OpenCoverage

auth.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/auth.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */-
2/*-
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.-
4 *-
5 * Redistribution and use in source and binary forms, with or without-
6 * modification, are permitted provided that the following conditions-
7 * are met:-
8 * 1. Redistributions of source code must retain the above copyright-
9 * notice, this list of conditions and the following disclaimer.-
10 * 2. Redistributions in binary form must reproduce the above copyright-
11 * notice, this list of conditions and the following disclaimer in the-
12 * documentation and/or other materials provided with the distribution.-
13 *-
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
24 */-
25-
26#include "includes.h"-
27-
28#include <sys/types.h>-
29#include <sys/stat.h>-
30#include <sys/socket.h>-
31#include <sys/wait.h>-
32-
33#include <netinet/in.h>-
34-
35#include <errno.h>-
36#include <fcntl.h>-
37#ifdef HAVE_PATHS_H-
38# include <paths.h>-
39#endif-
40#include <pwd.h>-
41#ifdef HAVE_LOGIN_H-
42#include <login.h>-
43#endif-
44#ifdef USE_SHADOW-
45#include <shadow.h>-
46#endif-
47#include <stdarg.h>-
48#include <stdio.h>-
49#include <string.h>-
50#include <unistd.h>-
51#include <limits.h>-
52#include <netdb.h>-
53-
54#include "xmalloc.h"-
55#include "match.h"-
56#include "groupaccess.h"-
57#include "log.h"-
58#include "sshbuf.h"-
59#include "misc.h"-
60#include "servconf.h"-
61#include "sshkey.h"-
62#include "hostfile.h"-
63#include "auth.h"-
64#include "auth-options.h"-
65#include "canohost.h"-
66#include "uidswap.h"-
67#include "packet.h"-
68#include "loginrec.h"-
69#ifdef GSSAPI-
70#include "ssh-gss.h"-
71#endif-
72#include "authfile.h"-
73#include "monitor_wrap.h"-
74#include "authfile.h"-
75#include "ssherr.h"-
76#include "compat.h"-
77#include "channels.h"-
78-
79/* import */-
80extern ServerOptions options;-
81extern int use_privsep;-
82extern struct sshbuf *loginmsg;-
83extern struct passwd *privsep_pw;-
84extern struct sshauthopt *auth_opts;-
85-
86/* Debugging messages */-
87static struct sshbuf *auth_debug;-
88-
89/*-
90 * Check if the user is allowed to log in via ssh. If user is listed-
91 * in DenyUsers or one of user's groups is listed in DenyGroups, false-
92 * will be returned. If AllowUsers isn't empty and user isn't listed-
93 * there, or if AllowGroups isn't empty and one of user's groups isn't-
94 * listed there, false will be returned.-
95 * If the user's shell is not executable, false will be returned.-
96 * Otherwise true is returned.-
97 */-
98int-
99allowed_user(struct passwd * pw)-
100{-
101 struct ssh *ssh = active_state; /* XXX */-
102 struct stat st;-
103 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;-
104 u_int i;-
105 int r;-
106#ifdef USE_SHADOW-
107 struct spwd *spw = NULL;-
108#endif-
109-
110 /* Shouldn't be called if pw is NULL, but better safe than sorry... */-
111 if (!pw || !pw->pw_name)
!pwDescription
TRUEnever evaluated
FALSEnever evaluated
!pw->pw_nameDescription
TRUEnever evaluated
FALSEnever evaluated
0
112 return 0;
never executed: return 0;
0
113-
114#ifdef USE_SHADOW-
115 if (!options.use_pam)
!options.use_pamDescription
TRUEnever evaluated
FALSEnever evaluated
0
116 spw = getspnam(pw->pw_name);
never executed: spw = getspnam(pw->pw_name);
0
117#ifdef HAS_SHADOW_EXPIRE-
118 if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
!options.use_pamDescription
TRUEnever evaluated
FALSEnever evaluated
spw != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
auth_shadow_acctexpired(spw)Description
TRUEnever evaluated
FALSEnever evaluated
0
119 return 0;
never executed: return 0;
0
120#endif /* HAS_SHADOW_EXPIRE */-
121#endif /* USE_SHADOW */-
122-
123 /* grab passwd field for locked account check */-
124 passwd = pw->pw_passwd;-
125#ifdef USE_SHADOW-
126 if (spw != NULL)
spw != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
127#ifdef USE_LIBIAF-
128 passwd = get_iaf_password(pw);-
129#else-
130 passwd = spw->sp_pwdp;
never executed: passwd = spw->sp_pwdp;
0
131#endif /* USE_LIBIAF */-
132#endif-
133-
134 /* check for locked account */-
135 if (!options.use_pam && passwd && *passwd) {
!options.use_pamDescription
TRUEnever evaluated
FALSEnever evaluated
passwdDescription
TRUEnever evaluated
FALSEnever evaluated
*passwdDescription
TRUEnever evaluated
FALSEnever evaluated
0
136 int locked = 0;-
137-
138#ifdef LOCKED_PASSWD_STRING-
139 if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)-
140 locked = 1;-
141#endif-
142#ifdef LOCKED_PASSWD_PREFIX-
143 if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
never executed: __result = (((const unsigned char *) (const char *) ( passwd ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "!" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__...("!") ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons... strlen("!") )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...t_p ( passwd )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( passw...strlen("!") ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( "!" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "!" )...strlen("!") ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
144 strlen(LOCKED_PASSWD_PREFIX)) == 0)
(__extension__...("!") ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
145 locked = 1;
never executed: locked = 1;
0
146#endif-
147#ifdef LOCKED_PASSWD_SUBSTR-
148 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))-
149 locked = 1;-
150#endif-
151#ifdef USE_LIBIAF-
152 free((void *) passwd);-
153#endif /* USE_LIBIAF */-
154 if (locked) {
lockedDescription
TRUEnever evaluated
FALSEnever evaluated
0
155 logit("User %.100s not allowed because account is locked",-
156 pw->pw_name);-
157 return 0;
never executed: return 0;
0
158 }-
159 }
never executed: end of block
0
160-
161 /*-
162 * Deny if shell does not exist or is not executable unless we-
163 * are chrooting.-
164 */-
165 if (options.chroot_directory == NULL ||
options.chroot...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
166 strcasecmp(options.chroot_directory, "none") == 0) {
strcasecmp(opt..., "none") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
167 char *shell = xstrdup((pw->pw_shell[0] == '\0') ?-
168 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */-
169-
170 if (stat(shell, &st) != 0) {
stat(shell, &st) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
171 logit("User %.100s not allowed because shell %.100s "-
172 "does not exist", pw->pw_name, shell);-
173 free(shell);-
174 return 0;
never executed: return 0;
0
175 }-
176 if (S_ISREG(st.st_mode) == 0 ||
(((( st.st_mod...0100000)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
177 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
(st.st_mode & ... >> 3) )) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
178 logit("User %.100s not allowed because shell %.100s "-
179 "is not executable", pw->pw_name, shell);-
180 free(shell);-
181 return 0;
never executed: return 0;
0
182 }-
183 free(shell);-
184 }
never executed: end of block
0
185-
186 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
options.num_deny_users > 0Description
TRUEnever evaluated
FALSEnever evaluated
options.num_allow_users > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
187 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
