1 /* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */ 2 /* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 29 #include <sys/types.h> 30 #include <sys/ioctl.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 #include <sys/time.h> 34 #include <sys/wait.h> 35 #include <sys/un.h> 36 37 #include <limits.h> 38 #ifdef HAVE_LIBGEN_H 39 # include <libgen.h> 40 #endif 41 #include <signal.h> 42 #include <stdarg.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <string.h> 46 #include <time.h> 47 #include <unistd.h> 48 49 #include <netinet/in.h> 50 #include <netinet/in_systm.h> 51 #include <netinet/ip.h> 52 #include <netinet/tcp.h> 53 #include <arpa/inet.h> 54 55 #include <ctype.h> 56 #include <errno.h> 57 #include <fcntl.h> 58 #include <netdb.h> 59 #ifdef HAVE_PATHS_H 60 # include <paths.h> 61 #include <pwd.h> 62 #endif 63 #ifdef SSH_TUN_OPENBSD 64 #include <net/if.h> 65 #endif 66 67 #include "xmalloc.h" 68 #include "misc.h" 69 #include "log.h" 70 #include "ssh.h" 71 #include "sshbuf.h" 72 #include "ssherr.h" 73 #include "platform.h" 74 75 /* remove newline at end of string */ 76 char * 77 chop(char *s) 78 { 79 char *t = s; 80 while (*t) { 81 if (*t == '\n' || *t == '\r') { 82 *t = '\0'; 83 return s; 84 } 85 t++; 86 } 87 return s; 88 89 } 90 91 /* set/unset filedescriptor to non-blocking */ 92 int 93 set_nonblock(int fd) 94 { 95 int val; 96 97 val = fcntl(fd, F_GETFL); 98 if (val < 0) { 99 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 100 return (-1); 101 } 102 if (val & O_NONBLOCK) { 103 debug3("fd %d is O_NONBLOCK", fd); 104 return (0); 105 } 106 debug2("fd %d setting O_NONBLOCK", fd); 107 val |= O_NONBLOCK; 108 if (fcntl(fd, F_SETFL, val) == -1) { 109 debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, 110 strerror(errno)); 111 return (-1); 112 } 113 return (0); 114 } 115 116 int 117 unset_nonblock(int fd) 118 { 119 int val; 120 121 val = fcntl(fd, F_GETFL); 122 if (val < 0) { 123 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 124 return (-1); 125 } 126 if (!(val & O_NONBLOCK)) { 127 debug3("fd %d is not O_NONBLOCK", fd); 128 return (0); 129 } 130 debug("fd %d clearing O_NONBLOCK", fd); 131 val &= ~O_NONBLOCK; 132 if (fcntl(fd, F_SETFL, val) == -1) { 133 debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", 134 fd, strerror(errno)); 135 return (-1); 136 } 137 return (0); 138 } 139 140 const char * 141 ssh_gai_strerror(int gaierr) 142 { 143 if (gaierr == EAI_SYSTEM && errno != 0) 144 return strerror(errno); 145 return gai_strerror(gaierr); 146 } 147 148 /* disable nagle on socket */ 149 void 150 set_nodelay(int fd) 151 { 152 int opt; 153 socklen_t optlen; 154 155 optlen = sizeof opt; 156 if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { 157 debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); 158 return; 159 } 160 if (opt == 1) { 161 debug2("fd %d is TCP_NODELAY", fd); 162 return; 163 } 164 opt = 1; 165 debug2("fd %d setting TCP_NODELAY", fd); 166 if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) 167 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 168 } 169 170 /* Allow local port reuse in TIME_WAIT */ 171 int 172 set_reuseaddr(int fd) 173 { 174 int on = 1; 175 176 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) { 177 error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); 178 return -1; 179 } 180 return 0; 181 } 182 183 /* Get/set routing domain */ 184 char * 185 get_rdomain(int fd) 186 { 187 #if defined(HAVE_SYS_GET_RDOMAIN) 188 return sys_get_rdomain(fd); 189 #elif defined(__OpenBSD__) 190 int rtable; 191 char *ret; 192 socklen_t len = sizeof(rtable); 193 194 if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) { 195 error("Failed to get routing domain for fd %d: %s", 196 fd, strerror(errno)); 197 return NULL; 198 } 199 xasprintf(&ret, "%d", rtable); 200 return ret; 201 #else /* defined(__OpenBSD__) */ 202 return NULL; 203 #endif 204 } 205 206 int 207 set_rdomain(int fd, const char *name) 208 { 209 #if defined(HAVE_SYS_SET_RDOMAIN) 210 return sys_set_rdomain(fd, name); 211 #elif defined(__OpenBSD__) 212 int rtable; 213 const char *errstr; 214 215 if (name == NULL) 216 return 0; /* default table */ 217 218 rtable = (int)strtonum(name, 0, 255, &errstr); 219 if (errstr != NULL) { 220 /* Shouldn't happen */ 221 error("Invalid routing domain \"%s\": %s", name, errstr); 222 return -1; 223 } 224 if (setsockopt(fd, SOL_SOCKET, SO_RTABLE, 225 &rtable, sizeof(rtable)) == -1) { 226 error("Failed to set routing domain %d on fd %d: %s", 227 rtable, fd, strerror(errno)); 228 return -1; 229 } 230 return 0; 231 #else /* defined(__OpenBSD__) */ 232 error("Setting routing domain is not supported on this platform"); 233 return -1; 234 #endif 235 } 236 237 /* Characters considered whitespace in strsep calls. */ 238 #define WHITESPACE " \t\r\n" 239 #define QUOTE "\"" 240 241 /* return next token in configuration line */ 242 static char * 243 strdelim_internal(char **s, int split_equals) 244 { 245 char *old; 246 int wspace = 0; 247 248 if (*s == NULL) 249 return NULL; 250 251 old = *s; 252 253 *s = strpbrk(*s, 254 split_equals ? WHITESPACE QUOTE "=" : WHITESPACE QUOTE); 255 if (*s == NULL) 256 return (old); 257 258 if (*s[0] == '\"') { 259 memmove(*s, *s + 1, strlen(*s)); /* move nul too */ 260 /* Find matching quote */ 261 if ((*s = strpbrk(*s, QUOTE)) == NULL) { 262 return (NULL); /* no matching quote */ 263 } else { 264 *s[0] = '\0'; 265 *s += strspn(*s + 1, WHITESPACE) + 1; 266 return (old); 267 } 268 } 269 270 /* Allow only one '=' to be skipped */ 271 if (split_equals && *s[0] == '=') 272 wspace = 1; 273 *s[0] = '\0'; 274 275 /* Skip any extra whitespace after first token */ 276 *s += strspn(*s + 1, WHITESPACE) + 1; 277 if (split_equals && *s[0] == '=' && !wspace) 278 *s += strspn(*s + 1, WHITESPACE) + 1; 279 280 return (old); 281 } 282 283 /* 284 * Return next token in configuration line; splts on whitespace or a 285 * single '=' character. 