OpenCoverage

ssh-add.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssh/src/ssh-add.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: ssh-add.c,v 1.136 2018/09/19 02:03:02 djm Exp $ */ -

2 /* -

3 * Author: Tatu Ylonen <ylo@cs.hut.fi> -

6 * Adds an identity to the authentication server, or removes an identity. -

7 * -

8 * As far as I am concerned, the code I have written for this software -

9 * can be used freely for any purpose. Any derived versions of this -

10 * software must be clearly marked as such, and if the derived work is -

11 * incompatible with the protocol description in the RFC file, it must be -

12 * called by a name other than "ssh" or "Secure Shell". -

13 * -

14 * SSH2 implementation, -

16 * -

17 * Redistribution and use in source and binary forms, with or without -

18 * modification, are permitted provided that the following conditions -

19 * are met: -

20 * 1. Redistributions of source code must retain the above copyright -

21 * notice, this list of conditions and the following disclaimer. -

22 * 2. Redistributions in binary form must reproduce the above copyright -

23 * notice, this list of conditions and the following disclaimer in the -

24 * documentation and/or other materials provided with the distribution. -

25 * -

26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -

27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -

28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -

29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -

30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -

32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -

33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -

34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -

35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

36 */ -

37 -

38 #include "includes.h" -

39 -

40 #include <sys/types.h> -

41 #include <sys/stat.h> -

42 -

43 #include <openssl/evp.h> -

44 #include "openbsd-compat/openssl-compat.h" -

45 -

46 #include <errno.h> -

47 #include <fcntl.h> -

48 #include <pwd.h> -

49 #include <stdarg.h> -

50 #include <stdio.h> -

51 #include <stdlib.h> -

52 #include <string.h> -

53 #include <unistd.h> -

54 #include <limits.h> -

55 -

56 #include "xmalloc.h" -

57 #include "ssh.h" -

58 #include "log.h" -

59 #include "sshkey.h" -

60 #include "sshbuf.h" -

61 #include "authfd.h" -

62 #include "authfile.h" -

63 #include "pathnames.h" -

64 #include "misc.h" -

65 #include "ssherr.h" -

66 #include "digest.h" -

67 -

68 /* argv0 */ -

69 extern char *__progname; -

70 -

71 /* Default files to add */ -

72 static char *default_files[] = { -

73 #ifdef WITH_OPENSSL -

74 _PATH_SSH_CLIENT_ID_RSA, -

75 _PATH_SSH_CLIENT_ID_DSA, -

76 #ifdef OPENSSL_HAS_ECC -

77 _PATH_SSH_CLIENT_ID_ECDSA, -

78 #endif -

79 #endif /* WITH_OPENSSL */ -

80 _PATH_SSH_CLIENT_ID_ED25519, -

81 _PATH_SSH_CLIENT_ID_XMSS, -

82 NULL -

83 }; -

84 -

85 static int fingerprint_hash = SSH_FP_HASH_DEFAULT; -

86 -

87 /* Default lifetime (0 == forever) */ -

88 static int lifetime = 0; -

89 -

90 /* User has to confirm key use */ -

91 static int confirm = 0; -

92 -

93 /* Maximum number of signatures (XMSS) */ -

94 static u_int maxsign = 0; -

95 static u_int minleft = 0; -

96 -

97 /* we keep a cache of one passphrase */ -

98 static char *pass = NULL; -

99 static void -

100 clear_pass(void) -

101 { -

102

if (pass) {

pass	Description
TRUE	never evaluated
FALSE	never evaluated

103 explicit_bzero(pass, strlen(pass)); -

104 free(pass); -

105 pass = NULL; -

106

}

never executed: end of block

107

}

never executed: end of block

108 -

109 static int -

110 delete_file(int agent_fd, const char *filename, int key_only, int qflag) -

111 { -

112 struct sshkey *public, *cert = NULL; -

113 char *certpath = NULL, *comment = NULL; -

114 int r, ret = -1; -

115 -

116

if ((r = sshkey_load_public(filename, &public, &comment)) != 0) {

(r = sshkey_lo...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

117 printf("Bad key file %s: %s\n", filename, ssh_err(r)); -

118

return -1;

never executed: return -1;

