[gssapi-openssh.git] / openssh / misc.c

/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */
/*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/param.h>

#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <netinet/in.h>
#include <netinet/tcp.h>

#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#include <pwd.h>
#endif
#ifdef SSH_TUN_OPENBSD
#include <net/if.h>
#endif

#include "xmalloc.h"
#include "misc.h"
#include "log.h"
#include "ssh.h"

/* remove newline at end of string */
char *
chop(char *s)
{
	char *t = s;
	while (*t) {
		if (*t == '\n' || *t == '\r') {
			*t = '\0';
			return s;
		}
		t++;
	}
	return s;

}

/* set/unset filedescriptor to non-blocking */
int
set_nonblock(int fd)
{
	int val;

	val = fcntl(fd, F_GETFL, 0);
	if (val < 0) {
		error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
		return (-1);
	}
	if (val & O_NONBLOCK) {
		debug3("fd %d is O_NONBLOCK", fd);
		return (0);
	}
	debug2("fd %d setting O_NONBLOCK", fd);
	val |= O_NONBLOCK;
	if (fcntl(fd, F_SETFL, val) == -1) {
		debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
		    strerror(errno));
		return (-1);
	}
	return (0);
}

int
unset_nonblock(int fd)
{
	int val;

	val = fcntl(fd, F_GETFL, 0);
	if (val < 0) {
		error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
		return (-1);
	}
	if (!(val & O_NONBLOCK)) {
		debug3("fd %d is not O_NONBLOCK", fd);
		return (0);
	}
	debug("fd %d clearing O_NONBLOCK", fd);
	val &= ~O_NONBLOCK;
	if (fcntl(fd, F_SETFL, val) == -1) {
		debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
		    fd, strerror(errno));
		return (-1);
	}
	return (0);
}

const char *
ssh_gai_strerror(int gaierr)
{
	if (gaierr == EAI_SYSTEM)
		return strerror(errno);
	return gai_strerror(gaierr);
}

/* disable nagle on socket */
void
set_nodelay(int fd)
{
	int opt;
	socklen_t optlen;

	optlen = sizeof opt;
	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
		debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
		return;
	}
	if (opt == 1) {
		debug2("fd %d is TCP_NODELAY", fd);
		return;
	}
	opt = 1;
	debug2("fd %d setting TCP_NODELAY", fd);
	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}

/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
#define QUOTE	"\""

/* Characters considered as quotations. */
#define QUOTES "'\""

/* return next token in configuration line */
char *
strdelim(char **s)
{
	char *old, *p, *q;
	int wspace = 0;

	if (*s == NULL)
		return NULL;

	old = *s;

        if ((q=strchr(QUOTES, (int) *old)) && *q)
        {
            /* find next quote character, point old to start of quoted
             * string */
            for (p = ++old;*p && *p!=*q; p++)
                 ;
            
            /* find start of next token */
            *s = (*p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
            
            /* terminate 'old' token */
            *p = '\0';
            return (old);
        }

	*s = strpbrk(*s, WHITESPACE QUOTE "=");
	if (*s == NULL)
		return (old);

	if (*s[0] == '\"') {
		memmove(*s, *s + 1, strlen(*s)); /* move nul too */
		/* Find matching quote */
		if ((*s = strpbrk(*s, QUOTE)) == NULL) {
			return (NULL);		/* no matching quote */
		} else {
			*s[0] = '\0';
			return (old);
		}
	}

	/* Allow only one '=' to be skipped */
	if (*s[0] == '=')
		wspace = 1;
	*s[0] = '\0';

	/* Skip any extra whitespace after first token */
	*s += strspn(*s + 1, WHITESPACE) + 1;
	if (*s[0] == '=' && !wspace)
		*s += strspn(*s + 1, WHITESPACE) + 1;

	return (old);
}

struct passwd *
pwcopy(struct passwd *pw)
{
	struct passwd *copy = xcalloc(1, sizeof(*copy));

	copy->pw_name = xstrdup(pw->pw_name);
	copy->pw_passwd = xstrdup(pw->pw_passwd);
	copy->pw_gecos = xstrdup(pw->pw_gecos);
	copy->pw_uid = pw->pw_uid;
	copy->pw_gid = pw->pw_gid;
#ifdef HAVE_PW_EXPIRE_IN_PASSWD
	copy->pw_expire = pw->pw_expire;
#endif
#ifdef HAVE_PW_CHANGE_IN_PASSWD
	copy->pw_change = pw->pw_change;
#endif
#ifdef HAVE_PW_CLASS_IN_PASSWD
	copy->pw_class = xstrdup(pw->pw_class);
#endif
	copy->pw_dir = xstrdup(pw->pw_dir);
	copy->pw_shell = xstrdup(pw->pw_shell);
	return copy;
}

/*
 * Convert ASCII string to TCP/IP port number.
 * Port must be >0 and <=65535.
 * Return 0 if invalid.
 */
int
a2port(const char *s)
{
	long port;
	char *endp;

	errno = 0;
	port = strtol(s, &endp, 0);
	if (s == endp || *endp != '\0' ||
	    (errno == ERANGE && (port == LONG_MIN || port == LONG_MAX)) ||
	    port <= 0 || port > 65535)
		return 0;

	return port;
}

int
a2tun(const char *s, int *remote)
{
	const char *errstr = NULL;
	char *sp, *ep;
	int tun;

	if (remote != NULL) {
		*remote = SSH_TUNID_ANY;
		sp = xstrdup(s);
		if ((ep = strchr(sp, ':')) == NULL) {
			xfree(sp);
			return (a2tun(s, NULL));
		}
		ep[0] = '\0'; ep++;
		*remote = a2tun(ep, NULL);
		tun = a2tun(sp, NULL);
		xfree(sp);
		return (*remote == SSH_TUNID_ERR ? *remote : tun);
	}

	if (strcasecmp(s, "any") == 0)
		return (SSH_TUNID_ANY);

	tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
	if (errstr != NULL)
		return (SSH_TUNID_ERR);

	return (tun);
}

#define SECONDS		1
#define MINUTES		(SECONDS * 60)
#define HOURS		(MINUTES * 60)
#define DAYS		(HOURS * 24)
#define WEEKS		(DAYS * 7)

