1/*
2 * ProFTPD - mod_sftp
3 * Copyright (c) 2008-2020 TJ Saunders
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA.
18 *
19 * As a special exemption, TJ Saunders and other respective copyright holders
20 * give permission to link this program with OpenSSL, and distribute the
21 * resulting executable, without including the source code for OpenSSL in the
22 * source distribution.
23 */
24
25#ifndef MOD_SFTP_H
26#define MOD_SFTP_H
27
28#include "conf.h"
29#include "privs.h"
30
31#include <signal.h>
32
33#if HAVE_MLOCK
34# include <sys/mman.h>
35#endif
36
37#if HAVE_SYS_UIO_H
38# include <sys/uio.h>
39#endif
40
41#ifndef MAX
42# define MAX(x, y) (((x) > (y)) ? (x) : (y))
43# define MIN(x, y) (((x) < (y)) ? (x) : (y))
44#endif
45
46/* Define if you have the <zlib.h> header.  */
47#undef HAVE_ZLIB_H
48
49/* Define if you have OpenSSL with crippled AES support. */
50#undef HAVE_AES_CRIPPLED_OPENSSL
51
52/* Define if you have OpenSSL with EVP_aes_256_ctr support. */
53#undef HAVE_EVP_AES_256_CTR_OPENSSL
54
55/* Define if you have OpenSSL with SHA256 support. */
56#undef HAVE_SHA256_OPENSSL
57
58/* Define if you have OpenSSL with SHA512 support. */
59#undef HAVE_SHA512_OPENSSL
60
61#define MOD_SFTP_VERSION	"mod_sftp/1.0.1"
62
63/* Make sure the version of proftpd is as necessary. */
64#if PROFTPD_VERSION_NUMBER < 0x0001030402
65# error "ProFTPD 1.3.4rc2 or later required"
66#endif
67
68#include <openssl/bio.h>
69#if !defined(OPENSSL_NO_BF)
70# include <openssl/blowfish.h>
71#endif /* !OPENSSL_NO_BF */
72#include <openssl/bn.h>
73#include <openssl/conf.h>
74#if !defined(OPENSSL_NO_DES)
75# include <openssl/des.h>
76#endif /* !OPENSSL_NO_DES */
77#include <openssl/evp.h>
78#include <openssl/hmac.h>
79#include <openssl/x509v3.h>
80#include <openssl/err.h>
81#include <openssl/rand.h>
82#include <openssl/pem.h>
83#if !defined(OPENSSL_NO_DSA)
84# include <openssl/dsa.h>
85#endif /* !OPENSSL_NO_DSA */
86#include <openssl/rsa.h>
87#if OPENSSL_VERSION_NUMBER > 0x000907000L
88# include <openssl/aes.h>
89# include <openssl/engine.h>
90# include <openssl/ocsp.h>
91#endif
92#ifdef PR_USE_OPENSSL_ECC
93# include <openssl/ec.h>
94# include <openssl/ecdh.h>
95#endif /* PR_USE_OPENSSL_ECC */
96
97/* Define if you have the LibreSSL library.  */
98#if defined(LIBRESSL_VERSION_NUMBER)
99# define HAVE_LIBRESSL	1
100#endif
101
102#define SFTP_ID_PREFIX		"SSH-2.0-"
103
104/* Omit the version information in the default banner.  Sites wishing to use
105 * or see that version information can configure it explicitly via ServerIdent.
106 */
107#define SFTP_ID_DEFAULT_STRING	SFTP_ID_PREFIX "mod_sftp"
108
109/* mod_sftp session state flags */
110#define SFTP_SESS_STATE_HAVE_KEX	0x00001
111#define SFTP_SESS_STATE_HAVE_SERVICE	0x00002
112#define SFTP_SESS_STATE_HAVE_AUTH	0x00004
113#define SFTP_SESS_STATE_REKEYING	0x00008
114#define SFTP_SESS_STATE_HAVE_EXT_INFO	0x00010
115
116/* mod_sftp option flags */
117#define SFTP_OPT_IGNORE_SFTP_UPLOAD_PERMS	0x00001
118#define SFTP_OPT_IGNORE_SCP_UPLOAD_PERMS	0x00002
119#define SFTP_OPT_PESSIMISTIC_KEXINIT		0x00004
120#define SFTP_OPT_OLD_PROTO_COMPAT		0x00008
121#define SFTP_OPT_MATCH_KEY_SUBJECT		0x00010
122#define SFTP_OPT_IGNORE_SFTP_SET_PERMS		0x00020
123#define SFTP_OPT_IGNORE_SFTP_SET_TIMES		0x00040
124#define SFTP_OPT_IGNORE_SFTP_SET_OWNERS		0x00080
125#define SFTP_OPT_IGNORE_SCP_UPLOAD_TIMES	0x00100
126#define SFTP_OPT_ALLOW_INSECURE_LOGIN		0x00200
127#define SFTP_OPT_INSECURE_HOSTKEY_PERMS		0x00400
128#define SFTP_OPT_ALLOW_WEAK_DH			0x00800
129#define SFTP_OPT_IGNORE_FIFOS			0x01000
130#define SFTP_OPT_IGNORE_SFTP_UPLOAD_XATTRS	0x02000
131#define SFTP_OPT_IGNORE_SFTP_SET_XATTRS		0x04000
132#define SFTP_OPT_INCLUDE_SFTP_TIMES		0x08000
133#define SFTP_OPT_NO_EXT_INFO			0x10000
134
135/* mod_sftp service flags */
136#define SFTP_SERVICE_FL_SFTP		0x0001
137#define SFTP_SERVICE_FL_SCP		0x0002
138#define SFTP_SERVICE_FL_DATE		0x0004
139
140#define SFTP_SERVICE_DEFAULT \
141	(SFTP_SERVICE_FL_SFTP|SFTP_SERVICE_FL_SCP)
142
143/* mod_sftp roles */
144#define SFTP_ROLE_SERVER		1
145#define SFTP_ROLE_CLIENT		2
146
147/* Miscellaneous */
148extern int sftp_logfd;
149extern const char *sftp_logname;
150extern pool *sftp_pool;
151extern conn_t *sftp_conn;
152extern unsigned int sftp_sess_state;
153extern unsigned long sftp_opts;
154extern unsigned int sftp_services;
155
156/* Used by other SFTP modules (e.g. mod_sftp_pam) for sending USERAUTH_BANNER
157 * messages to the client.
