Return to ssh-keysign.c CVS log

Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/ssh-keysign.c, Revision 1.2

1.1       markus      1: /*
                      2:  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
                      3:  *
                      4:  * Redistribution and use in source and binary forms, with or without
                      5:  * modification, are permitted provided that the following conditions
                      6:  * are met:
                      7:  * 1. Redistributions of source code must retain the above copyright
                      8:  *    notice, this list of conditions and the following disclaimer.
                      9:  * 2. Redistributions in binary form must reproduce the above copyright
                     10:  *    notice, this list of conditions and the following disclaimer in the
                     11:  *    documentation and/or other materials provided with the distribution.
                     12:  *
                     13:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     14:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     15:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     16:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     17:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     18:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     19:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     20:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     21:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     22:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     23:  */
                     24: #include "includes.h"
1.2     ! markus     25: RCSID("$OpenBSD: ssh-keysign.c,v 1.1 2002/05/23 19:24:30 markus Exp $");
1.1       markus     26:
                     27: #include <openssl/evp.h>
                     28:
                     29: #include "log.h"
                     30: #include "key.h"
                     31: #include "ssh2.h"
                     32: #include "misc.h"
                     33: #include "xmalloc.h"
                     34: #include "buffer.h"
                     35: #include "bufaux.h"
                     36: #include "authfile.h"
                     37: #include "msg.h"
1.2     ! markus     38: #include "canohost.h"
1.1       markus     39: #include "pathnames.h"
                     40:
                     41: static int
1.2     ! markus     42: valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
        !            43:     u_int datalen)
1.1       markus     44: {
                     45:        Buffer b;
                     46:        Key *key;
1.2     ! markus     47:        u_char *pkblob;
        !            48:        u_int blen, len;
        !            49:        char *pkalg, *p;
1.1       markus     50:        int pktype, fail;
                     51:
                     52:        fail = 0;
                     53:
                     54:        buffer_init(&b);
                     55:        buffer_append(&b, data, datalen);
                     56:
                     57:        /* session id */
                     58:        buffer_skip_string(&b);
                     59:        if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
                     60:                fail++;
                     61:
                     62:        /* server user */
                     63:        buffer_skip_string(&b);
                     64:
                     65:        /* service */
                     66:        p = buffer_get_string(&b, NULL);
                     67:        if (strcmp("ssh-connection", p) != 0)
                     68:                fail++;
                     69:        xfree(p);
                     70:
                     71:        /* method */
                     72:        p = buffer_get_string(&b, NULL);
                     73:        if (strcmp("hostbased", p) != 0)
                     74:                fail++;
                     75:        xfree(p);
                     76:
                     77:        /* pubkey */
                     78:        pkalg = buffer_get_string(&b, NULL);
                     79:        pkblob = buffer_get_string(&b, &blen);
                     80:
                     81:        pktype = key_type_from_name(pkalg);
                     82:        if (pktype == KEY_UNSPEC)
                     83:                fail++;
                     84:        else if ((key = key_from_blob(pkblob, blen)) == NULL)
                     85:                fail++;
                     86:        else if (key->type != pktype)
                     87:                fail++;
                     88:        xfree(pkalg);
                     89:        xfree(pkblob);
                     90:
1.2     ! markus     91:        /* client host name, handle trailing dot */
        !            92:        p = buffer_get_string(&b, &len);
        !            93:        debug2("valid_request: check expect chost %s got %s", host, p);
        !            94:        if (strlen(host) != len - 1)
        !            95:                fail++;
        !            96:        else if (p[len - 1] != '.')
        !            97:              fail++;
        !            98:        else if (strncasecmp(host, p, len - 1) != 0)
        !            99:              fail++;
        !           100:        xfree(p);
1.1       markus    101:
                    102:        /* local user */
                    103:        p = buffer_get_string(&b, NULL);
1.2     ! markus    104:
1.1       markus    105:        if (strcmp(pw->pw_name, p) != 0)
                    106:                fail++;
                    107:        xfree(p);
                    108:
                    109:        /* end of message */
                    110:        if (buffer_len(&b) != 0)
                    111:                fail++;
                    112:
                    113:        debug3("valid_request: fail %d", fail);
                    114:
                    115:        if (fail && key != NULL)
                    116:                key_free(key);
                    117:        else
                    118:                *ret = key;
                    119:
                    120:        return (fail ? -1 : 0);
                    121: }
                    122:
                    123: int
                    124: main(int argc, char **argv)
                    125: {
                    126:        Buffer b;
                    127:        Key *keys[2], *key;
                    128:        struct passwd *pw;
1.2     ! markus    129:        int key_fd[2], i, found, version = 2, fd;
1.1       markus    130:        u_char *signature, *data;
1.2     ! markus    131:        char *host;
1.1       markus    132:        u_int slen, dlen;
                    133:
                    134:        key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
                    135:        key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
                    136:
                    137:        seteuid(getuid());
                    138:        setuid(getuid());
                    139:
                    140: #ifdef DEBUG_SSH_KEYSIGN
                    141:        log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
                    142: #endif
                    143:
                    144:        if (key_fd[0] == -1 && key_fd[1] == -1)
                    145:                fatal("could not open any host key");
                    146:
                    147:        if ((pw = getpwuid(getuid())) == NULL)
                    148:                fatal("getpwuid failed");
                    149:        pw = pwcopy(pw);
                    150:
                    151:        SSLeay_add_all_algorithms();
                    152:
                    153:        found = 0;
                    154:        for (i = 0; i < 2; i++) {
                    155:                keys[i] = NULL;
                    156:                if (key_fd[i] == -1)
                    157:                        continue;
                    158:                keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
                    159:                    NULL, NULL);
                    160:                close(key_fd[i]);
                    161:                if (keys[i] != NULL)
                    162:                        found = 1;
                    163:        }
                    164:        if (!found)
                    165:                fatal("no hostkey found");
                    166:
                    167:        buffer_init(&b);
                    168:        if (msg_recv(STDIN_FILENO, &b) < 0)
                    169:                fatal("msg_recv failed");
                    170:        if (buffer_get_char(&b) != version)
                    171:                fatal("bad version");
1.2     ! markus    172:        fd = buffer_get_int(&b);
        !           173:        if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
        !           174:                fatal("bad fd");
        !           175:        if ((host = get_local_name(fd)) == NULL)
        !           176:                fatal("cannot get sockname for fd");
        !           177:
1.1       markus    178:        data = buffer_get_string(&b, &dlen);
1.2     ! markus    179:        if (valid_request(pw, host, &key, data, dlen) < 0)
1.1       markus    180:                fatal("not a valid request");
                    181:        xfree(data);
1.2     ! markus    182:        xfree(host);
1.1       markus    183:
                    184:        found = 0;
                    185:        for (i = 0; i < 2; i++) {
                    186:                if (keys[i] != NULL &&
                    187:                    key_equal(key, keys[i])) {
                    188:                        found = 1;
                    189:                        break;
                    190:                }
                    191:        }
                    192:        if (!found)
                    193:                fatal("no matching hostkey found");
                    194:
                    195:        if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
                    196:                fatal("key_sign failed");
                    197:
                    198:        /* send reply */
                    199:        buffer_clear(&b);
                    200:        buffer_put_string(&b, signature, slen);
                    201:        msg_send(STDOUT_FILENO, version, &b);
                    202:
                    203:        return (0);
                    204: }