xref: /freebsd/crypto/openssh/authfile.c (revision bc5531debefeb54993d01d4f3c8b33ccbe0b4d95)
1 /* $OpenBSD: authfile.c,v 1.111 2015/02/23 16:55:51 djm Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "key.h"
43 #include "ssh.h"
44 #include "log.h"
45 #include "authfile.h"
46 #include "rsa.h"
47 #include "misc.h"
48 #include "atomicio.h"
49 #include "sshbuf.h"
50 #include "ssherr.h"
51 #include "krl.h"
52 
53 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
54 
55 /* Save a key blob to a file */
56 static int
57 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
58 {
59 	int fd, oerrno;
60 
61 	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
62 		return SSH_ERR_SYSTEM_ERROR;
63 	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
64 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
65 		oerrno = errno;
66 		close(fd);
67 		unlink(filename);
68 		errno = oerrno;
69 		return SSH_ERR_SYSTEM_ERROR;
70 	}
71 	close(fd);
72 	return 0;
73 }
74 
75 int
76 sshkey_save_private(struct sshkey *key, const char *filename,
77     const char *passphrase, const char *comment,
78     int force_new_format, const char *new_format_cipher, int new_format_rounds)
79 {
80 	struct sshbuf *keyblob = NULL;
81 	int r;
82 
83 	if ((keyblob = sshbuf_new()) == NULL)
84 		return SSH_ERR_ALLOC_FAIL;
85 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
86 	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
87 		goto out;
88 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
89 		goto out;
90 	r = 0;
91  out:
92 	sshbuf_free(keyblob);
93 	return r;
94 }
95 
96 /* Load a key from a fd into a buffer */
97 int
98 sshkey_load_file(int fd, struct sshbuf *blob)
99 {
100 	u_char buf[1024];
101 	size_t len;
102 	struct stat st;
103 	int r;
104 
105 	if (fstat(fd, &st) < 0)
106 		return SSH_ERR_SYSTEM_ERROR;
107 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108 	    st.st_size > MAX_KEY_FILE_SIZE)
109 		return SSH_ERR_INVALID_FORMAT;
110 	for (;;) {
111 		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
112 			if (errno == EPIPE)
113 				break;
114 			r = SSH_ERR_SYSTEM_ERROR;
115 			goto out;
116 		}
117 		if ((r = sshbuf_put(blob, buf, len)) != 0)
118 			goto out;
119 		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
120 			r = SSH_ERR_INVALID_FORMAT;
121 			goto out;
122 		}
123 	}
124 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
125 	    st.st_size != (off_t)sshbuf_len(blob)) {
126 		r = SSH_ERR_FILE_CHANGED;
127 		goto out;
128 	}
129 	r = 0;
130 
131  out:
132 	explicit_bzero(buf, sizeof(buf));
133 	if (r != 0)
134 		sshbuf_reset(blob);
135 	return r;
136 }
137 
138 #ifdef WITH_SSH1
139 /*
140  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
141  * encountered (the file does not exist or is not readable), and the key
142  * otherwise.
143  */
144 static int
145 sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
146 {
147 	struct sshbuf *b = NULL;
148 	int r;
149 
150 	*keyp = NULL;
151 	if (commentp != NULL)
152 		*commentp = NULL;
153 
154 	if ((b = sshbuf_new()) == NULL)
155 		return SSH_ERR_ALLOC_FAIL;
156 	if ((r = sshkey_load_file(fd, b)) != 0)
157 		goto out;
158 	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
159 		goto out;
160 	r = 0;
161  out:
162 	sshbuf_free(b);
163 	return r;
164 }
165 #endif /* WITH_SSH1 */
166 
167 /* XXX remove error() calls from here? */
168 int
169 sshkey_perm_ok(int fd, const char *filename)
170 {
171 	struct stat st;
172 
173 	if (fstat(fd, &st) < 0)
174 		return SSH_ERR_SYSTEM_ERROR;
175 	/*
176 	 * if a key owned by the user is accessed, then we check the
177 	 * permissions of the file. if the key owned by a different user,
178 	 * then we don't care.
