crypto/openssh/misc.c

323136Sdes/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */
76259Sgreen/*
76259Sgreen * Copyright (c) 2000 Markus Friedl.  All rights reserved.
162852Sdes * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
76259Sgreen *
76259Sgreen * Redistribution and use in source and binary forms, with or without
76259Sgreen * modification, are permitted provided that the following conditions
76259Sgreen * are met:
76259Sgreen * 1. Redistributions of source code must retain the above copyright
76259Sgreen *    notice, this list of conditions and the following disclaimer.
76259Sgreen * 2. Redistributions in binary form must reproduce the above copyright
76259Sgreen *    notice, this list of conditions and the following disclaimer in the
76259Sgreen *    documentation and/or other materials provided with the distribution.
76259Sgreen *
76259Sgreen * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
76259Sgreen * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
76259Sgreen * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
76259Sgreen * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
76259Sgreen * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
76259Sgreen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
76259Sgreen * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
76259Sgreen * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
76259Sgreen * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
76259Sgreen * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
76259Sgreen */
76259Sgreen
76259Sgreen#include "includes.h"
76259Sgreen
162852Sdes#include <sys/types.h>
162852Sdes#include <sys/ioctl.h>
162852Sdes#include <sys/socket.h>
323134Sdes#include <sys/sysctl.h>
296633Sdes#include <sys/time.h>
294328Sdes#include <sys/un.h>
162852Sdes
294332Sdes#include <limits.h>
162852Sdes#include <stdarg.h>
162852Sdes#include <stdio.h>
162852Sdes#include <stdlib.h>
162852Sdes#include <string.h>
221420Sdes#include <time.h>
162852Sdes#include <unistd.h>
162852Sdes
162852Sdes#include <netinet/in.h>
221420Sdes#include <netinet/in_systm.h>
221420Sdes#include <netinet/ip.h>
162852Sdes#include <netinet/tcp.h>
162852Sdes
261320Sdes#include <ctype.h>
162852Sdes#include <errno.h>
162852Sdes#include <fcntl.h>
181111Sdes#include <netdb.h>
162852Sdes#ifdef HAVE_PATHS_H
162852Sdes# include <paths.h>
162852Sdes#include <pwd.h>
162852Sdes#endif
157016Sdes#ifdef SSH_TUN_OPENBSD
157016Sdes#include <net/if.h>
157016Sdes#endif
157016Sdes
162852Sdes#include "xmalloc.h"
76259Sgreen#include "misc.h"
76259Sgreen#include "log.h"
162852Sdes#include "ssh.h"
76259Sgreen
92555Sdes/* remove newline at end of string */
76259Sgreenchar *
76259Sgreenchop(char *s)
76259Sgreen{
76259Sgreen	char *t = s;
76259Sgreen	while (*t) {
92555Sdes		if (*t == '\n' || *t == '\r') {
76259Sgreen			*t = '\0';
76259Sgreen			return s;
76259Sgreen		}
76259Sgreen		t++;
76259Sgreen	}
76259Sgreen	return s;
76259Sgreen
76259Sgreen}
76259Sgreen
92555Sdes/* set/unset filedescriptor to non-blocking */
137015Sdesint
76259Sgreenset_nonblock(int fd)
76259Sgreen{
76259Sgreen	int val;
92555Sdes
323129Sdes	val = fcntl(fd, F_GETFL);
76259Sgreen	if (val < 0) {
323129Sdes		error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
137015Sdes		return (-1);
76259Sgreen	}
76259Sgreen	if (val & O_NONBLOCK) {
137015Sdes		debug3("fd %d is O_NONBLOCK", fd);
137015Sdes		return (0);
76259Sgreen	}
124208Sdes	debug2("fd %d setting O_NONBLOCK", fd);
76259Sgreen	val |= O_NONBLOCK;
137015Sdes	if (fcntl(fd, F_SETFL, val) == -1) {
137015Sdes		debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
137015Sdes		    strerror(errno));
137015Sdes		return (-1);
137015Sdes	}
137015Sdes	return (0);
76259Sgreen}
76259Sgreen
137015Sdesint
92555Sdesunset_nonblock(int fd)
92555Sdes{
92555Sdes	int val;
92555Sdes
323129Sdes	val = fcntl(fd, F_GETFL);
92555Sdes	if (val < 0) {
323129Sdes		error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
137015Sdes		return (-1);
92555Sdes	}
92555Sdes	if (!(val & O_NONBLOCK)) {
137015Sdes		debug3("fd %d is not O_NONBLOCK", fd);
137015Sdes		return (0);
92555Sdes	}
92555Sdes	debug("fd %d clearing O_NONBLOCK", fd);
92555Sdes	val &= ~O_NONBLOCK;
137015Sdes	if (fcntl(fd, F_SETFL, val) == -1) {
137015Sdes		debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
92555Sdes		    fd, strerror(errno));
137015Sdes		return (-1);
137015Sdes	}
137015Sdes	return (0);
92555Sdes}
92555Sdes
181111Sdesconst char *
181111Sdesssh_gai_strerror(int gaierr)
181111Sdes{
255767Sdes	if (gaierr == EAI_SYSTEM && errno != 0)
181111Sdes		return strerror(errno);
181111Sdes	return gai_strerror(gaierr);
181111Sdes}
181111Sdes
92555Sdes/* disable nagle on socket */
92555Sdesvoid
92555Sdesset_nodelay(int fd)
92555Sdes{
92555Sdes	int opt;
92555Sdes	socklen_t optlen;
92555Sdes
92555Sdes	optlen = sizeof opt;
92555Sdes	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
