Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | char *client_version_string = | - |
27 | ((void *)0) | - |
28 | ; | - |
29 | char *server_version_string = | - |
30 | ((void *)0) | - |
31 | ; | - |
32 | struct sshkey *previous_host_key = | - |
33 | ((void *)0) | - |
34 | ; | - |
35 | | - |
36 | static int matching_host_key_dns = 0; | - |
37 | | - |
38 | static pid_t proxy_command_pid = 0; | - |
39 | | - |
40 | | - |
41 | extern Options options; | - |
42 | extern char *__progname; | - |
43 | | - |
44 | static int show_other_keys(struct hostkeys *, struct sshkey *); | - |
45 | static void warn_changed_key(struct sshkey *); | - |
46 | | - |
47 | | - |
48 | static char * | - |
49 | expand_proxy_command(const char *proxy_command, const char *user, | - |
50 | const char *host, int port) | - |
51 | { | - |
52 | char *tmp, *ret, strport[ | - |
53 | 32 | - |
54 | ]; | - |
55 | | - |
56 | snprintf(strport, sizeof strport, "%d", port); | - |
57 | xasprintf(&tmp, "exec %s", proxy_command); | - |
58 | ret = percent_expand(tmp, "h", host, "p", strport, | - |
59 | "r", options.user, (char *) | - |
60 | ((void *)0) | - |
61 | ); | - |
62 | free(tmp); | - |
63 | return never executed: return ret; ret;never executed: return ret; | 0 |
64 | } | - |
65 | | - |
66 | | - |
67 | | - |
68 | | - |
69 | | - |
70 | static int | - |
71 | ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, | - |
72 | const char *proxy_command) | - |
73 | { | - |
74 | char *command_string; | - |
75 | int sp[2], sock; | - |
76 | pid_t pid; | - |
77 | char *shell; | - |
78 | | - |
79 | if ((TRUE | never evaluated | FALSE | never evaluated |
shell = getenv("SHELL")) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
80 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
81 | ) | - |
82 | shell = never executed: shell = "/bin/sh" ; | 0 |
83 | "/bin/sh" never executed: shell = "/bin/sh" ; | 0 |
84 | ; never executed: shell = "/bin/sh" ; | 0 |
85 | | - |
86 | if (socketpair(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
87 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
88 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
89 | SOCK_STREAMTRUE | never evaluated | FALSE | never evaluated |
| 0 |
90 | , 0, sp) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
91 | fatal("Could not create socketpair to communicate with " never executed: fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror( (*__errno_location ()) )); | 0 |
92 | "proxy dialer: %.100s", strerror( never executed: fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror( (*__errno_location ()) )); | 0 |
93 | (*__errno_location ()) never executed: fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror( (*__errno_location ()) )); | 0 |
94 | )); never executed: fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror( (*__errno_location ()) )); | 0 |
95 | | - |
96 | command_string = expand_proxy_command(proxy_command, options.user, | - |
97 | host, port); | - |
98 | debug("Executing proxy dialer command: %.500s", command_string); | - |
99 | | - |
100 | | - |
101 | if ((TRUE | never evaluated | FALSE | never evaluated |
pid = fork()) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
102 | char *argv[10]; | - |
103 | | - |
104 | close(sp[1]); | - |
105 | | - |
106 | if (sp[0] != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
107 | if (dup2(sp[0], 0) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
108 | perror("dup2 stdin"); never executed: perror("dup2 stdin"); | 0 |
109 | } never executed: end of block | 0 |
110 | if (sp[0] != 1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
111 | if (dup2(sp[0], 1) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
112 | perror("dup2 stdout"); never executed: perror("dup2 stdout"); | 0 |
113 | } never executed: end of block | 0 |
114 | if (sp[0] >= 2TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
115 | close(sp[0]); never executed: close(sp[0]); | 0 |
116 | | - |
117 | | - |
118 | | - |
119 | | - |
120 | | - |
121 | argv[0] = shell; | - |
122 | argv[1] = "-c"; | - |
123 | argv[2] = command_string; | - |
124 | argv[3] = | - |
125 | ((void *)0) | - |
126 | ; | - |
127 | | - |
128 | | - |
129 | | - |
130 | | - |
131 | | - |
132 | execv(argv[0], argv); | - |
133 | perror(argv[0]); | - |
134 | exit(1); never executed: exit(1); | 0 |
135 | } | - |
136 | | - |
137 | if (pid < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
138 | fatal("fork failed: %.100s", strerror( never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
139 | (*__errno_location ()) never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
140 | )); never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
141 | close(sp[0]); | - |
142 | free(command_string); | - |
143 | | - |
144 | if ((TRUE | never evaluated | FALSE | never evaluated |
sock = mm_receive_fd(sp[1])) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
145 | fatal("proxy dialer did not pass back a connection"); never executed: fatal("proxy dialer did not pass back a connection"); | 0 |
146 | close(sp[1]); | - |
147 | | - |
148 | while (waitpid(pid, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
149 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
150 | , 0) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
151 | if ( | - |
152 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
153 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
154 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
155 | ) | - |
156 | fatal("Couldn't wait for child: %s", strerror( never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
157 | (*__errno_location ()) never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
158 | )); never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
159 | | - |
160 | | - |
161 | if (ssh_packet_set_connection(ssh, sock, sock) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
162 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
163 | ) | - |
164 | return never executed: return -1; -1;never executed: return -1; | 0 |
165 | | - |
166 | return never executed: return 0; 0;never executed: return 0; | 0 |
167 | } | - |
168 | | - |
169 | | - |
170 | | - |
171 | | - |
172 | static int | - |
173 | ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, | - |
174 | const char *proxy_command) | - |
175 | { | - |
176 | char *command_string; | - |
177 | int pin[2], pout[2]; | - |
178 | pid_t pid; | - |
179 | char *shell; | - |
180 | | - |
181 | if ((TRUE | never evaluated | FALSE | never evaluated |
shell = getenv("SHELL")) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
182 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
183 | || *TRUE | never evaluated | FALSE | never evaluated |
shell == '\0'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
184 | shell = never executed: shell = "/bin/sh" ; | 0 |
185 | "/bin/sh" never executed: shell = "/bin/sh" ; | 0 |
186 | ; never executed: shell = "/bin/sh" ; | 0 |
187 | | - |
188 | | - |
189 | if (pipe(pin) < 0TRUE | never evaluated | FALSE | never evaluated |
|| pipe(pout) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
190 | fatal("Could not create pipes to communicate with the proxy: %.100s", never executed: fatal("Could not create pipes to communicate with the proxy: %.100s", strerror( (*__errno_location ()) )); | 0 |
191 | strerror( never executed: fatal("Could not create pipes to communicate with the proxy: %.100s", strerror( (*__errno_location ()) )); | 0 |
192 | (*__errno_location ()) never executed: fatal("Could not create pipes to communicate with the proxy: %.100s", strerror( (*__errno_location ()) )); | 0 |
193 | )); never executed: fatal("Could not create pipes to communicate with the proxy: %.100s", strerror( (*__errno_location ()) )); | 0 |
194 | | - |
195 | command_string = expand_proxy_command(proxy_command, options.user, | - |
196 | host, port); | - |
197 | debug("Executing proxy command: %.500s", command_string); | - |
198 | | - |
199 | | - |
200 | if ((TRUE | never evaluated | FALSE | never evaluated |
pid = fork()) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
201 | char *argv[10]; | - |
202 | | - |
203 | | - |
204 | close(pin[1]); | - |
205 | if (pin[0] != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
206 | if (dup2(pin[0], 0) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
207 | perror("dup2 stdin"); never executed: perror("dup2 stdin"); | 0 |
208 | close(pin[0]); | - |
209 | } never executed: end of block | 0 |
210 | close(pout[0]); | - |
211 | if (dup2(pout[1], 1) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
212 | perror("dup2 stdout"); never executed: perror("dup2 stdout"); | 0 |
213 | | - |
214 | close(pout[1]); | - |
215 | | - |
216 | | - |
217 | | - |
218 | argv[0] = shell; | - |
219 | argv[1] = "-c"; | - |
220 | argv[2] = command_string; | - |
221 | argv[3] = | - |
222 | ((void *)0) | - |
223 | ; | - |
224 | | - |
225 | | - |
226 | | - |
227 | mysignal( | - |
228 | 13 | - |
229 | , | - |
230 | ((__sighandler_t) 0) | - |
231 | ); | - |
232 | execv(argv[0], argv); | - |
233 | perror(argv[0]); | - |
234 | exit(1); never executed: exit(1); | 0 |
235 | } | - |
236 | | - |
237 | if (pid < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
238 | fatal("fork failed: %.100s", strerror( never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
239 | (*__errno_location ()) never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
240 | )); never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
241 | else | - |
242 | proxy_command_pid = pid; never executed: proxy_command_pid = pid; | 0 |
243 | | - |
244 | | - |
245 | close(pin[0]); | - |
246 | close(pout[1]); | - |
247 | | - |
248 | | - |
249 | free(command_string); | - |
250 | | - |
251 | | - |
252 | if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
254 | ) | - |
255 | return never executed: return -1; -1;never executed: return -1; | 0 |
256 | | - |
257 | return never executed: return 0; 0;never executed: return 0; | 0 |
258 | } | - |
259 | | - |
260 | void | - |
261 | ssh_kill_proxy_command(void) | - |
262 | { | - |
263 | | - |
264 | | - |
265 | | - |
266 | | - |
267 | if (proxy_command_pid > 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
268 | kill(proxy_command_pid, never executed: kill(proxy_command_pid, 1 ); | 0 |
269 | 1 never executed: kill(proxy_command_pid, 1 ); | 0 |
270 | ); never executed: kill(proxy_command_pid, 1 ); | 0 |
271 | } never executed: end of block | 0 |
272 | | - |
273 | | - |
274 | | - |
275 | | - |
276 | | - |
277 | | - |
278 | | - |
279 | static int | - |
280 | check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, | - |
281 | struct sockaddr_storage *resultp, socklen_t *rlenp) | - |
282 | { | - |
283 | struct sockaddr_in6 *sa6; | - |
284 | struct sockaddr_in *sa; | - |
285 | struct in6_addr *v6addr; | - |
286 | const struct ifaddrs *ifa; | - |
287 | int allow_local; | - |
288 | | - |
289 | | - |
290 | | - |
291 | | - |
292 | | - |
293 | for (allow_local = 0; allow_local < 2TRUE | never evaluated | FALSE | never evaluated |
; allow_local++) { | 0 |
294 | for (ifa = ifaddrs; ifa != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
295 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
296 | ; ifa = ifa->ifa_next) { | - |
297 | if (ifa->ifa_addr == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
298 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
299 | || ifa->ifa_name == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
300 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
301 | || | - |
302 | (TRUE | never evaluated | FALSE | never evaluated |
ifa->ifa_flags & TRUE | never evaluated | FALSE | never evaluated |
| 0 |
303 | IFF_UPTRUE | never evaluated | FALSE | never evaluated |
| 0 |
304 | ) == 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
305 | ifa->ifa_addr->sa_family != afTRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
306 | | - |
307 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
308 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
309 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
310 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
311 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
312 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
313 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
314 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
315 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
316 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
318 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
319 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
320 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
321 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
322 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
323 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
324 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
325 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
326 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
327 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
328 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
329 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
330 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
331 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
332 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
333 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
334 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
335 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
336 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
337 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
338 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
339 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
340 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
341 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
