xref: /freebsd/crypto/openssh/authfile.c (revision b1b73fc4c9924c4ca2f94b76155a0895373a0b5c)
1 /* $OpenBSD: authfile.c,v 1.120 2015/12/11 04:21:11 mmcc Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "ssh.h"
43 #include "log.h"
44 #include "authfile.h"
45 #include "rsa.h"
46 #include "misc.h"
47 #include "atomicio.h"
48 #include "sshkey.h"
49 #include "sshbuf.h"
50 #include "ssherr.h"
51 #include "krl.h"
52 
53 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
54 
55 /* Save a key blob to a file */
56 static int
57 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
58 {
59 	int fd, oerrno;
60 
61 	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
62 		return SSH_ERR_SYSTEM_ERROR;
63 	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
64 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
65 		oerrno = errno;
66 		close(fd);
67 		unlink(filename);
68 		errno = oerrno;
69 		return SSH_ERR_SYSTEM_ERROR;
70 	}
71 	close(fd);
72 	return 0;
73 }
74 
75 int
76 sshkey_save_private(struct sshkey *key, const char *filename,
77     const char *passphrase, const char *comment,
78     int force_new_format, const char *new_format_cipher, int new_format_rounds)
79 {
80 	struct sshbuf *keyblob = NULL;
81 	int r;
82 
83 	if ((keyblob = sshbuf_new()) == NULL)
84 		return SSH_ERR_ALLOC_FAIL;
85 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
86 	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
87 		goto out;
88 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
89 		goto out;
90 	r = 0;
91  out:
92 	sshbuf_free(keyblob);
93 	return r;
94 }
95 
96 /* Load a key from a fd into a buffer */
97 int
98 sshkey_load_file(int fd, struct sshbuf *blob)
99 {
100 	u_char buf[1024];
101 	size_t len;
102 	struct stat st;
103 	int r;
104 
105 	if (fstat(fd, &st) < 0)
106 		return SSH_ERR_SYSTEM_ERROR;
107 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108 	    st.st_size > MAX_KEY_FILE_SIZE)
109 		return SSH_ERR_INVALID_FORMAT;
110 	for (;;) {
111 		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
112 			if (errno == EPIPE)
113 				break;
114 			r = SSH_ERR_SYSTEM_ERROR;
115 			goto out;
116 		}
117 		if ((r = sshbuf_put(blob, buf, len)) != 0)
118 			goto out;
119 		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
120 			r = SSH_ERR_INVALID_FORMAT;
121 			goto out;
122 		}
123 	}
124 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
125 	    st.st_size != (off_t)sshbuf_len(blob)) {
126 		r = SSH_ERR_FILE_CHANGED;
127 		goto out;
128 	}
129 	r = 0;
130 
131  out:
132 	explicit_bzero(buf, sizeof(buf));
133 	if (r != 0)
134 		sshbuf_reset(blob);
135 	return r;
136 }
137 
138 #ifdef WITH_SSH1
139 /*
140  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
141  * encountered (the file does not exist or is not readable), and the key
142  * otherwise.
143  */
144 static int
145 sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
146 {
147 	struct sshbuf *b = NULL;
148 	int r;
149 
150 	*keyp = NULL;
151 	if (commentp != NULL)
152 		*commentp = NULL;
153 
154 	if ((b = sshbuf_new()) == NULL)
155 		return SSH_ERR_ALLOC_FAIL;
156 	if ((r = sshkey_load_file(fd, b)) != 0)
157 		goto out;
158 	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
159 		goto out;
160 	r = 0;
161  out:
162 	sshbuf_free(b);
163 	return r;
164 }
165 #endif /* WITH_SSH1 */
166 
167 /* XXX remove error() calls from here? */
168 int
169 sshkey_perm_ok(int fd, const char *filename)
170 {
171 	struct stat st;
172 
173 	if (fstat(fd, &st) < 0)
174 		return SSH_ERR_SYSTEM_ERROR;
175 	/*
176 	 * if a key owned by the user is accessed, then we check the
177 	 * permissions of the file. if the key owned by a different user,
178 	 * then we don't care.
