1/* $NetBSD: authfile.c,v 1.21 2019/04/20 17:16:40 christos Exp $ */
2/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
3/*
4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include "includes.h"
28__RCSID("$NetBSD: authfile.c,v 1.21 2019/04/20 17:16:40 christos Exp $");
29#include <sys/types.h>
30#include <sys/stat.h>
31#include <sys/uio.h>
32
33#include <errno.h>
34#include <fcntl.h>
35#include <stdio.h>
36#include <stdlib.h>
37#include <string.h>
38#include <unistd.h>
39#include <limits.h>
40
41#include "cipher.h"
42#include "ssh.h"
43#include "log.h"
44#include "authfile.h"
45#include "misc.h"
46#include "atomicio.h"
47#include "sshkey.h"
48#include "sshbuf.h"
49#include "ssherr.h"
50#include "krl.h"
51
52#define MAX_KEY_FILE_SIZE (1024 * 1024)
53
54/* Save a key blob to a file */
55static int
56sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57{
58 int fd, oerrno;
59
60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
61 return SSH_ERR_SYSTEM_ERROR;
62 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
64 oerrno = errno;
65 close(fd);
66 unlink(filename);
67 errno = oerrno;
68 return SSH_ERR_SYSTEM_ERROR;
69 }
70 close(fd);
71 return 0;
72}
73
74int
75sshkey_save_private(struct sshkey *key, const char *filename,
76 const char *passphrase, const char *comment,
77 int force_new_format, const char *new_format_cipher, int new_format_rounds)
78{
79 struct sshbuf *keyblob = NULL;
80 int r;
81
82 if ((keyblob = sshbuf_new()) == NULL)
83 return SSH_ERR_ALLOC_FAIL;
84 if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
85 force_new_format, new_format_cipher, new_format_rounds)) != 0)
86 goto out;
87 if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
88 goto out;
89 r = 0;
90 out:
91 sshbuf_free(keyblob);
92 return r;
93}
94
95/* Load a key from a fd into a buffer */
96int
97sshkey_load_file(int fd, struct sshbuf *blob)
98{
99 u_char buf[1024];
100 size_t len;
101 struct stat st;
102 int r;
103
104 if (fstat(fd, &st) < 0)
105 return SSH_ERR_SYSTEM_ERROR;
106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
107 st.st_size > MAX_KEY_FILE_SIZE)
108 return SSH_ERR_INVALID_FORMAT;
109 for (;;) {
110 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
111 if (errno == EPIPE)
112 break;
113 r = SSH_ERR_SYSTEM_ERROR;
114 goto out;
115 }
116 if ((r = sshbuf_put(blob, buf, len)) != 0)
117 goto out;
118 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
119 r = SSH_ERR_INVALID_FORMAT;
120 goto out;
121 }
122 }
123 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
124 st.st_size != (off_t)sshbuf_len(blob)) {
125 r = SSH_ERR_FILE_CHANGED;
126 goto out;
127 }
128 r = 0;
129
130 out:
131 explicit_bzero(buf, sizeof(buf));
132 if (r != 0)
133 sshbuf_reset(blob);
134 return r;
135}
136
137
138/* XXX remove error() calls from here? */
139int
140sshkey_perm_ok(int fd, const char *filename)
141{
142 struct stat st;
143
144 if (fstat(fd, &st) < 0)
145 return SSH_ERR_SYSTEM_ERROR;
146 /*
147 * if a key owned by the user is accessed, then we check the
148 * permissions of the file. if the key owned by a different user,
149 * then we don't care.
