1 /* $OpenBSD: authfile.c,v 1.140 2020/04/17 07:15:11 djm Exp $ */
2 /*
3  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <sys/uio.h>
31 
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <stdio.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "cipher.h"
42 #include "ssh.h"
43 #include "log.h"
44 #include "authfile.h"
45 #include "misc.h"
46 #include "atomicio.h"
47 #include "sshkey.h"
48 #include "sshbuf.h"
49 #include "ssherr.h"
50 #include "krl.h"
51 
52 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
53 
54 /* Save a key blob to a file */
55 static int
sshkey_save_private_blob(struct sshbuf * keybuf,const char * filename)56 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57 {
58 	int r;
59 	mode_t omask;
60 
61 	omask = umask(077);
62 	r = sshbuf_write_file(filename, keybuf);
63 	umask(omask);
64 	return r;
65 }
66 
67 int
sshkey_save_private(struct sshkey * key,const char * filename,const char * passphrase,const char * comment,int format,const char * openssh_format_cipher,int openssh_format_rounds)68 sshkey_save_private(struct sshkey *key, const char *filename,
69     const char *passphrase, const char *comment,
70     int format, const char *openssh_format_cipher, int openssh_format_rounds)
71 {
72 	struct sshbuf *keyblob = NULL;
73 	int r;
74 
75 	if ((keyblob = sshbuf_new()) == NULL)
76 		return SSH_ERR_ALLOC_FAIL;
77 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
78 	    format, openssh_format_cipher, openssh_format_rounds)) != 0)
79 		goto out;
80 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
81 		goto out;
82 	r = 0;
83  out:
84 	sshbuf_free(keyblob);
85 	return r;
86 }
87 
88 /* XXX remove error() calls from here? */
89 int
sshkey_perm_ok(int fd,const char * filename)90 sshkey_perm_ok(int fd, const char *filename)
91 {
92 	struct stat st;
93 
94 	if (fstat(fd, &st) == -1)
95 		return SSH_ERR_SYSTEM_ERROR;
96 	/*
97 	 * if a key owned by the user is accessed, then we check the
98 	 * permissions of the file. if the key owned by a different user,
99 	 * then we don't care.
100 	 */
101 #ifdef HAVE_CYGWIN
102 	if (check_ntsec(filename))
103 #endif
104 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
105 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
106 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
107 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
108 		error("Permissions 0%3.3o for '%s' are too open.",
109 		    (u_int)st.st_mode & 0777, filename);
110 		error("It is required that your private key files are NOT accessible by others.");
111 		error("This private key will be ignored.");
112 		return SSH_ERR_KEY_BAD_PERMISSIONS;
113 	}
114 	return 0;
115 }
116 
117 int
sshkey_load_private_type(int type,const char * filename,const char * passphrase,struct sshkey ** keyp,char ** commentp)118 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
119     struct sshkey **keyp, char **commentp)
120 {
121 	int fd, r;
122 
123 	if (keyp != NULL)
124 		*keyp = NULL;
125 	if (commentp != NULL)
126 		*commentp = NULL;
127 
128 	if ((fd = open(filename, O_RDONLY)) == -1)
129 		return SSH_ERR_SYSTEM_ERROR;
130 
131 	r = sshkey_perm_ok(fd, filename);
132 	if (r != 0)
133 		goto out;
134 
