OpenCoverage

sshconnect2.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/sshconnect2.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: sshconnect2.c,v 1.287 2018/09/14 05:26:27 djm Exp $ */-
2/*-
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.-
4 * Copyright (c) 2008 Damien Miller. All rights reserved.-
5 *-
6 * Redistribution and use in source and binary forms, with or without-
7 * modification, are permitted provided that the following conditions-
8 * are met:-
9 * 1. Redistributions of source code must retain the above copyright-
10 * notice, this list of conditions and the following disclaimer.-
11 * 2. Redistributions in binary form must reproduce the above copyright-
12 * notice, this list of conditions and the following disclaimer in the-
13 * documentation and/or other materials provided with the distribution.-
14 *-
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
25 */-
26-
27#include "includes.h"-
28-
29#include <sys/types.h>-
30#include <sys/socket.h>-
31#include <sys/wait.h>-
32#include <sys/stat.h>-
33-
34#include <errno.h>-
35#include <fcntl.h>-
36#include <netdb.h>-
37#include <pwd.h>-
38#include <signal.h>-
39#include <stdarg.h>-
40#include <stdio.h>-
41#include <string.h>-
42#include <unistd.h>-
43#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)-
44#include <vis.h>-
45#endif-
46-
47#include "openbsd-compat/sys-queue.h"-
48-
49#include "xmalloc.h"-
50#include "ssh.h"-
51#include "ssh2.h"-
52#include "sshbuf.h"-
53#include "packet.h"-
54#include "compat.h"-
55#include "cipher.h"-
56#include "sshkey.h"-
57#include "kex.h"-
58#include "myproposal.h"-
59#include "sshconnect.h"-
60#include "authfile.h"-
61#include "dh.h"-
62#include "authfd.h"-
63#include "log.h"-
64#include "misc.h"-
65#include "readconf.h"-
66#include "match.h"-
67#include "dispatch.h"-
68#include "canohost.h"-
69#include "msg.h"-
70#include "pathnames.h"-
71#include "uidswap.h"-
72#include "hostfile.h"-
73#include "ssherr.h"-
74#include "utf8.h"-
75-
76#ifdef GSSAPI-
77#include "ssh-gss.h"-
78#endif-
79-
80/* import */-
81extern char *client_version_string;-
82extern char *server_version_string;-
83extern Options options;-
84-
85/*-
86 * SSH2 key exchange-
87 */-
88-
89u_char *session_id2 = NULL;-
90u_int session_id2_len = 0;-
91-
92char *xxx_host;-
93struct sockaddr *xxx_hostaddr;-
94-
95static int-
96verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)-
97{-
98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
verify_host_ke...hostkey) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
99 fatal("Host key verification failed.");
never executed: fatal("Host key verification failed.");
0
100 return 0;
never executed: return 0;
0
101}-
102-
103static char *-
104order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)-
105{-
106 char *oavail, *avail, *first, *last, *alg, *hostname, *ret;-
107 size_t maxlen;-
108 struct hostkeys *hostkeys;-
109 int ktype;-
110 u_int i;-
111-
112 /* Find all hostkeys for this hostname */-
113 get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);-
114 hostkeys = init_hostkeys();-
115 for (i = 0; i < options.num_user_hostfiles; i++)
i < options.num_user_hostfilesDescription
TRUEnever evaluated
FALSEnever evaluated
0
116 load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
never executed: load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
0
117 for (i = 0; i < options.num_system_hostfiles; i++)
i < options.nu...stem_hostfilesDescription
TRUEnever evaluated
FALSEnever evaluated
0
118 load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
never executed: load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
0
119-
120 oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);-
121 maxlen = strlen(avail) + 1;-
122 first = xmalloc(maxlen);-
123 last = xmalloc(maxlen);-
124 *first = *last = '\0';-
125-
126#define ALG_APPEND(to, from) \-
127 do { \-
128 if (*to != '\0') \-
129 strlcat(to, ",", maxlen); \-
130 strlcat(to, from, maxlen); \-
131 } while (0)-
132-
133 while ((alg = strsep(&avail, ",")) && *alg != '\0') {
(alg = __exten..., "," )); }) )Description
TRUEnever evaluated
FALSEnever evaluated
*alg != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
134 if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
(ktype = sshke... == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
0
135 fatal("%s: unknown alg %s", __func__, alg);
never executed: fatal("%s: unknown alg %s", __func__, alg);
0
136 if (lookup_key_in_hostkeys_by_type(hostkeys,
lookup_key_in_... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
137 sshkey_type_plain(ktype), NULL))
lookup_key_in_... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
138 ALG_APPEND(first, alg);
never executed: strlcat(first, ",", maxlen);
never executed: end of block
*first != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
139 else-
140 ALG_APPEND(last, alg);
never executed: strlcat(last, ",", maxlen);
never executed: end of block
*last != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
141 }-
142#undef ALG_APPEND-
143 xasprintf(&ret, "%s%s%s", first,-
144 (*first == '\0' || *last == '\0') ? "" : ",", last);-
145 if (*first != '\0')
*first != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
146 debug3("%s: prefer hostkeyalgs: %s", __func__, first);
never executed: debug3("%s: prefer hostkeyalgs: %s", __func__, first);
0
147-
148 free(first);-
149 free(last);-
150 free(hostname);-
151 free(oavail);-
152 free_hostkeys(hostkeys);-
153-
154 return ret;
never executed: return ret;
0
155}-
156-
157void-
158ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)-
159{-
160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };-
161 char *s, *all_key;-
162 struct kex *kex;-
163 int r;-
164-
165 xxx_host = host;-
166 xxx_hostaddr = hostaddr;-
167-
168 if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
(s = kex_names...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
169 fatal("%s: kex_names_cat", __func__);
never executed: fatal("%s: kex_names_cat", __func__);
0
170 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);-
171 myproposal[PROPOSAL_ENC_ALGS_CTOS] =-
172 compat_cipher_proposal(options.ciphers);-
173 myproposal[PROPOSAL_ENC_ALGS_STOC] =-
174 compat_cipher_proposal(options.ciphers);-
175 myproposal[PROPOSAL_COMP_ALGS_CTOS] =-
176 myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
options.compressionDescription
TRUEnever evaluated
FALSEnever evaluated
0
177 "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";-
178 myproposal[PROPOSAL_MAC_ALGS_CTOS] =-
179 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;-
180 if (options.hostkeyalgorithms != NULL) {
options.hostke...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
181 all_key = sshkey_alg_list(0, 0, 1, ',');-
182 if (kex_assemble_names(&options.hostkeyalgorithms,
kex_assemble_n... all_key) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
183 KEX_DEFAULT_PK_ALG, all_key) != 0)
kex_assemble_n... all_key) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
184 fatal("%s: kex_assemble_namelist", __func__);
never executed: fatal("%s: kex_assemble_namelist", __func__);
0
185 free(all_key);-
186 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =-
187 compat_pkalg_proposal(options.hostkeyalgorithms);-
188 } else {
never executed: end of block
0
189 /* Enforce default */-
190 options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);-
191 /* Prefer algorithms that we already have keys for */-
192 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =-
193 compat_pkalg_proposal(-
194 order_hostkeyalgs(host, hostaddr, port));-
195 }
never executed: end of block
0
196-
197 if (options.rekey_limit || options.rekey_interval)
options.rekey_limitDescription
TRUEnever evaluated
FALSEnever evaluated
options.rekey_intervalDescription
TRUEnever evaluated
FALSEnever evaluated
0
198 packet_set_rekey_limits(options.rekey_limit,
never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;
0
199 options.rekey_interval);
never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;
0
200-
201 /* start key exchange */-
202 if ((r = kex_setup(active_state, myproposal)) != 0)
(r = kex_setup...roposal)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
203 fatal("kex_setup: %s", ssh_err(r));
never executed: fatal("kex_setup: %s", ssh_err(r));
0
204 kex = active_state->kex;-
205#ifdef WITH_OPENSSL-
206 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;-
207 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;-
208 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;-
209 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;-
210 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;-
211 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;-
212 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;-
213# ifdef OPENSSL_HAS_ECC-
214 kex->kex[KEX_ECDH_SHA2] = kexecdh_client;-
215# endif-
216#endif-
217 kex->kex[KEX_C25519_SHA256] = kexc25519_client;-
218 kex->client_version_string=client_version_string;-
219 kex->server_version_string=server_version_string;-
220 kex->verify_host_key=&verify_host_key_callback;-
221-
222 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);-
223-
224 /* remove ext-info from the KEX proposals for rekeying */-
225 myproposal[PROPOSAL_KEX_ALGS] =-
226 compat_kex_proposal(options.kex_algorithms);-
227 if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
(r = kex_prop2...roposal)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
228 fatal("kex_prop2buf: %s", ssh_err(r));
never executed: fatal("kex_prop2buf: %s", ssh_err(r));
0
229-
230 session_id2 = kex->session_id;-
231 session_id2_len = kex->session_id_len;-
232-
233#ifdef DEBUG_KEXDH-
234 /* send 1st encrypted/maced/compressed message */-
235 if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||-
236 (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||-
237 (r = sshpkt_send(ssh)) != 0 ||-
238 (r = ssh_packet_write_wait(ssh)) != 0)-
239 fatal("%s: %s", __func__, ssh_err(r));-
240#endif-
241}
never executed: end of block
0
242-
243/*-
244 * Authenticate user-
245 */-
246-
247typedef struct cauthctxt Authctxt;-
248typedef struct cauthmethod Authmethod;-
249typedef struct identity Identity;-
250typedef struct idlist Idlist;-
251-
252struct identity {-
253 TAILQ_ENTRY(identity) next;-
254 int agent_fd; /* >=0 if agent supports key */-
255 struct sshkey *key; /* public/private key */-
256 char *filename; /* comment for agent-only keys */-
257 int tried;-
258 int isprivate; /* key points to the private key */-
259 int userprovided;-
260};-
261TAILQ_HEAD(idlist, identity);-
262-
263struct cauthctxt {-
264 const char *server_user;-
265 const char *local_user;-
266 const char *host;-
267 const char *service;-
268 struct cauthmethod *method;-
269 sig_atomic_t success;-
270 char *authlist;-
271 int attempt;-
272 /* pubkey */-
273 struct idlist keys;-
274 int agent_fd;-
275 /* hostbased */-
276 Sensitive *sensitive;-
277 char *oktypes, *ktypes;-
278 const char *active_ktype;-
279 /* kbd-interactive */-
280 int info_req_seen;-
281 /* generic */-
282 void *methoddata;-
283};-
284-
285struct cauthmethod {-
286 char *name; /* string to compare against server's list */-
287 int (*userauth)(Authctxt *authctxt);-
288 void (*cleanup)(Authctxt *authctxt);-
289 int *enabled; /* flag in option struct that enables method */-
290 int *batch_flag; /* flag in option struct that disables method */-
291};-
292-
293int input_userauth_service_accept(int, u_int32_t, struct ssh *);-
294int input_userauth_ext_info(int, u_int32_t, struct ssh *);-
295int input_userauth_success(int, u_int32_t, struct ssh *);-
296int input_userauth_success_unexpected(int, u_int32_t, struct ssh *);-
297int input_userauth_failure(int, u_int32_t, struct ssh *);-
298int input_userauth_banner(int, u_int32_t, struct ssh *);-
299int input_userauth_error(int, u_int32_t, struct ssh *);-
300int input_userauth_info_req(int, u_int32_t, struct ssh *);-
301int input_userauth_pk_ok(int, u_int32_t, struct ssh *);-
302int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);-
303-
304int userauth_none(Authctxt *);-
305int userauth_pubkey(Authctxt *);-
306int userauth_passwd(Authctxt *);-
307int userauth_kbdint(Authctxt *);-
308int userauth_hostbased(Authctxt *);-
309-
310#ifdef GSSAPI-
311int userauth_gssapi(Authctxt *authctxt);-
312int input_gssapi_response(int type, u_int32_t, struct ssh *);-
313int input_gssapi_token(int type, u_int32_t, struct ssh *);-
314int input_gssapi_hash(int type, u_int32_t, struct ssh *);-
315int input_gssapi_error(int, u_int32_t, struct ssh *);-
316int input_gssapi_errtok(int, u_int32_t, struct ssh *);-
317#endif-
318-
319void userauth(Authctxt *, char *);-
320-
321static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *);-
322static void pubkey_prepare(Authctxt *);-