126274Sdes		debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
92555Sdes		return;
92555Sdes	}
92555Sdes	if (opt == 1) {
92555Sdes		debug2("fd %d is TCP_NODELAY", fd);
92555Sdes		return;
92555Sdes	}
92555Sdes	opt = 1;
113908Sdes	debug2("fd %d setting TCP_NODELAY", fd);
92555Sdes	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
92555Sdes		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
92555Sdes}
92555Sdes
76259Sgreen/* Characters considered whitespace in strsep calls. */
76259Sgreen#define WHITESPACE " \t\r\n"
162852Sdes#define QUOTE	"\""
76259Sgreen
92555Sdes/* return next token in configuration line */
76259Sgreenchar *
76259Sgreenstrdelim(char **s)
76259Sgreen{
76259Sgreen	char *old;
76259Sgreen	int wspace = 0;
76259Sgreen
76259Sgreen	if (*s == NULL)
76259Sgreen		return NULL;
76259Sgreen
76259Sgreen	old = *s;
76259Sgreen
162852Sdes	*s = strpbrk(*s, WHITESPACE QUOTE "=");
76259Sgreen	if (*s == NULL)
76259Sgreen		return (old);
76259Sgreen
162852Sdes	if (*s[0] == '\"') {
162852Sdes		memmove(*s, *s + 1, strlen(*s)); /* move nul too */
162852Sdes		/* Find matching quote */
162852Sdes		if ((*s = strpbrk(*s, QUOTE)) == NULL) {
162852Sdes			return (NULL);		/* no matching quote */
162852Sdes		} else {
162852Sdes			*s[0] = '\0';
215116Sdes			*s += strspn(*s + 1, WHITESPACE) + 1;
162852Sdes			return (old);
162852Sdes		}
162852Sdes	}
162852Sdes
76259Sgreen	/* Allow only one '=' to be skipped */
76259Sgreen	if (*s[0] == '=')
76259Sgreen		wspace = 1;
76259Sgreen	*s[0] = '\0';
76259Sgreen
162852Sdes	/* Skip any extra whitespace after first token */
76259Sgreen	*s += strspn(*s + 1, WHITESPACE) + 1;
76259Sgreen	if (*s[0] == '=' && !wspace)
76259Sgreen		*s += strspn(*s + 1, WHITESPACE) + 1;
76259Sgreen
76259Sgreen	return (old);
76259Sgreen}
76259Sgreen
76259Sgreenstruct passwd *
76259Sgreenpwcopy(struct passwd *pw)
76259Sgreen{
162852Sdes	struct passwd *copy = xcalloc(1, sizeof(*copy));
76259Sgreen
76259Sgreen	copy->pw_name = xstrdup(pw->pw_name);
76259Sgreen	copy->pw_passwd = xstrdup(pw->pw_passwd);
255767Sdes#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
76259Sgreen	copy->pw_gecos = xstrdup(pw->pw_gecos);
255767Sdes#endif
76259Sgreen	copy->pw_uid = pw->pw_uid;
76259Sgreen	copy->pw_gid = pw->pw_gid;
255767Sdes#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
92555Sdes	copy->pw_expire = pw->pw_expire;
98937Sdes#endif
255767Sdes#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
92555Sdes	copy->pw_change = pw->pw_change;
98937Sdes#endif
255767Sdes#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
76259Sgreen	copy->pw_class = xstrdup(pw->pw_class);
98937Sdes#endif
76259Sgreen	copy->pw_dir = xstrdup(pw->pw_dir);
76259Sgreen	copy->pw_shell = xstrdup(pw->pw_shell);
76259Sgreen	return copy;
76259Sgreen}
76259Sgreen
92555Sdes/*
92555Sdes * Convert ASCII string to TCP/IP port number.
192595Sdes * Port must be >=0 and <=65535.
192595Sdes * Return -1 if invalid.
92555Sdes */
92555Sdesint
92555Sdesa2port(const char *s)
76259Sgreen{
192595Sdes	long long port;
192595Sdes	const char *errstr;
76259Sgreen
192595Sdes	port = strtonum(s, 0, 65535, &errstr);
192595Sdes	if (errstr != NULL)
192595Sdes		return -1;
192595Sdes	return (int)port;
76259Sgreen}
92555Sdes
157016Sdesint
157016Sdesa2tun(const char *s, int *remote)
157016Sdes{
157016Sdes	const char *errstr = NULL;
157016Sdes	char *sp, *ep;
157016Sdes	int tun;
157016Sdes
157016Sdes	if (remote != NULL) {
157016Sdes		*remote = SSH_TUNID_ANY;
157016Sdes		sp = xstrdup(s);
157016Sdes		if ((ep = strchr(sp, ':')) == NULL) {
255767Sdes			free(sp);
157016Sdes			return (a2tun(s, NULL));
157016Sdes		}
157016Sdes		ep[0] = '\0'; ep++;
157016Sdes		*remote = a2tun(ep, NULL);
157016Sdes		tun = a2tun(sp, NULL);
255767Sdes		free(sp);
157016Sdes		return (*remote == SSH_TUNID_ERR ? *remote : tun);
157016Sdes	}
157016Sdes
157016Sdes	if (strcasecmp(s, "any") == 0)
157016Sdes		return (SSH_TUNID_ANY);
157016Sdes
157016Sdes	tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
157016Sdes	if (errstr != NULL)
157016Sdes		return (SSH_TUNID_ERR);
157016Sdes
157016Sdes	return (tun);
157016Sdes}
157016Sdes
92555Sdes#define SECONDS		1
92555Sdes#define MINUTES		(SECONDS * 60)
92555Sdes#define HOURS		(MINUTES * 60)
92555Sdes#define DAYS		(HOURS * 24)
92555Sdes#define WEEKS		(DAYS * 7)
92555Sdes
92555Sdes/*
92555Sdes * Convert a time string into seconds; format is
92555Sdes * a sequence of:
92555Sdes *      time[qualifier]
92555Sdes *
92555Sdes * Valid time qualifiers are:
92555Sdes *      <none>  seconds
92555Sdes *      s|S     seconds
92555Sdes *      m|M     minutes
92555Sdes *      h|H     hours
92555Sdes *      d|D     days
92555Sdes *      w|W     weeks
92555Sdes *
92555Sdes * Examples:
92555Sdes *      90m     90 minutes
92555Sdes *      1h30m   90 minutes
92555Sdes *      2d      2 days
92555Sdes *      1w      1 week
92555Sdes *
92555Sdes * Return -1 if time string is invalid.