/*
 * Convert a time string into seconds; format is
 * a sequence of:
 *      time[qualifier]
 *
 * Valid time qualifiers are:
 *      <none>  seconds
 *      s|S     seconds
 *      m|M     minutes
 *      h|H     hours
 *      d|D     days
 *      w|W     weeks
 *
 * Examples:
 *      90m     90 minutes
 *      1h30m   90 minutes
 *      2d      2 days
 *      1w      1 week
 *
 * Return -1 if time string is invalid.
 */
long
convtime(const char *s)
{
	long total, secs;
	const char *p;
	char *endp;

	errno = 0;
	total = 0;
	p = s;

	if (p == NULL || *p == '\0')
		return -1;

	while (*p) {
		secs = strtol(p, &endp, 10);
		if (p == endp ||
		    (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
		    secs < 0)
			return -1;

		switch (*endp++) {
		case '\0':
			endp--;
			break;
		case 's':
		case 'S':
			break;
		case 'm':
		case 'M':
			secs *= MINUTES;
			break;
		case 'h':
		case 'H':
			secs *= HOURS;
			break;
		case 'd':
		case 'D':
			secs *= DAYS;
			break;
		case 'w':
		case 'W':
			secs *= WEEKS;
			break;
		default:
			return -1;
		}
		total += secs;
		if (total < 0)
			return -1;
		p = endp;
	}

	return total;
}

/*
 * Returns a standardized host+port identifier string.
 * Caller must free returned string.
 */
char *
put_host_port(const char *host, u_short port)
{
	char *hoststr;

	if (port == 0 || port == SSH_DEFAULT_PORT)
		return(xstrdup(host));
	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
		fatal("put_host_port: asprintf: %s", strerror(errno));
	debug3("put_host_port: %s", hoststr);
	return hoststr;
}

/*
 * Search for next delimiter between hostnames/addresses and ports.
 * Argument may be modified (for termination).
 * Returns *cp if parsing succeeds.
 * *cp is set to the start of the next delimiter, if one was found.
 * If this is the last field, *cp is set to NULL.
 */
char *
hpdelim(char **cp)
{
	char *s, *old;

	if (cp == NULL || *cp == NULL)
		return NULL;

	old = s = *cp;
	if (*s == '[') {
		if ((s = strchr(s, ']')) == NULL)
			return NULL;
		else
			s++;
	} else if ((s = strpbrk(s, ":/")) == NULL)
		s = *cp + strlen(*cp); /* skip to end (see first case below) */

	switch (*s) {
	case '\0':
		*cp = NULL;	/* no more fields*/
		break;

	case ':':
	case '/':
		*s = '\0';	/* terminate */
		*cp = s + 1;
		break;

	default:
		return NULL;
	}

	return old;
}

char *
cleanhostname(char *host)
{
	if (*host == '[' && host[strlen(host) - 1] == ']') {
		host[strlen(host) - 1] = '\0';
		return (host + 1);
	} else
		return host;
}

char *
colon(char *cp)
{
	int flag = 0;

	if (*cp == ':')		/* Leading colon is part of file name. */
		return (0);
	if (*cp == '[')
		flag = 1;

	for (; *cp; ++cp) {
		if (*cp == '@' && *(cp+1) == '[')
			flag = 1;
		if (*cp == ']' && *(cp+1) == ':' && flag)
			return (cp+1);
		if (*cp == ':' && !flag)
			return (cp);
		if (*cp == '/')
			return (0);
	}
	return (0);
}

/* function to assist building execv() arguments */
void
addargs(arglist *args, char *fmt, ...)
{
	va_list ap;
	char *cp;
	u_int nalloc;
	int r;

	va_start(ap, fmt);
	r = vasprintf(&cp, fmt, ap);
	va_end(ap);
	if (r == -1)
		fatal("addargs: argument too long");

	nalloc = args->nalloc;
	if (args->list == NULL) {
		nalloc = 32;
		args->num = 0;
	} else if (args->num+2 >= nalloc)
		nalloc *= 2;

	args->list = xrealloc(args->list, nalloc, sizeof(char *));
	args->nalloc = nalloc;
	args->list[args->num++] = cp;
	args->list[args->num] = NULL;
}

void
replacearg(arglist *args, u_int which, char *fmt, ...)
{
	va_list ap;
	char *cp;
	int r;

	va_start(ap, fmt);
	r = vasprintf(&cp, fmt, ap);
	va_end(ap);
	if (r == -1)
		fatal("replacearg: argument too long");

	if (which >= args->num)
		fatal("replacearg: tried to replace invalid arg %d >= %d",
		    which, args->num);
	xfree(args->list[which]);
	args->list[which] = cp;
}

void
freeargs(arglist *args)
{
	u_int i;

	if (args->list != NULL) {
		for (i = 0; i < args->num; i++)
			xfree(args->list[i]);
		xfree(args->list);
		args->nalloc = args->num = 0;
		args->list = NULL;
	}
}

/*
 * Expands tildes in the file name.  Returns data allocated by xmalloc.
 * Warning: this calls getpw*.
 */
char *
tilde_expand_filename(const char *filename, uid_t uid)
{
	const char *path;
	char user[128], ret[MAXPATHLEN];
	struct passwd *pw;
	u_int len, slash;

	if (*filename != '~')
		return (xstrdup(filename));
	filename++;

	path = strchr(filename, '/');
	if (path != NULL && path > filename) {		/* ~user/path */
		slash = path - filename;
		if (slash > sizeof(user) - 1)
			fatal("tilde_expand_filename: ~username too long");
		memcpy(user, filename, slash);
		user[slash] = '\0';
		if ((pw = getpwnam(user)) == NULL)
			fatal("tilde_expand_filename: No such user %s", user);
	} else if ((pw = getpwuid(uid)) == NULL)	/* ~/path */
		fatal("tilde_expand_filename: No such uid %ld", (long)uid);

