authfile.c revision 296781 
1/* $OpenBSD: authfile.c,v 1.120 2015/12/11 04:21:11 mmcc Exp $ */
2/*
3 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27
28#include <sys/types.h>
29#include <sys/stat.h>
30#include <sys/uio.h>
31
32#include <errno.h>
33#include <fcntl.h>
34#include <stdio.h>
35#include <stdarg.h>
36#include <stdlib.h>
37#include <string.h>
38#include <unistd.h>
39#include <limits.h>
40
41#include "cipher.h"
42#include "ssh.h"
43#include "log.h"
44#include "authfile.h"
45#include "rsa.h"
46#include "misc.h"
47#include "atomicio.h"
48#include "sshkey.h"
49#include "sshbuf.h"
50#include "ssherr.h"
51#include "krl.h"
52
53#define MAX_KEY_FILE_SIZE	(1024 * 1024)
54
55/* Save a key blob to a file */
56static int
57sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
58{
59	int fd, oerrno;
60
61	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
62		return SSH_ERR_SYSTEM_ERROR;
63	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
64	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
65		oerrno = errno;
66		close(fd);
67		unlink(filename);
68		errno = oerrno;
69		return SSH_ERR_SYSTEM_ERROR;
70	}
71	close(fd);
72	return 0;
73}
74
75int
76sshkey_save_private(struct sshkey *key, const char *filename,
77    const char *passphrase, const char *comment,
78    int force_new_format, const char *new_format_cipher, int new_format_rounds)
79{
80	struct sshbuf *keyblob = NULL;
81	int r;
82
83	if ((keyblob = sshbuf_new()) == NULL)
84		return SSH_ERR_ALLOC_FAIL;
85	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
86	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
87		goto out;
88	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
89		goto out;
90	r = 0;
91 out:
92	sshbuf_free(keyblob);
93	return r;
94}
95
96/* Load a key from a fd into a buffer */
97int
98sshkey_load_file(int fd, struct sshbuf *blob)
99{
100	u_char buf[1024];
101	size_t len;
102	struct stat st;
103	int r;
104
105	if (fstat(fd, &st) < 0)
106		return SSH_ERR_SYSTEM_ERROR;
107	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108	    st.st_size > MAX_KEY_FILE_SIZE)
109		return SSH_ERR_INVALID_FORMAT;
110	for (;;) {
111		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
112			if (errno == EPIPE)
113				break;
114			r = SSH_ERR_SYSTEM_ERROR;
115			goto out;
116		}
117		if ((r = sshbuf_put(blob, buf, len)) != 0)
118			goto out;
119		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
120			r = SSH_ERR_INVALID_FORMAT;
121			goto out;
122		}
123	}
124	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
125	    st.st_size != (off_t)sshbuf_len(blob)) {
126		r = SSH_ERR_FILE_CHANGED;
127		goto out;
128	}
129	r = 0;
130
131 out:
132	explicit_bzero(buf, sizeof(buf));
133	if (r != 0)
134		sshbuf_reset(blob);
135	return r;
136}
137
138#ifdef WITH_SSH1
139/*
140 * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
141 * encountered (the file does not exist or is not readable), and the key
142 * otherwise.
143 */
144static int
145sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
146{
147	struct sshbuf *b = NULL;
148	int r;
149
150	*keyp = NULL;
151	if (commentp != NULL)
152		*commentp = NULL;
153
154	if ((b = sshbuf_new()) == NULL)
155		return SSH_ERR_ALLOC_FAIL;
156	if ((r = sshkey_load_file(fd, b)) != 0)
157		goto out;
158	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
159		goto out;
160	r = 0;
161 out:
162	sshbuf_free(b);
163	return r;
164}
165#endif /* WITH_SSH1 */
166
167/* XXX remove error() calls from here? */
168int
169sshkey_perm_ok(int fd, const char *filename)
170{
171	struct stat st;
172
173	if (fstat(fd, &st) < 0)
174		return SSH_ERR_SYSTEM_ERROR;
175	/*
176	 * if a key owned by the user is accessed, then we check the
177	 * permissions of the file. if the key owned by a different user,
178	 * then we don't care.