323static void pubkey_cleanup(Authctxt *);-
324static void pubkey_reset(Authctxt *);-
325static struct sshkey *load_identity_file(Identity *);-
326-
327static Authmethod *authmethod_get(char *authlist);-
328static Authmethod *authmethod_lookup(const char *name);-
329static char *authmethods_get(void);-
330-
331Authmethod authmethods[] = {-
332#ifdef GSSAPI-
333 {"gssapi-with-mic",-
334 userauth_gssapi,-
335 NULL,-
336 &options.gss_authentication,-
337 NULL},-
338#endif-
339 {"hostbased",-
340 userauth_hostbased,-
341 NULL,-
342 &options.hostbased_authentication,-
343 NULL},-
344 {"publickey",-
345 userauth_pubkey,-
346 NULL,-
347 &options.pubkey_authentication,-
348 NULL},-
349 {"keyboard-interactive",-
350 userauth_kbdint,-
351 NULL,-
352 &options.kbd_interactive_authentication,-
353 &options.batch_mode},-
354 {"password",-
355 userauth_passwd,-
356 NULL,-
357 &options.password_authentication,-
358 &options.batch_mode},-
359 {"none",-
360 userauth_none,-
361 NULL,-
362 NULL,-
363 NULL},-
364 {NULL, NULL, NULL, NULL, NULL}-
365};-
366-
367void-
368ssh_userauth2(const char *local_user, const char *server_user, char *host,-
369 Sensitive *sensitive)-
370{-
371 struct ssh *ssh = active_state;-
372 Authctxt authctxt;-
373 int r;-
374-
375 if (options.challenge_response_authentication)
options.challe...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
376 options.kbd_interactive_authentication = 1;
never executed: options.kbd_interactive_authentication = 1;
0
377 if (options.preferred_authentications == NULL)
options.prefer...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
378 options.preferred_authentications = authmethods_get();
never executed: options.preferred_authentications = authmethods_get();
0
379-
380 /* setup authentication context */-
381 memset(&authctxt, 0, sizeof(authctxt));-
382 pubkey_prepare(&authctxt);-
383 authctxt.server_user = server_user;-
384 authctxt.local_user = local_user;-
385 authctxt.host = host;-
386 authctxt.service = "ssh-connection"; /* service name */-
387 authctxt.success = 0;-
388 authctxt.method = authmethod_lookup("none");-
389 authctxt.authlist = NULL;-
390 authctxt.methoddata = NULL;-
391 authctxt.sensitive = sensitive;-
392 authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;-
393 authctxt.info_req_seen = 0;-
394 authctxt.agent_fd = -1;-
395 if (authctxt.method == NULL)
authctxt.method == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
396 fatal("ssh_userauth2: internal error: cannot send userauth none request");
never executed: fatal("ssh_userauth2: internal error: cannot send userauth none request");
0
397-
398 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
(r = sshpkt_st...(ssh, 5)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
399 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
(r = sshpkt_pu...erauth")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
400 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
401 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
402-
403 ssh->authctxt = &authctxt;-
404 ssh_dispatch_init(ssh, &input_userauth_error);-
405 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);-
406 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);-
407 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */-
408 ssh->authctxt = NULL;-
409-
410 pubkey_cleanup(&authctxt);-
411 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);-
412-
413 if (!authctxt.success)
!authctxt.successDescription
TRUEnever evaluated
FALSEnever evaluated
0
414 fatal("Authentication failed.");
never executed: fatal("Authentication failed.");
0
415 debug("Authentication succeeded (%s).", authctxt.method->name);-
416}
never executed: end of block
0
417-
418/* ARGSUSED */-
419int-
420input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)-
421{-
422 Authctxt *authctxt = ssh->authctxt;-
423 int r;-
424-
425 if (ssh_packet_remaining(ssh) > 0) {
ssh_packet_remaining(ssh) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
426 char *reply;-
427-
428 if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
429 goto out;
never executed: goto out;
0
430 debug2("service_accept: %s", reply);-
431 free(reply);-
432 } else {
never executed: end of block
0
433 debug2("buggy server: service_accept w/o service");-
434 }
never executed: end of block
0
435 if ((r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
436 goto out;
never executed: goto out;
0
437 debug("SSH2_MSG_SERVICE_ACCEPT received");-
438-
439 /* initial userauth request */-
440 userauth_none(authctxt);-
441-
442 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);-
443 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);-
444 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);-
445 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);-
446 r = 0;-
447 out:
code before this statement never executed: out:
0
448 return r;
never executed: return r;
0
449}-
450-
451/* ARGSUSED */-
452int-
453input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)-
454{-
455 return kex_input_ext_info(type, seqnr, ssh);
never executed: return kex_input_ext_info(type, seqnr, ssh);
0
456}-
457-
458void-
459userauth(Authctxt *authctxt, char *authlist)-
460{-
461 struct ssh *ssh = active_state; /* XXX */-
462-
463 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->meth...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
authctxt->meth...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
464 authctxt->method->cleanup(authctxt);
never executed: authctxt->method->cleanup(authctxt);
0
465-
466 free(authctxt->methoddata);-
467 authctxt->methoddata = NULL;-
468 if (authlist == NULL) {
authlist == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
469 authlist = authctxt->authlist;-
470 } else {
never executed: end of block
0
471 free(authctxt->authlist);-
472 authctxt->authlist = authlist;-
473 }
never executed: end of block
0
474 for (;;) {-
475 Authmethod *method = authmethod_get(authlist);-
476 if (method == NULL)
method == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
477 fatal("%s@%s: Permission denied (%s).",
never executed: fatal("%s@%s: Permission denied (%s).", authctxt->server_user, authctxt->host, authlist);
0
478 authctxt->server_user, authctxt->host, authlist);
never executed: fatal("%s@%s: Permission denied (%s).", authctxt->server_user, authctxt->host, authlist);
0
479 authctxt->method = method;-
480-
481 /* reset the per method handler */-
482 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_PER_METHOD_MIN,-
483 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);-
484-
485 /* and try new method */-
486 if (method->userauth(authctxt) != 0) {
method->userau...authctxt) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
487 debug2("we sent a %s packet, wait for reply", method->name);-
488 break;
never executed: break;
0
489 } else {-
490 debug2("we did not send a packet, disable method");-
491 method->enabled = NULL;-
492 }
never executed: end of block
0
493 }-
494}
never executed: end of block
0
495-
496/* ARGSUSED */-
497int-
498input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)-
499{-
500 fatal("input_userauth_error: bad message during authentication: "-
501 "type %d", type);-
502 return 0;
never executed: return 0;
0
503}-
504-
505/* ARGSUSED */-
506int-
507input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)-
508{-
509 char *msg, *lang;-
510 u_int len;-
511-
512 debug3("%s", __func__);-
513 msg = packet_get_string(&len);-
514 lang = packet_get_string(NULL);-
515 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
len > 0Description
TRUEnever evaluated
FALSEnever evaluated
options.log_le...LOG_LEVEL_INFODescription
TRUEnever evaluated
FALSEnever evaluated
0
516 fmprintf(stderr, "%s", msg);
never executed: fmprintf( stderr , "%s", msg);
0
517 free(msg);-
518 free(lang);-
519 return 0;
never executed: return 0;
0
520}-
521-
522/* ARGSUSED */-
523int-
524input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)-
525{-
526 Authctxt *authctxt = ssh->authctxt;-
527-
528 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
529 fatal("input_userauth_success: no authentication context");
never executed: fatal("input_userauth_success: no authentication context");
0
530 free(authctxt->authlist);-
531 authctxt->authlist = NULL;-
532 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->meth...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
authctxt->meth...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
533 authctxt->method->cleanup(authctxt);
never executed: authctxt->method->cleanup(authctxt);
0
534 free(authctxt->methoddata);-
535 authctxt->methoddata = NULL;-
536 authctxt->success = 1; /* break out */-
537 return 0;
never executed: return 0;
0
538}-
539-
540int-
541input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)-
542{-
543 Authctxt *authctxt = ssh->authctxt;-
544-
545 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
546 fatal("%s: no authentication context", __func__);
never executed: fatal("%s: no authentication context", __func__);
0
547-
548 fatal("Unexpected authentication success during %s.",-
549 authctxt->method->name);-
550 return 0;
never executed: return 0;
0
551}-
552-
553/* ARGSUSED */-
554int-
555input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)-
556{-
557 Authctxt *authctxt = ssh->authctxt;-
558 char *authlist = NULL;-
559 u_char partial;-
560 int r;-
561-
562 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
563 fatal("input_userauth_failure: no authentication context");
never executed: fatal("input_userauth_failure: no authentication context");
0
564-
565 if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
566 (r = sshpkt_get_u8(ssh, &partial)) != 0 ||
(r = sshpkt_ge...partial)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
567 (r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
568 goto out;
never executed: goto out;
0
569-
570 if (partial != 0) {
partial != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
571 verbose("Authenticated with partial success.");-
572 /* reset state */-
573 pubkey_reset(authctxt);-
574 }
never executed: end of block
0
575 debug("Authentications that can continue: %s", authlist);-
576-
577 userauth(authctxt, authlist);-
578 authlist = NULL;-
579 out:
code before this statement never executed: out:
0
580 free(authlist);-
581 return 0;
never executed: return 0;
0
582}-
583-
584/*-
585 * Format an identity for logging including filename, key type, fingerprint-
586 * and location (agent, etc.). Caller must free.-
587 */-
588static char *-
589format_identity(Identity *id)-
590{-
591 char *fp = NULL, *ret = NULL;-
592-
593 if (id->key != NULL) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
594 fp = sshkey_fingerprint(id->key, options.fingerprint_hash,-
595 SSH_FP_DEFAULT);-
596 }
never executed: end of block
0
597 xasprintf(&ret, "%s %s%s%s%s%s%s",-
598 id->filename,-
599 id->key ? sshkey_type(id->key) : "", id->key ? " " : "",-
600 fp ? fp : "",-
601 id->userprovided ? " explicit" : "",-
602 (id->key && (id->key->flags & SSHKEY_FLAG_EXT)) ? " token" : "",-
603 id->agent_fd != -1 ? " agent" : "");-
604 free(fp);-
605 return ret;
never executed: return ret;
0
606}-
607-
608/* ARGSUSED */-
609int-
610input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)-
611{-
612 Authctxt *authctxt = ssh->authctxt;-
613 struct sshkey *key = NULL;-
614 Identity *id = NULL;-
615 int pktype, found = 0, sent = 0;-
616 size_t blen;-
617 char *pkalg = NULL, *fp = NULL, *ident = NULL;-
618 u_char *pkblob = NULL;-
619 int r;-
620-
621 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
622 fatal("input_userauth_pk_ok: no authentication context");
never executed: fatal("input_userauth_pk_ok: no authentication context");
0
623-
624 if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
625 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
(r = sshpkt_ge..., &blen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
626 (r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
627 goto done;
never executed: goto done;
0
628-
629 if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
(pktype = sshk... == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
0
630 debug("%s: server sent unknown pkalg %s", __func__, pkalg);-
631 goto done;
never executed: goto done;
0
632 }-
633 if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
(r = sshkey_fr...n, &key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
634 debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r));-
635 goto done;
never executed: goto done;
0
636 }-
637 if (key->type != pktype) {
key->type != pktypeDescription
TRUEnever evaluated
FALSEnever evaluated
0
638 error("input_userauth_pk_ok: type mismatch "-
639 "for decoded key (received %d, expected %d)",-
640 key->type, pktype);-
641 goto done;
