OpenCoverage

sshd.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssh/src/sshd.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: sshd.c,v 1.516 2018/09/21 12:23:17 djm Exp $ */ -

2 /* -

3 * Author: Tatu Ylonen <ylo@cs.hut.fi> -

6 * This program is the ssh daemon. It listens for connections from clients, -

7 * and performs authentication, executes use commands or shell, and forwards -

8 * information to/from the application to the user client over an encrypted -

9 * connection. This can also handle forwarding of X11, TCP/IP, and -

10 * authentication agent connections. -

11 * -

12 * As far as I am concerned, the code I have written for this software -

13 * can be used freely for any purpose. Any derived versions of this -

14 * software must be clearly marked as such, and if the derived work is -

15 * incompatible with the protocol description in the RFC file, it must be -

16 * called by a name other than "ssh" or "Secure Shell". -

17 * -

18 * SSH2 implementation: -

19 * Privilege Separation: -

20 * -

23 * -

24 * Redistribution and use in source and binary forms, with or without -

25 * modification, are permitted provided that the following conditions -

26 * are met: -

27 * 1. Redistributions of source code must retain the above copyright -

28 * notice, this list of conditions and the following disclaimer. -

29 * 2. Redistributions in binary form must reproduce the above copyright -

30 * notice, this list of conditions and the following disclaimer in the -

31 * documentation and/or other materials provided with the distribution. -

32 * -

33 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -

34 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -

35 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -

36 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -

37 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

38 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -

39 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -

40 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -

41 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -

42 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

43 */ -

44 -

45 #include "includes.h" -

46 -

47 #include <sys/types.h> -

48 #include <sys/ioctl.h> -

49 #include <sys/socket.h> -

50 #ifdef HAVE_SYS_STAT_H -

51 # include <sys/stat.h> -

52 #endif -

53 #ifdef HAVE_SYS_TIME_H -

54 # include <sys/time.h> -

55 #endif -

56 #include "openbsd-compat/sys-tree.h" -

57 #include "openbsd-compat/sys-queue.h" -

58 #include <sys/wait.h> -

59 -

60 #include <errno.h> -

61 #include <fcntl.h> -

62 #include <netdb.h> -

63 #ifdef HAVE_PATHS_H -

64 #include <paths.h> -

65 #endif -

66 #include <grp.h> -

67 #include <pwd.h> -

68 #include <signal.h> -

69 #include <stdarg.h> -

70 #include <stdio.h> -

71 #include <stdlib.h> -

72 #include <string.h> -

73 #include <unistd.h> -

74 #include <limits.h> -

75 -

76 #ifdef WITH_OPENSSL -

77 #include <openssl/dh.h> -

78 #include <openssl/bn.h> -

79 #include <openssl/rand.h> -

80 #include "openbsd-compat/openssl-compat.h" -

81 #endif -

82 -

83 #ifdef HAVE_SECUREWARE -

84 #include <sys/security.h> -

85 #include <prot.h> -

86 #endif -

87 -

88 #include "xmalloc.h" -

89 #include "ssh.h" -

90 #include "ssh2.h" -

91 #include "sshpty.h" -

92 #include "packet.h" -

93 #include "log.h" -

94 #include "sshbuf.h" -

95 #include "misc.h" -

96 #include "match.h" -

97 #include "servconf.h" -

98 #include "uidswap.h" -

99 #include "compat.h" -

100 #include "cipher.h" -

101 #include "digest.h" -

102 #include "sshkey.h" -

103 #include "kex.h" -

104 #include "myproposal.h" -

105 #include "authfile.h" -

106 #include "pathnames.h" -

107 #include "atomicio.h" -

108 #include "canohost.h" -

109 #include "hostfile.h" -

110 #include "auth.h" -

111 #include "authfd.h" -

112 #include "msg.h" -

113 #include "dispatch.h" -

114 #include "channels.h" -

115 #include "session.h" -

116 #include "monitor.h" -

117 #ifdef GSSAPI -

118 #include "ssh-gss.h" -

119 #endif -

120 #include "monitor_wrap.h" -

121 #include "ssh-sandbox.h" -

122 #include "auth-options.h" -

123 #include "version.h" -

124 #include "ssherr.h" -

125 -

126 /* Re-exec fds */ -

127 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) -

128 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -

129 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) -

130 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) -

131 -

132 extern char *__progname; -

133 -

134 /* Server configuration options. */ -

135 ServerOptions options; -

136 -

137 /* Name of the server configuration file. */ -

138 char *config_file_name = _PATH_SERVER_CONFIG_FILE; -

139 -

140 /* -

141 * Debug mode flag. This can be set on the command line. If debug -

142 * mode is enabled, extra debugging output will be sent to the system -

143 * log, the daemon will not go to background, and will exit after processing -

144 * the first connection. -

145 */ -

146 int debug_flag = 0; -

147 -

148 /* -

149 * Indicating that the daemon should only test the configuration and keys. -

150 * If test_flag > 1 ("-T" flag), then sshd will also dump the effective -

151 * configuration, optionally using connection information provided by the -

152 * "-C" flag. -

153 */ -

154 int test_flag = 0; -

155 -

156 /* Flag indicating that the daemon is being started from inetd. */ -

157 int inetd_flag = 0; -

158 -

159 /* Flag indicating that sshd should not detach and become a daemon. */ -

160 int no_daemon_flag = 0; -

161 -

162 /* debug goes to stderr unless inetd_flag is set */ -

163 int log_stderr = 0; -

164 -

165 /* Saved arguments to main(). */ -

166 char **saved_argv; -

167 int saved_argc; -

168 -

169 /* re-exec */ -

170 int rexeced_flag = 0; -

171 int rexec_flag = 1; -

172 int rexec_argc = 0; -

173 char **rexec_argv; -

174 -

175 /* -

176 * The sockets that the server is listening; this is used in the SIGHUP -

177 * signal handler. -

178 */ -

179 #define MAX_LISTEN_SOCKS 16 -

180 int listen_socks[MAX_LISTEN_SOCKS]; -

181 int num_listen_socks = 0; -

182 -

183 /* -

184 * the client's version string, passed by sshd2 in compat mode. if != NULL, -

185 * sshd will skip the version-number exchange -

186 */ -

187 char *client_version_string = NULL; -

188 char *server_version_string = NULL; -

189 -

190 /* Daemon's agent connection */ -

191 int auth_sock = -1; -

192 int have_agent = 0; -

193 -

194 /* -

195 * Any really sensitive data in the application is contained in this -

196 * structure. The idea is that this structure could be locked into memory so -

197 * that the pages do not get written into swap. However, there are some -

198 * problems. The private key contains BIGNUMs, and we do not (in principle) -

199 * have access to the internals of them, and locking just the structure is -

200 * not very useful. Currently, memory locking is not implemented. -

201 */ -

202 struct { -

203 struct sshkey **host_keys; /* all private host keys */ -

204 struct sshkey **host_pubkeys; /* all public host keys */ -

205 struct sshkey **host_certificates; /* all public host certificates */ -

206 int have_ssh2_key; -

207 } sensitive_data; -

208 -

209 /* This is set to true when a signal is received. */ -

210 static volatile sig_atomic_t received_sighup = 0; -

211 static volatile sig_atomic_t received_sigterm = 0; -

212 -

213 /* session identifier, used by RSA-auth */ -

214 u_char session_id[16]; -

215 -

216 /* same for ssh2 */ -

217 u_char *session_id2 = NULL; -

218 u_int session_id2_len = 0; -

219 -

220 /* record remote hostname or ip */ -

221 u_int utmp_len = HOST_NAME_MAX+1; -

222 -

223 /* options.max_startup sized array of fd ints */ -

224 int *startup_pipes = NULL; -

225 int startup_pipe; /* in child */ -

226 -

227 /* variables used for privilege separation */ -

228 int use_privsep = -1; -

229 struct monitor *pmonitor = NULL; -

230 int privsep_is_preauth = 1; -

231 static int privsep_chroot = 1; -

232 -

233 /* global authentication context */ -

234 Authctxt *the_authctxt = NULL; -

235 -

236 /* global key/cert auth options. XXX move to permanent ssh->authctxt? */ -

237 struct sshauthopt *auth_opts = NULL; -

238 -

239 /* sshd_config buffer */ -

240 struct sshbuf *cfg; -

241 -

242 /* message to be displayed after login */ -

243 struct sshbuf *loginmsg; -

244 -

245 /* Unprivileged user */ -

246 struct passwd *privsep_pw = NULL; -

247 -

248 /* Prototypes for various functions defined later in this file. */ -

249 void destroy_sensitive_data(void); -

250 void demote_sensitive_data(void); -

251 static void do_ssh2_kex(void); -

252 -

253 /* -

254 * Close all listening sockets -

255 */ -

256 static void -

257 close_listen_socks(void) -

258 { -

259 int i; -

260 -

261

for (i = 0; i < num_listen_socks; i++)

i < num_listen_socks	Description
TRUE	never evaluated
FALSE	never evaluated

262

close(listen_socks[i]);

never executed: close(listen_socks[i]);

263 num_listen_socks = -1; -

264

}

never executed: end of block

265 -

266 static void -

267 close_startup_pipes(void) -

268 { -

269 int i; -

270 -

271

if (startup_pipes)

startup_pipes	Description
TRUE	never evaluated
FALSE	never evaluated

272

for (i = 0; i < options.max_startups; i++)

i < options.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

273

if (startup_pipes[i] != -1)

startup_pipes[i] != -1	Description
TRUE	never evaluated
FALSE	never evaluated

274

close(startup_pipes[i]);

never executed: close(startup_pipes[i]);

275

}

never executed: end of block

276 -

277 /* -

278 * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; -

279 * the effect is to reread the configuration file (and to regenerate -

280 * the server key). -

281 */ -

282 -

283 /*ARGSUSED*/ -

284 static void -

285 sighup_handler(int sig) -

286 { -

287 int save_errno = errno; -

288 -

289 received_sighup = 1; -

290 errno = save_errno; -

291

}

never executed: end of block

292 -

293 /* -

294 * Called from the main program after receiving SIGHUP. -

295 * Restarts the server. -

296 */ -

297 static void -

298 sighup_restart(void) -

299 { -

300 logit("Received SIGHUP; restarting."); -

301

if (options.pid_file != NULL)

options.pid_fi...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

302

unlink(options.pid_file);

never executed: unlink(options.pid_file);

303 platform_pre_restart(); -

304 close_listen_socks(); -

305 close_startup_pipes(); -

306 alarm(0); /* alarm timer persists across exec */ -

307 signal(SIGHUP, SIG_IGN); /* will be restored after exec */ -

308 execv(saved_argv[0], saved_argv); -

309 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], -

310 strerror(errno)); -

311

exit(1);

never executed: exit(1);

312 } -

313 -

314 /* -

315 * Generic signal handler for terminating signals in the master daemon. -

316 */ -

317 /*ARGSUSED*/ -

318 static void -

319 sigterm_handler(int sig) -

320 { -

321 received_sigterm = sig; -

322

}

never executed: end of block

323 -

324 /* -

325 * SIGCHLD handler. This is called whenever a child dies. This will then -

326 * reap any zombies left by exited children. -

327 */ -

328 /*ARGSUSED*/ -

329 static void -

330 main_sigchld_handler(int sig) -

331 { -

332 int save_errno = errno; -

333 pid_t pid; -

334 int status; -

335 -

336

while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||

(pid = waitpid...atus, 1 )) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

337

(pid < 0 && errno == EINTR))

pid < 0	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) == 4	Description
TRUE	never evaluated
FALSE	never evaluated

338

;

never executed: ;

339 errno = save_errno; -

340

}

never executed: end of block

341 -

342 /* -

343 * Signal handler for the alarm after the login grace period has expired. -

344 */ -

345 /*ARGSUSED*/ -

346 static void -

347 grace_alarm_handler(int sig) -

348 { -

349

if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

pmonitor != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

pmonitor->m_pid > 0	Description
TRUE	never evaluated
FALSE	never evaluated

350

kill(pmonitor->m_pid, SIGALRM);

never executed: kill(pmonitor->m_pid, 14 );

351 -

352 /* -

353 * Try to kill any processes that we have spawned, E.g. authorized -

354 * keys command helpers. -

355 */ -

356

if (getpgid(0) == getpid()) {

getpgid(0) == getpid()	Description
TRUE	never evaluated
FALSE	never evaluated

357 signal(SIGTERM, SIG_IGN); -

358 kill(0, SIGTERM); -

359

}

never executed: end of block

360 -

361 /* Log error and exit. */ -

362 sigdie("Timeout before authentication for %s port %d", -

363 ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); -

364

}

never executed: end of block

365 -

366 static void -

367 sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -

368 { -

369 u_int i; -

370 int remote_major, remote_minor; -

371 char *s; -

372 char buf[256]; /* Must not be larger than remote_version. */ -

373 char remote_version[256]; /* Must be at least as big as buf. */ -

374 -

375 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", -

376 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, -

377 *options.version_addendum == '\0' ? "" : " ", -

378 options.version_addendum); -

379 -

380 /* Send our protocol version identification. */ -

381

if (atomicio(vwrite, sock_out, server_version_string,

atomicio((ssiz...ersion_string)	Description
TRUE	never evaluated
FALSE	never evaluated

382

strlen(server_version_string))

atomicio((ssiz...ersion_string)	Description
TRUE	never evaluated
FALSE	never evaluated

383

!= strlen(server_version_string)) {

atomicio((ssiz...ersion_string)	Description
TRUE	never evaluated
FALSE	never evaluated

