Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | #include "includes.h" | - |
39 | | - |
40 | #include <sys/types.h> | - |
41 | #include <sys/wait.h> | - |
42 | #include <sys/socket.h> | - |
43 | #ifdef HAVE_SYS_TIME_H | - |
44 | # include <sys/time.h> | - |
45 | #endif | - |
46 | | - |
47 | #include <netinet/in.h> | - |
48 | | - |
49 | #include <errno.h> | - |
50 | #include <fcntl.h> | - |
51 | #include <pwd.h> | - |
52 | #include <signal.h> | - |
53 | #include <string.h> | - |
54 | #include <termios.h> | - |
55 | #include <unistd.h> | - |
56 | #include <stdarg.h> | - |
57 | | - |
58 | #include "openbsd-compat/sys-queue.h" | - |
59 | #include "xmalloc.h" | - |
60 | #include "packet.h" | - |
61 | #include "sshbuf.h" | - |
62 | #include "log.h" | - |
63 | #include "misc.h" | - |
64 | #include "servconf.h" | - |
65 | #include "canohost.h" | - |
66 | #include "sshpty.h" | - |
67 | #include "channels.h" | - |
68 | #include "compat.h" | - |
69 | #include "ssh2.h" | - |
70 | #include "sshkey.h" | - |
71 | #include "cipher.h" | - |
72 | #include "kex.h" | - |
73 | #include "hostfile.h" | - |
74 | #include "auth.h" | - |
75 | #include "session.h" | - |
76 | #include "dispatch.h" | - |
77 | #include "auth-options.h" | - |
78 | #include "serverloop.h" | - |
79 | #include "ssherr.h" | - |
80 | | - |
81 | extern ServerOptions options; | - |
82 | | - |
83 | | - |
84 | extern Authctxt *the_authctxt; | - |
85 | extern struct sshauthopt *auth_opts; | - |
86 | extern int use_privsep; | - |
87 | | - |
88 | static int no_more_sessions = 0; | - |
89 | | - |
90 | | - |
91 | | - |
92 | | - |
93 | | - |
94 | | - |
95 | static volatile sig_atomic_t child_terminated = 0; | - |
96 | | - |
97 | | - |
98 | static volatile sig_atomic_t received_sigterm = 0; | - |
99 | | - |
100 | | - |
101 | static void server_init_dispatch(void); | - |
102 | | - |
103 | | - |
104 | char *tun_fwd_ifnames = NULL; | - |
105 | | - |
106 | | - |
107 | static int | - |
108 | bind_permitted(int port, uid_t uid) | - |
109 | { | - |
110 | if (use_privsep)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
111 | return 1; never executed: return 1; | 0 |
112 | if (port < IPPORT_RESERVED && uid != 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | return 0; never executed: return 0; | 0 |
114 | return 1; never executed: return 1; | 0 |
115 | } | - |
116 | | - |
117 | | - |
118 | | - |
119 | | - |
120 | | - |
121 | static int notify_pipe[2]; | - |
122 | static void | - |
123 | notify_setup(void) | - |
124 | { | - |
125 | if (pipe(notify_pipe) < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
126 | error("pipe(notify_pipe) failed %s", strerror(errno)); | - |
127 | } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
128 | (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
129 | error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno)); | - |
130 | close(notify_pipe[0]); | - |
131 | close(notify_pipe[1]); | - |
132 | } else { never executed: end of block | 0 |
133 | set_nonblock(notify_pipe[0]); | - |
134 | set_nonblock(notify_pipe[1]); | - |
135 | return; never executed: return; | 0 |
136 | } | - |
137 | notify_pipe[0] = -1; | - |
138 | notify_pipe[1] = -1; | - |
139 | } never executed: end of block | 0 |
140 | static void | - |
141 | notify_parent(void) | - |
142 | { | - |
143 | if (notify_pipe[1] != -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
144 | (void)write(notify_pipe[1], "", 1); never executed: (void)write(notify_pipe[1], "", 1); | 0 |
145 | } never executed: end of block | 0 |
146 | static void | - |
147 | notify_prepare(fd_set *readset) | - |
148 | { | - |
149 | if (notify_pipe[0] != -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
150 | FD_SET(notify_pipe[0], readset); never executed: kludge_FD_SET(notify_pipe[0], readset); | 0 |
151 | } never executed: end of block | 0 |
152 | static void | - |
153 | notify_done(fd_set *readset) | - |
154 | { | - |
155 | char c; | - |
156 | | - |
157 | if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
158 | while (read(notify_pipe[0], &c, 1) != -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
159 | debug2("%s: reading", __func__); never executed: debug2("%s: reading", __func__); | 0 |
160 | } never executed: end of block | 0 |
161 | | - |
162 | | - |
163 | static void | - |
164 | sigchld_handler(int sig) | - |
165 | { | - |
166 | int save_errno = errno; | - |
167 | child_terminated = 1; | - |
168 | notify_parent(); | - |
169 | errno = save_errno; | - |
170 | } never executed: end of block | 0 |
171 | | - |
172 | | - |
173 | static void | - |
174 | sigterm_handler(int sig) | - |
175 | { | - |
176 | received_sigterm = sig; | - |
177 | } never executed: end of block | 0 |
178 | | - |
179 | static void | - |
180 | client_alive_check(struct ssh *ssh) | - |
181 | { | - |
182 | int channel_id; | - |
183 | char remote_id[512]; | - |
184 | | - |
185 | | - |
