Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | extern char *__progname; | - |
41 | | - |
42 | | - |
43 | ServerOptions options; | - |
44 | | - |
45 | | - |
46 | char *config_file_name = "/var/tmp/openssh-test/etc" "/sshd_config"; | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | int debug_flag = 0; | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | | - |
60 | | - |
61 | | - |
62 | int test_flag = 0; | - |
63 | | - |
64 | | - |
65 | int inetd_flag = 0; | - |
66 | | - |
67 | | - |
68 | int no_daemon_flag = 0; | - |
69 | | - |
70 | | - |
71 | int log_stderr = 0; | - |
72 | | - |
73 | | - |
74 | char **saved_argv; | - |
75 | int saved_argc; | - |
76 | | - |
77 | | - |
78 | int rexeced_flag = 0; | - |
79 | int rexec_flag = 1; | - |
80 | int rexec_argc = 0; | - |
81 | char **rexec_argv; | - |
82 | | - |
83 | | - |
84 | | - |
85 | | - |
86 | | - |
87 | | - |
88 | int listen_socks[16]; | - |
89 | int num_listen_socks = 0; | - |
90 | | - |
91 | | - |
92 | | - |
93 | | - |
94 | | - |
95 | char *client_version_string = | - |
96 | ((void *)0) | - |
97 | ; | - |
98 | char *server_version_string = | - |
99 | ((void *)0) | - |
100 | ; | - |
101 | | - |
102 | | - |
103 | int auth_sock = -1; | - |
104 | int have_agent = 0; | - |
105 | struct { | - |
106 | struct sshkey **host_keys; | - |
107 | struct sshkey **host_pubkeys; | - |
108 | struct sshkey **host_certificates; | - |
109 | int have_ssh2_key; | - |
110 | } sensitive_data; | - |
111 | | - |
112 | | - |
113 | static volatile sig_atomic_t received_sighup = 0; | - |
114 | static volatile sig_atomic_t received_sigterm = 0; | - |
115 | | - |
116 | | - |
117 | u_char session_id[16]; | - |
118 | | - |
119 | | - |
120 | u_char *session_id2 = | - |
121 | ((void *)0) | - |
122 | ; | - |
123 | u_int session_id2_len = 0; | - |
124 | | - |
125 | | - |
126 | u_int utmp_len = | - |
127 | 64 | - |
128 | +1; | - |
129 | | - |
130 | | - |
131 | int *startup_pipes = | - |
132 | ((void *)0) | - |
133 | ; | - |
134 | int startup_pipe; | - |
135 | | - |
136 | | - |
137 | int use_privsep = -1; | - |
138 | struct monitor *pmonitor = | - |
139 | ((void *)0) | - |
140 | ; | - |
141 | int privsep_is_preauth = 1; | - |
142 | static int privsep_chroot = 1; | - |
143 | | - |
144 | | - |
145 | Authctxt *the_authctxt = | - |
146 | ((void *)0) | - |
147 | ; | - |
148 | | - |
149 | | - |
150 | struct sshauthopt *auth_opts = | - |
151 | ((void *)0) | - |
152 | ; | - |
153 | | - |
154 | | - |
155 | struct sshbuf *cfg; | - |
156 | | - |
157 | | - |
158 | struct sshbuf *loginmsg; | - |
159 | | - |
160 | | - |
161 | struct passwd *privsep_pw = | - |
162 | ((void *)0) | - |
163 | ; | - |
164 | | - |
165 | | - |
166 | void destroy_sensitive_data(void); | - |
167 | void demote_sensitive_data(void); | - |
168 | static void do_ssh2_kex(void); | - |
169 | | - |
170 | | - |
171 | | - |
172 | | - |
173 | static void | - |
174 | close_listen_socks(void) | - |
175 | { | - |
176 | int i; | - |
177 | | - |
178 | for (i = 0; i < num_listen_socksTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
179 | close(listen_socks[i]); never executed: close(listen_socks[i]); | 0 |
180 | num_listen_socks = -1; | - |
181 | } never executed: end of block | 0 |
182 | | - |
183 | static void | - |
184 | close_startup_pipes(void) | - |
185 | { | - |
186 | int i; | - |
187 | | - |
188 | if (startup_pipesTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
189 | for (i = 0; i < options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
190 | if (startup_pipes[i] != -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
191 | close(startup_pipes[i]); never executed: close(startup_pipes[i]); | 0 |
192 | } never executed: end of block | 0 |
193 | static void | - |
194 | sighup_handler(int sig) | - |
195 | { | - |
196 | int save_errno = | - |
197 | (*__errno_location ()) | - |
198 | ; | - |
199 | | - |
200 | received_sighup = 1; | - |
201 | | - |
202 | (*__errno_location ()) | - |
203 | = save_errno; | - |
204 | } never executed: end of block | 0 |
205 | | - |
206 | | - |
207 | | - |
208 | | - |
209 | | - |
210 | static void | - |
211 | sighup_restart(void) | - |
212 | { | - |
213 | logit("Received SIGHUP; restarting."); | - |
214 | if (options.pid_file != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
215 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
216 | ) | - |
217 | unlink(options.pid_file); never executed: unlink(options.pid_file); | 0 |
218 | platform_pre_restart(); | - |
219 | close_listen_socks(); | - |
220 | close_startup_pipes(); | - |
221 | alarm(0); | - |
222 | mysignal( | - |
223 | 1 | - |
224 | , | - |
225 | ((__sighandler_t) 1) | - |
226 | ); | - |
227 | execv(saved_argv[0], saved_argv); | - |
228 | logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], | - |
229 | strerror( | - |
230 | (*__errno_location ()) | - |
231 | )); | - |
232 | exit(1); never executed: exit(1); | 0 |
233 | } | - |
234 | | - |
235 | | - |
236 | | - |
237 | | - |
238 | | - |
239 | static void | - |
240 | sigterm_handler(int sig) | - |
241 | { | - |
242 | received_sigterm = sig; | - |
243 | } never executed: end of block | 0 |
244 | | - |
245 | | - |
246 | | - |
247 | | - |
248 | | - |
249 | | - |
250 | static void | - |
251 | main_sigchld_handler(int sig) | - |
252 | { | - |
253 | int save_errno = | - |
254 | (*__errno_location ()) | - |
255 | ; | - |
256 | pid_t pid; | - |
257 | int status; | - |
258 | | - |
259 | while ((TRUE | never evaluated | FALSE | never evaluated |
pid = waitpid(-1, &status, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
260 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
261 | )) > 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
262 | (pid < 0TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
263 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
264 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
265 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
266 | )) | - |
267 | ; never executed: ; | 0 |
268 | | - |
269 | (*__errno_location ()) | - |
270 | = save_errno; | - |
271 | } never executed: end of block | 0 |
272 | | - |
273 | | - |
274 | | - |
275 | | - |
276 | | - |
277 | static void | - |
278 | grace_alarm_handler(int sig) | - |
279 | { | - |
280 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
&& pmonitor != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
281 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | && pmonitor->m_pid > 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
283 | kill(pmonitor->m_pid, never executed: kill(pmonitor->m_pid, 14 ); | 0 |
284 | 14 never executed: kill(pmonitor->m_pid, 14 ); | 0 |
285 | ); never executed: kill(pmonitor->m_pid, 14 ); | 0 |
286 | | - |
287 | | - |
288 | | - |
289 | | - |
290 | | - |
291 | if (getpgid(0) == getpid()TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
292 | mysignal( | - |
293 | 15 | - |
294 | , | - |
295 | ((__sighandler_t) 1) | - |
296 | ); | - |
297 | kill(0, | - |
298 | 15 | - |
299 | ); | - |
300 | } never executed: end of block | 0 |
301 | | - |
302 | | - |
303 | sigdie("Timeout before authentication for %s port %d", | - |
304 | ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); | - |
305 | } never executed: end of block | 0 |
306 | | - |
307 | static void | - |
308 | sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | - |
309 | { | - |
310 | u_int i; | - |
311 | int remote_major, remote_minor; | - |
312 | char *s; | - |
313 | char buf[256]; | - |
314 | char remote_version[256]; | - |
315 | | - |
316 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", | - |
317 | 2, 0, "OpenSSH_7.8", | - |
318 | *options.version_addendum == '\0' ? "" : " ", | - |
319 | options.version_addendum); | - |
320 | | - |
321 | | - |
322 | if (atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, server_version_string,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
323 | strlen(server_version_string))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
324 | != strlen(server_version_string)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
325 | logit("Could not write ident string to %s port %d", | - |
326 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | - |
327 | cleanup_exit(255); | - |
328 | } never executed: end of block | 0 |
329 | | - |
330 | | - |
331 | memset(buf, 0, sizeof(buf)); | - |
332 | for (i = 0; i < sizeof(buf) - 1TRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
333 | if (atomicio(read, sock_in, &buf[i], 1) != 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
334 | logit("Did not receive identification string " | - |
335 | "from %s port %d", | - |
336 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | - |
337 | cleanup_exit(255); | - |
338 | } never executed: end of block | 0 |
339 | if (buf[i] == '\r'TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
340 | buf[i] = 0; | - |
341 | | - |
342 | if (i == 12TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
343 | | - |
344 | (TRUE | never evaluated | FALSE | never evaluated |
__extension__ (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
345 | 12TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | )TRUE | never evaluated | FALSE | never evaluated |
&& ((__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
347 | bufTRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
348 | )TRUE | never evaluated | FALSE | never evaluated |
&& strlen (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
349 | bufTRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
350 | ) < ((size_t) (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
351 | 12TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
352 | ))TRUE | never evaluated | FALSE | never evaluated |
) || (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
353 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
354 | )TRUE | never evaluated | FALSE | never evaluated |
&& strlen (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
355 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
356 | ) < ((size_t) (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
357 | 12TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
358 | ))TRUE | never evaluated | FALSE | never evaluated |
)) ? __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
359 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
360 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
362 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
363 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
364 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
365 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
366 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
368 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
369 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
370 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
371 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
373 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
374 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
375 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
376 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
377 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
378 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
380 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
381 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
382 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
383 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
385 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
386 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
387 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
388 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
389 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
390 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
391 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
392 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
393 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
394 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
395 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
396 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
397 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
398 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
399 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
400 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
401 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
402 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
403 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
404 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]); | 0 |
405 | bufTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]); | 0 |
406 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
407 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
408 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
409 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
410 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
411 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
412 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
413 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
414 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
415 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
416 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
417 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
418 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
419 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
420 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
421 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
422 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
423 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
424 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
425 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
426 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
427 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
428 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
429 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
430 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
431 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
432 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( "SSH-1.5-W1.0" ))[3] - __s2[3]); | 0 |
433 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( "SSH-1.5-W1.0" ))[3] - __s2[3]); | 0 |
434 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
435 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
436 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
437 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
438 | )))); }) : strncmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
439 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
440 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
441 | "SSH-1.5-W1.0"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
442 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
443 | 12TRUE | never evaluated | FALSE | never evaluated |
| 0 |
444 | ))) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
445 | == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
446 | break; never executed: break; | 0 |
447 | continue; never executed: continue; | 0 |
448 | } | - |
449 | if (buf[i] == '\n'TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
450 | buf[i] = 0; | - |
451 | break; never executed: break; | 0 |
452 | } | - |
453 | } never executed: end of block | 0 |
454 | buf[sizeof(buf) - 1] = 0; | - |
455 | client_version_string = xstrdup(buf); | - |
456 | | - |
457 | | - |
458 | | - |
459 | | - |
460 | | - |
461 | if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
462 | &remote_major, &remote_minor, remote_version) != 3TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
463 | s = "Protocol mismatch.\n"; | - |
464 | (void) atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, s, strlen(s)); | - |
465 | logit("Bad protocol version identification '%.100s' " | - |
466 | "from %s port %d", client_version_string, | - |
467 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | - |
468 | close(sock_in); | - |
469 | close(sock_out); | - |
470 | cleanup_exit(255); | - |
