OpenCoverage

servconf.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/servconf.c
Source codeSwitch to Preprocessed file
LineSourceCount
1-
2/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */-
3/*-
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
5 * All rights reserved-
6 *-
7 * As far as I am concerned, the code I have written for this software-
8 * can be used freely for any purpose. Any derived versions of this-
9 * software must be clearly marked as such, and if the derived work is-
10 * incompatible with the protocol description in the RFC file, it must be-
11 * called by a name other than "ssh" or "Secure Shell".-
12 */-
13-
14#include "includes.h"-
15-
16#include <sys/types.h>-
17#include <sys/socket.h>-
18#ifdef HAVE_SYS_SYSCTL_H-
19#include <sys/sysctl.h>-
20#endif-
21-
22#include <netinet/in.h>-
23#include <netinet/in_systm.h>-
24#include <netinet/ip.h>-
25#ifdef HAVE_NET_ROUTE_H-
26#include <net/route.h>-
27#endif-
28-
29#include <ctype.h>-
30#include <netdb.h>-
31#include <pwd.h>-
32#include <stdio.h>-
33#include <stdlib.h>-
34#include <string.h>-
35#include <signal.h>-
36#include <unistd.h>-
37#include <limits.h>-
38#include <stdarg.h>-
39#include <errno.h>-
40#ifdef HAVE_UTIL_H-
41#include <util.h>-
42#endif-
43-
44#include "openbsd-compat/sys-queue.h"-
45#include "xmalloc.h"-
46#include "ssh.h"-
47#include "log.h"-
48#include "sshbuf.h"-
49#include "misc.h"-
50#include "servconf.h"-
51#include "compat.h"-
52#include "pathnames.h"-
53#include "cipher.h"-
54#include "sshkey.h"-
55#include "kex.h"-
56#include "mac.h"-
57#include "match.h"-
58#include "channels.h"-
59#include "groupaccess.h"-
60#include "canohost.h"-
61#include "packet.h"-
62#include "ssherr.h"-
63#include "hostfile.h"-
64#include "auth.h"-
65#include "myproposal.h"-
66#include "digest.h"-
67-
68static void add_listen_addr(ServerOptions *, const char *,-
69 const char *, int);-
70static void add_one_listen_addr(ServerOptions *, const char *,-
71 const char *, int);-
72-
73/* Use of privilege separation or not */-
74extern int use_privsep;-
75extern struct sshbuf *cfg;-
76-
77/* Initializes the server options to their default values. */-
78-
79void-
80initialize_server_options(ServerOptions *options)-
81{-
82 memset(options, 0, sizeof(*options));-
83-
84 /* Portable-specific options */-
85 options->use_pam = -1;-
86-
87 /* Standard Options */-
88 options->num_ports = 0;-
89 options->ports_from_cmdline = 0;-
90 options->queued_listen_addrs = NULL;-
91 options->num_queued_listens = 0;-
92 options->listen_addrs = NULL;-
93 options->num_listen_addrs = 0;-
94 options->address_family = -1;-
95 options->routing_domain = NULL;-
96 options->num_host_key_files = 0;-
97 options->num_host_cert_files = 0;-
98 options->host_key_agent = NULL;-
99 options->pid_file = NULL;-
100 options->login_grace_time = -1;-
101 options->permit_root_login = PERMIT_NOT_SET;-
102 options->ignore_rhosts = -1;-
103 options->ignore_user_known_hosts = -1;-
104 options->print_motd = -1;-
105 options->print_lastlog = -1;-
106 options->x11_forwarding = -1;-
107 options->x11_display_offset = -1;-
108 options->x11_use_localhost = -1;-
109 options->permit_tty = -1;-
110 options->permit_user_rc = -1;-
111 options->xauth_location = NULL;-
112 options->strict_modes = -1;-
113 options->tcp_keep_alive = -1;-
114 options->log_facility = SYSLOG_FACILITY_NOT_SET;-
115 options->log_level = SYSLOG_LEVEL_NOT_SET;-
116 options->hostbased_authentication = -1;-
117 options->hostbased_uses_name_from_packet_only = -1;-
118 options->hostbased_key_types = NULL;-
119 options->hostkeyalgorithms = NULL;-
120 options->pubkey_authentication = -1;-
121 options->pubkey_key_types = NULL;-
122 options->kerberos_authentication = -1;-
123 options->kerberos_or_local_passwd = -1;-
124 options->kerberos_ticket_cleanup = -1;-
125 options->kerberos_get_afs_token = -1;-
126 options->gss_authentication=-1;-
127 options->gss_cleanup_creds = -1;-
128 options->gss_strict_acceptor = -1;-
129 options->password_authentication = -1;-
130 options->kbd_interactive_authentication = -1;-
131 options->challenge_response_authentication = -1;-
132 options->permit_empty_passwd = -1;-
133 options->permit_user_env = -1;-
134 options->permit_user_env_whitelist = NULL;-
135 options->compression = -1;-
136 options->rekey_limit = -1;-
137 options->rekey_interval = -1;-
138 options->allow_tcp_forwarding = -1;-
139 options->allow_streamlocal_forwarding = -1;-
140 options->allow_agent_forwarding = -1;-
141 options->num_allow_users = 0;-
142 options->num_deny_users = 0;-
143 options->num_allow_groups = 0;-
144 options->num_deny_groups = 0;-
145 options->ciphers = NULL;-
146 options->macs = NULL;-
147 options->kex_algorithms = NULL;-
148 options->ca_sign_algorithms = NULL;-
149 options->fwd_opts.gateway_ports = -1;-
150 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;-
151 options->fwd_opts.streamlocal_bind_unlink = -1;-
152 options->num_subsystems = 0;-
153 options->max_startups_begin = -1;-
154 options->max_startups_rate = -1;-
155 options->max_startups = -1;-
156 options->max_authtries = -1;-
157 options->max_sessions = -1;-
158 options->banner = NULL;-
159 options->use_dns = -1;-
160 options->client_alive_interval = -1;-
161 options->client_alive_count_max = -1;-
162 options->num_authkeys_files = 0;-
163 options->num_accept_env = 0;-
164 options->num_setenv = 0;-
165 options->permit_tun = -1;-
166 options->permitted_opens = NULL;-
167 options->permitted_listens = NULL;-
168 options->adm_forced_command = NULL;-
169 options->chroot_directory = NULL;-
170 options->authorized_keys_command = NULL;-
171 options->authorized_keys_command_user = NULL;-
172 options->revoked_keys_file = NULL;-
173 options->trusted_user_ca_keys = NULL;-
174 options->authorized_principals_file = NULL;-
175 options->authorized_principals_command = NULL;-
176 options->authorized_principals_command_user = NULL;-
177 options->ip_qos_interactive = -1;-
178 options->ip_qos_bulk = -1;-
179 options->version_addendum = NULL;-
180 options->fingerprint_hash = -1;-
181 options->disable_forwarding = -1;-
182 options->expose_userauth_info = -1;-
183}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
184-
185/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */-
186static int-
187option_clear_or_none(const char *o)-
188{-
189 return o == NULL || strcasecmp(o, "none") == 0;
executed 22 times by 1 test: return o == ((void *)0) || strcasecmp(o, "none") == 0;
Executed by:
  • sshd
o == ((void *)0)Description
TRUEevaluated 14 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 8 times by 1 test
Evaluated by:
  • sshd
strcasecmp(o, "none") == 0Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • sshd
0-22
190}-
191-
192static void-
193assemble_algorithms(ServerOptions *o)-
194{-
195 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;-
196 int r;-
197-
198 all_cipher = cipher_alg_list(',', 0);-
199 all_mac = mac_alg_list(',');-
200 all_kex = kex_alg_list(',');-
201 all_key = sshkey_alg_list(0, 0, 1, ',');-
202 all_sig = sshkey_alg_list(0, 1, 1, ',');-
203#define ASSEMBLE(what, defaults, all) \-
204 do { \-
205 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \-
206 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \-
207 } while (0)-
208 ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
never executed: fatal("%s: %s: %s", __func__, "ciphers", ssh_err(r));
(r = kex_assem..._cipher)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
209 ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
never executed: fatal("%s: %s: %s", __func__, "macs", ssh_err(r));
(r = kex_assem...all_mac)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
210 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
never executed: fatal("%s: %s: %s", __func__, "kex_algorithms", ssh_err(r));
(r = kex_assem...all_kex)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
211 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
never executed: fatal("%s: %s: %s", __func__, "hostkeyalgorithms", ssh_err(r));
(r = kex_assem...all_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
212 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
never executed: fatal("%s: %s: %s", __func__, "hostbased_key_types", ssh_err(r));
(r = kex_assem...all_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
213 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
never executed: fatal("%s: %s: %s", __func__, "pubkey_key_types", ssh_err(r));
(r = kex_assem...all_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
214 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
never executed: fatal("%s: %s: %s", __func__, "ca_sign_algorithms", ssh_err(r));
(r = kex_assem...all_sig)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
215#undef ASSEMBLE-
216 free(all_cipher);-
217 free(all_mac);-
218 free(all_kex);-
219 free(all_key);-
220 free(all_sig);-
221}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
222-
223static void-
224array_append(const char *file, const int line, const char *directive,-
225 char ***array, u_int *lp, const char *s)-
226{-
227-
228 if (*lp >= INT_MAX)
*lp >= 0x7fffffffDescription
TRUEnever evaluated
FALSEevaluated 10 times by 1 test
Evaluated by:
  • sshd
0-10
229 fatal("%s line %d: Too many %s entries", file, line, directive);
never executed: fatal("%s line %d: Too many %s entries", file, line, directive);
0
230-
231 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));-
232 (*array)[*lp] = xstrdup(s);-
233 (*lp)++;-
234}
executed 10 times by 1 test: end of block
Executed by:
  • sshd
10
235-
236void-
237servconf_add_hostkey(const char *file, const int line,-
238 ServerOptions *options, const char *path)-
239{-
240 char *apath = derelativise_path(path);-
241-
242 array_append(file, line, "HostKey",-
243 &options->host_key_files, &options->num_host_key_files, apath);-
244 free(apath);-
245}
executed 4 times by 1 test: end of block
Executed by:
  • sshd
4
246-
247void-
248servconf_add_hostcert(const char *file, const int line,-
249 ServerOptions *options, const char *path)-
250{-
251 char *apath = derelativise_path(path);-
252-
253 array_append(file, line, "HostCertificate",-
254 &options->host_cert_files, &options->num_host_cert_files, apath);-
255 free(apath);-
256}
never executed: end of block
0
257-
258void-
259fill_default_server_options(ServerOptions *options)-
260{-
261 u_int i;-
262-
263 /* Portable-specific options */-
264 if (options->use_pam == -1)
options->use_pam == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
265 options->use_pam = 0;
executed 2 times by 1 test: options->use_pam = 0;
Executed by:
  • sshd
2
266-
267 /* Standard Options */-
268 if (options->num_host_key_files == 0) {
options->num_h...key_files == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
269 /* fill default hostkeys for protocols */-
270 servconf_add_hostkey("[default]", 0, options,-
271 _PATH_HOST_RSA_KEY_FILE);-
272#ifdef OPENSSL_HAS_ECC-
273 servconf_add_hostkey("[default]", 0, options,-
274 _PATH_HOST_ECDSA_KEY_FILE);-
275#endif-
276 servconf_add_hostkey("[default]", 0, options,-
277 _PATH_HOST_ED25519_KEY_FILE);-
278#ifdef WITH_XMSS-
279 servconf_add_hostkey("[default]", 0, options,-
280 _PATH_HOST_XMSS_KEY_FILE);-
281#endif /* WITH_XMSS */-
282 }
never executed: end of block
0
283 /* No certificates by default */-
284 if (options->num_ports == 0)
options->num_ports == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
285 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
never executed: options->ports[options->num_ports++] = 22;
0
286 if (options->address_family == -1)
options->address_family == -1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
287 options->address_family = AF_UNSPEC;
never executed: options->address_family = 0 ;
0
288 if (options->listen_addrs == NULL)
options->liste...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
289 add_listen_addr(options, NULL, NULL, 0);
never executed: add_listen_addr(options, ((void *)0) , ((void *)0) , 0);
0
290 if (options->pid_file == NULL)
options->pid_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
291 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
never executed: options->pid_file = xstrdup("/var/run" "/sshd.pid");
0
292 if (options->login_grace_time == -1)
