OpenCoverage

session.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/session.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: session.c,v 1.305 2018/07/25 13:56:23 deraadt Exp $ */-
2/*-
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
4 * All rights reserved-
5 *-
6 * As far as I am concerned, the code I have written for this software-
7 * can be used freely for any purpose. Any derived versions of this-
8 * software must be clearly marked as such, and if the derived work is-
9 * incompatible with the protocol description in the RFC file, it must be-
10 * called by a name other than "ssh" or "Secure Shell".-
11 *-
12 * SSH2 support by Markus Friedl.-
13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.-
14 *-
15 * Redistribution and use in source and binary forms, with or without-
16 * modification, are permitted provided that the following conditions-
17 * are met:-
18 * 1. Redistributions of source code must retain the above copyright-
19 * notice, this list of conditions and the following disclaimer.-
20 * 2. Redistributions in binary form must reproduce the above copyright-
21 * notice, this list of conditions and the following disclaimer in the-
22 * documentation and/or other materials provided with the distribution.-
23 *-
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
34 */-
35-
36#include "includes.h"-
37-
38#include <sys/types.h>-
39#include <sys/param.h>-
40#ifdef HAVE_SYS_STAT_H-
41# include <sys/stat.h>-
42#endif-
43#include <sys/socket.h>-
44#include <sys/un.h>-
45#include <sys/wait.h>-
46-
47#include <arpa/inet.h>-
48-
49#include <ctype.h>-
50#include <errno.h>-
51#include <fcntl.h>-
52#include <grp.h>-
53#include <netdb.h>-
54#ifdef HAVE_PATHS_H-
55#include <paths.h>-
56#endif-
57#include <pwd.h>-
58#include <signal.h>-
59#include <stdarg.h>-
60#include <stdio.h>-
61#include <stdlib.h>-
62#include <string.h>-
63#include <unistd.h>-
64#include <limits.h>-
65-
66#include "openbsd-compat/sys-queue.h"-
67#include "xmalloc.h"-
68#include "ssh.h"-
69#include "ssh2.h"-
70#include "sshpty.h"-
71#include "packet.h"-
72#include "sshbuf.h"-
73#include "ssherr.h"-
74#include "match.h"-
75#include "uidswap.h"-
76#include "compat.h"-
77#include "channels.h"-
78#include "sshkey.h"-
79#include "cipher.h"-
80#ifdef GSSAPI-
81#include "ssh-gss.h"-
82#endif-
83#include "hostfile.h"-
84#include "auth.h"-
85#include "auth-options.h"-
86#include "authfd.h"-
87#include "pathnames.h"-
88#include "log.h"-
89#include "misc.h"-
90#include "servconf.h"-
91#include "sshlogin.h"-
92#include "serverloop.h"-
93#include "canohost.h"-
94#include "session.h"-
95#include "kex.h"-
96#include "monitor_wrap.h"-
97#include "sftp.h"-
98#include "atomicio.h"-
99-
100#if defined(KRB5) && defined(USE_AFS)-
101#include <kafs.h>-
102#endif-
103-
104#ifdef WITH_SELINUX-
105#include <selinux/selinux.h>-
106#endif-
107-
108#define IS_INTERNAL_SFTP(c) \-
109 (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \-
110 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \-
111 c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \-
112 c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))-
113-
114/* func */-
115-
116Session *session_new(void);-
117void session_set_fds(struct ssh *, Session *, int, int, int, int, int);-
118void session_pty_cleanup(Session *);-
119void session_proctitle(Session *);-
120int session_setup_x11fwd(struct ssh *, Session *);-
121int do_exec_pty(struct ssh *, Session *, const char *);-
122int do_exec_no_pty(struct ssh *, Session *, const char *);-
123int do_exec(struct ssh *, Session *, const char *);-
124void do_login(struct ssh *, Session *, const char *);-
125void do_child(struct ssh *, Session *, const char *);-
126#ifdef LOGIN_NEEDS_UTMPX-
127static void do_pre_login(Session *s);-
128#endif-
129void do_motd(void);-
130int check_quietlogin(Session *, const char *);-
131-
132static void do_authenticated2(struct ssh *, Authctxt *);-
133-
134static int session_pty_req(struct ssh *, Session *);-
135-
136/* import */-
137extern ServerOptions options;-
138extern char *__progname;-
139extern int debug_flag;-
140extern u_int utmp_len;-
141extern int startup_pipe;-
142extern void destroy_sensitive_data(void);-
143extern struct sshbuf *loginmsg;-
144extern struct sshauthopt *auth_opts;-
145char *tun_fwd_ifnames; /* serverloop.c */-
146-
147/* original command from peer. */-
148const char *original_command = NULL;-
149-
150/* data */-
151static int sessions_first_unused = -1;-
152static int sessions_nalloc = 0;-
153static Session *sessions = NULL;-
154-
155#define SUBSYSTEM_NONE 0-
156#define SUBSYSTEM_EXT 1-
157#define SUBSYSTEM_INT_SFTP 2-
158#define SUBSYSTEM_INT_SFTP_ERROR 3-
159-
160#ifdef HAVE_LOGIN_CAP-
161login_cap_t *lc;-
162#endif-
163-
164static int is_child = 0;-
165static int in_chroot = 0;-
166-
167/* File containing userauth info, if ExposeAuthInfo set */-
168static char *auth_info_file = NULL;-
169-
170/* Name and directory of socket for authentication agent forwarding. */-
171static char *auth_sock_name = NULL;-
172static char *auth_sock_dir = NULL;-
173-
174/* removes the agent forwarding socket */-
175-
176static void-
177auth_sock_cleanup_proc(struct passwd *pw)-
178{-
179 if (auth_sock_name != NULL) {
auth_sock_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
180 temporarily_use_uid(pw);-
181 unlink(auth_sock_name);-
182 rmdir(auth_sock_dir);-
183 auth_sock_name = NULL;-
184 restore_uid();-
185 }
never executed: end of block
0
186}
never executed: end of block
0
187-
188static int-
189auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)-
190{-
191 Channel *nc;-
192 int sock = -1;-
193-
194 if (auth_sock_name != NULL) {
auth_sock_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
195 error("authentication forwarding requested twice.");-
196 return 0;
never executed: return 0;
0
197 }-
198-
199 /* Temporarily drop privileged uid for mkdir/bind. */-
200 temporarily_use_uid(pw);-
201-
202 /* Allocate a buffer for the socket name, and format the name. */-
203 auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");-
204-
205 /* Create private directory for socket */-
206 if (mkdtemp(auth_sock_dir) == NULL) {
mkdtemp(auth_s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
207 packet_send_debug("Agent forwarding disabled: "-
208 "mkdtemp() failed: %.100s", strerror(errno));-
209 restore_uid();-
210 free(auth_sock_dir);-
211 auth_sock_dir = NULL;-
212 goto authsock_err;
never executed: goto authsock_err;
0
213 }-
214-
215 xasprintf(&auth_sock_name, "%s/agent.%ld",-
216 auth_sock_dir, (long) getpid());-
217-
218 /* Start a Unix listener on auth_sock_name. */-
219 sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0);-
220-
221 /* Restore the privileged uid. */-
222 restore_uid();-
223-
224 /* Check for socket/bind/listen failure. */-
225 if (sock < 0)
sock < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
226 goto authsock_err;
never executed: goto authsock_err;
0
227-
228 /* Allocate a channel for the authentication agent socket. */-
229 nc = channel_new(ssh, "auth socket",-
230 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,-
231 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,-
232 0, "auth socket", 1);-
233 nc->path = xstrdup(auth_sock_name);-
234 return 1;
never executed: return 1;
0
235-
236 authsock_err:-
237 free(auth_sock_name);-
238 if (auth_sock_dir != NULL) {
auth_sock_dir != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
239 rmdir(auth_sock_dir);-
240 free(auth_sock_dir);-
241 }
never executed: end of block
0
242 if (sock != -1)
sock != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
243 close(sock);
never executed: close(sock);
0
244 auth_sock_name = NULL;-
245 auth_sock_dir = NULL;-
246 return 0;
never executed: return 0;
0
247}-
248-
249static void-
250display_loginmsg(void)-
251{-
252 int r;-
253-
254 if (sshbuf_len(loginmsg) == 0)
sshbuf_len(loginmsg) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
255 return;
never executed: return;
0
256 if ((r = sshbuf_put_u8(loginmsg, 0)) != 0)
(r = sshbuf_pu...nmsg, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
257 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
258 printf("%s", (char *)sshbuf_ptr(loginmsg));-
259 sshbuf_reset(loginmsg);-
260}
never executed: end of block
0
261-
262static void-
263prepare_auth_info_file(struct passwd *pw, struct sshbuf *info)-
264{-
265 int fd = -1, success = 0;-
266-
267 if (!options.expose_userauth_info || info == NULL)
!options.expose_userauth_infoDescription
TRUEnever evaluated
FALSEnever evaluated
info == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
268 return;
never executed: return;
0
269-
270 temporarily_use_uid(pw);-
271 auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");-
272 if ((fd = mkstemp(auth_info_file)) == -1) {
(fd = mkstemp(...o_file)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
273 error("%s: mkstemp: %s", __func__, strerror(errno));-
274 goto out;
never executed: goto out;
0
275 }-
276 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
atomicio((ssiz...hbuf_len(info)Description
TRUEnever evaluated
FALSEnever evaluated
0
277 sshbuf_len(info)) != sshbuf_len(info)) {
atomicio((ssiz...hbuf_len(info)Description
TRUEnever evaluated
FALSEnever evaluated
0
278 error("%s: write: %s", __func__, strerror(errno));-
279 goto out;
never executed: goto out;
0
280 }-
281 if (close(fd) != 0) {
close(fd) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
282 error("%s: close: %s", __func__, strerror(errno));-
283 goto out;
never executed: goto out;
0
284 }-
285 success = 1;-
286 out:
code before this statement never executed: out:
0
287 if (!success) {
!successDescription
TRUEnever evaluated
FALSEnever evaluated
0
288 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
289 close(fd);
never executed: close(fd);
0
290 free(auth_info_file);-
291 auth_info_file = NULL;-
292 }
never executed: end of block
0
293 restore_uid();-
294}
never executed: end of block
0
295-
296static void-
297set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)-
298{-
299 char *tmp, *cp, *host;-
300 int port;-
301 size_t i;-
302-
303 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) {
(options.allow...& (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
304 channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL);-
305 for (i = 0; i < auth_opts->npermitopen; i++) {
i < auth_opts->npermitopenDescription
TRUEnever evaluated
FALSEnever evaluated
0
306 tmp = cp = xstrdup(auth_opts->permitopen[i]);-
307 /* This shouldn't fail as it has already been checked */-
308 if ((host = hpdelim(&cp)) == NULL)
(host = hpdeli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
309 fatal("%s: internal error: hpdelim", __func__);
never executed: fatal("%s: internal error: hpdelim", __func__);
0
310 host = cleanhostname(host);-
311 if (cp == NULL || (port = permitopen_port(cp)) < 0)
cp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(port = permit..._port(cp)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
312 fatal("%s: internal error: permitopen port",
never executed: fatal("%s: internal error: permitopen port", __func__);
0
313 __func__);
never executed: fatal("%s: internal error: permitopen port", __func__);
0
314 channel_add_permission(ssh,-
315 FORWARD_USER, FORWARD_LOCAL, host, port);-
316 free(tmp);-
317 }
never executed: end of block
0
318 }
never executed: end of block
0
319 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0) {
(options.allow...ng & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
320 channel_clear_permission(ssh, FORWARD_USER, FORWARD_REMOTE);-
321 for (i = 0; i < auth_opts->npermitlisten; i++) {
i < auth_opts->npermitlistenDescription
TRUEnever evaluated
FALSEnever evaluated
0
322 tmp = cp = xstrdup(auth_opts->permitlisten[i]);-
323 /* This shouldn't fail as it has already been checked */-
324 if ((host = hpdelim(&cp)) == NULL)
(host = hpdeli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
325 fatal("%s: internal error: hpdelim", __func__);
never executed: fatal("%s: internal error: hpdelim", __func__);
0
326 host = cleanhostname(host);-
327 if (cp == NULL || (port = permitopen_port(cp)) < 0)
cp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(port = permit..._port(cp)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
328 fatal("%s: internal error: permitlisten port",
never executed: fatal("%s: internal error: permitlisten port", __func__);
0
329 __func__);
never executed: fatal("%s: internal error: permitlisten port", __func__);
0
330 channel_add_permission(ssh,-
331 FORWARD_USER, FORWARD_REMOTE, host, port);-
332 free(tmp);-
333 }
never executed: end of block
0
334 }
never executed: end of block
0
335}
never executed: end of block
0
336-
337void-
338do_authenticated(struct ssh *ssh, Authctxt *authctxt)-
339{-
340 setproctitle("%s", authctxt->pw->pw_name);-
341-
342 auth_log_authopts("active", auth_opts, 0);-
343-
344 /* setup the channel layer */-
345 /* XXX - streamlocal? */-
346 set_fwdpermit_from_authopts(ssh, auth_opts);-
347-
348 if (!auth_opts->permit_port_forwarding_flag ||
!auth_opts->pe...orwarding_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
349 options.disable_forwarding) {
options.disable_forwardingDescription
TRUEnever evaluated
FALSEnever evaluated
0
350 channel_disable_admin(ssh, FORWARD_LOCAL);-
351 channel_disable_admin(ssh, FORWARD_REMOTE);-
352 } else {
never executed: end of block
0
353 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
(options.allow...& (1<<1)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
354 channel_disable_admin(ssh, FORWARD_LOCAL);
never executed: channel_disable_admin(ssh, (1<<1));