384 logit("Could not write ident string to %s port %d", -

385 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); -

386 cleanup_exit(255); -

387

}

never executed: end of block

388 -

389 /* Read other sides version identification. */ -

390 memset(buf, 0, sizeof(buf)); -

391

for (i = 0; i < sizeof(buf) - 1; i++) {

i < sizeof(buf) - 1	Description
TRUE	never evaluated
FALSE	never evaluated

392

if (atomicio(read, sock_in, &buf[i], 1) != 1) {

atomicio(read,...uf[i], 1) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

393 logit("Did not receive identification string " -

394 "from %s port %d", -

395 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); -

396 cleanup_exit(255); -

397

}

never executed: end of block

398

if (buf[i] == '\r') {

buf[i] == '\r'	Description
TRUE	never evaluated
FALSE	never evaluated

399 buf[i] = 0; -

400 /* Kludge for F-Secure Macintosh < 1.0.2 */ -

401

if (i == 12 &&

i == 12	Description
TRUE	never evaluated
FALSE	never evaluated

402

strncmp(buf, "SSH-1.5-W1.0", 12) == 0)

never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "SSH-1.5-W1.0" ))[3] - __s2[3]);

never executed: end of block

(__extension__... , 12 ))) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_constant_p ( 12 )	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_constant_p ( buf )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( buf )...ize_t) ( 12 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...SH-1.5-W1.0" )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( "SSH-...ize_t) ( 12 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

403

break;

never executed: break;

404

continue;

never executed: continue;

405 } -

406

if (buf[i] == '\n') {

buf[i] == '\n'	Description
TRUE	never evaluated
FALSE	never evaluated

407 buf[i] = 0; -

408

break;

never executed: break;

409 } -

410

}

never executed: end of block

411 buf[sizeof(buf) - 1] = 0; -

412 client_version_string = xstrdup(buf); -

413 -

414 /* -

415 * Check that the versions match. In future this might accept -

416 * several versions and set appropriate flags to handle them. -

417 */ -

418

if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",

sscanf(client_..._version) != 3	Description
TRUE	never evaluated
FALSE	never evaluated

419

&remote_major, &remote_minor, remote_version) != 3) {

sscanf(client_..._version) != 3	Description
TRUE	never evaluated
FALSE	never evaluated

420 s = "Protocol mismatch.\n"; -

421 (void) atomicio(vwrite, sock_out, s, strlen(s)); -

422 logit("Bad protocol version identification '%.100s' " -

423 "from %s port %d", client_version_string, -

424 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); -

425 close(sock_in); -

426 close(sock_out); -

427 cleanup_exit(255); -

428

}

never executed: end of block

429 debug("Client protocol version %d.%d; client software version %.100s", -

430 remote_major, remote_minor, remote_version); -

431 -

432 ssh->compat = compat_datafellows(remote_version); -

433 -

434

if ((ssh->compat & SSH_BUG_PROBE) != 0) {

(ssh->compat &...00400000) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

435 logit("probed from %s port %d with %s. Don't panic.", -

436 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -

437 client_version_string); -

438 cleanup_exit(255); -

439

}

never executed: end of block

440

if ((ssh->compat & SSH_BUG_SCANNER) != 0) {

(ssh->compat &...00000800) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

441 logit("scanned from %s port %d with %s. Don't panic.", -

442 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -

443 client_version_string); -

444 cleanup_exit(255); -

445

}

never executed: end of block

446

if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {

(ssh->compat &...00002000) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

447 logit("Client version \"%.100s\" uses unsafe RSA signature " -

448 "scheme; disabling use of RSA keys", remote_version); -

449

}

never executed: end of block

450 -

451 chop(server_version_string); -

452 debug("Local version string %.200s", server_version_string); -

453 -

454

if (remote_major != 2 &&

remote_major != 2	Description
TRUE	never evaluated
FALSE	never evaluated

455

!(remote_major == 1 && remote_minor == 99)) {

remote_major == 1	Description
TRUE	never evaluated
FALSE	never evaluated

remote_minor == 99	Description
TRUE	never evaluated
FALSE	never evaluated

456 s = "Protocol major versions differ.\n"; -

457 (void) atomicio(vwrite, sock_out, s, strlen(s)); -

458 close(sock_in); -

459 close(sock_out); -

460 logit("Protocol major versions differ for %s port %d: " -

461 "%.200s vs. %.200s", -

462 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -

463 server_version_string, client_version_string); -

464 cleanup_exit(255); -

465

}

never executed: end of block

466

}

never executed: end of block

467 -

468 /* Destroy the host and server keys. They will no longer be needed. */ -

469 void -

470 destroy_sensitive_data(void) -

471 { -

472 u_int i; -

473 -

474

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

475

if (sensitive_data.host_keys[i]) {

sensitive_data.host_keys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

476 sshkey_free(sensitive_data.host_keys[i]); -

477 sensitive_data.host_keys[i] = NULL; -

478

}

never executed: end of block

479

if (sensitive_data.host_certificates[i]) {

sensitive_data...ertificates[i]	Description
TRUE	never evaluated
FALSE	never evaluated

480 sshkey_free(sensitive_data.host_certificates[i]); -

481 sensitive_data.host_certificates[i] = NULL; -

482

}

never executed: end of block

483

}

never executed: end of block

484

}

never executed: end of block

485 -

486 /* Demote private to public keys for network child */ -

487 void -

488 demote_sensitive_data(void) -

489 { -

490 struct sshkey *tmp; -

491 u_int i; -

492 int r; -

493 -

494

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

495

if (sensitive_data.host_keys[i]) {

sensitive_data.host_keys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

496

if ((r = sshkey_from_private(

(r = sshkey_fr...], &tmp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

497

sensitive_data.host_keys[i], &tmp)) != 0)

(r = sshkey_fr...], &tmp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

498

fatal("could not demote host %s key: %s",

never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));

499

sshkey_type(sensitive_data.host_keys[i]),

never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));

500

ssh_err(r));

never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));

501 sshkey_free(sensitive_data.host_keys[i]); -

502 sensitive_data.host_keys[i] = tmp; -

503

}

never executed: end of block

504 /* Certs do not need demotion */ -

505

}

never executed: end of block

506

}

never executed: end of block

507 -

508 static void -

509 reseed_prngs(void) -

510 { -

511 u_int32_t rnd[256]; -

512 -

513 #ifdef WITH_OPENSSL -

514 RAND_poll(); -

515 #endif -

516 arc4random_stir(); /* noop on recent arc4random() implementations */ -

517 arc4random_buf(rnd, sizeof(rnd)); /* let arc4random notice PID change */ -

518 -

519 #ifdef WITH_OPENSSL -

520 RAND_seed(rnd, sizeof(rnd)); -

521 /* give libcrypto a chance to notice the PID change */ -

522

if ((RAND_bytes((u_char *)rnd, 1)) != 1)

(RAND_bytes((u...)rnd, 1)) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

523

fatal("%s: RAND_bytes failed", __func__);

never executed: fatal("%s: RAND_bytes failed", __func__);

524 #endif -

525 -

526 explicit_bzero(rnd, sizeof(rnd)); -

527

}

never executed: end of block

528 -

529 static void -

530 privsep_preauth_child(void) -

531 { -

532 gid_t gidset[1]; -

533 -

534 /* Enable challenge-response authentication for privilege separation */ -

535 privsep_challenge_enable(); -

536 -

537 #ifdef GSSAPI -

538 /* Cache supported mechanism OIDs for later use */ -

539 ssh_gssapi_prepare_supported_oids(); -

540 #endif -

541 -

542 reseed_prngs(); -

543 -

544 /* Demote the private keys to public keys. */ -

545 demote_sensitive_data(); -

546 -

547 /* Demote the child */ -

548

if (privsep_chroot) {

privsep_chroot	Description
TRUE	never evaluated
FALSE	never evaluated

549 /* Change our root directory */ -

550

if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)

chroot("/var/r...h-test") == -1	Description
TRUE	never evaluated
FALSE	never evaluated

551

fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));

552

strerror(errno));

never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));

553

if (chdir("/") == -1)

chdir("/") == -1	Description
TRUE	never evaluated
FALSE	never evaluated

554

fatal("chdir(\"/\"): %s", strerror(errno));

never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));

555 -

556 /* Drop our privileges */ -

557 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, -

558 (u_int)privsep_pw->pw_gid); -

559 gidset[0] = privsep_pw->pw_gid; -

560

if (setgroups(1, gidset) < 0)

setgroups(1, gidset) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

561

fatal("setgroups: %.100s", strerror(errno));

never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) ));

562 permanently_set_uid(privsep_pw); -

563

}

never executed: end of block

564

}

never executed: end of block

565 -

566 static int -

567 privsep_preauth(Authctxt *authctxt) -

568 { -

569 int status, r; -

570 pid_t pid; -

571 struct ssh_sandbox *box = NULL; -

572 -

573 /* Set up unprivileged child process to deal with network data */ -

574 pmonitor = monitor_init(); -

575 /* Store a pointer to the kex for later rekeying */ -

576 pmonitor->m_pkex = &active_state->kex; -

577 -

578

if (use_privsep == PRIVSEP_ON)

use_privsep == 1	Description
TRUE	never evaluated
FALSE	never evaluated

579

box = ssh_sandbox_init(pmonitor);

never executed: box = ssh_sandbox_init(pmonitor);

580 pid = fork(); -

581

if (pid == -1) {

pid == -1	Description
TRUE	never evaluated
FALSE	never evaluated

582 fatal("fork of unprivileged child failed"); -

583

} else if (pid != 0) {

never executed: end of block

pid != 0	Description
TRUE	never evaluated
FALSE	never evaluated

584 debug2("Network child is on pid %ld", (long)pid); -

585 -

586 pmonitor->m_pid = pid; -

587

if (have_agent) {

have_agent	Description
TRUE	never evaluated
FALSE	never evaluated

588 r = ssh_get_authentication_socket(&auth_sock); -

589

if (r != 0) {

r != 0	Description
TRUE	never evaluated
FALSE	never evaluated

590 error("Could not get agent socket: %s", -

591 ssh_err(r)); -

592 have_agent = 0; -

593

}

never executed: end of block

594

}

never executed: end of block

595

if (box != NULL)

box != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

596

ssh_sandbox_parent_preauth(box, pid);

never executed: ssh_sandbox_parent_preauth(box, pid);

597 monitor_child_preauth(authctxt, pmonitor); -

598 -

599 /* Wait for the child's exit status */ -

600

while (waitpid(pid, &status, 0) < 0) {

waitpid(pid, &status, 0) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

601

if (errno == EINTR)

(*__errno_location ()) == 4	Description
TRUE	never evaluated
FALSE	never evaluated

602

continue;

never executed: continue;

603 pmonitor->m_pid = -1; -

604 fatal("%s: waitpid: %s", __func__, strerror(errno)); -

605

}

never executed: end of block

606 privsep_is_preauth = 0; -

607 pmonitor->m_pid = -1; -

608

if (WIFEXITED(status)) {

((( status ) & 0x7f) == 0)	Description
TRUE	never evaluated
FALSE	never evaluated

609

if (WEXITSTATUS(status) != 0)

((( status ) &...00) >> 8) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

610

fatal("%s: preauth child exited with status %d",

never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );

611

__func__, WEXITSTATUS(status));

never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );

612

} else if (WIFSIGNALED(status))

never executed: end of block

(((signed char... 1) >> 1) > 0)	Description
TRUE	never evaluated
FALSE	never evaluated

613

fatal("%s: preauth child terminated by signal %d",

never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );

614

__func__, WTERMSIG(status));

never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );

615

if (box != NULL)

box != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

616

ssh_sandbox_parent_finish(box);

never executed: ssh_sandbox_parent_finish(box);

617

return 1;

never executed: return 1;

618 } else { -

619 /* child */ -

620 close(pmonitor->m_sendfd); -

621 close(pmonitor->m_log_recvfd); -

622 -

623 /* Arrange for logging to be sent to the monitor */ -

624 set_log_handler(mm_log_handler, pmonitor); -

625 -

626 privsep_preauth_child(); -

627 setproctitle("%s", "[net]"); -

628

if (box != NULL)

box != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

629

ssh_sandbox_child(box);

never executed: ssh_sandbox_child(box);

630 -

631

return 0;

never executed: return 0;

632 } -

633 } -

634 -

635 static void -

636 privsep_postauth(Authctxt *authctxt) -

637 { -

638 #ifdef DISABLE_FD_PASSING -

639 if (1) { -

640 #else -

641

if (authctxt->pw->pw_uid == 0) {

authctxt->pw->pw_uid == 0	Description
TRUE	never evaluated
FALSE	never evaluated

642 #endif -

643 /* File descriptor passing is broken or root login */ -

644 use_privsep = 0; -

645

goto skip;

never executed: goto skip;

646 } -

647 -

648 /* New socket pair */ -

649 monitor_reinit(pmonitor); -

650 -

651 pmonitor->m_pid = fork(); -

652

if (pmonitor->m_pid == -1)

pmonitor->m_pid == -1	Description
TRUE	never evaluated
FALSE	never evaluated

653

fatal("fork of unprivileged child failed");

never executed: fatal("fork of unprivileged child failed");

654

else if (pmonitor->m_pid != 0) {

pmonitor->m_pid != 0	Description
TRUE	never evaluated
FALSE	never evaluated

655 verbose("User child is on pid %ld", (long)pmonitor->m_pid); -

656 sshbuf_reset(loginmsg); -

657 monitor_clear_keystate(pmonitor); -

658 monitor_child_postauth(pmonitor); -

659 -

660 /* NEVERREACHED */ -

661

exit(0);

never executed: exit(0);

662 } -

663 -

664 /* child */ -

665 -

666 close(pmonitor->m_sendfd); -

667 pmonitor->m_sendfd = -1; -

668 -

669 /* Demote the private keys to public keys. */ -

670 demote_sensitive_data(); -

671 -

672 reseed_prngs(); -

673 -

674 /* Drop privileges */ -

675 do_setusercontext(authctxt->pw); -

676 -

677

skip:

code before this statement never executed: skip:

678 /* It is safe now to apply the key state */ -

679 monitor_apply_keystate(pmonitor); -

680 -

681 /* -

682 * Tell the packet layer that authentication was successful, since -

683 * this information is not part of the key state. -

684 */ -

685 packet_set_authenticated(); -

686

}

never executed: end of block

687 -

688 static void -

689 append_hostkey_type(struct sshbuf *b, const char *s) -

690 { -

691 int r; -

692 -

693

if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {

match_pattern_...ithms, 0) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

694 debug3("%s: %s key not permitted by HostkeyAlgorithms", -

695 __func__, s); -

696

return;

never executed: return;

