search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix up contrib/checkOptionDocs.pl to match current practice (asciidoc manpage, no...
[tor.git] / src / common / compat.c
blobe9101a8d7a849266ba044924dc7d2be77c687a9d
1 /* Copyright (c) 2003-2004, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2010, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 /**
7 * \file compat.c
8 * \brief Wrappers to make calls more portable. This code defines
9 * functions such as tor_malloc, tor_snprintf, get/set various data types,
10 * renaming, setting socket options, switching user IDs. It is basically
11 * where the non-portable items are conditionally included depending on
12 * the platform.
13 **/
14
15 /* This is required on rh7 to make strptime not complain.
16 * We also need it to make memmem get defined (where available)
17 */
18 #define _GNU_SOURCE
19
20 #include "compat.h"
21
22 #ifdef MS_WINDOWS
23 #include <process.h>
24 #include <windows.h>
25 #include <sys/locking.h>
26 #endif
27
28 #ifdef HAVE_UNAME
29 #include <sys/utsname.h>
30 #endif
31 #ifdef HAVE_UNISTD_H
32 #include <unistd.h>
33 #endif
34 #ifdef HAVE_SYS_FCNTL_H
35 #include <sys/fcntl.h>
36 #endif
37 #ifdef HAVE_PWD_H
38 #include <pwd.h>
39 #endif
40 #ifdef HAVE_GRP_H
41 #include <grp.h>
42 #endif
43 #ifdef HAVE_FCNTL_H
44 #include <fcntl.h>
45 #endif
46 #ifdef HAVE_ERRNO_H
47 #include <errno.h>
48 #endif
49 #ifdef HAVE_ARPA_INET_H
50 #include <arpa/inet.h>
51 #endif
52
53 #ifndef HAVE_GETTIMEOFDAY
54 #ifdef HAVE_FTIME
55 #include <sys/timeb.h>
56 #endif
57 #endif
58
59 #ifdef HAVE_NETDB_H
60 #include <netdb.h>
61 #endif
62 #ifdef HAVE_SYS_PARAM_H
63 #include <sys/param.h> /* FreeBSD needs this to know what version it is */
64 #endif
65 #include <stdio.h>
66 #include <stdlib.h>
67 #include <assert.h>
68 #ifdef HAVE_SIGNAL_H
69 #include <signal.h>
70 #endif
71 #ifdef HAVE_UTIME_H
72 #include <utime.h>
73 #endif
74 #ifdef HAVE_SYS_UTIME_H
75 #include <sys/utime.h>
76 #endif
77 #ifdef HAVE_SYS_MMAN_H
78 #include <sys/mman.h>
79 #endif
80 #ifdef HAVE_SYS_SYSLIMITS_H
81 #include <sys/syslimits.h>
82 #endif
83 #ifdef HAVE_SYS_FILE_H
84 #include <sys/file.h>
85 #endif
86 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
87 /* Only use the linux prctl; the IRIX prctl is totally different */
88 #include <sys/prctl.h>
89 #endif
90
91 #include "torlog.h"
92 #include "util.h"
93 #include "container.h"
94 #include "address.h"
95
96 /* Inline the strl functions if the platform doesn't have them. */
97 #ifndef HAVE_STRLCPY
98 #include "strlcpy.c"
99 #endif
100 #ifndef HAVE_STRLCAT
101 #include "strlcat.c"
102 #endif
103
104 #ifdef HAVE_SYS_MMAN_H
105 /** Try to create a memory mapping for <b>filename</b> and return it. On
106 * failure, return NULL. Sets errno properly, using ERANGE to mean
107 * "empty file". */
108 tor_mmap_t *
109 tor_mmap_file(const char *filename)
110 {
111 int fd; /* router file */
112 char *string;
113 int page_size;
114 tor_mmap_t *res;
115 size_t size, filesize;
116
117 tor_assert(filename);
118
119 fd = open(filename, O_RDONLY, 0);
120 if (fd<0) {
121 int save_errno = errno;
122 int severity = (errno == ENOENT) ? LOG_INFO : LOG_WARN;
123 log_fn(severity, LD_FS,"Could not open \"%s\" for mmap(): %s",filename,
124 strerror(errno));
125 errno = save_errno;
126 return NULL;
127 }
128
129 size = filesize = (size_t) lseek(fd, 0, SEEK_END);
130 lseek(fd, 0, SEEK_SET);
131 /* ensure page alignment */
132 page_size = getpagesize();
133 size += (size%page_size) ? page_size-(size%page_size) : 0;
134
135 if (!size) {
136 /* Zero-length file. If we call mmap on it, it will succeed but
137 * return NULL, and bad things will happen. So just fail. */
138 log_info(LD_FS,"File \"%s\" is empty. Ignoring.",filename);
139 errno = ERANGE;
140 close(fd);
141 return NULL;
142 }
143
144 string = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0);
145 close(fd);
146 if (string == MAP_FAILED) {
147 int save_errno = errno;
148 log_warn(LD_FS,"Could not mmap file \"%s\": %s", filename,
149 strerror(errno));
150 errno = save_errno;
151 return NULL;
152 }
153
154 res = tor_malloc_zero(sizeof(tor_mmap_t));
155 res->data = string;
156 res->size = filesize;
157 res->mapping_size = size;
158
159 return res;
160 }
161 /** Release storage held for a memory mapping. */
162 void
163 tor_munmap_file(tor_mmap_t *handle)
164 {
165 munmap((char*)handle->data, handle->mapping_size);
166 tor_free(handle);
167 }
168 #elif defined(MS_WINDOWS)
169 tor_mmap_t *
170 tor_mmap_file(const char *filename)
171 {
172 WCHAR wfilename[MAX_PATH]= {0};
173 tor_mmap_t *res = tor_malloc_zero(sizeof(tor_mmap_t));
174 int empty = 0;
175 res->file_handle = INVALID_HANDLE_VALUE;
176 res->mmap_handle = NULL;
177 mbstowcs(wfilename,filename,MAX_PATH);
178 res->file_handle = CreateFileW(wfilename,
179 GENERIC_READ, FILE_SHARE_READ,
180 NULL,
181 OPEN_EXISTING,
182 FILE_ATTRIBUTE_NORMAL,
183 0);
184
185 if (res->file_handle == INVALID_HANDLE_VALUE)
186 goto win_err;
187
188 res->size = GetFileSize(res->file_handle, NULL);
189
190 if (res->size == 0) {
191 log_info(LD_FS,"File \"%s\" is empty. Ignoring.",filename);
192 empty = 1;
193 goto err;
194 }
195
196 res->mmap_handle = CreateFileMapping(res->file_handle,
197 NULL,
198 PAGE_READONLY,
199 #if SIZEOF_SIZE_T > 4
200 (res->base.size >> 32),
201 #else
202 0,
203 #endif
204 (res->size & 0xfffffffful),
205 NULL);
206 if (res->mmap_handle == NULL)
207 goto win_err;
208 res->data = (char*) MapViewOfFile(res->mmap_handle,
209 FILE_MAP_READ,
210 0, 0, 0);
211 if (!res->data)
212 goto win_err;
213
214 return res;
215 win_err: {
216 DWORD e = GetLastError();
217 int severity = (e == ERROR_FILE_NOT_FOUND || e == ERROR_PATH_NOT_FOUND) ?
218 LOG_INFO : LOG_WARN;
219 char *msg = format_win32_error(e);
220 log_fn(severity, LD_FS, "Couldn't mmap file \"%s\": %s", filename, msg);
221 tor_free(msg);
222 if (e == ERROR_FILE_NOT_FOUND || e == ERROR_PATH_NOT_FOUND)
223 errno = ENOENT;
224 else
225 errno = EINVAL;
226 }
227 err:
228 if (empty)
229 errno = ERANGE;
230 tor_munmap_file(res);
231 return NULL;
232 }
233 void
234 tor_munmap_file(tor_mmap_t *handle)
235 {
236 if (handle->data)
237 /* This is an ugly cast, but without it, "data" in struct tor_mmap_t would
238 have to be redefined as non-const. */
239 UnmapViewOfFile( (LPVOID) handle->data);
240
241 if (handle->mmap_handle != NULL)
242 CloseHandle(handle->mmap_handle);
243 if (handle->file_handle != INVALID_HANDLE_VALUE)
244 CloseHandle(handle->file_handle);
245 tor_free(handle);
246 }
247 #else
248 tor_mmap_t *
249 tor_mmap_file(const char *filename)
250 {
251 struct stat st;
252 char *res = read_file_to_str(filename, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
253 tor_mmap_t *handle;
254 if (! res)
255 return NULL;
256 handle = tor_malloc_zero(sizeof(tor_mmap_t));
257 handle->data = res;
258 handle->size = st.st_size;
259 return handle;
260 }
261 void
262 tor_munmap_file(tor_mmap_t *handle)
263 {
264 char *d = (char*)handle->data;
265 tor_free(d);
266 memset(handle, 0, sizeof(tor_mmap_t));
267 tor_free(handle);
268 }
269 #endif
270
271 /** Replacement for snprintf. Differs from platform snprintf in two
272 * ways: First, always NUL-terminates its output. Second, always
273 * returns -1 if the result is truncated. (Note that this return
274 * behavior does <i>not</i> conform to C99; it just happens to be
275 * easier to emulate "return -1" with conformant implementations than
276 * it is to emulate "return number that would be written" with
277 * non-conformant implementations.) */
278 int
279 tor_snprintf(char *str, size_t size, const char *format, ...)
280 {
281 va_list ap;
282 int r;
283 va_start(ap,format);
284 r = tor_vsnprintf(str,size,format,ap);
285 va_end(ap);
286 return r;
287 }
288
289 /** Replacement for vsnprintf; behavior differs as tor_snprintf differs from
290 * snprintf.
291 */
292 int
293 tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
294 {
295 int r;
296 if (size == 0)
297 return -1; /* no place for the NUL */
298 if (size > SSIZE_T_MAX-16)
299 return -1;
300 #ifdef MS_WINDOWS
301 r = _vsnprintf(str, size, format, args);
302 #else
303 r = vsnprintf(str, size, format, args);
304 #endif
305 str[size-1] = '\0';
306 if (r < 0 || r >= (ssize_t)size)
307 return -1;
308 return r;
309 }
310
311 /**
312 * Portable asprintf implementation. Does a printf() into a newly malloc'd
313 * string. Sets *<b>strp</b> to this string, and returns its length (not
314 * including the terminating NUL character).
315 *
316 * You can treat this function as if its implementation were something like
317 <pre>
318 char buf[_INFINITY_];
319 tor_snprintf(buf, sizeof(buf), fmt, args);
320 *strp = tor_strdup(buf);
321 return strlen(*strp):
322 </pre>
323 * Where _INFINITY_ is an imaginary constant so big that any string can fit
324 * into it.
325 */
326 int
327 tor_asprintf(char **strp, const char *fmt, ...)
328 {
329 int r;
330 va_list args;
331 va_start(args, fmt);
332 r = tor_vasprintf(strp, fmt, args);
333 va_end(args);
334 if (!*strp || r < 0) {
335 log_err(LD_BUG, "Internal error in asprintf");
336 tor_assert(0);
337 }
338 return r;
339 }
340
341 /**
342 * Portable vasprintf implementation. Does a printf() into a newly malloc'd
343 * string. Differs from regular vasprintf in the same ways that
344 * tor_asprintf() differs from regular asprintf.
