| blob | ff9d877cd65b397c076fbb775596f4c103cd1d8b |
1 /* Copyright (c) 2003-2004, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file compat.c
8 * \brief Wrappers to make calls more portable. This code defines
9 * functions such as tor_malloc, tor_snprintf, get/set various data types,
10 * renaming, setting socket options, switching user IDs. It is basically
11 * where the non-portable items are conditionally included depending on
12 * the platform.
13 **/
15 /* This is required on rh7 to make strptime not complain.
16 * We also need it to make memmem get defined (where available)
17 */
18 /* XXXX023 We should just use AC_USE_SYSTEM_EXTENSIONS in our autoconf,
19 * and get this (and other important stuff!) automatically */
20 #define _GNU_SOURCE
24 #ifdef MS_WINDOWS
25 #include <process.h>
26 #include <windows.h>
27 #include <sys/locking.h>
28 #endif
30 #ifdef HAVE_UNAME
31 #include <sys/utsname.h>
32 #endif
33 #ifdef HAVE_UNISTD_H
34 #include <unistd.h>
35 #endif
36 #ifdef HAVE_SYS_FCNTL_H
37 #include <sys/fcntl.h>
38 #endif
39 #ifdef HAVE_PWD_H
40 #include <pwd.h>
41 #endif
42 #ifdef HAVE_GRP_H
43 #include <grp.h>
44 #endif
45 #ifdef HAVE_FCNTL_H
46 #include <fcntl.h>
47 #endif
48 #ifdef HAVE_ERRNO_H
49 #include <errno.h>
50 #endif
51 #ifdef HAVE_ARPA_INET_H
52 #include <arpa/inet.h>
53 #endif
55 #ifndef HAVE_GETTIMEOFDAY
56 #ifdef HAVE_FTIME
57 #include <sys/timeb.h>
58 #endif
59 #endif
61 /* Includes for the process attaching prevention */
62 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
63 #include <sys/prctl.h>
64 #elif defined(__APPLE__)
65 #include <sys/types.h>
66 #include <sys/ptrace.h>
67 #endif
69 #ifdef HAVE_NETDB_H
70 #include <netdb.h>
71 #endif
72 #ifdef HAVE_SYS_PARAM_H
74 #endif
75 #include <stdio.h>
76 #include <stdlib.h>
77 #include <assert.h>
78 #ifdef HAVE_SIGNAL_H
79 #include <signal.h>
80 #endif
81 #ifdef HAVE_UTIME_H
82 #include <utime.h>
83 #endif
84 #ifdef HAVE_SYS_UTIME_H
85 #include <sys/utime.h>
86 #endif
87 #ifdef HAVE_SYS_MMAN_H
88 #include <sys/mman.h>
89 #endif
90 #ifdef HAVE_SYS_SYSLIMITS_H
91 #include <sys/syslimits.h>
92 #endif
93 #ifdef HAVE_SYS_FILE_H
94 #include <sys/file.h>
95 #endif
96 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
97 /* Only use the linux prctl; the IRIX prctl is totally different */
98 #include <sys/prctl.h>
99 #endif
106 /* Inline the strl functions if the platform doesn't have them. */
107 #ifndef HAVE_STRLCPY
109 #endif
110 #ifndef HAVE_STRLCAT
112 #endif
114 /** As open(path, flags, mode), but return an fd with the close-on-exec mode
115 * set. */
116 int
118 {
119 #ifdef O_CLOEXEC
121 #else
123 #ifdef FD_CLOEXEC
126 #endif
128 #endif
129 }
131 /** DOCDOC */
134 {
136 #ifdef FD_CLOEXEC
139 #endif
141 }
143 #ifdef HAVE_SYS_MMAN_H
144 /** Try to create a memory mapping for <b>filename</b> and return it. On
145 * failure, return NULL. Sets errno properly, using ERANGE to mean
146 * "empty file". */
147 tor_mmap_t *
149 {
166 }
168 /* XXXX why not just do fstat here? */
171 /* ensure page alignment */
176 /* Zero-length file. If we call mmap on it, it will succeed but
177 * return NULL, and bad things will happen. So just fail. */
182 }
192 }
200 }
201 /** Release storage held for a memory mapping. */
202 void
204 {
207 }
208 #elif defined(MS_WINDOWS)
209 tor_mmap_t *
211 {
217 #ifdef UNICODE
219 #else
221 #endif
224 NULL,
225 OPEN_EXISTING,
226 FILE_ATTRIBUTE_NORMAL,
238 }
241 NULL,
242 PAGE_READONLY,
243 #if SIZEOF_SIZE_T > 4
245 #else
247 #endif
249 NULL);
253 FILE_MAP_READ,
259 win_err: {
268 else
270 }
271 err:
276 }
277 void
279 {
281 /* This is an ugly cast, but without it, "data" in struct tor_mmap_t would
282 have to be redefined as non-const. */
290 }
291 #else
292 tor_mmap_t *
294 {
304 }
305 void
307 {
312 }
313 #endif
315 /** Replacement for snprintf. Differs from platform snprintf in two
316 * ways: First, always NUL-terminates its output. Second, always
317 * returns -1 if the result is truncated. (Note that this return
318 * behavior does <i>not</i> conform to C99; it just happens to be
319 * easier to emulate "return -1" with conformant implementations than
320 * it is to emulate "return number that would be written" with
321 * non-conformant implementations.) */
322 int
324 {
331 }
333 /** Replacement for vsnprintf; behavior differs as tor_snprintf differs from
334 * snprintf.