286 */ 287 char * 288 strdelim(char **s) 289 { 290 return strdelim_internal(s, 1); 291 } 292 293 /* 294 * Return next token in configuration line; splts on whitespace only. 295 */ 296 char * 297 strdelimw(char **s) 298 { 299 return strdelim_internal(s, 0); 300 } 301 302 struct passwd * 303 pwcopy(struct passwd *pw) 304 { 305 struct passwd *copy = xcalloc(1, sizeof(*copy)); 306 307 copy->pw_name = xstrdup(pw->pw_name); 308 copy->pw_passwd = xstrdup(pw->pw_passwd); 309 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS 310 copy->pw_gecos = xstrdup(pw->pw_gecos); 311 #endif 312 copy->pw_uid = pw->pw_uid; 313 copy->pw_gid = pw->pw_gid; 314 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE 315 copy->pw_expire = pw->pw_expire; 316 #endif 317 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE 318 copy->pw_change = pw->pw_change; 319 #endif 320 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS 321 copy->pw_class = xstrdup(pw->pw_class); 322 #endif 323 copy->pw_dir = xstrdup(pw->pw_dir); 324 copy->pw_shell = xstrdup(pw->pw_shell); 325 return copy; 326 } 327 328 /* 329 * Convert ASCII string to TCP/IP port number. 330 * Port must be >=0 and <=65535. 331 * Return -1 if invalid. 332 */ 333 int 334 a2port(const char *s) 335 { 336 struct servent *se; 337 long long port; 338 const char *errstr; 339 340 port = strtonum(s, 0, 65535, &errstr); 341 if (errstr == NULL) 342 return (int)port; 343 if ((se = getservbyname(s, "tcp")) != NULL) 344 return ntohs(se->s_port); 345 return -1; 346 } 347 348 int 349 a2tun(const char *s, int *remote) 350 { 351 const char *errstr = NULL; 352 char *sp, *ep; 353 int tun; 354 355 if (remote != NULL) { 356 *remote = SSH_TUNID_ANY; 357 sp = xstrdup(s); 358 if ((ep = strchr(sp, ':')) == NULL) { 359 free(sp); 360 return (a2tun(s, NULL)); 361 } 362 ep[0] = '\0'; ep++; 363 *remote = a2tun(ep, NULL); 364 tun = a2tun(sp, NULL); 365 free(sp); 366 return (*remote == SSH_TUNID_ERR ? *remote : tun); 367 } 368 369 if (strcasecmp(s, "any") == 0) 370 return (SSH_TUNID_ANY); 371 372 tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); 373 if (errstr != NULL) 374 return (SSH_TUNID_ERR); 375 376 return (tun); 377 } 378 379 #define SECONDS 1 380 #define MINUTES (SECONDS * 60) 381 #define HOURS (MINUTES * 60) 382 #define DAYS (HOURS * 24) 383 #define WEEKS (DAYS * 7) 384 385 /* 386 * Convert a time string into seconds; format is 387 * a sequence of: 388 * time[qualifier] 389 * 390 * Valid time qualifiers are: 391 * <none> seconds 392 * s|S seconds 393 * m|M minutes 394 * h|H hours 395 * d|D days 396 * w|W weeks 397 * 398 * Examples: 399 * 90m 90 minutes 400 * 1h30m 90 minutes 401 * 2d 2 days 402 * 1w 1 week 403 * 404 * Return -1 if time string is invalid. 405 */ 406 long 407 convtime(const char *s) 408 { 409 long total, secs, multiplier = 1; 410 const char *p; 411 char *endp; 412 413 errno = 0; 414 total = 0; 415 p = s; 416 417 if (p == NULL || *p == '\0') 418 return -1; 419 420 while (*p) { 421 secs = strtol(p, &endp, 10); 422 if (p == endp || 423 (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) || 424 secs < 0) 425 return -1; 426 427 switch (*endp++) { 428 case '\0': 429 endp--; 430 break; 431 case 's': 432 case 'S': 433 break; 434 case 'm': 435 case 'M': 436 multiplier = MINUTES; 437 break; 438 case 'h': 439 case 'H': 440 multiplier = HOURS; 441 break; 442 case 'd': 443 case 'D': 444 multiplier = DAYS; 445 break; 446 case 'w': 447 case 'W': 448 multiplier = WEEKS; 449 break; 450 default: 451 return -1; 452 } 453 if (secs >= LONG_MAX / multiplier) 454 return -1; 455 secs *= multiplier; 456 if (total >= LONG_MAX - secs) 457 return -1; 458 total += secs; 459 if (total < 0) 460 return -1; 461 p = endp; 462 } 463 464 return total; 465 } 466 467 /* 468 * Returns a standardized host+port identifier string. 469 * Caller must free returned string. 470 */ 471 char * 472 put_host_port(const char *host, u_short port) 473 { 474 char *hoststr; 475 476 if (port == 0 || port == SSH_DEFAULT_PORT) 477 return(xstrdup(host)); 478 if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) 479 fatal("put_host_port: asprintf: %s", strerror(errno)); 480 debug3("put_host_port: %s", hoststr); 481 return hoststr; 482 } 483 484 /* 485 * Search for next delimiter between hostnames/addresses and ports. 486 * Argument may be modified (for termination). 487 * Returns *cp if parsing succeeds. 488 * *cp is set to the start of the next field, if one was found. 489 * The delimiter char, if present, is stored in delim. 490 * If this is the last field, *cp is set to NULL. 491 */ 492 static char * 493 hpdelim2(char **cp, char *delim) 494 { 495 char *s, *old; 496 497 if (cp == NULL || *cp == NULL) 498 return NULL; 499 500 old = s = *cp; 501 if (*s == '[') { 502 if ((s = strchr(s, ']')) == NULL) 503 return NULL; 504 else 505 s++; 506 } else if ((s = strpbrk(s, ":/")) == NULL) 507 s = *cp + strlen(*cp); /* skip to end (see first case below) */ 508 509 switch (*s) { 510 case '\0': 511 *cp = NULL; /* no more fields*/ 512 break; 513 514 case ':': 515 case '/': 516 if (delim != NULL) 517 *delim = *s; 518 *s = '\0'; /* terminate */ 519 *cp = s + 1; 520 break; 521 522 default: 523 return NULL; 524 } 525 526 return old; 527 } 528 529 char * 530 hpdelim(char **cp) 531 { 532 return hpdelim2(cp, NULL); 533 } 534 535 char * 536 cleanhostname(char *host) 537 { 538 if (*host == '[' && host[strlen(host) - 1] == ']') { 539 host[strlen(host) - 1] = '\0'; 540 return (host + 1); 541 } else 542 return host; 543 } 544 545 char * 546 colon(char *cp) 547 { 548 int flag = 0; 549 550 if (*cp == ':') /* Leading colon is part of file name. */ 551 return NULL; 552 if (*cp == '[') 553 flag = 1; 554 555 for (; *cp; ++cp) { 556 if (*cp == '@' && *(cp+1) == '[') 557 flag = 1; 558 if (*cp == ']' && *(cp+1) == ':' && flag) 559 return (cp+1); 560 if (*cp == ':' && !flag) 561 return (cp); 562 if (*cp == '/') 563 return NULL; 564 } 565 return NULL; 566 } 567 568 /* 569 * Parse a [user@]host:[path] string. 570 * Caller must free returned user, host and path. 571 * Any of the pointer return arguments may be NULL (useful for syntax checking). 572 * If user was not specified then *userp will be set to NULL. 573 * If host was not specified then *hostp will be set to NULL. 574 * If path was not specified then *pathp will be set to ".". 575 * Returns 0 on success, -1 on failure. 