never executed: goto done;
0
642 }-
643-
644 /*-
645 * search keys in the reverse order, because last candidate has been-
646 * moved to the end of the queue. this also avoids confusion by-
647 * duplicate keys-
648 */-
649 TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
650 if (sshkey_equal(key, id->key)) {
sshkey_equal(key, id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
651 found = 1;-
652 break;
never executed: break;
0
653 }-
654 }
never executed: end of block
0
655 if (!found || id == NULL) {
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
656 fp = sshkey_fingerprint(key, options.fingerprint_hash,-
657 SSH_FP_DEFAULT);-
658 error("%s: server replied with unknown key: %s %s", __func__,-
659 sshkey_type(key), fp == NULL ? "<ERROR>" : fp);-
660 goto done;
never executed: goto done;
0
661 }-
662 ident = format_identity(id);-
663 debug("Server accepts key: %s", ident);-
664 sent = sign_and_send_pubkey(ssh, authctxt, id);-
665 r = 0;-
666 done:
code before this statement never executed: done:
0
667 sshkey_free(key);-
668 free(ident);-
669 free(fp);-
670 free(pkalg);-
671 free(pkblob);-
672-
673 /* try another method if we did not send a packet */-
674 if (r == 0 && sent == 0)
r == 0Description
TRUEnever evaluated
FALSEnever evaluated
sent == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
675 userauth(authctxt, NULL);
never executed: userauth(authctxt, ((void *)0) );
0
676 return r;
never executed: return r;
0
677}-
678-
679#ifdef GSSAPI-
680int-
681userauth_gssapi(Authctxt *authctxt)-
682{-
683 struct ssh *ssh = active_state; /* XXX */-
684 Gssctxt *gssctxt = NULL;-
685 static gss_OID_set gss_supported = NULL;-
686 static u_int mech = 0;-
687 OM_uint32 min;-
688 int r, ok = 0;-
689-
690 /* Try one GSSAPI method at a time, rather than sending them all at-
691 * once. */-
692-
693 if (gss_supported == NULL)-
694 gss_indicate_mechs(&min, &gss_supported);-
695-
696 /* Check to see if the mechanism is usable before we offer it */-
697 while (mech < gss_supported->count && !ok) {-
698 /* My DER encoding requires length<128 */-
699 if (gss_supported->elements[mech].length < 128 &&-
700 ssh_gssapi_check_mechanism(&gssctxt,-
701 &gss_supported->elements[mech], authctxt->host)) {-
702 ok = 1; /* Mechanism works */-
703 } else {-
704 mech++;-
705 }-
706 }-
707-
708 if (!ok)-
709 return 0;-
710-
711 authctxt->methoddata=(void *)gssctxt;-
712-
713 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||-
714 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||-
715 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||-
716 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||-
717 (r = sshpkt_put_u32(ssh, 1)) != 0 ||-
718 (r = sshpkt_put_u32(ssh,-
719 (gss_supported->elements[mech].length) + 2)) != 0 ||-
720 (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||-
721 (r = sshpkt_put_u8(ssh,-
722 gss_supported->elements[mech].length)) != 0 ||-
723 (r = sshpkt_put(ssh,-
724 gss_supported->elements[mech].elements,-
725 gss_supported->elements[mech].length)) != 0 ||-
726 (r = sshpkt_send(ssh)) != 0)-
727 fatal("%s: %s", __func__, ssh_err(r));-
728-
729 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);-
730 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);-
731 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);-
732 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);-
733-
734 mech++; /* Move along to next candidate */-
735-
736 return 1;-
737}-
738-
739static OM_uint32-
740process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)-
741{-
742 Authctxt *authctxt = ssh->authctxt;-
743 Gssctxt *gssctxt = authctxt->methoddata;-
744 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;-
745 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;-
746 gss_buffer_desc gssbuf;-
747 OM_uint32 status, ms, flags;-
748 int r;-
749-
750 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,-
751 recv_tok, &send_tok, &flags);-
752-
753 if (send_tok.length > 0) {-
754 u_char type = GSS_ERROR(status) ?-
755 SSH2_MSG_USERAUTH_GSSAPI_ERRTOK :-
756 SSH2_MSG_USERAUTH_GSSAPI_TOKEN;-
757-
758 if ((r = sshpkt_start(ssh, type)) != 0 ||-
759 (r = sshpkt_put_string(ssh, send_tok.value,-
760 send_tok.length)) != 0 ||-
761 (r = sshpkt_send(ssh)) != 0)-
762 fatal("%s: %s", __func__, ssh_err(r));-
763-
764 gss_release_buffer(&ms, &send_tok);-
765 }-
766-
767 if (status == GSS_S_COMPLETE) {-
768 /* send either complete or MIC, depending on mechanism */-
769 if (!(flags & GSS_C_INTEG_FLAG)) {-
770 if ((r = sshpkt_start(ssh,-
771 SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 ||-
772 (r = sshpkt_send(ssh)) != 0)-
773 fatal("%s: %s", __func__, ssh_err(r));-
774 } else {-
775 struct sshbuf *b;-
776-
777 if ((b = sshbuf_new()) == NULL)-
778 fatal("%s: sshbuf_new failed", __func__);-
779 ssh_gssapi_buildmic(b, authctxt->server_user,-
780 authctxt->service, "gssapi-with-mic");-
781-
782 if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)-
783 fatal("%s: sshbuf_mutable_ptr failed", __func__);-
784 gssbuf.length = sshbuf_len(b);-
785-
786 status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);-
787-
788 if (!GSS_ERROR(status)) {-
789 if ((r = sshpkt_start(ssh,-
790 SSH2_MSG_USERAUTH_GSSAPI_MIC)) != 0 ||-
791 (r = sshpkt_put_string(ssh, mic.value,-
792 mic.length)) != 0 ||-
793 (r = sshpkt_send(ssh)) != 0)-
794 fatal("%s: %s", __func__, ssh_err(r));-
795 }-
796-
797 sshbuf_free(b);-
798 gss_release_buffer(&ms, &mic);-
799 }-
800 }-
801-
802 return status;-
803}-
804-
805/* ARGSUSED */-
806int-
807input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)-
808{-
809 Authctxt *authctxt = ssh->authctxt;-
810 Gssctxt *gssctxt;-
811 size_t oidlen;-
812 u_char *oidv = NULL;-
813 int r;-
814-
815 if (authctxt == NULL)-
816 fatal("input_gssapi_response: no authentication context");-
817 gssctxt = authctxt->methoddata;-
818-
819 /* Setup our OID */-
820 if ((r = sshpkt_get_string(ssh, &oidv, &oidlen)) != 0)-
821 goto done;-
822-
823 if (oidlen <= 2 ||-
824 oidv[0] != SSH_GSS_OIDTYPE ||-
825 oidv[1] != oidlen - 2) {-
826 debug("Badly encoded mechanism OID received");-
827 userauth(authctxt, NULL);-
828 goto ok;-
829 }-
830-
831 if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))-
832 fatal("Server returned different OID than expected");-
833-
834 if ((r = sshpkt_get_end(ssh)) != 0)-
835 goto done;-
836-
837 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {-
838 /* Start again with next method on list */-
839 debug("Trying to start again");-
840 userauth(authctxt, NULL);-
841 goto ok;-
842 }-
843 ok:-
844 r = 0;-
845 done:-
846 free(oidv);-
847 return r;-
848}-
849-
850/* ARGSUSED */-
851int-
852input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)-
853{-
854 Authctxt *authctxt = ssh->authctxt;-
855 gss_buffer_desc recv_tok;-
856 u_char *p = NULL;-
857 size_t len;-
858 OM_uint32 status;-
859 int r;-
860-
861 if (authctxt == NULL)-
862 fatal("input_gssapi_response: no authentication context");-
863-
864 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||-
865 (r = sshpkt_get_end(ssh)) != 0)-
866 goto out;-
867-
868 recv_tok.value = p;-
869 recv_tok.length = len;-
870 status = process_gssapi_token(ssh, &recv_tok);-
871-
872 /* Start again with the next method in the list */-
873 if (GSS_ERROR(status)) {-
874 userauth(authctxt, NULL);-
875 /* ok */-
876 }-
877 r = 0;-
878 out:-
879 free(p);-
880 return r;-
881}-
882-
883/* ARGSUSED */-
884int-
885input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)-
886{-
887 Authctxt *authctxt = ssh->authctxt;-
888 Gssctxt *gssctxt;-
889 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;-
890 gss_buffer_desc recv_tok;-
891 OM_uint32 ms;-
892 u_char *p = NULL;-
893 size_t len;-
894 int r;-
895-
896 if (authctxt == NULL)-
897 fatal("input_gssapi_response: no authentication context");-
898 gssctxt = authctxt->methoddata;-
899-
900 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||-
901 (r = sshpkt_get_end(ssh)) != 0) {-
902 free(p);-
903 return r;-
904 }-
905-
906 /* Stick it into GSSAPI and see what it says */-
907 recv_tok.value = p;-
908 recv_tok.length = len;-
909 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,-
910 &recv_tok, &send_tok, NULL);-
911 free(p);-
912 gss_release_buffer(&ms, &send_tok);-
913-
914 /* Server will be returning a failed packet after this one */-
915 return 0;-
916}-
917-
918/* ARGSUSED */-
919int-
920input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)-
921{-
922 char *msg = NULL;-
923 char *lang = NULL;-
924 int r;-
925-
926 if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* maj */-
927 (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* min */-
928 (r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||-
929 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)-
930 goto out;-
931 r = sshpkt_get_end(ssh);-
932 debug("Server GSSAPI Error:\n%s", msg);-
933 out:-
934 free(msg);-
935 free(lang);-
936 return r;-
937}-
938#endif /* GSSAPI */-
939-
940int-
941userauth_none(Authctxt *authctxt)-
942{-
943 struct ssh *ssh = active_state; /* XXX */-
944 int r;-
945-
946 /* initial userauth request */-
947 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
948 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
949 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
950 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
951 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
952 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
953 return 1;
never executed: return 1;
0
954}-
955-
956int-
957userauth_passwd(Authctxt *authctxt)-
958{-
959 struct ssh *ssh = active_state; /* XXX */-
960 static int attempt = 0;-
961 char prompt[256];-
962 char *password;-
963 const char *host = options.host_key_alias ? options.host_key_alias :
options.host_key_aliasDescription
TRUEnever evaluated
FALSEnever evaluated
0
964 authctxt->host;-
965 int r;-
966-
967 if (attempt++ >= options.number_of_password_prompts)
attempt++ >= o...ssword_promptsDescription
TRUEnever evaluated
FALSEnever evaluated
0
968 return 0;
never executed: return 0;
0
969-
970 if (attempt != 1)
attempt != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
971 error("Permission denied, please try again.");
never executed: error("Permission denied, please try again.");
0
972-
973 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",-
974 authctxt->server_user, host);-
975 password = read_passphrase(prompt, 0);-
976 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
977 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
978 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
979 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
980 (r = sshpkt_put_u8(ssh, 0)) != 0 ||
(r = sshpkt_pu...(ssh, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
981 (r = sshpkt_put_cstring(ssh, password)) != 0 ||
(r = sshpkt_pu...assword)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
982 (r = sshpkt_add_padding(ssh, 64)) != 0 ||
(r = sshpkt_ad...ssh, 64)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
983 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
984 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
985-
986 if (password)
passwordDescription
TRUEnever evaluated
FALSEnever evaluated
0
987 freezero(password, strlen(password));
never executed: freezero(password, strlen(password));
0
988-
989 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,-
990 &input_userauth_passwd_changereq);-
991-
992 return 1;
never executed: return 1;
0
993}-
994-
995/*-
996 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST-
997 */-
998/* ARGSUSED */-
999int-
1000input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)-
1001{-
1002 Authctxt *authctxt = ssh->authctxt;-
1003 char *info = NULL, *lang = NULL, *password = NULL, *retype = NULL;-
1004 char prompt[256];-
1005 const char *host;-
1006 int r;-
1007-
1008 debug2("input_userauth_passwd_changereq");-
1009-
1010 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1011 fatal("input_userauth_passwd_changereq: "
never executed: fatal("input_userauth_passwd_changereq: " "no authentication context");
0
1012 "no authentication context");
never executed: fatal("input_userauth_passwd_changereq: " "no authentication context");
0
1013 host = options.host_key_alias ? options.host_key_alias : authctxt->host;
options.host_key_aliasDescription
TRUEnever evaluated
FALSEnever evaluated
0
1014-
1015 if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1016 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1017 goto out;
never executed: goto out;
0
1018 if (strlen(info) > 0)
strlen(info) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1019 logit("%s", info);
never executed: logit("%s", info);
0