	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	/* Make sure directory has a trailing '/' */
	len = strlen(pw->pw_dir);
	if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
	    strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	/* Skip leading '/' from specified path */
	if (path != NULL)
		filename = path + 1;
	if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	return (xstrdup(ret));
}

/*
 * Expand a string with a set of %[char] escapes. A number of escapes may be
 * specified as (char *escape_chars, char *replacement) pairs. The list must
 * be terminated by a NULL escape_char. Returns replaced string in memory
 * allocated by xmalloc.
 */
char *
percent_expand(const char *string, ...)
{
#define EXPAND_MAX_KEYS	16
	struct {
		const char *key;
		const char *repl;
	} keys[EXPAND_MAX_KEYS];
	u_int num_keys, i, j;
	char buf[4096];
	va_list ap;

	/* Gather keys */
	va_start(ap, string);
	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
		keys[num_keys].key = va_arg(ap, char *);
		if (keys[num_keys].key == NULL)
			break;
		keys[num_keys].repl = va_arg(ap, char *);
		if (keys[num_keys].repl == NULL)
			fatal("percent_expand: NULL replacement");
	}
	va_end(ap);

	if (num_keys >= EXPAND_MAX_KEYS)
		fatal("percent_expand: too many keys");

	/* Expand string */
	*buf = '\0';
	for (i = 0; *string != '\0'; string++) {
		if (*string != '%') {
 append:
			buf[i++] = *string;
			if (i >= sizeof(buf))
				fatal("percent_expand: string too long");
			buf[i] = '\0';
			continue;
		}
		string++;
		if (*string == '%')
			goto append;
		for (j = 0; j < num_keys; j++) {
			if (strchr(keys[j].key, *string) != NULL) {
				i = strlcat(buf, keys[j].repl, sizeof(buf));
				if (i >= sizeof(buf))
					fatal("percent_expand: string too long");
				break;
			}
		}
		if (j >= num_keys)
			fatal("percent_expand: unknown key %%%c", *string);
	}
	return (xstrdup(buf));
#undef EXPAND_MAX_KEYS
}

/*
 * Read an entire line from a public key file into a static buffer, discarding
 * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
 */
int
read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
   u_long *lineno)
{
	while (fgets(buf, bufsz, f) != NULL) {
		if (buf[0] == '\0')
			continue;
		(*lineno)++;
		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
			return 0;
		} else {
			debug("%s: %s line %lu exceeds size limit", __func__,
			    filename, *lineno);
			/* discard remainder of line */
			while (fgetc(f) != '\n' && !feof(f))
				;	/* nothing */
		}
	}
	return -1;
}

int
tun_open(int tun, int mode)
{
#if defined(CUSTOM_SYS_TUN_OPEN)
	return (sys_tun_open(tun, mode));
#elif defined(SSH_TUN_OPENBSD)
	struct ifreq ifr;
	char name[100];
	int fd = -1, sock;

	/* Open the tunnel device */
	if (tun <= SSH_TUNID_MAX) {
		snprintf(name, sizeof(name), "/dev/tun%d", tun);
		fd = open(name, O_RDWR);
	} else if (tun == SSH_TUNID_ANY) {
		for (tun = 100; tun >= 0; tun--) {
			snprintf(name, sizeof(name), "/dev/tun%d", tun);
			if ((fd = open(name, O_RDWR)) >= 0)
				break;
		}
	} else {
		debug("%s: invalid tunnel %u", __func__, tun);
		return (-1);
	}

	if (fd < 0) {
		debug("%s: %s open failed: %s", __func__, name, strerror(errno));
		return (-1);
	}

	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);

	/* Set the tunnel device operation mode */
	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
		goto failed;

	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
		goto failed;

	/* Set interface mode */
	ifr.ifr_flags &= ~IFF_UP;
	if (mode == SSH_TUNMODE_ETHERNET)
		ifr.ifr_flags |= IFF_LINK0;
	else
		ifr.ifr_flags &= ~IFF_LINK0;
	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
		goto failed;

	/* Bring interface up */
	ifr.ifr_flags |= IFF_UP;
	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
		goto failed;

	close(sock);
	return (fd);

 failed:
	if (fd >= 0)
		close(fd);
	if (sock >= 0)
		close(sock);
	debug("%s: failed to set %s mode %d: %s", __func__, name,
	    mode, strerror(errno));
	return (-1);
#else
	error("Tunnel interfaces are not supported on this platform");
	return (-1);
#endif
}

void
sanitise_stdfd(void)
{
	int nullfd, dupfd;

	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
		exit(1);
	}
	while (++dupfd <= 2) {
		/* Only clobber closed fds */
		if (fcntl(dupfd, F_GETFL, 0) >= 0)
			continue;
		if (dup2(nullfd, dupfd) == -1) {
			fprintf(stderr, "dup2: %s", strerror(errno));
			exit(1);
		}
	}
	if (nullfd > 2)
		close(nullfd);
}

char *
tohex(const void *vp, size_t l)
{
	const u_char *p = (const u_char *)vp;
	char b[3], *r;
	size_t i, hl;

	if (l > 65536)
		return xstrdup("tohex: length > 65536");

	hl = l * 2 + 1;
	r = xcalloc(1, hl);
	for (i = 0; i < l; i++) {
		snprintf(b, sizeof(b), "%02x", p[i]);
		strlcat(r, b, hl);
	}
	return (r);
}

u_int64_t
get_u64(const void *vp)
{
	const u_char *p = (const u_char *)vp;
	u_int64_t v;

	v  = (u_int64_t)p[0] << 56;
	v |= (u_int64_t)p[1] << 48;
	v |= (u_int64_t)p[2] << 40;
	v |= (u_int64_t)p[3] << 32;
	v |= (u_int64_t)p[4] << 24;
	v |= (u_int64_t)p[5] << 16;
	v |= (u_int64_t)p[6] << 8;
	v |= (u_int64_t)p[7];