576 */ 577 int 578 parse_user_host_path(const char *s, char **userp, char **hostp, char **pathp) 579 { 580 char *user = NULL, *host = NULL, *path = NULL; 581 char *sdup, *tmp; 582 int ret = -1; 583 584 if (userp != NULL) 585 *userp = NULL; 586 if (hostp != NULL) 587 *hostp = NULL; 588 if (pathp != NULL) 589 *pathp = NULL; 590 591 sdup = xstrdup(s); 592 593 /* Check for remote syntax: [user@]host:[path] */ 594 if ((tmp = colon(sdup)) == NULL) 595 goto out; 596 597 /* Extract optional path */ 598 *tmp++ = '\0'; 599 if (*tmp == '\0') 600 tmp = "."; 601 path = xstrdup(tmp); 602 603 /* Extract optional user and mandatory host */ 604 tmp = strrchr(sdup, '@'); 605 if (tmp != NULL) { 606 *tmp++ = '\0'; 607 host = xstrdup(cleanhostname(tmp)); 608 if (*sdup != '\0') 609 user = xstrdup(sdup); 610 } else { 611 host = xstrdup(cleanhostname(sdup)); 612 user = NULL; 613 } 614 615 /* Success */ 616 if (userp != NULL) { 617 *userp = user; 618 user = NULL; 619 } 620 if (hostp != NULL) { 621 *hostp = host; 622 host = NULL; 623 } 624 if (pathp != NULL) { 625 *pathp = path; 626 path = NULL; 627 } 628 ret = 0; 629 out: 630 free(sdup); 631 free(user); 632 free(host); 633 free(path); 634 return ret; 635 } 636 637 /* 638 * Parse a [user@]host[:port] string. 639 * Caller must free returned user and host. 640 * Any of the pointer return arguments may be NULL (useful for syntax checking). 641 * If user was not specified then *userp will be set to NULL. 642 * If port was not specified then *portp will be -1. 643 * Returns 0 on success, -1 on failure. 644 */ 645 int 646 parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) 647 { 648 char *sdup, *cp, *tmp; 649 char *user = NULL, *host = NULL; 650 int port = -1, ret = -1; 651 652 if (userp != NULL) 653 *userp = NULL; 654 if (hostp != NULL) 655 *hostp = NULL; 656 if (portp != NULL) 657 *portp = -1; 658 659 if ((sdup = tmp = strdup(s)) == NULL) 660 return -1; 661 /* Extract optional username */ 662 if ((cp = strrchr(tmp, '@')) != NULL) { 663 *cp = '\0'; 664 if (*tmp == '\0') 665 goto out; 666 if ((user = strdup(tmp)) == NULL) 667 goto out; 668 tmp = cp + 1; 669 } 670 /* Extract mandatory hostname */ 671 if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0') 672 goto out; 673 host = xstrdup(cleanhostname(cp)); 674 /* Convert and verify optional port */ 675 if (tmp != NULL && *tmp != '\0') { 676 if ((port = a2port(tmp)) <= 0) 677 goto out; 678 } 679 /* Success */ 680 if (userp != NULL) { 681 *userp = user; 682 user = NULL; 683 } 684 if (hostp != NULL) { 685 *hostp = host; 686 host = NULL; 687 } 688 if (portp != NULL) 689 *portp = port; 690 ret = 0; 691 out: 692 free(sdup); 693 free(user); 694 free(host); 695 return ret; 696 } 697 698 /* 699 * Converts a two-byte hex string to decimal. 700 * Returns the decimal value or -1 for invalid input. 701 */ 702 static int 703 hexchar(const char *s) 704 { 705 unsigned char result[2]; 706 int i; 707 708 for (i = 0; i < 2; i++) { 709 if (s[i] >= '0' && s[i] <= '9') 710 result[i] = (unsigned char)(s[i] - '0'); 711 else if (s[i] >= 'a' && s[i] <= 'f') 712 result[i] = (unsigned char)(s[i] - 'a') + 10; 713 else if (s[i] >= 'A' && s[i] <= 'F') 714 result[i] = (unsigned char)(s[i] - 'A') + 10; 715 else 716 return -1; 717 } 718 return (result[0] << 4) | result[1]; 719 } 720 721 /* 722 * Decode an url-encoded string. 723 * Returns a newly allocated string on success or NULL on failure. 724 */ 725 static char * 726 urldecode(const char *src) 727 { 728 char *ret, *dst; 729 int ch; 730 731 ret = xmalloc(strlen(src) + 1); 732 for (dst = ret; *src != '\0'; src++) { 733 switch (*src) { 734 case '+': 735 *dst++ = ' '; 736 break; 737 case '%': 738 if (!isxdigit((unsigned char)src[1]) || 739 !isxdigit((unsigned char)src[2]) || 740 (ch = hexchar(src + 1)) == -1) { 741 free(ret); 742 return NULL; 743 } 744 *dst++ = ch; 745 src += 2; 746 break; 747 default: 748 *dst++ = *src; 749 break; 750 } 751 } 752 *dst = '\0'; 753 754 return ret; 755 } 756 757 /* 758 * Parse an (scp|ssh|sftp)://[user@]host[:port][/path] URI. 759 * See https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04 760 * Either user or path may be url-encoded (but not host or port). 761 * Caller must free returned user, host and path. 762 * Any of the pointer return arguments may be NULL (useful for syntax checking) 763 * but the scheme must always be specified. 764 * If user was not specified then *userp will be set to NULL. 765 * If port was not specified then *portp will be -1. 766 * If path was not specified then *pathp will be set to NULL. 767 * Returns 0 on success, 1 if non-uri/wrong scheme, -1 on error/invalid uri. 768 */ 769 int 770 parse_uri(const char *scheme, const char *uri, char **userp, char **hostp, 771 int *portp, char **pathp) 772 { 773 char *uridup, *cp, *tmp, ch; 774 char *user = NULL, *host = NULL, *path = NULL; 775 int port = -1, ret = -1; 776 size_t len; 777 778 len = strlen(scheme); 779 if (strncmp(uri, scheme, len) != 0 || strncmp(uri + len, "://", 3) != 0) 780 return 1; 781 uri += len + 3; 782 783 if (userp != NULL) 784 *userp = NULL; 785 if (hostp != NULL) 786 *hostp = NULL; 787 if (portp != NULL) 788 *portp = -1; 789 if (pathp != NULL) 790 *pathp = NULL; 791 792 uridup = tmp = xstrdup(uri); 793 794 /* Extract optional ssh-info (username + connection params) */ 795 if ((cp = strchr(tmp, '@')) != NULL) { 796 char *delim; 797 798 *cp = '\0'; 799 /* Extract username and connection params */ 800 if ((delim = strchr(tmp, ';')) != NULL) { 801 /* Just ignore connection params for now */ 802 *delim = '\0'; 803 } 804 if (*tmp == '\0') { 805 /* Empty username */ 806 goto out; 807 } 808 if ((user = urldecode(tmp)) == NULL) 809 goto out; 810 tmp = cp + 1; 811 } 812 813 /* Extract mandatory hostname */ 814 if ((cp = hpdelim2(&tmp, &ch)) == NULL || *cp == '\0') 815 goto out; 816 host = xstrdup(cleanhostname(cp)); 817 if (!valid_domain(host, 0, NULL)) 818 goto out; 819 820 if (tmp != NULL && *tmp != '\0') { 821 if (ch == ':') { 822 /* Convert and verify port. */ 823 if ((cp = strchr(tmp, '/')) != NULL) 824 *cp = '\0'; 825 if ((port = a2port(tmp)) <= 0) 826 goto out; 827 tmp = cp ? cp + 1 : NULL; 828 } 829 if (tmp != NULL && *tmp != '\0') { 830 /* Extract optional path */ 831 if ((path = urldecode(tmp)) == NULL) 832 goto out; 833 } 834 } 835 836 /* Success */ 837 if (userp != NULL) { 838 *userp = user; 839 user = NULL; 840 } 841 if (hostp != NULL) { 842 *hostp = host; 843 host = NULL; 844 } 845 if (portp != NULL) 846 *portp = port; 847 if (pathp != NULL) { 848 *pathp = path; 849 path = NULL; 850 } 851 ret = 0; 852 out: 853 free(uridup); 854 free(user); 855 free(host); 856 free(path); 857 return ret; 858 } 859 860 /* function to assist building execv() arguments */ 861 void 862 addargs(arglist *args, char *fmt, ...) 