92555Sdes */
92555Sdeslong
92555Sdesconvtime(const char *s)
92555Sdes{
323136Sdes	long total, secs, multiplier = 1;
92555Sdes	const char *p;
92555Sdes	char *endp;
92555Sdes
92555Sdes	errno = 0;
92555Sdes	total = 0;
92555Sdes	p = s;
92555Sdes
92555Sdes	if (p == NULL || *p == '\0')
92555Sdes		return -1;
92555Sdes
92555Sdes	while (*p) {
92555Sdes		secs = strtol(p, &endp, 10);
92555Sdes		if (p == endp ||
92555Sdes		    (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
92555Sdes		    secs < 0)
92555Sdes			return -1;
92555Sdes
92555Sdes		switch (*endp++) {
92555Sdes		case '\0':
92555Sdes			endp--;
162852Sdes			break;
92555Sdes		case 's':
92555Sdes		case 'S':
92555Sdes			break;
92555Sdes		case 'm':
92555Sdes		case 'M':
323136Sdes			multiplier = MINUTES;
92555Sdes			break;
92555Sdes		case 'h':
92555Sdes		case 'H':
323136Sdes			multiplier = HOURS;
92555Sdes			break;
92555Sdes		case 'd':
92555Sdes		case 'D':
323136Sdes			multiplier = DAYS;
92555Sdes			break;
92555Sdes		case 'w':
92555Sdes		case 'W':
323136Sdes			multiplier = WEEKS;
92555Sdes			break;
92555Sdes		default:
92555Sdes			return -1;
92555Sdes		}
323136Sdes		if (secs >= LONG_MAX / multiplier)
323136Sdes			return -1;
323136Sdes		secs *= multiplier;
323136Sdes		if  (total >= LONG_MAX - secs)
323136Sdes			return -1;
92555Sdes		total += secs;
92555Sdes		if (total < 0)
92555Sdes			return -1;
92555Sdes		p = endp;
92555Sdes	}
92555Sdes
92555Sdes	return total;
92555Sdes}
92555Sdes
146998Sdes/*
162852Sdes * Returns a standardized host+port identifier string.
162852Sdes * Caller must free returned string.
162852Sdes */
162852Sdeschar *
162852Sdesput_host_port(const char *host, u_short port)
162852Sdes{
162852Sdes	char *hoststr;
162852Sdes
162852Sdes	if (port == 0 || port == SSH_DEFAULT_PORT)
162852Sdes		return(xstrdup(host));
162852Sdes	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
162852Sdes		fatal("put_host_port: asprintf: %s", strerror(errno));
162852Sdes	debug3("put_host_port: %s", hoststr);
162852Sdes	return hoststr;
162852Sdes}
162852Sdes
162852Sdes/*
146998Sdes * Search for next delimiter between hostnames/addresses and ports.
146998Sdes * Argument may be modified (for termination).
146998Sdes * Returns *cp if parsing succeeds.
146998Sdes * *cp is set to the start of the next delimiter, if one was found.
146998Sdes * If this is the last field, *cp is set to NULL.
146998Sdes */
92555Sdeschar *
146998Sdeshpdelim(char **cp)
146998Sdes{
146998Sdes	char *s, *old;
146998Sdes
146998Sdes	if (cp == NULL || *cp == NULL)
146998Sdes		return NULL;
146998Sdes
146998Sdes	old = s = *cp;
146998Sdes	if (*s == '[') {
146998Sdes		if ((s = strchr(s, ']')) == NULL)
146998Sdes			return NULL;
146998Sdes		else
146998Sdes			s++;
146998Sdes	} else if ((s = strpbrk(s, ":/")) == NULL)
146998Sdes		s = *cp + strlen(*cp); /* skip to end (see first case below) */
146998Sdes
146998Sdes	switch (*s) {
146998Sdes	case '\0':
146998Sdes		*cp = NULL;	/* no more fields*/
146998Sdes		break;
147001Sdes
146998Sdes	case ':':
146998Sdes	case '/':
146998Sdes		*s = '\0';	/* terminate */
146998Sdes		*cp = s + 1;
146998Sdes		break;
147001Sdes
146998Sdes	default:
146998Sdes		return NULL;
146998Sdes	}
146998Sdes
146998Sdes	return old;
146998Sdes}
146998Sdes
146998Sdeschar *
92555Sdescleanhostname(char *host)
92555Sdes{
92555Sdes	if (*host == '[' && host[strlen(host) - 1] == ']') {
92555Sdes		host[strlen(host) - 1] = '\0';
92555Sdes		return (host + 1);
92555Sdes	} else
92555Sdes		return host;
92555Sdes}
92555Sdes
92555Sdeschar *
92555Sdescolon(char *cp)
92555Sdes{
92555Sdes	int flag = 0;
92555Sdes
92555Sdes	if (*cp == ':')		/* Leading colon is part of file name. */
215116Sdes		return NULL;
92555Sdes	if (*cp == '[')
92555Sdes		flag = 1;
92555Sdes
92555Sdes	for (; *cp; ++cp) {
92555Sdes		if (*cp == '@' && *(cp+1) == '[')
92555Sdes			flag = 1;
92555Sdes		if (*cp == ']' && *(cp+1) == ':' && flag)
92555Sdes			return (cp+1);
92555Sdes		if (*cp == ':' && !flag)
92555Sdes			return (cp);
92555Sdes		if (*cp == '/')
215116Sdes			return NULL;
92555Sdes	}
215116Sdes	return NULL;
92555Sdes}
92555Sdes
323129Sdes/*
323129Sdes * Parse a [user@]host[:port] string.
323129Sdes * Caller must free returned user and host.
323129Sdes * Any of the pointer return arguments may be NULL (useful for syntax checking).
323129Sdes * If user was not specified then *userp will be set to NULL.
323129Sdes * If port was not specified then *portp will be -1.
323129Sdes * Returns 0 on success, -1 on failure.
323129Sdes */
323129Sdesint
323129Sdesparse_user_host_port(const char *s, char **userp, char **hostp, int *portp)
323129Sdes{
323129Sdes	char *sdup, *cp, *tmp;
323129Sdes	char *user = NULL, *host = NULL;
323129Sdes	int port = -1, ret = -1;
323129Sdes
323129Sdes	if (userp != NULL)
323129Sdes		*userp = NULL;
323129Sdes	if (hostp != NULL)
323129Sdes		*hostp = NULL;
323129Sdes	if (portp != NULL)
323129Sdes		*portp = -1;
323129Sdes
323129Sdes	if ((sdup = tmp = strdup(s)) == NULL)
323129Sdes		return -1;
323129Sdes	/* Extract optional username */
323129Sdes	if ((cp = strchr(tmp, '@')) != NULL) {
323129Sdes		*cp = '\0';
323129Sdes		if (*tmp == '\0')
323129Sdes			goto out;
323129Sdes		if ((user = strdup(tmp)) == NULL)
323129Sdes			goto out;
323129Sdes		tmp = cp + 1;
323129Sdes	}
323129Sdes	/* Extract mandatory hostname */
323129Sdes	if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0')
323129Sdes		goto out;
323129Sdes	host = xstrdup(cleanhostname(cp));
323129Sdes	/* Convert and verify optional port */
323129Sdes	if (tmp != NULL && *tmp != '\0') {
323129Sdes		if ((port = a2port(tmp)) <= 0)
323129Sdes			goto out;
323129Sdes	}
323129Sdes	/* Success */
323129Sdes	if (userp != NULL) {
323129Sdes		*userp = user;
323129Sdes		user = NULL;
323129Sdes	}
323129Sdes	if (hostp != NULL) {
323129Sdes		*hostp = host;
323129Sdes		host = NULL;
323129Sdes	}
323129Sdes	if (portp != NULL)
323129Sdes		*portp = port;
323129Sdes	ret = 0;
323129Sdes out:
323129Sdes	free(sdup);
323129Sdes	free(user);
323129Sdes	free(host);
323129Sdes	return ret;
323129Sdes}
323129Sdes
92555Sdes/* function to assist building execv() arguments */
92555Sdesvoid
92555Sdesaddargs(arglist *args, char *fmt, ...)
