1 /* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */
2 /*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "includes.h"
27
28 #include <sys/types.h>
29 #include <sys/stat.h>
30
31 #include <stdlib.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #ifdef HAVE_PATHS_H
35 # include <paths.h>
36 #endif
37 #include <pwd.h>
38 #include <signal.h>
39 #include <stdio.h>
40 #include <stdarg.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44 #include <limits.h>
45
46 #include "xmalloc.h"
47 #include "ssh.h"
48 #include "ssh2.h"
49 #include "packet.h"
50 #include "sshbuf.h"
51 #include "log.h"
52 #include "misc.h"
53 #include "servconf.h"
54 #include "compat.h"
55 #include "sshkey.h"
56 #include "hostfile.h"
57 #include "auth.h"
58 #include "pathnames.h"
59 #include "uidswap.h"
60 #include "auth-options.h"
61 #include "canohost.h"
62 #ifdef GSSAPI
63 #include "ssh-gss.h"
64 #endif
65 #include "monitor_wrap.h"
66 #include "authfile.h"
67 #include "match.h"
68 #include "ssherr.h"
69 #include "channels.h" /* XXX for session.h */
70 #include "session.h" /* XXX for child_set_env(); refactor? */
71 #include "sk-api.h"
72
73 /* import */
74 extern ServerOptions options;
75 extern u_char *session_id2;
76 extern u_int session_id2_len;
77
78 static char *
format_key(const struct sshkey * key)79 format_key(const struct sshkey *key)
80 {
81 char *ret, *fp = sshkey_fingerprint(key,
82 options.fingerprint_hash, SSH_FP_DEFAULT);
83
84 xasprintf(&ret, "%s %s", sshkey_type(key), fp);
85 free(fp);
86 return ret;
87 }
88
89 static int
userauth_pubkey(struct ssh * ssh)90 userauth_pubkey(struct ssh *ssh)
91 {
92 Authctxt *authctxt = ssh->authctxt;
93 struct passwd *pw = authctxt->pw;
94 struct sshbuf *b = NULL;
95 struct sshkey *key = NULL;
96 char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
97 u_char *pkblob = NULL, *sig = NULL, have_sig;
98 size_t blen, slen;
99 int r, pktype;
100 int req_presence = 0, authenticated = 0;
101 struct sshauthopt *authopts = NULL;
102 struct sshkey_sig_details *sig_details = NULL;
103
104 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
105 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
106 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
107 fatal("%s: parse request failed: %s", __func__, ssh_err(r));
108
109 if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
110 char *keystring;
111 struct sshbuf *pkbuf;
112
113 if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
114 fatal("%s: sshbuf_from failed", __func__);
115 if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
116 fatal("%s: sshbuf_dtob64 failed", __func__);
117 debug2("%s: %s user %s %s public key %s %s", __func__,
118 authctxt->valid ? "valid" : "invalid", authctxt->user,
119 have_sig ? "attempting" : "querying", pkalg, keystring);
120 sshbuf_free(pkbuf);
121 free(keystring);
122 }
123
124 pktype = sshkey_type_from_name(pkalg);
125 if (pktype == KEY_UNSPEC) {
126 /* this is perfectly legal */
127 verbose("%s: unsupported public key algorithm: %s",
128 __func__, pkalg);
129 goto done;
130 }
131 if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
132 error("%s: could not parse key: %s", __func__, ssh_err(r));
133 goto done;
134 }
135 if (key == NULL) {
136 error("%s: cannot decode key: %s", __func__, pkalg);
137 goto done;
138 }
139 if (key->type != pktype) {
140 error("%s: type mismatch for decoded key "
141 "(received %d, expected %d)", __func__, key->type, pktype);
142 goto done;
143 }
144 if (sshkey_type_plain(key->type) == KEY_RSA &&
145 (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
146 logit("Refusing RSA key because client uses unsafe "
147 "signature scheme");
148 goto done;
149 }
150 if (auth2_key_already_used(authctxt, key)) {
151 logit("refusing previously-used %s key", sshkey_type(key));
152 goto done;
153 }
154 if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
155 logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
156 __func__, sshkey_ssh_name(key));
157 goto done;
158 }
159 if ((r = sshkey_check_cert_sigtype(key,
160 options.ca_sign_algorithms)) != 0) {
161 logit("%s: certificate signature algorithm %s: %s", __func__,
162 (key->cert == NULL || key->cert->signature_type == NULL) ?
