xref: /freebsd/crypto/openssh/authfile.c (revision 49b49cda41feabe3439f7318e8bf40e3896c7bf4)
1 /* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "ssh.h"
43 #include "log.h"
44 #include "authfile.h"
45 #include "rsa.h"
46 #include "misc.h"
47 #include "atomicio.h"
48 #include "sshkey.h"
49 #include "sshbuf.h"
50 #include "ssherr.h"
51 #include "krl.h"
52 
53 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
54 
55 /* Save a key blob to a file */
56 static int
57 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
58 {
59 	int fd, oerrno;
60 
61 	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
62 		return SSH_ERR_SYSTEM_ERROR;
63 	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
64 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
65 		oerrno = errno;
66 		close(fd);
67 		unlink(filename);
68 		errno = oerrno;
69 		return SSH_ERR_SYSTEM_ERROR;
70 	}
71 	close(fd);
72 	return 0;
73 }
74 
75 int
76 sshkey_save_private(struct sshkey *key, const char *filename,
77     const char *passphrase, const char *comment,
78     int force_new_format, const char *new_format_cipher, int new_format_rounds)
79 {
80 	struct sshbuf *keyblob = NULL;
81 	int r;
82 
83 	if ((keyblob = sshbuf_new()) == NULL)
84 		return SSH_ERR_ALLOC_FAIL;
85 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
86 	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
87 		goto out;
88 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
89 		goto out;
90 	r = 0;
91  out:
92 	sshbuf_free(keyblob);
93 	return r;
94 }
95 
96 /* Load a key from a fd into a buffer */
97 int
98 sshkey_load_file(int fd, struct sshbuf *blob)
99 {
100 	u_char buf[1024];
101 	size_t len;
102 	struct stat st;
103 	int r;
104 
105 	if (fstat(fd, &st) < 0)
106 		return SSH_ERR_SYSTEM_ERROR;
107 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108 	    st.st_size > MAX_KEY_FILE_SIZE)
109 		return SSH_ERR_INVALID_FORMAT;
110 	for (;;) {
111 		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
112 			if (errno == EPIPE)
113 				break;
114 			r = SSH_ERR_SYSTEM_ERROR;
115 			goto out;
116 		}
117 		if ((r = sshbuf_put(blob, buf, len)) != 0)
118 			goto out;
119 		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
120 			r = SSH_ERR_INVALID_FORMAT;
121 			goto out;
122 		}
123 	}
124 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
125 	    st.st_size != (off_t)sshbuf_len(blob)) {
126 		r = SSH_ERR_FILE_CHANGED;
127 		goto out;
128 	}
129 	r = 0;
130 
131  out:
132 	explicit_bzero(buf, sizeof(buf));
133 	if (r != 0)
134 		sshbuf_reset(blob);
135 	return r;
136 }
137 
138 #ifdef WITH_SSH1
139 /*
140  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
141  * encountered (the file does not exist or is not readable), and the key
142  * otherwise.
143  */
144 static int
145 sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
146 {
147 	struct sshbuf *b = NULL;
148 	int r;
149 
150 	*keyp = NULL;
151 	if (commentp != NULL)
152 		*commentp = NULL;
153 
154 	if ((b = sshbuf_new()) == NULL)
155 		return SSH_ERR_ALLOC_FAIL;
156 	if ((r = sshkey_load_file(fd, b)) != 0)
157 		goto out;
158 	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
159 		goto out;
160 	r = 0;
161  out:
162 	sshbuf_free(b);
163 	return r;
164 }
165 #endif /* WITH_SSH1 */
166 
167 /* XXX remove error() calls from here? */
168 int
169 sshkey_perm_ok(int fd, const char *filename)
170 {
171 	struct stat st;
172 
173 	if (fstat(fd, &st) < 0)
174 		return SSH_ERR_SYSTEM_ERROR;
175 	/*
176 	 * if a key owned by the user is accessed, then we check the
177 	 * permissions of the file. if the key owned by a different user,
178 	 * then we don't care.
