2002-10-07 16:45:23 +00:00
|
|
|
/*
|
|
|
|
|
* PuTTY miscellaneous Unix stuff
|
|
|
|
|
*/
|
|
|
|
|
|
2006-12-09 15:44:31 +00:00
|
|
|
#include <fcntl.h>
|
2002-10-07 16:45:23 +00:00
|
|
|
#include <stdio.h>
|
2005-03-28 17:48:24 +00:00
|
|
|
#include <stdlib.h>
|
2007-01-09 18:14:30 +00:00
|
|
|
#include <assert.h>
|
2013-07-19 18:10:02 +00:00
|
|
|
#include <errno.h>
|
2003-03-06 13:24:02 +00:00
|
|
|
#include <unistd.h>
|
2012-05-13 15:59:27 +00:00
|
|
|
#include <time.h>
|
2002-10-07 16:45:23 +00:00
|
|
|
#include <sys/time.h>
|
2003-08-25 13:53:41 +00:00
|
|
|
#include <sys/types.h>
|
2015-05-05 19:16:22 +00:00
|
|
|
#include <sys/stat.h>
|
2003-08-25 13:53:41 +00:00
|
|
|
#include <pwd.h>
|
2002-10-07 16:45:23 +00:00
|
|
|
|
2003-02-01 12:54:40 +00:00
|
|
|
#include "putty.h"
|
|
|
|
|
|
2002-10-07 16:45:23 +00:00
|
|
|
unsigned long getticks(void)
|
|
|
|
|
{
|
2005-03-19 19:23:49 +00:00
|
|
|
/*
|
2012-05-13 15:59:27 +00:00
|
|
|
* We want to use milliseconds rather than the microseconds or
|
|
|
|
|
* nanoseconds given by the underlying clock functions, because we
|
|
|
|
|
* need a decent number of them to fit into a 32-bit word so it
|
|
|
|
|
* can be used for keepalives.
|
2005-03-19 19:23:49 +00:00
|
|
|
*/
|
2012-05-13 15:59:27 +00:00
|
|
|
#if defined HAVE_CLOCK_GETTIME && defined HAVE_DECL_CLOCK_MONOTONIC
|
|
|
|
|
{
|
|
|
|
|
/* Use CLOCK_MONOTONIC if available, so as to be unconfused if
|
|
|
|
|
* the system clock changes. */
|
|
|
|
|
struct timespec ts;
|
|
|
|
|
if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
|
|
|
|
|
return ts.tv_sec * TICKSPERSEC +
|
2012-05-15 22:19:21 +00:00
|
|
|
ts.tv_nsec / (1000000000 / TICKSPERSEC);
|
2012-05-13 15:59:27 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
gettimeofday(&tv, NULL);
|
|
|
|
|
return tv.tv_sec * TICKSPERSEC + tv.tv_usec / (1000000 / TICKSPERSEC);
|
|
|
|
|
}
|
2002-10-07 16:45:23 +00:00
|
|
|
}
|
2003-02-01 12:54:40 +00:00
|
|
|
|
2011-10-02 11:01:57 +00:00
|
|
|
Filename *filename_from_str(const char *str)
|
2003-02-01 12:54:40 +00:00
|
|
|
{
|
2011-10-02 11:01:57 +00:00
|
|
|
Filename *ret = snew(Filename);
|
|
|
|
|
ret->path = dupstr(str);
|
2003-02-01 12:54:40 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-02 11:01:57 +00:00
|
|
|
Filename *filename_copy(const Filename *fn)
|
|
|
|
|
{
|
|
|
|
|
return filename_from_str(fn->path);
|
|
|
|
|
}
|
|
|
|
|
|
2003-02-01 17:24:27 +00:00
|
|
|
const char *filename_to_str(const Filename *fn)
|
2003-02-01 12:54:40 +00:00
|
|
|
{
|
2003-02-01 17:24:27 +00:00
|
|
|
return fn->path;
|
2003-02-01 12:54:40 +00:00
|
|
|
}
|
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool filename_equal(const Filename *f1, const Filename *f2)
|
2011-10-02 11:01:57 +00:00
|
|
|
{
|
|
|
|
|
return !strcmp(f1->path, f2->path);
|
|
|
|
|
}
|
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool filename_is_null(const Filename *fn)
|
2011-10-02 11:01:57 +00:00
|
|
|
{
|
|
