Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | extern ServerOptions options; | - |
18 | extern u_char *session_id2; | - |
19 | extern u_int session_id2_len; | - |
20 | | - |
21 | static char * | - |
22 | format_key(const struct sshkey *key) | - |
23 | { | - |
24 | char *ret, *fp = sshkey_fingerprint(key, | - |
25 | options.fingerprint_hash, SSH_FP_DEFAULT); | - |
26 | | - |
27 | xasprintf(&ret, "%s %s", sshkey_type(key), fp); | - |
28 | free(fp); | - |
29 | return never executed: return ret; ret;never executed: return ret; | 0 |
30 | } | - |
31 | | - |
32 | static int | - |
33 | userauth_pubkey(struct ssh *ssh) | - |
34 | { | - |
35 | Authctxt *authctxt = ssh->authctxt; | - |
36 | struct passwd *pw = authctxt->pw; | - |
37 | struct sshbuf *b = | - |
38 | ((void *)0) | - |
39 | ; | - |
40 | struct sshkey *key = | - |
41 | ((void *)0) | - |
42 | ; | - |
43 | char *pkalg = | - |
44 | ((void *)0) | - |
45 | , *userstyle = | - |
46 | ((void *)0) | - |
47 | , *key_s = | - |
48 | ((void *)0) | - |
49 | , *ca_s = | - |
50 | ((void *)0) | - |
51 | ; | - |
52 | u_char *pkblob = | - |
53 | ((void *)0) | - |
54 | , *sig = | - |
55 | ((void *)0) | - |
56 | , have_sig; | - |
57 | size_t blen, slen; | - |
58 | int r, pktype; | - |
59 | int authenticated = 0; | - |
60 | struct sshauthopt *authopts = | - |
61 | ((void *)0) | - |
62 | ; | - |
63 | | - |
64 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_u8(ssh, &have_sig)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
65 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_cstring(ssh, &pkalg, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
66 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
67 | )) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
68 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
69 | fatal("%s: parse request failed: %s", __func__, ssh_err(r)); never executed: fatal("%s: parse request failed: %s", __func__, ssh_err(r)); | 0 |
70 | pktype = sshkey_type_from_name(pkalg); | - |
71 | if (pktype == KEY_UNSPECTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
72 | | - |
73 | verbose("%s: unsupported public key algorithm: %s", | - |
74 | __func__, pkalg); | - |
75 | goto never executed: goto done; done;never executed: goto done; | 0 |
76 | } | - |
77 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_from_blob(pkblob, blen, &key)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
78 | error("%s: could not parse key: %s", __func__, ssh_err(r)); | - |
79 | goto never executed: goto done; done;never executed: goto done; | 0 |
80 | } | - |
81 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
82 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
83 | ) { | - |
84 | error("%s: cannot decode key: %s", __func__, pkalg); | - |
85 | goto never executed: goto done; done;never executed: goto done; | 0 |
86 | } | - |
87 | if (key->type != pktypeTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
88 | error("%s: type mismatch for decoded key " | - |
89 | "(received %d, expected %d)", __func__, key->type, pktype); | - |
90 | goto never executed: goto done; done;never executed: goto done; | 0 |
91 | } | - |
92 | if (sshkey_type_plain(key->type) == KEY_RSATRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
93 | (TRUE | never evaluated | FALSE | never evaluated |
ssh->compat & 0x00002000) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
94 | logit("Refusing RSA key because client uses unsafe " | - |
95 | "signature scheme"); | - |
96 | goto never executed: goto done; done;never executed: goto done; | 0 |
97 | } | - |
98 | if (auth2_key_already_used(authctxt, key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
99 | logit("refusing previously-used %s key", sshkey_type(key)); | - |
100 | goto never executed: goto done; done;never executed: goto done; | 0 |
101 | } | - |
102 | if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
103 | logit("%s: key type %s not in PubkeyAcceptedKeyTypes", | - |
104 | __func__, sshkey_ssh_name(key)); | - |
105 | goto never executed: goto done; done;never executed: goto done; | 0 |
106 | } | - |
107 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_check_cert_sigtype(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
108 | options.ca_sign_algorithms)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
109 | logit("%s: certificate signature algorithm %s: %s", __func__, | - |
110 | (key->cert == | - |
111 | ((void *)0) | - |
112 | || key->cert->signature_type == | - |
113 | ((void *)0) | - |
114 | ) ? | - |
115 | "(null)" : key->cert->signature_type, ssh_err(r)); | - |
116 | goto never executed: goto done; done;never executed: goto done; | 0 |
117 | } | - |
118 | key_s = format_key(key); | - |
119 | if (sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
120 | ca_s = format_key(key->cert->signature_key); never executed: ca_s = format_key(key->cert->signature_key); | 0 |
121 | | - |
122 | if (have_sigTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
123 | debug3("%s: have %s signature for %s%s%s", | - |
124 | __func__, pkalg, key_s, | - |
125 | ca_s == | - |
126 | ((void *)0) | - |
127 | ? "" : " CA ", | - |
128 | ca_s == | - |
129 | ((void *)0) | - |
130 | ? "" : ca_s); | - |
131 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_string(ssh, &sig, &slen)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
132 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_end(ssh)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
133 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
134 | if ((TRUE | never evaluated | FALSE | never evaluated |
b = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
135 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
136 | ) | - |
137 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
138 | if (ssh->compat & 0x00000010TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
139 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put(b, session_id2,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
140 | session_id2_len)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
141 | fatal("%s: sshbuf_put session id: %s", never executed: fatal("%s: sshbuf_put session id: %s", __func__, ssh_err(r)); | 0 |
142 | __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_put session id: %s", __func__, ssh_err(r)); | 0 |
143 | } never executed: end of block else { | 0 |
144 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_string(b, session_id2,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
145 | session_id2_len)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
146 | fatal("%s: sshbuf_put_string session id: %s", never executed: fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); | 0 |
147 | __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); | 0 |
148 | } never executed: end of block | 0 |
149 | if (!authctxt->validTRUE | never evaluated | FALSE | never evaluated |
|| authctxt->user == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
150 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
151 | ) { | - |
152 | debug2("%s: disabled because of invalid user", | - |
153 | __func__); | - |
154 | goto never executed: goto done; done;never executed: goto done; | 0 |
155 | } | - |
156 | | - |
157 | xasprintf(&userstyle, "%s%s%s", authctxt->user, | - |
158 | authctxt->style ? ":" : "", | - |
159 | authctxt->style ? authctxt->style : ""); | - |
160 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_u8(b, 50)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
161 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_cstring(b, userstyle)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
162 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_cstring(b, authctxt->service)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
163 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_cstring(b, "publickey")) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
164 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_u8(b, have_sig)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
