a2port(tmp)) <= 0) 674 goto out; 675 } 676 /* Success */ 677 if (userp != NULL) { 678 *userp = user; 679 user = NULL; 680 } 681 if (hostp != NULL) { 682 *hostp = host; 683 host = NULL; 684 } 685 if (portp != NULL) 686 *portp = port; 687 ret = 0; 688 out: 689 free(sdup); 690 free(user); 691 free(host); 692 return ret; 693 } 694 695 /* 696 * Converts a two-byte hex string to decimal. 697 * Returns the decimal value or -1 for invalid input. 698 */ 699 static int 700 hexchar(const char *s) 701 { 702 unsigned char result[2]; 703 int i; 704 705 for (i = 0; i < 2; i++) { 706 if (s[i] >= '0' && s[i] <= '9') 707 result[i] = (unsigned char)(s[i] - '0'); 708 else if (s[i] >= 'a' && s[i] <= 'f') 709 result[i] = (unsigned char)(s[i] - 'a') + 10; 710 else if (s[i] >= 'A' && s[i] <= 'F') 711 result[i] = (unsigned char)(s[i] - 'A') + 10; 712 else 713 return -1; 714 } 715 return (result[0] << 4) | result[1]; 716 } 717 718 /* 719 * Decode an url-encoded string. 720 * Returns a newly allocated string on success or NULL on failure. 721 */ 722 static char * 723 urldecode(const char *src) 724 { 725 char *ret, *dst; 726 int ch; 727 728 ret = xmalloc(strlen(src) + 1); 729 for (dst = ret; *src != '\0'; src++) { 730 switch (*src) { 731 case '+': 732 *dst++ = ' '; 733 break; 734 case '%': 735 if (!isxdigit((unsigned char)src[1]) || 736 !isxdigit((unsigned char)src[2]) || 737 (ch = hexchar(src + 1)) == -1) { 738 free(ret); 739 return NULL; 740 } 741 *dst++ = ch; 742 src += 2; 743 break; 744 default: 745 *dst++ = *src; 746 break; 747 } 748 } 749 *dst = '\0'; 750 751 return ret; 752 } 753 754 /* 755 * Parse an (scp|ssh|sftp)://[user@]host[:port][/path] URI. 756 * See https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04 757 * Either user or path may be url-encoded (but not host or port). 758 * Caller must free returned user, host and path. 759 * Any of the pointer return arguments may be NULL (useful for syntax checking) 760 * but the scheme must always be specified. 761 * If user was not specified then *userp will be set to NULL. 762 * If port was not specified then *portp will be -1. 763 * If path was not specified then *pathp will be set to NULL. 764 * Returns 0 on success, 1 if non-uri/wrong scheme, -1 on error/invalid uri. 765 */ 766 int 767 parse_uri(const char *scheme, const char *uri, char **userp, char **hostp, 768 int *portp, char **pathp) 769 { 770 char *uridup, *cp, *tmp, ch; 771 char *user = NULL, *host = NULL, *path = NULL; 772 int port = -1, ret = -1; 773 size_t len; 774 775 len = strlen(scheme); 776 if (strncmp(uri, scheme, len) != 0 || strncmp(uri + len, "://", 3) != 0) 777 return 1; 778 uri += len + 3; 779 780 if (userp != NULL) 781 *userp = NULL; 782 if (hostp != NULL) 783 *hostp = NULL; 784 if (portp != NULL) 785 *portp = -1; 786 if (pathp != NULL) 787 *pathp = NULL; 788 789 uridup = tmp = xstrdup(uri); 790 791 /* Extract optional ssh-info (username + connection params) */ 792 if ((cp = strchr(tmp, '@')) != NULL) { 793 char *delim; 794 795 *cp = '\0'; 796 /* Extract username and connection params */ 797 if ((delim = strchr(tmp, ';')) != NULL) { 798 /* Just ignore connection params for now */ 799 *delim = '\0'; 800 } 801 if (*tmp == '\0') { 802 /* Empty username */ 803 goto out; 804 } 805 if ((user = urldecode(tmp)) == NULL) 806 goto out; 807 tmp = cp + 1; 808 } 809 810 /* Extract mandatory hostname */ 811 if ((cp = hpdelim2(&tmp, &ch)) == NULL || *cp == '\0') 812 goto out; 813 host = xstrdup(cleanhostname(cp)); 814 if (!valid_domain(host, 0, NULL)) 815 goto out; 816 817 if (tmp != NULL && *tmp != '\0') { 818 if (ch == ':') { 819 /* Convert and verify port. */ 820 if ((cp = strchr(tmp, '/')) != NULL) 821 *cp = '\0'; 822 if ((port = a2port(tmp)) <= 0) 823 goto out; 824 tmp = cp ? cp + 1 : NULL; 825 } 826 if (tmp != NULL && *tmp != '\0') { 827 /* Extract optional path */ 828 if ((path = urldecode(tmp)) == NULL) 829 goto out; 830 } 831 } 832 833 /* Success */ 834 if (userp != NULL) { 835 *userp = user; 836 user = NULL; 837 } 838 if (hostp != NULL) { 839 *hostp = host; 840 host = NULL; 841 } 842 if (portp != NULL) 843 *portp = port; 844 if (pathp != NULL) { 845 *pathp = path; 846 path = NULL; 847 } 848 ret = 0; 849 out: 850 free(uridup); 851 free(user); 852 free(host); 853 free(path); 854 return ret; 855 } 856 857 /* function to assist building execv() arguments */ 858 void 859 addargs(arglist *args, char *fmt, ...) 