options->login...ace_time == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
293 options->login_grace_time = 120;
executed 2 times by 1 test: options->login_grace_time = 120;
Executed by:
  • sshd
2
294 if (options->permit_root_login == PERMIT_NOT_SET)
options->permi...ot_login == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
295 options->permit_root_login = PERMIT_NO_PASSWD;
executed 2 times by 1 test: options->permit_root_login = 2;
Executed by:
  • sshd
2
296 if (options->ignore_rhosts == -1)
options->ignore_rhosts == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
297 options->ignore_rhosts = 1;
executed 2 times by 1 test: options->ignore_rhosts = 1;
Executed by:
  • sshd
2
298 if (options->ignore_user_known_hosts == -1)
options->ignor...wn_hosts == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
299 options->ignore_user_known_hosts = 0;
executed 2 times by 1 test: options->ignore_user_known_hosts = 0;
Executed by:
  • sshd
2
300 if (options->print_motd == -1)
options->print_motd == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
301 options->print_motd = 1;
executed 2 times by 1 test: options->print_motd = 1;
Executed by:
  • sshd
2
302 if (options->print_lastlog == -1)
options->print_lastlog == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
303 options->print_lastlog = 1;
executed 2 times by 1 test: options->print_lastlog = 1;
Executed by:
  • sshd
2
304 if (options->x11_forwarding == -1)
options->x11_forwarding == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
305 options->x11_forwarding = 0;
executed 2 times by 1 test: options->x11_forwarding = 0;
Executed by:
  • sshd
2
306 if (options->x11_display_offset == -1)
options->x11_d...y_offset == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
307 options->x11_display_offset = 10;
executed 2 times by 1 test: options->x11_display_offset = 10;
Executed by:
  • sshd
2
308 if (options->x11_use_localhost == -1)
options->x11_u...ocalhost == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
309 options->x11_use_localhost = 1;
executed 2 times by 1 test: options->x11_use_localhost = 1;
Executed by:
  • sshd
2
310 if (options->xauth_location == NULL)
options->xauth...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
311 options->xauth_location = xstrdup(_PATH_XAUTH);
executed 2 times by 1 test: options->xauth_location = xstrdup("/usr/bin/xauth");
Executed by:
  • sshd
2
312 if (options->permit_tty == -1)
options->permit_tty == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
313 options->permit_tty = 1;
executed 2 times by 1 test: options->permit_tty = 1;
Executed by:
  • sshd
2
314 if (options->permit_user_rc == -1)
options->permit_user_rc == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
315 options->permit_user_rc = 1;
executed 2 times by 1 test: options->permit_user_rc = 1;
Executed by:
  • sshd
2
316 if (options->strict_modes == -1)
options->strict_modes == -1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
317 options->strict_modes = 1;
never executed: options->strict_modes = 1;
0
318 if (options->tcp_keep_alive == -1)
options->tcp_keep_alive == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
319 options->tcp_keep_alive = 1;
executed 2 times by 1 test: options->tcp_keep_alive = 1;
Executed by:
  • sshd
2
320 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
options->log_f...CILITY_NOT_SETDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
321 options->log_facility = SYSLOG_FACILITY_AUTH;
executed 2 times by 1 test: options->log_facility = SYSLOG_FACILITY_AUTH;
Executed by:
  • sshd
2
322 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_l..._LEVEL_NOT_SETDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
323 options->log_level = SYSLOG_LEVEL_INFO;
never executed: options->log_level = SYSLOG_LEVEL_INFO;
0
324 if (options->hostbased_authentication == -1)
options->hostb...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
325 options->hostbased_authentication = 0;
executed 2 times by 1 test: options->hostbased_authentication = 0;
Executed by:
  • sshd
2
326 if (options->hostbased_uses_name_from_packet_only == -1)
options->hostb...ket_only == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
327 options->hostbased_uses_name_from_packet_only = 0;
executed 2 times by 1 test: options->hostbased_uses_name_from_packet_only = 0;
Executed by:
  • sshd
2
328 if (options->pubkey_authentication == -1)
options->pubke...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
329 options->pubkey_authentication = 1;
executed 2 times by 1 test: options->pubkey_authentication = 1;
Executed by:
  • sshd
2
330 if (options->kerberos_authentication == -1)
options->kerbe...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
331 options->kerberos_authentication = 0;
executed 2 times by 1 test: options->kerberos_authentication = 0;
Executed by:
  • sshd
2
332 if (options->kerberos_or_local_passwd == -1)
options->kerbe...l_passwd == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
333 options->kerberos_or_local_passwd = 1;
executed 2 times by 1 test: options->kerberos_or_local_passwd = 1;
Executed by:
  • sshd
2
334 if (options->kerberos_ticket_cleanup == -1)
options->kerbe..._cleanup == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
335 options->kerberos_ticket_cleanup = 1;
executed 2 times by 1 test: options->kerberos_ticket_cleanup = 1;
Executed by:
  • sshd
2
336 if (options->kerberos_get_afs_token == -1)
options->kerbe...fs_token == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
337 options->kerberos_get_afs_token = 0;
executed 2 times by 1 test: options->kerberos_get_afs_token = 0;
Executed by:
  • sshd
2
338 if (options->gss_authentication == -1)
options->gss_a...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
339 options->gss_authentication = 0;
executed 2 times by 1 test: options->gss_authentication = 0;
Executed by:
  • sshd
2
340 if (options->gss_cleanup_creds == -1)
options->gss_c...up_creds == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
341 options->gss_cleanup_creds = 1;
executed 2 times by 1 test: options->gss_cleanup_creds = 1;
Executed by:
  • sshd
2
342 if (options->gss_strict_acceptor == -1)
options->gss_s...acceptor == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
343 options->gss_strict_acceptor = 1;
executed 2 times by 1 test: options->gss_strict_acceptor = 1;
Executed by:
  • sshd
2
344 if (options->password_authentication == -1)
options->passw...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
345 options->password_authentication = 1;
executed 2 times by 1 test: options->password_authentication = 1;
Executed by:
  • sshd
2
346 if (options->kbd_interactive_authentication == -1)
options->kbd_i...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
347 options->kbd_interactive_authentication = 0;
executed 2 times by 1 test: options->kbd_interactive_authentication = 0;
Executed by:
  • sshd
2
348 if (options->challenge_response_authentication == -1)
options->chall...tication == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
349 options->challenge_response_authentication = 1;
executed 2 times by 1 test: options->challenge_response_authentication = 1;
Executed by:
  • sshd
2
350 if (options->permit_empty_passwd == -1)
options->permi...y_passwd == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
351 options->permit_empty_passwd = 0;
executed 2 times by 1 test: options->permit_empty_passwd = 0;
Executed by:
  • sshd
2
352 if (options->permit_user_env == -1) {
options->permit_user_env == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
353 options->permit_user_env = 0;-
354 options->permit_user_env_whitelist = NULL;-
355 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
356 if (options->compression == -1)
options->compression == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
357 options->compression = COMP_DELAYED;
executed 2 times by 1 test: options->compression = 2;
Executed by:
  • sshd
2
358 if (options->rekey_limit == -1)
options->rekey_limit == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
359 options->rekey_limit = 0;
executed 2 times by 1 test: options->rekey_limit = 0;
Executed by:
  • sshd
2
360 if (options->rekey_interval == -1)
options->rekey_interval == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
361 options->rekey_interval = 0;
executed 2 times by 1 test: options->rekey_interval = 0;
Executed by:
  • sshd
2
362 if (options->allow_tcp_forwarding == -1)
options->allow...rwarding == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
363 options->allow_tcp_forwarding = FORWARD_ALLOW;
executed 2 times by 1 test: options->allow_tcp_forwarding = ((1)|(1<<1));
Executed by:
  • sshd
2
364 if (options->allow_streamlocal_forwarding == -1)
options->allow...rwarding == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
365 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
executed 2 times by 1 test: options->allow_streamlocal_forwarding = ((1)|(1<<1));
Executed by:
  • sshd
2
366 if (options->allow_agent_forwarding == -1)
options->allow...rwarding == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
367 options->allow_agent_forwarding = 1;
executed 2 times by 1 test: options->allow_agent_forwarding = 1;
Executed by:
  • sshd
2
368 if (options->fwd_opts.gateway_ports == -1)
options->fwd_o...ay_ports == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
369 options->fwd_opts.gateway_ports = 0;
executed 2 times by 1 test: options->fwd_opts.gateway_ports = 0;
Executed by:
  • sshd
2
370 if (options->max_startups == -1)
options->max_startups == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
371 options->max_startups = 100;
executed 2 times by 1 test: options->max_startups = 100;
Executed by:
  • sshd
2
372 if (options->max_startups_rate == -1)
options->max_s...ups_rate == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
373 options->max_startups_rate = 30; /* 30% */
executed 2 times by 1 test: options->max_startups_rate = 30;
Executed by:
  • sshd
2
374 if (options->max_startups_begin == -1)
options->max_s...ps_begin == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
375 options->max_startups_begin = 10;
executed 2 times by 1 test: options->max_startups_begin = 10;
Executed by:
  • sshd
2
376 if (options->max_authtries == -1)
options->max_authtries == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
377 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
executed 2 times by 1 test: options->max_authtries = 6;
Executed by:
  • sshd
2
378 if (options->max_sessions == -1)
options->max_sessions == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
379 options->max_sessions = DEFAULT_SESSIONS_MAX;
executed 2 times by 1 test: options->max_sessions = 10;
Executed by:
  • sshd
2
380 if (options->use_dns == -1)
options->use_dns == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
381 options->use_dns = 0;
executed 2 times by 1 test: options->use_dns = 0;
Executed by:
  • sshd
2
382 if (options->client_alive_interval == -1)
options->clien...interval == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
383 options->client_alive_interval = 0;
executed 2 times by 1 test: options->client_alive_interval = 0;
Executed by:
  • sshd
2
384 if (options->client_alive_count_max == -1)
options->clien...ount_max == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
385 options->client_alive_count_max = 3;
executed 2 times by 1 test: options->client_alive_count_max = 3;
Executed by:
  • sshd
2
386 if (options->num_authkeys_files == 0) {
options->num_a...eys_files == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
387 array_append("[default]", 0, "AuthorizedKeysFiles",-
388 &options->authorized_keys_files,-
389 &options->num_authkeys_files,-
390 _PATH_SSH_USER_PERMITTED_KEYS);-
391 array_append("[default]", 0, "AuthorizedKeysFiles",-
392 &options->authorized_keys_files,-
393 &options->num_authkeys_files,-
394 _PATH_SSH_USER_PERMITTED_KEYS2);-
395 }
never executed: end of block
0
396 if (options->permit_tun == -1)
options->permit_tun == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
397 options->permit_tun = SSH_TUNMODE_NO;
executed 2 times by 1 test: options->permit_tun = 0x00;
Executed by:
  • sshd
2
398 if (options->ip_qos_interactive == -1)
options->ip_qo...eractive == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