165 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_cstring(b, pkalg)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
166 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_string(b, pkblob, blen)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
167 | fatal("%s: build packet failed: %s", never executed: fatal("%s: build packet failed: %s", __func__, ssh_err(r)); | 0 |
168 | __func__, ssh_err(r)); never executed: fatal("%s: build packet failed: %s", __func__, ssh_err(r)); | 0 |
169 | | - |
170 | | - |
171 | | - |
172 | | - |
173 | authenticated = 0; | - |
174 | if ((TRUE | never evaluated | FALSE | never evaluated |
use_privsep ? mm_user_key_allowed(ssh, pw, key, 1, &authopts) : user_key_allowed(ssh, pw, key, 1, &authopts))TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
175 | (TRUE | never evaluated | FALSE | never evaluated |
use_privsep ? mm_sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), (ssh->compat & 0x00000002) == 0 ? pkalg : TRUE | never evaluated | FALSE | never evaluated |
| 0 |
176 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
177 | , ssh->compat) : sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), (ssh->compat & 0x00000002) == 0 ? pkalg : TRUE | never evaluated | FALSE | never evaluated |
| 0 |
178 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
179 | , ssh->compat))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
180 | | 0 |
181 | | 0 |
182 | == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
183 | authenticated = 1; | - |
184 | } never executed: end of block | 0 |
185 | auth2_record_key(authctxt, authenticated, key); | - |
186 | } never executed: end of block else { | 0 |
187 | debug("%s: test pkalg %s pkblob %s%s%s", | - |
188 | __func__, pkalg, key_s, | - |
189 | ca_s == | - |
190 | ((void *)0) | - |
191 | ? "" : " CA ", | - |
192 | ca_s == | - |
193 | ((void *)0) | - |
194 | ? "" : ca_s); | - |
195 | | - |
196 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_get_end(ssh)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
197 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
198 | | - |
199 | if (!authctxt->validTRUE | never evaluated | FALSE | never evaluated |
|| authctxt->user == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
200 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
201 | ) { | - |
202 | debug2("%s: disabled because of invalid user", | - |
203 | __func__); | - |
204 | goto never executed: goto done; done;never executed: goto done; | 0 |
205 | } | - |
206 | if ((TRUE | never evaluated | FALSE | never evaluated |
use_privsepTRUE | never evaluated | FALSE | never evaluated |
? mm_user_key_allowed(ssh, pw, key, 0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
207 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
208 | ) : user_key_allowed(ssh, pw, key, 0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
209 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
210 | ))TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
211 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_start(ssh, 60))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
212 | != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
213 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_put_cstring(ssh, pkalg)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
214 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_put_string(ssh, pkblob, blen)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
215 | (TRUE | never evaluated | FALSE | never evaluated |
r = sshpkt_send(ssh)) != 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
216 | (TRUE | never evaluated | FALSE | never evaluated |
r = ssh_packet_write_wait(ssh)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
217 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
218 | authctxt->postponed = 1; | - |
219 | } never executed: end of block | 0 |
220 | } never executed: end of block | 0 |
221 | done: code before this statement never executed: done: | 0 |
222 | if (authenticated == 1TRUE | never evaluated | FALSE | never evaluated |
&& auth_activate_options(ssh, authopts) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
223 | debug("%s: key options inconsistent with existing", __func__); | - |
224 | authenticated = 0; | - |
225 | } never executed: end of block | 0 |
226 | debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); | - |
227 | | - |
228 | sshbuf_free(b); | - |
229 | sshauthopt_free(authopts); | - |
230 | sshkey_free(key); | - |
231 | free(userstyle); | - |
232 | free(pkalg); | - |
233 | free(pkblob); | - |
234 | free(key_s); | - |
235 | free(ca_s); | - |
236 | free(sig); | - |
237 | return never executed: return authenticated; authenticated;never executed: return authenticated; | 0 |
238 | } | - |
239 | | - |
240 | static int | - |
241 | match_principals_option(const char *principal_list, struct sshkey_cert *cert) | - |
242 | { | - |
243 | char *result; | - |
244 | u_int i; | - |
245 | | - |
246 | | - |
247 | | - |
248 | for (i = 0; i < cert->nprincipalsTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
249 | if ((TRUE | never evaluated | FALSE | never evaluated |
result = match_list(cert->principals[i],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
250 | principal_list, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
251 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
252 | )) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
254 | ) { | - |
255 | debug3("matched principal from key options \"%.100s\"", | - |
256 | result); | - |
257 | free(result); | - |
258 | return never executed: return 1; 1;never executed: return 1; | 0 |
259 | } | - |
260 | } never executed: end of block | 0 |
261 | return never executed: return 0; 0;never executed: return 0; | 0 |
262 | } | - |
263 | | - |
264 | | - |
265 | | - |
266 | | - |
267 | | - |
268 | | - |
269 | static int | - |
270 | check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert, | - |
271 | const char *loc, struct sshauthopt **authoptsp) | - |
272 | { | - |
273 | u_int i, found = 0; | - |
274 | char *ep, *line_opts; | - |
275 | const char *reason = | - |
276 | ((void *)0) | - |
277 | ; | - |
278 | struct sshauthopt *opts = | - |
279 | ((void *)0) | - |
280 | ; | - |
281 | | - |
282 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
283 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
284 | ) | - |
285 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
286 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
287 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
288 | | - |
289 | | - |
290 | ep = cp + strlen(cp) - 1; | - |
291 | while (ep > cpTRUE | never evaluated | FALSE | never evaluated |
&& (*TRUE | never evaluated | FALSE | never evaluated |
ep == '\n'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
ep == ' 'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
ep == '\t'TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
292 | * never executed: *ep-- = '\0'; ep-- = '\0';never executed: *ep-- = '\0'; | 0 |
293 | | - |
294 | | - |
295 | | - |
296 | | - |
297 | | - |
298 | line_opts = | - |
299 | ((void *)0) | - |
300 | ; | - |
301 | if ((TRUE | never evaluated | FALSE | never evaluated |
ep = strrchr(cp, ' ')) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
302 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
303 | || | - |
304 | (TRUE | never evaluated | FALSE | never evaluated |
ep = strrchr(cp, '\t')) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
305 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
306 | ) { | - |
307 | for (; *TRUE | never evaluated | FALSE | never evaluated |
ep == ' 'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
ep == '\t'TRUE | never evaluated | FALSE | never evaluated |
; ep++) | 0 |
308 | ; never executed: ; | 0 |
309 | line_opts = cp; | - |
310 | cp = ep; | - |
311 | } never executed: end of block | 0 |
312 | if ((TRUE | never evaluated | FALSE | never evaluated |
opts = sshauthopt_parse(line_opts, &reason)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