186 | if (packet_inc_alive_timeouts() > options.client_alive_count_max) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
187 | sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); | - |
188 | logit("Timeout, client not responding from %s", remote_id); | - |
189 | cleanup_exit(255); | - |
190 | } never executed: end of block | 0 |
191 | | - |
192 | | - |
193 | | - |
194 | | - |
195 | | - |
196 | if ((channel_id = channel_find_open(ssh)) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
197 | packet_start(SSH2_MSG_GLOBAL_REQUEST); | - |
198 | packet_put_cstring("keepalive@openssh.com"); | - |
199 | packet_put_char(1); | - |
200 | } else { never executed: end of block | 0 |
201 | channel_request_start(ssh, channel_id, | - |
202 | "keepalive@openssh.com", 1); | - |
203 | } never executed: end of block | 0 |
204 | packet_send(); | - |
205 | } never executed: end of block | 0 |
206 | | - |
207 | | - |
208 | | - |
209 | | - |
210 | | - |
211 | | - |
212 | | - |
213 | static void | - |
214 | wait_until_can_do_something(struct ssh *ssh, | - |
215 | int connection_in, int connection_out, | - |
216 | fd_set **readsetp, fd_set **writesetp, int *maxfdp, | - |
217 | u_int *nallocp, u_int64_t max_time_ms) | - |
218 | { | - |
219 | struct timeval tv, *tvp; | - |
220 | int ret; | - |
221 | time_t minwait_secs = 0; | - |
222 | int client_alive_scheduled = 0; | - |
223 | static time_t last_client_time; | - |
224 | | - |
225 | | - |
226 | channel_prepare_select(ssh, readsetp, writesetp, maxfdp, | - |
227 | nallocp, &minwait_secs); | - |
228 | | - |
229 | | - |
230 | if (minwait_secs != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
231 | max_time_ms = MINIMUM(max_time_ms, (u_int)minwait_secs * 1000); never executed: max_time_ms = (((max_time_ms) < ((u_int)minwait_secs * 1000)) ? (max_time_ms) : ((u_int)minwait_secs * 1000)); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
232 | | - |
233 | | - |
234 | | - |
235 | | - |
236 | | - |
237 | | - |
238 | | - |
239 | | - |
240 | | - |
241 | if (options.client_alive_interval) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
242 | uint64_t keepalive_ms = | - |
243 | (uint64_t)options.client_alive_interval * 1000; | - |
244 | | - |
245 | client_alive_scheduled = 1; | - |
246 | if (max_time_ms == 0 || max_time_ms > keepalive_ms)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
247 | max_time_ms = keepalive_ms; never executed: max_time_ms = keepalive_ms; | 0 |
248 | } never executed: end of block | 0 |
249 | | - |
250 | #if 0 | - |
251 | | - |
252 | if (channel_not_very_much_buffered_data()) | - |
253 | #endif | - |
254 | FD_SET(connection_in, *readsetp); | - |
255 | notify_prepare(*readsetp); | - |
256 | | - |
257 | | - |
258 | | - |
259 | | - |
260 | | - |
261 | if (packet_have_data_to_write())TRUE | never evaluated | FALSE | never evaluated |
| 0 |
262 | FD_SET(connection_out, *writesetp); never executed: kludge_FD_SET(connection_out, *writesetp); | 0 |
263 | | - |
264 | | - |
265 | | - |
266 | | - |
267 | | - |
268 | if (child_terminated && packet_not_very_much_data_to_write())TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
269 | if (max_time_ms == 0 || client_alive_scheduled)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
270 | max_time_ms = 100; never executed: max_time_ms = 100; | 0 |
271 | | - |
272 | if (max_time_ms == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
273 | tvp = NULL; never executed: tvp = ((void *)0) ; | 0 |
274 | else { | - |
275 | tv.tv_sec = max_time_ms / 1000; | - |
276 | tv.tv_usec = 1000 * (max_time_ms % 1000); | - |
277 | tvp = &tv; | - |
278 | } never executed: end of block | 0 |
279 | | - |
280 | | - |
281 | ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); | - |
282 | | - |
283 | if (ret == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
284 | memset(*readsetp, 0, *nallocp); | - |
285 | memset(*writesetp, 0, *nallocp); | - |
286 | if (errno != EINTR)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
287 | error("select: %.100s", strerror(errno)); never executed: error("select: %.100s", strerror( (*__errno_location ()) )); | 0 |
288 | } else if (client_alive_scheduled) { never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
289 | time_t now = monotime(); | - |
290 | | - |
291 | if (ret == 0) { TRUE | never evaluated | FALSE | never evaluated |
| 0 |
292 | client_alive_check(ssh); | - |
293 | } else if (FD_ISSET(connection_in, *readsetp)) { never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
294 | last_client_time = now; | - |
295 | } else if (last_client_time != 0 && last_client_time + never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
296 | options.client_alive_interval <= now) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
297 | client_alive_check(ssh); | - |
298 | last_client_time = now; | - |
299 | } never executed: end of block | 0 |
300 | } never executed: end of block | 0 |
301 | | - |
302 | notify_done(*readsetp); | - |
