dropbear: svr-authpubkey.c annotate

annotate svr-authpubkey.c @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 30 Jan 2022 10:14:56 +0800
parents	064f5be2fc45
children	d39cfedaf015

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
475 52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	24 /*
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	25 * This file incorporates work covered by the following copyright and
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	26 * permission notice:
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	27 *
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	28 * Copyright (c) 2000 Markus Friedl. All rights reserved.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	29 *
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	30 * Redistribution and use in source and binary forms, with or without
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	31 * modification, are permitted provided that the following conditions
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	32 * are met:
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	33 * 1. Redistributions of source code must retain the above copyright
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	34 * notice, this list of conditions and the following disclaimer.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	35 * 2. Redistributions in binary form must reproduce the above copyright
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	36 * notice, this list of conditions and the following disclaimer in the
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	37 * documentation and/or other materials provided with the distribution.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	38 *
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	39 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	40 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	41 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	42 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	43 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	45 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	46 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	47 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	48 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	49 *
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	50 * This copyright and permission notice applies to the code parsing public keys
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	51 * options string which can also be found in OpenSSH auth2-pubkey.c file
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	52 * (user_key_allowed2). It has been adapted to work with buffers.
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	53 *
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	54 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 /* Process a pubkey auth request */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 #include "session.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #include "auth.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #include "ssh.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 #include "packet.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 #include "algo.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	68 #if DROPBEAR_SVR_PUBKEY_AUTH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	71 #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	73 static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1376 diff changeset	74 const unsigned char* keyblob, unsigned int keybloblen);
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	75 static int checkpubkeyperms(void);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	76 static void send_msg_userauth_pk_ok(const char* sigalgo, unsigned int sigalgolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1376 diff changeset	77 const unsigned char* keyblob, unsigned int keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 static int checkfileperm(char * filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 /* process a pubkey auth request, sending success or failure message as
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81 * appropriate */
1616 5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	82 void svr_auth_pubkey(int valid_user) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 unsigned char testkey; /* whether we're just checking if a key is usable */
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	85 char* sigalgo = NULL;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	86 unsigned int sigalgolen;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	87 const char* keyalgo;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	88 unsigned int keyalgolen;
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	89 unsigned char* keyblob = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 unsigned int keybloblen;
1059 703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	91 unsigned int sign_payload_length;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 buffer * signbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 sign_key * key = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94 char* fp = NULL;
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	95 enum signature_type sigtype;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	96 enum signkey_type keytype;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	97 int auth_failure = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	99 TRACE(("enter pubkeyauth"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 /* 0 indicates user just wants to check if key can be used, 1 is an
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 * actual attempt*/
179 161557a9dde8 * fix longstanding bug with connections being closed on failure to Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	103 testkey = (buf_getbool(ses.payload) == 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	105 sigalgo = buf_getstring(ses.payload, &sigalgolen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 keybloblen = buf_getint(ses.payload);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107 keyblob = buf_getptr(ses.payload, keybloblen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108
1616 5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	109 if (!valid_user) {
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	110 /* Return failure once we have read the contents of the packet
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	111 required to validate a public key.