471 | } never executed: end of block | 0 |
472 | debug("Client protocol version %d.%d; client software version %.100s", | - |
473 | remote_major, remote_minor, remote_version); | - |
474 | | - |
475 | ssh->compat = compat_datafellows(remote_version); | - |
476 | | - |
477 | if ((TRUE | never evaluated | FALSE | never evaluated |
ssh->compat & 0x00400000) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
478 | logit("probed from %s port %d with %s. Don't panic.", | - |
479 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), | - |
480 | client_version_string); | - |
481 | cleanup_exit(255); | - |
482 | } never executed: end of block | 0 |
483 | if ((TRUE | never evaluated | FALSE | never evaluated |
ssh->compat & 0x00000800) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
484 | logit("scanned from %s port %d with %s. Don't panic.", | - |
485 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), | - |
486 | client_version_string); | - |
487 | cleanup_exit(255); | - |
488 | } never executed: end of block | 0 |
489 | if ((TRUE | never evaluated | FALSE | never evaluated |
ssh->compat & 0x00002000) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
490 | logit("Client version \"%.100s\" uses unsafe RSA signature " | - |
491 | "scheme; disabling use of RSA keys", remote_version); | - |
492 | } never executed: end of block | 0 |
493 | | - |
494 | chop(server_version_string); | - |
495 | debug("Local version string %.200s", server_version_string); | - |
496 | | - |
497 | if (remote_major != 2TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
498 | !(remote_major == 1TRUE | never evaluated | FALSE | never evaluated |
&& remote_minor == 99TRUE | never evaluated | FALSE | never evaluated |
)) { | 0 |
499 | s = "Protocol major versions differ.\n"; | - |
500 | (void) atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, s, strlen(s)); | - |
501 | close(sock_in); | - |
502 | close(sock_out); | - |
503 | logit("Protocol major versions differ for %s port %d: " | - |
504 | "%.200s vs. %.200s", | - |
505 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), | - |
506 | server_version_string, client_version_string); | - |
507 | cleanup_exit(255); | - |
508 | } never executed: end of block | 0 |
509 | } never executed: end of block | 0 |
510 | | - |
511 | | - |
512 | void | - |
513 | destroy_sensitive_data(void) | - |
514 | { | - |
515 | u_int i; | - |
516 | | - |
517 | for (i = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
518 | if (sensitive_data.host_keys[i]TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
519 | sshkey_free(sensitive_data.host_keys[i]); | - |
520 | sensitive_data.host_keys[i] = | - |
521 | ((void *)0) | - |
522 | ; | - |
523 | } never executed: end of block | 0 |
524 | if (sensitive_data.host_certificates[i]TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
525 | sshkey_free(sensitive_data.host_certificates[i]); | - |
526 | sensitive_data.host_certificates[i] = | - |
527 | ((void *)0) | - |
528 | ; | - |
529 | } never executed: end of block | 0 |
530 | } never executed: end of block | 0 |
531 | } never executed: end of block | 0 |
532 | | - |
533 | | - |
534 | void | - |
535 | demote_sensitive_data(void) | - |
536 | { | - |
537 | struct sshkey *tmp; | - |
538 | u_int i; | - |
539 | int r; | - |
540 | | - |
541 | for (i = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
542 | if (sensitive_data.host_keys[i]TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
543 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_from_private(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
544 | sensitive_data.host_keys[i], &tmp)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
545 | fatal("could not demote host %s key: %s", never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r)); | 0 |
546 | sshkey_type(sensitive_data.host_keys[i]), never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r)); | 0 |
547 | ssh_err(r)); never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r)); | 0 |
548 | sshkey_free(sensitive_data.host_keys[i]); | - |
549 | sensitive_data.host_keys[i] = tmp; | - |
550 | } never executed: end of block | 0 |
551 | | - |
552 | } never executed: end of block | 0 |
553 | } never executed: end of block | 0 |
554 | | - |
555 | static void | - |
556 | reseed_prngs(void) | - |
557 | { | - |
558 | u_int32_t rnd[256]; | - |
559 | | - |
560 | | - |
561 | RAND_poll(); | - |
562 | | - |
563 | arc4random_stir(); | - |
564 | arc4random_buf(rnd, sizeof(rnd)); | - |
565 | | - |
566 | | - |
567 | RAND_seed(rnd, sizeof(rnd)); | - |
568 | | - |
569 | if ((TRUE | never evaluated | FALSE | never evaluated |
RAND_bytes((u_char *)rnd, 1)) != 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
570 | fatal("%s: RAND_bytes failed", __func__); never executed: fatal("%s: RAND_bytes failed", __func__); | 0 |
571 | | - |
572 | | - |
573 | explicit_bzero(rnd, sizeof(rnd)); | - |
574 | } never executed: end of block | 0 |
575 | | - |
576 | static void | - |
577 | privsep_preauth_child(void) | - |
578 | { | - |
579 | gid_t gidset[1]; | - |
580 | | - |
581 | | - |
582 | privsep_challenge_enable(); | - |
583 | | - |
584 | | - |
585 | | - |
586 | | - |
587 | | - |
588 | | - |
589 | reseed_prngs(); | - |
590 | | - |
591 | | - |
592 | demote_sensitive_data(); | - |
593 | | - |
594 | | - |
595 | if (privsep_chrootTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
596 | | - |
597 | if (chroot("/var/run/openssh-test") == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
598 | fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) )); | 0 |
599 | strerror( never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) )); | 0 |
600 | (*__errno_location ()) never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) )); | 0 |
601 | )); never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) )); | 0 |
602 | if (chdir("/") == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
603 | fatal("chdir(\"/\"): %s", strerror( never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
604 | (*__errno_location ()) never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
605 | )); never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
606 | | - |
607 | | - |
608 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, | - |
609 | (u_int)privsep_pw->pw_gid); | - |
610 | gidset[0] = privsep_pw->pw_gid; | - |
611 | if (setgroups(1, gidset) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
612 | fatal("setgroups: %.100s", strerror( never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) )); | 0 |
613 | (*__errno_location ()) never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) )); | 0 |
614 | )); never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) )); | 0 |
615 | permanently_set_uid(privsep_pw); | - |
616 | } never executed: end of block | 0 |
617 | } never executed: end of block | 0 |
618 | | - |
619 | static int | - |
620 | privsep_preauth(Authctxt *authctxt) | - |
621 | { | - |
622 | int status, r; | - |
623 | pid_t pid; | - |
624 | struct ssh_sandbox *box = | - |
625 | ((void *)0) | - |
626 | ; | - |
627 | | - |
628 | | - |
629 | pmonitor = monitor_init(); | - |
630 | | - |
631 | pmonitor->m_pkex = &active_state->kex; | - |
632 | | - |
633 | if (use_privsep == 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
634 | box = ssh_sandbox_init(pmonitor); never executed: box = ssh_sandbox_init(pmonitor); | 0 |
635 | pid = fork(); | - |
636 | if (pid == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
637 | fatal("fork of unprivileged child failed"); | - |
638 | } never executed: end of block else if (pid != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
639 | debug2("Network child is on pid %ld", (long)pid); | - |
640 | | - |
641 | pmonitor->m_pid = pid; | - |
642 | if (have_agentTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
643 | r = ssh_get_authentication_socket(&auth_sock); | - |
644 | if (r != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
645 | error("Could not get agent socket: %s", | - |
646 | ssh_err(r)); | - |
647 | have_agent = 0; | - |
648 | } never executed: end of block | 0 |
649 | } never executed: end of block | 0 |
650 | if (box != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
651 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
652 | ) | - |
653 | ssh_sandbox_parent_preauth(box, pid); never executed: ssh_sandbox_parent_preauth(box, pid); | 0 |
654 | monitor_child_preauth(authctxt, pmonitor); | - |
655 | | - |
656 | | - |
657 | while (waitpid(pid, &status, 0) < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
658 | if ( | - |
659 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
660 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
661 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
662 | ) | - |
663 | continue; never executed: continue; | 0 |
664 | pmonitor->m_pid = -1; | - |
665 | fatal("%s: waitpid: %s", __func__, strerror( | - |
666 | (*__errno_location ()) | - |
667 | )); | - |
668 | } never executed: end of block | 0 |
669 | privsep_is_preauth = 0; | - |
670 | pmonitor->m_pid = -1; | - |
671 | if ( | - |
672 | (((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
673 | statusTRUE | never evaluated | FALSE | never evaluated |
| 0 |
674 | ) & 0x7f) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
675 | ) { | - |
676 | if ( | - |
677 | (((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
678 | statusTRUE | never evaluated | FALSE | never evaluated |
| 0 |
679 | ) & 0xff00) >> 8) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
680 | != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
681 | fatal("%s: preauth child exited with status %d", never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
682 | __func__, never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
683 | ((( never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
684 | status never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
685 | ) & 0xff00) >> 8) never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
686 | ); never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) ); | 0 |
687 | } never executed: end of block else if ( | 0 |
688 | (((TRUE | never evaluated | FALSE | never evaluated |
signed char) (((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
689 | statusTRUE | never evaluated | FALSE | never evaluated |
| 0 |
690 | ) & 0x7f) + 1) >> 1) > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
691 | ) | - |
692 | fatal("%s: preauth child terminated by signal %d", never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
693 | __func__, never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
694 | (( never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
695 | status never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
696 | ) & 0x7f) never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
697 | ); never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) ); | 0 |
698 | if (box != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
699 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
700 | ) | - |
701 | ssh_sandbox_parent_finish(box); never executed: ssh_sandbox_parent_finish(box); | 0 |
702 | return never executed: return 1; 1;never executed: return 1; | 0 |
703 | } else { | - |
704 | | - |
705 | close(pmonitor->m_sendfd); | - |
706 | close(pmonitor->m_log_recvfd); | - |
707 | | - |
708 | | - |
709 | set_log_handler(mm_log_handler, pmonitor); | - |
710 | | - |
711 | privsep_preauth_child(); | - |
712 | setproctitle("%s", "[net]"); | - |
713 | if (box != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
714 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
715 | ) | - |
716 | ssh_sandbox_child(box); never executed: ssh_sandbox_child(box); | 0 |
717 | | - |
718 | return never executed: return 0; 0;never executed: return 0; | 0 |
719 | } | - |
720 | } | - |
721 | | - |
722 | static void | - |
723 | privsep_postauth(Authctxt *authctxt) | - |
724 | { | - |
725 | | - |
726 | | - |
727 | | - |
728 | if (authctxt->pw->pw_uid == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
729 | | - |
730 | | - |
731 | use_privsep = 0; | - |
732 | goto never executed: goto skip; skip;never executed: goto skip; | 0 |
733 | } | - |
734 | | - |
735 | | - |
736 | monitor_reinit(pmonitor); | - |
737 | | - |
738 | pmonitor->m_pid = fork(); | - |
739 | if (pmonitor->m_pid == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
740 | fatal("fork of unprivileged child failed"); never executed: fatal("fork of unprivileged child failed"); | 0 |
741 | else if (pmonitor->m_pid != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
742 | verbose("User child is on pid %ld", (long)pmonitor->m_pid); | - |
743 | sshbuf_reset(loginmsg); | - |
744 | monitor_clear_keystate(pmonitor); | - |
745 | monitor_child_postauth(pmonitor); | - |
746 | | - |
747 | | - |
748 | exit(0); never executed: exit(0); | 0 |
749 | } | - |
750 | | - |
751 | | - |
752 | | - |
753 | close(pmonitor->m_sendfd); | - |
754 | pmonitor->m_sendfd = -1; | - |
755 | | - |
756 | | - |
757 | demote_sensitive_data(); | - |
758 | | - |
759 | reseed_prngs(); | - |
760 | | - |
761 | | - |
762 | do_setusercontext(authctxt->pw); | - |
763 | | - |
764 | skip: code before this statement never executed: skip: | 0 |
765 | | - |
766 | monitor_apply_keystate(pmonitor); | - |
767 | | - |
768 | | - |
769 | | - |
770 | | - |
771 | | - |
772 | ssh_packet_set_authenticated(active_state); | - |
773 | } never executed: end of block | 0 |
774 | | - |
775 | static void | - |
776 | append_hostkey_type(struct sshbuf *b, const char *s) | - |
777 | { | - |
778 | int r; | - |
779 | | - |
780 | if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
781 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | - |
782 | __func__, s); | - |
783 | return; never executed: return; | 0 |
784 | } | - |
785 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
786 | fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); | 0 |
787 | } never executed: end of block | 0 |
788 | | - |
789 | static char * | - |
790 | list_hostkey_types(void) | - |
791 | { | - |
792 | struct sshbuf *b; | - |
793 | struct sshkey *key; | - |
794 | char *ret; | - |
795 | u_int i; | - |
796 | | - |
797 | if ((TRUE | never evaluated | FALSE | never evaluated |
b = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
798 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
799 | ) | - |
800 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
801 | for (i = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
802 | key = sensitive_data.host_keys[i]; | - |
803 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
804 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
805 | ) | - |
806 | key = sensitive_data.host_pubkeys[i]; never executed: key = sensitive_data.host_pubkeys[i]; | 0 |
807 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
808 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
809 | ) | - |
810 | continue; never executed: continue; | 0 |
811 | switch (key->type) { | - |
812 | case never executed: case KEY_RSA: KEY_RSA:never executed: case KEY_RSA: | 0 |
813 | | - |
814 | append_hostkey_type(b, "rsa-sha2-512"); | - |
815 | append_hostkey_type(b, "rsa-sha2-256"); | - |
816 | | - |
817 | case never executed: case KEY_DSA: KEY_DSA:never executed: case KEY_DSA: code before this statement never executed: case KEY_DSA: | 0 |
818 | case never executed: case KEY_ECDSA: KEY_ECDSA:never executed: case KEY_ECDSA: | 0 |
819 | case never executed: case KEY_ED25519: KEY_ED25519:never executed: case KEY_ED25519: | 0 |
820 | case never executed: case KEY_XMSS: KEY_XMSS:never executed: case KEY_XMSS: | 0 |
821 | append_hostkey_type(b, sshkey_ssh_name(key)); | - |
822 | break; never executed: break; | 0 |
823 | } | - |
824 | | - |
825 | key = sensitive_data.host_certificates[i]; | - |
826 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
827 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
828 | ) | - |
829 | continue; never executed: continue; | 0 |
830 | switch (key->type) { | - |
831 | case never executed: case KEY_RSA_CERT: KEY_RSA_CERT:never executed: case KEY_RSA_CERT: | 0 |
832 | | - |
833 | append_hostkey_type(b, | - |
834 | "rsa-sha2-512-cert-v01@openssh.com"); | - |