313 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
314 | ) { | - |
315 | debug("%s: bad principals options: %s", loc, reason); | - |
316 | auth_debug_add("%s: bad principals options: %s", loc, reason); | - |
317 | return never executed: return -1; -1;never executed: return -1; | 0 |
318 | } | - |
319 | | - |
320 | for (i = 0; i < cert->nprincipalsTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
321 | if ( | - |
322 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
323 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
324 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
325 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
326 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
327 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
328 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
329 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
330 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
331 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
332 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
333 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
334 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
335 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
336 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
337 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
338 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
339 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
340 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
341 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
342 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
343 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
344 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
345 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
347 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
348 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
349 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
350 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
351 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
352 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
353 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
354 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
355 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
356 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
357 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
358 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
359 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
360 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
362 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
363 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
364 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
365 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
366 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
368 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]); | 0 |
369 | cpTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]); | 0 |
370 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
371 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
373 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
374 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
375 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
376 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
377 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
378 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
380 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
381 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
382 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
383 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
385 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
386 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
387 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
388 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
389 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
390 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
391 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
392 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
393 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
394 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
395 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
396 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( cert->principals[i] ))[3] - __s2[3]); | 0 |
397 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( cert->principals[i] ))[3] - __s2[3]); | 0 |
398 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
399 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
400 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
401 | cert->principals[i]TRUE | never evaluated | FALSE | never evaluated |
| 0 |
402 | )))); }) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
403 | != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
404 | continue; never executed: continue; | 0 |
405 | debug3("%s: matched principal \"%.100s\"", | - |
406 | loc, cert->principals[i]); | - |
407 | found = 1; | - |
408 | } never executed: end of block | 0 |
409 | if (foundTRUE | never evaluated | FALSE | never evaluated |
&& authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
410 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
411 | ) { | - |
412 | *authoptsp = opts; | - |
413 | opts = | - |
414 | ((void *)0) | - |
415 | ; | - |
416 | } never executed: end of block | 0 |
417 | sshauthopt_free(opts); | - |
418 | return never executed: return found ? 0 : -1; foundTRUE | never evaluated | FALSE | never evaluated |
? 0 : -1;never executed: return found ? 0 : -1; | 0 |
419 | } | - |
420 | | - |
421 | static int | - |
422 | process_principals(struct ssh *ssh, FILE *f, const char *file, | - |
423 | const struct sshkey_cert *cert, struct sshauthopt **authoptsp) | - |
424 | { | - |
425 | char loc[256], *line = | - |
426 | ((void *)0) | - |
427 | , *cp, *ep; | - |
428 | size_t linesize = 0; | - |
429 | u_long linenum = 0; | - |
430 | u_int found_principal = 0; | - |
431 | | - |
432 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
433 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
434 | ) | - |
435 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
436 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
437 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
438 | | - |
439 | while (getline(&line, &linesize, f) != -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
440 | linenum++; | - |
441 | | - |
442 | if (found_principalTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
443 | continue; never executed: continue; | 0 |
444 | | - |
445 | | - |
446 | for (cp = line; *TRUE | never evaluated | FALSE | never evaluated |
cp == ' 'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
cp == '\t'TRUE | never evaluated | FALSE | never evaluated |
; cp++) | 0 |
447 | ; never executed: ; | 0 |
448 | | - |
449 | if ((TRUE | never evaluated | FALSE | never evaluated |
ep = TRUE | never evaluated | FALSE | never evaluated |
| 0 |
450 | (__extension__ (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
451 | '#'TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
452 | )TRUE | never evaluated | FALSE | never evaluated |
&& !__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
453 | cpTRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
454 | )TRUE | never evaluated | FALSE | never evaluated |
&& (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
455 | '#'TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
456 | ) == '\0'TRUE | never evaluated | FALSE | never evaluated |
? (char *) __rawmemchr (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
457 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
458 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
459 | '#'TRUE | never evaluated | FALSE | never evaluated |
| 0 |
460 | ) : __builtin_strchr (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
461 | cpTRUE | never evaluated | FALSE | never evaluated |