179 	 */
180 #ifdef HAVE_CYGWIN
181 	if (check_ntsec(filename))
182 #endif
183 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
184 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
185 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
186 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
187 		error("Permissions 0%3.3o for '%s' are too open.",
188 		    (u_int)st.st_mode & 0777, filename);
189 		error("It is required that your private key files are NOT accessible by others.");
190 		error("This private key will be ignored.");
191 		return SSH_ERR_KEY_BAD_PERMISSIONS;
192 	}
193 	return 0;
194 }
195 
196 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
197 int
198 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
199     struct sshkey **keyp, char **commentp, int *perm_ok)
200 {
201 	int fd, r;
202 
203 	*keyp = NULL;
204 	if (commentp != NULL)
205 		*commentp = NULL;
206 
207 	if ((fd = open(filename, O_RDONLY)) < 0) {
208 		if (perm_ok != NULL)
209 			*perm_ok = 0;
210 		return SSH_ERR_SYSTEM_ERROR;
211 	}
212 	if (sshkey_perm_ok(fd, filename) != 0) {
213 		if (perm_ok != NULL)
214 			*perm_ok = 0;
215 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
216 		goto out;
217 	}
218 	if (perm_ok != NULL)
219 		*perm_ok = 1;
220 
221 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
222  out:
223 	close(fd);
224 	return r;
225 }
226 
227 int
228 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
229     struct sshkey **keyp, char **commentp)
230 {
231 	struct sshbuf *buffer = NULL;
232 	int r;
233 
234 	if ((buffer = sshbuf_new()) == NULL) {
235 		r = SSH_ERR_ALLOC_FAIL;
236 		goto out;
237 	}
238 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
239 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
240 	    passphrase, keyp, commentp)) != 0)
241 		goto out;
242 
243 	/* success */
244 	r = 0;
245  out:
246 	sshbuf_free(buffer);
247 	return r;
248 }
249 
250 /* XXX this is almost identical to sshkey_load_private_type() */
251 int
252 sshkey_load_private(const char *filename, const char *passphrase,
253     struct sshkey **keyp, char **commentp)
254 {
255 	struct sshbuf *buffer = NULL;
256 	int r, fd;
257 
258 	*keyp = NULL;
259 	if (commentp != NULL)
260 		*commentp = NULL;
261 
262 	if ((fd = open(filename, O_RDONLY)) < 0)
263 		return SSH_ERR_SYSTEM_ERROR;
264 	if (sshkey_perm_ok(fd, filename) != 0) {
265 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
266 		goto out;
267 	}
268 
269 	if ((buffer = sshbuf_new()) == NULL) {
270 		r = SSH_ERR_ALLOC_FAIL;
271 		goto out;
272 	}
273 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
274 	    (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
275 	    commentp)) != 0)
276 		goto out;
277 	r = 0;
278  out:
279 	close(fd);
280 	sshbuf_free(buffer);
281 	return r;
282 }
283 
284 static int
285 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
286 {
287 	FILE *f;
288 	char line[SSH_MAX_PUBKEY_BYTES];
289 	char *cp;
290 	u_long linenum = 0;
291 	int r;
292 
293 	if (commentp != NULL)
294 		*commentp = NULL;
295 	if ((f = fopen(filename, "r")) == NULL)
296 		return SSH_ERR_SYSTEM_ERROR;
297 	while (read_keyfile_line(f, filename, line, sizeof(line),
298 		    &linenum) != -1) {
299 		cp = line;
300 		switch (*cp) {
301 		case '#':
302 		case '\n':
303 		case '\0':
304 			continue;
305 		}
306 		/* Abort loading if this looks like a private key */
307 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
308 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
309 			break;
310 		/* Skip leading whitespace. */
311 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
312 			;
313 		if (*cp) {
314 			if ((r = sshkey_read(k, &cp)) == 0) {
315 				cp[strcspn(cp, "\r\n")] = '\0';
316 				if (commentp) {
317 					*commentp = strdup(*cp ?
