xref: /freebsd/crypto/openssh/authfile.c (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1 /* $OpenBSD: authfile.c,v 1.144 2023/03/14 07:26:25 dtucker Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "ssh.h"
43 #include "log.h"
44 #include "authfile.h"
45 #include "misc.h"
46 #include "atomicio.h"
47 #include "sshkey.h"
48 #include "sshbuf.h"
49 #include "ssherr.h"
50 #include "krl.h"
51 
52 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
53 
54 /* Save a key blob to a file */
55 static int
56 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57 {
58 	int r;
59 	mode_t omask;
60 
61 	omask = umask(077);
62 	r = sshbuf_write_file(filename, keybuf);
63 	umask(omask);
64 	return r;
65 }
66 
67 int
68 sshkey_save_private(struct sshkey *key, const char *filename,
69     const char *passphrase, const char *comment,
70     int format, const char *openssh_format_cipher, int openssh_format_rounds)
71 {
72 	struct sshbuf *keyblob = NULL;
73 	int r;
74 
75 	if ((keyblob = sshbuf_new()) == NULL)
76 		return SSH_ERR_ALLOC_FAIL;
77 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
78 	    format, openssh_format_cipher, openssh_format_rounds)) != 0)
79 		goto out;
80 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
81 		goto out;
82 	r = 0;
83  out:
84 	sshbuf_free(keyblob);
85 	return r;
86 }
87 
88 /* XXX remove error() calls from here? */
89 int
90 sshkey_perm_ok(int fd, const char *filename)
91 {
92 	struct stat st;
93 
94 	if (fstat(fd, &st) == -1)
95 		return SSH_ERR_SYSTEM_ERROR;
96 	/*
97 	 * if a key owned by the user is accessed, then we check the
98 	 * permissions of the file. if the key owned by a different user,
99 	 * then we don't care.
100 	 */
101 #ifdef HAVE_CYGWIN
102 	if (check_ntsec(filename))
103 #endif
104 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
105 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
106 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
107 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
108 		error("Permissions 0%3.3o for '%s' are too open.",
109 		    (u_int)st.st_mode & 0777, filename);
110 		error("It is required that your private key files are NOT accessible by others.");
111 		error("This private key will be ignored.");
112 		return SSH_ERR_KEY_BAD_PERMISSIONS;
113 	}
114 	return 0;
115 }
116 
117 int
118 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
119     struct sshkey **keyp, char **commentp)
120 {
121 	int fd, r;
122 
123 	if (keyp != NULL)
124 		*keyp = NULL;
125 	if (commentp != NULL)
126 		*commentp = NULL;
127 
128 	if ((fd = open(filename, O_RDONLY)) == -1)
129 		return SSH_ERR_SYSTEM_ERROR;
130 
131 	r = sshkey_perm_ok(fd, filename);
132 	if (r != 0)
133 		goto out;
134 
135 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
136 	if (r == 0 && keyp && *keyp)
137 		r = sshkey_set_filename(*keyp, filename);
138  out:
139 	close(fd);
140 	return r;
141 }
142 
143 int
144 sshkey_load_private(const char *filename, const char *passphrase,
145     struct sshkey **keyp, char **commentp)
146 {
147 	return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
148 	    keyp, commentp);
149 }
150 
151 int
152 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
153     struct sshkey **keyp, char **commentp)
154 {
155 	struct sshbuf *buffer = NULL;
156 	int r;
157 
158 	if (keyp != NULL)
159 		*keyp = NULL;
160 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
161 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
162 	    passphrase, keyp, commentp)) != 0)
163 		goto out;
164 
165 	/* success */
166 	r = 0;
167  out:
168 	sshbuf_free(buffer);
169 	return r;
170 }
171 
172 /* Load a pubkey from the unencrypted envelope of a new-format private key */
173 static int
174 sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
175 {
176 	struct sshbuf *buffer = NULL;
177 	struct sshkey *pubkey = NULL;
178 	int r, fd;
179 
180 	if (pubkeyp != NULL)
181 		*pubkeyp = NULL;
182 
183 	if ((fd = open(filename, O_RDONLY)) == -1)
184 		return SSH_ERR_SYSTEM_ERROR;
185 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
186 	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
187 	    KEY_UNSPEC, &pubkey)) != 0)
188 		goto out;
189 	if ((r = sshkey_set_filename(pubkey, filename)) != 0)
190 		goto out;
191 	/* success */
192 	if (pubkeyp != NULL) {
193 		*pubkeyp = pubkey;
194 		pubkey = NULL;
195 	}
196 	r = 0;
197  out:
198 	close(fd);
199 	sshbuf_free(buffer);
200 	sshkey_free(pubkey);
201 	return r;
202 }
203 
204 static int
205 sshkey_try_load_public(struct sshkey **kp, const char *filename,
206     char **commentp)
207 {
208 	FILE *f;
209 	char *line = NULL, *cp;
210 	size_t linesize = 0;
211 	int r;
212 	struct sshkey *k = NULL;
213 
214 	if (kp == NULL)
215 		return SSH_ERR_INVALID_ARGUMENT;
216 	*kp = NULL;
217 	if (commentp != NULL)
218 		*commentp = NULL;
219 	if ((f = fopen(filename, "r")) == NULL)
220 		return SSH_ERR_SYSTEM_ERROR;
221 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
222 		fclose(f);
223 		return SSH_ERR_ALLOC_FAIL;
224 	}
225 	while (getline(&line, &linesize, f) != -1) {
226 		cp = line;
227 		switch (*cp) {
228 		case '#':
229 		case '\n':
230 		case '\0':
231 			continue;
232 		}
233 		/* Abort loading if this looks like a private key */
234 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
235 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
236 			break;
237 		/* Skip leading whitespace. */
238 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
239 			;
240 		if (*cp) {
241 			if ((r = sshkey_read(k, &cp)) == 0) {
242 				cp[strcspn(cp, "\r\n")] = '\0';
243 				if (commentp) {
244 					*commentp = strdup(*cp ?