| 0 |
462 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
463 | '#'TRUE | never evaluated | FALSE | never evaluated |
| 0 |
464 | )))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
465 | ) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
466 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
467 | ) | - |
468 | * never executed: *ep = '\0'; ep = '\0';never executed: *ep = '\0'; | 0 |
469 | if (!*cpTRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
cp == '\n'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
470 | continue; never executed: continue; | 0 |
471 | | - |
472 | snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); | - |
473 | if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
474 | found_principal = 1; never executed: found_principal = 1; | 0 |
475 | } never executed: end of block | 0 |
476 | free(line); | - |
477 | return never executed: return found_principal; found_principal;never executed: return found_principal; | 0 |
478 | } | - |
479 | | - |
480 | | - |
481 | | - |
482 | static int | - |
483 | match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, | - |
484 | struct sshkey_cert *cert, struct sshauthopt **authoptsp) | - |
485 | { | - |
486 | FILE *f; | - |
487 | int success; | - |
488 | | - |
489 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
490 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
491 | ) | - |
492 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
493 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
494 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
495 | | - |
496 | temporarily_use_uid(pw); | - |
497 | debug("trying authorized principals file %s", file); | - |
498 | if ((TRUE | never evaluated | FALSE | never evaluated |
f = auth_openprincipals(file, pw, options.strict_modes)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
499 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
500 | ) { | - |
501 | restore_uid(); | - |
502 | return never executed: return 0; 0;never executed: return 0; | 0 |
503 | } | - |
504 | success = process_principals(ssh, f, file, cert, authoptsp); | - |
505 | fclose(f); | - |
506 | restore_uid(); | - |
507 | return never executed: return success; success;never executed: return success; | 0 |
508 | } | - |
509 | | - |
510 | | - |
511 | | - |
512 | | - |
513 | | - |
514 | static int | - |
515 | match_principals_command(struct ssh *ssh, struct passwd *user_pw, | - |
516 | const struct sshkey *key, struct sshauthopt **authoptsp) | - |
517 | { | - |
518 | struct passwd *runas_pw = | - |
519 | ((void *)0) | - |
520 | ; | - |
521 | const struct sshkey_cert *cert = key->cert; | - |
522 | FILE *f = | - |
523 | ((void *)0) | - |
524 | ; | - |
525 | int r, ok, found_principal = 0; | - |
526 | int i, ac = 0, uid_swapped = 0; | - |
527 | pid_t pid; | - |
528 | char *tmp, *username = | - |
529 | ((void *)0) | - |
530 | , *command = | - |
531 | ((void *)0) | - |
532 | , **av = | - |
533 | ((void *)0) | - |
534 | ; | - |
535 | char *ca_fp = | - |
536 | ((void *)0) | - |
537 | , *key_fp = | - |
538 | ((void *)0) | - |
539 | , *catext = | - |
540 | ((void *)0) | - |
541 | , *keytext = | - |
542 | ((void *)0) | - |
543 | ; | - |
544 | char serial_s[16], uidstr[32]; | - |
545 | void (*osigchld)(int); | - |
546 | | - |
547 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
548 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
549 | ) | - |
550 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
551 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
552 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
553 | if (options.authorized_principals_command == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
554 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
555 | ) | - |
556 | return never executed: return 0; 0;never executed: return 0; | 0 |
557 | if (options.authorized_principals_command_user == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
558 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
559 | ) { | - |
560 | error("No user for AuthorizedPrincipalsCommand specified, " | - |
561 | "skipping"); | - |
562 | return never executed: return 0; 0;never executed: return 0; | 0 |
563 | } | - |
564 | | - |
565 | | - |
566 | | - |
567 | | - |
568 | | - |
569 | osigchld = mysignal( | - |
570 | 17 | - |
571 | , | - |
572 | ((__sighandler_t) 0) | - |
573 | ); | - |
574 | | - |
575 | | - |
576 | username = percent_expand(options.authorized_principals_command_user, | - |
577 | "u", user_pw->pw_name, (char *) | - |
578 | ((void *)0) | - |
579 | ); | - |
580 | runas_pw = getpwnam(username); | - |
581 | if (runas_pw == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
582 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
583 | ) { | - |
584 | error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s", | - |
585 | username, strerror( | - |
586 | (*__errno_location ()) | - |
587 | )); | - |
588 | goto never executed: goto out; out;never executed: goto out; | 0 |
589 | } | - |
590 | | - |
591 | | - |
592 | if (argv_split(options.authorized_principals_command, &ac, &av) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
593 | error("AuthorizedPrincipalsCommand \"%s\" contains " | - |
594 | "invalid quotes", command); | - |
595 | goto never executed: goto out; out;never executed: goto out; | 0 |
596 | } | - |
597 | if (ac == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
598 | error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments", | - |
599 | command); | - |
600 | goto never executed: goto out; out;never executed: goto out; | 0 |
601 | } | - |
602 | if ((TRUE | never evaluated | FALSE | never evaluated |
ca_fp = sshkey_fingerprint(cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
603 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
604 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
605 | ) { | - |
606 | error("%s: sshkey_fingerprint failed", __func__); | - |
607 | goto never executed: goto out; out;never executed: goto out; | 0 |
608 | } | - |
609 | if ((TRUE | never evaluated | FALSE | never evaluated |
key_fp = sshkey_fingerprint(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
610 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
611 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
612 | ) { | - |
613 | error("%s: sshkey_fingerprint failed", __func__); | - |
614 | goto never executed: goto out; out;never executed: goto out; | 0 |
615 | } | - |
616 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_to_base64(cert->signature_key, &catext)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
617 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
618 | goto never executed: goto out; out;never executed: goto out; | 0 |
619 | } | - |
620 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_to_base64(key, &keytext)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
621 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
622 | goto never executed: goto out; out;never executed: goto out; | 0 |
623 | } | - |
624 | snprintf(serial_s, sizeof(serial_s), "%llu", | - |
625 | (unsigned long long)cert->serial); | - |
626 | snprintf(uidstr, sizeof(uidstr), "%llu", | - |
627 | (unsigned long long)user_pw->pw_uid); | - |
628 | for (i = 1; i < acTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
629 | tmp = percent_expand(av[i], | - |
630 | "U", uidstr, | - |
631 | "u", user_pw->pw_name, | - |
632 | "h", user_pw->pw_dir, | - |
633 | "t", sshkey_ssh_name(key), | - |
634 | "T", sshkey_ssh_name(cert->signature_key), | - |
635 | "f", key_fp, | - |
636 | "F", ca_fp, | - |
637 | "k", keytext, | - |
638 | "K", catext, | - |
639 | "i", cert->key_id, | - |
640 | "s", serial_s, | - |
641 | (char *) | - |
642 | ((void *)0) | - |
643 | ); | - |
644 | if (tmp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
645 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
646 | ) | - |
647 | fatal("%s: percent_expand failed", __func__); never executed: fatal("%s: percent_expand failed", __func__); | 0 |
648 | free(av[i]); | - |
649 | av[i] = tmp; | - |