342 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
343 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
344 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
345 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
347 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
348 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
349 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
350 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
351 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
352 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
353 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( ifa->ifa_name ))[3] - __s2[3]); | 0 |
354 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( ifa->ifa_name ))[3] - __s2[3]); | 0 |
355 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
356 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
357 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
358 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
359 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
360 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
362 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
363 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
364 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
365 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
366 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
368 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
369 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
370 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
371 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
373 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
374 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
375 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
376 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
377 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
378 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
380 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
381 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( options.bind_interface ))[3] - __s2[3]); | 0 |
382 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( options.bind_interface ))[3] - __s2[3]); | 0 |
383 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | ifa->ifa_nameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
385 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
386 | options.bind_interfaceTRUE | never evaluated | FALSE | never evaluated |
| 0 |
387 | )))); }) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
388 | != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
389 | continue; never executed: continue; | 0 |
390 | switch (ifa->ifa_addr->sa_family) { | - |
391 | case never executed: case 2 : never executed: case 2 : | 0 |
392 | 2 never executed: case 2 : | 0 |
393 | : never executed: case 2 : | 0 |
394 | sa = (struct sockaddr_in *)ifa->ifa_addr; | - |
395 | if (!allow_localTRUE | never evaluated | FALSE | never evaluated |
&& sa->sin_addr.s_addr ==TRUE | never evaluated | FALSE | never evaluated |
| 0 |
396 | TRUE | never evaluated | FALSE | never evaluated |
| 0 |
397 | __bswap_32 (((in_addr_t) 0x7f000001))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
398 | ) | - |
399 | continue; never executed: continue; | 0 |
400 | if (*TRUE | never evaluated | FALSE | never evaluated |
rlenp < sizeof(struct sockaddr_in)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
401 | error("%s: v4 addr doesn't fit", | - |
402 | __func__); | - |
403 | return never executed: return -1; -1;never executed: return -1; | 0 |
404 | } | - |
405 | *rlenp = sizeof(struct sockaddr_in); | - |
406 | memcpy(resultp, sa, *rlenp); | - |
407 | return never executed: return 0; 0;never executed: return 0; | 0 |
408 | case never executed: case 10 : never executed: case 10 : | 0 |
409 | 10 never executed: case 10 : | 0 |
410 | : never executed: case 10 : | 0 |
411 | sa6 = (struct sockaddr_in6 *)ifa->ifa_addr; | - |
412 | v6addr = &sa6->sin6_addr; | - |
413 | if (!allow_localTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
414 | ( | - |
415 | (TRUE | never evaluated | FALSE | never evaluated |
__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
416 | v6addrTRUE | never evaluated | FALSE | never evaluated |
| 0 |
417 | ); (__a->__in6_u.__u6_addr32[0] & __bswap_32 (0xffc00000)) == __bswap_32 (0xfe800000); }))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
418 | || | - |
419 | | - |
420 | (TRUE | never evaluated | FALSE | never evaluated |
__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
421 | v6addrTRUE | never evaluated | FALSE | never evaluated |
| 0 |
422 | ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); }))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
423 | )) | - |
424 | continue; never executed: continue; | 0 |
425 | if (*TRUE | never evaluated | FALSE | never evaluated |
rlenp < sizeof(struct sockaddr_in6)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
426 | error("%s: v6 addr doesn't fit", | - |
427 | __func__); | - |
428 | return never executed: return -1; -1;never executed: return -1; | 0 |
429 | } | - |
430 | *rlenp = sizeof(struct sockaddr_in6); | - |
431 | memcpy(resultp, sa6, *rlenp); | - |
432 | return never executed: return 0; 0;never executed: return 0; | 0 |
433 | } | - |
434 | } never executed: end of block | 0 |
435 | } never executed: end of block | 0 |
436 | return never executed: return -1; -1;never executed: return -1; | 0 |
437 | } | - |
438 | | - |
439 | | - |
440 | | - |
441 | | - |
442 | | - |
443 | static int | - |
444 | ssh_create_socket(struct addrinfo *ai) | - |
445 | { | - |
446 | int sock, r; | - |
447 | struct sockaddr_storage bindaddr; | - |
448 | socklen_t bindaddrlen = 0; | - |
449 | struct addrinfo hints, *res = | - |
450 | ((void *)0) | - |
451 | ; | - |
452 | | - |
453 | struct ifaddrs *ifaddrs = | - |
454 | ((void *)0) | - |
455 | ; | - |
456 | | - |
457 | char ntop[ | - |
458 | 1025 | - |
459 | ]; | - |
460 | | - |
461 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | - |
462 | if (sock < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
463 | error("socket: %s", strerror( | - |
464 | (*__errno_location ()) | - |
465 | )); | - |
466 | return never executed: return -1; -1;never executed: return -1; | 0 |
467 | } | - |
468 | fcntl(sock, | - |
469 | 2 | - |
470 | , | - |
471 | 1 | - |
472 | ); | - |
473 | | - |
474 | | - |
475 | if (options.bind_address == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
476 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
477 | && options.bind_interface == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
478 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
479 | ) | - |
480 | return never executed: return sock; sock;never executed: return sock; | 0 |
481 | | - |
482 | if (options.bind_address != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
483 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
484 | ) { | - |
485 | memset(&hints, 0, sizeof(hints)); | - |
486 | hints.ai_family = ai->ai_family; | - |
487 | hints.ai_socktype = ai->ai_socktype; | - |
488 | hints.ai_protocol = ai->ai_protocol; | - |
489 | hints.ai_flags = | - |
490 | 0x0001 | - |
491 | ; | - |
492 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = getaddrinfo(options.bind_address, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
493 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
494 | ,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
495 | &hints, &res)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
496 | error("getaddrinfo: %s: %s", options.bind_address, | - |
497 | ssh_gai_strerror(r)); | - |
498 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
499 | } | - |
500 | if (res == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
501 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
502 | ) { | - |
503 | error("getaddrinfo: no addrs"); | - |
504 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
505 | } | - |
506 | if (res->ai_addrlen > sizeof(bindaddr)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
507 | error("%s: addr doesn't fit", __func__); | - |
508 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
509 | } | - |
510 | memcpy(&bindaddr, res->ai_addr, res->ai_addrlen); | - |
511 | bindaddrlen = res->ai_addrlen; | - |
512 | } never executed: end of block else if (options.bind_interface != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
513 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
514 | ) { | - |
515 | | - |
516 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = getifaddrs(&ifaddrs)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
517 | error("getifaddrs: %s: %s", options.bind_interface, | - |
518 | strerror( | - |
519 | (*__errno_location ()) | - |
520 | )); | - |
521 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
522 | } | - |
523 | bindaddrlen = sizeof(bindaddr); | - |
524 | if (check_ifaddrs(options.bind_interface, ai->ai_family,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
525 | ifaddrs, &bindaddr, &bindaddrlen) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
526 | logit("getifaddrs: %s: no suitable addresses", | - |
527 | options.bind_interface); | - |
528 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
529 | } | - |
530 | | - |
531 | | - |
532 | | - |
533 | } never executed: end of block | 0 |
534 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
535 | ntop, sizeof(ntop), TRUE | never evaluated | FALSE | never evaluated |
| 0 |
536 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
537 | , 0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
538 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
539 | )) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
540 | error("%s: getnameinfo failed: %s", __func__, | - |
541 | ssh_gai_strerror(r)); | - |
542 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
543 | } | - |
544 | if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
545 | error("bind %s: %s", ntop, strerror( | - |
546 | (*__errno_location ()) | - |
547 | )); | - |
548 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
549 | } | - |
550 | debug("%s: bound to %s", __func__, ntop); | - |
551 | | - |
552 | goto never executed: goto out; out;never executed: goto out; | 0 |
553 | fail: | - |
554 | close(sock); | - |
555 | sock = -1; | - |
556 | out: code before this statement never executed: out: | 0 |
557 | if (res != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
558 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
559 | ) | - |
560 | freeaddrinfo(res); never executed: freeaddrinfo(res); | 0 |
561 | | - |
562 | if (ifaddrs != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
563 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
564 | ) | - |
565 | freeifaddrs(ifaddrs); never executed: freeifaddrs(ifaddrs); | 0 |
566 | | - |
567 | return never executed: return sock; sock;never executed: return sock; | 0 |
568 | } | - |
569 | | - |
570 | | - |
571 | | - |
572 | | - |
573 | | - |
574 | | - |
575 | static int | - |
576 | waitrfd(int fd, int *timeoutp) | - |
577 | { | - |
578 | struct pollfd pfd; | - |
579 | struct timeval t_start; | - |
580 | int oerrno, r; | - |
581 | | - |
582 | monotime_tv(&t_start); | - |
583 | pfd.fd = fd; | - |
584 | pfd.events = | - |
585 | 0x001 | - |
586 | ; | - |
587 | for (; *TRUE | never evaluated | FALSE | never evaluated |
timeoutp >= 0TRUE | never evaluated | FALSE | never evaluated |
;) { | 0 |
588 | r = poll(&pfd, 1, *timeoutp); | - |
589 | oerrno = | - |
590 | (*__errno_location ()) | - |
591 | ; | - |
592 | ms_subtract_diff(&t_start, timeoutp); | - |
593 | | - |
594 | (*__errno_location ()) | - |
595 | = oerrno; | - |
596 | if (r > 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
597 | return never executed: return 0; 0;never executed: return 0; | 0 |
598 | else if (r == -1TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
599 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
600 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
601 | 11TRUE | never evaluated | FALSE | never evaluated |
| 0 |
602 | ) | - |
603 | return never executed: return -1; -1;never executed: return -1; | 0 |
604 | else if (r == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
605 | break; never executed: break; | 0 |
606 | } never executed: end of block | 0 |
607 | | - |
608 | | - |
609 | (*__errno_location ()) | - |
610 | = | - |
611 | 110 | - |
612 | ; | - |
613 | return never executed: return -1; -1;never executed: return -1; | 0 |
614 | } | - |
615 | | - |
616 | static int | - |
617 | timeout_connect(int sockfd, const struct sockaddr *serv_addr, | - |
618 | socklen_t addrlen, int *timeoutp) | - |
619 | { | - |
620 | int optval = 0; | - |
621 | socklen_t optlen = sizeof(optval); | - |
622 | | - |
623 | | - |
624 | if (*TRUE | never evaluated | FALSE | never evaluated |
timeoutp <= 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
625 | return never executed: return connect(sockfd, serv_addr, addrlen); connect(sockfd, serv_addr, addrlen);never executed: return connect(sockfd, serv_addr, addrlen); | 0 |
626 | | - |
627 | set_nonblock(sockfd); | - |
628 | if (connect(sockfd, serv_addr, addrlen) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
629 | | - |
630 | unset_nonblock(sockfd); | - |
631 | return never executed: return 0; 0;never executed: return 0; | 0 |
632 | } else if ( | - |
633 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
634 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
635 | 115TRUE | never evaluated | FALSE | never evaluated |
| 0 |
636 | ) | - |
637 | return never executed: return -1; -1;never executed: return -1; | 0 |
638 | | - |
639 | if (waitrfd(sockfd, timeoutp) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
640 | return never executed: return -1; -1;never executed: return -1; | 0 |