179 	 */
180 #ifdef HAVE_CYGWIN
181 	if (check_ntsec(filename))
182 #endif
183 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
184 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
185 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
186 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
187 		error("Permissions 0%3.3o for '%s' are too open.",
188 		    (u_int)st.st_mode & 0777, filename);
189 		error("It is required that your private key files are NOT accessible by others.");
190 		error("This private key will be ignored.");
191 		return SSH_ERR_KEY_BAD_PERMISSIONS;
192 	}
193 	return 0;
194 }
195 
196 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
197 int
198 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
199     struct sshkey **keyp, char **commentp, int *perm_ok)
200 {
201 	int fd, r;
202 
203 	*keyp = NULL;
204 	if (commentp != NULL)
205 		*commentp = NULL;
206 
207 	if ((fd = open(filename, O_RDONLY)) < 0) {
208 		if (perm_ok != NULL)
209 			*perm_ok = 0;
210 		return SSH_ERR_SYSTEM_ERROR;
211 	}
212 	if (sshkey_perm_ok(fd, filename) != 0) {
213 		if (perm_ok != NULL)
214 			*perm_ok = 0;
215 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
216 		goto out;
217 	}
218 	if (perm_ok != NULL)
219 		*perm_ok = 1;
220 
221 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
222  out:
223 	close(fd);
224 	return r;
225 }
226 
227 int
228 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
229     struct sshkey **keyp, char **commentp)
230 {
231 	struct sshbuf *buffer = NULL;
232 	int r;
233 
234 	if ((buffer = sshbuf_new()) == NULL) {
235 		r = SSH_ERR_ALLOC_FAIL;
236 		goto out;
237 	}
238 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
239 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
240 	    passphrase, keyp, commentp)) != 0)
241 		goto out;
242 
243 	/* success */
244 	r = 0;
245  out:
246 	if (buffer != NULL)
247 		sshbuf_free(buffer);
248 	return r;
249 }
250 
251 /* XXX this is almost identical to sshkey_load_private_type() */
252 int
253 sshkey_load_private(const char *filename, const char *passphrase,
254     struct sshkey **keyp, char **commentp)
255 {
256 	struct sshbuf *buffer = NULL;
257 	int r, fd;
258 
259 	*keyp = NULL;
260 	if (commentp != NULL)
261 		*commentp = NULL;
262 
263 	if ((fd = open(filename, O_RDONLY)) < 0)
264 		return SSH_ERR_SYSTEM_ERROR;
265 	if (sshkey_perm_ok(fd, filename) != 0) {
266 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
267 		goto out;
268 	}
269 
270 	if ((buffer = sshbuf_new()) == NULL) {
271 		r = SSH_ERR_ALLOC_FAIL;
272 		goto out;
273 	}
274 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
275 	    (r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
276 	    keyp, commentp)) != 0)
277 		goto out;
278 	r = 0;
279  out:
280 	close(fd);
281 	if (buffer != NULL)
282 		sshbuf_free(buffer);
283 	return r;
284 }
285 
286 static int
287 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
288 {
289 	FILE *f;
290 	char line[SSH_MAX_PUBKEY_BYTES];
291 	char *cp;
292 	u_long linenum = 0;
293 	int r;
294 
295 	if (commentp != NULL)
296 		*commentp = NULL;
297 	if ((f = fopen(filename, "r")) == NULL)
298 		return SSH_ERR_SYSTEM_ERROR;
299 	while (read_keyfile_line(f, filename, line, sizeof(line),
300 		    &linenum) != -1) {
301 		cp = line;
302 		switch (*cp) {
303 		case '#':
304 		case '\n':
305 		case '\0':
306 			continue;
307 		}
308 		/* Abort loading if this looks like a private key */
309 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
310 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
311 			break;
312 		/* Skip leading whitespace. */
313 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
314 			;
315 		if (*cp) {
316 			if ((r = sshkey_read(k, &cp)) == 0) {
317 				cp[strcspn(cp, "\r\n")] = '\0';
318 				if (commentp) {
319 					*commentp = strdup(*cp ?