318 					    cp : filename);
319 					if (*commentp == NULL)
320 						r = SSH_ERR_ALLOC_FAIL;
321 				}
322 				fclose(f);
323 				return r;
324 			}
325 		}
326 	}
327 	fclose(f);
328 	return SSH_ERR_INVALID_FORMAT;
329 }
330 
331 /* load public key from ssh v1 private or any pubkey file */
332 int
333 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
334 {
335 	struct sshkey *pub = NULL;
336 	char file[PATH_MAX];
337 	int r, fd;
338 
339 	if (keyp != NULL)
340 		*keyp = NULL;
341 	if (commentp != NULL)
342 		*commentp = NULL;
343 
344 	/* XXX should load file once and attempt to parse each format */
345 
346 	if ((fd = open(filename, O_RDONLY)) < 0)
347 		goto skip;
348 #ifdef WITH_SSH1
349 	/* try rsa1 private key */
350 	r = sshkey_load_public_rsa1(fd, keyp, commentp);
351 	close(fd);
352 	switch (r) {
353 	case SSH_ERR_INTERNAL_ERROR:
354 	case SSH_ERR_ALLOC_FAIL:
355 	case SSH_ERR_INVALID_ARGUMENT:
356 	case SSH_ERR_SYSTEM_ERROR:
357 	case 0:
358 		return r;
359 	}
360 #else /* WITH_SSH1 */
361 	close(fd);
362 #endif /* WITH_SSH1 */
363 
364 	/* try ssh2 public key */
365 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
366 		return SSH_ERR_ALLOC_FAIL;
367 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
368 		if (keyp != NULL)
369 			*keyp = pub;
370 		return 0;
371 	}
372 	sshkey_free(pub);
373 
374 #ifdef WITH_SSH1
375 	/* try rsa1 public key */
376 	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
377 		return SSH_ERR_ALLOC_FAIL;
378 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
379 		if (keyp != NULL)
380 			*keyp = pub;
381 		return 0;
382 	}
383 	sshkey_free(pub);
384 #endif /* WITH_SSH1 */
385 
386  skip:
387 	/* try .pub suffix */
388 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
389 		return SSH_ERR_ALLOC_FAIL;
390 	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
391 	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
392 	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
393 	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
394 		if (keyp != NULL)
395 			*keyp = pub;
396 		return 0;
397 	}
398 	sshkey_free(pub);
399 
400 	return r;
401 }
402 
403 /* Load the certificate associated with the named private key */
404 int
405 sshkey_load_cert(const char *filename, struct sshkey **keyp)
406 {
407 	struct sshkey *pub = NULL;
408 	char *file = NULL;
409 	int r = SSH_ERR_INTERNAL_ERROR;
410 
411 	*keyp = NULL;
412 
413 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
414 		return SSH_ERR_ALLOC_FAIL;
415 
416 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
417 		goto out;
418 	}
419 	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
420 		goto out;
421 
422 	*keyp = pub;
423 	pub = NULL;
424 	r = 0;
425 
426  out:
427 	free(file);
428 	sshkey_free(pub);
429 	return r;
430 }
431 
432 /* Load private key and certificate */
433 int
434 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
435     struct sshkey **keyp, int *perm_ok)
436 {
437 	struct sshkey *key = NULL, *cert = NULL;
438 	int r;
439 
440 	*keyp = NULL;
441 
442 	switch (type) {
443 #ifdef WITH_OPENSSL
444 	case KEY_RSA:
445 	case KEY_DSA:
446 	case KEY_ECDSA:
447 #endif /* WITH_OPENSSL */
448 	case KEY_ED25519:
449 	case KEY_UNSPEC:
450 		break;
451 	default:
452 		return SSH_ERR_KEY_TYPE_UNKNOWN;
453 	}
454 
455 	if ((r = sshkey_load_private_type(type, filename,
