[gssapi-openssh.git] / openssh / misc.c

/*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");

#ifdef SSH_TUN_OPENBSD
#include <net/if.h>
#endif

#include "misc.h"
#include "log.h"
#include "xmalloc.h"

/* remove newline at end of string */
char *
chop(char *s)
{
	char *t = s;
	while (*t) {
		if (*t == '\n' || *t == '\r') {
			*t = '\0';
			return s;
		}
		t++;
	}
	return s;

}

/* set/unset filedescriptor to non-blocking */
int
set_nonblock(int fd)
{
	int val;

	val = fcntl(fd, F_GETFL, 0);
	if (val < 0) {
		error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
		return (-1);
	}
	if (val & O_NONBLOCK) {
		debug3("fd %d is O_NONBLOCK", fd);
		return (0);
	}
	debug2("fd %d setting O_NONBLOCK", fd);
	val |= O_NONBLOCK;
	if (fcntl(fd, F_SETFL, val) == -1) {
		debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
		    strerror(errno));
		return (-1);
	}
	return (0);
}

int
unset_nonblock(int fd)
{
	int val;

	val = fcntl(fd, F_GETFL, 0);
	if (val < 0) {
		error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
		return (-1);
	}
	if (!(val & O_NONBLOCK)) {
		debug3("fd %d is not O_NONBLOCK", fd);
		return (0);
	}
	debug("fd %d clearing O_NONBLOCK", fd);
	val &= ~O_NONBLOCK;
	if (fcntl(fd, F_SETFL, val) == -1) {
		debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
		    fd, strerror(errno));
		return (-1);
	}
	return (0);
}

/* disable nagle on socket */
void
set_nodelay(int fd)
{
	int opt;
	socklen_t optlen;

	optlen = sizeof opt;
	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
		debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
		return;
	}
	if (opt == 1) {
		debug2("fd %d is TCP_NODELAY", fd);
		return;
	}
	opt = 1;
	debug2("fd %d setting TCP_NODELAY", fd);
	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}

/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"

/* Characters considered as quotations. */
#define QUOTES "'\""

/* return next token in configuration line */
char *
strdelim(char **s)
{
	char *old, *p, *q;
	int wspace = 0;

	if (*s == NULL)
		return NULL;

	old = *s;

        if ((q=strchr(QUOTES, (int) *old)) && *q)
        {
            /* find next quote character, point old to start of quoted
             * string */
            for (p = ++old;*p && *p!=*q; p++)
                 ;
            
            /* find start of next token */
            *s = (*p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
            
            /* terminate 'old' token */
            *p = '\0';
            return (old);
        }

        *s = strpbrk(*s, WHITESPACE "=");
	if (*s == NULL)
		return (old);

	/* Allow only one '=' to be skipped */
	if (*s[0] == '=')
		wspace = 1;
	*s[0] = '\0';

	*s += strspn(*s + 1, WHITESPACE) + 1;
	if (*s[0] == '=' && !wspace)
		*s += strspn(*s + 1, WHITESPACE) + 1;

	return (old);
}

struct passwd *
pwcopy(struct passwd *pw)
{
	struct passwd *copy = xmalloc(sizeof(*copy));

	memset(copy, 0, sizeof(*copy));
	copy->pw_name = xstrdup(pw->pw_name);
	copy->pw_passwd = xstrdup(pw->pw_passwd);
	copy->pw_gecos = xstrdup(pw->pw_gecos);
	copy->pw_uid = pw->pw_uid;
	copy->pw_gid = pw->pw_gid;
#ifdef HAVE_PW_EXPIRE_IN_PASSWD
	copy->pw_expire = pw->pw_expire;
#endif
#ifdef HAVE_PW_CHANGE_IN_PASSWD
	copy->pw_change = pw->pw_change;
#endif
#ifdef HAVE_PW_CLASS_IN_PASSWD
	copy->pw_class = xstrdup(pw->pw_class);
#endif
	copy->pw_dir = xstrdup(pw->pw_dir);
	copy->pw_shell = xstrdup(pw->pw_shell);
	return copy;
}

