xref: /openssh-portable/auth2-pubkey.c (revision a47f6a6c)
1 /* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */
2 /*
3  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 
31 #include <stdlib.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #ifdef HAVE_PATHS_H
35 # include <paths.h>
36 #endif
37 #include <pwd.h>
38 #include <signal.h>
39 #include <stdio.h>
40 #include <stdarg.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44 #include <limits.h>
45 
46 #include "xmalloc.h"
47 #include "ssh.h"
48 #include "ssh2.h"
49 #include "packet.h"
50 #include "sshbuf.h"
51 #include "log.h"
52 #include "misc.h"
53 #include "servconf.h"
54 #include "compat.h"
55 #include "sshkey.h"
56 #include "hostfile.h"
57 #include "auth.h"
58 #include "pathnames.h"
59 #include "uidswap.h"
60 #include "auth-options.h"
61 #include "canohost.h"
62 #ifdef GSSAPI
63 #include "ssh-gss.h"
64 #endif
65 #include "monitor_wrap.h"
66 #include "authfile.h"
67 #include "match.h"
68 #include "ssherr.h"
69 #include "channels.h" /* XXX for session.h */
70 #include "session.h" /* XXX for child_set_env(); refactor? */
71 #include "sk-api.h"
72 
73 /* import */
74 extern ServerOptions options;
75 extern u_char *session_id2;
76 extern u_int session_id2_len;
77 
78 static char *
format_key(const struct sshkey * key)79 format_key(const struct sshkey *key)
80 {
81 	char *ret, *fp = sshkey_fingerprint(key,
82 	    options.fingerprint_hash, SSH_FP_DEFAULT);
83 
84 	xasprintf(&ret, "%s %s", sshkey_type(key), fp);
85 	free(fp);
86 	return ret;
87 }
88 
89 static int
userauth_pubkey(struct ssh * ssh)90 userauth_pubkey(struct ssh *ssh)
91 {
92 	Authctxt *authctxt = ssh->authctxt;
93 	struct passwd *pw = authctxt->pw;
94 	struct sshbuf *b = NULL;
95 	struct sshkey *key = NULL;
96 	char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
97 	u_char *pkblob = NULL, *sig = NULL, have_sig;
98 	size_t blen, slen;
99 	int r, pktype;
100 	int req_presence = 0, authenticated = 0;
101 	struct sshauthopt *authopts = NULL;
102 	struct sshkey_sig_details *sig_details = NULL;
103 
104 	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
105 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
106 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
107 		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
108 
109 	if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
110 		char *keystring;
111 		struct sshbuf *pkbuf;
112 
113 		if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
114 			fatal("%s: sshbuf_from failed", __func__);
115 		if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
116 			fatal("%s: sshbuf_dtob64 failed", __func__);
117 		debug2("%s: %s user %s %s public key %s %s", __func__,
118 		    authctxt->valid ? "valid" : "invalid", authctxt->user,
119 		    have_sig ? "attempting" : "querying", pkalg, keystring);
120 		sshbuf_free(pkbuf);
121 		free(keystring);
122 	}
123 
124 	pktype = sshkey_type_from_name(pkalg);
125 	if (pktype == KEY_UNSPEC) {
126 		/* this is perfectly legal */
127 		verbose("%s: unsupported public key algorithm: %s",
128 		    __func__, pkalg);
129 		goto done;
130 	}
131 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
132 		error("%s: could not parse key: %s", __func__, ssh_err(r));
133 		goto done;
134 	}
135 	if (key == NULL) {
136 		error("%s: cannot decode key: %s", __func__, pkalg);
137 		goto done;
138 	}
139 	if (key->type != pktype) {
140 		error("%s: type mismatch for decoded key "
141 		    "(received %d, expected %d)", __func__, key->type, pktype);
142 		goto done;
143 	}
144 	if (sshkey_type_plain(key->type) == KEY_RSA &&
145 	    (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
146 		logit("Refusing RSA key because client uses unsafe "
147 		    "signature scheme");
148 		goto done;
149 	}
150 	if (auth2_key_already_used(authctxt, key)) {
151 		logit("refusing previously-used %s key", sshkey_type(key));
152 		goto done;
153 	}
154 	if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
155 		logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
156 		    __func__, sshkey_ssh_name(key));
157 		goto done;
158 	}
159 	if ((r = sshkey_check_cert_sigtype(key,
160 	    options.ca_sign_algorithms)) != 0) {
161 		logit("%s: certificate signature algorithm %s: %s", __func__,
162 		    (key->cert == NULL || key->cert->signature_type == NULL) ?