179 	 */
180 #ifdef HAVE_CYGWIN
181 	if (check_ntsec(filename))
182 #endif
183 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
184 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
185 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
186 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
187 		error("Permissions 0%3.3o for '%s' are too open.",
188 		    (u_int)st.st_mode & 0777, filename);
189 		error("It is recommended that your private key files are NOT accessible by others.");
190 		error("This private key will be ignored.");
191 		return SSH_ERR_KEY_BAD_PERMISSIONS;
192 	}
193 	return 0;
194 }
195 
196 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
197 int
198 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
199     struct sshkey **keyp, char **commentp, int *perm_ok)
200 {
201 	int fd, r;
202 
203 	*keyp = NULL;
204 	if (commentp != NULL)
205 		*commentp = NULL;
206 
207 	if ((fd = open(filename, O_RDONLY)) < 0) {
208 		if (perm_ok != NULL)
209 			*perm_ok = 0;
210 		return SSH_ERR_SYSTEM_ERROR;
211 	}
212 	if (sshkey_perm_ok(fd, filename) != 0) {
213 		if (perm_ok != NULL)
214 			*perm_ok = 0;
215 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
216 		goto out;
217 	}
218 	if (perm_ok != NULL)
219 		*perm_ok = 1;
220 
221 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
222  out:
223 	close(fd);
224 	return r;
225 }
226 
227 int
228 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
229     struct sshkey **keyp, char **commentp)
230 {
231 	struct sshbuf *buffer = NULL;
232 	int r;
233 
234 	if ((buffer = sshbuf_new()) == NULL) {
235 		r = SSH_ERR_ALLOC_FAIL;
236 		goto out;
237 	}
238 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
239 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
240 	    passphrase, keyp, commentp)) != 0)
241 		goto out;
242 
243 	/* success */
244 	r = 0;
245  out:
246 	if (buffer != NULL)
247 		sshbuf_free(buffer);
248 	return r;
249 }
250 
251 /* XXX this is almost identical to sshkey_load_private_type() */
252 int
253 sshkey_load_private(const char *filename, const char *passphrase,
254     struct sshkey **keyp, char **commentp)
255 {
256 	struct sshbuf *buffer = NULL;
257 	int r, fd;
258 
259 	*keyp = NULL;
260 	if (commentp != NULL)
261 		*commentp = NULL;
262 
263 	if ((fd = open(filename, O_RDONLY)) < 0)
264 		return SSH_ERR_SYSTEM_ERROR;
265 	if (sshkey_perm_ok(fd, filename) != 0) {
266 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
267 		goto out;
268 	}
269 
270 	if ((buffer = sshbuf_new()) == NULL) {
271 		r = SSH_ERR_ALLOC_FAIL;
272 		goto out;
273 	}
274 	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
275 	    (r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
276 	    keyp, commentp)) != 0)
277 		goto out;
278 	r = 0;
279  out:
280 	close(fd);
281 	if (buffer != NULL)
282 		sshbuf_free(buffer);
283 	return r;
284 }
285 
286 static int
287 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
288 {
289 	FILE *f;
290 	char line[SSH_MAX_PUBKEY_BYTES];
291 	char *cp;
292 	u_long linenum = 0;
293 	int r;
294 
295 	if (commentp != NULL)
296 		*commentp = NULL;
297 	if ((f = fopen(filename, "r")) == NULL)
298 		return SSH_ERR_SYSTEM_ERROR;
299 	while (read_keyfile_line(f, filename, line, sizeof(line),
300 		    &linenum) != -1) {
301 		cp = line;
302 		switch (*cp) {
303 		case '#':
304 		case '\n':
305 		case '\0':
306 			continue;
307 		}
308 		/* Abort loading if this looks like a private key */
309 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
310 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
311 			break;
312 		/* Skip leading whitespace. */
313 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
314 			;
315 		if (*cp) {
316 			if ((r = sshkey_read(k, &cp)) == 0) {
317 				cp[strcspn(cp, "\r\n")] = '\0';
318 				if (commentp) {
319 					*commentp = strdup(*cp ?
