1 /* $OpenBSD: authfile.c,v 1.109 2015/01/08 10:14:08 djm Exp $ */ 2 /* 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 27 #include <sys/types.h> 28 #include <sys/stat.h> 29 #include <sys/param.h> 30 #include <sys/uio.h> 31 32 #include <errno.h> 33 #include <fcntl.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <unistd.h> 38 39 #include "cipher.h" 40 #include "key.h" 41 #include "ssh.h" 42 #include "log.h" 43 #include "authfile.h" 44 #include "rsa.h" 45 #include "misc.h" 46 #include "atomicio.h" 47 #include "sshbuf.h" 48 #include "ssherr.h" 49 #include "krl.h" 50 51 #define MAX_KEY_FILE_SIZE (1024 * 1024) 52 53 /* Save a key blob to a file */ 54 static int 55 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 56 { 57 int fd, oerrno; 58 59 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) 60 return SSH_ERR_SYSTEM_ERROR; 61 if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), 62 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 63 oerrno = errno; 64 close(fd); 65 unlink(filename); 66 errno = oerrno; 67 return SSH_ERR_SYSTEM_ERROR; 68 } 69 close(fd); 70 return 0; 71 } 72 73 int 74 sshkey_save_private(struct sshkey *key, const char *filename, 75 const char *passphrase, const char *comment, 76 int force_new_format, const char *new_format_cipher, int new_format_rounds) 77 { 78 struct sshbuf *keyblob = NULL; 79 int r; 80 81 if ((keyblob = sshbuf_new()) == NULL) 82 return SSH_ERR_ALLOC_FAIL; 83 if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, 84 force_new_format, new_format_cipher, new_format_rounds)) != 0) 85 goto out; 86 if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) 87 goto out; 88 r = 0; 89 out: 90 sshbuf_free(keyblob); 91 return r; 92 } 93 94 /* Load a key from a fd into a buffer */ 95 int 96 sshkey_load_file(int fd, struct sshbuf *blob) 97 { 98 u_char buf[1024]; 99 size_t len; 100 struct stat st; 101 int r; 102 103 if (fstat(fd, &st) < 0) 104 return SSH_ERR_SYSTEM_ERROR; 105 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 106 st.st_size > MAX_KEY_FILE_SIZE) 107 return SSH_ERR_INVALID_FORMAT; 108 for (;;) { 109 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { 110 if (errno == EPIPE) 111 break; 112 r = SSH_ERR_SYSTEM_ERROR; 113 goto out; 114 } 115 if ((r = sshbuf_put(blob, buf, len)) != 0) 116 goto out; 117 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { 118 r = SSH_ERR_INVALID_FORMAT; 119 goto out; 120 } 121 } 122 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 123 st.st_size != (off_t)sshbuf_len(blob)) { 124 r = SSH_ERR_FILE_CHANGED; 125 goto out; 126 } 127 r = 0; 128 129 out: 130 explicit_bzero(buf, sizeof(buf)); 131 if (r != 0) 132 sshbuf_reset(blob); 133 return r; 134 } 135 136 #ifdef WITH_SSH1 137 /* 138 * Loads the public part of the ssh v1 key file. Returns NULL if an error was 139 * encountered (the file does not exist or is not readable), and the key 140 * otherwise. 141 */ 142 static int 143 sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) 144 { 145 struct sshbuf *b = NULL; 146 int r; 147 148 *keyp = NULL; 149 if (commentp != NULL) 150 *commentp = NULL; 151 152 if ((b = sshbuf_new()) == NULL) 153 return SSH_ERR_ALLOC_FAIL; 154 if ((r = sshkey_load_file(fd, b)) != 0) 155 goto out; 156 if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) 157 goto out; 158 r = 0; 159 out: 160 sshbuf_free(b); 161 return r; 162 } 163 #endif /* WITH_SSH1 */ 164 165 /* XXX remove error() calls from here? */ 166 int 167 