163 		    "(null)" : key->cert->signature_type, ssh_err(r));
164 		goto done;
165 	}
166 	key_s = format_key(key);
167 	if (sshkey_is_cert(key))
168 		ca_s = format_key(key->cert->signature_key);
169 
170 	if (have_sig) {
171 		debug3("%s: have %s signature for %s%s%s",
172 		    __func__, pkalg, key_s,
173 		    ca_s == NULL ? "" : " CA ",
174 		    ca_s == NULL ? "" : ca_s);
175 		if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
176 		    (r = sshpkt_get_end(ssh)) != 0)
177 			fatal("%s: %s", __func__, ssh_err(r));
178 		if ((b = sshbuf_new()) == NULL)
179 			fatal("%s: sshbuf_new failed", __func__);
180 		if (ssh->compat & SSH_OLD_SESSIONID) {
181 			if ((r = sshbuf_put(b, session_id2,
182 			    session_id2_len)) != 0)
183 				fatal("%s: sshbuf_put session id: %s",
184 				    __func__, ssh_err(r));
185 		} else {
186 			if ((r = sshbuf_put_string(b, session_id2,
187 			    session_id2_len)) != 0)
188 				fatal("%s: sshbuf_put_string session id: %s",
189 				    __func__, ssh_err(r));
190 		}
191 		if (!authctxt->valid || authctxt->user == NULL) {
192 			debug2("%s: disabled because of invalid user",
193 			    __func__);
194 			goto done;
195 		}
196 		/* reconstruct packet */
197 		xasprintf(&userstyle, "%s%s%s", authctxt->user,
198 		    authctxt->style ? ":" : "",
199 		    authctxt->style ? authctxt->style : "");
200 		if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
201 		    (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
202 		    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
203 		    (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
204 		    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
205 		    (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
206 		    (r = sshbuf_put_string(b, pkblob, blen)) != 0)
207 			fatal("%s: build packet failed: %s",
208 			    __func__, ssh_err(r));
209 #ifdef DEBUG_PK
210 		sshbuf_dump(b, stderr);
211 #endif
212 		/* test for correct signature */
213 		authenticated = 0;
214 		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
215 		    PRIVSEP(sshkey_verify(key, sig, slen,
216 		    sshbuf_ptr(b), sshbuf_len(b),
217 		    (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
218 		    ssh->compat, &sig_details)) == 0) {
219 			authenticated = 1;
220 		}
221 		if (authenticated == 1 && sig_details != NULL) {
222 			auth2_record_info(authctxt, "signature count = %u",
223 			    sig_details->sk_counter);
224 			debug("%s: sk_counter = %u, sk_flags = 0x%02x",
225 			    __func__, sig_details->sk_counter,
226 			    sig_details->sk_flags);
227 			req_presence = (options.pubkey_auth_options &
228 			    PUBKEYAUTH_TOUCH_REQUIRED) ||
229 			    !authopts->no_require_user_presence;
230 			if (req_presence && (sig_details->sk_flags &
231 			    SSH_SK_USER_PRESENCE_REQD) == 0) {
232 				error("public key %s signature for %s%s from "
233 				    "%.128s port %d rejected: user presence "
234 				    "(authenticator touch) requirement "
235 				    "not met ", key_s,
236 				    authctxt->valid ? "" : "invalid user ",
237 				    authctxt->user, ssh_remote_ipaddr(ssh),
238 				    ssh_remote_port(ssh));
239 				authenticated = 0;
240 				goto done;
241 			}
242 		}
243 		auth2_record_key(authctxt, authenticated, key);
244 	} else {
245 		debug("%s: test pkalg %s pkblob %s%s%s",
246 		    __func__, pkalg, key_s,
247 		    ca_s == NULL ? "" : " CA ",
248 		    ca_s == NULL ? "" : ca_s);
249 
250 		if ((r = sshpkt_get_end(ssh)) != 0)
251 			fatal("%s: %s", __func__, ssh_err(r));
252 
253 		if (!authctxt->valid || authctxt->user == NULL) {
254 			debug2("%s: disabled because of invalid user",
255 			    __func__);
256 			goto done;
257 		}
258 		/* XXX fake reply and always send PK_OK ? */
259 		/*
260 		 * XXX this allows testing whether a user is allowed
261 		 * to login: if you happen to have a valid pubkey this
262 		 * message is sent. the message is NEVER sent at all
263 		 * if a user is not allowed to login. is this an
264 		 * issue? -markus
265 		 */
266 		if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
267 			if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
268 			    != 0 ||
269 			    (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
270 			    (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
271 			    (r = sshpkt_send(ssh)) != 0 ||
272 			    (r = ssh_packet_write_wait(ssh)) != 0)
273 				fatal("%s: %s", __func__, ssh_err(r));
274 			authctxt->postponed = 1;
275 		}
276 	}
277 done:
278 	if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
279 		debug("%s: key options inconsistent with existing", __func__);
280 		authenticated = 0;
281 	}
282 	debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