320 					    cp : filename);
321 					if (*commentp == NULL)
322 						r = SSH_ERR_ALLOC_FAIL;
323 				}
324 				fclose(f);
325 				return r;
326 			}
327 		}
328 	}
329 	fclose(f);
330 	return SSH_ERR_INVALID_FORMAT;
331 }
332 
333 /* load public key from ssh v1 private or any pubkey file */
334 int
335 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
336 {
337 	struct sshkey *pub = NULL;
338 	char file[PATH_MAX];
339 	int r, fd;
340 
341 	if (keyp != NULL)
342 		*keyp = NULL;
343 	if (commentp != NULL)
344 		*commentp = NULL;
345 
346 	/* XXX should load file once and attempt to parse each format */
347 
348 	if ((fd = open(filename, O_RDONLY)) < 0)
349 		goto skip;
350 #ifdef WITH_SSH1
351 	/* try rsa1 private key */
352 	r = sshkey_load_public_rsa1(fd, keyp, commentp);
353 	close(fd);
354 	switch (r) {
355 	case SSH_ERR_INTERNAL_ERROR:
356 	case SSH_ERR_ALLOC_FAIL:
357 	case SSH_ERR_INVALID_ARGUMENT:
358 	case SSH_ERR_SYSTEM_ERROR:
359 	case 0:
360 		return r;
361 	}
362 #endif /* WITH_SSH1 */
363 
364 	/* try ssh2 public key */
365 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
366 		return SSH_ERR_ALLOC_FAIL;
367 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
368 		if (keyp != NULL)
369 			*keyp = pub;
370 		return 0;
371 	}
372 	sshkey_free(pub);
373 
374 #ifdef WITH_SSH1
375 	/* try rsa1 public key */
376 	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
377 		return SSH_ERR_ALLOC_FAIL;
378 	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
379 		if (keyp != NULL)
380 			*keyp = pub;
381 		return 0;
382 	}
383 	sshkey_free(pub);
384 #endif /* WITH_SSH1 */
385 
386  skip:
387 	/* try .pub suffix */
388 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
389 		return SSH_ERR_ALLOC_FAIL;
390 	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
391 	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
392 	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
393 	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
394 		if (keyp != NULL)
395 			*keyp = pub;
396 		return 0;
397 	}
398 	sshkey_free(pub);
399 
400 	return r;
401 }
402 
403 /* Load the certificate associated with the named private key */
404 int
405 sshkey_load_cert(const char *filename, struct sshkey **keyp)
406 {
407 	struct sshkey *pub = NULL;
408 	char *file = NULL;
409 	int r = SSH_ERR_INTERNAL_ERROR;
410 
411 	*keyp = NULL;
412 
413 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
414 		return SSH_ERR_ALLOC_FAIL;
415 
416 	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
417 		goto out;
418 	}
419 	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
420 		goto out;
421 
422 	*keyp = pub;
423 	pub = NULL;
424 	r = 0;
425 
426  out:
427 	if (file != NULL)
428 		free(file);
429 	if (pub != NULL)
430 		sshkey_free(pub);
431 	return r;
432 }
433 
434 /* Load private key and certificate */
435 int
436 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
437     struct sshkey **keyp, int *perm_ok)
438 {
439 	struct sshkey *key = NULL, *cert = NULL;
440 	int r;
441 
442 	*keyp = NULL;
443 
444 	switch (type) {
445 #ifdef WITH_OPENSSL
446 	case KEY_RSA:
447 	case KEY_DSA:
448 	case KEY_ECDSA:
449 	case KEY_ED25519:
450 #endif /* WITH_OPENSSL */
451 	case KEY_UNSPEC:
452 		break;
453 	default:
454 		return SSH_ERR_KEY_TYPE_UNKNOWN;
455 	}
456 
457 	if ((r = sshkey_load_private_type(type, filename,
458 	    passphrase, &key, NULL, perm_ok)) != 0 ||
459 	    (r = sshkey_load_cert(filename, &cert)) != 0)
460 		goto out;
461 
462 	/* Make sure the private key matches the certificate */
463 	if (sshkey_equal_public(key, cert) == 0) {
464 		r = SSH_ERR_KEY_CERT_MISMATCH;
465 		goto out;
466 	}
467 
468 	if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 ||
469 	    (r = sshkey_cert_copy(cert, key)) != 0)
470 		goto out;
471 	r = 0;
472 	*keyp = key;
473 	key = NULL;
474  out:
475 	if (key != NULL)
476 		sshkey_free(key);
477 	if (cert != NULL)
478 		sshkey_free(cert);
479 	return r;
480 }
481 
482 /*
483  * Returns success if the specified "key" is listed in the file "filename",
484  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
485  * If "strict_type" is set then the key type must match exactly,
486  * otherwise a comparison that ignores certficiate data is performed.