345 */
346 int
347 tor_vasprintf(char **strp, const char *fmt, va_list args)
348 {
349 /* use a temporary variable in case *strp is in args. */
350 char *strp_tmp=NULL;
351 #ifdef HAVE_VASPRINTF
352 /* If the platform gives us one, use it. */
353 int r = vasprintf(&strp_tmp, fmt, args);
354 if (r < 0)
355 *strp = NULL;
356 else
357 *strp = strp_tmp;
358 return r;
359 #elif defined(_MSC_VER)
360 /* On Windows, _vsnprintf won't tell us the length of the string if it
361 * overflows, so we need to use _vcsprintf to tell how much to allocate */
362 int len, r;
363 char *res;
364 len = _vscprintf(fmt, args);
365 if (len < 0) {
366 *strp = NULL;
367 return -1;
368 }
369 strp_tmp = tor_malloc(len + 1);
370 r = _vsnprintf(strp_tmp, len+1, fmt, args);
371 if (r != len) {
372 tor_free(strp_tmp);
373 *strp = NULL;
374 return -1;
375 }
376 *strp = strp_tmp;
377 return len;
378 #else
379 /* Everywhere else, we have a decent vsnprintf that tells us how many
380 * characters we need. We give it a try on a short buffer first, since
381 * it might be nice to avoid the second vsnprintf call.
382 */
383 char buf[128];
384 int len, r;
385 va_list tmp_args;
386 va_copy(tmp_args, args);
387 len = vsnprintf(buf, sizeof(buf), fmt, tmp_args);
388 va_end(tmp_args);
389 if (len < (int)sizeof(buf)) {
390 *strp = tor_strdup(buf);
391 return len;
392 }
393 strp_tmp = tor_malloc(len+1);
394 r = vsnprintf(strp_tmp, len+1, fmt, args);
395 if (r != len) {
396 tor_free(strp_tmp);
397 *strp = NULL;
398 return -1;
399 }
400 *strp = strp_tmp;
401 return len;
402 #endif
403 }
404
405 /** Given <b>hlen</b> bytes at <b>haystack</b> and <b>nlen</b> bytes at
406 * <b>needle</b>, return a pointer to the first occurrence of the needle
407 * within the haystack, or NULL if there is no such occurrence.
408 *
409 * Requires that nlen be greater than zero.
410 */
411 const void *
412 tor_memmem(const void *_haystack, size_t hlen,
413 const void *_needle, size_t nlen)
414 {
415 #if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2)
416 tor_assert(nlen);
417 return memmem(_haystack, hlen, _needle, nlen);
418 #else
419 /* This isn't as fast as the GLIBC implementation, but it doesn't need to
420 * be. */
421 const char *p, *end;
422 const char *haystack = (const char*)_haystack;
423 const char *needle = (const char*)_needle;
424 char first;
425 tor_assert(nlen);
426
427 p = haystack;
428 end = haystack + hlen;
429 first = *(const char*)needle;
430 while ((p = memchr(p, first, end-p))) {
431 if (p+nlen > end)
432 return NULL;
433 if (!memcmp(p, needle, nlen))
434 return p;
435 ++p;
436 }
437 return NULL;
438 #endif
439 }
440
441 /* Tables to implement ctypes-replacement TOR_IS*() functions. Each table
442 * has 256 bits to look up whether a character is in some set or not. This
443 * fails on non-ASCII platforms, but it is hard to find a platform whose
444 * character set is not a superset of ASCII nowadays. */
445 const uint32_t TOR_ISALPHA_TABLE[8] =
446 { 0, 0, 0x7fffffe, 0x7fffffe, 0, 0, 0, 0 };
447 const uint32_t TOR_ISALNUM_TABLE[8] =
448 { 0, 0x3ff0000, 0x7fffffe, 0x7fffffe, 0, 0, 0, 0 };
449 const uint32_t TOR_ISSPACE_TABLE[8] = { 0x3e00, 0x1, 0, 0, 0, 0, 0, 0 };
450 const uint32_t TOR_ISXDIGIT_TABLE[8] =
451 { 0, 0x3ff0000, 0x7e, 0x7e, 0, 0, 0, 0 };
452 const uint32_t TOR_ISDIGIT_TABLE[8] = { 0, 0x3ff0000, 0, 0, 0, 0, 0, 0 };
453 const uint32_t TOR_ISPRINT_TABLE[8] =
454 { 0, 0xffffffff, 0xffffffff, 0x7fffffff, 0, 0, 0, 0x0 };
455 const uint32_t TOR_ISUPPER_TABLE[8] = { 0, 0, 0x7fffffe, 0, 0, 0, 0, 0 };
456 const uint32_t TOR_ISLOWER_TABLE[8] = { 0, 0, 0, 0x7fffffe, 0, 0, 0, 0 };
457 /* Upper-casing and lowercasing tables to map characters to upper/lowercase
458 * equivalents. */
459 const char TOR_TOUPPER_TABLE[256] = {
460 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
461 16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
462 32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
463 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
464 64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,
465 80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,
466 96,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,
467 80,81,82,83,84,85,86,87,88,89,90,123,124,125,126,127,
468 128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
469 144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,
470 160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,
471 176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,
472 192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,
473 208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
474 224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
475 240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,
476 };
477 const char TOR_TOLOWER_TABLE[256] = {
478 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
479 16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
480 32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
481 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
482 64,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,
483 112,113,114,115,116,117,118,119,120,121,122,91,92,93,94,95,
484 96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,
485 112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,
486 128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
487 144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,
488 160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,
489 176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,
490 192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,
491 208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
492 224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
493 240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,
494 };
495
496 /** Implementation of strtok_r for platforms whose coders haven't figured out
497 * how to write one. Hey guys! You can use this code here for free! */
498 char *
499 tor_strtok_r_impl(char *str, const char *sep, char **lasts)
500 {
501 char *cp, *start;
502 if (str)
503 start = cp = *lasts = str;
504 else if (!*lasts)
505 return NULL;
506 else
507 start = cp = *lasts;
508
509 tor_assert(*sep);
510 if (sep[1]) {
511 while (*cp && !strchr(sep, *cp))
512 ++cp;
513 } else {
514 tor_assert(strlen(sep) == 1);
515 cp = strchr(cp, *sep);
516 }
517
518 if (!cp || !*cp) {
519 *lasts = NULL;
520 } else {
521 *cp++ = '\0';
522 *lasts = cp;
523 }
524 return start;
525 }
526
527 #ifdef MS_WINDOWS
528 /** Take a filename and return a pointer to its final element. This
529 * function is called on __FILE__ to fix a MSVC nit where __FILE__
530 * contains the full path to the file. This is bad, because it
531 * confuses users to find the home directory of the person who
532 * compiled the binary in their warning messages.
533 */
534 const char *
535 tor_fix_source_file(const char *fname)
536 {
537 const char *cp1, *cp2, *r;
538 cp1 = strrchr(fname, '/');
539 cp2 = strrchr(fname, '\\');
540 if (cp1 && cp2) {
541 r = (cp1<cp2)?(cp2+1):(cp1+1);
542 } else if (cp1) {
543 r = cp1+1;
544 } else if (cp2) {
545 r = cp2+1;
546 } else {
547 r = fname;
548 }
549 return r;
550 }
551 #endif
552
553 /**
554 * Read a 16-bit value beginning at <b>cp</b>. Equivalent to
555 * *(uint16_t*)(cp), but will not cause segfaults on platforms that forbid
556 * unaligned memory access.
557 */
558 uint16_t
559 get_uint16(const char *cp)
560 {
561 uint16_t v;
562 memcpy(&v,cp,2);
563 return v;
564 }
565 /**
566 * Read a 32-bit value beginning at <b>cp</b>. Equivalent to
567 * *(uint32_t*)(cp), but will not cause segfaults on platforms that forbid
568 * unaligned memory access.
569 */
570 uint32_t
571 get_uint32(const char *cp)
572 {
573 uint32_t v;
574 memcpy(&v,cp,4);
575 return v;
576 }
577 /**
578 * Read a 64-bit value beginning at <b>cp</b>. Equivalent to
579 * *(uint64_t*)(cp), but will not cause segfaults on platforms that forbid
580 * unaligned memory access.
581 */
582 uint64_t
583 get_uint64(const char *cp)
584 {
585 uint64_t v;
586 memcpy(&v,cp,8);
587 return v;
588 }
589
590 /**
591 * Set a 16-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
592 * *(uint16_t*)(cp) = v, but will not cause segfaults on platforms that forbid
593 * unaligned memory access. */
594 void
595 set_uint16(char *cp, uint16_t v)
596 {
597 memcpy(cp,&v,2);
598 }
599 /**
600 * Set a 32-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
601 * *(uint32_t*)(cp) = v, but will not cause segfaults on platforms that forbid
602 * unaligned memory access. */
603 void
604 set_uint32(char *cp, uint32_t v)
605 {
606 memcpy(cp,&v,4);
607 }
608 /**
609 * Set a 64-bit value beginning at <b>cp</b> to <b>v</b>. Equivalent to
610 * *(uint64_t*)(cp) = v, but will not cause segfaults on platforms that forbid
611 * unaligned memory access. */
612 void
613 set_uint64(char *cp, uint64_t v)
614 {
615 memcpy(cp,&v,8);
616 }
617
618 /**
619 * Rename the file <b>from</b> to the file <b>to</b>. On Unix, this is
620 * the same as rename(2). On windows, this removes <b>to</b> first if
621 * it already exists.
622 * Returns 0 on success. Returns -1 and sets errno on failure.
623 */
624 int
625 replace_file(const char *from, const char *to)
626 {
627 #ifndef MS_WINDOWS
628 return rename(from,to);
629 #else
630 switch (file_status(to))
631 {
632 case FN_NOENT:
633 break;
634 case FN_FILE:
635 if (unlink(to)) return -1;
636 break;
637 case FN_ERROR:
638 return -1;
639 case FN_DIR:
640 errno = EISDIR;
641 return -1;
642 }
643 return rename(from,to);
644 #endif
645 }
646
647 /** Change <b>fname</b>'s modification time to now. */
648 int
649 touch_file(const char *fname)
650 {
651 if (utime(fname, NULL)!=0)
652 return -1;
653 return 0;
654 }
655
656 /** Represents a lockfile on which we hold the lock. */
657 struct tor_lockfile_t {
658 char *filename;
659 int fd;
660 };
661
662 /** Try to get a lock on the lockfile <b>filename</b>, creating it as
663 * necessary. If someone else has the lock and <b>blocking</b> is true,
664 * wait until the lock is available. Otherwise return immediately whether
665 * we succeeded or not.
666 *
667 * Set *<b>locked_out</b> to true if somebody else had the lock, and to false
668 * otherwise.
669 *
670 * Return a <b>tor_lockfile_t</b> on success, NULL on failure.
671 *
672 * (Implementation note: because we need to fall back to fcntl on some
673 * platforms, these locks are per-process, not per-thread. If you want
674 * to do in-process locking, use tor_mutex_t like a normal person.)