835 | append_hostkey_type(b, | - |
836 | "rsa-sha2-256-cert-v01@openssh.com"); | - |
837 | | - |
838 | case never executed: case KEY_DSA_CERT: KEY_DSA_CERT:never executed: case KEY_DSA_CERT: code before this statement never executed: case KEY_DSA_CERT: | 0 |
839 | case never executed: case KEY_ECDSA_CERT: KEY_ECDSA_CERT:never executed: case KEY_ECDSA_CERT: | 0 |
840 | case never executed: case KEY_ED25519_CERT: KEY_ED25519_CERT:never executed: case KEY_ED25519_CERT: | 0 |
841 | case never executed: case KEY_XMSS_CERT: KEY_XMSS_CERT:never executed: case KEY_XMSS_CERT: | 0 |
842 | append_hostkey_type(b, sshkey_ssh_name(key)); | - |
843 | break; never executed: break; | 0 |
844 | } | - |
845 | } never executed: end of block | 0 |
846 | if ((TRUE | never evaluated | FALSE | never evaluated |
ret = sshbuf_dup_string(b)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
847 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
848 | ) | - |
849 | fatal("%s: sshbuf_dup_string failed", __func__); never executed: fatal("%s: sshbuf_dup_string failed", __func__); | 0 |
850 | sshbuf_free(b); | - |
851 | debug("%s: %s", __func__, ret); | - |
852 | return never executed: return ret; ret;never executed: return ret; | 0 |
853 | } | - |
854 | | - |
855 | static struct sshkey * | - |
856 | get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) | - |
857 | { | - |
858 | u_int i; | - |
859 | struct sshkey *key; | - |
860 | | - |
861 | for (i = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
862 | switch (type) { | - |
863 | case never executed: case KEY_RSA_CERT: KEY_RSA_CERT:never executed: case KEY_RSA_CERT: | 0 |
864 | case never executed: case KEY_DSA_CERT: KEY_DSA_CERT:never executed: case KEY_DSA_CERT: | 0 |
865 | case never executed: case KEY_ECDSA_CERT: KEY_ECDSA_CERT:never executed: case KEY_ECDSA_CERT: | 0 |
866 | case never executed: case KEY_ED25519_CERT: KEY_ED25519_CERT:never executed: case KEY_ED25519_CERT: | 0 |
867 | case never executed: case KEY_XMSS_CERT: KEY_XMSS_CERT:never executed: case KEY_XMSS_CERT: | 0 |
868 | key = sensitive_data.host_certificates[i]; | - |
869 | break; never executed: break; | 0 |
870 | default never executed: default: :never executed: default: | 0 |
871 | key = sensitive_data.host_keys[i]; | - |
872 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
873 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
874 | && !need_privateTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
875 | key = sensitive_data.host_pubkeys[i]; never executed: key = sensitive_data.host_pubkeys[i]; | 0 |
876 | break; never executed: break; | 0 |
877 | } | - |
878 | if (key != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
879 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
880 | && key->type == typeTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
881 | (key->type != KEY_ECDSATRUE | never evaluated | FALSE | never evaluated |
|| key->ecdsa_nid == nidTRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
882 | return never executed: return need_private ? sensitive_data.host_keys[i] : key; need_privateTRUE | never evaluated | FALSE | never evaluated |
?never executed: return need_private ? sensitive_data.host_keys[i] : key; | 0 |
883 | sensitive_data.host_keys[i] : key; never executed: return need_private ? sensitive_data.host_keys[i] : key; | 0 |
884 | } never executed: end of block | 0 |
885 | return never executed: return ((void *)0) ; never executed: return ((void *)0) ; | 0 |
886 | ((void *)0) never executed: return ((void *)0) ; | 0 |
887 | ; never executed: return ((void *)0) ; | 0 |
888 | } | - |
889 | | - |
890 | struct sshkey * | - |
891 | get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) | - |
892 | { | - |
893 | return never executed: return get_hostkey_by_type(type, nid, 0, ssh); get_hostkey_by_type(type, nid, 0, ssh);never executed: return get_hostkey_by_type(type, nid, 0, ssh); | 0 |
894 | } | - |
895 | | - |
896 | struct sshkey * | - |
897 | get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) | - |
898 | { | - |
899 | return never executed: return get_hostkey_by_type(type, nid, 1, ssh); get_hostkey_by_type(type, nid, 1, ssh);never executed: return get_hostkey_by_type(type, nid, 1, ssh); | 0 |
900 | } | - |
901 | | - |
902 | struct sshkey * | - |
903 | get_hostkey_by_index(int ind) | - |
904 | { | - |
905 | if (ind < 0TRUE | never evaluated | FALSE | never evaluated |
|| (TRUE | never evaluated | FALSE | never evaluated |
u_int)ind >= options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
906 | return never executed: return ( ((void *)0) ); (never executed: return ( ((void *)0) ); | 0 |
907 | ((void *)0) never executed: return ( ((void *)0) ); | 0 |
908 | ); never executed: return ( ((void *)0) ); | 0 |
909 | return never executed: return (sensitive_data.host_keys[ind]); (sensitive_data.host_keys[ind]);never executed: return (sensitive_data.host_keys[ind]); | 0 |
910 | } | - |
911 | | - |
912 | struct sshkey * | - |
913 | get_hostkey_public_by_index(int ind, struct ssh *ssh) | - |
914 | { | - |
915 | if (ind < 0TRUE | never evaluated | FALSE | never evaluated |
|| (TRUE | never evaluated | FALSE | never evaluated |
u_int)ind >= options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
916 | return never executed: return ( ((void *)0) ); (never executed: return ( ((void *)0) ); | 0 |
917 | ((void *)0) never executed: return ( ((void *)0) ); | 0 |
918 | ); never executed: return ( ((void *)0) ); | 0 |
919 | return never executed: return (sensitive_data.host_pubkeys[ind]); (sensitive_data.host_pubkeys[ind]);never executed: return (sensitive_data.host_pubkeys[ind]); | 0 |
920 | } | - |
921 | | - |
922 | int | - |
923 | get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) | - |
924 | { | - |
925 | u_int i; | - |
926 | | - |
927 | for (i = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
928 | if (sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
929 | if (key == sensitive_data.host_certificates[i]TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
930 | (compareTRUE | never evaluated | FALSE | never evaluated |
&& sensitive_data.host_certificates[i]TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
931 | sshkey_equal(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
932 | sensitive_data.host_certificates[i])TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
933 | return never executed: return (i); (i);never executed: return (i); | 0 |
934 | } never executed: end of block else { | 0 |
935 | if (key == sensitive_data.host_keys[i]TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
936 | (compareTRUE | never evaluated | FALSE | never evaluated |
&& sensitive_data.host_keys[i]TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
937 | sshkey_equal(key, sensitive_data.host_keys[i])TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
938 | return never executed: return (i); (i);never executed: return (i); | 0 |
939 | if (key == sensitive_data.host_pubkeys[i]TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
940 | (compareTRUE | never evaluated | FALSE | never evaluated |
&& sensitive_data.host_pubkeys[i]TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
941 | sshkey_equal(key, sensitive_data.host_pubkeys[i])TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
942 | return never executed: return (i); (i);never executed: return (i); | 0 |
943 | } never executed: end of block | 0 |
944 | } | - |
945 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
946 | } | - |
947 | | - |
948 | | - |
949 | static void | - |
950 | notify_hostkeys(struct ssh *ssh) | - |
951 | { | - |
952 | struct sshbuf *buf; | - |
953 | struct sshkey *key; | - |
954 | u_int i, nkeys; | - |
955 | int r; | - |
956 | char *fp; | - |
957 | | - |
958 | | - |
959 | if (datafellows & 0x20000000TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
960 | return; never executed: return; | 0 |
961 | | - |
962 | if ((TRUE | never evaluated | FALSE | never evaluated |
buf = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
963 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
964 | ) | - |
965 | fatal("%s: sshbuf_new", __func__); never executed: fatal("%s: sshbuf_new", __func__); | 0 |
966 | for (i = nkeys = 0; i < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
967 | key = get_hostkey_public_by_index(i, ssh); | - |
968 | if (key == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
969 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
970 | || key->type == KEY_UNSPECTRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
971 | sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
972 | continue; never executed: continue; | 0 |
973 | fp = sshkey_fingerprint(key, options.fingerprint_hash, | - |
974 | SSH_FP_DEFAULT); | - |
975 | debug3("%s: key %d: %s %s", __func__, i, | - |
976 | sshkey_ssh_name(key), fp); | - |
977 | free(fp); | - |
978 | if (nkeys == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
979 | ssh_packet_start(active_state, (80)); | - |
980 | ssh_packet_put_cstring(active_state, ("hostkeys-00@openssh.com")); | - |
981 | ssh_packet_put_char(active_state, (0)); | - |
982 | } never executed: end of block | 0 |
983 | sshbuf_reset(buf); | - |
984 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_putb(key, buf)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
985 | fatal("%s: couldn't put hostkey %d: %s", never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r)); | 0 |
986 | __func__, i, ssh_err(r)); never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r)); | 0 |
987 | ssh_packet_put_string(active_state, (sshbuf_ptr(buf)), (sshbuf_len(buf))); | - |
988 | nkeys++; | - |
989 | } never executed: end of block | 0 |
990 | debug3("%s: sent %u hostkeys", __func__, nkeys); | - |
991 | if (nkeys == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
992 | fatal("%s: no hostkeys", __func__); never executed: fatal("%s: no hostkeys", __func__); | 0 |
993 | ssh_packet_send(active_state); | - |
994 | sshbuf_free(buf); | - |
995 | } never executed: end of block | 0 |
996 | | - |
997 | | - |
998 | | - |
999 | | - |
1000 | | - |
1001 | | - |
1002 | | - |
1003 | static int | - |
1004 | drop_connection(int startups) | - |
1005 | { | - |
1006 | int p, r; | - |
1007 | | - |
1008 | if (startups < options.max_startups_beginTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1009 | return never executed: return 0; 0;never executed: return 0; | 0 |
1010 | if (startups >= options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1011 | return never executed: return 1; 1;never executed: return 1; | 0 |
1012 | if (options.max_startups_rate == 100TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1013 | return never executed: return 1; 1;never executed: return 1; | 0 |
1014 | | - |
1015 | p = 100 - options.max_startups_rate; | - |
1016 | p *= startups - options.max_startups_begin; | - |
1017 | p /= options.max_startups - options.max_startups_begin; | - |
1018 | p += options.max_startups_rate; | - |
1019 | r = arc4random_uniform(100); | - |
1020 | | - |
1021 | debug("drop_connection: p %d, r %d", p, r); | - |
1022 | return never executed: return (r < p) ? 1 : 0; (TRUE | never evaluated | FALSE | never evaluated |
r < p)TRUE | never evaluated | FALSE | never evaluated |
? 1 : 0;never executed: return (r < p) ? 1 : 0; | 0 |
1023 | } | - |
1024 | | - |
1025 | static void | - |
1026 | usage(void) | - |
1027 | { | - |
1028 | fprintf( | - |
1029 | stderr | - |
1030 | , "%s, %s\n", | - |
1031 | "OpenSSH_7.8" "p1", | - |
1032 | | - |
1033 | SSLeay_version( | - |
1034 | 0 | - |
1035 | ) | - |
1036 | | - |
1037 | | - |
1038 | | - |
1039 | ); | - |
1040 | fprintf( | - |
1041 | stderr | - |
1042 | , | - |
1043 | "usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n" | - |
1044 | " [-E log_file] [-f config_file] [-g login_grace_time]\n" | - |
1045 | " [-h host_key_file] [-o option] [-p port] [-u len]\n" | - |
1046 | ); | - |
1047 | exit(1); never executed: exit(1); | 0 |
1048 | } | - |
1049 | | - |
1050 | static void | - |
1051 | send_rexec_state(int fd, struct sshbuf *conf) | - |
1052 | { | - |
1053 | struct sshbuf *m; | - |
1054 | int r; | - |
1055 | | - |
1056 | debug3("%s: entering fd = %d config len %zu", __func__, fd, | - |
1057 | sshbuf_len(conf)); | - |
1058 | | - |
1059 | | - |
1060 | | - |
1061 | | - |
1062 | | - |
1063 | | - |
1064 | if ((TRUE | never evaluated | FALSE | never evaluated |
m = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1065 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1066 | ) | - |
1067 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
1068 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put_stringb(m, conf)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1069 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1070 | | - |
1071 | | - |
1072 | | - |
1073 | | - |
1074 | | - |
1075 | if (ssh_msg_send(fd, 0, m) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1076 | fatal("%s: ssh_msg_send failed", __func__); never executed: fatal("%s: ssh_msg_send failed", __func__); | 0 |
1077 | | - |
1078 | sshbuf_free(m); | - |
1079 | | - |
1080 | debug3("%s: done", __func__); | - |
1081 | } never executed: end of block | 0 |
1082 | | - |
1083 | static void | - |
1084 | recv_rexec_state(int fd, struct sshbuf *conf) | - |
1085 | { | - |
1086 | struct sshbuf *m; | - |
1087 | u_char *cp, ver; | - |
1088 | size_t len; | - |
1089 | int r; | - |
1090 | | - |
1091 | debug3("%s: entering fd = %d", __func__, fd); | - |
1092 | | - |
1093 | if ((TRUE | never evaluated | FALSE | never evaluated |
m = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1094 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1095 | ) | - |
1096 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
1097 | if (ssh_msg_recv(fd, m) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1098 | fatal("%s: ssh_msg_recv failed", __func__); never executed: fatal("%s: ssh_msg_recv failed", __func__); | 0 |
1099 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_get_u8(m, &ver)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1100 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1101 | if (ver != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1102 | fatal("%s: rexec version mismatch", __func__); never executed: fatal("%s: rexec version mismatch", __func__); | 0 |
1103 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_get_string(m, &cp, &len)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1104 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1105 | if (conf != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1106 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1107 | && (TRUE | never evaluated | FALSE | never evaluated |
r = sshbuf_put(conf, cp, len))TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1108 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
1109 | | - |
1110 | | - |
1111 | | - |
1112 | | - |
1113 | free(cp); | - |
1114 | sshbuf_free(m); | - |
1115 | | - |
1116 | debug3("%s: done", __func__); | - |
1117 | } never executed: end of block | 0 |
1118 | | - |
1119 | | - |
1120 | static void | - |
1121 | server_accept_inetd(int *sock_in, int *sock_out) | - |
1122 | { | - |
1123 | int fd; | - |
1124 | | - |
1125 | startup_pipe = -1; | - |
1126 | if (rexeced_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1127 | close(( | - |
1128 | 2 | - |
1129 | + 3)); | - |
1130 | *sock_in = *sock_out = dup( | - |
1131 | 0 | - |
1132 | ); | - |
1133 | if (!debug_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1134 | startup_pipe = dup(( | - |
1135 | 2 | - |
1136 | + 2)); | - |
1137 | close(( | - |
1138 | 2 | - |
1139 | + 2)); | - |
1140 | } never executed: end of block | 0 |
1141 | } never executed: end of block else { | 0 |
1142 | *sock_in = dup( | - |
1143 | 0 | - |
1144 | ); | - |
1145 | *sock_out = dup( | - |
1146 | 1 | - |
1147 | ); | - |
1148 | } never executed: end of block | 0 |
1149 | | - |
1150 | | - |
1151 | | - |
1152 | | - |
1153 | | - |
1154 | if ((TRUE | never evaluated | FALSE | never evaluated |
