compat.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592
  1. /* Copyright (c) 2003-2004, Roger Dingledine
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2018, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. /**
  6. * \file compat.c
  7. * \brief Wrappers to make calls more portable. This code defines
  8. * functions such as tor_snprintf, get/set various data types,
  9. * renaming, setting socket options, switching user IDs. It is basically
  10. * where the non-portable items are conditionally included depending on
  11. * the platform.
  12. **/
  13. #define COMPAT_PRIVATE
  14. #include "common/compat.h"
  15. #ifdef _WIN32
  16. #include <winsock2.h>
  17. #include <windows.h>
  18. #include <sys/locking.h>
  19. #endif
  20. #ifdef HAVE_UNAME
  21. #include <sys/utsname.h>
  22. #endif
  23. #ifdef HAVE_SYS_TYPES_H
  24. #include <sys/types.h>
  25. #endif
  26. #ifdef HAVE_SYS_SYSCTL_H
  27. #include <sys/sysctl.h>
  28. #endif
  29. #ifdef HAVE_SYS_STAT_H
  30. #include <sys/stat.h>
  31. #endif
  32. #ifdef HAVE_UTIME_H
  33. #include <utime.h>
  34. #endif
  35. #ifdef HAVE_SYS_UTIME_H
  36. #include <sys/utime.h>
  37. #endif
  38. #ifdef HAVE_UNISTD_H
  39. #include <unistd.h>
  40. #endif
  41. #ifdef HAVE_SYS_FCNTL_H
  42. #include <sys/fcntl.h>
  43. #endif
  44. #ifdef HAVE_PWD_H
  45. #include <pwd.h>
  46. #endif
  47. #ifdef HAVE_GRP_H
  48. #include <grp.h>
  49. #endif
  50. #ifdef HAVE_FCNTL_H
  51. #include <fcntl.h>
  52. #endif
  53. #ifdef HAVE_ERRNO_H
  54. #include <errno.h>
  55. #endif
  56. #ifdef HAVE_ARPA_INET_H
  57. #include <arpa/inet.h>
  58. #endif
  59. #ifdef HAVE_CRT_EXTERNS_H
  60. #include <crt_externs.h>
  61. #endif
  62. #ifdef HAVE_SYS_STATVFS_H
  63. #include <sys/statvfs.h>
  64. #endif
  65. #ifdef HAVE_SYS_CAPABILITY_H
  66. #include <sys/capability.h>
  67. #endif
  68. #ifdef _WIN32
  69. #include <conio.h>
  70. #include <wchar.h>
  71. /* Some mingw headers lack these. :p */
  72. #if defined(HAVE_DECL__GETWCH) && !HAVE_DECL__GETWCH
  73. wint_t _getwch(void);
  74. #endif
  75. #ifndef WEOF
  76. #define WEOF (wchar_t)(0xFFFF)
  77. #endif
  78. #if defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY
  79. static inline void
  80. SecureZeroMemory(PVOID ptr, SIZE_T cnt)
  81. {
  82. volatile char *vcptr = (volatile char*)ptr;
  83. while (cnt--)
  84. *vcptr++ = 0;
  85. }
  86. #endif /* defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY */
  87. #elif defined(HAVE_READPASSPHRASE_H)
  88. #include <readpassphrase.h>
  89. #else
  90. #include "tor_readpassphrase.h"
  91. #endif /* defined(_WIN32) || ... */
  92. /* Includes for the process attaching prevention */
  93. #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
  94. /* Only use the linux prctl; the IRIX prctl is totally different */
  95. #include <sys/prctl.h>
  96. #elif defined(__APPLE__)
  97. #include <sys/ptrace.h>
  98. #endif /* defined(HAVE_SYS_PRCTL_H) && defined(__linux__) || ... */
  99. #ifdef HAVE_NETDB_H
  100. #include <netdb.h>
  101. #endif
  102. #ifdef HAVE_SYS_PARAM_H
  103. #include <sys/param.h> /* FreeBSD needs this to know what version it is */
  104. #endif
  105. #include <stdio.h>
  106. #include <stdlib.h>
  107. #ifdef HAVE_SIGNAL_H
  108. #include <signal.h>
  109. #endif
  110. #ifdef HAVE_MMAP
  111. #include <sys/mman.h>
  112. #endif
  113. #ifdef HAVE_SYS_SYSLIMITS_H
  114. #include <sys/syslimits.h>
  115. #endif
  116. #ifdef HAVE_SYS_FILE_H
  117. #include <sys/file.h>
  118. #endif
  119. #include "lib/log/torlog.h"
  120. #include "common/util.h"
  121. #include "lib/container/smartlist.h"
  122. #include "lib/wallclock/tm_cvt.h"
  123. #include "lib/net/address.h"
  124. #include "lib/sandbox/sandbox.h"
  125. /** Number of extra file descriptors to keep in reserve beyond those that we
  126. * tell Tor it's allowed to use. */
  127. #define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond ConnLimit_ */
  128. /** Learn the maximum allowed number of file descriptors, and tell the
  129. * system we want to use up to that number. (Some systems have a low soft
  130. * limit, and let us set it higher.) We compute this by finding the largest
  131. * number that we can use.