1020 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1021 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1022 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1023 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1024 (r = sshpkt_put_u8(ssh, 1)) != 0) /* additional info */
(r = sshpkt_pu...(ssh, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1025 goto out;
never executed: goto out;
0
1026-
1027 snprintf(prompt, sizeof(prompt),-
1028 "Enter %.30s@%.128s's old password: ",-
1029 authctxt->server_user, host);-
1030 password = read_passphrase(prompt, 0);-
1031 if ((r = sshpkt_put_cstring(ssh, password)) != 0)
(r = sshpkt_pu...assword)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1032 goto out;
never executed: goto out;
0
1033-
1034 freezero(password, strlen(password));-
1035 password = NULL;-
1036 while (password == NULL) {
password == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1037 snprintf(prompt, sizeof(prompt),-
1038 "Enter %.30s@%.128s's new password: ",-
1039 authctxt->server_user, host);-
1040 password = read_passphrase(prompt, RP_ALLOW_EOF);-
1041 if (password == NULL) {
password == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1042 /* bail out */-
1043 r = 0;-
1044 goto out;
never executed: goto out;
0
1045 }-
1046 snprintf(prompt, sizeof(prompt),-
1047 "Retype %.30s@%.128s's new password: ",-
1048 authctxt->server_user, host);-
1049 retype = read_passphrase(prompt, 0);-
1050 if (strcmp(password, retype) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( password ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( retype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1051 freezero(password, strlen(password));-
1052 logit("Mismatch; try again, EOF to quit.");-
1053 password = NULL;-
1054 }
never executed: end of block
0
1055 freezero(retype, strlen(retype));-
1056 }
never executed: end of block
0
1057 if ((r = sshpkt_put_cstring(ssh, password)) != 0 ||
(r = sshpkt_pu...assword)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1058 (r = sshpkt_add_padding(ssh, 64)) != 0 ||
(r = sshpkt_ad...ssh, 64)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1059 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1060 goto out;
never executed: goto out;
0
1061-
1062 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,-
1063 &input_userauth_passwd_changereq);-
1064 r = 0;-
1065 out:
code before this statement never executed: out:
0
1066 if (password)
passwordDescription
TRUEnever evaluated
FALSEnever evaluated
0
1067 freezero(password, strlen(password));
never executed: freezero(password, strlen(password));
0
1068 free(info);-
1069 free(lang);-
1070 return r;
never executed: return r;
0
1071}-
1072-
1073/*-
1074 * Select an algorithm for publickey signatures.-
1075 * Returns algorithm (caller must free) or NULL if no mutual algorithm found.-
1076 *-
1077 * Call with ssh==NULL to ignore server-sig-algs extension list and-
1078 * only attempt with the key's base signature type.-
1079 */-
1080static char *-
1081key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)-
1082{-
1083 char *allowed, *oallowed, *cp, *tmp, *alg = NULL;-
1084-
1085 /*-
1086 * The signature algorithm will only differ from the key algorithm-
1087 * for RSA keys/certs and when the server advertises support for-
1088 * newer (SHA2) algorithms.-
1089 */-
1090 if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
ssh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ssh->kex->serv...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1091 (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) {
key->type != KEY_RSADescription
TRUEnever evaluated
FALSEnever evaluated
key->type != KEY_RSA_CERTDescription
TRUEnever evaluated
FALSEnever evaluated
0
1092 /* Filter base key signature alg against our configuration */-
1093 return match_list(sshkey_ssh_name(key),
never executed: return match_list(sshkey_ssh_name(key), options.pubkey_key_types, ((void *)0) );
0
1094 options.pubkey_key_types, NULL);
never executed: return match_list(sshkey_ssh_name(key), options.pubkey_key_types, ((void *)0) );
0
1095 }-
1096-
1097 /*-
1098 * For RSA keys/certs, since these might have a different sig type:-
1099 * find the first entry in PubkeyAcceptedKeyTypes of the right type-
1100 * that also appears in the supported signature algorithms list from-
1101 * the server.-
1102 */-
1103 oallowed = allowed = xstrdup(options.pubkey_key_types);-
1104 while ((cp = strsep(&allowed, ",")) != NULL) {
(cp = __extens...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1105 if (sshkey_type_from_name(cp) != key->type)
sshkey_type_fr...) != key->typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1106 continue;
never executed: continue;
0
1107 tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL);-
1108 if (tmp != NULL)
tmp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1109 alg = xstrdup(cp);
never executed: alg = xstrdup(cp);
0
1110 free(tmp);-
1111 if (alg != NULL)
alg != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1112 break;
never executed: break;
0
1113 }
never executed: end of block
0
1114 free(oallowed);-
1115 return alg;
never executed: return alg;
0
1116}-
1117-
1118static int-
1119identity_sign(struct identity *id, u_char **sigp, size_t *lenp,-
1120 const u_char *data, size_t datalen, u_int compat, const char *alg)-
1121{-
1122 struct sshkey *prv;-
1123 int r;-
1124-
1125 /* The agent supports this key. */-
1126 if (id->key != NULL && id->agent_fd != -1) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
id->agent_fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1127 return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
never executed: return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, data, datalen, alg, compat);
0
1128 data, datalen, alg, compat);
never executed: return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, data, datalen, alg, compat);
0
1129 }-
1130-
1131 /*-
1132 * We have already loaded the private key or the private key is-
1133 * stored in external hardware.-
1134 */-
1135 if (id->key != NULL &&
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1136 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) {
id->isprivateDescription
TRUEnever evaluated
FALSEnever evaluated
(id->key->flags & 0x0001)Description
TRUEnever evaluated
FALSEnever evaluated
0
1137 if ((r = sshkey_sign(id->key, sigp, lenp, data, datalen,
(r = sshkey_si... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1138 alg, compat)) != 0)
(r = sshkey_si... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1139 return r;
never executed: return r;
0
1140 /*-
1141 * PKCS#11 tokens may not support all signature algorithms,-
1142 * so check what we get back.-
1143 */-
1144 if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0)
(r = sshkey_ch...np, alg)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1145 return r;
never executed: return r;
0
1146 return 0;
never executed: return 0;
0
1147 }-
1148-
1149 /* Load the private key from the file. */-
1150 if ((prv = load_identity_file(id)) == NULL)
(prv = load_id...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1151 return SSH_ERR_KEY_NOT_FOUND;
never executed: return -46;
0
1152 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!sshkey_equal_...(prv, id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1153 error("%s: private key %s contents do not match public",-
1154 __func__, id->filename);-
1155 return SSH_ERR_KEY_NOT_FOUND;
never executed: return -46;
0
1156 }-
1157 r = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat);-
1158 sshkey_free(prv);-
1159 return r;
never executed: return r;
0
1160}-
1161-
1162static int-
1163id_filename_matches(Identity *id, Identity *private_id)-
1164{-
1165 const char *suffixes[] = { ".pub", "-cert.pub", NULL };-
1166 size_t len = strlen(id->filename), plen = strlen(private_id->filename);-
1167 size_t i, slen;-
1168-
1169 if (strcmp(id->filename, private_id->filename) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( id->filename ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( private_id->filename ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1170 return 1;
never executed: return 1;
0
1171 for (i = 0; suffixes[i]; i++) {
suffixes[i]Description
TRUEnever evaluated
FALSEnever evaluated
0
1172 slen = strlen(suffixes[i]);-
1173 if (len > slen && plen == len - slen &&
len > slenDescription
TRUEnever evaluated
FALSEnever evaluated
plen == len - slenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1174 strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
never executed: __result = (((const unsigned char *) (const char *) ( id->filename + (len - slen) ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( suffixes[i] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1175 memcmp(id->filename, private_id->filename, plen) == 0)
memcmp(id->fil...me, plen) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1176 return 1;
never executed: return 1;
0
1177 }
never executed: end of block
0
1178 return 0;
never executed: return 0;
0
1179}-
1180-
1181static int-
1182sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id)-
1183{-
1184 struct sshbuf *b = NULL;-
1185 Identity *private_id, *sign_id = NULL;-
1186 u_char *signature = NULL;-
1187 size_t slen = 0, skip = 0;-
1188 int r, fallback_sigtype, sent = 0;-
1189 char *alg = NULL, *fp = NULL;-
1190 const char *loc = "";-
1191-
1192 if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1193 SSH_FP_DEFAULT)) == NULL)
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1194 return 0;
never executed: return 0;
0
1195-
1196 debug3("%s: %s %s", __func__, sshkey_type(id->key), fp);-
1197-
1198 /*-
1199 * If the key is an certificate, try to find a matching private key-
1200 * and use it to complete the signature.-
1201 * If no such private key exists, fall back to trying the certificate-
1202 * key itself in case it has a private half already loaded.-
1203 * This will try to set sign_id to the private key that will perform-
1204 * the signature.-
1205 */-
1206 if (sshkey_is_cert(id->key)) {
sshkey_is_cert(id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1207 TAILQ_FOREACH(private_id, &authctxt->keys, next) {
(private_id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1208 if (sshkey_equal_public(id->key, private_id->key) &&
sshkey_equal_p...ivate_id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1209 id->key->type != private_id->key->type) {
id->key->type ..._id->key->typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1210 sign_id = private_id;-
1211 break;
never executed: break;
0
1212 }-
1213 }
never executed: end of block
0
1214 /*-
1215 * Exact key matches are preferred, but also allow-
1216 * filename matches for non-PKCS#11/agent keys that-
1217 * didn't load public keys. This supports the case-
1218 * of keeping just a private key file and public-
1219 * certificate on disk.-
1220 */-
1221 if (sign_id == NULL &&
sign_id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1222 !id->isprivate && id->agent_fd == -1 &&
!id->isprivateDescription
TRUEnever evaluated
FALSEnever evaluated
id->agent_fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1223 (id->key->flags & SSHKEY_FLAG_EXT) == 0) {
(id->key->flags & 0x0001) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1224 TAILQ_FOREACH(private_id, &authctxt->keys, next) {
(private_id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1225 if (private_id->key == NULL &&
private_id->key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1226 id_filename_matches(id, private_id)) {
id_filename_ma...d, private_id)Description
TRUEnever evaluated
FALSEnever evaluated
0
1227 sign_id = private_id;-
1228 break;
never executed: break;
0
1229 }-
1230 }
never executed: end of block
0
1231 }
never executed: end of block
0
1232 if (sign_id != NULL) {
sign_id != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1233 debug2("%s: using private key \"%s\"%s for "-
1234 "certificate", __func__, id->filename,-
1235 id->agent_fd != -1 ? " from agent" : "");-
1236 } else {
never executed: end of block
0
1237 debug("%s: no separate private key for certificate "-
1238 "\"%s\"", __func__, id->filename);-
1239 }
never executed: end of block
0
1240 }-
1241-
1242 /*-
1243 * If the above didn't select another identity to do the signing-
1244 * then default to the one we started with.-
1245 */-
1246 if (sign_id == NULL)
sign_id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1247 sign_id = id;
never executed: sign_id = id;
0
1248-
1249 /* assemble and sign data */-
1250 for (fallback_sigtype = 0; fallback_sigtype <= 1; fallback_sigtype++) {
fallback_sigtype <= 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1251 free(alg);-
1252 slen = 0;-
1253 signature = NULL;-
1254 if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh,
(alg = key_sig...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1255 id->key)) == NULL) {