fd = open(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1155 | "/dev/null"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1156 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1157 | 02TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1158 | , 0)) != -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1159 | dup2(fd, | - |
1160 | 0 | - |
1161 | ); | - |
1162 | dup2(fd, | - |
1163 | 1 | - |
1164 | ); | - |
1165 | if (!log_stderrTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1166 | dup2(fd, never executed: dup2(fd, 2 ); | 0 |
1167 | 2 never executed: dup2(fd, 2 ); | 0 |
1168 | ); never executed: dup2(fd, 2 ); | 0 |
1169 | if (fd > (log_stderr ? TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1170 | 2 TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1171 | : TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1172 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1173 | )TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1174 | close(fd); never executed: close(fd); | 0 |
1175 | } never executed: end of block | 0 |
1176 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); | - |
1177 | } never executed: end of block | 0 |
1178 | | - |
1179 | | - |
1180 | | - |
1181 | | - |
1182 | static void | - |
1183 | listen_on_addrs(struct listenaddr *la) | - |
1184 | { | - |
1185 | int ret, listen_sock; | - |
1186 | struct addrinfo *ai; | - |
1187 | char ntop[ | - |
1188 | 1025 | - |
1189 | ], strport[ | - |
1190 | 32 | - |
1191 | ]; | - |
1192 | | - |
1193 | for (ai = la->addrs; aiTRUE | never evaluated | FALSE | never evaluated |
; ai = ai->ai_next) { | 0 |
1194 | if (ai->ai_family != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1195 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1196 | && ai->ai_family != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1197 | 10TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1198 | ) | - |
1199 | continue; never executed: continue; | 0 |
1200 | if (num_listen_socks >= 16TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1201 | fatal("Too many listen sockets. " never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS"); | 0 |
1202 | "Enlarge MAX_LISTEN_SOCKS"); never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS"); | 0 |
1203 | if ((TRUE | never evaluated | FALSE | never evaluated |
ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1204 | ntop, sizeof(ntop), strport, sizeof(strport),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1205 | TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1206 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1207 | |TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1208 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1209 | )) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1210 | error("getnameinfo failed: %.100s", | - |
1211 | ssh_gai_strerror(ret)); | - |
1212 | continue; never executed: continue; | 0 |
1213 | } | - |
1214 | | - |
1215 | listen_sock = socket(ai->ai_family, ai->ai_socktype, | - |
1216 | ai->ai_protocol); | - |
1217 | if (listen_sock < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1218 | | - |
1219 | verbose("socket: %.100s", strerror( | - |
1220 | (*__errno_location ()) | - |
1221 | )); | - |
1222 | continue; never executed: continue; | 0 |
1223 | } | - |
1224 | if (set_nonblock(listen_sock) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1225 | close(listen_sock); | - |
1226 | continue; never executed: continue; | 0 |
1227 | } | - |
1228 | if (fcntl(listen_sock, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1229 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1230 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1231 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1232 | ) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1233 | verbose("socket: CLOEXEC: %s", strerror( | - |
1234 | (*__errno_location ()) | - |
1235 | )); | - |
1236 | close(listen_sock); | - |
1237 | continue; never executed: continue; | 0 |
1238 | } | - |
1239 | | - |
1240 | set_reuseaddr(listen_sock); | - |
1241 | if (la->rdomain != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1242 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1243 | && | - |
1244 | set_rdomain(listen_sock, la->rdomain) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1245 | close(listen_sock); | - |
1246 | continue; never executed: continue; | 0 |
1247 | } | - |
1248 | | - |
1249 | | - |
1250 | if (ai->ai_family == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1251 | 10TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1252 | ) | - |
1253 | sock_set_v6only(listen_sock); never executed: sock_set_v6only(listen_sock); | 0 |
1254 | | - |
1255 | debug("Bind to port %s on %s.", strport, ntop); | - |
1256 | | - |
1257 | | - |
1258 | if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1259 | error("Bind to port %s on %s failed: %.200s.", | - |
1260 | strport, ntop, strerror( | - |
1261 | (*__errno_location ()) | - |
1262 | )); | - |
1263 | close(listen_sock); | - |
1264 | continue; never executed: continue; | 0 |
1265 | } | - |
1266 | listen_socks[num_listen_socks] = listen_sock; | - |
1267 | num_listen_socks++; | - |
1268 | | - |
1269 | | - |
1270 | if (listen(listen_sock, 128) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1271 | fatal("listen on [%s]:%s: %.100s", never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) )); | 0 |
1272 | ntop, strport, strerror( never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) )); | 0 |
1273 | (*__errno_location ()) never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) )); | 0 |
1274 | )); never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) )); | 0 |
1275 | logit("Server listening on %s port %s%s%s.", | - |
1276 | ntop, strport, | - |
1277 | la->rdomain == | - |
1278 | ((void *)0) | - |
1279 | ? "" : " rdomain ", | - |
1280 | la->rdomain == | - |
1281 | ((void *)0) | - |
1282 | ? "" : la->rdomain); | - |
1283 | } never executed: end of block | 0 |
1284 | } never executed: end of block | 0 |
1285 | | - |
1286 | static void | - |
1287 | server_listen(void) | - |
1288 | { | - |
1289 | u_int i; | - |
1290 | | - |
1291 | for (i = 0; i < options.num_listen_addrsTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1292 | listen_on_addrs(&options.listen_addrs[i]); | - |
1293 | freeaddrinfo(options.listen_addrs[i].addrs); | - |
1294 | free(options.listen_addrs[i].rdomain); | - |
1295 | memset(&options.listen_addrs[i], 0, | - |
1296 | sizeof(options.listen_addrs[i])); | - |
1297 | } never executed: end of block | 0 |
1298 | free(options.listen_addrs); | - |
1299 | options.listen_addrs = | - |
1300 | ((void *)0) | - |
1301 | ; | - |
1302 | options.num_listen_addrs = 0; | - |
1303 | | - |
1304 | if (!num_listen_socksTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1305 | fatal("Cannot bind any address."); never executed: fatal("Cannot bind any address."); | 0 |
1306 | } never executed: end of block | 0 |
1307 | | - |
1308 | | - |
1309 | | - |
1310 | | - |
1311 | | - |
1312 | static void | - |
1313 | server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | - |
1314 | { | - |
1315 | fd_set *fdset; | - |
1316 | int i, j, ret, maxfd; | - |
1317 | int startups = 0; | - |
1318 | int startup_p[2] = { -1 , -1 }; | - |
1319 | struct sockaddr_storage from; | - |
1320 | socklen_t fromlen; | - |
1321 | pid_t pid; | - |
1322 | u_char rnd[256]; | - |
1323 | | - |
1324 | | - |
1325 | fdset = | - |
1326 | ((void *)0) | - |
1327 | ; | - |
1328 | maxfd = 0; | - |
1329 | for (i = 0; i < num_listen_socksTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1330 | if (listen_socks[i] > maxfdTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1331 | maxfd = listen_socks[i]; never executed: maxfd = listen_socks[i]; | 0 |
1332 | | - |
1333 | startup_pipes = xcalloc(options.max_startups, sizeof(int)); | - |
1334 | for (i = 0; i < options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1335 | startup_pipes[i] = -1; never executed: startup_pipes[i] = -1; | 0 |
1336 | | - |
1337 | | - |
1338 | | - |
1339 | | - |
1340 | | - |
1341 | for (;;) { | - |
1342 | if (received_sighupTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1343 | sighup_restart(); never executed: sighup_restart(); | 0 |
1344 | free(fdset); | - |
1345 | fdset = xcalloc( | - |
1346 | ((( | - |
1347 | maxfd + 1 | - |
1348 | ) + (((8 * (int) sizeof (__fd_mask))) - 1)) / ((8 * (int) sizeof (__fd_mask)))) | - |
1349 | , | - |
1350 | sizeof(fd_mask)); | - |
1351 | | - |
1352 | for (i = 0; i < num_listen_socksTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1353 | kludge_FD_SET(listen_socks[i], fdset); never executed: kludge_FD_SET(listen_socks[i], fdset); | 0 |
1354 | for (i = 0; i < options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1355 | if (startup_pipes[i] != -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1356 | kludge_FD_SET(startup_pipes[i], fdset); never executed: kludge_FD_SET(startup_pipes[i], fdset); | 0 |
1357 | | - |
1358 | | - |
1359 | ret = select(maxfd+1, fdset, | - |
1360 | ((void *)0) | - |
1361 | , | - |
1362 | ((void *)0) | - |
1363 | , | - |
1364 | ((void *)0) | - |
1365 | ); | - |
1366 | if (ret < 0TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1367 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1368 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1369 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1370 | ) | - |
1371 | error("select: %.100s", strerror( never executed: error("select: %.100s", strerror( (*__errno_location ()) )); | 0 |
1372 | (*__errno_location ()) never executed: error("select: %.100s", strerror( (*__errno_location ()) )); | 0 |
1373 | )); never executed: error("select: %.100s", strerror( (*__errno_location ()) )); | 0 |
1374 | if (received_sigtermTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1375 | logit("Received signal %d; terminating.", | - |
1376 | (int) received_sigterm); | - |
1377 | close_listen_socks(); | - |
1378 | if (options.pid_file != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1379 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1380 | ) | - |
1381 | unlink(options.pid_file); never executed: unlink(options.pid_file); | 0 |
1382 | exit(received_sigterm == never executed: exit(received_sigterm == 15 ? 0 : 255); | 0 |
1383 | 15 never executed: exit(received_sigterm == 15 ? 0 : 255); | 0 |
1384 | ? 0 : 255); never executed: exit(received_sigterm == 15 ? 0 : 255); | 0 |
1385 | } | - |
1386 | if (ret < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1387 | continue; never executed: continue; | 0 |
1388 | | - |
1389 | for (i = 0; i < options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1390 | if (startup_pipes[i] != -1TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1391 | kludge_FD_ISSET(startup_pipes[i], fdset)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1392 | | - |
1393 | | - |
1394 | | - |
1395 | | - |
1396 | | - |
1397 | | - |
1398 | close(startup_pipes[i]); | - |
1399 | startup_pipes[i] = -1; | - |
1400 | startups--; | - |
1401 | } never executed: end of block | 0 |
1402 | for (i = 0; i < num_listen_socksTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1403 | if (!kludge_FD_ISSET(listen_socks[i], fdset)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1404 | continue; never executed: continue; | 0 |
1405 | fromlen = sizeof(from); | - |
1406 | *newsock = accept(listen_socks[i], | - |
1407 | (struct sockaddr *)&from, &fromlen); | - |
1408 | if (*TRUE | never evaluated | FALSE | never evaluated |
newsock < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1409 | if ( | - |
1410 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1411 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1412 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1413 | && | - |
1414 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1415 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1416 | 11TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1417 | && | - |
1418 | | - |
1419 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1420 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1421 | 103TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1422 | && | - |
1423 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1424 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1425 | 11TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1426 | ) | - |
1427 | error("accept: %.100s", never executed: error("accept: %.100s", strerror( (*__errno_location ()) )); | 0 |
1428 | strerror( never executed: error("accept: %.100s", strerror( (*__errno_location ()) )); | 0 |
1429 | (*__errno_location ()) never executed: error("accept: %.100s", strerror( (*__errno_location ()) )); | 0 |
1430 | )); never executed: error("accept: %.100s", strerror( (*__errno_location ()) )); | 0 |
1431 | if ( | - |
1432 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1433 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1434 | 24TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1435 | || | - |
1436 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1437 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1438 | 23TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1439 | ) | - |
1440 | usleep(100 * 1000); never executed: usleep(100 * 1000); | 0 |
1441 | continue; never executed: continue; | 0 |
1442 | } | - |
1443 | if (unset_nonblock(*newsock) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1444 | close(*newsock); | - |
1445 | continue; never executed: continue; | 0 |
1446 | } | - |
1447 | if (drop_connection(startups) == 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1448 | char *laddr = get_local_ipaddr(*newsock); | - |
1449 | char *raddr = get_peer_ipaddr(*newsock); | - |
1450 | | - |
1451 | verbose("drop connection #%d from [%s]:%d " | - |
1452 | "on [%s]:%d past MaxStartups", startups, | - |
1453 | raddr, get_peer_port(*newsock), | - |
1454 | laddr, get_local_port(*newsock)); | - |
1455 | free(laddr); | - |
1456 | free(raddr); | - |
1457 | close(*newsock); | - |
1458 | continue; never executed: continue; | 0 |
1459 | } | - |
1460 | if (pipe(startup_p) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1461 | close(*newsock); | - |
1462 | continue; never executed: continue; | 0 |
1463 | } | - |
1464 | | - |
1465 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
&& socketpair(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1466 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1467 | ,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1468 | TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1469 | SOCK_STREAMTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1470 | , 0, config_s) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1471 | error("reexec socketpair: %s", | - |
1472 | strerror( | - |
1473 | (*__errno_location ()) | - |
1474 | )); | - |
1475 | close(*newsock); | - |
1476 | close(startup_p[0]); | - |
1477 | close(startup_p[1]); | - |
1478 | continue; never executed: continue; | 0 |
1479 | } | - |
1480 | | - |
1481 | for (j = 0; j < options.max_startupsTRUE | never evaluated | FALSE | never evaluated |
; j++) | 0 |
1482 | if (startup_pipes[j] == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1483 | startup_pipes[j] = startup_p[0]; | - |
1484 | if (maxfd < startup_p[0]TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1485 | maxfd = startup_p[0]; never executed: maxfd = startup_p[0]; | 0 |
1486 | startups++; | - |
1487 | break; never executed: break; | 0 |
1488 | } | - |
1489 | | - |
1490 | | - |
1491 | | - |
1492 | | - |
1493 | | - |
1494 | if (debug_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1495 | | - |
1496 | | - |
1497 | | - |
1498 | | - |
1499 | | - |
1500 | debug("Server will not fork when running in debugging mode."); | - |
1501 | close_listen_socks(); | - |
1502 | *sock_in = *newsock; | - |
1503 | *sock_out = *newsock; | - |
1504 | close(startup_p[0]); | - |
1505 | close(startup_p[1]); | - |
1506 | startup_pipe = -1; | - |
1507 | pid = getpid(); | - |
1508 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1509 | send_rexec_state(config_s[0], cfg); | - |
1510 | close(config_s[0]); | - |
1511 | } never executed: end of block | 0 |
1512 | break; never executed: break; | 0 |
1513 | } | - |
1514 | | - |
1515 | | - |
1516 | | - |
1517 | | - |
1518 | | - |
