Line | Count | Source |
1 | | /* $OpenBSD: authfile.c,v 1.147 2025/08/29 03:50:38 djm Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
4 | | * |
5 | | * Redistribution and use in source and binary forms, with or without |
6 | | * modification, are permitted provided that the following conditions |
7 | | * are met: |
8 | | * 1. Redistributions of source code must retain the above copyright |
9 | | * notice, this list of conditions and the following disclaimer. |
10 | | * 2. Redistributions in binary form must reproduce the above copyright |
11 | | * notice, this list of conditions and the following disclaimer in the |
12 | | * documentation and/or other materials provided with the distribution. |
13 | | * |
14 | | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
15 | | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
16 | | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
17 | | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
18 | | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
19 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
20 | | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
21 | | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 | | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | | */ |
25 | | |
26 | | #include "includes.h" |
27 | | |
28 | | #include <sys/types.h> |
29 | | #include <sys/stat.h> |
30 | | #include <sys/uio.h> |
31 | | |
32 | | #include <errno.h> |
33 | | #include <fcntl.h> |
34 | | #include <stdio.h> |
35 | | #include <stdarg.h> |
36 | | #include <stdlib.h> |
37 | | #include <string.h> |
38 | | #include <unistd.h> |
39 | | #include <limits.h> |
40 | | |
41 | | #include "cipher.h" |
42 | | #include "ssh.h" |
43 | | #include "log.h" |
44 | | #include "authfile.h" |
45 | | #include "misc.h" |
46 | | #include "atomicio.h" |
47 | | #include "sshkey.h" |
48 | | #include "sshbuf.h" |
49 | | #include "ssherr.h" |
50 | | #include "krl.h" |
51 | | |
52 | | /* Save a key blob to a file */ |
53 | | static int |
54 | | sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) |
55 | 0 | { |
56 | 0 | int r; |
57 | 0 | mode_t omask; |
58 | |
|
59 | 0 | omask = umask(077); |
60 | 0 | r = sshbuf_write_file(filename, keybuf); |
61 | 0 | umask(omask); |
62 | 0 | return r; |
63 | 0 | } |
64 | | |
65 | | int |
66 | | sshkey_save_private(struct sshkey *key, const char *filename, |
67 | | const char *passphrase, const char *comment, |
68 | | int format, const char *openssh_format_cipher, int openssh_format_rounds) |
69 | 0 | { |
70 | 0 | struct sshbuf *keyblob = NULL; |
71 | 0 | int r; |
72 | |
|
73 | 0 | if ((keyblob = sshbuf_new()) == NULL) |
74 | 0 | return SSH_ERR_ALLOC_FAIL; |
75 | 0 | if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, |
76 | 0 | format, openssh_format_cipher, openssh_format_rounds)) != 0) |
77 | 0 | goto out; |
78 | 0 | if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) |
79 | 0 | goto out; |
80 | 0 | r = 0; |
81 | 0 | out: |
82 | 0 | sshbuf_free(keyblob); |
83 | 0 | return r; |
84 | 0 | } |
85 | | |
86 | | /* XXX remove error() calls from here? */ |
87 | | int |
88 | | sshkey_perm_ok(int fd, const char *filename) |
89 | 0 | { |
90 | 0 | struct stat st; |
91 | |
|
92 | 0 | if (fstat(fd, &st) == -1) |
93 | 0 | return SSH_ERR_SYSTEM_ERROR; |
94 | | /* |
95 | | * if a key owned by the user is accessed, then we check the |
96 | | * permissions of the file. if the key owned by a different user, |