150 */
151 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
152 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
153 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
154 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
155 error("Permissions 0%3.3o for '%s' are too open.",
156 (u_int)st.st_mode & 0777, filename);
157 error("It is required that your private key files are NOT accessible by others.");
158 error("This private key will be ignored.");
159 return SSH_ERR_KEY_BAD_PERMISSIONS;
160 }
161 return 0;
162}
163
164/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
165int
166sshkey_load_private_type(int type, const char *filename, const char *passphrase,
167 struct sshkey **keyp, char **commentp, int *perm_ok)
168{
169 int fd, r;
170
171 if (keyp != NULL)
172 *keyp = NULL;
173 if (commentp != NULL)
174 *commentp = NULL;
175
176 if ((fd = open(filename, O_RDONLY)) < 0) {
177 if (perm_ok != NULL)
178 *perm_ok = 0;
179 return SSH_ERR_SYSTEM_ERROR;
180 }
181 if (sshkey_perm_ok(fd, filename) != 0) {
182 if (perm_ok != NULL)
183 *perm_ok = 0;
184 r = SSH_ERR_KEY_BAD_PERMISSIONS;
185 goto out;
186 }
187 if (perm_ok != NULL)
188 *perm_ok = 1;
189
190 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
191 if (r == 0 && keyp && *keyp)
192 r = sshkey_set_filename(*keyp, filename);
193 out:
194 close(fd);
195 return r;
196}
197
198int
199sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
200 struct sshkey **keyp, char **commentp)
201{
202 struct sshbuf *buffer = NULL;
203 int r;
204
205 if (keyp != NULL)
206 *keyp = NULL;
207 if ((buffer = sshbuf_new()) == NULL) {
208 r = SSH_ERR_ALLOC_FAIL;
209 goto out;
210 }
211 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
212 (r = sshkey_parse_private_fileblob_type(buffer, type,
213 passphrase, keyp, commentp)) != 0)
214 goto out;
215
216 /* success */
217 r = 0;
218 out:
219 sshbuf_free(buffer);
220 return r;
221}
222
223/* XXX this is almost identical to sshkey_load_private_type() */
224int
225sshkey_load_private(const char *filename, const char *passphrase,
226 struct sshkey **keyp, char **commentp)
227{
228 struct sshbuf *buffer = NULL;
229 int r, fd;
230
231 if (keyp != NULL)
232 *keyp = NULL;
233 if (commentp != NULL)
234 *commentp = NULL;
235
236 if ((fd = open(filename, O_RDONLY)) < 0)
237 return SSH_ERR_SYSTEM_ERROR;
238 if (sshkey_perm_ok(fd, filename) != 0) {
239 r = SSH_ERR_KEY_BAD_PERMISSIONS;
240 goto out;
241 }
242
243 if ((buffer = sshbuf_new()) == NULL) {
244 r = SSH_ERR_ALLOC_FAIL;
245 goto out;
246 }
247 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
248 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
249 commentp)) != 0)
250 goto out;
251 if (keyp && *keyp &&
252 (r = sshkey_set_filename(*keyp, filename)) != 0)
253 goto out;
254 r = 0;
255 out:
256 close(fd);
257 sshbuf_free(buffer);
258 return r;
259}
260
261static int
262sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
263{
264 FILE *f;
265 char *line = NULL, *cp;
266 size_t linesize = 0;
267 int r;
268
269 if (commentp != NULL)
270 *commentp = NULL;
271 if ((f = fopen(filename, "r")) == NULL)
272 return SSH_ERR_SYSTEM_ERROR;
273 while (getline(&line, &linesize, f) != -1) {
274 cp = line;
275 switch (*cp) {
276 case '#':
277 case '\n':
278 case '\0':
279 continue;
280 }
281 /* Abort loading if this looks like a private key */
282 if (strncmp(cp, "-----BEGIN", 10) == 0 ||
283 strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
284 break;
285 /* Skip leading whitespace. */
286 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
287 ;
288 if (*cp) {
289 if ((r = sshkey_read(k, &cp)) == 0) {
290 cp[strcspn(cp, "\r\n")] = '\0';
291 if (commentp) {
292 *commentp = strdup(*cp ?
293 cp : filename);
294 if (*commentp == NULL)
295 r = SSH_ERR_ALLOC_FAIL;
296 }
297 free(line);
298 fclose(f);
299 return r;
300 }
301 }
302 }
303 free(line);
304 fclose(f);
305 return SSH_ERR_INVALID_FORMAT;
306}
307
308/* load public key from any pubkey file */
309int
310sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
311{
312 struct sshkey *pub = NULL;
313 char *file = NULL;
314 int r;
315
316 if (keyp != NULL)
317 *keyp = NULL;
318 if (commentp != NULL)
319 *commentp = NULL;
320
321 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
322 return SSH_ERR_ALLOC_FAIL;
323 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
324 if (keyp != NULL) {
325 *keyp = pub;
326 pub = NULL;
327 }
328 r = 0;
329 goto out;
330 }
331 sshkey_free(pub);
332
333 /* try .pub suffix */
334 if (asprintf(&file, "%s.pub", filename) == -1)
335 return SSH_ERR_ALLOC_FAIL;
336 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
337 r = SSH_ERR_ALLOC_FAIL;
338 goto out;
339 }