675 */
676 tor_lockfile_t *
677 tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
678 {
679 tor_lockfile_t *result;
680 int fd;
681 *locked_out = 0;
682
683 log_info(LD_FS, "Locking \"%s\"", filename);
684 fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
685 if (fd < 0) {
686 log_warn(LD_FS,"Couldn't open \"%s\" for locking: %s", filename,
687 strerror(errno));
688 return NULL;
689 }
690
691 #ifdef WIN32
692 _lseek(fd, 0, SEEK_SET);
693 if (_locking(fd, blocking ? _LK_LOCK : _LK_NBLCK, 1) < 0) {
694 if (errno != EDEADLOCK)
695 log_warn(LD_FS,"Couldn't lock \"%s\": %s", filename, strerror(errno));
696 else
697 *locked_out = 1;
698 close(fd);
699 return NULL;
700 }
701 #elif defined(HAVE_FLOCK)
702 if (flock(fd, LOCK_EX|(blocking ? 0 : LOCK_NB)) < 0) {
703 if (errno != EWOULDBLOCK)
704 log_warn(LD_FS,"Couldn't lock \"%s\": %s", filename, strerror(errno));
705 else
706 *locked_out = 1;
707 close(fd);
708 return NULL;
709 }
710 #else
711 {
712 struct flock lock;
713 memset(&lock, 0, sizeof(lock));
714 lock.l_type = F_WRLCK;
715 lock.l_whence = SEEK_SET;
716 if (fcntl(fd, blocking ? F_SETLKW : F_SETLK, &lock) < 0) {
717 if (errno != EACCES && errno != EAGAIN)
718 log_warn(LD_FS, "Couldn't lock \"%s\": %s", filename, strerror(errno));
719 else
720 *locked_out = 1;
721 close(fd);
722 return NULL;
723 }
724 }
725 #endif
726
727 result = tor_malloc(sizeof(tor_lockfile_t));
728 result->filename = tor_strdup(filename);
729 result->fd = fd;
730 return result;
731 }
732
733 /** Release the lock held as <b>lockfile</b>. */
734 void
735 tor_lockfile_unlock(tor_lockfile_t *lockfile)
736 {
737 tor_assert(lockfile);
738
739 log_info(LD_FS, "Unlocking \"%s\"", lockfile->filename);
740 #ifdef WIN32
741 _lseek(lockfile->fd, 0, SEEK_SET);
742 if (_locking(lockfile->fd, _LK_UNLCK, 1) < 0) {
743 log_warn(LD_FS,"Error unlocking \"%s\": %s", lockfile->filename,
744 strerror(errno));
745 }
746 #elif defined(HAVE_FLOCK)
747 if (flock(lockfile->fd, LOCK_UN) < 0) {
748 log_warn(LD_FS, "Error unlocking \"%s\": %s", lockfile->filename,
749 strerror(errno));
750 }
751 #else
752 /* Closing the lockfile is sufficient. */
753 #endif
754
755 close(lockfile->fd);
756 lockfile->fd = -1;
757 tor_free(lockfile->filename);
758 tor_free(lockfile);
759 }
760
761 /* Some old versions of Unix didn't define constants for these values,
762 * and instead expect you to say 0, 1, or 2. */
763 #ifndef SEEK_CUR
764 #define SEEK_CUR 1
765 #endif
766 #ifndef SEEK_END
767 #define SEEK_END 2
768 #endif
769
770 /** Return the position of <b>fd</b> with respect to the start of the file. */
771 off_t
772 tor_fd_getpos(int fd)
773 {
774 #ifdef WIN32
775 return (off_t) _lseek(fd, 0, SEEK_CUR);
776 #else
777 return (off_t) lseek(fd, 0, SEEK_CUR);
778 #endif
779 }
780
781 /** Move <b>fd</b> to the end of the file. Return -1 on error, 0 on success. */
782 int
783 tor_fd_seekend(int fd)
784 {
785 #ifdef WIN32
786 return _lseek(fd, 0, SEEK_END) < 0 ? -1 : 0;
787 #else
788 return lseek(fd, 0, SEEK_END) < 0 ? -1 : 0;
789 #endif
790 }
791
792 #undef DEBUG_SOCKET_COUNTING
793 #ifdef DEBUG_SOCKET_COUNTING
794 /** A bitarray of all fds that should be passed to tor_socket_close(). Only
795 * used if DEBUG_SOCKET_COUNTING is defined. */
796 static bitarray_t *open_sockets = NULL;
797 /** The size of <b>open_sockets</b>, in bits. */
798 static int max_socket = -1;
799 #endif
800
801 /** Count of number of sockets currently open. (Undercounts sockets opened by
802 * eventdns and libevent.) */
803 static int n_sockets_open = 0;
804
805 /** Mutex to protect open_sockets, max_socket, and n_sockets_open. */
806 static tor_mutex_t *socket_accounting_mutex = NULL;
807
808 static INLINE void
809 socket_accounting_lock(void)
810 {
811 if (PREDICT_UNLIKELY(!socket_accounting_mutex))
812 socket_accounting_mutex = tor_mutex_new();
813 tor_mutex_acquire(socket_accounting_mutex);
814 }
815
816 static INLINE void
817 socket_accounting_unlock(void)
818 {
819 tor_mutex_release(socket_accounting_mutex);
820 }
821
822 /** As close(), but guaranteed to work for sockets across platforms (including
823 * Windows, where close()ing a socket doesn't work. Returns 0 on success, -1
824 * on failure. */
825 int
826 tor_close_socket(int s)
827 {
828 int r = 0;
829
830 /* On Windows, you have to call close() on fds returned by open(),
831 * and closesocket() on fds returned by socket(). On Unix, everything
832 * gets close()'d. We abstract this difference by always using
833 * tor_close_socket to close sockets, and always using close() on
834 * files.
835 */
836 #if defined(MS_WINDOWS)
837 r = closesocket(s);
838 #else
839 r = close(s);
840 #endif
841
842 socket_accounting_lock();
843 #ifdef DEBUG_SOCKET_COUNTING
844 if (s > max_socket || ! bitarray_is_set(open_sockets, s)) {
845 log_warn(LD_BUG, "Closing a socket (%d) that wasn't returned by tor_open_"
846 "socket(), or that was already closed or something.", s);
847 } else {
848 tor_assert(open_sockets && s <= max_socket);
849 bitarray_clear(open_sockets, s);
850 }
851 #endif
852 if (r == 0) {
853 --n_sockets_open;
854 } else {
855 int err = tor_socket_errno(-1);
856 log_info(LD_NET, "Close returned an error: %s", tor_socket_strerror(err));
857 #ifdef WIN32
858 if (err != WSAENOTSOCK)
859 --n_sockets_open;
860 #else
861 if (err != EBADF)
862 --n_sockets_open;
863 #endif
864 r = -1;
865 }
866
867 if (n_sockets_open < 0)
868 log_warn(LD_BUG, "Our socket count is below zero: %d. Please submit a "
869 "bug report.", n_sockets_open);
870 socket_accounting_unlock();
871 return r;
872 }
873
874 #ifdef DEBUG_SOCKET_COUNTING
875 /** Helper: if DEBUG_SOCKET_COUNTING is enabled, remember that <b>s</b> is
876 * now an open socket. */
877 static INLINE void
878 mark_socket_open(int s)
879 {
880 if (s > max_socket) {
881 if (max_socket == -1) {
882 open_sockets = bitarray_init_zero(s+128);
883 max_socket = s+128;
884 } else {
885 open_sockets = bitarray_expand(open_sockets, max_socket, s+128);
886 max_socket = s+128;
887 }
888 }
889 if (bitarray_is_set(open_sockets, s)) {
890 log_warn(LD_BUG, "I thought that %d was already open, but socket() just "
891 "gave it to me!", s);
892 }
893 bitarray_set(open_sockets, s);
894 }
895 #else
896 #define mark_socket_open(s) STMT_NIL
897 #endif
898
899 /** As socket(), but counts the number of open sockets. */
900 int
901 tor_open_socket(int domain, int type, int protocol)
902 {
903 int s = socket(domain, type, protocol);
904 if (s >= 0) {
905 socket_accounting_lock();
906 ++n_sockets_open;
907 mark_socket_open(s);
908 socket_accounting_unlock();
909 }
910 return s;
911 }
912
913 /** As socket(), but counts the number of open sockets. */
914 int
915 tor_accept_socket(int sockfd, struct sockaddr *addr, socklen_t *len)
916 {
917 int s = accept(sockfd, addr, len);
918 if (s >= 0) {
919 socket_accounting_lock();
920 ++n_sockets_open;
921 mark_socket_open(s);
922 socket_accounting_unlock();
923 }
924 return s;
925 }
926
927 /** Return the number of sockets we currently have opened. */
928 int
929 get_n_open_sockets(void)
930 {
931 int n;
932 socket_accounting_lock();
933 n = n_sockets_open;
934 socket_accounting_unlock();
935 return n;
936 }
937
938 /** Turn <b>socket</b> into a nonblocking socket.
939 */
940 void
941 set_socket_nonblocking(int socket)
942 {
943 #if defined(MS_WINDOWS)
944 unsigned long nonblocking = 1;
945 ioctlsocket(socket, FIONBIO, (unsigned long*) &nonblocking);
946 #else
947 fcntl(socket, F_SETFL, O_NONBLOCK);
948 #endif
949 }
950
951 /**
952 * Allocate a pair of connected sockets. (Like socketpair(family,
953 * type,protocol,fd), but works on systems that don't have
954 * socketpair.)
955 *
956 * Currently, only (AF_UNIX, SOCK_STREAM, 0) sockets are supported.
957 *
958 * Note that on systems without socketpair, this call will fail if
959 * localhost is inaccessible (for example, if the networking
960 * stack is down). And even if it succeeds, the socket pair will not
961 * be able to read while localhost is down later (the socket pair may
962 * even close, depending on OS-specific timeouts).
963 *
964 * Returns 0 on success and -errno on failure; do not rely on the value
965 * of errno or WSAGetLastError().
966 **/
967 /* It would be nicer just to set errno, but that won't work for windows. */
968 int
969 tor_socketpair(int family, int type, int protocol, int fd[2])
970 {
971 //don't use win32 socketpairs (they are always bad)
972 #if defined(HAVE_SOCKETPAIR) && !defined(MS_WINDOWS)
973 int r;
974 r = socketpair(family, type, protocol, fd);
975 if (r == 0) {
976 socket_accounting_lock();
977 if (fd[0] >= 0) {
978 ++n_sockets_open;
979 mark_socket_open(fd[0]);
980 }
981 if (fd[1] >= 0) {
982 ++n_sockets_open;
983 mark_socket_open(fd[1]);
984 }
985 socket_accounting_unlock();
986 }
987 return r < 0 ? -errno : r;
988 #else
989 /* This socketpair does not work when localhost is down. So
990 * it's really not the same thing at all. But it's close enough
991 * for now, and really, when localhost is down sometimes, we
992 * have other problems too.
