#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
+#include <errno.h>
#include <unistd.h>
#include <time.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <sys/stat.h>
#include <pwd.h>
#include "putty.h"
return filename_from_str(data);
}
+char filename_char_sanitise(char c)
+{
+ if (c == '/')
+ return '.';
+ return c;
+}
+
#ifdef DEBUG
static FILE *debug_fp = NULL;
-void dputs(char *buf)
+void dputs(const char *buf)
{
if (!debug_fp) {
debug_fp = fopen("debug.log", "w");
}
- write(1, buf, strlen(buf));
+ if (write(1, buf, strlen(buf)) < 0) {} /* 'error check' to placate gcc */
fputs(buf, debug_fp);
fflush(debug_fp);
"one. See the manual for more information.\n"
"(Note: these fingerprints have nothing to do with SSH!)\n"
"\n"
- "PuTTY Master Key (RSA), 1024-bit:\n"
+ "PuTTY Master Key as of 2015 (RSA, 4096-bit):\n"
+ " " PGP_MASTER_KEY_FP "\n\n"
+ "Original PuTTY Master Key (RSA, 1024-bit):\n"
" " PGP_RSA_MASTER_KEY_FP "\n"
- "PuTTY Master Key (DSA), 1024-bit:\n"
+ "Original PuTTY Master Key (DSA, 1024-bit):\n"
" " PGP_DSA_MASTER_KEY_FP "\n", stdout);
}
/*
- * Set FD_CLOEXEC on a file descriptor
+ * Set and clear fcntl options on a file descriptor. We don't
+ * realistically expect any of these operations to fail (the most
+ * plausible error condition is EBADF, but we always believe ourselves
+ * to be passing a valid fd so even that's an assertion-fail sort of
+ * response), so we don't make any effort to return sensible error
+ * codes to the caller - we just log to standard error and die
+ * unceremoniously. However, nonblock and no_nonblock do return the
+ * previous state of O_NONBLOCK.
*/
-int cloexec(int fd) {
+void cloexec(int fd) {
int fdflags;
fdflags = fcntl(fd, F_GETFD);
- if (fdflags == -1) return -1;
- return fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+}
+void noncloexec(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFD);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFD, fdflags & ~FD_CLOEXEC) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+}
+int nonblock(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFL);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFL, fdflags | O_NONBLOCK) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+
+ return fdflags & O_NONBLOCK;
+}
+int no_nonblock(int fd) {
+ int fdflags;
+
+ fdflags = fcntl(fd, F_GETFL);
+ if (fdflags < 0) {
+ fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+ if (fcntl(fd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) {
+ fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
+ exit(1);
+ }
+
+ return fdflags & O_NONBLOCK;
}
FILE *f_open(const Filename *filename, char const *mode, int is_private)
*used = end - data + 1;
return fontspec_new(data);
}
+
+char *make_dir_and_check_ours(const char *dirname)
+{
+ struct stat st;
+
+ /*
+ * Create the directory. We might have created it before, so
+ * EEXIST is an OK error; but anything else is doom.
+ */
+ if (mkdir(dirname, 0700) < 0 && errno != EEXIST)
+ return dupprintf("%s: mkdir: %s", dirname, strerror(errno));
+
+ /*
+ * Now check that that directory is _owned by us_ and not writable
+ * by anybody else. This protects us against somebody else
+ * previously having created the directory in a way that's
+ * writable to us, and thus manipulating us into creating the
+ * actual socket in a directory they can see so that they can
+ * connect to it and use our authenticated SSH sessions.
+ */
+ if (stat(dirname, &st) < 0)
+ return dupprintf("%s: stat: %s", dirname, strerror(errno));
+ if (st.st_uid != getuid())
+ return dupprintf("%s: directory owned by uid %d, not by us",
+ dirname, st.st_uid);
+ if ((st.st_mode & 077) != 0)
+ return dupprintf("%s: directory has overgenerous permissions %03o"
+ " (expected 700)", dirname, st.st_mode & 0777);
+
+ return NULL;
+}