399 options->ip_qos_interactive = IPTOS_DSCP_AF21;
executed 2 times by 1 test: options->ip_qos_interactive = 0x48 ;
Executed by:
  • sshd
2
400 if (options->ip_qos_bulk == -1)
options->ip_qos_bulk == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
401 options->ip_qos_bulk = IPTOS_DSCP_CS1;
executed 2 times by 1 test: options->ip_qos_bulk = 0x20;
Executed by:
  • sshd
2
402 if (options->version_addendum == NULL)
options->versi...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
403 options->version_addendum = xstrdup("");
executed 2 times by 1 test: options->version_addendum = xstrdup("");
Executed by:
  • sshd
2
404 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
options->fwd_o... == (mode_t)-1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
405 options->fwd_opts.streamlocal_bind_mask = 0177;
executed 2 times by 1 test: options->fwd_opts.streamlocal_bind_mask = 0177;
Executed by:
  • sshd
2
406 if (options->fwd_opts.streamlocal_bind_unlink == -1)
options->fwd_o...d_unlink == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
407 options->fwd_opts.streamlocal_bind_unlink = 0;
executed 2 times by 1 test: options->fwd_opts.streamlocal_bind_unlink = 0;
Executed by:
  • sshd
2
408 if (options->fingerprint_hash == -1)
options->finge...int_hash == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
409 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
executed 2 times by 1 test: options->fingerprint_hash = 2;
Executed by:
  • sshd
2
410 if (options->disable_forwarding == -1)
options->disab...rwarding == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
411 options->disable_forwarding = 0;
executed 2 times by 1 test: options->disable_forwarding = 0;
Executed by:
  • sshd
2
412 if (options->expose_userauth_info == -1)
options->expos...uth_info == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
413 options->expose_userauth_info = 0;
executed 2 times by 1 test: options->expose_userauth_info = 0;
Executed by:
  • sshd
2
414-
415 assemble_algorithms(options);-
416-
417 /* Turn privilege separation and sandboxing on by default */-
418 if (use_privsep == -1)
use_privsep == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
419 use_privsep = PRIVSEP_ON;
executed 2 times by 1 test: use_privsep = 1;
Executed by:
  • sshd
2
420-
421#define CLEAR_ON_NONE(v) \-
422 do { \-
423 if (option_clear_or_none(v)) { \-
424 free(v); \-
425 v = NULL; \-
426 } \-
427 } while(0)-
428 CLEAR_ON_NONE(options->pid_file);
never executed: end of block
option_clear_o...ons->pid_file)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
429 CLEAR_ON_NONE(options->xauth_location);
never executed: end of block
option_clear_o...auth_location)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
430 CLEAR_ON_NONE(options->banner);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...tions->banner)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
431 CLEAR_ON_NONE(options->trusted_user_ca_keys);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o..._user_ca_keys)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
432 CLEAR_ON_NONE(options->revoked_keys_file);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...ked_keys_file)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
433 CLEAR_ON_NONE(options->authorized_principals_file);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...incipals_file)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
434 CLEAR_ON_NONE(options->adm_forced_command);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...orced_command)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
435 CLEAR_ON_NONE(options->chroot_directory);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...oot_directory)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
436 CLEAR_ON_NONE(options->routing_domain);
executed 2 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o...outing_domain)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
437 for (i = 0; i < options->num_host_key_files; i++)
i < options->n...host_key_filesDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2-4
438 CLEAR_ON_NONE(options->host_key_files[i]);
never executed: end of block
executed 4 times by 1 test: end of block
Executed by:
  • sshd
option_clear_o..._key_files[i])Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
439 for (i = 0; i < options->num_host_cert_files; i++)
i < options->n...ost_cert_filesDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
440 CLEAR_ON_NONE(options->host_cert_files[i]);
never executed: end of block
never executed: end of block
option_clear_o...cert_files[i])Description
TRUEnever evaluated
FALSEnever evaluated
0
441#undef CLEAR_ON_NONE-
442-
443 /* Similar handling for AuthenticationMethods=any */-
444 if (options->num_auth_methods == 1 &&
options->num_auth_methods == 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
445 strcmp(options->auth_methods[0], "any") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( options->auth_methods[0] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "any" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
446 free(options->auth_methods[0]);-
447 options->auth_methods[0] = NULL;-
448 options->num_auth_methods = 0;-
449 }
never executed: end of block
0
450-
451#ifndef HAVE_MMAP-
452 if (use_privsep && options->compression == 1) {
use_privsepDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
options->compression == 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
453 error("This platform does not support both privilege "-
454 "separation and compression");-
455 error("Compression disabled");-
456 options->compression = 0;-
457 }
never executed: end of block
0
458#endif-
459-
460}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
461-
462/* Keyword tokens. */-
463typedef enum {-
464 sBadOption, /* == unknown option */-
465 /* Portable-specific options */-
466 sUsePAM,-
467 /* Standard Options */-
468 sPort, sHostKeyFile, sLoginGraceTime,-
469 sPermitRootLogin, sLogFacility, sLogLevel,-
470 sRhostsRSAAuthentication, sRSAAuthentication,-
471 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,-
472 sKerberosGetAFSToken, sChallengeResponseAuthentication,-
473 sPasswordAuthentication, sKbdInteractiveAuthentication,-
474 sListenAddress, sAddressFamily,-
475 sPrintMotd, sPrintLastLog, sIgnoreRhosts,-
476 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,-
477 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,-
478 sPermitUserEnvironment, sAllowTcpForwarding, sCompression,-
479 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,-
480 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,-
481 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,-
482 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,-
483 sBanner, sUseDNS, sHostbasedAuthentication,-
484 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,-
485 sHostKeyAlgorithms,-
486 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,-
487 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,-
488 sAcceptEnv, sSetEnv, sPermitTunnel,-
489 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,-
490 sUsePrivilegeSeparation, sAllowAgentForwarding,-
491 sHostCertificate,-
492 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,-
493 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,-
494 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,-
495 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,-
496 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,-
497 sStreamLocalBindMask, sStreamLocalBindUnlink,-
498 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,-
499 sExposeAuthInfo, sRDomain,-
500 sDeprecated, sIgnore, sUnsupported-
501} ServerOpCodes;-
502-
503#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */-
504#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */-
505#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)-
506-
507/* Textual representation of the tokens. */-
508static struct {-
509 const char *name;-
510 ServerOpCodes opcode;-
511 u_int flags;-
512} keywords[] = {-
513 /* Portable-specific options */-
514#ifdef USE_PAM-
515 { "usepam", sUsePAM, SSHCFG_GLOBAL },-
516#else-
517 { "usepam", sUnsupported, SSHCFG_GLOBAL },-
518#endif-
519 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },-
520 /* Standard Options */-
521 { "port", sPort, SSHCFG_GLOBAL },-
522 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },-
523 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */-
524 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },-
525 { "pidfile", sPidFile, SSHCFG_GLOBAL },-
526 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },-
527 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },-
528 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },-
529 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },-
530 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },-
531 { "loglevel", sLogLevel, SSHCFG_ALL },-
532 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },-
533 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },-
534 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },-
535 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },-
536 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },-
537 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },-
538 { "rsaauthentication", sDeprecated, SSHCFG_ALL },-
539 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },-
540 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },-
541 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */-
542#ifdef KRB5-
543 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },-
544 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },-
545 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },-
546#ifdef USE_AFS-
547 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },-
548#else-
549 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },-
550#endif-
551#else-
552 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },-
553 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },-
554 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },-
555 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },-
556#endif-
557 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },-
558 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },-
559#ifdef GSSAPI-
560 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },-
561 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },-
562 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },-
563#else-
564 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },-
565 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },-
566 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },-
567#endif-
568 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },-
569 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },-
570 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },-
571 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },-
572 { "checkmail", sDeprecated, SSHCFG_GLOBAL },-
573 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },-
574 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },-
575 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },-
576#ifdef DISABLE_LASTLOG-
577 { "printlastlog", sUnsupported, SSHCFG_GLOBAL },-
578#else-
579 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },-
580#endif-
581 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },-
582 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },-
583 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },-
584 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },-
585 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },-
586 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },-
587 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },-
588 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },-
589 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },-
590 { "uselogin", sDeprecated, SSHCFG_GLOBAL },-
591 { "compression", sCompression, SSHCFG_GLOBAL },-
592 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },-
593 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },-
594 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */-
595 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },-
596 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },-
