Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 1 | /* $OpenBSD: authfile.c,v 1.111 2015/02/23 16:55:51 djm Exp $ */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 2 | /* |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
| 8 | * 1. Redistributions of source code must retain the above copyright |
| 9 | * notice, this list of conditions and the following disclaimer. |
| 10 | * 2. Redistributions in binary form must reproduce the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer in the |
| 12 | * documentation and/or other materials provided with the distribution. |
| 13 | * |
| 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 | */ |
| 25 | |
| 26 | #include "includes.h" |
| 27 | |
| 28 | #include <sys/types.h> |
| 29 | #include <sys/stat.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 30 | #include <sys/uio.h> |
| 31 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 32 | #include <errno.h> |
| 33 | #include <fcntl.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 34 | #include <stdio.h> |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 35 | #include <stdarg.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 36 | #include <stdlib.h> |
| 37 | #include <string.h> |
| 38 | #include <unistd.h> |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 39 | #include <limits.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 40 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 41 | #include "cipher.h" |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 42 | #include "key.h" |
| 43 | #include "ssh.h" |
| 44 | #include "log.h" |
| 45 | #include "authfile.h" |
| 46 | #include "rsa.h" |
| 47 | #include "misc.h" |
| 48 | #include "atomicio.h" |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 49 | #include "sshbuf.h" |
| 50 | #include "ssherr.h" |
| 51 | #include "krl.h" |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 52 | |
| 53 | #define MAX_KEY_FILE_SIZE (1024 * 1024) |
| 54 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 55 | /* Save a key blob to a file */ |
| 56 | static int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 57 | sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 58 | { |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 59 | int fd, oerrno; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 60 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 61 | if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) |
| 62 | return SSH_ERR_SYSTEM_ERROR; |
| 63 | if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), |
| 64 | sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { |
| 65 | oerrno = errno; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 66 | close(fd); |
| 67 | unlink(filename); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 68 | errno = oerrno; |
| 69 | return SSH_ERR_SYSTEM_ERROR; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 70 | } |
| 71 | close(fd); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 72 | return 0; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 73 | } |
| 74 | |
| 75 | int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 76 | sshkey_save_private(struct sshkey *key, const char *filename, |
| 77 | const char *passphrase, const char *comment, |
| 78 | int force_new_format, const char *new_format_cipher, int new_format_rounds) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 79 | { |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 80 | struct sshbuf *keyblob = NULL; |
| 81 | int r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 82 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 83 | if ((keyblob = sshbuf_new()) == NULL) |
| 84 | return SSH_ERR_ALLOC_FAIL; |
| 85 | if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, |
| 86 | force_new_format, new_format_cipher, new_format_rounds)) != 0) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 87 | goto out; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 88 | if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 89 | goto out; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 90 | r = 0; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 91 | out: |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 92 | sshbuf_free(keyblob); |
| 93 | return r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 94 | } |
| 95 | |
| 96 | /* Load a key from a fd into a buffer */ |
