OpenCoverage

ssh.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/ssh.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ssh.c,v 1.493 2018/09/21 03:11:36 djm Exp $ */-
2/*-
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>-
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
5 * All rights reserved-
6 * Ssh client program. This program can be used to log into a remote machine.-
7 * The software supports strong authentication, encryption, and forwarding-
8 * of X11, TCP/IP, and authentication connections.-
9 *-
10 * As far as I am concerned, the code I have written for this software-
11 * can be used freely for any purpose. Any derived versions of this-
12 * software must be clearly marked as such, and if the derived work is-
13 * incompatible with the protocol description in the RFC file, it must be-
14 * called by a name other than "ssh" or "Secure Shell".-
15 *-
16 * Copyright (c) 1999 Niels Provos. All rights reserved.-
17 * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl. All rights reserved.-
18 *-
19 * Modified to work with SSL by Niels Provos <provos@citi.umich.edu>-
20 * in Canada (German citizen).-
21 *-
22 * Redistribution and use in source and binary forms, with or without-
23 * modification, are permitted provided that the following conditions-
24 * are met:-
25 * 1. Redistributions of source code must retain the above copyright-
26 * notice, this list of conditions and the following disclaimer.-
27 * 2. Redistributions in binary form must reproduce the above copyright-
28 * notice, this list of conditions and the following disclaimer in the-
29 * documentation and/or other materials provided with the distribution.-
30 *-
31 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
32 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
33 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
34 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
35 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
36 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
37 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
38 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
39 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
40 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
41 */-
42-
43#include "includes.h"-
44-
45#include <sys/types.h>-
46#ifdef HAVE_SYS_STAT_H-
47# include <sys/stat.h>-
48#endif-
49#include <sys/resource.h>-
50#include <sys/ioctl.h>-
51#include <sys/socket.h>-
52#include <sys/wait.h>-
53-
54#include <ctype.h>-
55#include <errno.h>-
56#include <fcntl.h>-
57#include <netdb.h>-
58#ifdef HAVE_PATHS_H-
59#include <paths.h>-
60#endif-
61#include <pwd.h>-
62#include <signal.h>-
63#include <stdarg.h>-
64#include <stddef.h>-
65#include <stdio.h>-
66#include <stdlib.h>-
67#include <string.h>-
68#include <unistd.h>-
69#include <limits.h>-
70#include <locale.h>-
71-
72#include <netinet/in.h>-
73#include <arpa/inet.h>-
74-
75#ifdef WITH_OPENSSL-
76#include <openssl/evp.h>-
77#include <openssl/err.h>-
78#endif-
79#include "openbsd-compat/openssl-compat.h"-
80#include "openbsd-compat/sys-queue.h"-
81-
82#include "xmalloc.h"-
83#include "ssh.h"-
84#include "ssh2.h"-
85#include "canohost.h"-
86#include "compat.h"-
87#include "cipher.h"-
88#include "digest.h"-
89#include "packet.h"-
90#include "sshbuf.h"-
91#include "channels.h"-
92#include "sshkey.h"-
93#include "authfd.h"-
94#include "authfile.h"-
95#include "pathnames.h"-
96#include "dispatch.h"-
97#include "clientloop.h"-
98#include "log.h"-
99#include "misc.h"-
100#include "readconf.h"-
101#include "sshconnect.h"-
102#include "kex.h"-
103#include "mac.h"-
104#include "sshpty.h"-
105#include "match.h"-
106#include "msg.h"-
107#include "version.h"-
108#include "ssherr.h"-
109#include "myproposal.h"-
110#include "utf8.h"-
111-
112#ifdef ENABLE_PKCS11-
113#include "ssh-pkcs11.h"-
114#endif-
115-
116extern char *__progname;-
117-
118/* Saves a copy of argv for setproctitle emulation */-
119#ifndef HAVE_SETPROCTITLE-
120static char **saved_av;-
121#endif-
122-
123/* Flag indicating whether debug mode is on. May be set on the command line. */-
124int debug_flag = 0;-
125-
126/* Flag indicating whether a tty should be requested */-
127int tty_flag = 0;-
128-
129/* don't exec a shell */-
130int no_shell_flag = 0;-
131-
132/*-
133 * Flag indicating that nothing should be read from stdin. This can be set-
134 * on the command line.-
135 */-
136int stdin_null_flag = 0;-
137-
138/*-
139 * Flag indicating that the current process should be backgrounded and-
140 * a new slave launched in the foreground for ControlPersist.-
141 */-
142int need_controlpersist_detach = 0;-
143-
144/* Copies of flags for ControlPersist foreground slave */-
145int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;-
146-
147/*-
148 * Flag indicating that ssh should fork after authentication. This is useful-
149 * so that the passphrase can be entered manually, and then ssh goes to the-
150 * background.-
151 */-
152int fork_after_authentication_flag = 0;-
153-
154/*-
155 * General data structure for command line options and options configurable-
156 * in configuration files. See readconf.h.-
157 */-
158Options options;-
159-
160/* optional user configfile */-
161char *config = NULL;-
162-
163/*-
164 * Name of the host we are connecting to. This is the name given on the-
165 * command line, or the HostName specified for the user-supplied name in a-
166 * configuration file.-
167 */-
168char *host;-
169-
170/* Various strings used to to percent_expand() arguments */-
171static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];-
172static char uidstr[32], *host_arg, *conn_hash_hex;-
173-
174/* socket address the host resolves to */-
175struct sockaddr_storage hostaddr;-
176-
177/* Private host keys. */-
178Sensitive sensitive_data;-
179-
180/* command to be executed */-
181struct sshbuf *command;-
182-
183/* Should we execute a command or invoke a subsystem? */-
184int subsystem_flag = 0;-
185-
186/* # of replies received for global requests */-
187static int remote_forward_confirms_received = 0;-
188-
189/* mux.c */-
190extern int muxserver_sock;-
191extern u_int muxclient_command;-
192-
193/* Prints a help message to the user. This function never returns. */-
194-
195static void-
196usage(void)-
197{-
198 fprintf(stderr,-
199"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"-
200" [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"-
201" [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"-
202" [-i identity_file] [-J [user@]host[:port]] [-L address]\n"-
203" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"-
204" [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n"-
205" [-w local_tun[:remote_tun]] destination [command]\n"-
206 );-
207 exit(255);
never executed: exit(255);
0
208}-
209-
210static int ssh_session2(struct ssh *, struct passwd *);-
211static void load_public_identity_files(struct passwd *);-
212static void main_sigchld_handler(int);-
213-
214/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */-
215static void-
216tilde_expand_paths(char **paths, u_int num_paths)-
217{-
218 u_int i;-
219 char *cp;-
220-
221 for (i = 0; i < num_paths; i++) {
i < num_pathsDescription
TRUEnever evaluated
FALSEnever evaluated
0
222 cp = tilde_expand_filename(paths[i], getuid());-
223 free(paths[i]);-
224 paths[i] = cp;-
225 }
never executed: end of block
0
226}
never executed: end of block
0
227-
228/*-
229 * Attempt to resolve a host name / port to a set of addresses and-
230 * optionally return any CNAMEs encountered along the way.-
231 * Returns NULL on failure.-
232 * NB. this function must operate with a options having undefined members.-
233 */-
234static struct addrinfo *-
235resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)-
236{-
237 char strport[NI_MAXSERV];-
238 struct addrinfo hints, *res;-
239 int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1;-
240-
241 if (port <= 0)
port <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
242 port = default_ssh_port();
never executed: port = default_ssh_port();
0
243-
244 snprintf(strport, sizeof strport, "%d", port);-
245 memset(&hints, 0, sizeof(hints));-
246 hints.ai_family = options.address_family == -1 ?
options.address_family == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
247 AF_UNSPEC : options.address_family;-
248 hints.ai_socktype = SOCK_STREAM;-
249 if (cname != NULL)
cname != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
250 hints.ai_flags = AI_CANONNAME;
never executed: hints.ai_flags = 0x0002 ;
0
251 if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
(gaierr = geta...s, &res)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
252 if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
logerrDescription
TRUEnever evaluated
FALSEnever evaluated
gaierr != -2Description
TRUEnever evaluated
FALSEnever evaluated
gaierr != -5Description
TRUEnever evaluated
FALSEnever evaluated
0
253 loglevel = SYSLOG_LEVEL_ERROR;
never executed: loglevel = SYSLOG_LEVEL_ERROR;
0
254 do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s",-
255 __progname, name, ssh_gai_strerror(gaierr));-
256 return NULL;
never executed: return ((void *)0) ;
0
257 }-
258 if (cname != NULL && res->ai_canonname != NULL) {
cname != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
res->ai_canonn...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
259 if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
strlcpy(cname,... clen) >= clenDescription
TRUEnever evaluated
FALSEnever evaluated
0
260 error("%s: host \"%s\" cname \"%s\" too long (max %lu)",-
261 __func__, name, res->ai_canonname, (u_long)clen);-
262 if (clen > 0)
clen > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
263 *cname = '\0';
never executed: *cname = '\0';
0
264 }
never executed: end of block
0
265 }
never executed: end of block
0
266 return res;
never executed: return res;
0
267}-
268-
269/* Returns non-zero if name can only be an address and not a hostname */-
270static int-
271is_addr_fast(const char *name)-
272{-
273 return (strchr(name, '%') != NULL || strchr(name, ':') != NULL ||
never executed: return ( (__extension__ (__builtin_constant_p ( '%' ) && !__builtin_constant_p ( name ) && ( '%' ) == '\0' ? (char *) __rawmemchr ( name , '%' ) : __builtin_strchr ( name , '%' ))) != ((void *)0) || (__extension__ (__builtin_constant_p ( ':' ) && !__builtin_constant_p ( name ) && ( ':' ) == '\0' ? (char *) __rawmemchr ( name , ':' ) : __builtin_strchr ( name , ':' ))) != ((void *)0) || __builtin_strspn ( name , "0123456789." ) == strlen(name));
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '%' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEnever evaluated
( '%' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
274 strspn(name, "0123456789.") == strlen(name));
never executed: return ( (__extension__ (__builtin_constant_p ( '%' ) && !__builtin_constant_p ( name ) && ( '%' ) == '\0' ? (char *) __rawmemchr ( name , '%' ) : __builtin_strchr ( name , '%' ))) != ((void *)0) || (__extension__ (__builtin_constant_p ( ':' ) && !__builtin_constant_p ( name ) && ( ':' ) == '\0' ? (char *) __rawmemchr ( name , ':' ) : __builtin_strchr ( name , ':' ))) != ((void *)0) || __builtin_strspn ( name , "0123456789." ) == strlen(name));
__builtin_strs...= strlen(name)Description
TRUEnever evaluated
FALSEnever evaluated
0
275}-
276-
277/* Returns non-zero if name represents a valid, single address */-
278static int-
279is_addr(const char *name)-
280{-
281 char strport[NI_MAXSERV];-
282 struct addrinfo hints, *res;-
283-
284 if (is_addr_fast(name))
is_addr_fast(name)Description
TRUEnever evaluated
FALSEnever evaluated
0
285 return 1;
never executed: return 1;
0
286-
287 snprintf(strport, sizeof strport, "%u", default_ssh_port());-
288 memset(&hints, 0, sizeof(hints));-
289 hints.ai_family = options.address_family == -1 ?
options.address_family == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
290 AF_UNSPEC : options.address_family;-
291 hints.ai_socktype = SOCK_STREAM;-
292 hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;-
293 if (getaddrinfo(name, strport, &hints, &res) != 0)
getaddrinfo(na...ts, &res) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
294 return 0;
never executed: return 0;
0
295 if (res == NULL || res->ai_next != NULL) {
res == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
res->ai_next != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
296 freeaddrinfo(res);-
297 return 0;
never executed: return 0;
0
298 }-
299 freeaddrinfo(res);-
300 return 1;
never executed: return 1;
0
301}-
302-
303/*-
304 * Attempt to resolve a numeric host address / port to a single address.-
305 * Returns a canonical address string.-
306 * Returns NULL on failure.-
307 * NB. this function must operate with a options having undefined members.-
308 */-
309static struct addrinfo *-
310resolve_addr(const char *name, int port, char *caddr, size_t clen)-
311{-
312 char addr[NI_MAXHOST], strport[NI_MAXSERV];-
313 struct addrinfo hints, *res;-
314 int gaierr;-
315-
316 if (port <= 0)
port <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
317 port = default_ssh_port();
never executed: port = default_ssh_port();
0
318 snprintf(strport, sizeof strport, "%u", port);-
319 memset(&hints, 0, sizeof(hints));-
320 hints.ai_family = options.address_family == -1 ?
