Mercurial > dropbear

comparison svr-authpubkey.c @ 4:fe6bca95afa7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children f789045062e6
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* Process a pubkey auth request */
26
27 #include "includes.h"
28 #include "session.h"
29 #include "dbutil.h"
30 #include "buffer.h"
31 #include "signkey.h"
32 #include "auth.h"
33 #include "authpubkey.h"
34 #include "ssh.h"
35 #include "packet.h"
36 #include "algo.h"
37
38 #ifdef DROPBEAR_PUBKEY_AUTH
39
40 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
41 #define MAX_AUTHKEYS_LINE 1000 /* max length of a line in authkeys */
42
43 static int checkpubkey(unsigned char* algo, unsigned int algolen,
44 unsigned char* keyblob, unsigned int keybloblen);
45 static int checkpubkeyperms();
46 static void send_msg_userauth_pk_ok(unsigned char* algo, unsigned int algolen,
47 unsigned char* keyblob, unsigned int keybloblen);
48 static int checkfileperm(char * filename);
49 static int getauthline(buffer * line, FILE * authfile);
50
51 /* process a pubkey auth request, sending success or failure message as
52 * appropriate */
53 void pubkeyauth() {
54
55 unsigned char testkey; /* whether we're just checking if a key is usable */
56 unsigned char* algo = NULL; /* pubkey algo */
57 unsigned int algolen;
58 unsigned char* keyblob;
59 unsigned int keybloblen;
60 buffer * signbuf = NULL;
61 unsigned int sigoffset;
62 sign_key * key = NULL;
63 char* fp = NULL;
64 int type = -1;
65
66 TRACE(("enter pubkeyauth"));
67
68 /* 0 indicates user just wants to check if key can be used, 1 is an
69 * actual attempt*/
70 testkey = (buf_getbyte(ses.payload) == 0);
71
72 algo = buf_getstring(ses.payload, &algolen);
73 keybloblen = buf_getint(ses.payload);
74 keyblob = buf_getptr(ses.payload, keybloblen);
75
76 /* check if the key is valid */
77 if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
78 send_msg_userauth_failure(0, 0);
79 goto out;
80 }
81
82 /* let them know that the key is ok to use */
83 if (testkey) {
84 send_msg_userauth_pk_ok(algo, algolen, keyblob, keybloblen);
85 goto out;
86 }
87
88 /* now we can actually verify the signature */
89
90 /* get the key */
91 key = new_sign_key();
92 type = DROPBEAR_SIGNKEY_ANY;
93 if (buf_get_pub_key(ses.payload, key, &type) == DROPBEAR_FAILURE) {
94 send_msg_userauth_failure(0, 1);
95 goto out;
96 }
97
98 /* create the data which has been signed - this a string containing
99 * session_id, concatenated with the payload packet up to the signature */
100 signbuf = buf_new(ses.payload->pos + 4 + SHA1_HASH_SIZE);
101 buf_putstring(signbuf, ses.session_id, SHA1_HASH_SIZE);
102 sigoffset = ses.payload->pos;
103 buf_setpos(ses.payload, 0);
104 memcpy(buf_getwriteptr(signbuf, sigoffset),
105 buf_getptr(ses.payload, sigoffset), sigoffset);
106 buf_incrwritepos(signbuf, sigoffset);
107 buf_setpos(ses.payload, sigoffset);
108
109 buf_setpos(signbuf, 0);
110 /* ... and finally verify the signature */
111 fp = sign_key_fingerprint(key, type);
112 if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
113 signbuf->len) == DROPBEAR_SUCCESS) {
114 dropbear_log(LOG_NOTICE,
115 "pubkey auth succeeded for '%s' with key %s",
116 svr_ses.authstate.printableuser, fp);
117 send_msg_userauth_success();
118 } else {
119 dropbear_log(LOG_WARNING,
120 "pubkey auth bad signature for '%s' with key %s",
121 svr_ses.authstate.printableuser, fp);
122 send_msg_userauth_failure(0, 1);
123 }
124 m_free(fp);
125
126 out:
127 /* cleanup stuff */
128 if (signbuf) {
129 buf_free(signbuf);
130 }
131 if (algo) {
132 m_free(algo);
133 }
134 if (key) {
135 sign_key_free(key);
136 key = NULL;
137 }
138 TRACE(("leave pubkeyauth"));
139 }
140
141 /* Reply that the key is valid for auth, this is sent when the user sends
142 * a straight copy of their pubkey to test, to avoid having to perform
143 * expensive signing operations with a worthless key */
144 static void send_msg_userauth_pk_ok(unsigned char* algo, unsigned int algolen,
145 unsigned char* keyblob, unsigned int keybloblen) {
146
147 TRACE(("enter send_msg_userauth_pk_ok"));
148 CHECKCLEARTOWRITE();
149
150 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK);
151 buf_putstring(ses.writepayload, algo, algolen);
152 buf_putstring(ses.writepayload, keyblob, keybloblen);
153
154 encrypt_packet();
155 TRACE(("leave send_msg_userauth_pk_ok"));