	return (v);
}

u_int32_t
get_u32(const void *vp)
{
	const u_char *p = (const u_char *)vp;
	u_int32_t v;

	v  = (u_int32_t)p[0] << 24;
	v |= (u_int32_t)p[1] << 16;
	v |= (u_int32_t)p[2] << 8;
	v |= (u_int32_t)p[3];

	return (v);
}

u_int16_t
get_u16(const void *vp)
{
	const u_char *p = (const u_char *)vp;
	u_int16_t v;

	v  = (u_int16_t)p[0] << 8;
	v |= (u_int16_t)p[1];

	return (v);
}

void
put_u64(void *vp, u_int64_t v)
{
	u_char *p = (u_char *)vp;

	p[0] = (u_char)(v >> 56) & 0xff;
	p[1] = (u_char)(v >> 48) & 0xff;
	p[2] = (u_char)(v >> 40) & 0xff;
	p[3] = (u_char)(v >> 32) & 0xff;
	p[4] = (u_char)(v >> 24) & 0xff;
	p[5] = (u_char)(v >> 16) & 0xff;
	p[6] = (u_char)(v >> 8) & 0xff;
	p[7] = (u_char)v & 0xff;
}

void
put_u32(void *vp, u_int32_t v)
{
	u_char *p = (u_char *)vp;

	p[0] = (u_char)(v >> 24) & 0xff;
	p[1] = (u_char)(v >> 16) & 0xff;
	p[2] = (u_char)(v >> 8) & 0xff;
	p[3] = (u_char)v & 0xff;
}


void
put_u16(void *vp, u_int16_t v)
{
	u_char *p = (u_char *)vp;

	p[0] = (u_char)(v >> 8) & 0xff;
	p[1] = (u_char)v & 0xff;
}

void
ms_subtract_diff(struct timeval *start, int *ms)
{
	struct timeval diff, finish;

	gettimeofday(&finish, NULL);
	timersub(&finish, start, &diff);	
	*ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
}