641 | | - |
642 | | - |
643 | if (getsockopt(sockfd, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
644 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
645 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
646 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
647 | , &optval, &optlen) == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
648 | debug("getsockopt: %s", strerror( | - |
649 | (*__errno_location ()) | - |
650 | )); | - |
651 | return never executed: return -1; -1;never executed: return -1; | 0 |
652 | } | - |
653 | if (optval != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
654 | | - |
655 | (*__errno_location ()) | - |
656 | = optval; | - |
657 | return never executed: return -1; -1;never executed: return -1; | 0 |
658 | } | - |
659 | unset_nonblock(sockfd); | - |
660 | return never executed: return 0; 0;never executed: return 0; | 0 |
661 | } | - |
662 | static int | - |
663 | ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, | - |
664 | struct sockaddr_storage *hostaddr, u_short port, int family, | - |
665 | int connection_attempts, int *timeout_ms, int want_keepalive) | - |
666 | { | - |
667 | int on = 1; | - |
668 | int oerrno, sock = -1, attempt; | - |
669 | char ntop[ | - |
670 | 1025 | - |
671 | ], strport[ | - |
672 | 32 | - |
673 | ]; | - |
674 | struct addrinfo *ai; | - |
675 | | - |
676 | debug2("%s", __func__); | - |
677 | memset(ntop, 0, sizeof(ntop)); | - |
678 | memset(strport, 0, sizeof(strport)); | - |
679 | | - |
680 | for (attempt = 0; attempt < connection_attemptsTRUE | never evaluated | FALSE | never evaluated |
; attempt++) { | 0 |
681 | if (attempt > 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
682 | | - |
683 | sleep(1); | - |
684 | debug("Trying again..."); | - |
685 | } never executed: end of block | 0 |
686 | | - |
687 | | - |
688 | | - |
689 | | - |
690 | for (ai = aitop; aiTRUE | never evaluated | FALSE | never evaluated |
; ai = ai->ai_next) { | 0 |
691 | if (ai->ai_family != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
692 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
693 | && | - |
694 | ai->ai_family != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
695 | 10TRUE | never evaluated | FALSE | never evaluated |
| 0 |
696 | ) { | - |
697 | | - |
698 | (*__errno_location ()) | - |
699 | = | - |
700 | 97 | - |
701 | ; | - |
702 | continue; never executed: continue; | 0 |
703 | } | - |
704 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
705 | ntop, sizeof(ntop), strport, sizeof(strport),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
706 | TRUE | never evaluated | FALSE | never evaluated |
| 0 |
707 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
708 | |TRUE | never evaluated | FALSE | never evaluated |
| 0 |
709 | 2TRUE | never evaluated | FALSE | never evaluated |
| 0 |
710 | ) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
711 | oerrno = | - |
712 | (*__errno_location ()) | - |
713 | ; | - |
714 | error("%s: getnameinfo failed", __func__); | - |
715 | | - |
716 | (*__errno_location ()) | - |
717 | = oerrno; | - |
718 | continue; never executed: continue; | 0 |
719 | } | - |
720 | debug("Connecting to %.200s [%.100s] port %s.", | - |
721 | host, ntop, strport); | - |
722 | | - |
723 | | - |
724 | sock = ssh_create_socket(ai); | - |
725 | if (sock < 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
726 | | - |
727 | | - |
728 | (*__errno_location ()) | - |
729 | = 0; | - |
730 | continue; never executed: continue; | 0 |
731 | } | - |
732 | | - |
733 | if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
734 | timeout_ms) >= 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
735 | | - |
736 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); | - |
737 | break; never executed: break; | 0 |
738 | } else { | - |
739 | oerrno = | - |
740 | (*__errno_location ()) | - |
741 | ; | - |
742 | debug("connect to address %s port %s: %s", | - |
743 | ntop, strport, strerror( | - |
744 | (*__errno_location ()) | - |
745 | )); | - |
746 | close(sock); | - |
747 | sock = -1; | - |
748 | | - |
749 | (*__errno_location ()) | - |
750 | = oerrno; | - |
751 | } never executed: end of block | 0 |
752 | } | - |
753 | if (sock != -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
754 | break; never executed: break; | 0 |
755 | } never executed: end of block | 0 |
756 | | - |
757 | | - |
758 | if (sock == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
759 | error("ssh: connect to host %s port %s: %s", | - |
760 | host, strport, | - |
761 | (*__errno_location ()) | - |
762 | == 0 ? "failure" : strerror( | - |
763 | (*__errno_location ()) | - |
764 | )); | - |
765 | return never executed: return -1; -1;never executed: return -1; | 0 |
766 | } | - |
767 | | - |
768 | debug("Connection established."); | - |
769 | | - |
770 | | - |
771 | if (want_keepaliveTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
772 | setsockopt(sock, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
773 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
774 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
775 | 9TRUE | never evaluated | FALSE | never evaluated |
| 0 |
776 | , (void *)&on,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
777 | sizeof(on)) < 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
778 | error("setsockopt SO_KEEPALIVE: %.100s", strerror( never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
779 | (*__errno_location ()) never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
780 | )); never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) )); | 0 |
781 | | - |
782 | | - |
783 | if (ssh_packet_set_connection(ssh, sock, sock) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
784 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
785 | ) | - |
786 | return never executed: return -1; -1;never executed: return -1; | 0 |
787 | | - |
788 | return never executed: return 0; 0;never executed: return 0; | 0 |
789 | } | - |
790 | | - |
791 | int | - |
792 | ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, | - |
793 | struct sockaddr_storage *hostaddr, u_short port, int family, | - |
794 | int connection_attempts, int *timeout_ms, int want_keepalive) | - |
795 | { | - |
796 | if (options.proxy_command == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
797 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
798 | ) { | - |
799 | return never executed: return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); ssh_connect_direct(ssh, host, addrs, hostaddr, port,never executed: return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); | 0 |
800 | family, connection_attempts, timeout_ms, want_keepalive); never executed: return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); | 0 |
801 | } else if ( | - |
802 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
803 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
804 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
805 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
806 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
807 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
808 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
809 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
810 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
811 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
812 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
813 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
814 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
815 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
816 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
817 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
818 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
819 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
820 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
821 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
822 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
823 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
824 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
825 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
826 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
827 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
828 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
829 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
830 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
831 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
832 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
833 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
834 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
835 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
836 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
837 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
838 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
839 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
840 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
841 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
842 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
843 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
844 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
845 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
846 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
847 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
848 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( options.proxy_command ))[3] - __s2[3]); | 0 |
849 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( options.proxy_command ))[3] - __s2[3]); | 0 |
850 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
851 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
852 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
853 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
854 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
855 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
856 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
857 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
858 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
859 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
860 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
861 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
862 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
863 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
864 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
865 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
866 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
867 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
868 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
869 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
870 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
871 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
872 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
873 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
874 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
875 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
876 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]); | 0 |
877 | "-"TRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]); | 0 |
878 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
879 | options.proxy_commandTRUE | never evaluated | FALSE | never evaluated |
| 0 |
880 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
881 | "-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
882 | )))); }) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
883 | == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
884 | if ((TRUE | never evaluated | FALSE | never evaluated |
ssh_packet_set_connection(ssh,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
885 | TRUE | never evaluated | FALSE | never evaluated |
| 0 |
886 | 0TRUE | never evaluated | FALSE | never evaluated |
| 0 |
887 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
888 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
889 | )) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
890 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
891 | ) | - |
892 | return never executed: return -1; -1;never executed: return -1; | 0 |
893 | return never executed: return 0; 0;never executed: return 0; | 0 |
894 | } else if (options.proxy_use_fdpassTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
895 | return never executed: return ssh_proxy_fdpass_connect(ssh, host, port, options.proxy_command); ssh_proxy_fdpass_connect(ssh, host, port,never executed: return ssh_proxy_fdpass_connect(ssh, host, port, options.proxy_command); | 0 |
896 | options.proxy_command); never executed: return ssh_proxy_fdpass_connect(ssh, host, port, options.proxy_command); | 0 |
897 | } | - |
898 | return never executed: return ssh_proxy_connect(ssh, host, port, options.proxy_command); ssh_proxy_connect(ssh, host, port, options.proxy_command);never executed: return ssh_proxy_connect(ssh, host, port, options.proxy_command); | 0 |
899 | } | - |
900 | | - |
901 | static void | - |
902 | send_client_banner(int connection_out, int minor1) | - |
903 | { | - |
904 | | - |
905 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | - |
906 | 2, 0, "OpenSSH_7.8"); | - |
907 | if (atomicio((ssize_t (*)(int, void *, size_t))write, connection_out, client_version_string,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
908 | strlen(client_version_string)) != strlen(client_version_string)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
909 | fatal("write: %.100s", strerror( never executed: fatal("write: %.100s", strerror( (*__errno_location ()) )); | 0 |
910 | (*__errno_location ()) never executed: fatal("write: %.100s", strerror( (*__errno_location ()) )); | 0 |