/*
 * Convert ASCII string to TCP/IP port number.
 * Port must be >0 and <=65535.
 * Return 0 if invalid.
 */
int
a2port(const char *s)
{
	long port;
	char *endp;

	errno = 0;
	port = strtol(s, &endp, 0);
	if (s == endp || *endp != '\0' ||
	    (errno == ERANGE && (port == LONG_MIN || port == LONG_MAX)) ||
	    port <= 0 || port > 65535)
		return 0;

	return port;
}

int
a2tun(const char *s, int *remote)
{
	const char *errstr = NULL;
	char *sp, *ep;
	int tun;

	if (remote != NULL) {
		*remote = SSH_TUNID_ANY;
		sp = xstrdup(s);
		if ((ep = strchr(sp, ':')) == NULL) {
			xfree(sp);
			return (a2tun(s, NULL));
		}
		ep[0] = '\0'; ep++;
		*remote = a2tun(ep, NULL);
		tun = a2tun(sp, NULL);
		xfree(sp);
		return (*remote == SSH_TUNID_ERR ? *remote : tun);
	}

	if (strcasecmp(s, "any") == 0)
		return (SSH_TUNID_ANY);

	tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
	if (errstr != NULL)
		return (SSH_TUNID_ERR);

	return (tun);
}

#define SECONDS		1
#define MINUTES		(SECONDS * 60)
#define HOURS		(MINUTES * 60)
#define DAYS		(HOURS * 24)
#define WEEKS		(DAYS * 7)

/*
 * Convert a time string into seconds; format is
 * a sequence of:
 *      time[qualifier]
 *
 * Valid time qualifiers are:
 *      <none>  seconds
 *      s|S     seconds
 *      m|M     minutes
 *      h|H     hours
 *      d|D     days
 *      w|W     weeks
 *
 * Examples:
 *      90m     90 minutes
 *      1h30m   90 minutes
 *      2d      2 days
 *      1w      1 week
 *
 * Return -1 if time string is invalid.
 */
long
convtime(const char *s)
{
	long total, secs;
	const char *p;
	char *endp;

	errno = 0;
	total = 0;
	p = s;

	if (p == NULL || *p == '\0')
		return -1;

	while (*p) {
		secs = strtol(p, &endp, 10);
		if (p == endp ||
		    (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
		    secs < 0)
			return -1;

		switch (*endp++) {
		case '\0':
			endp--;
		case 's':
		case 'S':
			break;
		case 'm':
		case 'M':
			secs *= MINUTES;
			break;
		case 'h':
		case 'H':
			secs *= HOURS;
			break;
		case 'd':
		case 'D':
			secs *= DAYS;
			break;
		case 'w':
		case 'W':
			secs *= WEEKS;
			break;
		default:
			return -1;
		}
		total += secs;
		if (total < 0)
			return -1;
		p = endp;
	}

	return total;
}

/*
 * Search for next delimiter between hostnames/addresses and ports.
 * Argument may be modified (for termination).
 * Returns *cp if parsing succeeds.
 * *cp is set to the start of the next delimiter, if one was found.
 * If this is the last field, *cp is set to NULL.
 */
char *
hpdelim(char **cp)
{
	char *s, *old;

	if (cp == NULL || *cp == NULL)
		return NULL;

	old = s = *cp;
	if (*s == '[') {
		if ((s = strchr(s, ']')) == NULL)
			return NULL;
		else
			s++;
	} else if ((s = strpbrk(s, ":/")) == NULL)
		s = *cp + strlen(*cp); /* skip to end (see first case below) */

	switch (*s) {
	case '\0':
		*cp = NULL;	/* no more fields*/
		break;

	case ':':
	case '/':
		*s = '\0';	/* terminate */
		*cp = s + 1;
		break;

	default:
		return NULL;
	}

	return old;
}

char *
cleanhostname(char *host)
{
	if (*host == '[' && host[strlen(host) - 1] == ']') {
		host[strlen(host) - 1] = '\0';
		return (host + 1);
	} else
		return host;
}

char *
colon(char *cp)
{
	int flag = 0;

	if (*cp == ':')		/* Leading colon is part of file name. */
		return (0);
	if (*cp == '[')
		flag = 1;

	for (; *cp; ++cp) {
		if (*cp == '@' && *(cp+1) == '[')
			flag = 1;
		if (*cp == ']' && *(cp+1) == ':' && flag)
			return (cp+1);
		if (*cp == ':' && !flag)
			return (cp);
		if (*cp == '/')
			return (0);
	}
	return (0);
}

/* function to assist building execv() arguments */
void
addargs(arglist *args, char *fmt, ...)
{
	va_list ap;
	char *cp;
	u_int nalloc;
	int r;

	va_start(ap, fmt);
	r = vasprintf(&cp, fmt, ap);
	va_end(ap);
	if (r == -1)
		fatal("addargs: argument too long");

	nalloc = args->nalloc;
	if (args->list == NULL) {
		nalloc = 32;
		args->num = 0;
	} else if (args->num+2 >= nalloc)
		nalloc *= 2;

	args->list = xrealloc(args->list, nalloc * sizeof(char *));
	args->nalloc = nalloc;
	args->list[args->num++] = cp;
	args->list[args->num] = NULL;
}

void
replacearg(arglist *args, u_int which, char *fmt, ...)
{
	va_list ap;
	char *cp;
	int r;

	va_start(ap, fmt);
	r = vasprintf(&cp, fmt, ap);
	va_end(ap);
	if (r == -1)
		fatal("replacearg: argument too long");

	if (which >= args->num)
		fatal("replacearg: tried to replace invalid arg %d >= %d",
		    which, args->num);
	xfree(args->list[which]);
	args->list[which] = cp;
}

void
freeargs(arglist *args)
{
	u_int i;

	if (args->list != NULL) {
		for (i = 0; i < args->num; i++)
			xfree(args->list[i]);
		xfree(args->list);
		args->nalloc = args->num = 0;
		args->list = NULL;
	}
}

