xref: /freebsd/crypto/openssh/authfile.c (revision 963f5dc7a30624e95d72fb7f87b8892651164e46)
1 /* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "ssh.h"
43 #include "log.h"
44 #include "authfile.h"
45 #include "misc.h"
46 #include "atomicio.h"
47 #include "sshkey.h"
48 #include "sshbuf.h"
49 #include "ssherr.h"
50 #include "krl.h"
51 
52 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
53 
54 /* Save a key blob to a file */
55 static int
56 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57 {
58 	int r;
59 	mode_t omask;
60 
61 	omask = umask(077);
62 	r = sshbuf_write_file(filename, keybuf);
63 	umask(omask);
64 	return r;
65 }
66 
67 int
68 sshkey_save_private(struct sshkey *key, const char *filename,
69     const char *passphrase, const char *comment,
70     int format, const char *openssh_format_cipher, int openssh_format_rounds)
71 {
72 	struct sshbuf *keyblob = NULL;
73 	int r;
74 
75 	if ((keyblob = sshbuf_new()) == NULL)
76 		return SSH_ERR_ALLOC_FAIL;
77 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
78 	    format, openssh_format_cipher, openssh_format_rounds)) != 0)
79 		goto out;
80 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
81 		goto out;
82 	r = 0;
83  out:
84 	sshbuf_free(keyblob);
85 	return r;
86 }
87 
88 /* XXX remove error() calls from here? */
89 int
90 sshkey_perm_ok(int fd, const char *filename)
91 {
92 	struct stat st;
93 
94 	if (fstat(fd, &st) == -1)
95 		return SSH_ERR_SYSTEM_ERROR;
96 	/*
97 	 * if a key owned by the user is accessed, then we check the
98 	 * permissions of the file. if the key owned by a different user,
99 	 * then we don't care.
100 	 */
101 #ifdef HAVE_CYGWIN
102 	if (check_ntsec(filename))
103 #endif
104 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
105 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
106 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
107 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
108 		error("Permissions 0%3.3o for '%s' are too open.",
109 		    (u_int)st.st_mode & 0777, filename);
110 		error("It is required that your private key files are NOT accessible by others.");
111 		error("This private key will be ignored.");
112 		return SSH_ERR_KEY_BAD_PERMISSIONS;
113 	}
114 	return 0;
115 }
116 
117 int
118 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
119     struct sshkey **keyp, char **commentp)
120 {
121 	int fd, r;
122 
123 	if (keyp != NULL)
124 		*keyp = NULL;
125 	if (commentp != NULL)
126 		*commentp = NULL;
127 
128 	if ((fd = open(filename, O_RDONLY)) == -1)
129 		return SSH_ERR_SYSTEM_ERROR;
130 
131 	r = sshkey_perm_ok(fd, filename);
132 	if (r != 0)
133 		goto out;
134 
135 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
136 	if (r == 0 && keyp && *keyp)
137 		r = sshkey_set_filename(*keyp, filename);
138  out:
139 	close(fd);
140 	return r;
141 }
142 
143 int
144 sshkey_load_private(const char *filename, const char *passphrase,
145     struct sshkey **keyp, char **commentp)
146 {
147 	return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
148 	    keyp, commentp);
149 }
150 
151 int
152 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
153     struct sshkey **keyp, char **commentp)
154 {
155 	struct sshbuf *buffer = NULL;
156 	int r;
157 
158 	if (keyp != NULL)
159 		*keyp = NULL;
160 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
161 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
162 	    passphrase, keyp, commentp)) != 0)
163 		goto out;
164 
165 	/* success */
166 	r = 0;
167  out:
168 	sshbuf_free(buffer);
169 	return r;
170 }
171 
172 /* Load a pubkey from the unencrypted envelope of a new-format private key */
173 static int
174 sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
175 {
176 	struct sshbuf *buffer = NULL;
177 	struct sshkey *pubkey = NULL;
178 	int r, fd;
179 
180 	if (pubkeyp != NULL)
181 		*pubkeyp = NULL;
182 
183 	if ((fd = open(filename, O_RDONLY)) == -1)
184 		return SSH_ERR_SYSTEM_ERROR;
185 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
186 	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
187 	    KEY_UNSPEC, &pubkey)) != 0)
188 		goto out;
189 	if ((r = sshkey_set_filename(pubkey, filename)) != 0)
190 		goto out;
191 	/* success */
192 	if (pubkeyp != NULL) {
193 		*pubkeyp = pubkey;
194 		pubkey = NULL;
195 	}
196 	r = 0;
197  out:
198 	close(fd);
199 	sshbuf_free(buffer);
200 	sshkey_free(pubkey);
201 	return r;
202 }
203 
204 static int
205 sshkey_try_load_public(struct sshkey **kp, const char *filename,
206     char **commentp)
207 {
208 	FILE *f;
209 	char *line = NULL, *cp;
210 	size_t linesize = 0;
211 	int r;
212 	struct sshkey *k = NULL;
213 
214 	*kp = NULL;
215 	if (commentp != NULL)
216 		*commentp = NULL;
217 	if ((f = fopen(filename, "r")) == NULL)
218 		return SSH_ERR_SYSTEM_ERROR;
219 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
220 		fclose(f);
221 		return SSH_ERR_ALLOC_FAIL;
222 	}
223 	while (getline(&line, &linesize, f) != -1) {
224 		cp = line;
225 		switch (*cp) {
226 		case '#':
227 		case '\n':
228 		case '\0':
229 			continue;
230 		}
231 		/* Abort loading if this looks like a private key */
232 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
233 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
234 			break;
235 		/* Skip leading whitespace. */
236 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
237 			;
238 		if (*cp) {
239 			if ((r = sshkey_read(k, &cp)) == 0) {
240 				cp[strcspn(cp, "\r\n")] = '\0';
241 				if (commentp) {
242 					*commentp = strdup(*cp ?