| 97 | int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 98 | sshkey_load_file(int fd, struct sshbuf *blob) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 99 | { |
| 100 | u_char buf[1024]; |
| 101 | size_t len; |
| 102 | struct stat st; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 103 | int r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 104 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 105 | if (fstat(fd, &st) < 0) |
| 106 | return SSH_ERR_SYSTEM_ERROR; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 107 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 108 | st.st_size > MAX_KEY_FILE_SIZE) |
| 109 | return SSH_ERR_INVALID_FORMAT; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 110 | for (;;) { |
| 111 | if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { |
| 112 | if (errno == EPIPE) |
| 113 | break; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 114 | r = SSH_ERR_SYSTEM_ERROR; |
| 115 | goto out; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 116 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 117 | if ((r = sshbuf_put(blob, buf, len)) != 0) |
| 118 | goto out; |
| 119 | if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { |
| 120 | r = SSH_ERR_INVALID_FORMAT; |
| 121 | goto out; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 122 | } |
| 123 | } |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 124 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 125 | st.st_size != (off_t)sshbuf_len(blob)) { |
| 126 | r = SSH_ERR_FILE_CHANGED; |
| 127 | goto out; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 128 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 129 | r = 0; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 130 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 131 | out: |
| 132 | explicit_bzero(buf, sizeof(buf)); |
| 133 | if (r != 0) |
| 134 | sshbuf_reset(blob); |
| 135 | return r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 136 | } |
| 137 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 138 | #ifdef WITH_SSH1 |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 139 | /* |
| 140 | * Loads the public part of the ssh v1 key file. Returns NULL if an error was |
| 141 | * encountered (the file does not exist or is not readable), and the key |
| 142 | * otherwise. |
| 143 | */ |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 144 | static int |
| 145 | sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 146 | { |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 147 | struct sshbuf *b = NULL; |
| 148 | int r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 149 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 150 | *keyp = NULL; |
| 151 | if (commentp != NULL) |
| 152 | *commentp = NULL; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 153 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 154 | if ((b = sshbuf_new()) == NULL) |
| 155 | return SSH_ERR_ALLOC_FAIL; |
| 156 | if ((r = sshkey_load_file(fd, b)) != 0) |
| 157 | goto out; |
| 158 | if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) |
| 159 | goto out; |
| 160 | r = 0; |
| 161 | out: |
| 162 | sshbuf_free(b); |
| 163 | return r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 164 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 165 | #endif /* WITH_SSH1 */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 166 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 167 | /* XXX remove error() calls from here? */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 168 | int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 169 | sshkey_perm_ok(int fd, const char *filename) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 170 | { |
| 171 | struct stat st; |
| 172 | |
| 173 | if (fstat(fd, &st) < 0) |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 174 | return SSH_ERR_SYSTEM_ERROR; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 175 | /* |
| 176 | * if a key owned by the user is accessed, then we check the |
| 177 | * permissions of the file. if the key owned by a different user, |
| 178 | * then we don't care. |
| 179 | */ |
| 180 | #ifdef HAVE_CYGWIN |
| 181 | if (check_ntsec(filename)) |
| 182 | #endif |
| 183 | if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { |
| 184 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| 185 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
| 186 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| 187 | error("Permissions 0%3.3o for '%s' are too open.", |