303 | } never executed: end of block | 0 |
304 | | - |
305 | | - |
306 | | - |
307 | | - |
308 | | - |
309 | static int | - |
310 | process_input(struct ssh *ssh, fd_set *readset, int connection_in) | - |
311 | { | - |
312 | int len; | - |
313 | char buf[16384]; | - |
314 | | - |
315 | | - |
316 | if (FD_ISSET(connection_in, readset)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | len = read(connection_in, buf, sizeof(buf)); | - |
318 | if (len == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
319 | verbose("Connection closed by %.100s port %d", | - |
320 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | - |
321 | return -1; never executed: return -1; | 0 |
322 | } else if (len < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
323 | if (errno != EINTR && errno != EAGAIN &&TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
324 | errno != EWOULDBLOCK) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
325 | verbose("Read error from remote host " | - |
326 | "%.100s port %d: %.100s", | - |
327 | ssh_remote_ipaddr(ssh), | - |
328 | ssh_remote_port(ssh), strerror(errno)); | - |
329 | cleanup_exit(255); | - |
330 | } never executed: end of block | 0 |
331 | } else { never executed: end of block | 0 |
332 | | - |
333 | packet_process_incoming(buf, len); | - |
334 | } never executed: end of block | 0 |
335 | } | - |
336 | return 0; never executed: return 0; | 0 |
337 | } | - |
338 | | - |
339 | | - |
340 | | - |
341 | | - |
342 | static void | - |
343 | process_output(fd_set *writeset, int connection_out) | - |
344 | { | - |
345 | | - |
346 | if (FD_ISSET(connection_out, writeset))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
347 | packet_write_poll(); never executed: packet_write_poll(); | 0 |
348 | } never executed: end of block | 0 |
349 | | - |
350 | static void | - |
351 | process_buffered_input_packets(struct ssh *ssh) | - |
352 | { | - |
353 | ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, NULL); | - |
354 | } never executed: end of block | 0 |
355 | | - |
356 | static void | - |
357 | collect_children(struct ssh *ssh) | - |
358 | { | - |
359 | pid_t pid; | - |
360 | sigset_t oset, nset; | - |
361 | int status; | - |
362 | | - |
363 | | - |
364 | sigemptyset(&nset); | - |
365 | sigaddset(&nset, SIGCHLD); | - |
366 | sigprocmask(SIG_BLOCK, &nset, &oset); | - |
367 | if (child_terminated) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
368 | debug("Received SIGCHLD."); | - |
369 | while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
370 | (pid < 0 && errno == EINTR))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
371 | if (pid > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | session_close_by_pid(ssh, pid, status); never executed: session_close_by_pid(ssh, pid, status); | 0 |
373 | child_terminated = 0; | - |
374 | } never executed: end of block | 0 |
375 | sigprocmask(SIG_SETMASK, &oset, NULL); | - |
376 | } never executed: end of block | 0 |
377 | | - |
378 | void | - |
379 | server_loop2(struct ssh *ssh, Authctxt *authctxt) | - |
380 | { | - |
381 | fd_set *readset = NULL, *writeset = NULL; | - |
382 | int max_fd; | - |
383 | u_int nalloc = 0, connection_in, connection_out; | - |
384 | u_int64_t rekey_timeout_ms = 0; | - |
385 | | - |
386 | debug("Entering interactive session for SSH2."); | - |
387 | | - |
388 | signal(SIGCHLD, sigchld_handler); | - |
389 | child_terminated = 0; | - |
390 | connection_in = packet_get_connection_in(); | - |
391 | connection_out = packet_get_connection_out(); | - |
392 | | - |
393 | if (!use_privsep) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
394 | signal(SIGTERM, sigterm_handler); | - |
395 | signal(SIGINT, sigterm_handler); | - |
396 | signal(SIGQUIT, sigterm_handler); | - |
397 | } never executed: end of block | 0 |
398 | | - |
399 | notify_setup(); | - |
400 | | - |
401 | max_fd = MAXIMUM(connection_in, connection_out);TRUE | never evaluated | FALSE | never evaluated |
| 0 |
402 | max_fd = MAXIMUM(max_fd, notify_pipe[0]);TRUE | never evaluated | FALSE | never evaluated |
| 0 |
403 | | - |
404 | server_init_dispatch(); | - |
405 | | - |
406 | for (;;) { | - |
407 | process_buffered_input_packets(ssh); | - |
408 | | - |
409 | if (!ssh_packet_is_rekeying(ssh) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
410 | packet_not_very_much_data_to_write())TRUE | never evaluated | FALSE | never evaluated |
| 0 |
411 | channel_output_poll(ssh); never executed: channel_output_poll(ssh); | 0 |
412 | if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
413 | rekey_timeout_ms = packet_get_rekey_timeout() * 1000; never executed: rekey_timeout_ms = ssh_packet_get_rekey_timeout(active_state) * 1000; | 0 |
414 | else | - |
415 | rekey_timeout_ms = 0; never executed: rekey_timeout_ms = 0; | 0 |
416 | | - |
417 | wait_until_can_do_something(ssh, connection_in, connection_out, | - |
418 | &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms); | - |
419 | | - |
