Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | #include "includes.h" | - |
44 | | - |
45 | #include <sys/types.h> | - |
46 | #ifdef HAVE_SYS_STAT_H | - |
47 | # include <sys/stat.h> | - |
48 | #endif | - |
49 | #include <sys/resource.h> | - |
50 | #include <sys/ioctl.h> | - |
51 | #include <sys/socket.h> | - |
52 | #include <sys/wait.h> | - |
53 | | - |
54 | #include <ctype.h> | - |
55 | #include <errno.h> | - |
56 | #include <fcntl.h> | - |
57 | #include <netdb.h> | - |
58 | #ifdef HAVE_PATHS_H | - |
59 | #include <paths.h> | - |
60 | #endif | - |
61 | #include <pwd.h> | - |
62 | #include <signal.h> | - |
63 | #include <stdarg.h> | - |
64 | #include <stddef.h> | - |
65 | #include <stdio.h> | - |
66 | #include <stdlib.h> | - |
67 | #include <string.h> | - |
68 | #include <unistd.h> | - |
69 | #include <limits.h> | - |
70 | #include <locale.h> | - |
71 | | - |
72 | #include <netinet/in.h> | - |
73 | #include <arpa/inet.h> | - |
74 | | - |
75 | #ifdef WITH_OPENSSL | - |
76 | #include <openssl/evp.h> | - |
77 | #include <openssl/err.h> | - |
78 | #endif | - |
79 | #include "openbsd-compat/openssl-compat.h" | - |
80 | #include "openbsd-compat/sys-queue.h" | - |
81 | | - |
82 | #include "xmalloc.h" | - |
83 | #include "ssh.h" | - |
84 | #include "ssh2.h" | - |
85 | #include "canohost.h" | - |
86 | #include "compat.h" | - |
87 | #include "cipher.h" | - |
88 | #include "digest.h" | - |
89 | #include "packet.h" | - |
90 | #include "sshbuf.h" | - |
91 | #include "channels.h" | - |
92 | #include "sshkey.h" | - |
93 | #include "authfd.h" | - |
94 | #include "authfile.h" | - |
95 | #include "pathnames.h" | - |
96 | #include "dispatch.h" | - |
97 | #include "clientloop.h" | - |
98 | #include "log.h" | - |
99 | #include "misc.h" | - |
100 | #include "readconf.h" | - |
101 | #include "sshconnect.h" | - |
102 | #include "kex.h" | - |
103 | #include "mac.h" | - |
104 | #include "sshpty.h" | - |
105 | #include "match.h" | - |
106 | #include "msg.h" | - |
107 | #include "version.h" | - |
108 | #include "ssherr.h" | - |
109 | #include "myproposal.h" | - |
110 | #include "utf8.h" | - |
111 | | - |
112 | #ifdef ENABLE_PKCS11 | - |
113 | #include "ssh-pkcs11.h" | - |
114 | #endif | - |
115 | | - |
116 | extern char *__progname; | - |
117 | | - |
118 | | - |
119 | #ifndef HAVE_SETPROCTITLE | - |
120 | static char **saved_av; | - |
121 | #endif | - |
122 | | - |
123 | | - |
124 | int debug_flag = 0; | - |
125 | | - |
126 | | - |
127 | int tty_flag = 0; | - |
128 | | - |
129 | | - |
130 | int no_shell_flag = 0; | - |
131 | | - |
132 | | - |
133 | | - |
134 | | - |
135 | | - |
136 | int stdin_null_flag = 0; | - |
137 | | - |
138 | | - |
139 | | - |
140 | | - |
141 | | - |
142 | int need_controlpersist_detach = 0; | - |
143 | | - |
144 | | - |
145 | int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty; | - |
146 | | - |
147 | | - |
148 | | - |
149 | | - |
150 | | - |
151 | | - |
152 | int fork_after_authentication_flag = 0; | - |
153 | | - |
154 | | - |
155 | | - |
156 | | - |
157 | | - |
158 | Options options; | - |
159 | | - |
160 | | - |
161 | char *config = NULL; | - |
162 | | - |
163 | | - |
164 | | - |
165 | | - |
166 | | - |
167 | | - |
168 | char *host; | - |
169 | | - |
170 | | - |
171 | static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | - |
172 | static char uidstr[32], *host_arg, *conn_hash_hex; | - |
173 | | - |
174 | | - |
175 | struct sockaddr_storage hostaddr; | - |
176 | | - |
177 | | - |
178 | Sensitive sensitive_data; | - |
179 | | - |
180 | | - |
181 | struct sshbuf *command; | - |
182 | | - |
183 | | - |
184 | int subsystem_flag = 0; | - |
185 | | - |
186 | | - |
187 | static int remote_forward_confirms_received = 0; | - |
188 | | - |
189 | | - |
190 | extern int muxserver_sock; | - |
191 | extern u_int muxclient_command; | - |
192 | | - |
193 | | - |
194 | | - |
195 | static void | - |
196 | usage(void) | - |
197 | { | - |
198 | fprintf(stderr, | - |
199 | "usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n" | - |
200 | " [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n" | - |
201 | " [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n" | - |
202 | " [-i identity_file] [-J [user@]host[:port]] [-L address]\n" | - |
203 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | - |
204 | " [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n" | - |
205 | " [-w local_tun[:remote_tun]] destination [command]\n" | - |
206 | ); | - |
207 | exit(255); never executed: exit(255); | 0 |
208 | } | - |
209 | | - |
210 | static int ssh_session2(struct ssh *, struct passwd *); | - |
211 | static void load_public_identity_files(struct passwd *); | - |
212 | static void main_sigchld_handler(int); | - |
213 | | - |
214 | | - |
215 | static void | - |
216 | tilde_expand_paths(char **paths, u_int num_paths) | - |
217 | { | - |
218 | u_int i; | - |
219 | char *cp; | - |
220 | | - |
221 | for (i = 0; i < num_paths; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
222 | cp = tilde_expand_filename(paths[i], getuid()); | - |
223 | free(paths[i]); | - |
224 | paths[i] = cp; | - |
225 | } never executed: end of block | 0 |
226 | } never executed: end of block | 0 |
227 | | - |
228 | | - |
229 | | - |
230 | | - |
231 | | - |
232 | | - |
233 | | - |
234 | static struct addrinfo * | - |
235 | resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) | - |
236 | { | - |
237 | char strport[NI_MAXSERV]; | - |
238 | struct addrinfo hints, *res; | - |
239 | int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1; | - |
240 | | - |
241 | if (port <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
242 | port = default_ssh_port(); never executed: port = default_ssh_port(); | 0 |
243 | | - |
244 | snprintf(strport, sizeof strport, "%d", port); | - |
245 | memset(&hints, 0, sizeof(hints)); | - |
246 | hints.ai_family = options.address_family == -1 ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
247 | AF_UNSPEC : options.address_family; | - |
248 | hints.ai_socktype = SOCK_STREAM; | - |
249 | if (cname != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
250 | hints.ai_flags = AI_CANONNAME; never executed: hints.ai_flags = 0x0002 ; | 0 |
251 | if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
252 | if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | loglevel = SYSLOG_LEVEL_ERROR; never executed: loglevel = SYSLOG_LEVEL_ERROR; | 0 |
254 | do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s", | - |
255 | __progname, name, ssh_gai_strerror(gaierr)); | - |
256 | return NULL; never executed: return ((void *)0) ; | 0 |
257 | } | - |
258 | if (cname != NULL && res->ai_canonname != NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
259 | if (strlcpy(cname, res->ai_canonname, clen) >= clen) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
260 | error("%s: host \"%s\" cname \"%s\" too long (max %lu)", | - |
261 | __func__, name, res->ai_canonname, (u_long)clen); | - |
262 | if (clen > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
263 | *cname = '\0'; never executed: *cname = '\0'; | 0 |
264 | } never executed: end of block | 0 |
265 | } never executed: end of block | 0 |
266 | return res; never executed: return res; | 0 |
267 | } | - |
268 | | - |
269 | | - |
270 | static int | - |
271 | is_addr_fast(const char *name) | - |
272 | { | - |
273 | return (strchr(name, '%') != NULL || strchr(name, ':') != NULL || never executed: return ( (__extension__ (__builtin_constant_p ( '%' ) && !__builtin_constant_p ( name ) && ( '%' ) == '\0' ? (char *) __rawmemchr ( name , '%' ) : __builtin_strchr ( name , '%' ))) != ((void *)0) || (__extension__ (__builtin_constant_p ( ':' ) && !__builtin_constant_p ( name ) && ( ':' ) == '\0' ? (char *) __rawmemchr ( name , ':' ) : __builtin_strchr ( name , ':' ))) != ((void *)0) || __builtin_strspn ( name , "0123456789." ) == strlen(name)); TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
274 | strspn(name, "0123456789.") == strlen(name)); never executed: return ( (__extension__ (__builtin_constant_p ( '%' ) && !__builtin_constant_p ( name ) && ( '%' ) == '\0' ? (char *) __rawmemchr ( name , '%' ) : __builtin_strchr ( name , '%' ))) != ((void *)0) || (__extension__ (__builtin_constant_p ( ':' ) && !__builtin_constant_p ( name ) && ( ':' ) == '\0' ? (char *) __rawmemchr ( name , ':' ) : __builtin_strchr ( name , ':' ))) != ((void *)0) || __builtin_strspn ( name , "0123456789." ) == strlen(name)); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
275 | } | - |
276 | | - |
277 | | - |
278 | static int | - |
279 | is_addr(const char *name) | - |
280 | { | - |
281 | char strport[NI_MAXSERV]; | - |
282 | struct addrinfo hints, *res; | - |
283 | | - |
284 | if (is_addr_fast(name))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
285 | return 1; never executed: return 1; | 0 |
286 | | - |
287 | snprintf(strport, sizeof strport, "%u", default_ssh_port()); | - |
288 | memset(&hints, 0, sizeof(hints)); | - |
289 | hints.ai_family = options.address_family == -1 ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
290 | AF_UNSPEC : options.address_family; | - |
291 | hints.ai_socktype = SOCK_STREAM; | - |
292 | hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; | - |
293 | if (getaddrinfo(name, strport, &hints, &res) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
294 | return 0; never executed: return 0; | 0 |
295 | if (res == NULL || res->ai_next != NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
296 | freeaddrinfo(res); | - |
297 | return 0; never executed: return 0; | 0 |
298 | } | - |
299 | freeaddrinfo(res); | - |
300 | return 1; never executed: return 1; | 0 |
301 | } | - |
302 | | - |
303 | | - |
304 | | - |
305 | | - |
306 | | - |
307 | | - |
308 | | - |
309 | static struct addrinfo * | - |
310 | resolve_addr(const char *name, int port, char *caddr, size_t clen) | - |
311 | { | - |
312 | char addr[NI_MAXHOST], strport[NI_MAXSERV]; | - |
313 | struct addrinfo hints, *res; | - |
314 | int gaierr; | - |
315 | | - |
316 | if (port <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | port = default_ssh_port(); never executed: port = default_ssh_port(); | 0 |
318 | snprintf(strport, sizeof strport, "%u", port); | - |
319 | memset(&hints, 0, sizeof(hints)); | - |
320 | hints.ai_family = options.address_family == -1 ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
321 | AF_UNSPEC : options.address_family; | - |
322 | hints.ai_socktype = SOCK_STREAM; | - |
323 | hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; | - |
324 | if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
325 | debug2("%s: could not resolve name %.100s as address: %s", | - |
326 | __func__, name, ssh_gai_strerror(gaierr)); | - |
327 | return NULL; never executed: return ((void *)0) ; | 0 |
328 | } | - |
329 | if (res == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
330 | debug("%s: getaddrinfo %.100s returned no addresses", | - |
331 | __func__, name); | - |
332 | return NULL; never executed: return ((void *)0) ; | 0 |
333 | } | - |
334 | if (res->ai_next != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
335 | debug("%s: getaddrinfo %.100s returned multiple addresses", | - |
336 | __func__, name); | - |
337 | goto fail; never executed: goto fail; | 0 |
338 | } | - |
339 | if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
340 | addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
341 | debug("%s: Could not format address for name %.100s: %s", | - |
342 | __func__, name, ssh_gai_strerror(gaierr)); | - |
343 | goto fail; never executed: goto fail; | 0 |
344 | } | - |
345 | if (strlcpy(caddr, addr, clen) >= clen) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | error("%s: host \"%s\" addr \"%s\" too long (max %lu)", | - |
347 | __func__, name, addr, (u_long)clen); | - |
348 | if (clen > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
349 | *caddr = '\0'; never executed: *caddr = '\0'; | 0 |
350 | fail: code before this statement never executed: fail: | 0 |
351 | freeaddrinfo(res); | - |
352 | return NULL; never executed: return ((void *)0) ; | 0 |
353 | } | - |
354 | return res; never executed: return res; | 0 |
355 | } | - |
356 | | - |
357 | | - |
358 | | - |
359 | | - |
360 | | - |
361 | | - |
362 | static int | - |
363 | check_follow_cname(int direct, char **namep, const char *cname) | - |
364 | { | - |
365 | int i; | - |
366 | struct allowed_cname *rule; | - |
367 | | - |
368 | if (*cname == '\0' || options.num_permitted_cnames == 0 ||TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
369 | strcmp(*namep, cname) == 0) never executed: __result = (((const unsigned char *) (const char *) ( *namep ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( cname ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