993 */
994 int listener = -1;
995 int connector = -1;
996 int acceptor = -1;
997 struct sockaddr_in listen_addr;
998 struct sockaddr_in connect_addr;
999 int size;
1000 int saved_errno = -1;
1001
1002 if (protocol
1003 #ifdef AF_UNIX
1004 || family != AF_UNIX
1005 #endif
1006 ) {
1007 #ifdef MS_WINDOWS
1008 return -WSAEAFNOSUPPORT;
1009 #else
1010 return -EAFNOSUPPORT;
1011 #endif
1012 }
1013 if (!fd) {
1014 return -EINVAL;
1015 }
1016
1017 listener = tor_open_socket(AF_INET, type, 0);
1018 if (listener < 0)
1019 return -tor_socket_errno(-1);
1020 memset(&listen_addr, 0, sizeof(listen_addr));
1021 listen_addr.sin_family = AF_INET;
1022 listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
1023 listen_addr.sin_port = 0; /* kernel chooses port. */
1024 if (bind(listener, (struct sockaddr *) &listen_addr, sizeof (listen_addr))
1025 == -1)
1026 goto tidy_up_and_fail;
1027 if (listen(listener, 1) == -1)
1028 goto tidy_up_and_fail;
1029
1030 connector = tor_open_socket(AF_INET, type, 0);
1031 if (connector < 0)
1032 goto tidy_up_and_fail;
1033 /* We want to find out the port number to connect to. */
1034 size = sizeof(connect_addr);
1035 if (getsockname(listener, (struct sockaddr *) &connect_addr, &size) == -1)
1036 goto tidy_up_and_fail;
1037 if (size != sizeof (connect_addr))
1038 goto abort_tidy_up_and_fail;
1039 if (connect(connector, (struct sockaddr *) &connect_addr,
1040 sizeof(connect_addr)) == -1)
1041 goto tidy_up_and_fail;
1042
1043 size = sizeof(listen_addr);
1044 acceptor = tor_accept_socket(listener,
1045 (struct sockaddr *) &listen_addr, &size);
1046 if (acceptor < 0)
1047 goto tidy_up_and_fail;
1048 if (size != sizeof(listen_addr))
1049 goto abort_tidy_up_and_fail;
1050 tor_close_socket(listener);
1051 /* Now check we are talking to ourself by matching port and host on the
1052 two sockets. */
1053 if (getsockname(connector, (struct sockaddr *) &connect_addr, &size) == -1)
1054 goto tidy_up_and_fail;
1055 if (size != sizeof (connect_addr)
1056 || listen_addr.sin_family != connect_addr.sin_family
1057 || listen_addr.sin_addr.s_addr != connect_addr.sin_addr.s_addr
1058 || listen_addr.sin_port != connect_addr.sin_port) {
1059 goto abort_tidy_up_and_fail;
1060 }
1061 fd[0] = connector;
1062 fd[1] = acceptor;
1063
1064 return 0;
1065
1066 abort_tidy_up_and_fail:
1067 #ifdef MS_WINDOWS
1068 saved_errno = WSAECONNABORTED;
1069 #else
1070 saved_errno = ECONNABORTED; /* I hope this is portable and appropriate. */
1071 #endif
1072 tidy_up_and_fail:
1073 if (saved_errno < 0)
1074 saved_errno = errno;
1075 if (listener != -1)
1076 tor_close_socket(listener);
1077 if (connector != -1)
1078 tor_close_socket(connector);
1079 if (acceptor != -1)
1080 tor_close_socket(acceptor);
1081 return -saved_errno;
1082 #endif
1083 }
1084
1085 #define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond _ConnLimit */
1086
1087 /** Learn the maximum allowed number of file descriptors. (Some systems
1088 * have a low soft limit.
1089 *
1090 * We compute this by finding the largest number that we can use.
1091 * If we can't find a number greater than or equal to <b>limit</b>,
1092 * then we fail: return -1.
1093 *
1094 * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
1095 int
1096 set_max_file_descriptors(rlim_t limit, int *max_out)
1097 {
1098 /* Define some maximum connections values for systems where we cannot
1099 * automatically determine a limit. Re Cygwin, see
1100 * http://archives.seul.org/or/talk/Aug-2006/msg00210.html
1101 * For an iPhone, 9999 should work. For Windows and all other unknown
1102 * systems we use 15000 as the default. */
1103 #ifndef HAVE_GETRLIMIT
1104 #if defined(CYGWIN) || defined(__CYGWIN__)
1105 const char *platform = "Cygwin";
1106 const unsigned long MAX_CONNECTIONS = 3200;
1107 #elif defined(MS_WINDOWS)
1108 const char *platform = "Windows";
1109 const unsigned long MAX_CONNECTIONS = 15000;
1110 #else
1111 const char *platform = "unknown platforms with no getrlimit()";
1112 const unsigned long MAX_CONNECTIONS = 15000;
1113 #endif
1114 log_fn(LOG_INFO, LD_NET,
1115 "This platform is missing getrlimit(). Proceeding.");
1116 if (limit > MAX_CONNECTIONS) {
1117 log_warn(LD_CONFIG,
1118 "We do not support more than %lu file descriptors "
1119 "on %s. Tried to raise to %lu.",
1120 (unsigned long)MAX_CONNECTIONS, platform, (unsigned long)limit);
1121 return -1;
1122 }
1123 limit = MAX_CONNECTIONS;
1124 #else /* HAVE_GETRLIMIT */
1125 struct rlimit rlim;
1126 tor_assert(limit > 0);
1127
1128 if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
1129 log_warn(LD_NET, "Could not get maximum number of file descriptors: %s",
1130 strerror(errno));
1131 return -1;
1132 }
1133
1134 if (rlim.rlim_max < limit) {
1135 log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
1136 "limited to %lu. Please change your ulimit -n.",
1137 (unsigned long)limit, (unsigned long)rlim.rlim_max);
1138 return -1;
1139 }
1140
1141 if (rlim.rlim_max > rlim.rlim_cur) {
1142 log_info(LD_NET,"Raising max file descriptors from %lu to %lu.",
1143 (unsigned long)rlim.rlim_cur, (unsigned long)rlim.rlim_max);
1144 }
1145 rlim.rlim_cur = rlim.rlim_max;
1146
1147 if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) {
1148 int bad = 1;
1149 #ifdef OPEN_MAX
1150 if (errno == EINVAL && OPEN_MAX < rlim.rlim_cur) {
1151 /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
1152 * full of nasty lies. I'm looking at you, OSX 10.5.... */
1153 rlim.rlim_cur = OPEN_MAX;
1154 if (setrlimit(RLIMIT_NOFILE, &rlim) == 0) {
1155 if (rlim.rlim_cur < (rlim_t)limit) {
1156 log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
1157 "OPEN_MAX, and ConnLimit is %lu. Changing ConnLimit; sorry.",
1158 (unsigned long)OPEN_MAX, (unsigned long)limit);
1159 } else {
1160 log_info(LD_CONFIG, "Dropped connection limit to OPEN_MAX (%lu); "
1161 "Apparently, %lu was too high and rlimit lied to us.",
1162 (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max);
1163 }
1164 bad = 0;
1165 }
1166 }
1167 #endif /* OPEN_MAX */
1168 if (bad) {
1169 log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
1170 strerror(errno));
1171 return -1;
1172 }
1173 }
1174 /* leave some overhead for logs, etc, */
1175 limit = rlim.rlim_cur;
1176 #endif /* HAVE_GETRLIMIT */
1177
1178 if (limit < ULIMIT_BUFFER) {
1179 log_warn(LD_CONFIG,
1180 "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
1181 return -1;
1182 }
1183 if (limit > INT_MAX)
1184 limit = INT_MAX;
1185 tor_assert(max_out);
1186 *max_out = (int)limit - ULIMIT_BUFFER;
1187 return 0;
1188 }
1189
1190 #ifndef MS_WINDOWS
1191 /** Log details of current user and group credentials. Return 0 on
1192 * success. Logs and return -1 on failure.
1193 */
1194 static int
1195 log_credential_status(void)
1196 {
1197 #define CREDENTIAL_LOG_LEVEL LOG_INFO
1198 /* Real, effective and saved UIDs */
1199 uid_t ruid, euid, suid;
1200 /* Read, effective and saved GIDs */
1201 gid_t rgid, egid, sgid;
1202 /* Supplementary groups */
1203 gid_t sup_gids[NGROUPS_MAX + 1];
1204 /* Number of supplementary groups */
1205 int ngids;
1206
1207 /* log UIDs */
1208 #ifdef HAVE_GETRESUID
1209 if (getresuid(&ruid, &euid, &suid) != 0 ) {
1210 log_warn(LD_GENERAL, "Error getting changed UIDs: %s", strerror(errno));
1211 return -1;
1212 } else {
1213 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
1214 "UID is %u (real), %u (effective), %u (saved)",
1215 (unsigned)ruid, (unsigned)euid, (unsigned)suid);
1216 }
1217 #else
1218 /* getresuid is not present on MacOS X, so we can't get the saved (E)UID */
1219 ruid = getuid();
1220 euid = geteuid();
1221 (void)suid;
1222
1223 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
1224 "UID is %u (real), %u (effective), unknown (saved)",
1225 (unsigned)ruid, (unsigned)euid);
1226 #endif
1227
1228 /* log GIDs */
1229 #ifdef HAVE_GETRESGID
1230 if (getresgid(&rgid, &egid, &sgid) != 0 ) {
1231 log_warn(LD_GENERAL, "Error getting changed GIDs: %s", strerror(errno));
1232 return -1;
1233 } else {
1234 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
1235 "GID is %u (real), %u (effective), %u (saved)",
1236 (unsigned)rgid, (unsigned)egid, (unsigned)sgid);
1237 }
1238 #else
1239 /* getresgid is not present on MacOS X, so we can't get the saved (E)GID */
1240 rgid = getgid();
1241 egid = getegid();
1242 (void)sgid;
1243 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
1244 "GID is %u (real), %u (effective), unknown (saved)",
1245 (unsigned)rgid, (unsigned)egid);
1246 #endif
1247
1248 /* log supplementary groups */
1249 if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) {
1250 log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s",
1251 strerror(errno));
1252 return -1;
1253 } else {
1254 int i, retval = 0;
1255 char *strgid;
1256 char *s = NULL;
1257 smartlist_t *elts = smartlist_create();
1258
1259 for (i = 0; i<ngids; i++) {
1260 strgid = tor_malloc(11);
1261 if (tor_snprintf(strgid, 11, "%u", (unsigned)sup_gids[i]) < 0) {
1262 log_warn(LD_GENERAL, "Error printing supplementary GIDs");
1263 tor_free(strgid);
1264 retval = -1;
1265 goto error;
1266 }
1267 smartlist_add(elts, strgid);
1268 }
1269
1270 s = smartlist_join_strings(elts, " ", 0, NULL);
1271
1272 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL, "Supplementary groups are: %s",s);
1273
1274 error:
1275 tor_free(s);
1276 SMARTLIST_FOREACH(elts, char *, cp,
1277 {
1278 tor_free(cp);
1279 });
1280 smartlist_free(elts);
1281
1282 return retval;
1283 }
1284
1285 return 0;
1286 }
1287 #endif
1288
1289 /** Call setuid and setgid to run as <b>user</b> and switch to their
1290 * primary group. Return 0 on success. On failure, log and return -1.
