OpenCoverage

auth2-hostbased.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/auth2-hostbased.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5-
6-
7-
8-
9-
10-
11extern ServerOptions options;-
12extern u_char *session_id2;-
13extern u_int session_id2_len;-
14-
15static int-
16userauth_hostbased(struct ssh *ssh)-
17{-
18 Authctxt *authctxt = ssh->authctxt;-
19 struct sshbuf *b;-
20 struct sshkey *key = -
21 ((void *)0)-
22 ;-
23 char *pkalg, *cuser, *chost;-
24 u_char *pkblob, *sig;-
25 size_t alen, blen, slen;-
26 int r, pktype, authenticated = 0;-
27-
28-
29 if ((
(r = sshpkt_ge..., &alen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0
(r = sshpkt_ge..., &alen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
30 (
(r = sshpkt_ge..., &blen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0
(r = sshpkt_ge..., &blen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
31 (
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshpkt_get_cstring(ssh, &chost,
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
32 ((void *)0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
33 )) != 0
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
34 (
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshpkt_get_cstring(ssh, &cuser,
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
35 ((void *)0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
36 )) != 0
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
37 (
(r = sshpkt_ge..., &slen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshpkt_get_string(ssh, &sig, &slen)) != 0
(r = sshpkt_ge..., &slen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
38 fatal("%s: packet parsing: %s", __func__, ssh_err(r));
never executed: fatal("%s: packet parsing: %s", __func__, ssh_err(r));
0
39-
40 debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__,-
41 cuser, chost, pkalg, slen);-
42-
43-
44-
45-
46 pktype = sshkey_type_from_name(pkalg);-
47 if (pktype == KEY_UNSPEC
pktype == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
48-
49 logit("%s: unsupported public key algorithm: %s",-
50 __func__, pkalg);-
51 goto
never executed: goto done;
 done;
never executed: goto done;
0
52 }-
53 if ((
(r = sshkey_fr...n, &key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_from_blob(pkblob, blen, &key)) != 0
(r = sshkey_fr...n, &key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
54 error("%s: key_from_blob: %s", __func__, ssh_err(r));-
55 goto
never executed: goto done;
 done;
never executed: goto done;
0
56 }-
57 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
58 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
59 ) {-
60 error("%s: cannot decode key: %s", __func__, pkalg);-
61 goto
never executed: goto done;
 done;
never executed: goto done;
0
62 }-
63 if (key->type != pktype
key->type != pktypeDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
64 error("%s: type mismatch for decoded key "-
65 "(received %d, expected %d)", __func__, key->type, pktype);-
66 goto
never executed: goto done;
 done;
never executed: goto done;
0
67 }-
68 if (sshkey_type_plain(key->type) == KEY_RSA
sshkey_type_pl...pe) == KEY_RSADescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
69 (
(ssh->compat &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
ssh->compat & 0x00002000) != 0
(ssh->compat &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
70 error("Refusing RSA key because peer uses unsafe "-
71 "signature format");-
72 goto
never executed: goto done;
 done;
never executed: goto done;
0
73 }-
74 if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1
match_pattern_...types, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
75 logit("%s: key type %s not in HostbasedAcceptedKeyTypes",-
76 __func__, sshkey_type(key));-
77 goto
never executed: goto done;
 done;
never executed: goto done;
0
78 }-
79 if ((
(r = sshkey_ch...orithms)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_check_cert_sigtype(key,
(r = sshkey_ch...orithms)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
80 options.ca_sign_algorithms)) != 0
(r = sshkey_ch...orithms)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
81 logit("%s: certificate signature algorithm %s: %s", __func__,-
82 (key->cert == -
83 ((void *)0) -
84 || key->cert->signature_type == -
85 ((void *)0)-
86 ) ?-
87 "(null)" : key->cert->signature_type, ssh_err(r));-
88 goto
never executed: goto done;
 done;
never executed: goto done;
0
89 }-
90-
91 if (!authctxt->valid
!authctxt->validDescription