163 "(null)" : key->cert->signature_type, ssh_err(r));
164 goto done;
165 }
166 key_s = format_key(key);
167 if (sshkey_is_cert(key))
168 ca_s = format_key(key->cert->signature_key);
169
170 if (have_sig) {
171 debug3("%s: have %s signature for %s%s%s",
172 __func__, pkalg, key_s,
173 ca_s == NULL ? "" : " CA ",
174 ca_s == NULL ? "" : ca_s);
175 if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
176 (r = sshpkt_get_end(ssh)) != 0)
177 fatal("%s: %s", __func__, ssh_err(r));
178 if ((b = sshbuf_new()) == NULL)
179 fatal("%s: sshbuf_new failed", __func__);
180 if (ssh->compat & SSH_OLD_SESSIONID) {
181 if ((r = sshbuf_put(b, session_id2,
182 session_id2_len)) != 0)
183 fatal("%s: sshbuf_put session id: %s",
184 __func__, ssh_err(r));
185 } else {
186 if ((r = sshbuf_put_string(b, session_id2,
187 session_id2_len)) != 0)
188 fatal("%s: sshbuf_put_string session id: %s",
189 __func__, ssh_err(r));
190 }
191 if (!authctxt->valid || authctxt->user == NULL) {
192 debug2("%s: disabled because of invalid user",
193 __func__);
194 goto done;
195 }
196 /* reconstruct packet */
197 xasprintf(&userstyle, "%s%s%s", authctxt->user,
198 authctxt->style ? ":" : "",
199 authctxt->style ? authctxt->style : "");
200 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
201 (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
202 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
203 (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
204 (r = sshbuf_put_u8(b, have_sig)) != 0 ||
205 (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
206 (r = sshbuf_put_string(b, pkblob, blen)) != 0)
207 fatal("%s: build packet failed: %s",
208 __func__, ssh_err(r));
209 #ifdef DEBUG_PK
210 sshbuf_dump(b, stderr);
211 #endif
212 /* test for correct signature */
213 authenticated = 0;
214 if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
215 PRIVSEP(sshkey_verify(key, sig, slen,
216 sshbuf_ptr(b), sshbuf_len(b),
217 (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
218 ssh->compat, &sig_details)) == 0) {
219 authenticated = 1;
220 }
221 if (authenticated == 1 && sig_details != NULL) {
222 auth2_record_info(authctxt, "signature count = %u",
223 sig_details->sk_counter);
224 debug("%s: sk_counter = %u, sk_flags = 0x%02x",
225 __func__, sig_details->sk_counter,
226 sig_details->sk_flags);
227 req_presence = (options.pubkey_auth_options &
228 PUBKEYAUTH_TOUCH_REQUIRED) ||
229 !authopts->no_require_user_presence;
230 if (req_presence && (sig_details->sk_flags &
231 SSH_SK_USER_PRESENCE_REQD) == 0) {
232 error("public key %s signature for %s%s from "
233 "%.128s port %d rejected: user presence "
234 "(authenticator touch) requirement "
235 "not met ", key_s,
236 authctxt->valid ? "" : "invalid user ",
237 authctxt->user, ssh_remote_ipaddr(ssh),
238 ssh_remote_port(ssh));
239 authenticated = 0;
240 goto done;
241 }
242 }
243 auth2_record_key(authctxt, authenticated, key);
244 } else {
245 debug("%s: test pkalg %s pkblob %s%s%s",
246 __func__, pkalg, key_s,
247 ca_s == NULL ? "" : " CA ",
248 ca_s == NULL ? "" : ca_s);
249
250 if ((r = sshpkt_get_end(ssh)) != 0)
251 fatal("%s: %s", __func__, ssh_err(r));
252
253 if (!authctxt->valid || authctxt->user == NULL) {
254 debug2("%s: disabled because of invalid user",
255 __func__);
256 goto done;
257 }
258 /* XXX fake reply and always send PK_OK ? */
259 /*
260 * XXX this allows testing whether a user is allowed
261 * to login: if you happen to have a valid pubkey this
262 * message is sent. the message is NEVER sent at all
263 * if a user is not allowed to login. is this an
264 * issue? -markus
265 */
266 if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
267 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
268 != 0 ||
269 (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
270 (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
271 (r = sshpkt_send(ssh)) != 0 ||
272 (r = ssh_packet_write_wait(ssh)) != 0)
273 fatal("%s: %s", __func__, ssh_err(r));
274 authctxt->postponed = 1;
275 }
276 }
277 done:
278 if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
279 debug("%s: key options inconsistent with existing", __func__);
280 authenticated = 0;
281 }
282 debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
283
284 sshbuf_free(b);
285 sshauthopt_free(authopts);
286 sshkey_free(key);
287 free(userstyle);