/*
 * Expands tildes in the file name.  Returns data allocated by xmalloc.
 * Warning: this calls getpw*.
 */
char *
tilde_expand_filename(const char *filename, uid_t uid)
{
	const char *path;
	char user[128], ret[MAXPATHLEN];
	struct passwd *pw;
	u_int len, slash;

	if (*filename != '~')
		return (xstrdup(filename));
	filename++;

	path = strchr(filename, '/');
	if (path != NULL && path > filename) {		/* ~user/path */
		slash = path - filename;
		if (slash > sizeof(user) - 1)
			fatal("tilde_expand_filename: ~username too long");
		memcpy(user, filename, slash);
		user[slash] = '\0';
		if ((pw = getpwnam(user)) == NULL)
			fatal("tilde_expand_filename: No such user %s", user);
	} else if ((pw = getpwuid(uid)) == NULL)	/* ~/path */
		fatal("tilde_expand_filename: No such uid %d", uid);

	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	/* Make sure directory has a trailing '/' */
	len = strlen(pw->pw_dir);
	if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
	    strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	/* Skip leading '/' from specified path */
	if (path != NULL)
		filename = path + 1;
	if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
		fatal("tilde_expand_filename: Path too long");

	return (xstrdup(ret));
}

/*
 * Expand a string with a set of %[char] escapes. A number of escapes may be
 * specified as (char *escape_chars, char *replacement) pairs. The list must
 * be terminated by a NULL escape_char. Returns replaced string in memory
 * allocated by xmalloc.
 */
char *
percent_expand(const char *string, ...)
{
#define EXPAND_MAX_KEYS	16
	struct {
		const char *key;
		const char *repl;
	} keys[EXPAND_MAX_KEYS];
	u_int num_keys, i, j;
	char buf[4096];
	va_list ap;

	/* Gather keys */
	va_start(ap, string);
	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
		keys[num_keys].key = va_arg(ap, char *);
		if (keys[num_keys].key == NULL)
			break;
		keys[num_keys].repl = va_arg(ap, char *);
		if (keys[num_keys].repl == NULL)
			fatal("percent_expand: NULL replacement");
	}
	va_end(ap);

	if (num_keys >= EXPAND_MAX_KEYS)
		fatal("percent_expand: too many keys");

	/* Expand string */
	*buf = '\0';
	for (i = 0; *string != '\0'; string++) {
		if (*string != '%') {
 append:
			buf[i++] = *string;
			if (i >= sizeof(buf))
				fatal("percent_expand: string too long");
			buf[i] = '\0';
			continue;
		}
		string++;
		if (*string == '%')
			goto append;
		for (j = 0; j < num_keys; j++) {
			if (strchr(keys[j].key, *string) != NULL) {
				i = strlcat(buf, keys[j].repl, sizeof(buf));
				if (i >= sizeof(buf))
					fatal("percent_expand: string too long");
				break;
			}
		}
		if (j >= num_keys)
			fatal("percent_expand: unknown key %%%c", *string);
	}
	return (xstrdup(buf));
#undef EXPAND_MAX_KEYS
}

/*
 * Read an entire line from a public key file into a static buffer, discarding
 * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
 */
int
read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
   u_long *lineno)
{
	while (fgets(buf, bufsz, f) != NULL) {
		(*lineno)++;
		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
			return 0;
		} else {
			debug("%s: %s line %lu exceeds size limit", __func__,
			    filename, *lineno);
			/* discard remainder of line */
			while (fgetc(f) != '\n' && !feof(f))
				;	/* nothing */
		}
	}
	return -1;
}

int
tun_open(int tun, int mode)
{
#if defined(CUSTOM_SYS_TUN_OPEN)
	return (sys_tun_open(tun, mode));
#elif defined(SSH_TUN_OPENBSD)
	struct ifreq ifr;
	char name[100];
	int fd = -1, sock;

