authfile.c revision 295367 
1/* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */
2/*
3 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27
28#include <sys/types.h>
29#include <sys/stat.h>
30#include <sys/uio.h>
31
32#include <errno.h>
33#include <fcntl.h>
34#include <stdio.h>
35#include <stdarg.h>
36#include <stdlib.h>
37#include <string.h>
38#include <unistd.h>
39#include <limits.h>
40
41#include "cipher.h"
42#include "ssh.h"
43#include "log.h"
44#include "authfile.h"
45#include "rsa.h"
46#include "misc.h"
47#include "atomicio.h"
48#include "sshkey.h"
49#include "sshbuf.h"
50#include "ssherr.h"
51#include "krl.h"
52
53#define MAX_KEY_FILE_SIZE	(1024 * 1024)
54
55/* Save a key blob to a file */
56static int
57sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
58{
59	int fd, oerrno;
60
61	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
62		return SSH_ERR_SYSTEM_ERROR;
63	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
64	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
65		oerrno = errno;
66		close(fd);
67		unlink(filename);
68		errno = oerrno;
69		return SSH_ERR_SYSTEM_ERROR;
70	}
71	close(fd);
72	return 0;
73}
74
75int
76sshkey_save_private(struct sshkey *key, const char *filename,
77    const char *passphrase, const char *comment,
78    int force_new_format, const char *new_format_cipher, int new_format_rounds)
79{
80	struct sshbuf *keyblob = NULL;
81	int r;
82
83	if ((keyblob = sshbuf_new()) == NULL)
84		return SSH_ERR_ALLOC_FAIL;
85	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
86	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
87		goto out;
88	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
89		goto out;
90	r = 0;
91 out:
92	sshbuf_free(keyblob);
93	return r;
94}
95
96/* Load a key from a fd into a buffer */
97int
98sshkey_load_file(int fd, struct sshbuf *blob)
99{
100	u_char buf[1024];
101	size_t len;
102	struct stat st;
103	int r;
104
105	if (fstat(fd, &st) < 0)
106		return SSH_ERR_SYSTEM_ERROR;
107	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108	    st.st_size > MAX_KEY_FILE_SIZE)
109		return SSH_ERR_INVALID_FORMAT;
110	for (;;) {
111		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
112			if (errno == EPIPE)
113				break;
114			r = SSH_ERR_SYSTEM_ERROR;
115			goto out;
116		}
117		if ((r = sshbuf_put(blob, buf, len)) != 0)
118			goto out;
119		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
120			r = SSH_ERR_INVALID_FORMAT;
121			goto out;
122		}
123	}
124	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
125	    st.st_size != (off_t)sshbuf_len(blob)) {
126		r = SSH_ERR_FILE_CHANGED;
127		goto out;
128	}
129	r = 0;
130
131 out:
132	explicit_bzero(buf, sizeof(buf));
133	if (r != 0)
134		sshbuf_reset(blob);
135	return r;
136}
137
138#ifdef WITH_SSH1
139/*
140 * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
141 * encountered (the file does not exist or is not readable), and the key
142 * otherwise.
143 */
144static int
145sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
146{
147	struct sshbuf *b = NULL;
148	int r;
149
150	*keyp = NULL;
151	if (commentp != NULL)
152		*commentp = NULL;
153
154	if ((b = sshbuf_new()) == NULL)
155		return SSH_ERR_ALLOC_FAIL;
156	if ((r = sshkey_load_file(fd, b)) != 0)
157		goto out;
158	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
159		goto out;
160	r = 0;
161 out:
162	sshbuf_free(b);
163	return r;
164}
165#endif /* WITH_SSH1 */
166
167/* XXX remove error() calls from here? */
168int
169sshkey_perm_ok(int fd, const char *filename)
170{
171	struct stat st;
172
173	if (fstat(fd, &st) < 0)
174		return SSH_ERR_SYSTEM_ERROR;
175	/*
176	 * if a key owned by the user is accessed, then we check the
177	 * permissions of the file. if the key owned by a different user,
178	 * then we don't care.