370 | return 0; never executed: return 0; | 0 |
371 | if (options.canonicalize_hostname == SSH_CANONICALISE_NO)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | return 0; never executed: return 0; | 0 |
373 | | - |
374 | | - |
375 | | - |
376 | | - |
377 | if (!direct &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
378 | options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | return 0; never executed: return 0; | 0 |
380 | debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); | - |
381 | for (i = 0; i < options.num_permitted_cnames; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
382 | rule = options.permitted_cnames + i; | - |
383 | if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | match_pattern_list(cname, rule->target_list, 1) != 1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
385 | continue; never executed: continue; | 0 |
386 | verbose("Canonicalized DNS aliased hostname " | - |
387 | "\"%s\" => \"%s\"", *namep, cname); | - |
388 | free(*namep); | - |
389 | *namep = xstrdup(cname); | - |
390 | return 1; never executed: return 1; | 0 |
391 | } | - |
392 | return 0; never executed: return 0; | 0 |
393 | } | - |
394 | | - |
395 | | - |
396 | | - |
397 | | - |
398 | | - |
399 | | - |
400 | | - |
401 | static struct addrinfo * | - |
402 | resolve_canonicalize(char **hostp, int port) | - |
403 | { | - |
404 | int i, direct, ndots; | - |
405 | char *cp, *fullhost, newname[NI_MAXHOST]; | - |
406 | struct addrinfo *addrs; | - |
407 | | - |
408 | | - |
409 | | - |
410 | | - |
411 | | - |
412 | if ((addrs = resolve_addr(*hostp, port,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
413 | newname, sizeof(newname))) != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
414 | debug2("%s: hostname %.100s is address", __func__, *hostp); | - |
415 | if (strcasecmp(*hostp, newname) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
416 | debug2("%s: canonicalised address \"%s\" => \"%s\"", | - |
417 | __func__, *hostp, newname); | - |
418 | free(*hostp); | - |
419 | *hostp = xstrdup(newname); | - |
420 | } never executed: end of block | 0 |
421 | return addrs; never executed: return addrs; | 0 |
422 | } | - |
423 | | - |
424 | | - |
425 | | - |
426 | | - |
427 | | - |
428 | | - |
429 | if (is_addr_fast(*hostp)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
430 | debug("%s: hostname %.100s is an unrecognised address", | - |
431 | __func__, *hostp); | - |
432 | return NULL; never executed: return ((void *)0) ; | 0 |
433 | } | - |
434 | | - |
435 | if (options.canonicalize_hostname == SSH_CANONICALISE_NO)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
436 | return NULL; never executed: return ((void *)0) ; | 0 |
437 | | - |
438 | | - |
439 | | - |
440 | | - |
441 | | - |
442 | direct = option_clear_or_none(options.proxy_command) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
443 | options.jump_host == NULL;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
444 | if (!direct &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
445 | options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
446 | return NULL; never executed: return ((void *)0) ; | 0 |
447 | | - |
448 | | - |
449 | if ((*hostp)[strlen(*hostp) - 1] == '.') {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
450 | debug3("%s: name is fully qualified", __func__); | - |
451 | fullhost = xstrdup(*hostp); | - |
452 | if ((addrs = resolve_host(fullhost, port, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
453 | newname, sizeof(newname))) != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
454 | goto found; never executed: goto found; | 0 |
455 | free(fullhost); | - |
456 | goto notfound; never executed: goto notfound; | 0 |
457 | } | - |
458 | | - |
459 | | - |
460 | ndots = 0; | - |
461 | for (cp = *hostp; *cp != '\0'; cp++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
462 | if (*cp == '.')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
463 | ndots++; never executed: ndots++; | 0 |
464 | } never executed: end of block | 0 |
465 | if (ndots > options.canonicalize_max_dots) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
466 | debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)", | - |
467 | __func__, *hostp, options.canonicalize_max_dots); | - |
468 | return NULL; never executed: return ((void *)0) ; | 0 |
469 | } | - |
470 | | - |
471 | for (i = 0; i < options.num_canonical_domains; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
472 | *newname = '\0'; | - |
473 | xasprintf(&fullhost, "%s.%s.", *hostp, | - |
474 | options.canonical_domains[i]); | - |
475 | debug3("%s: attempting \"%s\" => \"%s\"", __func__, | - |
476 | *hostp, fullhost); | - |
477 | if ((addrs = resolve_host(fullhost, port, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
478 | newname, sizeof(newname))) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
479 | free(fullhost); | - |
480 | continue; never executed: continue; | 0 |
481 | } | - |
482 | found: code before this statement never executed: found: | 0 |
483 | | - |
484 | fullhost[strlen(fullhost) - 1] = '\0'; | - |
485 | | - |
486 | if (!check_follow_cname(direct, &fullhost, newname)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
487 | debug("Canonicalized hostname \"%s\" => \"%s\"", | - |
488 | *hostp, fullhost); | - |
489 | } never executed: end of block | 0 |
490 | free(*hostp); | - |
491 | *hostp = fullhost; | - |
492 | return addrs; never executed: return addrs; | 0 |
493 | } | - |
494 | notfound: code before this statement never executed: notfound: | 0 |
495 | if (!options.canonicalize_fallback_local)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
496 | fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); never executed: fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); | 0 |
497 | debug2("%s: host %s not found in any suffix", __func__, *hostp); | - |
498 | return NULL; never executed: return ((void *)0) ; | 0 |
499 | } | - |
500 | | - |
501 | | - |
502 | | - |
503 | | - |
504 | | - |
505 | static void | - |
506 | check_load(int r, const char *path, const char *message) | - |
507 | { | - |
508 | switch (r) { | - |
509 | case 0: never executed: case 0: | 0 |
510 | break; never executed: break; | 0 |
511 | case SSH_ERR_INTERNAL_ERROR: never executed: case -1: | 0 |
512 | case SSH_ERR_ALLOC_FAIL: never executed: case -2: | 0 |
513 | fatal("load %s \"%s\": %s", message, path, ssh_err(r)); | - |
514 | case SSH_ERR_SYSTEM_ERROR: code before this statement never executed: case -24: never executed: case -24: | 0 |
515 | | - |
516 | if (errno == ENOENT)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
517 | break; never executed: break; | 0 |
518 | | - |
519 | default: code before this statement never executed: default: never executed: default: | 0 |
520 | error("load %s \"%s\": %s", message, path, ssh_err(r)); | - |
521 | break; never executed: break; | 0 |
522 | } | - |
523 | } | - |
524 | | - |
525 | | - |
526 | | - |
527 | | - |
528 | | - |
529 | static void | - |
530 | process_config_files(const char *host_name, struct passwd *pw, int post_canon) | - |
531 | { | - |
532 | char buf[PATH_MAX]; | - |
533 | int r; | - |
534 | | - |
535 | if (config != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
536 | if (strcasecmp(config, "none") != 0 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
537 | !read_config_file(config, pw, host, host_name, &options,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
538 | SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0)))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
539 | fatal("Can't open user config file %.100s: " never executed: fatal("Can't open user config file %.100s: " "%.100s", config, strerror( (*__errno_location ()) )); | 0 |
540 | "%.100s", config, strerror(errno)); never executed: fatal("Can't open user config file %.100s: " "%.100s", config, strerror( (*__errno_location ()) )); | 0 |
541 | } else { never executed: end of block | 0 |
542 | r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, | - |
543 | _PATH_SSH_USER_CONFFILE); | - |
544 | if (r > 0 && (size_t)r < sizeof(buf))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
545 | (void)read_config_file(buf, pw, host, host_name, never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0)); | 0 |
546 | &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0)); | 0 |
547 | (post_canon ? SSHCONF_POSTCANON : 0)); never executed: (void)read_config_file(buf, pw, host, host_name, &options, 1 | 2 | (post_canon ? 4 : 0)); | 0 |
548 | | - |
549 | | - |
550 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, | - |
551 | host, host_name, &options, | - |
552 | post_canon ? SSHCONF_POSTCANON : 0); | - |
553 | } never executed: end of block | 0 |
554 | } | - |
555 | | - |
556 | | - |
557 | static void | - |
558 | set_addrinfo_port(struct addrinfo *addrs, int port) | - |
559 | { | - |
560 | struct addrinfo *addr; | - |
561 | | - |
562 | for (addr = addrs; addr != NULL; addr = addr->ai_next) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
563 | switch (addr->ai_family) { | - |
564 | case AF_INET: never executed: case 2 : | 0 |
565 | ((struct sockaddr_in *)addr->ai_addr)-> | - |
566 | sin_port = htons(port); never executed: __v = ((unsigned short int) ((((__x) >> 8) & 0xff) | (((__x) & 0xff) << 8))); never executed: __asm__ ("rorw $8, %w0" : "=r" (__v) : "0" (__x) : "cc"); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
567 | break; never executed: break; | 0 |
568 | case AF_INET6: never executed: case 10 : | 0 |
569 | ((struct sockaddr_in6 *)addr->ai_addr)-> | - |
570 | sin6_port = htons(port); never executed: __v = ((unsigned short int) ((((__x) >> 8) & 0xff) | (((__x) & 0xff) << 8))); never executed: __asm__ ("rorw $8, %w0" : "=r" (__v) : "0" (__x) : "cc"); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
571 | break; never executed: break; | 0 |
572 | } | - |
573 | } never executed: end of block | 0 |
574 | } never executed: end of block | 0 |
575 | | - |
576 | | - |
577 | | - |
578 | | - |
579 | int | - |
580 | main(int ac, char **av) | - |
581 | { | - |
582 | struct ssh *ssh = NULL; | - |
583 | int i, r, opt, exit_status, use_syslog, direct, timeout_ms; | - |
584 | int was_addr, config_test = 0, opt_terminated = 0; | - |
585 | char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile; | - |
586 | char cname[NI_MAXHOST]; | - |
587 | struct stat st; | - |
588 | struct passwd *pw; | - |
589 | extern int optind, optreset; | - |
590 | extern char *optarg; | - |
591 | struct Forward fwd; | - |
592 | struct addrinfo *addrs = NULL; | - |
593 | struct ssh_digest_ctx *md; | - |
594 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | - |
595 | | - |
596 | ssh_malloc_init(); | - |
597 | | - |
598 | sanitise_stdfd(); | - |
599 | | - |
600 | __progname = ssh_get_progname(av[0]); | - |
601 | | - |
602 | #ifndef HAVE_SETPROCTITLE | - |
603 | | - |
604 | | - |
605 | saved_av = xcalloc(ac + 1, sizeof(*saved_av)); | - |
606 | for (i = 0; i < ac; i++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
607 | saved_av[i] = xstrdup(av[i]); never executed: saved_av[i] = xstrdup(av[i]); | 0 |
608 | saved_av[i] = NULL; | - |
609 | compat_init_setproctitle(ac, av); | - |
610 | av = saved_av; | - |
611 | #endif | - |
612 | | - |
613 | | - |
614 | | - |
615 | | - |
616 | | - |
617 | closefrom(STDERR_FILENO + 1); | - |
618 | | - |
619 | | - |
620 | pw = getpwuid(getuid()); | - |
621 | if (!pw) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
622 | logit("No user exists for uid %lu", (u_long)getuid()); | - |
623 | exit(255); never executed: exit(255); | 0 |
624 | } | - |
625 | | - |
626 | pw = pwcopy(pw); | - |
627 | | - |
628 | | - |
629 | | - |
630 | | - |
631 | | - |
632 | | - |
633 | | - |
634 | umask(022); | - |
635 | | - |
636 | msetlocale(); | - |
637 | | - |
638 | | - |
639 | | - |
640 | | - |
641 | | - |
642 | initialize_options(&options); | - |
643 | | - |
644 | | - |
645 | | - |
646 | | - |
647 | if ((ssh = ssh_alloc_session_state()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
648 | fatal("Couldn't allocate session state"); never executed: fatal("Couldn't allocate session state"); | 0 |
649 | channel_init_channels(ssh); | - |
650 | active_state = ssh; | - |
651 | | - |
652 | | - |
653 | host = NULL; | - |
654 | use_syslog = 0; | - |
655 | logfile = NULL; | - |
656 | argv0 = av[0]; | - |
657 | | - |
658 | again: code before this statement never executed: again: | 0 |
659 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
660 | "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
661 | switch (opt) { | - |
662 | case '1': never executed: case '1': | 0 |
663 | fatal("SSH protocol v.1 is no longer supported"); | - |
664 | break; never executed: break; | 0 |
665 | case '2': never executed: case '2': | 0 |