options.address_family == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
321 AF_UNSPEC : options.address_family;-
322 hints.ai_socktype = SOCK_STREAM;-
323 hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;-
324 if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
(gaierr = geta...s, &res)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
325 debug2("%s: could not resolve name %.100s as address: %s",-
326 __func__, name, ssh_gai_strerror(gaierr));-
327 return NULL;
never executed: return ((void *)0) ;
0
328 }-
329 if (res == NULL) {
res == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
330 debug("%s: getaddrinfo %.100s returned no addresses",-
331 __func__, name);-
332 return NULL;
never executed: return ((void *)0) ;
0
333 }-
334 if (res->ai_next != NULL) {
res->ai_next != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
335 debug("%s: getaddrinfo %.100s returned multiple addresses",-
336 __func__, name);-
337 goto fail;
never executed: goto fail;
0
338 }-
339 if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen,
(gaierr = getn..., 0, 1 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
340 addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) {
(gaierr = getn..., 0, 1 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
341 debug("%s: Could not format address for name %.100s: %s",-
342 __func__, name, ssh_gai_strerror(gaierr));-
343 goto fail;
never executed: goto fail;
0
344 }-
345 if (strlcpy(caddr, addr, clen) >= clen) {
strlcpy(caddr,... clen) >= clenDescription
TRUEnever evaluated
FALSEnever evaluated
0
346 error("%s: host \"%s\" addr \"%s\" too long (max %lu)",-
347 __func__, name, addr, (u_long)clen);-
348 if (clen > 0)
clen > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
349 *caddr = '\0';
never executed: *caddr = '\0';
0
350 fail:
code before this statement never executed: fail:
0
351 freeaddrinfo(res);-
352 return NULL;
never executed: return ((void *)0) ;
0
353 }-
354 return res;
never executed: return res;
0
355}-
356-
357/*-
358 * Check whether the cname is a permitted replacement for the hostname-
359 * and perform the replacement if it is.-
360 * NB. this function must operate with a options having undefined members.-
361 */-
362static int-
363check_follow_cname(int direct, char **namep, const char *cname)-
364{-
365 int i;-
366 struct allowed_cname *rule;-
367-
368 if (*cname == '\0' || options.num_permitted_cnames == 0 ||
*cname == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
options.num_pe...ed_cnames == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
369 strcmp(*namep, cname) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( *namep ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
370 return 0;
never executed: return 0;
0
371 if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
options.canoni..._hostname == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
372 return 0;
never executed: return 0;
0
373 /*-
374 * Don't attempt to canonicalize names that will be interpreted by-
375 * a proxy or jump host unless the user specifically requests so.-
376 */-
377 if (!direct &&
!directDescription
TRUEnever evaluated
FALSEnever evaluated
0
378 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
options.canoni..._hostname != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
379 return 0;
never executed: return 0;
0
380 debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);-
381 for (i = 0; i < options.num_permitted_cnames; i++) {
i < options.nu...rmitted_cnamesDescription
TRUEnever evaluated
FALSEnever evaluated
0
382 rule = options.permitted_cnames + i;-
383 if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
match_pattern_..._list, 1) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
384 match_pattern_list(cname, rule->target_list, 1) != 1)
match_pattern_..._list, 1) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
385 continue;
never executed: continue;
0
386 verbose("Canonicalized DNS aliased hostname "-
387 "\"%s\" => \"%s\"", *namep, cname);-
388 free(*namep);-
389 *namep = xstrdup(cname);-
390 return 1;
never executed: return 1;
0
391 }-
392 return 0;
never executed: return 0;
0
393}-
394-
395/*-
396 * Attempt to resolve the supplied hostname after applying the user's-
397 * canonicalization rules. Returns the address list for the host or NULL-
398 * if no name was found after canonicalization.-
399 * NB. this function must operate with a options having undefined members.-
400 */-
401static struct addrinfo *-
402resolve_canonicalize(char **hostp, int port)-
403{-
404 int i, direct, ndots;-
405 char *cp, *fullhost, newname[NI_MAXHOST];-
406 struct addrinfo *addrs;-
407-
408 /*-
409 * Attempt to canonicalise addresses, regardless of-
410 * whether hostname canonicalisation was requested-
411 */-
412 if ((addrs = resolve_addr(*hostp, port,
(addrs = resol...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
413 newname, sizeof(newname))) != NULL) {
(addrs = resol...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
414 debug2("%s: hostname %.100s is address", __func__, *hostp);-
415 if (strcasecmp(*hostp, newname) != 0) {
strcasecmp(*ho... newname) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
416 debug2("%s: canonicalised address \"%s\" => \"%s\"",-
417 __func__, *hostp, newname);-
418 free(*hostp);-
419 *hostp = xstrdup(newname);-
420 }
never executed: end of block
0
421 return addrs;
never executed: return addrs;
0
422 }-
423-
424 /*-
425 * If this looks like an address but didn't parse as one, it might-
426 * be an address with an invalid interface scope. Skip further-
427 * attempts at canonicalisation.-
428 */-
429 if (is_addr_fast(*hostp)) {
is_addr_fast(*hostp)Description
TRUEnever evaluated
FALSEnever evaluated
0
430 debug("%s: hostname %.100s is an unrecognised address",-
431 __func__, *hostp);-
432 return NULL;
never executed: return ((void *)0) ;
0
433 }-
434-
435 if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
options.canoni..._hostname == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
436 return NULL;
never executed: return ((void *)0) ;
0
437-
438 /*-
439 * Don't attempt to canonicalize names that will be interpreted by-
440 * a proxy unless the user specifically requests so.-
441 */-
442 direct = option_clear_or_none(options.proxy_command) &&
option_clear_o...proxy_command)Description
TRUEnever evaluated
FALSEnever evaluated
0
443 options.jump_host == NULL;
options.jump_h...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
444 if (!direct &&
!directDescription
TRUEnever evaluated
FALSEnever evaluated
0
445 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
options.canoni..._hostname != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
446 return NULL;
never executed: return ((void *)0) ;
0
447-
448 /* If domain name is anchored, then resolve it now */-
449 if ((*hostp)[strlen(*hostp) - 1] == '.') {
(*hostp)[strle...p) - 1] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
450 debug3("%s: name is fully qualified", __func__);-
451 fullhost = xstrdup(*hostp);-
452 if ((addrs = resolve_host(fullhost, port, 0,
(addrs = resol...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
453 newname, sizeof(newname))) != NULL)
(addrs = resol...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
454 goto found;
never executed: goto found;
0
455 free(fullhost);-
456 goto notfound;
never executed: goto notfound;
0
457 }-
458-
459 /* Don't apply canonicalization to sufficiently-qualified hostnames */-
460 ndots = 0;-
461 for (cp = *hostp; *cp != '\0'; cp++) {
*cp != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
462 if (*cp == '.')
*cp == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
463 ndots++;
never executed: ndots++;
0
464 }
never executed: end of block
0
465 if (ndots > options.canonicalize_max_dots) {
ndots > option...alize_max_dotsDescription
TRUEnever evaluated
FALSEnever evaluated
0
466 debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)",-
467 __func__, *hostp, options.canonicalize_max_dots);-
468 return NULL;
never executed: return ((void *)0) ;
0
469 }-
470 /* Attempt each supplied suffix */-
471 for (i = 0; i < options.num_canonical_domains; i++) {
i < options.nu...onical_domainsDescription
TRUEnever evaluated
FALSEnever evaluated
0
472 *newname = '\0';-
473 xasprintf(&fullhost, "%s.%s.", *hostp,-
474 options.canonical_domains[i]);-
475 debug3("%s: attempting \"%s\" => \"%s\"", __func__,-
476 *hostp, fullhost);-
477 if ((addrs = resolve_host(fullhost, port, 0,
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
478 newname, sizeof(newname))) == NULL) {
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
479 free(fullhost);-
480 continue;
never executed: continue;
0
481 }-
482 found:
code before this statement never executed: found:
0
483 /* Remove trailing '.' */-
484 fullhost[strlen(fullhost) - 1] = '\0';-
485 /* Follow CNAME if requested */-
486 if (!check_follow_cname(direct, &fullhost, newname)) {
!check_follow_...host, newname)Description
TRUEnever evaluated
FALSEnever evaluated
0
487 debug("Canonicalized hostname \"%s\" => \"%s\"",-
488 *hostp, fullhost);-
489 }
never executed: end of block
0
490 free(*hostp);-
491 *hostp = fullhost;-
492 return addrs;
never executed: return addrs;
0
493 }-
494 notfound:
code before this statement never executed: notfound:
0
495 if (!options.canonicalize_fallback_local)
!options.canon...fallback_localDescription
TRUEnever evaluated
FALSEnever evaluated
0
496 fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
never executed: fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
0
497 debug2("%s: host %s not found in any suffix", __func__, *hostp);-
498 return NULL;
never executed: return ((void *)0) ;
0
499}-
500-
501/*-
502 * Check the result of hostkey loading, ignoring some errors and-
503 * fatal()ing for others.-
504 */-
505static void-
506check_load(int r, const char *path, const char *message)-
507{-
508 switch (r) {-
509 case 0:
never executed: case 0:
0
510 break;
never executed: break;
0
511 case SSH_ERR_INTERNAL_ERROR:
never executed: case -1:
0
512 case SSH_ERR_ALLOC_FAIL:
never executed: case -2:
0
513 fatal("load %s \"%s\": %s", message, path, ssh_err(r));-
514 case SSH_ERR_SYSTEM_ERROR:
code before this statement never executed: case -24:
never executed: case -24:
0
515 /* Ignore missing files */-
516 if (errno == ENOENT)
(*__errno_location ()) == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
517 break;
never executed: break;
0
518 /* FALLTHROUGH */-
519 default:
code before this statement never executed: default:
never executed: default:
0
520 error("load %s \"%s\": %s", message, path, ssh_err(r));-
521 break;
never executed: break;
0
522 }-
523}-
524-
525/*-
526 * Read per-user configuration file. Ignore the system wide config-
527 * file if the user specifies a config file on the command line.-
528 */-
529static void-
530process_config_files(const char *host_name, struct passwd *pw, int post_canon)-
531{-
532 char buf[PATH_MAX];-
533 int r;-
534-
535 if (config != NULL) {
config != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
536 if (strcasecmp(config, "none") != 0 &&
strcasecmp(con..., "none") != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
537 !read_config_file(config, pw, host, host_name, &options,
!read_config_f...anon ? 4 : 0))Description
TRUEnever evaluated
FALSEnever evaluated
0
538 SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0)))
!read_config_f...anon ? 4 : 0))Description
TRUEnever evaluated
FALSEnever evaluated
0
539 fatal("Can't open user config file %.100s: "
never executed: fatal("Can't open user config file %.100s: " "%.100s", config, strerror( (*__errno_location ()) ));
0
540 "%.100s", config, strerror(errno));
never executed: fatal("Can't open user config file %.100s: " "%.100s", config, strerror( (*__errno_location ()) ));
0
541 } else {
never executed: end of block
0
542 r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,-
543 _PATH_SSH_USER_CONFFILE);-
544 if (r > 0 && (size_t)r < sizeof(buf))
r > 0Description
TRUEnever evaluated
FALSEnever evaluated
(size_t)r < sizeof(buf)Description
TRUEnever evaluated
FALSEnever evaluated
0
545 (void)read_config_file(buf, pw, host, host_name,
never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0));
0
546 &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0));
0
547 (post_canon ? SSHCONF_POSTCANON : 0));
never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0));
0
548-
549 /* Read systemwide configuration file after user config. */-
550 (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,-
551 host, host_name, &options,-
552 post_canon ? SSHCONF_POSTCANON : 0);-
553 }
never executed: end of block
0
554}-
555-
556/* Rewrite the port number in an addrinfo list of addresses */-
557static void-
558set_addrinfo_port(struct addrinfo *addrs, int port)-
559{-
560 struct addrinfo *addr;-
561-
562 for (addr = addrs; addr != NULL; addr = addr->ai_next) {
addr != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
563 switch (addr->ai_family) {-
564 case AF_INET:
never executed: case 2 :
0
565 ((struct sockaddr_in *)addr->ai_addr)->-
566 sin_port = htons(port);
never executed: __v = ((unsigned short int) ((((__x) >> 8) & 0xff) | (((__x) & 0xff) << 8)));
never executed: __asm__ ("rorw $8, %w0" : "=r" (__v) : "0" (__x) : "cc");
__builtin_constant_p (__x)Description
TRUEnever evaluated
FALSEnever evaluated
0
567 break;
never executed: break;
0
568 case AF_INET6:
never executed: case 10 :
0
569 ((struct sockaddr_in6 *)addr->ai_addr)->-
570 sin6_port = htons(port);
never executed: __v = ((unsigned short int) ((((__x) >> 8) & 0xff) | (((__x) & 0xff) << 8)));
never executed: __asm__ ("rorw $8, %w0" : "=r" (__v) : "0" (__x) : "cc");
__builtin_constant_p (__x)Description
TRUEnever evaluated
FALSEnever evaluated
0
571 break;
never executed: break;
0
572 }-
573 }
never executed: end of block
0
574}
never executed: end of block
0
575-
576/*-
577 * Main program for the ssh client.-
578 */-
579int-
580main(int ac, char **av)-
581{-
582 struct ssh *ssh = NULL;-
583 int i, r, opt, exit_status, use_syslog, direct, timeout_ms;-
584 int was_addr, config_test = 0, opt_terminated = 0;-
585 char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile;-
586 char cname[NI_MAXHOST];-
587 struct stat st;-
588 struct passwd *pw;-
589 extern int optind, optreset;-
590 extern char *optarg;-
591 struct Forward fwd;-
592 struct addrinfo *addrs = NULL;-
593 struct ssh_digest_ctx *md;-
594 u_char conn_hash[SSH_DIGEST_MAX_LENGTH];-
595-
596 ssh_malloc_init(); /* must be called before any mallocs */-
597 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */-
598 sanitise_stdfd();-
599-
600 __progname = ssh_get_progname(av[0]);-
601-
602#ifndef HAVE_SETPROCTITLE-
603 /* Prepare for later setproctitle emulation */-
604 /* Save argv so it isn't clobbered by setproctitle() emulation */-
605 saved_av = xcalloc(ac + 1, sizeof(*saved_av));-
606 for (i = 0; i < ac; i++)
i < acDescription
TRUEnever evaluated
FALSEnever evaluated