335 */
336 int
338 {
344 #ifdef MS_WINDOWS
346 #else
348 #endif
353 }
355 /**
356 * Portable asprintf implementation. Does a printf() into a newly malloc'd
357 * string. Sets *<b>strp</b> to this string, and returns its length (not
358 * including the terminating NUL character).
359 *
360 * You can treat this function as if its implementation were something like
361 <pre>
362 char buf[_INFINITY_];
363 tor_snprintf(buf, sizeof(buf), fmt, args);
364 *strp = tor_strdup(buf);
365 return strlen(*strp):
366 </pre>
367 * Where _INFINITY_ is an imaginary constant so big that any string can fit
368 * into it.
369 */
370 int
372 {
381 }
383 }
385 /**
386 * Portable vasprintf implementation. Does a printf() into a newly malloc'd
387 * string. Differs from regular vasprintf in the same ways that
388 * tor_asprintf() differs from regular asprintf.
389 */
390 int
392 {
393 /* use a temporary variable in case *strp is in args. */
395 #ifdef HAVE_VASPRINTF
396 /* If the platform gives us one, use it. */
400 else
403 #elif defined(_MSC_VER)
404 /* On Windows, _vsnprintf won't tell us the length of the string if it
405 * overflows, so we need to use _vcsprintf to tell how much to allocate */
412 }
419 }
422 #else
423 /* Everywhere else, we have a decent vsnprintf that tells us how many
424 * characters we need. We give it a try on a short buffer first, since
425 * it might be nice to avoid the second vsnprintf call.
426 */
436 }
443 }
446 #endif
447 }
449 /** Given <b>hlen</b> bytes at <b>haystack</b> and <b>nlen</b> bytes at
450 * <b>needle</b>, return a pointer to the first occurrence of the needle
451 * within the haystack, or NULL if there is no such occurrence.
452 *
453 * This function is <em>not</em> timing-safe.
454 *
455 * Requires that <b>nlen</b> be greater than zero.
456 */
460 {
461 #if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2)
464 #else
465 /* This isn't as fast as the GLIBC implementation, but it doesn't need to
466 * be. */
482 }
484 #endif
485 }
487 /* Tables to implement ctypes-replacement TOR_IS*() functions. Each table
488 * has 256 bits to look up whether a character is in some set or not. This
489 * fails on non-ASCII platforms, but it is hard to find a platform whose
490 * character set is not a superset of ASCII nowadays. */
503 /* Upper-casing and lowercasing tables to map characters to upper/lowercase
504 * equivalents. */
522 };
540 };
542 /** Implementation of strtok_r for platforms whose coders haven't figured out
543 * how to write one. Hey guys! You can use this code here for free! */
546 {
552 else
562 }
569 }
571 }
573 #ifdef MS_WINDOWS
574 /** Take a filename and return a pointer to its final element. This
575 * function is called on __FILE__ to fix a MSVC nit where __FILE__
576 * contains the full path to the file. This is bad, because it
577 * confuses users to find the home directory of the person who
578 * compiled the binary in their warning messages.
579 */
582 {
594 }
596 }
597 #endif
599 /**
600 * Read a 16-bit value beginning at <b>cp</b>. Equivalent to
601 * *(uint16_t*)(cp), but will not cause segfaults on platforms that forbid
602 * unaligned memory access.
603 */
604 uint16_t
606 {
610 }
611 /**
612 * Read a 32-bit value beginning at <b>cp</b>. Equivalent to
613 * *(uint32_t*)(cp), but will not cause segfaults on platforms that forbid
614 * unaligned memory access.
615 */
616 uint32_t
618 {
622 }
623 /**
624 * Read a 64-bit value beginning at <b>cp</b>. Equivalent to
625 * *(uint64_t*)(cp), but will not cause segfaults on platforms that forbid
626 * unaligned memory access.
627 */
628 uint64_t
630 {
634 }
636 /**
637 * Set a 16-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
638 * *(uint16_t*)(cp) = v, but will not cause segfaults on platforms that forbid
639 * unaligned memory access. */
640 void
642 {
644 }
645 /**
646 * Set a 32-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
647 * *(uint32_t*)(cp) = v, but will not cause segfaults on platforms that forbid
648 * unaligned memory access. */
649 void
651 {
653 }
654 /**
655 * Set a 64-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
656 * *(uint64_t*)(cp) = v, but will not cause segfaults on platforms that forbid
657 * unaligned memory access. */
658 void
660 {
662 }
664 /**
665 * Rename the file <b>from</b> to the file <b>to</b>. On Unix, this is
666 * the same as rename(2). On windows, this removes <b>to</b> first if
667 * it already exists.
668 * Returns 0 on success. Returns -1 and sets errno on failure.