863 { 864 va_list ap; 865 char *cp; 866 u_int nalloc; 867 int r; 868 869 va_start(ap, fmt); 870 r = vasprintf(&cp, fmt, ap); 871 va_end(ap); 872 if (r == -1) 873 fatal("addargs: argument too long"); 874 875 nalloc = args->nalloc; 876 if (args->list == NULL) { 877 nalloc = 32; 878 args->num = 0; 879 } else if (args->num+2 >= nalloc) 880 nalloc *= 2; 881 882 args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); 883 args->nalloc = nalloc; 884 args->list[args->num++] = cp; 885 args->list[args->num] = NULL; 886 } 887 888 void 889 replacearg(arglist *args, u_int which, char *fmt, ...) 890 { 891 va_list ap; 892 char *cp; 893 int r; 894 895 va_start(ap, fmt); 896 r = vasprintf(&cp, fmt, ap); 897 va_end(ap); 898 if (r == -1) 899 fatal("replacearg: argument too long"); 900 901 if (which >= args->num) 902 fatal("replacearg: tried to replace invalid arg %d >= %d", 903 which, args->num); 904 free(args->list[which]); 905 args->list[which] = cp; 906 } 907 908 void 909 freeargs(arglist *args) 910 { 911 u_int i; 912 913 if (args->list != NULL) { 914 for (i = 0; i < args->num; i++) 915 free(args->list[i]); 916 free(args->list); 917 args->nalloc = args->num = 0; 918 args->list = NULL; 919 } 920 } 921 922 /* 923 * Expands tildes in the file name. Returns data allocated by xmalloc. 924 * Warning: this calls getpw*. 925 */ 926 char * 927 tilde_expand_filename(const char *filename, uid_t uid) 928 { 929 const char *path, *sep; 930 char user[128], *ret; 931 struct passwd *pw; 932 u_int len, slash; 933 934 if (*filename != '~') 935 return (xstrdup(filename)); 936 filename++; 937 938 path = strchr(filename, '/'); 939 if (path != NULL && path > filename) { /* ~user/path */ 940 slash = path - filename; 941 if (slash > sizeof(user) - 1) 942 fatal("tilde_expand_filename: ~username too long"); 943 memcpy(user, filename, slash); 944 user[slash] = '\0'; 945 if ((pw = getpwnam(user)) == NULL) 946 fatal("tilde_expand_filename: No such user %s", user); 947 } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ 948 fatal("tilde_expand_filename: No such uid %ld", (long)uid); 949 950 /* Make sure directory has a trailing '/' */ 951 len = strlen(pw->pw_dir); 952 if (len == 0 || pw->pw_dir[len - 1] != '/') 953 sep = "/"; 954 else 955 sep = ""; 956 957 /* Skip leading '/' from specified path */ 958 if (path != NULL) 959 filename = path + 1; 960 961 if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) 962 fatal("tilde_expand_filename: Path too long"); 963 964 return (ret); 965 } 966 967 /* 968 * Expand a string with a set of %[char] escapes. A number of escapes may be 969 * specified as (char *escape_chars, char *replacement) pairs. The list must 970 * be terminated by a NULL escape_char. Returns replaced string in memory 971 * allocated by xmalloc. 972 */ 973 char * 974 percent_expand(const char *string, ...) 975 { 976 #define EXPAND_MAX_KEYS 16 977 u_int num_keys, i, j; 978 struct { 979 const char *key; 980 const char *repl; 981 } keys[EXPAND_MAX_KEYS]; 982 char buf[4096]; 983 va_list ap; 984 985 /* Gather keys */ 986 va_start(ap, string); 987 for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { 988 keys[num_keys].key = va_arg(ap, char *); 989 if (keys[num_keys].key == NULL) 990 break; 991 keys[num_keys].repl = va_arg(ap, char *); 992 if (keys[num_keys].repl == NULL) 993 fatal("%s: NULL replacement", __func__); 994 } 995 if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) 996 fatal("%s: too many keys", __func__); 997 va_end(ap); 998 999 /* Expand string */ 1000 *buf = '\0'; 1001 for (i = 0; *string != '\0'; string++) { 1002 if (*string != '%') { 1003 append: 1004 buf[i++] = *string; 1005 if (i >= sizeof(buf)) 1006 fatal("%s: string too long", __func__); 1007 buf[i] = '\0'; 1008 continue; 1009 } 1010 string++; 1011 /* %% case */ 1012 if (*string == '%') 1013 goto append; 1014 if (*string == '\0') 1015 fatal("%s: invalid format", __func__); 1016 for (j = 0; j < num_keys; j++) { 1017 if (strchr(keys[j].key, *string) != NULL) { 1018 i = strlcat(buf, keys[j].repl, sizeof(buf)); 1019 if (i >= sizeof(buf)) 1020 fatal("%s: string too long", __func__); 1021 break; 1022 } 1023 } 1024 if (j >= num_keys) 1025 fatal("%s: unknown key %%%c", __func__, *string); 1026 } 1027 return (xstrdup(buf)); 1028 #undef EXPAND_MAX_KEYS 1029 } 1030 1031 int 1032 tun_open(int tun, int mode, char **ifname) 1033 { 1034 #if defined(CUSTOM_SYS_TUN_OPEN) 1035 return (sys_tun_open(tun, mode, ifname)); 1036 #elif defined(SSH_TUN_OPENBSD) 1037 struct ifreq ifr; 1038 char name[100]; 1039 int fd = -1, sock; 1040 const char *tunbase = "tun"; 1041 1042 if (ifname != NULL) 1043 *ifname = NULL; 1044 1045 if (mode == SSH_TUNMODE_ETHERNET) 1046 tunbase = "tap"; 1047 1048 /* Open the tunnel device */ 1049 if (tun <= SSH_TUNID_MAX) { 1050 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); 1051 fd = open(name, O_RDWR); 1052 } else if (tun == SSH_TUNID_ANY) { 1053 for (tun = 100; tun >= 0; tun--) { 1054 snprintf(name, sizeof(name), "/dev/%s%d", 1055 tunbase, tun); 1056 if ((fd = open(name, O_RDWR)) >= 0) 1057 break; 1058 } 1059 } else { 1060 debug("%s: invalid tunnel %u", __func__, tun); 1061 return -1; 1062 } 1063 1064 if (fd < 0) { 1065 debug("%s: %s open: %s", __func__, name, strerror(errno)); 1066 return -1; 1067 } 1068 1069 debug("%s: %s mode %d fd %d", __func__, name, mode, fd); 1070 1071 /* Bring interface up if it is not already */ 1072 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); 1073 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) 1074 goto failed; 1075 1076 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { 1077 debug("%s: get interface %s flags: %s", __func__, 1078 ifr.ifr_name, strerror(errno)); 1079 goto failed; 1080 } 1081 1082 if (!