1 /* $NetBSD: authfile.c,v 1.18 2018/04/06 18:58:59 christos Exp $ */ 2 /* $OpenBSD: authfile.c,v 1.128 2018/02/23 15:58:37 markus Exp $ */ 3 /* 4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 __RCSID("$NetBSD: authfile.c,v 1.18 2018/04/06 18:58:59 christos Exp $"); 29 #include <sys/types.h> 30 #include <sys/stat.h> 31 #include <sys/uio.h> 32 33 #include <errno.h> 34 #include <fcntl.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 #include <unistd.h> 39 #include <limits.h> 40 41 #include "cipher.h" 42 #include "ssh.h" 43 #include "log.h" 44 #include "authfile.h" 45 #include "misc.h" 46 #include "atomicio.h" 47 #include "sshkey.h" 48 #include "sshbuf.h" 49 #include "ssherr.h" 50 #include "krl.h" 51 52 #define MAX_KEY_FILE_SIZE (1024 * 1024) 53 54 /* Save a key blob to a file */ 55 static int 56 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 57 { 58 int fd, oerrno; 59 60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) 61 return SSH_ERR_SYSTEM_ERROR; 62 if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(keybuf)), 63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 64 oerrno = errno; 65 close(fd); 66 unlink(filename); 67 errno = oerrno; 68 return SSH_ERR_SYSTEM_ERROR; 69 } 70 close(fd); 71 return 0; 72 } 73 74 int 75 sshkey_save_private(struct sshkey *key, const char *filename, 76 const char *passphrase, const char *comment, 77 int force_new_format, const char *new_format_cipher, int new_format_rounds) 78 { 79 struct sshbuf *keyblob = NULL; 80 int r; 81 82 if ((keyblob = sshbuf_new()) == NULL) 83 return SSH_ERR_ALLOC_FAIL; 84 if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, 85 force_new_format, new_format_cipher, new_format_rounds)) != 0) 86 goto out; 87 if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) 88 goto out; 89 r = 0; 90 out: 91 sshbuf_free(keyblob); 92 return r; 93 } 94 95 /* Load a key from a fd into a buffer */ 96 int 97 sshkey_load_file(int fd, struct sshbuf *blob) 98 { 99 u_char buf[1024]; 100 size_t len; 101 struct stat st; 102 int r; 103 104 if (fstat(fd, &st) < 0) 105 return SSH_ERR_SYSTEM_ERROR; 106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 107 st.st_size > MAX_KEY_FILE_SIZE) 108 return SSH_ERR_INVALID_FORMAT; 109 for (;;) { 110 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { 111 if (errno == EPIPE) 112 break; 113 r = SSH_ERR_SYSTEM_ERROR; 114 goto out; 115 } 116 if ((r = sshbuf_put(blob, buf, len)) != 0) 117 goto out; 118 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { 119 r = SSH_ERR_INVALID_FORMAT; 120 goto out; 121 } 122 } 123 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 124 st.st_size != (off_t)sshbuf_len(blob)) { 125 r = SSH_ERR_FILE_CHANGED; 126 goto out; 127 } 128 r = 0; 129 130 out: 131 explicit_bzero(buf, sizeof(buf)); 132 if (r != 0) 133 sshbuf_reset(blob); 134 return r; 135 } 136 137 138 /* XXX remove error() calls from here? */ 139 int 140 sshkey_perm_ok(int fd, const char *filename) 141 { 142 struct stat st; 143 144 if (fstat(fd, &st) < 0) 145 return SSH_ERR_SYSTEM_ERROR; 146 /* 147 * if a key owned by the user is accessed, then we check the 148 * permissions of the file. if the key owned by a different user, 149 * then we don't care. 150 */ 151 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { 152 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 153 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); 154 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 155 error("Permissions 0%3.3o for '%s' are too open.", 156 (u_int)st.st_mode & 0777, filename); 157 error("It is required that your private key files are NOT accessible by others."); 158 error("This private key will be ignored."); 159 return SSH_ERR_KEY_BAD_PERMISSIONS; 160 } 161 return 0; 162 } 163 164 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ 165 int 166 sshkey_load_private_type(int type, const char *filename, const char *passphrase, 167 struct sshkey **keyp, char **commentp, int *perm_ok) 168 { 169 int fd, r; 170 171 if (keyp != NULL) 172 *keyp = NULL; 173 if (commentp != NULL) 174 *commentp = NULL; 175 176 if ((fd = open(filename, O_RDONLY)) < 0) { 177 if (perm_ok != NULL) 178 *perm_ok = 0; 179 return SSH_ERR_SYSTEM_ERROR; 180 } 181 if (sshkey_perm_ok(fd, filename) != 0) { 182 if (perm_ok != NULL) 183 *perm_ok = 0; 184 r = SSH_ERR_KEY_BAD_PERMISSIONS; 185 goto out; 186 } 187 if (perm_ok != NULL) 188 *perm_ok = 1; 189 190 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); 191 if (r == 0 && keyp && *keyp) 192 r = sshkey_set_filename(*keyp, filename); 193 out: 194 close(fd); 195 return r; 196 } 197 198 int 199 sshkey_load_private_type_fd(int fd, int type, const char *passphrase, 200 struct sshkey **keyp, char **commentp) 201 { 202 struct sshbuf *buffer = NULL; 203 int r; 204 205 if (keyp != NULL) 206 *keyp = NULL; 207 if ((buffer = sshbuf_new()) == NULL) { 208 r = SSH_ERR_ALLOC_FAIL; 209 goto out; 210 } 211 if ((r = sshkey_load_file(fd, buffer)) != 0 || 212 (r = sshkey_parse_private_fileblob_type(buffer, type, 213 passphrase, keyp, commentp)) != 0) 214 goto out; 215 216 /* success */ 217 r = 0; 218 out: 219 sshbuf_free(buffer); 220 return r; 221 } 222 223 /* XXX this is almost identical to sshkey_load_private_type() */ 224 int 225 sshkey_load_private(const char *filename, const char *passphrase, 226 struct sshkey **keyp, char **commentp) 227 { 228 struct sshbuf *buffer = NULL; 229 int r, fd; 230 231 if (keyp != NULL) 232 *keyp = NULL; 233 if (commentp != NULL) 234 *commentp = NULL; 235 236 if ((fd = open(filename, O_RDONLY)) < 0) 237 return SSH_ERR_SYSTEM_ERROR; 238 if (sshkey_perm_ok(fd, filename) != 0) { 239 r = SSH_ERR_KEY_BAD_PERMISSIONS; 240 goto out; 241 } 242 243 if ((buffer = sshbuf_new()) == NULL) { 244 r = SSH_ERR_ALLOC_FAIL; 245 goto out; 246 } 247 if ((r = sshkey_load_file(fd, buffer)) != 0 || 248 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, 249 commentp)) != 0) 250 goto out; 251 if (keyp && *keyp && 252 (r = sshkey_set_filename(*keyp, filename)) != 0) 253 goto out; 254 r = 0; 255 out: 256 close(fd); 257 sshbuf_free(buffer); 258 return r; 259 } 260 261 static int 262 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) 263 { 264 FILE *f; 265 char line[SSH_MAX_PUBKEY_BYTES]; 266 char *cp; 267 u_long linenum = 0; 268 int r; 269 270 if (commentp != NULL) 271 *commentp = NULL; 272 if ((f = fopen(filename, "r")) == NULL) 273 return SSH_ERR_SYSTEM_ERROR; 274 while (read_keyfile_line(f, filename, line, sizeof(line), 275 &linenum) != -1) { 276 cp = line; 277 switch (*cp) { 278 case '#': 279 case '\n': 280 case '\0': 281 continue; 282 } 283 /* Abort loading if this looks like a private key */ 284 if (strncmp(cp, "-----BEGIN", 10) == 0 || 285 strcmp(cp, "SSH PRIVATE KEY FILE") == 0) 286 break; 287 /* Skip leading whitespace. */ 288 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 289 ; 290 if (*cp) { 291 if ((r = sshkey_read(k, &cp)) == 0) { 292 cp[strcspn(cp, "\r\n")] = '\0'; 293 if (commentp) { 294 *commentp = strdup(*cp ? 295 cp : filename); 296 if (*commentp == NULL) 297 r = SSH_ERR_ALLOC_FAIL; 298 } 299 fclose(f); 300 return r; 301 } 302 } 303 } 304 fclose(f); 305 return SSH_ERR_INVALID_FORMAT; 306 } 307 308 /* load public key from any pubkey file */ 309 int 310 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) 311 { 312 struct sshkey *pub = NULL; 313 char *file = NULL; 314 int r; 315 316 if (keyp != NULL) 317 *keyp = NULL; 318 if (commentp != NULL) 319 *commentp = NULL; 320 321 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 322 return SSH_ERR_ALLOC_FAIL; 323 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 324 if (keyp != NULL) { 325 *keyp = pub; 326 pub = NULL; 327 } 328 r = 0; 329 goto out; 330 } 331 sshkey_free(pub); 332 333 /* try .pub suffix */ 334 if (asprintf(&file, "%s.pub", filename) == -1) 335 return SSH_ERR_ALLOC_FAIL; 336 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 337 r = SSH_ERR_ALLOC_FAIL; 338 goto out; 339 } 340 if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) { 341 if (keyp != NULL) { 342 *keyp = pub; 343 pub = NULL; 344 } 345 r = 0; 346 } 347 out: 348 free(file); 349 sshkey_free(pub); 350 return r; 351 } 352 353 /* Load the certificate associated with the named private key */ 354 int 355 sshkey_load_cert(const char *filename, struct sshkey **keyp) 356 { 357 struct sshkey *pub = NULL; 358 char *file = NULL; 359 int r = SSH_ERR_INTERNAL_ERROR; 360 361 if (keyp != NULL) 362 *keyp = NULL; 363 364 if (asprintf(&file, "%s-cert.pub", filename) == -1) 365 return SSH_ERR_ALLOC_FAIL; 366 367 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 368 goto out; 369 } 370 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) 371 goto out; 372 /* success */ 373 if (keyp != NULL) { 374 *keyp = pub; 375 pub = NULL; 376 } 377 r = 0; 378 out: 379 free(file); 380 sshkey_free(pub); 381 return r; 382 } 383 384 /* Load private key and certificate */ 385 int 386 sshkey_load_private_cert(int type, const char *filename, const char *passphrase, 387 struct sshkey **keyp, int *perm_ok) 388 { 389 struct sshkey *key = NULL, *cert = NULL; 390 int r; 391 392 if (keyp != NULL) 393 *keyp = NULL; 394 395 switch (type) { 396 #ifdef WITH_OPENSSL 397 case KEY_RSA: 398 case KEY_DSA: 399 case KEY_ECDSA: 400 #endif /* WITH_OPENSSL */ 401 case KEY_ED25519: 402 case KEY_XMSS: 403 case KEY_UNSPEC: 404 break; 405 default: 406 return SSH_ERR_KEY_TYPE_UNKNOWN; 407 } 408 409 if ((r = sshkey_load_private_type(type, filename, 410 passphrase, &key, NULL, perm_ok)) != 0 || 411 (r = sshkey_load_cert(filename, &cert)) != 0) 412 goto out; 413 414 /* Make sure the private key matches the certificate */ 415 if (sshkey_equal_public(key, cert) == 0) { 416 r = SSH_ERR_KEY_CERT_MISMATCH; 417 goto out; 418 } 419 420 if ((r = sshkey_to_certified(key)) != 0 || 421 (r = sshkey_cert_copy(cert, key)) != 0) 422 goto out; 423 r = 0; 424 if (keyp != NULL) { 425 *keyp = key; 426 key = NULL; 427 } 428 out: 429 sshkey_free(key); 430 sshkey_free(cert); 431 return r; 432 } 433 434 /* 435 * Returns success if the specified "key" is listed in the file "filename", 436 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. 437 * If "strict_type" is set then the key type must match exactly, 438 * otherwise a comparison that ignores certficiate data is performed. 439 * If "check_ca" is set and "key" is a certificate, then its CA key is 440 * also checked and sshkey_in_file() will return success if either is found. 441 */ 442 int 443 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, 444 int check_ca) 445 { 446 FILE *f; 447 char line[SSH_MAX_PUBKEY_BYTES]; 448 char *cp; 449 u_long linenum = 0; 450 int r = 0; 451 struct sshkey *pub = NULL; 452 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = 453 strict_type ? sshkey_equal : sshkey_equal_public; 454 455 if ((f = fopen(filename, "r")) == NULL) 456 return SSH_ERR_SYSTEM_ERROR; 457 458 while (read_keyfile_line(f, filename, line, sizeof(line), 459 &linenum) != -1) { 460 cp = line; 461 462 /* Skip leading whitespace. */ 463 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 464 ; 465 466 /* Skip comments and empty lines */ 467 switch (*cp) { 468 case '#': 469 case '\n': 470 case '\0': 471 continue; 472 } 473 474 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 475 r = SSH_ERR_ALLOC_FAIL; 476 goto out; 477 } 478 if ((r = sshkey_read(pub, &cp)) != 0) 479 goto out; 480 if (sshkey_compare(key, pub) || 481 (check_ca && sshkey_is_cert(key) && 482 sshkey_compare(key->cert->signature_key, pub))) { 483 r = 0; 484 goto out; 485 } 486 sshkey_free(pub); 487 pub = NULL; 488 } 489 r = SSH_ERR_KEY_NOT_FOUND; 490 out: 491 sshkey_free(pub); 492 fclose(f); 493 return r; 494 } 495 496 /* 497 * Checks whether the specified key is revoked, returning 0 if not, 498 * SSH_ERR_KEY_REVOKED if it is or another error code if something 499 * unexpected happened. 500 * This will check both the key and, if it is a certificate, its CA key too. 501 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. 502 */ 503 int 504 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) 505 { 506 int r; 507 508 r = ssh_krl_file_contains_key(revoked_keys_file, key); 509 /* If this was not a KRL to begin with then continue below */ 510 if (r != SSH_ERR_KRL_BAD_MAGIC) 511 return r; 512 513 /* 514 * If the file is not a KRL or we can't handle KRLs then attempt to 515 * parse the file as a flat list of keys. 516 */ 517 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { 518 case 0: 519 /* Key found => revoked */ 520 return SSH_ERR_KEY_REVOKED; 521 case SSH_ERR_KEY_NOT_FOUND: 522 /* Key not found => not revoked */ 523 return 0; 524 default: 525 /* Some other error occurred */ 526 return r; 527 } 528 } 529 530