650 | } never executed: end of block | 0 |
651 | | - |
652 | command = argv_assemble(ac, av); | - |
653 | | - |
654 | if ((TRUE | never evaluated | FALSE | never evaluated |
pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
655 | ac, av, &f,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
656 | (1<<1)|(1<<2))) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
657 | goto never executed: goto out; out;never executed: goto out; | 0 |
658 | | - |
659 | uid_swapped = 1; | - |
660 | temporarily_use_uid(runas_pw); | - |
661 | | - |
662 | ok = process_principals(ssh, f, "(command)", cert, authoptsp); | - |
663 | | - |
664 | fclose(f); | - |
665 | f = | - |
666 | ((void *)0) | - |
667 | ; | - |
668 | | - |
669 | if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command, 0) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
670 | goto never executed: goto out; out;never executed: goto out; | 0 |
671 | | - |
672 | | - |
673 | found_principal = ok; | - |
674 | out: code before this statement never executed: out: | 0 |
675 | if (f != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
676 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
677 | ) | - |
678 | fclose(f); never executed: fclose(f); | 0 |
679 | mysignal( | - |
680 | 17 | - |
681 | ,osigchld); | - |
682 | for (i = 0; i < acTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
683 | free(av[i]); never executed: free(av[i]); | 0 |
684 | free(av); | - |
685 | if (uid_swappedTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
686 | restore_uid(); never executed: restore_uid(); | 0 |
687 | free(command); | - |
688 | free(username); | - |
689 | free(ca_fp); | - |
690 | free(key_fp); | - |
691 | free(catext); | - |
692 | free(keytext); | - |
693 | return never executed: return found_principal; found_principal;never executed: return found_principal; | 0 |
694 | } | - |
695 | | - |
696 | static void | - |
697 | skip_space(char **cpp) | - |
698 | { | - |
699 | char *cp; | - |
700 | | - |
701 | for (cp = *cpp; *TRUE | never evaluated | FALSE | never evaluated |
cp == ' 'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
cp == '\t'TRUE | never evaluated | FALSE | never evaluated |
; cp++) | 0 |
702 | ; never executed: ; | 0 |
703 | *cpp = cp; | - |
704 | } never executed: end of block | 0 |
705 | | - |
706 | | - |
707 | | - |
708 | | - |
709 | | - |
710 | | - |
711 | static int | - |
712 | advance_past_options(char **cpp) | - |
713 | { | - |
714 | char *cp = *cpp; | - |
715 | int quoted = 0; | - |
716 | | - |
717 | for (; *TRUE | never evaluated | FALSE | never evaluated |
cpTRUE | never evaluated | FALSE | never evaluated |
&& (quotedTRUE | never evaluated | FALSE | never evaluated |
|| (*TRUE | never evaluated | FALSE | never evaluated |
cp != ' 'TRUE | never evaluated | FALSE | never evaluated |
&& *TRUE | never evaluated | FALSE | never evaluated |
cp != '\t'TRUE | never evaluated | FALSE | never evaluated |
)); cp++) { | 0 |
718 | if (*TRUE | never evaluated | FALSE | never evaluated |
cp == '\\'TRUE | never evaluated | FALSE | never evaluated |
&& cp[1] == '"'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
719 | cp++; never executed: cp++; | 0 |
720 | else if (*TRUE | never evaluated | FALSE | never evaluated |
cp == '"'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
721 | quoted = !quoted; never executed: quoted = !quoted; | 0 |
722 | } never executed: end of block | 0 |
723 | *cpp = cp; | - |
724 | | - |
725 | return never executed: return (*cp == '\0' && quoted) ? -1 : 0; (*TRUE | never evaluated | FALSE | never evaluated |
cp == '\0'TRUE | never evaluated | FALSE | never evaluated |
&& quotedTRUE | never evaluated | FALSE | never evaluated |
) ? -1 : 0;never executed: return (*cp == '\0' && quoted) ? -1 : 0; | 0 |
726 | } | - |
727 | | - |
728 | | - |
729 | | - |
730 | | - |
731 | | - |
732 | | - |
733 | static int | - |
734 | check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
735 | char *cp, const char *loc, struct sshauthopt **authoptsp) | - |
736 | { | - |
737 | int want_keytype = sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
? KEY_UNSPEC : key->type; | 0 |
738 | struct sshkey *found = | - |
739 | ((void *)0) | - |
740 | ; | - |
741 | struct sshauthopt *keyopts = | - |
742 | ((void *)0) | - |
743 | , *certopts = | - |
744 | ((void *)0) | - |
745 | , *finalopts = | - |
746 | ((void *)0) | - |
747 | ; | - |
748 | char *key_options = | - |
749 | ((void *)0) | - |
750 | , *fp = | - |
751 | ((void *)0) | - |
752 | ; | - |
753 | const char *reason = | - |
754 | ((void *)0) | - |
755 | ; | - |
756 | int ret = -1; | - |
757 | | - |
758 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
759 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
760 | ) | - |
761 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
762 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
763 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
764 | | - |
765 | if ((TRUE | never evaluated | FALSE | never evaluated |
found = sshkey_new(want_keytype)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
766 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
767 | ) { | - |
768 | debug3("%s: keytype %d failed", __func__, want_keytype); | - |
769 | goto never executed: goto out; out;never executed: goto out; | 0 |
770 | } | - |
771 | | - |
772 | | - |
773 | | - |
774 | if (sshkey_read(found, &cp) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
775 | | - |
776 | debug2("%s: check options: '%s'", loc, cp); | - |
777 | key_options = cp; | - |
778 | if (advance_past_options(&cp) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
779 | reason = "invalid key option string"; | - |
780 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
781 | } | - |
782 | skip_space(&cp); | - |
783 | if (sshkey_read(found, &cp) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
784 | | - |
785 | debug2("%s: advance: '%s'", loc, cp); | - |
786 | goto never executed: goto out; out;never executed: goto out; | 0 |
787 | } | - |
788 | } never executed: end of block | 0 |
789 | | - |
790 | if ((TRUE | never evaluated | FALSE | never evaluated |
keyopts = sshauthopt_parse(key_options, &reason)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
791 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
792 | ) { | - |
793 | debug("%s: bad key options: %s", loc, reason); | - |
794 | auth_debug_add("%s: bad key options: %s", loc, reason); | - |
795 | goto never executed: goto out; out;never executed: goto out; | 0 |
796 | } | - |
797 | | - |
798 | if (sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
799 | | - |
800 | if (!sshkey_equal(found, key->cert->signature_key)TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
801 | !keyopts->cert_authorityTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
802 | goto never executed: goto out; out;never executed: goto out; | 0 |
803 | } never executed: end of block else { | 0 |
804 | | - |
805 | if (!sshkey_equal(found, key)TRUE | never evaluated | FALSE | never evaluated |
|| keyopts->cert_authorityTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
806 | goto never executed: goto out; out;never executed: goto out; | 0 |
807 | } never executed: end of block | 0 |
808 | | - |
809 | | - |
810 | if ((TRUE | never evaluated | FALSE | never evaluated |
fp = sshkey_fingerprint(found,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
811 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
812 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
813 | ) | - |
814 | fatal("%s: fingerprint failed", __func__); never executed: fatal("%s: fingerprint failed", __func__); | 0 |
815 | | - |
816 | debug("%s: matching %s found: %s %s", loc, | - |
817 | sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); | - |
818 | | - |
819 | if (auth_authorise_keyopts(ssh, pw, keyopts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
820 | sshkey_is_cert(key), loc) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
821 | reason = "Refused by key options"; | - |
822 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