320 					    cp : filename);
321 					if (*commentp == NULL)
322 						r = SSH_ERR_ALLOC_FAIL;
323 				}
324 				fclose(f);
325 				return r;
326 			}
327 		}
328 	}
329 	fclose(f);
330 	return SSH_ERR_INVALID_FORMAT;
331 }
332 
333 /* load public key from ssh v1 private or any pubkey file */
334 int
335 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
336 {
337 	struct sshkey *pub = NULL;
338 	char file[PATH_MAX];
339 	int r, fd;
340 
341 	if (keyp != NULL)
342 		*keyp = NULL;
343 	if (commentp != NULL)
344 		*commentp = NULL;
345 
346 	/* XXX should load file once and attempt to parse each format */
347 
348 	if ((fd = open(filename, O_RDONLY)) < 0)
349 		goto skip;
350 #ifdef WITH_SSH1
351 	/* try rsa1 private key */
352 	r = sshkey_load_public_rsa1(fd, keyp, commentp);
353 	close(fd);
354 	switch (r) {
355 	case SSH_ERR_INTERNAL_ERROR:
356 	case SSH_ERR_ALLOC_FAIL:
357 	case SSH_ERR_INVALID_ARGUMENT:
358 	case SSH_ERR_SYSTEM_ERROR:
359 	case 0:
360 		return r;
361 	}
362 #else /* WITH_SSH1 */
363 	close(fd);
364 #endif /* WITH_SSH1 */
365 
366 	/* try ssh2 public key */
367 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
368 		return SSH_ERR_ALLOC_FAIL;
369 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
370 		if (keyp != NULL)
371 			*keyp = pub;
372 		return 0;
373 	}
374 	sshkey_free(pub);
375 
376 #ifdef WITH_SSH1
377 	/* try rsa1 public key */
378 	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
379 		return SSH_ERR_ALLOC_FAIL;
380 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
381 		if (keyp != NULL)
382 			*keyp = pub;
383 		return 0;
384 	}
385 	sshkey_free(pub);
386 #endif /* WITH_SSH1 */
387 
388  skip:
389 	/* try .pub suffix */
390 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
391 		return SSH_ERR_ALLOC_FAIL;
392 	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
393 	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
394 	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
395 	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
396 		if (keyp != NULL)
397 			*keyp = pub;
398 		return 0;
399 	}
400 	sshkey_free(pub);
401 
402 	return r;
403 }
404 
405 /* Load the certificate associated with the named private key */
406 int
407 sshkey_load_cert(const char *filename, struct sshkey **keyp)
408 {
409 	struct sshkey *pub = NULL;
410 	char *file = NULL;
411 	int r = SSH_ERR_INTERNAL_ERROR;
412 
413 	*keyp = NULL;
414 
415 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
416 		return SSH_ERR_ALLOC_FAIL;
417 
418 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
419 		goto out;
420 	}
421 	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
422 		goto out;
423 
424 	*keyp = pub;
425 	pub = NULL;
426 	r = 0;
427 
428  out:
429 	if (file != NULL)
430 		free(file);
431 	if (pub != NULL)
432 		sshkey_free(pub);
433 	return r;
434 }
435 
436 /* Load private key and certificate */
437 int
438 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
439     struct sshkey **keyp, int *perm_ok)
440 {
441 	struct sshkey *key = NULL, *cert = NULL;
442 	int r;
443 
444 	*keyp = NULL;
445 
446 	switch (type) {
447 #ifdef WITH_OPENSSL
448 	case KEY_RSA:
449 	case KEY_DSA:
450 	case KEY_ECDSA:
451 #endif /* WITH_OPENSSL */
452 	case KEY_ED25519:
453 	case KEY_UNSPEC:
454 		break;
455 	default:
456 		return SSH_ERR_KEY_TYPE_UNKNOWN;
457 	}
458 
459 	if ((r = sshkey_load_private_type(type, filename,