void
ms_to_timeval(struct timeval *tv, int ms)
{
	if (ms < 0)
		ms = 0;
	tv->tv_sec = ms / 1000;
	tv->tv_usec = (ms % 1000) * 1000;
}
Commit	Line	Data
5156b1a1	1	/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */
3c0ef626	2	/*
3c0ef626	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
30460aeb	4	* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
3c0ef626	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*/
	26
	27	#include "includes.h"
08822d99	28
30460aeb	29	#include <sys/types.h>
	30	#include <sys/ioctl.h>
	31	#include <sys/socket.h>
	32	#include <sys/param.h>
	33
	34	#include <stdarg.h>
	35	#include <stdio.h>
	36	#include <stdlib.h>
	37	#include <string.h>
	38	#include <unistd.h>
	39
	40	#include <netinet/in.h>
	41	#include <netinet/tcp.h>
	42
	43	#include <errno.h>
	44	#include <fcntl.h>
e74dc197	45	#include <netdb.h>
30460aeb	46	#ifdef HAVE_PATHS_H
	47	# include <paths.h>
	48	#include <pwd.h>
	49	#endif
08822d99	50	#ifdef SSH_TUN_OPENBSD
	51	#include <net/if.h>
	52	#endif
3c0ef626	53
30460aeb	54	#include "xmalloc.h"
3c0ef626	55	#include "misc.h"
3c0ef626	56	#include "log.h"
30460aeb	57	#include "ssh.h"
3c0ef626	58
	59	/* remove newline at end of string */
	60	char *
	61	chop(char *s)
	62	{
	63	char *t = s;
	64	while (*t) {
75be3237	65	if (t == '\n' \|\| t == '\r') {
3c0ef626	66	*t = '\0';
	67	return s;
	68	}
	69	t++;
	70	}
	71	return s;
	72
	73	}
	74
	75	/* set/unset filedescriptor to non-blocking */
7e82606e	76	int
3c0ef626	77	set_nonblock(int fd)
	78	{
	79	int val;
	80
	81	val = fcntl(fd, F_GETFL, 0);
	82	if (val < 0) {
	83	error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
7e82606e	84	return (-1);
3c0ef626	85	}
3c0ef626	86	if (val & O_NONBLOCK) {
7e82606e	87	debug3("fd %d is O_NONBLOCK", fd);
7e82606e	88	return (0);
3c0ef626	89	}
7cac2b65	90	debug2("fd %d setting O_NONBLOCK", fd);
3c0ef626	91	val \|= O_NONBLOCK;
7e82606e	92	if (fcntl(fd, F_SETFL, val) == -1) {
	93	debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
	94	strerror(errno));
	95	return (-1);
	96	}
	97	return (0);
3c0ef626	98	}
3c0ef626	99
7e82606e	100	int
3c0ef626	101	unset_nonblock(int fd)
	102	{
	103	int val;
	104
	105	val = fcntl(fd, F_GETFL, 0);
	106	if (val < 0) {
	107	error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
7e82606e	108	return (-1);
3c0ef626	109	}
3c0ef626	110	if (!(val & O_NONBLOCK)) {
7e82606e	111	debug3("fd %d is not O_NONBLOCK", fd);
7e82606e	112	return (0);
3c0ef626	113	}
	114	debug("fd %d clearing O_NONBLOCK", fd);
	115	val &= ~O_NONBLOCK;
7e82606e	116	if (fcntl(fd, F_SETFL, val) == -1) {
7e82606e	117	debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
75be3237	118	fd, strerror(errno));
7e82606e	119	return (-1);
	120	}
	121	return (0);
75be3237	122	}
75be3237	123
e74dc197	124	const char *
	125	ssh_gai_strerror(int gaierr)
	126	{
	127	if (gaierr == EAI_SYSTEM)
	128	return strerror(errno);
	129	return gai_strerror(gaierr);
	130	}
	131
75be3237	132	/* disable nagle on socket */
	133	void
	134	set_nodelay(int fd)
	135	{
	136	int opt;
	137	socklen_t optlen;
	138
	139	optlen = sizeof opt;
	140	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
540d72c3	141	debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
75be3237	142	return;
	143	}
	144	if (opt == 1) {
	145	debug2("fd %d is TCP_NODELAY", fd);
	146	return;
	147	}
	148	opt = 1;
	149	debug2("fd %d setting TCP_NODELAY", fd);
	150	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
	151	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
3c0ef626	152	}
	153
	154	/* Characters considered whitespace in strsep calls. */
	155	#define WHITESPACE " \t\r\n"
30460aeb	156	#define QUOTE "\""
3c0ef626	157
75be3237	158	/* Characters considered as quotations. */
	159	#define QUOTES "'\""
	160
3c0ef626	161	/* return next token in configuration line */
	162	char *
	163	strdelim(char **s)
	164	{
75be3237	165	char old, p, *q;
3c0ef626	166	int wspace = 0;
	167
	168	if (*s == NULL)
	169	return NULL;
	170
	171	old = *s;
	172
75be3237	173	if ((q=strchr(QUOTES, (int) old)) && q)
	174	{
	175	/* find next quote character, point old to start of quoted
	176	* string */
	177	for (p = ++old;p && p!=*q; p++)
	178	;
	179
	180	/* find start of next token */
	181	s = (p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
	182
	183	/* terminate 'old' token */
	184	*p = '\0';
	185	return (old);
	186	}
	187
30460aeb	188	s = strpbrk(s, WHITESPACE QUOTE "=");
3c0ef626	189	if (*s == NULL)
	190	return (old);
	191
30460aeb	192	if (*s[0] == '\"') {
	193	memmove(s, s + 1, strlen(s)); / move nul too */
	194	/* Find matching quote */
	195	if ((s = strpbrk(s, QUOTE)) == NULL) {
	196	return (NULL); /* no matching quote */
	197	} else {
	198	*s[0] = '\0';
	199	return (old);
	200	}
	201	}
	202
3c0ef626	203	/* Allow only one '=' to be skipped */
	204	if (*s[0] == '=')
	205	wspace = 1;
	206	*s[0] = '\0';
	207
30460aeb	208	/* Skip any extra whitespace after first token */
3c0ef626	209	s += strspn(s + 1, WHITESPACE) + 1;
	210	if (*s[0] == '=' && !wspace)
	211	s += strspn(s + 1, WHITESPACE) + 1;
	212
	213	return (old);
	214	}
	215
	216	struct passwd *
	217	pwcopy(struct passwd *pw)
	218	{
30460aeb	219	struct passwd copy = xcalloc(1, sizeof(copy));
3c0ef626	220
3c0ef626	221	copy->pw_name = xstrdup(pw->pw_name);
	222	copy->pw_passwd = xstrdup(pw->pw_passwd);