  132. *
  133. * If the limit is below the reserved file descriptor value (ULIMIT_BUFFER),
  134. * return -1 and <b>max_out</b> is untouched.
  135. *
  136. * If we can't find a number greater than or equal to <b>limit</b>, then we
  137. * fail by returning -1 and <b>max_out</b> is untouched.
  138. *
  139. * If we are unable to set the limit value because of setrlimit() failing,
  140. * return 0 and <b>max_out</b> is set to the current maximum value returned
  141. * by getrlimit().
  142. *
  143. * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>
  144. * and set <b>max_sockets</b> with that value as well.*/
  145. int
  146. set_max_file_descriptors(rlim_t limit, int *max_out)
  147. {
  148. if (limit < ULIMIT_BUFFER) {
  149. log_warn(LD_CONFIG,
  150. "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
  151. return -1;
  152. }
  153. /* Define some maximum connections values for systems where we cannot
  154. * automatically determine a limit. Re Cygwin, see
  155. * http://archives.seul.org/or/talk/Aug-2006/msg00210.html
  156. * For an iPhone, 9999 should work. For Windows and all other unknown
  157. * systems we use 15000 as the default. */
  158. #ifndef HAVE_GETRLIMIT
  159. #if defined(CYGWIN) || defined(__CYGWIN__)
  160. const char *platform = "Cygwin";
  161. const unsigned long MAX_CONNECTIONS = 3200;
  162. #elif defined(_WIN32)
  163. const char *platform = "Windows";
  164. const unsigned long MAX_CONNECTIONS = 15000;
  165. #else
  166. const char *platform = "unknown platforms with no getrlimit()";
  167. const unsigned long MAX_CONNECTIONS = 15000;
  168. #endif /* defined(CYGWIN) || defined(__CYGWIN__) || ... */
  169. log_fn(LOG_INFO, LD_NET,
  170. "This platform is missing getrlimit(). Proceeding.");
  171. if (limit > MAX_CONNECTIONS) {
  172. log_warn(LD_CONFIG,
  173. "We do not support more than %lu file descriptors "
  174. "on %s. Tried to raise to %lu.",
  175. (unsigned long)MAX_CONNECTIONS, platform, (unsigned long)limit);
  176. return -1;
  177. }
  178. limit = MAX_CONNECTIONS;
  179. #else /* !(!defined(HAVE_GETRLIMIT)) */
  180. struct rlimit rlim;
  181. if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
  182. log_warn(LD_NET, "Could not get maximum number of file descriptors: %s",
  183. strerror(errno));
  184. return -1;
  185. }
  186. if (rlim.rlim_max < limit) {
  187. log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
  188. "limited to %lu. Please change your ulimit -n.",
  189. (unsigned long)limit, (unsigned long)rlim.rlim_max);
  190. return -1;
  191. }
  192. if (rlim.rlim_max > rlim.rlim_cur) {
  193. log_info(LD_NET,"Raising max file descriptors from %lu to %lu.",
  194. (unsigned long)rlim.rlim_cur, (unsigned long)rlim.rlim_max);
  195. }
  196. /* Set the current limit value so if the attempt to set the limit to the
  197. * max fails at least we'll have a valid value of maximum sockets. */
  198. *max_out = (int)rlim.rlim_cur - ULIMIT_BUFFER;
  199. set_max_sockets(*max_out);
  200. rlim.rlim_cur = rlim.rlim_max;
  201. if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) {
  202. int couldnt_set = 1;
  203. const int setrlimit_errno = errno;
  204. #ifdef OPEN_MAX
  205. uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
  206. if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
  207. /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
  208. * full of nasty lies. I'm looking at you, OSX 10.5.... */
  209. rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
  210. if (setrlimit(RLIMIT_NOFILE, &rlim) == 0) {
  211. if (rlim.rlim_cur < (rlim_t)limit) {
  212. log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
  213. "OPEN_MAX (%lu), and ConnLimit is %lu. Changing "
  214. "ConnLimit; sorry.",
  215. (unsigned long)try_limit, (unsigned long)OPEN_MAX,
  216. (unsigned long)limit);
  217. } else {
  218. log_info(LD_CONFIG, "Dropped connection limit to %lu based on "
  219. "OPEN_MAX (%lu); Apparently, %lu was too high and rlimit "
  220. "lied to us.",
  221. (unsigned long)try_limit, (unsigned long)OPEN_MAX,
  222. (unsigned long)rlim.rlim_max);
  223. }
  224. couldnt_set = 0;