669 */
670 int
672 {
673 #ifndef MS_WINDOWS
675 #else
677 {
688 }
690 #endif
691 }
693 /** Change <b>fname</b>'s modification time to now. */
694 int
696 {
700 }
702 /** Represents a lockfile on which we hold the lock. */
704 /** Name of the file */
706 /** File descriptor used to hold the file open */
708 };
710 /** Try to get a lock on the lockfile <b>filename</b>, creating it as
711 * necessary. If someone else has the lock and <b>blocking</b> is true,
712 * wait until the lock is available. Otherwise return immediately whether
713 * we succeeded or not.
714 *
715 * Set *<b>locked_out</b> to true if somebody else had the lock, and to false
716 * otherwise.
717 *
718 * Return a <b>tor_lockfile_t</b> on success, NULL on failure.
719 *
720 * (Implementation note: because we need to fall back to fcntl on some
721 * platforms, these locks are per-process, not per-thread. If you want
722 * to do in-process locking, use tor_mutex_t like a normal person.
723 * On Windows, when <b>blocking</b> is true, the maximum time that
724 * is actually waited is 10 seconds, after which NULL is returned
725 * and <b>locked_out</b> is set to 1.)
726 */
727 tor_lockfile_t *
729 {
740 }
742 #ifdef WIN32
747 else
751 }
752 #elif defined(HAVE_FLOCK)
756 else
760 }
761 #else
762 {
770 else
774 }
775 }
776 #endif
782 }
784 /** Release the lock held as <b>lockfile</b>. */
785 void
787 {
791 #ifdef WIN32
796 }
797 #elif defined(HAVE_FLOCK)
801 }
802 #else
803 /* Closing the lockfile is sufficient. */
804 #endif
810 }
812 /** @{ */
813 /** Some old versions of Unix didn't define constants for these values,
814 * and instead expect you to say 0, 1, or 2. */
815 #ifndef SEEK_CUR
816 #define SEEK_CUR 1
817 #endif
818 #ifndef SEEK_END
819 #define SEEK_END 2
820 #endif
821 /** @} */
823 /** Return the position of <b>fd</b> with respect to the start of the file. */
824 off_t
826 {
827 #ifdef WIN32
829 #else
831 #endif
832 }
834 /** Move <b>fd</b> to the end of the file. Return -1 on error, 0 on success. */
835 int
837 {
838 #ifdef WIN32
840 #else
842 #endif
843 }
845 #undef DEBUG_SOCKET_COUNTING
846 #ifdef DEBUG_SOCKET_COUNTING
847 /** A bitarray of all fds that should be passed to tor_socket_close(). Only
848 * used if DEBUG_SOCKET_COUNTING is defined. */
850 /** The size of <b>open_sockets</b>, in bits. */
852 #endif
854 /** Count of number of sockets currently open. (Undercounts sockets opened by
855 * eventdns and libevent.) */
858 /** Mutex to protect open_sockets, max_socket, and n_sockets_open. */
861 /** Helper: acquire the socket accounting lock. */
864 {
868 }
870 /** Helper: release the socket accounting lock. */
873 {
875 }
877 /** As close(), but guaranteed to work for sockets across platforms (including
878 * Windows, where close()ing a socket doesn't work. Returns 0 on success, -1
879 * on failure. */
880 int
882 {
885 /* On Windows, you have to call close() on fds returned by open(),
886 * and closesocket() on fds returned by socket(). On Unix, everything
887 * gets close()'d. We abstract this difference by always using
888 * tor_close_socket to close sockets, and always using close() on
889 * files.
890 */
891 #if defined(MS_WINDOWS)
893 #else
895 #endif
898 #ifdef DEBUG_SOCKET_COUNTING
905 }
906 #endif
912 #ifdef WIN32
915 #else
918 #endif
920 }
927 }
929 /** @{ */
930 #ifdef DEBUG_SOCKET_COUNTING
931 /** Helper: if DEBUG_SOCKET_COUNTING is enabled, remember that <b>s</b> is
932 * now an open socket. */
935 {
936 /* XXXX This bitarray business will NOT work on windows: sockets aren't
937 small ints there. */
945 }
946 }
950 }
952 }
953 #else
954 #define mark_socket_open(s) STMT_NIL
955 #endif
956 /** @} */
958 /** As socket(), but counts the number of open sockets. */
959 tor_socket_t
961 {
962 tor_socket_t s;
963 #ifdef SOCK_CLOEXEC
964 #define LINUX_CLOEXEC_OPEN_SOCKET
966 #endif
969 #if !defined(LINUX_CLOEXEC_OPEN_SOCKET) && defined(FD_CLOEXEC)
971 #endif
976 }
978 }
980 /** As socket(), but counts the number of open sockets. */
981 tor_socket_t
983 {
984 tor_socket_t s;
985 #if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC)
986 #define LINUX_CLOEXEC_ACCEPT
988 #else
990 #endif
992 #if !defined(LINUX_CLOEXEC_ACCEPT) && defined(FD_CLOEXEC)
994 #endif
999 }
1001 }
1003 /** Return the number of sockets we currently have opened. */
1004 int
1006 {
1012 }
1014 /** Turn <b>socket</b> into a nonblocking socket.
1015 */
1016 void
1018 {
1019 #if defined(MS_WINDOWS)
1022 #else
1024 #endif
1025 }
1027 /**
1028 * Allocate a pair of connected sockets. (Like socketpair(family,
1029 * type,protocol,fd), but works on systems that don't have
1030 * socketpair.)