sshkey_perm_ok(int fd, const char *filename) 168 { 169 struct stat st; 170 171 if (fstat(fd, &st) < 0) 172 return SSH_ERR_SYSTEM_ERROR; 173 /* 174 * if a key owned by the user is accessed, then we check the 175 * permissions of the file. if the key owned by a different user, 176 * then we don't care. 177 */ 178 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { 179 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 180 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); 181 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 182 error("Permissions 0%3.3o for '%s' are too open.", 183 (u_int)st.st_mode & 0777, filename); 184 error("It is recommended that your private key files are NOT accessible by others."); 185 error("This private key will be ignored."); 186 return SSH_ERR_KEY_BAD_PERMISSIONS; 187 } 188 return 0; 189 } 190 191 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ 192 int 193 sshkey_load_private_type(int type, const char *filename, const char *passphrase, 194 struct sshkey **keyp, char **commentp, int *perm_ok) 195 { 196 int fd, r; 197 198 *keyp = NULL; 199 if (commentp != NULL) 200 *commentp = NULL; 201 202 if ((fd = open(filename, O_RDONLY)) < 0) { 203 if (perm_ok != NULL) 204 *perm_ok = 0; 205 return SSH_ERR_SYSTEM_ERROR; 206 } 207 if (sshkey_perm_ok(fd, filename) != 0) { 208 if (perm_ok != NULL) 209 *perm_ok = 0; 210 r = SSH_ERR_KEY_BAD_PERMISSIONS; 211 goto out; 212 } 213 if (perm_ok != NULL) 214 *perm_ok = 1; 215 216 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); 217 out: 218 close(fd); 219 return r; 220 } 221 222 int 223 sshkey_load_private_type_fd(int fd, int type, const char *passphrase, 224 struct sshkey **keyp, char **commentp) 225 { 226 struct sshbuf *buffer = NULL; 227 int r; 228 229 if ((buffer = sshbuf_new()) == NULL) { 230 r = SSH_ERR_ALLOC_FAIL; 231 goto out; 232 } 233 if ((r = sshkey_load_file(fd, buffer)) != 0 || 234 (r = sshkey_parse_private_fileblob_type(buffer, type, 235 passphrase, keyp, commentp)) != 0) 236 goto out; 237 238 /* success */ 239 r = 0; 240 out: 241 if (buffer != NULL) 242 sshbuf_free(buffer); 243 return r; 244 } 245 246 /* XXX this is almost identical to sshkey_load_private_type() */ 247 int 248 sshkey_load_private(const char *filename, const char *passphrase, 249 struct sshkey **keyp, char **commentp) 250 { 251 struct sshbuf *buffer = NULL; 252 int r, fd; 253 254 *keyp = NULL; 255 if (commentp != NULL) 256 *commentp = NULL; 257 258 if ((fd = open(filename, O_RDONLY)) < 0) 259 return SSH_ERR_SYSTEM_ERROR; 260 if (sshkey_perm_ok(fd, filename) != 0) { 261 r = SSH_ERR_KEY_BAD_PERMISSIONS; 262 goto out; 263 } 264 265 if ((buffer = sshbuf_new()) == NULL) { 266 r = SSH_ERR_ALLOC_FAIL; 267 goto out; 268 } 269 if ((r = sshkey_load_file(fd, buffer)) != 0 || 270 (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, 271 keyp, commentp)) != 0) 272 goto out; 273 r = 0; 274 out: 275 close(fd); 276 if (buffer != NULL) 277 sshbuf_free(buffer); 278 return r; 279 } 280 281 static int 282 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) 283 { 284 FILE *f; 285 char line[SSH_MAX_PUBKEY_BYTES]; 286 char *cp; 287 u_long linenum = 0; 288 int r; 289 290 if (commentp != NULL) 291 *commentp = NULL; 292 if ((f = fopen(filename, "r")) == NULL) 293 return SSH_ERR_SYSTEM_ERROR; 294 while (read_keyfile_line(f, filename, line, sizeof(line), 295 &linenum) != -1) { 296 cp = line; 297 switch (*cp) { 298 case '#': 299 case '\n': 300 case '\0': 301 continue; 302 } 303 /* Abort loading if this looks like a private key */ 304 if (strncmp(cp, "-----BEGIN", 10) == 0 || 305 strcmp(cp, "SSH PRIVATE KEY FILE") == 0) 306 break; 307 /* Skip leading whitespace. */ 308 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 309 ; 310 if (*cp) { 311 if ((r = sshkey_read(k, &cp)) == 0) { 312 cp[strcspn(cp, "\r\n")] = '\0'; 313 if (commentp) { 314 *commentp = strdup(*cp ? 