860 { 861 va_list ap; 862 char *cp; 863 u_int nalloc; 864 int r; 865 866 va_start(ap, fmt); 867 r = vasprintf(&cp, fmt, ap); 868 va_end(ap); 869 if (r == -1) 870 fatal("addargs: argument too long"); 871 872 nalloc = args->nalloc; 873 if (args->list == NULL) { 874 nalloc = 32; 875 args->num = 0; 876 } else if (args->num+2 >= nalloc) 877 nalloc *= 2; 878 879 args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); 880 args->nalloc = nalloc; 881 args->list[args->num++] = cp; 882 args->list[args->num] = NULL; 883 } 884 885 void 886 replacearg(arglist *args, u_int which, char *fmt, ...) 887 { 888 va_list ap; 889 char *cp; 890 int r; 891 892 va_start(ap, fmt); 893 r = vasprintf(&cp, fmt, ap); 894 va_end(ap); 895 if (r == -1) 896 fatal("replacearg: argument too long"); 897 898 if (which >= args->num) 899 fatal("replacearg: tried to replace invalid arg %d >= %d", 900 which, args->num); 901 free(args->list[which]); 902 args->list[which] = cp; 903 } 904 905 void 906 freeargs(arglist *args) 907 { 908 u_int i; 909 910 if (args->list != NULL) { 911 for (i = 0; i < args->num; i++) 912 free(args->list[i]); 913 free(args->list); 914 args->nalloc = args->num = 0; 915 args->list = NULL; 916 } 917 } 918 919 /* 920 * Expands tildes in the file name. Returns data allocated by xmalloc. 921 * Warning: this calls getpw*. 922 */ 923 char * 924 tilde_expand_filename(const char *filename, uid_t uid) 925 { 926 const char *path, *sep; 927 char user[128], *ret; 928 struct passwd *pw; 929 u_int len, slash; 930 931 if (*filename != '~') 932 return (xstrdup(filename)); 933 filename++; 934 935 path = strchr(filename, '/'); 936 if (path != NULL && path > filename) { /* ~user/path */ 937 slash = path - filename; 938 if (slash > sizeof(user) - 1) 939 fatal("tilde_expand_filename: ~username too long"); 940 memcpy(user, filename, slash); 941 user[slash] = '\0'; 942 if ((pw = getpwnam(user)) == NULL) 943 fatal("tilde_expand_filename: No such user %s", user); 944 } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ 945 fatal("tilde_expand_filename: No such uid %ld", (long)uid); 946 947 /* Make sure directory has a trailing '/' */ 948 len = strlen(pw->pw_dir); 949 if (len == 0 || pw->pw_dir[len - 1] != '/') 950 sep = "/"; 951 else 952 sep = ""; 953 954 /* Skip leading '/' from specified path */ 955 if (path != NULL) 956 filename = path + 1; 957 958 if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) 959 fatal("tilde_expand_filename: Path too long"); 960 961 return (ret); 962 } 963 964 /* 965 * Expand a string with a set of %[char] escapes. A number of escapes may be 966 * specified as (char *escape_chars, char *replacement) pairs. The list must 967 * be terminated by a NULL escape_char. Returns replaced string in memory 968 * allocated by xmalloc. 969 */ 970 char * 971 percent_expand(const char *string, ...) 972 { 973 #define EXPAND_MAX_KEYS 16 974 u_int num_keys, i, j; 975 struct { 976 const char *key; 977 const char *repl; 978 } keys[EXPAND_MAX_KEYS]; 979 char buf[4096]; 980 va_list ap; 981 982 /* Gather keys */ 983 va_start(ap, string); 984 for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { 985 keys[num_keys].key = va_arg(ap, char *); 986 if (keys[num_keys].key == NULL) 987 break; 988 keys[num_keys].repl = va_arg(ap, char *); 989 if (keys[num_keys].repl == NULL) 990 fatal("%s: NULL replacement", __func__); 991 } 992 if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) 993 fatal("%s: too many keys", __func__); 994 va_end(ap); 995 996 /* Expand string */ 997 *buf = '\0'; 998 for (i = 0; *string != '\0'; string++) { 999 if (*string != '%') { 1000 append: 1001 buf[i++] = *string; 1002 if (i >= sizeof(buf)) 1003 fatal("%s: string too long", __func__); 1004 buf[i] = '\0'; 1005 continue; 1006 } 1007 string++; 1008 /* %% case */ 1009 if (*string == '%') 1010 goto append; 1011 if (*string == '\0') 1012 fatal("%s: invalid format", __func__); 1013 for (j = 0; j < num_keys; j++) { 1014 if (strchr(keys[j].key, *string) != NULL) { 1015 i = strlcat(buf, keys[j].repl, sizeof(buf)); 1016 if (i >= sizeof(buf)) 1017 fatal("%s: string too long", __func__); 1018 break; 1019 } 1020 } 1021 if (j >= num_keys) 1022 fatal("%s: unknown key %%%c", __func__, *string); 1023 } 1024 return (xstrdup(buf)); 1025 #undef EXPAND_MAX_KEYS 1026 } 