|
|
|
return !fn->path[0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void filename_free(Filename *fn)
|
2003-02-01 12:54:40 +00:00
|
|
|
{
|
2011-10-02 11:01:57 +00:00
|
|
|
sfree(fn->path);
|
|
|
|
|
sfree(fn);
|
2003-02-01 12:54:40 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-24 09:48:20 +00:00
|
|
|
void filename_serialise(BinarySink *bs, const Filename *f)
|
2011-10-02 11:01:57 +00:00
|
|
|
{
|
2018-05-24 09:48:20 +00:00
|
|
|
put_asciz(bs, f->path);
|
2011-10-02 11:01:57 +00:00
|
|
|
}
|
2018-05-28 14:36:15 +00:00
|
|
|
Filename *filename_deserialise(BinarySource *src)
|
2003-02-01 12:54:40 +00:00
|
|
|
{
|
2018-05-28 14:36:15 +00:00
|
|
|
return filename_from_str(get_asciz(src));
|
2003-02-01 12:54:40 +00:00
|
|
|
}
|
2003-03-06 13:24:02 +00:00
|
|
|
|
2015-09-25 08:23:26 +00:00
|
|
|
char filename_char_sanitise(char c)
|
|
|
|
|
{
|
|
|
|
|
if (c == '/')
|
|
|
|
|
return '.';
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
2003-03-06 13:24:02 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
|
static FILE *debug_fp = NULL;
|
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
void dputs(const char *buf)
|
2003-03-06 13:24:02 +00:00
|
|
|
{
|
|
|
|
|
if (!debug_fp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
debug_fp = fopen("debug.log", "w");
|
2003-03-06 13:24:02 +00:00
|
|
|
}
|
|
|
|
|
|
2015-05-18 20:17:21 +00:00
|
|
|
if (write(1, buf, strlen(buf)) < 0) {} /* 'error check' to placate gcc */
|
2003-03-06 13:24:02 +00:00
|
|
|
|
|
|
|
|
fputs(buf, debug_fp);
|
|
|
|
|
fflush(debug_fp);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2003-08-25 13:53:41 +00:00
|
|
|
|
|
|
|
|
char *get_username(void)
|
|
|
|
|
{
|
|
|
|
|
struct passwd *p;
|
|
|
|
|
uid_t uid = getuid();
|
|
|
|
|
char *user, *ret = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* First, find who we think we are using getlogin. If this
|
|
|
|
|
* agrees with our uid, we'll go along with it. This should
|
|
|
|
|
* allow sharing of uids between several login names whilst
|
|
|
|
|
* coping correctly with people who have su'ed.
|
|
|
|
|
*/
|
|
|
|
|
user = getlogin();
|
2019-03-26 19:03:15 +00:00
|
|
|
#if HAVE_SETPWENT
|
2003-08-25 13:53:41 +00:00
|
|
|
setpwent();
|
2019-03-26 19:03:15 +00:00
|
|
|
#endif
|
2003-08-25 13:53:41 +00:00
|
|
|
if (user)
|
2019-09-08 19:29:00 +00:00
|
|
|
p = getpwnam(user);
|
2003-08-25 13:53:41 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
p = NULL;
|
2003-08-25 13:53:41 +00:00
|
|
|
if (p && p->pw_uid == uid) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/*
|
|
|
|
|
* The result of getlogin() really does correspond to
|
|
|
|
|
* our uid. Fine.
|
|
|
|
|
*/
|
|
|
|
|
ret = user;
|
2003-08-25 13:53:41 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
/*
|
|
|
|
|
* If that didn't work, for whatever reason, we'll do
|
|
|
|
|
* the simpler version: look up our uid in the password
|
|
|
|
|
* file and map it straight to a name.