0
355 else-
356 channel_permit_all(ssh, FORWARD_LOCAL);
never executed: channel_permit_all(ssh, (1<<1));
0
357 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0)
(options.allow...ng & (1)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
358 channel_disable_admin(ssh, FORWARD_REMOTE);
never executed: channel_disable_admin(ssh, (1));
0
359 else-
360 channel_permit_all(ssh, FORWARD_REMOTE);
never executed: channel_permit_all(ssh, (1));
0
361 }-
362 auth_debug_send();-
363-
364 prepare_auth_info_file(authctxt->pw, authctxt->session_info);-
365-
366 do_authenticated2(ssh, authctxt);-
367-
368 do_cleanup(ssh, authctxt);-
369}
never executed: end of block
0
370-
371/* Check untrusted xauth strings for metacharacters */-
372static int-
373xauth_valid_string(const char *s)-
374{-
375 size_t i;-
376-
377 for (i = 0; s[i] != '\0'; i++) {
s[i] != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
378 if (!isalnum((u_char)s[i]) &&
! ((*__ctype_b...int) _ISalnum)Description
TRUEnever evaluated
FALSEnever evaluated
0
379 s[i] != '.' && s[i] != ':' && s[i] != '/' &&
s[i] != '.'Description
TRUEnever evaluated
FALSEnever evaluated
s[i] != ':'Description
TRUEnever evaluated
FALSEnever evaluated
s[i] != '/'Description
TRUEnever evaluated
FALSEnever evaluated
0
380 s[i] != '-' && s[i] != '_')
s[i] != '-'Description
TRUEnever evaluated
FALSEnever evaluated
s[i] != '_'Description
TRUEnever evaluated
FALSEnever evaluated
0
381 return 0;
never executed: return 0;
0
382 }
never executed: end of block
0
383 return 1;
never executed: return 1;
0
384}-
385-
386#define USE_PIPES 1-
387/*-
388 * This is called to fork and execute a command when we have no tty. This-
389 * will call do_child from the child, and server_loop from the parent after-
390 * setting up file descriptors and such.-
391 */-
392int-
393do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)-
394{-
395 pid_t pid;-
396#ifdef USE_PIPES-
397 int pin[2], pout[2], perr[2];-
398-
399 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
400 fatal("do_exec_no_pty: no session");
never executed: fatal("do_exec_no_pty: no session");
0
401-
402 /* Allocate pipes for communicating with the program. */-
403 if (pipe(pin) < 0) {
pipe(pin) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
404 error("%s: pipe in: %.100s", __func__, strerror(errno));-
405 return -1;
never executed: return -1;
0
406 }-
407 if (pipe(pout) < 0) {
pipe(pout) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
408 error("%s: pipe out: %.100s", __func__, strerror(errno));-
409 close(pin[0]);-
410 close(pin[1]);-
411 return -1;
never executed: return -1;
0
412 }-
413 if (pipe(perr) < 0) {
pipe(perr) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
414 error("%s: pipe err: %.100s", __func__,-
415 strerror(errno));-
416 close(pin[0]);-
417 close(pin[1]);-
418 close(pout[0]);-
419 close(pout[1]);-
420 return -1;
never executed: return -1;
0
421 }-
422#else-
423 int inout[2], err[2];-
424-
425 if (s == NULL)-
426 fatal("do_exec_no_pty: no session");-
427-
428 /* Uses socket pairs to communicate with the program. */-
429 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {-
430 error("%s: socketpair #1: %.100s", __func__, strerror(errno));-
431 return -1;-
432 }-
433 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {-
434 error("%s: socketpair #2: %.100s", __func__,-
435 strerror(errno));-
436 close(inout[0]);-
437 close(inout[1]);-
438 return -1;-
439 }-
440#endif-
441-
442 session_proctitle(s);-
443-
444 /* Fork the child. */-
445 switch ((pid = fork())) {-
446 case -1:
never executed: case -1:
0
447 error("%s: fork: %.100s", __func__, strerror(errno));-
448#ifdef USE_PIPES-
449 close(pin[0]);-
450 close(pin[1]);-
451 close(pout[0]);-
452 close(pout[1]);-
453 close(perr[0]);-
454 close(perr[1]);-
455#else-
456 close(inout[0]);-
457 close(inout[1]);-
458 close(err[0]);-
459 close(err[1]);-
460#endif-
461 return -1;
never executed: return -1;
0
462 case 0:
never executed: case 0:
0
463 is_child = 1;-
464-
465 /*-
466 * Create a new session and process group since the 4.4BSD-
467 * setlogin() affects the entire process group.-
468 */-
469 if (setsid() < 0)
setsid() < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
470 error("setsid failed: %.100s", strerror(errno));
never executed: error("setsid failed: %.100s", strerror( (*__errno_location ()) ));
0
471-
472#ifdef USE_PIPES-
473 /*-
474 * Redirect stdin. We close the parent side of the socket-
475 * pair, and make the child side the standard input.-
476 */-
477 close(pin[1]);-
478 if (dup2(pin[0], 0) < 0)
dup2(pin[0], 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
479 perror("dup2 stdin");
never executed: perror("dup2 stdin");
0
480 close(pin[0]);-
481-
482 /* Redirect stdout. */-
483 close(pout[0]);-
484 if (dup2(pout[1], 1) < 0)
dup2(pout[1], 1) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
485 perror("dup2 stdout");
never executed: perror("dup2 stdout");
0
486 close(pout[1]);-
487-
488 /* Redirect stderr. */-
489 close(perr[0]);-
490 if (dup2(perr[1], 2) < 0)
dup2(perr[1], 2) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
491 perror("dup2 stderr");
never executed: perror("dup2 stderr");
0
492 close(perr[1]);-
493#else-
494 /*-
495 * Redirect stdin, stdout, and stderr. Stdin and stdout will-
496 * use the same socket, as some programs (particularly rdist)-
497 * seem to depend on it.-
498 */-
499 close(inout[1]);-
500 close(err[1]);-
501 if (dup2(inout[0], 0) < 0) /* stdin */-
502 perror("dup2 stdin");-
503 if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */-
504 perror("dup2 stdout");-
505 close(inout[0]);-
506 if (dup2(err[0], 2) < 0) /* stderr */-
507 perror("dup2 stderr");-
508 close(err[0]);-
509#endif-
510-
511 /* Do processing for the child (exec command etc). */-
512 do_child(ssh, s, command);-
513 /* NOTREACHED */-
514 default:
code before this statement never executed: default:
never executed: default:
0
515 break;
never executed: break;
0
516 }-
517-
518#ifdef HAVE_CYGWIN-
519 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);-
520#endif-
521-
522 s->pid = pid;-
523 /* Set interactive/non-interactive mode. */-
524 packet_set_interactive(s->display != NULL,-
525 options.ip_qos_interactive, options.ip_qos_bulk);-
526-
527 /*-
528 * Clear loginmsg, since it's the child's responsibility to display-
529 * it to the user, otherwise multiple sessions may accumulate-
530 * multiple copies of the login messages.-
531 */-
532 sshbuf_reset(loginmsg);-
533-
534#ifdef USE_PIPES-
535 /* We are the parent. Close the child sides of the pipes. */-
536 close(pin[0]);-
537 close(pout[1]);-
538 close(perr[1]);-
539-
540 session_set_fds(ssh, s, pin[1], pout[0], perr[0],-
541 s->is_subsystem, 0);-
542#else-
543 /* We are the parent. Close the child sides of the socket pairs. */-
544 close(inout[0]);-
545 close(err[0]);-
546-
547 /*-
548 * Enter the interactive session. Note: server_loop must be able to-
549 * handle the case that fdin and fdout are the same.-
550 */-
551 session_set_fds(s, inout[1], inout[1], err[1],-
552 s->is_subsystem, 0);-
553#endif-
554 return 0;
never executed: return 0;
0
555}-
556-
557/*-
558 * This is called to fork and execute a command when we have a tty. This-
559 * will call do_child from the child, and server_loop from the parent after-
560 * setting up file descriptors, controlling tty, updating wtmp, utmp,-
561 * lastlog, and other such operations.-
562 */-
563int-
564do_exec_pty(struct ssh *ssh, Session *s, const char *command)-
565{-
566 int fdout, ptyfd, ttyfd, ptymaster;-
567 pid_t pid;-
568-
569 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
570 fatal("do_exec_pty: no session");
never executed: fatal("do_exec_pty: no session");
0
571 ptyfd = s->ptyfd;-
572 ttyfd = s->ttyfd;-
573-
574 /*-
575 * Create another descriptor of the pty master side for use as the-
576 * standard input. We could use the original descriptor, but this-
577 * simplifies code in server_loop. The descriptor is bidirectional.-
578 * Do this before forking (and cleanup in the child) so as to-
579 * detect and gracefully fail out-of-fd conditions.-
580 */-
581 if ((fdout = dup(ptyfd)) < 0) {
(fdout = dup(ptyfd)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
582 error("%s: dup #1: %s", __func__, strerror(errno));-
583 close(ttyfd);-
584 close(ptyfd);-
585 return -1;
never executed: return -1;
0
586 }-
587 /* we keep a reference to the pty master */-
588 if ((ptymaster = dup(ptyfd)) < 0) {
(ptymaster = dup(ptyfd)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
589 error("%s: dup #2: %s", __func__, strerror(errno));-
590 close(ttyfd);-
591 close(ptyfd);-
592 close(fdout);-
593 return -1;
never executed: return -1;
0
594 }-
595-
596 /* Fork the child. */-
597 switch ((pid = fork())) {-
598 case -1:
never executed: case -1:
0
599 error("%s: fork: %.100s", __func__, strerror(errno));-
600 close(fdout);-
601 close(ptymaster);-
602 close(ttyfd);-
603 close(ptyfd);-
604 return -1;
never executed: return -1;
0
605 case 0:
never executed: case 0:
0
606 is_child = 1;-
607-
608 close(fdout);-
609 close(ptymaster);-
610-
611 /* Close the master side of the pseudo tty. */-
612 close(ptyfd);-
613-
614 /* Make the pseudo tty our controlling tty. */-
615 pty_make_controlling_tty(&ttyfd, s->tty);-
616-
617 /* Redirect stdin/stdout/stderr from the pseudo tty. */-
618 if (dup2(ttyfd, 0) < 0)
dup2(ttyfd, 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
619 error("dup2 stdin: %s", strerror(errno));
never executed: error("dup2 stdin: %s", strerror( (*__errno_location ()) ));
0
620 if (dup2(ttyfd, 1) < 0)
dup2(ttyfd, 1) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
621 error("dup2 stdout: %s", strerror(errno));
never executed: error("dup2 stdout: %s", strerror( (*__errno_location ()) ));
0
622 if (dup2(ttyfd, 2) < 0)
dup2(ttyfd, 2) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
623 error("dup2 stderr: %s", strerror(errno));
never executed: error("dup2 stderr: %s", strerror( (*__errno_location ()) ));
0
624-
625 /* Close the extra descriptor for the pseudo tty. */-
626 close(ttyfd);-
627-
628 /* record login, etc. similar to login(1) */-
629#ifndef HAVE_OSF_SIA-
630 do_login(ssh, s, command);-
631#endif-
632 /*-
633 * Do common processing for the child, such as execing-
634 * the command.-
635 */-
636 do_child(ssh, s, command);-
637 /* NOTREACHED */-
638 default:
code before this statement never executed: default:
never executed: default:
0
639 break;
never executed: break;
0
640 }-
641-
642#ifdef HAVE_CYGWIN-
643 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);-
644#endif-
645-
646 s->pid = pid;-
647-
648 /* Parent. Close the slave side of the pseudo tty. */-
649 close(ttyfd);-
650-
651 /* Enter interactive session. */-
652 s->ptymaster = ptymaster;-
653 packet_set_interactive(1, -
654 options.ip_qos_interactive, options.ip_qos_bulk);-
655 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);-
656 return 0;
never executed: return 0;
0
657}-
658-
659#ifdef LOGIN_NEEDS_UTMPX-
660static void-
661do_pre_login(Session *s)-
662{-
663 struct ssh *ssh = active_state; /* XXX */-
664 socklen_t fromlen;-
665 struct sockaddr_storage from;-
666 pid_t pid = getpid();-
667-
668 /*-
669 * Get IP address of client. If the connection is not a socket, let-
670 * the address be 0.0.0.0.-
671 */-
672 memset(&from, 0, sizeof(from));-
673 fromlen = sizeof(from);-
674 if (packet_connection_is_on_socket()) {-
675 if (getpeername(packet_get_connection_in(),-
676 (struct sockaddr *)&from, &fromlen) < 0) {-
677 debug("getpeername: %.100s", strerror(errno));-
678 cleanup_exit(255);-
679 }-
680 }-
681-
682 record_utmp_only(pid, s->tty, s->pw->pw_name,-
683 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),-
684 (struct sockaddr *)&from, fromlen);-
685}-
686#endif-
687-
688/*-
689 * This is called to fork and execute a command. If another command is-
690 * to be forced, execute that instead.-
691 */-
692int-
693do_exec(struct ssh *ssh, Session *s, const char *command)-
694{-
695 int ret;-
696 const char *forced = NULL, *tty = NULL;-
697 char session_type[1024];-
698-
699 if (options.adm_forced_command) {
options.adm_forced_commandDescription
TRUEnever evaluated
FALSEnever evaluated
0
700 original_command = command;-
701 command = options.adm_forced_command;-
702 forced = "(config)";-
703 } else if (auth_opts->force_command != NULL) {
never executed: end of block
auth_opts->for...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
704 original_command = command;-
705 command = auth_opts->force_command;-
706 forced = "(key-option)";-
707 }
never executed: end of block
0
708 if (forced != NULL) {
forced != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
709 if (IS_INTERNAL_SFTP(command)) {
never executed: __result = (((const unsigned char *) (const char *) ( command ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "internal-sftp" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! (__extension...sftp") - 1 )))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...l-sftp") - 1 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( command )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( comma...-sftp") - 1 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...ternal-sftp" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "inte...-sftp") - 1 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
command[sizeof...) - 1] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
command[sizeof...") - 1] == ' 'Description
TRUEnever evaluated
FALSEnever evaluated
command[sizeof...) - 1] == '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
710 s->is_subsystem = s->is_subsystem ?