156
157 }
158
159 /* Checks whether a specified publickey (and associated algorithm) is an
160 * acceptable key for authentication */
161 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */
162 static int checkpubkey(unsigned char* algo, unsigned int algolen,
163 unsigned char* keyblob, unsigned int keybloblen) {
164
165 FILE * authfile = NULL;
166 char * filename = NULL;
167 int ret = DROPBEAR_FAILURE;
168 buffer * line = NULL;
169 buffer * decodekey = NULL;
170 unsigned long decodekeylen;
171 unsigned char* filealgo = NULL;
172 unsigned int filealgolen;
173 unsigned int len, pos;
174
175 TRACE(("enter checkpubkey"));
176
177 /* check that we can use the algo */
178 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
179 dropbear_log(LOG_WARNING,
180 "pubkey auth attempt with unknown algo for '%s'",
181 svr_ses.authstate.printableuser);
182 goto out;
183 }
184
185 /* check file permissions, also whether file exists */
186 if (checkpubkeyperms() == DROPBEAR_FAILURE) {
187 TRACE(("bad authorized_keys permissions, or file doesn't exist"));
188 goto out;
189 }
190
191 /* we don't need to check pw and pw_dir for validity, since
192 * its been done in checkpubkeyperms. */
193 len = strlen(svr_ses.authstate.pw->pw_dir);
194 /* allocate max required pathname storage,
195 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
196 filename = m_malloc(len + 22);
197 snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
198 svr_ses.authstate.pw->pw_dir);
199
200 /* open the file */
201 authfile = fopen(filename, "r");
202 if (authfile == NULL) {
203 goto out;
204 }
205 TRACE(("checkpubkey: opened authorized_keys OK"));
206
207 line = buf_new(MAX_AUTHKEYS_LINE);
208
209 /* iterate through the lines */
210 do {
211 /* free reused vars */
212 if (decodekey) {
213 buf_free(decodekey);
214 decodekey = NULL;
215 }
216 m_free(filealgo);
217
218 if (getauthline(line, authfile) == DROPBEAR_FAILURE) {
219 /* EOF reached */
220 TRACE(("checkpubkey: authorized_keys EOF reached"));
221 break;
222 }
223
224 if (line->len < MIN_AUTHKEYS_LINE) {
225 TRACE(("checkpubkey: line too short"));
226 continue; /* line is too short for it to be a valid key */
227 }
228
229 /* check the key type - this also stops us from using keys
230 * which have options with them */
231 if (strncmp(buf_getptr(line, algolen), algo, algolen) != 0) {
232 continue;
233 }
234 buf_incrpos(line, algolen);
235
236 /* check for space (' ') character */
237 if (buf_getbyte(line) != ' ') {
238 TRACE(("checkpubkey: space character expected, isn't there"));
239 continue;
240 }
241
242 /* truncate the line at the space after the base64 data */
243 pos = line->pos;
244 for (len = 0; line->pos < line->len; len++) {
245 if (buf_getbyte(line) == ' ') break;
246 }
247 buf_setpos(line, pos);
248 buf_setlen(line, line->pos + len);
249
250 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len));
251
252 /* now we have the actual data */
253 decodekeylen = (line->len - line->pos) * 2;
254 decodekey = buf_new(decodekeylen);
255 if (base64_decode(buf_getptr(line, line->len - line->pos),
256 line->len - line->pos,
257 buf_getwriteptr(decodekey, decodekey->size),
258 &decodekeylen) != CRYPT_OK) {
259 TRACE(("checkpubkey: base64 decode failed"));
260 continue;
261 }
262 TRACE(("checkpubkey: base64_decode success"));
263 buf_incrlen(decodekey, decodekeylen);
264
265 /* compare the keys */
266 if (decodekeylen != keybloblen || memcmp(
267 buf_getptr(decodekey, decodekey->len),
268 keyblob, decodekey->len) != 0) {
269 TRACE(("checkpubkey: compare failed"));
270 continue;
271 }
272
273 /* and also check that the algo specified and the algo in the key
274 * itself match */
275 filealgo = buf_getstring(decodekey, &filealgolen);
276 if (filealgolen != algolen || memcmp(filealgo, algo, algolen) != 0) {
277 TRACE(("checkpubkey: algo match failed"));
278 continue;
279 }
280
281 /* now we know this key is good */
282 ret = DROPBEAR_SUCCESS;
283 break;
284
285 } while (1);
286
287 out:
288 if (authfile) {
289 fclose(authfile);
290 }
291 if (line) {
292 buf_free(line);
293 }
294 if (decodekey) {
295 buf_free(decodekey);
296 }
297 m_free(filename);
298 m_free(filealgo);
299 TRACE(("leave checkpubkey: ret=%d", ret));
300 return ret;
301 }
302
303 /* get a line from the file into buffer in the style expected for an
304 * authkeys file.