1031 *
1032 * Currently, only (AF_UNIX, SOCK_STREAM, 0) sockets are supported.
1033 *
1034 * Note that on systems without socketpair, this call will fail if
1035 * localhost is inaccessible (for example, if the networking
1036 * stack is down). And even if it succeeds, the socket pair will not
1037 * be able to read while localhost is down later (the socket pair may
1038 * even close, depending on OS-specific timeouts).
1039 *
1040 * Returns 0 on success and -errno on failure; do not rely on the value
1041 * of errno or WSAGetLastError().
1042 **/
1043 /* It would be nicer just to set errno, but that won't work for windows. */
1044 int
1046 {
1047 //don't use win32 socketpairs (they are always bad)
1048 #if defined(HAVE_SOCKETPAIR) && !defined(MS_WINDOWS)
1050 #ifdef SOCK_CLOEXEC
1052 #endif
1055 #if !defined(SOCK_CLOEXEC) && defined(FD_CLOEXEC)
1060 #endif
1065 }
1069 }
1071 }
1073 #else
1074 /* This socketpair does not work when localhost is down. So
1075 * it's really not the same thing at all. But it's close enough
1076 * for now, and really, when localhost is down sometimes, we
1077 * have other problems too.
1078 */
1088 #ifdef AF_UNIX
1090 #endif
1091 ) {
1092 #ifdef MS_WINDOWS
1094 #else
1096 #endif
1097 }
1100 }
1118 /* We want to find out the port number to connect to. */
1136 /* Now check we are talking to ourself by matching port and host on the
1137 two sockets. */
1145 }
1151 abort_tidy_up_and_fail:
1152 #ifdef MS_WINDOWS
1154 #else
1156 #endif
1157 tidy_up_and_fail:
1167 #endif
1168 }
1170 /** Number of extra file descriptors to keep in reserve beyond those that we
1171 * tell Tor it's allowed to use. */
1174 /** Learn the maximum allowed number of file descriptors. (Some systems
1175 * have a low soft limit.
1176 *
1177 * We compute this by finding the largest number that we can use.
1178 * If we can't find a number greater than or equal to <b>limit</b>,
1179 * then we fail: return -1.
1180 *
1181 * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
1182 int
1184 {
1185 /* Define some maximum connections values for systems where we cannot
1186 * automatically determine a limit. Re Cygwin, see
1187 * http://archives.seul.org/or/talk/Aug-2006/msg00210.html
1188 * For an iPhone, 9999 should work. For Windows and all other unknown
1189 * systems we use 15000 as the default. */
1190 #ifndef HAVE_GETRLIMIT
1191 #if defined(CYGWIN) || defined(__CYGWIN__)
1194 #elif defined(MS_WINDOWS)
1197 #else
1200 #endif
1205 "We do not support more than %lu file descriptors "
1209 }
1219 }
1226 }
1231 }
1236 #ifdef OPEN_MAX
1238 /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
1239 * full of nasty lies. I'm looking at you, OSX 10.5.... */
1250 }
1252 }
1253 }
1259 }
1260 }
1261 /* leave some overhead for logs, etc, */
1269 }
1275 }
1277 #ifndef MS_WINDOWS
1278 /** Log details of current user and group credentials. Return 0 on
1279 * success. Logs and return -1 on failure.
1280 */
1281 static int
1283 {
1284 /** Log level to use when describing non-error UID/GID status. */
1285 #define CREDENTIAL_LOG_LEVEL LOG_INFO
1286 /* Real, effective and saved UIDs */
1288 /* Read, effective and saved GIDs */
1290 /* Supplementary groups */
1293 /* Number of supplementary groups */
1296 /* log UIDs */
1297 #ifdef HAVE_GETRESUID
1305 }
1306 #else
1307 /* getresuid is not present on MacOS X, so we can't get the saved (E)UID */
1315 #endif
1317 /* log GIDs */
1318 #ifdef HAVE_GETRESGID
1326 }
1327 #else
1328 /* getresgid is not present on MacOS X, so we can't get the saved (E)GID */
1335 #endif
1337 /* log supplementary groups */
1345 }
1365 }
1367 }
1373 error:
1376 {
1378 });
1383 }
1386 }
1387 #endif
1389 /** Call setuid and setgid to run as <b>user</b> and switch to their
1390 * primary group. Return 0 on success. On failure, log and return -1.
