/* $OpenBSD: authfile.c,v 1.107 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" #include #include #include #include #include #include #include #include #include #include #include #include "cipher.h" #include "key.h" #include "ssh.h" #include "log.h" #include "authfile.h" #include "rsa.h" #include "misc.h" #include "atomicio.h" #include "sshbuf.h" #include "ssherr.h" #include "pathnames.h" #define MAX_KEY_FILE_SIZE (1024 * 1024) /* Save a key blob to a file */ static int sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) { int fd, oerrno; if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) return SSH_ERR_SYSTEM_ERROR; if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { oerrno = errno; close(fd); unlink(filename); errno = oerrno; return SSH_ERR_SYSTEM_ERROR; } close(fd); return 0; } int sshkey_save_private(struct sshkey *key, const char *filename, const char *passphrase, const char *comment, int force_new_format, const char *new_format_cipher, int new_format_rounds) { struct sshbuf *keyblob = NULL; int r; if ((keyblob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, force_new_format, new_format_cipher, new_format_rounds)) != 0) goto out; if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) goto out; r = 0; out: sshbuf_free(keyblob); return r; } /* Load a key from a fd into a buffer */ int sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) { u_char buf[1024]; size_t len; struct stat st; int r; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) break; r = SSH_ERR_SYSTEM_ERROR; goto out; } if ((r = sshbuf_put(blob, buf, len)) != 0) goto out; if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { r = SSH_ERR_INVALID_FORMAT; goto out; } } if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size != (off_t)sshbuf_len(blob)) { r = SSH_ERR_FILE_CHANGED; goto out; } r = 0; out: explicit_bzero(buf, sizeof(buf)); if (r != 0) sshbuf_reset(blob); return r; } #ifdef WITH_SSH1 /* * Loads the public part of the ssh v1 key file. Returns NULL if an error was * encountered (the file does not exist or is not readable), and the key * otherwise. */ static int sshkey_load_public_rsa1(int fd, const char *filename, struct sshkey **keyp, char **commentp) { struct sshbuf *b = NULL; int r; *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_load_file(fd, filename, b)) != 0) goto out; if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) goto out; r = 0; out: sshbuf_free(b); return r; } #endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL /* XXX Deprecate? */ int sshkey_load_private_pem(int fd, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { struct sshbuf *buffer = NULL; int r; *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((buffer = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_load_file(fd, NULL, buffer)) != 0) goto out; if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase, keyp, commentp)) != 0) goto out; r = 0; out: sshbuf_free(buffer); return r; } #endif /* WITH_OPENSSL */ /* XXX remove error() calls from here? */ int sshkey_perm_ok(int fd, const char *filename) { struct stat st; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; /* * if a key owned by the user is accessed, then we check the * permissions of the file. if the key owned by a different user, * then we don't care. */ #ifdef HAVE_CYGWIN if (check_ntsec(filename)) #endif if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("Permissions 0%3.3o for '%s' are too open.", (u_int)st.st_mode & 0777, filename); error("It is recommended that your private key files are NOT accessible by others."); error("This private key will be ignored."); return SSH_ERR_KEY_BAD_PERMISSIONS; } return 0; } /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ int sshkey_load_private_type(int type, const char *filename, const char *passphrase, struct sshkey **keyp, char **commentp, int *perm_ok) { int fd, r; struct sshbuf *buffer = NULL; *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((fd = open(filename, O_RDONLY)) < 0) { if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; } if (sshkey_perm_ok(fd, filename) != 0) { if (perm_ok != NULL) *perm_ok = 0; r = SSH_ERR_KEY_BAD_PERMISSIONS; goto out; } if (perm_ok != NULL) *perm_ok = 1; if ((buffer = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshkey_load_file(fd, filename, buffer)) != 0) goto out; if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase, keyp, commentp)) != 0) goto out; r = 0; out: close(fd); if (buffer != NULL) sshbuf_free(buffer); return r; } /* XXX this is almost identical to sshkey_load_private_type() */ int sshkey_load_private(const char *filename, const char *passphrase, struct sshkey **keyp, char **commentp) { struct sshbuf *buffer = NULL; int r, fd; *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((fd = open(filename, O_RDONLY)) < 0) return SSH_ERR_SYSTEM_ERROR; if (sshkey_perm_ok(fd, filename) != 0) { r = SSH_ERR_KEY_BAD_PERMISSIONS; goto out; } if ((buffer = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshkey_load_file(fd, filename, buffer)) != 0 || (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, keyp, commentp)) != 0) goto out; r = 0; out: close(fd); if (buffer != NULL) sshbuf_free(buffer); return r; } static int sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) { FILE *f; char line[SSH_MAX_PUBKEY_BYTES]; char *cp; u_long linenum = 0; int r; if (commentp != NULL) *commentp = NULL; if ((f = fopen(filename, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; while (read_keyfile_line(f, filename, line, sizeof(line), &linenum) != -1) { cp = line; switch (*cp) { case '#': case '\n': case '\0': continue; } /* Abort loading if this looks like a private key */ if (strncmp(cp, "-----BEGIN", 10) == 0 || strcmp(cp, "SSH PRIVATE KEY FILE") == 0) break; /* Skip leading whitespace. */ for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) ; if (*cp) { if ((r = sshkey_read(k, &cp)) == 0) { cp[strcspn(cp, "\r\n")] = '\0'; if (commentp) { *commentp = strdup(*cp ? cp : filename); if (*commentp == NULL) r = SSH_ERR_ALLOC_FAIL; } fclose(f); return r; } } } fclose(f); return SSH_ERR_INVALID_FORMAT; } /* load public key from ssh v1 private or any pubkey file */ int sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) { struct sshkey *pub = NULL; char file[MAXPATHLEN]; int r, fd; if (keyp != NULL) *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((fd = open(filename, O_RDONLY)) < 0) goto skip; #ifdef WITH_SSH1 /* try rsa1 private key */ r = sshkey_load_public_rsa1(fd, filename, keyp, commentp); close(fd); switch (r) { case SSH_ERR_INTERNAL_ERROR: case SSH_ERR_ALLOC_FAIL: case SSH_ERR_INVALID_ARGUMENT: case SSH_ERR_SYSTEM_ERROR: case 0: return r; } #endif /* WITH_SSH1 */ /* try ssh2 public key */ if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { if (keyp != NULL) *keyp = pub; return 0; } sshkey_free(pub); #ifdef WITH_SSH1 /* try rsa1 public key */ if ((pub = sshkey_new(KEY_RSA1)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { if (keyp != NULL) *keyp = pub; return 0; } sshkey_free(pub); #endif /* WITH_SSH1 */ skip: /* try .pub suffix */ if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) return SSH_ERR_ALLOC_FAIL; r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && (strlcat(file, ".pub", sizeof file) < sizeof(file)) && (r = sshkey_try_load_public(pub, file, commentp)) == 0) { if (keyp != NULL) *keyp = pub; return 0; } sshkey_free(pub); return r; } char * blacklist_filename(const Key *key) { char *name; xasprintf(&name, "%s.%s-%u", _PATH_BLACKLIST, key_type(key), key_size(key)); return name; } /* Scan a blacklist of known-vulnerable keys. */ int blacklisted_key(Key *key) { char *blacklist_file; int fd = -1; char *dgst_hex = NULL; char *dgst_packed = NULL, *p; int i; size_t line_len; struct stat st; char buf[256]; off_t start, lower, upper; int ret = 0; blacklist_file = blacklist_filename(key); debug("Checking blacklist file %s", blacklist_file); fd = open(blacklist_file, O_RDONLY); if (fd < 0) goto out; dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); /* Remove all colons */ dgst_packed = xcalloc(1, strlen(dgst_hex) + 1); for (i = 0, p = dgst_packed; dgst_hex[i]; i++) if (dgst_hex[i] != ':') *p++ = dgst_hex[i]; /* Only compare least-significant 80 bits (to keep the blacklist * size down) */ line_len = strlen(dgst_packed + 12); if (line_len > 32) goto out; /* Skip leading comments */ start = 0; for (;;) { ssize_t r; char *newline; r = atomicio(read, fd, buf, 256); if (r <= 0) goto out; if (buf[0] != '#') break; newline = memchr(buf, '\n', 256); if (!newline) goto out; start += newline + 1 - buf; if (lseek(fd, start, SEEK_SET) < 0) goto out; } /* Initialise binary search record numbers */ if (fstat(fd, &st) < 0) goto out; lower = 0; upper = (st.st_size - start) / (line_len + 1); while (lower != upper) { off_t cur; char buf[32]; int cmp; cur = lower + (upper - lower) / 2; /* Read this line and compare to digest; this is * overflow-safe since cur < max(off_t) / (line_len + 1) */ if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0) break; if (atomicio(read, fd, buf, line_len) != line_len) break; cmp = memcmp(buf, dgst_packed + 12, line_len); if (cmp < 0) { if (cur == lower) break; lower = cur; } else if (cmp > 0) { if (cur == upper) break; upper = cur; } else { debug("Found %s in blacklist", dgst_hex); ret = 1; break; } } out: if (dgst_packed) xfree(dgst_packed); if (dgst_hex) xfree(dgst_hex); if (fd >= 0) close(fd); xfree(blacklist_file); return ret; } /* Load the certificate associated with the named private key */ int sshkey_load_cert(const char *filename, struct sshkey **keyp) { struct sshkey *pub = NULL; char *file = NULL; int r = SSH_ERR_INTERNAL_ERROR; *keyp = NULL; if (asprintf(&file, "%s-cert.pub", filename) == -1) return SSH_ERR_ALLOC_FAIL; if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { goto out; } if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) goto out; *keyp = pub; pub = NULL; r = 0; out: if (file != NULL) free(file); if (pub != NULL) sshkey_free(pub); return r; } /* Load private key and certificate */ int sshkey_load_private_cert(int type, const char *filename, const char *passphrase, struct sshkey **keyp, int *perm_ok) { struct sshkey *key = NULL, *cert = NULL; int r; *keyp = NULL; switch (type) { #ifdef WITH_OPENSSL case KEY_RSA: case KEY_DSA: case KEY_ECDSA: case KEY_ED25519: #endif /* WITH_OPENSSL */ case KEY_UNSPEC: break; default: return SSH_ERR_KEY_TYPE_UNKNOWN; } if ((r = sshkey_load_private_type(type, filename, passphrase, &key, NULL, perm_ok)) != 0 || (r = sshkey_load_cert(filename, &cert)) != 0) goto out; /* Make sure the private key matches the certificate */ if (sshkey_equal_public(key, cert) == 0) { r = SSH_ERR_KEY_CERT_MISMATCH; goto out; } if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 || (r = sshkey_cert_copy(cert, key)) != 0) goto out; r = 0; *keyp = key; key = NULL; out: if (key != NULL) sshkey_free(key); if (cert != NULL) sshkey_free(cert); return r; } /* * Returns success if the specified "key" is listed in the file "filename", * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. * If strict_type is set then the key type must match exactly, * otherwise a comparison that ignores certficiate data is performed. */ int sshkey_in_file(struct sshkey *key, const char *filename, int strict_type) { FILE *f; char line[SSH_MAX_PUBKEY_BYTES]; char *cp; u_long linenum = 0; int r = 0; struct sshkey *pub = NULL; int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = strict_type ? sshkey_equal : sshkey_equal_public; if ((f = fopen(filename, "r")) == NULL) { if (errno == ENOENT) return SSH_ERR_KEY_NOT_FOUND; else return SSH_ERR_SYSTEM_ERROR; } while (read_keyfile_line(f, filename, line, sizeof(line), &linenum) != -1) { cp = line; /* Skip leading whitespace. */ for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) ; /* Skip comments and empty lines */ switch (*cp) { case '#': case '\n': case '\0': continue; } if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshkey_read(pub, &cp)) != 0) goto out; if (sshkey_compare(key, pub)) { r = 0; goto out; } sshkey_free(pub); pub = NULL; } r = SSH_ERR_KEY_NOT_FOUND; out: if (pub != NULL) sshkey_free(pub); fclose(f); return r; }