283 
284 	sshbuf_free(b);
285 	sshauthopt_free(authopts);
286 	sshkey_free(key);
287 	free(userstyle);
288 	free(pkalg);
289 	free(pkblob);
290 	free(key_s);
291 	free(ca_s);
292 	free(sig);
293 	sshkey_sig_details_free(sig_details);
294 	return authenticated;
295 }
296 
297 static int
match_principals_option(const char * principal_list,struct sshkey_cert * cert)298 match_principals_option(const char *principal_list, struct sshkey_cert *cert)
299 {
300 	char *result;
301 	u_int i;
302 
303 	/* XXX percent_expand() sequences for authorized_principals? */
304 
305 	for (i = 0; i < cert->nprincipals; i++) {
306 		if ((result = match_list(cert->principals[i],
307 		    principal_list, NULL)) != NULL) {
308 			debug3("matched principal from key options \"%.100s\"",
309 			    result);
310 			free(result);
311 			return 1;
312 		}
313 	}
314 	return 0;
315 }
316 
317 /*
318  * Process a single authorized_principals format line. Returns 0 and sets
319  * authoptsp is principal is authorised, -1 otherwise. "loc" is used as a
320  * log preamble for file/line information.
321  */
322 static int
check_principals_line(struct ssh * ssh,char * cp,const struct sshkey_cert * cert,const char * loc,struct sshauthopt ** authoptsp)323 check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert,
324     const char *loc, struct sshauthopt **authoptsp)
325 {
326 	u_int i, found = 0;
327 	char *ep, *line_opts;
328 	const char *reason = NULL;
329 	struct sshauthopt *opts = NULL;
330 
331 	if (authoptsp != NULL)
332 		*authoptsp = NULL;
333 
334 	/* Trim trailing whitespace. */
335 	ep = cp + strlen(cp) - 1;
336 	while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t'))
337 		*ep-- = '\0';
338 
339 	/*
340 	 * If the line has internal whitespace then assume it has
341 	 * key options.
342 	 */
343 	line_opts = NULL;
344 	if ((ep = strrchr(cp, ' ')) != NULL ||
345 	    (ep = strrchr(cp, '\t')) != NULL) {
346 		for (; *ep == ' ' || *ep == '\t'; ep++)
347 			;
348 		line_opts = cp;
349 		cp = ep;
350 	}
351 	if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) {
352 		debug("%s: bad principals options: %s", loc, reason);
353 		auth_debug_add("%s: bad principals options: %s", loc, reason);
354 		return -1;
355 	}
356 	/* Check principals in cert against those on line */
357 	for (i = 0; i < cert->nprincipals; i++) {
358 		if (strcmp(cp, cert->principals[i]) != 0)
359 			continue;
360 		debug3("%s: matched principal \"%.100s\"",
361 		    loc, cert->principals[i]);
362 		found = 1;
363 	}
364 	if (found && authoptsp != NULL) {
365 		*authoptsp = opts;
366 		opts = NULL;
367 	}
368 	sshauthopt_free(opts);
369 	return found ? 0 : -1;
370 }
371 
372 static int
process_principals(struct ssh * ssh,FILE * f,const char * file,const struct sshkey_cert * cert,struct sshauthopt ** authoptsp)373 process_principals(struct ssh *ssh, FILE *f, const char *file,
374     const struct sshkey_cert *cert, struct sshauthopt **authoptsp)
375 {
376 	char loc[256], *line = NULL, *cp, *ep;
377 	size_t linesize = 0;
378 	u_long linenum = 0;
379 	u_int found_principal = 0;
380 
381 	if (authoptsp != NULL)
382 		*authoptsp = NULL;
383 
384 	while (getline(&line, &linesize, f) != -1) {
385 		linenum++;
386 		/* Always consume entire input */
387 		if (found_principal)
388 			continue;
389 
390 		/* Skip leading whitespace. */
391 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
392 			;
393 		/* Skip blank and comment lines. */
394 		if ((ep = strchr(cp, '#')) != NULL)
395 			*ep = '\0';
396 		if (!*cp || *cp == '\n')
397 			continue;
398 
399 		snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum);
400 		if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0)
401 			found_principal = 1;
402 	}
403 	free(line);
404 	return found_principal;
405 }
406 
407 /* XXX remove pw args here and elsewhere once ssh->authctxt is guaranteed */
408 
409 static int
match_principals_file(struct ssh * ssh,struct passwd * pw,char * file,struct sshkey_cert * cert,struct sshauthopt ** authoptsp)410 match_principals_file(struct ssh *ssh, struct passwd *pw, char *file,
411     struct sshkey_cert *cert, struct sshauthopt **authoptsp)
412 {
413 	FILE *f;
414 	int success;
415 
416 	if (authoptsp != NULL)
417 		*authoptsp = NULL;
418 
419 	temporarily_use_uid(pw);
420 	debug("trying authorized principals file %s", file);
421 	if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
422 		restore_uid();
423 		return 0;
424 	}
425 	success = process_principals(ssh, f, file, cert, authoptsp);
426 	fclose(f);
427 	restore_uid();
428 	return success;
429 }
430 
431 /*
432  * Checks whether principal is allowed in output of command.
