1 /* $OpenBSD: authfile.c,v 1.121 2016/04/09 12:39:30 djm Exp $ */ 2 /* 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 27 #include <sys/types.h> 28 #include <sys/stat.h> 29 #include <sys/uio.h> 30 31 #include <errno.h> 32 #include <fcntl.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 #include <limits.h> 38 39 #include "cipher.h" 40 #include "ssh.h" 41 #include "log.h" 42 #include "authfile.h" 43 #include "rsa.h" 44 #include "misc.h" 45 #include "atomicio.h" 46 #include "sshkey.h" 47 #include "sshbuf.h" 48 #include "ssherr.h" 49 #include "krl.h" 50 51 #define MAX_KEY_FILE_SIZE (1024 * 1024) 52 53 /* Save a key blob to a file */ 54 static int 55 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 56 { 57 int fd, oerrno; 58 59 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) 60 return SSH_ERR_SYSTEM_ERROR; 61 if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), 62 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 63 oerrno = errno; 64 close(fd); 65 unlink(filename); 66 errno = oerrno; 67 return SSH_ERR_SYSTEM_ERROR; 68 } 69 close(fd); 70 return 0; 71 } 72 73 int 74 sshkey_save_private(struct sshkey *key, const char *filename, 75 const char *passphrase, const char *comment, 76 int force_new_format, const char *new_format_cipher, int new_format_rounds) 77 { 78 struct sshbuf *keyblob = NULL; 79 int r; 80 81 if ((keyblob = sshbuf_new()) == NULL) 82 return SSH_ERR_ALLOC_FAIL; 83 if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, 84 force_new_format, new_format_cipher, new_format_rounds)) != 0) 85 goto out; 86 if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) 87 goto out; 88 r = 0; 89 out: 90 sshbuf_free(keyblob); 91 return r; 92 } 93 94 /* Load a key from a fd into a buffer */ 95 int 96 sshkey_load_file(int fd, struct sshbuf *blob) 97 { 98 u_char buf[1024]; 99 size_t len; 100 struct stat st; 101 int r; 102 103 if (fstat(fd, &st) < 0) 104 return SSH_ERR_SYSTEM_ERROR; 105 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 106 st.st_size > MAX_KEY_FILE_SIZE) 107 return SSH_ERR_INVALID_FORMAT; 108 for (;;) { 109 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { 110 if (errno == EPIPE) 111 break; 112 r = SSH_ERR_SYSTEM_ERROR; 113 goto out; 114 } 115 if ((r = sshbuf_put(blob, buf, len)) != 0) 116 goto out; 117 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { 118 r = SSH_ERR_INVALID_FORMAT; 119 goto out; 120 } 121 } 122 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 123 st.st_size != (off_t)sshbuf_len(blob)) { 124 r = SSH_ERR_FILE_CHANGED; 125 goto out; 126 } 127 r = 0; 128 129 out: 130 explicit_bzero(buf, sizeof(buf)); 131 if (r != 0) 132 sshbuf_reset(blob); 133 return r; 134 } 135 136 #ifdef WITH_SSH1 137 /* 138 * Loads the public part of the ssh v1 key file. Returns NULL if an error was 139 * encountered (the file does not exist or is not readable), and the key 140 * otherwise. 141 */ 142 static int 143 sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) 144 { 145 struct sshbuf *b = NULL; 146 int r; 147 148 if (keyp != NULL) 149 *keyp = NULL; 150 if (commentp != NULL) 151 *commentp = NULL; 152 153 if ((b = sshbuf_new()) == NULL) 154 return SSH_ERR_ALLOC_FAIL; 155 if ((r = sshkey_load_file(fd, b)) != 0) 156 goto out; 157 if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) 158 goto out; 159 r = 0; 160 out: 161 sshbuf_free(b); 162 return r; 163 } 164 #endif /* WITH_SSH1 */ 165 166 /* XXX remove error() calls from here? */ 167 int 168 sshkey_perm_ok(int