92555Sdes{
92555Sdes	va_list ap;
157016Sdes	char *cp;
137015Sdes	u_int nalloc;
157016Sdes	int r;
92555Sdes
92555Sdes	va_start(ap, fmt);
157016Sdes	r = vasprintf(&cp, fmt, ap);
92555Sdes	va_end(ap);
157016Sdes	if (r == -1)
157016Sdes		fatal("addargs: argument too long");
92555Sdes
120161Snectar	nalloc = args->nalloc;
92555Sdes	if (args->list == NULL) {
120161Snectar		nalloc = 32;
92555Sdes		args->num = 0;
120161Snectar	} else if (args->num+2 >= nalloc)
120161Snectar		nalloc *= 2;
92555Sdes
294336Sdes	args->list = xreallocarray(args->list, nalloc, sizeof(char *));
120161Snectar	args->nalloc = nalloc;
157016Sdes	args->list[args->num++] = cp;
92555Sdes	args->list[args->num] = NULL;
92555Sdes}
146998Sdes
157016Sdesvoid
157016Sdesreplacearg(arglist *args, u_int which, char *fmt, ...)
157016Sdes{
157016Sdes	va_list ap;
157016Sdes	char *cp;
157016Sdes	int r;
157016Sdes
157016Sdes	va_start(ap, fmt);
157016Sdes	r = vasprintf(&cp, fmt, ap);
157016Sdes	va_end(ap);
157016Sdes	if (r == -1)
157016Sdes		fatal("replacearg: argument too long");
157016Sdes
157016Sdes	if (which >= args->num)
157016Sdes		fatal("replacearg: tried to replace invalid arg %d >= %d",
157016Sdes		    which, args->num);
255767Sdes	free(args->list[which]);
157016Sdes	args->list[which] = cp;
157016Sdes}
157016Sdes
157016Sdesvoid
157016Sdesfreeargs(arglist *args)
157016Sdes{
157016Sdes	u_int i;
157016Sdes
157016Sdes	if (args->list != NULL) {
157016Sdes		for (i = 0; i < args->num; i++)
255767Sdes			free(args->list[i]);
255767Sdes		free(args->list);
157016Sdes		args->nalloc = args->num = 0;
157016Sdes		args->list = NULL;
157016Sdes	}
157016Sdes}
157016Sdes
146998Sdes/*
149749Sdes * Expands tildes in the file name.  Returns data allocated by xmalloc.
149749Sdes * Warning: this calls getpw*.
149749Sdes */
149749Sdeschar *
149749Sdestilde_expand_filename(const char *filename, uid_t uid)
149749Sdes{
255767Sdes	const char *path, *sep;
255767Sdes	char user[128], *ret;
149749Sdes	struct passwd *pw;
149749Sdes	u_int len, slash;
149749Sdes
149749Sdes	if (*filename != '~')
149749Sdes		return (xstrdup(filename));
149749Sdes	filename++;
149749Sdes
149749Sdes	path = strchr(filename, '/');
149749Sdes	if (path != NULL && path > filename) {		/* ~user/path */
149749Sdes		slash = path - filename;
149749Sdes		if (slash > sizeof(user) - 1)
149749Sdes			fatal("tilde_expand_filename: ~username too long");
149749Sdes		memcpy(user, filename, slash);
149749Sdes		user[slash] = '\0';
149749Sdes		if ((pw = getpwnam(user)) == NULL)
149749Sdes			fatal("tilde_expand_filename: No such user %s", user);
149749Sdes	} else if ((pw = getpwuid(uid)) == NULL)	/* ~/path */
181111Sdes		fatal("tilde_expand_filename: No such uid %ld", (long)uid);
149749Sdes
149749Sdes	/* Make sure directory has a trailing '/' */
149749Sdes	len = strlen(pw->pw_dir);
255767Sdes	if (len == 0 || pw->pw_dir[len - 1] != '/')
255767Sdes		sep = "/";
255767Sdes	else
255767Sdes		sep = "";
149749Sdes
149749Sdes	/* Skip leading '/' from specified path */
149749Sdes	if (path != NULL)
149749Sdes		filename = path + 1;
255767Sdes
294332Sdes	if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX)
149749Sdes		fatal("tilde_expand_filename: Path too long");
149749Sdes
255767Sdes	return (ret);
149749Sdes}
149749Sdes
149749Sdes/*
149749Sdes * Expand a string with a set of %[char] escapes. A number of escapes may be
149749Sdes * specified as (char *escape_chars, char *replacement) pairs. The list must
149749Sdes * be terminated by a NULL escape_char. Returns replaced string in memory
149749Sdes * allocated by xmalloc.
149749Sdes */
149749Sdeschar *
149749Sdespercent_expand(const char *string, ...)