597 { "allowusers", sAllowUsers, SSHCFG_ALL },-
598 { "denyusers", sDenyUsers, SSHCFG_ALL },-
599 { "allowgroups", sAllowGroups, SSHCFG_ALL },-
600 { "denygroups", sDenyGroups, SSHCFG_ALL },-
601 { "ciphers", sCiphers, SSHCFG_GLOBAL },-
602 { "macs", sMacs, SSHCFG_GLOBAL },-
603 { "protocol", sIgnore, SSHCFG_GLOBAL },-
604 { "gatewayports", sGatewayPorts, SSHCFG_ALL },-
605 { "subsystem", sSubsystem, SSHCFG_GLOBAL },-
606 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },-
607 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },-
608 { "maxsessions", sMaxSessions, SSHCFG_ALL },-
609 { "banner", sBanner, SSHCFG_ALL },-
610 { "usedns", sUseDNS, SSHCFG_GLOBAL },-
611 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },-
612 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },-
613 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },-
614 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },-
615 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },-
616 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },-
617 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},-
618 { "acceptenv", sAcceptEnv, SSHCFG_ALL },-
619 { "setenv", sSetEnv, SSHCFG_ALL },-
620 { "permittunnel", sPermitTunnel, SSHCFG_ALL },-
621 { "permittty", sPermitTTY, SSHCFG_ALL },-
622 { "permituserrc", sPermitUserRC, SSHCFG_ALL },-
623 { "match", sMatch, SSHCFG_ALL },-
624 { "permitopen", sPermitOpen, SSHCFG_ALL },-
625 { "permitlisten", sPermitListen, SSHCFG_ALL },-
626 { "forcecommand", sForceCommand, SSHCFG_ALL },-
627 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },-
628 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },-
629 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },-
630 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },-
631 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },-
632 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },-
633 { "ipqos", sIPQoS, SSHCFG_ALL },-
634 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },-
635 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },-
636 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },-
637 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },-
638 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },-
639 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },-
640 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },-
641 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },-
642 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },-
643 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },-
644 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },-
645 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },-
646 { "rdomain", sRDomain, SSHCFG_ALL },-
647 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },-
648 { NULL, sBadOption, 0 }-
649};-
650-
651static struct {-
652 int val;-
653 char *text;-
654} tunmode_desc[] = {-
655 { SSH_TUNMODE_NO, "no" },-
656 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },-
657 { SSH_TUNMODE_ETHERNET, "ethernet" },-
658 { SSH_TUNMODE_YES, "yes" },-
659 { -1, NULL }-
660};-
661-
662/* Returns an opcode name from its number */-
663-
664static const char *-
665lookup_opcode_name(ServerOpCodes code)-
666{-
667 u_int i;-
668-
669 for (i = 0; keywords[i].name != NULL; i++)
keywords[i].na...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
670 if (keywords[i].opcode == code)
keywords[i].opcode == codeDescription
TRUEnever evaluated
FALSEnever evaluated
0
671 return(keywords[i].name);
never executed: return(keywords[i].name);
0
672 return "UNKNOWN";
never executed: return "UNKNOWN";
0
673}-
674-
675-
676/*-
677 * Returns the number of the token pointed to by cp or sBadOption.-
678 */-
679-
680static ServerOpCodes-
681parse_token(const char *cp, const char *filename,-
682 int linenum, u_int *flags)-
683{-
684 u_int i;-
685-
686 for (i = 0; keywords[i].name; i++)
keywords[i].nameDescription
TRUEevaluated 960 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-960
687 if (strcasecmp(cp, keywords[i].name) == 0) {
strcasecmp(cp,...[i].name) == 0Description
TRUEevaluated 25 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 935 times by 1 test
Evaluated by:
  • sshd
25-935
688 *flags = keywords[i].flags;-
689 return keywords[i].opcode;
executed 25 times by 1 test: return keywords[i].opcode;
Executed by:
  • sshd
25
690 }-
691-
692 error("%s: line %d: Bad configuration option: %s",-
693 filename, linenum, cp);-
694 return sBadOption;
never executed: return sBadOption;
0
695}-
696-
697char *-
698derelativise_path(const char *path)-
699{-
700 char *expanded, *ret, cwd[PATH_MAX];-
701-
702 if (strcasecmp(path, "none") == 0)
strcasecmp(path, "none") == 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • sshd
0-6
703 return xstrdup("none");
never executed: return xstrdup("none");
0
704 expanded = tilde_expand_filename(path, getuid());-
705 if (*expanded == '/')
*expanded == '/'Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-6
706 return expanded;
executed 6 times by 1 test: return expanded;
Executed by:
  • sshd
6
707 if (getcwd(cwd, sizeof(cwd)) == NULL)
getcwd(cwd, si...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
708 fatal("%s: getcwd: %s", __func__, strerror(errno));
never executed: fatal("%s: getcwd: %s", __func__, strerror( (*__errno_location ()) ));
0
709 xasprintf(&ret, "%s/%s", cwd, expanded);-
710 free(expanded);-
711 return ret;
never executed: return ret;
0
712}-
713-
714static void-
715add_listen_addr(ServerOptions *options, const char *addr,-
716 const char *rdomain, int port)-
717{-
718 u_int i;-
719-
720 if (port > 0)
port > 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
721 add_one_listen_addr(options, addr, rdomain, port);
never executed: add_one_listen_addr(options, addr, rdomain, port);
0
722 else {-
723 for (i = 0; i < options->num_ports; i++) {
i < options->num_portsDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
724 add_one_listen_addr(options, addr, rdomain,-
725 options->ports[i]);-
726 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
727 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
728}-
729-
730static void-
731add_one_listen_addr(ServerOptions *options, const char *addr,-
732 const char *rdomain, int port)-
733{-
734 struct addrinfo hints, *ai, *aitop;-
735 char strport[NI_MAXSERV];-
736 int gaierr;-
737 u_int i;-
738-
739 /* Find listen_addrs entry for this rdomain */-
740 for (i = 0; i < options->num_listen_addrs; i++) {
i < options->num_listen_addrsDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
741 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
rdomain == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options->liste...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
742 break;
never executed: break;
0
743 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
rdomain == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
options->liste...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
744 continue;
never executed: continue;
0
745 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( rdomain ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( options->listen_addrs[i].rdomain ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
746 break;
never executed: break;
0
747 }
never executed: end of block
0
748 if (i >= options->num_listen_addrs) {
i >= options->num_listen_addrsDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
749 /* No entry for this rdomain; allocate one */-
750 if (i >= INT_MAX)
i >= 0x7fffffffDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
751 fatal("%s: too many listen addresses", __func__);
never executed: fatal("%s: too many listen addresses", __func__);
0
752 options->listen_addrs = xrecallocarray(options->listen_addrs,-
753 options->num_listen_addrs, options->num_listen_addrs + 1,-
754 sizeof(*options->listen_addrs));-
755 i = options->num_listen_addrs++;-
756 if (rdomain != NULL)
rdomain != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
757 options->listen_addrs[i].rdomain = xstrdup(rdomain);
never executed: options->listen_addrs[i].rdomain = xstrdup(rdomain);
0
758 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
759 /* options->listen_addrs[i] points to the addresses for this rdomain */-
760-
761 memset(&hints, 0, sizeof(hints));-
762 hints.ai_family = options->address_family;-
763 hints.ai_socktype = SOCK_STREAM;-
764 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
(addr == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
765 snprintf(strport, sizeof strport, "%d", port);-
766 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
(gaierr = geta... &aitop)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
767 fatal("bad addr or host: %s (%s)",
never executed: fatal("bad addr or host: %s (%s)", addr ? addr : "<NULL>", ssh_gai_strerror(gaierr));
0
768 addr ? addr : "<NULL>",
never executed: fatal("bad addr or host: %s (%s)", addr ? addr : "<NULL>", ssh_gai_strerror(gaierr));
0
769 ssh_gai_strerror(gaierr));
never executed: fatal("bad addr or host: %s (%s)", addr ? addr : "<NULL>", ssh_gai_strerror(gaierr));
0
770 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
ai->ai_nextDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
771 ;
never executed: ;
0
772 ai->ai_next = options->listen_addrs[i].addrs;-
773 options->listen_addrs[i].addrs = aitop;-
774}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
775-
776/* Returns nonzero if the routing domain name is valid */-
777static int-
778valid_rdomain(const char *name)-
779{-
780#if defined(HAVE_SYS_VALID_RDOMAIN)-
781 return sys_valid_rdomain(name);-
782#elif defined(__OpenBSD__)-
783 const char *errstr;-
784 long long num;-
785 struct rt_tableinfo info;-
786 int mib[6];-
787 size_t miblen = sizeof(mib);-
788-
789 if (name == NULL)-
790 return 1;-
791-
792 num = strtonum(name, 0, 255, &errstr);-
793 if (errstr != NULL)-
794 return 0;-
795-
796 /* Check whether the table actually exists */-
797 memset(mib, 0, sizeof(mib));-
798 mib[0] = CTL_NET;-
799 mib[1] = PF_ROUTE;-
800 mib[4] = NET_RT_TABLE;-
801 mib[5] = (int)num;-
802 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)-
803 return 0;-
804-
805 return 1;-
806#else /* defined(__OpenBSD__) */-
807 error("Routing domains are not supported on this platform");-
808 return 0;
never executed: return 0;
0
809#endif-
810}-
811-
812/*-
813 * Queue a ListenAddress to be processed once we have all of the Ports-
814 * and AddressFamily options.-
815 */-
816static void-
817queue_listen_addr(ServerOptions *options, const char *addr,-
818 const char *rdomain, int port)-
819{-
820 struct queued_listenaddr *qla;-
821-
822 options->queued_listen_addrs = xrecallocarray(-
823 options->queued_listen_addrs,-
824 options->num_queued_listens, options->num_queued_listens + 1,-
825 sizeof(*options->queued_listen_addrs));-
826 qla = &options->queued_listen_addrs[options->num_queued_listens++];-
827 qla->addr = xstrdup(addr);-
828 qla->port = port;-
829 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
rdomain == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
830}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
831-
832/*-
833 * Process queued (text) ListenAddress entries.-
834 */-
835static void-
836process_queued_listen_addrs(ServerOptions *options)-
837{-
838 u_int i;-
839 struct queued_listenaddr *qla;-
840-
841 if (options->num_ports == 0)
options->num_ports == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
842 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
never executed: options->ports[options->num_ports++] = 22;
0
843 if (options->address_family == -1)
options->address_family == -1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
844 options->address_family = AF_UNSPEC;
never executed: options->address_family = 0 ;
0
845-
846 for (i = 0; i < options->num_queued_listens; i++) {
i < options->n...queued_listensDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
847 qla = &options->queued_listen_addrs[i];-
848 add_listen_addr(options, qla->addr, qla->rdomain, qla->port);-
849 free(qla->addr);-
850 free(qla->rdomain);-
851 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
852 free(options->queued_listen_addrs);-
853 options->queued_listen_addrs = NULL;-
854 options->num_queued_listens = 0;-