433  * returns 1 if the principal is allowed or 0 otherwise.
434  */
435 static int
match_principals_command(struct ssh * ssh,struct passwd * user_pw,const struct sshkey * key,struct sshauthopt ** authoptsp)436 match_principals_command(struct ssh *ssh, struct passwd *user_pw,
437     const struct sshkey *key, struct sshauthopt **authoptsp)
438 {
439 	struct passwd *runas_pw = NULL;
440 	const struct sshkey_cert *cert = key->cert;
441 	FILE *f = NULL;
442 	int r, ok, found_principal = 0;
443 	int i, ac = 0, uid_swapped = 0;
444 	pid_t pid;
445 	char *tmp, *username = NULL, *command = NULL, **av = NULL;
446 	char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
447 	char serial_s[32], uidstr[32];
448 	void (*osigchld)(int);
449 
450 	if (authoptsp != NULL)
451 		*authoptsp = NULL;
452 	if (options.authorized_principals_command == NULL)
453 		return 0;
454 	if (options.authorized_principals_command_user == NULL) {
455 		error("No user for AuthorizedPrincipalsCommand specified, "
456 		    "skipping");
457 		return 0;
458 	}
459 
460 	/*
461 	 * NB. all returns later this function should go via "out" to
462 	 * ensure the original SIGCHLD handler is restored properly.
463 	 */
464 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
465 
466 	/* Prepare and verify the user for the command */
467 	username = percent_expand(options.authorized_principals_command_user,
468 	    "u", user_pw->pw_name, (char *)NULL);
469 	runas_pw = getpwnam(username);
470 	if (runas_pw == NULL) {
471 		error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s",
472 		    username, strerror(errno));
473 		goto out;
474 	}
475 
476 	/* Turn the command into an argument vector */
477 	if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {
478 		error("AuthorizedPrincipalsCommand \"%s\" contains "
479 		    "invalid quotes", options.authorized_principals_command);
480 		goto out;
481 	}
482 	if (ac == 0) {
483 		error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments",
484 		    options.authorized_principals_command);
485 		goto out;
486 	}
487 	if ((ca_fp = sshkey_fingerprint(cert->signature_key,
488 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
489 		error("%s: sshkey_fingerprint failed", __func__);
490 		goto out;
491 	}
492 	if ((key_fp = sshkey_fingerprint(key,
493 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
494 		error("%s: sshkey_fingerprint failed", __func__);
495 		goto out;
496 	}
497 	if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
498 		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
499 		goto out;
500 	}
501 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
502 		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
503 		goto out;
504 	}
505 	snprintf(serial_s, sizeof(serial_s), "%llu",
506 	    (unsigned long long)cert->serial);
507 	snprintf(uidstr, sizeof(uidstr), "%llu",
508 	    (unsigned long long)user_pw->pw_uid);
509 	for (i = 1; i < ac; i++) {
510 		tmp = percent_expand(av[i],
511 		    "U", uidstr,
512 		    "u", user_pw->pw_name,
513 		    "h", user_pw->pw_dir,
514 		    "t", sshkey_ssh_name(key),
515 		    "T", sshkey_ssh_name(cert->signature_key),
516 		    "f", key_fp,
517 		    "F", ca_fp,
518 		    "k", keytext,
519 		    "K", catext,
520 		    "i", cert->key_id,
521 		    "s", serial_s,
522 		    (char *)NULL);
523 		if (tmp == NULL)
524 			fatal("%s: percent_expand failed", __func__);
525 		free(av[i]);
526 		av[i] = tmp;
527 	}
528 	/* Prepare a printable command for logs, etc. */
529 	command = argv_assemble(ac, av);
530 
531 	if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
532 	    ac, av, &f,
533 	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
534 		goto out;
535 
536 	uid_swapped = 1;
537 	temporarily_use_uid(runas_pw);
538 
539 	ok = process_principals(ssh, f, "(command)", cert, authoptsp);
540 
541 	fclose(f);
542 	f = NULL;
543 
544 	if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command, 0) != 0)
545 		goto out;
546 
547 	/* Read completed successfully */
548 	found_principal = ok;
549  out:
550 	if (f != NULL)
551 		fclose(f);
552 	ssh_signal(SIGCHLD, osigchld);
553 	for (i = 0; i < ac; i++)
554 		free(av[i]);
555 	free(av);
556 	if (uid_swapped)
557 		restore_uid();
558 	free(command);
559 	free(username);
560 	free(ca_fp);
561 	free(key_fp);
562 	free(catext);
563 	free(keytext);
564 	return found_principal;
565 }
566 
567 /*
568  * Check a single line of an authorized_keys-format file. Returns 0 if key
569  * matches, -1 otherwise. Will return key/cert options via *authoptsp
570  * on success. "loc" is used as file/line location in log messages.