| 188 | (u_int)st.st_mode & 0777, filename); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 189 | error("It is recommended that your private key files are NOT accessible by others."); |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 190 | error("This private key will be ignored."); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 191 | return SSH_ERR_KEY_BAD_PERMISSIONS; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 192 | } |
| 193 | return 0; |
| 194 | } |
| 195 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 196 | /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 197 | int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 198 | sshkey_load_private_type(int type, const char *filename, const char *passphrase, |
| 199 | struct sshkey **keyp, char **commentp, int *perm_ok) |
| 200 | { |
| 201 | int fd, r; |
| 202 | |
| 203 | *keyp = NULL; |
| 204 | if (commentp != NULL) |
| 205 | *commentp = NULL; |
| 206 | |
| 207 | if ((fd = open(filename, O_RDONLY)) < 0) { |
| 208 | if (perm_ok != NULL) |
| 209 | *perm_ok = 0; |
| 210 | return SSH_ERR_SYSTEM_ERROR; |
| 211 | } |
| 212 | if (sshkey_perm_ok(fd, filename) != 0) { |
| 213 | if (perm_ok != NULL) |
| 214 | *perm_ok = 0; |
| 215 | r = SSH_ERR_KEY_BAD_PERMISSIONS; |
| 216 | goto out; |
| 217 | } |
| 218 | if (perm_ok != NULL) |
| 219 | *perm_ok = 1; |
| 220 | |
| 221 | r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); |
| 222 | out: |
| 223 | close(fd); |
| 224 | return r; |
| 225 | } |
| 226 | |
| 227 | int |
| 228 | sshkey_load_private_type_fd(int fd, int type, const char *passphrase, |
| 229 | struct sshkey **keyp, char **commentp) |
| 230 | { |
| 231 | struct sshbuf *buffer = NULL; |
| 232 | int r; |
| 233 | |
| 234 | if ((buffer = sshbuf_new()) == NULL) { |
| 235 | r = SSH_ERR_ALLOC_FAIL; |
| 236 | goto out; |
| 237 | } |
| 238 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
| 239 | (r = sshkey_parse_private_fileblob_type(buffer, type, |
| 240 | passphrase, keyp, commentp)) != 0) |
| 241 | goto out; |
| 242 | |
| 243 | /* success */ |
| 244 | r = 0; |
| 245 | out: |
| 246 | if (buffer != NULL) |
| 247 | sshbuf_free(buffer); |
| 248 | return r; |
| 249 | } |
| 250 | |
| 251 | /* XXX this is almost identical to sshkey_load_private_type() */ |
| 252 | int |
| 253 | sshkey_load_private(const char *filename, const char *passphrase, |
| 254 | struct sshkey **keyp, char **commentp) |
| 255 | { |
| 256 | struct sshbuf *buffer = NULL; |
| 257 | int r, fd; |
| 258 | |
| 259 | *keyp = NULL; |
| 260 | if (commentp != NULL) |
| 261 | *commentp = NULL; |
| 262 | |
| 263 | if ((fd = open(filename, O_RDONLY)) < 0) |
| 264 | return SSH_ERR_SYSTEM_ERROR; |
| 265 | if (sshkey_perm_ok(fd, filename) != 0) { |
| 266 | r = SSH_ERR_KEY_BAD_PERMISSIONS; |
| 267 | goto out; |
| 268 | } |
| 269 | |
| 270 | if ((buffer = sshbuf_new()) == NULL) { |
| 271 | r = SSH_ERR_ALLOC_FAIL; |
| 272 | goto out; |
| 273 | } |
| 274 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
| 275 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, |
| 276 | keyp, commentp)) != 0) |
| 277 | goto out; |
| 278 | r = 0; |
| 279 | out: |
| 280 | close(fd); |
| 281 | if (buffer != NULL) |
| 282 | sshbuf_free(buffer); |
| 283 | return r; |
| 284 | } |
| 285 | |
| 286 | static int |
| 287 | sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 288 | { |
| 289 | FILE *f; |
| 290 | char line[SSH_MAX_PUBKEY_BYTES]; |
| 291 | char *cp; |
| 292 | u_long linenum = 0; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 293 | int r; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 294 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 295 | if (commentp != NULL) |
| 296 | *commentp = NULL; |
| 297 | if ((f = fopen(filename, "r")) == NULL) |
| 298 | return SSH_ERR_SYSTEM_ERROR; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 299 | while (read_keyfile_line(f, filename, line, sizeof(line), |
| 300 | &linenum) != -1) { |
| 301 | cp = line; |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 302 | switch (*cp) { |
| 303 | case '#': |
| 304 | case '\n': |
| 305 | case '\0': |
| 306 | continue; |
| 307 | } |
| 308 | /* Abort loading if this looks like a private key */ |
| 309 | if (strncmp(cp, "-----BEGIN", 10) == 0 || |
| 310 | strcmp(cp, "SSH PRIVATE KEY FILE") == 0) |
| 311 | break; |
| 312 | /* Skip leading whitespace. */ |