(alg = key_sig...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1256 error("%s: no mutual signature supported", __func__);-
1257 goto out;
never executed: goto out;
0
1258 }-
1259 debug3("%s: signing using %s", __func__, alg);-
1260-
1261 sshbuf_free(b);-
1262 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1263 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1264 if (datafellows & SSH_OLD_SESSIONID) {
datafellows & 0x00000010Description
TRUEnever evaluated
FALSEnever evaluated
0
1265 if ((r = sshbuf_put(b, session_id2,
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1266 session_id2_len)) != 0) {
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1267 fatal("%s: sshbuf_put: %s",-
1268 __func__, ssh_err(r));-
1269 }
never executed: end of block
0
1270 } else {
never executed: end of block
0
1271 if ((r = sshbuf_put_string(b, session_id2,
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1272 session_id2_len)) != 0) {
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1273 fatal("%s: sshbuf_put_string: %s",-
1274 __func__, ssh_err(r));-
1275 }
never executed: end of block
0
1276 }
never executed: end of block
0
1277 skip = sshbuf_len(b);-
1278 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_pu...8(b, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1279 (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
(r = sshbuf_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1280 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1281 (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
(r = sshbuf_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1282 (r = sshbuf_put_u8(b, 1)) != 0 ||
(r = sshbuf_put_u8(b, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1283 (r = sshbuf_put_cstring(b, alg)) != 0 ||
(r = sshbuf_pu...(b, alg)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1284 (r = sshkey_puts(id->key, b)) != 0) {
(r = sshkey_pu...>key, b)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1285 fatal("%s: assemble signed data: %s",-
1286 __func__, ssh_err(r));-
1287 }
never executed: end of block
0
1288-
1289 /* generate signature */-
1290 r = identity_sign(sign_id, &signature, &slen,-
1291 sshbuf_ptr(b), sshbuf_len(b), datafellows, alg);-
1292 if (r == 0)
r == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1293 break;
never executed: break;
0
1294 else if (r == SSH_ERR_KEY_NOT_FOUND)
r == -46Description
TRUEnever evaluated
FALSEnever evaluated
0
1295 goto out; /* soft failure */
never executed: goto out;
0
1296 else if (r == SSH_ERR_SIGN_ALG_UNSUPPORTED &&
r == -58Description
TRUEnever evaluated
FALSEnever evaluated
0
1297 !fallback_sigtype) {
!fallback_sigtypeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1298 if (sign_id->agent_fd != -1)
sign_id->agent_fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1299 loc = "agent ";
never executed: loc = "agent ";
0
1300 else if ((sign_id->key->flags & SSHKEY_FLAG_EXT) != 0)
(sign_id->key-...& 0x0001) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1301 loc = "token ";
never executed: loc = "token ";
0
1302 logit("%skey %s %s returned incorrect signature type",-
1303 loc, sshkey_type(id->key), fp);-
1304 continue;
never executed: continue;
0
1305 }-
1306 error("%s: signing failed: %s", __func__, ssh_err(r));-
1307 goto out;
never executed: goto out;
0
1308 }-
1309 if (slen == 0 || signature == NULL) /* shouldn't happen */
slen == 0Description
TRUEnever evaluated
FALSEnever evaluated
signature == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1310 fatal("%s: no signature", __func__);
never executed: fatal("%s: no signature", __func__);
0
1311-
1312 /* append signature */-
1313 if ((r = sshbuf_put_string(b, signature, slen)) != 0)
(r = sshbuf_pu...e, slen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1314 fatal("%s: append signature: %s", __func__, ssh_err(r));
never executed: fatal("%s: append signature: %s", __func__, ssh_err(r));
0
1315-
1316#ifdef DEBUG_PK-
1317 sshbuf_dump(b, stderr);-
1318#endif-
1319 /* skip session id and packet type */-
1320 if ((r = sshbuf_consume(b, skip + 1)) != 0)
(r = sshbuf_co...kip + 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1321 fatal("%s: consume: %s", __func__, ssh_err(r));
never executed: fatal("%s: consume: %s", __func__, ssh_err(r));
0
1322-
1323 /* put remaining data from buffer into packet */-
1324 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1325 (r = sshpkt_putb(ssh, b)) != 0 ||
(r = sshpkt_putb(ssh, b)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1326 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1327 fatal("%s: enqueue request: %s", __func__, ssh_err(r));
never executed: fatal("%s: enqueue request: %s", __func__, ssh_err(r));
0
1328-
1329 /* success */-
1330 sent = 1;-
1331-
1332 out:
code before this statement never executed: out:
0
1333 free(fp);-
1334 free(alg);-
1335 sshbuf_free(b);-
1336 freezero(signature, slen);-
1337 return sent;
never executed: return sent;
0
1338}-
1339-
1340static int-
1341send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id)-
1342{-
1343 u_char *blob = NULL;-
1344 char *alg = NULL;-
1345 size_t bloblen;-
1346 u_int have_sig = 0;-
1347 int sent = 0, r;-
1348-
1349 if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
(alg = key_sig...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1350 debug("%s: no mutual signature algorithm", __func__);-
1351 goto out;
never executed: goto out;
0
1352 }-
1353-
1354 if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) {
(r = sshkey_to...bloblen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1355 /* we cannot handle this key */-
1356 debug3("%s: cannot handle key", __func__);-
1357 goto out;
never executed: goto out;
0
1358 }-
1359 /* register callback for USERAUTH_PK_OK message */-
1360 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);-
1361-
1362 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1363 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1364 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1365 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1366 (r = sshpkt_put_u8(ssh, have_sig)) != 0 ||
(r = sshpkt_pu...ave_sig)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1367 (r = sshpkt_put_cstring(ssh, alg)) != 0 ||
(r = sshpkt_pu...sh, alg)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1368 (r = sshpkt_put_string(ssh, blob, bloblen)) != 0 ||
(r = sshpkt_pu...bloblen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1370 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
1371 sent = 1;-
1372-
1373 out:
code before this statement never executed: out:
0
1374 free(alg);-
1375 free(blob);-
1376 return sent;
never executed: return sent;
0
1377}-
1378-
1379static struct sshkey *-
1380load_identity_file(Identity *id)-
1381{-
1382 struct sshkey *private = NULL;-
1383 char prompt[300], *passphrase, *comment;-
1384 int r, perm_ok = 0, quit = 0, i;-
1385 struct stat st;-
1386-
1387 if (stat(id->filename, &st) < 0) {
stat(id->filename, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1388 (id->userprovided ? logit : debug3)("no such identity: %s: %s",-
1389 id->filename, strerror(errno));-
1390 return NULL;
never executed: return ((void *)0) ;
0
1391 }-
1392 snprintf(prompt, sizeof prompt,-
1393 "Enter passphrase for key '%.100s': ", id->filename);-
1394 for (i = 0; i <= options.number_of_password_prompts; i++) {
i <= options.n...ssword_promptsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1395 if (i == 0)
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1396 passphrase = "";
never executed: passphrase = "";
0
1397 else {-
1398 passphrase = read_passphrase(prompt, 0);-
1399 if (*passphrase == '\0') {
*passphrase == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1400 debug2("no passphrase given, try next key");-
1401 free(passphrase);-
1402 break;
never executed: break;
0
1403 }-
1404 }
never executed: end of block
0
1405 switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,-
1406 passphrase, &private, &comment, &perm_ok))) {-
1407 case 0:
never executed: case 0:
0
1408 break;
never executed: break;
0
1409 case SSH_ERR_KEY_WRONG_PASSPHRASE:
never executed: case -43:
0
1410 if (options.batch_mode) {
options.batch_modeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1411 quit = 1;-
1412 break;
never executed: break;
0
1413 }-
1414 if (i != 0)
i != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1415 debug2("bad passphrase given, try again...");
never executed: debug2("bad passphrase given, try again...");
0
1416 break;
never executed: break;
0
1417 case SSH_ERR_SYSTEM_ERROR:
never executed: case -24:
0
1418 if (errno == ENOENT) {
(*__errno_location ()) == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1419 debug2("Load key \"%s\": %s",-
1420 id->filename, ssh_err(r));-
1421 quit = 1;-
1422 break;
never executed: break;
0
1423 }-
1424 /* FALLTHROUGH */-
1425 default:
code before this statement never executed: default:
never executed: default:
0
1426 error("Load key \"%s\": %s", id->filename, ssh_err(r));-
1427 quit = 1;-
1428 break;
never executed: break;
0
1429 }-
1430 if (!quit && private != NULL && id->agent_fd == -1 &&
!quitDescription
TRUEnever evaluated
FALSEnever evaluated
private != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
id->agent_fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1431 !(id->key && id->isprivate))
id->keyDescription
TRUEnever evaluated
FALSEnever evaluated
id->isprivateDescription
TRUEnever evaluated
FALSEnever evaluated
0
1432 maybe_add_key_to_agent(id->filename, private, comment,
never executed: maybe_add_key_to_agent(id->filename, private, comment, passphrase);
0
1433 passphrase);
never executed: maybe_add_key_to_agent(id->filename, private, comment, passphrase);
0
1434 if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1435 freezero(passphrase, strlen(passphrase));
never executed: freezero(passphrase, strlen(passphrase));
0
1436 free(comment);-
1437 if (private != NULL || quit)
private != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
quitDescription
TRUEnever evaluated
FALSEnever evaluated
0
1438 break;
never executed: break;
0
1439 }
never executed: end of block
0
1440 return private;
never executed: return private;
0
1441}-
1442-
1443static int-
1444key_type_allowed_by_config(struct sshkey *key)-
1445{-
1446 if (match_pattern_list(sshkey_ssh_name(key),
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1447 options.pubkey_key_types, 0) == 1)
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1448 return 1;
never executed: return 1;
0
1449-
1450 /* RSA keys/certs might be allowed by alternate signature types */-
1451 switch (key->type) {-
1452 case KEY_RSA:
never executed: case KEY_RSA:
0
1453 if (match_pattern_list("rsa-sha2-512",
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1454 options.pubkey_key_types, 0) == 1)
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1455 return 1;
never executed: return 1;
0
1456 if (match_pattern_list("rsa-sha2-256",
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1457 options.pubkey_key_types, 0) == 1)
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1458 return 1;
never executed: return 1;
0
1459 break;
never executed: break;
0
1460 case KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
1461 if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1462 options.pubkey_key_types, 0) == 1)
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1463 return 1;
never executed: return 1;
0
1464 if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com",
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1465 options.pubkey_key_types, 0) == 1)
match_pattern_...types, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1466 return 1;
never executed: return 1;
0
1467 break;
never executed: break;
0
1468 }-
1469 return 0;
never executed: return 0;
0
1470}-
1471-
1472-
1473/*-
1474 * try keys in the following order:-
1475 * 1. certificates listed in the config file-
1476 * 2. other input certificates-
1477 * 3. agent keys that are found in the config file-
1478 * 4. other agent keys-
1479 * 5. keys that are only listed in the config file-
1480 */-
1481static void-
1482pubkey_prepare(Authctxt *authctxt)-
1483{-
1484 struct identity *id, *id2, *tmp;-
1485 struct idlist agent, files, *preferred;-
1486 struct sshkey *key;-
1487 int agent_fd = -1, i, r, found;-
1488 size_t j;-
1489 struct ssh_identitylist *idlist;-
1490 char *ident;-
1491-
1492 TAILQ_INIT(&agent); /* keys from the agent */-
1493 TAILQ_INIT(&files); /* keys from the config file */-
1494 preferred = &authctxt->keys;-
1495 TAILQ_INIT(preferred); /* preferred order of keys */-
1496-
1497 /* list of keys stored in the filesystem and PKCS#11 */-
1498 for (i = 0; i < options.num_identity_files; i++) {