911 | )); never executed: fatal("write: %.100s", strerror( (*__errno_location ()) )); | 0 |
912 | chop(client_version_string); | - |
913 | debug("Local version string %.100s", client_version_string); | - |
914 | } never executed: end of block | 0 |
915 | | - |
916 | | - |
917 | | - |
918 | | - |
919 | | - |
920 | void | - |
921 | ssh_exchange_identification(int timeout_ms) | - |
922 | { | - |
923 | char buf[256], remote_version[256]; | - |
924 | int remote_major, remote_minor, mismatch; | - |
925 | int connection_in = ssh_packet_get_connection_in(active_state); | - |
926 | int connection_out = ssh_packet_get_connection_out(active_state); | - |
927 | u_int i, n; | - |
928 | size_t len; | - |
929 | int rc; | - |
930 | | - |
931 | send_client_banner(connection_out, 0); | - |
932 | | - |
933 | | - |
934 | for (n = 0;;) { | - |
935 | for (i = 0; i < sizeof(buf) - 1TRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
936 | if (timeout_ms > 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
937 | rc = waitrfd(connection_in, &timeout_ms); | - |
938 | if (rc == -1TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
939 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
940 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
941 | 110TRUE | never evaluated | FALSE | never evaluated |
| 0 |
942 | ) { | - |
943 | fatal("Connection timed out during " | - |
944 | "banner exchange"); | - |
945 | } never executed: end of block else if (rc == -1TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
946 | fatal("%s: %s", | - |
947 | __func__, strerror( | - |
948 | (*__errno_location ()) | - |
949 | )); | - |
950 | } never executed: end of block | 0 |
951 | } never executed: end of block | 0 |
952 | | - |
953 | len = atomicio(read, connection_in, &buf[i], 1); | - |
954 | if (len != 1TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
955 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
956 | == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
957 | 32TRUE | never evaluated | FALSE | never evaluated |
| 0 |
958 | ) | - |
959 | fatal("ssh_exchange_identification: " never executed: fatal("ssh_exchange_identification: " "Connection closed by remote host"); | 0 |
960 | "Connection closed by remote host"); never executed: fatal("ssh_exchange_identification: " "Connection closed by remote host"); | 0 |
961 | else if (len != 1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
962 | fatal("ssh_exchange_identification: " never executed: fatal("ssh_exchange_identification: " "read: %.100s", strerror( (*__errno_location ()) )); | 0 |
963 | "read: %.100s", strerror( never executed: fatal("ssh_exchange_identification: " "read: %.100s", strerror( (*__errno_location ()) )); | 0 |
964 | (*__errno_location ()) never executed: fatal("ssh_exchange_identification: " "read: %.100s", strerror( (*__errno_location ()) )); | 0 |
965 | )); never executed: fatal("ssh_exchange_identification: " "read: %.100s", strerror( (*__errno_location ()) )); | 0 |
966 | if (buf[i] == '\r'TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
967 | buf[i] = '\n'; | - |
968 | buf[i + 1] = 0; | - |
969 | continue; never executed: continue; | 0 |
970 | } | - |
971 | if (buf[i] == '\n'TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
972 | buf[i + 1] = 0; | - |
973 | break; never executed: break; | 0 |
974 | } | - |
975 | if (++TRUE | never evaluated | FALSE | never evaluated |
n > 65536TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
976 | fatal("ssh_exchange_identification: " never executed: fatal("ssh_exchange_identification: " "No banner received"); | 0 |
977 | "No banner received"); never executed: fatal("ssh_exchange_identification: " "No banner received"); | 0 |
978 | } never executed: end of block | 0 |
979 | buf[sizeof(buf) - 1] = 0; | - |
980 | if ( | - |
981 | (TRUE | never evaluated | FALSE | never evaluated |
__extension__ (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
982 | 4TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
983 | )TRUE | never evaluated | FALSE | never evaluated |
&& ((__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
984 | bufTRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
985 | )TRUE | never evaluated | FALSE | never evaluated |
&& strlen (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
986 | bufTRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
987 | ) < ((size_t) (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
988 | 4TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
989 | ))TRUE | never evaluated | FALSE | never evaluated |
) || (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
990 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
991 | )TRUE | never evaluated | FALSE | never evaluated |
&& strlen (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
992 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
993 | ) < ((size_t) (TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
994 | 4TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
995 | ))TRUE | never evaluated | FALSE | never evaluated |
)) ? __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
996 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
997 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
998 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
999 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1000 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1001 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1002 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1003 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1004 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1005 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1006 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1007 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1008 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1009 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1010 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1011 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1012 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1013 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1014 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1015 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1016 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1017 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1018 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1019 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1020 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1021 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1022 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1023 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1024 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1025 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1026 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1027 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1028 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1029 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1030 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1031 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1032 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1033 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1034 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1035 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1036 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1037 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1038 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1039 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1040 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1041 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]); | 0 |
1042 | bufTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]); | 0 |
1043 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1044 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1045 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1046 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1047 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1048 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1049 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1050 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1051 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1052 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1053 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1054 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1055 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1056 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1057 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1058 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1059 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1060 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1061 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1062 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1063 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1064 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1065 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1066 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1067 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1068 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1069 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( "SSH-" ))[3] - __s2[3]); | 0 |
1070 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( "SSH-" ))[3] - __s2[3]); | 0 |
1071 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1072 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1073 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1074 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1075 | )))); }) : strncmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1076 | bufTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1077 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1078 | "SSH-"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1079 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1080 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1081 | ))) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1082 | == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1083 | break; never executed: break; | 0 |
1084 | debug("ssh_exchange_identification: %s", buf); | - |
1085 | } never executed: end of block | 0 |
1086 | server_version_string = xstrdup(buf); | - |
1087 | | - |
1088 | | - |
1089 | | - |
1090 | | - |
1091 | | - |
1092 | if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1093 | &remote_major, &remote_minor, remote_version) != 3TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1094 | fatal("Bad remote protocol version identification: '%.100s'", buf); never executed: fatal("Bad remote protocol version identification: '%.100s'", buf); | 0 |
1095 | debug("Remote protocol version %d.%d, remote software version %.100s", | - |
1096 | remote_major, remote_minor, remote_version); | - |
1097 | | - |
1098 | active_state->compat = compat_datafellows(remote_version); | - |
1099 | mismatch = 0; | - |
1100 | | - |
1101 | switch (remote_major) { | - |
1102 | case never executed: case 2: 2:never executed: case 2: | 0 |
1103 | break; never executed: break; | 0 |
1104 | case never executed: case 1: 1:never executed: case 1: | 0 |
1105 | if (remote_minor != 99TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1106 | mismatch = 1; never executed: mismatch = 1; | 0 |
1107 | break; never executed: break; | 0 |
1108 | default never executed: default: :never executed: default: | 0 |
1109 | mismatch = 1; | - |
1110 | break; never executed: break; | 0 |
1111 | } | - |
1112 | if (mismatchTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1113 | fatal("Protocol major versions differ: %d vs. %d", never executed: fatal("Protocol major versions differ: %d vs. %d", 2, remote_major); | 0 |
1114 | 2, remote_major); never executed: fatal("Protocol major versions differ: %d vs. %d", 2, remote_major); | 0 |
1115 | if ((TRUE | never evaluated | FALSE | never evaluated |
datafellows & 0x00002000) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1116 | logit("Server version \"%.100s\" uses unsafe RSA signature " never executed: logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); | 0 |
1117 | "scheme; disabling use of RSA keys", remote_version); never executed: logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); | 0 |
1118 | chop(server_version_string); | - |
1119 | } never executed: end of block | 0 |
1120 | | - |
1121 | | - |
1122 | static int | - |
1123 | confirm(const char *prompt) | - |
1124 | { | - |
1125 | const char *msg, *again = "Please type 'yes' or 'no': "; | - |
1126 | char *p; | - |
1127 | int ret = -1; | - |
1128 | | - |
1129 | if (options.batch_modeTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1130 | return never executed: return 0; 0;never executed: return 0; | 0 |
1131 | for (msg = prompt;;msg = again) { | - |
1132 | p = read_passphrase(msg, 0x0001); | - |
1133 | if (p == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1134 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1135 | ) | - |
1136 | return never executed: return 0; 0;never executed: return 0; | 0 |
1137 | p[ | - |
1138 | __builtin_strcspn ( | - |
1139 | p | - |
1140 | , | - |
1141 | "\n" | - |
1142 | ) | - |
1143 | ] = '\0'; | - |
1144 | if (p[0] == '\0'TRUE | never evaluated | FALSE | never evaluated |
|| strcasecmp(p, "no") == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1145 | ret = 0; never executed: ret = 0; | 0 |
1146 | else if (strcasecmp(p, "yes") == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1147 | ret = 1; never executed: ret = 1; | 0 |
1148 | free(p); | - |
1149 | if (ret != -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1150 | return never executed: return ret; ret;never executed: return ret; | 0 |