| 313 | for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) |
| 314 | ; |
| 315 | if (*cp) { |
| 316 | if ((r = sshkey_read(k, &cp)) == 0) { |
| 317 | cp[strcspn(cp, "\r\n")] = '\0'; |
| 318 | if (commentp) { |
| 319 | *commentp = strdup(*cp ? |
| 320 | cp : filename); |
| 321 | if (*commentp == NULL) |
| 322 | r = SSH_ERR_ALLOC_FAIL; |
| 323 | } |
| 324 | fclose(f); |
| 325 | return r; |
| 326 | } |
| 327 | } |
| 328 | } |
| 329 | fclose(f); |
| 330 | return SSH_ERR_INVALID_FORMAT; |
| 331 | } |
| 332 | |
| 333 | /* load public key from ssh v1 private or any pubkey file */ |
| 334 | int |
| 335 | sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) |
| 336 | { |
| 337 | struct sshkey *pub = NULL; |
| 338 | char file[PATH_MAX]; |
| 339 | int r, fd; |
| 340 | |
| 341 | if (keyp != NULL) |
| 342 | *keyp = NULL; |
| 343 | if (commentp != NULL) |
| 344 | *commentp = NULL; |
| 345 | |
| 346 | /* XXX should load file once and attempt to parse each format */ |
| 347 | |
| 348 | if ((fd = open(filename, O_RDONLY)) < 0) |
| 349 | goto skip; |
| 350 | #ifdef WITH_SSH1 |
| 351 | /* try rsa1 private key */ |
| 352 | r = sshkey_load_public_rsa1(fd, keyp, commentp); |
| 353 | close(fd); |
| 354 | switch (r) { |
| 355 | case SSH_ERR_INTERNAL_ERROR: |
| 356 | case SSH_ERR_ALLOC_FAIL: |
| 357 | case SSH_ERR_INVALID_ARGUMENT: |
| 358 | case SSH_ERR_SYSTEM_ERROR: |
| 359 | case 0: |
| 360 | return r; |
| 361 | } |
| 362 | #endif /* WITH_SSH1 */ |
| 363 | |
| 364 | /* try ssh2 public key */ |
| 365 | if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) |
| 366 | return SSH_ERR_ALLOC_FAIL; |
| 367 | if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { |
| 368 | if (keyp != NULL) |
| 369 | *keyp = pub; |
| 370 | return 0; |
| 371 | } |
| 372 | sshkey_free(pub); |
| 373 | |
| 374 | #ifdef WITH_SSH1 |
| 375 | /* try rsa1 public key */ |
| 376 | if ((pub = sshkey_new(KEY_RSA1)) == NULL) |
| 377 | return SSH_ERR_ALLOC_FAIL; |
| 378 | if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { |
| 379 | if (keyp != NULL) |
| 380 | *keyp = pub; |
| 381 | return 0; |
| 382 | } |
| 383 | sshkey_free(pub); |
| 384 | #endif /* WITH_SSH1 */ |
| 385 | |
| 386 | skip: |
| 387 | /* try .pub suffix */ |
| 388 | if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) |
| 389 | return SSH_ERR_ALLOC_FAIL; |
| 390 | r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ |
| 391 | if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && |
| 392 | (strlcat(file, ".pub", sizeof file) < sizeof(file)) && |
| 393 | (r = sshkey_try_load_public(pub, file, commentp)) == 0) { |
| 394 | if (keyp != NULL) |
| 395 | *keyp = pub; |
| 396 | return 0; |
| 397 | } |
| 398 | sshkey_free(pub); |
| 399 | |
| 400 | return r; |
| 401 | } |
| 402 | |
| 403 | /* Load the certificate associated with the named private key */ |
| 404 | int |
| 405 | sshkey_load_cert(const char *filename, struct sshkey **keyp) |
| 406 | { |
| 407 | struct sshkey *pub = NULL; |
| 408 | char *file = NULL; |
| 409 | int r = SSH_ERR_INTERNAL_ERROR; |
| 410 | |
| 411 | *keyp = NULL; |
| 412 | |
| 413 | if (asprintf(&file, "%s-cert.pub", filename) == -1) |
| 414 | return SSH_ERR_ALLOC_FAIL; |
| 415 | |
| 416 | if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { |
| 417 | goto out; |
| 418 | } |
| 419 | if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) |
| 420 | goto out; |
| 421 | |
| 422 | *keyp = pub; |
| 423 | pub = NULL; |
| 424 | r = 0; |
| 425 | |
| 426 | out: |
| 427 | if (file != NULL) |
| 428 | free(file); |
| 429 | if (pub != NULL) |
| 430 | sshkey_free(pub); |
| 431 | return r; |
| 432 | } |
| 433 | |
| 434 | /* Load private key and certificate */ |
| 435 | int |
| 436 | sshkey_load_private_cert(int type, const char *filename, const char *passphrase, |
| 437 | struct sshkey **keyp, int *perm_ok) |
| 438 | { |
| 439 | struct sshkey *key = NULL, *cert = NULL; |
| 440 | int r; |
| 441 | |
| 442 | *keyp = NULL; |
| 443 | |
| 444 | switch (type) { |
| 445 | #ifdef WITH_OPENSSL |
| 446 | case KEY_RSA: |
| 447 | case KEY_DSA: |
| 448 | case KEY_ECDSA: |
| 449 | case KEY_ED25519: |
| 450 | #endif /* WITH_OPENSSL */ |
| 451 | case KEY_UNSPEC: |
| 452 | break; |
| 453 | default: |
| 454 | return SSH_ERR_KEY_TYPE_UNKNOWN; |
| 455 | } |
| 456 | |
| 457 | if ((r = sshkey_load_private_type(type, filename, |
| 458 | passphrase, &key, NULL, perm_ok)) != 0 || |
| 459 | (r = sshkey_load_cert(filename, &cert)) != 0) |
| 460 | goto out; |