179	 */
180#ifdef HAVE_CYGWIN
181	if (check_ntsec(filename))
182#endif
183	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
184		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
185		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
186		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
187		error("Permissions 0%3.3o for '%s' are too open.",
188		    (u_int)st.st_mode & 0777, filename);
189		error("It is required that your private key files are NOT accessible by others.");
190		error("This private key will be ignored.");
191		return SSH_ERR_KEY_BAD_PERMISSIONS;
192	}
193	return 0;
194}
195
196/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
197int
198sshkey_load_private_type(int type, const char *filename, const char *passphrase,
199    struct sshkey **keyp, char **commentp, int *perm_ok)
200{
201	int fd, r;
202
203	*keyp = NULL;
204	if (commentp != NULL)
205		*commentp = NULL;
206
207	if ((fd = open(filename, O_RDONLY)) < 0) {
208		if (perm_ok != NULL)
209			*perm_ok = 0;
210		return SSH_ERR_SYSTEM_ERROR;
211	}
212	if (sshkey_perm_ok(fd, filename) != 0) {
213		if (perm_ok != NULL)
214			*perm_ok = 0;
215		r = SSH_ERR_KEY_BAD_PERMISSIONS;
216		goto out;
217	}
218	if (perm_ok != NULL)
219		*perm_ok = 1;
220
221	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
222 out:
223	close(fd);
224	return r;
225}
226
227int
228sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
229    struct sshkey **keyp, char **commentp)
230{
231	struct sshbuf *buffer = NULL;
232	int r;
233
234	if ((buffer = sshbuf_new()) == NULL) {
235		r = SSH_ERR_ALLOC_FAIL;
236		goto out;
237	}
238	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
239	    (r = sshkey_parse_private_fileblob_type(buffer, type,
240	    passphrase, keyp, commentp)) != 0)
241		goto out;
242
243	/* success */
244	r = 0;
245 out:
246	if (buffer != NULL)
247		sshbuf_free(buffer);
248	return r;
249}
250
251/* XXX this is almost identical to sshkey_load_private_type() */
252int
253sshkey_load_private(const char *filename, const char *passphrase,
254    struct sshkey **keyp, char **commentp)
255{
256	struct sshbuf *buffer = NULL;
257	int r, fd;
258
259	*keyp = NULL;
260	if (commentp != NULL)
261		*commentp = NULL;
262
263	if ((fd = open(filename, O_RDONLY)) < 0)
264		return SSH_ERR_SYSTEM_ERROR;
265	if (sshkey_perm_ok(fd, filename) != 0) {
266		r = SSH_ERR_KEY_BAD_PERMISSIONS;
267		goto out;
268	}
269
270	if ((buffer = sshbuf_new()) == NULL) {
271		r = SSH_ERR_ALLOC_FAIL;
272		goto out;
273	}
274	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
275	    (r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
276	    keyp, commentp)) != 0)
277		goto out;
278	r = 0;
279 out:
280	close(fd);
281	if (buffer != NULL)
282		sshbuf_free(buffer);
283	return r;
284}
285
286static int
287sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
288{
289	FILE *f;
290	char line[SSH_MAX_PUBKEY_BYTES];
291	char *cp;
292	u_long linenum = 0;
293	int r;
294
295	if (commentp != NULL)
296		*commentp = NULL;
297	if ((f = fopen(filename, "r")) == NULL)
298		return SSH_ERR_SYSTEM_ERROR;
299	while (read_keyfile_line(f, filename, line, sizeof(line),
300		    &linenum) != -1) {
301		cp = line;
302		switch (*cp) {
303		case '#':
304		case '\n':
305		case '\0':
306			continue;
307		}
308		/* Abort loading if this looks like a private key */
309		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
310		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
311			break;
312		/* Skip leading whitespace. */
313		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
314			;
315		if (*cp) {
316			if ((r = sshkey_read(k, &cp)) == 0) {
317				cp[strcspn(cp, "\r\n")] = '\0';
318				if (commentp) {
319					*commentp = strdup(*cp ?
320					    cp : filename);
321					if (*commentp == NULL)
322						r = SSH_ERR_ALLOC_FAIL;
323				}
324				fclose(f);
325				return r;
326			}
327		}
328	}
329	fclose(f);
330	return SSH_ERR_INVALID_FORMAT;
331}
332
333/* load public key from ssh v1 private or any pubkey file */
334int
335sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
336{
337	struct sshkey *pub = NULL;
338	char file[PATH_MAX];
339	int r, fd;
340
341	if (keyp != NULL)
342		*keyp = NULL;
343	if (commentp != NULL)
344		*commentp = NULL;
345
346	/* XXX should load file once and attempt to parse each format */
347
348	if ((fd = open(filename, O_RDONLY)) < 0)
349		goto skip;
350#ifdef WITH_SSH1
351	/* try rsa1 private key */
352	r = sshkey_load_public_rsa1(fd, keyp, commentp);
353	close(fd);
354	switch (r) {
355	case SSH_ERR_INTERNAL_ERROR:
356	case SSH_ERR_ALLOC_FAIL:
357	case SSH_ERR_INVALID_ARGUMENT:
358	case SSH_ERR_SYSTEM_ERROR:
359	case 0:
360		return r;
361	}
362#else /* WITH_SSH1 */
363	close(fd);
364#endif /* WITH_SSH1 */
365
366	/* try ssh2 public key */
367	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
368		return SSH_ERR_ALLOC_FAIL;
369	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
370		if (keyp != NULL)
371			*keyp = pub;
372		return 0;
373	}
374	sshkey_free(pub);
375
376#ifdef WITH_SSH1
377	/* try rsa1 public key */
378	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
379		return SSH_ERR_ALLOC_FAIL;