1391 */
1392 int
1394 {
1395 #ifndef MS_WINDOWS
1397 uid_t old_uid;
1398 gid_t old_gid;
1406 /* Log the initial credential state */
1412 /* Get old UID/GID to check if we changed correctly */
1416 /* Lookup the user and group information, if we have a problem, bail out. */
1421 }
1423 /* Properly switch egid,gid,euid,uid here or bail out */
1430 "you want to be. (If you did not set the User option in your "
1431 "torrc, check whether it was specified on the command line "
1436 }
1438 }
1444 }
1450 }
1456 }
1462 }
1464 /* This is how OpenBSD rolls:
1465 if (setgroups(1, &pw->pw_gid) || setegid(pw->pw_gid) ||
1466 setgid(pw->pw_gid) || setuid(pw->pw_uid) || seteuid(pw->pw_uid)) {
1467 setgid(pw->pw_gid) || seteuid(pw->pw_uid) || setuid(pw->pw_uid)) {
1468 log_warn(LD_GENERAL, "Error setting configured UID/GID: %s",
1469 strerror(errno));
1470 return -1;
1471 }
1472 */
1474 /* We've properly switched egid, gid, euid, uid, and supplementary groups if
1475 * we're here. */
1477 #if !defined(CYGWIN) && !defined(__CYGWIN__)
1478 /* If we tried to drop privilege to a group/user other than root, attempt to
1479 * restore root (E)(U|G)ID, and abort if the operation succeeds */
1481 /* Only check for privilege dropping if we were asked to be non-root */
1483 /* Try changing GID/EGID */
1489 }
1491 /* Try changing UID/EUID */
1497 }
1498 }
1499 #endif
1501 /* Check what really happened */
1504 }
1508 #if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
1509 #ifdef PR_SET_DUMPABLE
1511 /* Re-enable core dumps if we're not running as root. */
1515 }
1516 }
1517 #endif
1518 #endif
1521 #else
1527 #endif
1528 }
1530 /* We only use the linux prctl for now. There is no Win32 support; this may
1531 * also work on various BSD systems and Mac OS X - send testing feedback!
1532 *
1533 * On recent Gnu/Linux kernels it is possible to create a system-wide policy
1534 * that will prevent non-root processes from attaching to other processes
1535 * unless they are the parent process; thus gdb can attach to programs that
1536 * they execute but they cannot attach to other processes running as the same
1537 * user. The system wide policy may be set with the sysctl
1538 * kernel.yama.ptrace_scope or by inspecting
1539 * /proc/sys/kernel/yama/ptrace_scope and it is 1 by default on Ubuntu 11.04.
1540 *
1541 * This ptrace scope will be ignored on Gnu/Linux for users with
1542 * CAP_SYS_PTRACE and so it is very likely that root will still be able to
1543 * attach to the Tor process.
1544 */
1545 /** Attempt to disable debugger attachment: return 1 on success, -1 on
1546 * failure, and 0 if we don't know how to try on this platform. */
1547 int
1549 {
1554 "Attemping to disable debugger attachment to Tor for "
1556 #if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
1557 #ifdef PR_SET_DUMPABLE
1560 #endif
1561 #endif
1562 #if defined(__APPLE__) && defined(PT_DENY_ATTACH)
1566 }
1567 #endif
1569 // XXX: TODO - Mac OS X has dtrace and this may be disabled.
1570 // XXX: TODO - Windows probably has something similar
1578 }
1580 }
1582 #ifdef HAVE_PWD_H
1583 /** Allocate and return a string containing the home directory for the
1584 * user <b>username</b>. Only works on posix-like systems. */
1587 {
1594 }
1596 }
1597 #endif
1599 /** Modify <b>fname</b> to contain the name of the directory */
1600 int
1602 {
1606 #ifdef MS_WINDOWS
1607 /* If we start with, say, c:, then don't consider that the start of the path
1608 */
1611 }
1612 #endif
1613 /* Now we want to remove all path-separators at the end of the string,
1614 * and to remove the end of the string starting with the path separator
1615 * before the last non-path-separator. In perl, this would be
1616 * s#[/]*$##; s#/[^/]*$##;
1617 * on a unixy platform.
1618 */
1623 #ifdef MS_WINDOWS
1625 #endif
1626 );
1633 }
1634 }
1636 }
1638 /** Expand possibly relative path <b>fname</b> to an absolute path.
1639 * Return a newly allocated string, possibly equal to <b>fname</b>. */
1642 {
1643 #ifdef WINDOWS
1646 /* We don't want to assume that tor_free can free a string allocated
1647 * with malloc. On failure, return fname (it's better than nothing). */
1652 #else
1664 /* If getcwd failed, the best we can do here is keep using the
1665 * relative path. (Perhaps / isn't readable by this UID/GID.) */
1667 }
1668 }
1671 #endif
1672 }
1674 /** Set *addr to the IP address (in dotted-quad notation) stored in c.
1675 * Return 1 on success, 0 if c is badly formatted. (Like inet_aton(c,addr),
1676 * but works on Windows and Solaris.)
1677 */
1678 int
1680 {
1691 }
1693 /** Given <b>af</b>==AF_INET and <b>src</b> a struct in_addr, or
1694 * <b>af</b>==AF_INET6 and <b>src</b> a struct in6_addr, try to format the
1695 * address and store it in the <b>len</b>-byte buffer <b>dst</b>. Returns
1696 * <b>dst</b> on success, NULL on failure.
1697 *
1698 * (Like inet_ntop(af,src,dst,len), but works on platforms that don't have it:
1699 * Tor sometimes needs to format ipv6 addresses even on platforms without ipv6
1700 * support.) */
1703 {
1707 else
1717 }
1721 /* This is an IPv4 address. */
1730 }
1735 }
1743 }
1747 }
1750 }
1751 }
1769 }
1770 }
1778 }
1779 }
1781 /** Given <b>af</b>==AF_INET or <b>af</b>==AF_INET6, and a string <b>src</b>
1782 * encoding an IPv4 address or IPv6 address correspondingly, try to parse the
1783 * address and store the result in <b>dst</b> (which must have space for a
1784 * struct in_addr or a struct in6_addr, as appropriate). Return 1 on success,
1785 * 0 on a bad parse, and -1 on a bad <b>af</b>.