855}
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
856-
857/*-
858 * Inform channels layer of permitopen options for a single forwarding-
859 * direction (local/remote).-
860 */-
861static void-
862process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,-
863 char **opens, u_int num_opens)-
864{-
865 u_int i;-
866 int port;-
867 char *host, *arg, *oarg;-
868 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
opcode == sPermitOpenDescription
TRUEnever evaluated
FALSEnever evaluated
0
869 const char *what = lookup_opcode_name(opcode);-
870-
871 channel_clear_permission(ssh, FORWARD_ADM, where);-
872 if (num_opens == 0)
num_opens == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
873 return; /* permit any */
never executed: return;
0
874-
875 /* handle keywords: "any" / "none" */-
876 if (num_opens == 1 && strcmp(opens[0], "any") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( opens[0] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "any" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
num_opens == 1Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
877 return;
never executed: return;
0
878 if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( opens[0] ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
num_opens == 1Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
879 channel_disable_admin(ssh, where);-
880 return;
never executed: return;
0
881 }-
882 /* Otherwise treat it as a list of permitted host:port */-
883 for (i = 0; i < num_opens; i++) {
i < num_opensDescription
TRUEnever evaluated
FALSEnever evaluated
0
884 oarg = arg = xstrdup(opens[i]);-
885 host = hpdelim(&arg);-
886 if (host == NULL)
host == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
887 fatal("%s: missing host in %s", __func__, what);
never executed: fatal("%s: missing host in %s", __func__, what);
0
888 host = cleanhostname(host);-
889 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
arg == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((port = permi...ort(arg)) < 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
890 fatal("%s: bad port number in %s", __func__, what);
never executed: fatal("%s: bad port number in %s", __func__, what);
0
891 /* Send it to channels layer */-
892 channel_add_permission(ssh, FORWARD_ADM,-
893 where, host, port);-
894 free(oarg);-
895 }
never executed: end of block
0
896}
never executed: end of block
0
897-
898/*-
899 * Inform channels layer of permitopen options from configuration.-
900 */-
901void-
902process_permitopen(struct ssh *ssh, ServerOptions *options)-
903{-
904 process_permitopen_list(ssh, sPermitOpen,-
905 options->permitted_opens, options->num_permitted_opens);-
906 process_permitopen_list(ssh, sPermitListen,-
907 options->permitted_listens,-
908 options->num_permitted_listens);-
909}
never executed: end of block
0
910-
911struct connection_info *-
912get_connection_info(int populate, int use_dns)-
913{-
914 struct ssh *ssh = active_state; /* XXX */-
915 static struct connection_info ci;-
916-
917 if (!populate)
!populateDescription
TRUEnever evaluated
FALSEnever evaluated
0
918 return &ci;
never executed: return &ci;
0
919 ci.host = auth_get_canonical_hostname(ssh, use_dns);-
920 ci.address = ssh_remote_ipaddr(ssh);-
921 ci.laddress = ssh_local_ipaddr(ssh);-
922 ci.lport = ssh_local_port(ssh);-
923 ci.rdomain = ssh_packet_rdomain_in(ssh);-
924 return &ci;
never executed: return &ci;
0
925}-
926-
927/*-
928 * The strategy for the Match blocks is that the config file is parsed twice.-
929 *-
930 * The first time is at startup. activep is initialized to 1 and the-
931 * directives in the global context are processed and acted on. Hitting a-
932 * Match directive unsets activep and the directives inside the block are-
933 * checked for syntax only.-
934 *-
935 * The second time is after a connection has been established but before-
936 * authentication. activep is initialized to 2 and global config directives-
937 * are ignored since they have already been processed. If the criteria in a-
938 * Match block is met, activep is set and the subsequent directives-
939 * processed and actioned until EOF or another Match block unsets it. Any-
940 * options set are copied into the main server config.-
941 *-
942 * Potential additions/improvements:-
943 * - Add Match support for pre-kex directives, eg. Ciphers.-
944 *-
945 * - Add a Tag directive (idea from David Leonard) ala pf, eg:-
946 * Match Address 192.168.0.*-
947 * Tag trusted-
948 * Match Group wheel-
949 * Tag trusted-
950 * Match Tag trusted-
951 * AllowTcpForwarding yes-
952 * GatewayPorts clientspecified-
953 * [...]-
954 *-
955 * - Add a PermittedChannelRequests directive-
956 * Match Group shell-
957 * PermittedChannelRequests session,forwarded-tcpip-
958 */-
959-
960static int-
961match_cfg_line_group(const char *grps, int line, const char *user)-
962{-
963 int result = 0;-
964 struct passwd *pw;-
965-
966 if (user == NULL)
user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
967 goto out;
never executed: goto out;
0
968-
969 if ((pw = getpwnam(user)) == NULL) {
(pw = getpwnam...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
970 debug("Can't match group at line %d because user %.100s does "-
971 "not exist", line, user);-
972 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
never executed: end of block
ga_init(pw->pw...->pw_gid) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
973 debug("Can't Match group because user %.100s not in any group "-
974 "at line %d", user, line);-
975 } else if (ga_match_pattern_list(grps) != 1) {
never executed: end of block
ga_match_patte...ist(grps) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
976 debug("user %.100s does not match group list %.100s at line %d",-
977 user, grps, line);-
978 } else {
never executed: end of block
0
979 debug("user %.100s matched group list %.100s at line %d", user,-
980 grps, line);-
981 result = 1;-
982 }
never executed: end of block
0
983out:
code before this statement never executed: out:
0
984 ga_free();-
985 return result;
never executed: return result;
0
986}-
987-
988static void-
989match_test_missing_fatal(const char *criteria, const char *attrib)-
990{-
991 fatal("'Match %s' in configuration but '%s' not in connection "-
992 "test specification.", criteria, attrib);-
993}
never executed: end of block
0
994-
995/*-
996 * All of the attributes on a single Match line are ANDed together, so we need-
997 * to check every attribute and set the result to zero if any attribute does-
998 * not match.-
999 */-
1000static int-
1001match_cfg_line(char **condition, int line, struct connection_info *ci)-
1002{-
1003 int result = 1, attributes = 0, port;-
1004 char *arg, *attrib, *cp = *condition;-
1005-
1006 if (ci == NULL)
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1007 debug3("checking syntax for 'Match %s'", cp);
never executed: debug3("checking syntax for 'Match %s'", cp);
0
1008 else-
1009 debug3("checking match for '%s' user %s host %s addr %s "
never executed: debug3("checking match for '%s' user %s host %s addr %s " "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", ci->host ? ci->host : "(null)", ci->address ? ci->address : "(null)", ci->laddress ? ci->laddress : "(null)", ci->lport);
0
1010 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
never executed: debug3("checking match for '%s' user %s host %s addr %s " "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", ci->host ? ci->host : "(null)", ci->address ? ci->address : "(null)", ci->laddress ? ci->laddress : "(null)", ci->lport);
0
1011 ci->host ? ci->host : "(null)",
never executed: debug3("checking match for '%s' user %s host %s addr %s " "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", ci->host ? ci->host : "(null)", ci->address ? ci->address : "(null)", ci->laddress ? ci->laddress : "(null)", ci->lport);
0
1012 ci->address ? ci->address : "(null)",
never executed: debug3("checking match for '%s' user %s host %s addr %s " "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", ci->host ? ci->host : "(null)", ci->address ? ci->address : "(null)", ci->laddress ? ci->laddress : "(null)", ci->lport);
0
1013 ci->laddress ? ci->laddress : "(null)", ci->lport);
never executed: debug3("checking match for '%s' user %s host %s addr %s " "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", ci->host ? ci->host : "(null)", ci->address ? ci->address : "(null)", ci->laddress ? ci->laddress : "(null)", ci->lport);
0
1014-
1015 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
(attrib = strdelim(&cp))Description
TRUEnever evaluated
FALSEnever evaluated
*attrib != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1016 attributes++;-
1017 if (strcasecmp(attrib, "all") == 0) {
strcasecmp(attrib, "all") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1018 if (attributes != 1 ||
attributes != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1019 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
(arg = strdeli...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*arg != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1020 error("'all' cannot be combined with other "-
1021 "Match attributes");-
1022 return -1;
never executed: return -1;
0
1023 }-
1024 *condition = cp;-
1025 return 1;
never executed: return 1;
0
1026 }-
1027 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
(arg = strdeli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1028 error("Missing Match criteria for %s", attrib);-
1029 return -1;
never executed: return -1;
0
1030 }-
1031 if (strcasecmp(attrib, "user") == 0) {
strcasecmp(att..., "user") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1032 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1033 result = 0;-
1034 continue;
never executed: continue;
0
1035 }-
1036 if (ci->user == NULL)
ci->user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1037 match_test_missing_fatal("User", "user");
never executed: match_test_missing_fatal("User", "user");
0
1038 if (match_pattern_list(ci->user, arg, 0) != 1)
match_pattern_..., arg, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1039 result = 0;
never executed: result = 0;
0
1040 else-
1041 debug("user %.100s matched 'User %.100s' at "
never executed: debug("user %.100s matched 'User %.100s' at " "line %d", ci->user, arg, line);
0
1042 "line %d", ci->user, arg, line);
never executed: debug("user %.100s matched 'User %.100s' at " "line %d", ci->user, arg, line);
0
1043 } else if (strcasecmp(attrib, "group") == 0) {
strcasecmp(att... "group") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1044 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1045 result = 0;-
1046 continue;
never executed: continue;
0
1047 }-
1048 if (ci->user == NULL)
ci->user == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1049 match_test_missing_fatal("Group", "user");
never executed: match_test_missing_fatal("Group", "user");
0
1050 switch (match_cfg_line_group(arg, line, ci->user)) {-
1051 case -1:
never executed: case -1:
0
1052 return -1;
never executed: return -1;
0
1053 case 0:
never executed: case 0:
0
1054 result = 0;-
1055 }
never executed: end of block
0
1056 } else if (strcasecmp(attrib, "host") == 0) {
never executed: end of block
strcasecmp(att..., "host") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1057 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1058 result = 0;-
1059 continue;
never executed: continue;
0
1060 }-
1061 if (ci->host == NULL)
ci->host == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1062 match_test_missing_fatal("Host", "host");
never executed: match_test_missing_fatal("Host", "host");
0
1063 if (match_hostname(ci->host, arg) != 1)
match_hostname...ost, arg) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1064 result = 0;
never executed: result = 0;
0
1065 else-
1066 debug("connection from %.100s matched 'Host "
never executed: debug("connection from %.100s matched 'Host " "%.100s' at line %d", ci->host, arg, line);
0
1067 "%.100s' at line %d", ci->host, arg, line);
never executed: debug("connection from %.100s matched 'Host " "%.100s' at line %d", ci->host, arg, line);
0
1068 } else if (strcasecmp(attrib, "address") == 0) {