s->is_subsystemDescription
TRUEnever evaluated
FALSEnever evaluated
0
711 SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;-
712 } else if (s->is_subsystem)
never executed: end of block
s->is_subsystemDescription
TRUEnever evaluated
FALSEnever evaluated
0
713 s->is_subsystem = SUBSYSTEM_EXT;
never executed: s->is_subsystem = 1;
0
714 snprintf(session_type, sizeof(session_type),-
715 "forced-command %s '%.900s'", forced, command);-
716 } else if (s->is_subsystem) {
never executed: end of block
s->is_subsystemDescription
TRUEnever evaluated
FALSEnever evaluated
0
717 snprintf(session_type, sizeof(session_type),-
718 "subsystem '%.900s'", s->subsys);-
719 } else if (command == NULL) {
never executed: end of block
command == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
720 snprintf(session_type, sizeof(session_type), "shell");-
721 } else {
never executed: end of block
0
722 /* NB. we don't log unforced commands to preserve privacy */-
723 snprintf(session_type, sizeof(session_type), "command");-
724 }
never executed: end of block
0
725-
726 if (s->ttyfd != -1) {
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
727 tty = s->tty;-
728 if (strncmp(tty, "/dev/", 5) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( tty ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "/dev/" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 5 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 5 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( tty )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( tty )...size_t) ( 5 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( "/dev/" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "/dev...size_t) ( 5 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
729 tty += 5;
never executed: tty += 5;
0
730 }
never executed: end of block
0
731-
732 verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",-
733 session_type,-
734 tty == NULL ? "" : " on ",-
735 tty == NULL ? "" : tty,-
736 s->pw->pw_name,-
737 ssh_remote_ipaddr(ssh),-
738 ssh_remote_port(ssh),-
739 s->self);-
740-
741#ifdef SSH_AUDIT_EVENTS-
742 if (command != NULL)-
743 PRIVSEP(audit_run_command(command));-
744 else if (s->ttyfd == -1) {-
745 char *shell = s->pw->pw_shell;-
746-
747 if (shell[0] == '\0') /* empty shell means /bin/sh */-
748 shell =_PATH_BSHELL;-
749 PRIVSEP(audit_run_command(shell));-
750 }-
751#endif-
752 if (s->ttyfd != -1)
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
753 ret = do_exec_pty(ssh, s, command);
never executed: ret = do_exec_pty(ssh, s, command);
0
754 else-
755 ret = do_exec_no_pty(ssh, s, command);
never executed: ret = do_exec_no_pty(ssh, s, command);
0
756-
757 original_command = NULL;-
758-
759 /*-
760 * Clear loginmsg: it's the child's responsibility to display-
761 * it to the user, otherwise multiple sessions may accumulate-
762 * multiple copies of the login messages.-
763 */-
764 sshbuf_reset(loginmsg);-
765-
766 return ret;
never executed: return ret;
0
767}-
768-
769/* administrative, login(1)-like work */-
770void-
771do_login(struct ssh *ssh, Session *s, const char *command)-
772{-
773 socklen_t fromlen;-
774 struct sockaddr_storage from;-
775 struct passwd * pw = s->pw;-
776 pid_t pid = getpid();-
777-
778 /*-
779 * Get IP address of client. If the connection is not a socket, let-
780 * the address be 0.0.0.0.-
781 */-
782 memset(&from, 0, sizeof(from));-
783 fromlen = sizeof(from);-
784 if (packet_connection_is_on_socket()) {
ssh_packet_con...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
0
785 if (getpeername(packet_get_connection_in(),
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
786 (struct sockaddr *)&from, &fromlen) < 0) {
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
787 debug("getpeername: %.100s", strerror(errno));-
788 cleanup_exit(255);-
789 }
never executed: end of block
0
790 }
never executed: end of block
0
791-
792 /* Record that there was a login on that tty from the remote host. */-
793 if (!use_privsep)
!use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
0
794 record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
never executed: record_login(pid, s->tty, pw->pw_name, pw->pw_uid, session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen);
0
795 session_get_remote_name_or_ip(ssh, utmp_len,
never executed: record_login(pid, s->tty, pw->pw_name, pw->pw_uid, session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen);
0
796 options.use_dns),
never executed: record_login(pid, s->tty, pw->pw_name, pw->pw_uid, session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen);
0
797 (struct sockaddr *)&from, fromlen);
never executed: record_login(pid, s->tty, pw->pw_name, pw->pw_uid, session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen);
0
798-
799#ifdef USE_PAM-
800 /*-
801 * If password change is needed, do it now.-
802 * This needs to occur before the ~/.hushlogin check.-
803 */-
804 if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) {-
805 display_loginmsg();-
806 do_pam_chauthtok();-
807 s->authctxt->force_pwchange = 0;-
808 /* XXX - signal [net] parent to enable forwardings */-
809 }-
810#endif-
811-
812 if (check_quietlogin(s, command))
check_quietlogin(s, command)Description
TRUEnever evaluated
FALSEnever evaluated
0
813 return;
never executed: return;
0
814-
815 display_loginmsg();-
816-
817 do_motd();-
818}
never executed: end of block
0
819-
820/*-
821 * Display the message of the day.-
822 */-
823void-
824do_motd(void)-
825{-
826 FILE *f;-
827 char buf[256];-
828-
829 if (options.print_motd) {
options.print_motdDescription
TRUEnever evaluated
FALSEnever evaluated
0
830#ifdef HAVE_LOGIN_CAP-
831 f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",-
832 "/etc/motd"), "r");-
833#else-
834 f = fopen("/etc/motd", "r");-
835#endif-
836 if (f) {
fDescription
TRUEnever evaluated
FALSEnever evaluated
0
837 while (fgets(buf, sizeof(buf), f))
fgets(buf, sizeof(buf), f)Description
TRUEnever evaluated
FALSEnever evaluated
0
838 fputs(buf, stdout);
never executed: fputs(buf, stdout );
0
839 fclose(f);-
840 }
never executed: end of block
0
841 }
never executed: end of block
0
842}
never executed: end of block
0
843-
844-
845/*-
846 * Check for quiet login, either .hushlogin or command given.-
847 */-
848int-
849check_quietlogin(Session *s, const char *command)-
850{-
851 char buf[256];-
852 struct passwd *pw = s->pw;-
853 struct stat st;-
854-
855 /* Return 1 if .hushlogin exists or a command given. */-
856 if (command != NULL)
command != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
857 return 1;
never executed: return 1;
0
858 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);-
859#ifdef HAVE_LOGIN_CAP-
860 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)-
861 return 1;-
862#else-
863 if (stat(buf, &st) >= 0)
stat(buf, &st) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
864 return 1;
never executed: return 1;
0
865#endif-
866 return 0;
never executed: return 0;
0
867}-
868-
869/*-
870 * Reads environment variables from the given file and adds/overrides them-
871 * into the environment. If the file does not exist, this does nothing.-
872 * Otherwise, it must consist of empty lines, comments (line starts with '#')-
873 * and assignments of the form name=value. No other forms are allowed.-
874 * If whitelist is not NULL, then it is interpreted as a pattern list and-
875 * only variable names that match it will be accepted.-
876 */-
877static void-
878read_environment_file(char ***env, u_int *envsize,-
879 const char *filename, const char *whitelist)-
880{-
881 FILE *f;-
882 char *line = NULL, *cp, *value;-
883 size_t linesize = 0;-
884 u_int lineno = 0;-
885-
886 f = fopen(filename, "r");-
887 if (!f)
!fDescription
TRUEnever evaluated
FALSEnever evaluated
0
888 return;
never executed: return;
0
889-
890 while (getline(&line, &linesize, f) != -1) {
getline(&line,...size, f) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
891 if (++lineno > 1000)
++lineno > 1000Description
TRUEnever evaluated
FALSEnever evaluated
0
892 fatal("Too many lines in environment file %s", filename);
never executed: fatal("Too many lines in environment file %s", filename);
0
893 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
*cp == ' 'Description
TRUEnever evaluated
FALSEnever evaluated
*cp == '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
894 ;
never executed: ;
0
895 if (!*cp || *cp == '#' || *cp == '\n')
!*cpDescription
TRUEnever evaluated
FALSEnever evaluated
*cp == '#'Description
TRUEnever evaluated
FALSEnever evaluated
*cp == '\n'Description
TRUEnever evaluated
FALSEnever evaluated
0
896 continue;
never executed: continue;
0
897-
898 cp[strcspn(cp, "\n")] = '\0';-
899-
900 value = strchr(cp, '=');
__builtin_constant_p ( '=' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( cp )Description
TRUEnever evaluated
FALSEnever evaluated
( '=' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
901 if (value == NULL) {
value == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
902 fprintf(stderr, "Bad line %u in %.100s\n", lineno,-
903 filename);-
904 continue;
never executed: continue;
0
905 }-
906 /*-
907 * Replace the equals sign by nul, and advance value to-
908 * the value string.-
909 */-
910 *value = '\0';-
911 value++;-
912 if (whitelist != NULL &&
whitelist != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
913 match_pattern_list(cp, whitelist, 0) != 1)
match_pattern_...elist, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
914 continue;
never executed: continue;
0
915 child_set_env(env, envsize, cp, value);-
916 }
never executed: end of block
0
917 free(line);-
918 fclose(f);-
919}
never executed: end of block
0
920-
921#ifdef HAVE_ETC_DEFAULT_LOGIN-
922/*-
923 * Return named variable from specified environment, or NULL if not present.-
924 */-
925static char *-
926child_get_env(char **env, const char *name)-
927{-
928 int i;-
929 size_t len;-
930-
931 len = strlen(name);-
932 for (i=0; env[i] != NULL; i++)-
933 if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')-
934 return(env[i] + len + 1);-
935 return NULL;-
936}-
937-
938/*-
939 * Read /etc/default/login.-
940 * We pick up the PATH (or SUPATH for root) and UMASK.-
941 */-
942static void-
943read_etc_default_login(char ***env, u_int *envsize, uid_t uid)-
944{-
945 char **tmpenv = NULL, *var;-
946 u_int i, tmpenvsize = 0;-
947 u_long mask;-
948-
949 /*-
950 * We don't want to copy the whole file to the child's environment,-
951 * so we use a temporary environment and copy the variables we're-
952 * interested in.-
953 */-
954 read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login",-
955 options.permit_user_env_whitelist);-
956-
957 if (tmpenv == NULL)-
958 return;-
959-
960 if (uid == 0)-
961 var = child_get_env(tmpenv, "SUPATH");-
962 else-
963 var = child_get_env(tmpenv, "PATH");-
964 if (var != NULL)-
965 child_set_env(env, envsize, "PATH", var);-
966-
967 if ((var = child_get_env(tmpenv, "UMASK")) != NULL)-
968 if (sscanf(var, "%5lo", &mask) == 1)-
969 umask((mode_t)mask);-
970-
971 for (i = 0; tmpenv[i] != NULL; i++)-
972 free(tmpenv[i]);-
973 free(tmpenv);-
974}-
975#endif /* HAVE_ETC_DEFAULT_LOGIN */-
976-
977static void-
978copy_environment_blacklist(char **source, char ***env, u_int *envsize,-
979 const char *blacklist)-
980{-
981 char *var_name, *var_val;-
982 int i;-
983-
984 if (source == NULL)
source == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
985 return;
never executed: return;
0
986-
987 for(i = 0; source[i] != NULL; i++) {
source[i] != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
988 var_name = xstrdup(source[i]);-
989 if ((var_val = strstr(var_name, "=")) == NULL) {
(var_val = str...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
990 free(var_name);-
991 continue;
never executed: continue;
0
992 }-
993 *var_val++ = '\0';-
994-
995 if (blacklist == NULL ||
blacklist == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
996 match_pattern_list(var_name, blacklist, 0) != 1) {
match_pattern_...klist, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
997 debug3("Copy environment: %s=%s", var_name, var_val);-
998 child_set_env(env, envsize, var_name, var_val);-
999 }
never executed: end of block
0
1000-
1001 free(var_name);-
1002 }
never executed: end of block
0
1003}
never executed: end of block
0
1004-
1005void-
1006copy_environment(char **source, char ***env, u_int *envsize)-
1007{-
1008 copy_environment_blacklist(source, env, envsize, NULL);-
1009}
never executed: end of block
0
1010-
1011static char **-
1012do_setup_env(struct ssh *ssh, Session *s, const char *shell)-
1013{-
1014 char buf[256];-
1015 size_t n;-
1016 u_int i, envsize;-
1017 char *ocp, *cp, *value, **env, *laddr;-
1018 struct passwd *pw = s->pw;-
1019#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)-
1020 char *path = NULL;-
1021#endif-
1022-
1023 /* Initialize the environment. */-
1024 envsize = 100;-
1025 env = xcalloc(envsize, sizeof(char *));-
1026 env[0] = NULL;-
1027-
1028#ifdef HAVE_CYGWIN-
1029 /*-
1030 * The Windows environment contains some setting which are-
1031 * important for a running system. They must not be dropped.-
1032 */-
1033 {-
1034 char **p;-
1035-
1036 p = fetch_windows_environment();-
1037 copy_environment(p, &env, &envsize);-
1038 free_windows_environment(p);-
1039 }-
1040#endif-
1041-
1042#ifdef GSSAPI-
1043 /* Allow any GSSAPI methods that we've used to alter-
1044 * the childs environment as they see fit-
1045 */-
1046 ssh_gssapi_do_child(&env, &envsize);-
1047#endif-
1048-
1049 /* Set basic environment. */-
1050 for (i = 0; i < s->num_env; i++)
i < s->num_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
1051 child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
never executed: child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
0
1052-
1053 child_set_env(&env, &envsize, "USER", pw->pw_name);-
1054 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);-
1055#ifdef _AIX-
1056 child_set_env(&env, &envsize, "LOGIN", pw->pw_name);-
1057#endif-
1058 child_set_env(&env, &envsize, "HOME", pw->pw_dir);-
1059#ifdef HAVE_LOGIN_CAP-
1060 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)-
1061 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);-
1062 else-
1063 child_set_env(&env, &envsize, "PATH", getenv("PATH"));-
1064#else /* HAVE_LOGIN_CAP */-
1065# ifndef HAVE_CYGWIN-
1066 /*-
1067 * There's no standard path on Windows. The path contains-
1068 * important components pointing to the system directories,-