	223	copy->pw_gecos = xstrdup(pw->pw_gecos);
	224	copy->pw_uid = pw->pw_uid;
	225	copy->pw_gid = pw->pw_gid;
	226	#ifdef HAVE_PW_EXPIRE_IN_PASSWD
	227	copy->pw_expire = pw->pw_expire;
	228	#endif
	229	#ifdef HAVE_PW_CHANGE_IN_PASSWD
	230	copy->pw_change = pw->pw_change;
	231	#endif
	232	#ifdef HAVE_PW_CLASS_IN_PASSWD
	233	copy->pw_class = xstrdup(pw->pw_class);
	234	#endif
	235	copy->pw_dir = xstrdup(pw->pw_dir);
	236	copy->pw_shell = xstrdup(pw->pw_shell);
	237	return copy;
	238	}
	239
	240	/*
	241	* Convert ASCII string to TCP/IP port number.
	242	* Port must be >0 and <=65535.
	243	* Return 0 if invalid.
	244	*/
	245	int
	246	a2port(const char *s)
	247	{
	248	long port;
	249	char *endp;
	250
	251	errno = 0;
	252	port = strtol(s, &endp, 0);
	253	if (s == endp \|\| *endp != '\0' \|\|
	254	(errno == ERANGE && (port == LONG_MIN \|\| port == LONG_MAX)) \|\|
	255	port <= 0 \|\| port > 65535)
	256	return 0;
	257
	258	return port;
	259	}
	260
08822d99	261	int
	262	a2tun(const char s, int remote)
	263	{
	264	const char *errstr = NULL;
	265	char sp, ep;
	266	int tun;
	267
	268	if (remote != NULL) {
	269	*remote = SSH_TUNID_ANY;
	270	sp = xstrdup(s);
	271	if ((ep = strchr(sp, ':')) == NULL) {
	272	xfree(sp);
	273	return (a2tun(s, NULL));
	274	}
	275	ep[0] = '\0'; ep++;
	276	*remote = a2tun(ep, NULL);
	277	tun = a2tun(sp, NULL);
	278	xfree(sp);
	279	return (remote == SSH_TUNID_ERR ? remote : tun);
	280	}
	281
	282	if (strcasecmp(s, "any") == 0)
	283	return (SSH_TUNID_ANY);
	284
	285	tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
	286	if (errstr != NULL)
	287	return (SSH_TUNID_ERR);
	288
	289	return (tun);
	290	}
	291
3c0ef626	292	#define SECONDS 1
	293	#define MINUTES (SECONDS * 60)
	294	#define HOURS (MINUTES * 60)
	295	#define DAYS (HOURS * 24)
	296	#define WEEKS (DAYS * 7)
	297
	298	/*
	299	* Convert a time string into seconds; format is
	300	* a sequence of:
	301	* time[qualifier]
	302	*
	303	* Valid time qualifiers are:
	304	* <none> seconds
	305	* s\|S seconds
	306	* m\|M minutes
	307	* h\|H hours
	308	* d\|D days
	309	* w\|W weeks
	310	*
	311	* Examples:
	312	* 90m 90 minutes
	313	* 1h30m 90 minutes
	314	* 2d 2 days
	315	* 1w 1 week
	316	*
	317	* Return -1 if time string is invalid.
	318	*/
	319	long
	320	convtime(const char *s)
	321	{
	322	long total, secs;
	323	const char *p;
	324	char *endp;
	325
	326	errno = 0;
	327	total = 0;
	328	p = s;
	329
	330	if (p == NULL \|\| *p == '\0')
	331	return -1;
	332
	333	while (*p) {
	334	secs = strtol(p, &endp, 10);
	335	if (p == endp \|\|
	336	(errno == ERANGE && (secs == LONG_MIN \|\| secs == LONG_MAX)) \|\|
	337	secs < 0)
	338	return -1;
	339
	340	switch (*endp++) {
	341	case '\0':
	342	endp--;
30460aeb	343	break;
3c0ef626	344	case 's':
	345	case 'S':
	346	break;
	347	case 'm':
	348	case 'M':
	349	secs *= MINUTES;
	350	break;
	351	case 'h':
	352	case 'H':
	353	secs *= HOURS;
	354	break;
	355	case 'd':
	356	case 'D':
	357	secs *= DAYS;
	358	break;
	359	case 'w':
	360	case 'W':
	361	secs *= WEEKS;
	362	break;
	363	default:
	364	return -1;
	365	}
	366	total += secs;
	367	if (total < 0)
	368	return -1;
	369	p = endp;
	370	}
	371
	372	return total;
	373	}
	374
30460aeb	375	/*
	376	* Returns a standardized host+port identifier string.
	377	* Caller must free returned string.
	378	*/
	379	char *
	380	put_host_port(const char *host, u_short port)
	381	{
	382	char *hoststr;
	383
	384	if (port == 0 \|\| port == SSH_DEFAULT_PORT)
	385	return(xstrdup(host));
	386	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
	387	fatal("put_host_port: asprintf: %s", strerror(errno));
	388	debug3("put_host_port: %s", hoststr);
	389	return hoststr;
	390	}
	391
dfddba3d	392	/*
	393	* Search for next delimiter between hostnames/addresses and ports.
	394	* Argument may be modified (for termination).
	395	* Returns *cp if parsing succeeds.
	396	* *cp is set to the start of the next delimiter, if one was found.
	397	* If this is the last field, *cp is set to NULL.
	398	*/
	399	char *
	400	hpdelim(char **cp)
	401	{
	402	char s, old;
	403
	404	if (cp == NULL \|\| *cp == NULL)
	405	return NULL;
	406
	407	old = s = *cp;
	408	if (*s == '[') {
	409	if ((s = strchr(s, ']')) == NULL)
	410	return NULL;
	411	else
	412	s++;
	413	} else if ((s = strpbrk(s, ":/")) == NULL)
	414	s = cp + strlen(cp); /* skip to end (see first case below) */
	415
	416	switch (*s) {
	417	case '\0':
	418	cp = NULL; / no more fields*/
	419	break;
8b32eddc	420
dfddba3d	421	case ':':
	422	case '/':
	423	s = '\0'; / terminate */
	424	*cp = s + 1;
	425	break;
8b32eddc	426
dfddba3d	427	default:
	428	return NULL;
	429	}
	430
	431	return old;
	432	}
	433
3c0ef626	434	char *
	435	cleanhostname(char *host)
	436	{
	437	if (*host == '[' && host[strlen(host) - 1] == ']') {
	438	host[strlen(host) - 1] = '\0';
	439	return (host + 1);
	440	} else
	441	return host;
	442	}
	443
	444	char *
	445	colon(char *cp)
	446	{
	447	int flag = 0;
	448
	449	if (cp == ':') / Leading colon is part of file name. */
	450	return (0);
	451	if (*cp == '[')
	452	flag = 1;
	453
	454	for (; *cp; ++cp) {
	455	if (cp == '@' && (cp+1) == '[')
	456	flag = 1;
	457	if (cp == ']' && (cp+1) == ':' && flag)
	458	return (cp+1);
	459	if (*cp == ':' && !flag)
	460	return (cp);
	461	if (*cp == '/')
	462	return (0);
	463	}