TRUEnever evaluated
FALSEnever evaluated
 || authctxt->user ==
authctxt->user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
92 ((void *)0)
authctxt->user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
93 ) {-
94 debug2("%s: disabled because of invalid user", __func__);-
95 goto
never executed: goto done;
 done;
never executed: goto done;
0
96 }-
97-
98 if ((
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
b = sshbuf_new()) ==
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
99 ((void *)0)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
100 )-
101 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
102-
103 if ((
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
104 (
(r = sshbuf_pu...8(b, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_u8(b, 50)) != 0
(r = sshbuf_pu...8(b, 50)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
105 (
(r = sshbuf_pu...t->user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_cstring(b, authctxt->user)) != 0
(r = sshbuf_pu...t->user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
106 (
(r = sshbuf_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_cstring(b, authctxt->service)) != 0
(r = sshbuf_pu...service)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
107 (
(r = sshbuf_pu...tbased")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_cstring(b, "hostbased")) != 0
(r = sshbuf_pu...tbased")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
108 (
(r = sshbuf_pu...g, alen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_string(b, pkalg, alen)) != 0
(r = sshbuf_pu...g, alen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
109 (
(r = sshbuf_pu...b, blen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_string(b, pkblob, blen)) != 0
(r = sshbuf_pu...b, blen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
110 (
(r = sshbuf_pu..., chost)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_cstring(b, chost)) != 0
(r = sshbuf_pu..., chost)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
111 (
(r = sshbuf_pu..., cuser)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_cstring(b, cuser)) != 0
(r = sshbuf_pu..., cuser)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
112 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
113-
114-
115-
116-
117 auth2_record_info(authctxt,-
118 "client user \"%.100s\", client host \"%.100s\"", cuser, chost);-
119-
120-
121 authenticated = 0;-
122 if ((
(use_privsep ?..., chost, key))Description
TRUEnever evaluated
FALSEnever evaluated
use_privsep ? mm_hostbased_key_allowed(authctxt->pw, cuser, chost, key) : hostbased_key_allowed(authctxt->pw, cuser, chost, key))
(use_privsep ?..., chost, key))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
123 (
(use_privsep ?...>compat)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
use_privsep ? mm_sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat) : sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat))
(use_privsep ?...>compat)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
124 == 0
(use_privsep ?...>compat)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
125 authenticated = 1;
never executed: authenticated = 1;
0
126-
127 auth2_record_key(authctxt, authenticated, key);-
128 sshbuf_free(b);-
129done:
code before this statement never executed: done:
0
130 debug2("%s: authenticated %d", __func__, authenticated);-
131 sshkey_free(key);-
132 free(pkalg);-
133 free(pkblob);-
134 free(cuser);-
135 free(chost);-
136 free(sig);-
137 return
never executed: return authenticated;
 authenticated;
never executed: return authenticated;
0
138}-
139-
140-
141int-
142hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,-
143 struct sshkey *key)-
144{-
145 struct ssh *ssh = active_state;-
146 const char *resolvedname, *ipaddr, *lookup, *reason;-
147 HostStatus host_status;-
148 int len;-
149 char *fp;-
150-
151 if (auth_key_is_revoked(key)
auth_key_is_revoked(key)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
152 return
never executed: return 0;
 0;
never executed: return 0;
0
153-
154 resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);-
155 ipaddr = ssh_remote_ipaddr(ssh);-
156-
157 debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,-
158 chost, resolvedname, ipaddr);-
159-
160 if (((
((len = strlen(chost)) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
len = strlen(chost)) > 0)
((len = strlen(chost)) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
 && chost[len - 1] == '.'