1069 * needed for loading shared libraries. So the path better-
1070 * remains intact here.-
1071 */-
1072# ifdef HAVE_ETC_DEFAULT_LOGIN-
1073 read_etc_default_login(&env, &envsize, pw->pw_uid);-
1074 path = child_get_env(env, "PATH");-
1075# endif /* HAVE_ETC_DEFAULT_LOGIN */-
1076 if (path == NULL || *path == '\0') {
path == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*path == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1077 child_set_env(&env, &envsize, "PATH",-
1078 s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);-
1079 }
never executed: end of block
0
1080# endif /* HAVE_CYGWIN */-
1081#endif /* HAVE_LOGIN_CAP */-
1082-
1083 snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);-
1084 child_set_env(&env, &envsize, "MAIL", buf);-
1085-
1086 /* Normal systems set SHELL by default. */-
1087 child_set_env(&env, &envsize, "SHELL", shell);-
1088-
1089 if (getenv("TZ"))
getenv("TZ")Description
TRUEnever evaluated
FALSEnever evaluated
0
1090 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
never executed: child_set_env(&env, &envsize, "TZ", getenv("TZ"));
0
1091 if (s->term)
s->termDescription
TRUEnever evaluated
FALSEnever evaluated
0
1092 child_set_env(&env, &envsize, "TERM", s->term);
never executed: child_set_env(&env, &envsize, "TERM", s->term);
0
1093 if (s->display)
s->displayDescription
TRUEnever evaluated
FALSEnever evaluated
0
1094 child_set_env(&env, &envsize, "DISPLAY", s->display);
never executed: child_set_env(&env, &envsize, "DISPLAY", s->display);
0
1095-
1096 /*-
1097 * Since we clear KRB5CCNAME at startup, if it's set now then it-
1098 * must have been set by a native authentication method (eg AIX or-
1099 * SIA), so copy it to the child.-
1100 */-
1101 {-
1102 char *cp;-
1103-
1104 if ((cp = getenv("KRB5CCNAME")) != NULL)
(cp = getenv("...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1105 child_set_env(&env, &envsize, "KRB5CCNAME", cp);
never executed: child_set_env(&env, &envsize, "KRB5CCNAME", cp);
0
1106 }-
1107-
1108#ifdef _AIX-
1109 {-
1110 char *cp;-
1111-
1112 if ((cp = getenv("AUTHSTATE")) != NULL)-
1113 child_set_env(&env, &envsize, "AUTHSTATE", cp);-
1114 read_environment_file(&env, &envsize, "/etc/environment",-
1115 options.permit_user_env_whitelist);-
1116 }-
1117#endif-
1118#ifdef KRB5-
1119 if (s->authctxt->krb5_ccname)-
1120 child_set_env(&env, &envsize, "KRB5CCNAME",-
1121 s->authctxt->krb5_ccname);-
1122#endif-
1123 if (auth_sock_name != NULL)
auth_sock_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1124 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
never executed: child_set_env(&env, &envsize, "SSH_AUTH_SOCK", auth_sock_name);
0
1125 auth_sock_name);
never executed: child_set_env(&env, &envsize, "SSH_AUTH_SOCK", auth_sock_name);
0
1126-
1127-
1128 /* Set custom environment options from pubkey authentication. */-
1129 if (options.permit_user_env) {
options.permit_user_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
1130 for (n = 0 ; n < auth_opts->nenv; n++) {
n < auth_opts->nenvDescription
TRUEnever evaluated
FALSEnever evaluated
0
1131 ocp = xstrdup(auth_opts->env[n]);-
1132 cp = strchr(ocp, '=');
__builtin_constant_p ( '=' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( ocp )Description
TRUEnever evaluated
FALSEnever evaluated
( '=' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1133 if (*cp == '=') {
*cp == '='Description
TRUEnever evaluated
FALSEnever evaluated
0
1134 *cp = '\0';-
1135 /* Apply PermitUserEnvironment whitelist */-
1136 if (options.permit_user_env_whitelist == NULL ||
options.permit...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1137 match_pattern_list(ocp,
match_pattern_...elist, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1138 options.permit_user_env_whitelist, 0) == 1)
match_pattern_...elist, 0) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1139 child_set_env(&env, &envsize,
never executed: child_set_env(&env, &envsize, ocp, cp + 1);
0
1140 ocp, cp + 1);
never executed: child_set_env(&env, &envsize, ocp, cp + 1);
0
1141 }
never executed: end of block
0
1142 free(ocp);-
1143 }
never executed: end of block
0
1144 }
never executed: end of block
0
1145-
1146 /* read $HOME/.ssh/environment. */-
1147 if (options.permit_user_env) {
options.permit_user_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
1148 snprintf(buf, sizeof buf, "%.200s/.ssh/environment",-
1149 pw->pw_dir);-
1150 read_environment_file(&env, &envsize, buf,-
1151 options.permit_user_env_whitelist);-
1152 }
never executed: end of block
0
1153-
1154#ifdef USE_PAM-
1155 /*-
1156 * Pull in any environment variables that may have-
1157 * been set by PAM.-
1158 */-
1159 if (options.use_pam) {-
1160 char **p;-
1161-
1162 /*-
1163 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak-
1164 * back into the environment.-
1165 */-
1166 p = fetch_pam_child_environment();-
1167 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");-
1168 free_pam_environment(p);-
1169-
1170 p = fetch_pam_environment();-
1171 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");-
1172 free_pam_environment(p);-
1173 }-
1174#endif /* USE_PAM */-
1175-
1176 /* Environment specified by admin */-
1177 for (i = 0; i < options.num_setenv; i++) {
i < options.num_setenvDescription
TRUEnever evaluated
FALSEnever evaluated
0
1178 cp = xstrdup(options.setenv[i]);-
1179 if ((value = strchr(cp, '=')) == NULL) {
(value = (__ex...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '=' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( cp )Description
TRUEnever evaluated
FALSEnever evaluated
( '=' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1180 /* shouldn't happen; vars are checked in servconf.c */-
1181 fatal("Invalid config SetEnv: %s", options.setenv[i]);-
1182 }
never executed: end of block
0
1183 *value++ = '\0';-
1184 child_set_env(&env, &envsize, cp, value);-
1185 }
never executed: end of block
0
1186-
1187 /* SSH_CLIENT deprecated */-
1188 snprintf(buf, sizeof buf, "%.50s %d %d",-
1189 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),-
1190 ssh_local_port(ssh));-
1191 child_set_env(&env, &envsize, "SSH_CLIENT", buf);-
1192-
1193 laddr = get_local_ipaddr(packet_get_connection_in());-
1194 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",-
1195 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),-
1196 laddr, ssh_local_port(ssh));-
1197 free(laddr);-
1198 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);-
1199-
1200 if (tun_fwd_ifnames != NULL)
tun_fwd_ifnames != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1201 child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames);
never executed: child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames);
0
1202 if (auth_info_file != NULL)
auth_info_file != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1203 child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file);
never executed: child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file);
0
1204 if (s->ttyfd != -1)
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1205 child_set_env(&env, &envsize, "SSH_TTY", s->tty);
never executed: child_set_env(&env, &envsize, "SSH_TTY", s->tty);
0
1206 if (original_command)
original_commandDescription
TRUEnever evaluated
FALSEnever evaluated
0
1207 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
never executed: child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command);
0
1208 original_command);
never executed: child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command);
0
1209-
1210 if (debug_flag) {
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1211 /* dump the environment */-
1212 fprintf(stderr, "Environment:\n");-
1213 for (i = 0; env[i]; i++)
env[i]Description
TRUEnever evaluated
FALSEnever evaluated
0
1214 fprintf(stderr, " %.200s\n", env[i]);
never executed: fprintf( stderr , " %.200s\n", env[i]);
0
1215 }
never executed: end of block
0
1216 return env;
never executed: return env;
0
1217}-
1218-
1219/*-
1220 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found-
1221 * first in this order).-
1222 */-
1223static void-
1224do_rc_files(struct ssh *ssh, Session *s, const char *shell)-
1225{-
1226 FILE *f = NULL;-
1227 char cmd[1024];-
1228 int do_xauth;-
1229 struct stat st;-
1230-
1231 do_xauth =-
1232 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
s->display != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
s->auth_proto != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
s->auth_data != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1233-
1234 /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */-
1235 if (!s->is_subsystem && options.adm_forced_command == NULL &&
!s->is_subsystemDescription
TRUEnever evaluated
FALSEnever evaluated
options.adm_fo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1236 auth_opts->permit_user_rc && options.permit_user_rc &&
auth_opts->permit_user_rcDescription
TRUEnever evaluated
FALSEnever evaluated
options.permit_user_rcDescription
TRUEnever evaluated
FALSEnever evaluated
0
1237 stat(_PATH_SSH_USER_RC, &st) >= 0) {
stat(".ssh" "/rc", &st) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1238 snprintf(cmd, sizeof cmd, "%s -c '%s %s'",-
1239 shell, _PATH_BSHELL, _PATH_SSH_USER_RC);-
1240 if (debug_flag)
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1241 fprintf(stderr, "Running %s\n", cmd);
never executed: fprintf( stderr , "Running %s\n", cmd);
0
1242 f = popen(cmd, "w");-
1243 if (f) {
fDescription
TRUEnever evaluated
FALSEnever evaluated
0
1244 if (do_xauth)
do_xauthDescription
TRUEnever evaluated
FALSEnever evaluated
0
1245 fprintf(f, "%s %s\n", s->auth_proto,
never executed: fprintf(f, "%s %s\n", s->auth_proto, s->auth_data);
0
1246 s->auth_data);
never executed: fprintf(f, "%s %s\n", s->auth_proto, s->auth_data);
0
1247 pclose(f);-
1248 } else
never executed: end of block
0
1249 fprintf(stderr, "Could not run %s\n",
never executed: fprintf( stderr , "Could not run %s\n", ".ssh" "/rc");
0
1250 _PATH_SSH_USER_RC);
never executed: fprintf( stderr , "Could not run %s\n", ".ssh" "/rc");
0
1251 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
stat("/var/tmp...rc", &st) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1252 if (debug_flag)
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1253 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
never executed: fprintf( stderr , "Running %s %s\n", "/bin/sh" , "/var/tmp/openssh-test/etc" "/sshrc");
0
1254 _PATH_SSH_SYSTEM_RC);
never executed: fprintf( stderr , "Running %s %s\n", "/bin/sh" , "/var/tmp/openssh-test/etc" "/sshrc");
0
1255 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");-
1256 if (f) {
fDescription
TRUEnever evaluated
FALSEnever evaluated
0
1257 if (do_xauth)
do_xauthDescription
TRUEnever evaluated
FALSEnever evaluated
0
1258 fprintf(f, "%s %s\n", s->auth_proto,
never executed: fprintf(f, "%s %s\n", s->auth_proto, s->auth_data);
0
1259 s->auth_data);
never executed: fprintf(f, "%s %s\n", s->auth_proto, s->auth_data);
0
1260 pclose(f);-
1261 } else
never executed: end of block
0
1262 fprintf(stderr, "Could not run %s\n",
never executed: fprintf( stderr , "Could not run %s\n", "/var/tmp/openssh-test/etc" "/sshrc");
0
1263 _PATH_SSH_SYSTEM_RC);
never executed: fprintf( stderr , "Could not run %s\n", "/var/tmp/openssh-test/etc" "/sshrc");
0
1264 } else if (do_xauth && options.xauth_location != NULL) {
do_xauthDescription
TRUEnever evaluated
FALSEnever evaluated
options.xauth_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1265 /* Add authority data to .Xauthority if appropriate. */-
1266 if (debug_flag) {
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
1267 fprintf(stderr,-
1268 "Running %.500s remove %.100s\n",-
1269 options.xauth_location, s->auth_display);-
1270 fprintf(stderr,-
1271 "%.500s add %.100s %.100s %.100s\n",-
1272 options.xauth_location, s->auth_display,-
1273 s->auth_proto, s->auth_data);-
1274 }
never executed: end of block
0
1275 snprintf(cmd, sizeof cmd, "%s -q -",-
1276 options.xauth_location);-
1277 f = popen(cmd, "w");-
1278 if (f) {
fDescription
TRUEnever evaluated
FALSEnever evaluated
0
1279 fprintf(f, "remove %s\n",-
1280 s->auth_display);-
1281 fprintf(f, "add %s %s %s\n",-
1282 s->auth_display, s->auth_proto,-
1283 s->auth_data);-
1284 pclose(f);-
1285 } else {
never executed: end of block
0
1286 fprintf(stderr, "Could not run %s\n",-
1287 cmd);-
1288 }
never executed: end of block
0
1289 }-
1290}
never executed: end of block
0
1291-
1292static void-
1293do_nologin(struct passwd *pw)-
1294{-
1295 FILE *f = NULL;-
1296 char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;-
1297 struct stat sb;-
1298-
1299#ifdef HAVE_LOGIN_CAP-
1300 if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)-
1301 return;-
1302 nl = login_getcapstr(lc, "nologin", def_nl, def_nl);-
1303#else-
1304 if (pw->pw_uid == 0)
pw->pw_uid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1305 return;
never executed: return;
0
1306 nl = def_nl;-
1307#endif-
1308 if (stat(nl, &sb) == -1) {
stat(nl, &sb) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1309 if (nl != def_nl)
nl != def_nlDescription
TRUEnever evaluated
FALSEnever evaluated
0
1310 free(nl);
never executed: free(nl);
0
1311 return;
never executed: return;
0
1312 }-
1313-
1314 /* /etc/nologin exists. Print its contents if we can and exit. */-
1315 logit("User %.100s not allowed because %s exists", pw->pw_name, nl);-
1316 if ((f = fopen(nl, "r")) != NULL) {
(f = fopen(nl,...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1317 while (fgets(buf, sizeof(buf), f))
fgets(buf, sizeof(buf), f)Description
TRUEnever evaluated
FALSEnever evaluated
0
1318 fputs(buf, stderr);
never executed: fputs(buf, stderr );
0
1319 fclose(f);-
1320 }
never executed: end of block
0
1321 exit(254);
never executed: exit(254);
0
1322}-
1323-
1324/*-
1325 * Chroot into a directory after checking it for safety: all path components-
1326 * must be root-owned directories with strict permissions.-
1327 */-
1328static void-
1329safely_chroot(const char *path, uid_t uid)-
1330{-
1331 const char *cp;-
1332 char component[PATH_MAX];-
1333 struct stat st;-
1334-
1335 if (*path != '/')
*path != '/'Description
TRUEnever evaluated
FALSEnever evaluated
0
1336 fatal("chroot path does not begin at root");
never executed: fatal("chroot path does not begin at root");
0
1337 if (strlen(path) >= sizeof(component))
strlen(path) >...eof(component)Description
TRUEnever evaluated
FALSEnever evaluated
0
1338 fatal("chroot path too long");