697 } -

698

if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)

(r = sshbuf_pu...: "", s)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

699

fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));

never executed: fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));

700

}

never executed: end of block

701 -

702 static char * -

703 list_hostkey_types(void) -

704 { -

705 struct sshbuf *b; -

706 struct sshkey *key; -

707 char *ret; -

708 u_int i; -

709 -

710

if ((b = sshbuf_new()) == NULL)

(b = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

711

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

712

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

713 key = sensitive_data.host_keys[i]; -

714

if (key == NULL)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

715

key = sensitive_data.host_pubkeys[i];

never executed: key = sensitive_data.host_pubkeys[i];

716

if (key == NULL)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

717

continue;

never executed: continue;

718 switch (key->type) { -

719

case KEY_RSA:

never executed: case KEY_RSA:

720 /* for RSA we also support SHA2 signatures */ -

721 append_hostkey_type(b, "rsa-sha2-512"); -

722 append_hostkey_type(b, "rsa-sha2-256"); -

723 /* FALLTHROUGH */ -

724

case KEY_DSA:

code before this statement never executed: case KEY_DSA:

never executed: case KEY_DSA:

725

case KEY_ECDSA:

never executed: case KEY_ECDSA:

726

case KEY_ED25519:

never executed: case KEY_ED25519:

727

case KEY_XMSS:

never executed: case KEY_XMSS:

728 append_hostkey_type(b, sshkey_ssh_name(key)); -

729

break;

never executed: break;

730 } -

731 /* If the private key has a cert peer, then list that too */ -

732 key = sensitive_data.host_certificates[i]; -

733

if (key == NULL)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

734

continue;

never executed: continue;

735 switch (key->type) { -

736

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

737 /* for RSA we also support SHA2 signatures */ -

738 append_hostkey_type(b, -

739 "rsa-sha2-512-cert-v01@openssh.com"); -

740 append_hostkey_type(b, -

741 "rsa-sha2-256-cert-v01@openssh.com"); -

742 /* FALLTHROUGH */ -

743

case KEY_DSA_CERT:

code before this statement never executed: case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

744

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

745

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

746

case KEY_XMSS_CERT:

never executed: case KEY_XMSS_CERT:

747 append_hostkey_type(b, sshkey_ssh_name(key)); -

748

break;

never executed: break;

749 } -

750

}

never executed: end of block

751

if ((ret = sshbuf_dup_string(b)) == NULL)

(ret = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

752

fatal("%s: sshbuf_dup_string failed", __func__);

never executed: fatal("%s: sshbuf_dup_string failed", __func__);

753 sshbuf_free(b); -

754 debug("%s: %s", __func__, ret); -

755

return ret;

never executed: return ret;

756 } -

757 -

758 static struct sshkey * -

759 get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) -

760 { -

761 u_int i; -

762 struct sshkey *key; -

763 -

764

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

765 switch (type) { -

766

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

767

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

768

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

769

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

770

case KEY_XMSS_CERT:

never executed: case KEY_XMSS_CERT:

771 key = sensitive_data.host_certificates[i]; -

772

break;

never executed: break;

773

default:

never executed: default:

774 key = sensitive_data.host_keys[i]; -

775

if (key == NULL && !need_private)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

!need_private	Description
TRUE	never evaluated
FALSE	never evaluated

776

key = sensitive_data.host_pubkeys[i];

never executed: key = sensitive_data.host_pubkeys[i];

777

break;

never executed: break;

778 } -

779

if (key != NULL && key->type == type &&

key != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

key->type == type	Description
TRUE	never evaluated
FALSE	never evaluated

780

(key->type != KEY_ECDSA || key->ecdsa_nid == nid))

key->type != KEY_ECDSA	Description
TRUE	never evaluated
FALSE	never evaluated

key->ecdsa_nid == nid	Description
TRUE	never evaluated
FALSE	never evaluated

781

return need_private ?

never executed: return need_private ? sensitive_data.host_keys[i] : key;

need_private	Description
TRUE	never evaluated
FALSE	never evaluated

782

sensitive_data.host_keys[i] : key;

never executed: return need_private ? sensitive_data.host_keys[i] : key;

783

}

never executed: end of block

784

return NULL;

never executed: return ((void *)0) ;

785 } -

786 -

787 struct sshkey * -

788 get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) -

789 { -

790

return get_hostkey_by_type(type, nid, 0, ssh);

never executed: return get_hostkey_by_type(type, nid, 0, ssh);

791 } -

792 -

793 struct sshkey * -

794 get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) -

795 { -

796

return get_hostkey_by_type(type, nid, 1, ssh);

never executed: return get_hostkey_by_type(type, nid, 1, ssh);

797 } -

798 -

799 struct sshkey * -

800 get_hostkey_by_index(int ind) -

801 { -

802

if (ind < 0 || (u_int)ind >= options.num_host_key_files)

ind < 0	Description
TRUE	never evaluated
FALSE	never evaluated

(u_int)ind >= ...host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

803

return (NULL);

never executed: return ( ((void *)0) );

804

return (sensitive_data.host_keys[ind]);

never executed: return (sensitive_data.host_keys[ind]);

805 } -

806 -

807 struct sshkey * -

808 get_hostkey_public_by_index(int ind, struct ssh *ssh) -

809 { -

810

if (ind < 0 || (u_int)ind >= options.num_host_key_files)

ind < 0	Description
TRUE	never evaluated
FALSE	never evaluated

(u_int)ind >= ...host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

811

return (NULL);

never executed: return ( ((void *)0) );

812

return (sensitive_data.host_pubkeys[ind]);

never executed: return (sensitive_data.host_pubkeys[ind]);

813 } -

814 -

815 int -

816 get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) -

817 { -

818 u_int i; -

819 -

820

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

821

if (sshkey_is_cert(key)) {

sshkey_is_cert(key)	Description
TRUE	never evaluated
FALSE	never evaluated

822

if (key == sensitive_data.host_certificates[i] ||

key == sensiti...ertificates[i]	Description
TRUE	never evaluated
FALSE	never evaluated

823

(compare && sensitive_data.host_certificates[i] &&

compare	Description
TRUE	never evaluated
FALSE	never evaluated

sensitive_data...ertificates[i]	Description
TRUE	never evaluated
FALSE	never evaluated

824

sshkey_equal(key,

sshkey_equal(k...rtificates[i])	Description
TRUE	never evaluated
FALSE	never evaluated

825

sensitive_data.host_certificates[i])))

sshkey_equal(k...rtificates[i])	Description
TRUE	never evaluated
FALSE	never evaluated

826

return (i);

never executed: return (i);

827

} else {

never executed: end of block

828

if (key == sensitive_data.host_keys[i] ||

key == sensiti...a.host_keys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

829

(compare && sensitive_data.host_keys[i] &&

compare	Description
TRUE	never evaluated
FALSE	never evaluated

sensitive_data.host_keys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

830

sshkey_equal(key, sensitive_data.host_keys[i])))

sshkey_equal(k....host_keys[i])	Description
TRUE	never evaluated
FALSE	never evaluated

831

return (i);

never executed: return (i);

832

if (key == sensitive_data.host_pubkeys[i] ||

key == sensiti...ost_pubkeys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

833

(compare && sensitive_data.host_pubkeys[i] &&

compare	Description
TRUE	never evaluated
FALSE	never evaluated

sensitive_data.host_pubkeys[i]	Description
TRUE	never evaluated
FALSE	never evaluated

834

sshkey_equal(key, sensitive_data.host_pubkeys[i])))

sshkey_equal(k...st_pubkeys[i])	Description
TRUE	never evaluated
FALSE	never evaluated

835

return (i);

never executed: return (i);

836

}

never executed: end of block

837 } -

838

return (-1);

never executed: return (-1);

839 } -

840 -

841 /* Inform the client of all hostkeys */ -

842 static void -

843 notify_hostkeys(struct ssh *ssh) -

844 { -

845 struct sshbuf *buf; -

846 struct sshkey *key; -

847 u_int i, nkeys; -

848 int r; -

849 char *fp; -

850 -

851 /* Some clients cannot cope with the hostkeys message, skip those. */ -

852

if (datafellows & SSH_BUG_HOSTKEYS)

datafellows & 0x20000000	Description
TRUE	never evaluated
FALSE	never evaluated

853

return;

never executed: return;

854 -

855

if ((buf = sshbuf_new()) == NULL)

(buf = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

856

fatal("%s: sshbuf_new", __func__);

never executed: fatal("%s: sshbuf_new", __func__);

857

for (i = nkeys = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

858 key = get_hostkey_public_by_index(i, ssh); -

859

if (key == NULL || key->type == KEY_UNSPEC ||

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

key->type == KEY_UNSPEC	Description
TRUE	never evaluated
FALSE	never evaluated

860

sshkey_is_cert(key))

sshkey_is_cert(key)	Description
TRUE	never evaluated
FALSE	never evaluated

861

continue;

never executed: continue;

862 fp = sshkey_fingerprint(key, options.fingerprint_hash, -

863 SSH_FP_DEFAULT); -

864 debug3("%s: key %d: %s %s", __func__, i, -

865 sshkey_ssh_name(key), fp); -

866 free(fp); -

867

if (nkeys == 0) {

nkeys == 0	Description
TRUE	never evaluated
FALSE	never evaluated

868 packet_start(SSH2_MSG_GLOBAL_REQUEST); -

869 packet_put_cstring("hostkeys-00@openssh.com"); -

870 packet_put_char(0); /* want-reply */ -

871

}

never executed: end of block

872 sshbuf_reset(buf); -

873

if ((r = sshkey_putb(key, buf)) != 0)

(r = sshkey_pu...ey, buf)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

874

fatal("%s: couldn't put hostkey %d: %s",

never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r));

875

__func__, i, ssh_err(r));

never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r));

876 packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); -

877 nkeys++; -

878

}

never executed: end of block

879 debug3("%s: sent %u hostkeys", __func__, nkeys); -

880

if (nkeys == 0)

nkeys == 0	Description
TRUE	never evaluated
FALSE	never evaluated

881

fatal("%s: no hostkeys", __func__);

never executed: fatal("%s: no hostkeys", __func__);

882 packet_send(); -

883 sshbuf_free(buf); -

884

}

never executed: end of block

885 -

886 /* -

887 * returns 1 if connection should be dropped, 0 otherwise. -

888 * dropping starts at connection #max_startups_begin with a probability -

889 * of (max_startups_rate/100). the probability increases linearly until -

890 * all connections are dropped for startups > max_startups -

891 */ -

892 static int -

893 drop_connection(int startups) -

894 { -

895 int p, r; -

896 -

897

if (startups < options.max_startups_begin)

startups < opt...startups_begin	Description
TRUE	never evaluated
FALSE	never evaluated

898

return 0;

never executed: return 0;

899

if (startups >= options.max_startups)

startups >= op...s.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

900

return 1;

never executed: return 1;

901

if (options.max_startups_rate == 100)

options.max_st...ps_rate == 100	Description
TRUE	never evaluated
FALSE	never evaluated

902

return 1;

never executed: return 1;

903 -

904 p = 100 - options.max_startups_rate; -

905 p *= startups - options.max_startups_begin; -

906 p /= options.max_startups - options.max_startups_begin; -

907 p += options.max_startups_rate; -

908 r = arc4random_uniform(100); -

909 -

910 debug("drop_connection: p %d, r %d", p, r); -

911

return (r < p) ? 1 : 0;

never executed: return (r < p) ? 1 : 0;

(r < p)	Description
TRUE	never evaluated
FALSE	never evaluated

912 } -

913 -

914 static void -

915 usage(void) -

916 { -

917 fprintf(stderr, "%s, %s\n", -

918 SSH_RELEASE, -

919 #ifdef WITH_OPENSSL -

920 SSLeay_version(SSLEAY_VERSION) -

921 #else -

922 "without OpenSSL" -

923 #endif -

924 ); -

925 fprintf(stderr, -

926 "usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n" -

927 " [-E log_file] [-f config_file] [-g login_grace_time]\n" -

928 " [-h host_key_file] [-o option] [-p port] [-u len]\n" -

929 ); -

930

exit(1);

never executed: exit(1);

931 } -

932 -

933 static void -

934 send_rexec_state(int fd, struct sshbuf *conf) -

935 { -

936 struct sshbuf *m; -

937 int r; -

938 -

939 debug3("%s: entering fd = %d config len %zu", __func__, fd, -

940 sshbuf_len(conf)); -

941 -

942 /* -

943 * Protocol from reexec master to child: -

944 * string configuration -

945 * string rngseed (only if OpenSSL is not self-seeded) -

946 */ -

947

if ((m = sshbuf_new()) == NULL)

(m = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

948

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

949

if ((r = sshbuf_put_stringb(m, conf)) != 0)

(r = sshbuf_pu...m, conf)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

950

fatal("%s: buffer error: %s", __func__, ssh_err(r));

never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));

951 -

952 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) -

953 rexec_send_rng_seed(m); -

954 #endif -

955 -

956

if (ssh_msg_send(fd, 0, m) == -1)

ssh_msg_send(fd, 0, m) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

957

fatal("%s: ssh_msg_send failed", __func__);

never executed: fatal("%s: ssh_msg_send failed", __func__);

958 -

959 sshbuf_free(m); -

960 -

961 debug3("%s: done", __func__); -

962

}

never executed: end of block

963 -

964 static void -

965 recv_rexec_state(int fd, struct sshbuf *conf) -

966 { -

967 struct sshbuf *m; -

968 u_char *cp, ver; -

969 size_t len; -

970 int r; -

971 -

972 debug3("%s: entering fd = %d", __func__, fd); -

973 -

974

if ((m = sshbuf_new()) == NULL)