288 free(pkalg);
289 free(pkblob);
290 free(key_s);
291 free(ca_s);
292 free(sig);
293 sshkey_sig_details_free(sig_details);
294 return authenticated;
295 }
296
297 static int
match_principals_option(const char * principal_list,struct sshkey_cert * cert)298 match_principals_option(const char *principal_list, struct sshkey_cert *cert)
299 {
300 char *result;
301 u_int i;
302
303 /* XXX percent_expand() sequences for authorized_principals? */
304
305 for (i = 0; i < cert->nprincipals; i++) {
306 if ((result = match_list(cert->principals[i],
307 principal_list, NULL)) != NULL) {
308 debug3("matched principal from key options \"%.100s\"",
309 result);
310 free(result);
311 return 1;
312 }
313 }
314 return 0;
315 }
316
317 /*
318 * Process a single authorized_principals format line. Returns 0 and sets
319 * authoptsp is principal is authorised, -1 otherwise. "loc" is used as a
320 * log preamble for file/line information.
321 */
322 static int
check_principals_line(struct ssh * ssh,char * cp,const struct sshkey_cert * cert,const char * loc,struct sshauthopt ** authoptsp)323 check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert,
324 const char *loc, struct sshauthopt **authoptsp)
325 {
326 u_int i, found = 0;
327 char *ep, *line_opts;
328 const char *reason = NULL;
329 struct sshauthopt *opts = NULL;
330
331 if (authoptsp != NULL)
332 *authoptsp = NULL;
333
334 /* Trim trailing whitespace. */
335 ep = cp + strlen(cp) - 1;
336 while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t'))
337 *ep-- = '\0';
338
339 /*
340 * If the line has internal whitespace then assume it has
341 * key options.
342 */
343 line_opts = NULL;
344 if ((ep = strrchr(cp, ' ')) != NULL ||
345 (ep = strrchr(cp, '\t')) != NULL) {
346 for (; *ep == ' ' || *ep == '\t'; ep++)
347 ;
348 line_opts = cp;
349 cp = ep;
350 }
351 if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) {
352 debug("%s: bad principals options: %s", loc, reason);
353 auth_debug_add("%s: bad principals options: %s", loc, reason);
354 return -1;
355 }
356 /* Check principals in cert against those on line */
357 for (i = 0; i < cert->nprincipals; i++) {
358 if (strcmp(cp, cert->principals[i]) != 0)
359 continue;
360 debug3("%s: matched principal \"%.100s\"",
361 loc, cert->principals[i]);
362 found = 1;
363 }
364 if (found && authoptsp != NULL) {
365 *authoptsp = opts;
366 opts = NULL;
367 }
368 sshauthopt_free(opts);
369 return found ? 0 : -1;
370 }
371
372 static int
process_principals(struct ssh * ssh,FILE * f,const char * file,const struct sshkey_cert * cert,struct sshauthopt ** authoptsp)373 process_principals(struct ssh *ssh, FILE *f, const char *file,
374 const struct sshkey_cert *cert, struct sshauthopt **authoptsp)
375 {
376 char loc[256], *line = NULL, *cp, *ep;
377 size_t linesize = 0;
378 u_long linenum = 0;
379 u_int found_principal = 0;
380
381 if (authoptsp != NULL)
382 *authoptsp = NULL;
383
384 while (getline(&line, &linesize, f) != -1) {
385 linenum++;
386 /* Always consume entire input */
387 if (found_principal)
388 continue;
389
390 /* Skip leading whitespace. */
391 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
392 ;
393 /* Skip blank and comment lines. */
394 if ((ep = strchr(cp, '#')) != NULL)
395 *ep = '\0';
396 if (!*cp || *cp == '\n')
397 continue;
398
399 snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum);
400 if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0)
401 found_principal = 1;
402 }
403 free(line);
404 return found_principal;
405 }
406
407 /* XXX remove pw args here and elsewhere once ssh->authctxt is guaranteed */
408
409 static int
match_principals_file(struct ssh * ssh,struct passwd * pw,char * file,struct sshkey_cert * cert,struct sshauthopt ** authoptsp)410 match_principals_file(struct ssh *ssh, struct passwd *pw, char *file,
411 struct sshkey_cert *cert, struct sshauthopt **authoptsp)
412 {
413 FILE *f;
414 int success;
415
416 if (authoptsp != NULL)
417 *authoptsp = NULL;
418
419 temporarily_use_uid(pw);
420 debug("trying authorized principals file %s", file);
421 if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
422 restore_uid();
423 return 0;
424 }
425 success = process_principals(ssh, f, file, cert, authoptsp);
426 fclose(f);
427 restore_uid();
428 return success;
429 }
430
431 /*
432 * Checks whether principal is allowed in output of command.