never executed: fatal("chroot path too long");
0
1339-
1340 /*-
1341 * Descend the path, checking that each component is a-
1342 * root-owned directory with strict permissions.-
1343 */-
1344 for (cp = path; cp != NULL;) {
cp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1345 if ((cp = strchr(cp, '/')) == NULL)
(cp = (__exten...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '/' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( cp )Description
TRUEnever evaluated
FALSEnever evaluated
( '/' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1346 strlcpy(component, path, sizeof(component));
never executed: strlcpy(component, path, sizeof(component));
0
1347 else {-
1348 cp++;-
1349 memcpy(component, path, cp - path);-
1350 component[cp - path] = '\0';-
1351 }
never executed: end of block
0
1352 -
1353 debug3("%s: checking '%s'", __func__, component);-
1354-
1355 if (stat(component, &st) != 0)
stat(component, &st) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1356 fatal("%s: stat(\"%s\"): %s", __func__,
never executed: fatal("%s: stat(\"%s\"): %s", __func__, component, strerror( (*__errno_location ()) ));
0
1357 component, strerror(errno));
never executed: fatal("%s: stat(\"%s\"): %s", __func__, component, strerror( (*__errno_location ()) ));
0
1358 if (st.st_uid != 0 || (st.st_mode & 022) != 0)
st.st_uid != 0Description
TRUEnever evaluated
FALSEnever evaluated
(st.st_mode & 022) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1359 fatal("bad ownership or modes for chroot "
never executed: fatal("bad ownership or modes for chroot " "directory %s\"%s\"", cp == ((void *)0) ? "" : "component ", component);
0
1360 "directory %s\"%s\"",
never executed: fatal("bad ownership or modes for chroot " "directory %s\"%s\"", cp == ((void *)0) ? "" : "component ", component);
0
1361 cp == NULL ? "" : "component ", component);
never executed: fatal("bad ownership or modes for chroot " "directory %s\"%s\"", cp == ((void *)0) ? "" : "component ", component);
0
1362 if (!S_ISDIR(st.st_mode))
! (((( st.st_m... == (0040000))Description
TRUEnever evaluated
FALSEnever evaluated
0
1363 fatal("chroot path %s\"%s\" is not a directory",
never executed: fatal("chroot path %s\"%s\" is not a directory", cp == ((void *)0) ? "" : "component ", component);
0
1364 cp == NULL ? "" : "component ", component);
never executed: fatal("chroot path %s\"%s\" is not a directory", cp == ((void *)0) ? "" : "component ", component);
0
1365-
1366 }
never executed: end of block
0
1367-
1368 if (chdir(path) == -1)
chdir(path) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 fatal("Unable to chdir to chroot path \"%s\": "
never executed: fatal("Unable to chdir to chroot path \"%s\": " "%s", path, strerror( (*__errno_location ()) ));
0
1370 "%s", path, strerror(errno));
never executed: fatal("Unable to chdir to chroot path \"%s\": " "%s", path, strerror( (*__errno_location ()) ));
0
1371 if (chroot(path) == -1)
chroot(path) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1372 fatal("chroot(\"%s\"): %s", path, strerror(errno));
never executed: fatal("chroot(\"%s\"): %s", path, strerror( (*__errno_location ()) ));
0
1373 if (chdir("/") == -1)
chdir("/") == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1374 fatal("%s: chdir(/) after chroot: %s",
never executed: fatal("%s: chdir(/) after chroot: %s", __func__, strerror( (*__errno_location ()) ));
0
1375 __func__, strerror(errno));
never executed: fatal("%s: chdir(/) after chroot: %s", __func__, strerror( (*__errno_location ()) ));
0
1376 verbose("Changed root directory to \"%s\"", path);-
1377}
never executed: end of block
0
1378-
1379/* Set login name, uid, gid, and groups. */-
1380void-
1381do_setusercontext(struct passwd *pw)-
1382{-
1383 char uidstr[32], *chroot_path, *tmp;-
1384-
1385 platform_setusercontext(pw);-
1386-
1387 if (platform_privileged_uidswap()) {
platform_privileged_uidswap()Description
TRUEnever evaluated
FALSEnever evaluated
0
1388#ifdef HAVE_LOGIN_CAP-
1389 if (setusercontext(lc, pw, pw->pw_uid,-
1390 (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {-
1391 perror("unable to set user context");-
1392 exit(1);-
1393 }-
1394#else-
1395 if (setlogin(pw->pw_name) < 0)
setlogin(pw->pw_name) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1396 error("setlogin failed: %s", strerror(errno));
never executed: error("setlogin failed: %s", strerror( (*__errno_location ()) ));
0
1397 if (setgid(pw->pw_gid) < 0) {
setgid(pw->pw_gid) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1398 perror("setgid");-
1399 exit(1);
never executed: exit(1);
0
1400 }-
1401 /* Initialize the group list. */-
1402 if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
initgroups(pw-...w->pw_gid) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1403 perror("initgroups");-
1404 exit(1);
never executed: exit(1);
0
1405 }-
1406 endgrent();-
1407#endif-
1408-
1409 platform_setusercontext_post_groups(pw);-
1410-
1411 if (!in_chroot && options.chroot_directory != NULL &&
!in_chrootDescription
TRUEnever evaluated
FALSEnever evaluated
options.chroot...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1412 strcasecmp(options.chroot_directory, "none") != 0) {
strcasecmp(opt..., "none") != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1413 tmp = tilde_expand_filename(options.chroot_directory,-
1414 pw->pw_uid);-
1415 snprintf(uidstr, sizeof(uidstr), "%llu",-
1416 (unsigned long long)pw->pw_uid);-
1417 chroot_path = percent_expand(tmp, "h", pw->pw_dir,-
1418 "u", pw->pw_name, "U", uidstr, (char *)NULL);-
1419 safely_chroot(chroot_path, pw->pw_uid);-
1420 free(tmp);-
1421 free(chroot_path);-
1422 /* Make sure we don't attempt to chroot again */-
1423 free(options.chroot_directory);-
1424 options.chroot_directory = NULL;-
1425 in_chroot = 1;-
1426 }
never executed: end of block
0
1427-
1428#ifdef HAVE_LOGIN_CAP-
1429 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {-
1430 perror("unable to set user context (setuser)");-
1431 exit(1);-
1432 }-
1433 /* -
1434 * FreeBSD's setusercontext() will not apply the user's-
1435 * own umask setting unless running with the user's UID.-
1436 */-
1437 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);-
1438#else-
1439# ifdef USE_LIBIAF-
1440 /*-
1441 * In a chroot environment, the set_id() will always fail;-
1442 * typically because of the lack of necessary authentication-
1443 * services and runtime such as ./usr/lib/libiaf.so,-
1444 * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the-
1445 * internal sftp chroot case. We'll lose auditing and ACLs but-
1446 * permanently_set_uid will take care of the rest.-
1447 */-
1448 if (!in_chroot && set_id(pw->pw_name) != 0)-
1449 fatal("set_id(%s) Failed", pw->pw_name);-
1450# endif /* USE_LIBIAF */-
1451 /* Permanently switch to the desired uid. */-
1452 permanently_set_uid(pw);-
1453#endif-
1454 } else if (options.chroot_directory != NULL &&
never executed: end of block
options.chroot...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1455 strcasecmp(options.chroot_directory, "none") != 0) {
strcasecmp(opt..., "none") != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1456 fatal("server lacks privileges to chroot to ChrootDirectory");-
1457 }
never executed: end of block
0
1458-
1459 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
getuid() != pw->pw_uidDescription
TRUEnever evaluated
FALSEnever evaluated
geteuid() != pw->pw_uidDescription
TRUEnever evaluated
FALSEnever evaluated
0
1460 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
never executed: fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
0
1461}
never executed: end of block
0
1462-
1463static void-
1464do_pwchange(Session *s)-
1465{-
1466 fflush(NULL);-
1467 fprintf(stderr, "WARNING: Your password has expired.\n");-
1468 if (s->ttyfd != -1) {
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1469 fprintf(stderr,-
1470 "You must change your password now and login again!\n");-
1471#ifdef WITH_SELINUX-
1472 setexeccon(NULL);-
1473#endif-
1474#ifdef PASSWD_NEEDS_USERNAME-
1475 execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,-
1476 (char *)NULL);-
1477#else-
1478 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);-
1479#endif-
1480 perror("passwd");-
1481 } else {
never executed: end of block
0
1482 fprintf(stderr,-
1483 "Password change required but no TTY available.\n");-
1484 }
never executed: end of block
0
1485 exit(1);
never executed: exit(1);
0
1486}-
1487-
1488static void-
1489child_close_fds(struct ssh *ssh)-
1490{-
1491 extern int auth_sock;-
1492-
1493 if (auth_sock != -1) {
auth_sock != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1494 close(auth_sock);-
1495 auth_sock = -1;-
1496 }
never executed: end of block
0
1497-
1498 if (packet_get_connection_in() == packet_get_connection_out())
ssh_packet_get...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
0
1499 close(packet_get_connection_in());
never executed: close(ssh_packet_get_connection_in(active_state));
0
1500 else {-
1501 close(packet_get_connection_in());-
1502 close(packet_get_connection_out());-
1503 }
never executed: end of block
0
1504 /*-
1505 * Close all descriptors related to channels. They will still remain-
1506 * open in the parent.-
1507 */-
1508 /* XXX better use close-on-exec? -markus */-
1509 channel_close_all(ssh);-
1510-
1511 /*-
1512 * Close any extra file descriptors. Note that there may still be-
1513 * descriptors left by system functions. They will be closed later.-
1514 */-
1515 endpwent();-
1516-
1517 /*-
1518 * Close any extra open file descriptors so that we don't have them-
1519 * hanging around in clients. Note that we want to do this after-
1520 * initgroups, because at least on Solaris 2.3 it leaves file-
1521 * descriptors open.-
1522 */-
1523 closefrom(STDERR_FILENO + 1);-
1524}
never executed: end of block
0
1525-
1526/*-
1527 * Performs common processing for the child, such as setting up the-
1528 * environment, closing extra file descriptors, setting the user and group-
1529 * ids, and executing the command or shell.-
1530 */-
1531#define ARGV_MAX 10-
1532void-
1533do_child(struct ssh *ssh, Session *s, const char *command)-
1534{-
1535 extern char **environ;-
1536 char **env;-
1537 char *argv[ARGV_MAX];-
1538 const char *shell, *shell0;-
1539 struct passwd *pw = s->pw;-
1540 int r = 0;-
1541-
1542 /* remove hostkey from the child's memory */-
1543 destroy_sensitive_data();-
1544 packet_clear_keys();-
1545-
1546 /* Force a password change */-
1547 if (s->authctxt->force_pwchange) {
s->authctxt->force_pwchangeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1548 do_setusercontext(pw);-
1549 child_close_fds(ssh);-
1550 do_pwchange(s);-
1551 exit(1);
never executed: exit(1);
0
1552 }-
1553-
1554 /*-
1555 * Login(1) does this as well, and it needs uid 0 for the "-h"-
1556 * switch, so we let login(1) to this for us.-
1557 */-
1558#ifdef HAVE_OSF_SIA-
1559 session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);-
1560 if (!check_quietlogin(s, command))-
1561 do_motd();-
1562#else /* HAVE_OSF_SIA */-
1563 /* When PAM is enabled we rely on it to do the nologin check */-
1564 if (!options.use_pam)
!options.use_pamDescription
TRUEnever evaluated
FALSEnever evaluated
0
1565 do_nologin(pw);
never executed: do_nologin(pw);
0
1566 do_setusercontext(pw);-
1567 /*-
1568 * PAM session modules in do_setusercontext may have-
1569 * generated messages, so if this in an interactive-
1570 * login then display them too.-
1571 */-
1572 if (!check_quietlogin(s, command))
!check_quietlogin(s, command)Description
TRUEnever evaluated
FALSEnever evaluated
0
1573 display_loginmsg();
never executed: display_loginmsg();
0
1574#endif /* HAVE_OSF_SIA */-
1575-
1576#ifdef USE_PAM-
1577 if (options.use_pam && !is_pam_session_open()) {-
1578 debug3("PAM session not opened, exiting");-
1579 display_loginmsg();-
1580 exit(254);-
1581 }-
1582#endif-
1583-
1584 /*-
1585 * Get the shell from the password data. An empty shell field is-
1586 * legal, and means /bin/sh.-
1587 */-
1588 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
(pw->pw_shell[0] == '\0')Description
TRUEnever evaluated
FALSEnever evaluated
0
1589-
1590 /*-
1591 * Make sure $SHELL points to the shell from the password file,-
1592 * even if shell is overridden from login.conf-
1593 */-
1594 env = do_setup_env(ssh, s, shell);-
1595-
1596#ifdef HAVE_LOGIN_CAP-
1597 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);-
1598#endif-
1599-
1600 /*-
1601 * Close the connection descriptors; note that this is the child, and-
1602 * the server will still have the socket open, and it is important-
1603 * that we do not shutdown it. Note that the descriptors cannot be-
1604 * closed before building the environment, as we call-
1605 * ssh_remote_ipaddr there.-
1606 */-
1607 child_close_fds(ssh);-
1608-
1609 /*-
1610 * Must take new environment into use so that .ssh/rc,-
1611 * /etc/ssh/sshrc and xauth are run in the proper environment.-
1612 */-
1613 environ = env;-
1614-
1615#if defined(KRB5) && defined(USE_AFS)-
1616 /*-
1617 * At this point, we check to see if AFS is active and if we have-
1618 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see-
1619 * if we can (and need to) extend the ticket into an AFS token. If-
1620 * we don't do this, we run into potential problems if the user's-
1621 * home directory is in AFS and it's not world-readable.-
1622 */-
1623-
1624 if (options.kerberos_get_afs_token && k_hasafs() &&-
1625 (s->authctxt->krb5_ctx != NULL)) {-
1626 char cell[64];-
1627-
1628 debug("Getting AFS token");-
1629-
1630 k_setpag();-
1631-
1632 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)-
1633 krb5_afslog(s->authctxt->krb5_ctx,-
1634 s->authctxt->krb5_fwd_ccache, cell, NULL);-
1635-
1636 krb5_afslog_home(s->authctxt->krb5_ctx,-
1637 s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);-
1638 }-
1639#endif-
1640-
1641 /* Change current directory to the user's home directory. */-
1642 if (chdir(pw->pw_dir) < 0) {
chdir(pw->pw_dir) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1643 /* Suppress missing homedir warning for chroot case */-
1644#ifdef HAVE_LOGIN_CAP-
1645 r = login_getcapbool(lc, "requirehome", 0);-
1646#endif-
1647 if (r || !in_chroot) {
rDescription
TRUEnever evaluated
FALSEnever evaluated
!in_chrootDescription
TRUEnever evaluated
FALSEnever evaluated
0
1648 fprintf(stderr, "Could not chdir to home "-
1649 "directory %s: %s\n", pw->pw_dir,-
1650 strerror(errno));-
1651 }
never executed: end of block
0
1652 if (r)