strcasecmp(att...address") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1069 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1070 result = 0;-
1071 continue;
never executed: continue;
0
1072 }-
1073 if (ci->address == NULL)
ci->address == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1074 match_test_missing_fatal("Address", "addr");
never executed: match_test_missing_fatal("Address", "addr");
0
1075 switch (addr_match_list(ci->address, arg)) {-
1076 case 1:
never executed: case 1:
0
1077 debug("connection from %.100s matched 'Address "-
1078 "%.100s' at line %d", ci->address, arg, line);-
1079 break;
never executed: break;
0
1080 case 0:
never executed: case 0:
0
1081 case -1:
never executed: case -1:
0
1082 result = 0;-
1083 break;
never executed: break;
0
1084 case -2:
never executed: case -2:
0
1085 return -1;
never executed: return -1;
0
1086 }-
1087 } else if (strcasecmp(attrib, "localaddress") == 0){
never executed: end of block
strcasecmp(att...address") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1088 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1089 result = 0;-
1090 continue;
never executed: continue;
0
1091 }-
1092 if (ci->laddress == NULL)
ci->laddress == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1093 match_test_missing_fatal("LocalAddress",
never executed: match_test_missing_fatal("LocalAddress", "laddr");
0
1094 "laddr");
never executed: match_test_missing_fatal("LocalAddress", "laddr");
0
1095 switch (addr_match_list(ci->laddress, arg)) {-
1096 case 1:
never executed: case 1:
0
1097 debug("connection from %.100s matched "-
1098 "'LocalAddress %.100s' at line %d",-
1099 ci->laddress, arg, line);-
1100 break;
never executed: break;
0
1101 case 0:
never executed: case 0:
0
1102 case -1:
never executed: case -1:
0
1103 result = 0;-
1104 break;
never executed: break;
0
1105 case -2:
never executed: case -2:
0
1106 return -1;
never executed: return -1;
0
1107 }-
1108 } else if (strcasecmp(attrib, "localport") == 0) {
never executed: end of block
strcasecmp(att...calport") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1109 if ((port = a2port(arg)) == -1) {
(port = a2port(arg)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1110 error("Invalid LocalPort '%s' on Match line",-
1111 arg);-
1112 return -1;
never executed: return -1;
0
1113 }-
1114 if (ci == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1115 result = 0;-
1116 continue;
never executed: continue;
0
1117 }-
1118 if (ci->lport == 0)
ci->lport == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1119 match_test_missing_fatal("LocalPort", "lport");
never executed: match_test_missing_fatal("LocalPort", "lport");
0
1120 /* TODO support port lists */-
1121 if (port == ci->lport)
port == ci->lportDescription
TRUEnever evaluated
FALSEnever evaluated
0
1122 debug("connection from %.100s matched "
never executed: debug("connection from %.100s matched " "'LocalPort %d' at line %d", ci->laddress, port, line);
0
1123 "'LocalPort %d' at line %d",
never executed: debug("connection from %.100s matched " "'LocalPort %d' at line %d", ci->laddress, port, line);
0
1124 ci->laddress, port, line);
never executed: debug("connection from %.100s matched " "'LocalPort %d' at line %d", ci->laddress, port, line);
0
1125 else-
1126 result = 0;
never executed: result = 0;
0
1127 } else if (strcasecmp(attrib, "rdomain") == 0) {
strcasecmp(att...rdomain") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1128 if (ci == NULL || ci->rdomain == NULL) {
ci == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ci->rdomain == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1129 result = 0;-
1130 continue;
never executed: continue;
0
1131 }-
1132 if (match_pattern_list(ci->rdomain, arg, 0) != 1)
match_pattern_..., arg, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1133 result = 0;
never executed: result = 0;
0
1134 else-
1135 debug("user %.100s matched 'RDomain %.100s' at "
never executed: debug("user %.100s matched 'RDomain %.100s' at " "line %d", ci->rdomain, arg, line);
0
1136 "line %d", ci->rdomain, arg, line);
never executed: debug("user %.100s matched 'RDomain %.100s' at " "line %d", ci->rdomain, arg, line);
0
1137 } else {-
1138 error("Unsupported Match attribute %s", attrib);-
1139 return -1;
never executed: return -1;
0
1140 }-
1141 }-
1142 if (attributes == 0) {
attributes == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1143 error("One or more attributes required for Match");-
1144 return -1;
never executed: return -1;
0
1145 }-
1146 if (ci != NULL)
ci != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1147 debug3("match %sfound", result ? "" : "not ");
never executed: debug3("match %sfound", result ? "" : "not ");
0
1148 *condition = cp;-
1149 return result;
never executed: return result;
0
1150}-
1151-
1152#define WHITESPACE " \t\r\n"-
1153-
1154/* Multistate option parsing */-
1155struct multistate {-
1156 char *key;-
1157 int value;-
1158};-
1159static const struct multistate multistate_flag[] = {-
1160 { "yes", 1 },-
1161 { "no", 0 },-
1162 { NULL, -1 }-
1163};-
1164static const struct multistate multistate_addressfamily[] = {-
1165 { "inet", AF_INET },-
1166 { "inet6", AF_INET6 },-
1167 { "any", AF_UNSPEC },-
1168 { NULL, -1 }-
1169};-
1170static const struct multistate multistate_permitrootlogin[] = {-
1171 { "without-password", PERMIT_NO_PASSWD },-
1172 { "prohibit-password", PERMIT_NO_PASSWD },-
1173 { "forced-commands-only", PERMIT_FORCED_ONLY },-
1174 { "yes", PERMIT_YES },-
1175 { "no", PERMIT_NO },-
1176 { NULL, -1 }-
1177};-
1178static const struct multistate multistate_compression[] = {-
1179 { "yes", COMP_DELAYED },-
1180 { "delayed", COMP_DELAYED },-
1181 { "no", COMP_NONE },-
1182 { NULL, -1 }-
1183};-
1184static const struct multistate multistate_gatewayports[] = {-
1185 { "clientspecified", 2 },-
1186 { "yes", 1 },-
1187 { "no", 0 },-
1188 { NULL, -1 }-
1189};-
1190static const struct multistate multistate_tcpfwd[] = {-
1191 { "yes", FORWARD_ALLOW },-
1192 { "all", FORWARD_ALLOW },-
1193 { "no", FORWARD_DENY },-
1194 { "remote", FORWARD_REMOTE },-
1195 { "local", FORWARD_LOCAL },-
1196 { NULL, -1 }-
1197};-
1198-
1199int-
1200process_server_config_line(ServerOptions *options, char *line,-
1201 const char *filename, int linenum, int *activep,-
1202 struct connection_info *connectinfo)-
1203{-
1204 char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;-
1205 int cmdline = 0, *intptr, value, value2, n, port;-
1206 SyslogFacility *log_facility_ptr;-
1207 LogLevel *log_level_ptr;-
1208 ServerOpCodes opcode;-
1209 u_int i, *uintptr, uvalue, flags = 0;-
1210 size_t len;-
1211 long long val64;-
1212 const struct multistate *multistate_ptr;-
1213 const char *errstr;-
1214-
1215 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */-
1216 if ((len = strlen(line)) == 0)
(len = strlen(line)) == 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
4-25
1217 return 0;
executed 4 times by 1 test: return 0;
Executed by:
  • sshd
4
1218 for (len--; len > 0; len--) {
len > 0Description
TRUEevaluated 25 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-25
1219 if (strchr(WHITESPACE "\f", line[len]) == NULL)
(__extension__...== ((void *)0)Description
TRUEevaluated 25 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
__builtin_cons... ( line[len] )Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
!__builtin_con...\t\r\n" "\f" )Description
TRUEnever evaluated
FALSEnever evaluated
( line[len] ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0-25
1220 break;
executed 25 times by 1 test: break;
Executed by:
  • sshd
25
1221 line[len] = '\0';-
1222 }
never executed: end of block
0
1223-
1224 cp = line;-
1225 if ((arg = strdelim(&cp)) == NULL)
(arg = strdeli...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
0-25
1226 return 0;
never executed: return 0;
0
1227 /* Ignore leading whitespace */-
1228 if (*arg == '\0')
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
0-25
1229 arg = strdelim(&cp);
never executed: arg = strdelim(&cp);
0
1230 if (!arg || !*arg || *arg == '#')
!argDescription
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
!*argDescription
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
*arg == '#'Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
0-25
1231 return 0;
never executed: return 0;
0
1232 intptr = NULL;-
1233 charptr = NULL;-
1234 opcode = parse_token(arg, filename, linenum, &flags);-
1235-
1236 if (activep == NULL) { /* We are processing a command line directive */
activep == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
0-25
1237 cmdline = 1;-
1238 activep = &cmdline;-
1239 }
never executed: end of block
0
1240 if (*activep && opcode != sMatch)
*activepDescription
TRUEevaluated 25 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
opcode != sMatchDescription
TRUEevaluated 25 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-25
1241 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
executed 25 times by 1 test: debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
Executed by:
  • sshd
25
1242 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
*activep == 0Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • sshd
!(flags & 0x02)Description
TRUEnever evaluated
FALSEnever evaluated
0-25
1243 if (connectinfo == NULL) {
connectinfo == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1244 fatal("%s line %d: Directive '%s' is not allowed "-
1245 "within a Match block", filename, linenum, arg);-
1246 } else { /* this is a directive we have already processed */
never executed: end of block
0
1247 while (arg)
argDescription
TRUEnever evaluated
FALSEnever evaluated
0
1248 arg = strdelim(&cp);
never executed: arg = strdelim(&cp);
0
1249 return 0;
never executed: return 0;
0
1250 }-
1251 }-
1252-
1253 switch (opcode) {-
1254 /* Portable-specific options */-
1255 case sUsePAM:
never executed: case sUsePAM:
0
1256 intptr = &options->use_pam;-
1257 goto parse_flag;
never executed: goto parse_flag;
0
1258-
1259 /* Standard Options */-
1260 case sBadOption:
never executed: case sBadOption:
0
1261 return -1;
never executed: return -1;
0
1262 case sPort:
executed 2 times by 1 test: case sPort:
Executed by:
  • sshd
2
1263 /* ignore ports from configfile if cmdline specifies ports */-
1264 if (options->ports_from_cmdline)
options->ports_from_cmdlineDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1265 return 0;
never executed: return 0;
0
1266 if (options->num_ports >= MAX_PORTS)
options->num_ports >= 256Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1267 fatal("%s line %d: too many ports.",
never executed: fatal("%s line %d: too many ports.", filename, linenum);
0
1268 filename, linenum);
never executed: fatal("%s line %d: too many ports.", filename, linenum);
0
1269 arg = strdelim(&cp);-
1270 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1271 fatal("%s line %d: missing port number.",
never executed: fatal("%s line %d: missing port number.", filename, linenum);
0
1272 filename, linenum);
never executed: fatal("%s line %d: missing port number.", filename, linenum);
0
1273 options->ports[options->num_ports++] = a2port(arg);-
1274 if (options->ports[options->num_ports-1] <= 0)
options->ports..._ports-1] <= 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1275 fatal("%s line %d: Badly formatted port number.",
never executed: fatal("%s line %d: Badly formatted port number.", filename, linenum);
0
1276 filename, linenum);
never executed: fatal("%s line %d: Badly formatted port number.", filename, linenum);
0
1277 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1278-
1279 case sLoginGraceTime:
never executed: case sLoginGraceTime:
0
1280 intptr = &options->login_grace_time;-
1281 parse_time:
code before this statement never executed: parse_time:
0
1282 arg = strdelim(&cp);-
1283 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1284 fatal("%s line %d: missing time value.",
never executed: fatal("%s line %d: missing time value.", filename, linenum);
0
1285 filename, linenum);
never executed: fatal("%s line %d: missing time value.", filename, linenum);
0
1286 if ((value = convtime(arg)) == -1)
(value = convtime(arg)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1287 fatal("%s line %d: invalid time value.",