97 | | * then we don't care. |
98 | | */ |
99 | | #ifdef HAVE_CYGWIN |
100 | | if (check_ntsec(filename)) |
101 | | #endif |
102 | 0 | if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { |
103 | 0 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
104 | 0 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
105 | 0 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
106 | 0 | error("Permissions 0%3.3o for '%s' are too open.", |
107 | 0 | (u_int)st.st_mode & 0777, filename); |
108 | 0 | error("It is required that your private key files are NOT accessible by others."); |
109 | 0 | error("This private key will be ignored."); |
110 | 0 | return SSH_ERR_KEY_BAD_PERMISSIONS; |
111 | 0 | } |
112 | 0 | return 0; |
113 | 0 | } |
114 | | |
115 | | int |
116 | | sshkey_load_private_type(int type, const char *filename, const char *passphrase, |
117 | | struct sshkey **keyp, char **commentp) |
118 | 0 | { |
119 | 0 | int fd, r; |
120 | |
|
121 | 0 | if (keyp != NULL) |
122 | 0 | *keyp = NULL; |
123 | 0 | if (commentp != NULL) |
124 | 0 | *commentp = NULL; |
125 | |
|
126 | 0 | if ((fd = open(filename, O_RDONLY)) == -1) |
127 | 0 | return SSH_ERR_SYSTEM_ERROR; |
128 | | |
129 | 0 | r = sshkey_perm_ok(fd, filename); |
130 | 0 | if (r != 0) |
131 | 0 | goto out; |
132 | | |
133 | 0 | r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); |
134 | 0 | out: |
135 | 0 | close(fd); |
136 | 0 | return r; |
137 | 0 | } |
138 | | |
139 | | int |
140 | | sshkey_load_private(const char *filename, const char *passphrase, |
141 | | struct sshkey **keyp, char **commentp) |
142 | 0 | { |
143 | 0 | return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase, |
144 | 0 | keyp, commentp); |
145 | 0 | } |
146 | | |
147 | | int |
148 | | sshkey_load_private_type_fd(int fd, int type, const char *passphrase, |
149 | | struct sshkey **keyp, char **commentp) |
150 | 0 | { |
151 | 0 | struct sshbuf *buffer = NULL; |
152 | 0 | int r; |
153 | |
|
154 | 0 | if (keyp != NULL) |
155 | 0 | *keyp = NULL; |
156 | 0 | if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || |
157 | 0 | (r = sshkey_parse_private_fileblob_type(buffer, type, |
158 | 0 | passphrase, keyp, commentp)) != 0) |
159 | 0 | goto out; |
160 | | |
161 | | /* success */ |
162 | 0 | r = 0; |
163 | 0 | out: |
164 | 0 | sshbuf_free(buffer); |
165 | 0 | return r; |
166 | 0 | } |
167 | | |
168 | | /* Load a pubkey from the unencrypted envelope of a new-format private key */ |
169 | | static int |
170 | | sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp) |
171 | 0 | { |
172 | 0 | struct sshbuf *buffer = NULL; |
173 | 0 | struct sshkey *pubkey = NULL; |
174 | 0 | int r, fd; |
175 | |
|
176 | 0 | if (pubkeyp != NULL) |
177 | 0 | *pubkeyp = NULL; |
178 | |
|
179 | 0 | if ((fd = open(filename, O_RDONLY)) == -1) |
180 | 0 | return SSH_ERR_SYSTEM_ERROR; |
181 | 0 | if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || |
182 | 0 | (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer, |
183 | 0 | KEY_UNSPEC, &pubkey)) != 0) |
184 | 0 | goto out; |
185 | | /* success */ |
186 | 0 | if (pubkeyp != NULL) { |
187 | 0 | *pubkeyp = pubkey; |
188 | 0 | pubkey = NULL; |
189 | 0 | } |
190 | 0 | r = 0; |
191 | 0 | out: |
192 | 0 | close(fd); |
193 | 0 | sshbuf_free(buffer); |
194 | 0 | sshkey_free(pubkey); |
195 | 0 | return r; |
196 | 0 | } |
197 | | |
198 | | static int |