823 | } | - |
824 | | - |
825 | if (!sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
826 | verbose("Accepted key %s %s found at %s", | - |
827 | sshkey_type(found), fp, loc); | - |
828 | finalopts = keyopts; | - |
829 | keyopts = | - |
830 | ((void *)0) | - |
831 | ; | - |
832 | goto never executed: goto success; success;never executed: goto success; | 0 |
833 | } | - |
834 | | - |
835 | | - |
836 | | - |
837 | | - |
838 | | - |
839 | | - |
840 | if ((TRUE | never evaluated | FALSE | never evaluated |
certopts = sshauthopt_from_cert(key)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
841 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
842 | ) { | - |
843 | reason = "Invalid certificate options"; | - |
844 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
845 | } | - |
846 | if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
847 | reason = "Refused by certificate options"; | - |
848 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
849 | } | - |
850 | if ((TRUE | never evaluated | FALSE | never evaluated |
finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
851 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
852 | ) | - |
853 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
854 | | - |
855 | | - |
856 | | - |
857 | | - |
858 | | - |
859 | | - |
860 | if (keyopts->cert_principals != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
861 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
862 | && | - |
863 | !match_principals_option(keyopts->cert_principals, key->cert)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
864 | reason = "Certificate does not contain an authorized principal"; | - |
865 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
866 | } | - |
867 | if (sshkey_cert_check_authority(key, 0, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
868 | keyopts->cert_principals == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
869 | ((void *)0) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
870 | ? pw->pw_name : TRUE | never evaluated | FALSE | never evaluated |
| 0 |
871 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
872 | , &reason) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
873 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
874 | | - |
875 | verbose("Accepted certificate ID \"%s\" (serial %llu) " | - |
876 | "signed by CA %s %s found at %s", | - |
877 | key->cert->key_id, | - |
878 | (unsigned long long)key->cert->serial, | - |
879 | sshkey_type(found), fp, loc); | - |
880 | | - |
881 | success: code before this statement never executed: success: | 0 |
882 | if (finalopts == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
883 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
884 | ) | - |
885 | fatal("%s: internal error: missing options", __func__); never executed: fatal("%s: internal error: missing options", __func__); | 0 |
886 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
887 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
888 | ) { | - |
889 | *authoptsp = finalopts; | - |
890 | finalopts = | - |
891 | ((void *)0) | - |
892 | ; | - |
893 | } never executed: end of block | 0 |
894 | | - |
895 | ret = 0; | - |
896 | goto never executed: goto out; out;never executed: goto out; | 0 |
897 | | - |
898 | fail_reason: | - |
899 | error("%s", reason); | - |
900 | auth_debug_add("%s", reason); | - |
901 | out: code before this statement never executed: out: | 0 |
902 | free(fp); | - |
903 | sshauthopt_free(keyopts); | - |
904 | sshauthopt_free(certopts); | - |
905 | sshauthopt_free(finalopts); | - |
906 | sshkey_free(found); | - |
907 | return never executed: return ret; ret;never executed: return ret; | 0 |
908 | } | - |
909 | | - |
910 | | - |
911 | | - |
912 | | - |
913 | | - |
914 | static int | - |
915 | check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, | - |
916 | char *file, struct sshkey *key, struct sshauthopt **authoptsp) | - |
917 | { | - |
918 | char *cp, *line = | - |
919 | ((void *)0) | - |
920 | , loc[256]; | - |
921 | size_t linesize = 0; | - |
922 | int found_key = 0; | - |
923 | u_long linenum = 0; | - |
924 | | - |
925 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
926 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
927 | ) | - |
928 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
929 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
930 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
931 | | - |
932 | while (getline(&line, &linesize, f) != -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
933 | linenum++; | - |
934 | | - |
935 | if (found_keyTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
936 | continue; never executed: continue; | 0 |
937 | | - |
938 | | - |
939 | cp = line; | - |
940 | skip_space(&cp); | - |
941 | if (!*cpTRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
cp == '\n'TRUE | never evaluated | FALSE | never evaluated |
|| *TRUE | never evaluated | FALSE | never evaluated |
cp == '#'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
942 | continue; never executed: continue; | 0 |
943 | snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); | - |
944 | if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
945 | found_key = 1; never executed: found_key = 1; | 0 |
946 | } never executed: end of block | 0 |
947 | free(line); | - |
948 | return never executed: return found_key; found_key;never executed: return found_key; | 0 |
949 | } | - |
950 | | - |
951 | | - |
952 | static int | - |
953 | user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
954 | struct sshauthopt **authoptsp) | - |
955 | { | - |
956 | char *ca_fp, *principals_file = | - |
957 | ((void *)0) | - |
958 | ; | - |
959 | const char *reason; | - |
960 | struct sshauthopt *principals_opts = | - |
961 | ((void *)0) | - |
962 | , *cert_opts = | - |
963 | ((void *)0) | - |
964 | ; | - |
965 | struct sshauthopt *final_opts = | - |
966 | ((void *)0) | - |
967 | ; | - |
968 | int r, ret = 0, found_principal = 0, use_authorized_principals; | - |
969 | | - |
970 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
971 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
972 | ) | - |
973 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
974 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
975 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
976 | | - |
977 | if (!sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
|| options.trusted_user_ca_keys == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
978 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
979 | ) | - |
980 | return never executed: return 0; 0;never executed: return 0; | 0 |
981 | | - |
982 | if ((TRUE | never evaluated | FALSE | never evaluated |
ca_fp = sshkey_fingerprint(key->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
983 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
984 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
985 | ) | - |
986 | return never executed: return 0; 0;never executed: return 0; | 0 |
987 | | - |
988 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_in_file(key->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
989 | options.trusted_user_ca_keys, 1, 0)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
990 | debug2("%s: CA %s %s is not listed in %s: %s", __func__, | - |
991 | sshkey_type(key->cert->signature_key), ca_fp, | - |
992 | options.trusted_user_ca_keys, ssh_err(r)); | - |
993 | goto never executed: goto out; out;never executed: goto out; | 0 |
994 | } | - |
995 | | - |
996 | | - |
997 | | - |
998 | | - |
999 | | - |
1000 | if ((TRUE | never evaluated | FALSE | never evaluated |
principals_file = authorized_principals_file(pw)) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1001 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1002 | ) { | - |
1003 | if (match_principals_file(ssh, pw, principals_file,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1004 | key->cert, &principals_opts)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1005 | found_principal = 1; never executed: found_principal = 1; | 0 |