fd, const char *filename) 169 { 170 struct stat st; 171 172 if (fstat(fd, &st) < 0) 173 return SSH_ERR_SYSTEM_ERROR; 174 /* 175 * if a key owned by the user is accessed, then we check the 176 * permissions of the file. if the key owned by a different user, 177 * then we don't care. 178 */ 179 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { 180 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 181 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); 182 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 183 error("Permissions 0%3.3o for '%s' are too open.", 184 (u_int)st.st_mode & 0777, filename); 185 error("It is required that your private key files are NOT accessible by others."); 186 error("This private key will be ignored."); 187 return SSH_ERR_KEY_BAD_PERMISSIONS; 188 } 189 return 0; 190 } 191 192 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ 193 int 194 sshkey_load_private_type(int type, const char *filename, const char *passphrase, 195 struct sshkey **keyp, char **commentp, int *perm_ok) 196 { 197 int fd, r; 198 199 if (keyp != NULL) 200 *keyp = NULL; 201 if (commentp != NULL) 202 *commentp = NULL; 203 204 if ((fd = open(filename, O_RDONLY)) < 0) { 205 if (perm_ok != NULL) 206 *perm_ok = 0; 207 return SSH_ERR_SYSTEM_ERROR; 208 } 209 if (sshkey_perm_ok(fd, filename) != 0) { 210 if (perm_ok != NULL) 211 *perm_ok = 0; 212 r = SSH_ERR_KEY_BAD_PERMISSIONS; 213 goto out; 214 } 215 if (perm_ok != NULL) 216 *perm_ok = 1; 217 218 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); 219 out: 220 close(fd); 221 return r; 222 } 223 224 int 225 sshkey_load_private_type_fd(int fd, int type, const char *passphrase, 226 struct sshkey **keyp, char **commentp) 227 { 228 struct sshbuf *buffer = NULL; 229 int r; 230 231 if (keyp != NULL) 232 *keyp = NULL; 233 if ((buffer = sshbuf_new()) == NULL) { 234 r = SSH_ERR_ALLOC_FAIL; 235 goto out; 236 } 237 if ((r = sshkey_load_file(fd, buffer)) != 0 || 238 (r = sshkey_parse_private_fileblob_type(buffer, type, 239 passphrase, keyp, commentp)) != 0) 240 goto out; 241 242 /* success */ 243 r = 0; 244 out: 245 sshbuf_free(buffer); 246 return r; 247 } 248 249 /* XXX this is almost identical to sshkey_load_private_type() */ 250 int 251 sshkey_load_private(const char *filename, const char *passphrase, 252 struct sshkey **keyp, char **commentp) 253 { 254 struct sshbuf *buffer = NULL; 255 int r, fd; 256 257 if (keyp != NULL) 258 *keyp = NULL; 259 if (commentp != NULL) 260 *commentp = NULL; 261 262 if ((fd = open(filename, O_RDONLY)) < 0) 263 return SSH_ERR_SYSTEM_ERROR; 264 if (sshkey_perm_ok(fd, filename) != 0) { 265 r = SSH_ERR_KEY_BAD_PERMISSIONS; 266 goto out; 267 } 268 269 if ((buffer = sshbuf_new()) == NULL) { 270 r = SSH_ERR_ALLOC_FAIL; 271 goto out; 272 } 273 if ((r = sshkey_load_file(fd, buffer)) != 0 || 274 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, 275 commentp)) != 0) 276 goto out; 277 r = 0; 278 out: 279 close(fd); 280 sshbuf_free(buffer); 281 return r; 282 } 283 284 static int 285 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) 286 { 287 FILE *f; 288 char line[SSH_MAX_PUBKEY_BYTES]; 289 char *cp; 290 u_long linenum = 0; 291 int r; 292 293 if (commentp != NULL) 294 *commentp = NULL; 295 if ((f = fopen(filename, "r")) == NULL) 296 return SSH_ERR_SYSTEM_ERROR; 297 while (read_keyfile_line(f, filename, line, sizeof(line), 298 &linenum) != -1) { 299 cp = line; 300 switch (*cp) { 301 case '#': 302 case '\n': 303 case '\0': 304 continue; 305 } 306 /* Abort loading if this looks like a private key */ 307 if (strncmp(cp, "-----BEGIN", 10) == 0 || 308 strcmp(cp, "SSH PRIVATE KEY FILE") == 0) 309 break; 310 /* Skip leading whitespace. */ 311 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 312 ; 313 if (*cp) { 314 if ((r = sshkey_read(k, &cp)) == 0) { 315 cp[strcspn(cp, "\r\n")] = '\0'; 316 if (commentp) { 317 *commentp = strdup(*cp ? 