199 | | sshkey_try_load_public(struct sshkey **kp, const char *filename, |
200 | | char **commentp) |
201 | 0 | { |
202 | 0 | FILE *f; |
203 | 0 | char *line = NULL, *cp; |
204 | 0 | size_t linesize = 0; |
205 | 0 | int r; |
206 | 0 | struct sshkey *k = NULL; |
207 | |
|
208 | 0 | if (kp == NULL) |
209 | 0 | return SSH_ERR_INVALID_ARGUMENT; |
210 | 0 | *kp = NULL; |
211 | 0 | if (commentp != NULL) |
212 | 0 | *commentp = NULL; |
213 | 0 | if ((f = fopen(filename, "r")) == NULL) |
214 | 0 | return SSH_ERR_SYSTEM_ERROR; |
215 | 0 | if ((k = sshkey_new(KEY_UNSPEC)) == NULL) { |
216 | 0 | fclose(f); |
217 | 0 | return SSH_ERR_ALLOC_FAIL; |
218 | 0 | } |
219 | 0 | while (getline(&line, &linesize, f) != -1) { |
220 | 0 | cp = line; |
221 | 0 | switch (*cp) { |
222 | 0 | case '#': |
223 | 0 | case '\n': |
224 | 0 | case '\0': |
225 | 0 | continue; |
226 | 0 | } |
227 | | /* Abort loading if this looks like a private key */ |
228 | 0 | if (strncmp(cp, "-----BEGIN", 10) == 0 || |
229 | 0 | strcmp(cp, "SSH PRIVATE KEY FILE") == 0) |
230 | 0 | break; |
231 | | /* Skip leading whitespace. */ |
232 | 0 | for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) |
233 | 0 | ; |
234 | 0 | if (*cp) { |
235 | 0 | if ((r = sshkey_read(k, &cp)) == 0) { |
236 | 0 | cp[strcspn(cp, "\r\n")] = '\0'; |
237 | 0 | if (commentp) { |
238 | 0 | *commentp = strdup(*cp ? |
239 | 0 | cp : filename); |
240 | 0 | if (*commentp == NULL) |
241 | 0 | r = SSH_ERR_ALLOC_FAIL; |
242 | 0 | } |
243 | | /* success */ |
244 | 0 | *kp = k; |
245 | 0 | free(line); |
246 | 0 | fclose(f); |
247 | 0 | return r; |
248 | 0 | } |
249 | 0 | } |
250 | 0 | } |
251 | 0 | free(k); |
252 | 0 | free(line); |
253 | 0 | fclose(f); |
254 | 0 | return SSH_ERR_INVALID_FORMAT; |
255 | 0 | } |
256 | | |
257 | | /* load public key from any pubkey file */ |
258 | | int |
259 | | sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) |
260 | 0 | { |
261 | 0 | char *pubfile = NULL; |
262 | 0 | int r, oerrno; |
263 | |
|
264 | 0 | if (keyp != NULL) |
265 | 0 | *keyp = NULL; |
266 | 0 | if (commentp != NULL) |
267 | 0 | *commentp = NULL; |
268 | |
|
269 | 0 | if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0) |
270 | 0 | goto out; |
271 | | |
272 | | /* try .pub suffix */ |
273 | 0 | if (asprintf(&pubfile, "%s.pub", filename) == -1) |
274 | 0 | return SSH_ERR_ALLOC_FAIL; |
275 | 0 | if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0) |
276 | 0 | goto out; |
277 | | |
278 | | /* finally, try to extract public key from private key file */ |
279 | 0 | if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0) |
280 | 0 | goto out; |
281 | | |
282 | | /* Pretend we couldn't find the key */ |
283 | 0 | r = SSH_ERR_SYSTEM_ERROR; |
284 | 0 | errno = ENOENT; |
285 | |
|
286 | 0 | out: |
287 | 0 | oerrno = errno; |
288 | 0 | free(pubfile); |
289 | 0 | errno = oerrno; |
290 | 0 | return r; |
291 | 0 | } |
292 | | |
293 | | /* Load the certificate associated with the named private key */ |
294 | | int |
295 | | sshkey_load_cert(const char *filename, struct sshkey **keyp) |
296 | 0 | { |
297 | 0 | struct sshkey *pub = NULL; |
298 | 0 | char *file = NULL; |
299 | 0 | int r = SSH_ERR_INTERNAL_ERROR; |
300 | |
|
301 | 0 | if (keyp != NULL) |
302 | 0 | *keyp = NULL; |
303 | |
|
304 | 0 | if (asprintf(&file, "%s-cert.pub", filename) == -1) |
305 | 0 | return SSH_ERR_ALLOC_FAIL; |
306 | | |
307 | 0 | r = sshkey_try_load_public(keyp, file, NULL); |