420 | if (received_sigterm) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
421 | logit("Exiting on signal %d", (int)received_sigterm); | - |
422 | | - |
423 | cleanup_exit(255); | - |
424 | } never executed: end of block | 0 |
425 | | - |
426 | collect_children(ssh); | - |
427 | if (!ssh_packet_is_rekeying(ssh))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
428 | channel_after_select(ssh, readset, writeset); never executed: channel_after_select(ssh, readset, writeset); | 0 |
429 | if (process_input(ssh, readset, connection_in) < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
430 | break; never executed: break; | 0 |
431 | process_output(writeset, connection_out); | - |
432 | } never executed: end of block | 0 |
433 | collect_children(ssh); | - |
434 | | - |
435 | free(readset); | - |
436 | free(writeset); | - |
437 | | - |
438 | | - |
439 | channel_free_all(ssh); | - |
440 | | - |
441 | | - |
442 | session_destroy_all(ssh, NULL); | - |
443 | } never executed: end of block | 0 |
444 | | - |
445 | static int | - |
446 | server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh) | - |
447 | { | - |
448 | debug("Got %d/%u for keepalive", type, seq); | - |
449 | | - |
450 | | - |
451 | | - |
452 | | - |
453 | | - |
454 | packet_set_alive_timeouts(0); | - |
455 | return 0; never executed: return 0; | 0 |
456 | } | - |
457 | | - |
458 | static Channel * | - |
459 | server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg) | - |
460 | { | - |
461 | Channel *c = NULL; | - |
462 | char *target, *originator; | - |
463 | u_short target_port, originator_port; | - |
464 | | - |
465 | target = packet_get_string(NULL); | - |
466 | target_port = packet_get_int(); | - |
467 | originator = packet_get_string(NULL); | - |
468 | originator_port = packet_get_int(); | - |
469 | packet_check_eom(); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
470 | | - |
471 | debug("%s: originator %s port %d, target %s port %d", __func__, | - |
472 | originator, originator_port, target, target_port); | - |
473 | | - |
474 | | - |
475 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
476 | auth_opts->permit_port_forwarding_flag &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
477 | !options.disable_forwarding) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
478 | c = channel_connect_to_port(ssh, target, target_port, | - |
479 | "direct-tcpip", "direct-tcpip", reason, errmsg); | - |
480 | } else { never executed: end of block | 0 |
481 | logit("refused local port forward: " | - |
482 | "originator %s port %d, target %s port %d", | - |
483 | originator, originator_port, target, target_port); | - |
484 | if (reason != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
485 | *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; never executed: *reason = 1; | 0 |
486 | } never executed: end of block | 0 |
487 | | - |
488 | free(originator); | - |
489 | free(target); | - |
490 | | - |
491 | return c; never executed: return c; | 0 |
492 | } | - |
493 | | - |
494 | static Channel * | - |
495 | server_request_direct_streamlocal(struct ssh *ssh) | - |
496 | { | - |
497 | Channel *c = NULL; | - |
498 | char *target, *originator; | - |
499 | u_short originator_port; | - |
500 | struct passwd *pw = the_authctxt->pw; | - |
501 | | - |
502 | if (pw == NULL || !the_authctxt->valid)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
503 | fatal("%s: no/invalid user", __func__); never executed: fatal("%s: no/invalid user", __func__); | 0 |
504 | | - |
505 | target = packet_get_string(NULL); | - |
506 | originator = packet_get_string(NULL); | - |
507 | originator_port = packet_get_int(); | - |
508 | packet_check_eom(); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
509 | | - |
510 | debug("%s: originator %s port %d, target %s", __func__, | - |
511 | originator, originator_port, target); | - |
512 | | - |
513 | | - |
514 | if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
515 | auth_opts->permit_port_forwarding_flag &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
516 | !options.disable_forwarding && (pw->pw_uid == 0 || use_privsep)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
517 | c = channel_connect_to_path(ssh, target, | - |
518 | "direct-streamlocal@openssh.com", "direct-streamlocal"); | - |
519 | } else { never executed: end of block | 0 |
520 | logit("refused streamlocal port forward: " | - |
521 | "originator %s port %d, target %s", | - |
522 | originator, originator_port, target); | - |
523 | } never executed: end of block | 0 |
524 | | - |
525 | free(originator); | - |
526 | free(target); | - |
527 | | - |
528 | return c; never executed: return c; | 0 |
529 | } | - |
530 | | - |
531 | static Channel * | - |
532 | server_request_tun(struct ssh *ssh) | - |
533 | { | - |
534 | Channel *c = NULL; | - |
535 | int mode, tun, sock; | - |
536 | char *tmp, *ifname = NULL; | - |
537 | | - |
538 | mode = packet_get_int(); | - |