1519 | | - |
1520 | platform_pre_fork(); | - |
1521 | if ((TRUE | never evaluated | FALSE | never evaluated |
pid = fork()) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1522 | platform_post_fork_child(); | - |
1523 | startup_pipe = startup_p[1]; | - |
1524 | close_startup_pipes(); | - |
1525 | close_listen_socks(); | - |
1526 | *sock_in = *newsock; | - |
1527 | *sock_out = *newsock; | - |
1528 | log_init(__progname, | - |
1529 | options.log_level, | - |
1530 | options.log_facility, | - |
1531 | log_stderr); | - |
1532 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1533 | close(config_s[0]); never executed: close(config_s[0]); | 0 |
1534 | break; never executed: break; | 0 |
1535 | } | - |
1536 | | - |
1537 | | - |
1538 | platform_post_fork_parent(pid); | - |
1539 | if (pid < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1540 | error("fork: %.100s", strerror( never executed: error("fork: %.100s", strerror( (*__errno_location ()) )); | 0 |
1541 | (*__errno_location ()) never executed: error("fork: %.100s", strerror( (*__errno_location ()) )); | 0 |
1542 | )); never executed: error("fork: %.100s", strerror( (*__errno_location ()) )); | 0 |
1543 | else | - |
1544 | debug("Forked child %ld.", (long)pid); never executed: debug("Forked child %ld.", (long)pid); | 0 |
1545 | | - |
1546 | close(startup_p[1]); | - |
1547 | | - |
1548 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1549 | send_rexec_state(config_s[0], cfg); | - |
1550 | close(config_s[0]); | - |
1551 | close(config_s[1]); | - |
1552 | } never executed: end of block | 0 |
1553 | close(*newsock); | - |
1554 | | - |
1555 | | - |
1556 | | - |
1557 | | - |
1558 | | - |
1559 | arc4random_stir(); | - |
1560 | arc4random_buf(rnd, sizeof(rnd)); | - |
1561 | | - |
1562 | RAND_seed(rnd, sizeof(rnd)); | - |
1563 | if ((TRUE | never evaluated | FALSE | never evaluated |
RAND_bytes((u_char *)rnd, 1)) != 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1564 | fatal("%s: RAND_bytes failed", __func__); never executed: fatal("%s: RAND_bytes failed", __func__); | 0 |
1565 | | - |
1566 | explicit_bzero(rnd, sizeof(rnd)); | - |
1567 | } never executed: end of block | 0 |
1568 | | - |
1569 | | - |
1570 | if (num_listen_socks < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1571 | break; never executed: break; | 0 |
1572 | } never executed: end of block | 0 |
1573 | } never executed: end of block | 0 |
1574 | static void | - |
1575 | check_ip_options(struct ssh *ssh) | - |
1576 | { | - |
1577 | | - |
1578 | int sock_in = ssh_packet_get_connection_in(ssh); | - |
1579 | struct sockaddr_storage from; | - |
1580 | u_char opts[200]; | - |
1581 | socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from); | - |
1582 | char text[sizeof(opts) * 3 + 1]; | - |
1583 | | - |
1584 | memset(&from, 0, sizeof(from)); | - |
1585 | if (getpeername(sock_in, (struct sockaddr *)&from,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1586 | &fromlen) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1587 | return; never executed: return; | 0 |
1588 | if (from.ss_family != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1589 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1590 | ) | - |
1591 | return; never executed: return; | 0 |
1592 | | - |
1593 | | - |
1594 | if (getsockopt(sock_in, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1595 | IPPROTO_IPTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1596 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1597 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1598 | , opts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1599 | &option_size) >= 0TRUE | never evaluated | FALSE | never evaluated |
&& option_size != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1600 | text[0] = '\0'; | - |
1601 | for (i = 0; i < option_sizeTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1602 | snprintf(text + i*3, sizeof(text) - i*3, never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]); | 0 |
1603 | " %2.2x", opts[i]); never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]); | 0 |
1604 | fatal("Connection from %.100s port %d with IP opts: %.800s", | - |
1605 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); | - |
1606 | } never executed: end of block | 0 |
1607 | return; never executed: return; | 0 |
1608 | | - |
1609 | } | - |
1610 | | - |
1611 | | - |
1612 | static void | - |
1613 | set_process_rdomain(struct ssh *ssh, const char *name) | - |
1614 | { | - |
1615 | fatal("Unable to set routing domain: not supported in this platform"); | - |
1616 | | - |
1617 | } never executed: end of block | 0 |
1618 | | - |
1619 | static void | - |
1620 | accumulate_host_timing_secret(struct sshbuf *server_cfg, | - |
1621 | const struct sshkey *key) | - |
1622 | { | - |
1623 | static struct ssh_digest_ctx *ctx; | - |
1624 | u_char *hash; | - |
1625 | size_t len; | - |
1626 | struct sshbuf *buf; | - |
1627 | int r; | - |
1628 | | - |
1629 | if (ctx == TRUE | evaluated 2 times by 1 test | FALSE | evaluated 4 times by 1 test |
| 2-4 |
1630 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | evaluated 4 times by 1 test |
| 2-4 |
1631 | && (TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
ctx = ssh_digest_start(4)) == TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1632 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1633 | ) | - |
1634 | fatal("%s: ssh_digest_start", __func__); never executed: fatal("%s: ssh_digest_start", __func__); | 0 |
1635 | if (key == TRUE | evaluated 2 times by 1 test | FALSE | evaluated 4 times by 1 test |
| 2-4 |
1636 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | evaluated 4 times by 1 test |
| 2-4 |
1637 | ) { | - |
1638 | | - |
1639 | if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1640 | sshbuf_len(server_cfg)) != 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
1641 | fatal("%s: ssh_digest_update", __func__); never executed: fatal("%s: ssh_digest_update", __func__); | 0 |
1642 | len = ssh_digest_bytes(4); | - |
1643 | hash = xmalloc(len); | - |
1644 | if (ssh_digest_final(ctx, hash, len) != 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
1645 | fatal("%s: ssh_digest_final", __func__); never executed: fatal("%s: ssh_digest_final", __func__); | 0 |
1646 | options.timing_secret = (((u_int64_t)(((const u_char *)(hash))[0]) << 56) | ((u_int64_t)(((const u_char *)(hash))[1]) << 48) | ((u_int64_t)(((const u_char *)(hash))[2]) << 40) | ((u_int64_t)(((const u_char *)(hash))[3]) << 32) | ((u_int64_t)(((const u_char *)(hash))[4]) << 24) | ((u_int64_t)(((const u_char *)(hash))[5]) << 16) | ((u_int64_t)(((const u_char *)(hash))[6]) << 8) | (u_int64_t)(((const u_char *)(hash))[7])); | - |
1647 | freezero(hash, len); | - |
1648 | ssh_digest_free(ctx); | - |
1649 | ctx = | - |
1650 | ((void *)0) | - |
1651 | ; | - |
1652 | return;executed 2 times by 1 test: return; | 2 |
1653 | } | - |
1654 | if ((TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
buf = sshbuf_new()) == TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
1655 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
1656 | ) | - |
1657 | fatal("%s could not allocate buffer", __func__); never executed: fatal("%s could not allocate buffer", __func__); | 0 |
1658 | if ((TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
r = sshkey_private_serialize(key, buf)) != 0TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
) | 0-4 |
1659 | fatal("sshkey_private_serialize: %s", ssh_err(r)); never executed: fatal("sshkey_private_serialize: %s", ssh_err(r)); | 0 |
1660 | if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
) | 0-4 |
1661 | fatal("%s: ssh_digest_update", __func__); never executed: fatal("%s: ssh_digest_update", __func__); | 0 |
1662 | sshbuf_reset(buf); | - |
1663 | sshbuf_free(buf); | - |
1664 | }executed 4 times by 1 test: end of block | 4 |
1665 | | - |
1666 | | - |
1667 | | - |
1668 | | - |
1669 | int | - |
1670 | main(int ac, char **av) | - |
1671 | { | - |
1672 | struct ssh *ssh = | - |
1673 | ((void *)0) | - |
1674 | ; | - |
1675 | extern char *BSDoptarg; | - |
1676 | extern int BSDoptind; | - |
1677 | int r, opt, on = 1, already_daemon, remote_port; | - |
1678 | int sock_in = -1, sock_out = -1, newsock = -1; | - |
1679 | const char *remote_ip, *rdomain; | - |
1680 | char *fp, *line, *laddr, *logfile = | - |
1681 | ((void *)0) | - |
1682 | ; | - |
1683 | int config_s[2] = { -1 , -1 }; | - |
1684 | u_int i, j; | - |
1685 | u_int64_t ibytes, obytes; | - |
1686 | mode_t new_umask; | - |
1687 | struct sshkey *key; | - |
1688 | struct sshkey *pubkey; | - |
1689 | int keytype; | - |
1690 | Authctxt *authctxt; | - |
1691 | struct connection_info *connection_info = | - |
1692 | ((void *)0) | - |
1693 | ; | - |
1694 | | - |
1695 | ssh_malloc_init(); | - |
1696 | | - |
1697 | | - |
1698 | | - |
1699 | | - |
1700 | __progname = ssh_get_progname(av[0]); | - |
1701 | | - |
1702 | | - |
1703 | saved_argc = ac; | - |
1704 | rexec_argc = ac; | - |
1705 | saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); | - |
1706 | for (i = 0; (TRUE | evaluated 8 times by 1 test | FALSE | evaluated 2 times by 1 test |
int)i < acTRUE | evaluated 8 times by 1 test | FALSE | evaluated 2 times by 1 test |
; i++) | 2-8 |
1707 | saved_argv[i] = xstrdup(av[i]);executed 8 times by 1 test: saved_argv[i] = xstrdup(av[i]); | 8 |
1708 | saved_argv[i] = | - |
1709 | ((void *)0) | - |
1710 | ; | - |
1711 | | - |
1712 | | - |
1713 | | - |
1714 | compat_init_setproctitle(ac, av); | - |
1715 | av = saved_argv; | - |
1716 | | - |
1717 | | - |
1718 | if (geteuid() == 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
&& setgroups(0, TRUE | never evaluated | FALSE | never evaluated |
| 0-2 |
1719 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1720 | ) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1721 | debug("setgroups(): %.200s", strerror( never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) )); | 0 |
1722 | (*__errno_location ()) never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) )); | 0 |
1723 | )); never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) )); | 0 |
1724 | | - |
1725 | | - |
1726 | sanitise_stdfd(); | - |
1727 | | - |
1728 | | - |
1729 | initialize_server_options(&options); | - |
1730 | | - |
1731 | | - |
1732 | while ((TRUE | evaluated 4 times by 1 test | FALSE | evaluated 2 times by 1 test |
opt = BSDgetopt(ac, av, "C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")TRUE | evaluated 4 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2-4 |
1733 | ) != -1TRUE | evaluated 4 times by 1 test | FALSE | evaluated 2 times by 1 test |
) { | 2-4 |
1734 | switch (opt) { | - |
1735 | case never executed: case '4': '4':never executed: case '4': | 0 |
1736 | options.address_family = | - |
1737 | 2 | - |
1738 | ; | - |
1739 | break; never executed: break; | 0 |
1740 | case never executed: case '6': '6':never executed: case '6': | 0 |
1741 | options.address_family = | - |
1742 | 10 | - |
1743 | ; | - |
1744 | break; never executed: break; | 0 |
1745 | caseexecuted 2 times by 1 test: case 'f': 'f':executed 2 times by 1 test: case 'f': | 2 |
1746 | config_file_name = BSDoptarg; | - |
1747 | break;executed 2 times by 1 test: break; | 2 |
1748 | case never executed: case 'c': 'c':never executed: case 'c': | 0 |
1749 | servconf_add_hostcert("[command-line]", 0, | - |
1750 | &options, BSDoptarg); | - |
1751 | break; never executed: break; | 0 |
1752 | case never executed: case 'd': 'd':never executed: case 'd': | 0 |
1753 | if (debug_flag == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1754 | debug_flag = 1; | - |
1755 | options.log_level = SYSLOG_LEVEL_DEBUG1; | - |
1756 | } never executed: end of block else if (options.log_level < SYSLOG_LEVEL_DEBUG3TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1757 | options.log_level++; never executed: options.log_level++; | 0 |
1758 | break; never executed: break; | 0 |
1759 | case never executed: case 'D': 'D':never executed: case 'D': | 0 |
1760 | no_daemon_flag = 1; | - |
1761 | break; never executed: break; | 0 |
1762 | case never executed: case 'E': 'E':never executed: case 'E': | 0 |
1763 | logfile = BSDoptarg; | - |
1764 | | - |
1765 | case never executed: case 'e': 'e':never executed: case 'e': code before this statement never executed: case 'e': | 0 |
1766 | log_stderr = 1; | - |
1767 | break; never executed: break; | 0 |
1768 | case never executed: case 'i': 'i':never executed: case 'i': | 0 |
1769 | inetd_flag = 1; | - |
1770 | break; never executed: break; | 0 |
1771 | case never executed: case 'r': 'r':never executed: case 'r': | 0 |
1772 | rexec_flag = 0; | - |
1773 | break; never executed: break; | 0 |
1774 | case never executed: case 'R': 'R':never executed: case 'R': | 0 |
1775 | rexeced_flag = 1; | - |
1776 | inetd_flag = 1; | - |
1777 | break; never executed: break; | 0 |
1778 | case never executed: case 'Q': 'Q':never executed: case 'Q': | 0 |
1779 | | - |
1780 | break; never executed: break; | 0 |
1781 | case never executed: case 'q': 'q':never executed: case 'q': | 0 |
1782 | options.log_level = SYSLOG_LEVEL_QUIET; | - |
1783 | break; never executed: break; | 0 |
1784 | case never executed: case 'b': 'b':never executed: case 'b': | 0 |
1785 | | - |
1786 | break; never executed: break; | 0 |
1787 | case never executed: case 'p': 'p':never executed: case 'p': | 0 |
1788 | options.ports_from_cmdline = 1; | - |
1789 | if (options.num_ports >= 256TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1790 | fprintf( | - |
1791 | stderr | - |
1792 | , "too many ports.\n"); | - |
1793 | exit(1); never executed: exit(1); | 0 |
1794 | } | - |
1795 | options.ports[options.num_ports++] = a2port(BSDoptarg); | - |
1796 | if (options.ports[options.num_ports-1] <= 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1797 | fprintf( | - |
1798 | stderr | - |
1799 | , "Bad port number.\n"); | - |
1800 | exit(1); never executed: exit(1); | 0 |
1801 | } | - |
1802 | break; never executed: break; | 0 |
1803 | case never executed: case 'g': 'g':never executed: case 'g': | 0 |
1804 | if ((TRUE | never evaluated | FALSE | never evaluated |
options.login_grace_time = convtime(BSDoptarg)) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1805 | fprintf( | - |
1806 | stderr | - |
1807 | , "Invalid login grace time.\n"); | - |
1808 | exit(1); never executed: exit(1); | 0 |
1809 | } | - |
1810 | break; never executed: break; | 0 |
1811 | case never executed: case 'k': 'k':never executed: case 'k': | 0 |
1812 | | - |
1813 | break; never executed: break; | 0 |
1814 | case never executed: case 'h': 'h':never executed: case 'h': | 0 |
1815 | servconf_add_hostkey("[command-line]", 0, | - |
1816 | &options, BSDoptarg); | - |
1817 | break; never executed: break; | 0 |
1818 | caseexecuted 2 times by 1 test: case 't': 't':executed 2 times by 1 test: case 't': | 2 |
1819 | test_flag = 1; | - |
1820 | break;executed 2 times by 1 test: break; | 2 |
1821 | case never executed: case 'T': 'T':never executed: case 'T': | 0 |
1822 | test_flag = 2; | - |
1823 | break; never executed: break; | 0 |
1824 | case never executed: case 'C': 'C':never executed: case 'C': | 0 |
1825 | connection_info = get_connection_info(0, 0); | - |
1826 | if (parse_server_match_testspec(connection_info,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1827 | BSDoptarg) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1828 | exit(1); never executed: exit(1); | 0 |
1829 | break; never executed: break; | 0 |
1830 | case never executed: case 'u': 'u':never executed: case 'u': | 0 |
1831 | utmp_len = (u_int)strtonum(BSDoptarg, 0, | - |
1832 | 64 | - |
1833 | +1+1, | - |
1834 | ((void *)0) | - |
1835 | ); | - |
1836 | if (utmp_len > TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1837 | 64TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1838 | +1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1839 | fprintf( | - |
1840 | stderr | - |
1841 | , "Invalid utmp length.\n"); | - |
1842 | exit(1); never executed: exit(1); | 0 |
1843 | } | - |
1844 | break; never executed: break; | 0 |
1845 | case never executed: case 'o': 'o':never executed: case 'o': | 0 |
1846 | line = xstrdup(BSDoptarg); | - |