  225. }
  226. }
  227. #endif /* defined(OPEN_MAX) */
  228. if (couldnt_set) {
  229. log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
  230. strerror(setrlimit_errno));
  231. }
  232. }
  233. /* leave some overhead for logs, etc, */
  234. limit = rlim.rlim_cur;
  235. #endif /* !defined(HAVE_GETRLIMIT) */
  236. if (limit > INT_MAX)
  237. limit = INT_MAX;
  238. tor_assert(max_out);
  239. *max_out = (int)limit - ULIMIT_BUFFER;
  240. set_max_sockets(*max_out);
  241. return 0;
  242. }
  243. /** Hold the result of our call to <b>uname</b>. */
  244. static char uname_result[256];
  245. /** True iff uname_result is set. */
  246. static int uname_result_is_set = 0;
  247. /** Return a pointer to a description of our platform.
  248. */
  249. MOCK_IMPL(const char *,
  250. get_uname,(void))
  251. {
  252. #ifdef HAVE_UNAME
  253. struct utsname u;
  254. #endif
  255. if (!uname_result_is_set) {
  256. #ifdef HAVE_UNAME
  257. if (uname(&u) != -1) {
  258. /* (Linux says 0 is success, Solaris says 1 is success) */
  259. strlcpy(uname_result, u.sysname, sizeof(uname_result));
  260. } else
  261. #endif /* defined(HAVE_UNAME) */
  262. {
  263. #ifdef _WIN32
  264. OSVERSIONINFOEX info;
  265. int i;
  266. const char *plat = NULL;
  267. static struct {
  268. unsigned major; unsigned minor; const char *version;
  269. } win_version_table[] = {
  270. { 6, 2, "Windows 8" },
  271. { 6, 1, "Windows 7" },
  272. { 6, 0, "Windows Vista" },
  273. { 5, 2, "Windows Server 2003" },
  274. { 5, 1, "Windows XP" },
  275. { 5, 0, "Windows 2000" },
  276. /* { 4, 0, "Windows NT 4.0" }, */
  277. { 4, 90, "Windows Me" },
  278. { 4, 10, "Windows 98" },
  279. /* { 4, 0, "Windows 95" } */
  280. { 3, 51, "Windows NT 3.51" },
  281. { 0, 0, NULL }
  282. };
  283. memset(&info, 0, sizeof(info));
  284. info.dwOSVersionInfoSize = sizeof(info);
  285. if (! GetVersionEx((LPOSVERSIONINFO)&info)) {
  286. strlcpy(uname_result, "Bizarre version of Windows where GetVersionEx"
  287. " doesn't work.", sizeof(uname_result));
  288. uname_result_is_set = 1;
  289. return uname_result;
  290. }
  291. if (info.dwMajorVersion == 4 && info.dwMinorVersion == 0) {
  292. if (info.dwPlatformId == VER_PLATFORM_WIN32_NT)
  293. plat = "Windows NT 4.0";
  294. else
  295. plat = "Windows 95";
  296. } else {
  297. for (i=0; win_version_table[i].major>0; ++i) {
  298. if (win_version_table[i].major == info.dwMajorVersion &&
  299. win_version_table[i].minor == info.dwMinorVersion) {
  300. plat = win_version_table[i].version;
  301. break;
  302. }
  303. }
  304. }
  305. if (plat) {
  306. strlcpy(uname_result, plat, sizeof(uname_result));
  307. } else {
  308. if (info.dwMajorVersion > 6 ||
  309. (info.dwMajorVersion==6 && info.dwMinorVersion>2))
  310. tor_snprintf(uname_result, sizeof(uname_result),
  311. "Very recent version of Windows [major=%d,minor=%d]",
  312. (int)info.dwMajorVersion,(int)info.dwMinorVersion);
  313. else
  314. tor_snprintf(uname_result, sizeof(uname_result),
  315. "Unrecognized version of Windows [major=%d,minor=%d]",
  316. (int)info.dwMajorVersion,(int)info.dwMinorVersion);
  317. }
  318. #ifdef VER_NT_SERVER
  319. if (info.wProductType == VER_NT_SERVER ||
  320. info.wProductType == VER_NT_DOMAIN_CONTROLLER) {
  321. strlcat(uname_result, " [server]", sizeof(uname_result));
  322. }
  323. #endif /* defined(VER_NT_SERVER) */
  324. #else /* !(defined(_WIN32)) */
  325. /* LCOV_EXCL_START -- can't provoke uname failure */
  326. strlcpy(uname_result, "Unknown platform", sizeof(uname_result));
  327. /* LCOV_EXCL_STOP */
  328. #endif /* defined(_WIN32) */
  329. }
  330. uname_result_is_set = 1;
  331. }
  332. return uname_result;
  333. }
  334. /*
  335. * Process control
  336. */
  337. #if defined(HW_PHYSMEM64)
  338. /* This appears to be an OpenBSD thing */
  339. #define INT64_HW_MEM HW_PHYSMEM64
  340. #elif defined(HW_MEMSIZE)
  341. /* OSX defines this one */
  342. #define INT64_HW_MEM HW_MEMSIZE
  343. #endif /* defined(HW_PHYSMEM64) || ... */
  344. /**
  345. * Helper: try to detect the total system memory, and return it. On failure,
  346. * return 0.