|
|
|
|
|
*/
|
|
|
|
|
p = getpwuid(uid);
|
|
|
|
|
if (!p)
|
|
|
|
|
return NULL;
|
|
|
|
|
ret = p->pw_name;
|
2003-08-25 13:53:41 +00:00
|
|
|
}
|
2019-03-26 19:03:15 +00:00
|
|
|
#if HAVE_ENDPWENT
|
2003-08-25 13:53:41 +00:00
|
|
|
endpwent();
|
2019-03-26 19:03:15 +00:00
|
|
|
#endif
|
2003-08-25 13:53:41 +00:00
|
|
|
|
|
|
|
|
return dupstr(ret);
|
|
|
|
|
}
|
2005-03-19 02:26:58 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Display the fingerprints of the PGP Master Keys to the user.
|
|
|
|
|
* (This is here rather than in uxcons because it's appropriate even for
|
|
|
|
|
* Unix GUI apps.)
|
|
|
|
|
*/
|
|
|
|
|
void pgp_fingerprints(void)
|
|
|
|
|
{
|
|
|
|
|
fputs("These are the fingerprints of the PuTTY PGP Master Keys. They can\n"
|
2019-09-08 19:29:00 +00:00
|
|
|
"be used to establish a trust path from this executable to another\n"
|
|
|
|
|
"one. See the manual for more information.\n"
|
|
|
|
|
"(Note: these fingerprints have nothing to do with SSH!)\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"PuTTY Master Key as of " PGP_MASTER_KEY_YEAR
|
2018-08-25 13:36:25 +00:00
|
|
|
" (" PGP_MASTER_KEY_DETAILS "):\n"
|
2019-09-08 19:29:00 +00:00
|
|
|
" " PGP_MASTER_KEY_FP "\n\n"
|
|
|
|
|
"Previous Master Key (" PGP_PREV_MASTER_KEY_YEAR
|
2018-08-25 13:36:25 +00:00
|
|
|
", " PGP_PREV_MASTER_KEY_DETAILS "):\n"
|
2019-09-08 19:29:00 +00:00
|
|
|
" " PGP_PREV_MASTER_KEY_FP "\n", stdout);
|
2005-03-19 02:26:58 +00:00
|
|
|
}
|
2006-12-09 15:44:31 +00:00
|
|
|
|
|
|
|
|
/*
|
2013-07-19 18:10:02 +00:00
|
|
|
* Set and clear fcntl options on a file descriptor. We don't
|
|
|
|
|
* realistically expect any of these operations to fail (the most
|
|
|
|
|
* plausible error condition is EBADF, but we always believe ourselves
|
|
|
|
|
* to be passing a valid fd so even that's an assertion-fail sort of
|
|
|
|
|
* response), so we don't make any effort to return sensible error
|
|
|
|
|
* codes to the caller - we just log to standard error and die
|
|
|
|
|
* unceremoniously. However, nonblock and no_nonblock do return the
|
|
|
|
|
* previous state of O_NONBLOCK.