460 	    passphrase, &key, NULL, perm_ok)) != 0 ||
461 	    (r = sshkey_load_cert(filename, &cert)) != 0)
462 		goto out;
463 
464 	/* Make sure the private key matches the certificate */
465 	if (sshkey_equal_public(key, cert) == 0) {
466 		r = SSH_ERR_KEY_CERT_MISMATCH;
467 		goto out;
468 	}
469 
470 	if ((r = sshkey_to_certified(key)) != 0 ||
471 	    (r = sshkey_cert_copy(cert, key)) != 0)
472 		goto out;
473 	r = 0;
474 	*keyp = key;
475 	key = NULL;
476  out:
477 	if (key != NULL)
478 		sshkey_free(key);
479 	if (cert != NULL)
480 		sshkey_free(cert);
481 	return r;
482 }
483 
484 /*
485  * Returns success if the specified "key" is listed in the file "filename",
486  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
487  * If "strict_type" is set then the key type must match exactly,
488  * otherwise a comparison that ignores certficiate data is performed.
489  * If "check_ca" is set and "key" is a certificate, then its CA key is
490  * also checked and sshkey_in_file() will return success if either is found.
491  */
492 int
493 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
494     int check_ca)
495 {
496 	FILE *f;
497 	char line[SSH_MAX_PUBKEY_BYTES];
498 	char *cp;
499 	u_long linenum = 0;
500 	int r = 0;
501 	struct sshkey *pub = NULL;
502 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
503 	    strict_type ?  sshkey_equal : sshkey_equal_public;
504 
505 	if ((f = fopen(filename, "r")) == NULL)
506 		return SSH_ERR_SYSTEM_ERROR;
507 
508 	while (read_keyfile_line(f, filename, line, sizeof(line),
509 	    &linenum) != -1) {
510 		cp = line;
511 
512 		/* Skip leading whitespace. */
513 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
514 			;
515 
516 		/* Skip comments and empty lines */
517 		switch (*cp) {
518 		case '#':
519 		case '\n':
520 		case '\0':
521 			continue;
522 		}
523 
524 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
525 			r = SSH_ERR_ALLOC_FAIL;
526 			goto out;
527 		}
528 		if ((r = sshkey_read(pub, &cp)) != 0)
529 			goto out;
530 		if (sshkey_compare(key, pub) ||
531 		    (check_ca && sshkey_is_cert(key) &&
532 		    sshkey_compare(key->cert->signature_key, pub))) {
533 			r = 0;
534 			goto out;
535 		}
536 		sshkey_free(pub);
537 		pub = NULL;
538 	}
539 	r = SSH_ERR_KEY_NOT_FOUND;
540  out:
541 	if (pub != NULL)
542 		sshkey_free(pub);
543 	fclose(f);
544 	return r;
545 }
546 
547 /*
548  * Checks whether the specified key is revoked, returning 0 if not,
549  * SSH_ERR_KEY_REVOKED if it is or another error code if something
550  * unexpected happened.
551  * This will check both the key and, if it is a certificate, its CA key too.
552  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
553  */
554 int
555 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
556 {
557 	int r;
558 
559 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
560 	/* If this was not a KRL to begin with then continue below */
561 	if (r != SSH_ERR_KRL_BAD_MAGIC)
562 		return r;
563 
564 	/*
565 	 * If the file is not a KRL or we can't handle KRLs then attempt to
566 	 * parse the file as a flat list of keys.
567 	 */
568 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
569 	case 0:
570 		/* Key found => revoked */
571 		return SSH_ERR_KEY_REVOKED;
572 	case SSH_ERR_KEY_NOT_FOUND:
573 		/* Key not found => not revoked */
574 		return 0;
575 	default:
576 		/* Some other error occurred */
577 		return r;
578 	}
579 }
580 
581