	/* Open the tunnel device */
	if (tun <= SSH_TUNID_MAX) {
		snprintf(name, sizeof(name), "/dev/tun%d", tun);
		fd = open(name, O_RDWR);
	} else if (tun == SSH_TUNID_ANY) {
		for (tun = 100; tun >= 0; tun--) {
			snprintf(name, sizeof(name), "/dev/tun%d", tun);
			if ((fd = open(name, O_RDWR)) >= 0)
				break;
		}
	} else {
		debug("%s: invalid tunnel %u", __func__, tun);
		return (-1);
	}

	if (fd < 0) {
		debug("%s: %s open failed: %s", __func__, name, strerror(errno));
		return (-1);
	}

	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);

	/* Set the tunnel device operation mode */
	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
		goto failed;

	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
		goto failed;

	/* Set interface mode */
	ifr.ifr_flags &= ~IFF_UP;
	if (mode == SSH_TUNMODE_ETHERNET)
		ifr.ifr_flags |= IFF_LINK0;
	else
		ifr.ifr_flags &= ~IFF_LINK0;
	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
		goto failed;

	/* Bring interface up */
	ifr.ifr_flags |= IFF_UP;
	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
		goto failed;

	close(sock);
	return (fd);

 failed:
	if (fd >= 0)
		close(fd);
	if (sock >= 0)
		close(sock);
	debug("%s: failed to set %s mode %d: %s", __func__, name,
	    mode, strerror(errno));
	return (-1);
#else
	error("Tunnel interfaces are not supported on this platform");
	return (-1);
#endif
}

void
sanitise_stdfd(void)
{
	int nullfd, dupfd;

	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
		exit(1);
	}
	while (++dupfd <= 2) {
		/* Only clobber closed fds */
		if (fcntl(dupfd, F_GETFL, 0) >= 0)
			continue;
		if (dup2(nullfd, dupfd) == -1) {
			fprintf(stderr, "dup2: %s", strerror(errno));
			exit(1);
		}
	}
	if (nullfd > 2)
		close(nullfd);
}

char *
tohex(const u_char *d, u_int l)
{
	char b[3], *r;
	u_int i, hl;