571  */
572 static int
check_authkey_line(struct ssh * ssh,struct passwd * pw,struct sshkey * key,char * cp,const char * loc,struct sshauthopt ** authoptsp)573 check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
574     char *cp, const char *loc, struct sshauthopt **authoptsp)
575 {
576 	int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type;
577 	struct sshkey *found = NULL;
578 	struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL;
579 	char *key_options = NULL, *fp = NULL;
580 	const char *reason = NULL;
581 	int ret = -1;
582 
583 	if (authoptsp != NULL)
584 		*authoptsp = NULL;
585 
586 	if ((found = sshkey_new(want_keytype)) == NULL) {
587 		debug3("%s: keytype %d failed", __func__, want_keytype);
588 		goto out;
589 	}
590 
591 	/* XXX djm: peek at key type in line and skip if unwanted */
592 
593 	if (sshkey_read(found, &cp) != 0) {
594 		/* no key?  check for options */
595 		debug2("%s: check options: '%s'", loc, cp);
596 		key_options = cp;
597 		if (sshkey_advance_past_options(&cp) != 0) {
598 			reason = "invalid key option string";
599 			goto fail_reason;
600 		}
601 		skip_space(&cp);
602 		if (sshkey_read(found, &cp) != 0) {
603 			/* still no key?  advance to next line*/
604 			debug2("%s: advance: '%s'", loc, cp);
605 			goto out;
606 		}
607 	}
608 	/* Parse key options now; we need to know if this is a CA key */
609 	if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) {
610 		debug("%s: bad key options: %s", loc, reason);
611 		auth_debug_add("%s: bad key options: %s", loc, reason);
612 		goto out;
613 	}
614 	/* Ignore keys that don't match or incorrectly marked as CAs */
615 	if (sshkey_is_cert(key)) {
616 		/* Certificate; check signature key against CA */
617 		if (!sshkey_equal(found, key->cert->signature_key) ||
618 		    !keyopts->cert_authority)
619 			goto out;
620 	} else {
621 		/* Plain key: check it against key found in file */
622 		if (!sshkey_equal(found, key) || keyopts->cert_authority)
623 			goto out;
624 	}
625 
626 	/* We have a candidate key, perform authorisation checks */
627 	if ((fp = sshkey_fingerprint(found,
628 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
629 		fatal("%s: fingerprint failed", __func__);
630 
631 	debug("%s: matching %s found: %s %s", loc,
632 	    sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
633 
634 	if (auth_authorise_keyopts(ssh, pw, keyopts,
635 	    sshkey_is_cert(key), loc) != 0) {
636 		reason = "Refused by key options";
637 		goto fail_reason;
638 	}
639 	/* That's all we need for plain keys. */
640 	if (!sshkey_is_cert(key)) {
641 		verbose("Accepted key %s %s found at %s",
642 		    sshkey_type(found), fp, loc);
643 		finalopts = keyopts;
644 		keyopts = NULL;
645 		goto success;
646 	}
647 
648 	/*
649 	 * Additional authorisation for certificates.
650 	 */
651 
652 	/* Parse and check options present in certificate */
653 	if ((certopts = sshauthopt_from_cert(key)) == NULL) {
654 		reason = "Invalid certificate options";
655 		goto fail_reason;
656 	}
657 	if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0) {
658 		reason = "Refused by certificate options";
659 		goto fail_reason;
660 	}
661 	if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL)
662 		goto fail_reason;
663 
664 	/*
665 	 * If the user has specified a list of principals as
666 	 * a key option, then prefer that list to matching
667 	 * their username in the certificate principals list.