1151 | } never executed: end of block | 0 |
1152 | } never executed: end of block | 0 |
1153 | | - |
1154 | static int | - |
1155 | check_host_cert(const char *host, const struct sshkey *key) | - |
1156 | { | - |
1157 | const char *reason; | - |
1158 | int r; | - |
1159 | | - |
1160 | if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1161 | error("%s", reason); | - |
1162 | return never executed: return 0; 0;never executed: return 0; | 0 |
1163 | } | - |
1164 | if (sshbuf_len(key->cert->critical) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1165 | error("Certificate for %s contains unsupported " | - |
1166 | "critical options(s)", host); | - |
1167 | return never executed: return 0; 0;never executed: return 0; | 0 |
1168 | } | - |
1169 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_check_cert_sigtype(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1170 | options.ca_sign_algorithms)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1171 | logit("%s: certificate signature algorithm %s: %s", __func__, | - |
1172 | (key->cert == | - |
1173 | ((void *)0) | - |
1174 | || key->cert->signature_type == | - |
1175 | ((void *)0) | - |
1176 | ) ? | - |
1177 | "(null)" : key->cert->signature_type, ssh_err(r)); | - |
1178 | return never executed: return 0; 0;never executed: return 0; | 0 |
1179 | } | - |
1180 | | - |
1181 | return never executed: return 1; 1;never executed: return 1; | 0 |
1182 | } | - |
1183 | | - |
1184 | static int | - |
1185 | sockaddr_is_local(struct sockaddr *hostaddr) | - |
1186 | { | - |
1187 | switch (hostaddr->sa_family) { | - |
1188 | case never executed: case 2 : never executed: case 2 : | 0 |
1189 | 2 never executed: case 2 : | 0 |
1190 | : never executed: case 2 : | 0 |
1191 | return never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; (never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1192 | __bswap_32 ( never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1193 | ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1194 | ) never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1195 | never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1196 | >> 24) == never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1197 | 127 never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1198 | ; never executed: return ( __bswap_32 ( ((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr ) >> 24) == 127 ; | 0 |
1199 | case never executed: case 10 : never executed: case 10 : | 0 |
1200 | 10 never executed: case 10 : | 0 |
1201 | : never executed: case 10 : | 0 |
1202 | return never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1203 | (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1204 | &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1205 | ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1206 | never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1207 | ; never executed: return (__extension__ ({ const struct in6_addr *__a = (const struct in6_addr *) ( &(((struct sockaddr_in6 *)hostaddr)->sin6_addr) ); __a->__in6_u.__u6_addr32[0] == 0 && __a->__in6_u.__u6_addr32[1] == 0 && __a->__in6_u.__u6_addr32[2] == 0 && __a->__in6_u.__u6_addr32[3] == __bswap_32 (1); })) ; | 0 |
1208 | default never executed: default: :never executed: default: | 0 |
1209 | return never executed: return 0; 0;never executed: return 0; | 0 |
1210 | } | - |
1211 | } | - |
1212 | | - |
1213 | | - |
1214 | | - |
1215 | | - |
1216 | | - |
1217 | void | - |
1218 | get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, | - |
1219 | u_short port, char **hostfile_hostname, char **hostfile_ipaddr) | - |
1220 | { | - |
1221 | char ntop[ | - |
1222 | 1025 | - |
1223 | ]; | - |
1224 | socklen_t addrlen; | - |
1225 | | - |
1226 | switch (hostaddr == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1227 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1228 | ? -1 : hostaddr->sa_family) { | - |
1229 | case never executed: case -1: -1:never executed: case -1: | 0 |
1230 | addrlen = 0; | - |
1231 | break; never executed: break; | 0 |
1232 | case never executed: case 2 : never executed: case 2 : | 0 |
1233 | 2 never executed: case 2 : | 0 |
1234 | : never executed: case 2 : | 0 |
1235 | addrlen = sizeof(struct sockaddr_in); | - |
1236 | break; never executed: break; | 0 |
1237 | case never executed: case 10 : never executed: case 10 : | 0 |
1238 | 10 never executed: case 10 : | 0 |
1239 | : never executed: case 10 : | 0 |
1240 | addrlen = sizeof(struct sockaddr_in6); | - |
1241 | break; never executed: break; | 0 |
1242 | default never executed: default: :never executed: default: | 0 |
1243 | addrlen = sizeof(struct sockaddr); | - |
1244 | break; never executed: break; | 0 |
1245 | } | - |
1246 | | - |
1247 | | - |
1248 | | - |
1249 | | - |
1250 | | - |
1251 | if (hostfile_ipaddr != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1252 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1253 | ) { | - |
1254 | if (options.proxy_command == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1255 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1256 | ) { | - |
1257 | if (getnameinfo(hostaddr, addrlen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1258 | ntop, sizeof(ntop), TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1259 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1260 | , 0, TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1261 | 1TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1262 | ) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1263 | fatal("%s: getnameinfo failed", __func__); never executed: fatal("%s: getnameinfo failed", __func__); | 0 |
1264 | *hostfile_ipaddr = put_host_port(ntop, port); | - |
1265 | } never executed: end of block else { | 0 |
1266 | *hostfile_ipaddr = xstrdup("<no hostip for proxy " | - |
1267 | "command>"); | - |
1268 | } never executed: end of block | 0 |
1269 | } | - |
1270 | | - |
1271 | | - |
1272 | | - |
1273 | | - |
1274 | | - |
1275 | | - |
1276 | | - |
1277 | if (hostfile_hostname != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1278 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1279 | ) { | - |
1280 | if (options.host_key_alias != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1281 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1282 | ) { | - |
1283 | *hostfile_hostname = xstrdup(options.host_key_alias); | - |
1284 | debug("using hostkeyalias: %s", *hostfile_hostname); | - |
1285 | } never executed: end of block else { | 0 |
1286 | *hostfile_hostname = put_host_port(hostname, port); | - |
1287 | } never executed: end of block | 0 |
1288 | } | - |
1289 | } never executed: end of block | 0 |
1290 | static int | - |
1291 | check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | - |
1292 | struct sshkey *host_key, int readonly, | - |
1293 | char **user_hostfiles, u_int num_user_hostfiles, | - |
1294 | char **system_hostfiles, u_int num_system_hostfiles) | - |
1295 | { | - |
1296 | HostStatus host_status; | - |
1297 | HostStatus ip_status; | - |
1298 | struct sshkey *raw_key = | - |
1299 | ((void *)0) | - |
1300 | ; | - |
1301 | char *ip = | - |
1302 | ((void *)0) | - |
1303 | , *host = | - |
1304 | ((void *)0) | - |
1305 | ; | - |
1306 | char hostline[1000], *hostp, *fp, *ra; | - |
1307 | char msg[1024]; | - |
1308 | const char *type; | - |
1309 | const struct hostkey_entry *host_found, *ip_found; | - |
1310 | int len, cancelled_forwarding = 0; | - |
1311 | int local = sockaddr_is_local(hostaddr); | - |
1312 | int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; | - |
1313 | int hostkey_trusted = 0; | - |
1314 | struct hostkeys *host_hostkeys, *ip_hostkeys; | - |
1315 | u_int i; | - |
1316 | if (options.no_host_authentication_for_localhost == 1TRUE | never evaluated | FALSE | never evaluated |
&& localTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1317 | options.host_key_alias == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1318 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1319 | ) { | - |
1320 | debug("Forcing accepting of host key for " | - |
1321 | "loopback/localhost."); | - |
1322 | return never executed: return 0; 0;never executed: return 0; | 0 |
1323 | } | - |
1324 | | - |
1325 | | - |
1326 | | - |
1327 | | - |
1328 | | - |
1329 | get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip); | - |
1330 | | - |
1331 | | - |
1332 | | - |
1333 | | - |
1334 | | - |
1335 | if (options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
&& (localTRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
1336 | | - |
1337 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1338 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1339 | ) && __builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1340 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1341 | ) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1342 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1343 | ), __s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1344 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1345 | ), (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1346 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1347 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1348 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1349 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1350 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1351 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1352 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1353 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1354 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1355 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1356 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1357 | ) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1358 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1359 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1360 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1361 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1362 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1363 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1364 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1365 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1366 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1367 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1368 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1369 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1370 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1371 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1372 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1373 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1374 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1375 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1376 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1377 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1378 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1379 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1380 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1381 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1382 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1383 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( hostname ))[3] - __s2[3]); | 0 |
1384 | hostnameTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( hostname ))[3] - __s2[3]); | 0 |
1385 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1386 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1387 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1388 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1389 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1390 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1391 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1392 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1393 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1394 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1395 | ) && ((size_t)(const void *)((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1396 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1397 | ) + 1) - (size_t)(const void *)(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1398 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1399 | ) == 1) ? __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1400 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1401 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1402 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1403 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1404 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1405 | ); int __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1406 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1407 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1408 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1409 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1410 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1411 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( ip ))[3] - __s2[3]); | 0 |
1412 | ipTRUE | never evaluated | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( ip ))[3] - __s2[3]); | 0 |
1413 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1414 | hostnameTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1415 | , TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1416 | ipTRUE | never evaluated | FALSE | never evaluated |
| 0 |
1417 | )))); }) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1418 | == 0TRUE | never evaluated | FALSE | never evaluated |
|| options.proxy_command != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1419 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1420 | )) | - |