	hl = l * 2 + 1;
	r = xmalloc(hl);
	*r = '\0';
	for (i = 0; i < l; i++) {
		snprintf(b, sizeof(b), "%02x", d[i]);
		strlcat(r, b, hl);
	}
	return (r);
}
Commit	Line	Data
3c0ef626	1	/*
3c0ef626	2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
2ce0bfe4	3	* Copyright (c) 2005 Damien Miller. All rights reserved.
3c0ef626	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
	13	*
	14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	*/
	25
	26	#include "includes.h"
08822d99	27	RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
	28
	29	#ifdef SSH_TUN_OPENBSD
	30	#include <net/if.h>
	31	#endif
3c0ef626	32
	33	#include "misc.h"
	34	#include "log.h"
	35	#include "xmalloc.h"
	36
	37	/* remove newline at end of string */
	38	char *
	39	chop(char *s)
	40	{
	41	char *t = s;
	42	while (*t) {
75be3237	43	if (t == '\n' \|\| t == '\r') {
3c0ef626	44	*t = '\0';
	45	return s;
	46	}
	47	t++;
	48	}
	49	return s;
	50
	51	}
	52
	53	/* set/unset filedescriptor to non-blocking */
7e82606e	54	int
3c0ef626	55	set_nonblock(int fd)
	56	{
	57	int val;
	58
	59	val = fcntl(fd, F_GETFL, 0);
	60	if (val < 0) {
	61	error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
7e82606e	62	return (-1);
3c0ef626	63	}
3c0ef626	64	if (val & O_NONBLOCK) {
7e82606e	65	debug3("fd %d is O_NONBLOCK", fd);
7e82606e	66	return (0);
3c0ef626	67	}
7cac2b65	68	debug2("fd %d setting O_NONBLOCK", fd);
3c0ef626	69	val \|= O_NONBLOCK;
7e82606e	70	if (fcntl(fd, F_SETFL, val) == -1) {
	71	debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
	72	strerror(errno));
	73	return (-1);
	74	}
	75	return (0);
3c0ef626	76	}
3c0ef626	77
7e82606e	78	int
3c0ef626	79	unset_nonblock(int fd)
	80	{
	81	int val;
	82
	83	val = fcntl(fd, F_GETFL, 0);
	84	if (val < 0) {
	85	error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
7e82606e	86	return (-1);
3c0ef626	87	}
3c0ef626	88	if (!(val & O_NONBLOCK)) {
7e82606e	89	debug3("fd %d is not O_NONBLOCK", fd);
7e82606e	90	return (0);
3c0ef626	91	}
	92	debug("fd %d clearing O_NONBLOCK", fd);
	93	val &= ~O_NONBLOCK;
7e82606e	94	if (fcntl(fd, F_SETFL, val) == -1) {
7e82606e	95	debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
75be3237	96	fd, strerror(errno));
7e82606e	97	return (-1);
	98	}
	99	return (0);
75be3237	100	}
	101
	102	/* disable nagle on socket */
	103	void
	104	set_nodelay(int fd)
	105	{
	106	int opt;
	107	socklen_t optlen;
	108
	109	optlen = sizeof opt;
	110	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
540d72c3	111	debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
75be3237	112	return;
	113	}
	114	if (opt == 1) {
	115	debug2("fd %d is TCP_NODELAY", fd);
	116	return;
	117	}
	118	opt = 1;
	119	debug2("fd %d setting TCP_NODELAY", fd);
	120	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
	121	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
3c0ef626	122	}
	123
	124	/* Characters considered whitespace in strsep calls. */
	125	#define WHITESPACE " \t\r\n"
	126
75be3237	127	/* Characters considered as quotations. */
	128	#define QUOTES "'\""
	129
3c0ef626	130	/* return next token in configuration line */
	131	char *
	132	strdelim(char **s)
	133	{
75be3237	134	char old, p, *q;
3c0ef626	135	int wspace = 0;
	136
	137	if (*s == NULL)
	138	return NULL;
	139
	140	old = *s;
	141
75be3237	142	if ((q=strchr(QUOTES, (int) old)) && q)
	143	{
	144	/* find next quote character, point old to start of quoted
	145	* string */
	146	for (p = ++old;p && p!=*q; p++)
	147	;
	148
	149	/* find start of next token */
	150	s = (p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
	151
	152	/* terminate 'old' token */
	153	*p = '\0';
	154	return (old);
	155	}
	156
	157	s = strpbrk(s, WHITESPACE "=");
3c0ef626	158	if (*s == NULL)
	159	return (old);
	160
	161	/* Allow only one '=' to be skipped */
	162	if (*s[0] == '=')
	163	wspace = 1;
	164	*s[0] = '\0';
	165
	166	s += strspn(s + 1, WHITESPACE) + 1;
	167	if (*s[0] == '=' && !wspace)
	168	s += strspn(s + 1, WHITESPACE) + 1;
	169
	170	return (old);
	171	}
	172
	173	struct passwd *
	174	pwcopy(struct passwd *pw)
	175	{
	176	struct passwd copy = xmalloc(sizeof(copy));
	177
	178	memset(copy, 0, sizeof(*copy));
	179	copy->pw_name = xstrdup(pw->pw_name);
	180	copy->pw_passwd = xstrdup(pw->pw_passwd);
	181	copy->pw_gecos = xstrdup(pw->pw_gecos);
