[BACK]Return to ssh-keysign.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/ssh-keysign.c, Revision 1.55

1.55    ! dtucker     1: /* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */
1.1       markus      2: /*
                      3:  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
                      4:  *
                      5:  * Redistribution and use in source and binary forms, with or without
                      6:  * modification, are permitted provided that the following conditions
                      7:  * are met:
                      8:  * 1. Redistributions of source code must retain the above copyright
                      9:  *    notice, this list of conditions and the following disclaimer.
                     10:  * 2. Redistributions in binary form must reproduce the above copyright
                     11:  *    notice, this list of conditions and the following disclaimer in the
                     12:  *    documentation and/or other materials provided with the distribution.
                     13:  *
                     14:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     15:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     16:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     17:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     18:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     19:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     20:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     21:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     22:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     23:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     24:  */
1.20      stevesk    25:
1.24      stevesk    26: #include <sys/types.h>
1.1       markus     27:
                     28: #include <openssl/evp.h>
1.6       markus     29: #include <openssl/rsa.h>
1.24      stevesk    30:
1.25      stevesk    31: #include <fcntl.h>
1.24      stevesk    32: #include <paths.h>
                     33: #include <pwd.h>
1.28      stevesk    34: #include <stdlib.h>
1.27      stevesk    35: #include <string.h>
1.26      stevesk    36: #include <unistd.h>
1.50      djm        37: #include <errno.h>
1.1       markus     38:
1.29      deraadt    39: #include "xmalloc.h"
1.1       markus     40: #include "log.h"
1.46      djm        41: #include "sshkey.h"
1.7       markus     42: #include "ssh.h"
1.1       markus     43: #include "ssh2.h"
                     44: #include "misc.h"
1.46      djm        45: #include "sshbuf.h"
1.1       markus     46: #include "authfile.h"
                     47: #include "msg.h"
1.2       markus     48: #include "canohost.h"
1.1       markus     49: #include "pathnames.h"
1.7       markus     50: #include "readconf.h"
1.17      dtucker    51: #include "uidswap.h"
1.45      djm        52: #include "sshkey.h"
                     53: #include "ssherr.h"
1.7       markus     54:
1.50      djm        55: extern char *__progname;
                     56:
1.1       markus     57: static int
1.46      djm        58: valid_request(struct passwd *pw, char *host, struct sshkey **ret,
                     59:     u_char *data, size_t datalen)
1.1       markus     60: {
1.46      djm        61:        struct sshbuf *b;
                     62:        struct sshkey *key = NULL;
                     63:        u_char type, *pkblob;
                     64:        char *p;
                     65:        size_t blen, len;
                     66:        char *pkalg, *luser;
                     67:        int r, pktype, fail;
1.1       markus     68:
1.45      djm        69:        if (ret != NULL)
                     70:                *ret = NULL;
1.1       markus     71:        fail = 0;
                     72:
1.46      djm        73:        if ((b = sshbuf_from(data, datalen)) == NULL)
                     74:                fatal("%s: sshbuf_from failed", __func__);
1.4       deraadt    75:
1.23      dtucker    76:        /* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
1.46      djm        77:        if ((r = sshbuf_get_string(b, NULL, &len)) != 0)
                     78:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.23      dtucker    79:        if (len != 20 && len != 32)
1.3       markus     80:                fail++;
                     81:
1.46      djm        82:        if ((r = sshbuf_get_u8(b, &type)) != 0)
                     83:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                     84:        if (type != SSH2_MSG_USERAUTH_REQUEST)
1.1       markus     85:                fail++;
                     86:
                     87:        /* server user */
1.46      djm        88:        if ((r = sshbuf_skip_string(b)) != 0)
                     89:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus     90:
                     91:        /* service */
1.46      djm        92:        if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
                     93:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus     94:        if (strcmp("ssh-connection", p) != 0)
                     95:                fail++;
1.37      djm        96:        free(p);
1.1       markus     97:
                     98:        /* method */
1.46      djm        99:        if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
                    100:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    101:        if (strcmp("hostbased", p) != 0)
                    102:                fail++;
1.37      djm       103:        free(p);
1.1       markus    104:
                    105:        /* pubkey */
1.46      djm       106:        if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 ||
                    107:            (r = sshbuf_get_string(b, &pkblob, &blen)) != 0)
                    108:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    109:
1.46      djm       110:        pktype = sshkey_type_from_name(pkalg);
1.1       markus    111:        if (pktype == KEY_UNSPEC)
                    112:                fail++;
1.46      djm       113:        else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
                    114:                error("%s: bad key blob: %s", __func__, ssh_err(r));
1.1       markus    115:                fail++;
1.46      djm       116:        } else if (key->type != pktype)
1.1       markus    117:                fail++;
1.37      djm       118:        free(pkalg);
                    119:        free(pkblob);
1.1       markus    120:
1.2       markus    121:        /* client host name, handle trailing dot */
1.46      djm       122:        if ((r = sshbuf_get_cstring(b, &p, &len)) != 0)
                    123:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    124:        debug2("%s: check expect chost %s got %s", __func__, host, p);
1.2       markus    125:        if (strlen(host) != len - 1)
                    126:                fail++;
                    127:        else if (p[len - 1] != '.')