1421 | options.check_host_ip = 0; never executed: options.check_host_ip = 0; | 0 |
1422 | | - |
1423 | host_hostkeys = init_hostkeys(); | - |
1424 | for (i = 0; i < num_user_hostfilesTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1425 | load_hostkeys(host_hostkeys, host, user_hostfiles[i]); never executed: load_hostkeys(host_hostkeys, host, user_hostfiles[i]); | 0 |
1426 | for (i = 0; i < num_system_hostfilesTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1427 | load_hostkeys(host_hostkeys, host, system_hostfiles[i]); never executed: load_hostkeys(host_hostkeys, host, system_hostfiles[i]); | 0 |
1428 | | - |
1429 | ip_hostkeys = | - |
1430 | ((void *)0) | - |
1431 | ; | - |
1432 | if (!want_certTRUE | never evaluated | FALSE | never evaluated |
&& options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1433 | ip_hostkeys = init_hostkeys(); | - |
1434 | for (i = 0; i < num_user_hostfilesTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1435 | load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); never executed: load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); | 0 |
1436 | for (i = 0; i < num_system_hostfilesTRUE | never evaluated | FALSE | never evaluated |
; i++) | 0 |
1437 | load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]); never executed: load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]); | 0 |
1438 | } never executed: end of block | 0 |
1439 | | - |
1440 | retry: code before this statement never executed: retry: | 0 |
1441 | | - |
1442 | want_cert = sshkey_is_cert(host_key); | - |
1443 | type = sshkey_type(host_key); | - |
1444 | | - |
1445 | | - |
1446 | | - |
1447 | | - |
1448 | | - |
1449 | host_status = check_key_in_hostkeys(host_hostkeys, host_key, | - |
1450 | &host_found); | - |
1451 | | - |
1452 | | - |
1453 | | - |
1454 | | - |
1455 | | - |
1456 | | - |
1457 | if (!want_certTRUE | never evaluated | FALSE | never evaluated |
&& ip_hostkeys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1458 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1459 | ) { | - |
1460 | ip_status = check_key_in_hostkeys(ip_hostkeys, host_key, | - |
1461 | &ip_found); | - |
1462 | if (host_status == HOST_CHANGEDTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1463 | (ip_status != HOST_CHANGEDTRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
1464 | (ip_found != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1465 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1466 | && | - |
1467 | !sshkey_equal(ip_found->key, host_found->key)TRUE | never evaluated | FALSE | never evaluated |
))) | 0 |
1468 | host_ip_differ = 1; never executed: host_ip_differ = 1; | 0 |
1469 | } never executed: end of block else | 0 |
1470 | ip_status = host_status; never executed: ip_status = host_status; | 0 |
1471 | | - |
1472 | switch (host_status) { | - |
1473 | case never executed: case HOST_OK: HOST_OK:never executed: case HOST_OK: | 0 |
1474 | | - |
1475 | debug("Host '%.200s' is known and matches the %s host %s.", | - |
1476 | host, type, want_cert ? "certificate" : "key"); | - |
1477 | debug("Found %s in %s:%lu", want_cert ? "CA key" : "key", | - |
1478 | host_found->file, host_found->line); | - |
1479 | if (want_certTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1480 | !check_host_cert(options.host_key_alias == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1481 | ((void *)0) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1482 | ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1483 | hostname : options.host_key_alias, host_key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1484 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1485 | if (options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
&& ip_status == HOST_NEWTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1486 | if (readonlyTRUE | never evaluated | FALSE | never evaluated |
|| want_certTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1487 | logit("%s host key for IP address " never executed: logit("%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); | 0 |
1488 | "'%.128s' not in list of known hosts.", never executed: logit("%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); | 0 |
1489 | type, ip); never executed: logit("%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); | 0 |
1490 | else if (!add_host_to_hostfile(user_hostfiles[0], ip,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1491 | host_key, options.hash_known_hosts)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1492 | logit("Failed to add the %s host key for IP " never executed: logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type, ip, user_hostfiles[0]); | 0 |
1493 | "address '%.128s' to the list of known " never executed: logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type, ip, user_hostfiles[0]); | 0 |
1494 | "hosts (%.500s).", type, ip, never executed: logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type, ip, user_hostfiles[0]); | 0 |
1495 | user_hostfiles[0]); never executed: logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type, ip, user_hostfiles[0]); | 0 |
1496 | else | - |
1497 | logit("Warning: Permanently added the %s host " never executed: logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); | 0 |
1498 | "key for IP address '%.128s' to the list " never executed: logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); | 0 |
1499 | "of known hosts.", type, ip); never executed: logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); | 0 |
1500 | } else if (options.visual_host_keyTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1501 | fp = sshkey_fingerprint(host_key, | - |
1502 | options.fingerprint_hash, SSH_FP_DEFAULT); | - |
1503 | ra = sshkey_fingerprint(host_key, | - |
1504 | options.fingerprint_hash, SSH_FP_RANDOMART); | - |
1505 | if (fp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1506 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1507 | || ra == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1508 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1509 | ) | - |
1510 | fatal("%s: sshkey_fingerprint fail", __func__); never executed: fatal("%s: sshkey_fingerprint fail", __func__); | 0 |
1511 | logit("Host key fingerprint is %s\n%s", fp, ra); | - |
1512 | free(ra); | - |
1513 | free(fp); | - |
1514 | } never executed: end of block | 0 |
1515 | hostkey_trusted = 1; | - |
1516 | break; never executed: break; | 0 |
1517 | case never executed: case HOST_NEW: HOST_NEW:never executed: case HOST_NEW: | 0 |
1518 | if (options.host_key_alias == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1519 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1520 | && port != 0TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1521 | port != 22TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1522 | debug("checking without port identifier"); | - |
1523 | if (check_host_key(hostname, hostaddr, 0, host_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1524 | 2, user_hostfiles, num_user_hostfiles,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1525 | system_hostfiles, num_system_hostfiles) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1526 | debug("found matching key w/out port"); | - |
1527 | break; never executed: break; | 0 |
1528 | } | - |
1529 | } never executed: end of block | 0 |
1530 | if (readonlyTRUE | never evaluated | FALSE | never evaluated |
|| want_certTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1531 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1532 | | - |
1533 | if (options.strict_host_key_checking ==TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1534 | 2TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1535 | | - |
1536 | | - |
1537 | | - |
1538 | | - |
1539 | | - |
1540 | error("No %s host key is known for %.200s and you " | - |
1541 | "have requested strict checking.", type, host); | - |
1542 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1543 | } else if (options.strict_host_key_checking ==TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1544 | 3TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1545 | char msg1[1024], msg2[1024]; | - |
1546 | | - |
1547 | if (show_other_keys(host_hostkeys, host_key)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1548 | snprintf(msg1, sizeof(msg1), never executed: snprintf(msg1, sizeof(msg1), "\nbut keys of different type are already" " known for this host."); | 0 |
1549 | "\nbut keys of different type are already" never executed: snprintf(msg1, sizeof(msg1), "\nbut keys of different type are already" " known for this host."); | 0 |
1550 | " known for this host."); never executed: snprintf(msg1, sizeof(msg1), "\nbut keys of different type are already" " known for this host."); | 0 |
1551 | else | - |
1552 | snprintf(msg1, sizeof(msg1), "."); never executed: snprintf(msg1, sizeof(msg1), "."); | 0 |
1553 | | - |
1554 | fp = sshkey_fingerprint(host_key, | - |
1555 | options.fingerprint_hash, SSH_FP_DEFAULT); | - |
1556 | ra = sshkey_fingerprint(host_key, | - |
1557 | options.fingerprint_hash, SSH_FP_RANDOMART); | - |
1558 | if (fp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1559 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1560 | || ra == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1561 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1562 | ) | - |
1563 | fatal("%s: sshkey_fingerprint fail", __func__); never executed: fatal("%s: sshkey_fingerprint fail", __func__); | 0 |
1564 | msg2[0] = '\0'; | - |
1565 | if (options.verify_host_key_dnsTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1566 | if (matching_host_key_dnsTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1567 | snprintf(msg2, sizeof(msg2), never executed: snprintf(msg2, sizeof(msg2), "Matching host key fingerprint" " found in DNS.\n"); | 0 |
1568 | "Matching host key fingerprint" never executed: snprintf(msg2, sizeof(msg2), "Matching host key fingerprint" " found in DNS.\n"); | 0 |
1569 | " found in DNS.\n"); never executed: snprintf(msg2, sizeof(msg2), "Matching host key fingerprint" " found in DNS.\n"); | 0 |
1570 | else | - |
1571 | snprintf(msg2, sizeof(msg2), never executed: snprintf(msg2, sizeof(msg2), "No matching host key fingerprint" " found in DNS.\n"); | 0 |
1572 | "No matching host key fingerprint" never executed: snprintf(msg2, sizeof(msg2), "No matching host key fingerprint" " found in DNS.\n"); | 0 |
1573 | " found in DNS.\n"); never executed: snprintf(msg2, sizeof(msg2), "No matching host key fingerprint" " found in DNS.\n"); | 0 |
1574 | } | - |
1575 | snprintf(msg, sizeof(msg), | - |
1576 | "The authenticity of host '%.200s (%s)' can't be " | - |
1577 | "established%s\n" | - |
1578 | "%s key fingerprint is %s.%s%s\n%s" | - |
1579 | "Are you sure you want to continue connecting " | - |
1580 | "(yes/no)? ", | - |
1581 | host, ip, msg1, type, fp, | - |
1582 | options.visual_host_key ? "\n" : "", | - |
1583 | options.visual_host_key ? ra : "", | - |
1584 | msg2); | - |
1585 | free(ra); | - |
1586 | free(fp); | - |
1587 | if (!confirm(msg)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1588 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1589 | hostkey_trusted = 1; | - |
1590 | } never executed: end of block | 0 |
1591 | | - |
1592 | | - |
1593 | | - |
1594 | | - |
1595 | if (options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
&& ip_status == HOST_NEWTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1596 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | - |
1597 | hostp = hostline; | - |
1598 | if (options.hash_known_hostsTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1599 | | - |
1600 | r = add_host_to_hostfile(user_hostfiles[0],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1601 | host, host_key, options.hash_known_hosts)TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1602 | add_host_to_hostfile(user_hostfiles[0], ip,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1603 | host_key, options.hash_known_hosts)TRUE | never evaluated | FALSE | never evaluated |
; | 0 |
1604 | } never executed: end of block else { | 0 |
1605 | | - |
1606 | r = add_host_to_hostfile(user_hostfiles[0], | - |
1607 | hostline, host_key, | - |
1608 | options.hash_known_hosts); | - |
1609 | } never executed: end of block | 0 |
1610 | } else { | - |
1611 | r = add_host_to_hostfile(user_hostfiles[0], host, | - |
1612 | host_key, options.hash_known_hosts); | - |
1613 | hostp = host; | - |
1614 | } never executed: end of block | 0 |
1615 | | - |
1616 | if (!rTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1617 | logit("Failed to add the host to the list of known " never executed: logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]); | 0 |
1618 | "hosts (%.500s).", user_hostfiles[0]); never executed: logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]); | 0 |
1619 | else | - |
1620 | logit("Warning: Permanently added '%.200s' (%s) to the " never executed: logit("Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); | 0 |
1621 | "list of known hosts.", hostp, type); never executed: logit("Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); | 0 |
1622 | break; never executed: break; | 0 |
1623 | case never executed: case HOST_REVOKED: HOST_REVOKED:never executed: case HOST_REVOKED: | 0 |
1624 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
1625 | error("@ WARNING: REVOKED HOST KEY DETECTED! @"); | - |
1626 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
1627 | error("The %s host key for %s is marked as revoked.", type, host); | - |
1628 | error("This could mean that a stolen key is being used to"); | - |
1629 | error("impersonate this host."); | - |
1630 | | - |
1631 | | - |
1632 | | - |
1633 | | - |
1634 | | - |