119 } -

120

if ((r = ssh_remove_identity(agent_fd, public)) == 0) {

(r = ssh_remov... public)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

121

if (!qflag) {

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

122 fprintf(stderr, "Identity removed: %s (%s)\n", -

123 filename, comment); -

124

}

never executed: end of block

125 ret = 0; -

126

} else

never executed: end of block

127

fprintf(stderr, "Could not remove identity \"%s\": %s\n",

never executed: fprintf( stderr , "Could not remove identity \"%s\": %s\n", filename, ssh_err(r));

128

filename, ssh_err(r));

never executed: fprintf( stderr , "Could not remove identity \"%s\": %s\n", filename, ssh_err(r));

129 -

130

if (key_only)

key_only	Description
TRUE	never evaluated
FALSE	never evaluated

131

goto out;

never executed: goto out;

132 -

133 /* Now try to delete the corresponding certificate too */ -

134 free(comment); -

135 comment = NULL; -

136 xasprintf(&certpath, "%s-cert.pub", filename); -

137

if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {

(r = sshkey_lo...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

138

if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)

r != -24	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) != 2	Description
TRUE	never evaluated
FALSE	never evaluated

139

error("Failed to load certificate \"%s\": %s",

never executed: error("Failed to load certificate \"%s\": %s", certpath, ssh_err(r));

140

certpath, ssh_err(r));

never executed: error("Failed to load certificate \"%s\": %s", certpath, ssh_err(r));

141

goto out;

never executed: goto out;

142 } -

143 -

144

if (!sshkey_equal_public(cert, public))

!sshkey_equal_...(cert, public)	Description
TRUE	never evaluated
FALSE	never evaluated

145

fatal("Certificate %s does not match private key %s",

never executed: fatal("Certificate %s does not match private key %s", certpath, filename);

146

certpath, filename);

never executed: fatal("Certificate %s does not match private key %s", certpath, filename);

147 -

148

if ((r = ssh_remove_identity(agent_fd, cert)) == 0) {

(r = ssh_remov...d, cert)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

149

if (!qflag) {

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

150 fprintf(stderr, "Identity removed: %s (%s)\n", -

151 certpath, comment); -

152

}

never executed: end of block

153 ret = 0; -

154

} else

never executed: end of block

155

fprintf(stderr, "Could not remove identity \"%s\": %s\n",

never executed: fprintf( stderr , "Could not remove identity \"%s\": %s\n", certpath, ssh_err(r));

156

certpath, ssh_err(r));

never executed: fprintf( stderr , "Could not remove identity \"%s\": %s\n", certpath, ssh_err(r));

157 -

158

out:

code before this statement never executed: out:

159 sshkey_free(cert); -

160 sshkey_free(public); -

161 free(certpath); -

162 free(comment); -

163 -

164

return ret;

never executed: return ret;

165 } -

166 -

167 /* Send a request to remove all identities. */ -

168 static int -

169 delete_all(int agent_fd, int qflag) -

170 { -

171 int ret = -1; -

172 -

173 /* -

174 * Since the agent might be forwarded, old or non-OpenSSH, when asked -

175 * to remove all keys, attempt to remove both protocol v.1 and v.2 -

176 * keys. -

177 */ -

178

if (ssh_remove_all_identities(agent_fd, 2) == 0)

ssh_remove_all...nt_fd, 2) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

179

ret = 0;

never executed: ret = 0;

180 /* ignore error-code for ssh1 */ -

181 ssh_remove_all_identities(agent_fd, 1); -

182 -

183

if (ret != 0)

ret != 0	Description
TRUE	never evaluated
FALSE	never evaluated

184

fprintf(stderr, "Failed to remove all identities.\n");

never executed: fprintf( stderr , "Failed to remove all identities.\n");

185

else if (!qflag)

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

186

fprintf(stderr, "All identities removed.\n");

never executed: fprintf( stderr , "All identities removed.\n");

187 -

188

return ret;

never executed: return ret;

189 } -

190 -

191 static int -

192 add_file(int agent_fd, const char *filename, int key_only, int qflag) -

193 { -

194 struct sshkey *private, *cert; -

195 char *comment = NULL; -

196 char msg[1024], *certpath = NULL; -

197 int r, fd, ret = -1; -

198 size_t i; -

199 u_int32_t left; -

200 struct sshbuf *keyblob; -

201 struct ssh_identitylist *idlist; -

202 -

203

if (strcmp(filename, "-") == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( filename ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