668 	 */
669 	if (keyopts->cert_principals != NULL &&
670 	    !match_principals_option(keyopts->cert_principals, key->cert)) {
671 		reason = "Certificate does not contain an authorized principal";
672 		goto fail_reason;
673 	}
674 	if (sshkey_cert_check_authority(key, 0, 0,
675 	   keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
676 		goto fail_reason;
677 
678 	verbose("Accepted certificate ID \"%s\" (serial %llu) "
679 	    "signed by CA %s %s found at %s",
680 	    key->cert->key_id,
681 	    (unsigned long long)key->cert->serial,
682 	    sshkey_type(found), fp, loc);
683 
684  success:
685 	if (finalopts == NULL)
686 		fatal("%s: internal error: missing options", __func__);
687 	if (authoptsp != NULL) {
688 		*authoptsp = finalopts;
689 		finalopts = NULL;
690 	}
691 	/* success */
692 	ret = 0;
693 	goto out;
694 
695  fail_reason:
696 	error("%s", reason);
697 	auth_debug_add("%s", reason);
698  out:
699 	free(fp);
700 	sshauthopt_free(keyopts);
701 	sshauthopt_free(certopts);
702 	sshauthopt_free(finalopts);
703 	sshkey_free(found);
704 	return ret;
705 }
706 
707 /*
708  * Checks whether key is allowed in authorized_keys-format file,
709  * returns 1 if the key is allowed or 0 otherwise.
710  */
711 static int
check_authkeys_file(struct ssh * ssh,struct passwd * pw,FILE * f,char * file,struct sshkey * key,struct sshauthopt ** authoptsp)712 check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f,
713     char *file, struct sshkey *key, struct sshauthopt **authoptsp)
714 {
715 	char *cp, *line = NULL, loc[256];
716 	size_t linesize = 0;
717 	int found_key = 0;
718 	u_long linenum = 0;
719 
720 	if (authoptsp != NULL)
721 		*authoptsp = NULL;
722 
723 	while (getline(&line, &linesize, f) != -1) {
724 		linenum++;
725 		/* Always consume entire file */
726 		if (found_key)
727 			continue;
728 
729 		/* Skip leading whitespace, empty and comment lines. */
730 		cp = line;
731 		skip_space(&cp);
732 		if (!*cp || *cp == '\n' || *cp == '#')
733 			continue;
734 		snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum);
735 		if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0)
736 			found_key = 1;
737 	}
738 	free(line);
739 	return found_key;
740 }
741 
742 /* Authenticate a certificate key against TrustedUserCAKeys */
743 static int
user_cert_trusted_ca(struct ssh * ssh,struct passwd * pw,struct sshkey * key,struct sshauthopt ** authoptsp)744 user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
745     struct sshauthopt **authoptsp)
746 {
747 	char *ca_fp, *principals_file = NULL;
748 	const char *reason;
749 	struct sshauthopt *principals_opts = NULL, *cert_opts = NULL;
750 	struct sshauthopt *final_opts = NULL;
751 	int r, ret = 0, found_principal = 0, use_authorized_principals;
752 
753 	if (authoptsp != NULL)
754 		*authoptsp = NULL;
755 
756 	if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL)
757 		return 0;
758 
759 	if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
760 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
761 		return 0;
762 
763 	if ((r = sshkey_in_file(key->cert->signature_key,
764 	    options.trusted_user_ca_keys, 1, 0)) != 0) {
765 		debug2("%s: CA %s %s is not listed in %s: %s", __func__,
766 		    sshkey_type(key->cert->signature_key), ca_fp,
767 		    options.trusted_user_ca_keys, ssh_err(r));
768 		goto out;
769 	}
770 	/*
771 	 * If AuthorizedPrincipals is in use, then compare the certificate
772 	 * principals against the names in that file rather than matching
773 	 * against the username.