1291 */
1292 int
1293 switch_id(const char *user)
1294 {
1295 #ifndef MS_WINDOWS
1296 struct passwd *pw = NULL;
1297 uid_t old_uid;
1298 gid_t old_gid;
1299 static int have_already_switched_id = 0;
1300
1301 tor_assert(user);
1302
1303 if (have_already_switched_id)
1304 return 0;
1305
1306 /* Log the initial credential state */
1307 if (log_credential_status())
1308 return -1;
1309
1310 log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL, "Changing user and groups");
1311
1312 /* Get old UID/GID to check if we changed correctly */
1313 old_uid = getuid();
1314 old_gid = getgid();
1315
1316 /* Lookup the user and group information, if we have a problem, bail out. */
1317 pw = getpwnam(user);
1318 if (pw == NULL) {
1319 log_warn(LD_CONFIG, "Error setting configured user: %s not found", user);
1320 return -1;
1321 }
1322
1323 /* Properly switch egid,gid,euid,uid here or bail out */
1324 if (setgroups(1, &pw->pw_gid)) {
1325 log_warn(LD_GENERAL, "Error setting groups to gid %d: \"%s\".",
1326 (int)pw->pw_gid, strerror(errno));
1327 if (old_uid == pw->pw_uid) {
1328 log_warn(LD_GENERAL, "Tor is already running as %s. You do not need "
1329 "the \"User\" option if you are already running as the user "
1330 "you want to be. (If you did not set the User option in your "
1331 "torrc, check whether it was specified on the command line "
1332 "by a startup script.)", user);
1333 } else {
1334 log_warn(LD_GENERAL, "If you set the \"User\" option, you must start Tor"
1335 " as root.");
1336 }
1337 return -1;
1338 }
1339
1340 if (setegid(pw->pw_gid)) {
1341 log_warn(LD_GENERAL, "Error setting egid to %d: %s",
1342 (int)pw->pw_gid, strerror(errno));
1343 return -1;
1344 }
1345
1346 if (setgid(pw->pw_gid)) {
1347 log_warn(LD_GENERAL, "Error setting gid to %d: %s",
1348 (int)pw->pw_gid, strerror(errno));
1349 return -1;
1350 }
1351
1352 if (setuid(pw->pw_uid)) {
1353 log_warn(LD_GENERAL, "Error setting configured uid to %s (%d): %s",
1354 user, (int)pw->pw_uid, strerror(errno));
1355 return -1;
1356 }
1357
1358 if (seteuid(pw->pw_uid)) {
1359 log_warn(LD_GENERAL, "Error setting configured euid to %s (%d): %s",
1360 user, (int)pw->pw_uid, strerror(errno));
1361 return -1;
1362 }
1363
1364 /* This is how OpenBSD rolls:
1365 if (setgroups(1, &pw->pw_gid) || setegid(pw->pw_gid) ||
1366 setgid(pw->pw_gid) || setuid(pw->pw_uid) || seteuid(pw->pw_uid)) {
1367 setgid(pw->pw_gid) || seteuid(pw->pw_uid) || setuid(pw->pw_uid)) {
1368 log_warn(LD_GENERAL, "Error setting configured UID/GID: %s",
1369 strerror(errno));
1370 return -1;
1371 }
1372 */
1373
1374 /* We've properly switched egid, gid, euid, uid, and supplementary groups if
1375 * we're here. */
1376
1377 #if !defined(CYGWIN) && !defined(__CYGWIN__)
1378 /* If we tried to drop privilege to a group/user other than root, attempt to
1379 * restore root (E)(U|G)ID, and abort if the operation succeeds */
1380
1381 /* Only check for privilege dropping if we were asked to be non-root */
1382 if (pw->pw_uid) {
1383 /* Try changing GID/EGID */
1384 if (pw->pw_gid != old_gid &&
1385 (setgid(old_gid) != -1 || setegid(old_gid) != -1)) {
1386 log_warn(LD_GENERAL, "Was able to restore group credentials even after "
1387 "switching GID: this means that the setgid code didn't work.");
1388 return -1;
1389 }
1390
1391 /* Try changing UID/EUID */
1392 if (pw->pw_uid != old_uid &&
1393 (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) {
1394 log_warn(LD_GENERAL, "Was able to restore user credentials even after "
1395 "switching UID: this means that the setuid code didn't work.");
1396 return -1;
1397 }
1398 }
1399 #endif
1400
1401 /* Check what really happened */
1402 if (log_credential_status()) {
1403 return -1;
1404 }
1405
1406 have_already_switched_id = 1; /* mark success so we never try again */
1407
1408 #if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
1409 #ifdef PR_SET_DUMPABLE
1410 if (pw->pw_uid) {
1411 /* Re-enable core dumps if we're not running as root. */
1412 log_info(LD_CONFIG, "Re-enabling coredumps");
1413 if (prctl(PR_SET_DUMPABLE, 1)) {
1414 log_warn(LD_CONFIG, "Unable to re-enable coredumps: %s",strerror(errno));
1415 }
1416 }
1417 #endif
1418 #endif
1419 return 0;
1420
1421 #else
1422 (void)user;
1423
1424 log_warn(LD_CONFIG,
1425 "User specified but switching users is unsupported on your OS.");
1426 return -1;
1427 #endif
1428 }
1429
1430 #ifdef HAVE_PWD_H
1431 /** Allocate and return a string containing the home directory for the
1432 * user <b>username</b>. Only works on posix-like systems. */
1433 char *
1434 get_user_homedir(const char *username)
1435 {
1436 struct passwd *pw;
1437 tor_assert(username);
1438
1439 if (!(pw = getpwnam(username))) {
1440 log_err(LD_CONFIG,"User \"%s\" not found.", username);
1441 return NULL;
1442 }
1443 return tor_strdup(pw->pw_dir);
1444 }
1445 #endif
1446
1447 /** Set *addr to the IP address (in dotted-quad notation) stored in c.
1448 * Return 1 on success, 0 if c is badly formatted. (Like inet_aton(c,addr),
1449 * but works on Windows and Solaris.)
1450 */
1451 int
1452 tor_inet_aton(const char *str, struct in_addr* addr)
1453 {
1454 unsigned a,b,c,d;
1455 char more;
1456 if (tor_sscanf(str, "%3u.%3u.%3u.%3u%c", &a,&b,&c,&d,&more) != 4)
1457 return 0;
1458 if (a > 255) return 0;
1459 if (b > 255) return 0;
1460 if (c > 255) return 0;
1461 if (d > 255) return 0;
1462 addr->s_addr = htonl((a<<24) | (b<<16) | (c<<8) | d);
1463 return 1;
1464 }
1465
1466 /** Given <b>af</b>==AF_INET and <b>src</b> a struct in_addr, or
1467 * <b>af</b>==AF_INET6 and <b>src</b> a struct in6_addr, try to format the
1468 * address and store it in the <b>len</b>-byte buffer <b>dst</b>. Returns
1469 * <b>dst</b> on success, NULL on failure.
1470 *
1471 * (Like inet_ntop(af,src,dst,len), but works on platforms that don't have it:
1472 * Tor sometimes needs to format ipv6 addresses even on platforms without ipv6
1473 * support.) */
1474 const char *
1475 tor_inet_ntop(int af, const void *src, char *dst, size_t len)
1476 {
1477 if (af == AF_INET) {
1478 if (tor_inet_ntoa(src, dst, len) < 0)
1479 return NULL;
1480 else
1481 return dst;
1482 } else if (af == AF_INET6) {
1483 const struct in6_addr *addr = src;
1484 char buf[64], *cp;
1485 int longestGapLen = 0, longestGapPos = -1, i,
1486 curGapPos = -1, curGapLen = 0;
1487 uint16_t words[8];
1488 for (i = 0; i < 8; ++i) {
1489 words[i] = (((uint16_t)addr->s6_addr[2*i])<<8) + addr->s6_addr[2*i+1];
1490 }
1491 if (words[0] == 0 && words[1] == 0 && words[2] == 0 && words[3] == 0 &&
1492 words[4] == 0 && ((words[5] == 0 && words[6] && words[7]) ||
1493 (words[5] == 0xffff))) {
1494 /* This is an IPv4 address. */
1495 if (words[5] == 0) {
1496 tor_snprintf(buf, sizeof(buf), "::%d.%d.%d.%d",
1497 addr->s6_addr[12], addr->s6_addr[13],
1498 addr->s6_addr[14], addr->s6_addr[15]);
1499 } else {
1500 tor_snprintf(buf, sizeof(buf), "::%x:%d.%d.%d.%d", words[5],
1501 addr->s6_addr[12], addr->s6_addr[13],
1502 addr->s6_addr[14], addr->s6_addr[15]);
1503 }
1504 if (strlen(buf) > len)
1505 return NULL;
1506 strlcpy(dst, buf, len);
1507 return dst;
1508 }
1509 i = 0;
1510 while (i < 8) {
1511 if (words[i] == 0) {
1512 curGapPos = i++;
1513 curGapLen = 1;
1514 while (i<8 && words[i] == 0) {
1515 ++i; ++curGapLen;
1516 }
1517 if (curGapLen > longestGapLen) {
1518 longestGapPos = curGapPos;
1519 longestGapLen = curGapLen;
1520 }
1521 } else {
1522 ++i;
1523 }
1524 }
1525 if (longestGapLen<=1)
1526 longestGapPos = -1;
1527
1528 cp = buf;
1529 for (i = 0; i < 8; ++i) {
1530 if (words[i] == 0 && longestGapPos == i) {
1531 if (i == 0)
1532 *cp++ = ':';
1533 *cp++ = ':';
1534 while (i < 8 && words[i] == 0)
1535 ++i;
1536 --i; /* to compensate for loop increment. */
1537 } else {
1538 tor_snprintf(cp, sizeof(buf)-(cp-buf), "%x", (unsigned)words[i]);
1539 cp += strlen(cp);
1540 if (i != 7)
1541 *cp++ = ':';
1542 }
1543 }
1544 *cp = '\0';
1545 if (strlen(buf) > len)
1546 return NULL;
1547 strlcpy(dst, buf, len);
1548 return dst;
1549 } else {
1550 return NULL;
1551 }
1552 }
1553
1554 /** Given <b>af</b>==AF_INET or <b>af</b>==AF_INET6, and a string <b>src</b>
1555 * encoding an IPv4 address or IPv6 address correspondingly, try to parse the
1556 * address and store the result in <b>dst</b> (which must have space for a
1557 * struct in_addr or a struct in6_addr, as appropriate). Return 1 on success,
1558 * 0 on a bad parse, and -1 on a bad <b>af</b>.
1559 *
1560 * (Like inet_pton(af,src,dst) but works on platforms that don't have it: Tor
1561 * sometimes needs to format ipv6 addresses even on platforms without ipv6
1562 * support.) */
1563 int
1564 tor_inet_pton(int af, const char *src, void *dst)
1565 {
1566 if (af == AF_INET) {
1567 return tor_inet_aton(src, dst);
1568 } else if (af == AF_INET6) {
1569 struct in6_addr *out = dst;
1570 uint16_t words[8];
1571 int gapPos = -1, i, setWords=0;
1572 const char *dot = strchr(src, '.');
1573 const char *eow; /* end of words. */
1574 if (dot == src)
1575 return 0;
1576 else if (!dot)
1577 eow = src+strlen(src);
1578 else {
1579 unsigned byte1,byte2,byte3,byte4;
1580 char more;
1581 for (eow = dot-1; eow >= src && TOR_ISDIGIT(*eow); --eow)
1582 ;
1583 ++eow;
1584
1585 /* We use "scanf" because some platform inet_aton()s are too lax
1586 * about IPv4 addresses of the form "1.2.3" */
1587 if (tor_sscanf(eow, "%3u.%3u.%3u.%3u%c",
1588 &byte1,&byte2,&byte3,&byte4,&more) != 4)
1589 return 0;
1590
1591 if (byte1 > 255 || byte2 > 255 || byte3 > 255 || byte4 > 255)
1592 return 0;
1593
1594 words[6] = (byte1<<8) | byte2;
1595 words[7] = (byte3<<8) | byte4;
1596 setWords += 2;
1597 }
1598
1599 i = 0;
1600 while (src < eow) {
1601 if (i > 7)
1602 return 0;
1603 if (TOR_ISXDIGIT(*src)) {
1604 char *next;
1605 long r = strtol(src, &next, 16);
1606 if (next > 4+src)
1607 return 0;
1608 if (next == src)
1609 return 0;
1610 if (r<0 || r>65536)
1611 return 0;
1612
1613 words[i++] = (uint16_t)r;
1614 setWords++;
1615 src = next;
1616 if (*src != ':' && src != eow)
1617 return 0;
1618 ++src;
1619 } else if (*src == ':' && i > 0 && gapPos==-1) {
1620 gapPos = i;
1621 ++src;
1622 } else if (*src == ':' && i == 0 && src[1] == ':' && gapPos==-1) {
1623 gapPos = i;
1624 src += 2;
1625 } else {
1626 return 0;
1627 }
1628 }
1629
1630 if (setWords > 8 ||
1631 (setWords == 8 && gapPos != -1) ||
1632 (setWords < 8 && gapPos == -1))
1633 return 0;
1634
1635 if (gapPos >= 0) {
1636 int nToMove = setWords - (dot ? 2 : 0) - gapPos;
1637 int gapLen = 8 - setWords;
1638 tor_assert(nToMove >= 0);
1639 memmove(&words[gapPos+gapLen], &words[gapPos],
1640 sizeof(uint16_t)*nToMove);
1641 memset(&words[gapPos], 0, sizeof(uint16_t)*gapLen);
1642 }
1643 for (i = 0; i < 8; ++i) {
1644 out->s6_addr[2*i ] = words[i] >> 8;
1645 out->s6_addr[2*i+1] = words[i] & 0xff;
1646 }
1647
1648 return 1;
1649 } else {
1650 return -1;
1651 }
1652 }
1653
1654 /** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
1655 * *<b>addr</b> to the proper IP address, in host byte order. Returns 0
1656 * on success, -1 on failure; 1 on transient failure.