666 | | - |
667 | break; never executed: break; | 0 |
668 | case '4': never executed: case '4': | 0 |
669 | options.address_family = AF_INET; | - |
670 | break; never executed: break; | 0 |
671 | case '6': never executed: case '6': | 0 |
672 | options.address_family = AF_INET6; | - |
673 | break; never executed: break; | 0 |
674 | case 'n': never executed: case 'n': | 0 |
675 | stdin_null_flag = 1; | - |
676 | break; never executed: break; | 0 |
677 | case 'f': never executed: case 'f': | 0 |
678 | fork_after_authentication_flag = 1; | - |
679 | stdin_null_flag = 1; | - |
680 | break; never executed: break; | 0 |
681 | case 'x': never executed: case 'x': | 0 |
682 | options.forward_x11 = 0; | - |
683 | break; never executed: break; | 0 |
684 | case 'X': never executed: case 'X': | 0 |
685 | options.forward_x11 = 1; | - |
686 | break; never executed: break; | 0 |
687 | case 'y': never executed: case 'y': | 0 |
688 | use_syslog = 1; | - |
689 | break; never executed: break; | 0 |
690 | case 'E': never executed: case 'E': | 0 |
691 | logfile = optarg; | - |
692 | break; never executed: break; | 0 |
693 | case 'G': never executed: case 'G': | 0 |
694 | config_test = 1; | - |
695 | break; never executed: break; | 0 |
696 | case 'Y': never executed: case 'Y': | 0 |
697 | options.forward_x11 = 1; | - |
698 | options.forward_x11_trusted = 1; | - |
699 | break; never executed: break; | 0 |
700 | case 'g': never executed: case 'g': | 0 |
701 | options.fwd_opts.gateway_ports = 1; | - |
702 | break; never executed: break; | 0 |
703 | case 'O': never executed: case 'O': | 0 |
704 | if (options.stdio_forward_host != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
705 | fatal("Cannot specify multiplexing " never executed: fatal("Cannot specify multiplexing " "command with -W"); | 0 |
706 | "command with -W"); never executed: fatal("Cannot specify multiplexing " "command with -W"); | 0 |
707 | else if (muxclient_command != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
708 | fatal("Multiplexing command already specified"); never executed: fatal("Multiplexing command already specified"); | 0 |
709 | if (strcmp(optarg, "check") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "check" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
710 | muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; never executed: muxclient_command = 2; | 0 |
711 | else if (strcmp(optarg, "forward") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "forward" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
712 | muxclient_command = SSHMUX_COMMAND_FORWARD; never executed: muxclient_command = 5; | 0 |
713 | else if (strcmp(optarg, "exit") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "exit" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
714 | muxclient_command = SSHMUX_COMMAND_TERMINATE; never executed: muxclient_command = 3; | 0 |
715 | else if (strcmp(optarg, "stop") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "stop" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
716 | muxclient_command = SSHMUX_COMMAND_STOP; never executed: muxclient_command = 6; | 0 |
717 | else if (strcmp(optarg, "cancel") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "cancel" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
718 | muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; never executed: muxclient_command = 7; | 0 |
719 | else if (strcmp(optarg, "proxy") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "proxy" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
720 | muxclient_command = SSHMUX_COMMAND_PROXY; never executed: muxclient_command = 8; | 0 |
721 | else | - |
722 | fatal("Invalid multiplex command."); never executed: fatal("Invalid multiplex command."); | 0 |
723 | break; never executed: break; | 0 |
724 | case 'P': never executed: case 'P': | 0 |
725 | break; never executed: break; | 0 |
726 | case 'Q': never executed: case 'Q': | 0 |
727 | cp = NULL; | - |
728 | if (strcmp(optarg, "cipher") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "cipher" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
729 | cp = cipher_alg_list('\n', 0); never executed: cp = cipher_alg_list('\n', 0); | 0 |
730 | else if (strcmp(optarg, "cipher-auth") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "cipher-auth" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
731 | cp = cipher_alg_list('\n', 1); never executed: cp = cipher_alg_list('\n', 1); | 0 |
732 | else if (strcmp(optarg, "mac") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "mac" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
733 | cp = mac_alg_list('\n'); never executed: cp = mac_alg_list('\n'); | 0 |
734 | else if (strcmp(optarg, "kex") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "kex" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
735 | cp = kex_alg_list('\n'); never executed: cp = kex_alg_list('\n'); | 0 |
736 | else if (strcmp(optarg, "key") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "key" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
737 | cp = sshkey_alg_list(0, 0, 0, '\n'); never executed: cp = sshkey_alg_list(0, 0, 0, '\n'); | 0 |
738 | else if (strcmp(optarg, "key-cert") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "key-cert" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
739 | cp = sshkey_alg_list(1, 0, 0, '\n'); never executed: cp = sshkey_alg_list(1, 0, 0, '\n'); | 0 |
740 | else if (strcmp(optarg, "key-plain") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "key-plain" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
741 | cp = sshkey_alg_list(0, 1, 0, '\n'); never executed: cp = sshkey_alg_list(0, 1, 0, '\n'); | 0 |
742 | else if (strcmp(optarg, "sig") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "sig" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
743 | cp = sshkey_alg_list(0, 1, 1, '\n'); never executed: cp = sshkey_alg_list(0, 1, 1, '\n'); | 0 |
744 | else if (strcmp(optarg, "protocol-version") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "protocol-version" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
745 | cp = xstrdup("2"); never executed: cp = xstrdup("2"); | 0 |
746 | else if (strcmp(optarg, "help") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "help" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
747 | cp = xstrdup( | - |
748 | "cipher\ncipher-auth\nkex\nkey\n" | - |
749 | "key-cert\nkey-plain\nmac\n" | - |
750 | "protocol-version\nsig"); | - |
751 | } never executed: end of block | 0 |
752 | if (cp == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
753 | fatal("Unsupported query \"%s\"", optarg); never executed: fatal("Unsupported query \"%s\"", BSDoptarg); | 0 |
754 | printf("%s\n", cp); | - |
755 | free(cp); | - |
756 | exit(0); never executed: exit(0); | 0 |
757 | break; never executed: break; | 0 |
758 | case 'a': never executed: case 'a': | 0 |
759 | options.forward_agent = 0; | - |
760 | break; never executed: break; | 0 |
761 | case 'A': never executed: case 'A': | 0 |
762 | options.forward_agent = 1; | - |
763 | break; never executed: break; | 0 |
764 | case 'k': never executed: case 'k': | 0 |
765 | options.gss_deleg_creds = 0; | - |
766 | break; never executed: break; | 0 |
767 | case 'K': never executed: case 'K': | 0 |
768 | options.gss_authentication = 1; | - |
769 | options.gss_deleg_creds = 1; | - |
770 | break; never executed: break; | 0 |
771 | case 'i': never executed: case 'i': | 0 |
772 | p = tilde_expand_filename(optarg, getuid()); | - |
773 | if (stat(p, &st) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
774 | fprintf(stderr, "Warning: Identity file %s " never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) )); | 0 |
775 | "not accessible: %s.\n", p, never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) )); | 0 |
776 | strerror(errno)); never executed: fprintf( stderr , "Warning: Identity file %s " "not accessible: %s.\n", p, strerror( (*__errno_location ()) )); | 0 |
777 | else | - |
778 | add_identity_file(&options, NULL, p, 1); never executed: add_identity_file(&options, ((void *)0) , p, 1); | 0 |
779 | free(p); | - |
780 | break; never executed: break; | 0 |
781 | case 'I': never executed: case 'I': | 0 |
782 | #ifdef ENABLE_PKCS11 | - |
783 | free(options.pkcs11_provider); | - |
784 | options.pkcs11_provider = xstrdup(optarg); | - |
785 | #else | - |
786 | fprintf(stderr, "no support for PKCS#11.\n"); | - |
787 | #endif | - |
788 | break; never executed: break; | 0 |
789 | case 'J': never executed: case 'J': | 0 |
790 | if (options.jump_host != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
791 | fatal("Only a single -J option permitted"); never executed: fatal("Only a single -J option permitted"); | 0 |
792 | if (options.proxy_command != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
793 | fatal("Cannot specify -J with ProxyCommand"); never executed: fatal("Cannot specify -J with ProxyCommand"); | 0 |
794 | if (parse_jump(optarg, &options, 1) == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
795 | fatal("Invalid -J argument"); never executed: fatal("Invalid -J argument"); | 0 |
796 | options.proxy_command = xstrdup("none"); | - |
797 | break; never executed: break; | 0 |
798 | case 't': never executed: case 't': | 0 |
799 | if (options.request_tty == REQUEST_TTY_YES)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
800 | options.request_tty = REQUEST_TTY_FORCE; never executed: options.request_tty = 3; | 0 |
801 | else | - |
802 | options.request_tty = REQUEST_TTY_YES; never executed: options.request_tty = 2; | 0 |
803 | break; never executed: break; | 0 |
804 | case 'v': never executed: case 'v': | 0 |
805 | if (debug_flag == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
806 | debug_flag = 1; | - |
807 | options.log_level = SYSLOG_LEVEL_DEBUG1; | - |
808 | } else { never executed: end of block | 0 |
809 | if (options.log_level < SYSLOG_LEVEL_DEBUG3) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
810 | debug_flag++; | - |
811 | options.log_level++; | - |
812 | } never executed: end of block | 0 |
813 | } never executed: end of block | 0 |
814 | break; never executed: break; | 0 |
815 | case 'V': never executed: case 'V': | 0 |
816 | fprintf(stderr, "%s, %s\n", | - |
817 | SSH_RELEASE, | - |
818 | #ifdef WITH_OPENSSL | - |
819 | SSLeay_version(SSLEAY_VERSION) | - |
820 | #else | - |
821 | "without OpenSSL" | - |
822 | #endif | - |
823 | ); | - |
824 | if (opt == 'V')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
825 | exit(0); never executed: exit(0); | 0 |
826 | break; never executed: break; | 0 |
827 | case 'w': never executed: case 'w': | 0 |
828 | if (options.tun_open == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
829 | options.tun_open = SSH_TUNMODE_DEFAULT; never executed: options.tun_open = 0x01; | 0 |
830 | options.tun_local = a2tun(optarg, &options.tun_remote); | - |
831 | if (options.tun_local == SSH_TUNID_ERR) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
832 | fprintf(stderr, | - |
833 | "Bad tun device '%s'\n", optarg); | - |
834 | exit(255); never executed: exit(255); | 0 |
835 | } | - |
836 | break; never executed: break; | 0 |
837 | case 'W': never executed: case 'W': | 0 |
838 | if (options.stdio_forward_host != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
839 | fatal("stdio forward already specified"); never executed: fatal("stdio forward already specified"); | 0 |
840 | if (muxclient_command != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
841 | fatal("Cannot specify stdio forward with -O"); never executed: fatal("Cannot specify stdio forward with -O"); | 0 |
842 | if (parse_forward(&fwd, optarg, 1, 0)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
843 | options.stdio_forward_host = fwd.listen_host; | - |
844 | options.stdio_forward_port = fwd.listen_port; | - |
845 | free(fwd.connect_host); | - |
846 | } else { never executed: end of block | 0 |
847 | fprintf(stderr, | - |
848 | "Bad stdio forwarding specification '%s'\n", | - |
849 | optarg); | - |
850 | exit(255); never executed: exit(255); | 0 |
851 | } | - |
852 | options.request_tty = REQUEST_TTY_NO; | - |
853 | no_shell_flag = 1; | - |
854 | break; never executed: break; | 0 |
855 | case 'q': never executed: case 'q': | 0 |
856 | options.log_level = SYSLOG_LEVEL_QUIET; | - |
857 | break; never executed: break; | 0 |
858 | case 'e': never executed: case 'e': | 0 |
859 | if (optarg[0] == '^' && optarg[2] == 0 &&TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
860 | (u_char) optarg[1] >= 64 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
861 | (u_char) optarg[1] < 128)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
862 | options.escape_char = (u_char) optarg[1] & 31; never executed: options.escape_char = (u_char) BSDoptarg[1] & 31; | 0 |