774 	 */
775 	if ((principals_file = authorized_principals_file(pw)) != NULL) {
776 		if (match_principals_file(ssh, pw, principals_file,
777 		    key->cert, &principals_opts))
778 			found_principal = 1;
779 	}
780 	/* Try querying command if specified */
781 	if (!found_principal && match_principals_command(ssh, pw, key,
782 	    &principals_opts))
783 		found_principal = 1;
784 	/* If principals file or command is specified, then require a match */
785 	use_authorized_principals = principals_file != NULL ||
786             options.authorized_principals_command != NULL;
787 	if (!found_principal && use_authorized_principals) {
788 		reason = "Certificate does not contain an authorized principal";
789 		goto fail_reason;
790 	}
791 	if (use_authorized_principals && principals_opts == NULL)
792 		fatal("%s: internal error: missing principals_opts", __func__);
793 	if (sshkey_cert_check_authority(key, 0, 1,
794 	    use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
795 		goto fail_reason;
796 
797 	/* Check authority from options in key and from principals file/cmd */
798 	if ((cert_opts = sshauthopt_from_cert(key)) == NULL) {
799 		reason = "Invalid certificate options";
800 		goto fail_reason;
801 	}
802 	if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0) {
803 		reason = "Refused by certificate options";
804 		goto fail_reason;
805 	}
806 	if (principals_opts == NULL) {
807 		final_opts = cert_opts;
808 		cert_opts = NULL;
809 	} else {
810 		if (auth_authorise_keyopts(ssh, pw, principals_opts, 0,
811 		    "principals") != 0) {
812 			reason = "Refused by certificate principals options";
813 			goto fail_reason;
814 		}
815 		if ((final_opts = sshauthopt_merge(principals_opts,
816 		    cert_opts, &reason)) == NULL) {
817  fail_reason:
818 			error("%s", reason);
819 			auth_debug_add("%s", reason);
820 			goto out;
821 		}
822 	}
823 
824 	/* Success */
825 	verbose("Accepted certificate ID \"%s\" (serial %llu) signed by "
826 	    "%s CA %s via %s", key->cert->key_id,
827 	    (unsigned long long)key->cert->serial,
828 	    sshkey_type(key->cert->signature_key), ca_fp,
829 	    options.trusted_user_ca_keys);
830 	if (authoptsp != NULL) {
831 		*authoptsp = final_opts;
832 		final_opts = NULL;
833 	}
834 	ret = 1;
835  out:
836 	sshauthopt_free(principals_opts);
837 	sshauthopt_free(cert_opts);
838 	sshauthopt_free(final_opts);
839 	free(principals_file);
840 	free(ca_fp);
841 	return ret;
842 }
843 
844 /*
845  * Checks whether key is allowed in file.
846  * returns 1 if the key is allowed or 0 otherwise.
847  */
848 static int
user_key_allowed2(struct ssh * ssh,struct passwd * pw,struct sshkey * key,char * file,struct sshauthopt ** authoptsp)849 user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
850     char *file, struct sshauthopt **authoptsp)
851 {
852 	FILE *f;
853 	int found_key = 0;
854 
855 	if (authoptsp != NULL)
856 		*authoptsp = NULL;
857 
858 	/* Temporarily use the user's uid. */
859 	temporarily_use_uid(pw);
860 
861 	debug("trying public key file %s", file);
862 	if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) {
863 		found_key = check_authkeys_file(ssh, pw, f, file,
864 		    key, authoptsp);
865 		fclose(f);
866 	}
867 
868 	restore_uid();
869 	return found_key;
870 }
871 
872 /*
873  * Checks whether key is allowed in output of command.
874  * returns 1 if the key is allowed or 0 otherwise.
875  */
876 static int
user_key_command_allowed2(struct ssh * ssh,struct passwd * user_pw,struct sshkey * key,struct sshauthopt ** authoptsp)877 user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
878     struct sshkey *key, struct sshauthopt **authoptsp)
879 {
880 	struct passwd *runas_pw = NULL;
881 	FILE *f = NULL;
882 	int r, ok, found_key = 0;
883 	int i, uid_swapped = 0, ac = 0;
884 	pid_t pid;
885 	char *username = NULL, *key_fp = NULL, *keytext = NULL;
886 	char uidstr[32], *tmp, *command = NULL, **av = NULL;
887 	void (*osigchld)(int);
888 
889 	if (authoptsp != NULL)
890 		*authoptsp = NULL;
891 	if (options.authorized_keys_command == NULL)
892 		return 0;
893 	if (options.authorized_keys_command_user == NULL) {
894 		error("No user for AuthorizedKeysCommand specified, skipping");
895 		return 0;
896 	}
897 
898 	/*
899 	 * NB. all returns later this function should go via "out" to
900 	 * ensure the original SIGCHLD handler is restored properly.