1786 *
1787 * (Like inet_pton(af,src,dst) but works on platforms that don't have it: Tor
1788 * sometimes needs to format ipv6 addresses even on platforms without ipv6
1789 * support.) */
1790 int
1792 {
1809 ;
1812 /* We use "scanf" because some platform inet_aton()s are too lax
1813 * about IPv4 addresses of the form "1.2.3" */
1824 }
1832 ssize_t len;
1846 setWords++;
1860 }
1861 }
1875 }
1879 }
1884 }
1885 }
1887 /** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
1888 * *<b>addr</b> to the proper IP address, in host byte order. Returns 0
1889 * on success, -1 on failure; 1 on transient failure.
1890 *
1891 * (This function exists because standard windows gethostbyname
1892 * doesn't treat raw IP addresses properly.)
1893 */
1894 int
1896 {
1897 tor_addr_t myaddr;
1906 }
1909 }
1911 /** Initialize the insecure libc RNG. */
1912 void
1914 {
1915 #ifdef MS_WINDOWS
1917 #else
1919 #endif
1920 }
1922 /** Return a randomly chosen value in the range 0..TOR_RAND_MAX. This
1923 * entropy will not be cryptographically strong; do not rely on it
1924 * for anything an adversary should not be able to predict. */
1925 long
1927 {
1928 #ifdef MS_WINDOWS
1930 #else
1932 #endif
1933 }
1935 /** Hold the result of our call to <b>uname</b>. */
1937 /** True iff uname_result is set. */
1940 /** Return a pointer to a description of our platform.
1941 */
1944 {
1945 #ifdef HAVE_UNAME
1947 #endif
1949 #ifdef HAVE_UNAME
1951 /* (Linux says 0 is success, Solaris says 1 is success) */
1955 #endif
1956 {
1957 #ifdef MS_WINDOWS
1958 OSVERSIONINFOEX info;
1972 /* { 4, 0, "Windows NT 4.0" }, */
1975 /* { 4, 0, "Windows 95" } */
1978 };
1986 }
1987 #ifdef UNICODE
1989 #else
1991 #endif
1995 else
2007 }
2008 }
2009 }
2015 }
2027 acsd);
2028 else
2032 acsd);
2033 }
2034 #if !defined (WINCE)
2035 #ifdef VER_SUITE_BACKOFFICE
2042 }
2043 #endif
2044 #endif
2045 #else
2047 #endif
2048 }
2050 }
2052 }
2054 /*
2055 * Process control
2056 */
2058 #if defined(USE_PTHREADS)
2059 /** Wraps a void (*)(void*) function and its argument so we can
2060 * invoke them in a way pthreads would expect.
2061 */
2066 /** Given a tor_pthread_data_t <b>_data</b>, call _data->func(d->data)
2067 * and free _data. Used to make sure we can call functions the way pthread
2068 * expects. */
2071 {
2075 /* mask signals to worker threads to avoid SIGPIPE, etc */
2076 sigset_t sigs;
2077 /* We're in a subthread; don't handle any signals here. */
2086 }
2087 #endif
2089 /** Minimalist interface to run a void function in the background. On
2090 * Unix calls fork, on win32 calls beginthread. Returns -1 on failure.
2091 * func should not return, but rather should call spawn_exit.
2092 *
2093 * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
2094 * since in a multithreaded environment, there is no way to be sure that
2095 * the caller's stack will still be around when the called function is
2096 * running.
2097 */
2098 int
2100 {
2101 #if defined(USE_WIN32_THREADS)
2107 #elif defined(USE_PTHREADS)
2108 pthread_t thread;
2118 #else
2119 pid_t pid;
2124 /* Child */
2129 /* Parent */
2131 }
2132 #endif
2133 }
2135 /** End the current thread/process.
2136 */
2137 void
2139 {
2140 #if defined(USE_WIN32_THREADS)
2142 //we should never get here. my compiler thinks that _endthread returns, this
2143 //is an attempt to fool it.
2146 #elif defined(USE_PTHREADS)
2148 #else
2149 /* http://www.erlenstar.demon.co.uk/unix/faq_2.html says we should
2150 * call _exit, not exit, from child processes. */
2152 #endif
2153 }
2155 /** Implementation logic for compute_num_cpus(). */
2156 static int
2158 {
2159 #ifdef MS_WINDOWS
2160 SYSTEM_INFO info;
2165 else
2167 #elif defined(HAVE_SYSCONF) && defined(_SC_NPROCESSORS_CONF)
2171 else
2173 #else
2175 #endif
2176 }
2178 #define MAX_DETECTABLE_CPUS 16
2180 /** Return how many CPUs we are running with. We assume that nobody is
2181 * using hot-swappable CPUs, so we don't recompute this after the first
2182 * time. Return -1 if we don't know how to tell the number of CPUs on this
2183 * system.
2184 */
2185 int
2187 {
2194 "will not autodetect any more than %d, though. If you "
2197 }
2199 }
2201 /** Set *timeval to the current time of day. On error, log and terminate.
2202 * (Same as gettimeofday(timeval,NULL), but never returns -1.)