1657 *
1658 * (This function exists because standard windows gethostbyname
1659 * doesn't treat raw IP addresses properly.)
1660 */
1661 int
1662 tor_lookup_hostname(const char *name, uint32_t *addr)
1663 {
1664 tor_addr_t myaddr;
1665 int ret;
1666
1667 if ((ret = tor_addr_lookup(name, AF_INET, &myaddr)))
1668 return ret;
1669
1670 if (tor_addr_family(&myaddr) == AF_INET) {
1671 *addr = tor_addr_to_ipv4h(&myaddr);
1672 return ret;
1673 }
1674
1675 return -1;
1676 }
1677
1678 /** Hold the result of our call to <b>uname</b>. */
1679 static char uname_result[256];
1680 /** True iff uname_result is set. */
1681 static int uname_result_is_set = 0;
1682
1683 /** Return a pointer to a description of our platform.
1684 */
1685 const char *
1686 get_uname(void)
1687 {
1688 #ifdef HAVE_UNAME
1689 struct utsname u;
1690 #endif
1691 if (!uname_result_is_set) {
1692 #ifdef HAVE_UNAME
1693 if (uname(&u) != -1) {
1694 /* (Linux says 0 is success, Solaris says 1 is success) */
1695 tor_snprintf(uname_result, sizeof(uname_result), "%s %s",
1696 u.sysname, u.machine);
1697 } else
1698 #endif
1699 {
1700 #ifdef MS_WINDOWS
1701 #if defined (WINCE)
1702 OSVERSIONINFO info;
1703 #else
1704 OSVERSIONINFOEXW info;
1705 #endif
1706 int i;
1707 const char *plat = NULL;
1708 const char *extra = NULL;
1709 char acsd[MAX_PATH] = {0};
1710 static struct {
1711 unsigned major; unsigned minor; const char *version;
1712 } win_version_table[] = {
1713 { 6, 1, "Windows 7" },
1714 { 6, 0, "Windows Vista" },
1715 { 5, 2, "Windows Server 2003" },
1716 { 5, 1, "Windows XP" },
1717 { 5, 0, "Windows 2000" },
1718 /* { 4, 0, "Windows NT 4.0" }, */
1719 { 4, 90, "Windows Me" },
1720 { 4, 10, "Windows 98" },
1721 /* { 4, 0, "Windows 95" } */
1722 { 3, 51, "Windows NT 3.51" },
1723 { 0, 0, NULL }
1724 };
1725 memset(&info, 0, sizeof(info));
1726 info.dwOSVersionInfoSize = sizeof(info);
1727 if (! GetVersionExW((LPOSVERSIONINFOW)&info)) {
1728 strlcpy(uname_result, "Bizarre version of Windows where GetVersionEx"
1729 " doesn't work.", sizeof(uname_result));
1730 uname_result_is_set = 1;
1731 return uname_result;
1732 }
1733 wcstombs(acsd, info.szCSDVersion, MAX_PATH);
1734 if (info.dwMajorVersion == 4 && info.dwMinorVersion == 0) {
1735 if (info.dwPlatformId == VER_PLATFORM_WIN32_NT)
1736 plat = "Windows NT 4.0";
1737 else
1738 plat = "Windows 95";
1739 if (acsd[1] == 'B')
1740 extra = "OSR2 (B)";
1741 else if (acsd[1] == 'C')
1742 extra = "OSR2 (C)";
1743 } else {
1744 for (i=0; win_version_table[i].major>0; ++i) {
1745 if (win_version_table[i].major == info.dwMajorVersion &&
1746 win_version_table[i].minor == info.dwMinorVersion) {
1747 plat = win_version_table[i].version;
1748 break;
1749 }
1750 }
1751 }
1752 if (plat && !strcmp(plat, "Windows 98")) {
1753 if (acsd[1] == 'A')
1754 extra = "SE (A)";
1755 else if (acsd[1] == 'B')
1756 extra = "SE (B)";
1757 }
1758 if (plat) {
1759 if (!extra)
1760 extra = acsd;
1761 tor_snprintf(uname_result, sizeof(uname_result), "%s %s",
1762 plat, extra);
1763 } else {
1764 if (info.dwMajorVersion > 6 ||
1765 (info.dwMajorVersion==6 && info.dwMinorVersion>1))
1766 tor_snprintf(uname_result, sizeof(uname_result),
1767 "Very recent version of Windows [major=%d,minor=%d] %s",
1768 (int)info.dwMajorVersion,(int)info.dwMinorVersion,
1769 acsd);
1770 else
1771 tor_snprintf(uname_result, sizeof(uname_result),
1772 "Unrecognized version of Windows [major=%d,minor=%d] %s",
1773 (int)info.dwMajorVersion,(int)info.dwMinorVersion,
1774 acsd);
1775 }
1776 #if !defined (WINCE)
1777 #ifdef VER_SUITE_BACKOFFICE
1778 if (info.wProductType == VER_NT_DOMAIN_CONTROLLER) {
1779 strlcat(uname_result, " [domain controller]", sizeof(uname_result));
1780 } else if (info.wProductType == VER_NT_SERVER) {
1781 strlcat(uname_result, " [server]", sizeof(uname_result));
1782 } else if (info.wProductType == VER_NT_WORKSTATION) {
1783 strlcat(uname_result, " [workstation]", sizeof(uname_result));
1784 }
1785 #endif
1786 #endif
1787 #else
1788 strlcpy(uname_result, "Unknown platform", sizeof(uname_result));
1789 #endif
1790 }
1791 uname_result_is_set = 1;
1792 }
1793 return uname_result;
1794 }
1795
1796 /*
1797 * Process control
1798 */
1799
1800 #if defined(USE_PTHREADS)
1801 /** Wraps a void (*)(void*) function and its argument so we can
1802 * invoke them in a way pthreads would expect.
1803 */
1804 typedef struct tor_pthread_data_t {
1805 void (*func)(void *);
1806 void *data;
1807 } tor_pthread_data_t;
1808 /** Given a tor_pthread_data_t <b>_data</b>, call _data-&gt;func(d-&gt;data)
1809 * and free _data. Used to make sure we can call functions the way pthread
1810 * expects. */
1811 static void *
1812 tor_pthread_helper_fn(void *_data)
1813 {
1814 tor_pthread_data_t *data = _data;
1815 void (*func)(void*);
1816 void *arg;
1817 /* mask signals to worker threads to avoid SIGPIPE, etc */
1818 sigset_t sigs;
1819 /* We're in a subthread; don't handle any signals here. */
1820 sigfillset(&sigs);
1821 pthread_sigmask(SIG_SETMASK, &sigs, NULL);
1822
1823 func = data->func;
1824 arg = data->data;
1825 tor_free(_data);
1826 func(arg);
1827 return NULL;
1828 }
1829 #endif
1830
1831 /** Minimalist interface to run a void function in the background. On
1832 * Unix calls fork, on win32 calls beginthread. Returns -1 on failure.
1833 * func should not return, but rather should call spawn_exit.
1834 *
1835 * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
1836 * since in a multithreaded environment, there is no way to be sure that
1837 * the caller's stack will still be around when the called function is
1838 * running.
1839 */
1840 int
1841 spawn_func(void (*func)(void *), void *data)
1842 {
1843 #if defined(USE_WIN32_THREADS)
1844 int rv;
1845 rv = (int)_beginthread(func, 0, data);
1846 if (rv == (int)-1)
1847 return -1;
1848 return 0;
1849 #elif defined(USE_PTHREADS)
1850 pthread_t thread;
1851 tor_pthread_data_t *d;
1852 d = tor_malloc(sizeof(tor_pthread_data_t));
1853 d->data = data;
1854 d->func = func;
1855 if (pthread_create(&thread,NULL,tor_pthread_helper_fn,d))
1856 return -1;
1857 if (pthread_detach(thread))
1858 return -1;
1859 return 0;
1860 #else
1861 pid_t pid;
1862 pid = fork();
1863 if (pid<0)
1864 return -1;
1865 if (pid==0) {
1866 /* Child */
1867 func(data);
1868 tor_assert(0); /* Should never reach here. */
1869 return 0; /* suppress "control-reaches-end-of-non-void" warning. */
1870 } else {
1871 /* Parent */
1872 return 0;
1873 }
1874 #endif
1875 }
1876
1877 /** End the current thread/process.
1878 */
1879 void
1880 spawn_exit(void)
1881 {
1882 #if defined(USE_WIN32_THREADS)
1883 _endthread();
1884 //we should never get here. my compiler thinks that _endthread returns, this
1885 //is an attempt to fool it.
1886 tor_assert(0);
1887 _exit(0);
1888 #elif defined(USE_PTHREADS)
1889 pthread_exit(NULL);
1890 #else
1891 /* http://www.erlenstar.demon.co.uk/unix/faq_2.html says we should
1892 * call _exit, not exit, from child processes. */
1893 _exit(0);
1894 #endif
1895 }
1896
1897 /** Set *timeval to the current time of day. On error, log and terminate.
1898 * (Same as gettimeofday(timeval,NULL), but never returns -1.)
1899 */
1900 void
1901 tor_gettimeofday(struct timeval *timeval)
1902 {
1903 #ifdef MS_WINDOWS
1904 /* Epoch bias copied from perl: number of units between windows epoch and
1905 * Unix epoch. */
1906 #define EPOCH_BIAS U64_LITERAL(116444736000000000)
1907 #define UNITS_PER_SEC U64_LITERAL(10000000)
1908 #define USEC_PER_SEC U64_LITERAL(1000000)
1909 #define UNITS_PER_USEC U64_LITERAL(10)
1910 union {
1911 uint64_t ft_64;
1912 FILETIME ft_ft;
1913 } ft;
1914 #if defined (WINCE)
1915 /* wince do not have GetSystemTimeAsFileTime */
1916 SYSTEMTIME stime;
1917 GetSystemTime(&stime);
1918 SystemTimeToFileTime(&stime,&ft.ft_ft);
1919 #else
1920 /* number of 100-nsec units since Jan 1, 1601 */
1921 GetSystemTimeAsFileTime(&ft.ft_ft);
1922 #endif
1923 if (ft.ft_64 < EPOCH_BIAS) {
1924 log_err(LD_GENERAL,"System time is before 1970; failing.");
1925 exit(1);
1926 }
1927 ft.ft_64 -= EPOCH_BIAS;
1928 timeval->tv_sec = (unsigned) (ft.ft_64 / UNITS_PER_SEC);
1929 timeval->tv_usec = (unsigned) ((ft.ft_64 / UNITS_PER_USEC) % USEC_PER_SEC);
1930 #elif defined(HAVE_GETTIMEOFDAY)
1931 if (gettimeofday(timeval, NULL)) {
1932 log_err(LD_GENERAL,"gettimeofday failed.");
1933 /* If gettimeofday dies, we have either given a bad timezone (we didn't),
1934 or segfaulted.*/
1935 exit(1);
1936 }
1937 #elif defined(HAVE_FTIME)
1938 struct timeb tb;
1939 ftime(&tb);
1940 timeval->tv_sec = tb.time;
1941 timeval->tv_usec = tb.millitm * 1000;
1942 #else
1943 #error "No way to get time."