(m = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

975

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

976

if (ssh_msg_recv(fd, m) == -1)

ssh_msg_recv(fd, m) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

977

fatal("%s: ssh_msg_recv failed", __func__);

never executed: fatal("%s: ssh_msg_recv failed", __func__);

978

if ((r = sshbuf_get_u8(m, &ver)) != 0)

(r = sshbuf_ge...m, &ver)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

979

fatal("%s: buffer error: %s", __func__, ssh_err(r));

never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));

980

if (ver != 0)

ver != 0	Description
TRUE	never evaluated
FALSE	never evaluated

981

fatal("%s: rexec version mismatch", __func__);

never executed: fatal("%s: rexec version mismatch", __func__);

982

if ((r = sshbuf_get_string(m, &cp, &len)) != 0)

(r = sshbuf_ge...p, &len)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

983

fatal("%s: buffer error: %s", __func__, ssh_err(r));

never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));

984

if (conf != NULL && (r = sshbuf_put(conf, cp, len)))

conf != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

(r = sshbuf_pu...onf, cp, len))	Description
TRUE	never evaluated
FALSE	never evaluated

985

fatal("%s: buffer error: %s", __func__, ssh_err(r));

never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));

986 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) -

987 rexec_recv_rng_seed(m); -

988 #endif -

989 -

990 free(cp); -

991 sshbuf_free(m); -

992 -

993 debug3("%s: done", __func__); -

994

}

never executed: end of block

995 -

996 /* Accept a connection from inetd */ -

997 static void -

998 server_accept_inetd(int *sock_in, int *sock_out) -

999 { -

1000 int fd; -

1001 -

1002 startup_pipe = -1; -

1003

if (rexeced_flag) {

rexeced_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1004 close(REEXEC_CONFIG_PASS_FD); -

1005 *sock_in = *sock_out = dup(STDIN_FILENO); -

1006

if (!debug_flag) {

!debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1007 startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); -

1008 close(REEXEC_STARTUP_PIPE_FD); -

1009

}

never executed: end of block

1010

} else {

never executed: end of block

1011 *sock_in = dup(STDIN_FILENO); -

1012 *sock_out = dup(STDOUT_FILENO); -

1013

}

never executed: end of block

1014 /* -

1015 * We intentionally do not close the descriptors 0, 1, and 2 -

1016 * as our code for setting the descriptors won't work if -

1017 * ttyfd happens to be one of those. -

1018 */ -

1019

if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {

(fd = open( "/...02 , 0)) != -1	Description
TRUE	never evaluated
FALSE	never evaluated

1020 dup2(fd, STDIN_FILENO); -

1021 dup2(fd, STDOUT_FILENO); -

1022

if (!log_stderr)

!log_stderr	Description
TRUE	never evaluated
FALSE	never evaluated

1023

dup2(fd, STDERR_FILENO);

never executed: dup2(fd, 2 );

1024

if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO))

fd > (log_stderr ? 2 : 1 )	Description
TRUE	never evaluated
FALSE	never evaluated

1025

close(fd);

never executed: close(fd);

1026

}

never executed: end of block

1027 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); -

1028

}

never executed: end of block

1029 -

1030 /* -

1031 * Listen for TCP connections -

1032 */ -

1033 static void -

1034 listen_on_addrs(struct listenaddr *la) -

1035 { -

1036 int ret, listen_sock; -

1037 struct addrinfo *ai; -

1038 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; -

1039 -

1040

for (ai = la->addrs; ai; ai = ai->ai_next) {

ai	Description
TRUE	never evaluated
FALSE	never evaluated

1041

if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)

ai->ai_family != 2	Description
TRUE	never evaluated
FALSE	never evaluated

ai->ai_family != 10	Description
TRUE	never evaluated
FALSE	never evaluated

1042

continue;

never executed: continue;

1043

if (num_listen_socks >= MAX_LISTEN_SOCKS)

num_listen_socks >= 16	Description
TRUE	never evaluated
FALSE	never evaluated

1044

fatal("Too many listen sockets. "

never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS");

1045

"Enlarge MAX_LISTEN_SOCKS");

never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS");

1046

if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,

(ret = getname... 1 \| 2 )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1047

ntop, sizeof(ntop), strport, sizeof(strport),

(ret = getname... 1 \| 2 )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1048

NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {

(ret = getname... 1 \| 2 )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1049 error("getnameinfo failed: %.100s", -

1050 ssh_gai_strerror(ret)); -

1051

continue;

never executed: continue;

1052 } -

1053 /* Create socket for listening. */ -

1054 listen_sock = socket(ai->ai_family, ai->ai_socktype, -

1055 ai->ai_protocol); -

1056

if (listen_sock < 0) {

listen_sock < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1057 /* kernel may not support ipv6 */ -

1058 verbose("socket: %.100s", strerror(errno)); -

1059

continue;

never executed: continue;

1060 } -

1061

if (set_nonblock(listen_sock) == -1) {

set_nonblock(l...en_sock) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1062 close(listen_sock); -

1063

continue;

never executed: continue;

1064 } -

1065

if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) {

fcntl(listen_s... 2 , 1 ) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1066 verbose("socket: CLOEXEC: %s", strerror(errno)); -

1067 close(listen_sock); -

1068

continue;

never executed: continue;

1069 } -

1070 /* Socket options */ -

1071 set_reuseaddr(listen_sock); -

1072

if (la->rdomain != NULL &&

la->rdomain != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1073

set_rdomain(listen_sock, la->rdomain) == -1) {

set_rdomain(li...rdomain) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1074 close(listen_sock); -

1075

continue;

never executed: continue;

1076 } -

1077 -

1078 /* Only communicate in IPv6 over AF_INET6 sockets. */ -

1079

if (ai->ai_family == AF_INET6)

ai->ai_family == 10	Description
TRUE	never evaluated
FALSE	never evaluated

1080

sock_set_v6only(listen_sock);

never executed: sock_set_v6only(listen_sock);

1081 -

1082 debug("Bind to port %s on %s.", strport, ntop); -

1083 -

1084 /* Bind the socket to the desired port. */ -

1085

if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {

bind(listen_so...i_addrlen) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1086 error("Bind to port %s on %s failed: %.200s.", -

1087 strport, ntop, strerror(errno)); -

1088 close(listen_sock); -

1089

continue;

never executed: continue;

1090 } -

1091 listen_socks[num_listen_socks] = listen_sock; -

1092 num_listen_socks++; -

1093 -

1094 /* Start listening on the port. */ -

1095

if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)

listen(listen_sock, 128) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1096

fatal("listen on [%s]:%s: %.100s",

never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));

1097

ntop, strport, strerror(errno));

never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));

1098 logit("Server listening on %s port %s%s%s.", -

1099 ntop, strport, -

1100 la->rdomain == NULL ? "" : " rdomain ", -

1101 la->rdomain == NULL ? "" : la->rdomain); -

1102

}

never executed: end of block

1103

}

never executed: end of block

1104 -

1105 static void -

1106 server_listen(void) -

1107 { -

1108 u_int i; -

1109 -

1110

for (i = 0; i < options.num_listen_addrs; i++) {

i < options.num_listen_addrs	Description
TRUE	never evaluated
FALSE	never evaluated

1111 listen_on_addrs(&options.listen_addrs[i]); -

1112 freeaddrinfo(options.listen_addrs[i].addrs); -

1113 free(options.listen_addrs[i].rdomain); -

1114 memset(&options.listen_addrs[i], 0, -

1115 sizeof(options.listen_addrs[i])); -

1116

}

never executed: end of block

1117 free(options.listen_addrs); -

1118 options.listen_addrs = NULL; -

1119 options.num_listen_addrs = 0; -

1120 -

1121

if (!num_listen_socks)

!num_listen_socks	Description
TRUE	never evaluated
FALSE	never evaluated

1122

fatal("Cannot bind any address.");

never executed: fatal("Cannot bind any address.");

1123

}

never executed: end of block

1124 -

1125 /* -

1126 * The main TCP accept loop. Note that, for the non-debug case, returns -

1127 * from this function are in a forked subprocess. -

1128 */ -

1129 static void -

1130 server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) -

1131 { -

1132 fd_set *fdset; -

1133 int i, j, ret, maxfd; -

1134 int startups = 0; -

1135 int startup_p[2] = { -1 , -1 }; -

1136 struct sockaddr_storage from; -

1137 socklen_t fromlen; -

1138 pid_t pid; -

1139 u_char rnd[256]; -

1140 -

1141 /* setup fd set for accept */ -

1142 fdset = NULL; -

1143 maxfd = 0; -

1144

for (i = 0; i < num_listen_socks; i++)

i < num_listen_socks	Description
TRUE	never evaluated
FALSE	never evaluated

1145

if (listen_socks[i] > maxfd)

listen_socks[i] > maxfd	Description
TRUE	never evaluated
FALSE	never evaluated

1146

maxfd = listen_socks[i];

never executed: maxfd = listen_socks[i];

1147 /* pipes connected to unauthenticated childs */ -

1148 startup_pipes = xcalloc(options.max_startups, sizeof(int)); -

1149

for (i = 0; i < options.max_startups; i++)

i < options.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

1150

startup_pipes[i] = -1;

never executed: startup_pipes[i] = -1;

1151 -

1152 /* -

1153 * Stay listening for connections until the system crashes or -

1154 * the daemon is killed with a signal. -

1155 */ -

1156 for (;;) { -

1157

if (received_sighup)

received_sighup	Description
TRUE	never evaluated
FALSE	never evaluated

1158

sighup_restart();

never executed: sighup_restart();

1159 free(fdset); -

1160 fdset = xcalloc(howmany(maxfd + 1, NFDBITS), -

1161 sizeof(fd_mask)); -

1162 -

1163

for (i = 0; i < num_listen_socks; i++)

i < num_listen_socks	Description
TRUE	never evaluated
FALSE	never evaluated

1164

FD_SET(listen_socks[i], fdset);

never executed: kludge_FD_SET(listen_socks[i], fdset);

1165

for (i = 0; i < options.max_startups; i++)

i < options.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

1166

if (startup_pipes[i] != -1)

startup_pipes[i] != -1	Description
TRUE	never evaluated
FALSE	never evaluated

1167

FD_SET(startup_pipes[i], fdset);

never executed: kludge_FD_SET(startup_pipes[i], fdset);

1168 -

1169 /* Wait in select until there is a connection. */ -

1170 ret = select(maxfd+1, fdset, NULL, NULL, NULL); -

1171

if (ret < 0 && errno != EINTR)

ret < 0	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) != 4	Description
TRUE	never evaluated
FALSE	never evaluated

1172

error("select: %.100s", strerror(errno));

never executed: error("select: %.100s", strerror( (*__errno_location ()) ));

1173

if (received_sigterm) {

received_sigterm	Description
TRUE	never evaluated
FALSE	never evaluated

1174 logit("Received signal %d; terminating.", -

1175 (int) received_sigterm); -

1176 close_listen_socks(); -

1177

if (options.pid_file != NULL)

options.pid_fi...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1178

unlink(options.pid_file);

never executed: unlink(options.pid_file);

1179

exit(received_sigterm == SIGTERM ? 0 : 255);

never executed: exit(received_sigterm == 15 ? 0 : 255);

1180 } -

1181

if (ret < 0)

ret < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1182

continue;

never executed: continue;

1183 -

1184

for (i = 0; i < options.max_startups; i++)

i < options.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

1185

if (startup_pipes[i] != -1 &&

startup_pipes[i] != -1	Description
TRUE	never evaluated
FALSE	never evaluated

1186

FD_ISSET(startup_pipes[i], fdset)) {

kludge_FD_ISSE...pes[i], fdset)	Description
TRUE	never evaluated
FALSE	never evaluated

1187 /* -

1188 * the read end of the pipe is ready -

1189 * if the child has closed the pipe -

1190 * after successful authentication -

1191 * or if the child has died -

1192 */ -

1193 close(startup_pipes[i]); -

1194 startup_pipes[i] = -1; -

1195 startups--; -

1196

}

never executed: end of block

1197

for (i = 0; i < num_listen_socks; i++) {

i < num_listen_socks	Description
TRUE	never evaluated
FALSE	never evaluated

1198

if (!FD_ISSET(listen_socks[i], fdset))

!kludge_FD_ISS...cks[i], fdset)	Description
TRUE	never evaluated
FALSE	never evaluated

1199

continue;

never executed: continue;

1200 fromlen = sizeof(from); -

1201 *newsock = accept(listen_socks[i], -

1202 (struct sockaddr *)&from, &fromlen); -

1203

if (*newsock < 0) {

*newsock < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1204

if (errno != EINTR && errno != EWOULDBLOCK &&

(*__errno_location ()) != 4	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) != 11	Description
TRUE	never evaluated
FALSE	never evaluated

1205

errno != ECONNABORTED && errno != EAGAIN)

(*__errno_location ()) != 103	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) != 11	Description
TRUE	never evaluated
FALSE	never evaluated

1206

error("accept: %.100s",

never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));

1207

strerror(errno));

never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));

1208

if (errno == EMFILE || errno == ENFILE)

(*__errno_location ()) == 24	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) == 23	Description
TRUE	never evaluated
FALSE	never evaluated

1209

usleep(100 * 1000);

never executed: usleep(100 * 1000);

1210

continue;

never executed: continue;

1211 } -

1212

if (unset_nonblock(*newsock) == -1) {

unset_nonblock(*newsock) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1213 close(*newsock); -

1214

continue;

never executed: continue;

1215 } -

1216

if (drop_connection(startups) == 1) {

drop_connection(startups) == 1	Description
TRUE	never evaluated
FALSE	never evaluated

1217 char *laddr = get_local_ipaddr(*newsock); -

1218 char *raddr = get_peer_ipaddr(*newsock); -

1219 -

1220 verbose("drop connection #%d from [%s]:%d " -

1221 "on [%s]:%d past MaxStartups", startups, -

1222 raddr, get_peer_port(*newsock), -

1223 laddr, get_local_port(*newsock)); -

1224 free(laddr); -

1225 free(raddr); -

1226 close(*newsock); -

1227

continue;

never executed: continue;