options.num_deny_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
options.num_allow_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
188 hostname = auth_get_canonical_hostname(ssh, options.use_dns);-
189 ipaddr = ssh_remote_ipaddr(ssh);-
190 }
never executed: end of block
0
191-
192 /* Return false if user is listed in DenyUsers */-
193 if (options.num_deny_users > 0) {
options.num_deny_users > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
194 for (i = 0; i < options.num_deny_users; i++) {
i < options.num_deny_usersDescription
TRUEnever evaluated
FALSEnever evaluated
0
195 r = match_user(pw->pw_name, hostname, ipaddr,-
196 options.deny_users[i]);-
197 if (r < 0) {
r < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
198 fatal("Invalid DenyUsers pattern \"%.100s\"",-
199 options.deny_users[i]);-
200 } else if (r != 0) {
never executed: end of block
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
201 logit("User %.100s from %.100s not allowed "-
202 "because listed in DenyUsers",-
203 pw->pw_name, hostname);-
204 return 0;
never executed: return 0;
0
205 }-
206 }
never executed: end of block
0
207 }
never executed: end of block
0
208 /* Return false if AllowUsers isn't empty and user isn't listed there */-
209 if (options.num_allow_users > 0) {
options.num_allow_users > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
210 for (i = 0; i < options.num_allow_users; i++) {
i < options.num_allow_usersDescription
TRUEnever evaluated
FALSEnever evaluated
0
211 r = match_user(pw->pw_name, hostname, ipaddr,-
212 options.allow_users[i]);-
213 if (r < 0) {
r < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
214 fatal("Invalid AllowUsers pattern \"%.100s\"",-
215 options.allow_users[i]);-
216 } else if (r == 1)
never executed: end of block
r == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
217 break;
never executed: break;
0
218 }
never executed: end of block
0
219 /* i < options.num_allow_users iff we break for loop */-
220 if (i >= options.num_allow_users) {
i >= options.num_allow_usersDescription
TRUEnever evaluated
FALSEnever evaluated
0
221 logit("User %.100s from %.100s not allowed because "-
222 "not listed in AllowUsers", pw->pw_name, hostname);-
223 return 0;
never executed: return 0;
0
224 }-
225 }
never executed: end of block
0
226 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
options.num_deny_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
options.num_allow_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
227 /* Get the user's group access list (primary and supplementary) */-
228 if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
ga_init(pw->pw...->pw_gid) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
229 logit("User %.100s from %.100s not allowed because "-
230 "not in any group", pw->pw_name, hostname);-
231 return 0;
never executed: return 0;
0
232 }-
233-
234 /* Return false if one of user's groups is listed in DenyGroups */-
235 if (options.num_deny_groups > 0)
options.num_deny_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
236 if (ga_match(options.deny_groups,
ga_match(optio...m_deny_groups)Description
TRUEnever evaluated
FALSEnever evaluated
0
237 options.num_deny_groups)) {
ga_match(optio...m_deny_groups)Description
TRUEnever evaluated
FALSEnever evaluated
0
238 ga_free();-
239 logit("User %.100s from %.100s not allowed "-
240 "because a group is listed in DenyGroups",-
241 pw->pw_name, hostname);-
242 return 0;
never executed: return 0;
0
243 }-
244 /*-
245 * Return false if AllowGroups isn't empty and one of user's groups-
246 * isn't listed there-
247 */-
248 if (options.num_allow_groups > 0)
options.num_allow_groups > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
249 if (!ga_match(options.allow_groups,
!ga_match(opti..._allow_groups)Description
TRUEnever evaluated
FALSEnever evaluated
0
250 options.num_allow_groups)) {
!ga_match(opti..._allow_groups)Description
TRUEnever evaluated
FALSEnever evaluated
0
251 ga_free();-
252 logit("User %.100s from %.100s not allowed "-
253 "because none of user's groups are listed "-
254 "in AllowGroups", pw->pw_name, hostname);-
255 return 0;
never executed: return 0;
0
256 }-
257 ga_free();-
258 }
never executed: end of block
0
259-
260#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER-
261 if (!sys_auth_allowed_user(pw, &loginmsg))-
262 return 0;-
263#endif-
264-
265 /* We found no reason not to let this user try to log on... */-
266 return 1;
never executed: return 1;
0
267}-
268-
269/*-
270 * Formats any key left in authctxt->auth_method_key for inclusion in-
271 * auth_log()'s message. Also includes authxtct->auth_method_info if present.-
272 */-
273static char *-
274format_method_key(Authctxt *authctxt)-
275{-
276 const struct sshkey *key = authctxt->auth_method_key;-
277 const char *methinfo = authctxt->auth_method_info;-
278 char *fp, *cafp, *ret = NULL;-
279-
280 if (key == NULL)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
281 return NULL;
never executed: return ((void *)0) ;
0
282-
283 if (sshkey_is_cert(key)) {
sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
0
284 fp = sshkey_fingerprint(key,-
285 options.fingerprint_hash, SSH_FP_DEFAULT);-
286 cafp = sshkey_fingerprint(key->cert->signature_key,-
287 options.fingerprint_hash, SSH_FP_DEFAULT);-
288 xasprintf(&ret, "%s %s ID %s (serial %llu) CA %s %s%s%s",-
289 sshkey_type(key), fp == NULL ? "(null)" : fp,-
290 key->cert->key_id,-
291 (unsigned long long)key->cert->serial,-
292 sshkey_type(key->cert->signature_key),-
293 cafp == NULL ? "(null)" : cafp,-
294 methinfo == NULL ? "" : ", ",-
295 methinfo == NULL ? "" : methinfo);-
296 free(fp);-
297 free(cafp);-
298 } else {
never executed: end of block
0
299 fp = sshkey_fingerprint(key, options.fingerprint_hash,-
300 SSH_FP_DEFAULT);-
301 xasprintf(&ret, "%s %s%s%s", sshkey_type(key),-
302 fp == NULL ? "(null)" : fp,-
303 methinfo == NULL ? "" : ", ",-
304 methinfo == NULL ? "" : methinfo);-
305 free(fp);-
306 }
never executed: end of block
0
307 return ret;
never executed: return ret;
0
308}-
309-
310void-
311auth_log(Authctxt *authctxt, int authenticated, int partial,-
312 const char *method, const char *submethod)-
313{-
314 struct ssh *ssh = active_state; /* XXX */-
315 int level = SYSLOG_LEVEL_VERBOSE;-
316 const char *authmsg;-
317 char *extra = NULL;-
318-
319 if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
!mm_is_monitor()Description
TRUEnever evaluated
FALSEnever evaluated
!authctxt->postponedDescription
TRUEnever evaluated
FALSEnever evaluated
0
320 return;
never executed: return;
0
321-
322 /* Raise logging level */-
323 if (authenticated == 1 ||
authenticated == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
324 !authctxt->valid ||
!authctxt->validDescription
TRUEnever evaluated
FALSEnever evaluated
0
325 authctxt->failures >= options.max_authtries / 2 ||
authctxt->fail..._authtries / 2Description
TRUEnever evaluated
FALSEnever evaluated
0
326 strcmp(method, "password") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "password" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
327 level = SYSLOG_LEVEL_INFO;
never executed: level = SYSLOG_LEVEL_INFO;
0
328-
329 if (authctxt->postponed)
authctxt->postponedDescription
TRUEnever evaluated
FALSEnever evaluated
0
330 authmsg = "Postponed";
never executed: authmsg = "Postponed";