1847 | if (process_server_config_line(&options, line,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1848 | "command-line", 0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1849 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1850 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1851 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1852 | ) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1853 | exit(1); never executed: exit(1); | 0 |
1854 | free(line); | - |
1855 | break; never executed: break; | 0 |
1856 | case never executed: case '?': '?':never executed: case '?': | 0 |
1857 | default never executed: default: :never executed: default: | 0 |
1858 | usage(); | - |
1859 | break; never executed: break; | 0 |
1860 | } | - |
1861 | } | - |
1862 | if (rexeced_flagTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
|| inetd_flagTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
1863 | rexec_flag = 0; never executed: rexec_flag = 0; | 0 |
1864 | if (!test_flagTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
&& (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
&& (av[0] == TRUE | never evaluated | FALSE | never evaluated |
| 0-2 |
1865 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1866 | || *TRUE | never evaluated | FALSE | never evaluated |
av[0] != '/'TRUE | never evaluated | FALSE | never evaluated |
))) | 0 |
1867 | fatal("sshd re-exec requires execution with an absolute path"); never executed: fatal("sshd re-exec requires execution with an absolute path"); | 0 |
1868 | if (rexeced_flagTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
1869 | closefrom(( never executed: closefrom(( 2 + 4)); | 0 |
1870 | 2 never executed: closefrom(( 2 + 4)); | 0 |
1871 | + 4)); never executed: closefrom(( 2 + 4)); | 0 |
1872 | else | - |
1873 | closefrom((executed 2 times by 1 test: closefrom(( 2 + 1)); | 2 |
1874 | 2 executed 2 times by 1 test: closefrom(( 2 + 1)); | 2 |
1875 | + 1));executed 2 times by 1 test: closefrom(( 2 + 1)); | 2 |
1876 | | - |
1877 | | - |
1878 | | - |
1879 | OPENSSL_add_all_algorithms_noconf() | - |
1880 | ; | - |
1881 | | - |
1882 | | - |
1883 | | - |
1884 | if (logfile != TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1885 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1886 | ) | - |
1887 | log_redirect_stderr_to(logfile); never executed: log_redirect_stderr_to(logfile); | 0 |
1888 | | - |
1889 | | - |
1890 | | - |
1891 | | - |
1892 | log_init(__progname, | - |
1893 | options.log_level == SYSLOG_LEVEL_NOT_SET ? | - |
1894 | SYSLOG_LEVEL_INFO : options.log_level, | - |
1895 | options.log_facility == SYSLOG_FACILITY_NOT_SET ? | - |
1896 | SYSLOG_FACILITY_AUTH : options.log_facility, | - |
1897 | log_stderr || !inetd_flag); | - |
1898 | | - |
1899 | | - |
1900 | | - |
1901 | | - |
1902 | | - |
1903 | if (getenv("KRB5CCNAME") != TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1904 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1905 | ) | - |
1906 | ( never executed: (void) unsetenv("KRB5CCNAME"); void) unsetenv("KRB5CCNAME");never executed: (void) unsetenv("KRB5CCNAME"); | 0 |
1907 | | - |
1908 | sensitive_data.have_ssh2_key = 0; | - |
1909 | | - |
1910 | | - |
1911 | | - |
1912 | | - |
1913 | | - |
1914 | if (test_flag < 2TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
&& connection_info != TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1915 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1916 | ) | - |
1917 | fatal("Config test connection parameter (-C) provided without " never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)"); | 0 |
1918 | "test mode (-T)"); never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)"); | 0 |
1919 | | - |
1920 | | - |
1921 | if ((TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
cfg = sshbuf_new()) == TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1922 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1923 | ) | - |
1924 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
1925 | if (rexeced_flagTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
1926 | recv_rexec_state(( never executed: recv_rexec_state(( 2 + 3), cfg); | 0 |
1927 | 2 never executed: recv_rexec_state(( 2 + 3), cfg); | 0 |
1928 | + 3), cfg); never executed: recv_rexec_state(( 2 + 3), cfg); | 0 |
1929 | else if (strcasecmp(config_file_name, "none") != 0TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) | 0-2 |
1930 | load_server_config(config_file_name, cfg);executed 2 times by 1 test: load_server_config(config_file_name, cfg); | 2 |
1931 | | - |
1932 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, | - |
1933 | cfg, | - |
1934 | ((void *)0) | - |
1935 | ); | - |
1936 | | - |
1937 | seed_rng(); | - |
1938 | | - |
1939 | | - |
1940 | fill_default_server_options(&options); | - |
1941 | | - |
1942 | | - |
1943 | if (options.challenge_response_authenticationTRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) | 0-2 |
1944 | options.kbd_interactive_authentication = 1;executed 2 times by 1 test: options.kbd_interactive_authentication = 1; | 2 |
1945 | | - |
1946 | | - |
1947 | if (options.authorized_keys_command_user == TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
1948 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
1949 | && | - |
1950 | (options.authorized_keys_command != TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1951 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1952 | && | - |
1953 | strcasecmp(options.authorized_keys_command, "none") != 0TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
1954 | fatal("AuthorizedKeysCommand set without " never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser"); | 0 |
1955 | "AuthorizedKeysCommandUser"); never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser"); | 0 |
1956 | if (options.authorized_principals_command_user == TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
1957 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
1958 | && | - |
1959 | (options.authorized_principals_command != TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1960 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
1961 | && | - |
1962 | strcasecmp(options.authorized_principals_command, "none") != 0TRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
1963 | fatal("AuthorizedPrincipalsCommand set without " never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser"); | 0 |
1964 | "AuthorizedPrincipalsCommandUser"); never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser"); | 0 |
1965 | | - |
1966 | | - |
1967 | | - |
1968 | | - |
1969 | | - |
1970 | | - |
1971 | | - |
1972 | if (options.num_auth_methods != 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
1973 | for (i = 0; i < options.num_auth_methodsTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1974 | if (auth2_methods_valid(options.auth_methods[i],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1975 | 1) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1976 | break; never executed: break; | 0 |
1977 | } never executed: end of block | 0 |
1978 | if (i >= options.num_auth_methodsTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1979 | fatal("AuthenticationMethods cannot be satisfied by " never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods"); | 0 |
1980 | "enabled authentication methods"); never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods"); | 0 |
1981 | } never executed: end of block | 0 |
1982 | | - |
1983 | | - |
1984 | if (BSDoptind < acTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
1985 | fprintf( | - |
1986 | stderr | - |
1987 | , "Extra argument %s.\n", av[BSDoptind]); | - |
1988 | exit(1); never executed: exit(1); | 0 |
1989 | } | - |
1990 | | - |
1991 | debug("sshd version %s, %s", "OpenSSH_7.8", | - |
1992 | | - |
1993 | SSLeay_version( | - |
1994 | 0 | - |
1995 | ) | - |
1996 | | - |
1997 | | - |
1998 | | - |
1999 | ); | - |
2000 | | - |
2001 | | - |
2002 | privsep_chroot = use_privsepTRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
&& (getuid() == 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
|| geteuid() == 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
); | 0-2 |
2003 | if ((TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
privsep_pw = getpwnam("nobody")) == TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
2004 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
2005 | ) { | - |
2006 | if (privsep_chrootTRUE | never evaluated | FALSE | never evaluated |
|| options.kerberos_authenticationTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2007 | fatal("Privilege separation user %s does not exist", never executed: fatal("Privilege separation user %s does not exist", "nobody"); | 0 |
2008 | "nobody"); never executed: fatal("Privilege separation user %s does not exist", "nobody"); | 0 |
2009 | } never executed: end of block else { | 0 |
2010 | privsep_pw = pwcopy(privsep_pw); | - |
2011 | freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); | - |
2012 | privsep_pw->pw_passwd = xstrdup("*"); | - |
2013 | }executed 2 times by 1 test: end of block | 2 |
2014 | endpwent(); | - |
2015 | | - |
2016 | | - |
2017 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, | - |
2018 | sizeof(struct sshkey *)); | - |
2019 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, | - |
2020 | sizeof(struct sshkey *)); | - |
2021 | | - |
2022 | if (options.host_key_agentTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
2023 | if ( | - |
2024 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2025 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2026 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2027 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2028 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2029 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2030 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2031 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2032 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2033 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2034 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2035 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2036 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2037 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2038 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2039 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2040 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2041 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2042 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2043 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2044 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2045 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2046 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2047 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2048 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2049 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2050 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2051 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2052 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2053 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2054 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2055 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2056 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2057 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2058 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2059 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2060 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2061 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2062 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2063 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2064 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2065 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2066 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2067 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2068 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2069 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2070 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( options.host_key_agent ))[3] - __s2[3]); | 0 |
2071 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( options.host_key_agent ))[3] - __s2[3]); | 0 |
2072 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2073 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2074 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2075 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2076 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2077 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2078 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2079 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2080 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2081 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2082 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2083 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2084 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2085 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2086 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2087 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2088 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2089 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2090 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2091 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2092 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2093 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2094 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2095 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2096 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2097 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2098 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]); | 0 |
2099 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]); | 0 |
2100 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2101 | options.host_key_agentTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2102 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2103 | "SSH_AUTH_SOCK"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2104 | )))); })TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2105 | ) | - |
2106 | setenv("SSH_AUTH_SOCK", never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1); | 0 |
2107 | options.host_key_agent, 1); never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1); | 0 |
2108 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = ssh_get_authentication_socket(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2109 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2110 | )) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2111 | have_agent = 1; never executed: have_agent = 1; | 0 |
2112 | else | - |
2113 | error("Could not connect to agent \"%s\": %s", never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r)); | 0 |
2114 | options.host_key_agent, ssh_err(r)); never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r)); | 0 |
2115 | } | - |
2116 | | - |
2117 | for (i = 0; i < options.num_host_key_filesTRUE | evaluated 4 times by 1 test | FALSE | evaluated 2 times by 1 test |
; i++) { | 2-4 |
2118 | if (options.host_key_files[i] == TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2119 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2120 | ) | - |
2121 | continue; never executed: continue; | 0 |
2122 | if ((TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
r = sshkey_load_private(options.host_key_files[i], "",TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2123 | &key, TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2124 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2125 | )) != 0TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
&& r != -24TRUE | never evaluated | FALSE | never evaluated |
) | 0-4 |
2126 | error("Error loading host key \"%s\": %s", never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2127 | options.host_key_files[i], ssh_err(r)); never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2128 | if ((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