i < options.num_identity_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
1499 key = options.identity_keys[i];-
1500 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
keyDescription
TRUEnever evaluated
FALSEnever evaluated
key->certDescription
TRUEnever evaluated
FALSEnever evaluated
key->cert->type != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1501 continue;
never executed: continue;
0
1502 options.identity_keys[i] = NULL;-
1503 id = xcalloc(1, sizeof(*id));-
1504 id->agent_fd = -1;-
1505 id->key = key;-
1506 id->filename = xstrdup(options.identity_files[i]);-
1507 id->userprovided = options.identity_file_userprovided[i];-
1508 TAILQ_INSERT_TAIL(&files, id, next);-
1509 }
never executed: end of block
0
1510 /* list of certificates specified by user */-
1511 for (i = 0; i < options.num_certificate_files; i++) {
i < options.nu...tificate_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
1512 key = options.certificates[i];-
1513 if (!sshkey_is_cert(key) || key->cert == NULL ||
!sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
key->cert == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1514 key->cert->type != SSH2_CERT_TYPE_USER)
key->cert->type != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1515 continue;
never executed: continue;
0
1516 id = xcalloc(1, sizeof(*id));-
1517 id->agent_fd = -1;-
1518 id->key = key;-
1519 id->filename = xstrdup(options.certificate_files[i]);-
1520 id->userprovided = options.certificate_file_userprovided[i];-
1521 TAILQ_INSERT_TAIL(preferred, id, next);-
1522 }
never executed: end of block
0
1523 /* list of keys supported by the agent */-
1524 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
(r = ssh_get_a...gent_fd)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1525 if (r != SSH_ERR_AGENT_NOT_PRESENT)
r != -47Description
TRUEnever evaluated
FALSEnever evaluated
0
1526 debug("%s: ssh_get_authentication_socket: %s",
never executed: debug("%s: ssh_get_authentication_socket: %s", __func__, ssh_err(r));
0
1527 __func__, ssh_err(r));
never executed: debug("%s: ssh_get_authentication_socket: %s", __func__, ssh_err(r));
0
1528 } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
never executed: end of block
(r = ssh_fetch...&idlist)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1529 if (r != SSH_ERR_AGENT_NO_IDENTITIES)
r != -48Description
TRUEnever evaluated
FALSEnever evaluated
0
1530 debug("%s: ssh_fetch_identitylist: %s",
never executed: debug("%s: ssh_fetch_identitylist: %s", __func__, ssh_err(r));
0
1531 __func__, ssh_err(r));
never executed: debug("%s: ssh_fetch_identitylist: %s", __func__, ssh_err(r));
0
1532 close(agent_fd);-
1533 } else {
never executed: end of block
0
1534 for (j = 0; j < idlist->nkeys; j++) {
j < idlist->nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1535 found = 0;-
1536 TAILQ_FOREACH(id, &files, next) {
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1537 /*-
1538 * agent keys from the config file are-
1539 * preferred-
1540 */-
1541 if (sshkey_equal(idlist->keys[j], id->key)) {
sshkey_equal(i...s[j], id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1542 TAILQ_REMOVE(&files, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&files)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1543 TAILQ_INSERT_TAIL(preferred, id, next);-
1544 id->agent_fd = agent_fd;-
1545 found = 1;-
1546 break;
never executed: break;
0
1547 }-
1548 }
never executed: end of block
0
1549 if (!found && !options.identities_only) {
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
!options.identities_onlyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1550 id = xcalloc(1, sizeof(*id));-
1551 /* XXX "steals" key/comment from idlist */-
1552 id->key = idlist->keys[j];-
1553 id->filename = idlist->comments[j];-
1554 idlist->keys[j] = NULL;-
1555 idlist->comments[j] = NULL;-
1556 id->agent_fd = agent_fd;-
1557 TAILQ_INSERT_TAIL(&agent, id, next);-
1558 }
never executed: end of block
0
1559 }
never executed: end of block
0
1560 ssh_free_identitylist(idlist);-
1561 /* append remaining agent keys */-
1562 for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
idDescription
TRUEnever evaluated
FALSEnever evaluated
0
1563 TAILQ_REMOVE(&agent, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&agent)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1564 TAILQ_INSERT_TAIL(preferred, id, next);-
1565 }
never executed: end of block
0
1566 authctxt->agent_fd = agent_fd;-
1567 }
never executed: end of block
0
1568 /* Prefer PKCS11 keys that are explicitly listed */-
1569 TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1570 if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
id->key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(id->key->flags & 0x0001) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1571 continue;
never executed: continue;
0
1572 found = 0;-
1573 TAILQ_FOREACH(id2, &files, next) {
(id2) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1574 if (id2->key == NULL ||
id2->key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1575 (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
(id2->key->fla...& 0x0001) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1576 continue;
never executed: continue;
0
1577 if (sshkey_equal(id->key, id2->key)) {
sshkey_equal(i...key, id2->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1578 TAILQ_REMOVE(&files, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&files)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1579 TAILQ_INSERT_TAIL(preferred, id, next);-
1580 found = 1;-
1581 break;
never executed: break;
0
1582 }-
1583 }
never executed: end of block
0
1584 /* If IdentitiesOnly set and key not found then don't use it */-
1585 if (!found && options.identities_only) {
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
options.identities_onlyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1586 TAILQ_REMOVE(&files, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&files)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1587 freezero(id, sizeof(*id));-
1588 }
never executed: end of block
0
1589 }
never executed: end of block
0
1590 /* append remaining keys from the config file */-
1591 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
idDescription
TRUEnever evaluated
FALSEnever evaluated
0
1592 TAILQ_REMOVE(&files, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&files)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1593 TAILQ_INSERT_TAIL(preferred, id, next);-
1594 }
never executed: end of block
0
1595 /* finally, filter by PubkeyAcceptedKeyTypes */-
1596 TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1597 if (id->key != NULL && !key_type_allowed_by_config(id->key)) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!key_type_allo...onfig(id->key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1598 debug("Skipping %s key %s - "-
1599 "not in PubkeyAcceptedKeyTypes",-
1600 sshkey_ssh_name(id->key), id->filename);-
1601 TAILQ_REMOVE(preferred, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (preferred)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1602 sshkey_free(id->key);-
1603 free(id->filename);-
1604 memset(id, 0, sizeof(*id));-
1605 continue;
never executed: continue;
0
1606 }-
1607 }
never executed: end of block
0
1608 /* List the keys we plan on using */-
1609 TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1610 ident = format_identity(id);-
1611 debug("Will attempt key: %s", ident);-
1612 free(ident);-
1613 }
never executed: end of block
0
1614 debug2("%s: done", __func__);-
1615}
never executed: end of block
0
1616-
1617static void-
1618pubkey_cleanup(Authctxt *authctxt)-
1619{-
1620 Identity *id;-
1621-
1622 if (authctxt->agent_fd != -1)
authctxt->agent_fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1623 ssh_close_authentication_socket(authctxt->agent_fd);
never executed: ssh_close_authentication_socket(authctxt->agent_fd);
0
1624 for (id = TAILQ_FIRST(&authctxt->keys); id;
idDescription
TRUEnever evaluated
FALSEnever evaluated
0
1625 id = TAILQ_FIRST(&authctxt->keys)) {-
1626 TAILQ_REMOVE(&authctxt->keys, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&authctxt->keys)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1627 sshkey_free(id->key);-
1628 free(id->filename);-
1629 free(id);-
1630 }
never executed: end of block
0
1631}
never executed: end of block
0
1632-
1633static void-
1634pubkey_reset(Authctxt *authctxt)-
1635{-
1636 Identity *id;-
1637-
1638 TAILQ_FOREACH(id, &authctxt->keys, next)
(id) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1639 id->tried = 0;
never executed: id->tried = 0;
0
1640}
never executed: end of block
0
1641-
1642static int-
1643try_identity(Identity *id)-
1644{-
1645 if (!id->key)
!id->keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1646 return (0);
never executed: return (0);
0
1647 if (sshkey_type_plain(id->key->type) == KEY_RSA &&
sshkey_type_pl...pe) == KEY_RSADescription
TRUEnever evaluated
FALSEnever evaluated
0
1648 (datafellows & SSH_BUG_RSASIGMD5) != 0) {
(datafellows &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1649 debug("Skipped %s key %s for RSA/MD5 server",-
1650 sshkey_type(id->key), id->filename);-
1651 return (0);
never executed: return (0);
0
1652 }-
1653 return 1;
never executed: return 1;
0
1654}-
1655-
1656int-
1657userauth_pubkey(Authctxt *authctxt)-
1658{-
1659 struct ssh *ssh = active_state; /* XXX */-
1660 Identity *id;-
1661 int sent = 0;-
1662 char *ident;-
1663-
1664 while ((id = TAILQ_FIRST(&authctxt->keys))) {
(id = ((&authc...)->tqh_first))Description
TRUEnever evaluated
FALSEnever evaluated
0
1665 if (id->tried++)
id->tried++Description
TRUEnever evaluated
FALSEnever evaluated
0
1666 return (0);
never executed: return (0);
0
1667 /* move key to the end of the queue */-
1668 TAILQ_REMOVE(&authctxt->keys, id, next);
never executed: (id)->next.tqe_next->next.tqe_prev = (id)->next.tqe_prev;
never executed: (&authctxt->keys)->tqh_last = (id)->next.tqe_prev;
((id)->next.tq...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1669 TAILQ_INSERT_TAIL(&authctxt->keys, id, next);-
1670 /*-
1671 * send a test message if we have the public key. for-
1672 * encrypted keys we cannot do this and have to load the-
1673 * private key instead-
1674 */-
1675 if (id->key != NULL) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1676 if (try_identity(id)) {
try_identity(id)Description
TRUEnever evaluated
FALSEnever evaluated
0
1677 ident = format_identity(id);-
1678 debug("Offering public key: %s", ident);-
1679 free(ident);-
1680 sent = send_pubkey_test(ssh, authctxt, id);-
1681 }
never executed: end of block
0
1682 } else {
never executed: end of block
0
1683 debug("Trying private key: %s", id->filename);-
1684 id->key = load_identity_file(id);-
1685 if (id->key != NULL) {
id->key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1686 if (try_identity(id)) {
try_identity(id)Description
TRUEnever evaluated
FALSEnever evaluated
0
1687 id->isprivate = 1;-
1688 sent = sign_and_send_pubkey(ssh,-
1689 authctxt, id);-
1690 }
never executed: end of block
0
1691 sshkey_free(id->key);-
1692 id->key = NULL;-
1693 id->isprivate = 0;-
1694 }
never executed: end of block
0
1695 }
never executed: end of block
0
1696 if (sent)
sentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1697 return (sent);
never executed: return (sent);
0
1698 }
never executed: end of block
0
1699 return (0);
never executed: return (0);
0
1700}-
1701-
1702/*-
1703 * Send userauth request message specifying keyboard-interactive method.-
1704 */-
1705int-
1706userauth_kbdint(Authctxt *authctxt)-
1707{-
1708 struct ssh *ssh = active_state; /* XXX */-
1709 static int attempt = 0;-
1710 int r;-
1711-
1712 if (attempt++ >= options.number_of_password_prompts)
attempt++ >= o...ssword_promptsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1713 return 0;
never executed: return 0;
0
1714 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */-
1715 if (attempt > 1 && !authctxt->info_req_seen) {
attempt > 1Description
TRUEnever evaluated
FALSEnever evaluated
!authctxt->info_req_seenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1716 debug3("userauth_kbdint: disable: no info_req_seen");-
1717 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);-
1718 return 0;
never executed: return 0;
0
1719 }-
1720-
1721 debug2("userauth_kbdint");-
1722 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1723 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1724 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1725 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1726 (r = sshpkt_put_cstring(ssh, "")) != 0 || /* lang */
(r = sshpkt_pu...ssh, "")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1727 (r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ?