(ifr.ifr_flags & IFF_UP)) { 1083 ifr.ifr_flags |= IFF_UP; 1084 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { 1085 debug("%s: activate interface %s: %s", __func__, 1086 ifr.ifr_name, strerror(errno)); 1087 goto failed; 1088 } 1089 } 1090 1091 if (ifname != NULL) 1092 *ifname = xstrdup(ifr.ifr_name); 1093 1094 close(sock); 1095 return fd; 1096 1097 failed: 1098 if (fd >= 0) 1099 close(fd); 1100 if (sock >= 0) 1101 close(sock); 1102 return -1; 1103 #else 1104 error("Tunnel interfaces are not supported on this platform"); 1105 return (-1); 1106 #endif 1107 } 1108 1109 void 1110 sanitise_stdfd(void) 1111 { 1112 int nullfd, dupfd; 1113 1114 if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 1115 fprintf(stderr, "Couldn't open /dev/null: %s\n", 1116 strerror(errno)); 1117 exit(1); 1118 } 1119 while (++dupfd <= STDERR_FILENO) { 1120 /* Only populate closed fds. */ 1121 if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) { 1122 if (dup2(nullfd, dupfd) == -1) { 1123 fprintf(stderr, "dup2: %s\n", strerror(errno)); 1124 exit(1); 1125 } 1126 } 1127 } 1128 if (nullfd > STDERR_FILENO) 1129 close(nullfd); 1130 } 1131 1132 char * 1133 tohex(const void *vp, size_t l) 1134 { 1135 const u_char *p = (const u_char *)vp; 1136 char b[3], *r; 1137 size_t i, hl; 1138 1139 if (l > 65536) 1140 return xstrdup("tohex: length > 65536"); 1141 1142 hl = l * 2 + 1; 1143 r = xcalloc(1, hl); 1144 for (i = 0; i < l; i++) { 1145 snprintf(b, sizeof(b), "%02x", p[i]); 1146 strlcat(r, b, hl); 1147 } 1148 return (r); 1149 } 1150 1151 u_int64_t 1152 get_u64(const void *vp) 1153 { 1154 const u_char *p = (const u_char *)vp; 1155 u_int64_t v; 1156 1157 v = (u_int64_t)p[0] << 56; 1158 v |= (u_int64_t)p[1] << 48; 1159 v |= (u_int64_t)p[2] << 40; 1160 v |= (u_int64_t)p[3] << 32; 1161 v |= (u_int64_t)p[4] << 24; 1162 v |= (u_int64_t)p[5] << 16; 1163 v |= (u_int64_t)p[6] << 8; 1164 v |= (u_int64_t)p[7]; 1165 1166 return (v); 1167 } 1168 1169 u_int32_t 1170 get_u32(const void *vp) 1171 { 1172 const u_char *p = (const u_char *)vp; 1173 u_int32_t v; 1174 1175 v = (u_int32_t)p[0] << 24; 1176 v |= (u_int32_t)p[1] << 16; 1177 v |= (u_int32_t)p[2] << 8; 1178 v |= (u_int32_t)p[3]; 1179 1180 return (v); 1181 } 1182 1183 u_int32_t 1184 get_u32_le(const void *vp) 1185 { 1186 const u_char *p = (const u_char *)vp; 1187 u_int32_t v; 1188 1189 v = (u_int32_t)p[0]; 1190 v |= (u_int32_t)p[1] << 8; 1191 v |= (u_int32_t)p[2] << 16; 1192 v |= (u_int32_t)p[3] << 24; 1193 1194 return (v); 1195 } 1196 1197 u_int16_t 1198 get_u16(const void *vp) 1199 { 1200 const u_char *p = (const u_char *)vp; 1201 u_int16_t v; 1202 1203 v = (u_int16_t)p[0] << 8; 1204 v |= (u_int16_t)p[1]; 1205 1206 return (v); 1207 } 1208 1209 void 1210 put_u64(void *vp, u_int64_t v) 1211 { 1212 u_char *p = (u_char *)vp; 1213 1214 p[0] = (u_char)(v >> 56) & 0xff; 1215 p[1] = (u_char)(v >> 48) & 0xff; 1216 p[2] = (u_char)(v >> 40) & 0xff; 1217 p[3] = (u_char)(v >> 32) & 0xff; 1218 p[4] = (u_char)(v >> 24) & 0xff; 1219 p[5] = (u_char)(v >> 16) & 0xff; 1220 p[6] = (u_char)(v >> 8) & 0xff; 1221 p[7] = (u_char)v & 0xff; 1222 } 1223 1224 void 1225 put_u32(void *vp, u_int32_t v) 1226 { 1227 u_char *p = (u_char *)vp; 1228 1229 p[0] = (u_char)(v >> 24) & 0xff; 1230 p[1] = (u_char)(v >> 16) & 0xff; 1231 p[2] = (u_char)(v >> 8) & 0xff; 1232 p[3] = (u_char)v & 0xff; 1233 } 1234 1235 void 1236 put_u32_le(void *vp, u_int32_t v) 1237 { 1238 u_char *p = (u_char *)vp; 1239 1240 p[0] = (u_char)v & 0xff; 1241 p[1] = (u_char)(v >> 8) & 0xff; 1242 p[2] = (u_char)(v >> 16) & 0xff; 1243 p[3] = (u_char)(v >> 24) & 0xff; 1244 } 1245 1246 void 1247 put_u16(void *vp, u_int16_t v) 1248 { 1249 u_char *p = (u_char *)vp; 1250 1251 p[0] = (u_char)(v >> 8) & 0xff; 1252 p[1] = (u_char)v & 0xff; 1253 } 1254 1255 void 1256 ms_subtract_diff(struct timeval *start, int *ms) 1257 { 1258 struct timeval diff, finish; 1259 1260 monotime_tv(&finish); 1261 timersub(&finish, start, &diff); 1262 *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); 1263 } 1264 1265 void 1266 ms_to_timeval(struct timeval *tv, int ms) 1267 { 1268 if (ms < 0) 1269 ms = 0; 1270 tv->tv_sec = ms / 1000; 1271 tv->tv_usec = (ms % 1000) * 1000; 1272 } 1273 1274 void 1275 monotime_ts(struct timespec *ts) 1276 { 1277 struct timeval tv; 1278 #if defined(HAVE_CLOCK_GETTIME) && (defined(CLOCK_BOOTTIME) || \ 1279 defined(CLOCK_MONOTONIC) || defined(CLOCK_REALTIME)) 1280 static int gettime_failed = 0; 1281 1282 if (!gettime_failed) { 1283 # ifdef CLOCK_BOOTTIME 1284 if (clock_gettime(CLOCK_BOOTTIME, ts) == 0) 1285 return; 1286 # endif /* CLOCK_BOOTTIME */ 1287 # ifdef CLOCK_MONOTONIC 1288 if (clock_gettime(CLOCK_MONOTONIC, ts) == 0) 1289 return; 1290 # endif /* CLOCK_MONOTONIC */ 1291 # ifdef CLOCK_REALTIME 1292 /* Not monotonic, but we're almost out of options here. */ 1293 if (clock_gettime(CLOCK_REALTIME, ts) == 0) 1294 return; 1295 # endif /* CLOCK_REALTIME */ 1296 debug3("clock_gettime: %s", strerror(errno)); 1297 gettime_failed = 1; 1298 } 1299 #endif /* HAVE_CLOCK_GETTIME && (BOOTTIME || MONOTONIC || REALTIME) */ 1300 gettimeofday(&tv, NULL); 1301 ts->tv_sec = tv.tv_sec; 1302 ts->tv_nsec = (long)tv.tv_usec * 1000; 1303 } 1304 1305 void 1306 monotime_tv(struct timeval *tv) 1307 { 1308 struct timespec ts; 1309 1310 monotime_ts(&ts); 1311 tv->tv_sec = ts.tv_sec; 1312 tv->tv_usec = ts.tv_nsec / 1000; 1313 } 1314 1315 time_t 1316 monotime(void) 1317 { 1318 struct timespec ts; 1319 1320 monotime_ts(&ts); 1321 return ts.tv_sec; 1322 } 1323 1324 double 1325 monotime_double(void) 1326 { 1327 struct timespec ts; 1328 1329 monotime_ts(&ts); 1330 return ts.tv_sec + ((double)ts.tv_nsec / 1000000000); 1331 } 1332 1333 void 1334 bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) 1335 { 1336 bw->buflen = buflen; 1337 bw->rate = kbps; 1338 bw->thresh = bw->rate; 1339 bw->lamt = 0; 1340 timerclear(&bw->bwstart); 1341 timerclear(&bw->bwend); 1342 } 1343 1344 /* Callback from read/write loop to insert bandwidth-limiting delays */ 1345 void 1346 bandwidth_limit(struct bwlimit *bw, size_t read_len) 1347 { 1348 u_int64_t waitlen; 1349 struct timespec ts, rm; 1350 1351 if (!timerisset(&bw->bwstart)) { 1352 monotime_tv(&bw->bwstart); 1353 return; 1354 } 1355 1356 bw->lamt += read_len; 1357 if (bw->lamt < bw->thresh) 1358 return; 1359 1360 monotime_tv(&bw->bwend); 1361 timersub(&bw->bwend, &bw->bwstart, &bw->bwend); 1362 