487  * If "check_ca" is set and "key" is a certificate, then its CA key is
488  * also checked and sshkey_in_file() will return success if either is found.
489  */
490 int
491 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
492     int check_ca)
493 {
494 	FILE *f;
495 	char line[SSH_MAX_PUBKEY_BYTES];
496 	char *cp;
497 	u_long linenum = 0;
498 	int r = 0;
499 	struct sshkey *pub = NULL;
500 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
501 	    strict_type ?  sshkey_equal : sshkey_equal_public;
502 
503 	if ((f = fopen(filename, "r")) == NULL)
504 		return SSH_ERR_SYSTEM_ERROR;
505 
506 	while (read_keyfile_line(f, filename, line, sizeof(line),
507 	    &linenum) != -1) {
508 		cp = line;
509 
510 		/* Skip leading whitespace. */
511 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
512 			;
513 
514 		/* Skip comments and empty lines */
515 		switch (*cp) {
516 		case '#':
517 		case '\n':
518 		case '\0':
519 			continue;
520 		}
521 
522 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
523 			r = SSH_ERR_ALLOC_FAIL;
524 			goto out;
525 		}
526 		if ((r = sshkey_read(pub, &cp)) != 0)
527 			goto out;
528 		if (sshkey_compare(key, pub) ||
529 		    (check_ca && sshkey_is_cert(key) &&
530 		    sshkey_compare(key->cert->signature_key, pub))) {
531 			r = 0;
532 			goto out;
533 		}
534 		sshkey_free(pub);
535 		pub = NULL;
536 	}
537 	r = SSH_ERR_KEY_NOT_FOUND;
538  out:
539 	if (pub != NULL)
540 		sshkey_free(pub);
541 	fclose(f);
542 	return r;
543 }
544 
545 /*
546  * Checks whether the specified key is revoked, returning 0 if not,
547  * SSH_ERR_KEY_REVOKED if it is or another error code if something
548  * unexpected happened.
549  * This will check both the key and, if it is a certificate, its CA key too.
550  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
551  */
552 int
553 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
554 {
555 	int r;
556 
557 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
558 	/* If this was not a KRL to begin with then continue below */
559 	if (r != SSH_ERR_KRL_BAD_MAGIC)
560 		return r;
561 
562 	/*
563 	 * If the file is not a KRL or we can't handle KRLs then attempt to
564 	 * parse the file as a flat list of keys.
565 	 */
566 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
567 	case 0:
568 		/* Key found => revoked */
569 		return SSH_ERR_KEY_REVOKED;
570 	case SSH_ERR_KEY_NOT_FOUND:
571 		/* Key not found => not revoked */
572 		return 0;
573 	default:
574 		/* Some other error occurred */
575 		return r;
576 	}
577 }
578 
579