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	112 Avoids blind user enumeration though it isn't possible to prevent
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	113 testing for user existence if the public key is known */
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	114 send_msg_userauth_failure(0, 0);
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	115 goto out;
5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	116 }
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	117
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	118 sigtype = signature_type_from_name(sigalgo, sigalgolen);
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	119 if (sigtype == DROPBEAR_SIGNATURE_NONE) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	120 send_msg_userauth_failure(0, 0);
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	121 goto out;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	122 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	123
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	124 keytype = signkey_type_from_signature(sigtype);
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	125 keyalgo = signkey_name_from_type(keytype, &keyalgolen);
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	126
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	127 #if DROPBEAR_PLUGIN
cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	128 if (svr_ses.plugin_instance != NULL) {
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	129 char *options_buf;
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	130 if (svr_ses.plugin_instance->checkpubkey(
cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	131 svr_ses.plugin_instance,
cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	132 &ses.plugin_session,
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	133 keyalgo,
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	134 keyalgolen,
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	135 keyblob,
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	136 keybloblen,
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	137 ses.authstate.username) == DROPBEAR_SUCCESS) {
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	138 /* Success */
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	139 auth_failure = 0;
1616 5d2d1021ca00 Wait to fail invalid usernames Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	140
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	141 /* Options provided? */
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	142 options_buf = ses.plugin_session->get_options(ses.plugin_session);
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	143 if (options_buf) {
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	144 struct buf temp_buf = {
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	145 .data = (unsigned char *)options_buf,
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	146 .len = strlen(options_buf),
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	147 .pos = 0,
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	148 .size = 0
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	149 };
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	150 int ret = svr_add_pubkey_options(&temp_buf, 0, "N/A");
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	151 if (ret == DROPBEAR_FAILURE) {
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	152 /* Fail immediately as the plugin provided wrong options */
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	153 send_msg_userauth_failure(0, 0);
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	154 goto out;
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	155 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	156 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	157 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	158 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	159 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 /* check if the key is valid */
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	161 if (auth_failure) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	162 auth_failure = checkpubkey(keyalgo, keyalgolen, keyblob, keybloblen) == DROPBEAR_FAILURE;
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	163 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	164
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	165 if (auth_failure) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 send_msg_userauth_failure(0, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 /* let them know that the key is ok to use */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 if (testkey) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	172 send_msg_userauth_pk_ok(sigalgo, sigalgolen, keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 /* now we can actually verify the signature */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178 /* get the key */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 key = new_sign_key();
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	180 if (buf_get_pub_key(ses.payload, key, &keytype) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 send_msg_userauth_failure(0, 1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185 /* create the data which has been signed - this a string containing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186 * session_id, concatenated with the payload packet up to the signature */
1059 703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	187 assert(ses.payload_beginning <= ses.payload->pos);
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	188 sign_payload_length = ses.payload->pos - ses.payload_beginning;
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	189 signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	190 buf_putbufstring(signbuf, ses.session_id);
1059 703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	191
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	192 /* The entire contents of the payload prior. */
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	193 buf_setpos(ses.payload, ses.payload_beginning);
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	194 buf_putbytes(signbuf,
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	195 buf_getptr(ses.payload, sign_payload_length),
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	196 sign_payload_length);
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	197 buf_incrpos(ses.payload, sign_payload_length);
703c7cdd2577 Fix pubkey auth after change to reuse ses.readbuf as ses.payload Matt Johnston <matt@ucc.asn.au> parents: 853 diff changeset	198
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 33 diff changeset	199 buf_setpos(signbuf, 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201 /* ... and finally verify the signature */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	202 fp = sign_key_fingerprint(keyblob, keybloblen);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	203 if (buf_verify(ses.payload, key, sigtype, signbuf) == DROPBEAR_SUCCESS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204 dropbear_log(LOG_NOTICE,
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 476 diff changeset	205 "Pubkey auth succeeded for '%s' with key %s from %s",
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	206 ses.authstate.pw_name, fp, svr_ses.addrstring);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 send_msg_userauth_success();
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	208 #if DROPBEAR_PLUGIN
cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	209 if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) {
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	210 /* Was authenticated through the external plugin. tell plugin that signature verification was ok */
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	211 svr_ses.plugin_instance->auth_success(ses.plugin_session);
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	212 }
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	213 #endif
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1633 diff changeset	214
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 dropbear_log(LOG_WARNING,
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 476 diff changeset	217 "Pubkey auth bad signature for '%s' with key %s from %s",