149749Sdes{
149749Sdes#define EXPAND_MAX_KEYS	16
204917Sdes	u_int num_keys, i, j;
149749Sdes	struct {
149749Sdes		const char *key;
149749Sdes		const char *repl;
149749Sdes	} keys[EXPAND_MAX_KEYS];
149749Sdes	char buf[4096];
149749Sdes	va_list ap;
149749Sdes
149749Sdes	/* Gather keys */
149749Sdes	va_start(ap, string);
149749Sdes	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
149749Sdes		keys[num_keys].key = va_arg(ap, char *);
149749Sdes		if (keys[num_keys].key == NULL)
149749Sdes			break;
149749Sdes		keys[num_keys].repl = va_arg(ap, char *);
149749Sdes		if (keys[num_keys].repl == NULL)
204917Sdes			fatal("%s: NULL replacement", __func__);
149749Sdes	}
204917Sdes	if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
204917Sdes		fatal("%s: too many keys", __func__);
149749Sdes	va_end(ap);
149749Sdes
149749Sdes	/* Expand string */
149749Sdes	*buf = '\0';
149749Sdes	for (i = 0; *string != '\0'; string++) {
149749Sdes		if (*string != '%') {
149749Sdes append:
149749Sdes			buf[i++] = *string;
149749Sdes			if (i >= sizeof(buf))
204917Sdes				fatal("%s: string too long", __func__);
149749Sdes			buf[i] = '\0';
149749Sdes			continue;
149749Sdes		}
149749Sdes		string++;
204917Sdes		/* %% case */
149749Sdes		if (*string == '%')
149749Sdes			goto append;
296633Sdes		if (*string == '\0')
296633Sdes			fatal("%s: invalid format", __func__);
149749Sdes		for (j = 0; j < num_keys; j++) {
149749Sdes			if (strchr(keys[j].key, *string) != NULL) {
149749Sdes				i = strlcat(buf, keys[j].repl, sizeof(buf));
149749Sdes				if (i >= sizeof(buf))
204917Sdes					fatal("%s: string too long", __func__);
149749Sdes				break;
149749Sdes			}
149749Sdes		}
149749Sdes		if (j >= num_keys)
204917Sdes			fatal("%s: unknown key %%%c", __func__, *string);
149749Sdes	}
149749Sdes	return (xstrdup(buf));
149749Sdes#undef EXPAND_MAX_KEYS
149749Sdes}
149749Sdes
149749Sdes/*
146998Sdes * Read an entire line from a public key file into a static buffer, discarding
146998Sdes * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
146998Sdes */
146998Sdesint
146998Sdesread_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
146998Sdes   u_long *lineno)
146998Sdes{
146998Sdes	while (fgets(buf, bufsz, f) != NULL) {
181111Sdes		if (buf[0] == '\0')
181111Sdes			continue;
146998Sdes		(*lineno)++;
146998Sdes		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
146998Sdes			return 0;
146998Sdes		} else {
146998Sdes			debug("%s: %s line %lu exceeds size limit", __func__,
146998Sdes			    filename, *lineno);
146998Sdes			/* discard remainder of line */
147001Sdes			while (fgetc(f) != '\n' && !feof(f))
146998Sdes				;	/* nothing */
146998Sdes		}
146998Sdes	}
146998Sdes	return -1;
146998Sdes}
149749Sdes
157016Sdesint
157016Sdestun_open(int tun, int mode)
157016Sdes{
157016Sdes#if defined(CUSTOM_SYS_TUN_OPEN)
157016Sdes	return (sys_tun_open(tun, mode));
157016Sdes#elif defined(SSH_TUN_OPENBSD)
157016Sdes	struct ifreq ifr;
157016Sdes	char name[100];
157016Sdes	int fd = -1, sock;
296633Sdes	const char *tunbase = "tun";
157016Sdes
296633Sdes	if (mode == SSH_TUNMODE_ETHERNET)
296633Sdes		tunbase = "tap";
296633Sdes
157016Sdes	/* Open the tunnel device */
157016Sdes	if (tun <= SSH_TUNID_MAX) {
296633Sdes		snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
157016Sdes		fd = open(name, O_RDWR);
157016Sdes	} else if (tun == SSH_TUNID_ANY) {
157016Sdes		for (tun = 100; tun >= 0; tun--) {
296633Sdes			snprintf(name, sizeof(name), "/dev/%s%d",
296633Sdes			    tunbase, tun);
157016Sdes			if ((fd = open(name, O_RDWR)) >= 0)
157016Sdes				break;
157016Sdes		}
157016Sdes	} else {
157016Sdes		debug("%s: invalid tunnel %u", __func__, tun);
296633Sdes		return -1;
157016Sdes	}
157016Sdes
157016Sdes	if (fd < 0) {
296633Sdes		debug("%s: %s open: %s", __func__, name, strerror(errno));
296633Sdes		return -1;
157016Sdes	}
157016Sdes
157016Sdes	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
157016Sdes
296633Sdes	/* Bring interface up if it is not already */
296633Sdes	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
157016Sdes	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
157016Sdes		goto failed;
157016Sdes
296633Sdes	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
296633Sdes		debug("%s: get interface %s flags: %s", __func__,
296633Sdes		    ifr.ifr_name, strerror(errno));
157016Sdes		goto failed;
296633Sdes	}
157016Sdes
296633Sdes	if (!(ifr.ifr_flags & IFF_UP)) {
296633Sdes		ifr.ifr_flags |= IFF_UP;
296633Sdes		if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
296633Sdes			debug("%s: activate interface %s: %s", __func__,
296633Sdes			    ifr.ifr_name, strerror(errno));
296633Sdes			goto failed;
296633Sdes		}
296633Sdes	}
157016Sdes
157016Sdes	close(sock);
296633Sdes	return fd;
157016Sdes
157016Sdes failed:
157016Sdes	if (fd >= 0)
157016Sdes		close(fd);
157016Sdes	if (sock >= 0)
157016Sdes		close(sock);
296633Sdes	return -1;
157016Sdes#else
157016Sdes	error("Tunnel interfaces are not supported on this platform");
157016Sdes	return (-1);
157016Sdes#endif
157016Sdes}
157016Sdes
157016Sdesvoid
157016Sdessanitise_stdfd(void)
157016Sdes{
157016Sdes	int nullfd, dupfd;
157016Sdes
157016Sdes	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