1228 } -

1229

if (pipe(startup_p) == -1) {

pipe(startup_p) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1230 close(*newsock); -

1231

continue;

never executed: continue;

1232 } -

1233 -

1234

if (rexec_flag && socketpair(AF_UNIX,

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

socketpair( 1 ...onfig_s) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1235

SOCK_STREAM, 0, config_s) == -1) {

socketpair( 1 ...onfig_s) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1236 error("reexec socketpair: %s", -

1237 strerror(errno)); -

1238 close(*newsock); -

1239 close(startup_p[0]); -

1240 close(startup_p[1]); -

1241

continue;

never executed: continue;

1242 } -

1243 -

1244

for (j = 0; j < options.max_startups; j++)

j < options.max_startups	Description
TRUE	never evaluated
FALSE	never evaluated

1245

if (startup_pipes[j] == -1) {

startup_pipes[j] == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1246 startup_pipes[j] = startup_p[0]; -

1247

if (maxfd < startup_p[0])

maxfd < startup_p[0]	Description
TRUE	never evaluated
FALSE	never evaluated

1248

maxfd = startup_p[0];

never executed: maxfd = startup_p[0];

1249 startups++; -

1250

break;

never executed: break;

1251 } -

1252 -

1253 /* -

1254 * Got connection. Fork a child to handle it, unless -

1255 * we are in debugging mode. -

1256 */ -

1257

if (debug_flag) {

debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1258 /* -

1259 * In debugging mode. Close the listening -

1260 * socket, and start processing the -

1261 * connection without forking. -

1262 */ -

1263 debug("Server will not fork when running in debugging mode."); -

1264 close_listen_socks(); -

1265 *sock_in = *newsock; -

1266 *sock_out = *newsock; -

1267 close(startup_p[0]); -

1268 close(startup_p[1]); -

1269 startup_pipe = -1; -

1270 pid = getpid(); -

1271

if (rexec_flag) {

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1272 send_rexec_state(config_s[0], cfg); -

1273 close(config_s[0]); -

1274

}

never executed: end of block

1275

break;

never executed: break;

1276 } -

1277 -

1278 /* -

1279 * Normal production daemon. Fork, and have -

1280 * the child process the connection. The -

1281 * parent continues listening. -

1282 */ -

1283 platform_pre_fork(); -

1284

if ((pid = fork()) == 0) {

(pid = fork()) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1285 /* -

1286 * Child. Close the listening and -

1287 * max_startup sockets. Start using -

1288 * the accepted socket. Reinitialize -

1289 * logging (since our pid has changed). -

1290 * We break out of the loop to handle -

1291 * the connection. -

1292 */ -

1293 platform_post_fork_child(); -

1294 startup_pipe = startup_p[1]; -

1295 close_startup_pipes(); -

1296 close_listen_socks(); -

1297 *sock_in = *newsock; -

1298 *sock_out = *newsock; -

1299 log_init(__progname, -

1300 options.log_level, -

1301 options.log_facility, -

1302 log_stderr); -

1303

if (rexec_flag)

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1304

close(config_s[0]);

never executed: close(config_s[0]);

1305

break;

never executed: break;

1306 } -

1307 -

1308 /* Parent. Stay in the loop. */ -

1309 platform_post_fork_parent(pid); -

1310

if (pid < 0)

pid < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1311

error("fork: %.100s", strerror(errno));

never executed: error("fork: %.100s", strerror( (*__errno_location ()) ));

1312 else -

1313

debug("Forked child %ld.", (long)pid);

never executed: debug("Forked child %ld.", (long)pid);

1314 -

1315 close(startup_p[1]); -

1316 -

1317

if (rexec_flag) {

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1318 send_rexec_state(config_s[0], cfg); -

1319 close(config_s[0]); -

1320 close(config_s[1]); -

1321

}

never executed: end of block

1322 close(*newsock); -

1323 -

1324 /* -

1325 * Ensure that our random state differs -

1326 * from that of the child -

1327 */ -

1328 arc4random_stir(); -

1329 arc4random_buf(rnd, sizeof(rnd)); -

1330 #ifdef WITH_OPENSSL -

1331 RAND_seed(rnd, sizeof(rnd)); -

1332

if ((RAND_bytes((u_char *)rnd, 1)) != 1)

(RAND_bytes((u...)rnd, 1)) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

1333

fatal("%s: RAND_bytes failed", __func__);

never executed: fatal("%s: RAND_bytes failed", __func__);

1334 #endif -

1335 explicit_bzero(rnd, sizeof(rnd)); -

1336

}

never executed: end of block

1337 -

1338 /* child process check (or debug mode) */ -

1339

if (num_listen_socks < 0)

num_listen_socks < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1340

break;

never executed: break;

1341

}

never executed: end of block

1342

}

never executed: end of block

1343 -

1344 /* -

1345 * If IP options are supported, make sure there are none (log and -

1346 * return an error if any are found). Basically we are worried about -

1347 * source routing; it can be used to pretend you are somebody -

1348 * (ip-address) you are not. That itself may be "almost acceptable" -

1349 * under certain circumstances, but rhosts authentication is useless -

1350 * if source routing is accepted. Notice also that if we just dropped -

1351 * source routing here, the other side could use IP spoofing to do -

1352 * rest of the interaction and could still bypass security. So we -

1353 * exit here if we detect any IP options. -

1354 */ -

1355 static void -

1356 check_ip_options(struct ssh *ssh) -

1357 { -

1358 #ifdef IP_OPTIONS -

1359 int sock_in = ssh_packet_get_connection_in(ssh); -

1360 struct sockaddr_storage from; -

1361 u_char opts[200]; -

1362 socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from); -

1363 char text[sizeof(opts) * 3 + 1]; -

1364 -

1365 memset(&from, 0, sizeof(from)); -

1366

if (getpeername(sock_in, (struct sockaddr *)&from,

getpeername(so... &fromlen) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1367

&fromlen) < 0)

getpeername(so... &fromlen) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1368

return;

never executed: return;

1369

if (from.ss_family != AF_INET)

from.ss_family != 2	Description
TRUE	never evaluated
FALSE	never evaluated

1370

return;

never executed: return;

1371 /* XXX IPv6 options? */ -

1372 -

1373

if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,

getsockopt(soc...ion_size) >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

1374

&option_size) >= 0 && option_size != 0) {

getsockopt(soc...ion_size) >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

option_size != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1375 text[0] = '\0'; -

1376

for (i = 0; i < option_size; i++)

i < option_size	Description
TRUE	never evaluated
FALSE	never evaluated

1377

snprintf(text + i*3, sizeof(text) - i*3,

never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]);

1378

" %2.2x", opts[i]);

never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]);

1379 fatal("Connection from %.100s port %d with IP opts: %.800s", -

1380 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); -

1381

}

never executed: end of block

1382

return;

never executed: return;

1383 #endif /* IP_OPTIONS */ -

1384 } -

1385 -

1386 /* Set the routing domain for this process */ -

1387 static void -

1388 set_process_rdomain(struct ssh *ssh, const char *name) -

1389 { -

1390 #if defined(HAVE_SYS_SET_PROCESS_RDOMAIN) -

1391 if (name == NULL) -

1392 return; /* default */ -

1393 -

1394 if (strcmp(name, "%D") == 0) { -

1395 /* "expands" to routing domain of connection */ -

1396 if ((name = ssh_packet_rdomain_in(ssh)) == NULL) -

1397 return; -

1398 } -

1399 /* NB. We don't pass 'ssh' to sys_set_process_rdomain() */ -

1400 return sys_set_process_rdomain(name); -

1401 #elif defined(__OpenBSD__) -

1402 int rtable, ortable = getrtable(); -

1403 const char *errstr; -

1404 -

1405 if (name == NULL) -

1406 return; /* default */ -

1407 -

1408 if (strcmp(name, "%D") == 0) { -

1409 /* "expands" to routing domain of connection */ -

1410 if ((name = ssh_packet_rdomain_in(ssh)) == NULL) -

1411 return; -

1412 } -

1413 -

1414 rtable = (int)strtonum(name, 0, 255, &errstr); -

1415 if (errstr != NULL) /* Shouldn't happen */ -

1416 fatal("Invalid routing domain \"%s\": %s", name, errstr); -

1417 if (rtable != ortable && setrtable(rtable) != 0) -

1418 fatal("Unable to set routing domain %d: %s", -

1419 rtable, strerror(errno)); -

1420 debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable); -

1421 #else /* defined(__OpenBSD__) */ -

1422 fatal("Unable to set routing domain: not supported in this platform"); -

1423 #endif -

1424

}

never executed: end of block

1425 -

1426 static void -

1427 accumulate_host_timing_secret(struct sshbuf *server_cfg, -

1428 const struct sshkey *key) -

1429 { -

1430 static struct ssh_digest_ctx *ctx; -

1431 u_char *hash; -

1432 size_t len; -

1433 struct sshbuf *buf; -

1434 int r; -

1435 -

1436

if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)

ctx == ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

(ctx = ssh_dig...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-4

1437

fatal("%s: ssh_digest_start", __func__);

never executed: fatal("%s: ssh_digest_start", __func__);

1438

if (key == NULL) { /* finalize */

key == ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

2-4

1439 /* add server config in case we are using agent for host keys */ -

1440

if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),

ssh_digest_upd...ver_cfg)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1441

sshbuf_len(server_cfg)) != 0)

ssh_digest_upd...ver_cfg)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1442

fatal("%s: ssh_digest_update", __func__);

never executed: fatal("%s: ssh_digest_update", __func__);

1443 len = ssh_digest_bytes(SSH_DIGEST_SHA512); -

1444 hash = xmalloc(len); -

1445

if (ssh_digest_final(ctx, hash, len) != 0)

ssh_digest_fin...ash, len) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1446

fatal("%s: ssh_digest_final", __func__);

never executed: fatal("%s: ssh_digest_final", __func__);

1447 options.timing_secret = PEEK_U64(hash); -

1448 freezero(hash, len); -

1449 ssh_digest_free(ctx); -

1450 ctx = NULL; -

1451

return;

executed 2 times by 1 test: return;

Executed by:

sshd

1452 } -

1453

if ((buf = sshbuf_new()) == NULL)

(buf = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1454

fatal("%s could not allocate buffer", __func__);

never executed: fatal("%s could not allocate buffer", __func__);

1455

if ((r = sshkey_private_serialize(key, buf)) != 0)

(r = sshkey_pr...ey, buf)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1456

fatal("sshkey_private_serialize: %s", ssh_err(r));

never executed: fatal("sshkey_private_serialize: %s", ssh_err(r));

1457

if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0)

ssh_digest_upd...len(buf)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1458

fatal("%s: ssh_digest_update", __func__);

never executed: fatal("%s: ssh_digest_update", __func__);

1459 sshbuf_reset(buf); -

1460 sshbuf_free(buf); -

1461

}

executed 4 times by 1 test: end of block

Executed by:

sshd

1462 -

1463 /* -

1464 * Main program for the daemon. -

1465 */ -

1466 int -

1467 main(int ac, char **av) -

1468 { -

1469 struct ssh *ssh = NULL; -

1470 extern char *optarg; -

1471 extern int optind; -

1472 int r, opt, on = 1, already_daemon, remote_port; -

1473 int sock_in = -1, sock_out = -1, newsock = -1; -

1474 const char *remote_ip, *rdomain; -

1475 char *fp, *line, *laddr, *logfile = NULL; -

1476 int config_s[2] = { -1 , -1 }; -

1477 u_int i, j; -

1478 u_int64_t ibytes, obytes; -

1479 mode_t new_umask; -

1480 struct sshkey *key; -

1481 struct sshkey *pubkey; -

1482 int keytype; -

1483 Authctxt *authctxt; -

1484 struct connection_info *connection_info = NULL; -

1485 -

1486 ssh_malloc_init(); /* must be called before any mallocs */ -

1487 -

1488 #ifdef HAVE_SECUREWARE -

1489 (void)set_auth_parameters(ac, av); -

1490 #endif -

1491 __progname = ssh_get_progname(av[0]); -

1492 -

1493 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -

1494 saved_argc = ac; -

1495 rexec_argc = ac; -

1496 saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); -

1497

for (i = 0; (int)i < ac; i++)

(int)i < ac	Description
TRUE	evaluated 8 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-8

1498

saved_argv[i] = xstrdup(av[i]);

executed 8 times by 1 test: saved_argv[i] = xstrdup(av[i]);

Executed by:

sshd

1499 saved_argv[i] = NULL; -

1500 -

1501 #ifndef HAVE_SETPROCTITLE -

1502 /* Prepare for later setproctitle emulation */ -

1503 compat_init_setproctitle(ac, av); -

1504 av = saved_argv; -

1505 #endif -

1506 -

1507

if (geteuid() == 0 && setgroups(0, NULL) == -1)

geteuid() == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

setgroups(0, (...d *)0) ) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

0-2

1508

debug("setgroups(): %.200s", strerror(errno));

never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) ));

1509 -

1510 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ -

1511 sanitise_stdfd(); -

1512 -

1513 /* Initialize configuration options to their default values. */ -

1514 initialize_server_options(&options); -

1515 -

1516 /* Parse command-line arguments. */ -

1517

while ((opt = getopt(ac, av,

(opt = BSDgeto...iqrt") ) != -1	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-4

1518

"C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")) != -1) {

(opt = BSDgeto...iqrt") ) != -1	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-4

1519 switch (opt) { -

1520

case '4':

never executed: case '4':

1521 options.address_family = AF_INET; -

1522

break;

never executed: break;

1523

case '6':

never executed: case '6':

1524 options.address_family = AF_INET6; -

1525

break;

never executed: break;

1526

case 'f':

executed 2 times by 1 test: case 'f':

Executed by:

sshd

1527 config_file_name = optarg; -

1528

break;

executed 2 times by 1 test: break;

Executed by:

sshd

1529

case 'c':

never executed: case 'c':