204 fd = STDIN_FILENO; -

205 filename = "(stdin)"; -

206

} else if ((fd = open(filename, O_RDONLY)) < 0) {

never executed: end of block

(fd = open(filename, 00 )) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

207 perror(filename); -

208

return -1;

never executed: return -1;

209 } -

210 -

211 /* -

212 * Since we'll try to load a keyfile multiple times, permission errors -

213 * will occur multiple times, so check perms first and bail if wrong. -

214 */ -

215

if (fd != STDIN_FILENO) {

fd != 0	Description
TRUE	never evaluated
FALSE	never evaluated

216

if (sshkey_perm_ok(fd, filename) != 0) {

sshkey_perm_ok...filename) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

217 close(fd); -

218

return -1;

never executed: return -1;

219 } -

220

}

never executed: end of block

221

if ((keyblob = sshbuf_new()) == NULL)

(keyblob = ssh...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

222

fatal("%s: sshbuf_new failed", __func__);

never executed: fatal("%s: sshbuf_new failed", __func__);

223

if ((r = sshkey_load_file(fd, keyblob)) != 0) {

(r = sshkey_lo...keyblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

224 fprintf(stderr, "Error loading key \"%s\": %s\n", -

225 filename, ssh_err(r)); -

226 sshbuf_free(keyblob); -

227 close(fd); -

228

return -1;

never executed: return -1;

229 } -

230 close(fd); -

231 -

232 /* At first, try empty passphrase */ -

233

if ((r = sshkey_parse_private_fileblob(keyblob, "", &private,

(r = sshkey_pa...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

234

&comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) {

(r = sshkey_pa...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

r != -43	Description
TRUE	never evaluated
FALSE	never evaluated

235 fprintf(stderr, "Error loading key \"%s\": %s\n", -

236 filename, ssh_err(r)); -

237

goto fail_load;

never executed: goto fail_load;

238 } -

239 /* try last */ -

240

if (private == NULL && pass != NULL) {

private == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

pass != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

241

if ((r = sshkey_parse_private_fileblob(keyblob, pass, &private,

(r = sshkey_pa...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

242

&comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) {

(r = sshkey_pa...comment)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

r != -43	Description
TRUE	never evaluated
FALSE	never evaluated

243 fprintf(stderr, "Error loading key \"%s\": %s\n", -

244 filename, ssh_err(r)); -

245

goto fail_load;

never executed: goto fail_load;

246 } -

247

}

never executed: end of block

248

if (private == NULL) {

private == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

249 /* clear passphrase since it did not work */ -

250 clear_pass(); -

251 snprintf(msg, sizeof msg, "Enter passphrase for %s%s: ", -

252 filename, confirm ? " (will confirm each use)" : ""); -

253 for (;;) { -

254 pass = read_passphrase(msg, RP_ALLOW_STDIN); -

255

if (strcmp(pass, "") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( pass ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

256

goto fail_load;

never executed: goto fail_load;

257

if ((r = sshkey_parse_private_fileblob(keyblob, pass,

(r = sshkey_pa...comment)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

258

&private, &comment)) == 0)

(r = sshkey_pa...comment)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

259

break;

never executed: break;

260

else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {

r != -43	Description
TRUE	never evaluated
FALSE	never evaluated

261 fprintf(stderr, -

262 "Error loading key \"%s\": %s\n", -

263 filename, ssh_err(r)); -

264

fail_load:

code before this statement never executed: fail_load:

265 clear_pass(); -

266 sshbuf_free(keyblob); -

267

return -1;

never executed: return -1;

268 } -

269 clear_pass(); -

270 snprintf(msg, sizeof msg, -

271 "Bad passphrase, try again for %s%s: ", filename, -

272 confirm ? " (will confirm each use)" : ""); -

273

}

never executed: end of block

274

}

never executed: end of block

275

if (comment == NULL || *comment == '\0')

comment == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

*comment == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

276

comment = xstrdup(filename);

never executed: comment = xstrdup(filename);