179	 */
180#ifdef HAVE_CYGWIN
181	if (check_ntsec(filename))
182#endif
183	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
184		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
185		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
186		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
187		error("Permissions 0%3.3o for '%s' are too open.",
188		    (u_int)st.st_mode & 0777, filename);
189		error("It is required that your private key files are NOT accessible by others.");
190		error("This private key will be ignored.");
191		return SSH_ERR_KEY_BAD_PERMISSIONS;
192	}
193	return 0;
194}
195
196/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
197int
198sshkey_load_private_type(int type, const char *filename, const char *passphrase,
199    struct sshkey **keyp, char **commentp, int *perm_ok)
200{
201	int fd, r;
202
203	*keyp = NULL;
204	if (commentp != NULL)
205		*commentp = NULL;
206
207	if ((fd = open(filename, O_RDONLY)) < 0) {
208		if (perm_ok != NULL)
209			*perm_ok = 0;
210		return SSH_ERR_SYSTEM_ERROR;
211	}
212	if (sshkey_perm_ok(fd, filename) != 0) {
213		if (perm_ok != NULL)
214			*perm_ok = 0;
215		r = SSH_ERR_KEY_BAD_PERMISSIONS;
216		goto out;
217	}
218	if (perm_ok != NULL)
219		*perm_ok = 1;
220
221	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
222 out:
223	close(fd);
224	return r;
225}
226
227int
228sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
229    struct sshkey **keyp, char **commentp)
230{
231	struct sshbuf *buffer = NULL;
232	int r;
233
234	if ((buffer = sshbuf_new()) == NULL) {
235		r = SSH_ERR_ALLOC_FAIL;
236		goto out;
237	}
238	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
239	    (r = sshkey_parse_private_fileblob_type(buffer, type,
240	    passphrase, keyp, commentp)) != 0)
241		goto out;
242
243	/* success */
244	r = 0;
245 out:
246	sshbuf_free(buffer);
247	return r;
248}
249
250/* XXX this is almost identical to sshkey_load_private_type() */
251int
252sshkey_load_private(const char *filename, const char *passphrase,
253    struct sshkey **keyp, char **commentp)
254{
255	struct sshbuf *buffer = NULL;
256	int r, fd;
257
258	*keyp = NULL;
259	if (commentp != NULL)
260		*commentp = NULL;
261
262	if ((fd = open(filename, O_RDONLY)) < 0)
263		return SSH_ERR_SYSTEM_ERROR;
264	if (sshkey_perm_ok(fd, filename) != 0) {
265		r = SSH_ERR_KEY_BAD_PERMISSIONS;
266		goto out;
267	}
268
269	if ((buffer = sshbuf_new()) == NULL) {
270		r = SSH_ERR_ALLOC_FAIL;
271		goto out;
272	}
273	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
274	    (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
275	    commentp)) != 0)
276		goto out;
277	r = 0;
278 out:
279	close(fd);
280	sshbuf_free(buffer);
281	return r;
282}
283
284static int
285sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
286{
287	FILE *f;
288	char line[SSH_MAX_PUBKEY_BYTES];
289	char *cp;
290	u_long linenum = 0;
291	int r;
292
293	if (commentp != NULL)
294		*commentp = NULL;
295	if ((f = fopen(filename, "r")) == NULL)
296		return SSH_ERR_SYSTEM_ERROR;
297	while (read_keyfile_line(f, filename, line, sizeof(line),
298		    &linenum) != -1) {
299		cp = line;
300		switch (*cp) {
301		case '#':
302		case '\n':
303		case '\0':
304			continue;
305		}
306		/* Abort loading if this looks like a private key */
307		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
308		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
309			break;
310		/* Skip leading whitespace. */
311		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
312			;
313		if (*cp) {
314			if ((r = sshkey_read(k, &cp)) == 0) {
315				cp[strcspn(cp, "\r\n")] = '\0';
316				if (commentp) {
317					*commentp = strdup(*cp ?
318					    cp : filename);
319					if (*commentp == NULL)
320						r = SSH_ERR_ALLOC_FAIL;
321				}
322				fclose(f);
323				return r;
324			}
325		}
326	}
327	fclose(f);
328	return SSH_ERR_INVALID_FORMAT;
329}
330
331/* load public key from ssh v1 private or any pubkey file */
332int
333sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
334{
335	struct sshkey *pub = NULL;
336	char file[PATH_MAX];
337	int r, fd;
338
339	if (keyp != NULL)
340		*keyp = NULL;
341	if (commentp != NULL)
342		*commentp = NULL;
343
344	/* XXX should load file once and attempt to parse each format */
345
346	if ((fd = open(filename, O_RDONLY)) < 0)
347		goto skip;
348#ifdef WITH_SSH1
349	/* try rsa1 private key */
350	r = sshkey_load_public_rsa1(fd, keyp, commentp);
351	close(fd);
352	switch (r) {
353	case SSH_ERR_INTERNAL_ERROR:
354	case SSH_ERR_ALLOC_FAIL:
355	case SSH_ERR_INVALID_ARGUMENT:
356	case SSH_ERR_SYSTEM_ERROR:
357	case 0:
358		return r;
359	}
360#else /* WITH_SSH1 */
361	close(fd);
362#endif /* WITH_SSH1 */
363
364	/* try ssh2 public key */
365	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
366		return SSH_ERR_ALLOC_FAIL;
367	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
368		if (keyp != NULL)
369			*keyp = pub;
370		return 0;
371	}
372	sshkey_free(pub);
373
374#ifdef WITH_SSH1
375	/* try rsa1 public key */
376	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