	464	return (0);
	465	}
	466
	467	/* function to assist building execv() arguments */
	468	void
	469	addargs(arglist args, char fmt, ...)
	470	{
	471	va_list ap;
08822d99	472	char *cp;
7e82606e	473	u_int nalloc;
08822d99	474	int r;
3c0ef626	475
3c0ef626	476	va_start(ap, fmt);
08822d99	477	r = vasprintf(&cp, fmt, ap);
3c0ef626	478	va_end(ap);
08822d99	479	if (r == -1)
08822d99	480	fatal("addargs: argument too long");
3c0ef626	481
29d88157	482	nalloc = args->nalloc;
3c0ef626	483	if (args->list == NULL) {
29d88157	484	nalloc = 32;
3c0ef626	485	args->num = 0;
29d88157	486	} else if (args->num+2 >= nalloc)
29d88157	487	nalloc *= 2;
3c0ef626	488
30460aeb	489	args->list = xrealloc(args->list, nalloc, sizeof(char *));
29d88157	490	args->nalloc = nalloc;
08822d99	491	args->list[args->num++] = cp;
3c0ef626	492	args->list[args->num] = NULL;
3c0ef626	493	}
dfddba3d	494
08822d99	495	void
	496	replacearg(arglist args, u_int which, char fmt, ...)
	497	{
	498	va_list ap;
	499	char *cp;
	500	int r;
	501
	502	va_start(ap, fmt);
	503	r = vasprintf(&cp, fmt, ap);
	504	va_end(ap);
	505	if (r == -1)
	506	fatal("replacearg: argument too long");
	507
	508	if (which >= args->num)
	509	fatal("replacearg: tried to replace invalid arg %d >= %d",
	510	which, args->num);
	511	xfree(args->list[which]);
	512	args->list[which] = cp;
	513	}
	514
	515	void
	516	freeargs(arglist *args)
	517	{
	518	u_int i;
	519
	520	if (args->list != NULL) {
	521	for (i = 0; i < args->num; i++)
	522	xfree(args->list[i]);
	523	xfree(args->list);
	524	args->nalloc = args->num = 0;
	525	args->list = NULL;
	526	}
	527	}
	528
2ce0bfe4	529	/*
	530	* Expands tildes in the file name. Returns data allocated by xmalloc.
	531	* Warning: this calls getpw*.
	532	*/
	533	char *
	534	tilde_expand_filename(const char *filename, uid_t uid)
	535	{
	536	const char *path;
	537	char user[128], ret[MAXPATHLEN];
	538	struct passwd *pw;
	539	u_int len, slash;
	540
	541	if (*filename != '~')
	542	return (xstrdup(filename));
	543	filename++;
	544
	545	path = strchr(filename, '/');
	546	if (path != NULL && path > filename) { /* ~user/path */
	547	slash = path - filename;
	548	if (slash > sizeof(user) - 1)
	549	fatal("tilde_expand_filename: ~username too long");
	550	memcpy(user, filename, slash);
	551	user[slash] = '\0';
	552	if ((pw = getpwnam(user)) == NULL)
	553	fatal("tilde_expand_filename: No such user %s", user);
	554	} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
5156b1a1	555	fatal("tilde_expand_filename: No such uid %ld", (long)uid);
2ce0bfe4	556
	557	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
	558	fatal("tilde_expand_filename: Path too long");
	559
	560	/* Make sure directory has a trailing '/' */
	561	len = strlen(pw->pw_dir);
	562	if ((len == 0 \|\| pw->pw_dir[len - 1] != '/') &&
	563	strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
	564	fatal("tilde_expand_filename: Path too long");
	565
	566	/* Skip leading '/' from specified path */
	567	if (path != NULL)
	568	filename = path + 1;
	569	if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
	570	fatal("tilde_expand_filename: Path too long");
	571
	572	return (xstrdup(ret));
	573	}
	574
	575	/*
	576	* Expand a string with a set of %[char] escapes. A number of escapes may be
	577	* specified as (char escape_chars, char replacement) pairs. The list must
	578	* be terminated by a NULL escape_char. Returns replaced string in memory
	579	* allocated by xmalloc.
	580	*/
	581	char *
	582	percent_expand(const char *string, ...)
	583	{
	584	#define EXPAND_MAX_KEYS 16
	585	struct {
	586	const char *key;
	587	const char *repl;
	588	} keys[EXPAND_MAX_KEYS];
	589	u_int num_keys, i, j;
	590	char buf[4096];
	591	va_list ap;
	592
	593	/* Gather keys */
	594	va_start(ap, string);
	595	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
	596	keys[num_keys].key = va_arg(ap, char *);
	597	if (keys[num_keys].key == NULL)
	598	break;
	599	keys[num_keys].repl = va_arg(ap, char *);
	600	if (keys[num_keys].repl == NULL)
	601	fatal("percent_expand: NULL replacement");
	602	}
	603	va_end(ap);
	604
	605	if (num_keys >= EXPAND_MAX_KEYS)
	606	fatal("percent_expand: too many keys");
	607
	608	/* Expand string */
	609	*buf = '\0';
	610	for (i = 0; *string != '\0'; string++) {
	611	if (*string != '%') {
	612	append:
	613	buf[i++] = *string;
	614	if (i >= sizeof(buf))
	615	fatal("percent_expand: string too long");
	616	buf[i] = '\0';
	617	continue;
	618	}
	619	string++;
620	if (*string == '%')
621	goto append;
622	for (j = 0; j < num_keys; j++) {
623	if (strchr(keys[j].key, *string) != NULL) {
624	i = strlcat(buf, keys[j].repl, sizeof(buf));
625	if (i >= sizeof(buf))
626	fatal("percent_expand: string too long");
627	break;
628	}
629	}
630	if (j >= num_keys)
631	fatal("percent_expand: unknown key %%%c", *string);
632	}
633	return (xstrdup(buf));
634	#undef EXPAND_MAX_KEYS
635	}
636
dfddba3d	637	/*
	638	* Read an entire line from a public key file into a static buffer, discarding
	639	* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
	640	*/
	641	int
	642	read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
	643	u_long *lineno)
	644	{
	645	while (fgets(buf, bufsz, f) != NULL) {
0b90ac93	646	if (buf[0] == '\0')
0b90ac93	647	continue;
dfddba3d	648	(*lineno)++;
	649	if (buf[strlen(buf) - 1] == '\n' \|\| feof(f)) {