863 | else if (strlen(optarg) == 1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
864 | options.escape_char = (u_char) optarg[0]; never executed: options.escape_char = (u_char) BSDoptarg[0]; | 0 |
865 | else if (strcmp(optarg, "none") == 0) never executed: __result = (((const unsigned char *) (const char *) ( BSDoptarg ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
866 | options.escape_char = SSH_ESCAPECHAR_NONE; never executed: options.escape_char = -2; | 0 |
867 | else { | - |
868 | fprintf(stderr, "Bad escape character '%s'.\n", | - |
869 | optarg); | - |
870 | exit(255); never executed: exit(255); | 0 |
871 | } | - |
872 | break; never executed: break; | 0 |
873 | case 'c': never executed: case 'c': | 0 |
874 | if (!ciphers_valid(*optarg == '+' ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
875 | optarg + 1 : optarg)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
876 | fprintf(stderr, "Unknown cipher type '%s'\n", | - |
877 | optarg); | - |
878 | exit(255); never executed: exit(255); | 0 |
879 | } | - |
880 | free(options.ciphers); | - |
881 | options.ciphers = xstrdup(optarg); | - |
882 | break; never executed: break; | 0 |
883 | case 'm': never executed: case 'm': | 0 |
884 | if (mac_valid(optarg)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
885 | free(options.macs); | - |
886 | options.macs = xstrdup(optarg); | - |
887 | } else { never executed: end of block | 0 |
888 | fprintf(stderr, "Unknown mac type '%s'\n", | - |
889 | optarg); | - |
890 | exit(255); never executed: exit(255); | 0 |
891 | } | - |
892 | break; never executed: break; | 0 |
893 | case 'M': never executed: case 'M': | 0 |
894 | if (options.control_master == SSHCTL_MASTER_YES)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
895 | options.control_master = SSHCTL_MASTER_ASK; never executed: options.control_master = 3; | 0 |
896 | else | - |
897 | options.control_master = SSHCTL_MASTER_YES; never executed: options.control_master = 1; | 0 |
898 | break; never executed: break; | 0 |
899 | case 'p': never executed: case 'p': | 0 |
900 | if (options.port == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
901 | options.port = a2port(optarg); | - |
902 | if (options.port <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
903 | fprintf(stderr, "Bad port '%s'\n", | - |
904 | optarg); | - |
905 | exit(255); never executed: exit(255); | 0 |
906 | } | - |
907 | } never executed: end of block | 0 |
908 | break; never executed: break; | 0 |
909 | case 'l': never executed: case 'l': | 0 |
910 | if (options.user == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
911 | options.user = optarg; never executed: options.user = BSDoptarg; | 0 |
912 | break; never executed: break; | 0 |
913 | | - |
914 | case 'L': never executed: case 'L': | 0 |
915 | if (parse_forward(&fwd, optarg, 0, 0))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
916 | add_local_forward(&options, &fwd); never executed: add_local_forward(&options, &fwd); | 0 |
917 | else { | - |
918 | fprintf(stderr, | - |
919 | "Bad local forwarding specification '%s'\n", | - |
920 | optarg); | - |
921 | exit(255); never executed: exit(255); | 0 |
922 | } | - |
923 | break; never executed: break; | 0 |
924 | | - |
925 | case 'R': never executed: case 'R': | 0 |
926 | if (parse_forward(&fwd, optarg, 0, 1) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
927 | parse_forward(&fwd, optarg, 1, 1)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
928 | add_remote_forward(&options, &fwd); | - |
929 | } else { never executed: end of block | 0 |
930 | fprintf(stderr, | - |
931 | "Bad remote forwarding specification " | - |
932 | "'%s'\n", optarg); | - |
933 | exit(255); never executed: exit(255); | 0 |
934 | } | - |
935 | break; never executed: break; | 0 |
936 | | - |
937 | case 'D': never executed: case 'D': | 0 |
938 | if (parse_forward(&fwd, optarg, 1, 0)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
939 | add_local_forward(&options, &fwd); | - |
940 | } else { never executed: end of block | 0 |
941 | fprintf(stderr, | - |
942 | "Bad dynamic forwarding specification " | - |
943 | "'%s'\n", optarg); | - |
944 | exit(255); never executed: exit(255); | 0 |
945 | } | - |
946 | break; never executed: break; | 0 |
947 | | - |
948 | case 'C': never executed: case 'C': | 0 |
949 | options.compression = 1; | - |
950 | break; never executed: break; | 0 |
951 | case 'N': never executed: case 'N': | 0 |
952 | no_shell_flag = 1; | - |
953 | options.request_tty = REQUEST_TTY_NO; | - |
954 | break; never executed: break; | 0 |
955 | case 'T': never executed: case 'T': | 0 |
956 | options.request_tty = REQUEST_TTY_NO; | - |
957 | break; never executed: break; | 0 |
958 | case 'o': never executed: case 'o': | 0 |
959 | line = xstrdup(optarg); | - |
960 | if (process_config_line(&options, pw,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
961 | host ? host : "", host ? host : "", line,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
962 | "command-line", 0, NULL, SSHCONF_USERCONF) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
963 | exit(255); never executed: exit(255); | 0 |
964 | free(line); | - |
965 | break; never executed: break; | 0 |
966 | case 's': never executed: case 's': | 0 |
967 | subsystem_flag = 1; | - |
968 | break; never executed: break; | 0 |
969 | case 'S': never executed: case 'S': | 0 |
970 | free(options.control_path); | - |
971 | options.control_path = xstrdup(optarg); | - |
972 | break; never executed: break; | 0 |
973 | case 'b': never executed: case 'b': | 0 |
974 | options.bind_address = optarg; | - |
975 | break; never executed: break; | 0 |
976 | case 'B': never executed: case 'B': | 0 |
977 | options.bind_interface = optarg; | - |
978 | break; never executed: break; | 0 |
979 | case 'F': never executed: case 'F': | 0 |
980 | config = optarg; | - |
981 | break; never executed: break; | 0 |
982 | default: never executed: default: | 0 |
983 | usage(); | - |
984 | } never executed: end of block | 0 |
985 | } | - |
986 | | - |
987 | if (optind > 1 && strcmp(av[optind - 1], "--") == 0) never executed: __result = (((const unsigned char *) (const char *) ( av[BSDoptind - 1] ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "--" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
988 | opt_terminated = 1; never executed: opt_terminated = 1; | 0 |
989 | | - |
990 | ac -= optind; | - |
991 | av += optind; | - |
992 | | - |
993 | if (ac > 0 && !host) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
994 | int tport; | - |
995 | char *tuser; | - |
996 | switch (parse_ssh_uri(*av, &tuser, &host, &tport)) { | - |
997 | case -1: never executed: case -1: | 0 |
998 | usage(); | - |
999 | break; never executed: break; | 0 |
1000 | case 0: never executed: case 0: | 0 |
1001 | if (options.user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1002 | options.user = tuser; | - |
1003 | tuser = NULL; | - |
1004 | } never executed: end of block | 0 |
1005 | free(tuser); | - |
1006 | if (options.port == -1 && tport != -1)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1007 | options.port = tport; never executed: options.port = tport; | 0 |
1008 | break; never executed: break; | 0 |
1009 | default: never executed: default: | 0 |
1010 | p = xstrdup(*av); | - |
1011 | cp = strrchr(p, '@'); | - |
1012 | if (cp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1013 | if (cp == p)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1014 | usage(); never executed: usage(); | 0 |
1015 | if (options.user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1016 | options.user = p; | - |
1017 | p = NULL; | - |
1018 | } never executed: end of block | 0 |
1019 | *cp++ = '\0'; | - |
1020 | host = xstrdup(cp); | - |
1021 | free(p); | - |
1022 | } else never executed: end of block | 0 |
1023 | host = p; never executed: host = p; | 0 |
1024 | break; never executed: break; | 0 |
1025 | } | - |
1026 | if (ac > 1 && !opt_terminated) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1027 | optind = optreset = 1; | - |
1028 | goto again; never executed: goto again; | 0 |
1029 | } | - |
1030 | ac--, av++; | - |
1031 | } never executed: end of block | 0 |
1032 | | - |
1033 | | - |
1034 | if (!host)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1035 | usage(); never executed: usage(); | 0 |
1036 | | - |
1037 | host_arg = xstrdup(host); | - |
1038 | | - |
1039 | #ifdef WITH_OPENSSL | - |
1040 | OpenSSL_add_all_algorithms(); | - |
1041 | ERR_load_crypto_strings(); | - |
1042 | #endif | - |
1043 | | - |
1044 | | - |
1045 | if ((command = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1046 | fatal("sshbuf_new failed"); never executed: fatal("sshbuf_new failed"); | 0 |
1047 | | - |
1048 | | - |
1049 | | - |
1050 | | - |
1051 | | - |
1052 | | - |
1053 | if (!ac) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1054 | | - |
1055 | if (subsystem_flag) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1056 | fprintf(stderr, | - |
1057 | "You must specify a subsystem to invoke.\n"); | - |
1058 | usage(); | - |
1059 | } never executed: end of block | 0 |
1060 | } else { never executed: end of block | 0 |
1061 | | - |
1062 | for (i = 0; i < ac; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1063 | if ((r = sshbuf_putf(command, "%s%s",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1064 | i ? " " : "", av[i])) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1065 | fatal("%s: buffer error: %s", never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1066 | __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1067 | } never executed: end of block | 0 |
1068 | } never executed: end of block | 0 |
1069 | | - |
1070 | | - |
1071 | | - |
1072 | | - |
1073 | | - |
1074 | if (use_syslog && logfile != NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1075 | fatal("Can't specify both -y and -E"); never executed: fatal("Can't specify both -y and -E"); | 0 |
1076 | if (logfile != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1077 | log_redirect_stderr_to(logfile); never executed: log_redirect_stderr_to(logfile); | 0 |
1078 | log_init(argv0, | - |
1079 | options.log_level == SYSLOG_LEVEL_NOT_SET ? | - |
1080 | SYSLOG_LEVEL_INFO : options.log_level, | - |
1081 | options.log_facility == SYSLOG_FACILITY_NOT_SET ? | - |
1082 | SYSLOG_FACILITY_USER : options.log_facility, | - |
1083 | !use_syslog); | - |
1084 | | - |
1085 | if (debug_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1086 | logit("%s, %s", SSH_RELEASE, never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1087 | #ifdef WITH_OPENSSL never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1088 | SSLeay_version(SSLEAY_VERSION) never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1089 | #else never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1090 | "without OpenSSL" never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1091 | #endif never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1092 | ); never executed: logit("%s, %s", "OpenSSH_7.8" "p1", SSLeay_version( 0 ) ); | 0 |
1093 | | - |
1094 | | - |
1095 | process_config_files(host_arg, pw, 0); | - |
1096 | | - |
1097 | | - |
1098 | fill_default_options_for_canonicalization(&options); | - |
1099 | | - |
1100 | | - |
1101 | if (options.hostname != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1102 | | - |
1103 | cp = percent_expand(options.hostname, | - |
1104 | "h", host, (char *)NULL); | - |
1105 | free(host); | - |
1106 | host = cp; | - |
1107 | free(options.hostname); | - |
1108 | options.hostname = xstrdup(host); | - |
1109 | } never executed: end of block | 0 |
1110 | | - |
1111 | | - |
1112 | if ((was_addr = is_addr(host)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1113 | lowercase(host); never executed: lowercase(host); | 0 |
1114 | | - |
1115 | | - |
1116 | | - |
1117 | | - |
1118 | | - |
1119 | if (options.canonicalize_hostname != SSH_CANONICALISE_NO || was_addr)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1120 | addrs = resolve_canonicalize(&host, options.port); never executed: addrs = resolve_canonicalize(&host, options.port); | 0 |
1121 | | - |
1122 | | - |
1123 | | - |
1124 | | - |
1125 | | - |
1126 | | - |
1127 | | - |
1128 | | - |
1129 | | - |
1130 | | - |
1131 | | - |
1132 | | - |
1133 | | - |
1134 | | - |
1135 | direct = option_clear_or_none(options.proxy_command) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1136 | options.jump_host == NULL;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1137 | if (addrs == NULL && options.num_permitted_cnames != 0 && (direct ||TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1138 | options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1139 | if ((addrs = resolve_host(host, options.port,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1140 | direct, cname, sizeof(cname))) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1141 | | - |