0
331 else if (partial)
partialDescription
TRUEnever evaluated
FALSEnever evaluated
0
332 authmsg = "Partial";
never executed: authmsg = "Partial";
0
333 else-
334 authmsg = authenticated ? "Accepted" : "Failed";
never executed: authmsg = authenticated ? "Accepted" : "Failed";
authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
335-
336 if ((extra = format_method_key(authctxt)) == NULL) {
(extra = forma...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
337 if (authctxt->auth_method_info != NULL)
authctxt->auth...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
338 extra = xstrdup(authctxt->auth_method_info);
never executed: extra = xstrdup(authctxt->auth_method_info);
0
339 }
never executed: end of block
0
340-
341 do_log2(level, "%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s",-
342 authmsg,-
343 method,-
344 submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,-
345 authctxt->valid ? "" : "invalid user ",-
346 authctxt->user,-
347 ssh_remote_ipaddr(ssh),-
348 ssh_remote_port(ssh),-
349 extra != NULL ? ": " : "",-
350 extra != NULL ? extra : "");-
351-
352 free(extra);-
353-
354#ifdef CUSTOM_FAILED_LOGIN-
355 if (authenticated == 0 && !authctxt->postponed &&
authenticated == 0Description
TRUEnever evaluated
FALSEnever evaluated
!authctxt->postponedDescription
TRUEnever evaluated
FALSEnever evaluated
0
356 (strcmp(method, "password") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "password" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
357 strncmp(method, "keyboard-interactive", 20) == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "keyboard-interactive" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__... , 20 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 20 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...t_p ( method )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( metho...ize_t) ( 20 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...interactive" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "keyb...ize_t) ( 20 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
358 strcmp(method, "challenge-response") == 0))
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "challenge-response" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
359 record_failed_login(authctxt->user,
never executed: record_failed_login(authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
0
360 auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
never executed: record_failed_login(authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
0
361# ifdef WITH_AIXAUTHENTICATE-
362 if (authenticated)-
363 sys_auth_record_login(authctxt->user,-
364 auth_get_canonical_hostname(ssh, options.use_dns), "ssh",-
365 &loginmsg);-
366# endif-
367#endif-
368#ifdef SSH_AUDIT_EVENTS-
369 if (authenticated == 0 && !authctxt->postponed)-
370 audit_event(audit_classify_auth(method));-
371#endif-
372}
never executed: end of block
0
373-
374-
375void-
376auth_maxtries_exceeded(Authctxt *authctxt)-
377{-
378 struct ssh *ssh = active_state; /* XXX */-
379-
380 error("maximum authentication attempts exceeded for "-
381 "%s%.100s from %.200s port %d ssh2",-
382 authctxt->valid ? "" : "invalid user ",-
383 authctxt->user,-
384 ssh_remote_ipaddr(ssh),-
385 ssh_remote_port(ssh));-
386 packet_disconnect("Too many authentication failures");-
387 /* NOTREACHED */-
388}
never executed: end of block
0
389-
390/*-
391 * Check whether root logins are disallowed.-
392 */-
393int-
394auth_root_allowed(struct ssh *ssh, const char *method)-
395{-
396 switch (options.permit_root_login) {-
397 case PERMIT_YES:
never executed: case 3:
0
398 return 1;
never executed: return 1;
0
399 case PERMIT_NO_PASSWD:
never executed: case 2:
0
400 if (strcmp(method, "publickey") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "publickey" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
401 strcmp(method, "hostbased") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "hostbased" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
402 strcmp(method, "gssapi-with-mic") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "gssapi-with-mic" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
403 return 1;
never executed: return 1;
0
404 break;
never executed: break;
0
405 case PERMIT_FORCED_ONLY:
never executed: case 1:
0
406 if (auth_opts->force_command != NULL) {
auth_opts->for...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
407 logit("Root login accepted for forced command.");-
408 return 1;
never executed: return 1;
0
409 }-
410 break;
never executed: break;
0
411 }-
412 logit("ROOT LOGIN REFUSED FROM %.200s port %d",-
413 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
414 return 0;
never executed: return 0;
0
415}-
416-
417-
418/*-
419 * Given a template and a passwd structure, build a filename-
420 * by substituting % tokenised options. Currently, %% becomes '%',-
421 * %h becomes the home directory and %u the username.-
422 *-
423 * This returns a buffer allocated by xmalloc.-
424 */-
425char *-
426expand_authorized_keys(const char *filename, struct passwd *pw)-
427{-
428 char *file, uidstr[32], ret[PATH_MAX];-
429 int i;-
430-
431 snprintf(uidstr, sizeof(uidstr), "%llu",-
432 (unsigned long long)pw->pw_uid);-
433 file = percent_expand(filename, "h", pw->pw_dir,-
434 "u", pw->pw_name, "U", uidstr, (char *)NULL);-
435-
436 /*-
437 * Ensure that filename starts anchored. If not, be backward-
438 * compatible and prepend the '%h/'-
439 */-
440 if (*file == '/')
*file == '/'Description
TRUEnever evaluated
FALSEnever evaluated
0
441 return (file);
never executed: return (file);
0
442-
443 i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);-
444 if (i < 0 || (size_t)i >= sizeof(ret))
i < 0Description
TRUEnever evaluated
FALSEnever evaluated
(size_t)i >= sizeof(ret)Description
TRUEnever evaluated
FALSEnever evaluated
0
445 fatal("expand_authorized_keys: path too long");
never executed: fatal("expand_authorized_keys: path too long");
0
446 free(file);-
447 return (xstrdup(ret));
never executed: return (xstrdup(ret));
0
448}-
449-
450char *-
451authorized_principals_file(struct passwd *pw)-
452{-
453 if (options.authorized_principals_file == NULL)
options.author...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
454 return NULL;
never executed: return ((void *)0) ;
0
455 return expand_authorized_keys(options.authorized_principals_file, pw);
never executed: return expand_authorized_keys(options.authorized_principals_file, pw);
0
456}-
457-
458/* return ok if key exists in sysfile or userfile */-
459HostStatus-
460check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,-
461 const char *sysfile, const char *userfile)-
462{-
463 char *user_hostfile;-
464 struct stat st;-
465 HostStatus host_status;-
466 struct hostkeys *hostkeys;-
467 const struct hostkey_entry *found;-
468-
469 hostkeys = init_hostkeys();-
470 load_hostkeys(hostkeys, host, sysfile);-
471 if (userfile != NULL) {
userfile != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
472 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);-
473 if (options.strict_modes &&
options.strict_modesDescription
TRUEnever evaluated
FALSEnever evaluated
0
474 (stat(user_hostfile, &st) == 0) &&
(stat(user_hos...le, &st) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
475 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