308 | 0 | free(file); |
309 | 0 | sshkey_free(pub); |
310 | 0 | return r; |
311 | 0 | } |
312 | | |
313 | | /* Load private key and certificate */ |
314 | | int |
315 | | sshkey_load_private_cert(int type, const char *filename, const char *passphrase, |
316 | | struct sshkey **keyp) |
317 | 0 | { |
318 | 0 | struct sshkey *key = NULL, *cert = NULL; |
319 | 0 | int r; |
320 | |
|
321 | 0 | if (keyp != NULL) |
322 | 0 | *keyp = NULL; |
323 | |
|
324 | 0 | switch (type) { |
325 | 0 | #ifdef WITH_OPENSSL |
326 | 0 | case KEY_RSA: |
327 | 0 | case KEY_ECDSA: |
328 | 0 | #endif /* WITH_OPENSSL */ |
329 | 0 | case KEY_ED25519: |
330 | 0 | case KEY_UNSPEC: |
331 | 0 | break; |
332 | 0 | default: |
333 | 0 | return SSH_ERR_KEY_TYPE_UNKNOWN; |
334 | 0 | } |
335 | | |
336 | 0 | if ((r = sshkey_load_private_type(type, filename, |
337 | 0 | passphrase, &key, NULL)) != 0 || |
338 | 0 | (r = sshkey_load_cert(filename, &cert)) != 0) |
339 | 0 | goto out; |
340 | | |
341 | | /* Make sure the private key matches the certificate */ |
342 | 0 | if (sshkey_equal_public(key, cert) == 0) { |
343 | 0 | r = SSH_ERR_KEY_CERT_MISMATCH; |
344 | 0 | goto out; |
345 | 0 | } |
346 | | |
347 | 0 | if ((r = sshkey_to_certified(key)) != 0 || |
348 | 0 | (r = sshkey_cert_copy(cert, key)) != 0) |
349 | 0 | goto out; |
350 | 0 | r = 0; |
351 | 0 | if (keyp != NULL) { |
352 | 0 | *keyp = key; |
353 | 0 | key = NULL; |
354 | 0 | } |
355 | 0 | out: |
356 | 0 | sshkey_free(key); |
357 | 0 | sshkey_free(cert); |
358 | 0 | return r; |
359 | 0 | } |
360 | | |
361 | | /* |
362 | | * Returns success if the specified "key" is listed in the file "filename", |
363 | | * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. |
364 | | * If "strict_type" is set then the key type must match exactly, |
365 | | * otherwise a comparison that ignores certificate data is performed. |
366 | | * If "check_ca" is set and "key" is a certificate, then its CA key is |
367 | | * also checked and sshkey_in_file() will return success if either is found. |
368 | | */ |
369 | | int |
370 | | sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, |
371 | | int check_ca) |
372 | 0 | { |
373 | 0 | FILE *f; |
374 | 0 | char *line = NULL, *cp; |
375 | 0 | size_t linesize = 0; |
376 | 0 | int r = 0; |
377 | 0 | struct sshkey *pub = NULL; |
378 | |
|
379 | 0 | int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = |
380 | 0 | strict_type ? sshkey_equal : sshkey_equal_public; |
381 | |
|
382 | 0 | if ((f = fopen(filename, "r")) == NULL) |
383 | 0 | return SSH_ERR_SYSTEM_ERROR; |
384 | | |
385 | 0 | while (getline(&line, &linesize, f) != -1) { |
386 | 0 | sshkey_free(pub); |
387 | 0 | pub = NULL; |
388 | 0 | cp = line; |
389 | | |
390 | | /* Skip leading whitespace. */ |
391 | 0 | for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) |
392 | 0 | ; |
393 | | |
394 | | /* Skip comments and empty lines */ |
395 | 0 | switch (*cp) { |
396 | 0 | case '#': |
397 | 0 | case '\n': |
398 | 0 | case '\0': |
399 | 0 | continue; |
400 | 0 | } |
401 | | |
402 | 0 | if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { |
403 | 0 | r = SSH_ERR_ALLOC_FAIL; |
404 | 0 | goto out; |
405 | 0 | } |
406 | 0 | switch (r = sshkey_read(pub, &cp)) { |
407 | 0 | case 0: |
408 | 0 | break; |
409 | 0 | case SSH_ERR_KEY_LENGTH: |
410 | 0 | continue; |
411 | 0 | default: |
412 | 0 | goto out; |
413 | 0 | } |
414 | 0 | if (sshkey_compare(key, pub) || |