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	218 ses.authstate.pw_name, fp, svr_ses.addrstring);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219 send_msg_userauth_failure(0, 1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221 m_free(fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 /* cleanup stuff */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 if (signbuf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 buf_free(signbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 }
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	228 if (sigalgo) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	229 m_free(sigalgo);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 if (key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 sign_key_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 key = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 }
1598 252b406d0e9a avoid leak of pubkey_options Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	235 /* Retain pubkey options only if auth succeeded */
252b406d0e9a avoid leak of pubkey_options Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	236 if (!ses.authstate.authdone) {
252b406d0e9a avoid leak of pubkey_options Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	237 svr_pubkey_options_cleanup();
252b406d0e9a avoid leak of pubkey_options Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	238 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	239 TRACE(("leave pubkeyauth"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 /* Reply that the key is valid for auth, this is sent when the user sends
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 * a straight copy of their pubkey to test, to avoid having to perform
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244 * expensive signing operations with a worthless key */
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	245 static void send_msg_userauth_pk_ok(const char* sigalgo, unsigned int sigalgolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1376 diff changeset	246 const unsigned char* keyblob, unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	248 TRACE(("enter send_msg_userauth_pk_ok"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 CHECKCLEARTOWRITE();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	252 buf_putstring(ses.writepayload, sigalgo, sigalgolen);
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1110 diff changeset	253 buf_putstring(ses.writepayload, (const char*)keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255 encrypt_packet();
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	256 TRACE(("leave send_msg_userauth_pk_ok"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1376 diff changeset	260 static int checkpubkey_line(buffer* line, int line_num, const char* filename,
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	261 const char* algo, unsigned int algolen,
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	262 const unsigned char* keyblob, unsigned int keybloblen) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	263 buffer *options_buf = NULL;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	264 unsigned int pos, len;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	265 int ret = DROPBEAR_FAILURE;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	266
1376 9e9c8d37fd56 limit input size Matt Johnston <matt@ucc.asn.au> parents: 1372 diff changeset	267 if (line->len < MIN_AUTHKEYS_LINE \|\| line->len > MAX_AUTHKEYS_LINE) {
1452 15d4b821bcc9 fix checkpubkey_line function name for TRACE Matt Johnston <matt@ucc.asn.au> parents: 1451 diff changeset	268 TRACE(("checkpubkey_line: bad line length %d", line->len))
1600 dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	269 goto out;
dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	270 }
dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	271
dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	272 if (memchr(line->data, 0x0, line->len) != NULL) {
dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	273 TRACE(("checkpubkey_line: bad line has null char"))
dc7c9fdb3716 don't allow null characters in authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1598 diff changeset	274 goto out;
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	275 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	276
1372 de1d895b1cae don't exit encountering short lines Matt Johnston <matt@ucc.asn.au> parents: 1368 diff changeset	277 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */
de1d895b1cae don't exit encountering short lines Matt Johnston <matt@ucc.asn.au> parents: 1368 diff changeset	278 if (line->pos + algolen+3 > line->len) {
de1d895b1cae don't exit encountering short lines Matt Johnston <matt@ucc.asn.au> parents: 1368 diff changeset	279 goto out;
de1d895b1cae don't exit encountering short lines Matt Johnston <matt@ucc.asn.au> parents: 1368 diff changeset	280 }
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	281 /* check the key type */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	282 if (strncmp((const char *) buf_getptr(line, algolen), algo, algolen) != 0) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	283 int is_comment = 0;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	284 unsigned char *options_start = NULL;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	285 int options_len = 0;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	286 int escape, quoted;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	287
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	288 /* skip over any comments or leading whitespace */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	289 while (line->pos < line->len) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	290 const char c = buf_getbyte(line);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	291 if (c == ' ' \|\| c == '\t') {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	292 continue;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	293 } else if (c == '#') {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	294 is_comment = 1;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	295 break;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	296 }
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	297 buf_decrpos(line, 1);
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	298 break;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	299 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	300 if (is_comment) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	301 /* next line */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	302 goto out;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	303 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	304
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	305 /* remember start of options */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	306 options_start = buf_getptr(line, 1);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	307 quoted = 0;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	308 escape = 0;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	309 options_len = 0;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	310
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	311 /* figure out where the options are */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	312 while (line->pos < line->len) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	313 const char c = buf_getbyte(line);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	314 if (!quoted && (c == ' ' \|\| c == '\t')) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	315 break;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	316 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	317 escape = (!escape && c == '\\');
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	318 if (!escape && c == '"') {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	319 quoted = !quoted;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	320 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	321 options_len++;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	322 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	323 options_buf = buf_new(options_len);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	324 buf_putbytes(options_buf, options_start, options_len);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	325