st.st_uid != 0Description
TRUEnever evaluated
FALSEnever evaluated
st.st_uid != pw->pw_uidDescription
TRUEnever evaluated
FALSEnever evaluated
0
476 (st.st_mode & 022) != 0)) {
(st.st_mode & 022) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
477 logit("Authentication refused for %.100s: "-
478 "bad owner or modes for %.200s",-
479 pw->pw_name, user_hostfile);-
480 auth_debug_add("Ignored %.200s: bad ownership or modes",-
481 user_hostfile);-
482 } else {
never executed: end of block
0
483 temporarily_use_uid(pw);-
484 load_hostkeys(hostkeys, host, user_hostfile);-
485 restore_uid();-
486 }
never executed: end of block
0
487 free(user_hostfile);-
488 }
never executed: end of block
0
489 host_status = check_key_in_hostkeys(hostkeys, key, &found);-
490 if (host_status == HOST_REVOKED)
host_status == HOST_REVOKEDDescription
TRUEnever evaluated
FALSEnever evaluated
0
491 error("WARNING: revoked key for %s attempted authentication",
never executed: error("WARNING: revoked key for %s attempted authentication", found->host);
0
492 found->host);
never executed: error("WARNING: revoked key for %s attempted authentication", found->host);
0
493 else if (host_status == HOST_OK)
host_status == HOST_OKDescription
TRUEnever evaluated
FALSEnever evaluated
0
494 debug("%s: key for %s found at %s:%ld", __func__,
never executed: debug("%s: key for %s found at %s:%ld", __func__, found->host, found->file, found->line);
0
495 found->host, found->file, found->line);
never executed: debug("%s: key for %s found at %s:%ld", __func__, found->host, found->file, found->line);
0
496 else-
497 debug("%s: key for host %s not found", __func__, host);
never executed: debug("%s: key for host %s not found", __func__, host);
0
498-
499 free_hostkeys(hostkeys);-
500-
501 return host_status;
never executed: return host_status;
0
502}-
503-
504static FILE *-
505auth_openfile(const char *file, struct passwd *pw, int strict_modes,-
506 int log_missing, char *file_type)-
507{-
508 char line[1024];-
509 struct stat st;-
510 int fd;-
511 FILE *f;-
512-
513 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
(fd = open(fil...04000 )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
514 if (log_missing || errno != ENOENT)
log_missingDescription
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
515 debug("Could not open %s '%s': %s", file_type, file,
never executed: debug("Could not open %s '%s': %s", file_type, file, strerror( (*__errno_location ()) ));
0
516 strerror(errno));
never executed: debug("Could not open %s '%s': %s", file_type, file, strerror( (*__errno_location ()) ));
0
517 return NULL;
never executed: return ((void *)0) ;
0
518 }-
519-
520 if (fstat(fd, &st) < 0) {
fstat(fd, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
521 close(fd);-
522 return NULL;
never executed: return ((void *)0) ;
0
523 }-
524 if (!S_ISREG(st.st_mode)) {
! (((( st.st_m... == (0100000))Description
TRUEnever evaluated
FALSEnever evaluated
0
525 logit("User %s %s %s is not a regular file",-
526 pw->pw_name, file_type, file);-
527 close(fd);-
528 return NULL;
never executed: return ((void *)0) ;
0
529 }-
530 unset_nonblock(fd);-
531 if ((f = fdopen(fd, "r")) == NULL) {
(f = fdopen(fd...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
532 close(fd);-
533 return NULL;
never executed: return ((void *)0) ;
0
534 }-
535 if (strict_modes &&
strict_modesDescription
TRUEnever evaluated
FALSEnever evaluated
0
536 safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) {
safe_path_fd(f...of(line)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
537 fclose(f);-
538 logit("Authentication refused: %s", line);-
539 auth_debug_add("Ignored %s: %s", file_type, line);-
540 return NULL;
never executed: return ((void *)0) ;
0
541 }-
542-
543 return f;
never executed: return f;
0
544}-
545-
546-
547FILE *-
548auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)-
549{-
550 return auth_openfile(file, pw, strict_modes, 1, "authorized keys");
never executed: return auth_openfile(file, pw, strict_modes, 1, "authorized keys");
0
551}-
552-
553FILE *-
554auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)-
555{-
556 return auth_openfile(file, pw, strict_modes, 0,
never executed: return auth_openfile(file, pw, strict_modes, 0, "authorized principals");
0
557 "authorized principals");
never executed: return auth_openfile(file, pw, strict_modes, 0, "authorized principals");
0
558}-
559-
560struct passwd *-
561getpwnamallow(const char *user)-
562{-
563 struct ssh *ssh = active_state; /* XXX */-
564#ifdef HAVE_LOGIN_CAP-
565 extern login_cap_t *lc;-
566#ifdef BSD_AUTH-
567 auth_session_t *as;-
568#endif-
569#endif-
570 struct passwd *pw;-
571 struct connection_info *ci = get_connection_info(1, options.use_dns);-
572-
573 ci->user = user;-
574 parse_server_match_config(&options, ci);-
575 log_change_level(options.log_level);-
576 process_permitopen(ssh, &options);-
577-
578#if defined(_AIX) && defined(HAVE_SETAUTHDB)-
579 aix_setauthdb(user);-
580#endif-
581-
582 pw = getpwnam(user);-
583-
584#if defined(_AIX) && defined(HAVE_SETAUTHDB)-
585 aix_restoreauthdb();-
586#endif-
587#ifdef HAVE_CYGWIN-
588 /*-
589 * Windows usernames are case-insensitive. To avoid later problems-
590 * when trying to match the username, the user is only allowed to-
591 * login if the username is given in the same case as stored in the-
592 * user database.-
593 */-
594 if (pw != NULL && strcmp(user, pw->pw_name) != 0) {-
595 logit("Login name %.100s does not match stored username %.100s",-
596 user, pw->pw_name);-
597 pw = NULL;-
598 }-
599#endif-
600 if (pw == NULL) {
pw == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
601 logit("Invalid user %.100s from %.100s port %d",-
602 user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
603#ifdef CUSTOM_FAILED_LOGIN-
604 record_failed_login(user,-
605 auth_get_canonical_hostname(ssh, options.use_dns), "ssh");-
606#endif-
607#ifdef SSH_AUDIT_EVENTS-
608 audit_event(SSH_INVALID_USER);-
609#endif /* SSH_AUDIT_EVENTS */-
610 return (NULL);
never executed: return ( ((void *)0) );
0
611 }-
612 if (!allowed_user(pw))
!allowed_user(pw)Description
TRUEnever evaluated
FALSEnever evaluated
0
613 return (NULL);
never executed: return ( ((void *)0) );
0
614#ifdef HAVE_LOGIN_CAP-
615 if ((lc = login_getclass(pw->pw_class)) == NULL) {-
616 debug("unable to get login class: %s", user);-
617 return (NULL);-
618 }-
619#ifdef BSD_AUTH-
620 if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||-
621 auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {-
622 debug("Approval failure for %s", user);-
623 pw = NULL;-
624 }-
625 if (as != NULL)-
626 auth_close(as);-
627#endif-
628#endif-
629 if (pw != NULL)
pw != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
630 return (pwcopy(pw));
never executed: return (pwcopy(pw));
0
631 return (NULL);
never executed: return ( ((void *)0) );
0
632}-
633-
634/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */-
635int-
636auth_key_is_revoked(struct sshkey *key)-
637{-
638 char *fp = NULL;-
639 int r;-
640-
641 if (options.revoked_keys_file == NULL)
options.revoke...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
642 return 0;
never executed: return 0;
0
643 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
644 SSH_FP_DEFAULT)) == NULL) {
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