	650	return 0;
	651	} else {
	652	debug("%s: %s line %lu exceeds size limit", __func__,
	653	filename, *lineno);
	654	/* discard remainder of line */
8b32eddc	655	while (fgetc(f) != '\n' && !feof(f))
dfddba3d	656	; /* nothing */
	657	}
	658	}
	659	return -1;
	660	}
2ce0bfe4	661
08822d99	662	int
	663	tun_open(int tun, int mode)
	664	{
	665	#if defined(CUSTOM_SYS_TUN_OPEN)
	666	return (sys_tun_open(tun, mode));
	667	#elif defined(SSH_TUN_OPENBSD)
	668	struct ifreq ifr;
	669	char name[100];
	670	int fd = -1, sock;
	671
	672	/* Open the tunnel device */
	673	if (tun <= SSH_TUNID_MAX) {
	674	snprintf(name, sizeof(name), "/dev/tun%d", tun);
	675	fd = open(name, O_RDWR);
	676	} else if (tun == SSH_TUNID_ANY) {
	677	for (tun = 100; tun >= 0; tun--) {
	678	snprintf(name, sizeof(name), "/dev/tun%d", tun);
	679	if ((fd = open(name, O_RDWR)) >= 0)
	680	break;
	681	}
	682	} else {
	683	debug("%s: invalid tunnel %u", __func__, tun);
	684	return (-1);
	685	}
	686
	687	if (fd < 0) {
	688	debug("%s: %s open failed: %s", __func__, name, strerror(errno));
	689	return (-1);
	690	}
	691
	692	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
	693
	694	/* Set the tunnel device operation mode */
	695	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
	696	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
	697	goto failed;
	698
	699	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
	700	goto failed;
	701
	702	/* Set interface mode */
	703	ifr.ifr_flags &= ~IFF_UP;
	704	if (mode == SSH_TUNMODE_ETHERNET)
	705	ifr.ifr_flags \|= IFF_LINK0;
	706	else
	707	ifr.ifr_flags &= ~IFF_LINK0;
	708	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
	709	goto failed;
	710
	711	/* Bring interface up */
	712	ifr.ifr_flags \|= IFF_UP;
	713	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
	714	goto failed;
	715
	716	close(sock);
	717	return (fd);
	718
	719	failed:
	720	if (fd >= 0)
	721	close(fd);
	722	if (sock >= 0)
	723	close(sock);
	724	debug("%s: failed to set %s mode %d: %s", __func__, name,
	725	mode, strerror(errno));
726	return (-1);
727	#else
728	error("Tunnel interfaces are not supported on this platform");
729	return (-1);
730	#endif
731	}
732
733	void
734	sanitise_stdfd(void)
735	{
736	int nullfd, dupfd;
737
738	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
739	fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
740	exit(1);
741	}
742	while (++dupfd <= 2) {
743	/* Only clobber closed fds */
744	if (fcntl(dupfd, F_GETFL, 0) >= 0)
745	continue;
746	if (dup2(nullfd, dupfd) == -1) {
747	fprintf(stderr, "dup2: %s", strerror(errno));
748	exit(1);
749	}
750	}
751	if (nullfd > 2)
752	close(nullfd);
753	}
754
2ce0bfe4	755	char *
30460aeb	756	tohex(const void *vp, size_t l)
2ce0bfe4	757	{
30460aeb	758	const u_char p = (const u_char )vp;
2ce0bfe4	759	char b[3], *r;
30460aeb	760	size_t i, hl;
	761
	762	if (l > 65536)
	763	return xstrdup("tohex: length > 65536");
2ce0bfe4	764
2ce0bfe4	765	hl = l * 2 + 1;
30460aeb	766	r = xcalloc(1, hl);
2ce0bfe4	767	for (i = 0; i < l; i++) {
30460aeb	768	snprintf(b, sizeof(b), "%02x", p[i]);
2ce0bfe4	769	strlcat(r, b, hl);
	770	}
	771	return (r);
	772	}
	773
30460aeb	774	u_int64_t
	775	get_u64(const void *vp)
	776	{
	777	const u_char p = (const u_char )vp;
	778	u_int64_t v;
	779
	780	v = (u_int64_t)p[0] << 56;
	781	v \|= (u_int64_t)p[1] << 48;
	782	v \|= (u_int64_t)p[2] << 40;
	783	v \|= (u_int64_t)p[3] << 32;
	784	v \|= (u_int64_t)p[4] << 24;
	785	v \|= (u_int64_t)p[5] << 16;
	786	v \|= (u_int64_t)p[6] << 8;
	787	v \|= (u_int64_t)p[7];
	788
	789	return (v);
	790	}
	791
	792	u_int32_t
	793	get_u32(const void *vp)
	794	{
	795	const u_char p = (const u_char )vp;
	796	u_int32_t v;
	797
	798	v = (u_int32_t)p[0] << 24;
	799	v \|= (u_int32_t)p[1] << 16;
	800	v \|= (u_int32_t)p[2] << 8;
	801	v \|= (u_int32_t)p[3];
	802
	803	return (v);
	804	}
	805
	806	u_int16_t
	807	get_u16(const void *vp)
	808	{
	809	const u_char p = (const u_char )vp;
	810	u_int16_t v;
	811
	812	v = (u_int16_t)p[0] << 8;
	813	v \|= (u_int16_t)p[1];
	814
	815	return (v);
	816	}
	817
	818	void
	819	put_u64(void *vp, u_int64_t v)
	820	{
	821	u_char p = (u_char )vp;
	822
	823	p[0] = (u_char)(v >> 56) & 0xff;
	824	p[1] = (u_char)(v >> 48) & 0xff;
	825	p[2] = (u_char)(v >> 40) & 0xff;
	826	p[3] = (u_char)(v >> 32) & 0xff;
	827	p[4] = (u_char)(v >> 24) & 0xff;
	828	p[5] = (u_char)(v >> 16) & 0xff;
	829	p[6] = (u_char)(v >> 8) & 0xff;
	830	p[7] = (u_char)v & 0xff;
	831	}
	832
	833	void
	834	put_u32(void *vp, u_int32_t v)
	835	{
	836	u_char p = (u_char )vp;
	837
838	p[0] = (u_char)(v >> 24) & 0xff;
839	p[1] = (u_char)(v >> 16) & 0xff;
840	p[2] = (u_char)(v >> 8) & 0xff;
841	p[3] = (u_char)v & 0xff;
842	}
843
844
845	void
846	put_u16(void *vp, u_int16_t v)
847	{
848	u_char p = (u_char )vp;
849
850	p[0] = (u_char)(v >> 8) & 0xff;
851	p[1] = (u_char)v & 0xff;
852	}
5156b1a1	853
	854	void
	855	ms_subtract_diff(struct timeval start, int ms)
	856	{
	857	struct timeval diff, finish;
	858
	859	gettimeofday(&finish, NULL);
	860	timersub(&finish, start, &diff);
	861	ms -= (diff.tv_sec 1000) + (diff.tv_usec / 1000);
	862	}
	863
	864	void
	865	ms_to_timeval(struct timeval *tv, int ms)
	866	{
	867	if (ms < 0)
	868	ms = 0;
	869	tv->tv_sec = ms / 1000;
	870	tv->tv_usec = (ms % 1000) * 1000;
	871	}
	872