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	326 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	327 if (line->pos + algolen+3 > line->len) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	328 goto out;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	329 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	330 if (strncmp((const char *) buf_getptr(line, algolen), algo, algolen) != 0) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	331 goto out;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	332 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	333 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	334 buf_incrpos(line, algolen);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	335
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	336 /* check for space (' ') character */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	337 if (buf_getbyte(line) != ' ') {
1452 15d4b821bcc9 fix checkpubkey_line function name for TRACE Matt Johnston <matt@ucc.asn.au> parents: 1451 diff changeset	338 TRACE(("checkpubkey_line: space character expected, isn't there"))
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	339 goto out;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	340 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	341
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	342 /* truncate the line at the space after the base64 data */
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	343 pos = line->pos;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	344 for (len = 0; line->pos < line->len; len++) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	345 if (buf_getbyte(line) == ' ') break;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	346 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	347 buf_setpos(line, pos);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	348 buf_setlen(line, line->pos + len);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	349
1452 15d4b821bcc9 fix checkpubkey_line function name for TRACE Matt Johnston <matt@ucc.asn.au> parents: 1451 diff changeset	350 TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len))
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	351
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	352 ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	353
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	354 if (ret == DROPBEAR_SUCCESS && options_buf) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	355 ret = svr_add_pubkey_options(options_buf, line_num, filename);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	356 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	357
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	358 out:
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	359 if (options_buf) {
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	360 buf_free(options_buf);
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	361 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	362 return ret;
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	363 }
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	364
10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	365
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 /* Checks whether a specified publickey (and associated algorithm) is an
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367 * acceptable key for authentication */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	368 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	369 static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1376 diff changeset	370 const unsigned char* keyblob, unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 FILE * authfile = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	373 char * filename = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	374 int ret = DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 buffer * line = NULL;
1368 10df23099071 split out checkpubkey_line() separately Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	376 unsigned int len;
476 df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 475 diff changeset	377 int line_num;
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	378 uid_t origuid;
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	379 gid_t origgid;
475 52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	380
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	381 TRACE(("enter checkpubkey"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	383 /* check file permissions, also whether file exists */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 if (checkpubkeyperms() == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	385 TRACE(("bad authorized_keys permissions, or file doesn't exist"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	388
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	389 /* we don't need to check pw and pw_dir for validity, since
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390 * its been done in checkpubkeyperms. */
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	391 len = strlen(ses.authstate.pw_dir);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392 /* allocate max required pathname storage,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	393 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394 filename = m_malloc(len + 22);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	396 ses.authstate.pw_dir);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	397
1633 592a18dac250 Support servers without multiple user support (#76) Patrick Stewart <patstew@gmail.com> parents: 1630 diff changeset	398 #if DROPBEAR_SVR_MULTIUSER
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	399 /* open the file as the authenticating user. */
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	400 origuid = getuid();
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	401 origgid = getgid();
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	402 if ((setegid(ses.authstate.pw_gid)) < 0 \|\|
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	403 (seteuid(ses.authstate.pw_uid)) < 0) {
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	404 dropbear_exit("Failed to set euid");
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	405 }
1633 592a18dac250 Support servers without multiple user support (#76) Patrick Stewart <patstew@gmail.com> parents: 1630 diff changeset	406 #endif
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	407
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	408 authfile = fopen(filename, "r");
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	409
1633 592a18dac250 Support servers without multiple user support (#76) Patrick Stewart <patstew@gmail.com> parents: 1630 diff changeset	410 #if DROPBEAR_SVR_MULTIUSER
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	411 if ((seteuid(origuid)) < 0 \|\|
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	412 (setegid(origgid)) < 0) {
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	413 dropbear_exit("Failed to revert euid");
0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	414 }
1633 592a18dac250 Support servers without multiple user support (#76) Patrick Stewart <patstew@gmail.com> parents: 1630 diff changeset	415 #endif
1330 0d889b068123 switch user when opening authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	416
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	417 if (authfile == NULL) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	418 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	420 TRACE(("checkpubkey: opened authorized_keys OK"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422 line = buf_new(MAX_AUTHKEYS_LINE);
476 df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 475 diff changeset	423 line_num = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	425 /* iterate through the lines */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 do {
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	427 if (buf_getline(line, authfile) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 /* EOF reached */
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	429 TRACE(("checkpubkey: authorized_keys EOF reached"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	430 break;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 }
476 df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 475 diff changeset	432 line_num++;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	433
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1654 diff changeset	434 ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen, keyblob, keybloblen);
1451 7e95ab97d2b0 fix pubkey authentication return value Matt Johnston <matt@ucc.asn.au> parents: 1376 diff changeset	435 if (ret == DROPBEAR_SUCCESS) {