chost[len - 1] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
161 debug2("stripping trailing dot from chost %s", chost);-
162 chost[len - 1] = '\0';-
163 }
never executed: end of block
0
164-
165 if (options.hostbased_uses_name_from_packet_only
options.hostba...om_packet_onlyDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
166 if (auth_rhosts2(pw, cuser, chost, chost) == 0
auth_rhosts2(p...t, chost) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
167 debug2("%s: auth_rhosts2 refused "-
168 "user \"%.100s\" host \"%.100s\" (from packet)",-
169 __func__, cuser, chost);-
170 return
never executed: return 0;
 0;
never executed: return 0;
0
171 }-
172 lookup = chost;-
173 }
never executed: end of block
 else {		0
174 if (strcasecmp(resolvedname, chost) != 0
strcasecmp(res...e, chost) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
175 logit("userauth_hostbased mismatch: "
never executed: logit("userauth_hostbased mismatch: " "client sends %s, but we resolve %s to %s", chost, ipaddr, resolvedname);
0
176 "client sends %s, but we resolve %s to %s",
never executed: logit("userauth_hostbased mismatch: " "client sends %s, but we resolve %s to %s", chost, ipaddr, resolvedname);
0
177 chost, ipaddr, resolvedname);
never executed: logit("userauth_hostbased mismatch: " "client sends %s, but we resolve %s to %s", chost, ipaddr, resolvedname);
0
178 if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0
auth_rhosts2(p..., ipaddr) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
179 debug2("%s: auth_rhosts2 refused "-
180 "user \"%.100s\" host \"%.100s\" addr \"%.100s\"",-
181 __func__, cuser, resolvedname, ipaddr);-
182 return
never executed: return 0;
 0;
never executed: return 0;
0
183 }-
184 lookup = resolvedname;-
185 }
never executed: end of block
0
186 debug2("%s: access allowed by auth_rhosts2", __func__);-
187-
188 if (sshkey_is_cert(key)
sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
189 sshkey_cert_check_authority(key, 1, 0, lookup, &reason)
sshkey_cert_ch...okup, &reason)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
190 error("%s", reason);-
191 auth_debug_add("%s", reason);-
192 return
never executed: return 0;
 0;
never executed: return 0;
0
193 }-
194-
195 host_status = check_key_in_hostfiles(pw, key, lookup,-
196 "/var/tmp/openssh-test/etc" "/ssh_known_hosts",-
197 options.ignore_user_known_hosts ? -
198 ((void *)0) -
199 : "~/" ".ssh" "/known_hosts");-
200-
201-
202 if (host_status == HOST_NEW
host_status == HOST_NEWDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
203 host_status = check_key_in_hostfiles(pw, key, lookup,-
204 "/var/tmp/openssh-test/etc" "/ssh_known_hosts2",-
205 options.ignore_user_known_hosts ? -
206 ((void *)0) -
207 :-
208 "~/" ".ssh" "/known_hosts2");-
209 }
never executed: end of block
0
210-
211 if (host_status == HOST_OK
host_status == HOST_OKDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
212 if (sshkey_is_cert(key)
sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
213 if ((
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
fp = sshkey_fingerprint(key->cert->signature_key,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
214 options.fingerprint_hash, SSH_FP_DEFAULT)) ==
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
215 ((void *)0)
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
216 )-
217 fatal("%s: sshkey_fingerprint fail", __func__);
never executed: fatal("%s: sshkey_fingerprint fail", __func__);
0
218 verbose("Accepted certificate ID \"%s\" signed by "-
219 "%s CA %s from %s@%s", key->cert->key_id,-
220 sshkey_type(key->cert->signature_key), fp,-
221 cuser, lookup);-
222 }
never executed: end of block
 else {		0
223 if ((
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
fp = sshkey_fingerprint(key,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
224 options.fingerprint_hash, SSH_FP_DEFAULT)) ==
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
225 ((void *)0)
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
226 )-
227 fatal("%s: sshkey_fingerprint fail", __func__);
never executed: fatal("%s: sshkey_fingerprint fail", __func__);
0
228 verbose("Accepted %s public key %s from %s@%s",-
229 sshkey_type(key), fp, cuser, lookup);-
230 }
never executed: end of block
0
231 free(fp);-
232 }
never executed: end of block
0
233-
234 return
never executed: return (host_status == HOST_OK);
 (host_status == HOST_OK);
never executed: return (host_status == HOST_OK);
0
235}-
236-
237Authmethod method_hostbased = {-
238 "hostbased",-
239 userauth_hostbased,-
240 &options.hostbased_authentication-
241};-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2