1635 | if (options.strict_host_key_checking !=TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1636 | 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1637 | error("%s host key for %.200s was revoked and you have " | - |
1638 | "requested strict checking.", type, host); | - |
1639 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1640 | } | - |
1641 | goto never executed: goto continue_unsafe; continue_unsafe;never executed: goto continue_unsafe; | 0 |
1642 | | - |
1643 | case never executed: case HOST_CHANGED: HOST_CHANGED:never executed: case HOST_CHANGED: | 0 |
1644 | if (want_certTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1645 | | - |
1646 | | - |
1647 | | - |
1648 | | - |
1649 | | - |
1650 | debug("Host certificate authority does not " | - |
1651 | "match %s in %s:%lu", "@cert-authority", | - |
1652 | host_found->file, host_found->line); | - |
1653 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1654 | } | - |
1655 | if (readonlyTRUE | never evaluated | FALSE | never evaluated |
== 2TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1656 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1657 | if (options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
&& host_ip_differTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1658 | char *key_msg; | - |
1659 | if (ip_status == HOST_NEWTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1660 | key_msg = "is unknown"; never executed: key_msg = "is unknown"; | 0 |
1661 | else if (ip_status == HOST_OKTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1662 | key_msg = "is unchanged"; never executed: key_msg = "is unchanged"; | 0 |
1663 | else | - |
1664 | key_msg = "has a different value"; never executed: key_msg = "has a different value"; | 0 |
1665 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
1666 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); | - |
1667 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
1668 | error("The %s host key for %s has changed,", type, host); | - |
1669 | error("and the key for the corresponding IP address %s", ip); | - |
1670 | error("%s. This could either mean that", key_msg); | - |
1671 | error("DNS SPOOFING is happening or the IP address for the host"); | - |
1672 | error("and its host key have changed at the same time."); | - |
1673 | if (ip_status != HOST_NEWTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1674 | error("Offending key for IP in %s:%lu", never executed: error("Offending key for IP in %s:%lu", ip_found->file, ip_found->line); | 0 |
1675 | ip_found->file, ip_found->line); never executed: error("Offending key for IP in %s:%lu", ip_found->file, ip_found->line); | 0 |
1676 | } never executed: end of block | 0 |
1677 | | - |
1678 | warn_changed_key(host_key); | - |
1679 | error("Add correct host key in %.100s to get rid of this message.", | - |
1680 | user_hostfiles[0]); | - |
1681 | error("Offending %s key in %s:%lu", | - |
1682 | sshkey_type(host_found->key), | - |
1683 | host_found->file, host_found->line); | - |
1684 | | - |
1685 | | - |
1686 | | - |
1687 | | - |
1688 | | - |
1689 | if (options.strict_host_key_checking !=TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1690 | 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1691 | error("%s host key for %.200s has changed and you have " | - |
1692 | "requested strict checking.", type, host); | - |
1693 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1694 | } | - |
1695 | | - |
1696 | continue_unsafe: code before this statement never executed: continue_unsafe: | 0 |
1697 | | - |
1698 | | - |
1699 | | - |
1700 | | - |
1701 | | - |
1702 | if (options.password_authenticationTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1703 | error("Password authentication is disabled to avoid " | - |
1704 | "man-in-the-middle attacks."); | - |
1705 | options.password_authentication = 0; | - |
1706 | cancelled_forwarding = 1; | - |
1707 | } never executed: end of block | 0 |
1708 | if (options.kbd_interactive_authenticationTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1709 | error("Keyboard-interactive authentication is disabled" | - |
1710 | " to avoid man-in-the-middle attacks."); | - |
1711 | options.kbd_interactive_authentication = 0; | - |
1712 | options.challenge_response_authentication = 0; | - |
1713 | cancelled_forwarding = 1; | - |
1714 | } never executed: end of block | 0 |
1715 | if (options.challenge_response_authenticationTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1716 | error("Challenge/response authentication is disabled" | - |
1717 | " to avoid man-in-the-middle attacks."); | - |
1718 | options.challenge_response_authentication = 0; | - |
1719 | cancelled_forwarding = 1; | - |
1720 | } never executed: end of block | 0 |
1721 | if (options.forward_agentTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1722 | error("Agent forwarding is disabled to avoid " | - |
1723 | "man-in-the-middle attacks."); | - |
1724 | options.forward_agent = 0; | - |
1725 | cancelled_forwarding = 1; | - |
1726 | } never executed: end of block | 0 |
1727 | if (options.forward_x11TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1728 | error("X11 forwarding is disabled to avoid " | - |
1729 | "man-in-the-middle attacks."); | - |
1730 | options.forward_x11 = 0; | - |
1731 | cancelled_forwarding = 1; | - |
1732 | } never executed: end of block | 0 |
1733 | if (options.num_local_forwards > 0TRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
1734 | options.num_remote_forwards > 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1735 | error("Port forwarding is disabled to avoid " | - |
1736 | "man-in-the-middle attacks."); | - |
1737 | options.num_local_forwards = | - |
1738 | options.num_remote_forwards = 0; | - |
1739 | cancelled_forwarding = 1; | - |
1740 | } never executed: end of block | 0 |
1741 | if (options.tun_open != 0x00TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1742 | error("Tunnel forwarding is disabled to avoid " | - |
1743 | "man-in-the-middle attacks."); | - |
1744 | options.tun_open = 0x00; | - |
1745 | cancelled_forwarding = 1; | - |
1746 | } never executed: end of block | 0 |
1747 | if (options.exit_on_forward_failureTRUE | never evaluated | FALSE | never evaluated |
&& cancelled_forwardingTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1748 | fatal("Error: forwarding disabled due to host key " never executed: fatal("Error: forwarding disabled due to host key " "check failure"); | 0 |
1749 | "check failure"); never executed: fatal("Error: forwarding disabled due to host key " "check failure"); | 0 |
1750 | break; never executed: break; | 0 |
1751 | case never executed: case HOST_FOUND: HOST_FOUND:never executed: case HOST_FOUND: | 0 |
1752 | fatal("internal error"); | - |
1753 | break; never executed: break; | 0 |
1754 | } | - |
1755 | | - |
1756 | if (options.check_host_ipTRUE | never evaluated | FALSE | never evaluated |
&& host_status != HOST_CHANGEDTRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1757 | ip_status == HOST_CHANGEDTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1758 | snprintf(msg, sizeof(msg), | - |
1759 | "Warning: the %s host key for '%.200s' " | - |
1760 | "differs from the key for the IP address '%.128s'" | - |
1761 | "\nOffending key for IP in %s:%lu", | - |
1762 | type, host, ip, ip_found->file, ip_found->line); | - |
1763 | if (host_status == HOST_OKTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1764 | len = strlen(msg); | - |
1765 | snprintf(msg + len, sizeof(msg) - len, | - |
1766 | "\nMatching host key in %s:%lu", | - |
1767 | host_found->file, host_found->line); | - |
1768 | } never executed: end of block | 0 |
1769 | if (options.strict_host_key_checking ==TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1770 | 3TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1771 | strlcat(msg, "\nAre you sure you want " | - |
1772 | "to continue connecting (yes/no)? ", sizeof(msg)); | - |
1773 | if (!confirm(msg)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1774 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1775 | } never executed: end of block else if (options.strict_host_key_checking !=TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1776 | 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1777 | logit("%s", msg); | - |
1778 | error("Exiting, you have requested strict checking."); | - |
1779 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
1780 | } else { | - |
1781 | logit("%s", msg); | - |
1782 | } never executed: end of block | 0 |
1783 | } | - |
1784 | | - |
1785 | if (!hostkey_trustedTRUE | never evaluated | FALSE | never evaluated |
&& options.update_hostkeysTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1786 | debug("%s: hostkey not known or explicitly trusted: " | - |
1787 | "disabling UpdateHostkeys", __func__); | - |
1788 | options.update_hostkeys = 0; | - |
1789 | } never executed: end of block | 0 |
1790 | | - |
1791 | free(ip); | - |
1792 | free(host); | - |
1793 | if (host_hostkeys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1794 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1795 | ) | - |
1796 | free_hostkeys(host_hostkeys); never executed: free_hostkeys(host_hostkeys); | 0 |
1797 | if (ip_hostkeys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1798 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1799 | ) | - |
1800 | free_hostkeys(ip_hostkeys); never executed: free_hostkeys(ip_hostkeys); | 0 |
1801 | return never executed: return 0; 0;never executed: return 0; | 0 |
1802 | | - |
1803 | fail: | - |
1804 | if (want_certTRUE | never evaluated | FALSE | never evaluated |
&& host_status != HOST_REVOKEDTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1805 | | - |
1806 | | - |
1807 | | - |
1808 | | - |
1809 | debug("No matching CA found. Retry with plain key"); | - |
1810 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_from_private(host_key, &raw_key)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1811 | fatal("%s: sshkey_from_private: %s", never executed: fatal("%s: sshkey_from_private: %s", __func__, ssh_err(r)); | 0 |
1812 | __func__, ssh_err(r)); never executed: fatal("%s: sshkey_from_private: %s", __func__, ssh_err(r)); | 0 |
1813 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_drop_cert(raw_key)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1814 | fatal("Couldn't drop certificate: %s", ssh_err(r)); never executed: fatal("Couldn't drop certificate: %s", ssh_err(r)); | 0 |
1815 | host_key = raw_key; | - |
1816 | goto never executed: goto retry; retry;never executed: goto retry; | 0 |
1817 | } | - |
1818 | sshkey_free(raw_key); | - |
1819 | free(ip); | - |
1820 | free(host); | - |
1821 | if (host_hostkeys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1822 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1823 | ) | - |
1824 | free_hostkeys(host_hostkeys); never executed: free_hostkeys(host_hostkeys); | 0 |
1825 | if (ip_hostkeys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1826 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1827 | ) | - |
1828 | free_hostkeys(ip_hostkeys); never executed: free_hostkeys(ip_hostkeys); | 0 |
1829 | return never executed: return -1; -1;never executed: return -1; | 0 |
1830 | } | - |
1831 | | - |
1832 | | - |
1833 | int | - |
1834 | verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) | - |
1835 | { | - |
1836 | u_int i; | - |
1837 | int r = -1, flags = 0; | - |
1838 | char valid[64], *fp = | - |
1839 | ((void *)0) | - |
1840 | , *cafp = | - |
1841 | ((void *)0) | - |
1842 | ; | - |
1843 | struct sshkey *plain = | - |
1844 | ((void *)0) | - |
1845 | ; | - |
1846 | | - |
1847 | if ((TRUE | never evaluated | FALSE | never evaluated |
fp = sshkey_fingerprint(host_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1848 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1849 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1850 | ) { | - |
1851 | error("%s: fingerprint host key: %s", __func__, ssh_err(r)); | - |
1852 | r = -1; | - |
1853 | goto never executed: goto out; out;never executed: goto out; | 0 |
1854 | } | - |
1855 | | - |
1856 | if (sshkey_is_cert(host_key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1857 | if ((TRUE | never evaluated | FALSE | never evaluated |
cafp = sshkey_fingerprint(host_key->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1858 | options.fingerprint_hash, SSH_FP_DEFAULT)) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1859 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1860 | ) { | - |
1861 | error("%s: fingerprint CA key: %s", | - |
1862 | __func__, ssh_err(r)); | - |
1863 | r = -1; | - |
1864 | goto never executed: goto out; out;never executed: goto out; | 0 |
1865 | } | - |
1866 | sshkey_format_cert_validity(host_key->cert, | - |
1867 | valid, sizeof(valid)); | - |
1868 | debug("Server host certificate: %s %s, serial %llu " | - |
1869 | "ID \"%s\" CA %s %s valid %s", | - |
1870 | sshkey_ssh_name(host_key), fp, | - |
1871 | (unsigned long long)host_key->cert->serial, | - |
1872 | host_key->cert->key_id, | - |
1873 | sshkey_ssh_name(host_key->cert->signature_key), cafp, | - |
1874 | valid); | - |
1875 | for (i = 0; i < host_key->cert->nprincipalsTRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
1876 | debug2("Server host certificate hostname: %s", | - |
1877 | host_key->cert->principals[i]); | - |
1878 | } never executed: end of block | 0 |
1879 | } never executed: end of block else { | 0 |
1880 | debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp); | - |
1881 | } never executed: end of block | 0 |
1882 | | - |
1883 | if (sshkey_equal(previous_host_key, host_key)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1884 | debug2("%s: server host key %s %s matches cached key", | - |
1885 | __func__, sshkey_type(host_key), fp); | - |
1886 | r = 0; | - |
1887 | goto never executed: goto out; out;never executed: goto out; | 0 |
1888 | } | - |
1889 | | - |
1890 | | - |