if (!timerisset(&bw->bwend)) 1363 return; 1364 1365 bw->lamt *= 8; 1366 waitlen = (double)1000000L * bw->lamt / bw->rate; 1367 1368 bw->bwstart.tv_sec = waitlen / 1000000L; 1369 bw->bwstart.tv_usec = waitlen % 1000000L; 1370 1371 if (timercmp(&bw->bwstart, &bw->bwend, >)) { 1372 timersub(&bw->bwstart, &bw->bwend, &bw->bwend); 1373 1374 /* Adjust the wait time */ 1375 if (bw->bwend.tv_sec) { 1376 bw->thresh /= 2; 1377 if (bw->thresh < bw->buflen / 4) 1378 bw->thresh = bw->buflen / 4; 1379 } else if (bw->bwend.tv_usec < 10000) { 1380 bw->thresh *= 2; 1381 if (bw->thresh > bw->buflen * 8) 1382 bw->thresh = bw->buflen * 8; 1383 } 1384 1385 TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); 1386 while (nanosleep(&ts, &rm) == -1) { 1387 if (errno != EINTR) 1388 break; 1389 ts = rm; 1390 } 1391 } 1392 1393 bw->lamt = 0; 1394 monotime_tv(&bw->bwstart); 1395 } 1396 1397 /* Make a template filename for mk[sd]temp() */ 1398 void 1399 mktemp_proto(char *s, size_t len) 1400 { 1401 const char *tmpdir; 1402 int r; 1403 1404 if ((tmpdir = getenv("TMPDIR")) != NULL) { 1405 r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); 1406 if (r > 0 && (size_t)r < len) 1407 return; 1408 } 1409 r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); 1410 if (r < 0 || (size_t)r >= len) 1411 fatal("%s: template string too short", __func__); 1412 } 1413 1414 static const struct { 1415 const char *name; 1416 int value; 1417 } ipqos[] = { 1418 { "none", INT_MAX }, /* can't use 0 here; that's CS0 */ 1419 { "af11", IPTOS_DSCP_AF11 }, 1420 { "af12", IPTOS_DSCP_AF12 }, 1421 { "af13", IPTOS_DSCP_AF13 }, 1422 { "af21", IPTOS_DSCP_AF21 }, 1423 { "af22", IPTOS_DSCP_AF22 }, 1424 { "af23", IPTOS_DSCP_AF23 }, 1425 { "af31", IPTOS_DSCP_AF31 }, 1426 { "af32", IPTOS_DSCP_AF32 }, 1427 { "af33", IPTOS_DSCP_AF33 }, 1428 { "af41", IPTOS_DSCP_AF41 }, 1429 { "af42", IPTOS_DSCP_AF42 }, 1430 { "af43", IPTOS_DSCP_AF43 }, 1431 { "cs0", IPTOS_DSCP_CS0 }, 1432 { "cs1", IPTOS_DSCP_CS1 }, 1433 { "cs2", IPTOS_DSCP_CS2 }, 1434 { "cs3", IPTOS_DSCP_CS3 }, 1435 { "cs4", IPTOS_DSCP_CS4 }, 1436 { "cs5", IPTOS_DSCP_CS5 }, 1437 { "cs6", IPTOS_DSCP_CS6 }, 1438 { "cs7", IPTOS_DSCP_CS7 }, 1439 { "ef", IPTOS_DSCP_EF }, 1440 { "lowdelay", IPTOS_LOWDELAY }, 1441 { "throughput", IPTOS_THROUGHPUT }, 1442 { "reliability", IPTOS_RELIABILITY }, 1443 { NULL, -1 } 1444 }; 1445 1446 int 1447 parse_ipqos(const char *cp) 1448 { 1449 u_int i; 1450 char *ep; 1451 long val; 1452 1453 if (cp == NULL) 1454 return -1; 1455 for (i = 0; ipqos[i].name != NULL; i++) { 1456 if (strcasecmp(cp, ipqos[i].name) == 0) 1457 return ipqos[i].value; 1458 } 1459 /* Try parsing as an integer */ 1460 val = strtol(cp, &ep, 0); 1461 if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) 1462 return -1; 1463 return val; 1464 } 1465 1466 const char * 1467 iptos2str(int iptos) 1468 { 1469 int i; 1470 static char iptos_str[sizeof "0xff"]; 1471 1472 for (i = 0; ipqos[i].name != NULL; i++) { 1473 if (ipqos[i].value == iptos) 1474 return ipqos[i].name; 1475 } 1476 snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); 1477 return iptos_str; 1478 } 1479 1480 void 1481 lowercase(char *s) 1482 { 1483 for (; *s; s++) 1484 *s = tolower((u_char)*s); 1485 } 1486 1487 int 1488 unix_listener(const char *path, int backlog, int unlink_first) 1489 { 1490 struct sockaddr_un sunaddr; 1491 int saved_errno, sock; 1492 1493 memset(&sunaddr, 0, sizeof(sunaddr)); 1494 sunaddr.sun_family = AF_UNIX; 1495 if (strlcpy(sunaddr.sun_path, path, 1496 sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { 1497 error("%s: path \"%s\" too long for Unix domain socket", 1498 __func__, path); 1499 errno = ENAMETOOLONG; 1500 return -1; 1501 } 1502 1503 sock = socket(PF_UNIX, SOCK_STREAM, 0); 1504 if (sock < 0) { 1505 saved_errno = errno; 1506 error("%s: socket: %.100s", __func__, strerror(errno)); 1507 errno = saved_errno; 1508 return -1; 1509 } 1510 if (unlink_first == 1) { 1511 if (unlink(path) != 0 && errno != ENOENT) 1512 error("unlink(%s): %.100s", path, strerror(errno)); 1513 } 1514 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { 1515 saved_errno = errno; 1516 error("%s: cannot bind to path %s: %s", 1517 __func__, path, strerror(errno)); 1518 close(sock); 1519 errno = saved_errno; 1520 return -1; 1521 } 1522 if (listen(sock, backlog) < 0) { 1523 saved_errno = errno; 1524 error("%s: cannot listen on path %s: %s", 1525 __func__, path, strerror(errno)); 1526 close(sock); 1527 unlink(path); 1528 errno = saved_errno; 1529 return -1; 1530 } 1531 return sock; 1532 } 1533 1534 void 1535 sock_set_v6only(int s) 1536 { 1537 #if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) 1538 int on = 1; 1539 1540 debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); 1541 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) 1542 error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); 1543 #endif 1544 } 1545 1546 /* 1547 * Compares two strings that maybe be NULL. Returns non-zero if strings 1548 * are both NULL or are identical, returns zero otherwise. 1549 */ 1550 static int 1551 strcmp_maybe_null(const char *a, const char *b) 1552 { 1553 if ((a == NULL && b != NULL) || (a != NULL && b == NULL)) 1554 return 0; 1555 if (a != NULL && strcmp(a, b) != 0) 1556 return 0; 1557 return 1; 1558 } 1559 1560 /* 1561 * Compare two forwards, returning non-zero if they are identical or 1562 * zero otherwise. 1563 */ 1564 int 1565 forward_equals(const struct Forward *a, const struct Forward *b) 1566 { 1567 if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0) 1568 return 0; 1569 if (a->listen_port != b->listen_port) 1570 return 0; 1571 if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0) 1572 return 0; 1573 if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0) 1574 return 0; 1575 if (a->connect_port != b->connect_port) 1576 return 0; 1577 if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0) 1578 return 0; 1579 /* allocated_port and handle are not checked */ 1580 return 1; 1581 } 1582 1583 /* returns 1 if process is already daemonized, 0 otherwise */ 1584 int 1585 daemonized(void) 1586 { 1587 int fd; 1588 1589 if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) { 1590 close(fd); 1591 return 0; /* have controlling terminal */ 1592 } 1593 if (getppid() != 1) 1594 return 0; /* parent is not init */ 1595 if (getsid(0) != getpid()) 1596 return 0; /* not session leader */ 1597 debug3("already daemonized"); 1598 return 1; 1599 } 1600 1601 1602 /* 1603 * Splits 's' into an argument vector. Handles quoted string and basic 1604 * escape characters (\\, \", \'). Caller must free the argument vector 1605 * and its members. 