rDescription
TRUEnever evaluated
FALSEnever evaluated
0
1653 exit(1);
never executed: exit(1);
0
1654 }
never executed: end of block
0
1655-
1656 closefrom(STDERR_FILENO + 1);-
1657-
1658 do_rc_files(ssh, s, shell);-
1659-
1660 /* restore SIGPIPE for child */-
1661 signal(SIGPIPE, SIG_DFL);-
1662-
1663 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
s->is_subsystem == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1664 printf("This service allows sftp connections only.\n");-
1665 fflush(NULL);-
1666 exit(1);
never executed: exit(1);
0
1667 } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
s->is_subsystem == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1668 extern int optind, optreset;-
1669 int i;-
1670 char *p, *args;-
1671-
1672 setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);-
1673 args = xstrdup(command ? command : "sftp-server");-
1674 for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
pDescription
TRUEnever evaluated
FALSEnever evaluated
0
1675 if (i < ARGV_MAX - 1)
i < 10 - 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1676 argv[i++] = p;
never executed: argv[i++] = p;
0
1677 argv[i] = NULL;-
1678 optind = optreset = 1;-
1679 __progname = argv[0];-
1680#ifdef WITH_SELINUX-
1681 ssh_selinux_change_context("sftpd_t");-
1682#endif-
1683 exit(sftp_server_main(i, argv, s->pw));
never executed: exit(sftp_server_main(i, argv, s->pw));
0
1684 }-
1685-
1686 fflush(NULL);-
1687-
1688 /* Get the last component of the shell name. */-
1689 if ((shell0 = strrchr(shell, '/')) != NULL)
(shell0 = strr...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1690 shell0++;
never executed: shell0++;
0
1691 else-
1692 shell0 = shell;
never executed: shell0 = shell;
0
1693-
1694 /*-
1695 * If we have no command, execute the shell. In this case, the shell-
1696 * name to be passed in argv[0] is preceded by '-' to indicate that-
1697 * this is a login shell.-
1698 */-
1699 if (!command) {
!commandDescription
TRUEnever evaluated
FALSEnever evaluated
0
1700 char argv0[256];-
1701-
1702 /* Start the shell. Set initial character to '-'. */-
1703 argv0[0] = '-';-
1704-
1705 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
strlcpy(argv0 ...eof(argv0) - 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1706 >= sizeof(argv0) - 1) {
strlcpy(argv0 ...eof(argv0) - 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1707 errno = EINVAL;-
1708 perror(shell);-
1709 exit(1);
never executed: exit(1);
0
1710 }-
1711-
1712 /* Execute the shell. */-
1713 argv[0] = argv0;-
1714 argv[1] = NULL;-
1715 execve(shell, argv, env);-
1716-
1717 /* Executing the shell failed. */-
1718 perror(shell);-
1719 exit(1);
never executed: exit(1);
0
1720 }-
1721 /*-
1722 * Execute the command using the user's shell. This uses the -c-
1723 * option to execute the command.-
1724 */-
1725 argv[0] = (char *) shell0;-
1726 argv[1] = "-c";-
1727 argv[2] = (char *) command;-
1728 argv[3] = NULL;-
1729 execve(shell, argv, env);-
1730 perror(shell);-
1731 exit(1);
never executed: exit(1);
0
1732}-
1733-
1734void-
1735session_unused(int id)-
1736{-
1737 debug3("%s: session id %d unused", __func__, id);-
1738 if (id >= options.max_sessions ||
id >= options.max_sessionsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1739 id >= sessions_nalloc) {
id >= sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1740 fatal("%s: insane session id %d (max %d nalloc %d)",-
1741 __func__, id, options.max_sessions, sessions_nalloc);-
1742 }
never executed: end of block
0
1743 memset(&sessions[id], 0, sizeof(*sessions));-
1744 sessions[id].self = id;-
1745 sessions[id].used = 0;-
1746 sessions[id].chanid = -1;-
1747 sessions[id].ptyfd = -1;-
1748 sessions[id].ttyfd = -1;-
1749 sessions[id].ptymaster = -1;-
1750 sessions[id].x11_chanids = NULL;-
1751 sessions[id].next_unused = sessions_first_unused;-
1752 sessions_first_unused = id;-
1753}
never executed: end of block
0
1754-
1755Session *-
1756session_new(void)-
1757{-
1758 Session *s, *tmp;-
1759-
1760 if (sessions_first_unused == -1) {
sessions_first_unused == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1761 if (sessions_nalloc >= options.max_sessions)
sessions_nallo...s.max_sessionsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1762 return NULL;
never executed: return ((void *)0) ;
0
1763 debug2("%s: allocate (allocated %d max %d)",-
1764 __func__, sessions_nalloc, options.max_sessions);-
1765 tmp = xrecallocarray(sessions, sessions_nalloc,-
1766 sessions_nalloc + 1, sizeof(*sessions));-
1767 if (tmp == NULL) {
tmp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1768 error("%s: cannot allocate %d sessions",-
1769 __func__, sessions_nalloc + 1);-
1770 return NULL;
never executed: return ((void *)0) ;
0
1771 }-
1772 sessions = tmp;-
1773 session_unused(sessions_nalloc++);-
1774 }
never executed: end of block
0
1775-
1776 if (sessions_first_unused >= sessions_nalloc ||
sessions_first...essions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1777 sessions_first_unused < 0) {
sessions_first_unused < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1778 fatal("%s: insane first_unused %d max %d nalloc %d",-
1779 __func__, sessions_first_unused, options.max_sessions,-
1780 sessions_nalloc);-
1781 }
never executed: end of block
0
1782-
1783 s = &sessions[sessions_first_unused];-
1784 if (s->used) {
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1785 fatal("%s: session %d already used",-
1786 __func__, sessions_first_unused);-
1787 }
never executed: end of block
0
1788 sessions_first_unused = s->next_unused;-
1789 s->used = 1;-
1790 s->next_unused = -1;-
1791 debug("session_new: session %d", s->self);-
1792-
1793 return s;
never executed: return s;
0
1794}-
1795-
1796static void-
1797session_dump(void)-
1798{-
1799 int i;-
1800 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1801 Session *s = &sessions[i];-
1802-
1803 debug("dump: used %d next_unused %d session %d %p "-
1804 "channel %d pid %ld",-
1805 s->used,-
1806 s->next_unused,-
1807 s->self,-
1808 s,-
1809 s->chanid,-
1810 (long)s->pid);-
1811 }
never executed: end of block
0
1812}
never executed: end of block
0
1813-
1814int-
1815session_open(Authctxt *authctxt, int chanid)-
1816{-
1817 Session *s = session_new();-
1818 debug("session_open: channel %d", chanid);-
1819 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1820 error("no more sessions");-
1821 return 0;
never executed: return 0;
0
1822 }-
1823 s->authctxt = authctxt;-
1824 s->pw = authctxt->pw;-
1825 if (s->pw == NULL || !authctxt->valid)
s->pw == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!authctxt->validDescription
TRUEnever evaluated
FALSEnever evaluated
0
1826 fatal("no user for session %d", s->self);
never executed: fatal("no user for session %d", s->self);
0
1827 debug("session_open: session %d: link with channel %d", s->self, chanid);-
1828 s->chanid = chanid;-
1829 return 1;
never executed: return 1;
0
1830}-
1831-
1832Session *-
1833session_by_tty(char *tty)-
1834{-
1835 int i;-
1836 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1837 Session *s = &sessions[i];-
1838 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( s->tty ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( tty ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1839 debug("session_by_tty: session %d tty %s", i, tty);-
1840 return s;
never executed: return s;
0
1841 }-
1842 }
never executed: end of block
0
1843 debug("session_by_tty: unknown tty %.100s", tty);-
1844 session_dump();-
1845 return NULL;
never executed: return ((void *)0) ;
0
1846}-
1847-
1848static Session *-
1849session_by_channel(int id)-
1850{-
1851 int i;-
1852 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1853 Session *s = &sessions[i];-
1854 if (s->used && s->chanid == id) {
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
s->chanid == idDescription
TRUEnever evaluated
FALSEnever evaluated
0
1855 debug("session_by_channel: session %d channel %d",-
1856 i, id);-
1857 return s;
never executed: return s;
0
1858 }-
1859 }
never executed: end of block
0
1860 debug("session_by_channel: unknown channel %d", id);-
1861 session_dump();-
1862 return NULL;
never executed: return ((void *)0) ;
0
1863}-
1864-
1865static Session *-
1866session_by_x11_channel(int id)-
1867{-
1868 int i, j;-
1869-
1870 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1871 Session *s = &sessions[i];-
1872-
1873 if (s->x11_chanids == NULL || !s->used)
s->x11_chanids == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1874 continue;
never executed: continue;
0
1875 for (j = 0; s->x11_chanids[j] != -1; j++) {
s->x11_chanids[j] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1876 if (s->x11_chanids[j] == id) {
s->x11_chanids[j] == idDescription
TRUEnever evaluated
FALSEnever evaluated
0
1877 debug("session_by_x11_channel: session %d "-
1878 "channel %d", s->self, id);-
1879 return s;
never executed: return s;
0
1880 }-
1881 }
never executed: end of block
0
1882 }
never executed: end of block
0
1883 debug("session_by_x11_channel: unknown channel %d", id);-
1884 session_dump();-
1885 return NULL;
never executed: return ((void *)0) ;
0
1886}-
1887-
1888static Session *-
1889session_by_pid(pid_t pid)-
1890{-
1891 int i;-
1892 debug("session_by_pid: pid %ld", (long)pid);-
1893 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
1894 Session *s = &sessions[i];-
1895 if (s->used && s->pid == pid)
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
s->pid == pidDescription
TRUEnever evaluated
FALSEnever evaluated
0
1896 return s;
never executed: return s;
0
1897 }
never executed: end of block
0
1898 error("session_by_pid: unknown pid %ld", (long)pid);-
1899 session_dump();-
1900 return NULL;
never executed: return ((void *)0) ;
0
1901}-
1902-
1903static int-
1904session_window_change_req(struct ssh *ssh, Session *s)-
1905{-
1906 s->col = packet_get_int();-
1907 s->row = packet_get_int();-
1908 s->xpixel = packet_get_int();-
1909 s->ypixel = packet_get_int();-
1910 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1911 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);-
1912 return 1;
never executed: return 1;
0
1913}-
1914-
1915static int-
1916session_pty_req(struct ssh *ssh, Session *s)-
1917{-
1918 u_int len;-
1919-
1920 if (!auth_opts->permit_pty_flag || !options.permit_tty) {
!auth_opts->permit_pty_flagDescription
TRUEnever evaluated
FALSEnever evaluated
!options.permit_ttyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1921 debug("Allocating a pty not permitted for this connection.");-
1922 return 0;
never executed: return 0;
0
1923 }-
1924 if (s->ttyfd != -1) {
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1925 packet_disconnect("Protocol error: you already have a pty.");-
1926 return 0;
never executed: return 0;
0
1927 }-
1928-
1929 s->term = packet_get_string(&len);-
1930 s->col = packet_get_int();-
1931 s->row = packet_get_int();-
1932 s->xpixel = packet_get_int();-
1933 s->ypixel = packet_get_int();-
1934-
1935 if (strcmp(s->term, "") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( s->term ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1936 free(s->term);-
1937 s->term = NULL;-
1938 }
never executed: end of block
0
1939-
1940 /* Allocate a pty and open it. */-
1941 debug("Allocating pty.");-
1942 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
!(use_privsep ...zeof(s->tty)))Description
TRUEnever evaluated
FALSEnever evaluated
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
0
1943 sizeof(s->tty)))) {-
1944 free(s->term);-
1945 s->term = NULL;-
1946 s->ptyfd = -1;-
1947 s->ttyfd = -1;-
1948 error("session_pty_req: session %d alloc failed", s->self);-
1949 return 0;
never executed: return 0;
0
1950 }-
1951 debug("session_pty_req: session %d alloc %s", s->self, s->tty);-
1952-
1953 ssh_tty_parse_modes(ssh, s->ttyfd);-
1954-
1955 if (!use_privsep)
!use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
0
1956 pty_setowner(s->pw, s->tty);
never executed: pty_setowner(s->pw, s->tty);
0
1957-
1958 /* Set window size from the packet. */-
1959 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);-
1960-
1961 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1962 session_proctitle(s);-
1963 return 1;
never executed: return 1;
0
1964}-
1965-
1966static int-
1967session_subsystem_req(struct ssh *ssh, Session *s)-
1968{-
1969 struct stat st;-
1970 u_int len;-
1971 int success = 0;-
1972 char *prog, *cmd;-
1973 u_int i;-
1974-
1975 s->subsys = packet_get_string(&len);-
1976 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1977 debug2("subsystem request for %.100s by user %s", s->subsys,-
1978 s->pw->pw_name);-
1979-
1980 for (i = 0; i < options.num_subsystems; i++) {
i < options.num_subsystemsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1981 if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( s->subsys ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( options.subsystem_name[i] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1982 prog = options.subsystem_command[i];-
1983 cmd = options.subsystem_args[i];-
1984 if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( "internal-sftp" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( prog ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1985 s->is_subsystem = SUBSYSTEM_INT_SFTP;-
1986 debug("subsystem: %s", prog);-
1987 } else {
never executed: end of block
0
1988 if (stat(prog, &st) < 0)
stat(prog, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1989 debug("subsystem: cannot stat %s: %s",
never executed: debug("subsystem: cannot stat %s: %s", prog, strerror( (*__errno_location ()) ));
0
1990 prog, strerror(errno));
never executed: debug("subsystem: cannot stat %s: %s", prog, strerror( (*__errno_location ()) ));
0
1991 s->is_subsystem = SUBSYSTEM_EXT;-
1992 debug("subsystem: exec() %s", cmd);-
1993 }
never executed: end of block
0
1994 success = do_exec(ssh, s, cmd) == 0;-
1995 break;
never executed: break;
0
1996 }-
1997 }
never executed: end of block
0
1998-
1999 if (!success)
!successDescription
TRUEnever evaluated
FALSEnever evaluated
0
2000 logit("subsystem request for %.100s by user %s failed, "
never executed: logit("subsystem request for %.100s by user %s failed, " "subsystem not found", s->subsys, s->pw->pw_name);
0
2001 "subsystem not found", s->subsys, s->pw->pw_name);
never executed: logit("subsystem request for %.100s by user %s failed, " "subsystem not found", s->subsys, s->pw->pw_name);
0
2002-
2003 return success;
never executed: return success;
0
2004}-