415 | 0 | (check_ca && sshkey_is_cert(key) && |
416 | 0 | sshkey_compare(key->cert->signature_key, pub))) { |
417 | 0 | r = 0; |
418 | 0 | goto out; |
419 | 0 | } |
420 | 0 | } |
421 | 0 | r = SSH_ERR_KEY_NOT_FOUND; |
422 | 0 | out: |
423 | 0 | free(line); |
424 | 0 | sshkey_free(pub); |
425 | 0 | fclose(f); |
426 | 0 | return r; |
427 | 0 | } |
428 | | |
429 | | /* |
430 | | * Checks whether the specified key is revoked, returning 0 if not, |
431 | | * SSH_ERR_KEY_REVOKED if it is or another error code if something |
432 | | * unexpected happened. |
433 | | * This will check both the key and, if it is a certificate, its CA key too. |
434 | | * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. |
435 | | */ |
436 | | int |
437 | | sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) |
438 | 0 | { |
439 | 0 | int r; |
440 | |
|
441 | 0 | r = ssh_krl_file_contains_key(revoked_keys_file, key); |
442 | | /* If this was not a KRL to begin with then continue below */ |
443 | 0 | if (r != SSH_ERR_KRL_BAD_MAGIC) |
444 | 0 | return r; |
445 | | |
446 | | /* |
447 | | * If the file is not a KRL or we can't handle KRLs then attempt to |
448 | | * parse the file as a flat list of keys. |
449 | | */ |
450 | 0 | switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { |
451 | 0 | case 0: |
452 | | /* Key found => revoked */ |
453 | 0 | return SSH_ERR_KEY_REVOKED; |
454 | 0 | case SSH_ERR_KEY_NOT_FOUND: |
455 | | /* Key not found => not revoked */ |
456 | 0 | return 0; |
457 | 0 | default: |
458 | | /* Some other error occurred */ |
459 | 0 | return r; |
460 | 0 | } |
461 | 0 | } |
462 | | |
463 | | /* |
464 | | * Advanced *cpp past the end of key options, defined as the first unquoted |
465 | | * whitespace character. Returns 0 on success or -1 on failure (e.g. |
466 | | * unterminated quotes). |
467 | | */ |
468 | | int |
469 | | sshkey_advance_past_options(char **cpp) |
470 | 0 | { |
471 | 0 | char *cp = *cpp; |
472 | 0 | int quoted = 0; |
473 | |
|
474 | 0 | for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { |
475 | 0 | if (*cp == '\\' && cp[1] == '"') |
476 | 0 | cp++; /* Skip both */ |
477 | 0 | else if (*cp == '"') |
478 | 0 | quoted = !quoted; |
479 | 0 | } |
480 | 0 | *cpp = cp; |
481 | | /* return failure for unterminated quotes */ |
482 | 0 | return (*cp == '\0' && quoted) ? -1 : 0; |
483 | 0 | } |
484 | | |
485 | | /* Save a public key */ |
486 | | int |
487 | | sshkey_save_public(const struct sshkey *key, const char *path, |
488 | | const char *comment) |
489 | 0 | { |
490 | 0 | int fd, oerrno; |
491 | 0 | FILE *f = NULL; |
492 | 0 | int r = SSH_ERR_INTERNAL_ERROR; |
493 | |
|
494 | 0 | if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
495 | 0 | return SSH_ERR_SYSTEM_ERROR; |
496 | 0 | if ((f = fdopen(fd, "w")) == NULL) { |
497 | 0 | r = SSH_ERR_SYSTEM_ERROR; |
498 | 0 | close(fd); |
499 | 0 | goto fail; |
500 | 0 | } |
501 | 0 | if ((r = sshkey_write(key, f)) != 0) |
502 | 0 | goto fail; |
503 | 0 | fprintf(f, " %s\n", comment); |
504 | 0 | if (ferror(f)) { |
505 | 0 | r = SSH_ERR_SYSTEM_ERROR; |
506 | 0 | goto fail; |
507 | 0 | } |
508 | 0 | if (fclose(f) != 0) { |
509 | 0 | r = SSH_ERR_SYSTEM_ERROR; |
510 | 0 | f = NULL; |
511 | 0 | fail: |
512 | 0 | if (f != NULL) { |
513 | 0 | oerrno = errno; |
514 | 0 | fclose(f); |
515 | 0 | errno = oerrno; |
516 | 0 | } |
517 | 0 | return r; |
518 | 0 | } |
519 | 0 | return 0; |
520 | 0 | } |