never executed: fatal("%s line %d: invalid time value.", filename, linenum);
0
1288 filename, linenum);
never executed: fatal("%s line %d: invalid time value.", filename, linenum);
0
1289 if (*activep && *intptr == -1)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
*intptr == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1290 *intptr = value;
never executed: *intptr = value;
0
1291 break;
never executed: break;
0
1292-
1293 case sListenAddress:
executed 2 times by 1 test: case sListenAddress:
Executed by:
  • sshd
2
1294 arg = strdelim(&cp);-
1295 if (arg == NULL || *arg == '\0')
arg == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1296 fatal("%s line %d: missing address",
never executed: fatal("%s line %d: missing address", filename, linenum);
0
1297 filename, linenum);
never executed: fatal("%s line %d: missing address", filename, linenum);
0
1298 /* check for bare IPv6 address: no "[]" and 2 or more ":" */-
1299 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
(__extension__...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
__builtin_constant_p ( '[' )Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
!__builtin_constant_p ( arg )Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
( '[' ) == '\0'Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
(p = (__extens...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
__builtin_constant_p ( ':' )Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
!__builtin_constant_p ( arg )Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1300 && strchr(p+1, ':') != NULL) {
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( p+1 )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1301 port = 0;-
1302 p = arg;-
1303 } else {
never executed: end of block
0
1304 p = hpdelim(&arg);-
1305 if (p == NULL)
p == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1306 fatal("%s line %d: bad address:port usage",
never executed: fatal("%s line %d: bad address:port usage", filename, linenum);
0
1307 filename, linenum);
never executed: fatal("%s line %d: bad address:port usage", filename, linenum);
0
1308 p = cleanhostname(p);-
1309 if (arg == NULL)
arg == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1310 port = 0;
executed 2 times by 1 test: port = 0;
Executed by:
  • sshd
2
1311 else if ((port = a2port(arg)) <= 0)
(port = a2port(arg)) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1312 fatal("%s line %d: bad port number",
never executed: fatal("%s line %d: bad port number", filename, linenum);
0
1313 filename, linenum);
never executed: fatal("%s line %d: bad port number", filename, linenum);
0
1314 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
1315 /* Optional routing table */-
1316 arg2 = NULL;-
1317 if ((arg = strdelim(&cp)) != NULL) {
(arg = strdeli...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1318 if (strcmp(arg, "rdomain") != 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( arg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "rdomain" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1319 (arg2 = strdelim(&cp)) == NULL)
(arg2 = strdel...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1320 fatal("%s line %d: bad ListenAddress syntax",
never executed: fatal("%s line %d: bad ListenAddress syntax", filename, linenum);
0
1321 filename, linenum);
never executed: fatal("%s line %d: bad ListenAddress syntax", filename, linenum);
0
1322 if (!valid_rdomain(arg2))
!valid_rdomain(arg2)Description
TRUEnever evaluated
FALSEnever evaluated
0
1323 fatal("%s line %d: bad routing domain",
never executed: fatal("%s line %d: bad routing domain", filename, linenum);
0
1324 filename, linenum);
never executed: fatal("%s line %d: bad routing domain", filename, linenum);
0
1325 }
never executed: end of block
0
1326-
1327 queue_listen_addr(options, p, arg2, port);-
1328-
1329 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1330-
1331 case sAddressFamily:
executed 2 times by 1 test: case sAddressFamily:
Executed by:
  • sshd
2
1332 intptr = &options->address_family;-
1333 multistate_ptr = multistate_addressfamily;-
1334 parse_multistate:
code before this statement executed 2 times by 1 test: parse_multistate:
Executed by:
  • sshd
2
1335 arg = strdelim(&cp);-
1336 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • sshd
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • sshd
0-5
1337 fatal("%s line %d: missing argument.",
never executed: fatal("%s line %d: missing argument.", filename, linenum);
0
1338 filename, linenum);
never executed: fatal("%s line %d: missing argument.", filename, linenum);
0
1339 value = -1;-
1340 for (i = 0; multistate_ptr[i].key != NULL; i++) {
multistate_ptr...!= ((void *)0)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-8
1341 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
strcasecmp(arg...r[i].key) == 0Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 3 times by 1 test
Evaluated by:
  • sshd
3-5
1342 value = multistate_ptr[i].value;-
1343 break;
executed 5 times by 1 test: break;
Executed by:
  • sshd
5
1344 }-
1345 }
executed 3 times by 1 test: end of block
Executed by:
  • sshd
3
1346 if (value == -1)
value == -1Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • sshd
0-5
1347 fatal("%s line %d: unsupported option \"%s\".",
never executed: fatal("%s line %d: unsupported option \"%s\".", filename, linenum, arg);
0
1348 filename, linenum, arg);
never executed: fatal("%s line %d: unsupported option \"%s\".", filename, linenum, arg);
0
1349 if (*activep && *intptr == -1)
*activepDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
*intptr == -1Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 1 time by 1 test
Evaluated by:
  • sshd
0-5
1350 *intptr = value;
executed 4 times by 1 test: *intptr = value;
Executed by:
  • sshd
4
1351 break;
executed 5 times by 1 test: break;
Executed by:
  • sshd
5
1352-
1353 case sHostKeyFile:
executed 4 times by 1 test: case sHostKeyFile:
Executed by:
  • sshd
4
1354 arg = strdelim(&cp);-
1355 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
1356 fatal("%s line %d: missing file name.",
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1357 filename, linenum);
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1358 if (*activep)
*activepDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-4
1359 servconf_add_hostkey(filename, linenum, options, arg);
executed 4 times by 1 test: servconf_add_hostkey(filename, linenum, options, arg);
Executed by:
  • sshd
4
1360 break;
executed 4 times by 1 test: break;
Executed by:
  • sshd
4
1361-
1362 case sHostKeyAgent:
never executed: case sHostKeyAgent:
0
1363 charptr = &options->host_key_agent;-
1364 arg = strdelim(&cp);-
1365 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1366 fatal("%s line %d: missing socket name.",
never executed: fatal("%s line %d: missing socket name.", filename, linenum);
0
1367 filename, linenum);
never executed: fatal("%s line %d: missing socket name.", filename, linenum);
0
1368 if (*activep && *charptr == NULL)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
*charptr == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
never executed: *charptr = ! __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ( arg ) && __builtin_constant_p ( "SSH_AUTH_SOCK" ) && (__s1_len = __builtin_strlen ( arg ), __s2_len = __builtin_strlen ( "SSH_AUTH_SOCK" ), (!((size_t)(const void *)(( arg ) ...K" ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( arg , "SSH_AUTH_SOCK" )))); }) ? xstrdup(arg) : derelativise_path(arg);
never executed: __result = (((const unsigned char *) (const char *) ( arg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1370 xstrdup(arg) : derelativise_path(arg);
never executed: *charptr = ! __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ( arg ) && __builtin_constant_p ( "SSH_AUTH_SOCK" ) && (__s1_len = __builtin_strlen ( arg ), __s2_len = __builtin_strlen ( "SSH_AUTH_SOCK" ), (!((size_t)(const void *)(( arg ) ...K" ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( arg , "SSH_AUTH_SOCK" )))); }) ? xstrdup(arg) : derelativise_path(arg);
0
1371 break;
never executed: break;
0
1372-
1373 case sHostCertificate:
never executed: case sHostCertificate:
0
1374 arg = strdelim(&cp);-
1375 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1376 fatal("%s line %d: missing file name.",
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1377 filename, linenum);
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1378 if (*activep)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
0
1379 servconf_add_hostcert(filename, linenum, options, arg);
never executed: servconf_add_hostcert(filename, linenum, options, arg);
0
1380 break;
never executed: break;
0
1381-
1382 case sPidFile:
executed 2 times by 1 test: case sPidFile:
Executed by:
  • sshd
2
1383 charptr = &options->pid_file;-
1384 parse_filename:
code before this statement executed 2 times by 1 test: parse_filename:
Executed by:
  • sshd
2
1385 arg = strdelim(&cp);-
1386 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
*arg == '\0'Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1387 fatal("%s line %d: missing file name.",
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1388 filename, linenum);
never executed: fatal("%s line %d: missing file name.", filename, linenum);
0
1389 if (*activep && *charptr == NULL) {
*activepDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
*charptr == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1390 *charptr = derelativise_path(arg);-
1391 /* increase optional counter */-
1392 if (intptr != NULL)
intptr != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1393 *intptr = *intptr + 1;
never executed: *intptr = *intptr + 1;
0
1394 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
1395 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1396-
1397 case sPermitRootLogin:
never executed: case sPermitRootLogin:
0
1398 intptr = &options->permit_root_login;-
1399 multistate_ptr = multistate_permitrootlogin;-
1400 goto parse_multistate;
never executed: goto parse_multistate;
0
1401-
1402 case sIgnoreRhosts:
never executed: case sIgnoreRhosts:
0
1403 intptr = &options->ignore_rhosts;-
1404 parse_flag:
code before this statement never executed: parse_flag:
0
1405 multistate_ptr = multistate_flag;-
1406 goto parse_multistate;
executed 3 times by 1 test: goto parse_multistate;
Executed by:
  • sshd
3
1407-
1408 case sIgnoreUserKnownHosts:
never executed: case sIgnoreUserKnownHosts:
0
1409 intptr = &options->ignore_user_known_hosts;-
1410 goto parse_flag;
never executed: goto parse_flag;
0
1411-
1412 case sHostbasedAuthentication:
never executed: case sHostbasedAuthentication:
0
1413 intptr = &options->hostbased_authentication;-
1414 goto parse_flag;
never executed: goto parse_flag;
0
1415-
1416 case sHostbasedUsesNameFromPacketOnly:
never executed: case sHostbasedUsesNameFromPacketOnly:
0
1417 intptr = &options->hostbased_uses_name_from_packet_only;-
1418 goto parse_flag;
never executed: goto parse_flag;
0
1419-
1420 case sHostbasedAcceptedKeyTypes:
never executed: case sHostbasedAcceptedKeyTypes:
0
1421 charptr = &options->hostbased_key_types;-
1422 parse_keytypes:
code before this statement never executed: parse_keytypes:
0
1423 arg = strdelim(&cp);-
1424 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1425 fatal("%s line %d: Missing argument.",
never executed: fatal("%s line %d: Missing argument.", filename, linenum);
0
1426 filename, linenum);
never executed: fatal("%s line %d: Missing argument.", filename, linenum);
0
1427 if (*arg != '-' &&
*arg != '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
1428 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
!sshkey_names_... + 1 : arg, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
1429 fatal("%s line %d: Bad key types '%s'.",
never executed: fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>");
0
1430 filename, linenum, arg ? arg : "<NONE>");
never executed: fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>");
0
1431 if (*activep && *charptr == NULL)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
*charptr == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1432 *charptr = xstrdup(arg);
never executed: *charptr = xstrdup(arg);
0
1433 break;
never executed: break;
0