1142 | if (direct)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1143 | cleanup_exit(255); never executed: cleanup_exit(255); | 0 |
1144 | } else never executed: end of block | 0 |
1145 | check_follow_cname(direct, &host, cname); never executed: check_follow_cname(direct, &host, cname); | 0 |
1146 | } | - |
1147 | | - |
1148 | | - |
1149 | | - |
1150 | | - |
1151 | | - |
1152 | if (options.canonicalize_hostname != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1153 | debug("Re-reading configuration after hostname " | - |
1154 | "canonicalisation"); | - |
1155 | free(options.hostname); | - |
1156 | options.hostname = xstrdup(host); | - |
1157 | process_config_files(host_arg, pw, 1); | - |
1158 | | - |
1159 | | - |
1160 | | - |
1161 | | - |
1162 | | - |
1163 | if (addrs != NULL && options.port > 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1164 | set_addrinfo_port(addrs, options.port); never executed: set_addrinfo_port(addrs, options.port); | 0 |
1165 | } never executed: end of block | 0 |
1166 | | - |
1167 | | - |
1168 | fill_default_options(&options); | - |
1169 | | - |
1170 | | - |
1171 | | - |
1172 | | - |
1173 | if (options.jump_host != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1174 | char port_s[8]; | - |
1175 | const char *sshbin = argv0; | - |
1176 | | - |
1177 | | - |
1178 | | - |
1179 | | - |
1180 | | - |
1181 | if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1182 | sshbin = "ssh"; never executed: sshbin = "ssh"; | 0 |
1183 | | - |
1184 | | - |
1185 | if (options.proxy_command != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1186 | fatal("inconsistent options: ProxyCommand+ProxyJump"); never executed: fatal("inconsistent options: ProxyCommand+ProxyJump"); | 0 |
1187 | | - |
1188 | options.proxy_use_fdpass = 0; | - |
1189 | snprintf(port_s, sizeof(port_s), "%d", options.jump_port); | - |
1190 | xasprintf(&options.proxy_command, | - |
1191 | "%s%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", | - |
1192 | sshbin, | - |
1193 | | - |
1194 | options.jump_user == NULL ? "" : " -l ", | - |
1195 | options.jump_user == NULL ? "" : options.jump_user, | - |
1196 | | - |
1197 | options.jump_port <= 0 ? "" : " -p ", | - |
1198 | options.jump_port <= 0 ? "" : port_s, | - |
1199 | | - |
1200 | options.jump_extra == NULL ? "" : " -J ", | - |
1201 | options.jump_extra == NULL ? "" : options.jump_extra, | - |
1202 | | - |
1203 | config == NULL ? "" : " -F ", | - |
1204 | config == NULL ? "" : config, | - |
1205 | | - |
1206 | debug_flag ? " -" : "", | - |
1207 | debug_flag, "vvv", | - |
1208 | | - |
1209 | options.jump_host); | - |
1210 | debug("Setting implicit ProxyCommand from ProxyJump: %s", | - |
1211 | options.proxy_command); | - |
1212 | } never executed: end of block | 0 |
1213 | | - |
1214 | if (options.port == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1215 | options.port = default_ssh_port(); never executed: options.port = default_ssh_port(); | 0 |
1216 | channel_set_af(ssh, options.address_family); | - |
1217 | | - |
1218 | | - |
1219 | if (options.host_key_alias != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1220 | lowercase(options.host_key_alias); never executed: lowercase(options.host_key_alias); | 0 |
1221 | if (options.proxy_command != NULL &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1222 | strcmp(options.proxy_command, "-") == 0 && never executed: __result = (((const unsigned char *) (const char *) ( options.proxy_command ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1223 | options.proxy_use_fdpass)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1224 | fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); never executed: fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); | 0 |
1225 | if (options.control_persist &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1226 | options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1227 | debug("UpdateHostKeys=ask is incompatible with ControlPersist; " | - |
1228 | "disabling"); | - |
1229 | options.update_hostkeys = 0; | - |
1230 | } never executed: end of block | 0 |
1231 | if (options.connection_attempts <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1232 | fatal("Invalid number of ConnectionAttempts"); never executed: fatal("Invalid number of ConnectionAttempts"); | 0 |
1233 | | - |
1234 | if (sshbuf_len(command) != 0 && options.remote_command != NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1235 | fatal("Cannot execute command-line and remote command."); never executed: fatal("Cannot execute command-line and remote command."); | 0 |
1236 | | - |
1237 | | - |
1238 | if (fork_after_authentication_flag && sshbuf_len(command) == 0 &&TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1239 | options.remote_command == NULL && !no_shell_flag)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1240 | fatal("Cannot fork into background without a command " never executed: fatal("Cannot fork into background without a command " "to execute."); | 0 |
1241 | "to execute."); never executed: fatal("Cannot fork into background without a command " "to execute."); | 0 |
1242 | | - |
1243 | | - |
1244 | log_init(argv0, options.log_level, options.log_facility, !use_syslog); | - |
1245 | | - |
1246 | if (options.request_tty == REQUEST_TTY_YES ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1247 | options.request_tty == REQUEST_TTY_FORCE)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1248 | tty_flag = 1; never executed: tty_flag = 1; | 0 |
1249 | | - |
1250 | | - |
1251 | if (sshbuf_len(command) == 0 && options.remote_command == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1252 | tty_flag = options.request_tty != REQUEST_TTY_NO; never executed: tty_flag = options.request_tty != 1; | 0 |
1253 | | - |
1254 | | - |
1255 | if (options.request_tty == REQUEST_TTY_NO ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1256 | (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1257 | tty_flag = 0; never executed: tty_flag = 0; | 0 |
1258 | | - |
1259 | if ((!isatty(fileno(stdin)) || stdin_null_flag) &&TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1260 | options.request_tty != REQUEST_TTY_FORCE) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1261 | if (tty_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1262 | logit("Pseudo-terminal will not be allocated because " never executed: logit("Pseudo-terminal will not be allocated because " "stdin is not a terminal."); | 0 |
1263 | "stdin is not a terminal."); never executed: logit("Pseudo-terminal will not be allocated because " "stdin is not a terminal."); | 0 |
1264 | tty_flag = 0; | - |
1265 | } never executed: end of block | 0 |
1266 | | - |
1267 | seed_rng(); | - |
1268 | | - |
1269 | if (options.user == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1270 | options.user = xstrdup(pw->pw_name); never executed: options.user = xstrdup(pw->pw_name); | 0 |
1271 | | - |
1272 | | - |
1273 | if (gethostname(thishost, sizeof(thishost)) == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1274 | fatal("gethostname: %s", strerror(errno)); never executed: fatal("gethostname: %s", strerror( (*__errno_location ()) )); | 0 |
1275 | strlcpy(shorthost, thishost, sizeof(shorthost)); | - |
1276 | shorthost[strcspn(thishost, ".")] = '\0'; | - |
1277 | snprintf(portstr, sizeof(portstr), "%d", options.port); | - |
1278 | snprintf(uidstr, sizeof(uidstr), "%llu", | - |
1279 | (unsigned long long)pw->pw_uid); | - |
1280 | | - |
1281 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1282 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1283 | ssh_digest_update(md, host, strlen(host)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1284 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1285 | ssh_digest_update(md, options.user, strlen(options.user)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1286 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1287 | fatal("%s: mux digest failed", __func__); never executed: fatal("%s: mux digest failed", __func__); | 0 |
1288 | ssh_digest_free(md); | - |
1289 | conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | - |
1290 | | - |
1291 | | - |
1292 | | - |
1293 | | - |
1294 | | - |
1295 | | - |
1296 | if (options.remote_command != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1297 | debug3("expanding RemoteCommand: %s", options.remote_command); | - |
1298 | cp = options.remote_command; | - |
1299 | options.remote_command = percent_expand(cp, | - |
1300 | "C", conn_hash_hex, | - |
1301 | "L", shorthost, | - |
1302 | "d", pw->pw_dir, | - |
1303 | "h", host, | - |
1304 | "i", uidstr, | - |
1305 | "l", thishost, | - |
1306 | "n", host_arg, | - |
1307 | "p", portstr, | - |
1308 | "r", options.user, | - |
1309 | "u", pw->pw_name, | - |
1310 | (char *)NULL); | - |
1311 | debug3("expanded RemoteCommand: %s", options.remote_command); | - |
1312 | free(cp); | - |
1313 | if ((r = sshbuf_put(command, options.remote_command,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1314 | strlen(options.remote_command))) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1315 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1316 | } never executed: end of block | 0 |
1317 | | - |
1318 | if (options.control_path != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1319 | cp = tilde_expand_filename(options.control_path, getuid()); | - |
1320 | free(options.control_path); | - |
1321 | options.control_path = percent_expand(cp, | - |
1322 | "C", conn_hash_hex, | - |
1323 | "L", shorthost, | - |
1324 | "h", host, | - |
1325 | "i", uidstr, | - |
1326 | "l", thishost, | - |
1327 | "n", host_arg, | - |
1328 | "p", portstr, | - |
1329 | "r", options.user, | - |
1330 | "u", pw->pw_name, | - |
1331 | "i", uidstr, | - |
1332 | (char *)NULL); | - |
1333 | free(cp); | - |
1334 | } never executed: end of block | 0 |
1335 | | - |
1336 | if (config_test) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1337 | dump_client_config(&options, host); | - |
1338 | exit(0); never executed: exit(0); | 0 |
1339 | } | - |
1340 | | - |
1341 | if (muxclient_command != 0 && options.control_path == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1342 | fatal("No ControlPath specified for \"-O\" command"); never executed: fatal("No ControlPath specified for \"-O\" command"); | 0 |
1343 | if (options.control_path != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1344 | int sock; | - |
1345 | if ((sock = muxclient(options.control_path)) >= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1346 | ssh_packet_set_connection(ssh, sock, sock); | - |
1347 | packet_set_mux(); | - |
1348 | goto skip_connect; never executed: goto skip_connect; | 0 |
1349 | } | - |
1350 | } never executed: end of block | 0 |
1351 | | - |
1352 | | - |
1353 | | - |
1354 | | - |
1355 | | - |
1356 | if (addrs == NULL && options.proxy_command == NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1357 | debug2("resolving \"%s\" port %d", host, options.port); | - |
1358 | if ((addrs = resolve_host(host, options.port, 1,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1359 | cname, sizeof(cname))) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1360 | cleanup_exit(255); never executed: cleanup_exit(255); | 0 |
1361 | } never executed: end of block | 0 |
1362 | | - |
1363 | timeout_ms = options.connection_timeout * 1000; | - |
1364 | | - |
1365 | | - |
1366 | if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1367 | options.address_family, options.connection_attempts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1368 | &timeout_ms, options.tcp_keep_alive) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1369 | exit(255); never executed: exit(255); | 0 |
1370 | | - |
1371 | if (addrs != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1372 | freeaddrinfo(addrs); never executed: freeaddrinfo(addrs); | 0 |
1373 | | - |
1374 | packet_set_timeout(options.server_alive_interval, | - |
1375 | options.server_alive_count_max); | - |
1376 | | - |
1377 | ssh = active_state; | - |
1378 | | - |
1379 | if (timeout_ms > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1380 | debug3("timeout: %d ms remain after connect", timeout_ms); never executed: debug3("timeout: %d ms remain after connect", timeout_ms); | 0 |
1381 | | - |
1382 | | - |
1383 | | - |
1384 | | - |
1385 | | - |
1386 | | - |
1387 | sensitive_data.nkeys = 0; | - |
1388 | sensitive_data.keys = NULL; | - |
1389 | if (options.hostbased_authentication) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1390 | sensitive_data.nkeys = 10; | - |