277 sshbuf_free(keyblob); -

278 -

279 /* For XMSS */ -

280

if ((r = sshkey_set_filename(private, filename)) != 0) {

(r = sshkey_se...ilename)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

281 fprintf(stderr, "Could not add filename to private key: %s (%s)\n", -

282 filename, comment); -

283

goto out;

never executed: goto out;

284 } -

285

if (maxsign && minleft &&

maxsign	Description
TRUE	never evaluated
FALSE	never evaluated

minleft	Description
TRUE	never evaluated
FALSE	never evaluated

286

(r = ssh_fetch_identitylist(agent_fd, &idlist)) == 0) {

(r = ssh_fetch...&idlist)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

287

for (i = 0; i < idlist->nkeys; i++) {

i < idlist->nkeys	Description
TRUE	never evaluated
FALSE	never evaluated

288

if (!sshkey_equal_public(idlist->keys[i], private))

!sshkey_equal_...s[i], private)	Description
TRUE	never evaluated
FALSE	never evaluated

289

continue;

never executed: continue;

290 left = sshkey_signatures_left(idlist->keys[i]); -

291

if (left < minleft) {

left < minleft	Description
TRUE	never evaluated
FALSE	never evaluated

292 fprintf(stderr, -

293 "Only %d signatures left.\n", left); -

294

break;

never executed: break;

295 } -

296 fprintf(stderr, "Skipping update: "); -

297

if (left == minleft) {

left == minleft	Description
TRUE	never evaluated
FALSE	never evaluated

298 fprintf(stderr, -

299 "required signatures left (%d).\n", left); -

300

} else {

never executed: end of block

301 fprintf(stderr, -

302 "more signatures left (%d) than" -

303 " required (%d).\n", left, minleft); -

304

}

never executed: end of block

305 ssh_free_identitylist(idlist); -

306

goto out;

never executed: goto out;

307 } -

308 ssh_free_identitylist(idlist); -

309

}

never executed: end of block

310 -

311

if ((r = ssh_add_identity_constrained(agent_fd, private, comment,

(r = ssh_add_i...maxsign)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

312

lifetime, confirm, maxsign)) == 0) {

(r = ssh_add_i...maxsign)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

313 ret = 0; -

314

if (!qflag) {

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

315 fprintf(stderr, "Identity added: %s (%s)\n", -

316 filename, comment); -

317

if (lifetime != 0) {

lifetime != 0	Description
TRUE	never evaluated
FALSE	never evaluated

318 fprintf(stderr, -

319 "Lifetime set to %d seconds\n", lifetime); -

320

}

never executed: end of block

321

if (confirm != 0) {

confirm != 0	Description
TRUE	never evaluated
FALSE	never evaluated

322 fprintf(stderr, "The user must confirm " -

323 "each use of the key\n"); -

324

}

never executed: end of block

325

}

never executed: end of block

326

} else {

never executed: end of block

327 fprintf(stderr, "Could not add identity \"%s\": %s\n", -

328 filename, ssh_err(r)); -

329

}

never executed: end of block

330 -

331 /* Skip trying to load the cert if requested */ -

332

if (key_only)

key_only	Description
TRUE	never evaluated
FALSE	never evaluated

333

goto out;

never executed: goto out;

334 -

335 /* Now try to add the certificate flavour too */ -

336 xasprintf(&certpath, "%s-cert.pub", filename); -

337

if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {

(r = sshkey_lo...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

338

if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)

r != -24	Description
TRUE	never evaluated
FALSE	never evaluated

(*__errno_location ()) != 2	Description
TRUE	never evaluated
FALSE	never evaluated

339

error("Failed to load certificate \"%s\": %s",

never executed: error("Failed to load certificate \"%s\": %s", certpath, ssh_err(r));

340

certpath, ssh_err(r));

never executed: error("Failed to load certificate \"%s\": %s", certpath, ssh_err(r));

341

goto out;

never executed: goto out;

342 } -

343 -

344

if (!sshkey_equal_public(cert, private)) {

!sshkey_equal_...cert, private)	Description
TRUE	never evaluated
FALSE	never evaluated

345 error("Certificate %s does not match private key %s", -

346 certpath, filename); -

347 sshkey_free(cert); -

348

goto out;

never executed: goto out;