135 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
136 	if (r == 0 && keyp && *keyp)
137 		r = sshkey_set_filename(*keyp, filename);
138  out:
139 	close(fd);
140 	return r;
141 }
142 
143 int
sshkey_load_private(const char * filename,const char * passphrase,struct sshkey ** keyp,char ** commentp)144 sshkey_load_private(const char *filename, const char *passphrase,
145     struct sshkey **keyp, char **commentp)
146 {
147 	return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
148 	    keyp, commentp);
149 }
150 
151 int
sshkey_load_private_type_fd(int fd,int type,const char * passphrase,struct sshkey ** keyp,char ** commentp)152 sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
153     struct sshkey **keyp, char **commentp)
154 {
155 	struct sshbuf *buffer = NULL;
156 	int r;
157 
158 	if (keyp != NULL)
159 		*keyp = NULL;
160 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
161 	    (r = sshkey_parse_private_fileblob_type(buffer, type,
162 	    passphrase, keyp, commentp)) != 0)
163 		goto out;
164 
165 	/* success */
166 	r = 0;
167  out:
168 	sshbuf_free(buffer);
169 	return r;
170 }
171 
172 /* Load a pubkey from the unencrypted envelope of a new-format private key */
173 static int
sshkey_load_pubkey_from_private(const char * filename,struct sshkey ** pubkeyp)174 sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
175 {
176 	struct sshbuf *buffer = NULL;
177 	struct sshkey *pubkey = NULL;
178 	int r, fd;
179 
180 	if (pubkeyp != NULL)
181 		*pubkeyp = NULL;
182 
183 	if ((fd = open(filename, O_RDONLY)) == -1)
184 		return SSH_ERR_SYSTEM_ERROR;
185 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
186 	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
187 	    KEY_UNSPEC, &pubkey)) != 0)
188 		goto out;
189 	if ((r = sshkey_set_filename(pubkey, filename)) != 0)
190 		goto out;
191 	/* success */
192 	if (pubkeyp != NULL) {
193 		*pubkeyp = pubkey;
194 		pubkey = NULL;
195 	}
196 	r = 0;
197  out:
198 	close(fd);
199 	sshbuf_free(buffer);
200 	sshkey_free(pubkey);
201 	return r;
202 }
203 
204 static int
sshkey_try_load_public(struct sshkey ** kp,const char * filename,char ** commentp)205 sshkey_try_load_public(struct sshkey **kp, const char *filename,
206     char **commentp)
207 {
208 	FILE *f;
209 	char *line = NULL, *cp;
210 	size_t linesize = 0;
211 	int r;
212 	struct sshkey *k = NULL;
213 
214 	*kp = NULL;
215 	if (commentp != NULL)
216 		*commentp = NULL;
217 	if ((f = fopen(filename, "r")) == NULL)
218 		return SSH_ERR_SYSTEM_ERROR;
219 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
220 		fclose(f);
221 		return SSH_ERR_ALLOC_FAIL;
222 	}
223 	while (getline(&line, &linesize, f) != -1) {
224 		cp = line;
225 		switch (*cp) {
226 		case '#':
227 		case '\n':
228 		case '\0':
229 			continue;
230 		}
231 		/* Abort loading if this looks like a private key */
232 		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
233 		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
234 			break;
235 		/* Skip leading whitespace. */
236 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
237 			;
238 		if (*cp) {
239 			if ((r = sshkey_read(k, &cp)) == 0) {
240 				cp[strcspn(cp, "\r\n")] = '\0';
241 				if (commentp) {
242 					*commentp = strdup(*cp ?