1006 | } never executed: end of block | 0 |
1007 | | - |
1008 | if (!found_principalTRUE | never evaluated | FALSE | never evaluated |
&& match_principals_command(ssh, pw, key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1009 | &principals_opts)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1010 | found_principal = 1; never executed: found_principal = 1; | 0 |
1011 | | - |
1012 | use_authorized_principals = principals_file != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1013 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1014 | || | - |
1015 | options.authorized_principals_command != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1016 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1017 | ; | - |
1018 | if (!found_principalTRUE | never evaluated | FALSE | never evaluated |
&& use_authorized_principalsTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1019 | reason = "Certificate does not contain an authorized principal"; | - |
1020 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
1021 | } | - |
1022 | if (use_authorized_principalsTRUE | never evaluated | FALSE | never evaluated |
&& principals_opts == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1023 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1024 | ) | - |
1025 | fatal("%s: internal error: missing principals_opts", __func__); never executed: fatal("%s: internal error: missing principals_opts", __func__); | 0 |
1026 | if (sshkey_cert_check_authority(key, 0, 1,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1027 | use_authorized_principals ? TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1028 | ((void *)0) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1029 | : pw->pw_name, &reason) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1030 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
1031 | | - |
1032 | | - |
1033 | if ((TRUE | never evaluated | FALSE | never evaluated |
cert_opts = sshauthopt_from_cert(key)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1034 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1035 | ) { | - |
1036 | reason = "Invalid certificate options"; | - |
1037 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
1038 | } | - |
1039 | if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1040 | reason = "Refused by certificate options"; | - |
1041 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
1042 | } | - |
1043 | if (principals_opts == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1044 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1045 | ) { | - |
1046 | final_opts = cert_opts; | - |
1047 | cert_opts = | - |
1048 | ((void *)0) | - |
1049 | ; | - |
1050 | } never executed: end of block else { | 0 |
1051 | if (auth_authorise_keyopts(ssh, pw, principals_opts, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1052 | "principals") != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1053 | reason = "Refused by certificate principals options"; | - |
1054 | goto never executed: goto fail_reason; fail_reason;never executed: goto fail_reason; | 0 |
1055 | } | - |
1056 | if ((TRUE | never evaluated | FALSE | never evaluated |
final_opts = sshauthopt_merge(principals_opts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1057 | cert_opts, &reason)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1058 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1059 | ) { | - |
1060 | fail_reason: | - |
1061 | error("%s", reason); | - |
1062 | auth_debug_add("%s", reason); | - |
1063 | goto never executed: goto out; out;never executed: goto out; | 0 |
1064 | } | - |
1065 | } never executed: end of block | 0 |
1066 | | - |
1067 | | - |
1068 | verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " | - |
1069 | "%s CA %s via %s", key->cert->key_id, | - |
1070 | (unsigned long long)key->cert->serial, | - |
1071 | sshkey_type(key->cert->signature_key), ca_fp, | - |
1072 | options.trusted_user_ca_keys); | - |
1073 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1074 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1075 | ) { | - |
1076 | *authoptsp = final_opts; | - |
1077 | final_opts = | - |
1078 | ((void *)0) | - |
1079 | ; | - |
1080 | } never executed: end of block | 0 |
1081 | ret = 1; | - |
1082 | out: code before this statement never executed: out: | 0 |
1083 | sshauthopt_free(principals_opts); | - |
1084 | sshauthopt_free(cert_opts); | - |
1085 | sshauthopt_free(final_opts); | - |
1086 | free(principals_file); | - |
1087 | free(ca_fp); | - |
1088 | return never executed: return ret; ret;never executed: return ret; | 0 |
1089 | } | - |
1090 | | - |
1091 | | - |
1092 | | - |
1093 | | - |
1094 | | - |
1095 | static int | - |
1096 | user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
1097 | char *file, struct sshauthopt **authoptsp) | - |
1098 | { | - |
1099 | FILE *f; | - |
1100 | int found_key = 0; | - |
1101 | | - |
1102 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1103 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1104 | ) | - |
1105 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
1106 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
1107 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
1108 | | - |
1109 | | - |
1110 | temporarily_use_uid(pw); | - |
1111 | | - |
1112 | debug("trying public key file %s", file); | - |
1113 | if ((TRUE | never evaluated | FALSE | never evaluated |
f = auth_openkeyfile(file, pw, options.strict_modes)) != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1114 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1115 | ) { | - |
1116 | found_key = check_authkeys_file(ssh, pw, f, file, | - |
1117 | key, authoptsp); | - |
1118 | fclose(f); | - |
1119 | } never executed: end of block | 0 |
1120 | | - |
1121 | restore_uid(); | - |
1122 | return never executed: return found_key; found_key;never executed: return found_key; | 0 |
1123 | } | - |
1124 | | - |
1125 | | - |
1126 | | - |
1127 | | - |
1128 | | - |
1129 | static int | - |
1130 | user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | - |
1131 | struct sshkey *key, struct sshauthopt **authoptsp) | - |
1132 | { | - |
1133 | struct passwd *runas_pw = | - |
1134 | ((void *)0) | - |
1135 | ; | - |
1136 | FILE *f = | - |
1137 | ((void *)0) | - |
1138 | ; | - |
1139 | int r, ok, found_key = 0; | - |
1140 | int i, uid_swapped = 0, ac = 0; | - |
1141 | pid_t pid; | - |
1142 | char *username = | - |
1143 | ((void *)0) | - |
1144 | , *key_fp = | - |
1145 | ((void *)0) | - |
1146 | , *keytext = | - |
1147 | ((void *)0) | - |
1148 | ; | - |
1149 | char uidstr[32], *tmp, *command = | - |
1150 | ((void *)0) | - |
1151 | , **av = | - |
1152 | ((void *)0) | - |
1153 | ; | - |
1154 | void (*osigchld)(int); | - |
1155 | | - |
1156 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1157 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1158 | ) | - |
1159 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
1160 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
1161 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
1162 | if (options.authorized_keys_command == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1163 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1164 | ) | - |
1165 | return never executed: return 0; 0;never executed: return 0; | 0 |
1166 | if (options.authorized_keys_command_user == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1167 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1168 | ) { | - |
1169 | error("No user for AuthorizedKeysCommand specified, skipping"); | - |
1170 | return never executed: return 0; 0;never executed: return 0; | 0 |
1171 | } | - |
1172 | | - |
1173 | | - |
1174 | | - |
1175 | | - |
1176 | | - |
1177 | osigchld = mysignal( | - |
1178 | 17 | - |
1179 | , | - |
1180 | ((__sighandler_t) 0) | - |
1181 | ); | - |
1182 | | - |
1183 | | - |
1184 | username = percent_expand(options.authorized_keys_command_user, | - |
1185 | "u", user_pw->pw_name, (char *) | - |
1186 | ((void *)0) | - |