315 cp : filename); 316 if (*commentp == NULL) 317 r = SSH_ERR_ALLOC_FAIL; 318 } 319 fclose(f); 320 return r; 321 } 322 } 323 } 324 fclose(f); 325 return SSH_ERR_INVALID_FORMAT; 326 } 327 328 /* load public key from ssh v1 private or any pubkey file */ 329 int 330 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) 331 { 332 struct sshkey *pub = NULL; 333 char file[MAXPATHLEN]; 334 int r, fd; 335 336 if (keyp != NULL) 337 *keyp = NULL; 338 if (commentp != NULL) 339 *commentp = NULL; 340 341 if ((fd = open(filename, O_RDONLY)) < 0) 342 goto skip; 343 #ifdef WITH_SSH1 344 /* try rsa1 private key */ 345 r = sshkey_load_public_rsa1(fd, keyp, commentp); 346 close(fd); 347 switch (r) { 348 case SSH_ERR_INTERNAL_ERROR: 349 case SSH_ERR_ALLOC_FAIL: 350 case SSH_ERR_INVALID_ARGUMENT: 351 case SSH_ERR_SYSTEM_ERROR: 352 case 0: 353 return r; 354 } 355 #endif /* WITH_SSH1 */ 356 357 /* try ssh2 public key */ 358 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 359 return SSH_ERR_ALLOC_FAIL; 360 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 361 if (keyp != NULL) 362 *keyp = pub; 363 return 0; 364 } 365 sshkey_free(pub); 366 367 #ifdef WITH_SSH1 368 /* try rsa1 public key */ 369 if ((pub = sshkey_new(KEY_RSA1)) == NULL) 370 return SSH_ERR_ALLOC_FAIL; 371 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 372 if (keyp != NULL) 373 *keyp = pub; 374 return 0; 375 } 376 sshkey_free(pub); 377 #endif /* WITH_SSH1 */ 378 379 skip: 380 /* try .pub suffix */ 381 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 382 return SSH_ERR_ALLOC_FAIL; 383 r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ 384 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && 385 (strlcat(file, ".pub", sizeof file) < sizeof(file)) && 386 (r = sshkey_try_load_public(pub, file, commentp)) == 0) { 387 if (keyp != NULL) 388 *keyp = pub; 389 return 0; 390 } 391 sshkey_free(pub); 392 return r; 393 } 394 395 /* Load the certificate associated with the named private key */ 396 int 397 sshkey_load_cert(const char *filename, struct sshkey **keyp) 398 { 399 struct sshkey *pub = NULL; 400 char *file = NULL; 401 int r = SSH_ERR_INTERNAL_ERROR; 402 403 *keyp = NULL; 404 405 if (asprintf(&file, "%s-cert.pub", filename) == -1) 406 return SSH_ERR_ALLOC_FAIL; 407 408 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 409 goto out; 410 } 411 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) 412 goto out; 413 414 *keyp = pub; 415 pub = NULL; 416 r = 0; 417 418 out: 419 if (file != NULL) 420 free(file); 421 if (pub != NULL) 422 sshkey_free(pub); 423 return r; 424 } 425 426 /* Load private key and certificate */ 427 int 428 sshkey_load_private_cert(int type, const char *filename, const char *passphrase, 429 struct sshkey **keyp, int *perm_ok) 430 { 431 struct sshkey *key = NULL, *cert = NULL; 432 int r; 433 434 *keyp = NULL; 435 436 switch (type) { 437 #ifdef WITH_OPENSSL 438 case KEY_RSA: 439 case KEY_DSA: 440 case KEY_ECDSA: 441 case KEY_ED25519: 442 #endif /* WITH_OPENSSL */ 443 case