1530 servconf_add_hostcert("[command-line]", 0, -

1531 &options, optarg); -

1532

break;

never executed: break;

1533

case 'd':

never executed: case 'd':

1534

if (debug_flag == 0) {

debug_flag == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1535 debug_flag = 1; -

1536 options.log_level = SYSLOG_LEVEL_DEBUG1; -

1537

} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)

never executed: end of block

options.log_le...G_LEVEL_DEBUG3	Description
TRUE	never evaluated
FALSE	never evaluated

1538

options.log_level++;

never executed: options.log_level++;

1539

break;

never executed: break;

1540

case 'D':

never executed: case 'D':

1541 no_daemon_flag = 1; -

1542

break;

never executed: break;

1543

case 'E':

never executed: case 'E':

1544 logfile = optarg; -

1545 /* FALLTHROUGH */ -

1546

case 'e':

code before this statement never executed: case 'e':

never executed: case 'e':

1547 log_stderr = 1; -

1548

break;

never executed: break;

1549

case 'i':

never executed: case 'i':

1550 inetd_flag = 1; -

1551

break;

never executed: break;

1552

case 'r':

never executed: case 'r':

1553 rexec_flag = 0; -

1554

break;

never executed: break;

1555

case 'R':

never executed: case 'R':

1556 rexeced_flag = 1; -

1557 inetd_flag = 1; -

1558

break;

never executed: break;

1559

case 'Q':

never executed: case 'Q':

1560 /* ignored */ -

1561

break;

never executed: break;

1562

case 'q':

never executed: case 'q':

1563 options.log_level = SYSLOG_LEVEL_QUIET; -

1564

break;

never executed: break;

1565

case 'b':

never executed: case 'b':

1566 /* protocol 1, ignored */ -

1567

break;

never executed: break;

1568

case 'p':

never executed: case 'p':

1569 options.ports_from_cmdline = 1; -

1570

if (options.num_ports >= MAX_PORTS) {

options.num_ports >= 256	Description
TRUE	never evaluated
FALSE	never evaluated

1571 fprintf(stderr, "too many ports.\n"); -

1572

exit(1);

never executed: exit(1);

1573 } -

1574 options.ports[options.num_ports++] = a2port(optarg); -

1575

if (options.ports[options.num_ports-1] <= 0) {

options.ports[..._ports-1] <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

1576 fprintf(stderr, "Bad port number.\n"); -

1577

exit(1);

never executed: exit(1);

1578 } -

1579

break;

never executed: break;

1580

case 'g':

never executed: case 'g':

1581

if ((options.login_grace_time = convtime(optarg)) == -1) {

(options.login...optarg)) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1582 fprintf(stderr, "Invalid login grace time.\n"); -

1583

exit(1);

never executed: exit(1);

1584 } -

1585

break;

never executed: break;

1586

case 'k':

never executed: case 'k':

1587 /* protocol 1, ignored */ -

1588

break;

never executed: break;

1589

case 'h':

never executed: case 'h':

1590 servconf_add_hostkey("[command-line]", 0, -

1591 &options, optarg); -

1592

break;

never executed: break;

1593

case 't':

executed 2 times by 1 test: case 't':

Executed by:

sshd

1594 test_flag = 1; -

1595

break;

executed 2 times by 1 test: break;

Executed by:

sshd

1596

case 'T':

never executed: case 'T':

1597 test_flag = 2; -

1598

break;

never executed: break;

1599

case 'C':

never executed: case 'C':

1600 connection_info = get_connection_info(0, 0); -

1601

if (parse_server_match_testspec(connection_info,

parse_server_m...Doptarg) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1602

optarg) == -1)

parse_server_m...Doptarg) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1603

exit(1);

never executed: exit(1);

1604

break;

never executed: break;

1605

case 'u':

never executed: case 'u':

1606 utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL); -

1607

if (utmp_len > HOST_NAME_MAX+1) {

utmp_len > 64 +1	Description
TRUE	never evaluated
FALSE	never evaluated

1608 fprintf(stderr, "Invalid utmp length.\n"); -

1609

exit(1);

never executed: exit(1);

1610 } -

1611

break;

never executed: break;

1612

case 'o':

never executed: case 'o':

1613 line = xstrdup(optarg); -

1614

if (process_server_config_line(&options, line,

process_server...id *)0) ) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1615

"command-line", 0, NULL, NULL) != 0)

process_server...id *)0) ) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1616

exit(1);

never executed: exit(1);

1617 free(line); -

1618

break;

never executed: break;

1619

case '?':

never executed: case '?':

1620

default:

never executed: default:

1621 usage(); -

1622

break;

never executed: break;

1623 } -

1624 } -

1625

if (rexeced_flag || inetd_flag)

rexeced_flag	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

inetd_flag	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1626

rexec_flag = 0;

never executed: rexec_flag = 0;

1627

if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))

!test_flag	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

av[0] == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

*av[0] != '/'	Description
TRUE	never evaluated
FALSE	never evaluated

0-2

1628

fatal("sshd re-exec requires execution with an absolute path");

never executed: fatal("sshd re-exec requires execution with an absolute path");

1629

if (rexeced_flag)

rexeced_flag	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1630

closefrom(REEXEC_MIN_FREE_FD);

never executed: closefrom(( 2 + 4));

1631 else -

1632

closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);

executed 2 times by 1 test: closefrom(( 2 + 1));

Executed by:

sshd

1633 -

1634 #ifdef WITH_OPENSSL -

1635 OpenSSL_add_all_algorithms(); -

1636 #endif -

1637 -

1638 /* If requested, redirect the logs to the specified logfile. */ -

1639

if (logfile != NULL)

logfile != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1640

log_redirect_stderr_to(logfile);

never executed: log_redirect_stderr_to(logfile);

1641 /* -

1642 * Force logging to stderr until we have loaded the private host -

1643 * key (unless started from inetd) -

1644 */ -

1645 log_init(__progname, -

1646 options.log_level == SYSLOG_LEVEL_NOT_SET ? -

1647 SYSLOG_LEVEL_INFO : options.log_level, -

1648 options.log_facility == SYSLOG_FACILITY_NOT_SET ? -

1649 SYSLOG_FACILITY_AUTH : options.log_facility, -

1650 log_stderr || !inetd_flag); -

1651 -

1652 /* -

1653 * Unset KRB5CCNAME, otherwise the user's session may inherit it from -

1654 * root's environment -

1655 */ -

1656

if (getenv("KRB5CCNAME") != NULL)

getenv("KRB5CC...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1657

(void) unsetenv("KRB5CCNAME");

never executed: (void) unsetenv("KRB5CCNAME");

1658 -

1659 sensitive_data.have_ssh2_key = 0; -

1660 -

1661 /* -

1662 * If we're not doing an extended test do not silently ignore connection -

1663 * test params. -

1664 */ -

1665

if (test_flag < 2 && connection_info != NULL)

test_flag < 2	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

connection_info != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1666

fatal("Config test connection parameter (-C) provided without "

never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)");

1667

"test mode (-T)");

never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)");

1668 -

1669 /* Fetch our configuration */ -

1670

if ((cfg = sshbuf_new()) == NULL)

(cfg = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1671

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

1672

if (rexeced_flag)

rexeced_flag	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1673

recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);

never executed: recv_rexec_state(( 2 + 3), cfg);

1674

else if (strcasecmp(config_file_name, "none") != 0)

strcasecmp(con..., "none") != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1675

load_server_config(config_file_name, cfg);

executed 2 times by 1 test: load_server_config(config_file_name, cfg);

Executed by:

sshd

1676 -

1677 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, -

1678 cfg, NULL); -

1679 -

1680 seed_rng(); -

1681 -

1682 /* Fill in default values for those options not explicitly set. */ -

1683 fill_default_server_options(&options); -

1684 -

1685 /* challenge-response is implemented via keyboard interactive */ -

1686

if (options.challenge_response_authentication)

options.challe...authentication	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1687

options.kbd_interactive_authentication = 1;

executed 2 times by 1 test: options.kbd_interactive_authentication = 1;

Executed by:

sshd

1688 -

1689 /* Check that options are sensible */ -

1690

if (options.authorized_keys_command_user == NULL &&

options.author...== ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1691

(options.authorized_keys_command != NULL &&

options.author...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1692

strcasecmp(options.authorized_keys_command, "none") != 0))

strcasecmp(opt..., "none") != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1693

fatal("AuthorizedKeysCommand set without "

never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser");

1694

"AuthorizedKeysCommandUser");

never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser");

1695

if (options.authorized_principals_command_user == NULL &&

options.author...== ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1696

(options.authorized_principals_command != NULL &&

options.author...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1697

strcasecmp(options.authorized_principals_command, "none") != 0))

strcasecmp(opt..., "none") != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1698

fatal("AuthorizedPrincipalsCommand set without "

never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser");

1699

"AuthorizedPrincipalsCommandUser");

never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser");

1700 -

1701 /* -

1702 * Check whether there is any path through configured auth methods. -

1703 * Unfortunately it is not possible to verify this generally before -

1704 * daemonisation in the presence of Match block, but this catches -

1705 * and warns for trivial misconfigurations that could break login. -

1706 */ -

1707

if (options.num_auth_methods != 0) {

options.num_auth_methods != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1708

for (i = 0; i < options.num_auth_methods; i++) {

i < options.num_auth_methods	Description
TRUE	never evaluated
FALSE	never evaluated

1709

if (auth2_methods_valid(options.auth_methods[i],

auth2_methods_...ds[i], 1) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1710

1) == 0)

auth2_methods_...ds[i], 1) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1711

break;

never executed: break;

1712

}

never executed: end of block

1713

if (i >= options.num_auth_methods)

i >= options.num_auth_methods	Description
TRUE	never evaluated
FALSE	never evaluated

1714

fatal("AuthenticationMethods cannot be satisfied by "

never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods");

1715

"enabled authentication methods");

never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods");

1716

}

never executed: end of block

1717 -

1718 /* Check that there are no remaining arguments. */ -

1719

if (optind < ac) {

BSDoptind < ac	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1720 fprintf(stderr, "Extra argument %s.\n", av[optind]); -

1721

exit(1);

never executed: exit(1);

1722 } -

1723 -

1724 debug("sshd version %s, %s", SSH_VERSION, -

1725 #ifdef WITH_OPENSSL -

1726 SSLeay_version(SSLEAY_VERSION) -

1727 #else -

1728 "without OpenSSL" -

1729 #endif -

1730 ); -

1731 -

1732 /* Store privilege separation user for later use if required. */ -

1733

privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);

use_privsep	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

getuid() == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

geteuid() == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1734

if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {

(privsep_pw = ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1735

if (privsep_chroot || options.kerberos_authentication)

privsep_chroot	Description
TRUE	never evaluated
FALSE	never evaluated

options.kerber...authentication	Description
TRUE	never evaluated
FALSE	never evaluated

1736

fatal("Privilege separation user %s does not exist",

never executed: fatal("Privilege separation user %s does not exist", "nobody");

1737

SSH_PRIVSEP_USER);

never executed: fatal("Privilege separation user %s does not exist", "nobody");

1738

} else {

never executed: end of block

1739 privsep_pw = pwcopy(privsep_pw); -

1740 freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); -

1741 privsep_pw->pw_passwd = xstrdup("*"); -

1742

}

executed 2 times by 1 test: end of block

Executed by:

sshd

1743 endpwent(); -

1744 -

1745 /* load host keys */ -

1746 sensitive_data.host_keys = xcalloc(options.num_host_key_files, -

1747 sizeof(struct sshkey *)); -

1748 sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, -

1749 sizeof(struct sshkey *)); -

1750 -

1751

if (options.host_key_agent) {

options.host_key_agent	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1752

if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))

never executed: __result = (((const unsigned char *) (const char *) ( options.host_key_agent ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]);

never executed: end of block

__extension__ ...SOCK" )))); })	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1753

setenv(SSH_AUTHSOCKET_ENV_NAME,

never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1);

1754

options.host_key_agent, 1);

never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1);

1755

if ((r = ssh_get_authentication_socket(NULL)) == 0)

(r = ssh_get_a...d *)0) )) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1756

have_agent = 1;

never executed: have_agent = 1;

1757 else -

1758

error("Could not connect to agent \"%s\": %s",

never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r));

1759

options.host_key_agent, ssh_err(r));

never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r));

1760 } -

1761 -

1762

for (i = 0; i < options.num_host_key_files; i++) {

i < options.num_host_key_files	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-4

1763

if (options.host_key_files[i] == NULL)

options.host_k...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1764

continue;

never executed: continue;

1765

if ((r = sshkey_load_private(options.host_key_files[i], "",

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1766

&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

r != -24	Description
TRUE	never evaluated
FALSE	never evaluated

0-4

1767

error("Error loading host key \"%s\": %s",

never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));

1768

options.host_key_files[i], ssh_err(r));

never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));

1769

if ((r = sshkey_load_public(options.host_key_files[i],

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

1770

&pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

r != -24	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1771

error("Error loading host key \"%s\": %s",

never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));

1772

options.host_key_files[i], ssh_err(r));

never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));

1773

if (pubkey == NULL && key != NULL)

pubkey == ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

key != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1774

if ((r = sshkey_from_private(key, &pubkey)) != 0)

(r = sshkey_fr...&pubkey)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1775

fatal("Could not demote key: \"%s\": %s",

never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r));

1776

options.host_key_files[i], ssh_err(r));

never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r));

1777 sensitive_data.host_keys[i] = key; -

1778 sensitive_data.host_pubkeys[i] = pubkey; -

1779 -

1780

if (key == NULL && pubkey != NULL && have_agent) {

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

pubkey != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

have_agent	Description
TRUE	never evaluated
FALSE	never evaluated

0-4

1781 debug("will rely on agent for hostkey %s", -

1782 options.host_key_files[i]); -

1783 keytype = pubkey->type; -

1784

} else if (key != NULL) {

never executed: end of block

key != ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-4

1785 keytype = key->type; -

1786 accumulate_host_timing_secret(cfg, key); -

1787

} else {

executed 4 times by 1 test: end of block

Executed by:

sshd

1788 error("Could not load host key: %s", -

1789 options.host_key_files[i]); -

1790 sensitive_data.host_keys[i] = NULL; -

1791 sensitive_data.host_pubkeys[i] = NULL; -

1792

continue;

never executed: continue;