380	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
381		if (keyp != NULL)
382			*keyp = pub;
383		return 0;
384	}
385	sshkey_free(pub);
386#endif /* WITH_SSH1 */
387
388 skip:
389	/* try .pub suffix */
390	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
391		return SSH_ERR_ALLOC_FAIL;
392	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
393	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
394	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
395	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
396		if (keyp != NULL)
397			*keyp = pub;
398		return 0;
399	}
400	sshkey_free(pub);
401
402	return r;
403}
404
405/* Load the certificate associated with the named private key */
406int
407sshkey_load_cert(const char *filename, struct sshkey **keyp)
408{
409	struct sshkey *pub = NULL;
410	char *file = NULL;
411	int r = SSH_ERR_INTERNAL_ERROR;
412
413	*keyp = NULL;
414
415	if (asprintf(&file, "%s-cert.pub", filename) == -1)
416		return SSH_ERR_ALLOC_FAIL;
417
418	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
419		goto out;
420	}
421	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
422		goto out;
423
424	*keyp = pub;
425	pub = NULL;
426	r = 0;
427
428 out:
429	if (file != NULL)
430		free(file);
431	if (pub != NULL)
432		sshkey_free(pub);
433	return r;
434}
435
436/* Load private key and certificate */
437int
438sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
439    struct sshkey **keyp, int *perm_ok)
440{
441	struct sshkey *key = NULL, *cert = NULL;
442	int r;
443
444	*keyp = NULL;
445
446	switch (type) {
447#ifdef WITH_OPENSSL
448	case KEY_RSA:
449	case KEY_DSA:
450	case KEY_ECDSA:
451#endif /* WITH_OPENSSL */
452	case KEY_ED25519:
453	case KEY_UNSPEC:
454		break;
455	default:
456		return SSH_ERR_KEY_TYPE_UNKNOWN;
457	}
458
459	if ((r = sshkey_load_private_type(type, filename,
460	    passphrase, &key, NULL, perm_ok)) != 0 ||
461	    (r = sshkey_load_cert(filename, &cert)) != 0)
462		goto out;
463
464	/* Make sure the private key matches the certificate */
465	if (sshkey_equal_public(key, cert) == 0) {
466		r = SSH_ERR_KEY_CERT_MISMATCH;
467		goto out;
468	}
469
470	if ((r = sshkey_to_certified(key)) != 0 ||
471	    (r = sshkey_cert_copy(cert, key)) != 0)
472		goto out;
473	r = 0;
474	*keyp = key;
475	key = NULL;
476 out:
477	if (key != NULL)
478		sshkey_free(key);
479	if (cert != NULL)
480		sshkey_free(cert);
481	return r;
482}
483
484/*
485 * Returns success if the specified "key" is listed in the file "filename",
486 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
487 * If "strict_type" is set then the key type must match exactly,
488 * otherwise a comparison that ignores certficiate data is performed.
489 * If "check_ca" is set and "key" is a certificate, then its CA key is
490 * also checked and sshkey_in_file() will return success if either is found.
491 */
492int
493sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
494    int check_ca)
495{
496	FILE *f;
497	char line[SSH_MAX_PUBKEY_BYTES];
498	char *cp;
499	u_long linenum = 0;
500	int r = 0;
501	struct sshkey *pub = NULL;
502	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
503	    strict_type ?  sshkey_equal : sshkey_equal_public;
504
505	if ((f = fopen(filename, "r")) == NULL)
506		return SSH_ERR_SYSTEM_ERROR;
507
508	while (read_keyfile_line(f, filename, line, sizeof(line),
509	    &linenum) != -1) {
510		cp = line;
511
512		/* Skip leading whitespace. */
513		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
514			;
515
516		/* Skip comments and empty lines */
517		switch (*cp) {
518		case '#':
519		case '\n':
520		case '\0':
521			continue;
522		}
523
524		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
525			r = SSH_ERR_ALLOC_FAIL;
526			goto out;
527		}
528		if ((r = sshkey_read(pub, &cp)) != 0)
529			goto out;
530		if (sshkey_compare(key, pub) ||
531		    (check_ca && sshkey_is_cert(key) &&
532		    sshkey_compare(key->cert->signature_key, pub))) {
533			r = 0;
534			goto out;
535		}
536		sshkey_free(pub);
537		pub = NULL;
538	}
539	r = SSH_ERR_KEY_NOT_FOUND;
540 out:
541	if (pub != NULL)
542		sshkey_free(pub);
543	fclose(f);
544	return r;
545}
546
547/*
548 * Checks whether the specified key is revoked, returning 0 if not,
549 * SSH_ERR_KEY_REVOKED if it is or another error code if something
550 * unexpected happened.
551 * This will check both the key and, if it is a certificate, its CA key too.
552 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
553 */
554int
555sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
556{
557	int r;
558
559	r = ssh_krl_file_contains_key(revoked_keys_file, key);
560	/* If this was not a KRL to begin with then continue below */
561	if (r != SSH_ERR_KRL_BAD_MAGIC)
562		return r;
563
564	/*
565	 * If the file is not a KRL or we can't handle KRLs then attempt to
566	 * parse the file as a flat list of keys.
567	 */
568	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
569	case 0:
570		/* Key found => revoked */
571		return SSH_ERR_KEY_REVOKED;
572	case SSH_ERR_KEY_NOT_FOUND:
573		/* Key not found => not revoked */
574		return 0;
575	default:
576		/* Some other error occurred */
577		return r;
578	}
579}
580
581