243 					    cp : filename);
244 					if (*commentp == NULL)
245 						r = SSH_ERR_ALLOC_FAIL;
246 				}
247 				/* success */
248 				*kp = k;
249 				free(line);
250 				fclose(f);
251 				return r;
252 			}
253 		}
254 	}
255 	free(k);
256 	free(line);
257 	fclose(f);
258 	return SSH_ERR_INVALID_FORMAT;
259 }
260 
261 /* load public key from any pubkey file */
262 int
sshkey_load_public(const char * filename,struct sshkey ** keyp,char ** commentp)263 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
264 {
265 	char *pubfile = NULL;
266 	int r;
267 
268 	if (keyp != NULL)
269 		*keyp = NULL;
270 	if (commentp != NULL)
271 		*commentp = NULL;
272 
273 	if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0)
274 		goto out;
275 
276 	/* try .pub suffix */
277 	if (asprintf(&pubfile, "%s.pub", filename) == -1)
278 		return SSH_ERR_ALLOC_FAIL;
279 	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
280 		goto out;
281 
282 	/* finally, try to extract public key from private key file */
283 	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
284 		goto out;
285 
286  out:
287 	free(pubfile);
288 	return r;
289 }
290 
291 /* Load the certificate associated with the named private key */
292 int
sshkey_load_cert(const char * filename,struct sshkey ** keyp)293 sshkey_load_cert(const char *filename, struct sshkey **keyp)
294 {
295 	struct sshkey *pub = NULL;
296 	char *file = NULL;
297 	int r = SSH_ERR_INTERNAL_ERROR;
298 
299 	if (keyp != NULL)
300 		*keyp = NULL;
301 
302 	if (asprintf(&file, "%s-cert.pub", filename) == -1)
303 		return SSH_ERR_ALLOC_FAIL;
304 
305 	r = sshkey_try_load_public(keyp, file, NULL);
306 	free(file);
307 	sshkey_free(pub);
308 	return r;
309 }
310 
311 /* Load private key and certificate */
312 int
sshkey_load_private_cert(int type,const char * filename,const char * passphrase,struct sshkey ** keyp)313 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
314     struct sshkey **keyp)
315 {
316 	struct sshkey *key = NULL, *cert = NULL;
317 	int r;
318 
319 	if (keyp != NULL)
320 		*keyp = NULL;
321 
322 	switch (type) {
323 #ifdef WITH_OPENSSL
324 	case KEY_RSA:
325 	case KEY_DSA:
326 	case KEY_ECDSA:
327 #endif /* WITH_OPENSSL */
328 	case KEY_ED25519:
329 	case KEY_XMSS:
330 	case KEY_UNSPEC:
331 		break;
332 	default:
333 		return SSH_ERR_KEY_TYPE_UNKNOWN;
334 	}
335 
336 	if ((r = sshkey_load_private_type(type, filename,
337 	    passphrase, &key, NULL)) != 0 ||
338 	    (r = sshkey_load_cert(filename, &cert)) != 0)
339 		goto out;
340 
341 	/* Make sure the private key matches the certificate */
342 	if (sshkey_equal_public(key, cert) == 0) {
343 		r = SSH_ERR_KEY_CERT_MISMATCH;
344 		goto out;
345 	}
346 
347 	if ((r = sshkey_to_certified(key)) != 0 ||
348 	    (r = sshkey_cert_copy(cert, key)) != 0)
349 		goto out;
350 	r = 0;
351 	if (keyp != NULL) {
352 		*keyp = key;
353 		key = NULL;
354 	}
355  out:
356 	sshkey_free(key);
357 	sshkey_free(cert);
358 	return r;
359 }
360 
361 /*
362  * Returns success if the specified "key" is listed in the file "filename",
363  * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
364  * If "strict_type" is set then the key type must match exactly,
365  * otherwise a comparison that ignores certficiate data is performed.
366  * If "check_ca" is set and "key" is a certificate, then its CA key is
367  * also checked and sshkey_in_file() will return success if either is found.