KEY_UNSPEC: 444 break; 445 default: 446 return SSH_ERR_KEY_TYPE_UNKNOWN; 447 } 448 449 if ((r = sshkey_load_private_type(type, filename, 450 passphrase, &key, NULL, perm_ok)) != 0 || 451 (r = sshkey_load_cert(filename, &cert)) != 0) 452 goto out; 453 454 /* Make sure the private key matches the certificate */ 455 if (sshkey_equal_public(key, cert) == 0) { 456 r = SSH_ERR_KEY_CERT_MISMATCH; 457 goto out; 458 } 459 460 if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 || 461 (r = sshkey_cert_copy(cert, key)) != 0) 462 goto out; 463 r = 0; 464 *keyp = key; 465 key = NULL; 466 out: 467 if (key != NULL) 468 sshkey_free(key); 469 if (cert != NULL) 470 sshkey_free(cert); 471 return r; 472 } 473 474 /* 475 * Returns success if the specified "key" is listed in the file "filename", 476 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. 477 * If "strict_type" is set then the key type must match exactly, 478 * otherwise a comparison that ignores certficiate data is performed. 479 * If "check_ca" is set and "key" is a certificate, then its CA key is 480 * also checked and sshkey_in_file() will return success if either is found. 481 */ 482 int 483 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, 484 int check_ca) 485 { 486 FILE *f; 487 char line[SSH_MAX_PUBKEY_BYTES]; 488 char *cp; 489 u_long linenum = 0; 490 int r = 0; 491 struct sshkey *pub = NULL; 492 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = 493 strict_type ? sshkey_equal : sshkey_equal_public; 494 495 if ((f = fopen(filename, "r")) == NULL) 496 return SSH_ERR_SYSTEM_ERROR; 497 498 while (read_keyfile_line(f, filename, line, sizeof(line), 499 &linenum) != -1) { 500 cp = line; 501 502 /* Skip leading whitespace. */ 503 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 504 ; 505 506 /* Skip comments and empty lines */ 507 switch (*cp) { 508 case '#': 509 case '\n': 510 case '\0': 511 continue; 512 } 513 514 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 515 r = SSH_ERR_ALLOC_FAIL; 516 goto out; 517 } 518 if ((r = sshkey_read(pub, &cp)) != 0) 519 goto out; 520 if (sshkey_compare(key, pub) || 521 (check_ca && sshkey_is_cert(key) && 522 sshkey_compare(key->cert->signature_key, pub))) { 523 r = 0; 524 goto out; 525 } 526 sshkey_free(pub); 527 pub = NULL; 528 } 529 r = SSH_ERR_KEY_NOT_FOUND; 530 out: 531 if (pub != NULL) 532 sshkey_free(pub); 533 fclose(f); 534 return r; 535 } 536 537 /* 538 * Checks whether the specified key is revoked, returning 0 if not, 539 * SSH_ERR_KEY_REVOKED if it is or another error code if something 540 * unexpected happened. 541 * This will check both the key and, if it is a certificate, its CA key too. 542 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. 543 */ 544 int 545 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) 546 { 547 int r; 548 549 #ifdef WITH_OPENSSL 550 r = ssh_krl_file_contains_key(revoked_keys_file, key); 551 /* If this was not a KRL to begin with then continue below */ 552 if (r != SSH_ERR_KRL_BAD_MAGIC) 553 return r; 554 #endif 555 556 /* 557 * If the file is not a KRL or we can't handle KRLs then attempt to 558 * parse the file as a flat list of keys. 559 */ 560 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { 561 case 0: 562 /* Key found => revoked */ 563 return SSH_ERR_KEY_REVOKED; 564 case SSH_ERR_KEY_NOT_FOUND: 565 /* Key not found => not revoked */ 566 return 0; 567 default: 568 /* Some other error occurred */ 569 return r; 570 } 571 } 572 573