192595Sdes		fprintf(stderr, "Couldn't open /dev/null: %s\n",
192595Sdes		    strerror(errno));
157016Sdes		exit(1);
157016Sdes	}
323129Sdes	while (++dupfd <= STDERR_FILENO) {
323129Sdes		/* Only populate closed fds. */
323129Sdes		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
323129Sdes			if (dup2(nullfd, dupfd) == -1) {
323129Sdes				fprintf(stderr, "dup2: %s\n", strerror(errno));
323129Sdes				exit(1);
323129Sdes			}
157016Sdes		}
157016Sdes	}
323129Sdes	if (nullfd > STDERR_FILENO)
157016Sdes		close(nullfd);
157016Sdes}
157016Sdes
149749Sdeschar *
162852Sdestohex(const void *vp, size_t l)
149749Sdes{
162852Sdes	const u_char *p = (const u_char *)vp;
149749Sdes	char b[3], *r;
162852Sdes	size_t i, hl;
149749Sdes
162852Sdes	if (l > 65536)
162852Sdes		return xstrdup("tohex: length > 65536");
162852Sdes
149749Sdes	hl = l * 2 + 1;
162852Sdes	r = xcalloc(1, hl);
149749Sdes	for (i = 0; i < l; i++) {
162852Sdes		snprintf(b, sizeof(b), "%02x", p[i]);
149749Sdes		strlcat(r, b, hl);
149749Sdes	}
149749Sdes	return (r);
149749Sdes}
149749Sdes
162852Sdesu_int64_t
162852Sdesget_u64(const void *vp)
162852Sdes{
162852Sdes	const u_char *p = (const u_char *)vp;
162852Sdes	u_int64_t v;
162852Sdes
162852Sdes	v  = (u_int64_t)p[0] << 56;
162852Sdes	v |= (u_int64_t)p[1] << 48;
162852Sdes	v |= (u_int64_t)p[2] << 40;
162852Sdes	v |= (u_int64_t)p[3] << 32;
162852Sdes	v |= (u_int64_t)p[4] << 24;
162852Sdes	v |= (u_int64_t)p[5] << 16;
162852Sdes	v |= (u_int64_t)p[6] << 8;
162852Sdes	v |= (u_int64_t)p[7];
162852Sdes
162852Sdes	return (v);
162852Sdes}
162852Sdes
162852Sdesu_int32_t
162852Sdesget_u32(const void *vp)
162852Sdes{
162852Sdes	const u_char *p = (const u_char *)vp;
162852Sdes	u_int32_t v;
162852Sdes
162852Sdes	v  = (u_int32_t)p[0] << 24;
162852Sdes	v |= (u_int32_t)p[1] << 16;
162852Sdes	v |= (u_int32_t)p[2] << 8;
162852Sdes	v |= (u_int32_t)p[3];
162852Sdes
162852Sdes	return (v);
162852Sdes}
162852Sdes
294328Sdesu_int32_t
294328Sdesget_u32_le(const void *vp)
294328Sdes{
294328Sdes	const u_char *p = (const u_char *)vp;
294328Sdes	u_int32_t v;
294328Sdes
294328Sdes	v  = (u_int32_t)p[0];
294328Sdes	v |= (u_int32_t)p[1] << 8;
294328Sdes	v |= (u_int32_t)p[2] << 16;
294328Sdes	v |= (u_int32_t)p[3] << 24;
294328Sdes
294328Sdes	return (v);
294328Sdes}
294328Sdes
162852Sdesu_int16_t
162852Sdesget_u16(const void *vp)
162852Sdes{
162852Sdes	const u_char *p = (const u_char *)vp;
162852Sdes	u_int16_t v;
162852Sdes
162852Sdes	v  = (u_int16_t)p[0] << 8;
162852Sdes	v |= (u_int16_t)p[1];
162852Sdes
162852Sdes	return (v);
162852Sdes}
162852Sdes
162852Sdesvoid
162852Sdesput_u64(void *vp, u_int64_t v)
162852Sdes{
162852Sdes	u_char *p = (u_char *)vp;
162852Sdes
162852Sdes	p[0] = (u_char)(v >> 56) & 0xff;
162852Sdes	p[1] = (u_char)(v >> 48) & 0xff;
162852Sdes	p[2] = (u_char)(v >> 40) & 0xff;
162852Sdes	p[3] = (u_char)(v >> 32) & 0xff;
162852Sdes	p[4] = (u_char)(v >> 24) & 0xff;
162852Sdes	p[5] = (u_char)(v >> 16) & 0xff;
162852Sdes	p[6] = (u_char)(v >> 8) & 0xff;
162852Sdes	p[7] = (u_char)v & 0xff;
162852Sdes}
162852Sdes
162852Sdesvoid
162852Sdesput_u32(void *vp, u_int32_t v)
162852Sdes{
162852Sdes	u_char *p = (u_char *)vp;
162852Sdes
162852Sdes	p[0] = (u_char)(v >> 24) & 0xff;
162852Sdes	p[1] = (u_char)(v >> 16) & 0xff;
162852Sdes	p[2] = (u_char)(v >> 8) & 0xff;
162852Sdes	p[3] = (u_char)v & 0xff;
162852Sdes}
162852Sdes
294328Sdesvoid
294328Sdesput_u32_le(void *vp, u_int32_t v)
294328Sdes{
294328Sdes	u_char *p = (u_char *)vp;
162852Sdes
294328Sdes	p[0] = (u_char)v & 0xff;
294328Sdes	p[1] = (u_char)(v >> 8) & 0xff;
294328Sdes	p[2] = (u_char)(v >> 16) & 0xff;
294328Sdes	p[3] = (u_char)(v >> 24) & 0xff;
294328Sdes}
294328Sdes
162852Sdesvoid
162852Sdesput_u16(void *vp, u_int16_t v)
162852Sdes{
162852Sdes	u_char *p = (u_char *)vp;
162852Sdes
162852Sdes	p[0] = (u_char)(v >> 8) & 0xff;
162852Sdes	p[1] = (u_char)v & 0xff;
162852Sdes}
181111Sdes
181111Sdesvoid
181111Sdesms_subtract_diff(struct timeval *start, int *ms)
181111Sdes{
181111Sdes	struct timeval diff, finish;
181111Sdes
181111Sdes	gettimeofday(&finish, NULL);
181111Sdes	timersub(&finish, start, &diff);
181111Sdes	*ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
181111Sdes}
181111Sdes
181111Sdesvoid
181111Sdesms_to_timeval(struct timeval *tv, int ms)
181111Sdes{
181111Sdes	if (ms < 0)
181111Sdes		ms = 0;
181111Sdes	tv->tv_sec = ms / 1000;
181111Sdes	tv->tv_usec = (ms % 1000) * 1000;
181111Sdes}
181111Sdes
255767Sdestime_t
255767Sdesmonotime(void)
255767Sdes{
294328Sdes#if defined(HAVE_CLOCK_GETTIME) && \
294328Sdes    (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
255767Sdes	struct timespec ts;
255767Sdes	static int gettime_failed = 0;
255767Sdes
255767Sdes	if (!gettime_failed) {
294328Sdes#if defined(CLOCK_BOOTTIME)
294328Sdes		if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
294328Sdes			return (ts.tv_sec);
294328Sdes#endif
294328Sdes#if defined(CLOCK_MONOTONIC)
255767Sdes		if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
255767Sdes			return (ts.tv_sec);
294328Sdes#endif
255767Sdes		debug3("clock_gettime: %s", strerror(errno));
255767Sdes		gettime_failed = 1;
255767Sdes	}
294328Sdes#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