2203 */
2204 void
2206 {
2207 #ifdef MS_WINDOWS
2208 /* Epoch bias copied from perl: number of units between windows epoch and
2209 * Unix epoch. */
2210 #define EPOCH_BIAS U64_LITERAL(116444736000000000)
2211 #define UNITS_PER_SEC U64_LITERAL(10000000)
2212 #define USEC_PER_SEC U64_LITERAL(1000000)
2213 #define UNITS_PER_USEC U64_LITERAL(10)
2216 FILETIME ft_ft;
2218 #if defined (WINCE)
2219 /* wince do not have GetSystemTimeAsFileTime */
2220 SYSTEMTIME stime;
2223 #else
2224 /* number of 100-nsec units since Jan 1, 1601 */
2226 #endif
2230 }
2234 #elif defined(HAVE_GETTIMEOFDAY)
2237 /* If gettimeofday dies, we have either given a bad timezone (we didn't),
2238 or segfaulted.*/
2240 }
2241 #elif defined(HAVE_FTIME)
2246 #else
2248 #endif
2250 }
2252 #if defined(TOR_IS_MULTITHREADED) && !defined(MS_WINDOWS)
2253 /** Defined iff we need to add locks when defining fake versions of reentrant
2254 * versions of time-related functions. */
2255 #define TIME_FNS_NEED_LOCKS
2256 #endif
2261 {
2273 }
2275 }
2277 /* If we get here, gmtime or localtime returned NULL. It might have done
2278 * this because of overrun or underrun, or it might have done it because of
2279 * some other weird issue. */
2293 /* Rounding down to INT32_MAX isn't so great, but keep in mind that we
2294 * only do it if gmtime/localtime tells us NULL. */
2305 }
2306 }
2308 /* If we get here, then gmtime/localtime failed without getting an extreme
2309 * value for *timep */
2315 done:
2320 outcome);
2322 }
2324 /** @{ */
2325 /** As localtime_r, but defined for platforms that don't have it:
2326 *
2327 * Convert *<b>timep</b> to a struct tm in local time, and store the value in
2328 * *<b>result</b>. Return the result on success, or NULL on failure.
2329 */
2330 #ifdef HAVE_LOCALTIME_R
2333 {
2337 }
2338 #elif defined(TIME_FNS_NEED_LOCKS)
2341 {
2352 }
2353 #else
2356 {
2363 }
2364 #endif
2365 /** @} */
2367 /** @{ */
2368 /** As gmtimee_r, but defined for platforms that don't have it:
2369 *
2370 * Convert *<b>timep</b> to a struct tm in UTC, and store the value in
2371 * *<b>result</b>. Return the result on success, or NULL on failure.
2372 */
2373 #ifdef HAVE_GMTIME_R
2376 {
2380 }
2381 #elif defined(TIME_FNS_NEED_LOCKS)
2384 {
2395 }
2396 #else
2399 {
2406 }
2407 #endif
2409 #if defined(USE_WIN32_THREADS)
2410 void
2412 {
2414 }
2415 void
2417 {
2419 }
2420 void
2422 {
2425 }
2426 void
2428 {
2430 }
2431 unsigned long
2433 {
2435 }
2436 #elif defined(USE_PTHREADS)
2437 /** A mutex attribute that we're going to use to tell pthreads that we want
2438 * "reentrant" mutexes (i.e., once we can re-lock if we're already holding
2439 * them.) */
2441 /** True iff we've called tor_threads_init() */
2443 /** Initialize <b>mutex</b> so it can be locked. Every mutex must be set
2444 * up with tor_mutex_init() or tor_mutex_new(); not both. */
2445 void
2447 {
2455 }
2456 }
2457 /** Wait until <b>m</b> is free, then acquire it. */
2458 void
2460 {
2467 }
2468 }
2469 /** Release the lock <b>m</b> so another thread can have it. */
2470 void
2472 {
2479 }
2480 }
2481 /** Clean up the mutex <b>m</b> so that it no longer uses any system
2482 * resources. Does not free <b>m</b>. This function must only be called on
2483 * mutexes from tor_mutex_init(). */
2484 void
2486 {
2493 }
2494 }
2495 /** Return an integer representing this thread. */
2496 unsigned long
2498 {
2500 pthread_t thr;
2505 }
2506 #endif
2508 #ifdef TOR_IS_MULTITHREADED
2509 /** Return a newly allocated, ready-for-use mutex. */
2510 tor_mutex_t *
2512 {
2516 }
2517 /** Release all storage and system resources held by <b>m</b>. */
2518 void
2520 {
2525 }
2526 #endif
2528 /* Conditions. */
2529 #ifdef USE_PTHREADS
2530 #if 0
2531 /** Cross-platform condition implementation. */
2533 pthread_cond_t cond;
2534 };
2535 /** Return a newly allocated condition, with nobody waiting on it. */
2536 tor_cond_t *
2538 {
2543 }
2545 }
2546 /** Release all resources held by <b>cond</b>. */
2547 void
2549 {
2555 }
2557 }
2558 /** Wait until one of the tor_cond_signal functions is called on <b>cond</b>.
2559 * All waiters on the condition must wait holding the same <b>mutex</b>.