349 } -

350 -

351 /* Graft with private bits */ -

352

if ((r = sshkey_to_certified(private)) != 0) {

(r = sshkey_to...private)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

353 error("%s: sshkey_to_certified: %s", __func__, ssh_err(r)); -

354 sshkey_free(cert); -

355

goto out;

never executed: goto out;

356 } -

357

if ((r = sshkey_cert_copy(cert, private)) != 0) {

(r = sshkey_ce...private)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

358 error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r)); -

359 sshkey_free(cert); -

360

goto out;

never executed: goto out;

361 } -

362 sshkey_free(cert); -

363 -

364

if ((r = ssh_add_identity_constrained(agent_fd, private, comment,

(r = ssh_add_i...maxsign)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

365

lifetime, confirm, maxsign)) != 0) {

(r = ssh_add_i...maxsign)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

366 error("Certificate %s (%s) add failed: %s", certpath, -

367 private->cert->key_id, ssh_err(r)); -

368

goto out;

never executed: goto out;

369 } -

370 /* success */ -

371

if (!qflag) {

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

372 fprintf(stderr, "Certificate added: %s (%s)\n", certpath, -

373 private->cert->key_id); -

374

if (lifetime != 0) {

lifetime != 0	Description
TRUE	never evaluated
FALSE	never evaluated

375 fprintf(stderr, "Lifetime set to %d seconds\n", -

376 lifetime); -

377

}

never executed: end of block

378

if (confirm != 0) {

confirm != 0	Description
TRUE	never evaluated
FALSE	never evaluated

379 fprintf(stderr, "The user must confirm each use " -

380 "of the key\n"); -

381

}

never executed: end of block

382

}

never executed: end of block

383 -

384

out:

code before this statement never executed: out:

385 free(certpath); -

386 free(comment); -

387 sshkey_free(private); -

388 -

389

return ret;

never executed: return ret;

390 } -

391 -

392 static int -

393 update_card(int agent_fd, int add, const char *id, int qflag) -

394 { -

395 char *pin = NULL; -

396 int r, ret = -1; -

397 -

398

if (add) {

add	Description
TRUE	never evaluated
FALSE	never evaluated

399

if ((pin = read_passphrase("Enter passphrase for PKCS#11: ",

(pin = read_pa...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

400

RP_ALLOW_STDIN)) == NULL)

(pin = read_pa...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

401

return -1;

never executed: return -1;

402

}

never executed: end of block

403 -

404

if ((r = ssh_update_card(agent_fd, add, id, pin == NULL ? "" : pin,

(r = ssh_updat...confirm)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

405

lifetime, confirm)) == 0) {

(r = ssh_updat...confirm)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

406 ret = 0; -

407

if (!qflag) {

!qflag	Description
TRUE	never evaluated
FALSE	never evaluated

408 fprintf(stderr, "Card %s: %s\n", -

409 add ? "added" : "removed", id); -

410

}

never executed: end of block

411

} else {

never executed: end of block

412 fprintf(stderr, "Could not %s card \"%s\": %s\n", -

413 add ? "add" : "remove", id, ssh_err(r)); -

414 ret = -1; -

415

}

never executed: end of block

416 free(pin); -

417

return ret;

never executed: return ret;

418 } -

419 -

420 static int -

421 list_identities(int agent_fd, int do_fp) -

422 { -

423 char *fp; -

424 int r; -

425 struct ssh_identitylist *idlist; -

426 u_int32_t left; -

427 size_t i; -

428 -

429

if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {

(r = ssh_fetch...&idlist)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

430

if (r != SSH_ERR_AGENT_NO_IDENTITIES)

r != -48	Description
TRUE	never evaluated
FALSE	never evaluated

431

fprintf(stderr, "error fetching identities: %s\n",

never executed: fprintf( stderr , "error fetching identities: %s\n", ssh_err(r));

432

ssh_err(r));

never executed: fprintf( stderr , "error fetching identities: %s\n", ssh_err(r));

433 else -

434

printf("The agent has no identities.\n");

never executed: printf("The agent has no identities.\n");

435

return -1;

never executed: return -1;