255767Sdes
255767Sdes	return time(NULL);
255767Sdes}
255767Sdes
323129Sdesdouble
323129Sdesmonotime_double(void)
323129Sdes{
323129Sdes#if defined(HAVE_CLOCK_GETTIME) && \
323129Sdes    (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
323129Sdes	struct timespec ts;
323129Sdes	static int gettime_failed = 0;
323129Sdes
323129Sdes	if (!gettime_failed) {
323129Sdes#if defined(CLOCK_BOOTTIME)
323129Sdes		if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
323129Sdes			return (ts.tv_sec + (double)ts.tv_nsec / 1000000000);
323129Sdes#endif
323129Sdes#if defined(CLOCK_MONOTONIC)
323129Sdes		if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
323129Sdes			return (ts.tv_sec + (double)ts.tv_nsec / 1000000000);
323129Sdes#endif
323129Sdes		debug3("clock_gettime: %s", strerror(errno));
323129Sdes		gettime_failed = 1;
323129Sdes	}
323129Sdes#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
323129Sdes
323129Sdes	return (double)time(NULL);
323129Sdes}
323129Sdes
221420Sdesvoid
221420Sdesbandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
221420Sdes{
221420Sdes	bw->buflen = buflen;
221420Sdes	bw->rate = kbps;
221420Sdes	bw->thresh = bw->rate;
221420Sdes	bw->lamt = 0;
221420Sdes	timerclear(&bw->bwstart);
221420Sdes	timerclear(&bw->bwend);
221420Sdes}
221420Sdes
221420Sdes/* Callback from read/write loop to insert bandwidth-limiting delays */
221420Sdesvoid
221420Sdesbandwidth_limit(struct bwlimit *bw, size_t read_len)
221420Sdes{
221420Sdes	u_int64_t waitlen;
221420Sdes	struct timespec ts, rm;
221420Sdes
221420Sdes	if (!timerisset(&bw->bwstart)) {
221420Sdes		gettimeofday(&bw->bwstart, NULL);
221420Sdes		return;
221420Sdes	}
221420Sdes
221420Sdes	bw->lamt += read_len;
221420Sdes	if (bw->lamt < bw->thresh)
221420Sdes		return;
221420Sdes
221420Sdes	gettimeofday(&bw->bwend, NULL);
221420Sdes	timersub(&bw->bwend, &bw->bwstart, &bw->bwend);
221420Sdes	if (!timerisset(&bw->bwend))
221420Sdes		return;
221420Sdes
221420Sdes	bw->lamt *= 8;
221420Sdes	waitlen = (double)1000000L * bw->lamt / bw->rate;
221420Sdes
221420Sdes	bw->bwstart.tv_sec = waitlen / 1000000L;
221420Sdes	bw->bwstart.tv_usec = waitlen % 1000000L;
221420Sdes
221420Sdes	if (timercmp(&bw->bwstart, &bw->bwend, >)) {
221420Sdes		timersub(&bw->bwstart, &bw->bwend, &bw->bwend);
221420Sdes
221420Sdes		/* Adjust the wait time */
221420Sdes		if (bw->bwend.tv_sec) {
221420Sdes			bw->thresh /= 2;
221420Sdes			if (bw->thresh < bw->buflen / 4)
221420Sdes				bw->thresh = bw->buflen / 4;
221420Sdes		} else if (bw->bwend.tv_usec < 10000) {
221420Sdes			bw->thresh *= 2;
221420Sdes			if (bw->thresh > bw->buflen * 8)
221420Sdes				bw->thresh = bw->buflen * 8;
221420Sdes		}
221420Sdes
221420Sdes		TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts);
221420Sdes		while (nanosleep(&ts, &rm) == -1) {
221420Sdes			if (errno != EINTR)
221420Sdes				break;
221420Sdes			ts = rm;
221420Sdes		}
221420Sdes	}
221420Sdes
221420Sdes	bw->lamt = 0;
221420Sdes	gettimeofday(&bw->bwstart, NULL);
221420Sdes}
221420Sdes
221420Sdes/* Make a template filename for mk[sd]temp() */
221420Sdesvoid
221420Sdesmktemp_proto(char *s, size_t len)
221420Sdes{
221420Sdes	const char *tmpdir;
221420Sdes	int r;
221420Sdes
221420Sdes	if ((tmpdir = getenv("TMPDIR")) != NULL) {
221420Sdes		r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir);
221420Sdes		if (r > 0 && (size_t)r < len)
221420Sdes			return;
221420Sdes	}
221420Sdes	r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX");
221420Sdes	if (r < 0 || (size_t)r >= len)
221420Sdes		fatal("%s: template string too short", __func__);
221420Sdes}
221420Sdes
221420Sdesstatic const struct {
221420Sdes	const char *name;
221420Sdes	int value;
221420Sdes} ipqos[] = {
221420Sdes	{ "af11", IPTOS_DSCP_AF11 },
221420Sdes	{ "af12", IPTOS_DSCP_AF12 },
221420Sdes	{ "af13", IPTOS_DSCP_AF13 },
240075Sdes	{ "af21", IPTOS_DSCP_AF21 },
221420Sdes	{ "af22", IPTOS_DSCP_AF22 },
221420Sdes	{ "af23", IPTOS_DSCP_AF23 },
221420Sdes	{ "af31", IPTOS_DSCP_AF31 },
221420Sdes	{ "af32", IPTOS_DSCP_AF32 },
221420Sdes	{ "af33", IPTOS_DSCP_AF33 },
221420Sdes	{ "af41", IPTOS_DSCP_AF41 },
221420Sdes	{ "af42", IPTOS_DSCP_AF42 },
221420Sdes	{ "af43", IPTOS_DSCP_AF43 },
221420Sdes	{ "cs0", IPTOS_DSCP_CS0 },
221420Sdes	{ "cs1", IPTOS_DSCP_CS1 },
221420Sdes	{ "cs2", IPTOS_DSCP_CS2 },
221420Sdes	{ "cs3", IPTOS_DSCP_CS3 },
221420Sdes	{ "cs4", IPTOS_DSCP_CS4 },
221420Sdes	{ "cs5", IPTOS_DSCP_CS5 },
221420Sdes	{ "cs6", IPTOS_DSCP_CS6 },
221420Sdes	{ "cs7", IPTOS_DSCP_CS7 },
221420Sdes	{ "ef", IPTOS_DSCP_EF },
221420Sdes	{ "lowdelay", IPTOS_LOWDELAY },
221420Sdes	{ "throughput", IPTOS_THROUGHPUT },
221420Sdes	{ "reliability", IPTOS_RELIABILITY },
221420Sdes	{ NULL, -1 }
221420Sdes};
221420Sdes
215116Sdesint
221420Sdesparse_ipqos(const char *cp)
215116Sdes{
221420Sdes	u_int i;
221420Sdes	char *ep;
221420Sdes	long val;
215116Sdes
221420Sdes	if (cp == NULL)
221420Sdes		return -1;
221420Sdes	for (i = 0; ipqos[i].name != NULL; i++) {
221420Sdes		if (strcasecmp(cp, ipqos[i].name) == 0)
221420Sdes			return ipqos[i].value;
221420Sdes	}
221420Sdes	/* Try parsing as an integer */
221420Sdes	val = strtol(cp, &ep, 0);
221420Sdes	if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255)