1187 | ); | - |
1188 | runas_pw = getpwnam(username); | - |
1189 | if (runas_pw == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1190 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1191 | ) { | - |
1192 | error("AuthorizedKeysCommandUser \"%s\" not found: %s", | - |
1193 | username, strerror( | - |
1194 | (*__errno_location ()) | - |
1195 | )); | - |
1196 | goto never executed: goto out; out;never executed: goto out; | 0 |
1197 | } | - |
1198 | | - |
1199 | | - |
1200 | if ((TRUE | never evaluated | FALSE | never evaluated |
key_fp = sshkey_fingerprint(key, options.fingerprint_hash,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1201 | SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1202 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1203 | ) { | - |
1204 | error("%s: sshkey_fingerprint failed", __func__); | - |
1205 | goto never executed: goto out; out;never executed: goto out; | 0 |
1206 | } | - |
1207 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_to_base64(key, &keytext)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1208 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
1209 | goto never executed: goto out; out;never executed: goto out; | 0 |
1210 | } | - |
1211 | | - |
1212 | | - |
1213 | if (argv_split(options.authorized_keys_command, &ac, &av) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1214 | error("AuthorizedKeysCommand \"%s\" contains invalid quotes", | - |
1215 | command); | - |
1216 | goto never executed: goto out; out;never executed: goto out; | 0 |
1217 | } | - |
1218 | if (ac == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1219 | error("AuthorizedKeysCommand \"%s\" yielded no arguments", | - |
1220 | command); | - |
1221 | goto never executed: goto out; out;never executed: goto out; | 0 |
1222 | } | - |
1223 | snprintf(uidstr, sizeof(uidstr), "%llu", | - |
1224 | (unsigned long long)user_pw->pw_uid); | - |
1225 | for (i = 1; i < acTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1226 | tmp = percent_expand(av[i], | - |
1227 | "U", uidstr, | - |
1228 | "u", user_pw->pw_name, | - |
1229 | "h", user_pw->pw_dir, | - |
1230 | "t", sshkey_ssh_name(key), | - |
1231 | "f", key_fp, | - |
1232 | "k", keytext, | - |
1233 | (char *) | - |
1234 | ((void *)0) | - |
1235 | ); | - |
1236 | if (tmp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1237 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1238 | ) | - |
1239 | fatal("%s: percent_expand failed", __func__); never executed: fatal("%s: percent_expand failed", __func__); | 0 |
1240 | free(av[i]); | - |
1241 | av[i] = tmp; | - |
1242 | } never executed: end of block | 0 |
1243 | | - |
1244 | command = argv_assemble(ac, av); | - |
1245 | | - |
1246 | | - |
1247 | | - |
1248 | | - |
1249 | | - |
1250 | | - |
1251 | if (ac == 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1252 | av = xreallocarray(av, ac + 2, sizeof(*av)); | - |
1253 | av[1] = xstrdup(user_pw->pw_name); | - |
1254 | av[2] = | - |
1255 | ((void *)0) | - |
1256 | ; | - |
1257 | | - |
1258 | free(command); | - |
1259 | xasprintf(&command, "%s %s", av[0], av[1]); | - |
1260 | } never executed: end of block | 0 |
1261 | | - |
1262 | if ((TRUE | never evaluated | FALSE | never evaluated |
pid = subprocess("AuthorizedKeysCommand", runas_pw, command,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1263 | ac, av, &f,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1264 | (1<<1)|(1<<2))) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1265 | goto never executed: goto out; out;never executed: goto out; | 0 |
1266 | | - |
1267 | uid_swapped = 1; | - |
1268 | temporarily_use_uid(runas_pw); | - |
1269 | | - |
1270 | ok = check_authkeys_file(ssh, user_pw, f, | - |
1271 | options.authorized_keys_command, key, authoptsp); | - |
1272 | | - |
1273 | fclose(f); | - |
1274 | f = | - |
1275 | ((void *)0) | - |
1276 | ; | - |
1277 | | - |
1278 | if (exited_cleanly(pid, "AuthorizedKeysCommand", command, 0) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1279 | goto never executed: goto out; out;never executed: goto out; | 0 |
1280 | | - |
1281 | | - |
1282 | found_key = ok; | - |
1283 | out: code before this statement never executed: out: | 0 |
1284 | if (f != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1285 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1286 | ) | - |
1287 | fclose(f); never executed: fclose(f); | 0 |
1288 | mysignal( | - |
1289 | 17 | - |
1290 | ,osigchld); | - |
1291 | for (i = 0; i < acTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1292 | free(av[i]); never executed: free(av[i]); | 0 |
1293 | free(av); | - |
1294 | if (uid_swappedTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1295 | restore_uid(); never executed: restore_uid(); | 0 |
1296 | free(command); | - |
1297 | free(username); | - |
1298 | free(key_fp); | - |
1299 | free(keytext); | - |
1300 | return never executed: return found_key; found_key;never executed: return found_key; | 0 |
1301 | } | - |
1302 | | - |
1303 | | - |
1304 | | - |
1305 | | - |
1306 | int | - |
1307 | user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
1308 | int auth_attempt, struct sshauthopt **authoptsp) | - |
1309 | { | - |
1310 | u_int success, i; | - |
1311 | char *file; | - |
1312 | struct sshauthopt *opts = | - |
1313 | ((void *)0) | - |
1314 | ; | - |
1315 | if (authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1316 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1317 | ) | - |
1318 | * never executed: *authoptsp = ((void *)0) ; authoptsp = never executed: *authoptsp = ((void *)0) ; | 0 |
1319 | ((void *)0) never executed: *authoptsp = ((void *)0) ; | 0 |
1320 | ; never executed: *authoptsp = ((void *)0) ; | 0 |
1321 | | - |
1322 | if (auth_key_is_revoked(key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1323 | return never executed: return 0; 0;never executed: return 0; | 0 |
1324 | if (sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1325 | auth_key_is_revoked(key->cert->signature_key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1326 | return never executed: return 0; 0;never executed: return 0; | 0 |
1327 | | - |
1328 | if ((TRUE | never evaluated | FALSE | never evaluated |
success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1329 | goto never executed: goto out; out;never executed: goto out; | 0 |
1330 | sshauthopt_free(opts); | - |
1331 | opts = | - |
1332 | ((void *)0) | - |
1333 | ; | - |
1334 | | - |
1335 | if ((TRUE | never evaluated | FALSE | never evaluated |
success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1336 | goto never executed: goto out; out;never executed: goto out; | 0 |
1337 | sshauthopt_free(opts); | - |
1338 | opts = | - |
1339 | ((void *)0) | - |
1340 | ; | - |
1341 | | - |
1342 | for (i = 0; !successTRUE | never evaluated | FALSE | never evaluated |
&& i < options.num_authkeys_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1343 | if (strcasecmp(options.authorized_keys_files[i], "none") == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1344 | continue; never executed: continue; | 0 |
1345 | file = expand_authorized_keys( | - |
1346 | options.authorized_keys_files[i], pw); | - |
1347 | success = user_key_allowed2(ssh, pw, key, file, &opts); | - |
1348 | free(file); | - |
1349 | } never executed: end of block | 0 |
1350 | | - |
1351 | out: code before this statement never executed: out: | 0 |
1352 | if (successTRUE | never evaluated | FALSE | never evaluated |
&& authoptsp != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1353 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1354 | ) { | - |
1355 | *authoptsp = opts; | - |
1356 | opts = | - |
1357 | ((void *)0) | - |
1358 | ; | - |
1359 | } never executed: end of block | 0 |
1360 | sshauthopt_free(opts); | - |
1361 | return never executed: return success; success;never executed: return success; | 0 |
1362 | } | - |
1363 | | - |
1364 | Authmethod method_pubkey = { | - |
1365 | "publickey", | - |
1366 | userauth_pubkey, | - |
1367 | &options.pubkey_authentication | - |
1368 | }; | - |
| | |