436 } -

437

for (i = 0; i < idlist->nkeys; i++) {

i < idlist->nkeys	Description
TRUE	never evaluated
FALSE	never evaluated

438

if (do_fp) {

do_fp	Description
TRUE	never evaluated
FALSE	never evaluated

439 fp = sshkey_fingerprint(idlist->keys[i], -

440 fingerprint_hash, SSH_FP_DEFAULT); -

441 printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]), -

442 fp == NULL ? "(null)" : fp, idlist->comments[i], -

443 sshkey_type(idlist->keys[i])); -

444 free(fp); -

445

} else {

never executed: end of block

446

if ((r = sshkey_write(idlist->keys[i], stdout)) != 0) {

(r = sshkey_wr...stdout )) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

447 fprintf(stderr, "sshkey_write: %s\n", -

448 ssh_err(r)); -

449

continue;

never executed: continue;

450 } -

451 fprintf(stdout, " %s", idlist->comments[i]); -

452 left = sshkey_signatures_left(idlist->keys[i]); -

453

if (left > 0)

left > 0	Description
TRUE	never evaluated
FALSE	never evaluated

454

fprintf(stdout,

never executed: fprintf( stdout , " [signatures left %d]", left);

455

" [signatures left %d]", left);

never executed: fprintf( stdout , " [signatures left %d]", left);

456 fprintf(stdout, "\n"); -

457

}

never executed: end of block

458 } -

459 ssh_free_identitylist(idlist); -

460

return 0;

never executed: return 0;

461 } -

462 -

463 static int -

464 lock_agent(int agent_fd, int lock) -

465 { -

466 char prompt[100], *p1, *p2; -

467 int r, passok = 1, ret = -1; -

468 -

469 strlcpy(prompt, "Enter lock password: ", sizeof(prompt)); -

470 p1 = read_passphrase(prompt, RP_ALLOW_STDIN); -

471

if (lock) {

lock	Description
TRUE	never evaluated
FALSE	never evaluated

472 strlcpy(prompt, "Again: ", sizeof prompt); -

473 p2 = read_passphrase(prompt, RP_ALLOW_STDIN); -

474

if (strcmp(p1, p2) != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( p1 ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( p2 ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

475 fprintf(stderr, "Passwords do not match.\n"); -

476 passok = 0; -

477

}

never executed: end of block

478 explicit_bzero(p2, strlen(p2)); -

479 free(p2); -

480

}

never executed: end of block

481

if (passok) {

passok	Description
TRUE	never evaluated
FALSE	never evaluated

482

if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) {

(r = ssh_lock_...ock, p1)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

483 fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); -

484 ret = 0; -

485

} else {

never executed: end of block

486 fprintf(stderr, "Failed to %slock agent: %s\n", -

487 lock ? "" : "un", ssh_err(r)); -

488

}

never executed: end of block

489 } -

490 explicit_bzero(p1, strlen(p1)); -

491 free(p1); -

492

return (ret);

never executed: return (ret);

493 } -

494 -

495 static int -

496 do_file(int agent_fd, int deleting, int key_only, char *file, int qflag) -

497 { -

498

if (deleting) {

deleting	Description
TRUE	never evaluated
FALSE	never evaluated

499

if (delete_file(agent_fd, file, key_only, qflag) == -1)

delete_file(ag..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

500

return -1;

never executed: return -1;

501

} else {

never executed: end of block

502

if (add_file(agent_fd, file, key_only, qflag) == -1)

add_file(agent..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

503

return -1;

never executed: return -1;

504

}

never executed: end of block

505

return 0;

never executed: return 0;