1434-
1435 case sHostKeyAlgorithms:
never executed: case sHostKeyAlgorithms:
0
1436 charptr = &options->hostkeyalgorithms;-
1437 goto parse_keytypes;
never executed: goto parse_keytypes;
0
1438-
1439 case sCASignatureAlgorithms:
never executed: case sCASignatureAlgorithms:
0
1440 charptr = &options->ca_sign_algorithms;-
1441 goto parse_keytypes;
never executed: goto parse_keytypes;
0
1442-
1443 case sPubkeyAuthentication:
never executed: case sPubkeyAuthentication:
0
1444 intptr = &options->pubkey_authentication;-
1445 goto parse_flag;
never executed: goto parse_flag;
0
1446-
1447 case sPubkeyAcceptedKeyTypes:
never executed: case sPubkeyAcceptedKeyTypes:
0
1448 charptr = &options->pubkey_key_types;-
1449 goto parse_keytypes;
never executed: goto parse_keytypes;
0
1450-
1451 case sKerberosAuthentication:
never executed: case sKerberosAuthentication:
0
1452 intptr = &options->kerberos_authentication;-
1453 goto parse_flag;
never executed: goto parse_flag;
0
1454-
1455 case sKerberosOrLocalPasswd:
never executed: case sKerberosOrLocalPasswd:
0
1456 intptr = &options->kerberos_or_local_passwd;-
1457 goto parse_flag;
never executed: goto parse_flag;
0
1458-
1459 case sKerberosTicketCleanup:
never executed: case sKerberosTicketCleanup:
0
1460 intptr = &options->kerberos_ticket_cleanup;-
1461 goto parse_flag;
never executed: goto parse_flag;
0
1462-
1463 case sKerberosGetAFSToken:
never executed: case sKerberosGetAFSToken:
0
1464 intptr = &options->kerberos_get_afs_token;-
1465 goto parse_flag;
never executed: goto parse_flag;
0
1466-
1467 case sGssAuthentication:
never executed: case sGssAuthentication:
0
1468 intptr = &options->gss_authentication;-
1469 goto parse_flag;
never executed: goto parse_flag;
0
1470-
1471 case sGssCleanupCreds:
never executed: case sGssCleanupCreds:
0
1472 intptr = &options->gss_cleanup_creds;-
1473 goto parse_flag;
never executed: goto parse_flag;
0
1474-
1475 case sGssStrictAcceptor:
never executed: case sGssStrictAcceptor:
0
1476 intptr = &options->gss_strict_acceptor;-
1477 goto parse_flag;
never executed: goto parse_flag;
0
1478-
1479 case sPasswordAuthentication:
never executed: case sPasswordAuthentication:
0
1480 intptr = &options->password_authentication;-
1481 goto parse_flag;
never executed: goto parse_flag;
0
1482-
1483 case sKbdInteractiveAuthentication:
never executed: case sKbdInteractiveAuthentication:
0
1484 intptr = &options->kbd_interactive_authentication;-
1485 goto parse_flag;
never executed: goto parse_flag;
0
1486-
1487 case sChallengeResponseAuthentication:
never executed: case sChallengeResponseAuthentication:
0
1488 intptr = &options->challenge_response_authentication;-
1489 goto parse_flag;
never executed: goto parse_flag;
0
1490-
1491 case sPrintMotd:
never executed: case sPrintMotd:
0
1492 intptr = &options->print_motd;-
1493 goto parse_flag;
never executed: goto parse_flag;
0
1494-
1495 case sPrintLastLog:
never executed: case sPrintLastLog:
0
1496 intptr = &options->print_lastlog;-
1497 goto parse_flag;
never executed: goto parse_flag;
0
1498-
1499 case sX11Forwarding:
never executed: case sX11Forwarding:
0
1500 intptr = &options->x11_forwarding;-
1501 goto parse_flag;
never executed: goto parse_flag;
0
1502-
1503 case sX11DisplayOffset:
never executed: case sX11DisplayOffset:
0
1504 intptr = &options->x11_display_offset;-
1505 parse_int:
code before this statement never executed: parse_int:
0
1506 arg = strdelim(&cp);-
1507 if ((errstr = atoi_err(arg, &value)) != NULL)
(errstr = atoi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1508 fatal("%s line %d: integer value %s.",
never executed: fatal("%s line %d: integer value %s.", filename, linenum, errstr);
0
1509 filename, linenum, errstr);
never executed: fatal("%s line %d: integer value %s.", filename, linenum, errstr);
0
1510 if (*activep && *intptr == -1)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
*intptr == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1511 *intptr = value;
never executed: *intptr = value;
0
1512 break;
never executed: break;
0
1513-
1514 case sX11UseLocalhost:
never executed: case sX11UseLocalhost:
0
1515 intptr = &options->x11_use_localhost;-
1516 goto parse_flag;
never executed: goto parse_flag;
0
1517-
1518 case sXAuthLocation:
never executed: case sXAuthLocation:
0
1519 charptr = &options->xauth_location;-
1520 goto parse_filename;
never executed: goto parse_filename;
0
1521-
1522 case sPermitTTY:
never executed: case sPermitTTY:
0
1523 intptr = &options->permit_tty;-
1524 goto parse_flag;
never executed: goto parse_flag;
0
1525-
1526 case sPermitUserRC:
never executed: case sPermitUserRC:
0
1527 intptr = &options->permit_user_rc;-
1528 goto parse_flag;
never executed: goto parse_flag;
0
1529-
1530 case sStrictModes:
executed 3 times by 1 test: case sStrictModes:
Executed by:
  • sshd
3
1531 intptr = &options->strict_modes;-
1532 goto parse_flag;
executed 3 times by 1 test: goto parse_flag;
Executed by:
  • sshd
3
1533-
1534 case sTCPKeepAlive:
never executed: case sTCPKeepAlive:
0
1535 intptr = &options->tcp_keep_alive;-
1536 goto parse_flag;
never executed: goto parse_flag;
0
1537-
1538 case sEmptyPasswd:
never executed: case sEmptyPasswd:
0
1539 intptr = &options->permit_empty_passwd;-
1540 goto parse_flag;
never executed: goto parse_flag;
0
1541-
1542 case sPermitUserEnvironment:
never executed: case sPermitUserEnvironment:
0
1543 intptr = &options->permit_user_env;-
1544 charptr = &options->permit_user_env_whitelist;-
1545 arg = strdelim(&cp);-
1546 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1547 fatal("%s line %d: missing argument.",
never executed: fatal("%s line %d: missing argument.", filename, linenum);
0
1548 filename, linenum);
never executed: fatal("%s line %d: missing argument.", filename, linenum);
0
1549 value = 0;-
1550 p = NULL;-
1551 if (strcmp(arg, "yes") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( arg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "yes" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1552 value = 1;
never executed: value = 1;
0
1553 else if (strcmp(arg, "no") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( arg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "no" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1554 value = 0;
never executed: value = 0;
0
1555 else {-
1556 /* Pattern-list specified */-
1557 value = 1;-
1558 p = xstrdup(arg);-
1559 }
never executed: end of block
0
1560 if (*activep && *intptr == -1) {
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
*intptr == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1561 *intptr = value;-
1562 *charptr = p;-
1563 p = NULL;-
1564 }
never executed: end of block
0
1565 free(p);-
1566 break;
never executed: break;
0
1567-
1568 case sCompression:
never executed: case sCompression:
0
1569 intptr = &options->compression;-
1570 multistate_ptr = multistate_compression;-
1571 goto parse_multistate;
never executed: goto parse_multistate;
0
1572-
1573 case sRekeyLimit:
never executed: case sRekeyLimit:
0
1574 arg = strdelim(&cp);-
1575 if (!arg || *arg == '\0')
!argDescription
TRUEnever evaluated
FALSEnever evaluated
*arg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1576 fatal("%.200s line %d: Missing argument.", filename,
never executed: fatal("%.200s line %d: Missing argument.", filename, linenum);
0
1577 linenum);
never executed: fatal("%.200s line %d: Missing argument.", filename, linenum);
0
1578 if (strcmp(arg, "default") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( arg ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "default" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1579 val64 = 0;-
1580 } else {
never executed: end of block
0
1581 if (scan_scaled(arg, &val64) == -1)
scan_scaled(arg, &val64) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1582 fatal("%.200s line %d: Bad number '%s': %s",
never executed: fatal("%.200s line %d: Bad number '%s': %s", filename, linenum, arg, strerror( (*__errno_location ()) ));
0
1583 filename, linenum, arg, strerror(errno));
never executed: fatal("%.200s line %d: Bad number '%s': %s", filename, linenum, arg, strerror( (*__errno_location ()) ));
0
1584 if (val64 != 0 && val64 < 16)
val64 != 0Description
TRUEnever evaluated
FALSEnever evaluated
val64 < 16Description
TRUEnever evaluated
FALSEnever evaluated
0
1585 fatal("%.200s line %d: RekeyLimit too small",
never executed: fatal("%.200s line %d: RekeyLimit too small", filename, linenum);
0
1586 filename, linenum);
never executed: fatal("%.200s line %d: RekeyLimit too small", filename, linenum);
0
1587 }
never executed: end of block
0
1588 if (*activep && options->rekey_limit == -1)
*activepDescription
TRUEnever evaluated
FALSEnever evaluated
options->rekey_limit == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1589 options->rekey_limit = val64;
never executed: options->rekey_limit = val64;
0
1590 if (cp != NULL) { /* optional rekey interval present */
cp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1591 if (strcmp(cp, "none") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1592 (void)strdelim(&cp); /* discard */-
1593 break;
never executed: break;
0
1594 }-
1595 intptr = &options->rekey_interval;-
1596 goto parse_time;
never executed: goto parse_time;
0
1597 }-
1598 break;
never executed: break;
0
1599-
1600 case sGatewayPorts:
never executed: case sGatewayPorts:
0
1601 intptr = &options->fwd_opts.gateway_ports;-
1602 multistate_ptr = multistate_gatewayports;-
1603 goto parse_multistate;
never executed: goto parse_multistate;
0
1604-
1605 case sUseDNS:
never executed: case sUseDNS:
0
1606 intptr = &options->use_dns;-
1607 goto parse_flag;
never executed: goto parse_flag;
0
1608-
1609 case sLogFacility:
never executed: case sLogFacility:
0
1610 log_facility_ptr = &options->log_facility;-
1611 arg = strdelim(&cp);-
1612 value = log_facility_number(arg);-
1613 if (value == SYSLOG_FACILITY_NOT_SET)
value == SYSLO...CILITY_NOT_SETDescription
TRUEnever evaluated
FALSEnever evaluated
0
1614 fatal("%.200s line %d: unsupported log facility '%s'",
never executed: fatal("%.200s line %d: unsupported log facility '%s'", filename, linenum, arg ? arg : "<NONE>");
0
1615 filename, linenum, arg ? arg : "<NONE>");
never executed: fatal("%.200s line %d: unsupported log facility '%s'", filename, linenum, arg ? arg : "<NONE>");
0
1616 if (*log_facility_ptr == -1)
*log_facility_ptr == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1617 *log_facility_ptr = (SyslogFacility) value;
never executed: *log_facility_ptr = (SyslogFacility) value;
0
1618 break;
never executed: break;
0
1619-
1620 case sLogLevel:
executed 2 times by 1 test: case sLogLevel:
Executed by:
  • sshd
2
1621 log_level_ptr = &options->log_level;-
1622 arg = strdelim(&cp);-
1623 value = log_level_number(arg);-
1624 if (value == SYSLOG_LEVEL_NOT_SET)
value == SYSLOG_LEVEL_NOT_SETDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1625 fatal("%.200s line %d: unsupported log level '%s'",
never executed: fatal("%.200s line %d: unsupported log level '%s'", filename, linenum, arg ? arg : "<NONE>");
0
1626 filename, linenum, arg ? arg : "<NONE>");
never executed: fatal("%.200s line %d: unsupported log level '%s'", filename, linenum, arg ? arg : "<NONE>");
0
1627 if (*activep && *log_level_ptr == -1)
*activepDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
*log_level_ptr == -1Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1628 *log_level_ptr = (LogLevel) value;
executed 2 times by 1 test: *log_level_ptr = (LogLevel) value;
Executed by:
  • sshd
2
1629 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1630-
1631 case sAllowTcpForwarding:
never executed: case sAllowTcpForwarding:
0
1632 intptr = &options->allow_tcp_forwarding;-
1633 multistate_ptr = multistate_tcpfwd;-
1634 goto parse_multistate;
never executed: goto parse_multistate;
0
1635-
1636 case sAllowStreamLocalForwarding:
never executed: case sAllowStreamLocalForwarding:
0
1637 intptr = &options->allow_streamlocal_forwarding;-
1638 multistate_ptr = multistate_tcpfwd;-
1639 goto parse_multistate;
never executed: goto parse_multistate;
0
1640-
1641 case sAllowAgentForwarding:
never executed: case sAllowAgentForwarding:
0
1642 intptr = &options->allow_agent_forwarding;-
1643 goto parse_flag;