1027 1028 int 1029 tun_open(int tun, int mode, char **ifname) 1030 { 1031 #if defined(CUSTOM_SYS_TUN_OPEN) 1032 return (sys_tun_open(tun, mode, ifname)); 1033 #elif defined(SSH_TUN_OPENBSD) 1034 struct ifreq ifr; 1035 char name[100]; 1036 int fd = -1, sock; 1037 const char *tunbase = "tun"; 1038 1039 if (ifname != NULL) 1040 *ifname = NULL; 1041 1042 if (mode == SSH_TUNMODE_ETHERNET) 1043 tunbase = "tap"; 1044 1045 /* Open the tunnel device */ 1046 if (tun <= SSH_TUNID_MAX) { 1047 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); 1048 fd = open(name, O_RDWR); 1049 } else if (tun == SSH_TUNID_ANY) { 1050 for (tun = 100; tun >= 0; tun--) { 1051 snprintf(name, sizeof(name), "/dev/%s%d", 1052 tunbase, tun); 1053 if ((fd = open(name, O_RDWR)) >= 0) 1054 break; 1055 } 1056 } else { 1057 debug("%s: invalid tunnel %u", __func__, tun); 1058 return -1; 1059 } 1060 1061 if (fd < 0) { 1062 debug("%s: %s open: %s", __func__, name, strerror(errno)); 1063 return -1; 1064 } 1065 1066 debug("%s: %s mode %d fd %d", __func__, name, mode, fd); 1067 1068 /* Bring interface up if it is not already */ 1069 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); 1070 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) 1071 goto failed; 1072 1073 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { 1074 debug("%s: get interface %s flags: %s", __func__, 1075 ifr.ifr_name, strerror(errno)); 1076 goto failed; 1077 } 1078 1079 if (!(ifr.ifr_flags & IFF_UP)) { 1080 ifr.ifr_flags |= IFF_UP; 1081 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { 1082 debug("%s: activate interface %s: %s", __func__, 1083 ifr.ifr_name, strerror(errno)); 1084 goto failed; 1085 } 1086 } 1087 1088 if (ifname != NULL) 1089 *ifname = xstrdup(ifr.ifr_name); 1090 1091 close(sock); 1092 return fd; 1093 1094 failed: 1095 if (fd >= 0) 1096 close(fd); 1097 if (sock >= 0) 1098 close(sock); 1099 return -1; 1100 #else 1101 error("Tunnel interfaces are not supported on this platform"); 1102 return (-1); 1103 #endif 1104 } 1105 1106 void 1107 sanitise_stdfd(void) 1108 { 1109 int nullfd, dupfd; 1110 1111 if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 1112 fprintf(stderr, "Couldn't open /dev/null: %s\n", 1113 strerror(errno)); 1114 exit(1); 1115 } 1116 while (++dupfd <= STDERR_FILENO) { 1117 /* Only populate closed fds. */ 1118 if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) { 1119 if (dup2(nullfd, dupfd) == -1) { 1120 fprintf(stderr, "dup2: %s\n", strerror(errno)); 1121 exit(1); 1122 } 1123 } 1124 } 1125 if (nullfd > STDERR_FILENO) 1126 close(nullfd); 1127 } 1128 1129 char * 1130 tohex(const void *vp, size_t l) 1131 { 1132 const u_char *p = (const u_char *)vp; 1133 char b[3], *r; 1134 size_t i, hl; 1135 1136 if (l > 65536) 1137 return xstrdup("tohex: length > 65536"); 1138 1139 hl = l * 2 + 1; 1140 r = xcalloc(1, hl); 1141 for (i = 0; i < l; i++) { 1142 snprintf(b, sizeof(b), "%02x", p[i]); 1143 strlcat(r, b, hl); 1144 } 1145 return (r); 1146 } 1147 1148 u_int64_t 1149 get_u64(const void *vp) 1150 { 1151 const u_char *p = (const u_char *)vp; 1152 u_int64_t v; 1153 1154 v = (u_int64_t)p[0] << 56; 1155 v |= (u_int64_t)p[1] << 48; 1156 v |= (u_int64_t)p[2] << 40; 1157 v |= (u_int64_t)p[3] << 32; 1158 v |= (u_int64_t)p[4] << 24; 1159 v |= (u_int64_t)p[5] << 16; 1160 v |= (u_int64_t)p[6] << 8; 1161 v |= (u_int64_t)p[7]; 1162 1163 return (v); 1164 } 1165 1166 u_int32_t 1167 get_u32(const void *vp) 1168 { 1169 const u_char *p = (const u_char *)vp; 1170 u_int32_t v; 1171 1172 v = (u_int32_t)p[0] << 24; 1173 v |= (u_int32_t)p[1] << 16; 1174 v |= (u_int32_t)p[2] << 8; 1175 v |= (u_int32_t)p[3]; 1176 1177 return (v); 1178 } 1179 1180 u_int32_t 1181 get_u32_le(const void *vp) 1182 { 1183 const u_char *p = (const u_char *)vp; 1184 u_int32_t v; 1185 1186 v = (u_int32_t)p[0]; 1187 v |= (u_int32_t)p[1] << 8; 1188 v |= (u_int32_t)p[2] << 16; 1189 v |= (u_int32_t)p[3] << 24; 1190 1191 return (v); 1192 } 1193 1194 u_int16_t 1195 get_u16(const void *vp) 1196 { 1197 const u_char *p = (const u_char *)vp; 1198 u_int16_t v; 1199 1200 v = (u_int16_t)p[0] << 8; 1201 v |= (u_int16_t)p[1]; 1202 1203 return (v); 1204 } 1205 1206 void 1207 put_u64(void *vp, u_int64_t v) 1208 { 1209 u_char *p = (u_char *)vp; 1210 1211 p[0] = (u_char)(v >> 56) & 0xff; 1212 p[1] = (u_char)(v >> 48) & 0xff; 1213 p[2] = (u_char)(v >> 