	182	copy->pw_uid = pw->pw_uid;
	183	copy->pw_gid = pw->pw_gid;
	184	#ifdef HAVE_PW_EXPIRE_IN_PASSWD
	185	copy->pw_expire = pw->pw_expire;
	186	#endif
	187	#ifdef HAVE_PW_CHANGE_IN_PASSWD
	188	copy->pw_change = pw->pw_change;
	189	#endif
	190	#ifdef HAVE_PW_CLASS_IN_PASSWD
	191	copy->pw_class = xstrdup(pw->pw_class);
	192	#endif
	193	copy->pw_dir = xstrdup(pw->pw_dir);
	194	copy->pw_shell = xstrdup(pw->pw_shell);
	195	return copy;
	196	}
	197
	198	/*
	199	* Convert ASCII string to TCP/IP port number.
	200	* Port must be >0 and <=65535.
	201	* Return 0 if invalid.
	202	*/
	203	int
	204	a2port(const char *s)
	205	{
	206	long port;
	207	char *endp;
	208
	209	errno = 0;
	210	port = strtol(s, &endp, 0);
	211	if (s == endp \|\| *endp != '\0' \|\|
	212	(errno == ERANGE && (port == LONG_MIN \|\| port == LONG_MAX)) \|\|
	213	port <= 0 \|\| port > 65535)
	214	return 0;
	215
	216	return port;
	217	}
	218
08822d99	219	int
	220	a2tun(const char s, int remote)
	221	{
	222	const char *errstr = NULL;
	223	char sp, ep;
	224	int tun;
	225
	226	if (remote != NULL) {
	227	*remote = SSH_TUNID_ANY;
	228	sp = xstrdup(s);
	229	if ((ep = strchr(sp, ':')) == NULL) {
	230	xfree(sp);
	231	return (a2tun(s, NULL));
	232	}
	233	ep[0] = '\0'; ep++;
	234	*remote = a2tun(ep, NULL);
	235	tun = a2tun(sp, NULL);
	236	xfree(sp);
	237	return (remote == SSH_TUNID_ERR ? remote : tun);
	238	}
	239
	240	if (strcasecmp(s, "any") == 0)
	241	return (SSH_TUNID_ANY);
	242
	243	tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
	244	if (errstr != NULL)
	245	return (SSH_TUNID_ERR);
	246
	247	return (tun);
	248	}
	249
3c0ef626	250	#define SECONDS 1
	251	#define MINUTES (SECONDS * 60)
	252	#define HOURS (MINUTES * 60)
	253	#define DAYS (HOURS * 24)
	254	#define WEEKS (DAYS * 7)
	255
	256	/*
	257	* Convert a time string into seconds; format is
	258	* a sequence of:
	259	* time[qualifier]
	260	*
	261	* Valid time qualifiers are:
	262	* <none> seconds
	263	* s\|S seconds
	264	* m\|M minutes
	265	* h\|H hours
	266	* d\|D days
	267	* w\|W weeks
	268	*
	269	* Examples:
	270	* 90m 90 minutes
	271	* 1h30m 90 minutes
	272	* 2d 2 days
	273	* 1w 1 week
	274	*
	275	* Return -1 if time string is invalid.
	276	*/
	277	long
	278	convtime(const char *s)
	279	{
	280	long total, secs;
	281	const char *p;
	282	char *endp;
	283
	284	errno = 0;
	285	total = 0;
	286	p = s;
	287
	288	if (p == NULL \|\| *p == '\0')
	289	return -1;
	290
	291	while (*p) {
	292	secs = strtol(p, &endp, 10);
	293	if (p == endp \|\|
	294	(errno == ERANGE && (secs == LONG_MIN \|\| secs == LONG_MAX)) \|\|
	295	secs < 0)
	296	return -1;
	297
	298	switch (*endp++) {
	299	case '\0':
	300	endp--;
	301	case 's':
	302	case 'S':
	303	break;
	304	case 'm':
	305	case 'M':
	306	secs *= MINUTES;
	307	break;
	308	case 'h':
	309	case 'H':
	310	secs *= HOURS;
	311	break;
	312	case 'd':
	313	case 'D':
314	secs *= DAYS;
315	break;
316	case 'w':
317	case 'W':
318	secs *= WEEKS;
319	break;
320	default:
321	return -1;
322	}
323	total += secs;
324	if (total < 0)
325	return -1;
326	p = endp;
327	}
328
329	return total;
330	}
331
dfddba3d	332	/*
	333	* Search for next delimiter between hostnames/addresses and ports.
	334	* Argument may be modified (for termination).
	335	* Returns *cp if parsing succeeds.
	336	* *cp is set to the start of the next delimiter, if one was found.
	337	* If this is the last field, *cp is set to NULL.
	338	*/
	339	char *
	340	hpdelim(char **cp)
	341	{
	342	char s, old;
	343
	344	if (cp == NULL \|\| *cp == NULL)
	345	return NULL;
	346
	347	old = s = *cp;
	348	if (*s == '[') {
	349	if ((s = strchr(s, ']')) == NULL)
	350	return NULL;
	351	else
	352	s++;
	353	} else if ((s = strpbrk(s, ":/")) == NULL)
	354	s = cp + strlen(cp); /* skip to end (see first case below) */
	355
	356	switch (*s) {
	357	case '\0':
	358	cp = NULL; / no more fields*/
	359	break;
8b32eddc	360
dfddba3d	361	case ':':
	362	case '/':
	363	s = '\0'; / terminate */
	364	*cp = s + 1;
	365	break;
8b32eddc	366
dfddba3d	367	default:
	368	return NULL;
	369	}
	370
	371	return old;
	372	}
	373
3c0ef626	374	char *
	375	cleanhostname(char *host)
	376	{
	377	if (*host == '[' && host[strlen(host) - 1] == ']') {
	378	host[strlen(host) - 1] = '\0';
	379	return (host + 1);
	380	} else
	381	return host;
	382	}
	383
	384	char *