0
607 saved_av[i] = xstrdup(av[i]);
never executed: saved_av[i] = xstrdup(av[i]);
0
608 saved_av[i] = NULL;-
609 compat_init_setproctitle(ac, av);-
610 av = saved_av;-
611#endif-
612-
613 /*-
614 * Discard other fds that are hanging around. These can cause problem-
615 * with backgrounded ssh processes started by ControlPersist.-
616 */-
617 closefrom(STDERR_FILENO + 1);-
618-
619 /* Get user data. */-
620 pw = getpwuid(getuid());-
621 if (!pw) {
!pwDescription
TRUEnever evaluated
FALSEnever evaluated
0
622 logit("No user exists for uid %lu", (u_long)getuid());-
623 exit(255);
never executed: exit(255);
0
624 }-
625 /* Take a copy of the returned structure. */-
626 pw = pwcopy(pw);-
627-
628 /*-
629 * Set our umask to something reasonable, as some files are created-
630 * with the default umask. This will make them world-readable but-
631 * writable only by the owner, which is ok for all files for which we-
632 * don't set the modes explicitly.-
633 */-
634 umask(022);-
635-
636 msetlocale();-
637-
638 /*-
639 * Initialize option structure to indicate that no values have been-
640 * set.-
641 */-
642 initialize_options(&options);-
643-
644 /*-
645 * Prepare main ssh transport/connection structures-
646 */-
647 if ((ssh = ssh_alloc_session_state()) == NULL)
(ssh = ssh_all...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
648 fatal("Couldn't allocate session state");
never executed: fatal("Couldn't allocate session state");
0
649 channel_init_channels(ssh);-
650 active_state = ssh; /* XXX legacy API compat */-
651-
652 /* Parse command-line arguments. */-
653 host = NULL;-
654 use_syslog = 0;-
655 logfile = NULL;-
656 argv0 = av[0];-
657-
658 again:
code before this statement never executed: again:
0
659 while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
(opt = BSDgeto...:XYy") ) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
660 "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
(opt = BSDgeto...:XYy") ) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
661 switch (opt) {-
662 case '1':
never executed: case '1':
0
663 fatal("SSH protocol v.1 is no longer supported");-
664 break;
never executed: break;
0
665 case '2':
never executed: case '2':
0
666 /* Ignored */-
667 break;
never executed: break;
0
668 case '4':
never executed: case '4':
0
669 options.address_family = AF_INET;-
670 break;
never executed: break;
0
671 case '6':
never executed: case '6':
0
672 options.address_family = AF_INET6;-
673 break;
never executed: break;
0
674 case 'n':
never executed: case 'n':
0
675 stdin_null_flag = 1;-
676 break;
never executed: break;
0
677 case 'f':
never executed: case 'f':
0
678 fork_after_authentication_flag = 1;-
679 stdin_null_flag = 1;-
680 break;
never executed: break;
0
681 case 'x':
never executed: case 'x':
0
682 options.forward_x11 = 0;-
683 break;
never executed: break;
0
684 case 'X':
never executed: case 'X':
0
685 options.forward_x11 = 1;-
686 break;
never executed: break;
0
687 case 'y':
never executed: case 'y':
0
688 use_syslog = 1;-
689 break;
never executed: break;
0
690 case 'E':
never executed: case 'E':
0
691 logfile = optarg;-
692 break;
never executed: break;
0
693 case 'G':
never executed: case 'G':
0
694 config_test = 1;-
695 break;
never executed: break;
0
696 case 'Y':
never executed: case 'Y':
0
697 options.forward_x11 = 1;-
698 options.forward_x11_trusted = 1;-
699 break;
never executed: break;
0
700 case 'g':
never executed: case 'g':
0
701 options.fwd_opts.gateway_ports = 1;-
702 break;
never executed: break;
0
703 case 'O':
never executed: case 'O':
0
704 if (options.stdio_forward_host != NULL)
options.stdio_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
705 fatal("Cannot specify multiplexing "
never executed: fatal("Cannot specify multiplexing " "command with -W");
0
706 "command with -W");
never executed: fatal("Cannot specify multiplexing " "command with -W");
0
707 else if (muxclient_command != 0)
muxclient_command != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
708 fatal("Multiplexing command already specified");
never executed: fatal("Multiplexing command already specified");
0
709 if (strcmp(optarg, "check") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "check" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
710 muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
never executed: muxclient_command = 2;
0
711 else if (strcmp(optarg, "forward") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "forward" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
712 muxclient_command = SSHMUX_COMMAND_FORWARD;
never executed: muxclient_command = 5;
0
713 else if (strcmp(optarg, "exit") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "exit" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
714 muxclient_command = SSHMUX_COMMAND_TERMINATE;
never executed: muxclient_command = 3;
0
715 else if (strcmp(optarg, "stop") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "stop" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
716 muxclient_command = SSHMUX_COMMAND_STOP;
never executed: muxclient_command = 6;
0
717 else if (strcmp(optarg, "cancel") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "cancel" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
718 muxclient_command = SSHMUX_COMMAND_CANCEL_FWD;
never executed: muxclient_command = 7;
0
719 else if (strcmp(optarg, "proxy") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "proxy" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
720 muxclient_command = SSHMUX_COMMAND_PROXY;
never executed: muxclient_command = 8;
0
721 else-
722 fatal("Invalid multiplex command.");
never executed: fatal("Invalid multiplex command.");
0
723 break;
never executed: break;
0
724 case 'P': /* deprecated */
never executed: case 'P':
0
725 break;
never executed: break;
0
726 case 'Q':
never executed: case 'Q':
0
727 cp = NULL;-
728 if (strcmp(optarg, "cipher") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "cipher" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
729 cp = cipher_alg_list('\n', 0);
never executed: cp = cipher_alg_list('\n', 0);
0
730 else if (strcmp(optarg, "cipher-auth") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "cipher-auth" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
731 cp = cipher_alg_list('\n', 1);
never executed: cp = cipher_alg_list('\n', 1);
0
732 else if (strcmp(optarg, "mac") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "mac" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
733 cp = mac_alg_list('\n');
never executed: cp = mac_alg_list('\n');
0
734 else if (strcmp(optarg, "kex") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "kex" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
735 cp = kex_alg_list('\n');
never executed: cp = kex_alg_list('\n');
0
736 else if (strcmp(optarg, "key") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "key" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
737 cp = sshkey_alg_list(0, 0, 0, '\n');
never executed: cp = sshkey_alg_list(0, 0, 0, '\n');
0
738 else if (strcmp(optarg, "key-cert") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "key-cert" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
739 cp = sshkey_alg_list(1, 0, 0, '\n');
never executed: cp = sshkey_alg_list(1, 0, 0, '\n');
0
740 else if (strcmp(optarg, "key-plain") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "key-plain" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
741 cp = sshkey_alg_list(0, 1, 0, '\n');
never executed: cp = sshkey_alg_list(0, 1, 0, '\n');
0
742 else if (strcmp(optarg, "sig") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "sig" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
743 cp = sshkey_alg_list(0, 1, 1, '\n');
never executed: cp = sshkey_alg_list(0, 1, 1, '\n');
0
744 else if (strcmp(optarg, "protocol-version") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "protocol-version" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
745 cp = xstrdup("2");
never executed: cp = xstrdup("2");
0
746 else if (strcmp(optarg, "help") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "help" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
747 cp = xstrdup(-
748 "cipher\ncipher-auth\nkex\nkey\n"-
749 "key-cert\nkey-plain\nmac\n"-
750 "protocol-version\nsig");-
751 }
never executed: end of block
0
752 if (cp == NULL)
cp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
753 fatal("Unsupported query \"%s\"", optarg);
never executed: fatal("Unsupported query \"%s\"", BSDoptarg);
0
754 printf("%s\n", cp);-
755 free(cp);-
756 exit(0);
never executed: exit(0);
0
757 break;
never executed: break;
0
758 case 'a':
never executed: case 'a':
0
759 options.forward_agent = 0;-
760 break;
never executed: break;
0
761 case 'A':
never executed: case 'A':
0
762 options.forward_agent = 1;-
763 break;
never executed: break;
0
764 case 'k':
never executed: case 'k':
0
765 options.gss_deleg_creds = 0;-
766 break;
never executed: break;
0
767 case 'K':
never executed: case 'K':
0
768 options.gss_authentication = 1;-
769 options.gss_deleg_creds = 1;-
770 break;
never executed: break;
0
771 case 'i':
never executed: case 'i':
0
772 p = tilde_expand_filename(optarg, getuid());-
773 if (stat(p, &st) < 0)
stat(p, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
774 fprintf(stderr, "Warning: Identity file %s "
never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) ));
0
775 "not accessible: %s.\n", p,
never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) ));
0
776 strerror(errno));
never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) ));
0
777 else-
778 add_identity_file(&options, NULL, p, 1);
never executed: add_identity_file(&options, ((void *)0) , p, 1);
0
779 free(p);-
780 break;
never executed: break;
0
781 case 'I':
never executed: case 'I':
0
782#ifdef ENABLE_PKCS11-
783 free(options.pkcs11_provider);-
784 options.pkcs11_provider = xstrdup(optarg);-
785#else-
786 fprintf(stderr, "no support for PKCS#11.\n");-
787#endif-
788 break;
never executed: break;
0
789 case 'J':
never executed: case 'J':
0
790 if (options.jump_host != NULL)
options.jump_h...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
791 fatal("Only a single -J option permitted");
never executed: fatal("Only a single -J option permitted");
0
792 if (options.proxy_command != NULL)
options.proxy_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
793 fatal("Cannot specify -J with ProxyCommand");
never executed: fatal("Cannot specify -J with ProxyCommand");
0
794 if (parse_jump(optarg, &options, 1) == -1)
parse_jump(BSD...ions, 1) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
795 fatal("Invalid -J argument");
never executed: fatal("Invalid -J argument");
0
796 options.proxy_command = xstrdup("none");-
797 break;
never executed: break;
0
798 case 't':
never executed: case 't':
0
799 if (options.request_tty == REQUEST_TTY_YES)
options.request_tty == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
800 options.request_tty = REQUEST_TTY_FORCE;
never executed: options.request_tty = 3;
0
801 else-
802 options.request_tty = REQUEST_TTY_YES;
never executed: options.request_tty = 2;
0
803 break;
never executed: break;
0
804 case 'v':
never executed: case 'v':
0
805 if (debug_flag == 0) {
debug_flag == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
806 debug_flag = 1;-
807 options.log_level = SYSLOG_LEVEL_DEBUG1;-
808 } else {
never executed: end of block
0
809 if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
options.log_le...G_LEVEL_DEBUG3Description
TRUEnever evaluated
FALSEnever evaluated
0
810 debug_flag++;-
811 options.log_level++;-
812 }
never executed: end of block
0
813 }
never executed: end of block
0
814 break;
never executed: break;
0
815 case 'V':
never executed: case 'V':
0
816 fprintf(stderr, "%s, %s\n",-
817 SSH_RELEASE,-
818#ifdef WITH_OPENSSL-
819 SSLeay_version(SSLEAY_VERSION)-
820#else-
821 "without OpenSSL"-
822#endif-
823 );-
824 if (opt == 'V')
opt == 'V'Description
TRUEnever evaluated
FALSEnever evaluated
0
825 exit(0);
never executed: exit(0);
0
826 break;
never executed: break;
0
827 case 'w':
never executed: case 'w':
0
828 if (options.tun_open == -1)
options.tun_open == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
829 options.tun_open = SSH_TUNMODE_DEFAULT;
never executed: options.tun_open = 0x01;
0
830 options.tun_local = a2tun(optarg, &options.tun_remote);-
831 if (options.tun_local == SSH_TUNID_ERR) {
options.tun_lo...x7fffffff - 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
832 fprintf(stderr,-
833 "Bad tun device '%s'\n", optarg);-
834 exit(255);
never executed: exit(255);
0
835 }-
836 break;
never executed: break;
0
837 case 'W':
never executed: case 'W':
0
838 if (options.stdio_forward_host != NULL)
options.stdio_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
839 fatal("stdio forward already specified");
never executed: fatal("stdio forward already specified");
0
840 if (muxclient_command != 0)
muxclient_command != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
841 fatal("Cannot specify stdio forward with -O");
never executed: fatal("Cannot specify stdio forward with -O");
0
842 if (parse_forward(&fwd, optarg, 1, 0)) {
parse_forward(...Doptarg, 1, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
843 options.stdio_forward_host = fwd.listen_host;-
844 options.stdio_forward_port = fwd.listen_port;-
845 free(fwd.connect_host);-
846 } else {
never executed: end of block
0
847 fprintf(stderr,-
848 "Bad stdio forwarding specification '%s'\n",-
849 optarg);-
850 exit(255);
never executed: exit(255);
0
851 }-
852 options.request_tty = REQUEST_TTY_NO;-
853 no_shell_flag = 1;-
854 break;
never executed: break;
0
855 case 'q':
never executed: case 'q':
0
856 options.log_level = SYSLOG_LEVEL_QUIET;-
857 break;
never executed: break;
0
858 case 'e':
never executed: case 'e':
0
859 if (optarg[0] == '^' && optarg[2] == 0 &&
BSDoptarg[0] == '^'Description
TRUEnever evaluated
FALSEnever evaluated
BSDoptarg[2] == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
860 (u_char) optarg[1] >= 64 &&
(u_char) BSDoptarg[1] >= 64Description
TRUEnever evaluated
FALSEnever evaluated
0
861 (u_char) optarg[1] < 128)
(u_char) BSDoptarg[1] < 128Description
TRUEnever evaluated
FALSEnever evaluated
0
862 options.escape_char = (u_char) optarg[1] & 31;
never executed: options.escape_char = (u_char) BSDoptarg[1] & 31;
0
863 else if (strlen(optarg) == 1)
strlen(BSDoptarg) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
864 options.escape_char = (u_char) optarg[0];
never executed: options.escape_char = (u_char) BSDoptarg[0];
0
865 else if (strcmp(optarg, "none") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
866 options.escape_char = SSH_ESCAPECHAR_NONE;
never executed: options.escape_char = -2;
0
867 else {-
868 fprintf(stderr, "Bad escape character '%s'.\n",-
869 optarg);-
870 exit(255);
never executed: exit(255);
0
871 }-
872 break;
never executed: break;
0
873 case 'c':
never executed: case 'c':
0
874 if (!ciphers_valid(*optarg == '+' ?