645 r = SSH_ERR_ALLOC_FAIL;-
646 error("%s: fingerprint key: %s", __func__, ssh_err(r));-
647 goto out;
never executed: goto out;
0
648 }-
649-
650 r = sshkey_check_revoked(key, options.revoked_keys_file);-
651 switch (r) {-
652 case 0:
never executed: case 0:
0
653 break; /* not revoked */
never executed: break;
0
654 case SSH_ERR_KEY_REVOKED:
never executed: case -51:
0
655 error("Authentication key %s %s revoked by file %s",-
656 sshkey_type(key), fp, options.revoked_keys_file);-
657 goto out;
never executed: goto out;
0
658 default:
never executed: default:
0
659 error("Error checking authentication key %s %s in "-
660 "revoked keys file %s: %s", sshkey_type(key), fp,-
661 options.revoked_keys_file, ssh_err(r));-
662 goto out;
never executed: goto out;
0
663 }-
664-
665 /* Success */-
666 r = 0;-
667-
668 out:
code before this statement never executed: out:
0
669 free(fp);-
670 return r == 0 ? 0 : 1;
never executed: return r == 0 ? 0 : 1;
r == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
671}-
672-
673void-
674auth_debug_add(const char *fmt,...)-
675{-
676 char buf[1024];-
677 va_list args;-
678 int r;-
679-
680 if (auth_debug == NULL)
auth_debug == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
681 return;
never executed: return;
0
682-
683 va_start(args, fmt);-
684 vsnprintf(buf, sizeof(buf), fmt, args);-
685 va_end(args);-
686 if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
(r = sshbuf_pu...ug, buf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
687 fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
never executed: fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
0
688}
never executed: end of block
0
689-
690void-
691auth_debug_send(void)-
692{-
693 struct ssh *ssh = active_state; /* XXX */-
694 char *msg;-
695 int r;-
696-
697 if (auth_debug == NULL)
auth_debug == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
698 return;
never executed: return;
0
699 while (sshbuf_len(auth_debug) != 0) {
sshbuf_len(auth_debug) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
700 if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
701 fatal("%s: sshbuf_get_cstring: %s",
never executed: fatal("%s: sshbuf_get_cstring: %s", __func__, ssh_err(r));
0
702 __func__, ssh_err(r));
never executed: fatal("%s: sshbuf_get_cstring: %s", __func__, ssh_err(r));
0
703 ssh_packet_send_debug(ssh, "%s", msg);-
704 free(msg);-
705 }
never executed: end of block
0
706}
never executed: end of block
0
707-
708void-
709auth_debug_reset(void)-
710{-
711 if (auth_debug != NULL)
auth_debug != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
712 sshbuf_reset(auth_debug);
never executed: sshbuf_reset(auth_debug);
0
713 else if ((auth_debug = sshbuf_new()) == NULL)
(auth_debug = ...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
714 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
715}
never executed: end of block
0
716-
717struct passwd *-
718fakepw(void)-
719{-
720 static struct passwd fake;-
721-
722 memset(&fake, 0, sizeof(fake));-
723 fake.pw_name = "NOUSER";-
724 fake.pw_passwd =-
725 "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";-
726#ifdef HAVE_STRUCT_PASSWD_PW_GECOS-
727 fake.pw_gecos = "NOUSER";-
728#endif-
729 fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
privsep_pw == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
730 fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
privsep_pw == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
731#ifdef HAVE_STRUCT_PASSWD_PW_CLASS-
732 fake.pw_class = "";-
733#endif-
734 fake.pw_dir = "/nonexist";-
735 fake.pw_shell = "/nonexist";-
736-
737 return (&fake);
never executed: return (&fake);
0
738}-
739-
740/*-
741 * Returns the remote DNS hostname as a string. The returned string must not-
742 * be freed. NB. this will usually trigger a DNS query the first time it is-
743 * called.-
744 * This function does additional checks on the hostname to mitigate some-
745 * attacks on legacy rhosts-style authentication.-
746 * XXX is RhostsRSAAuthentication vulnerable to these?-
747 * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)-
748 */-
749-
750static char *-
751remote_hostname(struct ssh *ssh)-
752{-
753 struct sockaddr_storage from;-
754 socklen_t fromlen;-
755 struct addrinfo hints, *ai, *aitop;-
756 char name[NI_MAXHOST], ntop2[NI_MAXHOST];-
757 const char *ntop = ssh_remote_ipaddr(ssh);-
758-
759 /* Get IP address of client. */-
760 fromlen = sizeof(from);-
761 memset(&from, 0, sizeof(from));-
762 if (getpeername(ssh_packet_get_connection_in(ssh),
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
763 (struct sockaddr *)&from, &fromlen) < 0) {
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
764 debug("getpeername failed: %.100s", strerror(errno));-
765 return strdup(ntop);
never executed: return (__extension__ (__builtin_constant_p ( ntop ) && ((size_t)(const void *)(( ntop ) + 1) - (size_t)(const void *)( ntop ) == 1) ? (((const char *) ( ntop ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( ntop ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, ntop , __len); __retval; })) : __strdup ( ntop ))) ;
never executed: __retval = (char *) memcpy (__retval, ntop , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ntop )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( ntop ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
766 }-
767-
768 ipv64_normalise_mapped(&from, &fromlen);-
769 if (from.ss_family == AF_INET6)
from.ss_family == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
770 fromlen = sizeof(struct sockaddr_in6);
never executed: fromlen = sizeof(struct sockaddr_in6);
0
771-
772 debug3("Trying to reverse map address %.100s.", ntop);-
773 /* Map the IP address to a host name. */-
774 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
getnameinfo((s... , 0, 8 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
775 NULL, 0, NI_NAMEREQD) != 0) {
getnameinfo((s... , 0, 8 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
776 /* Host name not found. Use ip address. */-
777 return strdup(ntop);
never executed: return (__extension__ (__builtin_constant_p ( ntop ) && ((size_t)(const void *)(( ntop ) + 1) - (size_t)(const void *)( ntop ) == 1) ? (((const char *) ( ntop ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( ntop ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, ntop , __len); __retval; })) : __strdup ( ntop ))) ;
never executed: __retval = (char *) memcpy (__retval, ntop , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ntop )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( ntop ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
778 }-
779-
780 /*-
781 * if reverse lookup result looks like a numeric hostname,-
782 * someone is trying to trick us by PTR record like following:-
783 * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5-
784 */-
785 memset(&hints, 0, sizeof(hints));-
786 hints.ai_socktype = SOCK_DGRAM; /*dummy*/-
787 hints.ai_flags = AI_NUMERICHOST;-
788 if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
getaddrinfo(na...nts, &ai) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
789 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",-
790 name, ntop);-
791 freeaddrinfo(ai);-
792 return strdup(ntop);