221420Sdes		return -1;
221420Sdes	return val;
215116Sdes}
221420Sdes
226046Sdesconst char *
226046Sdesiptos2str(int iptos)
226046Sdes{
226046Sdes	int i;
226046Sdes	static char iptos_str[sizeof "0xff"];
226046Sdes
226046Sdes	for (i = 0; ipqos[i].name != NULL; i++) {
226046Sdes		if (ipqos[i].value == iptos)
226046Sdes			return ipqos[i].name;
226046Sdes	}
226046Sdes	snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos);
226046Sdes	return iptos_str;
226046Sdes}
261320Sdes
204917Sdesvoid
261320Sdeslowercase(char *s)
261320Sdes{
261320Sdes	for (; *s; s++)
261320Sdes		*s = tolower((u_char)*s);
261320Sdes}
294328Sdes
294328Sdesint
294328Sdesunix_listener(const char *path, int backlog, int unlink_first)
294328Sdes{
294328Sdes	struct sockaddr_un sunaddr;
294328Sdes	int saved_errno, sock;
294328Sdes
294328Sdes	memset(&sunaddr, 0, sizeof(sunaddr));
294328Sdes	sunaddr.sun_family = AF_UNIX;
294328Sdes	if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) {
294328Sdes		error("%s: \"%s\" too long for Unix domain socket", __func__,
294328Sdes		    path);
294328Sdes		errno = ENAMETOOLONG;
294328Sdes		return -1;
294328Sdes	}
294328Sdes
294328Sdes	sock = socket(PF_UNIX, SOCK_STREAM, 0);
294328Sdes	if (sock < 0) {
294328Sdes		saved_errno = errno;
294328Sdes		error("socket: %.100s", strerror(errno));
294328Sdes		errno = saved_errno;
294328Sdes		return -1;
294328Sdes	}
294328Sdes	if (unlink_first == 1) {
294328Sdes		if (unlink(path) != 0 && errno != ENOENT)
294328Sdes			error("unlink(%s): %.100s", path, strerror(errno));
294328Sdes	}
294328Sdes	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
294328Sdes		saved_errno = errno;
294328Sdes		error("bind: %.100s", strerror(errno));
294328Sdes		close(sock);
294328Sdes		error("%s: cannot bind to path: %s", __func__, path);
294328Sdes		errno = saved_errno;
294328Sdes		return -1;
294328Sdes	}
294328Sdes	if (listen(sock, backlog) < 0) {
294328Sdes		saved_errno = errno;
294328Sdes		error("listen: %.100s", strerror(errno));
294328Sdes		close(sock);
294328Sdes		unlink(path);
294328Sdes		error("%s: cannot listen on path: %s", __func__, path);
294328Sdes		errno = saved_errno;
294328Sdes		return -1;
294328Sdes	}
294328Sdes	return sock;
294328Sdes}
294328Sdes
261320Sdesvoid
204917Sdessock_set_v6only(int s)
204917Sdes{
296633Sdes#if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
204917Sdes	int on = 1;
204917Sdes
204917Sdes	debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
204917Sdes	if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
204917Sdes		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
204917Sdes#endif
204917Sdes}
323129Sdes
323129Sdes/*
323129Sdes * Compares two strings that maybe be NULL. Returns non-zero if strings
323129Sdes * are both NULL or are identical, returns zero otherwise.
323129Sdes */
323129Sdesstatic int
323129Sdesstrcmp_maybe_null(const char *a, const char *b)
323129Sdes{
323129Sdes	if ((a == NULL && b != NULL) || (a != NULL && b == NULL))
323129Sdes		return 0;
323129Sdes	if (a != NULL && strcmp(a, b) != 0)
323129Sdes		return 0;
323129Sdes	return 1;
323129Sdes}
323129Sdes
323129Sdes/*
323129Sdes * Compare two forwards, returning non-zero if they are identical or
323129Sdes * zero otherwise.
323129Sdes */
323129Sdesint
323129Sdesforward_equals(const struct Forward *a, const struct Forward *b)
323129Sdes{
323129Sdes	if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0)
323129Sdes		return 0;
323129Sdes	if (a->listen_port != b->listen_port)
323129Sdes		return 0;
323129Sdes	if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0)
323129Sdes		return 0;
323129Sdes	if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0)
323129Sdes		return 0;
323129Sdes	if (a->connect_port != b->connect_port)
323129Sdes		return 0;
323129Sdes	if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0)
323129Sdes		return 0;
323129Sdes	/* allocated_port and handle are not checked */
323129Sdes	return 1;
323129Sdes}
323129Sdes
323134Sdesstatic int
323134Sdesipport_reserved(void)
323134Sdes{
323134Sdes#if __FreeBSD__
323134Sdes	int old, ret;
323134Sdes	size_t len = sizeof(old);
323134Sdes
323134Sdes	ret = sysctlbyname("net.inet.ip.portrange.reservedhigh",
323134Sdes	    &old, &len, NULL, 0);
323134Sdes	if (ret == 0)
323134Sdes		return (old + 1);
323134Sdes#endif
323134Sdes	return (IPPORT_RESERVED);
323134Sdes}
323134Sdes
323134Sdes/* returns 1 if bind to specified port by specified user is permitted */
323134Sdesint
323134Sdesbind_permitted(int port, uid_t uid)
323134Sdes{
323134Sdes
323134Sdes	if (port < ipport_reserved() && uid != 0)
323134Sdes		return 0;
323134Sdes	return 1;
323134Sdes}
323134Sdes
323134Sdes/* returns 1 if process is already daemonized, 0 otherwise */
323134Sdesint
323134Sdesdaemonized(void)
323134Sdes{
323134Sdes	int fd;
323134Sdes
323134Sdes	if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) {
323134Sdes		close(fd);
323134Sdes		return 0;	/* have controlling terminal */
323134Sdes	}
323134Sdes	if (getppid() != 1)
323134Sdes		return 0;	/* parent is not init */
323134Sdes	if (getsid(0) != getpid())
323134Sdes		return 0;	/* not session leader */
323134Sdes	debug3("already daemonized");
323134Sdes	return 1;
323134Sdes}