  347. */
  348. static uint64_t
  349. get_total_system_memory_impl(void)
  350. {
  351. #if defined(__linux__)
  352. /* On linux, sysctl is deprecated. Because proc is so awesome that you
  353. * shouldn't _want_ to write portable code, I guess? */
  354. unsigned long long result=0;
  355. int fd = -1;
  356. char *s = NULL;
  357. const char *cp;
  358. size_t file_size=0;
  359. if (-1 == (fd = tor_open_cloexec("/proc/meminfo",O_RDONLY,0)))
  360. return 0;
  361. s = read_file_to_str_until_eof(fd, 65536, &file_size);
  362. if (!s)
  363. goto err;
  364. cp = strstr(s, "MemTotal:");
  365. if (!cp)
  366. goto err;
  367. /* Use the system sscanf so that space will match a wider number of space */
  368. if (sscanf(cp, "MemTotal: %llu kB\n", &result) != 1)
  369. goto err;
  370. close(fd);
  371. tor_free(s);
  372. return result * 1024;
  373. /* LCOV_EXCL_START Can't reach this unless proc is broken. */
  374. err:
  375. tor_free(s);
  376. close(fd);
  377. return 0;
  378. /* LCOV_EXCL_STOP */
  379. #elif defined (_WIN32)
  380. /* Windows has MEMORYSTATUSEX; pretty straightforward. */
  381. MEMORYSTATUSEX ms;
  382. memset(&ms, 0, sizeof(ms));
  383. ms.dwLength = sizeof(ms);
  384. if (! GlobalMemoryStatusEx(&ms))
  385. return 0;
  386. return ms.ullTotalPhys;
  387. #elif defined(HAVE_SYSCTL) && defined(INT64_HW_MEM)
  388. /* On many systems, HW_PYHSMEM is clipped to 32 bits; let's use a better
  389. * variant if we know about it. */
  390. uint64_t memsize = 0;
  391. size_t len = sizeof(memsize);
  392. int mib[2] = {CTL_HW, INT64_HW_MEM};
  393. if (sysctl(mib,2,&memsize,&len,NULL,0))
  394. return 0;
  395. return memsize;
  396. #elif defined(HAVE_SYSCTL) && defined(HW_PHYSMEM)
  397. /* On some systems (like FreeBSD I hope) you can use a size_t with
  398. * HW_PHYSMEM. */
  399. size_t memsize=0;
  400. size_t len = sizeof(memsize);
  401. int mib[2] = {CTL_HW, HW_USERMEM};
  402. if (sysctl(mib,2,&memsize,&len,NULL,0))
  403. return 0;
  404. return memsize;
  405. #else
  406. /* I have no clue. */
  407. return 0;
  408. #endif /* defined(__linux__) || ... */
  409. }
  410. /**
  411. * Try to find out how much physical memory the system has. On success,
  412. * return 0 and set *<b>mem_out</b> to that value. On failure, return -1.