539 | switch (mode) { | - |
540 | case SSH_TUNMODE_POINTOPOINT: never executed: case 0x01: | 0 |
541 | case SSH_TUNMODE_ETHERNET: never executed: case 0x02: | 0 |
542 | break; never executed: break; | 0 |
543 | default: never executed: default: | 0 |
544 | packet_send_debug("Unsupported tunnel device mode."); | - |
545 | return NULL; never executed: return ((void *)0) ; | 0 |
546 | } | - |
547 | if ((options.permit_tun & mode) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
548 | packet_send_debug("Server has rejected tunnel device " | - |
549 | "forwarding"); | - |
550 | return NULL; never executed: return ((void *)0) ; | 0 |
551 | } | - |
552 | | - |
553 | tun = packet_get_int(); | - |
554 | if (auth_opts->force_tun_device != -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
555 | if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
556 | goto done; never executed: goto done; | 0 |
557 | tun = auth_opts->force_tun_device; | - |
558 | } never executed: end of block | 0 |
559 | sock = tun_open(tun, mode, &ifname); | - |
560 | if (sock < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
561 | goto done; never executed: goto done; | 0 |
562 | debug("Tunnel forwarding using interface %s", ifname); | - |
563 | | - |
564 | c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1, | - |
565 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); | - |
566 | c->datagram = 1; | - |
567 | #if defined(SSH_TUN_FILTER) | - |
568 | if (mode == SSH_TUNMODE_POINTOPOINT)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
569 | channel_register_filter(ssh, c->self, sys_tun_infilter, never executed: channel_register_filter(ssh, c->self, sys_tun_infilter, sys_tun_outfilter, ((void *)0) , ((void *)0) ); | 0 |
570 | sys_tun_outfilter, NULL, NULL); never executed: channel_register_filter(ssh, c->self, sys_tun_infilter, sys_tun_outfilter, ((void *)0) , ((void *)0) ); | 0 |
571 | #endif | - |
572 | | - |
573 | | - |
574 | | - |
575 | | - |
576 | | - |
577 | | - |
578 | tmp = tun_fwd_ifnames; | - |
579 | xasprintf(&tun_fwd_ifnames, "%s%s%s", | - |
580 | tun_fwd_ifnames == NULL ? "" : tun_fwd_ifnames, | - |
581 | tun_fwd_ifnames == NULL ? "" : ",", | - |
582 | ifname); | - |
583 | free(tmp); | - |
584 | free(ifname); | - |
585 | | - |
586 | done: code before this statement never executed: done: | 0 |
587 | if (c == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
588 | packet_send_debug("Failed to open the tunnel device."); never executed: packet_send_debug("Failed to open the tunnel device."); | 0 |
589 | return c; never executed: return c; | 0 |
590 | } | - |
591 | | - |
592 | static Channel * | - |
593 | server_request_session(struct ssh *ssh) | - |
594 | { | - |
595 | Channel *c; | - |
596 | | - |
597 | debug("input_session_request"); | - |
598 | packet_check_eom(); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
599 | | - |
600 | if (no_more_sessions) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
601 | packet_disconnect("Possible attack: attempt to open a session " | - |
602 | "after additional sessions disabled"); | - |
603 | } never executed: end of block | 0 |
604 | | - |
605 | | - |
606 | | - |
607 | | - |
608 | | - |
609 | | - |
610 | | - |
611 | c = channel_new(ssh, "session", SSH_CHANNEL_LARVAL, | - |
612 | -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, | - |
613 | 0, "server-session", 1); | - |
614 | if (session_open(the_authctxt, c->self) != 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
615 | debug("session open failed, free channel %d", c->self); | - |
616 | channel_free(ssh, c); | - |
617 | return NULL; never executed: return ((void *)0) ; | 0 |
618 | } | - |
619 | channel_register_cleanup(ssh, c->self, session_close_by_channel, 0); | - |
620 | return c; never executed: return c; | 0 |
621 | } | - |
622 | | - |
623 | static int | - |
624 | server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | - |
625 | { | - |
626 | Channel *c = NULL; | - |
627 | char *ctype; | - |
628 | const char *errmsg = NULL; | - |
629 | int rchan, reason = SSH2_OPEN_CONNECT_FAILED; | - |
630 | u_int rmaxpack, rwindow, len; | - |
631 | | - |
632 | ctype = packet_get_string(&len); | - |
633 | rchan = packet_get_int(); | - |
634 | rwindow = packet_get_int(); | - |
635 | rmaxpack = packet_get_int(); | - |
636 | | - |
637 | debug("%s: ctype %s rchan %d win %d max %d", __func__, | - |
638 | ctype, rchan, rwindow, rmaxpack); | - |
639 | | - |
640 | if (strcmp(ctype, "session") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( ctype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "session" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
641 | c = server_request_session(ssh); | - |
642 | } else if (strcmp(ctype, "direct-tcpip") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( ctype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "direct-tcpip" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