!ciphers_valid...1 : BSDoptarg)Description
TRUEnever evaluated
FALSEnever evaluated
0
875 optarg + 1 : optarg)) {
!ciphers_valid...1 : BSDoptarg)Description
TRUEnever evaluated
FALSEnever evaluated
0
876 fprintf(stderr, "Unknown cipher type '%s'\n",-
877 optarg);-
878 exit(255);
never executed: exit(255);
0
879 }-
880 free(options.ciphers);-
881 options.ciphers = xstrdup(optarg);-
882 break;
never executed: break;
0
883 case 'm':
never executed: case 'm':
0
884 if (mac_valid(optarg)) {
mac_valid(BSDoptarg)Description
TRUEnever evaluated
FALSEnever evaluated
0
885 free(options.macs);-
886 options.macs = xstrdup(optarg);-
887 } else {
never executed: end of block
0
888 fprintf(stderr, "Unknown mac type '%s'\n",-
889 optarg);-
890 exit(255);
never executed: exit(255);
0
891 }-
892 break;
never executed: break;
0
893 case 'M':
never executed: case 'M':
0
894 if (options.control_master == SSHCTL_MASTER_YES)
options.control_master == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
895 options.control_master = SSHCTL_MASTER_ASK;
never executed: options.control_master = 3;
0
896 else-
897 options.control_master = SSHCTL_MASTER_YES;
never executed: options.control_master = 1;
0
898 break;
never executed: break;
0
899 case 'p':
never executed: case 'p':
0
900 if (options.port == -1) {
options.port == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
901 options.port = a2port(optarg);-
902 if (options.port <= 0) {
options.port <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
903 fprintf(stderr, "Bad port '%s'\n",-
904 optarg);-
905 exit(255);
never executed: exit(255);
0
906 }-
907 }
never executed: end of block
0
908 break;
never executed: break;
0
909 case 'l':
never executed: case 'l':
0
910 if (options.user == NULL)
options.user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
911 options.user = optarg;
never executed: options.user = BSDoptarg;
0
912 break;
never executed: break;
0
913-
914 case 'L':
never executed: case 'L':
0
915 if (parse_forward(&fwd, optarg, 0, 0))
parse_forward(...Doptarg, 0, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
916 add_local_forward(&options, &fwd);
never executed: add_local_forward(&options, &fwd);
0
917 else {-
918 fprintf(stderr,-
919 "Bad local forwarding specification '%s'\n",-
920 optarg);-
921 exit(255);
never executed: exit(255);
0
922 }-
923 break;
never executed: break;
0
924-
925 case 'R':
never executed: case 'R':
0
926 if (parse_forward(&fwd, optarg, 0, 1) ||
parse_forward(...Doptarg, 0, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
927 parse_forward(&fwd, optarg, 1, 1)) {
parse_forward(...Doptarg, 1, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
928 add_remote_forward(&options, &fwd);-
929 } else {
never executed: end of block
0
930 fprintf(stderr,-
931 "Bad remote forwarding specification "-
932 "'%s'\n", optarg);-
933 exit(255);
never executed: exit(255);
0
934 }-
935 break;
never executed: break;
0
936-
937 case 'D':
never executed: case 'D':
0
938 if (parse_forward(&fwd, optarg, 1, 0)) {
parse_forward(...Doptarg, 1, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
939 add_local_forward(&options, &fwd);-
940 } else {
never executed: end of block
0
941 fprintf(stderr,-
942 "Bad dynamic forwarding specification "-
943 "'%s'\n", optarg);-
944 exit(255);
never executed: exit(255);
0
945 }-
946 break;
never executed: break;
0
947-
948 case 'C':
never executed: case 'C':
0
949 options.compression = 1;-
950 break;
never executed: break;
0
951 case 'N':
never executed: case 'N':
0
952 no_shell_flag = 1;-
953 options.request_tty = REQUEST_TTY_NO;-
954 break;
never executed: break;
0
955 case 'T':
never executed: case 'T':
0
956 options.request_tty = REQUEST_TTY_NO;-
957 break;
never executed: break;
0
958 case 'o':
never executed: case 'o':
0
959 line = xstrdup(optarg);-
960 if (process_config_line(&options, pw,
process_config...*)0) , 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
961 host ? host : "", host ? host : "", line,
process_config...*)0) , 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
962 "command-line", 0, NULL, SSHCONF_USERCONF) != 0)
process_config...*)0) , 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
963 exit(255);
never executed: exit(255);
0
964 free(line);-
965 break;
never executed: break;
0
966 case 's':
never executed: case 's':
0
967 subsystem_flag = 1;-
968 break;
never executed: break;
0
969 case 'S':
never executed: case 'S':
0
970 free(options.control_path);-
971 options.control_path = xstrdup(optarg);-
972 break;
never executed: break;
0
973 case 'b':
never executed: case 'b':
0
974 options.bind_address = optarg;-
975 break;
never executed: break;
0
976 case 'B':
never executed: case 'B':
0
977 options.bind_interface = optarg;-
978 break;
never executed: break;
0
979 case 'F':
never executed: case 'F':
0
980 config = optarg;-
981 break;
never executed: break;
0
982 default:
never executed: default:
0
983 usage();-
984 }
never executed: end of block
0
985 }-
986-
987 if (optind > 1 && strcmp(av[optind - 1], "--") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( av[BSDoptind - 1] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "--" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
BSDoptind > 1Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
988 opt_terminated = 1;
never executed: opt_terminated = 1;
0
989-
990 ac -= optind;-
991 av += optind;-
992-
993 if (ac > 0 && !host) {
ac > 0Description
TRUEnever evaluated
FALSEnever evaluated
!hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
994 int tport;-
995 char *tuser;-
996 switch (parse_ssh_uri(*av, &tuser, &host, &tport)) {-
997 case -1:
never executed: case -1:
0
998 usage();-
999 break;
never executed: break;
0
1000 case 0:
never executed: case 0:
0
1001 if (options.user == NULL) {
options.user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1002 options.user = tuser;-
1003 tuser = NULL;-
1004 }
never executed: end of block
0
1005 free(tuser);-
1006 if (options.port == -1 && tport != -1)
options.port == -1Description
TRUEnever evaluated
FALSEnever evaluated
tport != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1007 options.port = tport;
never executed: options.port = tport;
0
1008 break;
never executed: break;
0
1009 default:
never executed: default:
0
1010 p = xstrdup(*av);-
1011 cp = strrchr(p, '@');-
1012 if (cp != NULL) {
cp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1013 if (cp == p)
cp == pDescription
TRUEnever evaluated
FALSEnever evaluated
0
1014 usage();
never executed: usage();
0
1015 if (options.user == NULL) {
options.user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1016 options.user = p;-
1017 p = NULL;-
1018 }
never executed: end of block
0
1019 *cp++ = '\0';-
1020 host = xstrdup(cp);-
1021 free(p);-
1022 } else
never executed: end of block
0
1023 host = p;
never executed: host = p;
0
1024 break;
never executed: break;
0
1025 }-
1026 if (ac > 1 && !opt_terminated) {
ac > 1Description
TRUEnever evaluated
FALSEnever evaluated
!opt_terminatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1027 optind = optreset = 1;-
1028 goto again;
never executed: goto again;
0
1029 }-
1030 ac--, av++;-
1031 }
never executed: end of block
0
1032-
1033 /* Check that we got a host name. */-
1034 if (!host)
!hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1035 usage();
never executed: usage();
0
1036-
1037 host_arg = xstrdup(host);-
1038-
1039#ifdef WITH_OPENSSL-
1040 OpenSSL_add_all_algorithms();-
1041 ERR_load_crypto_strings();-
1042#endif-
1043-
1044 /* Initialize the command to execute on remote host. */-
1045 if ((command = sshbuf_new()) == NULL)
(command = ssh...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1046 fatal("sshbuf_new failed");
never executed: fatal("sshbuf_new failed");
0
1047-
1048 /*-
1049 * Save the command to execute on the remote host in a buffer. There-
1050 * is no limit on the length of the command, except by the maximum-
1051 * packet size. Also sets the tty flag if there is no command.-
1052 */-
1053 if (!ac) {
!acDescription
TRUEnever evaluated
FALSEnever evaluated
0
1054 /* No command specified - execute shell on a tty. */-
1055 if (subsystem_flag) {
subsystem_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1056 fprintf(stderr,-
1057 "You must specify a subsystem to invoke.\n");-
1058 usage();-
1059 }
never executed: end of block
0
1060 } else {
never executed: end of block
0
1061 /* A command has been specified. Store it into the buffer. */-
1062 for (i = 0; i < ac; i++) {
i < acDescription
TRUEnever evaluated
FALSEnever evaluated
0
1063 if ((r = sshbuf_putf(command, "%s%s",
(r = sshbuf_pu..., av[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1064 i ? " " : "", av[i])) != 0)
(r = sshbuf_pu..., av[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1065 fatal("%s: buffer error: %s",
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1066 __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1067 }
never executed: end of block
0
1068 }
never executed: end of block
0
1069-
1070 /*-
1071 * Initialize "log" output. Since we are the client all output-
1072 * goes to stderr unless otherwise specified by -y or -E.-
1073 */-
1074 if (use_syslog && logfile != NULL)
use_syslogDescription
TRUEnever evaluated
FALSEnever evaluated
logfile != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1075 fatal("Can't specify both -y and -E");
never executed: fatal("Can't specify both -y and -E");
0
1076 if (logfile != NULL)
logfile != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1077 log_redirect_stderr_to(logfile);
never executed: log_redirect_stderr_to(logfile);
0
1078 log_init(argv0,-
1079 options.log_level == SYSLOG_LEVEL_NOT_SET ?-
1080 SYSLOG_LEVEL_INFO : options.log_level,-
1081 options.log_facility == SYSLOG_FACILITY_NOT_SET ?-
1082 SYSLOG_FACILITY_USER : options.log_facility,-
1083 !use_syslog);-
1084-
1085 if (debug_flag)
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1086 logit("%s, %s", SSH_RELEASE,
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1087#ifdef WITH_OPENSSL
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1088 SSLeay_version(SSLEAY_VERSION)
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1089#else
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1090 "without OpenSSL"
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1091#endif
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1092 );
never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) );
0
1093-
1094 /* Parse the configuration files */-
1095 process_config_files(host_arg, pw, 0);-
1096-
1097 /* Hostname canonicalisation needs a few options filled. */-
1098 fill_default_options_for_canonicalization(&options);-
1099-
1100 /* If the user has replaced the hostname then take it into use now */-
1101 if (options.hostname != NULL) {
options.hostna...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1102 /* NB. Please keep in sync with readconf.c:match_cfg_line() */-
1103 cp = percent_expand(options.hostname,-
1104 "h", host, (char *)NULL);-
1105 free(host);-
1106 host = cp;-
1107 free(options.hostname);-
1108 options.hostname = xstrdup(host);-
1109 }
never executed: end of block
0
1110-
1111 /* Don't lowercase addresses, they will be explicitly canonicalised */-
1112 if ((was_addr = is_addr(host)) == 0)
(was_addr = is...dr(host)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1113 lowercase(host);
never executed: lowercase(host);
0
1114-
1115 /*-
1116 * Try to canonicalize if requested by configuration or the-
1117 * hostname is an address.-
1118 */-
1119 if (options.canonicalize_hostname != SSH_CANONICALISE_NO || was_addr)
options.canoni..._hostname != 0Description
TRUEnever evaluated
FALSEnever evaluated
was_addrDescription
TRUEnever evaluated
FALSEnever evaluated
0
1120 addrs = resolve_canonicalize(&host, options.port);
never executed: addrs = resolve_canonicalize(&host, options.port);
0
1121-
1122 /*-
1123 * If CanonicalizePermittedCNAMEs have been specified but-
1124 * other canonicalization did not happen (by not being requested-
1125 * or by failing with fallback) then the hostname may still be changed-
1126 * as a result of CNAME following.-
1127 *-
1128 * Try to resolve the bare hostname name using the system resolver's-
1129 * usual search rules and then apply the CNAME follow rules.-
1130 *-
1131 * Skip the lookup if a ProxyCommand is being used unless the user-
1132 * has specifically requested canonicalisation for this case via-
1133 * CanonicalizeHostname=always-
1134 */-
1135 direct = option_clear_or_none(options.proxy_command) &&
option_clear_o...proxy_command)Description
TRUEnever evaluated
FALSEnever evaluated
0
1136 options.jump_host == NULL;
options.jump_h...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1137 if (addrs == NULL && options.num_permitted_cnames != 0 && (direct ||
addrs == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options.num_pe...ed_cnames != 0Description
TRUEnever evaluated
FALSEnever evaluated
directDescription
TRUEnever evaluated
FALSEnever evaluated
0
1138 options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
options.canoni..._hostname == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1139 if ((addrs = resolve_host(host, options.port,
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1140 direct, cname, sizeof(cname))) == NULL) {
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1141 /* Don't fatal proxied host names not in the DNS */-
1142 if (direct)
directDescription
TRUEnever evaluated
FALSEnever evaluated
0
1143 cleanup_exit(255); /* logged in resolve_host */
never executed: cleanup_exit(255);
0
1144 } else
never executed: end of block
0
1145 check_follow_cname(direct, &host, cname);
never executed: check_follow_cname(direct, &host, cname);
0
1146 }-
1147-
1148 /*-
1149 * If canonicalisation is enabled then re-parse the configuration-