1391 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | - |
1392 | sizeof(struct sshkey)); | - |
1393 | | - |
1394 | | - |
1395 | #define L_PUBKEY(p,o) do { \ | - |
1396 | if ((o) >= sensitive_data.nkeys) \ | - |
1397 | fatal("%s pubkey out of array bounds", __func__); \ | - |
1398 | check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ | - |
1399 | p, "pubkey"); \ | - |
1400 | } while (0) | - |
1401 | #define L_CERT(p,o) do { \ | - |
1402 | if ((o) >= sensitive_data.nkeys) \ | - |
1403 | fatal("%s cert out of array bounds", __func__); \ | - |
1404 | check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \ | - |
1405 | } while (0) | - |
1406 | | - |
1407 | if (options.hostbased_authentication == 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1408 | L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); never executed: fatal("%s cert out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1409 | L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); never executed: fatal("%s cert out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1410 | L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); never executed: fatal("%s cert out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1411 | L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); never executed: fatal("%s cert out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1412 | L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); never executed: fatal("%s pubkey out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1413 | L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); never executed: fatal("%s pubkey out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1414 | L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); never executed: fatal("%s pubkey out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1415 | L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); never executed: fatal("%s pubkey out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1416 | L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); never executed: fatal("%s cert out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1417 | L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); never executed: fatal("%s pubkey out of array bounds", __func__); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1418 | } never executed: end of block | 0 |
1419 | } never executed: end of block | 0 |
1420 | | - |
1421 | | - |
1422 | if (config == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1423 | r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, | - |
1424 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); never executed: __result = (((const unsigned char *) (const char *) ( pw->pw_dir ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "/" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1425 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1426 | #ifdef WITH_SELINUX | - |
1427 | ssh_selinux_setfscreatecon(buf); | - |
1428 | #endif | - |
1429 | if (mkdir(buf, 0700) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1430 | error("Could not create directory '%.200s'.", never executed: error("Could not create directory '%.200s'.", buf); | 0 |
1431 | buf); never executed: error("Could not create directory '%.200s'.", buf); | 0 |
1432 | #ifdef WITH_SELINUX | - |
1433 | ssh_selinux_setfscreatecon(NULL); | - |
1434 | #endif | - |
1435 | } never executed: end of block | 0 |
1436 | } never executed: end of block | 0 |
1437 | | - |
1438 | load_public_identity_files(pw); | - |
1439 | | - |
1440 | | - |
1441 | if (options.identity_agent &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1442 | strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) { never executed: __result = (((const unsigned char *) (const char *) ( options.identity_agent ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1443 | if (strcmp(options.identity_agent, "none") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( options.identity_agent ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1444 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); | - |
1445 | } else { never executed: end of block | 0 |
1446 | p = tilde_expand_filename(options.identity_agent, | - |
1447 | getuid()); | - |
1448 | cp = percent_expand(p, | - |
1449 | "d", pw->pw_dir, | - |
1450 | "h", host, | - |
1451 | "i", uidstr, | - |
1452 | "l", thishost, | - |
1453 | "r", options.user, | - |
1454 | "u", pw->pw_name, | - |
1455 | (char *)NULL); | - |
1456 | setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); | - |
1457 | free(cp); | - |
1458 | free(p); | - |
1459 | } never executed: end of block | 0 |
1460 | } | - |
1461 | | - |
1462 | | - |
1463 | tilde_expand_paths(options.system_hostfiles, | - |
1464 | options.num_system_hostfiles); | - |
1465 | tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); | - |
1466 | | - |
1467 | signal(SIGPIPE, SIG_IGN); | - |
1468 | signal(SIGCHLD, main_sigchld_handler); | - |
1469 | | - |
1470 | | - |
1471 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, | - |
1472 | options.port, pw, timeout_ms); | - |
1473 | | - |
1474 | if (packet_connection_is_on_socket()) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1475 | verbose("Authenticated to %s ([%s]:%d).", host, | - |
1476 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | - |
1477 | } else { never executed: end of block | 0 |
1478 | verbose("Authenticated to %s (via proxy).", host); | - |
1479 | } never executed: end of block | 0 |
1480 | | - |
1481 | | - |
1482 | if (sensitive_data.nkeys != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1483 | for (i = 0; i < sensitive_data.nkeys; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1484 | if (sensitive_data.keys[i] != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1485 | | - |
1486 | debug3("clear hostkey %d", i); | - |
1487 | sshkey_free(sensitive_data.keys[i]); | - |
1488 | sensitive_data.keys[i] = NULL; | - |
1489 | } never executed: end of block | 0 |
1490 | } never executed: end of block | 0 |
1491 | free(sensitive_data.keys); | - |
1492 | } never executed: end of block | 0 |
1493 | for (i = 0; i < options.num_identity_files; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1494 | free(options.identity_files[i]); | - |
1495 | options.identity_files[i] = NULL; | - |
1496 | if (options.identity_keys[i]) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1497 | sshkey_free(options.identity_keys[i]); | - |
1498 | options.identity_keys[i] = NULL; | - |
1499 | } never executed: end of block | 0 |
1500 | } never executed: end of block | 0 |
1501 | for (i = 0; i < options.num_certificate_files; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1502 | free(options.certificate_files[i]); | - |
1503 | options.certificate_files[i] = NULL; | - |
1504 | } never executed: end of block | 0 |
1505 | | - |
1506 | skip_connect: code before this statement never executed: skip_connect: | 0 |
1507 | exit_status = ssh_session2(ssh, pw); | - |
1508 | packet_close(); | - |
1509 | | - |
1510 | if (options.control_path != NULL && muxserver_sock != -1)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1511 | unlink(options.control_path); never executed: unlink(options.control_path); | 0 |
1512 | | - |
1513 | | - |
1514 | ssh_kill_proxy_command(); | - |
1515 | | - |
1516 | return exit_status; never executed: return exit_status; | 0 |
1517 | } | - |
1518 | | - |
1519 | static void | - |
1520 | control_persist_detach(void) | - |
1521 | { | - |
1522 | pid_t pid; | - |
1523 | int devnull, keep_stderr; | - |
1524 | | - |
1525 | debug("%s: backgrounding master process", __func__); | - |
1526 | | - |
1527 | | - |
1528 | | - |
1529 | | - |
1530 | | - |
1531 | switch ((pid = fork())) { | - |
1532 | case -1: never executed: case -1: | 0 |
1533 | fatal("%s: fork: %s", __func__, strerror(errno)); | - |
1534 | case 0: code before this statement never executed: case 0: never executed: case 0: | 0 |
1535 | | - |
1536 | break; never executed: break; | 0 |
1537 | default: never executed: default: | 0 |
1538 | | - |
1539 | debug2("%s: background process is %ld", __func__, (long)pid); | - |
1540 | stdin_null_flag = ostdin_null_flag; | - |
1541 | options.request_tty = orequest_tty; | - |
1542 | tty_flag = otty_flag; | - |
1543 | close(muxserver_sock); | - |
1544 | muxserver_sock = -1; | - |
1545 | options.control_master = SSHCTL_MASTER_NO; | - |
1546 | muxclient(options.control_path); | - |
1547 | | - |
1548 | fatal("Failed to connect to new control master"); | - |
1549 | } never executed: end of block | 0 |
1550 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1551 | error("%s: open(\"/dev/null\"): %s", __func__, | - |
1552 | strerror(errno)); | - |
1553 | } else { never executed: end of block | 0 |
1554 | keep_stderr = log_is_on_stderr() && debug_flag;TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1555 | if (dup2(devnull, STDIN_FILENO) == -1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1556 | dup2(devnull, STDOUT_FILENO) == -1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1557 | (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1558 | error("%s: dup2: %s", __func__, strerror(errno)); never executed: error("%s: dup2: %s", __func__, strerror( (*__errno_location ()) )); | 0 |
1559 | if (devnull > STDERR_FILENO)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1560 | close(devnull); never executed: close(devnull); | 0 |
1561 | } never executed: end of block | 0 |
1562 | daemon(1, 1); | - |
1563 | setproctitle("%s [mux]", options.control_path); | - |
1564 | } never executed: end of block | 0 |
1565 | | - |
1566 | | - |
1567 | static void | - |
1568 | fork_postauth(void) | - |
1569 | { | - |
1570 | if (need_controlpersist_detach)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1571 | control_persist_detach(); never executed: control_persist_detach(); | 0 |
1572 | debug("forking to background"); | - |
1573 | fork_after_authentication_flag = 0; | - |
1574 | if (daemon(1, 1) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1575 | fatal("daemon() failed: %.200s", strerror(errno)); never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
1576 | } never executed: end of block | 0 |
1577 | | - |
1578 | | - |
1579 | static void | - |
1580 | ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) | - |
1581 | { | - |
1582 | struct Forward *rfwd = (struct Forward *)ctxt; | - |
1583 | | - |
1584 | | - |
1585 | debug("remote forward %s for: listen %s%s%d, connect %s:%d", | - |
1586 | type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", | - |
1587 | rfwd->listen_path ? rfwd->listen_path : | - |
1588 | rfwd->listen_host ? rfwd->listen_host : "", | - |
1589 | (rfwd->listen_path || rfwd->listen_host) ? ":" : "", | - |
1590 | rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : | - |
1591 | rfwd->connect_host, rfwd->connect_port); | - |
1592 | if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1593 | if (type == SSH2_MSG_REQUEST_SUCCESS) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1594 | rfwd->allocated_port = packet_get_int(); | - |
1595 | logit("Allocated port %u for remote forward to %s:%d", | - |
1596 | rfwd->allocated_port, | - |
1597 | rfwd->connect_host, rfwd->connect_port); | - |
1598 | channel_update_permission(ssh, | - |
1599 | rfwd->handle, rfwd->allocated_port); | - |
1600 | } else { never executed: end of block | 0 |
1601 | channel_update_permission(ssh, rfwd->handle, -1); | - |
1602 | } never executed: end of block | 0 |
1603 | } | - |
1604 | | - |
1605 | if (type == SSH2_MSG_REQUEST_FAILURE) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1606 | if (options.exit_on_forward_failure) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1607 | if (rfwd->listen_path != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1608 | fatal("Error: remote port forwarding failed " never executed: fatal("Error: remote port forwarding failed " "for listen path %s", rfwd->listen_path); | 0 |
1609 | "for listen path %s", rfwd->listen_path); never executed: fatal("Error: remote port forwarding failed " "for listen path %s", rfwd->listen_path); | 0 |
1610 | else | - |
1611 | fatal("Error: remote port forwarding failed " never executed: fatal("Error: remote port forwarding failed " "for listen port %d", rfwd->listen_port); | 0 |
1612 | "for listen port %d", rfwd->listen_port); never executed: fatal("Error: remote port forwarding failed " "for listen port %d", rfwd->listen_port); | 0 |
1613 | } else { | - |
1614 | if (rfwd->listen_path != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1615 | logit("Warning: remote port forwarding failed " never executed: logit("Warning: remote port forwarding failed " "for listen path %s", rfwd->listen_path); | 0 |
1616 | "for listen path %s", rfwd->listen_path); never executed: logit("Warning: remote port forwarding failed " "for listen path %s", rfwd->listen_path); | 0 |