| 461 | |
| 462 | /* Make sure the private key matches the certificate */ |
| 463 | if (sshkey_equal_public(key, cert) == 0) { |
| 464 | r = SSH_ERR_KEY_CERT_MISMATCH; |
| 465 | goto out; |
| 466 | } |
| 467 | |
| 468 | if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 || |
| 469 | (r = sshkey_cert_copy(cert, key)) != 0) |
| 470 | goto out; |
| 471 | r = 0; |
| 472 | *keyp = key; |
| 473 | key = NULL; |
| 474 | out: |
| 475 | if (key != NULL) |
| 476 | sshkey_free(key); |
| 477 | if (cert != NULL) |
| 478 | sshkey_free(cert); |
| 479 | return r; |
| 480 | } |
| 481 | |
| 482 | /* |
| 483 | * Returns success if the specified "key" is listed in the file "filename", |
| 484 | * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. |
| 485 | * If "strict_type" is set then the key type must match exactly, |
| 486 | * otherwise a comparison that ignores certficiate data is performed. |
| 487 | * If "check_ca" is set and "key" is a certificate, then its CA key is |
| 488 | * also checked and sshkey_in_file() will return success if either is found. |
| 489 | */ |
| 490 | int |
| 491 | sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, |
| 492 | int check_ca) |
| 493 | { |
| 494 | FILE *f; |
| 495 | char line[SSH_MAX_PUBKEY_BYTES]; |
| 496 | char *cp; |
| 497 | u_long linenum = 0; |
| 498 | int r = 0; |
| 499 | struct sshkey *pub = NULL; |
| 500 | int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = |
| 501 | strict_type ? sshkey_equal : sshkey_equal_public; |
| 502 | |
| 503 | if ((f = fopen(filename, "r")) == NULL) |
| 504 | return SSH_ERR_SYSTEM_ERROR; |
| 505 | |
| 506 | while (read_keyfile_line(f, filename, line, sizeof(line), |
| 507 | &linenum) != -1) { |
| 508 | cp = line; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 509 | |
| 510 | /* Skip leading whitespace. */ |
| 511 | for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) |
| 512 | ; |
| 513 | |
| 514 | /* Skip comments and empty lines */ |
| 515 | switch (*cp) { |
| 516 | case '#': |
| 517 | case '\n': |
| 518 | case '\0': |
| 519 | continue; |
| 520 | } |
| 521 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 522 | if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { |
| 523 | r = SSH_ERR_ALLOC_FAIL; |
| 524 | goto out; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 525 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 526 | if ((r = sshkey_read(pub, &cp)) != 0) |
| 527 | goto out; |
| 528 | if (sshkey_compare(key, pub) || |
| 529 | (check_ca && sshkey_is_cert(key) && |
| 530 | sshkey_compare(key->cert->signature_key, pub))) { |
| 531 | r = 0; |
| 532 | goto out; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 533 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 534 | sshkey_free(pub); |
| 535 | pub = NULL; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 536 | } |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 537 | r = SSH_ERR_KEY_NOT_FOUND; |
| 538 | out: |
| 539 | if (pub != NULL) |
| 540 | sshkey_free(pub); |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 541 | fclose(f); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 542 | return r; |
| 543 | } |
| 544 | |
| 545 | /* |
| 546 | * Checks whether the specified key is revoked, returning 0 if not, |
| 547 | * SSH_ERR_KEY_REVOKED if it is or another error code if something |
| 548 | * unexpected happened. |
| 549 | * This will check both the key and, if it is a certificate, its CA key too. |
| 550 | * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. |
| 551 | */ |
| 552 | int |
| 553 | sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) |
| 554 | { |
| 555 | int r; |
| 556 | |
| 557 | r = ssh_krl_file_contains_key(revoked_keys_file, key); |
| 558 | /* If this was not a KRL to begin with then continue below */ |
| 559 | if (r != SSH_ERR_KRL_BAD_MAGIC) |
| 560 | return r; |
| 561 | |
| 562 | /* |
| 563 | * If the file is not a KRL or we can't handle KRLs then attempt to |
| 564 | * parse the file as a flat list of keys. |
| 565 | */ |
| 566 | switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { |
| 567 | case 0: |
| 568 | /* Key found => revoked */ |
| 569 | return SSH_ERR_KEY_REVOKED; |
| 570 | case SSH_ERR_KEY_NOT_FOUND: |
| 571 | /* Key not found => not revoked */ |
| 572 | return 0; |
| 573 | default: |
| 574 | /* Some other error occurred */ |
| 575 | return r; |
| 576 | } |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 577 | } |
| 578 | |