40) & 0xff; 1214 p[3] = (u_char)(v >> 32) & 0xff; 1215 p[4] = (u_char)(v >> 24) & 0xff; 1216 p[5] = (u_char)(v >> 16) & 0xff; 1217 p[6] = (u_char)(v >> 8) & 0xff; 1218 p[7] = (u_char)v & 0xff; 1219 } 1220 1221 void 1222 put_u32(void *vp, u_int32_t v) 1223 { 1224 u_char *p = (u_char *)vp; 1225 1226 p[0] = (u_char)(v >> 24) & 0xff; 1227 p[1] = (u_char)(v >> 16) & 0xff; 1228 p[2] = (u_char)(v >> 8) & 0xff; 1229 p[3] = (u_char)v & 0xff; 1230 } 1231 1232 void 1233 put_u32_le(void *vp, u_int32_t v) 1234 { 1235 u_char *p = (u_char *)vp; 1236 1237 p[0] = (u_char)v & 0xff; 1238 p[1] = (u_char)(v >> 8) & 0xff; 1239 p[2] = (u_char)(v >> 16) & 0xff; 1240 p[3] = (u_char)(v >> 24) & 0xff; 1241 } 1242 1243 void 1244 put_u16(void *vp, u_int16_t v) 1245 { 1246 u_char *p = (u_char *)vp; 1247 1248 p[0] = (u_char)(v >> 8) & 0xff; 1249 p[1] = (u_char)v & 0xff; 1250 } 1251 1252 void 1253 ms_subtract_diff(struct timeval *start, int *ms) 1254 { 1255 struct timeval diff, finish; 1256 1257 monotime_tv(&finish); 1258 timersub(&finish, start, &diff); 1259 *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); 1260 } 1261 1262 void 1263 ms_to_timeval(struct timeval *tv, int ms) 1264 { 1265 if (ms < 0) 1266 ms = 0; 1267 tv->tv_sec = ms / 1000; 1268 tv->tv_usec = (ms % 1000) * 1000; 1269 } 1270 1271 void 1272 monotime_ts(struct timespec *ts) 1273 { 1274 struct timeval tv; 1275 #if defined(HAVE_CLOCK_GETTIME) && (defined(CLOCK_BOOTTIME) || \ 1276 defined(CLOCK_MONOTONIC) || defined(CLOCK_REALTIME)) 1277 static int gettime_failed = 0; 1278 1279 if (!gettime_failed) { 1280 # ifdef CLOCK_BOOTTIME 1281 if (clock_gettime(CLOCK_BOOTTIME, ts) == 0) 1282 return; 1283 # endif /* CLOCK_BOOTTIME */ 1284 # ifdef CLOCK_MONOTONIC 1285 if (clock_gettime(CLOCK_MONOTONIC, ts) == 0) 1286 return; 1287 # endif /* CLOCK_MONOTONIC */ 1288 # ifdef CLOCK_REALTIME 1289 /* Not monotonic, but we're almost out of options here. */ 1290 if (clock_gettime(CLOCK_REALTIME, ts) == 0) 1291 return; 1292 # endif /* CLOCK_REALTIME */ 1293 debug3("clock_gettime: %s", strerror(errno)); 1294 gettime_failed = 1; 1295 } 1296 #endif /* HAVE_CLOCK_GETTIME && (BOOTTIME || MONOTONIC || REALTIME) */ 1297 gettimeofday(&tv, NULL); 1298 ts->tv_sec = tv.tv_sec; 1299 ts->tv_nsec = (long)tv.tv_usec * 1000; 1300 } 1301 1302 void 1303 monotime_tv(struct timeval *tv) 1304 { 1305 struct timespec ts; 1306 1307 monotime_ts(&ts); 1308 tv->tv_sec = ts.tv_sec; 1309 tv->tv_usec = ts.tv_nsec / 1000; 1310 } 1311 1312 time_t 1313 monotime(void) 1314 { 1315 struct timespec ts; 1316 1317 monotime_ts(&ts); 1318 return ts.tv_sec; 1319 } 1320 1321 double 1322 monotime_double(void) 1323 { 1324 struct timespec ts; 1325 1326 monotime_ts(&ts); 1327 return ts.tv_sec + ((double)ts.tv_nsec / 1000000000); 1328 } 1329 1330 void 1331 bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) 1332 { 1333 bw->buflen = buflen; 1334 bw->rate = kbps; 1335 bw->thresh = bw->rate; 1336 bw->lamt = 0; 1337 timerclear(&bw->bwstart); 1338 timerclear(&bw->bwend); 1339 } 1340 1341 /* Callback from read/write loop to insert bandwidth-limiting delays */ 1342 void 1343 bandwidth_limit(struct bwlimit *bw, size_t read_len) 1344 { 1345 u_int64_t waitlen; 1346 struct timespec ts, rm; 1347 1348 if (!timerisset(&bw->bwstart)) { 1349 monotime_tv(&bw->bwstart); 1350 return; 1351 } 1352 1353 bw->lamt += read_len; 1354 if (bw->lamt < bw->thresh) 1355 return; 1356 1357 monotime_tv(&bw->bwend); 1358 timersub(&bw->bwend, &bw->bwstart, &bw->bwend); 1359 if (!timerisset(&bw->bwend)) 1360 return; 1361 1362 bw->lamt *= 8; 1363 waitlen = (double)1000000L * bw->lamt / bw->rate; 1364 1365 bw->bwstart.tv_sec = waitlen / 1000000L; 1366 bw->bwstart.tv_usec = waitlen % 1000000L; 1367 1368 if (timercmp(&bw->bwstart, &bw->bwend, >)) { 1369 timersub(&bw->bwstart, &bw->bwend, &bw->bwend); 1370 1371 /* Adjust the wait time */ 1372 if (bw->bwend.tv_sec) { 1373 bw->thresh /= 2; 1374 if (bw->thresh < bw->buflen / 4) 1375 bw->thresh = bw->buflen / 4; 1376 } else if (bw->bwend.tv_usec < 10000) { 1377 bw->thresh *= 2; 1378 if (bw->thresh > bw->buflen * 8) 1379 bw->thresh = bw->buflen * 8; 1380 } 1381 1382 TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); 1383 while (nanosleep(&ts, &rm) == -1) { 1384 if (errno != EINTR) 1385 break; 1386 ts = rm; 1387 } 1388 } 1389 1390 bw->lamt = 0; 1391 monotime_tv(&bw->bwstart); 