318 cp : filename); 319 if (*commentp == NULL) 320 r = SSH_ERR_ALLOC_FAIL; 321 } 322 fclose(f); 323 return r; 324 } 325 } 326 } 327 fclose(f); 328 return SSH_ERR_INVALID_FORMAT; 329 } 330 331 /* load public key from ssh v1 private or any pubkey file */ 332 int 333 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) 334 { 335 struct sshkey *pub = NULL; 336 char file[PATH_MAX]; 337 int r, fd; 338 339 if (keyp != NULL) 340 *keyp = NULL; 341 if (commentp != NULL) 342 *commentp = NULL; 343 344 /* XXX should load file once and attempt to parse each format */ 345 346 if ((fd = open(filename, O_RDONLY)) < 0) 347 goto skip; 348 #ifdef WITH_SSH1 349 /* try rsa1 private key */ 350 r = sshkey_load_public_rsa1(fd, keyp, commentp); 351 close(fd); 352 switch (r) { 353 case SSH_ERR_INTERNAL_ERROR: 354 case SSH_ERR_ALLOC_FAIL: 355 case SSH_ERR_INVALID_ARGUMENT: 356 case SSH_ERR_SYSTEM_ERROR: 357 case 0: 358 return r; 359 } 360 #else /* WITH_SSH1 */ 361 close(fd); 362 #endif /* WITH_SSH1 */ 363 364 /* try ssh2 public key */ 365 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 366 return SSH_ERR_ALLOC_FAIL; 367 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 368 if (keyp != NULL) 369 *keyp = pub; 370 return 0; 371 } 372 sshkey_free(pub); 373 374 #ifdef WITH_SSH1 375 /* try rsa1 public key */ 376 if ((pub = sshkey_new(KEY_RSA1)) == NULL) 377 return SSH_ERR_ALLOC_FAIL; 378 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 379 if (keyp != NULL) 380 *keyp = pub; 381 return 0; 382 } 383 sshkey_free(pub); 384 #endif /* WITH_SSH1 */ 385 386 skip: 387 /* try .pub suffix */ 388 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 389 return SSH_ERR_ALLOC_FAIL; 390 r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ 391 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && 392 (strlcat(file, ".pub", sizeof file) < sizeof(file)) && 393 (r = sshkey_try_load_public(pub, file, commentp)) == 0) { 394 if (keyp != NULL) 395 *keyp = pub; 396 return 0; 397 } 398 sshkey_free(pub); 399 400 return r; 401 } 402 403 /* Load the certificate associated with the named private key */ 404 int 405 sshkey_load_cert(const char *filename, struct sshkey **keyp) 406 { 407 struct sshkey *pub = NULL; 408 char *file = NULL; 409 int r = SSH_ERR_INTERNAL_ERROR; 410 411 if (keyp != NULL) 412 *keyp = NULL; 413 414 if (asprintf(&file, "%s-cert.pub", filename) == -1) 415 return SSH_ERR_ALLOC_FAIL; 416 417 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 418 goto out; 419 } 420 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) 421 goto out; 422 /* success */ 423 if (keyp != NULL) { 424 *keyp = pub; 425 pub = NULL; 426 } 427 r = 0; 428 out: 429 free(file); 430 sshkey_free(pub); 431 return r; 432 } 433 434 /* Load private key and certificate */ 435 int 436 sshkey_load_private_cert(int type, const char *filename, const char *passphrase, 437 struct sshkey **keyp, int *perm_ok) 438 { 439 struct sshkey *key = NULL, *cert = NULL; 440 int r; 441 442 if (keyp != NULL) 443 *keyp = NULL; 444 445 switch (type) { 446 #ifdef WITH_OPENSSL 447 case