|
2006-12-09 15:44:31 +00:00
|
|
|
*/
|
2013-07-19 18:10:02 +00:00
|
|
|
void cloexec(int fd) {
|
2006-12-09 15:44:31 +00:00
|
|
|
int fdflags;
|
|
|
|
|
|
|
|
|
|
fdflags = fcntl(fd, F_GETFD);
|
2013-07-19 18:10:02 +00:00
|
|
|
if (fdflags < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC) < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
void noncloexec(int fd) {
|
|
|
|
|
int fdflags;
|
|
|
|
|
|
|
|
|
|
fdflags = fcntl(fd, F_GETFD);
|
|
|
|
|
if (fdflags < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_GETFD): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (fcntl(fd, F_SETFD, fdflags & ~FD_CLOEXEC) < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_SETFD): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool nonblock(int fd) {
|
2013-07-19 18:10:02 +00:00
|
|
|
int fdflags;
|
|
|
|
|
|
|
|
|
|
fdflags = fcntl(fd, F_GETFL);
|
|
|
|
|
if (fdflags < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (fcntl(fd, F_SETFL, fdflags | O_NONBLOCK) < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fdflags & O_NONBLOCK;
|
|
|
|
|
}
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool no_nonblock(int fd) {
|
2013-07-19 18:10:02 +00:00
|
|
|
int fdflags;
|
|
|
|
|
|
|
|
|
|
fdflags = fcntl(fd, F_GETFL);
|
|
|
|
|
if (fdflags < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_GETFL): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (fcntl(fd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) {
|
|
|
|
|
fprintf(stderr, "%d: fcntl(F_SETFL): %s\n", fd, strerror(errno));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fdflags & O_NONBLOCK;
|
2006-12-09 15:44:31 +00:00
|
|
|
}
|
2007-01-09 18:14:30 +00:00
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
FILE *f_open(const Filename *filename, char const *mode, bool is_private)
|
2007-01-09 18:14:30 +00:00
|
|
|
{
|
|
|
|
|
if (!is_private) {
|
2019-09-08 19:29:00 +00:00
|
|
|
return fopen(filename->path, mode);
|
2007-01-09 18:14:30 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
int fd;
|
|
|
|
|
assert(mode[0] == 'w'); /* is_private is meaningless for read,
|
|
|
|
|
and tricky for append */
|
|
|
|
|
fd = open(filename->path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return NULL;
|
|
|
|
|
return fdopen(fd, mode);
|
2007-01-09 18:14:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
2011-10-01 17:38:59 +00:00
|
|
|
|
|
|
|
|
FontSpec *fontspec_new(const char *name)
|
|
|
|
|
{
|
|
|
|
|
FontSpec *f = snew(FontSpec);
|
|
|
|
|
f->name = dupstr(name);
|
|
|
|
|
return f;
|
|
|
|
|
}
|
|
|
|
|
FontSpec *fontspec_copy(const FontSpec *f)
|
|
|
|
|
{
|
|
|
|
|
return fontspec_new(f->name);
|
|
|
|
|
}
|
|
|
|
|
void fontspec_free(FontSpec *f)
|
|
|
|
|
{
|
|
|
|
|
sfree(f->name);
|
|
|
|
|
sfree(f);
|
|
|
|
|
}
|
2018-05-24 09:48:20 +00:00
|
|
|
void fontspec_serialise(BinarySink *bs, FontSpec *f)
|
2011-10-01 17:38:59 +00:00
|
|
|
{
|
2018-05-24 09:48:20 +00:00
|
|
|
put_asciz(bs, f->name);
|
2011-10-01 17:38:59 +00:00
|
|
|
}
|
2018-05-28 14:36:15 +00:00
|
|
|
FontSpec *fontspec_deserialise(BinarySource *src)
|
2011-10-01 17:38:59 +00:00
|
|
|
{
|
2018-05-28 14:36:15 +00:00
|
|
|
return fontspec_new(get_asciz(src));
|
2011-10-01 17:38:59 +00:00
|
|
|
}
|
2015-05-05 19:16:22 +00:00
|
|
|
|
|
|
|
|
char *make_dir_and_check_ours(const char *dirname)
|
|
|
|
|
{
|
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create the directory. We might have created it before, so
|
|
|
|
|
* EEXIST is an OK error; but anything else is doom.
|
|
|
|
|
*/
|
|
|
|
|
if (mkdir(dirname, 0700) < 0 && errno != EEXIST)
|
|
|
|
|
return dupprintf("%s: mkdir: %s", dirname, strerror(errno));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now check that that directory is _owned by us_ and not writable
|
|
|
|
|
* by anybody else. This protects us against somebody else
|
|
|
|
|
* previously having created the directory in a way that's
|
|
|
|
|
* writable to us, and thus manipulating us into creating the
|
|
|
|
|
* actual socket in a directory they can see so that they can
|
|
|
|
|
* connect to it and use our authenticated SSH sessions.