158 */
159int sftp_auth_send_banner(const char *);
160
161/* API for modules that which to register "keyboard-interactive" auth
162 * drivers (see RFC4256).
163 */
164
165typedef struct {
166  const char *challenge;
167
168  /* TRUE or FALSE, depending on whether the user's response should be
169   * displayed back to them (TRUE), or hidden (FALSE).
170   */
171  char display_response;
172
173} sftp_kbdint_challenge_t;
174
175typedef struct kbdint_st {
176  const char *driver_name;
177
178  /* Memory pool for this driver */
179  pool *driver_pool;
180
181  /* Arbitrary driver-specific data */
182  void *driver_data;
183
184  /* Open the driver for authentication. The user argument is the name of the
185   * user being authenticated.  Returns zero on success, -1 otherwise
186   * (with errno set appropriately).
187   */
188  int (*open)(struct kbdint_st *driver, const char *user);
189
190  /* Authenticate the given user.  The driver can use the following
191   * functions for writing and reading the driver challenge/response data
192   * to and from the client:
193   *
194   *   sftp_kbdint_send_challenge()
195   *   sftp_kbdint_read_response()
196   *
197   * The array_header argument to the read_response() function will be
198   * populated with strings from the client.
199   *
200   * Returns zero on success, -1 otherwise (with errno set appropriately).
201   */
202  int (*authenticate)(struct kbdint_st *driver, const char *user);
203
204  /* Close the driver, clean up any allocated resources.  Returns
205   * zero on success, -1 otherwise (with errno set appropriately).
206   */
207  int (*close)(struct kbdint_st *driver);
208
209} sftp_kbdint_driver_t;
210
211int sftp_kbdint_register_driver(const char *name, sftp_kbdint_driver_t *driver);
212int sftp_kbdint_unregister_driver(const char *name);
213int sftp_kbdint_send_challenge(const char *, const char *, uint32_t,
214  sftp_kbdint_challenge_t *);
215int sftp_kbdint_recv_response(pool *, uint32_t, uint32_t *,
216  const char ***);
217
218/* API for modules that which to register keystores, for the
219 * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives.
220 */
221
222typedef struct keystore_st {
223  /* Memory pool for this keystore. */
224  pool *keystore_pool;
225
226  /* Arbitrary keystore-specific data. */
227  void *keystore_data;
228
229  /* The type of keys (host, user) that this store can handle. */
230  unsigned int store_ktypes;
231
232  /* Verify the given host key.  Returns zero on success, -1 otherwise. */
233  int (*verify_host_key)(struct keystore_st *store, pool *p, const char *user,
234    const char *host_fqdn, const char *host_user, unsigned char *host_key,
235    uint32_t host_keylen);
236
237  /* Verify the given user key.  Returns zero on success, -1 otherwise. */
238  int (*verify_user_key)(struct keystore_st *store, pool *p, const char *user,
239    unsigned char *user_key, uint32_t user_keylen);
240
241  /* Close this keystore, clean up any allocated resources.  Returns
242   * zero on success, -1 otherwise (with errno set appropriately).
243   */
244  int (*store_close)(struct keystore_st *store);
245
246} sftp_keystore_t;
247
248#define SFTP_SSH2_HOST_KEY_STORE	0x01
249#define SFTP_SSH2_USER_KEY_STORE	0x02
250
251int sftp_keystore_register_store(const char *,
252  sftp_keystore_t *(*store_open)(pool *, int, const char *, const char *),
253  unsigned int);
254int sftp_keystore_unregister_store(const char *, unsigned int);
255
256/* For use by keystore backend modules. */
257int sftp_keys_compare_keys(pool *, unsigned char *, uint32_t, unsigned char *,
258  uint32_t);
259
260/* These strings are part of any RFC4716 key; thus they will be needed by
261 * any keystore backend modules.
262 */
263#define SFTP_SSH2_PUBKEY_BEGIN_MARKER   "---- BEGIN SSH2 PUBLIC KEY ----"
264#define SFTP_SSH2_PUBKEY_END_MARKER     "---- END SSH2 PUBLIC KEY ----"
265
266/* For use by other SFTP modules. */
267const char *sftp_crypto_get_errors(void);
268
269/* For use by other modules to register 'exec' channel request handlers.
270 *
271 * Note that the implementation currently assumes that the registering module
272 * is registering its callbacks from a session process, i.e. post-fork(2).
273 * That is why there is no corresponding unregister function at present.
274 */
275int sftp_channel_register_exec_handler(module *, const char *,
276  int (*set_params)(pool *, uint32_t, array_header *),
277  int (*prep_chan)(uint32_t),
278  int (*postopen_chan)(uint32_t),
279  int (*handle_pkt)(pool *, void *, uint32_t, unsigned char *, uint32_t),
280  int (*finish_chan)(uint32_t),
281  int (**write_data)(pool *, uint32_t, unsigned char *, uint32_t));
282
283#endif
284