243 					    cp : filename);
244 					if (*commentp == NULL)
245 						r = SSH_ERR_ALLOC_FAIL;
246 				}
247 				/* success */
248 				*kp = k;
249 				free(line);
250 				fclose(f);
251 				return r;
252 			}
253 		}
254 	}
255 	free(k);
256 	free(line);
257 	fclose(f);
258 	return SSH_ERR_INVALID_FORMAT;
259 }
260 
261 /* load public key from any pubkey file */
262 int
263 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
264 {
265 	char *pubfile = NULL;
266 	int r, oerrno;
267 
268 	if (keyp != NULL)
269 		*keyp = NULL;
270 	if (commentp != NULL)
271 		*commentp = NULL;
272 
273 	if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0)
274 		goto out;
275 
276 	/* try .pub suffix */
277 	if (asprintf(&pubfile, "%s.pub", filename) == -1)
278 		return SSH_ERR_ALLOC_FAIL;
279 	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
280 		goto out;
281 
282 	/* finally, try to extract public key from private key file */
283 	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
284 		goto out;
285 
286 	/* Pretend we couldn't find the key */
287 	r = SSH_ERR_SYSTEM_ERROR;
288 	errno = ENOENT;
289 
290  out:
291 	oerrno = errno;
292 	free(pubfile);
293 	errno = oerrno;
294 	return r;
295 }
296 
297 /* Load the certificate associated with the named private key */
298 int
299 sshkey_load_cert(const char *filename, struct sshkey **keyp)
300 {
301 	struct sshkey *pub = NULL;
302 	char *file = NULL;
303 	int r = SSH_ERR_INTERNAL_ERROR;
304 
305 	if (keyp != NULL)
306 		*keyp = NULL;
307 
308 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
309 		return SSH_ERR_ALLOC_FAIL;
310 
311 	r = sshkey_try_load_public(keyp, file, NULL);
312 	free(file);
313 	sshkey_free(pub);
314 	return r;
315 }
316 
317 /* Load private key and certificate */
318 int
319 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
320     struct sshkey **keyp)
321 {
322 	struct sshkey *key = NULL, *cert = NULL;
323 	int r;
324 
325 	if (keyp != NULL)
326 		*keyp = NULL;
327 
328 	switch (type) {
329 #ifdef WITH_OPENSSL
330 	case KEY_RSA:
331 	case KEY_DSA:
332 	case KEY_ECDSA:
333 #endif /* WITH_OPENSSL */
334 	case KEY_ED25519:
335 	case KEY_XMSS:
336 	case KEY_UNSPEC:
337 		break;
338 	default:
339 		return SSH_ERR_KEY_TYPE_UNKNOWN;
340 	}
341 
342 	if ((r = sshkey_load_private_type(type, filename,
343 	    passphrase, &key, NULL)) != 0 ||
344 	    (r = sshkey_load_cert(filename, &cert)) != 0)
345 		goto out;
346 
347 	/* Make sure the private key matches the certificate */
348 	if (sshkey_equal_public(key, cert) == 0) {
349 		r = SSH_ERR_KEY_CERT_MISMATCH;
350 		goto out;
351 	}
352 
353 	if ((r = sshkey_to_certified(key)) != 0 ||
354 	    (r = sshkey_cert_copy(cert, key)) != 0)
355 		goto out;
356 	r = 0;
357 	if (keyp != NULL) {
358 		*keyp = key;
359 		key = NULL;
360 	}
361  out:
362 	sshkey_free(key);
363 	sshkey_free(cert);
364 	return r;
365 }
366 
367 /*
368  * Returns success if the specified "key" is listed in the file "filename",
369  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
370  * If "strict_type" is set then the key type must match exactly,
371  * otherwise a comparison that ignores certficiate data is performed.