(r = sshpkt_pu...es : "")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1728 options.kbd_interactive_devices : "")) != 0 ||
(r = sshpkt_pu...es : "")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1729 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1730 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
1731-
1732 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);-
1733 return 1;
never executed: return 1;
0
1734}-
1735-
1736/*-
1737 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE-
1738 */-
1739int-
1740input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)-
1741{-
1742 Authctxt *authctxt = ssh->authctxt;-
1743 char *name = NULL, *inst = NULL, *lang = NULL, *prompt = NULL;-
1744 char *response = NULL;-
1745 u_char echo = 0;-
1746 u_int num_prompts, i;-
1747 int r;-
1748-
1749 debug2("input_userauth_info_req");-
1750-
1751 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1752 fatal("input_userauth_info_req: no authentication context");
never executed: fatal("input_userauth_info_req: no authentication context");
0
1753-
1754 authctxt->info_req_seen = 1;-
1755-
1756 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1757 (r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1758 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1759 goto out;
never executed: goto out;
0
1760 if (strlen(name) > 0)
strlen(name) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1761 logit("%s", name);
never executed: logit("%s", name);
0
1762 if (strlen(inst) > 0)
strlen(inst) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1763 logit("%s", inst);
never executed: logit("%s", inst);
0
1764-
1765 if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0)
(r = sshpkt_ge...prompts)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1766 goto out;
never executed: goto out;
0
1767 /*-
1768 * Begin to build info response packet based on prompts requested.-
1769 * We commit to providing the correct number of responses, so if-
1770 * further on we run into a problem that prevents this, we have to-
1771 * be sure and clean this up and send a correct error response.-
1772 */-
1773 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE)) != 0 ||
(r = sshpkt_st...ssh, 61)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1774 (r = sshpkt_put_u32(ssh, num_prompts)) != 0)
(r = sshpkt_pu...prompts)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1775 goto out;
never executed: goto out;
0
1776-
1777 debug2("input_userauth_info_req: num_prompts %d", num_prompts);-
1778 for (i = 0; i < num_prompts; i++) {
i < num_promptsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1779 if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1780 (r = sshpkt_get_u8(ssh, &echo)) != 0)
(r = sshpkt_ge..., &echo)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1781 goto out;
never executed: goto out;
0
1782 response = read_passphrase(prompt, echo ? RP_ECHO : 0);-
1783 if ((r = sshpkt_put_cstring(ssh, response)) != 0)
(r = sshpkt_pu...esponse)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1784 goto out;
never executed: goto out;
0
1785 freezero(response, strlen(response));-
1786 free(prompt);-
1787 response = prompt = NULL;-
1788 }
never executed: end of block
0
1789 /* done with parsing incoming message. */-
1790 if ((r = sshpkt_get_end(ssh)) != 0 ||
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1791 (r = sshpkt_add_padding(ssh, 64)) != 0)
(r = sshpkt_ad...ssh, 64)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1792 goto out;
never executed: goto out;
0
1793 r = sshpkt_send(ssh);-
1794 out:
code before this statement never executed: out:
0
1795 if (response)
responseDescription
TRUEnever evaluated
FALSEnever evaluated
0
1796 freezero(response, strlen(response));
never executed: freezero(response, strlen(response));
0
1797 free(prompt);-
1798 free(name);-
1799 free(inst);-
1800 free(lang);-
1801 return r;
never executed: return r;
0
1802}-
1803-
1804static int-
1805ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,-
1806 const u_char *data, size_t datalen)-
1807{-
1808 struct sshbuf *b;-
1809 struct stat st;-
1810 pid_t pid;-
1811 int i, r, to[2], from[2], status, sock = packet_get_connection_in();-
1812 u_char rversion = 0, version = 2;-
1813 void (*osigchld)(int);-
1814-
1815 *sigp = NULL;-
1816 *lenp = 0;-
1817-
1818 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
stat("/var/tmp...ign", &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1819 error("%s: not installed: %s", __func__, strerror(errno));-
1820 return -1;
never executed: return -1;
0
1821 }-
1822 if (fflush(stdout) != 0) {
fflush( stdout ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1823 error("%s: fflush: %s", __func__, strerror(errno));-
1824 return -1;
never executed: return -1;
0
1825 }-
1826 if (pipe(to) < 0) {
pipe(to) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1827 error("%s: pipe: %s", __func__, strerror(errno));-
1828 return -1;
never executed: return -1;
0
1829 }-
1830 if (pipe(from) < 0) {
pipe(from) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1831 error("%s: pipe: %s", __func__, strerror(errno));-
1832 return -1;
never executed: return -1;
0
1833 }-
1834 if ((pid = fork()) < 0) {
(pid = fork()) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1835 error("%s: fork: %s", __func__, strerror(errno));-
1836 return -1;
never executed: return -1;
0
1837 }-
1838 osigchld = signal(SIGCHLD, SIG_DFL);-
1839 if (pid == 0) {
pid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1840 /* keep the socket on exec */-
1841 fcntl(sock, F_SETFD, 0);-
1842 close(from[0]);-
1843 if (dup2(from[1], STDOUT_FILENO) < 0)
dup2(from[1], 1 ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1844 fatal("%s: dup2: %s", __func__, strerror(errno));
never executed: fatal("%s: dup2: %s", __func__, strerror( (*__errno_location ()) ));
0
1845 close(to[1]);-
1846 if (dup2(to[0], STDIN_FILENO) < 0)
dup2(to[0], 0 ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1847 fatal("%s: dup2: %s", __func__, strerror(errno));
never executed: fatal("%s: dup2: %s", __func__, strerror( (*__errno_location ()) ));
0
1848 close(from[1]);-
1849 close(to[0]);-
1850 /* Close everything but stdio and the socket */-
1851 for (i = STDERR_FILENO + 1; i < sock; i++)
i < sockDescription
TRUEnever evaluated
FALSEnever evaluated
0
1852 close(i);
never executed: close(i);
0
1853 closefrom(sock + 1);-
1854 debug3("%s: [child] pid=%ld, exec %s",-
1855 __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);-
1856 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);-
1857 fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,-
1858 strerror(errno));-
1859 }
never executed: end of block
0
1860 close(from[1]);-
1861 close(to[0]);-
1862-
1863 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1864 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1865 /* send # of sock, data to be signed */-
1866 if ((r = sshbuf_put_u32(b, sock)) != 0 ||
(r = sshbuf_pu...b, sock)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1867 (r = sshbuf_put_string(b, data, datalen)) != 0)
(r = sshbuf_pu...datalen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1868 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1869 if (ssh_msg_send(to[1], version, b) == -1)
ssh_msg_send(t...sion, b) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1870 fatal("%s: couldn't send request", __func__);
never executed: fatal("%s: couldn't send request", __func__);
0
1871 sshbuf_reset(b);-
1872 r = ssh_msg_recv(from[0], b);-
1873 close(from[0]);-
1874 close(to[1]);-
1875 if (r < 0) {
r < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1876 error("%s: no reply", __func__);-
1877 goto fail;
never executed: goto fail;
0
1878 }-
1879-
1880 errno = 0;-
1881 while (waitpid(pid, &status, 0) < 0) {
waitpid(pid, &status, 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1882 if (errno != EINTR) {
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1883 error("%s: waitpid %ld: %s",-
1884 __func__, (long)pid, strerror(errno));-
1885 goto fail;
never executed: goto fail;
0
1886 }-
1887 }
never executed: end of block
0
1888 if (!WIFEXITED(status)) {
! ((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1889 error("%s: exited abnormally", __func__);-
1890 goto fail;
never executed: goto fail;
0
1891 }-
1892 if (WEXITSTATUS(status) != 0) {
((( status ) &...00) >> 8) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1893 error("%s: exited with status %d",-
1894 __func__, WEXITSTATUS(status));-
1895 goto fail;
never executed: goto fail;
0
1896 }-
1897 if ((r = sshbuf_get_u8(b, &rversion)) != 0) {
(r = sshbuf_ge...version)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1898 error("%s: buffer error: %s", __func__, ssh_err(r));-
1899 goto fail;
never executed: goto fail;
0
1900 }-
1901 if (rversion != version) {
rversion != versionDescription
TRUEnever evaluated
FALSEnever evaluated
0
1902 error("%s: bad version", __func__);-
1903 goto fail;
never executed: goto fail;
0
1904 }-
1905 if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
(r = sshbuf_ge...p, lenp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1906 error("%s: buffer error: %s", __func__, ssh_err(r));-
1907 fail:
code before this statement never executed: fail:
0
1908 signal(SIGCHLD, osigchld);-
1909 sshbuf_free(b);-
1910 return -1;
never executed: return -1;
0
1911 }-
1912 signal(SIGCHLD, osigchld);-
1913 sshbuf_free(b);-
1914-
1915 return 0;
never executed: return 0;
0
1916}-
1917-
1918int-
1919userauth_hostbased(Authctxt *authctxt)-
1920{-
1921 struct ssh *ssh = active_state; /* XXX */-
1922 struct sshkey *private = NULL;-
1923 struct sshbuf *b = NULL;-
1924 u_char *sig = NULL, *keyblob = NULL;-
1925 char *fp = NULL, *chost = NULL, *lname = NULL;-
1926 size_t siglen = 0, keylen = 0;-
1927 int i, r, success = 0;-
1928-
1929 if (authctxt->ktypes == NULL) {
authctxt->ktyp...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1930 authctxt->oktypes = xstrdup(options.hostbased_key_types);-
1931 authctxt->ktypes = authctxt->oktypes;-
1932 }
never executed: end of block
0
1933-
1934 /*-
1935 * Work through each listed type pattern in HostbasedKeyTypes,-
1936 * trying each hostkey that matches the type in turn.-
1937 */-
1938 for (;;) {-
1939 if (authctxt->active_ktype == NULL)
authctxt->acti...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1940 authctxt->active_ktype = strsep(&authctxt->ktypes, ",");
never executed: authctxt->active_ktype = __extension__ ({ char __r0, __r1, __r2; (__builtin_constant_p ( "," ) && ((size_t)(const void *)(( "," ) + 1) - (size_t)(const void *)( "," ) == 1) && (__r0 = ((const char *) ( "," ))[0], ((const char *) ( "," ))[0] != '\0') ? ((_..." ))[2], __r2 == '\0') ? __strsep_2c ( &authctxt->ktypes , __r0, __r1) : (((const char *) ( "," ))[3] == '\0' ? __strsep_3c ( &authctxt->ktypes , __r0, __r1, __r2) : __strsep_g ( &authctxt->ktypes , "," )))) : __strsep_g ( &authctxt->ktypes , "," )); }) ;
0
1941 if (authctxt->active_ktype == NULL ||
authctxt->acti...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1942 *authctxt->active_ktype == '\0')
*authctxt->act..._ktype == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1943 break;
never executed: break;
0
1944 debug3("%s: trying key type %s", __func__,-
1945 authctxt->active_ktype);-
1946-
1947 /* check for a useful key */-
1948 private = NULL;-
1949 for (i = 0; i < authctxt->sensitive->nkeys; i++) {
i < authctxt->sensitive->nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1950 if (authctxt->sensitive->keys[i] == NULL ||