1617 | else | - |
1618 | logit("Warning: remote port forwarding failed " never executed: logit("Warning: remote port forwarding failed " "for listen port %d", rfwd->listen_port); | 0 |
1619 | "for listen port %d", rfwd->listen_port); never executed: logit("Warning: remote port forwarding failed " "for listen port %d", rfwd->listen_port); | 0 |
1620 | } | - |
1621 | } | - |
1622 | if (++remote_forward_confirms_received == options.num_remote_forwards) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1623 | debug("All remote forwarding requests processed"); | - |
1624 | if (fork_after_authentication_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1625 | fork_postauth(); never executed: fork_postauth(); | 0 |
1626 | } never executed: end of block | 0 |
1627 | } never executed: end of block | 0 |
1628 | | - |
1629 | static void | - |
1630 | client_cleanup_stdio_fwd(struct ssh *ssh, int id, void *arg) | - |
1631 | { | - |
1632 | debug("stdio forwarding: done"); | - |
1633 | cleanup_exit(0); | - |
1634 | } never executed: end of block | 0 |
1635 | | - |
1636 | static void | - |
1637 | ssh_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) | - |
1638 | { | - |
1639 | if (!success)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1640 | fatal("stdio forwarding failed"); never executed: fatal("stdio forwarding failed"); | 0 |
1641 | } never executed: end of block | 0 |
1642 | | - |
1643 | static void | - |
1644 | ssh_init_stdio_forwarding(struct ssh *ssh) | - |
1645 | { | - |
1646 | Channel *c; | - |
1647 | int in, out; | - |
1648 | | - |
1649 | if (options.stdio_forward_host == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1650 | return; never executed: return; | 0 |
1651 | | - |
1652 | debug3("%s: %s:%d", __func__, options.stdio_forward_host, | - |
1653 | options.stdio_forward_port); | - |
1654 | | - |
1655 | if ((in = dup(STDIN_FILENO)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1656 | (out = dup(STDOUT_FILENO)) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1657 | fatal("channel_connect_stdio_fwd: dup() in/out failed"); never executed: fatal("channel_connect_stdio_fwd: dup() in/out failed"); | 0 |
1658 | if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1659 | options.stdio_forward_port, in, out)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1660 | fatal("%s: channel_connect_stdio_fwd failed", __func__); never executed: fatal("%s: channel_connect_stdio_fwd failed", __func__); | 0 |
1661 | channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0); | - |
1662 | channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL); | - |
1663 | } never executed: end of block | 0 |
1664 | | - |
1665 | static void | - |
1666 | ssh_init_forwarding(struct ssh *ssh, char **ifname) | - |
1667 | { | - |
1668 | int success = 0; | - |
1669 | int i; | - |
1670 | | - |
1671 | | - |
1672 | for (i = 0; i < options.num_local_forwards; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1673 | debug("Local connections to %.200s:%d forwarded to remote " | - |
1674 | "address %.200s:%d", | - |
1675 | (options.local_forwards[i].listen_path != NULL) ? | - |
1676 | options.local_forwards[i].listen_path : | - |
1677 | (options.local_forwards[i].listen_host == NULL) ? | - |
1678 | (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : | - |
1679 | options.local_forwards[i].listen_host, | - |
1680 | options.local_forwards[i].listen_port, | - |
1681 | (options.local_forwards[i].connect_path != NULL) ? | - |
1682 | options.local_forwards[i].connect_path : | - |
1683 | options.local_forwards[i].connect_host, | - |
1684 | options.local_forwards[i].connect_port); | - |
1685 | success += channel_setup_local_fwd_listener(ssh, | - |
1686 | &options.local_forwards[i], &options.fwd_opts); | - |
1687 | } never executed: end of block | 0 |
1688 | if (i > 0 && success != i && options.exit_on_forward_failure)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1689 | fatal("Could not request local forwarding."); never executed: fatal("Could not request local forwarding."); | 0 |
1690 | if (i > 0 && success == 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1691 | error("Could not request local forwarding."); never executed: error("Could not request local forwarding."); | 0 |
1692 | | - |
1693 | | - |
1694 | for (i = 0; i < options.num_remote_forwards; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1695 | debug("Remote connections from %.200s:%d forwarded to " | - |
1696 | "local address %.200s:%d", | - |
1697 | (options.remote_forwards[i].listen_path != NULL) ? | - |
1698 | options.remote_forwards[i].listen_path : | - |
1699 | (options.remote_forwards[i].listen_host == NULL) ? | - |
1700 | "LOCALHOST" : options.remote_forwards[i].listen_host, | - |
1701 | options.remote_forwards[i].listen_port, | - |
1702 | (options.remote_forwards[i].connect_path != NULL) ? | - |
1703 | options.remote_forwards[i].connect_path : | - |
1704 | options.remote_forwards[i].connect_host, | - |
1705 | options.remote_forwards[i].connect_port); | - |
1706 | options.remote_forwards[i].handle = | - |
1707 | channel_request_remote_forwarding(ssh, | - |
1708 | &options.remote_forwards[i]); | - |
1709 | if (options.remote_forwards[i].handle < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1710 | if (options.exit_on_forward_failure)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1711 | fatal("Could not request remote forwarding."); never executed: fatal("Could not request remote forwarding."); | 0 |
1712 | else | - |
1713 | logit("Warning: Could not request remote " never executed: logit("Warning: Could not request remote " "forwarding."); | 0 |
1714 | "forwarding."); never executed: logit("Warning: Could not request remote " "forwarding."); | 0 |
1715 | } else { | - |
1716 | client_register_global_confirm( | - |
1717 | ssh_confirm_remote_forward, | - |
1718 | &options.remote_forwards[i]); | - |
1719 | } never executed: end of block | 0 |
1720 | } | - |
1721 | | - |
1722 | | - |
1723 | if (options.tun_open != SSH_TUNMODE_NO) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1724 | if ((*ifname = client_request_tun_fwd(ssh,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1725 | options.tun_open, options.tun_local,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1726 | options.tun_remote)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1727 | if (options.exit_on_forward_failure)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1728 | fatal("Could not request tunnel forwarding."); never executed: fatal("Could not request tunnel forwarding."); | 0 |
1729 | else | - |
1730 | error("Could not request tunnel forwarding."); never executed: error("Could not request tunnel forwarding."); | 0 |
1731 | } | - |
1732 | } never executed: end of block | 0 |
1733 | } never executed: end of block | 0 |
1734 | | - |
1735 | static void | - |
1736 | check_agent_present(void) | - |
1737 | { | - |
1738 | int r; | - |
1739 | | - |
1740 | if (options.forward_agent) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1741 | | - |
1742 | if ((r = ssh_get_authentication_socket(NULL)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1743 | options.forward_agent = 0; | - |
1744 | if (r != SSH_ERR_AGENT_NOT_PRESENT)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1745 | debug("ssh_get_authentication_socket: %s", never executed: debug("ssh_get_authentication_socket: %s", ssh_err(r)); | 0 |
1746 | ssh_err(r)); never executed: debug("ssh_get_authentication_socket: %s", ssh_err(r)); | 0 |
1747 | } never executed: end of block | 0 |
1748 | } never executed: end of block | 0 |
1749 | } never executed: end of block | 0 |
1750 | | - |
1751 | static void | - |
1752 | ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) | - |
1753 | { | - |
1754 | extern char **environ; | - |
1755 | const char *display; | - |
1756 | int interactive = tty_flag; | - |
1757 | char *proto = NULL, *data = NULL; | - |
1758 | | - |
1759 | if (!success)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1760 | return; never executed: return; | 0 |
1761 | | - |
1762 | display = getenv("DISPLAY"); | - |
1763 | if (display == NULL && options.forward_x11)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1764 | debug("X11 forwarding requested but DISPLAY not set"); never executed: debug("X11 forwarding requested but DISPLAY not set"); | 0 |
1765 | if (options.forward_x11 && client_x11_get_proto(ssh, display,TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1766 | options.xauth_location, options.forward_x11_trusted,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1767 | options.forward_x11_timeout, &proto, &data) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1768 | | - |
1769 | debug("Requesting X11 forwarding with authentication " | - |
1770 | "spoofing."); | - |
1771 | x11_request_forwarding_with_spoofing(ssh, id, display, proto, | - |
1772 | data, 1); | - |
1773 | client_expect_confirm(ssh, id, "X11 forwarding", CONFIRM_WARN); | - |
1774 | | - |
1775 | interactive = 1; | - |
1776 | } never executed: end of block | 0 |
1777 | | - |
1778 | check_agent_present(); | - |
1779 | if (options.forward_agent) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1780 | debug("Requesting authentication agent forwarding."); | - |
1781 | channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0); | - |
1782 | packet_send(); | - |
1783 | } never executed: end of block | 0 |
1784 | | - |
1785 | | - |
1786 | packet_set_interactive(interactive, | - |
1787 | options.ip_qos_interactive, options.ip_qos_bulk); | - |
1788 | | - |
1789 | client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"), | - |
1790 | NULL, fileno(stdin), command, environ); | - |
1791 | } never executed: end of block | 0 |
1792 | | - |
1793 | | - |
1794 | static int | - |
1795 | ssh_session2_open(struct ssh *ssh) | - |
1796 | { | - |
1797 | Channel *c; | - |
1798 | int window, packetmax, in, out, err; | - |
1799 | | - |
1800 | if (stdin_null_flag) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1801 | in = open(_PATH_DEVNULL, O_RDONLY); | - |
1802 | } else { never executed: end of block | 0 |
1803 | in = dup(STDIN_FILENO); | - |
1804 | } never executed: end of block | 0 |
1805 | out = dup(STDOUT_FILENO); | - |
1806 | err = dup(STDERR_FILENO); | - |
1807 | | - |
1808 | if (in < 0 || out < 0 || err < 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1809 | fatal("dup() in/out/err failed"); never executed: fatal("dup() in/out/err failed"); | 0 |
1810 | | - |
1811 | | - |
1812 | if (!isatty(in))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1813 | set_nonblock(in); never executed: set_nonblock(in); | 0 |
1814 | if (!isatty(out))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1815 | set_nonblock(out); never executed: set_nonblock(out); | 0 |
1816 | if (!isatty(err))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1817 | set_nonblock(err); never executed: set_nonblock(err); | 0 |
1818 | | - |
1819 | window = CHAN_SES_WINDOW_DEFAULT; | - |
1820 | packetmax = CHAN_SES_PACKET_DEFAULT; | - |
1821 | if (tty_flag) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1822 | window >>= 1; | - |
1823 | packetmax >>= 1; | - |
1824 | } never executed: end of block | 0 |
1825 | c = channel_new(ssh, | - |
1826 | "session", SSH_CHANNEL_OPENING, in, out, err, | - |
1827 | window, packetmax, CHAN_EXTENDED_WRITE, | - |
1828 | "client-session", 0); | - |
1829 | | - |
1830 | debug3("%s: channel_new: %d", __func__, c->self); | - |
1831 | | - |
1832 | channel_send_open(ssh, c->self); | - |
1833 | if (!no_shell_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1834 | channel_register_open_confirm(ssh, c->self, never executed: channel_register_open_confirm(ssh, c->self, ssh_session2_setup, ((void *)0) ); | 0 |
1835 | ssh_session2_setup, NULL); never executed: channel_register_open_confirm(ssh, c->self, ssh_session2_setup, ((void *)0) ); | 0 |
1836 | | - |
1837 | return c->self; never executed: return c->self; | 0 |
1838 | } | - |
1839 | | - |
1840 | static int | - |
1841 | ssh_session2(struct ssh *ssh, struct passwd *pw) | - |
1842 | { | - |
1843 | int devnull, id = -1; | - |
1844 | char *cp, *tun_fwd_ifname = NULL; | - |
1845 | | - |
1846 | | - |
1847 | if (!options.control_persist)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1848 | ssh_init_stdio_forwarding(ssh); never executed: ssh_init_stdio_forwarding(ssh); | 0 |
1849 | | - |
1850 | ssh_init_forwarding(ssh, &tun_fwd_ifname); | - |
1851 | | - |
1852 | if (options.local_command != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1853 | debug3("expanding LocalCommand: %s", options.local_command); | - |
1854 | cp = options.local_command; | - |
1855 | options.local_command = percent_expand(cp, | - |