372  * If "check_ca" is set and "key" is a certificate, then its CA key is
373  * also checked and sshkey_in_file() will return success if either is found.
374  */
375 int
376 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
377     int check_ca)
378 {
379 	FILE *f;
380 	char *line = NULL, *cp;
381 	size_t linesize = 0;
382 	int r = 0;
383 	struct sshkey *pub = NULL;
384 
385 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
386 	    strict_type ?  sshkey_equal : sshkey_equal_public;
387 
388 	if ((f = fopen(filename, "r")) == NULL)
389 		return SSH_ERR_SYSTEM_ERROR;
390 
391 	while (getline(&line, &linesize, f) != -1) {
392 		sshkey_free(pub);
393 		pub = NULL;
394 		cp = line;
395 
396 		/* Skip leading whitespace. */
397 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
398 			;
399 
400 		/* Skip comments and empty lines */
401 		switch (*cp) {
402 		case '#':
403 		case '\n':
404 		case '\0':
405 			continue;
406 		}
407 
408 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
409 			r = SSH_ERR_ALLOC_FAIL;
410 			goto out;
411 		}
412 		switch (r = sshkey_read(pub, &cp)) {
413 		case 0:
414 			break;
415 		case SSH_ERR_KEY_LENGTH:
416 			continue;
417 		default:
418 			goto out;
419 		}
420 		if (sshkey_compare(key, pub) ||
421 		    (check_ca && sshkey_is_cert(key) &&
422 		    sshkey_compare(key->cert->signature_key, pub))) {
423 			r = 0;
424 			goto out;
425 		}
426 	}
427 	r = SSH_ERR_KEY_NOT_FOUND;
428  out:
429 	free(line);
430 	sshkey_free(pub);
431 	fclose(f);
432 	return r;
433 }
434 
435 /*
436  * Checks whether the specified key is revoked, returning 0 if not,
437  * SSH_ERR_KEY_REVOKED if it is or another error code if something
438  * unexpected happened.
439  * This will check both the key and, if it is a certificate, its CA key too.
440  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
441  */
442 int
443 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
444 {
445 	int r;
446 
447 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
448 	/* If this was not a KRL to begin with then continue below */
449 	if (r != SSH_ERR_KRL_BAD_MAGIC)
450 		return r;
451 
452 	/*
453 	 * If the file is not a KRL or we can't handle KRLs then attempt to
454 	 * parse the file as a flat list of keys.
455 	 */
456 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
457 	case 0:
458 		/* Key found => revoked */
459 		return SSH_ERR_KEY_REVOKED;
460 	case SSH_ERR_KEY_NOT_FOUND:
461 		/* Key not found => not revoked */
462 		return 0;
463 	default:
464 		/* Some other error occurred */
465 		return r;
466 	}
467 }
468 
469 /*
470  * Advanced *cpp past the end of key options, defined as the first unquoted
471  * whitespace character. Returns 0 on success or -1 on failure (e.g.
472  * unterminated quotes).
473  */
474 int
475 sshkey_advance_past_options(char **cpp)
476 {
477 	char *cp = *cpp;
478 	int quoted = 0;
479 
480 	for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
481 		if (*cp == '\\' && cp[1] == '"')
482 			cp++;	/* Skip both */
483 		else if (*cp == '"')
484 			quoted = !quoted;
485 	}
486 	*cpp = cp;
487 	/* return failure for unterminated quotes */
488 	return (*cp == '\0' && quoted) ? -1 : 0;
489 }
490 
491 /* Save a public key */
492 int
493 sshkey_save_public(const struct sshkey *key, const char *path,
494     const char *comment)
495 {
496 	int fd, oerrno;
497 	FILE *f = NULL;
498 	int r = SSH_ERR_INTERNAL_ERROR;
499 
500 	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
501 		return SSH_ERR_SYSTEM_ERROR;
502 	if ((f = fdopen(fd, "w")) == NULL) {
503 		r = SSH_ERR_SYSTEM_ERROR;
504 		goto fail;
505 	}
506 	if ((r = sshkey_write(key, f)) != 0)
507 		goto fail;
508 	fprintf(f, " %s\n", comment);
509 	if (ferror(f) || fclose(f) != 0) {
510 		r = SSH_ERR_SYSTEM_ERROR;
511  fail:
512 		oerrno = errno;
513 		if (f != NULL)
514 			fclose(f);
515 		else
516 			close(fd);
517 		errno = oerrno;
518 		return r;
519 	}
520 	return 0;
521 }
522