2560 * Returns 0 on success, negative on failure. */
2561 int
2563 {
2565 }
2566 /** Wake up one of the waiters on <b>cond</b>. */
2567 void
2569 {
2571 }
2572 /** Wake up all of the waiters on <b>cond</b>. */
2573 void
2575 {
2577 }
2578 #endif
2579 /** Set up common structures for use by threading. */
2580 void
2582 {
2588 }
2589 }
2590 #elif defined(USE_WIN32_THREADS)
2591 #if 0
2594 CRITICAL_SECTION mutex;
2596 };
2597 tor_cond_t *
2599 {
2604 }
2605 void
2607 {
2611 /* XXXX notify? */
2614 }
2615 int
2617 {
2618 HANDLE event;
2626 }
2648 }
2650 }
2651 void
2653 {
2654 HANDLE event;
2663 }
2664 void
2666 {
2673 }
2674 #endif
2675 void
2677 {
2678 #if 0
2680 #endif
2682 }
2683 #endif
2685 #if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
2686 /** Attempt to raise the current and max rlimit to infinity for our process.
2687 * This only needs to be done once and can probably only be done when we have
2688 * not already dropped privileges.
2689 */
2690 static int
2692 {
2693 /* Future consideration for Windows is probably SetProcessWorkingSetSize
2694 * This is similar to setting the memory rlimit of RLIMIT_MEMLOCK
2695 * http://msdn.microsoft.com/en-us/library/ms686234(VS.85).aspx
2696 */
2700 /* RLIM_INFINITY is -1 on some platforms. */
2708 }
2712 }
2715 }
2716 #endif
2718 /** Attempt to lock all current and all future memory pages.
2719 * This should only be called once and while we're privileged.
2720 * Like mlockall() we return 0 when we're successful and -1 when we're not.
2721 * Unlike mlockall() we return 1 if we've already attempted to lock memory.
2722 */
2723 int
2725 {
2730 }
2734 /*
2735 * Future consideration for Windows may be VirtualLock
2736 * VirtualLock appears to implement mlock() but not mlockall()
2737 *
2738 * http://msdn.microsoft.com/en-us/library/aa366895(VS.85).aspx
2739 */
2741 #if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
2744 }
2751 /* Apple - it's 2009! I'm looking at you. Grrr. */
2757 }
2761 }
2762 #else
2765 #endif
2766 }
2768 /** Identity of the "main" thread */
2771 /** Start considering the current thread to be the 'main thread'. This has
2772 * no effect on anything besides in_main_thread(). */
2773 void
2775 {
2777 }
2778 /** Return true iff called from the main thread. */
2779 int
2781 {
2783 }
2785 /**
2786 * On Windows, WSAEWOULDBLOCK is not always correct: when you see it,
2787 * you need to ask the socket for its actual errno. Also, you need to
2788 * get your errors from WSAGetLastError, not errno. (If you supply a
2789 * socket of -1, we check WSAGetLastError, but don't correct
2790 * WSAEWOULDBLOCKs.)
2791 *
2792 * The upshot of all of this is that when a socket call fails, you
2793 * should call tor_socket_errno <em>at most once</em> on the failing
2794 * socket to get the error.
2795 */
2796 #if defined(MS_WINDOWS)
2797 int
2799 {
2807 }
2809 }
2810 #endif
2812 #if defined(MS_WINDOWS)
2830 /* What's the difference between NOTSUPP and NOSUPPORT? :) */
2850 /* Yes, some of these start with WSA, not WSAE. No, I don't know why. */
2855 #ifdef WSATYPE_NOT_FOUND
2857 #endif
2863 /* There are some more error codes whose numeric values are marked
2864 * <b>OS dependent</b>. They start with WSA_, apparently for the same
2865 * reason that practitioners of some craft traditions deliberately
2866 * introduce imperfections into their baskets and rugs "to allow the
2867 * evil spirits to escape." If we catch them, then our binaries
2868 * might not report consistent results across versions of Windows.
2869 * Thus, I'm going to let them all fall through.
2870 */
2872 };
2873 /** There does not seem to be a strerror equivalent for Winsock errors.
2874 * Naturally, we have to roll our own.
2875 */
2878 {
2883 }
2885 }
2886 #endif
2888 /** Called before we make any calls to network-related functions.
2889 * (Some operating systems require their network libraries to be
2890 * initialized.) */
2891 int
2893 {
2894 #ifdef MS_WINDOWS
2895 /* This silly exercise is necessary before windows will allow
2896 * gethostbyname to work. */
2897 WSADATA WSAData;
2903 }
2904 /* WSAData.iMaxSockets might show the max sockets we're allowed to use.
2905 * We might use it to complain if we're trying to be a server but have
2906 * too few sockets available. */
2907 #endif
2909 }
2911 #ifdef MS_WINDOWS
2912 /** Return a newly allocated string describing the windows system error code
2913 * <b>err</b>. Note that error codes are different from errno. Error codes
2914 * come from GetLastError() when a winapi call fails. errno is set only when
2915 * ANSI functions fail. Whee. */
2918 {
2922 /* Somebody once decided that this interface was better than strerror(). */
2924 FORMAT_MESSAGE_FROM_SYSTEM |
2925 FORMAT_MESSAGE_IGNORE_INSERTS,
2932 #ifdef UNICODE
2936 #else
2938 #endif
2942 }
2944 }
2945 #endif