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	436 break;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	437 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	438
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	439 /* We continue to the next line otherwise */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	440
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441 } while (1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	442
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	443 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	444 if (authfile) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	445 fclose(authfile);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	446 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447 if (line) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	448 buf_free(line);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450 m_free(filename);
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	451 TRACE(("leave checkpubkey: ret=%d", ret))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456 /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	457 * DROPBEAR_FAILURE otherwise.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458 * Checks that the user's homedir, ~/.ssh, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	459 * ~/.ssh/authorized_keys are all owned by either root or the user, and are
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	460 * g-w, o-w */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461 static int checkpubkeyperms() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	462
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463 char* filename = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 int ret = DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 unsigned int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	467 TRACE(("enter checkpubkeyperms"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	469 if (ses.authstate.pw_dir == NULL) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	471 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	472
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	473 if ((len = strlen(ses.authstate.pw_dir)) == 0) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	474 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	476
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	477 /* allocate max required pathname storage,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	478 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
1630 9579377b5f8b use strlcpy & strlcat (#74) François Perrad <francois.perrad@gadz.org> parents: 1617 diff changeset	479 len += 22;
9579377b5f8b use strlcpy & strlcat (#74) François Perrad <francois.perrad@gadz.org> parents: 1617 diff changeset	480 filename = m_malloc(len);
9579377b5f8b use strlcpy & strlcat (#74) François Perrad <francois.perrad@gadz.org> parents: 1617 diff changeset	481 strlcpy(filename, ses.authstate.pw_dir, len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	482
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	483 /* check ~ */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	484 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	485 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	486 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	487
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	488 /* check ~/.ssh */
1630 9579377b5f8b use strlcpy & strlcat (#74) François Perrad <francois.perrad@gadz.org> parents: 1617 diff changeset	489 strlcat(filename, "/.ssh", len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	490 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	491 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	492 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	493
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 /* now check ~/.ssh/authorized_keys */
1630 9579377b5f8b use strlcpy & strlcat (#74) François Perrad <francois.perrad@gadz.org> parents: 1617 diff changeset	495 strlcat(filename, "/authorized_keys", len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	496 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	498 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	499
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	500 /* file looks ok, return success */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501 ret = DROPBEAR_SUCCESS;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	502
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	504 m_free(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	506 TRACE(("leave checkpubkeyperms"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	508 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	509
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	510 /* Checks that a file is owned by the user or root, and isn't writable by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	511 * group or other */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	512 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	513 static int checkfileperm(char * filename) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	514 struct stat filestat;
248 bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	515 int badperm = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	516
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	517 TRACE(("enter checkfileperm(%s)", filename))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	518
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	519 if (stat(filename, &filestat) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	520 TRACE(("leave checkfileperm: stat() != 0"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	521 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	522 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523 /* check ownership - user or root only*/
464 4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	524 if (filestat.st_uid != ses.authstate.pw_uid
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	525 && filestat.st_uid != 0) {
248 bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	526 badperm = 1;
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	527 TRACE(("wrong ownership"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	529 /* check permissions - don't want group or others +w */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	530 if (filestat.st_mode & (S_IWGRP \| S_IWOTH)) {
248 bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	531 badperm = 1;
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	532 TRACE(("wrong perms"))
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	533 }
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	534 if (badperm) {
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	535 if (!ses.authstate.perm_warn) {
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	536 ses.authstate.perm_warn = 1;
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	537 dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename);
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	538 }
bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	539 TRACE(("leave checkfileperm: failure perms/owner"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	540 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	541 }
248 bf64e666f99b Log when pubkey auth fails because of bad pubkey perms/ownership Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	542
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 158 diff changeset	543 TRACE(("leave checkfileperm: success"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	544 return DROPBEAR_SUCCESS;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	547 #if DROPBEAR_FUZZ
1511 5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	548 int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	549 const char* algo, unsigned int algolen,
5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	550 const unsigned char* keyblob, unsigned int keybloblen) {
5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	551 return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen);
5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	552 }
475 52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 464 diff changeset	553 #endif
1511 5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	554
5916af64acd4 merge from main Matt Johnston <matt@ucc.asn.au> parents: 1500 diff changeset	555 #endif

Mercurial > dropbear

annotate svr-authpubkey.c @ 1861:2b3a8026a6ce