643 | c = server_request_direct_tcpip(ssh, &reason, &errmsg); | - |
644 | } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( ctype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "direct-streamlocal@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
645 | c = server_request_direct_streamlocal(ssh); | - |
646 | } else if (strcmp(ctype, "tun@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( ctype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "tun@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
647 | c = server_request_tun(ssh); | - |
648 | } never executed: end of block | 0 |
649 | if (c != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
650 | debug("%s: confirm %s", __func__, ctype); | - |
651 | c->remote_id = rchan; | - |
652 | c->have_remote_id = 1; | - |
653 | c->remote_window = rwindow; | - |
654 | c->remote_maxpacket = rmaxpack; | - |
655 | if (c->type != SSH_CHANNEL_CONNECTING) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
656 | packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); | - |
657 | packet_put_int(c->remote_id); | - |
658 | packet_put_int(c->self); | - |
659 | packet_put_int(c->local_window); | - |
660 | packet_put_int(c->local_maxpacket); | - |
661 | packet_send(); | - |
662 | } never executed: end of block | 0 |
663 | } else { never executed: end of block | 0 |
664 | debug("%s: failure %s", __func__, ctype); | - |
665 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | - |
666 | packet_put_int(rchan); | - |
667 | packet_put_int(reason); | - |
668 | packet_put_cstring(errmsg ? errmsg : "open failed"); | - |
669 | packet_put_cstring(""); | - |
670 | packet_send(); | - |
671 | } never executed: end of block | 0 |
672 | free(ctype); | - |
673 | return 0; never executed: return 0; | 0 |
674 | } | - |
675 | | - |
676 | static int | - |
677 | server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) | - |
678 | { | - |
679 | struct sshbuf *resp = NULL; | - |
680 | struct sshbuf *sigbuf = NULL; | - |
681 | struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; | - |
682 | int r, ndx, kexsigtype, use_kexsigtype, success = 0; | - |
683 | const u_char *blob; | - |
684 | u_char *sig = 0; | - |
685 | size_t blen, slen; | - |
686 | | - |
687 | if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
688 | fatal("%s: sshbuf_new", __func__); never executed: fatal("%s: sshbuf_new", __func__); | 0 |
689 | | - |
690 | kexsigtype = sshkey_type_plain( | - |
691 | sshkey_type_from_name(ssh->kex->hostkey_alg)); | - |
692 | while (ssh_packet_remaining(ssh) > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
693 | sshkey_free(key); | - |
694 | key = NULL; | - |
695 | if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
696 | (r = sshkey_from_blob(blob, blen, &key)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
697 | error("%s: couldn't parse key: %s", | - |
698 | __func__, ssh_err(r)); | - |
699 | goto out; never executed: goto out; | 0 |
700 | } | - |
701 | | - |
702 | | - |
703 | | - |
704 | | - |
705 | if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
706 | error("%s: unknown host %s key", | - |
707 | __func__, sshkey_type(key)); | - |
708 | goto out; never executed: goto out; | 0 |
709 | } | - |
710 | | - |
711 | | - |
712 | | - |
713 | | - |
714 | if ((key_prv = get_hostkey_by_index(ndx)) == NULL &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
715 | (key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
716 | error("%s: can't retrieve hostkey %d", __func__, ndx); | - |
717 | goto out; never executed: goto out; | 0 |
718 | } | - |
719 | sshbuf_reset(sigbuf); | - |
720 | free(sig); | - |
721 | sig = NULL; | - |
722 | | - |
723 | | - |
724 | | - |
725 | | - |
726 | use_kexsigtype = kexsigtype == KEY_RSA &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
727 | sshkey_type_plain(key->type) == KEY_RSA;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
728 | if ((r = sshbuf_put_cstring(sigbuf,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
729 | "hostkeys-prove-00@openssh.com")) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
730 | (r = sshbuf_put_string(sigbuf,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
731 | ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
732 | (r = sshkey_puts(key, sigbuf)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
733 | (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
734 | sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
735 | use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
736 | (r = sshbuf_put_string(resp, sig, slen)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
737 | error("%s: couldn't prepare signature: %s", | - |
738 | __func__, ssh_err(r)); | - |
739 | goto out; never executed: goto out; | 0 |
740 | } | - |
741 | } never executed: end of block | 0 |
742 | | - |
743 | *respp = resp; | - |
744 | resp = NULL; | - |
745 | success = 1; | - |