245 					    cp : filename);
246 					if (*commentp == NULL)
247 						r = SSH_ERR_ALLOC_FAIL;
248 				}
249 				/* success */
250 				*kp = k;
251 				free(line);
252 				fclose(f);
253 				return r;
254 			}
255 		}
256 	}
257 	free(k);
258 	free(line);
259 	fclose(f);
260 	return SSH_ERR_INVALID_FORMAT;
261 }
262 
263 /* load public key from any pubkey file */
264 int
265 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
266 {
267 	char *pubfile = NULL;
268 	int r, oerrno;
269 
270 	if (keyp != NULL)
271 		*keyp = NULL;
272 	if (commentp != NULL)
273 		*commentp = NULL;
274 
275 	if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0)
276 		goto out;
277 
278 	/* try .pub suffix */
279 	if (asprintf(&pubfile, "%s.pub", filename) == -1)
280 		return SSH_ERR_ALLOC_FAIL;
281 	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
282 		goto out;
283 
284 	/* finally, try to extract public key from private key file */
285 	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
286 		goto out;
287 
288 	/* Pretend we couldn't find the key */
289 	r = SSH_ERR_SYSTEM_ERROR;
290 	errno = ENOENT;
291 
292  out:
293 	oerrno = errno;
294 	free(pubfile);
295 	errno = oerrno;
296 	return r;
297 }
298 
299 /* Load the certificate associated with the named private key */
300 int
301 sshkey_load_cert(const char *filename, struct sshkey **keyp)
302 {
303 	struct sshkey *pub = NULL;
304 	char *file = NULL;
305 	int r = SSH_ERR_INTERNAL_ERROR;
306 
307 	if (keyp != NULL)
308 		*keyp = NULL;
309 
310 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
311 		return SSH_ERR_ALLOC_FAIL;
312 
313 	r = sshkey_try_load_public(keyp, file, NULL);
314 	free(file);
315 	sshkey_free(pub);
316 	return r;
317 }
318 
319 /* Load private key and certificate */
320 int
321 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
322     struct sshkey **keyp)
323 {
324 	struct sshkey *key = NULL, *cert = NULL;
325 	int r;
326 
327 	if (keyp != NULL)
328 		*keyp = NULL;
329 
330 	switch (type) {
331 #ifdef WITH_OPENSSL
332 	case KEY_RSA:
333 	case KEY_DSA:
334 	case KEY_ECDSA:
335 #endif /* WITH_OPENSSL */
336 	case KEY_ED25519:
337 	case KEY_XMSS:
338 	case KEY_UNSPEC:
339 		break;
340 	default:
341 		return SSH_ERR_KEY_TYPE_UNKNOWN;
342 	}
343 
344 	if ((r = sshkey_load_private_type(type, filename,
345 	    passphrase, &key, NULL)) != 0 ||
346 	    (r = sshkey_load_cert(filename, &cert)) != 0)
347 		goto out;
348 
349 	/* Make sure the private key matches the certificate */
350 	if (sshkey_equal_public(key, cert) == 0) {
351 		r = SSH_ERR_KEY_CERT_MISMATCH;
352 		goto out;
353 	}
354 
355 	if ((r = sshkey_to_certified(key)) != 0 ||
356 	    (r = sshkey_cert_copy(cert, key)) != 0)
357 		goto out;
358 	r = 0;
359 	if (keyp != NULL) {
360 		*keyp = key;
361 		key = NULL;
362 	}
363  out:
364 	sshkey_free(key);
365 	sshkey_free(cert);
366 	return r;
367 }
368 
369 /*
370  * Returns success if the specified "key" is listed in the file "filename",
371  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
372  * If "strict_type" is set then the key type must match exactly,
373  * otherwise a comparison that ignores certificate data is performed.