1.4       deraadt   128:                fail++;
1.2       markus    129:        else if (strncasecmp(host, p, len - 1) != 0)
1.4       deraadt   130:                fail++;
1.37      djm       131:        free(p);
1.1       markus    132:
                    133:        /* local user */
1.46      djm       134:        if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0)
                    135:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.2       markus    136:
1.46      djm       137:        if (strcmp(pw->pw_name, luser) != 0)
1.1       markus    138:                fail++;
1.46      djm       139:        free(luser);
1.1       markus    140:
                    141:        /* end of message */
1.46      djm       142:        if (sshbuf_len(b) != 0)
1.1       markus    143:                fail++;
1.46      djm       144:        sshbuf_free(b);
1.1       markus    145:
1.46      djm       146:        debug3("%s: fail %d", __func__, fail);
1.1       markus    147:
1.53      dtucker   148:        if (fail)
1.46      djm       149:                sshkey_free(key);
1.48      markus    150:        else if (ret != NULL)
1.1       markus    151:                *ret = key;
                    152:
                    153:        return (fail ? -1 : 0);
                    154: }
                    155:
                    156: int
                    157: main(int argc, char **argv)
                    158: {
1.46      djm       159:        struct sshbuf *b;
1.7       markus    160:        Options options;
1.54      markus    161: #define NUM_KEYTYPES 5
1.46      djm       162:        struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
1.1       markus    163:        struct passwd *pw;
1.45      djm       164:        int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
1.46      djm       165:        u_char *signature, *data, rver;
1.40      djm       166:        char *host, *fp;
1.46      djm       167:        size_t slen, dlen;
1.19      djm       168:
1.52      dtucker   169:        ssh_malloc_init();      /* must be called before any mallocs */
1.50      djm       170:        if (pledge("stdio rpath getpw dns id", NULL) != 0)
                    171:                fatal("%s: pledge: %s", __progname, strerror(errno));
                    172:
1.19      djm       173:        /* Ensure that stdin and stdout are connected */
                    174:        if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
                    175:                exit(1);
                    176:        /* Leave /dev/null fd iff it is attached to stderr */
                    177:        if (fd > 2)
                    178:                close(fd);
1.1       markus    179:
1.36      djm       180:        i = 0;
1.49      djm       181:        /* XXX This really needs to read sshd_config for the paths */
1.36      djm       182:        key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
                    183:        key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
1.39      markus    184:        key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
1.54      markus    185:        key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
1.36      djm       186:        key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
1.1       markus    187:
1.55    ! dtucker   188:        if ((pw = getpwuid(getuid())) == NULL)
1.17      dtucker   189:                fatal("getpwuid failed");
                    190:        pw = pwcopy(pw);
                    191:
                    192:        permanently_set_uid(pw);
1.1       markus    193:
                    194: #ifdef DEBUG_SSH_KEYSIGN
                    195:        log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
1.4       deraadt   196: #endif
1.7       markus    197:
                    198:        /* verify that ssh-keysign is enabled by the admin */
                    199:        initialize_options(&options);
1.43      djm       200:        (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", &options, 0);
1.7       markus    201:        fill_default_options(&options);
1.8       markus    202:        if (options.enable_ssh_keysign != 1)
                    203:                fatal("ssh-keysign not enabled in %s",
1.7       markus    204:                    _PATH_HOST_CONFIG_FILE);
1.1       markus    205:
1.36      djm       206:        for (i = found = 0; i < NUM_KEYTYPES; i++) {
                    207:                if (key_fd[i] != -1)
                    208:                        found = 1;
                    209:        }
                    210:        if (found == 0)
1.1       markus    211:                fatal("could not open any host key");