never executed: return (__extension__ (__builtin_constant_p ( ntop ) && ((size_t)(const void *)(( ntop ) + 1) - (size_t)(const void *)( ntop ) == 1) ? (((const char *) ( ntop ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( ntop ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, ntop , __len); __retval; })) : __strdup ( ntop ))) ;
never executed: __retval = (char *) memcpy (__retval, ntop , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ntop )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( ntop ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
793 }-
794-
795 /* Names are stored in lowercase. */-
796 lowercase(name);-
797-
798 /*-
799 * Map it back to an IP address and check that the given-
800 * address actually is an address of this host. This is-
801 * necessary because anyone with access to a name server can-
802 * define arbitrary names for an IP address. Mapping from-
803 * name to IP address can be trusted better (but can still be-
804 * fooled if the intruder has access to the name server of-
805 * the domain).-
806 */-
807 memset(&hints, 0, sizeof(hints));-
808 hints.ai_family = from.ss_family;-
809 hints.ai_socktype = SOCK_STREAM;-
810 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
getaddrinfo(na..., &aitop) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
811 logit("reverse mapping checking getaddrinfo for %.700s "-
812 "[%s] failed.", name, ntop);-
813 return strdup(ntop);
never executed: return (__extension__ (__builtin_constant_p ( ntop ) && ((size_t)(const void *)(( ntop ) + 1) - (size_t)(const void *)( ntop ) == 1) ? (((const char *) ( ntop ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( ntop ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, ntop , __len); __retval; })) : __strdup ( ntop ))) ;
never executed: __retval = (char *) memcpy (__retval, ntop , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ntop )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( ntop ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
814 }-
815 /* Look for the address from the list of addresses. */-
816 for (ai = aitop; ai; ai = ai->ai_next) {
aiDescription
TRUEnever evaluated
FALSEnever evaluated
0
817 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
getnameinfo(ai... , 0, 1 ) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
818 sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
getnameinfo(ai... , 0, 1 ) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
819 (strcmp(ntop, ntop2) == 0))
never executed: __result = (((const unsigned char *) (const char *) ( ntop ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( ntop2 ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
( __extension_...)))); }) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
820 break;
never executed: break;
0
821 }
never executed: end of block
0
822 freeaddrinfo(aitop);-
823 /* If we reached the end of the list, the address was not there. */-
824 if (ai == NULL) {
ai == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
825 /* Address not found for the host name. */-
826 logit("Address %.100s maps to %.600s, but this does not "-
827 "map back to the address.", ntop, name);-
828 return strdup(ntop);
never executed: return (__extension__ (__builtin_constant_p ( ntop ) && ((size_t)(const void *)(( ntop ) + 1) - (size_t)(const void *)( ntop ) == 1) ? (((const char *) ( ntop ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( ntop ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, ntop , __len); __retval; })) : __strdup ( ntop ))) ;
never executed: __retval = (char *) memcpy (__retval, ntop , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ntop )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( ntop ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
829 }-
830 return strdup(name);
never executed: return (__extension__ (__builtin_constant_p ( name ) && ((size_t)(const void *)(( name ) + 1) - (size_t)(const void *)( name ) == 1) ? (((const char *) ( name ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( name ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, name , __len); __retval; })) : __strdup ( name ))) ;
never executed: __retval = (char *) memcpy (__retval, name , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( name ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
831}-
832-
833/*-
834 * Return the canonical name of the host in the other side of the current-
835 * connection. The host name is cached, so it is efficient to call this-
836 * several times.-
837 */-
838-
839const char *-
840auth_get_canonical_hostname(struct ssh *ssh, int use_dns)-
841{-
842 static char *dnsname;-
843-
844 if (!use_dns)
!use_dnsDescription
TRUEnever evaluated
FALSEnever evaluated
0
845 return ssh_remote_ipaddr(ssh);
never executed: return ssh_remote_ipaddr(ssh);
0
846 else if (dnsname != NULL)
dnsname != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
847 return dnsname;
never executed: return dnsname;
0
848 else {-
849 dnsname = remote_hostname(ssh);-
850 return dnsname;
never executed: return dnsname;
0
851 }-
852}-
853-
854/*-
855 * Runs command in a subprocess with a minimal environment.-
856 * Returns pid on success, 0 on failure.-
857 * The child stdout and stderr maybe captured, left attached or sent to-
858 * /dev/null depending on the contents of flags.-
859 * "tag" is prepended to log messages.-
860 * NB. "command" is only used for logging; the actual command executed is-
861 * av[0].-
862 */-
863pid_t-
864subprocess(const char *tag, struct passwd *pw, const char *command,-
865 int ac, char **av, FILE **child, u_int flags)-
866{-
867 FILE *f = NULL;-
868 struct stat st;-
869 int fd, devnull, p[2], i;-
870 pid_t pid;-
871 char *cp, errmsg[512];-
872 u_int envsize;-
873 char **child_env;-
874-
875 if (child != NULL)
child != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
876 *child = NULL;
never executed: *child = ((void *)0) ;
0
877-
878 debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__,-
879 tag, command, pw->pw_name, flags);-
880-
881 /* Check consistency */-
882 if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
(flags & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
883 (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
(flags & (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
884 error("%s: inconsistent flags", __func__);-
885 return 0;
never executed: return 0;
0
886 }-
887 if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
((flags & (1<<... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
888 error("%s: inconsistent flags/output", __func__);-
889 return 0;
never executed: return 0;
0
890 }-
891-
892 /*-
893 * If executing an explicit binary, then verify the it exists-
894 * and appears safe-ish to execute-
895 */-
896 if (*av[0] != '/') {
*av[0] != '/'Description
TRUEnever evaluated
FALSEnever evaluated
0
897 error("%s path is not absolute", tag);-
898 return 0;
never executed: return 0;
0
899 }-
900 temporarily_use_uid(pw);-
901 if (stat(av[0], &st) < 0) {
stat(av[0], &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
902 error("Could not stat %s \"%s\": %s", tag,-
903 av[0], strerror(errno));-
904 restore_uid();-
905 return 0;
never executed: return 0;
0
906 }-
907 if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
safe_path(av[0...(errmsg)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
908 error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);-
909 restore_uid();-
910 return 0;
never executed: return 0;