1606 */ 1607 int 1608 argv_split(const char *s, int *argcp, char ***argvp) 1609 { 1610 int r = SSH_ERR_INTERNAL_ERROR; 1611 int argc = 0, quote, i, j; 1612 char *arg, **argv = xcalloc(1, sizeof(*argv)); 1613 1614 *argvp = NULL; 1615 *argcp = 0; 1616 1617 for (i = 0; s[i] != '\0'; i++) { 1618 /* Skip leading whitespace */ 1619 if (s[i] == ' ' || s[i] == '\t') 1620 continue; 1621 1622 /* Start of a token */ 1623 quote = 0; 1624 if (s[i] == '\\' && 1625 (s[i + 1] == '\'' || s[i + 1] == '\"' || s[i + 1] == '\\')) 1626 i++; 1627 else if (s[i] == '\'' || s[i] == '"') 1628 quote = s[i++]; 1629 1630 argv = xreallocarray(argv, (argc + 2), sizeof(*argv)); 1631 arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1); 1632 argv[argc] = NULL; 1633 1634 /* Copy the token in, removing escapes */ 1635 for (j = 0; s[i] != '\0'; i++) { 1636 if (s[i] == '\\') { 1637 if (s[i + 1] == '\'' || 1638 s[i + 1] == '\"' || 1639 s[i + 1] == '\\') { 1640 i++; /* Skip '\' */ 1641 arg[j++] = s[i]; 1642 } else { 1643 /* Unrecognised escape */ 1644 arg[j++] = s[i]; 1645 } 1646 } else if (quote == 0 && (s[i] == ' ' || s[i] == '\t')) 1647 break; /* done */ 1648 else if (quote != 0 && s[i] == quote) 1649 break; /* done */ 1650 else 1651 arg[j++] = s[i]; 1652 } 1653 if (s[i] == '\0') { 1654 if (quote != 0) { 1655 /* Ran out of string looking for close quote */ 1656 r = SSH_ERR_INVALID_FORMAT; 1657 goto out; 1658 } 1659 break; 1660 } 1661 } 1662 /* Success */ 1663 *argcp = argc; 1664 *argvp = argv; 1665 argc = 0; 1666 argv = NULL; 1667 r = 0; 1668 out: 1669 if (argc != 0 && argv != NULL) { 1670 for (i = 0; i < argc; i++) 1671 free(argv[i]); 1672 free(argv); 1673 } 1674 return r; 1675 } 1676 1677 /* 1678 * Reassemble an argument vector into a string, quoting and escaping as 1679 * necessary. Caller must free returned string. 1680 */ 1681 char * 1682 argv_assemble(int argc, char **argv) 1683 { 1684 int i, j, ws, r; 1685 char c, *ret; 1686 struct sshbuf *buf, *arg; 1687 1688 if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL) 1689 fatal("%s: sshbuf_new failed", __func__); 1690 1691 for (i = 0; i < argc; i++) { 1692 ws = 0; 1693 sshbuf_reset(arg); 1694 for (j = 0; argv[i][j] != '\0'; j++) { 1695 r = 0; 1696 c = argv[i][j]; 1697 switch (c) { 1698 case ' ': 1699 case '\t': 1700 ws = 1; 1701 r = sshbuf_put_u8(arg, c); 1702 break; 1703 case '\\': 1704 case '\'': 1705 case '"': 1706 if ((r = sshbuf_put_u8(arg, '\\')) != 0) 1707 break; 1708 /* FALLTHROUGH */ 1709 default: 1710 r = sshbuf_put_u8(arg, c); 1711 break; 1712 } 1713 if (r != 0) 1714 fatal("%s: sshbuf_put_u8: %s", 1715 __func__, ssh_err(r)); 1716 } 1717 if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) || 1718 (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) || 1719 (r = sshbuf_putb(buf, arg)) != 0 || 1720 (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0)) 1721 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1722 } 1723 if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL) 1724 fatal("%s: malloc failed", __func__); 1725 memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf)); 1726 ret[sshbuf_len(buf)] = '\0'; 1727 sshbuf_free(buf); 1728 sshbuf_free(arg); 1729 return ret; 1730 } 1731 1732 /* Returns 0 if pid exited cleanly, non-zero otherwise */ 1733 int 1734 exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet) 1735 { 1736 int status; 1737 1738 while (waitpid(pid, &status, 0) == -1) { 1739 if (errno != EINTR) { 1740 error("%s: waitpid: %s", tag, strerror(errno)); 1741 return -1; 1742 } 1743 } 1744 if (WIFSIGNALED(status)) { 1745 error("%s %s exited on signal %d", tag, cmd, WTERMSIG(status)); 1746 return -1; 1747 } else if (WEXITSTATUS(status) != 0) { 1748 do_log2(quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_INFO, 1749 "%s %s failed, status %d", tag, cmd, WEXITSTATUS(status)); 1750 return -1; 1751 } 1752 return 0; 1753 } 1754 1755 /* 1756 * Check a given path for security. This is defined as all components 1757 * of the path to the file must be owned by either the owner of 1758 * of the file or root and no directories must be group or world writable. 1759 * 1760 * XXX Should any specific check be done for sym links ? 1761 * 1762 * Takes a file name, its stat information (preferably from fstat() to 1763 * avoid races), the uid of the expected owner, their home directory and an 1764 * error buffer plus max size as arguments. 1765 * 1766 * Returns 0 on success and -1 on failure 1767 */ 1768 int 1769 safe_path(const char *name, struct stat *stp, const char *pw_dir, 1770 uid_t uid, char *err, size_t errlen) 1771 { 1772 char buf[PATH_MAX], homedir[PATH_MAX]; 1773 char *cp; 1774 int comparehome = 0; 1775 struct stat st; 1776 1777 if (realpath(name, buf) == NULL) { 1778 snprintf(err, errlen, "realpath %s failed: %s", name, 1779 strerror(errno)); 1780 return -1; 1781 } 1782 if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) 1783 comparehome = 1; 1784 1785 if (!S_ISREG(stp->st_mode)) { 1786 snprintf(err, errlen, "%s is not a regular file", buf); 1787 return -1; 1788 } 1789 if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || 1790 (stp->st_mode & 022) != 0) { 1791 snprintf(err, errlen, "bad ownership or modes for file %s", 1792 buf); 1793 return -1; 1794 } 1795 1796 /* for each component of the canonical path, walking upwards */ 1797 for (;;) { 1798 if ((cp = dirname(buf)) == NULL) { 1799 snprintf(err, errlen, "dirname() failed"); 1800 return -1; 1801 } 1802 strlcpy(buf, cp, sizeof(buf)); 1803 1804 if (stat(buf, &st) < 0 || 1805 (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || 1806 (st.st_mode & 022) != 0) { 1807 snprintf(err, errlen, 1808 "bad ownership or modes for directory %s", buf); 1809 return -1; 1810 } 1811 1812 /* If are past the homedir then we can stop */ 1813 if (comparehome && strcmp(homedir, buf) == 0) 1814 break; 1815 1816 /* 1817 * dirname should always complete with a "/" path, 1818 * but we can be paranoid and check for "." too 1819 */ 1820 if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) 1821 break; 1822 } 1823 return 0; 1824 } 1825 1826 /* 1827 * Version of safe_path() that accepts an open file descriptor to 1828 * avoid races. 