433 * returns 1 if the principal is allowed or 0 otherwise.
434 */
435 static int
match_principals_command(struct ssh * ssh,struct passwd * user_pw,const struct sshkey * key,struct sshauthopt ** authoptsp)436 match_principals_command(struct ssh *ssh, struct passwd *user_pw,
437 const struct sshkey *key, struct sshauthopt **authoptsp)
438 {
439 struct passwd *runas_pw = NULL;
440 const struct sshkey_cert *cert = key->cert;
441 FILE *f = NULL;
442 int r, ok, found_principal = 0;
443 int i, ac = 0, uid_swapped = 0;
444 pid_t pid;
445 char *tmp, *username = NULL, *command = NULL, **av = NULL;
446 char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
447 char serial_s[32], uidstr[32];
448 void (*osigchld)(int);
449
450 if (authoptsp != NULL)
451 *authoptsp = NULL;
452 if (options.authorized_principals_command == NULL)
453 return 0;
454 if (options.authorized_principals_command_user == NULL) {
455 error("No user for AuthorizedPrincipalsCommand specified, "
456 "skipping");
457 return 0;
458 }
459
460 /*
461 * NB. all returns later this function should go via "out" to
462 * ensure the original SIGCHLD handler is restored properly.
463 */
464 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
465
466 /* Prepare and verify the user for the command */
467 username = percent_expand(options.authorized_principals_command_user,
468 "u", user_pw->pw_name, (char *)NULL);
469 runas_pw = getpwnam(username);
470 if (runas_pw == NULL) {
471 error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s",
472 username, strerror(errno));
473 goto out;
474 }
475
476 /* Turn the command into an argument vector */
477 if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {
478 error("AuthorizedPrincipalsCommand \"%s\" contains "
479 "invalid quotes", options.authorized_principals_command);
480 goto out;
481 }
482 if (ac == 0) {
483 error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments",
484 options.authorized_principals_command);
485 goto out;
486 }
487 if ((ca_fp = sshkey_fingerprint(cert->signature_key,
488 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
489 error("%s: sshkey_fingerprint failed", __func__);
490 goto out;
491 }
492 if ((key_fp = sshkey_fingerprint(key,
493 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
494 error("%s: sshkey_fingerprint failed", __func__);
495 goto out;
496 }
497 if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
498 error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
499 goto out;
500 }
501 if ((r = sshkey_to_base64(key, &keytext)) != 0) {
502 error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
503 goto out;
504 }
505 snprintf(serial_s, sizeof(serial_s), "%llu",
506 (unsigned long long)cert->serial);
507 snprintf(uidstr, sizeof(uidstr), "%llu",
508 (unsigned long long)user_pw->pw_uid);
509 for (i = 1; i < ac; i++) {
510 tmp = percent_expand(av[i],
511 "U", uidstr,
512 "u", user_pw->pw_name,
513 "h", user_pw->pw_dir,
514 "t", sshkey_ssh_name(key),
515 "T", sshkey_ssh_name(cert->signature_key),
516 "f", key_fp,
517 "F", ca_fp,
518 "k", keytext,
519 "K", catext,
520 "i", cert->key_id,
521 "s", serial_s,
522 (char *)NULL);
523 if (tmp == NULL)
524 fatal("%s: percent_expand failed", __func__);
525 free(av[i]);
526 av[i] = tmp;
527 }
528 /* Prepare a printable command for logs, etc. */
529 command = argv_assemble(ac, av);
530
531 if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
532 ac, av, &f,
533 SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
534 goto out;
535
536 uid_swapped = 1;
537 temporarily_use_uid(runas_pw);
538
539 ok = process_principals(ssh, f, "(command)", cert, authoptsp);
540
541 fclose(f);
542 f = NULL;
543
544 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command, 0) != 0)
545 goto out;
546
547 /* Read completed successfully */
548 found_principal = ok;
549 out:
550 if (f != NULL)
551 fclose(f);
552 ssh_signal(SIGCHLD, osigchld);
553 for (i = 0; i < ac; i++)
554 free(av[i]);
555 free(av);
556 if (uid_swapped)
557 restore_uid();
558 free(command);
559 free(username);
560 free(ca_fp);
561 free(key_fp);
562 free(catext);
563 free(keytext);
564 return found_principal;
565 }
566
567 /*
568 * Check a single line of an authorized_keys-format file. Returns 0 if key
569 * matches, -1 otherwise. Will return key/cert options via *authoptsp
570 * on success. "loc" is used as file/line location in log messages.