r = sshkey_load_public(options.host_key_files[i],TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2 |
2129 | &pubkey, TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2 |
2130 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2 |
2131 | )) != 0TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
&& r != -24TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
2132 | error("Error loading host key \"%s\": %s", never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2133 | options.host_key_files[i], ssh_err(r)); never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2134 | if (pubkey == TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2 |
2135 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | evaluated 2 times by 1 test |
| 2 |
2136 | && key != TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
2137 | ((void *)0)TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
| 0-2 |
2138 | ) | - |
2139 | if ((TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
r = sshkey_from_private(key, &pubkey)) != 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
2140 | fatal("Could not demote key: \"%s\": %s", never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2141 | options.host_key_files[i], ssh_err(r)); never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r)); | 0 |
2142 | sensitive_data.host_keys[i] = key; | - |
2143 | sensitive_data.host_pubkeys[i] = pubkey; | - |
2144 | | - |
2145 | if (key == TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2146 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2147 | && pubkey != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2148 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2149 | && have_agentTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2150 | debug("will rely on agent for hostkey %s", | - |
2151 | options.host_key_files[i]); | - |
2152 | keytype = pubkey->type; | - |
2153 | } never executed: end of block else if (key != TRUE | evaluated 4 times by 1 test | FALSE | never evaluated |
| 0-4 |
2154 | ((void *)0)TRUE | evaluated 4 times by 1 test | FALSE | never evaluated |
| 0-4 |
2155 | ) { | - |
2156 | keytype = key->type; | - |
2157 | accumulate_host_timing_secret(cfg, key); | - |
2158 | }executed 4 times by 1 test: end of block else { | 4 |
2159 | error("Could not load host key: %s", | - |
2160 | options.host_key_files[i]); | - |
2161 | sensitive_data.host_keys[i] = | - |
2162 | ((void *)0) | - |
2163 | ; | - |
2164 | sensitive_data.host_pubkeys[i] = | - |
2165 | ((void *)0) | - |
2166 | ; | - |
2167 | continue; never executed: continue; | 0 |
2168 | } | - |
2169 | | - |
2170 | switch (keytype) { | - |
2171 | caseexecuted 2 times by 1 test: case KEY_RSA: KEY_RSA:executed 2 times by 1 test: case KEY_RSA: | 2 |
2172 | case never executed: case KEY_DSA: KEY_DSA:never executed: case KEY_DSA: | 0 |
2173 | case never executed: case KEY_ECDSA: KEY_ECDSA:never executed: case KEY_ECDSA: | 0 |
2174 | caseexecuted 2 times by 1 test: case KEY_ED25519: KEY_ED25519:executed 2 times by 1 test: case KEY_ED25519: | 2 |
2175 | case never executed: case KEY_XMSS: KEY_XMSS:never executed: case KEY_XMSS: | 0 |
2176 | if (have_agentTRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
|| key != TRUE | evaluated 4 times by 1 test | FALSE | never evaluated |
| 0-4 |
2177 | ((void *)0)TRUE | evaluated 4 times by 1 test | FALSE | never evaluated |
| 0-4 |
2178 | ) | - |
2179 | sensitive_data.have_ssh2_key = 1;executed 4 times by 1 test: sensitive_data.have_ssh2_key = 1; | 4 |
2180 | break;executed 4 times by 1 test: break; | 4 |
2181 | } | - |
2182 | if ((TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
fp = sshkey_fingerprint(pubkey, options.fingerprint_hash,TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2183 | SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2184 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
2185 | ) | - |
2186 | fatal("sshkey_fingerprint failed"); never executed: fatal("sshkey_fingerprint failed"); | 0 |
2187 | debug("%s host key #%d: %s %s", | - |
2188 | key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); | - |
2189 | free(fp); | - |
2190 | }executed 4 times by 1 test: end of block | 4 |
2191 | accumulate_host_timing_secret(cfg, | - |
2192 | ((void *)0) | - |
2193 | ); | - |
2194 | if (!sensitive_data.have_ssh2_keyTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
2195 | logit("sshd: no hostkeys available -- exiting."); | - |
2196 | exit(1); never executed: exit(1); | 0 |
2197 | } | - |
2198 | | - |
2199 | | - |
2200 | | - |
2201 | | - |
2202 | | - |
2203 | sensitive_data.host_certificates = xcalloc(options.num_host_key_files, | - |
2204 | sizeof(struct sshkey *)); | - |
2205 | for (i = 0; i < options.num_host_key_filesTRUE | evaluated 4 times by 1 test | FALSE | evaluated 2 times by 1 test |
; i++) | 2-4 |
2206 | sensitive_data.host_certificates[i] = executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ; | 4 |
2207 | ((void *)0)executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ; | 4 |
2208 | ;executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ; | 4 |
2209 | | - |
2210 | for (i = 0; i < options.num_host_cert_filesTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
; i++) { | 0-2 |
2211 | if (options.host_cert_files[i] == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2212 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2213 | ) | - |
2214 | continue; never executed: continue; | 0 |
2215 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_load_public(options.host_cert_files[i],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2216 | &key, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2217 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2218 | )) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2219 | error("Could not load host certificate \"%s\": %s", | - |
2220 | options.host_cert_files[i], ssh_err(r)); | - |
2221 | continue; never executed: continue; | 0 |
2222 | } | - |
2223 | if (!sshkey_is_cert(key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2224 | error("Certificate file is not a certificate: %s", | - |
2225 | options.host_cert_files[i]); | - |
2226 | sshkey_free(key); | - |
2227 | continue; never executed: continue; | 0 |
2228 | } | - |
2229 | | - |
2230 | for (j = 0; j < options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
; j++) { | 0 |
2231 | if (sshkey_equal_public(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2232 | sensitive_data.host_keys[j])TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2233 | sensitive_data.host_certificates[j] = key; | - |
2234 | break; never executed: break; | 0 |
2235 | } | - |
2236 | } never executed: end of block | 0 |
2237 | if (j >= options.num_host_key_filesTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2238 | error("No matching private key for certificate: %s", | - |
2239 | options.host_cert_files[i]); | - |
2240 | sshkey_free(key); | - |
2241 | continue; never executed: continue; | 0 |
2242 | } | - |
2243 | sensitive_data.host_certificates[j] = key; | - |
2244 | debug("host certificate: #%u type %d %s", j, key->type, | - |
2245 | sshkey_type(key)); | - |
2246 | } never executed: end of block | 0 |
2247 | | - |
2248 | if (privsep_chrootTRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
2249 | struct stat st; | - |
2250 | | - |
2251 | if ((TRUE | never evaluated | FALSE | never evaluated |
stat("/var/run/openssh-test", &st) == -1)TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
2252 | (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2253 | ((((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2254 | st.st_modeTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2255 | )) & 0170000) == (0040000)) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2256 | == 0)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2257 | fatal("Missing privilege separation directory: %s", never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test"); | 0 |
2258 | "/var/run/openssh-test"); never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test"); | 0 |
2259 | | - |
2260 | | - |
2261 | | - |
2262 | | - |
2263 | | - |
2264 | | - |
2265 | if (st.st_uid != 0TRUE | never evaluated | FALSE | never evaluated |
|| (TRUE | never evaluated | FALSE | never evaluated |
st.st_mode & (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2266 | (0200 >> 3)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2267 | |TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2268 | ((0200 >> 3) >> 3)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2269 | )) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2270 | | - |
2271 | fatal("%s must be owned by root and not group or " never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test"); | 0 |
2272 | "world-writable.", "/var/run/openssh-test"); never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test"); | 0 |
2273 | } never executed: end of block | 0 |
2274 | | - |
2275 | if (test_flag > 1TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
2276 | | - |
2277 | | - |
2278 | | - |
2279 | | - |
2280 | if (connection_info == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2281 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2282 | ) | - |
2283 | connection_info = get_connection_info(0, 0); never executed: connection_info = get_connection_info(0, 0); | 0 |
2284 | parse_server_match_config(&options, connection_info); | - |
2285 | dump_config(&options); | - |
2286 | } never executed: end of block | 0 |
2287 | | - |
2288 | | - |
2289 | if (test_flagTRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) | 0-2 |
2290 | exit(0);executed 2 times by 1 test: exit(0); | 2 |
2291 | if (setgroups(0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2292 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2293 | ) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2294 | debug("setgroups() failed: %.200s", strerror( never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2295 | (*__errno_location ()) never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2296 | )); never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2297 | | - |
2298 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2299 | if (rexec_argc < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2300 | fatal("rexec_argc %d < 0", rexec_argc); never executed: fatal("rexec_argc %d < 0", rexec_argc); | 0 |
2301 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); | - |
2302 | for (i = 0; i < (u_int)rexec_argcTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
2303 | debug("rexec_argv[%d]='%s'", i, saved_argv[i]); | - |
2304 | rexec_argv[i] = saved_argv[i]; | - |
2305 | } never executed: end of block | 0 |
2306 | rexec_argv[rexec_argc] = "-R"; | - |
2307 | rexec_argv[rexec_argc + 1] = | - |
2308 | ((void *)0) | - |
2309 | ; | - |
2310 | } never executed: end of block | 0 |
2311 | | - |
2312 | | - |
2313 | new_umask = umask(0077) | 0022; | - |
2314 | (void) umask(new_umask); | - |
2315 | | - |
2316 | | - |
2317 | if (debug_flagTRUE | never evaluated | FALSE | never evaluated |
&& (!inetd_flagTRUE | never evaluated | FALSE | never evaluated |
|| rexeced_flagTRUE | never evaluated | FALSE | never evaluated |
)) | 0 |
2318 | log_stderr = 1; never executed: log_stderr = 1; | 0 |
2319 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | - |
2320 | | - |
2321 | | - |
2322 | | - |
2323 | | - |
2324 | | - |
2325 | | - |
2326 | already_daemon = daemonized(); | - |
2327 | if (!(debug_flagTRUE | never evaluated | FALSE | never evaluated |
|| inetd_flagTRUE | never evaluated | FALSE | never evaluated |
|| no_daemon_flagTRUE | never evaluated | FALSE | never evaluated |
|| already_daemonTRUE | never evaluated | FALSE | never evaluated |
)) { | 0 |
2328 | | - |
2329 | if (daemon(0, 0) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2330 | fatal("daemon() failed: %.200s", strerror( never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2331 | (*__errno_location ()) never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2332 | )); never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) )); | 0 |
2333 | | - |
2334 | disconnect_controlling_tty(); | - |
2335 | } never executed: end of block | 0 |
2336 | | - |
2337 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | - |
2338 | | - |
2339 | | - |
2340 | | - |
2341 | if (chdir("/") == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2342 | error("chdir(\"/\"): %s", strerror( never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
2343 | (*__errno_location ()) never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
2344 | )); never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) )); | 0 |
2345 | | - |
2346 | | - |
2347 | mysignal( | - |
2348 | 13 | - |
2349 | , | - |
2350 | ((__sighandler_t) 1) | - |
2351 | ); | - |
2352 | | - |
2353 | | - |
2354 | if (inetd_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2355 | server_accept_inetd(&sock_in, &sock_out); | - |
2356 | } never executed: end of block else { | 0 |
2357 | platform_pre_listen(); | - |
2358 | server_listen(); | - |
2359 | | - |
2360 | mysignal( | - |
2361 | 1 | - |
2362 | ,sighup_handler); | - |
2363 | mysignal( | - |
2364 | 17 | - |
2365 | ,main_sigchld_handler); | - |
2366 | mysignal( | - |
2367 | 15 | - |
2368 | ,sigterm_handler); | - |
2369 | mysignal( | - |
2370 | 3 | - |
2371 | ,sigterm_handler); | - |
2372 | | - |
2373 | | - |
2374 | | - |
2375 | | - |
2376 | | - |
2377 | if (options.pid_file != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2378 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2379 | && !debug_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2380 | FILE *f = fopen(options.pid_file, "w"); | - |
2381 | | - |
2382 | if (f == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2383 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2384 | ) { | - |
2385 | error("Couldn't create pid file \"%s\": %s", | - |
2386 | options.pid_file, strerror( | - |
2387 | (*__errno_location ()) | - |
2388 | )); | - |
2389 | } never executed: end of block else { | 0 |
2390 | fprintf(f, "%ld\n", (long) getpid()); | - |
2391 | fclose(f); | - |
2392 | } never executed: end of block | 0 |
2393 | } | - |
2394 | | - |
2395 | | - |
2396 | server_accept_loop(&sock_in, &sock_out, | - |
2397 | &newsock, config_s); | - |
2398 | } never executed: end of block | 0 |
2399 | | - |
2400 | | - |
2401 | setproctitle("%s", "[accepted]"); | - |
2402 | if (!debug_flagTRUE | never evaluated | FALSE | never evaluated |
&& !inetd_flagTRUE | never evaluated | FALSE | never evaluated |
&& setsid() < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2403 | error("setsid: %.100s", strerror( never executed: error("setsid: %.100s", strerror( (*__errno_location ()) )); | 0 |
2404 | (*__errno_location ()) never executed: error("setsid: %.100s", strerror( (*__errno_location ()) )); | 0 |
2405 | )); never executed: error("setsid: %.100s", strerror( (*__errno_location ()) )); | 0 |
2406 | | - |
2407 | | - |
2408 | if (rexec_flagTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2409 | int fd; | - |
2410 | | - |
2411 | debug("rexec start in %d out %d newsock %d pipe %d sock %d", | - |
2412 | sock_in, sock_out, newsock, startup_pipe, config_s[0]); | - |
2413 | dup2(newsock, | - |
2414 | 0 | - |
2415 | ); | - |
2416 | dup2( | - |
2417 | 0 | - |
2418 | , | - |
2419 | 1 | - |
2420 | ); | - |
2421 | if (startup_pipe == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2422 | close(( never executed: close(( 2 + 2)); | 0 |
2423 | 2 never executed: close(( 2 + 2)); | 0 |
2424 | + 2)); never executed: close(( 2 + 2)); | 0 |
2425 | else if (startup_pipe != (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2426 | 2 TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2427 | + 2)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2428 | dup2(startup_pipe, ( | - |
2429 | 2 | - |
2430 | + 2)); | - |
2431 | close(startup_pipe); | - |
2432 | startup_pipe = ( | - |
2433 | 2 | - |
2434 | + 2); | - |
2435 | } never executed: end of block | 0 |
2436 | | - |
2437 | dup2(config_s[1], ( | - |
2438 | 2 | - |
2439 | + 3)); | - |
2440 | close(config_s[1]); | - |