340 if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) {
341 if (keyp != NULL) {
342 *keyp = pub;
343 pub = NULL;
344 }
345 r = 0;
346 }
347 out:
348 free(file);
349 sshkey_free(pub);
350 return r;
351}
352
353/* Load the certificate associated with the named private key */
354int
355sshkey_load_cert(const char *filename, struct sshkey **keyp)
356{
357 struct sshkey *pub = NULL;
358 char *file = NULL;
359 int r = SSH_ERR_INTERNAL_ERROR;
360
361 if (keyp != NULL)
362 *keyp = NULL;
363
364 if (asprintf(&file, "%s-cert.pub", filename) == -1)
365 return SSH_ERR_ALLOC_FAIL;
366
367 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
368 goto out;
369 }
370 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
371 goto out;
372 /* success */
373 if (keyp != NULL) {
374 *keyp = pub;
375 pub = NULL;
376 }
377 r = 0;
378 out:
379 free(file);
380 sshkey_free(pub);
381 return r;
382}
383
384/* Load private key and certificate */
385int
386sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
387 struct sshkey **keyp, int *perm_ok)
388{
389 struct sshkey *key = NULL, *cert = NULL;
390 int r;
391
392 if (keyp != NULL)
393 *keyp = NULL;
394
395 switch (type) {
396#ifdef WITH_OPENSSL
397 case KEY_RSA:
398 case KEY_DSA:
399 case KEY_ECDSA:
400#endif /* WITH_OPENSSL */
401 case KEY_ED25519:
402 case KEY_XMSS:
403 case KEY_UNSPEC:
404 break;
405 default:
406 return SSH_ERR_KEY_TYPE_UNKNOWN;
407 }
408
409 if ((r = sshkey_load_private_type(type, filename,
410 passphrase, &key, NULL, perm_ok)) != 0 ||
411 (r = sshkey_load_cert(filename, &cert)) != 0)
412 goto out;
413
414 /* Make sure the private key matches the certificate */
415 if (sshkey_equal_public(key, cert) == 0) {
416 r = SSH_ERR_KEY_CERT_MISMATCH;
417 goto out;
418 }
419
420 if ((r = sshkey_to_certified(key)) != 0 ||
421 (r = sshkey_cert_copy(cert, key)) != 0)
422 goto out;
423 r = 0;
424 if (keyp != NULL) {
425 *keyp = key;
426 key = NULL;
427 }
428 out:
429 sshkey_free(key);
430 sshkey_free(cert);
431 return r;
432}
433
434/*
435 * Returns success if the specified "key" is listed in the file "filename",
436 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
437 * If "strict_type" is set then the key type must match exactly,
438 * otherwise a comparison that ignores certficiate data is performed.
439 * If "check_ca" is set and "key" is a certificate, then its CA key is
440 * also checked and sshkey_in_file() will return success if either is found.
441 */
442int
443sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
444 int check_ca)
445{
446 FILE *f;
447 char *line = NULL, *cp;
448 size_t linesize = 0;
449 int r = 0;
450 struct sshkey *pub = NULL;
451
452 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
453 strict_type ? sshkey_equal : sshkey_equal_public;
454
455 if ((f = fopen(filename, "r")) == NULL)
456 return SSH_ERR_SYSTEM_ERROR;
457
458 while (getline(&line, &linesize, f) != -1) {
459 sshkey_free(pub);
460 pub = NULL;
461 cp = line;
462
463 /* Skip leading whitespace. */
464 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
465 ;
466
467 /* Skip comments and empty lines */
468 switch (*cp) {
469 case '#':
470 case '\n':
471 case '\0':
472 continue;
473 }
474
475 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
476 r = SSH_ERR_ALLOC_FAIL;
477 goto out;
478 }
479 switch (r = sshkey_read(pub, &cp)) {
480 case 0:
481 break;
482 case SSH_ERR_KEY_LENGTH:
483 continue;
484 default:
485 goto out;
486 }
487 if (sshkey_compare(key, pub) ||
488 (check_ca && sshkey_is_cert(key) &&
489 sshkey_compare(key->cert->signature_key, pub))) {
490 r = 0;
491 goto out;
492 }
493 }
494 r = SSH_ERR_KEY_NOT_FOUND;
495 out:
496 free(line);
497 sshkey_free(pub);
498 fclose(f);
499 return r;
500}
501
502/*
503 * Checks whether the specified key is revoked, returning 0 if not,
504 * SSH_ERR_KEY_REVOKED if it is or another error code if something
505 * unexpected happened.
506 * This will check both the key and, if it is a certificate, its CA key too.
507 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
508 */
509int
510sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
511{
512 int r;
513
514 r = ssh_krl_file_contains_key(revoked_keys_file, key);
515 /* If this was not a KRL to begin with then continue below */
516 if (r != SSH_ERR_KRL_BAD_MAGIC)
517 return r;
518
519 /*
520 * If the file is not a KRL or we can't handle KRLs then attempt to
521 * parse the file as a flat list of keys.
522 */
523 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
524 case 0:
525 /* Key found => revoked */
526 return SSH_ERR_KEY_REVOKED;
527 case SSH_ERR_KEY_NOT_FOUND:
528 /* Key not found => not revoked */
529 return 0;
530 default:
531 /* Some other error occurred */
532 return r;
533 }
534}
535
536