1856 | "C", conn_hash_hex, | - |
1857 | "L", shorthost, | - |
1858 | "d", pw->pw_dir, | - |
1859 | "h", host, | - |
1860 | "i", uidstr, | - |
1861 | "l", thishost, | - |
1862 | "n", host_arg, | - |
1863 | "p", portstr, | - |
1864 | "r", options.user, | - |
1865 | "u", pw->pw_name, | - |
1866 | "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname, | - |
1867 | (char *)NULL); | - |
1868 | debug3("expanded LocalCommand: %s", options.local_command); | - |
1869 | free(cp); | - |
1870 | } never executed: end of block | 0 |
1871 | | - |
1872 | | - |
1873 | if (!packet_get_mux())TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1874 | muxserver_listen(ssh); never executed: muxserver_listen(ssh); | 0 |
1875 | | - |
1876 | | - |
1877 | | - |
1878 | | - |
1879 | | - |
1880 | | - |
1881 | | - |
1882 | | - |
1883 | | - |
1884 | | - |
1885 | if (options.control_persist && muxserver_sock != -1) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1886 | ostdin_null_flag = stdin_null_flag; | - |
1887 | ono_shell_flag = no_shell_flag; | - |
1888 | orequest_tty = options.request_tty; | - |
1889 | otty_flag = tty_flag; | - |
1890 | stdin_null_flag = 1; | - |
1891 | no_shell_flag = 1; | - |
1892 | tty_flag = 0; | - |
1893 | if (!fork_after_authentication_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1894 | need_controlpersist_detach = 1; never executed: need_controlpersist_detach = 1; | 0 |
1895 | fork_after_authentication_flag = 1; | - |
1896 | } never executed: end of block | 0 |
1897 | | - |
1898 | | - |
1899 | | - |
1900 | | - |
1901 | if (options.control_persist && muxserver_sock == -1)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1902 | ssh_init_stdio_forwarding(ssh); never executed: ssh_init_stdio_forwarding(ssh); | 0 |
1903 | | - |
1904 | if (!no_shell_flag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1905 | id = ssh_session2_open(ssh); never executed: id = ssh_session2_open(ssh); | 0 |
1906 | else { | - |
1907 | packet_set_interactive( | - |
1908 | options.control_master == SSHCTL_MASTER_NO, | - |
1909 | options.ip_qos_interactive, options.ip_qos_bulk); | - |
1910 | } never executed: end of block | 0 |
1911 | | - |
1912 | | - |
1913 | if (options.control_master == SSHCTL_MASTER_NO &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1914 | (datafellows & SSH_NEW_OPENSSH)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1915 | debug("Requesting no-more-sessions@openssh.com"); | - |
1916 | packet_start(SSH2_MSG_GLOBAL_REQUEST); | - |
1917 | packet_put_cstring("no-more-sessions@openssh.com"); | - |
1918 | packet_put_char(0); | - |
1919 | packet_send(); | - |
1920 | } never executed: end of block | 0 |
1921 | | - |
1922 | | - |
1923 | if (options.local_command != NULL &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1924 | options.permit_local_command)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1925 | ssh_local_cmd(options.local_command); never executed: ssh_local_cmd(options.local_command); | 0 |
1926 | | - |
1927 | | - |
1928 | | - |
1929 | | - |
1930 | | - |
1931 | | - |
1932 | | - |
1933 | if (!need_controlpersist_detach) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1934 | if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1935 | error("%s: open %s: %s", __func__, never executed: error("%s: open %s: %s", __func__, "/dev/null" , strerror( (*__errno_location ()) )); | 0 |
1936 | _PATH_DEVNULL, strerror(errno)); never executed: error("%s: open %s: %s", __func__, "/dev/null" , strerror( (*__errno_location ()) )); | 0 |
1937 | if (dup2(devnull, STDOUT_FILENO) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1938 | fatal("%s: dup2() stdout failed", __func__); never executed: fatal("%s: dup2() stdout failed", __func__); | 0 |
1939 | if (devnull > STDERR_FILENO)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1940 | close(devnull); never executed: close(devnull); | 0 |
1941 | } never executed: end of block | 0 |
1942 | | - |
1943 | | - |
1944 | | - |
1945 | | - |
1946 | | - |
1947 | if (fork_after_authentication_flag) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1948 | if (options.exit_on_forward_failure &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1949 | options.num_remote_forwards > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1950 | debug("deferring postauth fork until remote forward " | - |
1951 | "confirmation received"); | - |
1952 | } else never executed: end of block | 0 |
1953 | fork_postauth(); never executed: fork_postauth(); | 0 |
1954 | } | - |
1955 | | - |
1956 | return client_loop(ssh, tty_flag, tty_flag ? never executed: return client_loop(ssh, tty_flag, tty_flag ? options.escape_char : -2, id); | 0 |
1957 | options.escape_char : SSH_ESCAPECHAR_NONE, id); never executed: return client_loop(ssh, tty_flag, tty_flag ? options.escape_char : -2, id); | 0 |
1958 | } | - |
1959 | | - |
1960 | | - |
1961 | static void | - |
1962 | load_public_identity_files(struct passwd *pw) | - |
1963 | { | - |
1964 | char *filename, *cp; | - |
1965 | struct sshkey *public; | - |
1966 | int i; | - |
1967 | u_int n_ids, n_certs; | - |
1968 | char *identity_files[SSH_MAX_IDENTITY_FILES]; | - |
1969 | struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; | - |
1970 | int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; | - |
1971 | char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; | - |
1972 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; | - |
1973 | int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; | - |
1974 | #ifdef ENABLE_PKCS11 | - |
1975 | struct sshkey **keys; | - |
1976 | int nkeys; | - |
1977 | #endif /* PKCS11 */ | - |
1978 | | - |
1979 | n_ids = n_certs = 0; | - |
1980 | memset(identity_files, 0, sizeof(identity_files)); | - |
1981 | memset(identity_keys, 0, sizeof(identity_keys)); | - |
1982 | memset(identity_file_userprovided, 0, | - |
1983 | sizeof(identity_file_userprovided)); | - |
1984 | memset(certificate_files, 0, sizeof(certificate_files)); | - |
1985 | memset(certificates, 0, sizeof(certificates)); | - |
1986 | memset(certificate_file_userprovided, 0, | - |
1987 | sizeof(certificate_file_userprovided)); | - |
1988 | | - |
1989 | #ifdef ENABLE_PKCS11 | - |
1990 | if (options.pkcs11_provider != NULL &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1991 | options.num_identity_files < SSH_MAX_IDENTITY_FILES &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1992 | (pkcs11_init(!options.batch_mode) == 0) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1993 | (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1994 | &keys)) > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1995 | for (i = 0; i < nkeys; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1996 | if (n_ids >= SSH_MAX_IDENTITY_FILES) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1997 | sshkey_free(keys[i]); | - |
1998 | continue; never executed: continue; | 0 |
1999 | } | - |
2000 | identity_keys[n_ids] = keys[i]; | - |
2001 | identity_files[n_ids] = | - |
2002 | xstrdup(options.pkcs11_provider); | - |
2003 | n_ids++; | - |
2004 | } never executed: end of block | 0 |
2005 | free(keys); | - |
2006 | } never executed: end of block | 0 |
2007 | #endif /* ENABLE_PKCS11 */ | - |
2008 | for (i = 0; i < options.num_identity_files; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2009 | if (n_ids >= SSH_MAX_IDENTITY_FILES ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2010 | strcasecmp(options.identity_files[i], "none") == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2011 | free(options.identity_files[i]); | - |
2012 | options.identity_files[i] = NULL; | - |
2013 | continue; never executed: continue; | 0 |
2014 | } | - |
2015 | cp = tilde_expand_filename(options.identity_files[i], getuid()); | - |
2016 | filename = percent_expand(cp, "d", pw->pw_dir, | - |
2017 | "u", pw->pw_name, "l", thishost, "h", host, | - |
2018 | "r", options.user, (char *)NULL); | - |
2019 | free(cp); | - |
2020 | check_load(sshkey_load_public(filename, &public, NULL), | - |
2021 | filename, "pubkey"); | - |
2022 | debug("identity file %s type %d", filename, | - |
2023 | public ? public->type : -1); | - |
2024 | free(options.identity_files[i]); | - |
2025 | identity_files[n_ids] = filename; | - |
2026 | identity_keys[n_ids] = public; | - |
2027 | identity_file_userprovided[n_ids] = | - |
2028 | options.identity_file_userprovided[i]; | - |
2029 | if (++n_ids >= SSH_MAX_IDENTITY_FILES)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2030 | continue; never executed: continue; | 0 |
2031 | | - |
2032 | | - |
2033 | | - |
2034 | | - |
2035 | | - |
2036 | if (options.num_certificate_files != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2037 | continue; never executed: continue; | 0 |
2038 | xasprintf(&cp, "%s-cert", filename); | - |
2039 | check_load(sshkey_load_public(cp, &public, NULL), | - |
2040 | filename, "pubkey"); | - |
2041 | debug("identity file %s type %d", cp, | - |
2042 | public ? public->type : -1); | - |
2043 | if (public == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2044 | free(cp); | - |
2045 | continue; never executed: continue; | 0 |
2046 | } | - |
2047 | if (!sshkey_is_cert(public)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2048 | debug("%s: key %s type %s is not a certificate", | - |
2049 | __func__, cp, sshkey_type(public)); | - |
2050 | sshkey_free(public); | - |
2051 | free(cp); | - |
2052 | continue; never executed: continue; | 0 |
2053 | } | - |
2054 | | - |
2055 | identity_files[n_ids] = xstrdup(filename); | - |
2056 | identity_keys[n_ids] = public; | - |
2057 | identity_file_userprovided[n_ids] = | - |
2058 | options.identity_file_userprovided[i]; | - |
2059 | n_ids++; | - |
2060 | } never executed: end of block | 0 |
2061 | | - |
2062 | if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2063 | fatal("%s: too many certificates", __func__); never executed: fatal("%s: too many certificates", __func__); | 0 |
2064 | for (i = 0; i < options.num_certificate_files; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2065 | cp = tilde_expand_filename(options.certificate_files[i], | - |
2066 | getuid()); | - |
2067 | filename = percent_expand(cp, | - |
2068 | "d", pw->pw_dir, | - |
2069 | "h", host, | - |
2070 | "i", uidstr, | - |
2071 | "l", thishost, | - |
2072 | "r", options.user, | - |
2073 | "u", pw->pw_name, | - |
2074 | (char *)NULL); | - |
2075 | free(cp); | - |
2076 | | - |
2077 | check_load(sshkey_load_public(filename, &public, NULL), | - |
2078 | filename, "certificate"); | - |
2079 | debug("certificate file %s type %d", filename, | - |
2080 | public ? public->type : -1); | - |
2081 | free(options.certificate_files[i]); | - |
2082 | options.certificate_files[i] = NULL; | - |
2083 | if (public == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2084 | free(filename); | - |
2085 | continue; never executed: continue; | 0 |
2086 | } | - |
2087 | if (!sshkey_is_cert(public)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2088 | debug("%s: key %s type %s is not a certificate", | - |
2089 | __func__, filename, sshkey_type(public)); | - |
2090 | sshkey_free(public); | - |
2091 | free(filename); | - |
2092 | continue; never executed: continue; | 0 |
2093 | } | - |
2094 | certificate_files[n_certs] = filename; | - |
2095 | certificates[n_certs] = public; | - |
2096 | certificate_file_userprovided[n_certs] = | - |
2097 | options.certificate_file_userprovided[i]; | - |
2098 | ++n_certs; | - |
2099 | } never executed: end of block | 0 |
2100 | | - |
2101 | options.num_identity_files = n_ids; | - |
2102 | memcpy(options.identity_files, identity_files, sizeof(identity_files)); | - |
2103 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); | - |
2104 | memcpy(options.identity_file_userprovided, | - |
2105 | identity_file_userprovided, sizeof(identity_file_userprovided)); | - |
2106 | | - |
2107 | options.num_certificate_files = n_certs; | - |
2108 | memcpy(options.certificate_files, | - |
2109 | certificate_files, sizeof(certificate_files)); | - |
2110 | memcpy(options.certificates, certificates, sizeof(certificates)); | - |
2111 | memcpy(options.certificate_file_userprovided, | - |
2112 | certificate_file_userprovided, | - |
2113 | sizeof(certificate_file_userprovided)); | - |
2114 | } never executed: end of block | 0 |
2115 | | - |
2116 | static void | - |
2117 | main_sigchld_handler(int sig) | - |
2118 | { | - |
2119 | int save_errno = errno; | - |
2120 | pid_t pid; | - |
2121 | int status; | - |
2122 | | - |
2123 | while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2124 | (pid < 0 && errno == EINTR))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2125 | ; never executed: ; | 0 |
2126 | errno = save_errno; | - |
2127 | } never executed: end of block | 0 |
| | |