571 */
572 static int
check_authkey_line(struct ssh * ssh,struct passwd * pw,struct sshkey * key,char * cp,const char * loc,struct sshauthopt ** authoptsp)573 check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
574 char *cp, const char *loc, struct sshauthopt **authoptsp)
575 {
576 int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type;
577 struct sshkey *found = NULL;
578 struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL;
579 char *key_options = NULL, *fp = NULL;
580 const char *reason = NULL;
581 int ret = -1;
582
583 if (authoptsp != NULL)
584 *authoptsp = NULL;
585
586 if ((found = sshkey_new(want_keytype)) == NULL) {
587 debug3("%s: keytype %d failed", __func__, want_keytype);
588 goto out;
589 }
590
591 /* XXX djm: peek at key type in line and skip if unwanted */
592
593 if (sshkey_read(found, &cp) != 0) {
594 /* no key? check for options */
595 debug2("%s: check options: '%s'", loc, cp);
596 key_options = cp;
597 if (sshkey_advance_past_options(&cp) != 0) {
598 reason = "invalid key option string";
599 goto fail_reason;
600 }
601 skip_space(&cp);
602 if (sshkey_read(found, &cp) != 0) {
603 /* still no key? advance to next line*/
604 debug2("%s: advance: '%s'", loc, cp);
605 goto out;
606 }
607 }
608 /* Parse key options now; we need to know if this is a CA key */
609 if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) {
610 debug("%s: bad key options: %s", loc, reason);
611 auth_debug_add("%s: bad key options: %s", loc, reason);
612 goto out;
613 }
614 /* Ignore keys that don't match or incorrectly marked as CAs */
615 if (sshkey_is_cert(key)) {
616 /* Certificate; check signature key against CA */
617 if (!sshkey_equal(found, key->cert->signature_key) ||
618 !keyopts->cert_authority)
619 goto out;
620 } else {
621 /* Plain key: check it against key found in file */
622 if (!sshkey_equal(found, key) || keyopts->cert_authority)
623 goto out;
624 }
625
626 /* We have a candidate key, perform authorisation checks */
627 if ((fp = sshkey_fingerprint(found,
628 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
629 fatal("%s: fingerprint failed", __func__);
630
631 debug("%s: matching %s found: %s %s", loc,
632 sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
633
634 if (auth_authorise_keyopts(ssh, pw, keyopts,
635 sshkey_is_cert(key), loc) != 0) {
636 reason = "Refused by key options";
637 goto fail_reason;
638 }
639 /* That's all we need for plain keys. */
640 if (!sshkey_is_cert(key)) {
641 verbose("Accepted key %s %s found at %s",
642 sshkey_type(found), fp, loc);
643 finalopts = keyopts;
644 keyopts = NULL;
645 goto success;
646 }
647
648 /*
649 * Additional authorisation for certificates.
650 */
651
652 /* Parse and check options present in certificate */
653 if ((certopts = sshauthopt_from_cert(key)) == NULL) {
654 reason = "Invalid certificate options";
655 goto fail_reason;
656 }
657 if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0) {
658 reason = "Refused by certificate options";
659 goto fail_reason;
660 }
661 if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL)
662 goto fail_reason;
663
664 /*
665 * If the user has specified a list of principals as
666 * a key option, then prefer that list to matching
667 * their username in the certificate principals list.