746 | out: code before this statement never executed: out: | 0 |
747 | free(sig); | - |
748 | sshbuf_free(resp); | - |
749 | sshbuf_free(sigbuf); | - |
750 | sshkey_free(key); | - |
751 | return success; never executed: return success; | 0 |
752 | } | - |
753 | | - |
754 | static int | - |
755 | server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | - |
756 | { | - |
757 | char *rtype; | - |
758 | int want_reply; | - |
759 | int r, success = 0, allocated_listen_port = 0; | - |
760 | struct sshbuf *resp = NULL; | - |
761 | struct passwd *pw = the_authctxt->pw; | - |
762 | | - |
763 | if (pw == NULL || !the_authctxt->valid)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
764 | fatal("%s: no/invalid user", __func__); never executed: fatal("%s: no/invalid user", __func__); | 0 |
765 | | - |
766 | rtype = packet_get_string(NULL); | - |
767 | want_reply = packet_get_char(); | - |
768 | debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); | - |
769 | | - |
770 | | - |
771 | if (strcmp(rtype, "tcpip-forward") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "tcpip-forward" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
772 | struct Forward fwd; | - |
773 | | - |
774 | memset(&fwd, 0, sizeof(fwd)); | - |
775 | fwd.listen_host = packet_get_string(NULL); | - |
776 | fwd.listen_port = (u_short)packet_get_int(); | - |
777 | debug("%s: tcpip-forward listen %s port %d", __func__, | - |
778 | fwd.listen_host, fwd.listen_port); | - |
779 | | - |
780 | | - |
781 | if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
782 | !auth_opts->permit_port_forwarding_flag ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
783 | options.disable_forwarding ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
784 | (!want_reply && fwd.listen_port == 0) ||TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
785 | (fwd.listen_port != 0 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
786 | !bind_permitted(fwd.listen_port, pw->pw_uid))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
787 | success = 0; | - |
788 | packet_send_debug("Server has disabled port forwarding."); | - |
789 | } else { never executed: end of block | 0 |
790 | | - |
791 | success = channel_setup_remote_fwd_listener(ssh, &fwd, | - |
792 | &allocated_listen_port, &options.fwd_opts); | - |
793 | } never executed: end of block | 0 |
794 | free(fwd.listen_host); | - |
795 | if ((resp = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
796 | fatal("%s: sshbuf_new", __func__); never executed: fatal("%s: sshbuf_new", __func__); | 0 |
797 | if (allocated_listen_port != 0 &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
798 | (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
799 | fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); | 0 |
800 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "cancel-tcpip-forward" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
801 | struct Forward fwd; | - |
802 | | - |
803 | memset(&fwd, 0, sizeof(fwd)); | - |
804 | fwd.listen_host = packet_get_string(NULL); | - |
805 | fwd.listen_port = (u_short)packet_get_int(); | - |
806 | debug("%s: cancel-tcpip-forward addr %s port %d", __func__, | - |
807 | fwd.listen_host, fwd.listen_port); | - |
808 | | - |
809 | success = channel_cancel_rport_listener(ssh, &fwd); | - |
810 | free(fwd.listen_host); | - |
811 | } else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "streamlocal-forward@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
812 | struct Forward fwd; | - |
813 | | - |
814 | memset(&fwd, 0, sizeof(fwd)); | - |
815 | fwd.listen_path = packet_get_string(NULL); | - |
816 | debug("%s: streamlocal-forward listen path %s", __func__, | - |
817 | fwd.listen_path); | - |
818 | | - |
819 | | - |
820 | if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0TRUE | never evaluated | FALSE | never evaluated |
| 0 |
821 | || !auth_opts->permit_port_forwarding_flag ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
822 | options.disable_forwarding ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
823 | (pw->pw_uid != 0 && !use_privsep)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
824 | success = 0; | - |
825 | packet_send_debug("Server has disabled " | - |
826 | "streamlocal forwarding."); | - |
827 | } else { never executed: end of block | 0 |
828 | | - |
829 | success = channel_setup_remote_fwd_listener(ssh, | - |
830 | &fwd, NULL, &options.fwd_opts); | - |
831 | } never executed: end of block | 0 |
832 | free(fwd.listen_path); | - |
833 | } else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "cancel-streamlocal-forward@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
834 | struct Forward fwd; | - |
835 | | - |
836 | memset(&fwd, 0, sizeof(fwd)); | - |
837 | fwd.listen_path = packet_get_string(NULL); | - |
838 | debug("%s: cancel-streamlocal-forward path %s", __func__, | - |
839 | fwd.listen_path); | - |
840 | | - |
841 | success = channel_cancel_rport_listener(ssh, &fwd); | - |