368  */
369 int
sshkey_in_file(struct sshkey * key,const char * filename,int strict_type,int check_ca)370 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
371     int check_ca)
372 {
373 	FILE *f;
374 	char *line = NULL, *cp;
375 	size_t linesize = 0;
376 	int r = 0;
377 	struct sshkey *pub = NULL;
378 
379 	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
380 	    strict_type ?  sshkey_equal : sshkey_equal_public;
381 
382 	if ((f = fopen(filename, "r")) == NULL)
383 		return SSH_ERR_SYSTEM_ERROR;
384 
385 	while (getline(&line, &linesize, f) != -1) {
386 		sshkey_free(pub);
387 		pub = NULL;
388 		cp = line;
389 
390 		/* Skip leading whitespace. */
391 		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
392 			;
393 
394 		/* Skip comments and empty lines */
395 		switch (*cp) {
396 		case '#':
397 		case '\n':
398 		case '\0':
399 			continue;
400 		}
401 
402 		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
403 			r = SSH_ERR_ALLOC_FAIL;
404 			goto out;
405 		}
406 		switch (r = sshkey_read(pub, &cp)) {
407 		case 0:
408 			break;
409 		case SSH_ERR_KEY_LENGTH:
410 			continue;
411 		default:
412 			goto out;
413 		}
414 		if (sshkey_compare(key, pub) ||
415 		    (check_ca && sshkey_is_cert(key) &&
416 		    sshkey_compare(key->cert->signature_key, pub))) {
417 			r = 0;
418 			goto out;
419 		}
420 	}
421 	r = SSH_ERR_KEY_NOT_FOUND;
422  out:
423 	free(line);
424 	sshkey_free(pub);
425 	fclose(f);
426 	return r;
427 }
428 
429 /*
430  * Checks whether the specified key is revoked, returning 0 if not,
431  * SSH_ERR_KEY_REVOKED if it is or another error code if something
432  * unexpected happened.
433  * This will check both the key and, if it is a certificate, its CA key too.
434  * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
435  */
436 int
sshkey_check_revoked(struct sshkey * key,const char * revoked_keys_file)437 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
438 {
439 	int r;
440 
441 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
442 	/* If this was not a KRL to begin with then continue below */
443 	if (r != SSH_ERR_KRL_BAD_MAGIC)
444 		return r;
445 
446 	/*
447 	 * If the file is not a KRL or we can't handle KRLs then attempt to
448 	 * parse the file as a flat list of keys.
449 	 */
450 	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
451 	case 0:
452 		/* Key found => revoked */
453 		return SSH_ERR_KEY_REVOKED;
454 	case SSH_ERR_KEY_NOT_FOUND:
455 		/* Key not found => not revoked */
456 		return 0;
457 	default:
458 		/* Some other error occurred */
459 		return r;
460 	}
461 }
462 
463 /*
464  * Advanced *cpp past the end of key options, defined as the first unquoted
465  * whitespace character. Returns 0 on success or -1 on failure (e.g.
466  * unterminated quotes).
467  */
468 int
sshkey_advance_past_options(char ** cpp)469 sshkey_advance_past_options(char **cpp)
470 {
471 	char *cp = *cpp;
472 	int quoted = 0;
473 
474 	for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
475 		if (*cp == '\\' && cp[1] == '"')
476 			cp++;	/* Skip both */
477 		else if (*cp == '"')
478 			quoted = !quoted;
479 	}
480 	*cpp = cp;
481 	/* return failure for unterminated quotes */
482 	return (*cp == '\0' && quoted) ? -1 : 0;
483 }
484 
485 /* Save a public key */
486 int
sshkey_save_public(const struct sshkey * key,const char * path,const char * comment)487 sshkey_save_public(const struct sshkey *key, const char *path,
488     const char *comment)
489 {
490 	int fd, oerrno;
491 	FILE *f = NULL;
492 	int r = SSH_ERR_INTERNAL_ERROR;
493 
494 	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
495 		return SSH_ERR_SYSTEM_ERROR;
496 	if ((f = fdopen(fd, "w")) == NULL) {
497 		r = SSH_ERR_SYSTEM_ERROR;
498 		goto fail;
499 	}
500 	if ((r = sshkey_write(key, f)) != 0)
501 		goto fail;
502 	fprintf(f, " %s\n", comment);
503 	if (ferror(f) || fclose(f) != 0) {
504 		r = SSH_ERR_SYSTEM_ERROR;
505  fail:
506 		oerrno = errno;
507 		if (f != NULL)
508 			fclose(f);
509 		else
510 			close(fd);
511 		errno = oerrno;
512 		return r;
513 	}
514 	return 0;
515 }
516