1829 * 1830 * Returns 0 on success and -1 on failure 1831 */ 1832 int 1833 safe_path_fd(int fd, const char *file, struct passwd *pw, 1834 char *err, size_t errlen) 1835 { 1836 struct stat st; 1837 1838 /* check the open file to avoid races */ 1839 if (fstat(fd, &st) < 0) { 1840 snprintf(err, errlen, "cannot stat file %s: %s", 1841 file, strerror(errno)); 1842 return -1; 1843 } 1844 return safe_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen); 1845 } 1846 1847 /* 1848 * Sets the value of the given variable in the environment. If the variable 1849 * already exists, its value is overridden. 1850 */ 1851 void 1852 child_set_env(char ***envp, u_int *envsizep, const char *name, 1853 const char *value) 1854 { 1855 char **env; 1856 u_int envsize; 1857 u_int i, namelen; 1858 1859 if (strchr(name, '=') != NULL) { 1860 error("Invalid environment variable \"%.100s\"", name); 1861 return; 1862 } 1863 1864 /* 1865 * If we're passed an uninitialized list, allocate a single null 1866 * entry before continuing. 1867 */ 1868 if (*envp == NULL && *envsizep == 0) { 1869 *envp = xmalloc(sizeof(char *)); 1870 *envp[0] = NULL; 1871 *envsizep = 1; 1872 } 1873 1874 /* 1875 * Find the slot where the value should be stored. If the variable 1876 * already exists, we reuse the slot; otherwise we append a new slot 1877 * at the end of the array, expanding if necessary. 1878 */ 1879 env = *envp; 1880 namelen = strlen(name); 1881 for (i = 0; env[i]; i++) 1882 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') 1883 break; 1884 if (env[i]) { 1885 /* Reuse the slot. */ 1886 free(env[i]); 1887 } else { 1888 /* New variable. Expand if necessary. */ 1889 envsize = *envsizep; 1890 if (i >= envsize - 1) { 1891 if (envsize >= 1000) 1892 fatal("child_set_env: too many env vars"); 1893 envsize += 50; 1894 env = (*envp) = xreallocarray(env, envsize, sizeof(char *)); 1895 *envsizep = envsize; 1896 } 1897 /* Need to set the NULL pointer at end of array beyond the new slot. */ 1898 env[i + 1] = NULL; 1899 } 1900 1901 /* Allocate space and format the variable in the appropriate slot. */ 1902 /* XXX xasprintf */ 1903 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); 1904 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); 1905 } 1906 1907 /* 1908 * Check and optionally lowercase a domain name, also removes trailing '.' 1909 * Returns 1 on success and 0 on failure, storing an error message in errstr. 1910 */ 1911 int 1912 valid_domain(char *name, int makelower, const char **errstr) 1913 { 1914 size_t i, l = strlen(name); 1915 u_char c, last = '\0'; 1916 static char errbuf[256]; 1917 1918 if (l == 0) { 1919 strlcpy(errbuf, "empty domain name", sizeof(errbuf)); 1920 goto bad; 1921 } 1922 if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) { 1923 snprintf(errbuf, sizeof(errbuf), "domain name \"%.100s\" " 1924 "starts with invalid character", name); 1925 goto bad; 1926 } 1927 for (i = 0; i < l; i++) { 1928 c = tolower((u_char)name[i]); 1929 if (makelower) 1930 name[i] = (char)c; 1931 if (last == '.' && c == '.') { 1932 snprintf(errbuf, sizeof(errbuf), "domain name " 1933 "\"%.100s\" contains consecutive separators", name); 1934 goto bad; 1935 } 1936 if (c != '.' && c != '-' && !isalnum(c) && 1937 c != '_') /* technically invalid, but common */ { 1938 snprintf(errbuf, sizeof(errbuf), "domain name " 1939 "\"%.100s\" contains invalid characters", name); 1940 goto bad; 1941 } 1942 last = c; 1943 } 1944 if (name[l - 1] == '.') 1945 name[l - 1] = '\0'; 1946 if (errstr != NULL) 1947 *errstr = NULL; 1948 return 1; 1949 bad: 1950 if (errstr != NULL) 1951 *errstr = errbuf; 1952 return 0; 1953 } 1954 1955 /* 1956 * Verify that a environment variable name (not including initial '$') is 1957 * valid; consisting of one or more alphanumeric or underscore characters only. 1958 * Returns 1 on valid, 0 otherwise. 1959 */ 1960 int 1961 valid_env_name(const char *name) 1962 { 1963 const char *cp; 1964 1965 if (name[0] == '\0') 1966 return 0; 1967 for (cp = name; *cp != '\0'; cp++) { 1968 if (!isalnum((u_char)*cp) && *cp != '_') 1969 return 0; 1970 } 1971 return 1; 1972 } 1973 1974 const char * 1975 atoi_err(const char *nptr, int *val) 1976 { 1977 const char *errstr = NULL; 1978 long long num; 1979 1980 if (nptr == NULL || *nptr == '\0') 1981 return "missing"; 1982 num = strtonum(nptr, 0, INT_MAX, &errstr); 1983 if (errstr == NULL) 1984 *val = (int)num; 1985 return errstr; 1986 } 1987 1988 int 1989 parse_absolute_time(const char *s, uint64_t *tp) 1990 { 1991 struct tm tm; 1992 time_t tt; 1993 char buf[32], *fmt; 1994 1995 *tp = 0; 1996 1997 /* 1998 * POSIX strptime says "The application shall ensure that there 1999 * is white-space or other non-alphanumeric characters between 2000 * any two conversion specifications" so arrange things this way. 2001 */ 2002 switch (strlen(s)) { 2003 case 8: /* YYYYMMDD */ 2004 fmt = "%Y-%m-%d"; 2005 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); 2006 break; 2007 case 12: /* YYYYMMDDHHMM */ 2008 fmt = "%Y-%m-%dT%H:%M"; 2009 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s", 2010 s, s + 4, s + 6, s + 8, s + 10); 2011 break; 2012 case 14: /* YYYYMMDDHHMMSS */ 2013 fmt = "%Y-%m-%dT%H:%M:%S"; 2014 snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", 2015 s, s + 4, s + 6, s + 8, s + 10, s + 12); 2016 break; 2017 default: 2018 return SSH_ERR_INVALID_FORMAT; 2019 } 2020 2021 memset(&tm, 0, sizeof(tm)); 2022 if (strptime(buf, fmt, &tm) == NULL) 2023 return SSH_ERR_INVALID_FORMAT; 2024 if ((tt = mktime(&tm)) < 0) 2025 return SSH_ERR_INVALID_FORMAT; 2026 /* success */ 2027 *tp = (uint64_t)tt; 2028 return 0; 2029 } 2030 2031 void 2032 format_absolute_time(uint64_t t, char *buf, size_t len) 2033 { 2034 time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */ 2035 struct tm tm; 2036 2037 localtime_r(&tt, &tm); 2038 strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); 2039 } 2040