1891 | if (options.revoked_host_keys != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1892 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1893 | ) { | - |
1894 | r = sshkey_check_revoked(host_key, options.revoked_host_keys); | - |
1895 | switch (r) { | - |
1896 | case never executed: case 0: 0:never executed: case 0: | 0 |
1897 | break; never executed: break; | 0 |
1898 | case never executed: case -51: -51:never executed: case -51: | 0 |
1899 | error("Host key %s %s revoked by file %s", | - |
1900 | sshkey_type(host_key), fp, | - |
1901 | options.revoked_host_keys); | - |
1902 | r = -1; | - |
1903 | goto never executed: goto out; out;never executed: goto out; | 0 |
1904 | default never executed: default: :never executed: default: | 0 |
1905 | error("Error checking host key %s %s in " | - |
1906 | "revoked keys file %s: %s", sshkey_type(host_key), | - |
1907 | fp, options.revoked_host_keys, ssh_err(r)); | - |
1908 | r = -1; | - |
1909 | goto never executed: goto out; out;never executed: goto out; | 0 |
1910 | } | - |
1911 | } | - |
1912 | | - |
1913 | if (options.verify_host_key_dnsTRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1914 | | - |
1915 | | - |
1916 | | - |
1917 | | - |
1918 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = sshkey_from_private(host_key, &plain)) != 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1919 | goto never executed: goto out; out;never executed: goto out; | 0 |
1920 | if (sshkey_is_cert(plain)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
1921 | sshkey_drop_cert(plain); never executed: sshkey_drop_cert(plain); | 0 |
1922 | if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1923 | if (flags & 0x00000001TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1924 | if (options.verify_host_key_dns == 1TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1925 | flags & 0x00000002TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
1926 | flags & 0x00000004TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1927 | r = 0; | - |
1928 | goto never executed: goto out; out;never executed: goto out; | 0 |
1929 | } | - |
1930 | if (flags & 0x00000002TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1931 | matching_host_key_dns = 1; | - |
1932 | } never executed: end of block else { | 0 |
1933 | warn_changed_key(plain); | - |
1934 | error("Update the SSHFP RR in DNS " | - |
1935 | "with the new host key to get rid " | - |
1936 | "of this message."); | - |
1937 | } never executed: end of block | 0 |
1938 | } | - |
1939 | } never executed: end of block | 0 |
1940 | } never executed: end of block | 0 |
1941 | r = check_host_key(host, hostaddr, options.port, host_key, 0, | - |
1942 | options.user_hostfiles, options.num_user_hostfiles, | - |
1943 | options.system_hostfiles, options.num_system_hostfiles); | - |
1944 | | - |
1945 | out: code before this statement never executed: out: | 0 |
1946 | sshkey_free(plain); | - |
1947 | free(fp); | - |
1948 | free(cafp); | - |
1949 | if (r == 0TRUE | never evaluated | FALSE | never evaluated |
&& host_key != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1950 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1951 | ) { | - |
1952 | sshkey_free(previous_host_key); | - |
1953 | r = sshkey_from_private(host_key, &previous_host_key); | - |
1954 | } never executed: end of block | 0 |
1955 | | - |
1956 | return never executed: return r; r;never executed: return r; | 0 |
1957 | } | - |
1958 | void | - |
1959 | ssh_login(Sensitive *sensitive, const char *orighost, | - |
1960 | struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) | - |
1961 | { | - |
1962 | char *host; | - |
1963 | char *server_user, *local_user; | - |
1964 | | - |
1965 | local_user = xstrdup(pw->pw_name); | - |
1966 | server_user = options.userTRUE | never evaluated | FALSE | never evaluated |
? options.user : local_user; | 0 |
1967 | | - |
1968 | | - |
1969 | host = xstrdup(orighost); | - |
1970 | lowercase(host); | - |
1971 | | - |
1972 | | - |
1973 | ssh_exchange_identification(timeout_ms); | - |
1974 | | - |
1975 | | - |
1976 | ssh_packet_set_nonblocking(active_state); | - |
1977 | | - |
1978 | | - |
1979 | | - |
1980 | debug("Authenticating to %s:%d as '%s'", host, port, server_user); | - |
1981 | ssh_kex2(host, hostaddr, port); | - |
1982 | ssh_userauth2(local_user, server_user, host, sensitive); | - |
1983 | free(local_user); | - |
1984 | } never executed: end of block | 0 |
1985 | | - |
1986 | void | - |
1987 | ssh_put_password(char *password) | - |
1988 | { | - |
1989 | int size; | - |
1990 | char *padded; | - |
1991 | | - |
1992 | if (datafellows & 0x00000400TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
1993 | ssh_packet_put_cstring(active_state, (password)); | - |
1994 | return; never executed: return; | 0 |
1995 | } | - |
1996 | size = ((((strlen(password) + 1)+((32)-1))/(32))*(32)); | - |
1997 | padded = xcalloc(1, size); | - |
1998 | strlcpy(padded, password, size); | - |
1999 | ssh_packet_put_string(active_state, (padded), (size)); | - |
2000 | explicit_bzero(padded, size); | - |
2001 | free(padded); | - |
2002 | } never executed: end of block | 0 |
2003 | | - |
2004 | | - |
2005 | static int | - |
2006 | show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) | - |
2007 | { | - |
2008 | int type[] = { | - |
2009 | KEY_RSA, | - |
2010 | KEY_DSA, | - |
2011 | KEY_ECDSA, | - |
2012 | KEY_ED25519, | - |
2013 | KEY_XMSS, | - |
2014 | -1 | - |
2015 | }; | - |
2016 | int i, ret = 0; | - |
2017 | char *fp, *ra; | - |
2018 | const struct hostkey_entry *found; | - |
2019 | | - |
2020 | for (i = 0; type[i] != -1TRUE | never evaluated | FALSE | never evaluated |
; i++) { | 0 |
2021 | if (type[i] == key->typeTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2022 | continue; never executed: continue; | 0 |
2023 | if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2024 | continue; never executed: continue; | 0 |
2025 | fp = sshkey_fingerprint(found->key, | - |
2026 | options.fingerprint_hash, SSH_FP_DEFAULT); | - |
2027 | ra = sshkey_fingerprint(found->key, | - |
2028 | options.fingerprint_hash, SSH_FP_RANDOMART); | - |
2029 | if (fp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2030 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2031 | || ra == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2032 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2033 | ) | - |
2034 | fatal("%s: sshkey_fingerprint fail", __func__); never executed: fatal("%s: sshkey_fingerprint fail", __func__); | 0 |
2035 | logit("WARNING: %s key found for host %s\n" | - |
2036 | "in %s:%lu\n" | - |
2037 | "%s key fingerprint %s.", | - |
2038 | sshkey_type(found->key), | - |
2039 | found->host, found->file, found->line, | - |
2040 | sshkey_type(found->key), fp); | - |
2041 | if (options.visual_host_keyTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2042 | logit("%s", ra); never executed: logit("%s", ra); | 0 |
2043 | free(ra); | - |
2044 | free(fp); | - |
2045 | ret = 1; | - |
2046 | } never executed: end of block | 0 |
2047 | return never executed: return ret; ret;never executed: return ret; | 0 |
2048 | } | - |
2049 | | - |
2050 | static void | - |
2051 | warn_changed_key(struct sshkey *host_key) | - |
2052 | { | - |
2053 | char *fp; | - |
2054 | | - |
2055 | fp = sshkey_fingerprint(host_key, options.fingerprint_hash, | - |
2056 | SSH_FP_DEFAULT); | - |
2057 | if (fp == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2058 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2059 | ) | - |
2060 | fatal("%s: sshkey_fingerprint fail", __func__); never executed: fatal("%s: sshkey_fingerprint fail", __func__); | 0 |
2061 | | - |
2062 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
2063 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | - |
2064 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | - |
2065 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); | - |
2066 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | - |
2067 | error("It is also possible that a host key has just been changed."); | - |
2068 | error("The fingerprint for the %s key sent by the remote host is\n%s.", | - |
2069 | sshkey_type(host_key), fp); | - |
2070 | error("Please contact your system administrator."); | - |
2071 | | - |
2072 | free(fp); | - |
2073 | } never executed: end of block | 0 |
2074 | | - |
2075 | | - |
2076 | | - |
2077 | | - |
2078 | int | - |
2079 | ssh_local_cmd(const char *args) | - |
2080 | { | - |
2081 | char *shell; | - |
2082 | pid_t pid; | - |
2083 | int status; | - |
2084 | void (*osighand)(int); | - |
2085 | | - |
2086 | if (!options.permit_local_commandTRUE | never evaluated | FALSE | never evaluated |
|| | 0 |
2087 | args == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2088 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2089 | || !*argsTRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2090 | return never executed: return (1); (1);never executed: return (1); | 0 |
2091 | | - |
2092 | if ((TRUE | never evaluated | FALSE | never evaluated |
shell = getenv("SHELL")) == TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2093 | ((void *)0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2094 | || *TRUE | never evaluated | FALSE | never evaluated |
shell == '\0'TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2095 | shell = never executed: shell = "/bin/sh" ; | 0 |
2096 | "/bin/sh" never executed: shell = "/bin/sh" ; | 0 |
2097 | ; never executed: shell = "/bin/sh" ; | 0 |
2098 | | - |
2099 | osighand = mysignal( | - |
2100 | 17 | - |
2101 | , | - |
2102 | ((__sighandler_t) 0) | - |
2103 | ); | - |
2104 | pid = fork(); | - |
2105 | if (pid == 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2106 | mysignal( | - |
2107 | 13 | - |
2108 | , | - |
2109 | ((__sighandler_t) 0) | - |
2110 | ); | - |
2111 | debug3("Executing %s -c \"%s\"", shell, args); | - |
2112 | execl(shell, shell, "-c", args, (char *) | - |
2113 | ((void *)0) | - |
2114 | ); | - |
2115 | error("Couldn't execute %s -c \"%s\": %s", | - |
2116 | shell, args, strerror( | - |
2117 | (*__errno_location ()) | - |
2118 | )); | - |
2119 | _exit(1); | - |
2120 | } never executed: end of block else if (pid == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2121 | fatal("fork failed: %.100s", strerror( never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
2122 | (*__errno_location ()) never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
2123 | )); never executed: fatal("fork failed: %.100s", strerror( (*__errno_location ()) )); | 0 |
2124 | while (waitpid(pid, &status, 0) == -1TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2125 | if ( | - |
2126 | (*TRUE | never evaluated | FALSE | never evaluated |
__errno_location ()) TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2127 | != TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2128 | 4TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2129 | ) | - |
2130 | fatal("Couldn't wait for child: %s", strerror( never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
2131 | (*__errno_location ()) never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
2132 | )); never executed: fatal("Couldn't wait for child: %s", strerror( (*__errno_location ()) )); | 0 |
2133 | mysignal( | - |
2134 | 17 | - |
2135 | ,osighand); | - |
2136 | | - |
2137 | if (!TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2138 | (((TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2139 | statusTRUE | never evaluated | FALSE | never evaluated |
| 0 |
2140 | ) & 0x7f) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2141 | ) | - |
2142 | return never executed: return (1); (1);never executed: return (1); | 0 |
2143 | | - |
2144 | return never executed: return ( ((( status ) & 0xff00) >> 8) ); (never executed: return ( ((( status ) & 0xff00) >> 8) ); | 0 |
2145 | ((( never executed: return ( ((( status ) & 0xff00) >> 8) ); | 0 |
2146 | status never executed: return ( ((( status ) & 0xff00) >> 8) ); | 0 |
2147 | ) & 0xff00) >> 8) never executed: return ( ((( status ) & 0xff00) >> 8) ); | 0 |
2148 | ); never executed: return ( ((( status ) & 0xff00) >> 8) ); | 0 |
2149 | } | - |
2150 | | - |
2151 | void | - |
2152 | maybe_add_key_to_agent(char *authfile, const struct sshkey *private, | - |
2153 | char *comment, char *passphrase) | - |
2154 | { | - |
2155 | int auth_sock = -1, r; | - |
2156 | | - |
2157 | if (options.add_keys_to_agent == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2158 | return; never executed: return; | 0 |
2159 | | - |
2160 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = ssh_get_authentication_socket(&auth_sock)) != 0TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2161 | debug3("no authentication agent, not adding key"); | - |
2162 | return; never executed: return; | 0 |
2163 | } | - |
2164 | | - |
2165 | if (options.add_keys_to_agent == 2TRUE | never evaluated | FALSE | never evaluated |
&& | 0 |
2166 | !ask_permission("Add key %s (%s) to agent?", authfile, comment)TRUE | never evaluated | FALSE | never evaluated |
) { | 0 |
2167 | debug3("user denied adding this key"); | - |
2168 | close(auth_sock); | - |
2169 | return; never executed: return; | 0 |
2170 | } | - |
2171 | | - |
2172 | if ((TRUE | never evaluated | FALSE | never evaluated |
r = ssh_add_identity_constrained(auth_sock, private, comment, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
2173 | (options.add_keys_to_agent == 3), 0)) == 0TRUE | never evaluated | FALSE | never evaluated |
) | 0 |
2174 | debug("identity added to agent: %s", authfile); never executed: debug("identity added to agent: %s", authfile); | 0 |
2175 | else | - |
2176 | debug("could not add identity to agent: %s (%d)", authfile, r); never executed: debug("could not add identity to agent: %s (%d)", authfile, r); | 0 |
2177 | close(auth_sock); | - |
2178 | } never executed: end of block | 0 |
| | |