  413. */
  414. MOCK_IMPL(int,
  415. get_total_system_memory, (size_t *mem_out))
  416. {
  417. static size_t mem_cached=0;
  418. uint64_t m = get_total_system_memory_impl();
  419. if (0 == m) {
  420. /* LCOV_EXCL_START -- can't make this happen without mocking. */
  421. /* We couldn't find our memory total */
  422. if (0 == mem_cached) {
  423. /* We have no cached value either */
  424. *mem_out = 0;
  425. return -1;
  426. }
  427. *mem_out = mem_cached;
  428. return 0;
  429. /* LCOV_EXCL_STOP */
  430. }
  431. #if SIZE_MAX != UINT64_MAX
  432. if (m > SIZE_MAX) {
  433. /* I think this could happen if we're a 32-bit Tor running on a 64-bit
  434. * system: we could have more system memory than would fit in a
  435. * size_t. */
  436. m = SIZE_MAX;
  437. }
  438. #endif /* SIZE_MAX != UINT64_MAX */
  439. *mem_out = mem_cached = (size_t) m;
  440. return 0;
  441. }
  442. /** Emit the password prompt <b>prompt</b>, then read up to <b>buflen</b>
  443. * bytes of passphrase into <b>output</b>. Return the number of bytes in
  444. * the passphrase, excluding terminating NUL.
  445. */
  446. ssize_t
  447. tor_getpass(const char *prompt, char *output, size_t buflen)
  448. {
  449. tor_assert(buflen <= SSIZE_MAX);
  450. tor_assert(buflen >= 1);
  451. #if defined(HAVE_READPASSPHRASE)
  452. char *pwd = readpassphrase(prompt, output, buflen, RPP_ECHO_OFF);
  453. if (pwd == NULL)
  454. return -1;
  455. return strlen(pwd);
  456. #elif defined(_WIN32)
  457. int r = -1;
  458. while (*prompt) {
  459. _putch(*prompt++);
  460. }
  461. tor_assert(buflen <= INT_MAX);
  462. wchar_t *buf = tor_calloc(buflen, sizeof(wchar_t));
  463. wchar_t *ptr = buf, *lastch = buf + buflen - 1;
  464. while (ptr < lastch) {
  465. wint_t ch = _getwch();
  466. switch (ch) {
  467. case '\r':
  468. case '\n':
  469. case WEOF:
  470. goto done_reading;
  471. case 3:
  472. goto done; /* Can't actually read ctrl-c this way. */
  473. case '\b':
  474. if (ptr > buf)
  475. --ptr;
  476. continue;
  477. case 0:
  478. case 0xe0:
  479. ch = _getwch(); /* Ignore; this is a function or arrow key */
  480. break;
  481. default:
  482. *ptr++ = ch;
  483. break;
  484. }
  485. }
  486. done_reading:
  487. ;
  488. #ifndef WC_ERR_INVALID_CHARS
  489. #define WC_ERR_INVALID_CHARS 0x80
  490. #endif
  491. /* Now convert it to UTF-8 */
  492. r = WideCharToMultiByte(CP_UTF8,
  493. WC_NO_BEST_FIT_CHARS|WC_ERR_INVALID_CHARS,
  494. buf, (int)(ptr-buf),
  495. output, (int)(buflen-1),
  496. NULL, NULL);
  497. if (r <= 0) {
  498. r = -1;
  499. goto done;
  500. }
  501. tor_assert(r < (int)buflen);
  502. output[r] = 0;
  503. done:
  504. SecureZeroMemory(buf, sizeof(wchar_t)*buflen);
  505. tor_free(buf);
  506. return r;
  507. #else
  508. #error "No implementation for tor_getpass found!"
  509. #endif /* defined(HAVE_READPASSPHRASE) || ... */
  510. }
  511. /** Return the amount of free disk space we have permission to use, in
  512. * bytes. Return -1 if the amount of free space can't be determined. */
  513. int64_t
  514. tor_get_avail_disk_space(const char *path)
  515. {
  516. #ifdef HAVE_STATVFS
  517. struct statvfs st;
  518. int r;
  519. memset(&st, 0, sizeof(st));
  520. r = statvfs(path, &st);
  521. if (r < 0)
  522. return -1;
  523. int64_t result = st.f_bavail;
  524. if (st.f_frsize) {
  525. result *= st.f_frsize;
  526. } else if (st.f_bsize) {
  527. result *= st.f_bsize;
  528. } else {
  529. return -1;
  530. }
  531. return result;
  532. #elif defined(_WIN32)
  533. ULARGE_INTEGER freeBytesAvail;
  534. BOOL ok;
  535. ok = GetDiskFreeSpaceEx(path, &freeBytesAvail, NULL, NULL);
  536. if (!ok) {
  537. return -1;
  538. }
  539. return (int64_t)freeBytesAvail.QuadPart;
  540. #else
  541. (void)path;
  542. errno = ENOSYS;
  543. return -1;
  544. #endif /* defined(HAVE_STATVFS) || ... */
  545. }