506 } -

507 -

508 static void -

509 usage(void) -

510 { -

511 fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); -

512 fprintf(stderr, "Options:\n"); -

513 fprintf(stderr, " -l List fingerprints of all identities.\n"); -

514 fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); -

515 fprintf(stderr, " -L List public key parameters of all identities.\n"); -

516 fprintf(stderr, " -k Load only keys and not certificates.\n"); -

517 fprintf(stderr, " -c Require confirmation to sign using identities\n"); -

518 fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); -

519 fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); -

520 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); -

521 fprintf(stderr, " -d Delete identity.\n"); -

522 fprintf(stderr, " -D Delete all identities.\n"); -

523 fprintf(stderr, " -x Lock agent.\n"); -

524 fprintf(stderr, " -X Unlock agent.\n"); -

525 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); -

526 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); -

527 fprintf(stderr, " -q Be quiet after a successful operation.\n"); -

528

}

never executed: end of block

529 -

530 int -

531 main(int argc, char **argv) -

532 { -

533 extern char *optarg; -

534 extern int optind; -

535 int agent_fd; -

536 char *pkcs11provider = NULL; -

537 int r, i, ch, deleting = 0, ret = 0, key_only = 0; -

538 int xflag = 0, lflag = 0, Dflag = 0, qflag = 0; -

539 -

540 ssh_malloc_init(); /* must be called before any mallocs */ -

541 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ -

542 sanitise_stdfd(); -

543 -

544 __progname = ssh_get_progname(argv[0]); -

545 seed_rng(); -

546 -

547 #ifdef WITH_OPENSSL -

548 OpenSSL_add_all_algorithms(); -

549 #endif -

550 -

551 setvbuf(stdout, NULL, _IOLBF, 0); -

552 -

553 /* First, get a connection to the authentication agent. */ -

554 switch (r = ssh_get_authentication_socket(&agent_fd)) { -

555

case 0:

never executed: case 0:

556

break;

never executed: break;

557

case SSH_ERR_AGENT_NOT_PRESENT:

never executed: case -47:

558 fprintf(stderr, "Could not open a connection to your " -

559 "authentication agent.\n"); -

560

exit(2);

never executed: exit(2);

561

default:

code before this statement never executed: default:

never executed: default:

562 fprintf(stderr, "Error connecting to agent: %s\n", ssh_err(r)); -

563

exit(2);

never executed: exit(2);

564 } -

565 -

566

while ((ch = getopt(argc, argv, "klLcdDxXE:e:M:m:qs:t:")) != -1) {

(ch = BSDgetop...qs:t:")) != -1	Description
TRUE	never evaluated
FALSE	never evaluated

567 switch (ch) { -

568

case 'E':

never executed: case 'E':

569 fingerprint_hash = ssh_digest_alg_by_name(optarg); -

570

if (fingerprint_hash == -1)

fingerprint_hash == -1	Description
TRUE	never evaluated
FALSE	never evaluated

571

fatal("Invalid hash algorithm \"%s\"", optarg);

never executed: fatal("Invalid hash algorithm \"%s\"", BSDoptarg);

572

break;

never executed: break;

573

case 'k':

never executed: case 'k':

574 key_only = 1; -

575

break;

never executed: break;

576

case 'l':

never executed: case 'l':

577

case 'L':

never executed: case 'L':

578

if (lflag != 0)

lflag != 0	Description
TRUE	never evaluated
FALSE	never evaluated

579

fatal("-%c flag already specified", lflag);

never executed: fatal("-%c flag already specified", lflag);

580 lflag = ch; -

581

break;

never executed: break;

582

case 'x':

never executed: case 'x':

583

case 'X':

never executed: case 'X':

584

if (xflag != 0)

xflag != 0	Description
TRUE	never evaluated
FALSE	never evaluated

585

fatal("-%c flag already specified", xflag);

never executed: fatal("-%c flag already specified", xflag);

586 xflag = ch; -

587

break;

never executed: break;

588

case 'c':

never executed: case 'c':

589 confirm = 1; -

590

break;

never executed: break;

591

case 'm':

never executed: case 'm':

592 minleft = (int)strtonum(optarg, 1, UINT_MAX, NULL); -

593

if (minleft == 0) {

minleft == 0	Description
TRUE	never evaluated
FALSE	never evaluated

594 usage(); -

595 ret = 1; -

596

goto done;

never executed: goto done;

597 } -

598

break;

never executed: break;

599

case 'M':

never executed: case 'M':

600 maxsign = (int)strtonum(optarg, 1, UINT_MAX, NULL); -

601

if (maxsign == 0) {

maxsign == 0	Description
TRUE	never evaluated
FALSE	never evaluated

602 usage(); -

603 ret = 1; -

604

goto done;

never executed: goto done;

605 } -

606

break;

never executed: break;

607

case 'd':

never executed: case 'd':

608 deleting = 1; -

609

break;

never executed: break;

610

case 'D':

never executed: case 'D':

611 Dflag = 1; -

612

break;

never executed: break;