1150 * files as new stanzas may match.-
1151 */-
1152 if (options.canonicalize_hostname != 0) {
options.canoni..._hostname != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1153 debug("Re-reading configuration after hostname "-
1154 "canonicalisation");-
1155 free(options.hostname);-
1156 options.hostname = xstrdup(host);-
1157 process_config_files(host_arg, pw, 1);-
1158 /*-
1159 * Address resolution happens early with canonicalisation-
1160 * enabled and the port number may have changed since, so-
1161 * reset it in address list-
1162 */-
1163 if (addrs != NULL && options.port > 0)
addrs != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options.port > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1164 set_addrinfo_port(addrs, options.port);
never executed: set_addrinfo_port(addrs, options.port);
0
1165 }
never executed: end of block
0
1166-
1167 /* Fill configuration defaults. */-
1168 fill_default_options(&options);-
1169-
1170 /*-
1171 * If ProxyJump option specified, then construct a ProxyCommand now.-
1172 */-
1173 if (options.jump_host != NULL) {
options.jump_h...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1174 char port_s[8];-
1175 const char *sshbin = argv0;-
1176-
1177 /*-
1178 * Try to use SSH indicated by argv[0], but fall back to-
1179 * "ssh" if it appears unavailable.-
1180 */-
1181 if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '/' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...nt_p ( argv0 )Description
TRUEnever evaluated
FALSEnever evaluated
( '/' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
access(argv0, 1 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1182 sshbin = "ssh";
never executed: sshbin = "ssh";
0
1183-
1184 /* Consistency check */-
1185 if (options.proxy_command != NULL)
options.proxy_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1186 fatal("inconsistent options: ProxyCommand+ProxyJump");
never executed: fatal("inconsistent options: ProxyCommand+ProxyJump");
0
1187 /* Never use FD passing for ProxyJump */-
1188 options.proxy_use_fdpass = 0;-
1189 snprintf(port_s, sizeof(port_s), "%d", options.jump_port);-
1190 xasprintf(&options.proxy_command,-
1191 "%s%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s",-
1192 sshbin,-
1193 /* Optional "-l user" argument if jump_user set */-
1194 options.jump_user == NULL ? "" : " -l ",-
1195 options.jump_user == NULL ? "" : options.jump_user,-
1196 /* Optional "-p port" argument if jump_port set */-
1197 options.jump_port <= 0 ? "" : " -p ",-
1198 options.jump_port <= 0 ? "" : port_s,-
1199 /* Optional additional jump hosts ",..." */-
1200 options.jump_extra == NULL ? "" : " -J ",-
1201 options.jump_extra == NULL ? "" : options.jump_extra,-
1202 /* Optional "-F" argumment if -F specified */-
1203 config == NULL ? "" : " -F ",-
1204 config == NULL ? "" : config,-
1205 /* Optional "-v" arguments if -v set */-
1206 debug_flag ? " -" : "",-
1207 debug_flag, "vvv",-
1208 /* Mandatory hostname */-
1209 options.jump_host);-
1210 debug("Setting implicit ProxyCommand from ProxyJump: %s",-
1211 options.proxy_command);-
1212 }
never executed: end of block
0
1213-
1214 if (options.port == 0)
options.port == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1215 options.port = default_ssh_port();
never executed: options.port = default_ssh_port();
0
1216 channel_set_af(ssh, options.address_family);-
1217-
1218 /* Tidy and check options */-
1219 if (options.host_key_alias != NULL)
options.host_k...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1220 lowercase(options.host_key_alias);
never executed: lowercase(options.host_key_alias);
0
1221 if (options.proxy_command != NULL &&
options.proxy_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1222 strcmp(options.proxy_command, "-") == 0 &&
never executed: __result = (((const unsigned char *) (const char *) ( options.proxy_command ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1223 options.proxy_use_fdpass)
options.proxy_use_fdpassDescription
TRUEnever evaluated
FALSEnever evaluated
0
1224 fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
never executed: fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
0
1225 if (options.control_persist &&
options.control_persistDescription
TRUEnever evaluated
FALSEnever evaluated
0
1226 options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
options.update_hostkeys == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1227 debug("UpdateHostKeys=ask is incompatible with ControlPersist; "-
1228 "disabling");-
1229 options.update_hostkeys = 0;-
1230 }
never executed: end of block
0
1231 if (options.connection_attempts <= 0)
options.connec..._attempts <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1232 fatal("Invalid number of ConnectionAttempts");
never executed: fatal("Invalid number of ConnectionAttempts");
0
1233-
1234 if (sshbuf_len(command) != 0 && options.remote_command != NULL)
sshbuf_len(command) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.remote...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1235 fatal("Cannot execute command-line and remote command.");
never executed: fatal("Cannot execute command-line and remote command.");
0
1236-
1237 /* Cannot fork to background if no command. */-
1238 if (fork_after_authentication_flag && sshbuf_len(command) == 0 &&
fork_after_authentication_flagDescription
TRUEnever evaluated
FALSEnever evaluated
sshbuf_len(command) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1239 options.remote_command == NULL && !no_shell_flag)
options.remote...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!no_shell_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1240 fatal("Cannot fork into background without a command "
never executed: fatal("Cannot fork into background without a command " "to execute.");
0
1241 "to execute.");
never executed: fatal("Cannot fork into background without a command " "to execute.");
0
1242-
1243 /* reinit */-
1244 log_init(argv0, options.log_level, options.log_facility, !use_syslog);-
1245-
1246 if (options.request_tty == REQUEST_TTY_YES ||
options.request_tty == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1247 options.request_tty == REQUEST_TTY_FORCE)
options.request_tty == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1248 tty_flag = 1;
never executed: tty_flag = 1;
0
1249-
1250 /* Allocate a tty by default if no command specified. */-
1251 if (sshbuf_len(command) == 0 && options.remote_command == NULL)
sshbuf_len(command) == 0Description
TRUEnever evaluated
FALSEnever evaluated
options.remote...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1252 tty_flag = options.request_tty != REQUEST_TTY_NO;
never executed: tty_flag = options.request_tty != 1;
0
1253-
1254 /* Force no tty */-
1255 if (options.request_tty == REQUEST_TTY_NO ||
options.request_tty == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1256 (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY))
muxclient_commandDescription
TRUEnever evaluated
FALSEnever evaluated
muxclient_command != 8Description
TRUEnever evaluated
FALSEnever evaluated
0
1257 tty_flag = 0;
never executed: tty_flag = 0;
0
1258 /* Do not allocate a tty if stdin is not a tty. */-
1259 if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
!isatty(fileno( stdin ))Description
TRUEnever evaluated
FALSEnever evaluated
stdin_null_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1260 options.request_tty != REQUEST_TTY_FORCE) {
options.request_tty != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1261 if (tty_flag)
tty_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1262 logit("Pseudo-terminal will not be allocated because "
never executed: logit("Pseudo-terminal will not be allocated because " "stdin is not a terminal.");
0
1263 "stdin is not a terminal.");
never executed: logit("Pseudo-terminal will not be allocated because " "stdin is not a terminal.");
0
1264 tty_flag = 0;-
1265 }
never executed: end of block
0
1266-
1267 seed_rng();-
1268-
1269 if (options.user == NULL)
options.user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1270 options.user = xstrdup(pw->pw_name);
never executed: options.user = xstrdup(pw->pw_name);
0
1271-
1272 /* Set up strings used to percent_expand() arguments */-
1273 if (gethostname(thishost, sizeof(thishost)) == -1)
gethostname(th...ishost)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1274 fatal("gethostname: %s", strerror(errno));
never executed: fatal("gethostname: %s", strerror( (*__errno_location ()) ));
0
1275 strlcpy(shorthost, thishost, sizeof(shorthost));-
1276 shorthost[strcspn(thishost, ".")] = '\0';-
1277 snprintf(portstr, sizeof(portstr), "%d", options.port);-
1278 snprintf(uidstr, sizeof(uidstr), "%llu",-
1279 (unsigned long long)pw->pw_uid);-
1280-
1281 if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||
(md = ssh_dige...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1282 ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
ssh_digest_upd...thishost)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1283 ssh_digest_update(md, host, strlen(host)) < 0 ||
ssh_digest_upd...len(host)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1284 ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
ssh_digest_upd...(portstr)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1285 ssh_digest_update(md, options.user, strlen(options.user)) < 0 ||
ssh_digest_upd...ons.user)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1286 ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
ssh_digest_fin...onn_hash)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1287 fatal("%s: mux digest failed", __func__);
never executed: fatal("%s: mux digest failed", __func__);
0
1288 ssh_digest_free(md);-
1289 conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));-
1290-
1291 /*-
1292 * Expand tokens in arguments. NB. LocalCommand is expanded later,-
1293 * after port-forwarding is set up, so it may pick up any local-
1294 * tunnel interface name allocated.-
1295 */-
1296 if (options.remote_command != NULL) {
options.remote...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1297 debug3("expanding RemoteCommand: %s", options.remote_command);-
1298 cp = options.remote_command;-
1299 options.remote_command = percent_expand(cp,-
1300 "C", conn_hash_hex,-
1301 "L", shorthost,-
1302 "d", pw->pw_dir,-
1303 "h", host,-
1304 "i", uidstr,-
1305 "l", thishost,-
1306 "n", host_arg,-
1307 "p", portstr,-
1308 "r", options.user,-
1309 "u", pw->pw_name,-
1310 (char *)NULL);-
1311 debug3("expanded RemoteCommand: %s", options.remote_command);-
1312 free(cp);-
1313 if ((r = sshbuf_put(command, options.remote_command,
(r = sshbuf_pu...ommand))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1314 strlen(options.remote_command))) != 0)
(r = sshbuf_pu...ommand))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1315 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1316 }
never executed: end of block
0
1317-
1318 if (options.control_path != NULL) {
options.contro...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1319 cp = tilde_expand_filename(options.control_path, getuid());-
1320 free(options.control_path);-
1321 options.control_path = percent_expand(cp,-
1322 "C", conn_hash_hex,-
1323 "L", shorthost,-
1324 "h", host,-
1325 "i", uidstr,-
1326 "l", thishost,-
1327 "n", host_arg,-
1328 "p", portstr,-
1329 "r", options.user,-
1330 "u", pw->pw_name,-
1331 "i", uidstr,-
1332 (char *)NULL);-
1333 free(cp);-
1334 }
never executed: end of block
0
1335-
1336 if (config_test) {
config_testDescription
TRUEnever evaluated
FALSEnever evaluated
0
1337 dump_client_config(&options, host);-
1338 exit(0);
never executed: exit(0);
0
1339 }-
1340-
1341 if (muxclient_command != 0 && options.control_path == NULL)
muxclient_command != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.contro...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1342 fatal("No ControlPath specified for \"-O\" command");
never executed: fatal("No ControlPath specified for \"-O\" command");
0
1343 if (options.control_path != NULL) {
options.contro...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1344 int sock;-
1345 if ((sock = muxclient(options.control_path)) >= 0) {
(sock = muxcli...ol_path)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1346 ssh_packet_set_connection(ssh, sock, sock);-
1347 packet_set_mux();-
1348 goto skip_connect;
never executed: goto skip_connect;
0
1349 }-
1350 }
never executed: end of block
0
1351-
1352 /*-
1353 * If hostname canonicalisation was not enabled, then we may not-
1354 * have yet resolved the hostname. Do so now.-
1355 */-
1356 if (addrs == NULL && options.proxy_command == NULL) {
addrs == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options.proxy_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1357 debug2("resolving \"%s\" port %d", host, options.port);-
1358 if ((addrs = resolve_host(host, options.port, 1,
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1359 cname, sizeof(cname))) == NULL)
(addrs = resol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1360 cleanup_exit(255); /* resolve_host logs the error */
never executed: cleanup_exit(255);
0
1361 }
never executed: end of block
0
1362-
1363 timeout_ms = options.connection_timeout * 1000;-
1364-
1365 /* Open a connection to the remote host. */-
1366 if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,
ssh_connect(ss...ep_alive) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1367 options.address_family, options.connection_attempts,
ssh_connect(ss...ep_alive) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1368 &timeout_ms, options.tcp_keep_alive) != 0)
ssh_connect(ss...ep_alive) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 exit(255);
never executed: exit(255);
0
1370-
1371 if (addrs != NULL)