842 | free(fwd.listen_path); | - |
843 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "no-more-sessions@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
844 | no_more_sessions = 1; | - |
845 | success = 1; | - |
846 | } else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "hostkeys-prove-00@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
847 | success = server_input_hostkeys_prove(ssh, &resp); | - |
848 | } never executed: end of block | 0 |
849 | if (want_reply) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
850 | packet_start(success ? | - |
851 | SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); | - |
852 | if (success && resp != NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
853 | ssh_packet_put_raw(ssh, sshbuf_ptr(resp), never executed: ssh_packet_put_raw(ssh, sshbuf_ptr(resp), sshbuf_len(resp)); | 0 |
854 | sshbuf_len(resp)); never executed: ssh_packet_put_raw(ssh, sshbuf_ptr(resp), sshbuf_len(resp)); | 0 |
855 | packet_send(); | - |
856 | packet_write_wait(); | - |
857 | } never executed: end of block | 0 |
858 | free(rtype); | - |
859 | sshbuf_free(resp); | - |
860 | return 0; never executed: return 0; | 0 |
861 | } | - |
862 | | - |
863 | static int | - |
864 | server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) | - |
865 | { | - |
866 | Channel *c; | - |
867 | int id, reply, success = 0; | - |
868 | char *rtype; | - |
869 | | - |
870 | id = packet_get_int(); | - |
871 | rtype = packet_get_string(NULL); | - |
872 | reply = packet_get_char(); | - |
873 | | - |
874 | debug("server_input_channel_req: channel %d request %s reply %d", | - |
875 | id, rtype, reply); | - |
876 | | - |
877 | if ((c = channel_lookup(ssh, id)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
878 | packet_disconnect("server_input_channel_req: " never executed: packet_disconnect("server_input_channel_req: " "unknown channel %d", id); | 0 |
879 | "unknown channel %d", id); never executed: packet_disconnect("server_input_channel_req: " "unknown channel %d", id); | 0 |
880 | if (!strcmp(rtype, "eow@openssh.com")) { never executed: __result = (((const unsigned char *) (const char *) ( rtype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "eow@openssh.com" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
881 | packet_check_eom(); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
882 | chan_rcvd_eow(ssh, c); | - |
883 | } else if ((c->type == SSH_CHANNEL_LARVAL || never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
884 | c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0) never executed: __result = (((const unsigned char *) (const char *) ( c->ctype ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "session" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
885 | success = session_input_channel_req(ssh, c, rtype); never executed: success = session_input_channel_req(ssh, c, rtype); | 0 |
886 | if (reply && !(c->flags & CHAN_CLOSE_SENT)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
887 | if (!c->have_remote_id)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
888 | fatal("%s: channel %d: no remote_id", never executed: fatal("%s: channel %d: no remote_id", __func__, c->self); | 0 |
889 | __func__, c->self); never executed: fatal("%s: channel %d: no remote_id", __func__, c->self); | 0 |
890 | packet_start(success ? | - |
891 | SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); | - |
892 | packet_put_int(c->remote_id); | - |
893 | packet_send(); | - |
894 | } never executed: end of block | 0 |
895 | free(rtype); | - |
896 | return 0; never executed: return 0; | 0 |
897 | } | - |
898 | | - |
899 | static void | - |
900 | server_init_dispatch(void) | - |
901 | { | - |
902 | debug("server_init_dispatch"); | - |
903 | dispatch_init(&dispatch_protocol_error); | - |
904 | dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); | - |
905 | dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data); | - |
906 | dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); | - |
907 | dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); | - |
908 | dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open); | - |
909 | dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); | - |
910 | dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); | - |
911 | dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req); | - |
912 | dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); | - |
913 | dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); | - |
914 | | - |
915 | dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive); | - |
916 | dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); | - |
917 | dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); | - |
918 | dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); | - |
919 | | - |
920 | dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); | - |
921 | } never executed: end of block | 0 |
| | |