2005-
2006static int-
2007session_x11_req(struct ssh *ssh, Session *s)-
2008{-
2009 int success;-
2010-
2011 if (s->auth_proto != NULL || s->auth_data != NULL) {
s->auth_proto != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
s->auth_data != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2012 error("session_x11_req: session %d: "-
2013 "x11 forwarding already active", s->self);-
2014 return 0;
never executed: return 0;
0
2015 }-
2016 s->single_connection = packet_get_char();-
2017 s->auth_proto = packet_get_string(NULL);-
2018 s->auth_data = packet_get_string(NULL);-
2019 s->screen = packet_get_int();-
2020 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2021-
2022 if (xauth_valid_string(s->auth_proto) &&
xauth_valid_st...s->auth_proto)Description
TRUEnever evaluated
FALSEnever evaluated
0
2023 xauth_valid_string(s->auth_data))
xauth_valid_st...(s->auth_data)Description
TRUEnever evaluated
FALSEnever evaluated
0
2024 success = session_setup_x11fwd(ssh, s);
never executed: success = session_setup_x11fwd(ssh, s);
0
2025 else {-
2026 success = 0;-
2027 error("Invalid X11 forwarding data");-
2028 }
never executed: end of block
0
2029 if (!success) {
!successDescription
TRUEnever evaluated
FALSEnever evaluated
0
2030 free(s->auth_proto);-
2031 free(s->auth_data);-
2032 s->auth_proto = NULL;-
2033 s->auth_data = NULL;-
2034 }
never executed: end of block
0
2035 return success;
never executed: return success;
0
2036}-
2037-
2038static int-
2039session_shell_req(struct ssh *ssh, Session *s)-
2040{-
2041 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2042 return do_exec(ssh, s, NULL) == 0;
never executed: return do_exec(ssh, s, ((void *)0) ) == 0;
0
2043}-
2044-
2045static int-
2046session_exec_req(struct ssh *ssh, Session *s)-
2047{-
2048 u_int len, success;-
2049-
2050 char *command = packet_get_string(&len);-
2051 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2052 success = do_exec(ssh, s, command) == 0;-
2053 free(command);-
2054 return success;
never executed: return success;
0
2055}-
2056-
2057static int-
2058session_break_req(struct ssh *ssh, Session *s)-
2059{-
2060-
2061 packet_get_int(); /* ignored */-
2062 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2063-
2064 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
s->ptymaster == -1Description
TRUEnever evaluated
FALSEnever evaluated
tcsendbreak(s-...master, 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2065 return 0;
never executed: return 0;
0
2066 return 1;
never executed: return 1;
0
2067}-
2068-
2069static int-
2070session_env_req(struct ssh *ssh, Session *s)-
2071{-
2072 char *name, *val;-
2073 u_int name_len, val_len, i;-
2074-
2075 name = packet_get_cstring(&name_len);-
2076 val = packet_get_cstring(&val_len);-
2077 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2078-
2079 /* Don't set too many environment variables */-
2080 if (s->num_env > 128) {
s->num_env > 128Description
TRUEnever evaluated
FALSEnever evaluated
0
2081 debug2("Ignoring env request %s: too many env vars", name);-
2082 goto fail;
never executed: goto fail;
0
2083 }-
2084-
2085 for (i = 0; i < options.num_accept_env; i++) {
i < options.num_accept_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
2086 if (match_pattern(name, options.accept_env[i])) {
match_pattern(...accept_env[i])Description
TRUEnever evaluated
FALSEnever evaluated
0
2087 debug2("Setting env %d: %s=%s", s->num_env, name, val);-
2088 s->env = xrecallocarray(s->env, s->num_env,-
2089 s->num_env + 1, sizeof(*s->env));-
2090 s->env[s->num_env].name = name;-
2091 s->env[s->num_env].val = val;-
2092 s->num_env++;-
2093 return (1);
never executed: return (1);
0
2094 }-
2095 }
never executed: end of block
0
2096 debug2("Ignoring env request %s: disallowed name", name);-
2097-
2098 fail:
code before this statement never executed: fail:
0
2099 free(name);-
2100 free(val);-
2101 return (0);
never executed: return (0);
0
2102}-
2103-
2104static int-
2105session_auth_agent_req(struct ssh *ssh, Session *s)-
2106{-
2107 static int called = 0;-
2108-
2109 packet_check_eom();
never executed: end of block
_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2110 if (!auth_opts->permit_agent_forwarding_flag ||
!auth_opts->pe...orwarding_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
2111 !options.allow_agent_forwarding) {
!options.allow...ent_forwardingDescription
TRUEnever evaluated
FALSEnever evaluated
0
2112 debug("%s: agent forwarding disabled", __func__);-
2113 return 0;
never executed: return 0;
0
2114 }-
2115 if (called) {
calledDescription
TRUEnever evaluated
FALSEnever evaluated
0
2116 return 0;
never executed: return 0;
0
2117 } else {-
2118 called = 1;-
2119 return auth_input_request_forwarding(ssh, s->pw);
never executed: return auth_input_request_forwarding(ssh, s->pw);
0
2120 }-
2121}-
2122-
2123int-
2124session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)-
2125{-
2126 int success = 0;-
2127 Session *s;-
2128-
2129 if ((s = session_by_channel(c->self)) == NULL) {
(s = session_b...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2130 logit("%s: no session %d req %.100s", __func__, c->self, rtype);-
2131 return 0;
never executed: return 0;
0
2132 }-
2133 debug("%s: session %d req %s", __func__, s->self, rtype);-
2134-
2135 /*-
2136 * a session is in LARVAL state until a shell, a command-
2137 * or a subsystem is executed-
2138 */-
2139 if (c->type == SSH_CHANNEL_LARVAL) {
c->type == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
2140 if (strcmp(rtype, "shell") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "shell" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2141 success = session_shell_req(ssh, s);-
2142 } else if (strcmp(rtype, "exec") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "exec" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2143 success = session_exec_req(ssh, s);-
2144 } else if (strcmp(rtype, "pty-req") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "pty-req" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2145 success = session_pty_req(ssh, s);-
2146 } else if (strcmp(rtype, "x11-req") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "x11-req" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2147 success = session_x11_req(ssh, s);-
2148 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "auth-agent-req@openssh.com" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2149 success = session_auth_agent_req(ssh, s);-
2150 } else if (strcmp(rtype, "subsystem") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "subsystem" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2151 success = session_subsystem_req(ssh, s);-
2152 } else if (strcmp(rtype, "env") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "env" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2153 success = session_env_req(ssh, s);-
2154 }
never executed: end of block
0
2155 }
never executed: end of block
0
2156 if (strcmp(rtype, "window-change") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "window-change" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2157 success = session_window_change_req(ssh, s);-
2158 } else if (strcmp(rtype, "break") == 0) {
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "break" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2159 success = session_break_req(ssh, s);-
2160 }
never executed: end of block
0
2161-
2162 return success;
never executed: return success;
0
2163}-
2164-
2165void-
2166session_set_fds(struct ssh *ssh, Session *s,-
2167 int fdin, int fdout, int fderr, int ignore_fderr, int is_tty)-
2168{-
2169 /*-
2170 * now that have a child and a pipe to the child,-
2171 * we can activate our channel and register the fd's-
2172 */-
2173 if (s->chanid == -1)
s->chanid == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2174 fatal("no channel for session %d", s->self);
never executed: fatal("no channel for session %d", s->self);
0
2175 channel_set_fds(ssh, s->chanid,-
2176 fdout, fdin, fderr,-
2177 ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,-
2178 1, is_tty, CHAN_SES_WINDOW_DEFAULT);-
2179}
never executed: end of block
0
2180-
2181/*-
2182 * Function to perform pty cleanup. Also called if we get aborted abnormally-
2183 * (e.g., due to a dropped connection).-
2184 */-
2185void-
2186session_pty_cleanup2(Session *s)-
2187{-
2188 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2189 error("session_pty_cleanup: no session");-
2190 return;
never executed: return;
0
2191 }-
2192 if (s->ttyfd == -1)
s->ttyfd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2193 return;
never executed: return;
0
2194-
2195 debug("session_pty_cleanup: session %d release %s", s->self, s->tty);-
2196-
2197 /* Record that the user has logged out. */-
2198 if (s->pid != 0)
s->pid != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2199 record_logout(s->pid, s->tty, s->pw->pw_name);
never executed: record_logout(s->pid, s->tty, s->pw->pw_name);
0
2200-
2201 /* Release the pseudo-tty. */-
2202 if (getuid() == 0)
getuid() == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2203 pty_release(s->tty);
never executed: pty_release(s->tty);
0
2204-
2205 /*-
2206 * Close the server side of the socket pairs. We must do this after-
2207 * the pty cleanup, so that another process doesn't get this pty-
2208 * while we're still cleaning up.-
2209 */-
2210 if (s->ptymaster != -1 && close(s->ptymaster) < 0)
s->ptymaster != -1Description
TRUEnever evaluated
FALSEnever evaluated
close(s->ptymaster) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2211 error("close(s->ptymaster/%d): %s",
never executed: error("close(s->ptymaster/%d): %s", s->ptymaster, strerror( (*__errno_location ()) ));
0
2212 s->ptymaster, strerror(errno));
never executed: error("close(s->ptymaster/%d): %s", s->ptymaster, strerror( (*__errno_location ()) ));
0
2213-
2214 /* unlink pty from session */-
2215 s->ttyfd = -1;-
2216}
never executed: end of block
0
2217-
2218void-
2219session_pty_cleanup(Session *s)-
2220{-
2221 PRIVSEP(session_pty_cleanup2(s));-
2222}
never executed: end of block
0
2223-
2224static char *-
2225sig2name(int sig)-
2226{-
2227#define SSH_SIG(x) if (sig == SIG ## x) return #x-
2228 SSH_SIG(ABRT);
never executed: return "ABRT";
sig == 6Description
TRUEnever evaluated
FALSEnever evaluated
0
2229 SSH_SIG(ALRM);
never executed: return "ALRM";
sig == 14Description
TRUEnever evaluated
FALSEnever evaluated
0
2230 SSH_SIG(FPE);
never executed: return "FPE";
sig == 8Description
TRUEnever evaluated
FALSEnever evaluated
0
2231 SSH_SIG(HUP);
never executed: return "HUP";
sig == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
2232 SSH_SIG(ILL);
never executed: return "ILL";
sig == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
2233 SSH_SIG(INT);
never executed: return "INT";
sig == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
2234 SSH_SIG(KILL);
never executed: return "KILL";
sig == 9Description
TRUEnever evaluated
FALSEnever evaluated
0
2235 SSH_SIG(PIPE);
never executed: return "PIPE";
sig == 13Description
TRUEnever evaluated
FALSEnever evaluated
0
2236 SSH_SIG(QUIT);
never executed: return "QUIT";
sig == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2237 SSH_SIG(SEGV);
never executed: return "SEGV";
sig == 11Description
TRUEnever evaluated
FALSEnever evaluated
0
2238 SSH_SIG(TERM);
never executed: return "TERM";
sig == 15Description
TRUEnever evaluated
FALSEnever evaluated
0
2239 SSH_SIG(USR1);
never executed: return "USR1";
sig == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
2240 SSH_SIG(USR2);
never executed: return "USR2";
sig == 12Description
TRUEnever evaluated
FALSEnever evaluated
0
2241#undef SSH_SIG-
2242 return "SIG@openssh.com";
never executed: return "SIG@openssh.com";
0
2243}-
2244-
2245static void-
2246session_close_x11(struct ssh *ssh, int id)-
2247{-
2248 Channel *c;-
2249-
2250 if ((c = channel_by_id(ssh, id)) == NULL) {
(c = channel_b...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2251 debug("%s: x11 channel %d missing", __func__, id);-
2252 } else {
never executed: end of block
0
2253 /* Detach X11 listener */-
2254 debug("%s: detach x11 channel %d", __func__, id);-
2255 channel_cancel_cleanup(ssh, id);-
2256 if (c->ostate != CHAN_OUTPUT_CLOSED)
c->ostate != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2257 chan_mark_dead(ssh, c);
never executed: chan_mark_dead(ssh, c);
0
2258 }
never executed: end of block
0
2259}-
2260-
2261static void-
2262session_close_single_x11(struct ssh *ssh, int id, void *arg)-
2263{-
2264 Session *s;-
2265 u_int i;-
2266-
2267 debug3("%s: channel %d", __func__, id);-
2268 channel_cancel_cleanup(ssh, id);-
2269 if ((s = session_by_x11_channel(id)) == NULL)
(s = session_b...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2270 fatal("%s: no x11 channel %d", __func__, id);
never executed: fatal("%s: no x11 channel %d", __func__, id);
0
2271 for (i = 0; s->x11_chanids[i] != -1; i++) {
s->x11_chanids[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2272 debug("%s: session %d: closing channel %d",-
2273 __func__, s->self, s->x11_chanids[i]);-
2274 /*-
2275 * The channel "id" is already closing, but make sure we-
2276 * close all of its siblings.-
2277 */-
2278 if (s->x11_chanids[i] != id)
s->x11_chanids[i] != idDescription
TRUEnever evaluated
FALSEnever evaluated
0
2279 session_close_x11(ssh, s->x11_chanids[i]);
never executed: session_close_x11(ssh, s->x11_chanids[i]);
0
2280 }
never executed: end of block
0
2281 free(s->x11_chanids);-
2282 s->x11_chanids = NULL;-
2283 free(s->display);-
2284 s->display = NULL;-
2285 free(s->auth_proto);-
2286 s->auth_proto = NULL;-
2287 free(s->auth_data);-
2288 s->auth_data = NULL;-
2289 free(s->auth_display);-
2290 s->auth_display = NULL;-
2291}
never executed: end of block
0
2292-
2293static void-
2294session_exit_message(struct ssh *ssh, Session *s, int status)-
2295{-
2296 Channel *c;-
2297-
2298 if ((c = channel_lookup(ssh, s->chanid)) == NULL)
(c = channel_l...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2299 fatal("%s: session %d: no channel %d",
never executed: fatal("%s: session %d: no channel %d", __func__, s->self, s->chanid);
0
2300 __func__, s->self, s->chanid);
never executed: fatal("%s: session %d: no channel %d", __func__, s->self, s->chanid);
0
2301 debug("%s: session %d channel %d pid %ld",-
2302 __func__, s->self, s->chanid, (long)s->pid);-
2303-
2304 if (WIFEXITED(status)) {
((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2305 channel_request_start(ssh, s->chanid, "exit-status", 0);-