addrs != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1372 freeaddrinfo(addrs);
never executed: freeaddrinfo(addrs);
0
1373-
1374 packet_set_timeout(options.server_alive_interval,-
1375 options.server_alive_count_max);-
1376-
1377 ssh = active_state; /* XXX */-
1378-
1379 if (timeout_ms > 0)
timeout_ms > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1380 debug3("timeout: %d ms remain after connect", timeout_ms);
never executed: debug3("timeout: %d ms remain after connect", timeout_ms);
0
1381-
1382 /*-
1383 * If we successfully made the connection and we have hostbased auth-
1384 * enabled, load the public keys so we can later use the ssh-keysign-
1385 * helper to sign challenges.-
1386 */-
1387 sensitive_data.nkeys = 0;-
1388 sensitive_data.keys = NULL;-
1389 if (options.hostbased_authentication) {
options.hostba...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
1390 sensitive_data.nkeys = 10;-
1391 sensitive_data.keys = xcalloc(sensitive_data.nkeys,-
1392 sizeof(struct sshkey));-
1393-
1394 /* XXX check errors? */-
1395#define L_PUBKEY(p,o) do { \-
1396 if ((o) >= sensitive_data.nkeys) \-
1397 fatal("%s pubkey out of array bounds", __func__); \-
1398 check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \-
1399 p, "pubkey"); \-
1400} while (0)-
1401#define L_CERT(p,o) do { \-
1402 if ((o) >= sensitive_data.nkeys) \-
1403 fatal("%s cert out of array bounds", __func__); \-
1404 check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \-
1405} while (0)-
1406-
1407 if (options.hostbased_authentication == 1) {
options.hostba...ntication == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1408 L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
never executed: fatal("%s cert out of array bounds", __func__);
(0) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1409 L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
never executed: fatal("%s cert out of array bounds", __func__);
(1) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1410 L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
never executed: fatal("%s cert out of array bounds", __func__);
(2) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1411 L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
never executed: fatal("%s cert out of array bounds", __func__);
(3) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1412 L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
never executed: fatal("%s pubkey out of array bounds", __func__);
(4) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1413 L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
never executed: fatal("%s pubkey out of array bounds", __func__);
(5) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1414 L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
never executed: fatal("%s pubkey out of array bounds", __func__);
(6) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1415 L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
never executed: fatal("%s pubkey out of array bounds", __func__);
(7) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1416 L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
never executed: fatal("%s cert out of array bounds", __func__);
(8) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1417 L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
never executed: fatal("%s pubkey out of array bounds", __func__);
(9) >= sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1418 }
never executed: end of block
0
1419 }
never executed: end of block
0
1420-
1421 /* Create ~/.ssh * directory if it doesn't already exist. */-
1422 if (config == NULL) {
config == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1423 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,-
1424 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
never executed: __result = (((const unsigned char *) (const char *) ( pw->pw_dir ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "/" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1425 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
r > 0Description
TRUEnever evaluated
FALSEnever evaluated
(size_t)r < sizeof(buf)Description
TRUEnever evaluated
FALSEnever evaluated
stat(buf, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1426#ifdef WITH_SELINUX-
1427 ssh_selinux_setfscreatecon(buf);-
1428#endif-
1429 if (mkdir(buf, 0700) < 0)
mkdir(buf, 0700) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1430 error("Could not create directory '%.200s'.",
never executed: error("Could not create directory '%.200s'.", buf);
0
1431 buf);
never executed: error("Could not create directory '%.200s'.", buf);
0
1432#ifdef WITH_SELINUX-
1433 ssh_selinux_setfscreatecon(NULL);-
1434#endif-
1435 }
never executed: end of block
0
1436 }
never executed: end of block
0
1437 /* load options.identity_files */-
1438 load_public_identity_files(pw);-
1439-
1440 /* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */-
1441 if (options.identity_agent &&
options.identity_agentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1442 strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( options.identity_agent ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1443 if (strcmp(options.identity_agent, "none") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( options.identity_agent ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1444 unsetenv(SSH_AUTHSOCKET_ENV_NAME);-
1445 } else {
never executed: end of block
0
1446 p = tilde_expand_filename(options.identity_agent,-
1447 getuid());-
1448 cp = percent_expand(p,-
1449 "d", pw->pw_dir,-
1450 "h", host,-
1451 "i", uidstr,-
1452 "l", thishost,-
1453 "r", options.user,-
1454 "u", pw->pw_name,-
1455 (char *)NULL);-
1456 setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);-
1457 free(cp);-
1458 free(p);-
1459 }
never executed: end of block
0
1460 }-
1461-
1462 /* Expand ~ in known host file names. */-
1463 tilde_expand_paths(options.system_hostfiles,-
1464 options.num_system_hostfiles);-
1465 tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);-
1466-
1467 signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */-
1468 signal(SIGCHLD, main_sigchld_handler);-
1469-
1470 /* Log into the remote system. Never returns if the login fails. */-
1471 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,-
1472 options.port, pw, timeout_ms);-
1473-
1474 if (packet_connection_is_on_socket()) {
ssh_packet_con...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
0
1475 verbose("Authenticated to %s ([%s]:%d).", host,-
1476 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
1477 } else {
never executed: end of block
0
1478 verbose("Authenticated to %s (via proxy).", host);-
1479 }
never executed: end of block
0
1480-
1481 /* We no longer need the private host keys. Clear them now. */-
1482 if (sensitive_data.nkeys != 0) {
sensitive_data.nkeys != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1483 for (i = 0; i < sensitive_data.nkeys; i++) {
i < sensitive_data.nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1484 if (sensitive_data.keys[i] != NULL) {
sensitive_data...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1485 /* Destroys contents safely */-
1486 debug3("clear hostkey %d", i);-
1487 sshkey_free(sensitive_data.keys[i]);-
1488 sensitive_data.keys[i] = NULL;-
1489 }
never executed: end of block
0
1490 }
never executed: end of block
0
1491 free(sensitive_data.keys);-
1492 }
never executed: end of block
0
1493 for (i = 0; i < options.num_identity_files; i++) {
i < options.num_identity_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
1494 free(options.identity_files[i]);-
1495 options.identity_files[i] = NULL;-
1496 if (options.identity_keys[i]) {
options.identity_keys[i]Description
TRUEnever evaluated
FALSEnever evaluated
0
1497 sshkey_free(options.identity_keys[i]);-
1498 options.identity_keys[i] = NULL;-
1499 }
never executed: end of block
0
1500 }
never executed: end of block
0
1501 for (i = 0; i < options.num_certificate_files; i++) {
i < options.nu...tificate_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
1502 free(options.certificate_files[i]);-
1503 options.certificate_files[i] = NULL;-
1504 }
never executed: end of block
0
1505-
1506 skip_connect:
code before this statement never executed: skip_connect:
0
1507 exit_status = ssh_session2(ssh, pw);-
1508 packet_close();-
1509-
1510 if (options.control_path != NULL && muxserver_sock != -1)
options.contro...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
muxserver_sock != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1511 unlink(options.control_path);
never executed: unlink(options.control_path);
0
1512-
1513 /* Kill ProxyCommand if it is running. */-
1514 ssh_kill_proxy_command();-
1515-
1516 return exit_status;
never executed: return exit_status;
0
1517}-
1518-
1519static void-
1520control_persist_detach(void)-
1521{-
1522 pid_t pid;-
1523 int devnull, keep_stderr;-
1524-
1525 debug("%s: backgrounding master process", __func__);-
1526-
1527 /*-
1528 * master (current process) into the background, and make the-
1529 * foreground process a client of the backgrounded master.-
1530 */-
1531 switch ((pid = fork())) {-
1532 case -1:
never executed: case -1:
0
1533 fatal("%s: fork: %s", __func__, strerror(errno));-
1534 case 0:
code before this statement never executed: case 0:
never executed: case 0:
0
1535 /* Child: master process continues mainloop */-
1536 break;
never executed: break;
0
1537 default:
never executed: default:
0
1538 /* Parent: set up mux slave to connect to backgrounded master */-
1539 debug2("%s: background process is %ld", __func__, (long)pid);-
1540 stdin_null_flag = ostdin_null_flag;-
1541 options.request_tty = orequest_tty;-
1542 tty_flag = otty_flag;-
1543 close(muxserver_sock);-
1544 muxserver_sock = -1;-
1545 options.control_master = SSHCTL_MASTER_NO;-
1546 muxclient(options.control_path);-
1547 /* muxclient() doesn't return on success. */-
1548 fatal("Failed to connect to new control master");-
1549 }
never executed: end of block
0
1550 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
(devnull = ope... , 02 )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1551 error("%s: open(\"/dev/null\"): %s", __func__,-
1552 strerror(errno));-
1553 } else {
never executed: end of block
0
1554 keep_stderr = log_is_on_stderr() && debug_flag;
log_is_on_stderr()Description
TRUEnever evaluated
FALSEnever evaluated
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1555 if (dup2(devnull, STDIN_FILENO) == -1 ||
dup2(devnull, 0 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1556 dup2(devnull, STDOUT_FILENO) == -1 ||
dup2(devnull, 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1557 (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))
!keep_stderrDescription
TRUEnever evaluated
FALSEnever evaluated
dup2(devnull, 2 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1558 error("%s: dup2: %s", __func__, strerror(errno));
never executed: error("%s: dup2: %s", __func__, strerror( (*__errno_location ()) ));
0
1559 if (devnull > STDERR_FILENO)
devnull > 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1560 close(devnull);
never executed: close(devnull);
0
1561 }
never executed: end of block
0
1562 daemon(1, 1);-
1563 setproctitle("%s [mux]", options.control_path);-
1564}
never executed: end of block
0
1565-
1566/* Do fork() after authentication. Used by "ssh -f" */-
1567static void-
1568fork_postauth(void)-
1569{-
1570 if (need_controlpersist_detach)
need_controlpersist_detachDescription
TRUEnever evaluated
FALSEnever evaluated
0
1571 control_persist_detach();
never executed: control_persist_detach();
0
1572 debug("forking to background");-
1573 fork_after_authentication_flag = 0;-
1574 if (daemon(1, 1) < 0)
daemon(1, 1) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1575 fatal("daemon() failed: %.200s", strerror(errno));
never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) ));
0
1576}
never executed: end of block
0
1577-
1578/* Callback for remote forward global requests */-
1579static void-
1580ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)-
1581{-
1582 struct Forward *rfwd = (struct Forward *)ctxt;-
1583-
1584 /* XXX verbose() on failure? */-
1585 debug("remote forward %s for: listen %s%s%d, connect %s:%d",-
1586 type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",-
1587 rfwd->listen_path ? rfwd->listen_path :-
1588 rfwd->listen_host ? rfwd->listen_host : "",-
1589 (rfwd->listen_path || rfwd->listen_host) ? ":" : "",-
1590 rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :-
1591 rfwd->connect_host, rfwd->connect_port);-
1592 if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {
rfwd->listen_p...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
rfwd->listen_port == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1593 if (type == SSH2_MSG_REQUEST_SUCCESS) {
type == 81Description
TRUEnever evaluated
FALSEnever evaluated
0
1594 rfwd->allocated_port = packet_get_int();-
1595 logit("Allocated port %u for remote forward to %s:%d",-
1596 rfwd->allocated_port,-
1597 rfwd->connect_host, rfwd->connect_port);-
1598 channel_update_permission(ssh,-
1599 rfwd->handle, rfwd->allocated_port);-
1600 } else {
never executed: end of block
0
1601 channel_update_permission(ssh, rfwd->handle, -1);-
1602 }
never executed: end of block
0
1603 }-
1604-
1605 if (type == SSH2_MSG_REQUEST_FAILURE) {
type == 82Description
TRUEnever evaluated
FALSEnever evaluated
0
1606 if (options.exit_on_forward_failure) {
options.exit_o...orward_failureDescription
TRUEnever evaluated
FALSEnever evaluated
0
1607 if (rfwd->listen_path != NULL)
rfwd->listen_p...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1608 fatal("Error: remote port forwarding failed "
never executed: fatal("Error: remote port forwarding failed " "for listen path %s", rfwd->listen_path);