1392 } 1393 1394 /* Make a template filename for mk[sd]temp() */ 1395 void 1396 mktemp_proto(char *s, size_t len) 1397 { 1398 const char *tmpdir; 1399 int r; 1400 1401 if ((tmpdir = getenv("TMPDIR")) != NULL) { 1402 r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); 1403 if (r > 0 && (size_t)r < len) 1404 return; 1405 } 1406 r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); 1407 if (r < 0 || (size_t)r >= len) 1408 fatal("%s: template string too short", __func__); 1409 } 1410 1411 static const struct { 1412 const char *name; 1413 int value; 1414 } ipqos[] = { 1415 { "none", INT_MAX }, /* can't use 0 here; that's CS0 */ 1416 { "af11", IPTOS_DSCP_AF11 }, 1417 { "af12", IPTOS_DSCP_AF12 }, 1418 { "af13", IPTOS_DSCP_AF13 }, 1419 { "af21", IPTOS_DSCP_AF21 }, 1420 { "af22", IPTOS_DSCP_AF22 }, 1421 { "af23", IPTOS_DSCP_AF23 }, 1422 { "af31", IPTOS_DSCP_AF31 }, 1423 { "af32", IPTOS_DSCP_AF32 }, 1424 { "af33", IPTOS_DSCP_AF33 }, 1425 { "af41", IPTOS_DSCP_AF41 }, 1426 { "af42", IPTOS_DSCP_AF42 }, 1427 { "af43", IPTOS_DSCP_AF43 }, 1428 { "cs0", IPTOS_DSCP_CS0 }, 1429 { "cs1", IPTOS_DSCP_CS1 }, 1430 { "cs2", IPTOS_DSCP_CS2 }, 1431 { "cs3", IPTOS_DSCP_CS3 }, 1432 { "cs4", IPTOS_DSCP_CS4 }, 1433 { "cs5", IPTOS_DSCP_CS5 }, 1434 { "cs6", IPTOS_DSCP_CS6 }, 1435 { "cs7", IPTOS_DSCP_CS7 }, 1436 { "ef", IPTOS_DSCP_EF }, 1437 { "lowdelay", IPTOS_LOWDELAY }, 1438 { "throughput", IPTOS_THROUGHPUT }, 1439 { "reliability", IPTOS_RELIABILITY }, 1440 { NULL, -1 } 1441 }; 1442 1443 int 1444 parse_ipqos(const char *cp) 1445 { 1446 u_int i; 1447 char *ep; 1448 long val; 1449 1450 if (cp == NULL) 1451 return -1; 1452 for (i = 0; ipqos[i].name != NULL; i++) { 1453 if (strcasecmp(cp, ipqos[i].name) == 0) 1454 return ipqos[i].value; 1455 } 1456 /* Try parsing as an integer */ 1457 val = strtol(cp, &ep, 0); 1458 if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) 1459 return -1; 1460 return val; 1461 } 1462 1463 const char * 1464 iptos2str(int iptos) 1465 { 1466 int i; 1467 static char iptos_str[sizeof "0xff"]; 1468 1469 for (i = 0; ipqos[i].name != NULL; i++) { 1470 if (ipqos[i].value == iptos) 1471 return ipqos[i].name; 1472 } 1473 snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); 1474 return iptos_str; 1475 } 1476 1477 void 1478 lowercase(char *s) 1479 { 1480 for (; *s; s++) 1481 *s = tolower((u_char)*s); 1482 } 1483 1484 int 1485 unix_listener(const char *path, int backlog, int unlink_first) 1486 { 1487 struct sockaddr_un sunaddr; 1488 int saved_errno, sock; 1489 1490 memset(&sunaddr, 0, sizeof(sunaddr)); 1491 sunaddr.sun_family = AF_UNIX; 1492 if (strlcpy(sunaddr.sun_path, path, 1493 sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { 1494 error("%s: path \"%s\" too long for Unix domain socket", 1495 __func__, path); 1496 errno = ENAMETOOLONG; 1497 return -1; 1498 } 1499 1500 sock = socket(PF_UNIX, SOCK_STREAM, 0); 1501 if (sock < 0) { 1502 saved_errno = errno; 1503 error("%s: socket: %.100s", __func__, strerror(errno)); 1504 errno = saved_errno; 1505 return -1; 1506 } 1507 if (unlink_first == 1) { 1508 if (unlink(path) != 0 && errno != ENOENT) 1509 error("unlink(%s): %.100s", path, strerror(errno)); 1510 } 1511 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { 1512 saved_errno = errno; 1513 error("%s: cannot bind to path %s: %s", 1514 __func__, path, strerror(errno)); 1515 close(sock); 1516 errno = saved_errno; 1517 return -1; 1518 } 1519 if (listen(sock, backlog) < 0) { 1520 saved_errno = errno; 1521 error("%s: cannot listen on path %s: %s", 1522 __func__, path, strerror(errno)); 1523 close(sock); 1524 unlink(path); 1525 errno = saved_errno; 1526 return -1; 1527 } 1528 return sock; 1529 } 1530 1531 void 1532 sock_set_v6only(int s) 1533 { 1534 #if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) 1535 int on = 1; 1536 1537 debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); 1538 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) 1539 error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); 1540 #endif 1541 } 1542 1543 /* 1544 * Compares two strings that maybe be NULL. Returns non-zero if strings 1545 * are both NULL or are identical, returns zero otherwise. 