613

case 's':

never executed: case 's':

614 pkcs11provider = optarg; -

615

break;

never executed: break;

616

case 'e':

never executed: case 'e':

617 deleting = 1; -

618 pkcs11provider = optarg; -

619

break;

never executed: break;

620

case 't':

never executed: case 't':

621

if ((lifetime = convtime(optarg)) == -1) {

(lifetime = co...optarg)) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

622 fprintf(stderr, "Invalid lifetime\n"); -

623 ret = 1; -

624

goto done;

never executed: goto done;

625 } -

626

break;

never executed: break;

627

case 'q':

never executed: case 'q':

628 qflag = 1; -

629

break;

never executed: break;

630

default:

never executed: default:

631 usage(); -

632 ret = 1; -

633

goto done;

never executed: goto done;

634 } -

635 } -

636 -

637

if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)

(xflag != 0) +...flag != 0) > 1	Description
TRUE	never evaluated
FALSE	never evaluated

638

fatal("Invalid combination of actions");

never executed: fatal("Invalid combination of actions");

639

else if (xflag) {

xflag	Description
TRUE	never evaluated
FALSE	never evaluated

640

if (lock_agent(agent_fd, xflag == 'x' ? 1 : 0) == -1)

lock_agent(age...? 1 : 0) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

641

ret = 1;

never executed: ret = 1;

642

goto done;

never executed: goto done;

643

} else if (lflag) {

lflag	Description
TRUE	never evaluated
FALSE	never evaluated

644

if (list_identities(agent_fd, lflag == 'l' ? 1 : 0) == -1)

list_identitie...? 1 : 0) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

645

ret = 1;

never executed: ret = 1;

646

goto done;

never executed: goto done;

647

} else if (Dflag) {

Dflag	Description
TRUE	never evaluated
FALSE	never evaluated

648

if (delete_all(agent_fd, qflag) == -1)

delete_all(age..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

649

ret = 1;

never executed: ret = 1;

650

goto done;

never executed: goto done;

651 } -

652 -

653 argc -= optind; -

654 argv += optind; -

655

if (pkcs11provider != NULL) {

pkcs11provider != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

656

if (update_card(agent_fd, !deleting, pkcs11provider,

update_card(ag..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

657

qflag) == -1)

update_card(ag..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

658

ret = 1;

never executed: ret = 1;

659

goto done;

never executed: goto done;

660 } -

661

if (argc == 0) {

argc == 0	Description
TRUE	never evaluated
FALSE	never evaluated

662 char buf[PATH_MAX]; -

663 struct passwd *pw; -

664 struct stat st; -

665 int count = 0; -

666 -

667

if ((pw = getpwuid(getuid())) == NULL) {

(pw = getpwuid...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

668 fprintf(stderr, "No user found with uid %u\n", -

669 (u_int)getuid()); -

670 ret = 1; -

671

goto done;

never executed: goto done;

672 } -

673 -

674

for (i = 0; default_files[i]; i++) {

default_files[i]	Description
TRUE	never evaluated
FALSE	never evaluated

675 snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, -

676 default_files[i]); -

677

if (stat(buf, &st) < 0)

stat(buf, &st) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

678

continue;

never executed: continue;

679

if (do_file(agent_fd, deleting, key_only, buf,

do_file(agent_..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

680

qflag) == -1)

do_file(agent_..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

681

ret = 1;

never executed: ret = 1;

682 else -

683

count++;

never executed: count++;

684 } -

685

if (count == 0)

count == 0	Description
TRUE	never evaluated
FALSE	never evaluated

686

ret = 1;

never executed: ret = 1;

687

} else {

never executed: end of block

688

for (i = 0; i < argc; i++) {

i < argc	Description
TRUE	never evaluated
FALSE	never evaluated

689

if (do_file(agent_fd, deleting, key_only,

do_file(agent_..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

690

argv[i], qflag) == -1)

do_file(agent_..., qflag) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

691

ret = 1;

never executed: ret = 1;

692

}

never executed: end of block

693

}

never executed: end of block

694 clear_pass(); -

695 -

696

done:

code before this statement never executed: done:

697 ssh_close_authentication_socket(agent_fd); -

698

return ret;

never executed: return ret;

699 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2