1944 #endif
1945 return;
1946 }
1947
1948 #if defined(TOR_IS_MULTITHREADED) && !defined(MS_WINDOWS)
1949 /** Defined iff we need to add locks when defining fake versions of reentrant
1950 * versions of time-related functions. */
1951 #define TIME_FNS_NEED_LOCKS
1952 #endif
1953
1954 #ifndef HAVE_LOCALTIME_R
1955 #ifdef TIME_FNS_NEED_LOCKS
1956 struct tm *
1957 tor_localtime_r(const time_t *timep, struct tm *result)
1958 {
1959 struct tm *r;
1960 static tor_mutex_t *m=NULL;
1961 if (!m) { m=tor_mutex_new(); }
1962 tor_assert(result);
1963 tor_mutex_acquire(m);
1964 r = localtime(timep);
1965 memcpy(result, r, sizeof(struct tm));
1966 tor_mutex_release(m);
1967 return result;
1968 }
1969 #else
1970 struct tm *
1971 tor_localtime_r(const time_t *timep, struct tm *result)
1972 {
1973 struct tm *r;
1974 tor_assert(result);
1975 r = localtime(timep);
1976 memcpy(result, r, sizeof(struct tm));
1977 return result;
1978 }
1979 #endif
1980 #endif
1981
1982 #ifndef HAVE_GMTIME_R
1983 #ifdef TIME_FNS_NEED_LOCKS
1984 struct tm *
1985 tor_gmtime_r(const time_t *timep, struct tm *result)
1986 {
1987 struct tm *r;
1988 static tor_mutex_t *m=NULL;
1989 if (!m) { m=tor_mutex_new(); }
1990 tor_assert(result);
1991 tor_mutex_acquire(m);
1992 r = gmtime(timep);
1993 memcpy(result, r, sizeof(struct tm));
1994 tor_mutex_release(m);
1995 return result;
1996 }
1997 #else
1998 struct tm *
1999 tor_gmtime_r(const time_t *timep, struct tm *result)
2000 {
2001 struct tm *r;
2002 tor_assert(result);
2003 r = gmtime(timep);
2004 memcpy(result, r, sizeof(struct tm));
2005 return result;
2006 }
2007 #endif
2008 #endif
2009
2010 #if defined(USE_WIN32_THREADS)
2011 void
2012 tor_mutex_init(tor_mutex_t *m)
2013 {
2014 InitializeCriticalSection(&m->mutex);
2015 }
2016 void
2017 tor_mutex_uninit(tor_mutex_t *m)
2018 {
2019 DeleteCriticalSection(&m->mutex);
2020 }
2021 void
2022 tor_mutex_acquire(tor_mutex_t *m)
2023 {
2024 tor_assert(m);
2025 EnterCriticalSection(&m->mutex);
2026 }
2027 void
2028 tor_mutex_release(tor_mutex_t *m)
2029 {
2030 LeaveCriticalSection(&m->mutex);
2031 }
2032 unsigned long
2033 tor_get_thread_id(void)
2034 {
2035 return (unsigned long)GetCurrentThreadId();
2036 }
2037 #elif defined(USE_PTHREADS)
2038 /** A mutex attribute that we're going to use to tell pthreads that we want
2039 * "reentrant" mutexes (i.e., once we can re-lock if we're already holding
2040 * them.) */
2041 static pthread_mutexattr_t attr_reentrant;
2042 /** True iff we've called tor_threads_init() */
2043 static int threads_initialized = 0;
2044 /** Initialize <b>mutex</b> so it can be locked. Every mutex must be set
2045 * up with tor_mutex_init() or tor_mutex_new(); not both. */
2046 void
2047 tor_mutex_init(tor_mutex_t *mutex)
2048 {
2049 int err;
2050 if (PREDICT_UNLIKELY(!threads_initialized))
2051 tor_threads_init();
2052 err = pthread_mutex_init(&mutex->mutex, &attr_reentrant);
2053 if (PREDICT_UNLIKELY(err)) {
2054 log_err(LD_GENERAL, "Error %d creating a mutex.", err);
2055 tor_fragile_assert();
2056 }
2057 }
2058 /** Wait until <b>m</b> is free, then acquire it. */
2059 void
2060 tor_mutex_acquire(tor_mutex_t *m)
2061 {
2062 int err;
2063 tor_assert(m);
2064 err = pthread_mutex_lock(&m->mutex);
2065 if (PREDICT_UNLIKELY(err)) {
2066 log_err(LD_GENERAL, "Error %d locking a mutex.", err);
2067 tor_fragile_assert();
2068 }
2069 }
2070 /** Release the lock <b>m</b> so another thread can have it. */
2071 void
2072 tor_mutex_release(tor_mutex_t *m)
2073 {
2074 int err;
2075 tor_assert(m);
2076 err = pthread_mutex_unlock(&m->mutex);
2077 if (PREDICT_UNLIKELY(err)) {
2078 log_err(LD_GENERAL, "Error %d unlocking a mutex.", err);
2079 tor_fragile_assert();
2080 }
2081 }
2082 /** Clean up the mutex <b>m</b> so that it no longer uses any system
2083 * resources. Does not free <b>m</b>. This function must only be called on
2084 * mutexes from tor_mutex_init(). */
2085 void
2086 tor_mutex_uninit(tor_mutex_t *m)
2087 {
2088 int err;
2089 tor_assert(m);
2090 err = pthread_mutex_destroy(&m->mutex);
2091 if (PREDICT_UNLIKELY(err)) {
2092 log_err(LD_GENERAL, "Error %d destroying a mutex.", err);
2093 tor_fragile_assert();
2094 }
2095 }
2096 /** Return an integer representing this thread. */
2097 unsigned long
2098 tor_get_thread_id(void)
2099 {
2100 union {
2101 pthread_t thr;
2102 unsigned long id;
2103 } r;
2104 r.thr = pthread_self();
2105 return r.id;
2106 }
2107 #endif
2108
2109 #ifdef TOR_IS_MULTITHREADED
2110 /** Return a newly allocated, ready-for-use mutex. */
2111 tor_mutex_t *
2112 tor_mutex_new(void)
2113 {
2114 tor_mutex_t *m = tor_malloc_zero(sizeof(tor_mutex_t));
2115 tor_mutex_init(m);
2116 return m;
2117 }
2118 /** Release all storage and system resources held by <b>m</b>. */
2119 void
2120 tor_mutex_free(tor_mutex_t *m)
2121 {
2122 if (!m)
2123 return;
2124 tor_mutex_uninit(m);
2125 tor_free(m);
2126 }
2127 #endif
2128
2129 /* Conditions. */
2130 #ifdef USE_PTHREADS
2131 #if 0
2132 /** Cross-platform condition implementation. */
2133 struct tor_cond_t {
2134 pthread_cond_t cond;
2135 };
2136 /** Return a newly allocated condition, with nobody waiting on it. */
2137 tor_cond_t *
2138 tor_cond_new(void)
2139 {
2140 tor_cond_t *cond = tor_malloc_zero(sizeof(tor_cond_t));
2141 if (pthread_cond_init(&cond->cond, NULL)) {
2142 tor_free(cond);
2143 return NULL;
2144 }
2145 return cond;
2146 }
2147 /** Release all resources held by <b>cond</b>. */
2148 void
2149 tor_cond_free(tor_cond_t *cond)
2150 {
2151 if (!cond)
2152 return;
2153 if (pthread_cond_destroy(&cond->cond)) {
2154 log_warn(LD_GENERAL,"Error freeing condition: %s", strerror(errno));
2155 return;
2156 }
2157 tor_free(cond);
2158 }
2159 /** Wait until one of the tor_cond_signal functions is called on <b>cond</b>.
2160 * All waiters on the condition must wait holding the same <b>mutex</b>.
2161 * Returns 0 on success, negative on failure. */
2162 int
2163 tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex)
2164 {
2165 return pthread_cond_wait(&cond->cond, &mutex->mutex) ? -1 : 0;
2166 }
2167 /** Wake up one of the waiters on <b>cond</b>. */
2168 void
2169 tor_cond_signal_one(tor_cond_t *cond)
2170 {
2171 pthread_cond_signal(&cond->cond);
2172 }
2173 /** Wake up all of the waiters on <b>cond</b>. */
2174 void
2175 tor_cond_signal_all(tor_cond_t *cond)
2176 {
2177 pthread_cond_broadcast(&cond->cond);
2178 }
2179 #endif
2180 /** Set up common structures for use by threading. */
2181 void
2182 tor_threads_init(void)
2183 {
2184 if (!threads_initialized) {
2185 pthread_mutexattr_init(&attr_reentrant);
2186 pthread_mutexattr_settype(&attr_reentrant, PTHREAD_MUTEX_RECURSIVE);
2187 threads_initialized = 1;
2188 set_main_thread();
2189 }
2190 }
2191 #elif defined(USE_WIN32_THREADS)
2192 #if 0
2193 static DWORD cond_event_tls_index;
2194 struct tor_cond_t {
2195 CRITICAL_SECTION mutex;
2196 smartlist_t *events;
2197 };
2198 tor_cond_t *
2199 tor_cond_new(void)
2200 {
2201 tor_cond_t *cond = tor_malloc_zero(sizeof(tor_cond_t));
2202 InitializeCriticalSection(&cond->mutex);
2203 cond->events = smartlist_create();
2204 return cond;
2205 }
2206 void
2207 tor_cond_free(tor_cond_t *cond)
2208 {
2209 if (!cond)
2210 return;
2211 DeleteCriticalSection(&cond->mutex);
2212 /* XXXX notify? */
2213 smartlist_free(cond->events);
2214 tor_free(cond);
2215 }
2216 int
2217 tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex)
2218 {
2219 HANDLE event;
2220 int r;
2221 tor_assert(cond);
2222 tor_assert(mutex);
2223 event = TlsGetValue(cond_event_tls_index);
2224 if (!event) {
2225 event = CreateEvent(0, FALSE, FALSE, NULL);
2226 TlsSetValue(cond_event_tls_index, event);
2227 }
2228 EnterCriticalSection(&cond->mutex);
2229
2230 tor_assert(WaitForSingleObject(event, 0) == WAIT_TIMEOUT);
2231 tor_assert(!smartlist_isin(cond->events, event));
2232 smartlist_add(cond->events, event);
2233
2234 LeaveCriticalSection(&cond->mutex);
2235
2236 tor_mutex_release(mutex);
2237 r = WaitForSingleObject(event, INFINITE);
2238 tor_mutex_acquire(mutex);
2239
2240 switch (r) {
2241 case WAIT_OBJECT_0: /* we got the mutex normally. */
2242 break;
2243 case WAIT_ABANDONED: /* holding thread exited. */
2244 case WAIT_TIMEOUT: /* Should never happen. */
2245 tor_assert(0);
2246 break;
2247 case WAIT_FAILED:
2248 log_warn(LD_GENERAL, "Failed to acquire mutex: %d",(int) GetLastError());
2249 }
2250 return 0;
2251 }
2252 void
2253 tor_cond_signal_one(tor_cond_t *cond)
2254 {
2255 HANDLE event;
2256 tor_assert(cond);
2257
2258 EnterCriticalSection(&cond->mutex);
2259
2260 if ((event = smartlist_pop_last(cond->events)))
2261 SetEvent(event);
2262
2263 LeaveCriticalSection(&cond->mutex);
2264 }
2265 void
2266 tor_cond_signal_all(tor_cond_t *cond)
2267 {
2268 tor_assert(cond);
2269
2270 EnterCriticalSection(&cond->mutex);
2271 SMARTLIST_FOREACH(cond->events, HANDLE, event, SetEvent(event));
2272 smartlist_clear(cond->events);
2273 LeaveCriticalSection(&cond->mutex);
2274 }
2275 #endif
2276 void
2277 tor_threads_init(void)
2278 {
2279 #if 0
2280 cond_event_tls_index = TlsAlloc();
2281 #endif
2282 set_main_thread();
2283 }
2284 #endif
2285
2286 #if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
2287 /** Attempt to raise the current and max rlimit to infinity for our process.
