+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+}
+void noncloexec(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFD);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFD, fdflags & ~FD_CLOEXEC) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+}
+int nonblock(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFL);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFL, fdflags | O_NONBLOCK) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+
+ return fdflags & O_NONBLOCK;
+}
+int no_nonblock(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFL);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+
+ return fdflags & O_NONBLOCK;
+}
+
+FILE *f_open(const Filename *filename, char const *mode, int is_private)
+{
+ if (!is_private) {
+ return fopen(filename->path, mode);
+ } else {
+ int fd;
+ assert(mode[0] == 'w'); /* is_private is meaningless for read,
+ and tricky for append */
+ fd = open(filename->path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ if (fd < 0)
+ return NULL;
+ return fdopen(fd, mode);
+ }
+}
+
+FontSpec *fontspec_new(const char *name)
+{
+ FontSpec *f = snew(FontSpec);
+ f->name = dupstr(name);
+ return f;
+}
+FontSpec *fontspec_copy(const FontSpec *f)
+{
+ return fontspec_new(f->name);
+}
+void fontspec_free(FontSpec *f)
+{
+ sfree(f->name);
+ sfree(f);
+}
+int fontspec_serialise(FontSpec *f, void *data)
+{
+ int len = strlen(f->name);
+ if (data)
+ strcpy(data, f->name);
+ return len + 1; /* include trailing NUL */
+}
+FontSpec *fontspec_deserialise(void *vdata, int maxsize, int *used)
+{
+ char *data = (char *)vdata;
+ char *end = memchr(data, '\0', maxsize);
+ if (!end)
+ return NULL;
+ *used = end - data + 1;
+ return fontspec_new(data);
+}
+
+char *make_dir_and_check_ours(const char *dirname)
+{
+ struct stat st;
+
+ /*
+ * Create the directory. We might have created it before, so
+ * EEXIST is an OK error; but anything else is doom.
+ */
+ if (mkdir(dirname, 0700) < 0 && errno != EEXIST)
+ return dupprintf("%s: mkdir: %s", dirname, strerror(errno));
+
+ /*
+ * Now check that that directory is _owned by us_ and not writable
+ * by anybody else. This protects us against somebody else
+ * previously having created the directory in a way that's
+ * writable to us, and thus manipulating us into creating the
+ * actual socket in a directory they can see so that they can
+ * connect to it and use our authenticated SSH sessions.
+ */
+ if (stat(dirname, &st) < 0)
+ return dupprintf("%s: stat: %s", dirname, strerror(errno));
+ if (st.st_uid != getuid())
+ return dupprintf("%s: directory owned by uid %d, not by us",
+ dirname, st.st_uid);
+ if ((st.st_mode & 077) != 0)
+ return dupprintf("%s: directory has overgenerous permissions %03o"
+ " (expected 700)", dirname, st.st_mode & 0777);
+
+ return NULL;
+}
+
+char *make_dir_path(const char *path, mode_t mode)
+{
+ int pos = 0;
+ char *prefix;
+
+ while (1) {
+ pos += strcspn(path + pos, "/");
+
+ if (pos > 0) {
+ prefix = dupprintf("%.*s", pos, path);
+
+ if (mkdir(prefix, mode) < 0 && errno != EEXIST) {
+ char *ret = dupprintf("%s: mkdir: %s",
+ prefix, strerror(errno));
+ sfree(prefix);
+ return ret;
+ }
+
+ sfree(prefix);
+ }
+
+ if (!path[pos])
+ return NULL;
+ pos += strspn(path + pos, "/");
+ }