0
911 }-
912 /* Prepare to keep the child's stdout if requested */-
913 if (pipe(p) != 0) {
pipe(p) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
914 error("%s: pipe: %s", tag, strerror(errno));-
915 restore_uid();-
916 return 0;
never executed: return 0;
0
917 }-
918 restore_uid();-
919-
920 switch ((pid = fork())) {-
921 case -1: /* error */
never executed: case -1:
0
922 error("%s: fork: %s", tag, strerror(errno));-
923 close(p[0]);-
924 close(p[1]);-
925 return 0;
never executed: return 0;
0
926 case 0: /* child */
never executed: case 0:
0
927 /* Prepare a minimal environment for the child. */-
928 envsize = 5;-
929 child_env = xcalloc(sizeof(*child_env), envsize);-
930 child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH);-
931 child_set_env(&child_env, &envsize, "USER", pw->pw_name);-
932 child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name);-
933 child_set_env(&child_env, &envsize, "HOME", pw->pw_dir);-
934 if ((cp = getenv("LANG")) != NULL)
(cp = getenv("...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
935 child_set_env(&child_env, &envsize, "LANG", cp);
never executed: child_set_env(&child_env, &envsize, "LANG", cp);
0
936-
937 for (i = 0; i < NSIG; i++)
i < 65Description
TRUEnever evaluated
FALSEnever evaluated
0
938 signal(i, SIG_DFL);
never executed: mysignal(i, ((__sighandler_t) 0) );
0
939-
940 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
(devnull = ope... , 02 )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
941 error("%s: open %s: %s", tag, _PATH_DEVNULL,-
942 strerror(errno));-
943 _exit(1);-
944 }
never executed: end of block
0
945 if (dup2(devnull, STDIN_FILENO) == -1) {
dup2(devnull, 0 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
946 error("%s: dup2: %s", tag, strerror(errno));-
947 _exit(1);-
948 }
never executed: end of block
0
949-
950 /* Set up stdout as requested; leave stderr in place for now. */-
951 fd = -1;-
952 if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
(flags & (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
953 fd = p[1];
never executed: fd = p[1];
0
954 else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
(flags & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
955 fd = devnull;
never executed: fd = devnull;
0
956 if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
dup2(fd, 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
957 error("%s: dup2: %s", tag, strerror(errno));-
958 _exit(1);-
959 }
never executed: end of block
0
960 closefrom(STDERR_FILENO + 1);-
961-
962 /* Don't use permanently_set_uid() here to avoid fatal() */-
963 if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
setresgid(pw->...->pw_gid) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
964 error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,-
965 strerror(errno));-
966 _exit(1);-
967 }
never executed: end of block
0
968 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
setresuid(pw->...->pw_uid) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
969 error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,-
970 strerror(errno));-
971 _exit(1);-
972 }
never executed: end of block
0
973 /* stdin is pointed to /dev/null at this point */-
974 if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
(flags & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
975 dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
dup2( 0 , 2 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
976 error("%s: dup2: %s", tag, strerror(errno));-
977 _exit(1);-
978 }
never executed: end of block
0
979-
980 execve(av[0], av, child_env);-
981 error("%s exec \"%s\": %s", tag, command, strerror(errno));-
982 _exit(127);-
983 default: /* parent */
code before this statement never executed: default:
never executed: default:
0
984 break;
never executed: break;
0
985 }-
986-
987 close(p[1]);-
988 if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
(flags & (1<<1)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
989 close(p[0]);
never executed: close(p[0]);
0
990 else if ((f = fdopen(p[0], "r")) == NULL) {
(f = fdopen(p[...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
991 error("%s: fdopen: %s", tag, strerror(errno));-
992 close(p[0]);-
993 /* Don't leave zombie child */-
994 kill(pid, SIGTERM);-
995 while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
waitpid(pid, (...)0) , 0) == -1Description
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
996 ;
never executed: ;
0
997 return 0;
never executed: return 0;
0
998 }-
999 /* Success */-
1000 debug3("%s: %s pid %ld", __func__, tag, (long)pid);-
1001 if (child != NULL)
child != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1002 *child = f;
never executed: *child = f;
0
1003 return pid;
never executed: return pid;
0
1004}-
1005-
1006/* These functions link key/cert options to the auth framework */-
1007-
1008/* Log sshauthopt options locally and (optionally) for remote transmission */-
1009void-
1010auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)-
1011{-
1012 int do_env = options.permit_user_env && opts->nenv > 0;
options.permit_user_envDescription
TRUEnever evaluated
FALSEnever evaluated
opts->nenv > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1013 int do_permitopen = opts->npermitopen > 0 &&
opts->npermitopen > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1014 (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0;
(options.allow...& (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1015 int do_permitlisten = opts->npermitlisten > 0 &&
opts->npermitlisten > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1016 (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0;
(options.allow...ng & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1017 size_t i;-
1018 char msg[1024], buf[64];-
1019-
1020 snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);-
1021 /* Try to keep this alphabetically sorted */-
1022 snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",-
1023 opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",-
1024 opts->force_command == NULL ? "" : " command",-
1025 do_env ? " environment" : "",-
1026 opts->valid_before == 0 ? "" : "expires",-
1027 do_permitopen ? " permitopen" : "",-
1028 do_permitlisten ? " permitlisten" : "",-
1029 opts->permit_port_forwarding_flag ? " port-forwarding" : "",-
1030 opts->cert_principals == NULL ? "" : " principals",-
1031 opts->permit_pty_flag ? " pty" : "",-
1032 opts->force_tun_device == -1 ? "" : " tun=",-
1033 opts->force_tun_device == -1 ? "" : buf,-
1034 opts->permit_user_rc ? " user-rc" : "",-
1035 opts->permit_x11_forwarding_flag ? " x11-forwarding" : "");-
1036-
1037 debug("%s: %s", loc, msg);-
1038 if (do_remote)
do_remoteDescription
TRUEnever evaluated
FALSEnever evaluated
0
1039 auth_debug_add("%s: %s", loc, msg);
never executed: auth_debug_add("%s: %s", loc, msg);
0
1040-
1041 if (options.permit_user_env) {
options.permit_user_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
1042 for (i = 0; i < opts->nenv; i++) {
i < opts->nenvDescription
TRUEnever evaluated
FALSEnever evaluated
0
1043 debug("%s: environment: %s", loc, opts->env[i]);-
1044 if (do_remote) {
do_remoteDescription
TRUEnever evaluated
FALSEnever evaluated
0
1045 auth_debug_add("%s: environment: %s",-
1046 loc, opts->env[i]);-
1047 }
never executed: end of block
0
1048 }
never executed: end of block