2288 * This only needs to be done once and can probably only be done when we have
2289 * not already dropped privileges.
2290 */
2291 static int
2292 tor_set_max_memlock(void)
2293 {
2294 /* Future consideration for Windows is probably SetProcessWorkingSetSize
2295 * This is similar to setting the memory rlimit of RLIMIT_MEMLOCK
2296 * http://msdn.microsoft.com/en-us/library/ms686234(VS.85).aspx
2297 */
2298
2299 struct rlimit limit;
2300
2301 /* RLIM_INFINITY is -1 on some platforms. */
2302 limit.rlim_cur = RLIM_INFINITY;
2303 limit.rlim_max = RLIM_INFINITY;
2304
2305 if (setrlimit(RLIMIT_MEMLOCK, &limit) == -1) {
2306 if (errno == EPERM) {
2307 log_warn(LD_GENERAL, "You appear to lack permissions to change memory "
2308 "limits. Are you root?");
2309 }
2310 log_warn(LD_GENERAL, "Unable to raise RLIMIT_MEMLOCK: %s",
2311 strerror(errno));
2312 return -1;
2313 }
2314
2315 return 0;
2316 }
2317 #endif
2318
2319 /** Attempt to lock all current and all future memory pages.
2320 * This should only be called once and while we're privileged.
2321 * Like mlockall() we return 0 when we're successful and -1 when we're not.
2322 * Unlike mlockall() we return 1 if we've already attempted to lock memory.
2323 */
2324 int
2325 tor_mlockall(void)
2326 {
2327 static int memory_lock_attempted = 0;
2328
2329 if (memory_lock_attempted) {
2330 return 1;
2331 }
2332
2333 memory_lock_attempted = 1;
2334
2335 /*
2336 * Future consideration for Windows may be VirtualLock
2337 * VirtualLock appears to implement mlock() but not mlockall()
2338 *
2339 * http://msdn.microsoft.com/en-us/library/aa366895(VS.85).aspx
2340 */
2341
2342 #if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
2343 if (tor_set_max_memlock() == 0) {
2344 log_debug(LD_GENERAL, "RLIMIT_MEMLOCK is now set to RLIM_INFINITY.");
2345 }
2346
2347 if (mlockall(MCL_CURRENT|MCL_FUTURE) == 0) {
2348 log_info(LD_GENERAL, "Insecure OS paging is effectively disabled.");
2349 return 0;
2350 } else {
2351 if (errno == ENOSYS) {
2352 /* Apple - it's 2009! I'm looking at you. Grrr. */
2353 log_notice(LD_GENERAL, "It appears that mlockall() is not available on "
2354 "your platform.");
2355 } else if (errno == EPERM) {
2356 log_notice(LD_GENERAL, "It appears that you lack the permissions to "
2357 "lock memory. Are you root?");
2358 }
2359 log_notice(LD_GENERAL, "Unable to lock all current and future memory "
2360 "pages: %s", strerror(errno));
2361 return -1;
2362 }
2363 #else
2364 log_warn(LD_GENERAL, "Unable to lock memory pages. mlockall() unsupported?");
2365 return -1;
2366 #endif
2367 }
2368
2369 /** Identity of the "main" thread */
2370 static unsigned long main_thread_id = -1;
2371
2372 /** Start considering the current thread to be the 'main thread'. This has
2373 * no effect on anything besides in_main_thread(). */
2374 void
2375 set_main_thread(void)
2376 {
2377 main_thread_id = tor_get_thread_id();
2378 }
2379 /** Return true iff called from the main thread. */
2380 int
2381 in_main_thread(void)
2382 {
2383 return main_thread_id == tor_get_thread_id();
2384 }
2385
2386 /**
2387 * On Windows, WSAEWOULDBLOCK is not always correct: when you see it,
2388 * you need to ask the socket for its actual errno. Also, you need to
2389 * get your errors from WSAGetLastError, not errno. (If you supply a
2390 * socket of -1, we check WSAGetLastError, but don't correct
2391 * WSAEWOULDBLOCKs.)
2392 *
2393 * The upshot of all of this is that when a socket call fails, you
2394 * should call tor_socket_errno <em>at most once</em> on the failing
2395 * socket to get the error.
2396 */
2397 #if defined(MS_WINDOWS)
2398 int
2399 tor_socket_errno(int sock)
2400 {
2401 int optval, optvallen=sizeof(optval);
2402 int err = WSAGetLastError();
2403 if (err == WSAEWOULDBLOCK && sock >= 0) {
2404 if (getsockopt(sock, SOL_SOCKET, SO_ERROR, (void*)&optval, &optvallen))
2405 return err;
2406 if (optval)
2407 return optval;
2408 }
2409 return err;
2410 }
2411 #endif
2412
2413 #if defined(MS_WINDOWS)
2414 #define E(code, s) { code, (s " [" #code " ]") }
2415 struct { int code; const char *msg; } windows_socket_errors[] = {
2416 E(WSAEINTR, "Interrupted function call"),
2417 E(WSAEACCES, "Permission denied"),
2418 E(WSAEFAULT, "Bad address"),
2419 E(WSAEINVAL, "Invalid argument"),
2420 E(WSAEMFILE, "Too many open files"),
2421 E(WSAEWOULDBLOCK, "Resource temporarily unavailable"),
2422 E(WSAEINPROGRESS, "Operation now in progress"),
2423 E(WSAEALREADY, "Operation already in progress"),
2424 E(WSAENOTSOCK, "Socket operation on nonsocket"),
2425 E(WSAEDESTADDRREQ, "Destination address required"),
2426 E(WSAEMSGSIZE, "Message too long"),
2427 E(WSAEPROTOTYPE, "Protocol wrong for socket"),
2428 E(WSAENOPROTOOPT, "Bad protocol option"),
2429 E(WSAEPROTONOSUPPORT, "Protocol not supported"),
2430 E(WSAESOCKTNOSUPPORT, "Socket type not supported"),
2431 /* What's the difference between NOTSUPP and NOSUPPORT? :) */
2432 E(WSAEOPNOTSUPP, "Operation not supported"),
2433 E(WSAEPFNOSUPPORT, "Protocol family not supported"),
2434 E(WSAEAFNOSUPPORT, "Address family not supported by protocol family"),
2435 E(WSAEADDRINUSE, "Address already in use"),
2436 E(WSAEADDRNOTAVAIL, "Cannot assign requested address"),
2437 E(WSAENETDOWN, "Network is down"),
2438 E(WSAENETUNREACH, "Network is unreachable"),
2439 E(WSAENETRESET, "Network dropped connection on reset"),
2440 E(WSAECONNABORTED, "Software caused connection abort"),
2441 E(WSAECONNRESET, "Connection reset by peer"),
2442 E(WSAENOBUFS, "No buffer space available"),
2443 E(WSAEISCONN, "Socket is already connected"),
2444 E(WSAENOTCONN, "Socket is not connected"),
2445 E(WSAESHUTDOWN, "Cannot send after socket shutdown"),
2446 E(WSAETIMEDOUT, "Connection timed out"),
2447 E(WSAECONNREFUSED, "Connection refused"),
2448 E(WSAEHOSTDOWN, "Host is down"),
2449 E(WSAEHOSTUNREACH, "No route to host"),
2450 E(WSAEPROCLIM, "Too many processes"),
2451 /* Yes, some of these start with WSA, not WSAE. No, I don't know why. */
2452 E(WSASYSNOTREADY, "Network subsystem is unavailable"),
2453 E(WSAVERNOTSUPPORTED, "Winsock.dll out of range"),
2454 E(WSANOTINITIALISED, "Successful WSAStartup not yet performed"),
2455 E(WSAEDISCON, "Graceful shutdown now in progress"),
2456 #ifdef WSATYPE_NOT_FOUND
2457 E(WSATYPE_NOT_FOUND, "Class type not found"),
2458 #endif
2459 E(WSAHOST_NOT_FOUND, "Host not found"),
2460 E(WSATRY_AGAIN, "Nonauthoritative host not found"),
2461 E(WSANO_RECOVERY, "This is a nonrecoverable error"),
2462 E(WSANO_DATA, "Valid name, no data record of requested type)"),
2463
2464 /* There are some more error codes whose numeric values are marked
2465 * <b>OS dependent</b>. They start with WSA_, apparently for the same
2466 * reason that practitioners of some craft traditions deliberately
2467 * introduce imperfections into their baskets and rugs "to allow the
2468 * evil spirits to escape." If we catch them, then our binaries
2469 * might not report consistent results across versions of Windows.
2470 * Thus, I'm going to let them all fall through.
2471 */
2472 { -1, NULL },
2473 };
2474 /** There does not seem to be a strerror equivalent for Winsock errors.
2475 * Naturally, we have to roll our own.
2476 */
2477 const char *
2478 tor_socket_strerror(int e)
2479 {
2480 int i;
2481 for (i=0; windows_socket_errors[i].code >= 0; ++i) {
2482 if (e == windows_socket_errors[i].code)
2483 return windows_socket_errors[i].msg;
2484 }
2485 return strerror(e);
2486 }
2487 #endif
2488
2489 /** Called before we make any calls to network-related functions.
2490 * (Some operating systems require their network libraries to be
2491 * initialized.) */
2492 int
2493 network_init(void)
2494 {
2495 #ifdef MS_WINDOWS
2496 /* This silly exercise is necessary before windows will allow
2497 * gethostbyname to work. */
2498 WSADATA WSAData;
2499 int r;
2500 r = WSAStartup(0x101,&WSAData);
2501 if (r) {
2502 log_warn(LD_NET,"Error initializing windows network layer: code was %d",r);
2503 return -1;
2504 }
2505 /* WSAData.iMaxSockets might show the max sockets we're allowed to use.
2506 * We might use it to complain if we're trying to be a server but have
2507 * too few sockets available. */
2508 #endif
2509 return 0;
2510 }
2511
2512 #ifdef MS_WINDOWS
2513 /** Return a newly allocated string describing the windows system error code
2514 * <b>err</b>. Note that error codes are different from errno. Error codes
2515 * come from GetLastError() when a winapi call fails. errno is set only when
2516 * ANSI functions fail. Whee. */
2517 char *
2518 format_win32_error(DWORD err)
2519 {
2520 LPVOID str = NULL;
2521 char abuf[1024] = {0};
2522 char *result;
2523
2524 /* Somebody once decided that this interface was better than strerror(). */
2525 FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
2526 FORMAT_MESSAGE_FROM_SYSTEM |
2527 FORMAT_MESSAGE_IGNORE_INSERTS,
2528 NULL, err,
2529 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
2530 (LPWSTR) &str,
2531 0, NULL);
2532
2533 if (str) {
2534 wcstombs(abuf,str,1024);
2535 result = tor_strdup((char*)abuf);
2536 LocalFree(str); /* LocalFree != free() */
2537 } else {
2538 result = tor_strdup("<unformattable error>");
2539 }
2540 return result;
2541 }
2542 #endif
2543
The Onion Router