2441 | | - |
2442 | execv(rexec_argv[0], rexec_argv); | - |
2443 | | - |
2444 | | - |
2445 | error("rexec of %s failed: %s", rexec_argv[0], strerror( | - |
2446 | (*__errno_location ()) | - |
2447 | )); | - |
2448 | recv_rexec_state(( | - |
2449 | 2 | - |
2450 | + 3), | - |
2451 | ((void *)0) | - |
2452 | ); | - |
2453 | log_init(__progname, options.log_level, | - |
2454 | options.log_facility, log_stderr); | - |
2455 | | - |
2456 | | - |
2457 | close(( | - |
2458 | 2 | - |
2459 | + 3)); | - |
2460 | newsock = sock_out = sock_in = dup( | - |
2461 | 0 | - |
2462 | ); | - |
2463 | if ((TRUE | never evaluated | FALSE | never evaluated |
fd = open(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2464 | "/dev/null"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2465 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2466 | 02TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2467 | , 0)) != -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2468 | dup2(fd, | - |
2469 | 0 | - |
2470 | ); | - |
2471 | dup2(fd, | - |
2472 | 1 | - |
2473 | ); | - |
2474 | if (fd > TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2475 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2476 | ) | - |
2477 | close(fd); never executed: close(fd); | 0 |
2478 | } never executed: end of block | 0 |
2479 | debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d", | - |
2480 | sock_in, sock_out, newsock, startup_pipe, config_s[0]); | - |
2481 | } never executed: end of block | 0 |
2482 | | - |
2483 | | - |
2484 | fcntl(sock_out, | - |
2485 | 2 | - |
2486 | , | - |
2487 | 1 | - |
2488 | ); | - |
2489 | fcntl(sock_in, | - |
2490 | 2 | - |
2491 | , | - |
2492 | 1 | - |
2493 | ); | - |
2494 | | - |
2495 | | - |
2496 | | - |
2497 | | - |
2498 | | - |
2499 | | - |
2500 | alarm(0); | - |
2501 | mysignal( | - |
2502 | 14 | - |
2503 | , | - |
2504 | ((__sighandler_t) 0) | - |
2505 | ); | - |
2506 | mysignal( | - |
2507 | 1 | - |
2508 | , | - |
2509 | ((__sighandler_t) 0) | - |
2510 | ); | - |
2511 | mysignal( | - |
2512 | 15 | - |
2513 | , | - |
2514 | ((__sighandler_t) 0) | - |
2515 | ); | - |
2516 | mysignal( | - |
2517 | 3 | - |
2518 | , | - |
2519 | ((__sighandler_t) 0) | - |
2520 | ); | - |
2521 | mysignal( | - |
2522 | 17 | - |
2523 | , | - |
2524 | ((__sighandler_t) 0) | - |
2525 | ); | - |
2526 | mysignal( | - |
2527 | 2 | - |
2528 | , | - |
2529 | ((__sighandler_t) 0) | - |
2530 | ); | - |
2531 | | - |
2532 | | - |
2533 | | - |
2534 | | - |
2535 | | - |
2536 | packet_set_connection(sock_in, sock_out); | - |
2537 | ssh_packet_set_server(active_state); | - |
2538 | ssh = active_state; | - |
2539 | | - |
2540 | check_ip_options(ssh); | - |
2541 | | - |
2542 | | - |
2543 | channel_init_channels(ssh); | - |
2544 | channel_set_af(ssh, options.address_family); | - |
2545 | process_permitopen(ssh, &options); | - |
2546 | | - |
2547 | | - |
2548 | if (options.tcp_keep_aliveTRUE | never evaluated | FALSE | never evaluated |
&& ssh_packet_connection_is_on_socket(active_state)TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
2549 | setsockopt(sock_in, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2550 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2551 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2552 | 9TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2553 | , &on, sizeof(on)) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2554 | error("setsockopt SO_KEEPALIVE: %.100s", strerror( never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
2555 | (*__errno_location ()) never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
2556 | )); never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
2557 | | - |
2558 | if ((TRUE | never evaluated | FALSE | never evaluated |
remote_port = ssh_remote_port(ssh)) < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2559 | debug("ssh_remote_port failed"); | - |
2560 | cleanup_exit(255); | - |
2561 | } never executed: end of block | 0 |
2562 | | - |
2563 | if (options.routing_domain != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2564 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2565 | ) | - |
2566 | set_process_rdomain(ssh, options.routing_domain); never executed: set_process_rdomain(ssh, options.routing_domain); | 0 |
2567 | | - |
2568 | | - |
2569 | | - |
2570 | | - |
2571 | | - |
2572 | | - |
2573 | remote_ip = ssh_remote_ipaddr(ssh); | - |
2574 | | - |
2575 | | - |
2576 | | - |
2577 | | - |
2578 | | - |
2579 | rdomain = ssh_packet_rdomain_in(ssh); | - |
2580 | | - |
2581 | | - |
2582 | laddr = get_local_ipaddr(sock_in); | - |
2583 | verbose("Connection from %s port %d on %s port %d%s%s%s", | - |
2584 | remote_ip, remote_port, laddr, ssh_local_port(ssh), | - |
2585 | rdomain == | - |
2586 | ((void *)0) | - |
2587 | ? "" : " rdomain \"", | - |
2588 | rdomain == | - |
2589 | ((void *)0) | - |
2590 | ? "" : rdomain, | - |
2591 | rdomain == | - |
2592 | ((void *)0) | - |
2593 | ? "" : "\""); | - |
2594 | free(laddr); | - |
2595 | mysignal( | - |
2596 | 14 | - |
2597 | ,grace_alarm_handler); | - |
2598 | if (!debug_flagTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2599 | alarm(options.login_grace_time); never executed: alarm(options.login_grace_time); | 0 |
2600 | | - |
2601 | sshd_exchange_identification(ssh, sock_in, sock_out); | - |
2602 | ssh_packet_set_nonblocking(active_state); | - |
2603 | | - |
2604 | | - |
2605 | authctxt = xcalloc(1, sizeof(*authctxt)); | - |
2606 | | - |
2607 | authctxt->loginmsg = loginmsg; | - |
2608 | | - |
2609 | | - |
2610 | the_authctxt = authctxt; | - |
2611 | | - |
2612 | | - |
2613 | if ((TRUE | never evaluated | FALSE | never evaluated |
auth_opts = sshauthopt_new_with_keys_defaults()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2614 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2615 | ) | - |
2616 | fatal("allocation failed"); never executed: fatal("allocation failed"); | 0 |
2617 | | - |
2618 | | - |
2619 | if ((TRUE | never evaluated | FALSE | never evaluated |
loginmsg = sshbuf_new()) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2620 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2621 | ) | - |
2622 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
2623 | auth_debug_reset(); | - |
2624 | | - |
2625 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2626 | if (privsep_preauth(authctxt) == 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2627 | goto never executed: goto authenticated; authenticated;never executed: goto authenticated; | 0 |
2628 | } never executed: end of block else if (have_agentTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2629 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = ssh_get_authentication_socket(&auth_sock)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2630 | error("Unable to get agent socket: %s", ssh_err(r)); | - |
2631 | have_agent = 0; | - |
2632 | } never executed: end of block | 0 |
2633 | } never executed: end of block | 0 |
2634 | | - |
2635 | | - |
2636 | | - |
2637 | do_ssh2_kex(); | - |
2638 | do_authentication2(authctxt); | - |
2639 | | - |
2640 | | - |
2641 | | - |
2642 | | - |
2643 | | - |
2644 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2645 | mm_send_keystate(pmonitor); | - |
2646 | ssh_packet_clear_keys(active_state); | - |
2647 | exit(0); never executed: exit(0); | 0 |
2648 | } | - |
2649 | | - |
2650 | authenticated: code before this statement never executed: authenticated: | 0 |
2651 | | - |
2652 | | - |
2653 | | - |
2654 | | - |
2655 | alarm(0); | - |
2656 | mysignal( | - |
2657 | 14 | - |
2658 | , | - |
2659 | ((__sighandler_t) 0) | - |
2660 | ); | - |
2661 | authctxt->authenticated = 1; | - |
2662 | if (startup_pipe != -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2663 | close(startup_pipe); | - |
2664 | startup_pipe = -1; | - |
2665 | } never executed: end of block | 0 |
2666 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2667 | privsep_postauth(authctxt); | - |
2668 | | - |
2669 | } never executed: end of block | 0 |
2670 | | - |
2671 | ssh_packet_set_timeout(active_state, (options.client_alive_interval), (options.client_alive_count_max)) | - |
2672 | ; | - |
2673 | | - |
2674 | | - |
2675 | notify_hostkeys(ssh); | - |
2676 | | - |
2677 | | - |
2678 | do_authenticated(ssh, authctxt); | - |
2679 | | - |
2680 | | - |
2681 | ssh_packet_get_bytes(active_state, &ibytes, &obytes); | - |
2682 | verbose("Transferred: sent %llu, received %llu bytes", | - |
2683 | (unsigned long long)obytes, (unsigned long long)ibytes); | - |
2684 | | - |
2685 | verbose("Closing connection to %.500s port %d", remote_ip, remote_port); | - |
2686 | packet_close(); | - |
2687 | | - |
2688 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2689 | mm_terminate(); never executed: mm_terminate(); | 0 |
2690 | | - |
2691 | exit(0); never executed: exit(0); | 0 |
2692 | } | - |
2693 | | - |
2694 | int | - |
2695 | sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, | - |
2696 | u_char **signature, size_t *slenp, const u_char *data, size_t dlen, | - |
2697 | const char *alg, u_int flag) | - |
2698 | { | - |
2699 | int r; | - |
2700 | | - |
2701 | if (privkeyTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2702 | if ((TRUE | never evaluated | FALSE | never evaluated |
use_privsepTRUE | never evaluated | FALSE | never evaluated |
? mm_sshkey_sign(privkey, signature, slenp, data, dlen, alg, datafellows) : sshkey_sign(privkey, signature, slenp, data, dlen, alg, datafellows))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2703 | < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2704 | fatal("%s: key_sign failed", __func__); never executed: fatal("%s: key_sign failed", __func__); | 0 |
2705 | } never executed: end of block else if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2706 | if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2707 | alg, datafellows) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2708 | fatal("%s: pubkey_sign failed", __func__); never executed: fatal("%s: pubkey_sign failed", __func__); | 0 |
2709 | } never executed: end of block else { | 0 |
2710 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2711 | data, dlen, alg, datafellows)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2712 | fatal("%s: ssh_agent_sign failed: %s", never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); | 0 |
2713 | __func__, ssh_err(r)); never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); | 0 |
2714 | } never executed: end of block | 0 |
2715 | return never executed: return 0; 0;never executed: return 0; | 0 |
2716 | } | - |
2717 | | - |
2718 | | - |
2719 | static void | - |
2720 | do_ssh2_kex(void) | - |
2721 | { | - |
2722 | char *myproposal[PROPOSAL_MAX] = { "curve25519-sha256," "curve25519-sha256@libssh.org," "ecdh-sha2-nistp256," "ecdh-sha2-nistp384," "ecdh-sha2-nistp521," "diffie-hellman-group-exchange-sha256," "diffie-hellman-group16-sha512," "diffie-hellman-group18-sha512," "diffie-hellman-group14-sha256," "diffie-hellman-group14-sha1", "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "ssh-ed25519-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-rsa-cert-v01@openssh.com," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "ssh-ed25519," "rsa-sha2-512," "rsa-sha2-256," "ssh-rsa", "chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr" ",aes128-gcm@openssh.com,aes256-gcm@openssh.com", "chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr" ",aes128-gcm@openssh.com,aes256-gcm@openssh.com", "umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", "umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", "none,zlib@openssh.com", "none,zlib@openssh.com", "", "" }; | - |
2723 | struct kex *kex; | - |
2724 | int r; | - |
2725 | | - |
2726 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | - |
2727 | options.kex_algorithms); | - |
2728 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( | - |
2729 | options.ciphers); | - |
2730 | myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( | - |
2731 | options.ciphers); | - |
2732 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | - |
2733 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | - |
2734 | | - |
2735 | if (options.compression == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2736 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | - |
2737 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; | - |
2738 | } never executed: end of block | 0 |
2739 | | - |
2740 | if (options.rekey_limitTRUE | never evaluated | FALSE | never evaluated |
|| options.rekey_intervalTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2741 | ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ; | 0 |
2742 | ; never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ; | 0 |
2743 | | - |
2744 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | - |
2745 | list_hostkey_types()); | - |
2746 | | - |
2747 | | - |
2748 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = kex_setup(active_state, myproposal)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2749 | fatal("kex_setup: %s", ssh_err(r)); never executed: fatal("kex_setup: %s", ssh_err(r)); | 0 |
2750 | kex = active_state->kex; | - |
2751 | | - |
2752 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | - |
2753 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | - |
2754 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | - |
2755 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | - |
2756 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | - |
2757 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | - |
2758 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | - |
2759 | | - |
2760 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | - |
2761 | | - |
2762 | | - |
2763 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | - |
2764 | kex->server = 1; | - |
2765 | kex->client_version_string=client_version_string; | - |
2766 | kex->server_version_string=server_version_string; | - |
2767 | kex->load_host_public_key=&get_hostkey_public_by_type; | - |
2768 | kex->load_host_private_key=&get_hostkey_private_by_type; | - |
2769 | kex->host_key_index=&get_hostkey_index; | - |
2770 | kex->sign = sshd_hostkey_sign; | - |
2771 | | - |
2772 | ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); | - |
2773 | | - |
2774 | session_id2 = kex->session_id; | - |
2775 | session_id2_len = kex->session_id_len; | - |
2776 | debug("KEX done"); | - |
2777 | } never executed: end of block | 0 |
2778 | | - |
2779 | | - |
2780 | void | - |
2781 | cleanup_exit(int i) | - |
2782 | { | - |
2783 | struct ssh *ssh = active_state; | - |
2784 | | - |
2785 | if (the_authctxtTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2786 | do_cleanup(ssh, the_authctxt); | - |
2787 | if (use_privsepTRUE | never evaluated | FALSE | never evaluated |
&& privsep_is_preauthTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
2788 | pmonitor != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2789 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2790 | && pmonitor->m_pid > 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2791 | debug("Killing privsep child %d", pmonitor->m_pid); | - |
2792 | if (kill(pmonitor->m_pid, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2793 | 9TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2794 | ) != 0TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
2795 | | - |
2796 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2797 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2798 | 3TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2799 | ) | - |
2800 | error("%s: kill(%d): %s", __func__, never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) )); | 0 |
2801 | pmonitor->m_pid, strerror( never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) )); | 0 |
2802 | (*__errno_location ()) never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) )); | 0 |
2803 | )); never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) )); | 0 |
2804 | } never executed: end of block | 0 |
2805 | } never executed: end of block | 0 |
2806 | | - |
2807 | | - |
2808 | | - |
2809 | | - |
2810 | | - |
2811 | _exit(i); | - |
2812 | } never executed: end of block | 0 |
| | |