authctxt->sens...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1951 authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
authctxt->sens... == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
0
1952 continue;
never executed: continue;
0
1953 if (match_pattern_list(
match_pattern_...ktype, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1954 sshkey_ssh_name(authctxt->sensitive->keys[i]),
match_pattern_...ktype, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1955 authctxt->active_ktype, 0) != 1)
match_pattern_...ktype, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1956 continue;
never executed: continue;
0
1957 /* we take and free the key */-
1958 private = authctxt->sensitive->keys[i];-
1959 authctxt->sensitive->keys[i] = NULL;-
1960 break;
never executed: break;
0
1961 }-
1962 /* Found one */-
1963 if (private != NULL)
private != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1964 break;
never executed: break;
0
1965 /* No more keys of this type; advance */-
1966 authctxt->active_ktype = NULL;-
1967 }
never executed: end of block
0
1968 if (private == NULL) {
private == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1969 free(authctxt->oktypes);-
1970 authctxt->oktypes = authctxt->ktypes = NULL;-
1971 authctxt->active_ktype = NULL;-
1972 debug("No more client hostkeys for hostbased authentication.");-
1973 goto out;
never executed: goto out;
0
1974 }-
1975-
1976 if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1977 SSH_FP_DEFAULT)) == NULL) {
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1978 error("%s: sshkey_fingerprint failed", __func__);-
1979 goto out;
never executed: goto out;
0
1980 }-
1981 debug("%s: trying hostkey %s %s",-
1982 __func__, sshkey_ssh_name(private), fp);-
1983-
1984 /* figure out a name for the client host */-
1985 if ((lname = get_local_name(packet_get_connection_in())) == NULL) {
(lname = get_l...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1986 error("%s: cannot get local ipaddr/name", __func__);-
1987 goto out;
never executed: goto out;
0
1988 }-
1989-
1990 /* XXX sshbuf_put_stringf? */-
1991 xasprintf(&chost, "%s.", lname);-
1992 debug2("%s: chost %s", __func__, chost);-
1993-
1994 /* construct data */-
1995 if ((b = sshbuf_new()) == NULL) {
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1996 error("%s: sshbuf_new failed", __func__);-
1997 goto out;
never executed: goto out;
0
1998 }-
1999 if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) {
(r = sshkey_to...&keylen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2000 error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));-
2001 goto out;
never executed: goto out;
0
2002 }-
2003 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2004 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_pu...8(b, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2005 (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
(r = sshbuf_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2006 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2007 (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
(r = sshbuf_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2008 (r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 ||
(r = sshbuf_pu...rivate))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2009 (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
(r = sshbuf_pu... keylen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2010 (r = sshbuf_put_cstring(b, chost)) != 0 ||
(r = sshbuf_pu..., chost)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2011 (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
(r = sshbuf_pu...al_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2012 error("%s: buffer error: %s", __func__, ssh_err(r));-
2013 goto out;
never executed: goto out;
0
2014 }-
2015-
2016#ifdef DEBUG_PK-
2017 sshbuf_dump(b, stderr);-
2018#endif-
2019 r = ssh_keysign(private, &sig, &siglen,-
2020 sshbuf_ptr(b), sshbuf_len(b));-
2021 if (r != 0) {
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2022 error("sign using hostkey %s %s failed",-
2023 sshkey_ssh_name(private), fp);-
2024 goto out;
never executed: goto out;
0
2025 }-
2026 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2027 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_pu...er_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2028 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2029 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
(r = sshpkt_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2030 (r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 ||
(r = sshpkt_pu...rivate))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2031 (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
(r = sshpkt_pu... keylen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2032 (r = sshpkt_put_cstring(ssh, chost)) != 0 ||
(r = sshpkt_pu..., chost)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2033 (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
(r = sshpkt_pu...al_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2034 (r = sshpkt_put_string(ssh, sig, siglen)) != 0 ||
(r = sshpkt_pu... siglen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2035 (r = sshpkt_send(ssh)) != 0) {
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2036 error("%s: packet error: %s", __func__, ssh_err(r));-
2037 goto out;
never executed: goto out;
0
2038 }-
2039 success = 1;-
2040-
2041 out:
code before this statement never executed: out:
0
2042 if (sig != NULL)
sig != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2043 freezero(sig, siglen);
never executed: freezero(sig, siglen);
0
2044 free(keyblob);-
2045 free(lname);-
2046 free(fp);-
2047 free(chost);-
2048 sshkey_free(private);-
2049 sshbuf_free(b);-
2050-
2051 return success;
never executed: return success;
0
2052}-
2053-
2054/* find auth method */-
2055-
2056/*-
2057 * given auth method name, if configurable options permit this method fill-
2058 * in auth_ident field and return true, otherwise return false.-
2059 */-
2060static int-
2061authmethod_is_enabled(Authmethod *method)-
2062{-
2063 if (method == NULL)
method == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2064 return 0;
never executed: return 0;
0
2065 /* return false if options indicate this method is disabled */-
2066 if (method->enabled == NULL || *method->enabled == 0)
method->enabled == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*method->enabled == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2067 return 0;
never executed: return 0;
0
2068 /* return false if batch mode is enabled but method needs interactive mode */-
2069 if (method->batch_flag != NULL && *method->batch_flag != 0)
method->batch_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*method->batch_flag != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2070 return 0;
never executed: return 0;
0
2071 return 1;
never executed: return 1;
0
2072}-
2073-
2074static Authmethod *-
2075authmethod_lookup(const char *name)-
2076{-
2077 Authmethod *method = NULL;-
2078 if (name != NULL)
name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2079 for (method = authmethods; method->name != NULL; method++)
method->name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2080 if (strcmp(name, method->name) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( method->name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2081 return method;
never executed: return method;
0
2082 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");-
2083 return NULL;
never executed: return ((void *)0) ;
0
2084}-
2085-
2086/* XXX internal state */-
2087static Authmethod *current = NULL;-
2088static char *supported = NULL;-
2089static char *preferred = NULL;-
2090-
2091/*-
2092 * Given the authentication method list sent by the server, return the-
2093 * next method we should try. If the server initially sends a nil list,-
2094 * use a built-in default list.-
2095 */-
2096static Authmethod *-
2097authmethod_get(char *authlist)-
2098{-
2099 char *name = NULL;-
2100 u_int next;-
2101-
2102 /* Use a suitable default if we're passed a nil list. */-
2103 if (authlist == NULL || strlen(authlist) == 0)
authlist == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
strlen(authlist) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2104 authlist = options.preferred_authentications;
never executed: authlist = options.preferred_authentications;
0
2105-
2106 if (supported == NULL || strcmp(authlist, supported) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( authlist ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( supported ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
supported == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2107 debug3("start over, passed a different list %s", authlist);-
2108 free(supported);-
2109 supported = xstrdup(authlist);-
2110 preferred = options.preferred_authentications;-
2111 debug3("preferred %s", preferred);-
2112 current = NULL;-
2113 } else if (current != NULL && authmethod_is_enabled(current))
never executed: end of block
current != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
authmethod_is_enabled(current)Description
TRUEnever evaluated
FALSEnever evaluated
0
2114 return current;
never executed: return current;
0
2115-
2116 for (;;) {-
2117 if ((name = match_list(preferred, supported, &next)) == NULL) {
(name = match_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2118 debug("No more authentication methods to try.");-
2119 current = NULL;-
2120 return NULL;
never executed: return ((void *)0) ;
0
2121 }-
2122 preferred += next;-
2123 debug3("authmethod_lookup %s", name);-
2124 debug3("remaining preferred: %s", preferred);-
2125 if ((current = authmethod_lookup(name)) != NULL &&
(current = aut...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2126 authmethod_is_enabled(current)) {
authmethod_is_enabled(current)Description
TRUEnever evaluated
FALSEnever evaluated
0
2127 debug3("authmethod_is_enabled %s", name);-
2128 debug("Next authentication method: %s", name);-
2129 free(name);-
2130 return current;
never executed: return current;
0
2131 }-
2132 free(name);-
2133 }
never executed: end of block
0
2134}
never executed: end of block
0
2135-
2136static char *-
2137authmethods_get(void)-
2138{-
2139 Authmethod *method = NULL;-
2140 struct sshbuf *b;-
2141 char *list;-
2142 int r;-
2143-
2144 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2145 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
2146 for (method = authmethods; method->name != NULL; method++) {
method->name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2147 if (authmethod_is_enabled(method)) {
authmethod_is_enabled(method)Description
TRUEnever evaluated
FALSEnever evaluated
0
2148 if ((r = sshbuf_putf(b, "%s%s",
(r = sshbuf_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2149 sshbuf_len(b) ? "," : "", method->name)) != 0)
(r = sshbuf_pu...d->name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2150 fatal("%s: buffer error: %s",
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
2151 __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
2152 }
never executed: end of block
0
2153 }
never executed: end of block
0
2154 if ((list = sshbuf_dup_string(b)) == NULL)
(list = sshbuf...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2155 fatal("%s: sshbuf_dup_string failed", __func__);
never executed: fatal("%s: sshbuf_dup_string failed", __func__);
0
2156 sshbuf_free(b);-
2157 return list;
never executed: return list;
0
2158}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2