1546 */ 1547 static int 1548 strcmp_maybe_null(const char *a, const char *b) 1549 { 1550 if ((a == NULL && b != NULL) || (a != NULL && b == NULL)) 1551 return 0; 1552 if (a != NULL && strcmp(a, b) != 0) 1553 return 0; 1554 return 1; 1555 } 1556 1557 /* 1558 * Compare two forwards, returning non-zero if they are identical or 1559 * zero otherwise. 1560 */ 1561 int 1562 forward_equals(const struct Forward *a, const struct Forward *b) 1563 { 1564 if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0) 1565 return 0; 1566 if (a->listen_port != b->listen_port) 1567 return 0; 1568 if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0) 1569 return 0; 1570 if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0) 1571 return 0; 1572 if (a->connect_port != b->connect_port) 1573 return 0; 1574 if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0) 1575 return 0; 1576 /* allocated_port and handle are not checked */ 1577 return 1; 1578 } 1579 1580 /* returns 1 if process is already daemonized, 0 otherwise */ 1581 int 1582 daemonized(void) 1583 { 1584 int fd; 1585 1586 if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) { 1587 close(fd); 1588 return 0; /* have controlling terminal */ 1589 } 1590 if (getppid() != 1) 1591 return 0; /* parent is not init */ 1592 if (getsid(0) != getpid()) 1593 return 0; /* not session leader */ 1594 debug3("already daemonized"); 1595 return 1; 1596 } 1597 1598 1599 /* 1600 * Splits 's' into an argument vector. Handles quoted string and basic 1601 * escape characters (\\, \", \'). Caller must free the argument vector 1602 * and its members. 1603 */ 1604 int 1605 argv_split(const char *s, int *argcp, char ***argvp) 1606 { 1607 int r = SSH_ERR_INTERNAL_ERROR; 1608 int argc = 0, quote, i, j; 1609 char *arg, **argv = xcalloc(1, sizeof(*argv)); 1610 1611 *argvp = NULL; 1612 *argcp = 0; 1613 1614 for (i = 0; s[i] != '\0'; i++) { 1615 /* Skip leading whitespace */ 1616 if (s[i] == ' ' || s[i] == '\t') 1617 continue; 1618 1619 /* Start of a token */ 1620 quote = 0; 1621 if (s[i] == '\\' && 1622 (s[i + 1] == '\'' || s[i + 1] == '\"' || s[i + 1] == '\\')) 1623 i++; 1624 else if (s[i] == '\'' || s[i] == '"') 1625 quote = s[i++]; 1626 1627 argv = xreallocarray(argv, (argc + 2), sizeof(*argv)); 1628 arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1); 1629 argv[argc] = NULL; 1630 1631 /* Copy the token in, removing escapes */ 1632 for (j = 0; s[i] != '\0'; i++) { 1633 if (s[i] == '\\') { 1634 if (s[i + 1] == '\'' || 1635 s[i + 1] == '\"' || 1636 s[i + 1] == '\\') { 1637 i++; /* Skip '\' */ 1638 arg[j++] = s[i]; 1639 } else { 1640 /* Unrecognised escape */ 1641 arg[j++] = s[i]; 1642 } 1643 } else if (quote == 0 && (s[i] == ' ' || s[i] == '\t')) 1644 break; /* done */ 1645 else if (quote != 0 && s[i] == quote) 1646 break; /* done */ 1647 else 1648 arg[j++] = s[i]; 1649 } 1650 if (s[i] == '\0') { 1651 if (quote != 0) { 1652 /* Ran out of string looking for close quote */ 1653 r = SSH_ERR_INVALID_FORMAT; 1654 goto out; 1655 } 1656 break; 1657 } 1658 } 1659 /* Success */ 1660 *argcp = argc; 1661 *argvp = argv; 1662 argc = 0; 1663 argv = NULL; 1664 r = 0; 1665 out: 1666 if (argc != 0 && argv != NULL) { 1667 for (i = 0; i < argc; i++) 1668 free(argv[i]); 1669 free(argv); 1670 } 1671 return r; 1672 } 1673 1674 /* 1675 * Reassemble an argument vector into a string, quoting and escaping as 1676 * necessary. Caller must free returned string. 1677 */ 1678 char * 1679 argv_assemble(int argc, char **argv) 1680 { 1681 int i, j, ws, r; 1682 char c, *ret; 1683 struct sshbuf *buf, *arg; 1684 1685 if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL) 1686 fatal("%s: sshbuf_new failed", __func__); 1687 1688 for (i = 0; i < argc; i++) { 1689 ws = 0; 1690 sshbuf_reset(arg); 1691 for (j = 0; argv[i][j] != '\0'; j++) { 1692 r = 0; 1693 c = argv[i][j]; 1694 switch (c) { 1695 case ' ': 1696 case '\t': 1697 ws = 1; 1698 r = sshbuf_put_u8(arg, c); 1699 break; 1700 case '\\': 1701 case '\'': 1702 case '"': 1703 if ((r = sshbuf_put_u8(arg, '\\')) != 0) 1704 break; 1705 /* FALLTHROUGH */ 1706 default: 1707 r = sshbuf_put_u8(arg, c); 1708 break; 1709 } 1710 if (r != 0) 1711 fatal("%s: sshbuf_put_u8: %s", 1712 __func__, ssh_err(r)); 1713 } 1714 if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) || 1715 (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) || 1716 (r = sshbuf_putb(buf, arg)) != 0 || 1717 (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0)) 1718 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1719 } 1720 if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL) 1721 fatal("%s: malloc failed", __func__); 1722 memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf)); 1723 ret[sshbuf_len(buf)] = '\0'; 1724 sshbuf_free(buf); 1725 sshbuf_free(arg); 1726 return ret; 1727 } 1728 1729 /* Returns 0 if pid exited cleanly, non-zero otherwise */ 1730 int 1731 exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet) 1732 { 1733 int status; 1734 1735 while (waitpid(pid, &status, 0) == -1) { 1736 if (errno != EINTR) { 1737 error("%s: waitpid: %s", tag, strerror(errno)); 1738 return -1; 1739 } 1740 } 1741 if (WIFSIGNALED(status)) { 1742 error("%s %s exited on signal %d", tag, cmd, WTERMSIG(status)); 1743 return -1; 1744 } else if (WEXITSTATUS(status) != 0) { 1745 do_log2(quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_INFO, 1746 "%s %s failed, status %d", tag, cmd, WEXITSTATUS(status)); 1747 return -1; 1748 } 1749 return 0; 1750 } 1751 1752 /* 1753 * Check a given path for security. This is defined as all components 1754 * of the path to the file must be owned by either the owner of 1755 * of the file or root and no directories must be group or world writable. 1756 * 1757 * XXX Should any specific check be done for sym links ? 1758 * 1759 * Takes a file name, its stat information (preferably from fstat() to 1760 * avoid races), the uid of the expected owner, their home directory and an 1761 * error buffer plus max size as arguments. 1762 * 1763 * Returns 0 on success and -1 on failure 1764 */ 1765 int 1766 safe_path(const char *name, struct stat *stp, const char *pw_dir, 1767 uid_t uid, char *err, size_t errlen) 1768 { 1769 char buf[PATH_MAX], homedir[PATH_MAX]; 1770 char *cp; 1771 int comparehome = 0; 1772 struct stat st; 1773 1774 if (realpath(name, buf) == NULL) { 1775 snprintf(err, errlen, "realpath %s failed: %s", name, 1776 strerror(errno)); 1777 return -1; 1778 } 1779 if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) 1780 comparehome = 1; 1781 1782 if (!S_ISREG(stp->st_mode)) { 1783 snprintf(err, errlen, "%s is not a regular file", buf); 1784 return -1; 1785 } 1786 if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || 1787 (stp->st_mode & 022) != 0) { 1788 snprintf(err, errlen, "bad ownership or modes for file %s", 1789 buf); 1790 return -1; 1791 } 1792 1793 /* for each component of the canonical path, walking upwards */ 1794 for (;;) { 1795 if ((cp = dirname(buf)) == NULL) { 1796 snprintf(err, errlen, "dirname() failed"); 1797 return -1; 1798 } 1799 strlcpy(buf, cp, sizeof(buf)); 1800 1801 if (stat(buf, &st) < 0 || 1802 (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || 1803 (st.st_mode & 022) != 0) { 1804 snprintf(err, errlen, 1805 "bad ownership or modes for directory %s", buf); 1806 return -1; 1807 } 1808 1809 /* If are past the homedir then we can stop */ 1810 if (comparehome && strcmp(homedir, buf) == 0) 1811 break; 1812 1813 /* 1814 * dirname should always complete with a "/" path, 1815 * but we can be paranoid and check for "." too 1816 */ 1817 if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) 1818 break; 1819 } 1820 return 0; 1821 } 1822 1823 /* 1824 * Version of safe_path() that accepts an open file descriptor to 1825 * avoid races. 1826 * 1827 * Returns 0 on success and -1 on failure 1828 */ 1829 int 1830 safe_path_fd(int fd, const char *file, struct passwd *pw, 1831 char *err, size_t errlen) 1832 { 1833 struct stat st; 1834 1835 /* check the open file to avoid races */ 1836 if (fstat(fd, &st) < 0) { 1837 snprintf(err, errlen, "cannot stat file %s: %s", 1838 file, strerror(errno)); 1839 return -1; 1840 } 1841 return safe_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen); 1842 } 1843 1844 /* 1845 * Sets the value of the given variable in the environment. If the variable 1846 * already exists, its value is overridden. 1847 */ 1848 void 1849 child_set_env(char ***envp, u_int *envsizep, const char *name, 1850 const char *value) 1851 { 1852 char **env; 1853 u_int envsize; 1854 u_int i, namelen; 1855 1856 if (strchr(name, '=') != NULL) { 1857 error("Invalid environment variable \"%.100s\"", name); 1858 return; 1859 } 1860 1861 /* 1862 * If we're passed an uninitialized list, allocate a single null 1863 * entry before continuing. 