901 	 */
902 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
903 
904 	/* Prepare and verify the user for the command */
905 	username = percent_expand(options.authorized_keys_command_user,
906 	    "u", user_pw->pw_name, (char *)NULL);
907 	runas_pw = getpwnam(username);
908 	if (runas_pw == NULL) {
909 		error("AuthorizedKeysCommandUser \"%s\" not found: %s",
910 		    username, strerror(errno));
911 		goto out;
912 	}
913 
914 	/* Prepare AuthorizedKeysCommand */
915 	if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
916 	    SSH_FP_DEFAULT)) == NULL) {
917 		error("%s: sshkey_fingerprint failed", __func__);
918 		goto out;
919 	}
920 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
921 		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
922 		goto out;
923 	}
924 
925 	/* Turn the command into an argument vector */
926 	if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {
927 		error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
928 		    command);
929 		goto out;
930 	}
931 	if (ac == 0) {
932 		error("AuthorizedKeysCommand \"%s\" yielded no arguments",
933 		    command);
934 		goto out;
935 	}
936 	snprintf(uidstr, sizeof(uidstr), "%llu",
937 	    (unsigned long long)user_pw->pw_uid);
938 	for (i = 1; i < ac; i++) {
939 		tmp = percent_expand(av[i],
940 		    "U", uidstr,
941 		    "u", user_pw->pw_name,
942 		    "h", user_pw->pw_dir,
943 		    "t", sshkey_ssh_name(key),
944 		    "f", key_fp,
945 		    "k", keytext,
946 		    (char *)NULL);
947 		if (tmp == NULL)
948 			fatal("%s: percent_expand failed", __func__);
949 		free(av[i]);
950 		av[i] = tmp;
951 	}
952 	/* Prepare a printable command for logs, etc. */
953 	command = argv_assemble(ac, av);
954 
955 	/*
956 	 * If AuthorizedKeysCommand was run without arguments
957 	 * then fall back to the old behaviour of passing the
958 	 * target username as a single argument.
959 	 */
960 	if (ac == 1) {
961 		av = xreallocarray(av, ac + 2, sizeof(*av));
962 		av[1] = xstrdup(user_pw->pw_name);
963 		av[2] = NULL;
964 		/* Fix up command too, since it is used in log messages */
965 		free(command);
966 		xasprintf(&command, "%s %s", av[0], av[1]);
967 	}
968 
969 	if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
970 	    ac, av, &f,
971 	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
972 		goto out;
973 
974 	uid_swapped = 1;
975 	temporarily_use_uid(runas_pw);
976 
977 	ok = check_authkeys_file(ssh, user_pw, f,
978 	    options.authorized_keys_command, key, authoptsp);
979 
980 	fclose(f);
981 	f = NULL;
982 
983 	if (exited_cleanly(pid, "AuthorizedKeysCommand", command, 0) != 0)
984 		goto out;
985 
986 	/* Read completed successfully */
987 	found_key = ok;
988  out:
989 	if (f != NULL)
990 		fclose(f);
991 	ssh_signal(SIGCHLD, osigchld);
992 	for (i = 0; i < ac; i++)
993 		free(av[i]);
994 	free(av);
995 	if (uid_swapped)
996 		restore_uid();
997 	free(command);
998 	free(username);
999 	free(key_fp);
1000 	free(keytext);
1001 	return found_key;
1002 }
1003 
1004 /*
1005  * Check whether key authenticates and authorises the user.
1006  */
1007 int
user_key_allowed(struct ssh * ssh,struct passwd * pw,struct sshkey * key,int auth_attempt,struct sshauthopt ** authoptsp)1008 user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
1009     int auth_attempt, struct sshauthopt **authoptsp)
1010 {
1011 	u_int success = 0, i;
1012 	char *file;
1013 	struct sshauthopt *opts = NULL;
1014 
1015 	if (authoptsp != NULL)
1016 		*authoptsp = NULL;
1017 
1018 	if (auth_key_is_revoked(key))
1019 		return 0;
1020 	if (sshkey_is_cert(key) &&
1021 	    auth_key_is_revoked(key->cert->signature_key))
1022 		return 0;
1023 
1024 	for (i = 0; !success && i < options.num_authkeys_files; i++) {
1025 		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
1026 			continue;
1027 		file = expand_authorized_keys(
1028 		    options.authorized_keys_files[i], pw);
1029 		success = user_key_allowed2(ssh, pw, key, file, &opts);
1030 		free(file);
1031 		if (!success) {
1032 			sshauthopt_free(opts);
1033 			opts = NULL;
1034 		}
1035 	}
1036 	if (success)
1037 		goto out;
1038 
1039 	if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0)
1040 		goto out;
1041 	sshauthopt_free(opts);
1042 	opts = NULL;
1043 
1044 	if ((success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0)
1045 		goto out;
1046 	sshauthopt_free(opts);
1047 	opts = NULL;
1048 
1049  out:
1050 	if (success && authoptsp != NULL) {
1051 		*authoptsp = opts;
1052 		opts = NULL;
1053 	}
1054 	sshauthopt_free(opts);
1055 	return success;
1056 }
1057 
1058 Authmethod method_pubkey = {
1059 	"publickey",
1060 	userauth_pubkey,
1061 	&options.pubkey_authentication
1062 };
1063