1793 } -

1794 -

1795 switch (keytype) { -

1796

case KEY_RSA:

executed 2 times by 1 test: case KEY_RSA:

Executed by:

sshd

1797

case KEY_DSA:

never executed: case KEY_DSA:

1798

case KEY_ECDSA:

never executed: case KEY_ECDSA:

1799

case KEY_ED25519:

executed 2 times by 1 test: case KEY_ED25519:

Executed by:

sshd

1800

case KEY_XMSS:

never executed: case KEY_XMSS:

1801

if (have_agent || key != NULL)

have_agent	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

key != ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-4

1802

sensitive_data.have_ssh2_key = 1;

executed 4 times by 1 test: sensitive_data.have_ssh2_key = 1;

Executed by:

sshd

1803

break;

executed 4 times by 1 test: break;

Executed by:

sshd

1804 } -

1805

if ((fp = sshkey_fingerprint(pubkey, options.fingerprint_hash,

(fp = sshkey_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1806

SSH_FP_DEFAULT)) == NULL)

(fp = sshkey_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

0-4

1807

fatal("sshkey_fingerprint failed");

never executed: fatal("sshkey_fingerprint failed");

1808 debug("%s host key #%d: %s %s", -

1809 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); -

1810 free(fp); -

1811

}

executed 4 times by 1 test: end of block

Executed by:

sshd

1812 accumulate_host_timing_secret(cfg, NULL); -

1813

if (!sensitive_data.have_ssh2_key) {

!sensitive_data.have_ssh2_key	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1814 logit("sshd: no hostkeys available -- exiting."); -

1815

exit(1);

never executed: exit(1);

1816 } -

1817 -

1818 /* -

1819 * Load certificates. They are stored in an array at identical -

1820 * indices to the public keys that they relate to. -

1821 */ -

1822 sensitive_data.host_certificates = xcalloc(options.num_host_key_files, -

1823 sizeof(struct sshkey *)); -

1824

for (i = 0; i < options.num_host_key_files; i++)

i < options.num_host_key_files	Description
TRUE	evaluated 4 times by 1 test Evaluated by: sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-4

1825

sensitive_data.host_certificates[i] = NULL;

executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ;

Executed by:

sshd

1826 -

1827

for (i = 0; i < options.num_host_cert_files; i++) {

i < options.nu...ost_cert_files	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1828

if (options.host_cert_files[i] == NULL)

options.host_c...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1829

continue;

never executed: continue;

1830

if ((r = sshkey_load_public(options.host_cert_files[i],

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1831

&key, NULL)) != 0) {

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1832 error("Could not load host certificate \"%s\": %s", -

1833 options.host_cert_files[i], ssh_err(r)); -

1834

continue;

never executed: continue;

1835 } -

1836

if (!sshkey_is_cert(key)) {

!sshkey_is_cert(key)	Description
TRUE	never evaluated
FALSE	never evaluated

1837 error("Certificate file is not a certificate: %s", -

1838 options.host_cert_files[i]); -

1839 sshkey_free(key); -

1840

continue;

never executed: continue;

1841 } -

1842 /* Find matching private key */ -

1843

for (j = 0; j < options.num_host_key_files; j++) {

j < options.num_host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

1844

if (sshkey_equal_public(key,

sshkey_equal_p....host_keys[j])	Description
TRUE	never evaluated
FALSE	never evaluated

1845

sensitive_data.host_keys[j])) {

sshkey_equal_p....host_keys[j])	Description
TRUE	never evaluated
FALSE	never evaluated

1846 sensitive_data.host_certificates[j] = key; -

1847

break;

never executed: break;

1848 } -

1849

}

never executed: end of block

1850

if (j >= options.num_host_key_files) {

j >= options.n...host_key_files	Description
TRUE	never evaluated
FALSE	never evaluated

1851 error("No matching private key for certificate: %s", -

1852 options.host_cert_files[i]); -

1853 sshkey_free(key); -

1854

continue;

never executed: continue;

1855 } -

1856 sensitive_data.host_certificates[j] = key; -

1857 debug("host certificate: #%u type %d %s", j, key->type, -

1858 sshkey_type(key)); -

1859

}

never executed: end of block

1860 -

1861

if (privsep_chroot) {

privsep_chroot	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1862 struct stat st; -

1863 -

1864

if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||

(stat("/var/ru...", &st) == -1)	Description
TRUE	never evaluated
FALSE	never evaluated

1865

(S_ISDIR(st.st_mode) == 0))

( (((( st.st_m...040000)) == 0)	Description
TRUE	never evaluated
FALSE	never evaluated

1866

fatal("Missing privilege separation directory: %s",

never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test");

1867

_PATH_PRIVSEP_CHROOT_DIR);

never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test");

1868 -

1869 #ifdef HAVE_CYGWIN -

1870 if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && -

1871 (st.st_uid != getuid () || -

1872 (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) -

1873 #else -

1874

if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)

st.st_uid != 0	Description
TRUE	never evaluated
FALSE	never evaluated

(st.st_mode & ... >> 3) )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1875 #endif -

1876

fatal("%s must be owned by root and not group or "

never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test");

1877

"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test");

1878

}

never executed: end of block

1879 -

1880

if (test_flag > 1) {

test_flag > 1	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

0-2

1881 /* -

1882 * If no connection info was provided by -C then use -

1883 * use a blank one that will cause no predicate to match. -

1884 */ -

1885

if (connection_info == NULL)

connection_info == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1886

connection_info = get_connection_info(0, 0);

never executed: connection_info = get_connection_info(0, 0);

1887 parse_server_match_config(&options, connection_info); -

1888 dump_config(&options); -

1889

}

never executed: end of block

1890 -

1891 /* Configuration looks good, so exit if in test mode. */ -

1892

if (test_flag)

test_flag	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	never evaluated

0-2

1893

exit(0);

executed 2 times by 1 test: exit(0);

Executed by:

sshd

1894 -

1895 /* -

1896 * Clear out any supplemental groups we may have inherited. This -

1897 * prevents inadvertent creation of files with bad modes (in the -

1898 * portable version at least, it's certainly possible for PAM -

1899 * to create a file, and we can't control the code in every -

1900 * module which might be used). -

1901 */ -

1902

if (setgroups(0, NULL) < 0)

setgroups(0, ((void *)0) ) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1903

debug("setgroups() failed: %.200s", strerror(errno));

never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) ));

1904 -

1905

if (rexec_flag) {

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1906

if (rexec_argc < 0)

rexec_argc < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1907

fatal("rexec_argc %d < 0", rexec_argc);

never executed: fatal("rexec_argc %d < 0", rexec_argc);

1908 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); -

1909

for (i = 0; i < (u_int)rexec_argc; i++) {

i < (u_int)rexec_argc	Description
TRUE	never evaluated
FALSE	never evaluated

1910 debug("rexec_argv[%d]='%s'", i, saved_argv[i]); -

1911 rexec_argv[i] = saved_argv[i]; -

1912

}

never executed: end of block

1913 rexec_argv[rexec_argc] = "-R"; -

1914 rexec_argv[rexec_argc + 1] = NULL; -

1915

}

never executed: end of block

1916 -

1917 /* Ensure that umask disallows at least group and world write */ -

1918 new_umask = umask(0077) | 0022; -

1919 (void) umask(new_umask); -

1920 -

1921 /* Initialize the log (it is reinitialized below in case we forked). */ -

1922

if (debug_flag && (!inetd_flag || rexeced_flag))

debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

!inetd_flag	Description
TRUE	never evaluated
FALSE	never evaluated

rexeced_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1923

log_stderr = 1;

never executed: log_stderr = 1;

1924 log_init(__progname, options.log_level, options.log_facility, log_stderr); -

1925 -

1926 /* -

1927 * If not in debugging mode, not started from inetd and not already -

1928 * daemonized (eg re-exec via SIGHUP), disconnect from the controlling -

1929 * terminal, and fork. The original process exits. -

1930 */ -

1931 already_daemon = daemonized(); -

1932

if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) {

debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

inetd_flag	Description
TRUE	never evaluated
FALSE	never evaluated

no_daemon_flag	Description
TRUE	never evaluated
FALSE	never evaluated

already_daemon	Description
TRUE	never evaluated
FALSE	never evaluated

1933 -

1934

if (daemon(0, 0) < 0)

daemon(0, 0) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1935

fatal("daemon() failed: %.200s", strerror(errno));

never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) ));

1936 -

1937 disconnect_controlling_tty(); -

1938

}

never executed: end of block

1939 /* Reinitialize the log (because of the fork above). */ -

1940 log_init(__progname, options.log_level, options.log_facility, log_stderr); -

1941 -

1942 /* Chdir to the root directory so that the current disk can be -

1943 unmounted if desired. */ -

1944

if (chdir("/") == -1)

chdir("/") == -1	Description
TRUE	never evaluated
FALSE	never evaluated

1945

error("chdir(\"/\"): %s", strerror(errno));

never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));

1946 -

1947 /* ignore SIGPIPE */ -

1948 signal(SIGPIPE, SIG_IGN); -

1949 -

1950 /* Get a connection, either from inetd or a listening TCP socket */ -

1951

if (inetd_flag) {

inetd_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1952 server_accept_inetd(&sock_in, &sock_out); -

1953

} else {

never executed: end of block

1954 platform_pre_listen(); -

1955 server_listen(); -

1956 -

1957 signal(SIGHUP, sighup_handler); -

1958 signal(SIGCHLD, main_sigchld_handler); -

1959 signal(SIGTERM, sigterm_handler); -

1960 signal(SIGQUIT, sigterm_handler); -

1961 -

1962 /* -

1963 * Write out the pid file after the sigterm handler -

1964 * is setup and the listen sockets are bound -

1965 */ -

1966

if (options.pid_file != NULL && !debug_flag) {

options.pid_fi...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

!debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

1967 FILE *f = fopen(options.pid_file, "w"); -

1968 -

1969

if (f == NULL) {

f == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1970 error("Couldn't create pid file \"%s\": %s", -

1971 options.pid_file, strerror(errno)); -

1972

} else {

never executed: end of block

1973 fprintf(f, "%ld\n", (long) getpid()); -

1974 fclose(f); -

1975

}

never executed: end of block

1976 } -

1977 -

1978 /* Accept a connection and return in a forked child */ -

1979 server_accept_loop(&sock_in, &sock_out, -

1980 &newsock, config_s); -

1981

}

never executed: end of block

1982 -

1983 /* This is the child processing a new connection. */ -

1984 setproctitle("%s", "[accepted]"); -

1985 -

1986 /* -

1987 * Create a new session and process group since the 4.4BSD -

1988 * setlogin() affects the entire process group. We don't -

1989 * want the child to be able to affect the parent. -

1990 */ -

1991 #if !defined(SSHD_ACQUIRES_CTTY) -

1992 /* -

1993 * If setsid is called, on some platforms sshd will later acquire a -

1994 * controlling terminal which will result in "could not set -

1995 * controlling tty" errors. -

1996 */ -

1997

if (!debug_flag && !inetd_flag && setsid() < 0)

!debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

!inetd_flag	Description
TRUE	never evaluated
FALSE	never evaluated

setsid() < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1998

error("setsid: %.100s", strerror(errno));

never executed: error("setsid: %.100s", strerror( (*__errno_location ()) ));

1999 #endif -

2000 -

2001

if (rexec_flag) {

rexec_flag	Description
TRUE	never evaluated
FALSE	never evaluated

2002 int fd; -

2003 -

2004 debug("rexec start in %d out %d newsock %d pipe %d sock %d", -

2005 sock_in, sock_out, newsock, startup_pipe, config_s[0]); -

2006 dup2(newsock, STDIN_FILENO); -

2007 dup2(STDIN_FILENO, STDOUT_FILENO); -

2008

if (startup_pipe == -1)

startup_pipe == -1	Description
TRUE	never evaluated
FALSE	never evaluated

2009

close(REEXEC_STARTUP_PIPE_FD);

never executed: close(( 2 + 2));

2010

else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {

startup_pipe != ( 2 + 2)	Description
TRUE	never evaluated
FALSE	never evaluated

2011 dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); -

2012 close(startup_pipe); -

2013 startup_pipe = REEXEC_STARTUP_PIPE_FD; -

2014

}

never executed: end of block

2015 -

2016 dup2(config_s[1], REEXEC_CONFIG_PASS_FD); -

2017 close(config_s[1]); -

2018 -

2019 execv(rexec_argv[0], rexec_argv); -

2020 -

2021 /* Reexec has failed, fall back and continue */ -

2022 error("rexec of %s failed: %s", rexec_argv[0], strerror(errno)); -

2023 recv_rexec_state(REEXEC_CONFIG_PASS_FD, NULL); -

2024 log_init(__progname, options.log_level, -

2025 options.log_facility, log_stderr); -

2026 -

2027 /* Clean up fds */ -

2028 close(REEXEC_CONFIG_PASS_FD); -

2029 newsock = sock_out = sock_in = dup(STDIN_FILENO); -

2030

if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {

(fd = open( "/...02 , 0)) != -1	Description
TRUE	never evaluated
FALSE	never evaluated

2031 dup2(fd, STDIN_FILENO); -

2032 dup2(fd, STDOUT_FILENO); -

2033

if (fd > STDERR_FILENO)

fd > 2	Description
TRUE	never evaluated
FALSE	never evaluated

2034

close(fd);

never executed: close(fd);