0
1609 "for listen path %s", rfwd->listen_path);
never executed: fatal("Error: remote port forwarding failed " "for listen path %s", rfwd->listen_path);
0
1610 else-
1611 fatal("Error: remote port forwarding failed "
never executed: fatal("Error: remote port forwarding failed " "for listen port %d", rfwd->listen_port);
0
1612 "for listen port %d", rfwd->listen_port);
never executed: fatal("Error: remote port forwarding failed " "for listen port %d", rfwd->listen_port);
0
1613 } else {-
1614 if (rfwd->listen_path != NULL)
rfwd->listen_p...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1615 logit("Warning: remote port forwarding failed "
never executed: logit("Warning: remote port forwarding failed " "for listen path %s", rfwd->listen_path);
0
1616 "for listen path %s", rfwd->listen_path);
never executed: logit("Warning: remote port forwarding failed " "for listen path %s", rfwd->listen_path);
0
1617 else-
1618 logit("Warning: remote port forwarding failed "
never executed: logit("Warning: remote port forwarding failed " "for listen port %d", rfwd->listen_port);
0
1619 "for listen port %d", rfwd->listen_port);
never executed: logit("Warning: remote port forwarding failed " "for listen port %d", rfwd->listen_port);
0
1620 }-
1621 }-
1622 if (++remote_forward_confirms_received == options.num_remote_forwards) {
++remote_forwa...emote_forwardsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1623 debug("All remote forwarding requests processed");-
1624 if (fork_after_authentication_flag)
fork_after_authentication_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1625 fork_postauth();
never executed: fork_postauth();
0
1626 }
never executed: end of block
0
1627}
never executed: end of block
0
1628-
1629static void-
1630client_cleanup_stdio_fwd(struct ssh *ssh, int id, void *arg)-
1631{-
1632 debug("stdio forwarding: done");-
1633 cleanup_exit(0);-
1634}
never executed: end of block
0
1635-
1636static void-
1637ssh_stdio_confirm(struct ssh *ssh, int id, int success, void *arg)-
1638{-
1639 if (!success)
!successDescription
TRUEnever evaluated
FALSEnever evaluated
0
1640 fatal("stdio forwarding failed");
never executed: fatal("stdio forwarding failed");
0
1641}
never executed: end of block
0
1642-
1643static void-
1644ssh_init_stdio_forwarding(struct ssh *ssh)-
1645{-
1646 Channel *c;-
1647 int in, out;-
1648-
1649 if (options.stdio_forward_host == NULL)
options.stdio_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1650 return;
never executed: return;
0
1651-
1652 debug3("%s: %s:%d", __func__, options.stdio_forward_host,-
1653 options.stdio_forward_port);-
1654-
1655 if ((in = dup(STDIN_FILENO)) < 0 ||
(in = dup( 0 )) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1656 (out = dup(STDOUT_FILENO)) < 0)
(out = dup( 1 )) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1657 fatal("channel_connect_stdio_fwd: dup() in/out failed");
never executed: fatal("channel_connect_stdio_fwd: dup() in/out failed");
0
1658 if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
(c = channel_c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1659 options.stdio_forward_port, in, out)) == NULL)
(c = channel_c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1660 fatal("%s: channel_connect_stdio_fwd failed", __func__);
never executed: fatal("%s: channel_connect_stdio_fwd failed", __func__);
0
1661 channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0);-
1662 channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL);-
1663}
never executed: end of block
0
1664-
1665static void-
1666ssh_init_forwarding(struct ssh *ssh, char **ifname)-
1667{-
1668 int success = 0;-
1669 int i;-
1670-
1671 /* Initiate local TCP/IP port forwardings. */-
1672 for (i = 0; i < options.num_local_forwards; i++) {
i < options.num_local_forwardsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1673 debug("Local connections to %.200s:%d forwarded to remote "-
1674 "address %.200s:%d",-
1675 (options.local_forwards[i].listen_path != NULL) ?-
1676 options.local_forwards[i].listen_path :-
1677 (options.local_forwards[i].listen_host == NULL) ?-
1678 (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :-
1679 options.local_forwards[i].listen_host,-
1680 options.local_forwards[i].listen_port,-
1681 (options.local_forwards[i].connect_path != NULL) ?-
1682 options.local_forwards[i].connect_path :-
1683 options.local_forwards[i].connect_host,-
1684 options.local_forwards[i].connect_port);-
1685 success += channel_setup_local_fwd_listener(ssh,-
1686 &options.local_forwards[i], &options.fwd_opts);-
1687 }
never executed: end of block
0
1688 if (i > 0 && success != i && options.exit_on_forward_failure)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
success != iDescription
TRUEnever evaluated
FALSEnever evaluated
options.exit_o...orward_failureDescription
TRUEnever evaluated
FALSEnever evaluated
0
1689 fatal("Could not request local forwarding.");
never executed: fatal("Could not request local forwarding.");
0
1690 if (i > 0 && success == 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
success == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1691 error("Could not request local forwarding.");
never executed: error("Could not request local forwarding.");
0
1692-
1693 /* Initiate remote TCP/IP port forwardings. */-
1694 for (i = 0; i < options.num_remote_forwards; i++) {
i < options.nu...emote_forwardsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1695 debug("Remote connections from %.200s:%d forwarded to "-
1696 "local address %.200s:%d",-
1697 (options.remote_forwards[i].listen_path != NULL) ?-
1698 options.remote_forwards[i].listen_path :-
1699 (options.remote_forwards[i].listen_host == NULL) ?-
1700 "LOCALHOST" : options.remote_forwards[i].listen_host,-
1701 options.remote_forwards[i].listen_port,-
1702 (options.remote_forwards[i].connect_path != NULL) ?-
1703 options.remote_forwards[i].connect_path :-
1704 options.remote_forwards[i].connect_host,-
1705 options.remote_forwards[i].connect_port);-
1706 options.remote_forwards[i].handle =-
1707 channel_request_remote_forwarding(ssh,-
1708 &options.remote_forwards[i]);-
1709 if (options.remote_forwards[i].handle < 0) {
options.remote...[i].handle < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1710 if (options.exit_on_forward_failure)
options.exit_o...orward_failureDescription
TRUEnever evaluated
FALSEnever evaluated
0
1711 fatal("Could not request remote forwarding.");
never executed: fatal("Could not request remote forwarding.");
0
1712 else-
1713 logit("Warning: Could not request remote "
never executed: logit("Warning: Could not request remote " "forwarding.");
0
1714 "forwarding.");
never executed: logit("Warning: Could not request remote " "forwarding.");
0
1715 } else {-
1716 client_register_global_confirm(-
1717 ssh_confirm_remote_forward,-
1718 &options.remote_forwards[i]);-
1719 }
never executed: end of block
0
1720 }-
1721-
1722 /* Initiate tunnel forwarding. */-
1723 if (options.tun_open != SSH_TUNMODE_NO) {
options.tun_open != 0x00Description
TRUEnever evaluated
FALSEnever evaluated
0
1724 if ((*ifname = client_request_tun_fwd(ssh,
(*ifname = cli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1725 options.tun_open, options.tun_local,
(*ifname = cli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1726 options.tun_remote)) == NULL) {
(*ifname = cli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1727 if (options.exit_on_forward_failure)
options.exit_o...orward_failureDescription
TRUEnever evaluated
FALSEnever evaluated
0
1728 fatal("Could not request tunnel forwarding.");
never executed: fatal("Could not request tunnel forwarding.");
0
1729 else-
1730 error("Could not request tunnel forwarding.");
never executed: error("Could not request tunnel forwarding.");
0
1731 }-
1732 }
never executed: end of block
0
1733}
never executed: end of block
0
1734-
1735static void-
1736check_agent_present(void)-
1737{-
1738 int r;-
1739-
1740 if (options.forward_agent) {
options.forward_agentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1741 /* Clear agent forwarding if we don't have an agent. */-
1742 if ((r = ssh_get_authentication_socket(NULL)) != 0) {
(r = ssh_get_a...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1743 options.forward_agent = 0;-
1744 if (r != SSH_ERR_AGENT_NOT_PRESENT)
r != -47Description
TRUEnever evaluated
FALSEnever evaluated
0
1745 debug("ssh_get_authentication_socket: %s",
never executed: debug("ssh_get_authentication_socket: %s", ssh_err(r));
0
1746 ssh_err(r));
never executed: debug("ssh_get_authentication_socket: %s", ssh_err(r));
0
1747 }
never executed: end of block
0
1748 }
never executed: end of block
0
1749}
never executed: end of block
0
1750-
1751static void-
1752ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg)-
1753{-
1754 extern char **environ;-
1755 const char *display;-
1756 int interactive = tty_flag;-
1757 char *proto = NULL, *data = NULL;-
1758-
1759 if (!success)
!successDescription
TRUEnever evaluated
FALSEnever evaluated
0
1760 return; /* No need for error message, channels code sens one */
never executed: return;
0
1761-
1762 display = getenv("DISPLAY");-
1763 if (display == NULL && options.forward_x11)
display == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options.forward_x11Description
TRUEnever evaluated
FALSEnever evaluated
0
1764 debug("X11 forwarding requested but DISPLAY not set");
never executed: debug("X11 forwarding requested but DISPLAY not set");
0
1765 if (options.forward_x11 && client_x11_get_proto(ssh, display,
options.forward_x11Description
TRUEnever evaluated
FALSEnever evaluated
client_x11_get...o, &data) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1766 options.xauth_location, options.forward_x11_trusted,
client_x11_get...o, &data) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1767 options.forward_x11_timeout, &proto, &data) == 0) {
client_x11_get...o, &data) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1768 /* Request forwarding with authentication spoofing. */-
1769 debug("Requesting X11 forwarding with authentication "-
1770 "spoofing.");-
1771 x11_request_forwarding_with_spoofing(ssh, id, display, proto,-
1772 data, 1);-
1773 client_expect_confirm(ssh, id, "X11 forwarding", CONFIRM_WARN);-
1774 /* XXX exit_on_forward_failure */-
1775 interactive = 1;-
1776 }
never executed: end of block
0
1777-
1778 check_agent_present();-
1779 if (options.forward_agent) {
options.forward_agentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1780 debug("Requesting authentication agent forwarding.");-
1781 channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);-
1782 packet_send();-
1783 }
never executed: end of block
0
1784-
1785 /* Tell the packet module whether this is an interactive session. */-
1786 packet_set_interactive(interactive,-
1787 options.ip_qos_interactive, options.ip_qos_bulk);-
1788-
1789 client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"),-
1790 NULL, fileno(stdin), command, environ);-
1791}
never executed: end of block
0
1792-
1793/* open new channel for a session */-
1794static int-
1795ssh_session2_open(struct ssh *ssh)-
1796{-
1797 Channel *c;-
1798 int window, packetmax, in, out, err;-
1799-
1800 if (stdin_null_flag) {
stdin_null_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1801 in = open(_PATH_DEVNULL, O_RDONLY);-
1802 } else {
never executed: end of block
0
1803 in = dup(STDIN_FILENO);-
1804 }
never executed: end of block
0
1805 out = dup(STDOUT_FILENO);-
1806 err = dup(STDERR_FILENO);-
1807-
1808 if (in < 0 || out < 0 || err < 0)
in < 0Description
TRUEnever evaluated
FALSEnever evaluated
out < 0Description
TRUEnever evaluated
FALSEnever evaluated
err < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1809 fatal("dup() in/out/err failed");
never executed: fatal("dup() in/out/err failed");
0
1810-
1811 /* enable nonblocking unless tty */-
1812 if (!isatty(in))
!isatty(in)Description
TRUEnever evaluated
FALSEnever evaluated
0
1813 set_nonblock(in);
never executed: set_nonblock(in);
0
1814 if (!isatty(out))
!isatty(out)Description
TRUEnever evaluated
FALSEnever evaluated
0
1815 set_nonblock(out);
never executed: set_nonblock(out);
0
1816 if (!isatty(err))
!isatty(err)Description
TRUEnever evaluated
FALSEnever evaluated
0
1817 set_nonblock(err);
never executed: set_nonblock(err);
0
1818-
1819 window = CHAN_SES_WINDOW_DEFAULT;-
1820 packetmax = CHAN_SES_PACKET_DEFAULT;-
1821 if (tty_flag) {
tty_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1822 window >>= 1;-
1823 packetmax >>= 1;-
1824 }
never executed: end of block
0
1825 c = channel_new(ssh,-
1826 "session", SSH_CHANNEL_OPENING, in, out, err,-
1827 window, packetmax, CHAN_EXTENDED_WRITE,-
1828 "client-session", /*nonblock*/0);-
1829-
1830 debug3("%s: channel_new: %d", __func__, c->self);-
1831-
1832 channel_send_open(ssh, c->self);-
1833 if (!no_shell_flag)
!no_shell_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1834 channel_register_open_confirm(ssh, c->self,
never executed: channel_register_open_confirm(ssh, c->self, ssh_session2_setup, ((void *)0) );
0
1835 ssh_session2_setup, NULL);
never executed: channel_register_open_confirm(ssh, c->self, ssh_session2_setup, ((void *)0) );
0
1836-
1837 return c->self;
never executed: return c->self;
0
1838}-
1839-
1840static int-
1841ssh_session2(struct ssh *ssh, struct passwd *pw)-
1842{-
1843 int devnull, id = -1;-
1844 char *cp, *tun_fwd_ifname = NULL;-
1845-
1846 /* XXX should be pre-session */-
1847 if (!options.control_persist)
!options.control_persistDescription
TRUEnever evaluated
FALSEnever evaluated
0
1848 ssh_init_stdio_forwarding(ssh);
never executed: ssh_init_stdio_forwarding(ssh);
0
1849-
1850 ssh_init_forwarding(ssh, &tun_fwd_ifname);-
1851-
1852 if (options.local_command != NULL) {