2306 packet_put_int(WEXITSTATUS(status));-
2307 packet_send();-
2308 } else if (WIFSIGNALED(status)) {
never executed: end of block
(((signed char... 1) >> 1) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2309 channel_request_start(ssh, s->chanid, "exit-signal", 0);-
2310 packet_put_cstring(sig2name(WTERMSIG(status)));-
2311#ifdef WCOREDUMP-
2312 packet_put_char(WCOREDUMP(status)? 1 : 0);-
2313#else /* WCOREDUMP */-
2314 packet_put_char(0);-
2315#endif /* WCOREDUMP */-
2316 packet_put_cstring("");-
2317 packet_put_cstring("");-
2318 packet_send();-
2319 } else {
never executed: end of block
0
2320 /* Some weird exit cause. Just exit. */-
2321 packet_disconnect("wait returned status %04x.", status);-
2322 }
never executed: end of block
0
2323-
2324 /* disconnect channel */-
2325 debug("%s: release channel %d", __func__, s->chanid);-
2326-
2327 /*-
2328 * Adjust cleanup callback attachment to send close messages when-
2329 * the channel gets EOF. The session will be then be closed-
2330 * by session_close_by_channel when the childs close their fds.-
2331 */-
2332 channel_register_cleanup(ssh, c->self, session_close_by_channel, 1);-
2333-
2334 /*-
2335 * emulate a write failure with 'chan_write_failed', nobody will be-
2336 * interested in data we write.-
2337 * Note that we must not call 'chan_read_failed', since there could-
2338 * be some more data waiting in the pipe.-
2339 */-
2340 if (c->ostate != CHAN_OUTPUT_CLOSED)
c->ostate != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2341 chan_write_failed(ssh, c);
never executed: chan_write_failed(ssh, c);
0
2342}
never executed: end of block
0
2343-
2344void-
2345session_close(struct ssh *ssh, Session *s)-
2346{-
2347 u_int i;-
2348-
2349 verbose("Close session: user %s from %.200s port %d id %d",-
2350 s->pw->pw_name,-
2351 ssh_remote_ipaddr(ssh),-
2352 ssh_remote_port(ssh),-
2353 s->self);-
2354-
2355 if (s->ttyfd != -1)
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2356 session_pty_cleanup(s);
never executed: session_pty_cleanup(s);
0
2357 free(s->term);-
2358 free(s->display);-
2359 free(s->x11_chanids);-
2360 free(s->auth_display);-
2361 free(s->auth_data);-
2362 free(s->auth_proto);-
2363 free(s->subsys);-
2364 if (s->env != NULL) {
s->env != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2365 for (i = 0; i < s->num_env; i++) {
i < s->num_envDescription
TRUEnever evaluated
FALSEnever evaluated
0
2366 free(s->env[i].name);-
2367 free(s->env[i].val);-
2368 }
never executed: end of block
0
2369 free(s->env);-
2370 }
never executed: end of block
0
2371 session_proctitle(s);-
2372 session_unused(s->self);-
2373}
never executed: end of block
0
2374-
2375void-
2376session_close_by_pid(struct ssh *ssh, pid_t pid, int status)-
2377{-
2378 Session *s = session_by_pid(pid);-
2379 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2380 debug("%s: no session for pid %ld", __func__, (long)pid);-
2381 return;
never executed: return;
0
2382 }-
2383 if (s->chanid != -1)
s->chanid != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2384 session_exit_message(ssh, s, status);
never executed: session_exit_message(ssh, s, status);
0
2385 if (s->ttyfd != -1)
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2386 session_pty_cleanup(s);
never executed: session_pty_cleanup(s);
0
2387 s->pid = 0;-
2388}
never executed: end of block
0
2389-
2390/*-
2391 * this is called when a channel dies before-
2392 * the session 'child' itself dies-
2393 */-
2394void-
2395session_close_by_channel(struct ssh *ssh, int id, void *arg)-
2396{-
2397 Session *s = session_by_channel(id);-
2398 u_int i;-
2399-
2400 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2401 debug("%s: no session for id %d", __func__, id);-
2402 return;
never executed: return;
0
2403 }-
2404 debug("%s: channel %d child %ld", __func__, id, (long)s->pid);-
2405 if (s->pid != 0) {
s->pid != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2406 debug("%s: channel %d: has child", __func__, id);-
2407 /*-
2408 * delay detach of session, but release pty, since-
2409 * the fd's to the child are already closed-
2410 */-
2411 if (s->ttyfd != -1)
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2412 session_pty_cleanup(s);
never executed: session_pty_cleanup(s);
0
2413 return;
never executed: return;
0
2414 }-
2415 /* detach by removing callback */-
2416 channel_cancel_cleanup(ssh, s->chanid);-
2417-
2418 /* Close any X11 listeners associated with this session */-
2419 if (s->x11_chanids != NULL) {
s->x11_chanids != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2420 for (i = 0; s->x11_chanids[i] != -1; i++) {
s->x11_chanids[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2421 session_close_x11(ssh, s->x11_chanids[i]);-
2422 s->x11_chanids[i] = -1;-
2423 }
never executed: end of block
0
2424 }
never executed: end of block
0
2425-
2426 s->chanid = -1;-
2427 session_close(ssh, s);-
2428}
never executed: end of block
0
2429-
2430void-
2431session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *))-
2432{-
2433 int i;-
2434 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
2435 Session *s = &sessions[i];-
2436 if (s->used) {
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
0
2437 if (closefunc != NULL)
closefunc != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2438 closefunc(s);
never executed: closefunc(s);
0
2439 else-
2440 session_close(ssh, s);
never executed: session_close(ssh, s);
0
2441 }-
2442 }
never executed: end of block
0
2443}
never executed: end of block
0
2444-
2445static char *-
2446session_tty_list(void)-
2447{-
2448 static char buf[1024];-
2449 int i;-
2450 char *cp;-
2451-
2452 buf[0] = '\0';-
2453 for (i = 0; i < sessions_nalloc; i++) {
i < sessions_nallocDescription
TRUEnever evaluated
FALSEnever evaluated
0
2454 Session *s = &sessions[i];-
2455 if (s->used && s->ttyfd != -1) {
s->usedDescription
TRUEnever evaluated
FALSEnever evaluated
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2456-
2457 if (strncmp(s->tty, "/dev/", 5) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( s->tty ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "/dev/" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 5 ))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 5 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...t_p ( s->tty )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( s->tt...size_t) ( 5 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( "/dev/" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "/dev...size_t) ( 5 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2458 cp = strrchr(s->tty, '/');-
2459 cp = (cp == NULL) ? s->tty : cp + 1;
(cp == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
2460 } else
never executed: end of block
0
2461 cp = s->tty + 5;
never executed: cp = s->tty + 5;
0
2462-
2463 if (buf[0] != '\0')
buf[0] != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2464 strlcat(buf, ",", sizeof buf);
never executed: strlcat(buf, ",", sizeof buf);
0
2465 strlcat(buf, cp, sizeof buf);-
2466 }
never executed: end of block
0
2467 }
never executed: end of block
0
2468 if (buf[0] == '\0')
buf[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2469 strlcpy(buf, "notty", sizeof buf);
never executed: strlcpy(buf, "notty", sizeof buf);
0
2470 return buf;
never executed: return buf;
0
2471}-
2472-
2473void-
2474session_proctitle(Session *s)-
2475{-
2476 if (s->pw == NULL)
s->pw == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2477 error("no user for session %d", s->self);
never executed: error("no user for session %d", s->self);
0
2478 else-
2479 setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
never executed: setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
0
2480}-
2481-
2482int-
2483session_setup_x11fwd(struct ssh *ssh, Session *s)-
2484{-
2485 struct stat st;-
2486 char display[512], auth_display[512];-
2487 char hostname[NI_MAXHOST];-
2488 u_int i;-
2489-
2490 if (!auth_opts->permit_x11_forwarding_flag) {
!auth_opts->pe...orwarding_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
2491 packet_send_debug("X11 forwarding disabled by key options.");-
2492 return 0;
never executed: return 0;
0
2493 }-
2494 if (!options.x11_forwarding) {
!options.x11_forwardingDescription
TRUEnever evaluated
FALSEnever evaluated
0
2495 debug("X11 forwarding disabled in server configuration file.");-
2496 return 0;
never executed: return 0;
0
2497 }-
2498 if (options.xauth_location == NULL ||
options.xauth_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2499 (stat(options.xauth_location, &st) == -1)) {
(stat(options....n, &st) == -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
2500 packet_send_debug("No xauth program; cannot forward X11.");-
2501 return 0;
never executed: return 0;
0
2502 }-
2503 if (s->display != NULL) {
s->display != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2504 debug("X11 display already set.");-
2505 return 0;
never executed: return 0;
0
2506 }-
2507 if (x11_create_display_inet(ssh, options.x11_display_offset,
x11_create_dis...chanids) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2508 options.x11_use_localhost, s->single_connection,
x11_create_dis...chanids) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2509 &s->display_number, &s->x11_chanids) == -1) {
x11_create_dis...chanids) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2510 debug("x11_create_display_inet failed.");-
2511 return 0;
never executed: return 0;
0
2512 }-
2513 for (i = 0; s->x11_chanids[i] != -1; i++) {
s->x11_chanids[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2514 channel_register_cleanup(ssh, s->x11_chanids[i],-
2515 session_close_single_x11, 0);-
2516 }
never executed: end of block
0
2517-
2518 /* Set up a suitable value for the DISPLAY variable. */-
2519 if (gethostname(hostname, sizeof(hostname)) < 0)
gethostname(ho...hostname)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2520 fatal("gethostname: %.100s", strerror(errno));
never executed: fatal("gethostname: %.100s", strerror( (*__errno_location ()) ));
0
2521 /*-
2522 * auth_display must be used as the displayname when the-
2523 * authorization entry is added with xauth(1). This will be-
2524 * different than the DISPLAY string for localhost displays.-
2525 */-
2526 if (options.x11_use_localhost) {
options.x11_use_localhostDescription
TRUEnever evaluated
FALSEnever evaluated
0
2527 snprintf(display, sizeof display, "localhost:%u.%u",-
2528 s->display_number, s->screen);-
2529 snprintf(auth_display, sizeof auth_display, "unix:%u.%u",-
2530 s->display_number, s->screen);-
2531 s->display = xstrdup(display);-
2532 s->auth_display = xstrdup(auth_display);-
2533 } else {
never executed: end of block
0
2534#ifdef IPADDR_IN_DISPLAY-
2535 struct hostent *he;-
2536 struct in_addr my_addr;-
2537-
2538 he = gethostbyname(hostname);-
2539 if (he == NULL) {-
2540 error("Can't get IP address for X11 DISPLAY.");-
2541 packet_send_debug("Can't get IP address for X11 DISPLAY.");-
2542 return 0;-
2543 }-
2544 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));-
2545 snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),-
2546 s->display_number, s->screen);-
2547#else-
2548 snprintf(display, sizeof display, "%.400s:%u.%u", hostname,-
2549 s->display_number, s->screen);-
2550#endif-
2551 s->display = xstrdup(display);-
2552 s->auth_display = xstrdup(display);-
2553 }
never executed: end of block
0
2554-
2555 return 1;
never executed: return 1;
0
2556}-
2557-
2558static void-
2559do_authenticated2(struct ssh *ssh, Authctxt *authctxt)-
2560{-
2561 server_loop2(ssh, authctxt);-
2562}
never executed: end of block
0
2563-
2564void-
2565do_cleanup(struct ssh *ssh, Authctxt *authctxt)-
2566{-
2567 static int called = 0;-
2568-
2569 debug("do_cleanup");-
2570-
2571 /* no cleanup if we're in the child for login shell */-
2572 if (is_child)
is_childDescription
TRUEnever evaluated
FALSEnever evaluated
0
2573 return;
never executed: return;
0
2574-
2575 /* avoid double cleanup */-
2576 if (called)
calledDescription
TRUEnever evaluated
FALSEnever evaluated
0
2577 return;
never executed: return;
0
2578 called = 1;-
2579-
2580 if (authctxt == NULL)
authctxt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2581 return;
never executed: return;
0
2582-
2583#ifdef USE_PAM-
2584 if (options.use_pam) {-
2585 sshpam_cleanup();-
2586 sshpam_thread_cleanup();-
2587 }-
2588#endif-
2589-
2590 if (!authctxt->authenticated)
!authctxt->authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
2591 return;
never executed: return;
0
2592-
2593#ifdef KRB5-
2594 if (options.kerberos_ticket_cleanup &&-
2595 authctxt->krb5_ctx)-
2596 krb5_cleanup_proc(authctxt);-
2597#endif-
2598-
2599#ifdef GSSAPI-
2600 if (options.gss_cleanup_creds)-
2601 ssh_gssapi_cleanup_creds();-
2602#endif-
2603-
2604 /* remove agent socket */-
2605 auth_sock_cleanup_proc(authctxt->pw);-
2606-
2607 /* remove userauth info */-
2608 if (auth_info_file != NULL) {
auth_info_file != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2609 temporarily_use_uid(authctxt->pw);-
2610 unlink(auth_info_file);-
2611 restore_uid();-
2612 free(auth_info_file);-
2613 auth_info_file = NULL;-
2614 }
never executed: end of block
0
2615-
2616 /*-
2617 * Cleanup ptys/utmp only if privsep is disabled,-
2618 * or if running in monitor.-
2619 */-
2620 if (!use_privsep || mm_is_monitor())
!use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
mm_is_monitor()Description
TRUEnever evaluated
FALSEnever evaluated
0
2621 session_destroy_all(ssh, session_pty_cleanup2);
never executed: session_destroy_all(ssh, session_pty_cleanup2);
0
2622}
never executed: end of block
0
2623-
2624/* Return a name for the remote host that fits inside utmp_size */-
2625-
2626const char *-
2627session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)-
2628{-
2629 const char *remote = "";-
2630-
2631 if (utmp_size > 0)
utmp_size > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2632 remote = auth_get_canonical_hostname(ssh, use_dns);
never executed: remote = auth_get_canonical_hostname(ssh, use_dns);
0
2633 if (utmp_size == 0 || strlen(remote) > utmp_size)
utmp_size == 0Description
TRUEnever evaluated
FALSEnever evaluated
strlen(remote) > utmp_sizeDescription
TRUEnever evaluated
FALSEnever evaluated
0
2634 remote = ssh_remote_ipaddr(ssh);
never executed: remote = ssh_remote_ipaddr(ssh);
0
2635 return remote;
never executed: return remote;
0
2636}-
2637-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2