	385	colon(char *cp)
	386	{
	387	int flag = 0;
	388
	389	if (cp == ':') / Leading colon is part of file name. */
	390	return (0);
	391	if (*cp == '[')
	392	flag = 1;
	393
	394	for (; *cp; ++cp) {
	395	if (cp == '@' && (cp+1) == '[')
	396	flag = 1;
	397	if (cp == ']' && (cp+1) == ':' && flag)
	398	return (cp+1);
	399	if (*cp == ':' && !flag)
	400	return (cp);
	401	if (*cp == '/')
	402	return (0);
	403	}
	404	return (0);
	405	}
	406
	407	/* function to assist building execv() arguments */
	408	void
	409	addargs(arglist args, char fmt, ...)
	410	{
	411	va_list ap;
08822d99	412	char *cp;
7e82606e	413	u_int nalloc;
08822d99	414	int r;
3c0ef626	415
3c0ef626	416	va_start(ap, fmt);
08822d99	417	r = vasprintf(&cp, fmt, ap);
3c0ef626	418	va_end(ap);
08822d99	419	if (r == -1)
08822d99	420	fatal("addargs: argument too long");
3c0ef626	421
29d88157	422	nalloc = args->nalloc;
3c0ef626	423	if (args->list == NULL) {
29d88157	424	nalloc = 32;
3c0ef626	425	args->num = 0;
29d88157	426	} else if (args->num+2 >= nalloc)
29d88157	427	nalloc *= 2;
3c0ef626	428
29d88157	429	args->list = xrealloc(args->list, nalloc * sizeof(char *));
29d88157	430	args->nalloc = nalloc;
08822d99	431	args->list[args->num++] = cp;
3c0ef626	432	args->list[args->num] = NULL;
3c0ef626	433	}
dfddba3d	434
08822d99	435	void
	436	replacearg(arglist args, u_int which, char fmt, ...)
	437	{
	438	va_list ap;
	439	char *cp;
	440	int r;
	441
	442	va_start(ap, fmt);
	443	r = vasprintf(&cp, fmt, ap);
	444	va_end(ap);
	445	if (r == -1)
	446	fatal("replacearg: argument too long");
	447
	448	if (which >= args->num)
	449	fatal("replacearg: tried to replace invalid arg %d >= %d",
	450	which, args->num);
	451	xfree(args->list[which]);
	452	args->list[which] = cp;
	453	}
	454
	455	void
	456	freeargs(arglist *args)
	457	{
	458	u_int i;
	459
	460	if (args->list != NULL) {
	461	for (i = 0; i < args->num; i++)
	462	xfree(args->list[i]);
	463	xfree(args->list);
	464	args->nalloc = args->num = 0;
	465	args->list = NULL;
	466	}
	467	}
	468
2ce0bfe4	469	/*
	470	* Expands tildes in the file name. Returns data allocated by xmalloc.
	471	* Warning: this calls getpw*.
	472	*/
	473	char *
	474	tilde_expand_filename(const char *filename, uid_t uid)
	475	{
	476	const char *path;
	477	char user[128], ret[MAXPATHLEN];
	478	struct passwd *pw;
	479	u_int len, slash;
	480
	481	if (*filename != '~')
	482	return (xstrdup(filename));
	483	filename++;
	484
	485	path = strchr(filename, '/');
	486	if (path != NULL && path > filename) { /* ~user/path */
	487	slash = path - filename;
	488	if (slash > sizeof(user) - 1)
	489	fatal("tilde_expand_filename: ~username too long");
	490	memcpy(user, filename, slash);
	491	user[slash] = '\0';
	492	if ((pw = getpwnam(user)) == NULL)
	493	fatal("tilde_expand_filename: No such user %s", user);
	494	} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
	495	fatal("tilde_expand_filename: No such uid %d", uid);
	496
	497	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
	498	fatal("tilde_expand_filename: Path too long");
	499
	500	/* Make sure directory has a trailing '/' */
	501	len = strlen(pw->pw_dir);
	502	if ((len == 0 \|\| pw->pw_dir[len - 1] != '/') &&
	503	strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
	504	fatal("tilde_expand_filename: Path too long");
	505
	506	/* Skip leading '/' from specified path */
	507	if (path != NULL)
	508	filename = path + 1;
	509	if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
	510	fatal("tilde_expand_filename: Path too long");
	511
	512	return (xstrdup(ret));
	513	}
	514
	515	/*
	516	* Expand a string with a set of %[char] escapes. A number of escapes may be
	517	* specified as (char escape_chars, char replacement) pairs. The list must
	518	* be terminated by a NULL escape_char. Returns replaced string in memory
	519	* allocated by xmalloc.
	520	*/
	521	char *
	522	percent_expand(const char *string, ...)
	523	{
	524	#define EXPAND_MAX_KEYS 16
	525	struct {
	526	const char *key;
	527	const char *repl;
	528	} keys[EXPAND_MAX_KEYS];
	529	u_int num_keys, i, j;
	530	char buf[4096];
	531	va_list ap;
	532
533	/* Gather keys */
534	va_start(ap, string);
535	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
536	keys[num_keys].key = va_arg(ap, char *);
537	if (keys[num_keys].key == NULL)
538	break;