options.local_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1853 debug3("expanding LocalCommand: %s", options.local_command);-
1854 cp = options.local_command;-
1855 options.local_command = percent_expand(cp,-
1856 "C", conn_hash_hex,-
1857 "L", shorthost,-
1858 "d", pw->pw_dir,-
1859 "h", host,-
1860 "i", uidstr,-
1861 "l", thishost,-
1862 "n", host_arg,-
1863 "p", portstr,-
1864 "r", options.user,-
1865 "u", pw->pw_name,-
1866 "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname,-
1867 (char *)NULL);-
1868 debug3("expanded LocalCommand: %s", options.local_command);-
1869 free(cp);-
1870 }
never executed: end of block
0
1871-
1872 /* Start listening for multiplex clients */-
1873 if (!packet_get_mux())
!ssh_packet_ge...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
0
1874 muxserver_listen(ssh);
never executed: muxserver_listen(ssh);
0
1875-
1876 /*-
1877 * If we are in control persist mode and have a working mux listen-
1878 * socket, then prepare to background ourselves and have a foreground-
1879 * client attach as a control slave.-
1880 * NB. we must save copies of the flags that we override for-
1881 * the backgrounding, since we defer attachment of the slave until-
1882 * after the connection is fully established (in particular,-
1883 * async rfwd replies have been received for ExitOnForwardFailure).-
1884 */-
1885 if (options.control_persist && muxserver_sock != -1) {
options.control_persistDescription
TRUEnever evaluated
FALSEnever evaluated
muxserver_sock != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1886 ostdin_null_flag = stdin_null_flag;-
1887 ono_shell_flag = no_shell_flag;-
1888 orequest_tty = options.request_tty;-
1889 otty_flag = tty_flag;-
1890 stdin_null_flag = 1;-
1891 no_shell_flag = 1;-
1892 tty_flag = 0;-
1893 if (!fork_after_authentication_flag)
!fork_after_au...ntication_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1894 need_controlpersist_detach = 1;
never executed: need_controlpersist_detach = 1;
0
1895 fork_after_authentication_flag = 1;-
1896 }
never executed: end of block
0
1897 /*-
1898 * ControlPersist mux listen socket setup failed, attempt the-
1899 * stdio forward setup that we skipped earlier.-
1900 */-
1901 if (options.control_persist && muxserver_sock == -1)
options.control_persistDescription
TRUEnever evaluated
FALSEnever evaluated
muxserver_sock == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1902 ssh_init_stdio_forwarding(ssh);
never executed: ssh_init_stdio_forwarding(ssh);
0
1903-
1904 if (!no_shell_flag)
!no_shell_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1905 id = ssh_session2_open(ssh);
never executed: id = ssh_session2_open(ssh);
0
1906 else {-
1907 packet_set_interactive(-
1908 options.control_master == SSHCTL_MASTER_NO,-
1909 options.ip_qos_interactive, options.ip_qos_bulk);-
1910 }
never executed: end of block
0
1911-
1912 /* If we don't expect to open a new session, then disallow it */-
1913 if (options.control_master == SSHCTL_MASTER_NO &&
options.control_master == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1914 (datafellows & SSH_NEW_OPENSSH)) {
(datafellows & 0x04000000)Description
TRUEnever evaluated
FALSEnever evaluated
0
1915 debug("Requesting no-more-sessions@openssh.com");-
1916 packet_start(SSH2_MSG_GLOBAL_REQUEST);-
1917 packet_put_cstring("no-more-sessions@openssh.com");-
1918 packet_put_char(0);-
1919 packet_send();-
1920 }
never executed: end of block
0
1921-
1922 /* Execute a local command */-
1923 if (options.local_command != NULL &&
options.local_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1924 options.permit_local_command)
options.permit_local_commandDescription
TRUEnever evaluated
FALSEnever evaluated
0
1925 ssh_local_cmd(options.local_command);
never executed: ssh_local_cmd(options.local_command);
0
1926-
1927 /*-
1928 * stdout is now owned by the session channel; clobber it here-
1929 * so future channel closes are propagated to the local fd.-
1930 * NB. this can only happen after LocalCommand has completed,-
1931 * as it may want to write to stdout.-
1932 */-
1933 if (!need_controlpersist_detach) {
!need_controlpersist_detachDescription
TRUEnever evaluated
FALSEnever evaluated
0
1934 if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
(devnull = ope... , 01 )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1935 error("%s: open %s: %s", __func__,
never executed: error("%s: open %s: %s", __func__, "/dev/null" , strerror( (*__errno_location ()) ));
0
1936 _PATH_DEVNULL, strerror(errno));
never executed: error("%s: open %s: %s", __func__, "/dev/null" , strerror( (*__errno_location ()) ));
0
1937 if (dup2(devnull, STDOUT_FILENO) < 0)
dup2(devnull, 1 ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1938 fatal("%s: dup2() stdout failed", __func__);
never executed: fatal("%s: dup2() stdout failed", __func__);
0
1939 if (devnull > STDERR_FILENO)
devnull > 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1940 close(devnull);
never executed: close(devnull);
0
1941 }
never executed: end of block
0
1942-
1943 /*-
1944 * If requested and we are not interested in replies to remote-
1945 * forwarding requests, then let ssh continue in the background.-
1946 */-
1947 if (fork_after_authentication_flag) {
fork_after_authentication_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1948 if (options.exit_on_forward_failure &&
options.exit_o...orward_failureDescription
TRUEnever evaluated
FALSEnever evaluated
0
1949 options.num_remote_forwards > 0) {
options.num_re...e_forwards > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1950 debug("deferring postauth fork until remote forward "-
1951 "confirmation received");-
1952 } else
never executed: end of block
0
1953 fork_postauth();
never executed: fork_postauth();
0
1954 }-
1955-
1956 return client_loop(ssh, tty_flag, tty_flag ?
never executed: return client_loop(ssh, tty_flag, tty_flag ? options.escape_char : -2, id);
0
1957 options.escape_char : SSH_ESCAPECHAR_NONE, id);
never executed: return client_loop(ssh, tty_flag, tty_flag ? options.escape_char : -2, id);
0
1958}-
1959-
1960/* Loads all IdentityFile and CertificateFile keys */-
1961static void-
1962load_public_identity_files(struct passwd *pw)-
1963{-
1964 char *filename, *cp;-
1965 struct sshkey *public;-
1966 int i;-
1967 u_int n_ids, n_certs;-
1968 char *identity_files[SSH_MAX_IDENTITY_FILES];-
1969 struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];-
1970 int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];-
1971 char *certificate_files[SSH_MAX_CERTIFICATE_FILES];-
1972 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];-
1973 int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES];-
1974#ifdef ENABLE_PKCS11-
1975 struct sshkey **keys;-
1976 int nkeys;-
1977#endif /* PKCS11 */-
1978-
1979 n_ids = n_certs = 0;-
1980 memset(identity_files, 0, sizeof(identity_files));-
1981 memset(identity_keys, 0, sizeof(identity_keys));-
1982 memset(identity_file_userprovided, 0,-
1983 sizeof(identity_file_userprovided));-
1984 memset(certificate_files, 0, sizeof(certificate_files));-
1985 memset(certificates, 0, sizeof(certificates));-
1986 memset(certificate_file_userprovided, 0,-
1987 sizeof(certificate_file_userprovided));-
1988-
1989#ifdef ENABLE_PKCS11-
1990 if (options.pkcs11_provider != NULL &&
options.pkcs11...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1991 options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
options.num_id...ty_files < 100Description
TRUEnever evaluated
FALSEnever evaluated
0
1992 (pkcs11_init(!options.batch_mode) == 0) &&
(pkcs11_init(!...ch_mode) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1993 (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,
(nkeys = pkcs1... , &keys)) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1994 &keys)) > 0) {
(nkeys = pkcs1... , &keys)) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1995 for (i = 0; i < nkeys; i++) {
i < nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1996 if (n_ids >= SSH_MAX_IDENTITY_FILES) {
n_ids >= 100Description
TRUEnever evaluated
FALSEnever evaluated
0
1997 sshkey_free(keys[i]);-
1998 continue;
never executed: continue;
0
1999 }-
2000 identity_keys[n_ids] = keys[i];-
2001 identity_files[n_ids] =-
2002 xstrdup(options.pkcs11_provider); /* XXX */-
2003 n_ids++;-
2004 }
never executed: end of block
0
2005 free(keys);-
2006 }
never executed: end of block
0
2007#endif /* ENABLE_PKCS11 */-
2008 for (i = 0; i < options.num_identity_files; i++) {
i < options.num_identity_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
2009 if (n_ids >= SSH_MAX_IDENTITY_FILES ||
n_ids >= 100Description
TRUEnever evaluated
FALSEnever evaluated
0
2010 strcasecmp(options.identity_files[i], "none") == 0) {
strcasecmp(opt..., "none") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2011 free(options.identity_files[i]);-
2012 options.identity_files[i] = NULL;-
2013 continue;
never executed: continue;
0
2014 }-
2015 cp = tilde_expand_filename(options.identity_files[i], getuid());-
2016 filename = percent_expand(cp, "d", pw->pw_dir,-
2017 "u", pw->pw_name, "l", thishost, "h", host,-
2018 "r", options.user, (char *)NULL);-
2019 free(cp);-
2020 check_load(sshkey_load_public(filename, &public, NULL),-
2021 filename, "pubkey");-
2022 debug("identity file %s type %d", filename,-
2023 public ? public->type : -1);-
2024 free(options.identity_files[i]);-
2025 identity_files[n_ids] = filename;-
2026 identity_keys[n_ids] = public;-
2027 identity_file_userprovided[n_ids] =-
2028 options.identity_file_userprovided[i];-
2029 if (++n_ids >= SSH_MAX_IDENTITY_FILES)
++n_ids >= 100Description
TRUEnever evaluated
FALSEnever evaluated
0
2030 continue;
never executed: continue;
0
2031-
2032 /*-
2033 * If no certificates have been explicitly listed then try-
2034 * to add the default certificate variant too.-
2035 */-
2036 if (options.num_certificate_files != 0)
options.num_ce...ate_files != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2037 continue;
never executed: continue;
0
2038 xasprintf(&cp, "%s-cert", filename);-
2039 check_load(sshkey_load_public(cp, &public, NULL),-
2040 filename, "pubkey");-
2041 debug("identity file %s type %d", cp,-
2042 public ? public->type : -1);-
2043 if (public == NULL) {
public == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2044 free(cp);-
2045 continue;
never executed: continue;
0
2046 }-
2047 if (!sshkey_is_cert(public)) {
!sshkey_is_cert(public)Description
TRUEnever evaluated
FALSEnever evaluated
0
2048 debug("%s: key %s type %s is not a certificate",-
2049 __func__, cp, sshkey_type(public));-
2050 sshkey_free(public);-
2051 free(cp);-
2052 continue;
never executed: continue;
0
2053 }-
2054 /* NB. leave filename pointing to private key */-
2055 identity_files[n_ids] = xstrdup(filename);-
2056 identity_keys[n_ids] = public;-
2057 identity_file_userprovided[n_ids] =-
2058 options.identity_file_userprovided[i];-
2059 n_ids++;-
2060 }
never executed: end of block
0
2061-
2062 if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES)
options.num_ce...te_files > 100Description
TRUEnever evaluated
FALSEnever evaluated
0
2063 fatal("%s: too many certificates", __func__);
never executed: fatal("%s: too many certificates", __func__);
0
2064 for (i = 0; i < options.num_certificate_files; i++) {
i < options.nu...tificate_filesDescription
TRUEnever evaluated
FALSEnever evaluated
0
2065 cp = tilde_expand_filename(options.certificate_files[i],-
2066 getuid());-
2067 filename = percent_expand(cp,-
2068 "d", pw->pw_dir,-
2069 "h", host,-
2070 "i", uidstr,-
2071 "l", thishost,-
2072 "r", options.user,-
2073 "u", pw->pw_name,-
2074 (char *)NULL);-
2075 free(cp);-
2076-
2077 check_load(sshkey_load_public(filename, &public, NULL),-
2078 filename, "certificate");-
2079 debug("certificate file %s type %d", filename,-
2080 public ? public->type : -1);-
2081 free(options.certificate_files[i]);-
2082 options.certificate_files[i] = NULL;-
2083 if (public == NULL) {
public == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2084 free(filename);-
2085 continue;
never executed: continue;
0
2086 }-
2087 if (!sshkey_is_cert(public)) {
!sshkey_is_cert(public)Description
TRUEnever evaluated
FALSEnever evaluated
0
2088 debug("%s: key %s type %s is not a certificate",-
2089 __func__, filename, sshkey_type(public));-
2090 sshkey_free(public);-
2091 free(filename);-
2092 continue;
never executed: continue;
0
2093 }-
2094 certificate_files[n_certs] = filename;-
2095 certificates[n_certs] = public;-
2096 certificate_file_userprovided[n_certs] =-
2097 options.certificate_file_userprovided[i];-
2098 ++n_certs;-
2099 }
never executed: end of block
0
2100-
2101 options.num_identity_files = n_ids;-
2102 memcpy(options.identity_files, identity_files, sizeof(identity_files));-
2103 memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));-
2104 memcpy(options.identity_file_userprovided,-
2105 identity_file_userprovided, sizeof(identity_file_userprovided));-
2106-
2107 options.num_certificate_files = n_certs;-
2108 memcpy(options.certificate_files,-
2109 certificate_files, sizeof(certificate_files));-
2110 memcpy(options.certificates, certificates, sizeof(certificates));-
2111 memcpy(options.certificate_file_userprovided,-
2112 certificate_file_userprovided,-
2113 sizeof(certificate_file_userprovided));-
2114}
never executed: end of block
0
2115-
2116static void-
2117main_sigchld_handler(int sig)-
2118{-
2119 int save_errno = errno;-
2120 pid_t pid;-
2121 int status;-
2122-
2123 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
(pid = waitpid...atus, 1 )) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2124 (pid < 0 && errno == EINTR))
pid < 0Description
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
2125 ;
never executed: ;
0
2126 errno = save_errno;-
2127}
never executed: end of block
0
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2