668 */
669 if (keyopts->cert_principals != NULL &&
670 !match_principals_option(keyopts->cert_principals, key->cert)) {
671 reason = "Certificate does not contain an authorized principal";
672 goto fail_reason;
673 }
674 if (sshkey_cert_check_authority(key, 0, 0,
675 keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
676 goto fail_reason;
677
678 verbose("Accepted certificate ID \"%s\" (serial %llu) "
679 "signed by CA %s %s found at %s",
680 key->cert->key_id,
681 (unsigned long long)key->cert->serial,
682 sshkey_type(found), fp, loc);
683
684 success:
685 if (finalopts == NULL)
686 fatal("%s: internal error: missing options", __func__);
687 if (authoptsp != NULL) {
688 *authoptsp = finalopts;
689 finalopts = NULL;
690 }
691 /* success */
692 ret = 0;
693 goto out;
694
695 fail_reason:
696 error("%s", reason);
697 auth_debug_add("%s", reason);
698 out:
699 free(fp);
700 sshauthopt_free(keyopts);
701 sshauthopt_free(certopts);
702 sshauthopt_free(finalopts);
703 sshkey_free(found);
704 return ret;
705 }
706
707 /*
708 * Checks whether key is allowed in authorized_keys-format file,
709 * returns 1 if the key is allowed or 0 otherwise.
710 */
711 static int
check_authkeys_file(struct ssh * ssh,struct passwd * pw,FILE * f,char * file,struct sshkey * key,struct sshauthopt ** authoptsp)712 check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f,
713 char *file, struct sshkey *key, struct sshauthopt **authoptsp)
714 {
715 char *cp, *line = NULL, loc[256];
716 size_t linesize = 0;
717 int found_key = 0;
718 u_long linenum = 0;
719
720 if (authoptsp != NULL)
721 *authoptsp = NULL;
722
723 while (getline(&line, &linesize, f) != -1) {
724 linenum++;
725 /* Always consume entire file */
726 if (found_key)
727 continue;
728
729 /* Skip leading whitespace, empty and comment lines. */
730 cp = line;
731 skip_space(&cp);
732 if (!*cp || *cp == '\n' || *cp == '#')
733 continue;
734 snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum);
735 if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0)
736 found_key = 1;
737 }
738 free(line);
739 return found_key;
740 }
741
742 /* Authenticate a certificate key against TrustedUserCAKeys */
743 static int
user_cert_trusted_ca(struct ssh * ssh,struct passwd * pw,struct sshkey * key,struct sshauthopt ** authoptsp)744 user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
745 struct sshauthopt **authoptsp)
746 {
747 char *ca_fp, *principals_file = NULL;
748 const char *reason;
749 struct sshauthopt *principals_opts = NULL, *cert_opts = NULL;
750 struct sshauthopt *final_opts = NULL;
751 int r, ret = 0, found_principal = 0, use_authorized_principals;
752
753 if (authoptsp != NULL)
754 *authoptsp = NULL;
755
756 if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL)
757 return 0;
758
759 if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
760 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
761 return 0;
762
763 if ((r = sshkey_in_file(key->cert->signature_key,
764 options.trusted_user_ca_keys, 1, 0)) != 0) {
765 debug2("%s: CA %s %s is not listed in %s: %s", __func__,
766 sshkey_type(key->cert->signature_key), ca_fp,
767 options.trusted_user_ca_keys, ssh_err(r));
768 goto out;
769 }
770 /*
771 * If AuthorizedPrincipals is in use, then compare the certificate
772 * principals against the names in that file rather than matching
773 * against the username.