|
|
|
|
|
*/
|
|
|
|
|
if (stat(dirname, &st) < 0)
|
|
|
|
|
return dupprintf("%s: stat: %s", dirname, strerror(errno));
|
|
|
|
|
if (st.st_uid != getuid())
|
|
|
|
|
return dupprintf("%s: directory owned by uid %d, not by us",
|
|
|
|
|
dirname, st.st_uid);
|
|
|
|
|
if ((st.st_mode & 077) != 0)
|
|
|
|
|
return dupprintf("%s: directory has overgenerous permissions %03o"
|
|
|
|
|
" (expected 700)", dirname, st.st_mode & 0777);
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2016-08-07 20:02:55 +00:00
|
|
|
|
|
|
|
|
char *make_dir_path(const char *path, mode_t mode)
|
|
|
|
|
{
|
|
|
|
|
int pos = 0;
|
|
|
|
|
char *prefix;
|
|
|
|
|
|
|
|
|
|
while (1) {
|
|
|
|
|
pos += strcspn(path + pos, "/");
|
|
|
|
|
|
|
|
|
|
if (pos > 0) {
|
|
|
|
|
prefix = dupprintf("%.*s", pos, path);
|
|
|
|
|
|
|
|
|
|
if (mkdir(prefix, mode) < 0 && errno != EEXIST) {
|
|
|
|
|
char *ret = dupprintf("%s: mkdir: %s",
|
|
|
|
|
prefix, strerror(errno));
|
|
|
|
|
sfree(prefix);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2016-08-10 18:34:46 +00:00
|
|
|
|
|
|
|
|
sfree(prefix);
|
2016-08-07 20:02:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!path[pos])
|
|
|
|
|
return NULL;
|
|
|
|
|
pos += strspn(path + pos, "/");
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-02-07 07:22:18 +00:00
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool open_for_write_would_lose_data(const Filename *fn)
|
2018-02-07 07:22:18 +00:00
|
|
|
{
|
2018-02-07 07:27:57 +00:00
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
if (stat(fn->path, &st) < 0) {
|
|
|
|
|
/*
|
|
|
|
|
* If the file doesn't even exist, we obviously want to return
|
|
|
|
|
* false. If we failed to stat it for any other reason,
|
|
|
|
|
* ignoring the precise error code and returning false still
|
|
|
|
|
* doesn't seem too unreasonable, because then we'll try to
|
|
|
|
|
* open the file for writing and report _that_ error, which is
|
|
|
|
|
* likely to be more to the point.
|
|
|
|
|
*/
|
2018-10-29 19:50:29 +00:00
|
|
|
return false;
|
2018-02-07 07:22:18 +00:00
|
|
|
}
|
2018-02-07 07:27:57 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* OK, something exists at this pathname and we've found out
|
|
|
|
|
* something about it. But an open-for-write will only
|
|
|
|
|
* destructively truncate it if it's a regular file with nonzero
|
|
|
|
|
* size. If it's empty, or some other kind of special thing like a
|
|
|
|
|
* character device (e.g. /dev/tty) or a named pipe, then opening
|
|
|
|
|
* it for write is already non-destructive and it's pointless and
|
|
|
|
|
* annoying to warn about it just because the same file can be
|
|
|
|
|
* opened for reading. (Indeed, if it's a named pipe, opening it
|
|
|
|
|
* for reading actually _causes inconvenience_ in its own right,
|
|
|
|
|
* even before the question of whether it gives misleading
|
|
|
|
|
* information.)
|
|
|
|
|
*/
|
|
|
|
|
if (S_ISREG(st.st_mode) && st.st_size > 0) {
|
2018-10-29 19:50:29 +00:00
|
|
|
return true;
|
2018-02-07 07:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-29 19:50:29 +00:00
|
|
|
return false;
|
2018-02-07 07:22:18 +00:00
|
|
|
}
|