2035

}

never executed: end of block

2036 debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d", -

2037 sock_in, sock_out, newsock, startup_pipe, config_s[0]); -

2038

}

never executed: end of block

2039 -

2040 /* Executed child processes don't need these. */ -

2041 fcntl(sock_out, F_SETFD, FD_CLOEXEC); -

2042 fcntl(sock_in, F_SETFD, FD_CLOEXEC); -

2043 -

2044 /* -

2045 * Disable the key regeneration alarm. We will not regenerate the -

2046 * key since we are no longer in a position to give it to anyone. We -

2047 * will not restart on SIGHUP since it no longer makes sense. -

2048 */ -

2049 alarm(0); -

2050 signal(SIGALRM, SIG_DFL); -

2051 signal(SIGHUP, SIG_DFL); -

2052 signal(SIGTERM, SIG_DFL); -

2053 signal(SIGQUIT, SIG_DFL); -

2054 signal(SIGCHLD, SIG_DFL); -

2055 signal(SIGINT, SIG_DFL); -

2056 -

2057 /* -

2058 * Register our connection. This turns encryption off because we do -

2059 * not have a key. -

2060 */ -

2061 packet_set_connection(sock_in, sock_out); -

2062 packet_set_server(); -

2063 ssh = active_state; /* XXX */ -

2064 -

2065 check_ip_options(ssh); -

2066 -

2067 /* Prepare the channels layer */ -

2068 channel_init_channels(ssh); -

2069 channel_set_af(ssh, options.address_family); -

2070 process_permitopen(ssh, &options); -

2071 -

2072 /* Set SO_KEEPALIVE if requested. */ -

2073

if (options.tcp_keep_alive && packet_connection_is_on_socket() &&

options.tcp_keep_alive	Description
TRUE	never evaluated
FALSE	never evaluated

ssh_packet_con...(active_state)	Description
TRUE	never evaluated
FALSE	never evaluated

2074

setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)

setsockopt(soc...izeof(on)) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2075

error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));

never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) ));

2076 -

2077

if ((remote_port = ssh_remote_port(ssh)) < 0) {

(remote_port =...port(ssh)) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2078 debug("ssh_remote_port failed"); -

2079 cleanup_exit(255); -

2080

}

never executed: end of block

2081 -

2082

if (options.routing_domain != NULL)

options.routin...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2083

set_process_rdomain(ssh, options.routing_domain);

never executed: set_process_rdomain(ssh, options.routing_domain);

2084 -

2085 /* -

2086 * The rest of the code depends on the fact that -

2087 * ssh_remote_ipaddr() caches the remote ip, even if -

2088 * the socket goes away. -

2089 */ -

2090 remote_ip = ssh_remote_ipaddr(ssh); -

2091 -

2092 #ifdef SSH_AUDIT_EVENTS -

2093 audit_connection_from(remote_ip, remote_port); -

2094 #endif -

2095 -

2096 rdomain = ssh_packet_rdomain_in(ssh); -

2097 -

2098 /* Log the connection. */ -

2099 laddr = get_local_ipaddr(sock_in); -

2100 verbose("Connection from %s port %d on %s port %d%s%s%s", -

2101 remote_ip, remote_port, laddr, ssh_local_port(ssh), -

2102 rdomain == NULL ? "" : " rdomain \"", -

2103 rdomain == NULL ? "" : rdomain, -

2104 rdomain == NULL ? "" : "\""); -

2105 free(laddr); -

2106 -

2107 /* -

2108 * We don't want to listen forever unless the other side -

2109 * successfully authenticates itself. So we set up an alarm which is -

2110 * cleared after successful authentication. A limit of zero -

2111 * indicates no limit. Note that we don't set the alarm in debugging -

2112 * mode; it is just annoying to have the server exit just when you -

2113 * are about to discover the bug. -

2114 */ -

2115 signal(SIGALRM, grace_alarm_handler); -

2116

if (!debug_flag)

!debug_flag	Description
TRUE	never evaluated
FALSE	never evaluated

2117

alarm(options.login_grace_time);

never executed: alarm(options.login_grace_time);

2118 -

2119 sshd_exchange_identification(ssh, sock_in, sock_out); -

2120 packet_set_nonblocking(); -

2121 -

2122 /* allocate authentication context */ -

2123 authctxt = xcalloc(1, sizeof(*authctxt)); -

2124 -

2125 authctxt->loginmsg = loginmsg; -

2126 -

2127 /* XXX global for cleanup, access from other modules */ -

2128 the_authctxt = authctxt; -

2129 -

2130 /* Set default key authentication options */ -

2131

if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL)

(auth_opts = s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2132

fatal("allocation failed");

never executed: fatal("allocation failed");

2133 -

2134 /* prepare buffer to collect messages to display to user after login */ -

2135

if ((loginmsg = sshbuf_new()) == NULL)

(loginmsg = ss...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2136

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

2137 auth_debug_reset(); -

2138 -

2139

if (use_privsep) {

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2140

if (privsep_preauth(authctxt) == 1)

privsep_preauth(authctxt) == 1	Description
TRUE	never evaluated
FALSE	never evaluated

2141

goto authenticated;

never executed: goto authenticated;

2142

} else if (have_agent) {

never executed: end of block

have_agent	Description
TRUE	never evaluated
FALSE	never evaluated

2143

if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {

(r = ssh_get_a...th_sock)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2144 error("Unable to get agent socket: %s", ssh_err(r)); -

2145 have_agent = 0; -

2146

}

never executed: end of block

2147

}

never executed: end of block

2148 -

2149 /* perform the key exchange */ -

2150 /* authenticate user and start session */ -

2151 do_ssh2_kex(); -

2152 do_authentication2(authctxt); -

2153 -

2154 /* -

2155 * If we use privilege separation, the unprivileged child transfers -

2156 * the current keystate and exits -

2157 */ -

2158

if (use_privsep) {

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2159 mm_send_keystate(pmonitor); -

2160 packet_clear_keys(); -

2161

exit(0);

never executed: exit(0);

2162 } -

2163 -

2164

authenticated:

code before this statement never executed: authenticated:

2165 /* -

2166 * Cancel the alarm we set to limit the time taken for -

2167 * authentication. -

2168 */ -

2169 alarm(0); -

2170 signal(SIGALRM, SIG_DFL); -

2171 authctxt->authenticated = 1; -

2172

if (startup_pipe != -1) {

startup_pipe != -1	Description
TRUE	never evaluated
FALSE	never evaluated

2173 close(startup_pipe); -

2174 startup_pipe = -1; -

2175

}

never executed: end of block

2176 -

2177 #ifdef SSH_AUDIT_EVENTS -

2178 audit_event(SSH_AUTH_SUCCESS); -

2179 #endif -

2180 -

2181 #ifdef GSSAPI -

2182 if (options.gss_authentication) { -

2183 temporarily_use_uid(authctxt->pw); -

2184 ssh_gssapi_storecreds(); -

2185 restore_uid(); -

2186 } -

2187 #endif -

2188 #ifdef USE_PAM -

2189 if (options.use_pam) { -

2190 do_pam_setcred(1); -

2191 do_pam_session(ssh); -

2192 } -

2193 #endif -

2194 -

2195 /* -

2196 * In privilege separation, we fork another child and prepare -

2197 * file descriptor passing. -

2198 */ -

2199

if (use_privsep) {

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2200 privsep_postauth(authctxt); -

2201 /* the monitor process [priv] will not return */ -

2202

}

never executed: end of block

2203 -

2204 packet_set_timeout(options.client_alive_interval, -

2205 options.client_alive_count_max); -

2206 -

2207 /* Try to send all our hostkeys to the client */ -

2208 notify_hostkeys(ssh); -

2209 -

2210 /* Start session. */ -

2211 do_authenticated(ssh, authctxt); -

2212 -

2213 /* The connection has been terminated. */ -

2214 packet_get_bytes(&ibytes, &obytes); -

2215 verbose("Transferred: sent %llu, received %llu bytes", -

2216 (unsigned long long)obytes, (unsigned long long)ibytes); -

2217 -

2218 verbose("Closing connection to %.500s port %d", remote_ip, remote_port); -

2219 -

2220 #ifdef USE_PAM -

2221 if (options.use_pam) -

2222 finish_pam(); -

2223 #endif /* USE_PAM */ -

2224 -

2225 #ifdef SSH_AUDIT_EVENTS -

2226 PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); -

2227 #endif -

2228 -

2229 packet_close(); -

2230 -

2231

if (use_privsep)

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2232

mm_terminate();

never executed: mm_terminate();

2233 -

2234

exit(0);

never executed: exit(0);

2235 } -

2236 -

2237 int -

2238 sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, -

2239 u_char **signature, size_t *slenp, const u_char *data, size_t dlen, -

2240 const char *alg, u_int flag) -

2241 { -

2242 int r; -

2243 -

2244

if (privkey) {

privkey	Description
TRUE	never evaluated
FALSE	never evaluated

2245

if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,

(use_privsep ?...afellows)) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2246

alg, datafellows)) < 0)

(use_privsep ?...afellows)) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2247

fatal("%s: key_sign failed", __func__);

never executed: fatal("%s: key_sign failed", __func__);

2248

} else if (use_privsep) {

never executed: end of block

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

2249

if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,

mm_sshkey_sign...tafellows) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2250

alg, datafellows) < 0)

mm_sshkey_sign...tafellows) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2251

fatal("%s: pubkey_sign failed", __func__);

never executed: fatal("%s: pubkey_sign failed", __func__);

2252

} else {

never executed: end of block

2253

if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,

(r = ssh_agent...fellows)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2254

data, dlen, alg, datafellows)) != 0)

(r = ssh_agent...fellows)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2255

fatal("%s: ssh_agent_sign failed: %s",

never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r));

2256

__func__, ssh_err(r));

never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r));

2257

}

never executed: end of block

2258

return 0;

never executed: return 0;

2259 } -

2260 -

2261 /* SSH2 key exchange */ -

2262 static void -

2263 do_ssh2_kex(void) -

2264 { -

2265 char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; -

2266 struct kex *kex; -

2267 int r; -

2268 -

2269 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -

2270 options.kex_algorithms); -

2271 myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( -

2272 options.ciphers); -

2273 myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( -

2274 options.ciphers); -

2275 myproposal[PROPOSAL_MAC_ALGS_CTOS] = -

2276 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; -

2277 -

2278

if (options.compression == COMP_NONE) {

options.compression == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2279 myproposal[PROPOSAL_COMP_ALGS_CTOS] = -

2280 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; -

2281

}

never executed: end of block

2282 -

2283

if (options.rekey_limit || options.rekey_interval)

options.rekey_limit	Description
TRUE	never evaluated
FALSE	never evaluated

options.rekey_interval	Description
TRUE	never evaluated
FALSE	never evaluated

2284

packet_set_rekey_limits(options.rekey_limit,

never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;

2285

options.rekey_interval);

never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;

2286 -

2287 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( -

2288 list_hostkey_types()); -

2289 -

2290 /* start key exchange */ -

2291

if ((r = kex_setup(active_state, myproposal)) != 0)

(r = kex_setup...roposal)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2292

fatal("kex_setup: %s", ssh_err(r));

never executed: fatal("kex_setup: %s", ssh_err(r));

2293 kex = active_state->kex; -

2294 #ifdef WITH_OPENSSL -

2295 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; -

2296 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; -

2297 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; -

2298 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; -

2299 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; -

2300 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; -

2301 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; -

2302 # ifdef OPENSSL_HAS_ECC -

2303 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; -

2304 # endif -

2305 #endif -

2306 kex->kex[KEX_C25519_SHA256] = kexc25519_server; -

2307 kex->server = 1; -

2308 kex->client_version_string=client_version_string; -

2309 kex->server_version_string=server_version_string; -

2310 kex->load_host_public_key=&get_hostkey_public_by_type; -

2311 kex->load_host_private_key=&get_hostkey_private_by_type; -

2312 kex->host_key_index=&get_hostkey_index; -

2313 kex->sign = sshd_hostkey_sign; -

2314 -

2315 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); -

2316 -

2317 session_id2 = kex->session_id; -

2318 session_id2_len = kex->session_id_len; -

2319 -

2320 #ifdef DEBUG_KEXDH -

2321 /* send 1st encrypted/maced/compressed message */ -

2322 packet_start(SSH2_MSG_IGNORE); -

2323 packet_put_cstring("markus"); -

2324 packet_send(); -

2325 packet_write_wait(); -

2326 #endif -

2327 debug("KEX done"); -

2328

}

never executed: end of block

2329 -

2330 /* server specific fatal cleanup */ -

2331 void -

2332 cleanup_exit(int i) -

2333 { -

2334 struct ssh *ssh = active_state; /* XXX */ -

2335 -

2336

if (the_authctxt) {

the_authctxt	Description
TRUE	never evaluated
FALSE	never evaluated

2337 do_cleanup(ssh, the_authctxt); -

2338

if (use_privsep && privsep_is_preauth &&

use_privsep	Description
TRUE	never evaluated
FALSE	never evaluated

privsep_is_preauth	Description
TRUE	never evaluated
FALSE	never evaluated

2339

pmonitor != NULL && pmonitor->m_pid > 1) {

pmonitor != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

pmonitor->m_pid > 1	Description
TRUE	never evaluated
FALSE	never evaluated

2340 debug("Killing privsep child %d", pmonitor->m_pid); -

2341

if (kill(pmonitor->m_pid, SIGKILL) != 0 &&

kill(pmonitor->m_pid, 9 ) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2342

errno != ESRCH)

(*__errno_location ()) != 3	Description
TRUE	never evaluated
FALSE	never evaluated

2343

error("%s: kill(%d): %s", __func__,

never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));

2344

pmonitor->m_pid, strerror(errno));

never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));

2345

}

never executed: end of block

2346

}

never executed: end of block

2347 #ifdef SSH_AUDIT_EVENTS -

2348 /* done after do_cleanup so it can cancel the PAM auth 'thread' */ -

2349 if (!use_privsep || mm_is_monitor()) -

2350 audit_event(SSH_CONNECTION_ABANDON); -

2351 #endif -

2352 _exit(i); -

2353

}

never executed: end of block

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2