774 */
775 if ((principals_file = authorized_principals_file(pw)) != NULL) {
776 if (match_principals_file(ssh, pw, principals_file,
777 key->cert, &principals_opts))
778 found_principal = 1;
779 }
780 /* Try querying command if specified */
781 if (!found_principal && match_principals_command(ssh, pw, key,
782 &principals_opts))
783 found_principal = 1;
784 /* If principals file or command is specified, then require a match */
785 use_authorized_principals = principals_file != NULL ||
786 options.authorized_principals_command != NULL;
787 if (!found_principal && use_authorized_principals) {
788 reason = "Certificate does not contain an authorized principal";
789 goto fail_reason;
790 }
791 if (use_authorized_principals && principals_opts == NULL)
792 fatal("%s: internal error: missing principals_opts", __func__);
793 if (sshkey_cert_check_authority(key, 0, 1,
794 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
795 goto fail_reason;
796
797 /* Check authority from options in key and from principals file/cmd */
798 if ((cert_opts = sshauthopt_from_cert(key)) == NULL) {
799 reason = "Invalid certificate options";
800 goto fail_reason;
801 }
802 if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0) {
803 reason = "Refused by certificate options";
804 goto fail_reason;
805 }
806 if (principals_opts == NULL) {
807 final_opts = cert_opts;
808 cert_opts = NULL;
809 } else {
810 if (auth_authorise_keyopts(ssh, pw, principals_opts, 0,
811 "principals") != 0) {
812 reason = "Refused by certificate principals options";
813 goto fail_reason;
814 }
815 if ((final_opts = sshauthopt_merge(principals_opts,
816 cert_opts, &reason)) == NULL) {
817 fail_reason:
818 error("%s", reason);
819 auth_debug_add("%s", reason);
820 goto out;
821 }
822 }
823
824 /* Success */
825 verbose("Accepted certificate ID \"%s\" (serial %llu) signed by "
826 "%s CA %s via %s", key->cert->key_id,
827 (unsigned long long)key->cert->serial,
828 sshkey_type(key->cert->signature_key), ca_fp,
829 options.trusted_user_ca_keys);
830 if (authoptsp != NULL) {
831 *authoptsp = final_opts;
832 final_opts = NULL;
833 }
834 ret = 1;
835 out:
836 sshauthopt_free(principals_opts);
837 sshauthopt_free(cert_opts);
838 sshauthopt_free(final_opts);
839 free(principals_file);
840 free(ca_fp);
841 return ret;
842 }
843
844 /*
845 * Checks whether key is allowed in file.
846 * returns 1 if the key is allowed or 0 otherwise.
847 */
848 static int
user_key_allowed2(struct ssh * ssh,struct passwd * pw,struct sshkey * key,char * file,struct sshauthopt ** authoptsp)849 user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
850 char *file, struct sshauthopt **authoptsp)
851 {
852 FILE *f;
853 int found_key = 0;
854
855 if (authoptsp != NULL)
856 *authoptsp = NULL;
857
858 /* Temporarily use the user's uid. */
859 temporarily_use_uid(pw);
860
861 debug("trying public key file %s", file);
862 if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) {
863 found_key = check_authkeys_file(ssh, pw, f, file,
864 key, authoptsp);
865 fclose(f);
866 }
867
868 restore_uid();
869 return found_key;
870 }
871
872 /*
873 * Checks whether key is allowed in output of command.
874 * returns 1 if the key is allowed or 0 otherwise.
875 */
876 static int
user_key_command_allowed2(struct ssh * ssh,struct passwd * user_pw,struct sshkey * key,struct sshauthopt ** authoptsp)877 user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
878 struct sshkey *key, struct sshauthopt **authoptsp)
879 {
880 struct passwd *runas_pw = NULL;
881 FILE *f = NULL;
882 int r, ok, found_key = 0;
883 int i, uid_swapped = 0, ac = 0;
884 pid_t pid;
885 char *username = NULL, *key_fp = NULL, *keytext = NULL;
886 char uidstr[32], *tmp, *command = NULL, **av = NULL;
887 void (*osigchld)(int);
888
889 if (authoptsp != NULL)
890 *authoptsp = NULL;
891 if (options.authorized_keys_command == NULL)
892 return 0;
893 if (options.authorized_keys_command_user == NULL) {
894 error("No user for AuthorizedKeysCommand specified, skipping");
895 return 0;
896 }
897
898 /*
899 * NB. all returns later this function should go via "out" to
900 * ensure the original SIGCHLD handler is restored properly.