374  * If "check_ca" is set and "key" is a certificate, then its CA key is
375  * also checked and sshkey_in_file() will return success if either is found.
376  */
377 int
378 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
379     int check_ca)
380 {
381 	FILE *f;
382 	char *line = NULL, *cp;
383 	size_t linesize = 0;
384 	int r = 0;
385 	struct sshkey *pub = NULL;
386 
387 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
388 	    strict_type ?  sshkey_equal : sshkey_equal_public;
389 
390 	if ((f = fopen(filename, "r")) == NULL)
391 		return SSH_ERR_SYSTEM_ERROR;
392 
393 	while (getline(&line, &linesize, f) != -1) {
394 		sshkey_free(pub);
395 		pub = NULL;
396 		cp = line;
397 
398 		/* Skip leading whitespace. */
399 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
400 			;
401 
402 		/* Skip comments and empty lines */
403 		switch (*cp) {
404 		case '#':
405 		case '\n':
406 		case '\0':
407 			continue;
408 		}
409 
410 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
411 			r = SSH_ERR_ALLOC_FAIL;
412 			goto out;
413 		}
414 		switch (r = sshkey_read(pub, &cp)) {
415 		case 0:
416 			break;
417 		case SSH_ERR_KEY_LENGTH:
418 			continue;
419 		default:
420 			goto out;
421 		}
422 		if (sshkey_compare(key, pub) ||
423 		    (check_ca && sshkey_is_cert(key) &&
424 		    sshkey_compare(key->cert->signature_key, pub))) {
425 			r = 0;
426 			goto out;
427 		}
428 	}
429 	r = SSH_ERR_KEY_NOT_FOUND;
430  out:
431 	free(line);
432 	sshkey_free(pub);
433 	fclose(f);
434 	return r;
435 }
436 
437 /*
438  * Checks whether the specified key is revoked, returning 0 if not,
439  * SSH_ERR_KEY_REVOKED if it is or another error code if something
440  * unexpected happened.
441  * This will check both the key and, if it is a certificate, its CA key too.
442  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
443  */
444 int
445 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
446 {
447 	int r;
448 
449 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
450 	/* If this was not a KRL to begin with then continue below */
451 	if (r != SSH_ERR_KRL_BAD_MAGIC)
452 		return r;
453 
454 	/*
455 	 * If the file is not a KRL or we can't handle KRLs then attempt to
456 	 * parse the file as a flat list of keys.
457 	 */
458 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
459 	case 0:
460 		/* Key found => revoked */
461 		return SSH_ERR_KEY_REVOKED;
462 	case SSH_ERR_KEY_NOT_FOUND:
463 		/* Key not found => not revoked */
464 		return 0;
465 	default:
466 		/* Some other error occurred */
467 		return r;
468 	}
469 }
470 
471 /*
472  * Advanced *cpp past the end of key options, defined as the first unquoted
473  * whitespace character. Returns 0 on success or -1 on failure (e.g.
474  * unterminated quotes).
475  */
476 int
477 sshkey_advance_past_options(char **cpp)
478 {
479 	char *cp = *cpp;
480 	int quoted = 0;
481 
482 	for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
483 		if (*cp == '\\' && cp[1] == '"')
484 			cp++;	/* Skip both */
485 		else if (*cp == '"')
486 			quoted = !quoted;
487 	}
488 	*cpp = cp;
489 	/* return failure for unterminated quotes */
490 	return (*cp == '\0' && quoted) ? -1 : 0;
491 }
492 
493 /* Save a public key */
494 int
495 sshkey_save_public(const struct sshkey *key, const char *path,
496     const char *comment)
497 {
498 	int fd, oerrno;
499 	FILE *f = NULL;
500 	int r = SSH_ERR_INTERNAL_ERROR;
501 
502 	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
503 		return SSH_ERR_SYSTEM_ERROR;
504 	if ((f = fdopen(fd, "w")) == NULL) {
505 		r = SSH_ERR_SYSTEM_ERROR;
506 		close(fd);
507 		goto fail;
508 	}
509 	if ((r = sshkey_write(key, f)) != 0)
510 		goto fail;
511 	fprintf(f, " %s\n", comment);
512 	if (ferror(f)) {
513 		r = SSH_ERR_SYSTEM_ERROR;
514 		goto fail;
515 	}
516 	if (fclose(f) != 0) {
517 		r = SSH_ERR_SYSTEM_ERROR;
518 		f = NULL;
519  fail:
520 		if (f != NULL) {
521 			oerrno = errno;
522 			fclose(f);
523 			errno = oerrno;
524 		}
525 		return r;
526 	}
527 	return 0;
528 }
529