1864 */ 1865 if (*envp == NULL && *envsizep == 0) { 1866 *envp = xmalloc(sizeof(char *)); 1867 *envp[0] = NULL; 1868 *envsizep = 1; 1869 } 1870 1871 /* 1872 * Find the slot where the value should be stored. If the variable 1873 * already exists, we reuse the slot; otherwise we append a new slot 1874 * at the end of the array, expanding if necessary. 1875 */ 1876 env = *envp; 1877 namelen = strlen(name); 1878 for (i = 0; env[i]; i++) 1879 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') 1880 break; 1881 if (env[i]) { 1882 /* Reuse the slot. */ 1883 free(env[i]); 1884 } else { 1885 /* New variable. Expand if necessary. */ 1886 envsize = *envsizep; 1887 if (i >= envsize - 1) { 1888 if (envsize >= 1000) 1889 fatal("child_set_env: too many env vars"); 1890 envsize += 50; 1891 env = (*envp) = xreallocarray(env, envsize, sizeof(char *)); 1892 *envsizep = envsize; 1893 } 1894 /* Need to set the NULL pointer at end of array beyond the new slot. */ 1895 env[i + 1] = NULL; 1896 } 1897 1898 /* Allocate space and format the variable in the appropriate slot. */ 1899 /* XXX xasprintf */ 1900 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); 1901 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); 1902 } 1903 1904 /* 1905 * Check and optionally lowercase a domain name, also removes trailing '.' 1906 * Returns 1 on success and 0 on failure, storing an error message in errstr. 1907 */ 1908 int 1909 valid_domain(char *name, int makelower, const char **errstr) 1910 { 1911 size_t i, l = strlen(name); 1912 u_char c, last = '\0'; 1913 static char errbuf[256]; 1914 1915 if (l == 0) { 1916 strlcpy(errbuf, "empty domain name", sizeof(errbuf)); 1917 goto bad; 1918 } 1919 if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) { 1920 snprintf(errbuf, sizeof(errbuf), "domain name \"%.100s\" " 1921 "starts with invalid character", name); 1922 goto bad; 1923 } 1924 for (i = 0; i < l; i++) { 1925 c = tolower((u_char)name[i]); 1926 if (makelower) 1927 name[i] = (char)c; 1928 if (last == '.' && c == '.') { 1929 snprintf(errbuf, sizeof(errbuf), "domain name " 1930 "\"%.100s\" contains consecutive separators", name); 1931 goto bad; 1932 } 1933 if (c != '.' && c != '-' && !isalnum(c) && 1934 c != '_') /* technically invalid, but common */ { 1935 snprintf(errbuf, sizeof(errbuf), "domain name " 1936 "\"%.100s\" contains invalid characters", name); 1937 goto bad; 1938 } 1939 last = c; 1940 } 1941 if (name[l - 1] == '.') 1942 name[l - 1] = '\0'; 1943 if (errstr != NULL) 1944 *errstr = NULL; 1945 return 1; 1946 bad: 1947 if (errstr != NULL) 1948 *errstr = errbuf; 1949 return 0; 1950 } 1951 1952 const char * 1953 atoi_err(const char *nptr, int *val) 1954 { 1955 const char *errstr = NULL; 1956 long long num; 1957 1958 if (nptr == NULL || *nptr == '\0') 1959 return "missing"; 1960 num = strtonum(nptr, 0, INT_MAX, &errstr); 1961 if (errstr == NULL) 1962 *val = (int)num; 1963 return errstr; 1964 } 1965 1966 int 1967 parse_absolute_time(const char *s, uint64_t *tp) 1968 { 1969 struct tm tm; 1970 time_t tt; 1971 char buf[32], *fmt; 1972 1973 *tp = 0; 1974 1975 /* 1976 * POSIX strptime says "The application shall ensure that there 1977 * is white-space or other non-alphanumeric characters between 1978 * any two conversion specifications" so arrange things this way. 1979 */ 1980 switch (strlen(s)) { 1981 case 8: /* YYYYMMDD */ 1982 fmt = "%Y-%m-%d"; 1983 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); 1984 break; 1985 case 12: /* YYYYMMDDHHMM */ 1986 fmt = "%Y-%m-%dT%H:%M"; 1987 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s", 1988 s, s + 4, s + 6, s + 8, s + 10); 1989 break; 1990 case 14: /* YYYYMMDDHHMMSS */ 1991 fmt = "%Y-%m-%dT%H:%M:%S"; 1992 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", 1993 s, s + 4, s + 6, s + 8, s + 10, s + 12); 1994 break; 1995 default: 1996 return SSH_ERR_INVALID_FORMAT; 1997 } 1998 1999 memset(&tm, 0, sizeof(tm)); 2000 if (strptime(buf, fmt, &tm) == NULL) 2001 return SSH_ERR_INVALID_FORMAT; 2002 if ((tt = mktime(&tm)) < 0) 2003 return SSH_ERR_INVALID_FORMAT; 2004 /* success */ 2005 *tp = (uint64_t)tt; 2006 return 0; 2007 } 2008 2009 void 2010 format_absolute_time(uint64_t t, char *buf, size_t len) 2011 { 2012 time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */ 2013 struct tm tm; 2014 2015 localtime_r(&tt, &tm); 2016 strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); 2017 } 2018