456 	    passphrase, &key, NULL, perm_ok)) != 0 ||
457 	    (r = sshkey_load_cert(filename, &cert)) != 0)
458 		goto out;
459 
460 	/* Make sure the private key matches the certificate */
461 	if (sshkey_equal_public(key, cert) == 0) {
462 		r = SSH_ERR_KEY_CERT_MISMATCH;
463 		goto out;
464 	}
465 
466 	if ((r = sshkey_to_certified(key)) != 0 ||
467 	    (r = sshkey_cert_copy(cert, key)) != 0)
468 		goto out;
469 	r = 0;
470 	*keyp = key;
471 	key = NULL;
472  out:
473 	sshkey_free(key);
474 	sshkey_free(cert);
475 	return r;
476 }
477 
478 /*
479  * Returns success if the specified "key" is listed in the file "filename",
480  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
481  * If "strict_type" is set then the key type must match exactly,
482  * otherwise a comparison that ignores certficiate data is performed.
483  * If "check_ca" is set and "key" is a certificate, then its CA key is
484  * also checked and sshkey_in_file() will return success if either is found.
485  */
486 int
487 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
488     int check_ca)
489 {
490 	FILE *f;
491 	char line[SSH_MAX_PUBKEY_BYTES];
492 	char *cp;
493 	u_long linenum = 0;
494 	int r = 0;
495 	struct sshkey *pub = NULL;
496 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
497 	    strict_type ?  sshkey_equal : sshkey_equal_public;
498 
499 	if ((f = fopen(filename, "r")) == NULL)
500 		return SSH_ERR_SYSTEM_ERROR;
501 
502 	while (read_keyfile_line(f, filename, line, sizeof(line),
503 	    &linenum) != -1) {
504 		cp = line;
505 
506 		/* Skip leading whitespace. */
507 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
508 			;
509 
510 		/* Skip comments and empty lines */
511 		switch (*cp) {
512 		case '#':
513 		case '\n':
514 		case '\0':
515 			continue;
516 		}
517 
518 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
519 			r = SSH_ERR_ALLOC_FAIL;
520 			goto out;
521 		}
522 		if ((r = sshkey_read(pub, &cp)) != 0)
523 			goto out;
524 		if (sshkey_compare(key, pub) ||
525 		    (check_ca && sshkey_is_cert(key) &&
526 		    sshkey_compare(key->cert->signature_key, pub))) {
527 			r = 0;
528 			goto out;
529 		}
530 		sshkey_free(pub);
531 		pub = NULL;
532 	}
533 	r = SSH_ERR_KEY_NOT_FOUND;
534  out:
535 	sshkey_free(pub);
536 	fclose(f);
537 	return r;
538 }
539 
540 /*
541  * Checks whether the specified key is revoked, returning 0 if not,
542  * SSH_ERR_KEY_REVOKED if it is or another error code if something
543  * unexpected happened.
544  * This will check both the key and, if it is a certificate, its CA key too.
545  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
546  */
547 int
548 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
549 {
550 	int r;
551 
552 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
553 	/* If this was not a KRL to begin with then continue below */
554 	if (r != SSH_ERR_KRL_BAD_MAGIC)
555 		return r;
556 
557 	/*
558 	 * If the file is not a KRL or we can't handle KRLs then attempt to
559 	 * parse the file as a flat list of keys.
560 	 */
561 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
562 	case 0:
563 		/* Key found => revoked */
564 		return SSH_ERR_KEY_REVOKED;
565 	case SSH_ERR_KEY_NOT_FOUND:
566 		/* Key not found => not revoked */
567 		return 0;
568 	default:
569 		/* Some other error occurred */
570 		return r;
571 	}
572 }
573 
574