                    212:
1.35      djm       213:        OpenSSL_add_all_algorithms();
1.1       markus    214:
                    215:        found = 0;
1.36      djm       216:        for (i = 0; i < NUM_KEYTYPES; i++) {
1.1       markus    217:                keys[i] = NULL;
                    218:                if (key_fd[i] == -1)
                    219:                        continue;
1.45      djm       220:                r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC,
                    221:                    NULL, &key, NULL);
1.1       markus    222:                close(key_fd[i]);
1.45      djm       223:                if (r != 0)
                    224:                        debug("parse key %d: %s", i, ssh_err(r));
                    225:                else if (key != NULL) {
                    226:                        keys[i] = key;
1.1       markus    227:                        found = 1;
1.45      djm       228:                }
1.1       markus    229:        }
                    230:        if (!found)
                    231:                fatal("no hostkey found");
                    232:
1.50      djm       233:        if (pledge("stdio dns", NULL) != 0)
                    234:                fatal("%s: pledge: %s", __progname, strerror(errno));
                    235:
1.46      djm       236:        if ((b = sshbuf_new()) == NULL)
1.50      djm       237:                fatal("%s: sshbuf_new failed", __progname);
1.46      djm       238:        if (ssh_msg_recv(STDIN_FILENO, b) < 0)
1.9       djm       239:                fatal("ssh_msg_recv failed");
1.46      djm       240:        if ((r = sshbuf_get_u8(b, &rver)) != 0)
1.50      djm       241:                fatal("%s: buffer error: %s", __progname, ssh_err(r));
1.46      djm       242:        if (rver != version)
                    243:                fatal("bad version: received %d, expected %d", rver, version);
                    244:        if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
1.50      djm       245:                fatal("%s: buffer error: %s", __progname, ssh_err(r));
1.46      djm       246:        if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
1.2       markus    247:                fatal("bad fd");
                    248:        if ((host = get_local_name(fd)) == NULL)
1.30      dtucker   249:                fatal("cannot get local name for fd");
1.4       deraadt   250:
1.46      djm       251:        if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
1.50      djm       252:                fatal("%s: buffer error: %s", __progname, ssh_err(r));
1.2       markus    253:        if (valid_request(pw, host, &key, data, dlen) < 0)
1.1       markus    254:                fatal("not a valid request");
1.37      djm       255:        free(host);
1.1       markus    256:
                    257:        found = 0;
1.36      djm       258:        for (i = 0; i < NUM_KEYTYPES; i++) {
1.1       markus    259:                if (keys[i] != NULL &&
1.46      djm       260:                    sshkey_equal_public(key, keys[i])) {
1.1       markus    261:                        found = 1;
                    262:                        break;
                    263:                }
                    264:        }
1.40      djm       265:        if (!found) {
1.47      djm       266:                if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
                    267:                    SSH_FP_DEFAULT)) == NULL)
1.50      djm       268:                        fatal("%s: sshkey_fingerprint failed", __progname);
1.40      djm       269:                fatal("no matching hostkey found for key %s %s",
1.46      djm       270:                    sshkey_type(key), fp ? fp : "");
1.40      djm       271:        }
1.1       markus    272:
1.51      markus    273:        if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0))
                    274:            != 0)
1.46      djm       275:                fatal("sshkey_sign failed: %s", ssh_err(r));
1.37      djm       276:        free(data);
1.4       deraadt   277:
1.1       markus    278:        /* send reply */
1.46      djm       279:        sshbuf_reset(b);
                    280:        if ((r = sshbuf_put_string(b, signature, slen)) != 0)
1.50      djm       281:                fatal("%s: buffer error: %s", __progname, ssh_err(r));
1.46      djm       282:        if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
1.14      djm       283:                fatal("ssh_msg_send failed");
1.1       markus    284:
                    285:        return (0);
                    286: }