377		return SSH_ERR_ALLOC_FAIL;
378	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
379		if (keyp != NULL)
380			*keyp = pub;
381		return 0;
382	}
383	sshkey_free(pub);
384#endif /* WITH_SSH1 */
385
386 skip:
387	/* try .pub suffix */
388	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
389		return SSH_ERR_ALLOC_FAIL;
390	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
391	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
392	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
393	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
394		if (keyp != NULL)
395			*keyp = pub;
396		return 0;
397	}
398	sshkey_free(pub);
399
400	return r;
401}
402
403/* Load the certificate associated with the named private key */
404int
405sshkey_load_cert(const char *filename, struct sshkey **keyp)
406{
407	struct sshkey *pub = NULL;
408	char *file = NULL;
409	int r = SSH_ERR_INTERNAL_ERROR;
410
411	*keyp = NULL;
412
413	if (asprintf(&file, "%s-cert.pub", filename) == -1)
414		return SSH_ERR_ALLOC_FAIL;
415
416	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
417		goto out;
418	}
419	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
420		goto out;
421
422	*keyp = pub;
423	pub = NULL;
424	r = 0;
425
426 out:
427	free(file);
428	sshkey_free(pub);
429	return r;
430}
431
432/* Load private key and certificate */
433int
434sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
435    struct sshkey **keyp, int *perm_ok)
436{
437	struct sshkey *key = NULL, *cert = NULL;
438	int r;
439
440	*keyp = NULL;
441
442	switch (type) {
443#ifdef WITH_OPENSSL
444	case KEY_RSA:
445	case KEY_DSA:
446	case KEY_ECDSA:
447#endif /* WITH_OPENSSL */
448	case KEY_ED25519:
449	case KEY_UNSPEC:
450		break;
451	default:
452		return SSH_ERR_KEY_TYPE_UNKNOWN;
453	}
454
455	if ((r = sshkey_load_private_type(type, filename,
456	    passphrase, &key, NULL, perm_ok)) != 0 ||
457	    (r = sshkey_load_cert(filename, &cert)) != 0)
458		goto out;
459
460	/* Make sure the private key matches the certificate */
461	if (sshkey_equal_public(key, cert) == 0) {
462		r = SSH_ERR_KEY_CERT_MISMATCH;
463		goto out;
464	}
465
466	if ((r = sshkey_to_certified(key)) != 0 ||
467	    (r = sshkey_cert_copy(cert, key)) != 0)
468		goto out;
469	r = 0;
470	*keyp = key;
471	key = NULL;
472 out:
473	sshkey_free(key);
474	sshkey_free(cert);
475	return r;
476}
477
478/*
479 * Returns success if the specified "key" is listed in the file "filename",
480 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
481 * If "strict_type" is set then the key type must match exactly,
482 * otherwise a comparison that ignores certficiate data is performed.
483 * If "check_ca" is set and "key" is a certificate, then its CA key is
484 * also checked and sshkey_in_file() will return success if either is found.
485 */
486int
487sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
488    int check_ca)
489{
490	FILE *f;
491	char line[SSH_MAX_PUBKEY_BYTES];
492	char *cp;
493	u_long linenum = 0;
494	int r = 0;
495	struct sshkey *pub = NULL;
496	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
497	    strict_type ?  sshkey_equal : sshkey_equal_public;
498
499	if ((f = fopen(filename, "r")) == NULL)
500		return SSH_ERR_SYSTEM_ERROR;
501
502	while (read_keyfile_line(f, filename, line, sizeof(line),
503	    &linenum) != -1) {
504		cp = line;
505
506		/* Skip leading whitespace. */
507		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
508			;
509
510		/* Skip comments and empty lines */
511		switch (*cp) {
512		case '#':
513		case '\n':
514		case '\0':
515			continue;
516		}
517
518		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
519			r = SSH_ERR_ALLOC_FAIL;
520			goto out;
521		}
522		if ((r = sshkey_read(pub, &cp)) != 0)
523			goto out;
524		if (sshkey_compare(key, pub) ||
525		    (check_ca && sshkey_is_cert(key) &&
526		    sshkey_compare(key->cert->signature_key, pub))) {
527			r = 0;
528			goto out;
529		}
530		sshkey_free(pub);
531		pub = NULL;
532	}
533	r = SSH_ERR_KEY_NOT_FOUND;
534 out:
535	sshkey_free(pub);
536	fclose(f);
537	return r;
538}
539
540/*
541 * Checks whether the specified key is revoked, returning 0 if not,
542 * SSH_ERR_KEY_REVOKED if it is or another error code if something
543 * unexpected happened.
544 * This will check both the key and, if it is a certificate, its CA key too.
545 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
546 */
547int
548sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
549{
550	int r;
551
552	r = ssh_krl_file_contains_key(revoked_keys_file, key);
553	/* If this was not a KRL to begin with then continue below */
554	if (r != SSH_ERR_KRL_BAD_MAGIC)
555		return r;
556
557	/*
558	 * If the file is not a KRL or we can't handle KRLs then attempt to
559	 * parse the file as a flat list of keys.
560	 */
561	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
562	case 0:
563		/* Key found => revoked */
564		return SSH_ERR_KEY_REVOKED;
565	case SSH_ERR_KEY_NOT_FOUND:
566		/* Key not found => not revoked */
567		return 0;
568	default:
569		/* Some other error occurred */
570		return r;
571	}
572}
573
574