539	keys[num_keys].repl = va_arg(ap, char *);
540	if (keys[num_keys].repl == NULL)
541	fatal("percent_expand: NULL replacement");
542	}
543	va_end(ap);
544
545	if (num_keys >= EXPAND_MAX_KEYS)
546	fatal("percent_expand: too many keys");
547
548	/* Expand string */
549	*buf = '\0';
550	for (i = 0; *string != '\0'; string++) {
551	if (*string != '%') {
552	append:
553	buf[i++] = *string;
554	if (i >= sizeof(buf))
555	fatal("percent_expand: string too long");
556	buf[i] = '\0';
557	continue;
558	}
559	string++;
560	if (*string == '%')
561	goto append;
562	for (j = 0; j < num_keys; j++) {
563	if (strchr(keys[j].key, *string) != NULL) {
564	i = strlcat(buf, keys[j].repl, sizeof(buf));
565	if (i >= sizeof(buf))
566	fatal("percent_expand: string too long");
567	break;
568	}
569	}
570	if (j >= num_keys)
571	fatal("percent_expand: unknown key %%%c", *string);
572	}
573	return (xstrdup(buf));
574	#undef EXPAND_MAX_KEYS
575	}
576
dfddba3d	577	/*
	578	* Read an entire line from a public key file into a static buffer, discarding
	579	* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
	580	*/
	581	int
	582	read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
	583	u_long *lineno)
	584	{
	585	while (fgets(buf, bufsz, f) != NULL) {
	586	(*lineno)++;
	587	if (buf[strlen(buf) - 1] == '\n' \|\| feof(f)) {
	588	return 0;
	589	} else {
	590	debug("%s: %s line %lu exceeds size limit", __func__,
	591	filename, *lineno);
	592	/* discard remainder of line */
8b32eddc	593	while (fgetc(f) != '\n' && !feof(f))
dfddba3d	594	; /* nothing */
	595	}
	596	}
	597	return -1;
	598	}
2ce0bfe4	599
08822d99	600	int
	601	tun_open(int tun, int mode)
	602	{
	603	#if defined(CUSTOM_SYS_TUN_OPEN)
	604	return (sys_tun_open(tun, mode));
	605	#elif defined(SSH_TUN_OPENBSD)
	606	struct ifreq ifr;
	607	char name[100];
	608	int fd = -1, sock;
	609
	610	/* Open the tunnel device */
	611	if (tun <= SSH_TUNID_MAX) {
	612	snprintf(name, sizeof(name), "/dev/tun%d", tun);
	613	fd = open(name, O_RDWR);
	614	} else if (tun == SSH_TUNID_ANY) {
	615	for (tun = 100; tun >= 0; tun--) {
	616	snprintf(name, sizeof(name), "/dev/tun%d", tun);
	617	if ((fd = open(name, O_RDWR)) >= 0)
	618	break;
	619	}
	620	} else {
	621	debug("%s: invalid tunnel %u", __func__, tun);
	622	return (-1);
	623	}
	624
	625	if (fd < 0) {
	626	debug("%s: %s open failed: %s", __func__, name, strerror(errno));
	627	return (-1);
	628	}
	629
	630	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
	631
	632	/* Set the tunnel device operation mode */
	633	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
	634	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
	635	goto failed;
	636
	637	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
	638	goto failed;
	639
	640	/* Set interface mode */
	641	ifr.ifr_flags &= ~IFF_UP;
	642	if (mode == SSH_TUNMODE_ETHERNET)
	643	ifr.ifr_flags \|= IFF_LINK0;
	644	else
	645	ifr.ifr_flags &= ~IFF_LINK0;
	646	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
	647	goto failed;
	648
	649	/* Bring interface up */
	650	ifr.ifr_flags \|= IFF_UP;
	651	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
	652	goto failed;
	653
	654	close(sock);
	655	return (fd);
	656
	657	failed:
	658	if (fd >= 0)
	659	close(fd);
	660	if (sock >= 0)
	661	close(sock);
	662	debug("%s: failed to set %s mode %d: %s", __func__, name,
	663	mode, strerror(errno));
664	return (-1);
665	#else
666	error("Tunnel interfaces are not supported on this platform");
667	return (-1);
668	#endif
669	}
670
671	void
672	sanitise_stdfd(void)
673	{
674	int nullfd, dupfd;
675
676	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
677	fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
678	exit(1);
679	}
680	while (++dupfd <= 2) {
681	/* Only clobber closed fds */
682	if (fcntl(dupfd, F_GETFL, 0) >= 0)
683	continue;
684	if (dup2(nullfd, dupfd) == -1) {
685	fprintf(stderr, "dup2: %s", strerror(errno));
686	exit(1);
687	}
688	}
689	if (nullfd > 2)
690	close(nullfd);
691	}
692
2ce0bfe4	693	char *
	694	tohex(const u_char *d, u_int l)
	695	{
	696	char b[3], *r;
	697	u_int i, hl;
	698
	699	hl = l * 2 + 1;
	700	r = xmalloc(hl);
	701	*r = '\0';
	702	for (i = 0; i < l; i++) {
	703	snprintf(b, sizeof(b), "%02x", d[i]);
	704	strlcat(r, b, hl);
	705	}
	706	return (r);
	707	}
	708