KEY_RSA: 448 case KEY_DSA: 449 case KEY_ECDSA: 450 #endif /* WITH_OPENSSL */ 451 case KEY_ED25519: 452 case KEY_UNSPEC: 453 break; 454 default: 455 return SSH_ERR_KEY_TYPE_UNKNOWN; 456 } 457 458 if ((r = sshkey_load_private_type(type, filename, 459 passphrase, &key, NULL, perm_ok)) != 0 || 460 (r = sshkey_load_cert(filename, &cert)) != 0) 461 goto out; 462 463 /* Make sure the private key matches the certificate */ 464 if (sshkey_equal_public(key, cert) == 0) { 465 r = SSH_ERR_KEY_CERT_MISMATCH; 466 goto out; 467 } 468 469 if ((r = sshkey_to_certified(key)) != 0 || 470 (r = sshkey_cert_copy(cert, key)) != 0) 471 goto out; 472 r = 0; 473 if (keyp != NULL) { 474 *keyp = key; 475 key = NULL; 476 } 477 out: 478 sshkey_free(key); 479 sshkey_free(cert); 480 return r; 481 } 482 483 /* 484 * Returns success if the specified "key" is listed in the file "filename", 485 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. 486 * If "strict_type" is set then the key type must match exactly, 487 * otherwise a comparison that ignores certficiate data is performed. 488 * If "check_ca" is set and "key" is a certificate, then its CA key is 489 * also checked and sshkey_in_file() will return success if either is found. 490 */ 491 int 492 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, 493 int check_ca) 494 { 495 FILE *f; 496 char line[SSH_MAX_PUBKEY_BYTES]; 497 char *cp; 498 u_long linenum = 0; 499 int r = 0; 500 struct sshkey *pub = NULL; 501 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = 502 strict_type ? sshkey_equal : sshkey_equal_public; 503 504 if ((f = fopen(filename, "r")) == NULL) 505 return SSH_ERR_SYSTEM_ERROR; 506 507 while (read_keyfile_line(f, filename, line, sizeof(line), 508 &linenum) != -1) { 509 cp = line; 510 511 /* Skip leading whitespace. */ 512 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 513 ; 514 515 /* Skip comments and empty lines */ 516 switch (*cp) { 517 case '#': 518 case '\n': 519 case '\0': 520 continue; 521 } 522 523 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 524 r = SSH_ERR_ALLOC_FAIL; 525 goto out; 526 } 527 if ((r = sshkey_read(pub, &cp)) != 0) 528 goto out; 529 if (sshkey_compare(key, pub) || 530 (check_ca && sshkey_is_cert(key) && 531 sshkey_compare(key->cert->signature_key, pub))) { 532 r = 0; 533 goto out; 534 } 535 sshkey_free(pub); 536 pub = NULL; 537 } 538 r = SSH_ERR_KEY_NOT_FOUND; 539 out: 540 sshkey_free(pub); 541 fclose(f); 542 return r; 543 } 544 545 /* 546 * Checks whether the specified key is revoked, returning 0 if not, 547 * SSH_ERR_KEY_REVOKED if it is or another error code if something 548 * unexpected happened. 549 * This will check both the key and, if it is a certificate, its CA key too. 550 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. 551 */ 552 int 553 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) 554 { 555 int r; 556 557 r = ssh_krl_file_contains_key(revoked_keys_file, key); 558 /* If this was not a KRL to begin with then continue below */ 559 if (r != SSH_ERR_KRL_BAD_MAGIC) 560 return r; 561 562 /* 563 * If the file is not a KRL or we can't handle KRLs then attempt to 564 * parse the file as a flat list of keys. 565 */ 566 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { 567 case 0: 568 /* Key found => revoked */ 569 return SSH_ERR_KEY_REVOKED; 570 case SSH_ERR_KEY_NOT_FOUND: 571 /* Key not found => not revoked */ 572 return 0; 573 default: 574 /* Some other error occurred */ 575 return r; 576 } 577 } 578 579