901 */
902 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
903
904 /* Prepare and verify the user for the command */
905 username = percent_expand(options.authorized_keys_command_user,
906 "u", user_pw->pw_name, (char *)NULL);
907 runas_pw = getpwnam(username);
908 if (runas_pw == NULL) {
909 error("AuthorizedKeysCommandUser \"%s\" not found: %s",
910 username, strerror(errno));
911 goto out;
912 }
913
914 /* Prepare AuthorizedKeysCommand */
915 if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
916 SSH_FP_DEFAULT)) == NULL) {
917 error("%s: sshkey_fingerprint failed", __func__);
918 goto out;
919 }
920 if ((r = sshkey_to_base64(key, &keytext)) != 0) {
921 error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
922 goto out;
923 }
924
925 /* Turn the command into an argument vector */
926 if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {
927 error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
928 command);
929 goto out;
930 }
931 if (ac == 0) {
932 error("AuthorizedKeysCommand \"%s\" yielded no arguments",
933 command);
934 goto out;
935 }
936 snprintf(uidstr, sizeof(uidstr), "%llu",
937 (unsigned long long)user_pw->pw_uid);
938 for (i = 1; i < ac; i++) {
939 tmp = percent_expand(av[i],
940 "U", uidstr,
941 "u", user_pw->pw_name,
942 "h", user_pw->pw_dir,
943 "t", sshkey_ssh_name(key),
944 "f", key_fp,
945 "k", keytext,
946 (char *)NULL);
947 if (tmp == NULL)
948 fatal("%s: percent_expand failed", __func__);
949 free(av[i]);
950 av[i] = tmp;
951 }
952 /* Prepare a printable command for logs, etc. */
953 command = argv_assemble(ac, av);
954
955 /*
956 * If AuthorizedKeysCommand was run without arguments
957 * then fall back to the old behaviour of passing the
958 * target username as a single argument.
959 */
960 if (ac == 1) {
961 av = xreallocarray(av, ac + 2, sizeof(*av));
962 av[1] = xstrdup(user_pw->pw_name);
963 av[2] = NULL;
964 /* Fix up command too, since it is used in log messages */
965 free(command);
966 xasprintf(&command, "%s %s", av[0], av[1]);
967 }
968
969 if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
970 ac, av, &f,
971 SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
972 goto out;
973
974 uid_swapped = 1;
975 temporarily_use_uid(runas_pw);
976
977 ok = check_authkeys_file(ssh, user_pw, f,
978 options.authorized_keys_command, key, authoptsp);
979
980 fclose(f);
981 f = NULL;
982
983 if (exited_cleanly(pid, "AuthorizedKeysCommand", command, 0) != 0)
984 goto out;
985
986 /* Read completed successfully */
987 found_key = ok;
988 out:
989 if (f != NULL)
990 fclose(f);
991 ssh_signal(SIGCHLD, osigchld);
992 for (i = 0; i < ac; i++)
993 free(av[i]);
994 free(av);
995 if (uid_swapped)
996 restore_uid();
997 free(command);
998 free(username);
999 free(key_fp);
1000 free(keytext);
1001 return found_key;
1002 }
1003
1004 /*
1005 * Check whether key authenticates and authorises the user.
1006 */
1007 int
user_key_allowed(struct ssh * ssh,struct passwd * pw,struct sshkey * key,int auth_attempt,struct sshauthopt ** authoptsp)1008 user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
1009 int auth_attempt, struct sshauthopt **authoptsp)
1010 {
1011 u_int success = 0, i;
1012 char *file;
1013 struct sshauthopt *opts = NULL;
1014
1015 if (authoptsp != NULL)
1016 *authoptsp = NULL;
1017
1018 if (auth_key_is_revoked(key))
1019 return 0;
1020 if (sshkey_is_cert(key) &&
1021 auth_key_is_revoked(key->cert->signature_key))
1022 return 0;
1023
1024 for (i = 0; !success && i < options.num_authkeys_files; i++) {
1025 if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
1026 continue;
1027 file = expand_authorized_keys(
1028 options.authorized_keys_files[i], pw);
1029 success = user_key_allowed2(ssh, pw, key, file, &opts);
1030 free(file);
1031 if (!success) {
1032 sshauthopt_free(opts);
1033 opts = NULL;
1034 }
1035 }
1036 if (success)
1037 goto out;
1038
1039 if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0)
1040 goto out;
1041 sshauthopt_free(opts);
1042 opts = NULL;
1043
1044 if ((success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0)
1045 goto out;
1046 sshauthopt_free(opts);
1047 opts = NULL;
1048
1049 out:
1050 if (success && authoptsp != NULL) {
1051 *authoptsp = opts;
1052 opts = NULL;
1053 }
1054 sshauthopt_free(opts);
1055 return success;
1056 }
1057
1058 Authmethod method_pubkey = {
1059 "publickey",
1060 userauth_pubkey,
1061 &options.pubkey_authentication
1062 };
1063