0
1049 }
never executed: end of block
0
1050-
1051 /* Go into a little more details for the local logs. */-
1052 if (opts->valid_before != 0) {
opts->valid_before != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1053 format_absolute_time(opts->valid_before, buf, sizeof(buf));-
1054 debug("%s: expires at %s", loc, buf);-
1055 }
never executed: end of block
0
1056 if (opts->cert_principals != NULL) {
opts->cert_pri...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1057 debug("%s: authorized principals: \"%s\"",-
1058 loc, opts->cert_principals);-
1059 }
never executed: end of block
0
1060 if (opts->force_command != NULL)
opts->force_co...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1061 debug("%s: forced command: \"%s\"", loc, opts->force_command);
never executed: debug("%s: forced command: \"%s\"", loc, opts->force_command);
0
1062 if (do_permitopen) {
do_permitopenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1063 for (i = 0; i < opts->npermitopen; i++) {
i < opts->npermitopenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1064 debug("%s: permitted open: %s",-
1065 loc, opts->permitopen[i]);-
1066 }
never executed: end of block
0
1067 }
never executed: end of block
0
1068 if (do_permitlisten) {
do_permitlistenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1069 for (i = 0; i < opts->npermitlisten; i++) {
i < opts->npermitlistenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1070 debug("%s: permitted listen: %s",-
1071 loc, opts->permitlisten[i]);-
1072 }
never executed: end of block
0
1073 }
never executed: end of block
0
1074}
never executed: end of block
0
1075-
1076/* Activate a new set of key/cert options; merging with what is there. */-
1077int-
1078auth_activate_options(struct ssh *ssh, struct sshauthopt *opts)-
1079{-
1080 struct sshauthopt *old = auth_opts;-
1081 const char *emsg = NULL;-
1082-
1083 debug("%s: setting new authentication options", __func__);-
1084 if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) {
(auth_opts = s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1085 error("Inconsistent authentication options: %s", emsg);-
1086 return -1;
never executed: return -1;
0
1087 }-
1088 return 0;
never executed: return 0;
0
1089}-
1090-
1091/* Disable forwarding, etc for the session */-
1092void-
1093auth_restrict_session(struct ssh *ssh)-
1094{-
1095 struct sshauthopt *restricted;-
1096-
1097 debug("%s: restricting session", __func__);-
1098-
1099 /* A blank sshauthopt defaults to permitting nothing */-
1100 restricted = sshauthopt_new();-
1101 restricted->permit_pty_flag = 1;-
1102 restricted->restricted = 1;-
1103-
1104 if (auth_activate_options(ssh, restricted) != 0)
auth_activate_...stricted) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1105 fatal("%s: failed to restrict session", __func__);
never executed: fatal("%s: failed to restrict session", __func__);
0
1106 sshauthopt_free(restricted);-
1107}
never executed: end of block
0
1108-
1109int-
1110auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw,-
1111 struct sshauthopt *opts, int allow_cert_authority, const char *loc)-
1112{-
1113 const char *remote_ip = ssh_remote_ipaddr(ssh);-
1114 const char *remote_host = auth_get_canonical_hostname(ssh,-
1115 options.use_dns);-
1116 time_t now = time(NULL);-
1117 char buf[64];-
1118-
1119 /*-
1120 * Check keys/principals file expiry time.-
1121 * NB. validity interval in certificate is handled elsewhere.-
1122 */-
1123 if (opts->valid_before && now > 0 &&
opts->valid_beforeDescription
TRUEnever evaluated
FALSEnever evaluated
now > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1124 opts->valid_before < (uint64_t)now) {
opts->valid_be... (uint64_t)nowDescription
TRUEnever evaluated
FALSEnever evaluated
0
1125 format_absolute_time(opts->valid_before, buf, sizeof(buf));-
1126 debug("%s: entry expired at %s", loc, buf);-
1127 auth_debug_add("%s: entry expired at %s", loc, buf);-
1128 return -1;
never executed: return -1;
0
1129 }-
1130 /* Consistency checks */-
1131 if (opts->cert_principals != NULL && !opts->cert_authority) {
opts->cert_pri...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!opts->cert_authorityDescription
TRUEnever evaluated
FALSEnever evaluated
0
1132 debug("%s: principals on non-CA key", loc);-
1133 auth_debug_add("%s: principals on non-CA key", loc);-
1134 /* deny access */-
1135 return -1;
never executed: return -1;
0
1136 }-
1137 /* cert-authority flag isn't valid in authorized_principals files */-
1138 if (!allow_cert_authority && opts->cert_authority) {
!allow_cert_authorityDescription
TRUEnever evaluated
FALSEnever evaluated
opts->cert_authorityDescription
TRUEnever evaluated
FALSEnever evaluated
0
1139 debug("%s: cert-authority flag invalid here", loc);-
1140 auth_debug_add("%s: cert-authority flag invalid here", loc);-
1141 /* deny access */-
1142 return -1;
never executed: return -1;
0
1143 }-
1144-
1145 /* Perform from= checks */-
1146 if (opts->required_from_host_keys != NULL) {
opts->required...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1147 switch (match_host_and_ip(remote_host, remote_ip,-
1148 opts->required_from_host_keys )) {-
1149 case 1:
never executed: case 1:
0
1150 /* Host name matches. */-
1151 break;
never executed: break;
0
1152 case -1:
never executed: case -1:
0
1153 default:
never executed: default:
0
1154 debug("%s: invalid from criteria", loc);-
1155 auth_debug_add("%s: invalid from criteria", loc);-
1156 /* FALLTHROUGH */-
1157 case 0:
code before this statement never executed: case 0:
never executed: case 0:
0
1158 logit("%s: Authentication tried for %.100s with "-
1159 "correct key but not from a permitted "-
1160 "host (host=%.200s, ip=%.200s, required=%.200s).",-
1161 loc, pw->pw_name, remote_host, remote_ip,-
1162 opts->required_from_host_keys);-
1163 auth_debug_add("%s: Your host '%.200s' is not "-
1164 "permitted to use this key for login.",-
1165 loc, remote_host);-
1166 /* deny access */-
1167 return -1;
never executed: return -1;
0
1168 }-
1169 }-
1170 /* Check source-address restriction from certificate */-
1171 if (opts->required_from_host_cert != NULL) {
opts->required...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1172 switch (addr_match_cidr_list(remote_ip,-
1173 opts->required_from_host_cert)) {-
1174 case 1:
never executed: case 1:
0
1175 /* accepted */-
1176 break;
never executed: break;
0
1177 case -1:
never executed: case -1:
0
1178 default:
never executed: default:
0
1179 /* invalid */-
1180 error("%s: Certificate source-address invalid",-
1181 loc);-
1182 /* FALLTHROUGH */-
1183 case 0:
code before this statement never executed: case 0:
never executed: case 0:
0
1184 logit("%s: Authentication tried for %.100s with valid "-
1185 "certificate but not from a permitted source "-
1186 "address (%.200s).", loc, pw->pw_name, remote_ip);-
1187 auth_debug_add("%s: Your address '%.200s' is not "-
1188 "permitted to use this certificate for login.",-
1189 loc, remote_ip);-
1190 return -1;
never executed: return -1;
0
1191 }-
1192 }-
1193 /*-
1194 *-
1195 * XXX this is spammy. We should report remotely only for keys-
1196 * that are successful in actual auth attempts, and not PK_OK-
1197 * tests.-
1198 */-
1199 auth_log_authopts(loc, opts, 1);-
1200-
1201 return 0;
never executed: return 0;
0
1202}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2