305 * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
306 static int getauthline(buffer * line, FILE * authfile) {
307
308 int c = EOF;
309
310 TRACE(("enter getauthline"));
311
312 buf_setpos(line, 0);
313 buf_setlen(line, 0);
314
315 while (line->pos < line->size) {
316 c = fgetc(authfile); /*getc() is weird with some uClibc systems*/
317 if (c == EOF || c == '\n' || c == '\r') {
318 goto out;
319 }
320 buf_putbyte(line, (unsigned char)c);
321 }
322
323 TRACE(("leave getauthline: line too long"));
324 return DROPBEAR_FAILURE;
325
326 out:
327
328 buf_setpos(line, 0);
329
330 /* if we didn't read anything before EOF or error, exit */
331 if (c == EOF && line->pos == 0) {
332 TRACE(("leave getauthline: failure"));
333 return DROPBEAR_FAILURE;
334 } else {
335 TRACE(("leave getauthline: success"));
336 return DROPBEAR_SUCCESS;
337 }
338
339 TRACE(("leave getauthline"));
340 }
341
342 /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
343 * DROPBEAR_FAILURE otherwise.
344 * Checks that the user's homedir, ~/.ssh, and
345 * ~/.ssh/authorized_keys are all owned by either root or the user, and are
346 * g-w, o-w */
347 static int checkpubkeyperms() {
348
349 char* filename = NULL;
350 int ret = DROPBEAR_FAILURE;
351 unsigned int len;
352
353 TRACE(("enter checkpubkeyperms"));
354
355 assert(svr_ses.authstate.pw);
356 if (svr_ses.authstate.pw->pw_dir == NULL) {
357 goto out;
358 }
359
360 if ((len = strlen(svr_ses.authstate.pw->pw_dir)) == 0) {
361 goto out;
362 }
363
364 /* allocate max required pathname storage,
365 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
366 filename = m_malloc(len + 22);
367 strncpy(filename, svr_ses.authstate.pw->pw_dir, len+1);
368
369 /* check ~ */
370 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
371 goto out;
372 }
373
374 /* check ~/.ssh */
375 strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
376 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
377 goto out;
378 }
379
380 /* now check ~/.ssh/authorized_keys */
381 strncat(filename, "/authorized_keys", 16);
382 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
383 goto out;
384 }
385
386 /* file looks ok, return success */
387 ret = DROPBEAR_SUCCESS;
388
389 out:
390 m_free(filename);
391
392 TRACE(("leave checkpubkeyperms"));
393 return ret;
394 }
395
396 /* Checks that a file is owned by the user or root, and isn't writable by
397 * group or other */
398 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
399 static int checkfileperm(char * filename) {
400 struct stat filestat;
401
402 TRACE(("enter checkfileperm(%s)", filename));
403
404 if (stat(filename, &filestat) != 0) {
405 TRACE(("leave checkfileperm: stat() != 0"));
406 return DROPBEAR_FAILURE;
407 }
408 /* check ownership - user or root only*/
409 if (filestat.st_uid != svr_ses.authstate.pw->pw_uid
410 && filestat.st_uid != 0) {
411 TRACE(("leave checkfileperm: wrong ownership"));
412 return DROPBEAR_FAILURE;
413 }
414 /* check permissions - don't want group or others +w */
415 if (filestat.st_mode & (S_IWGRP | S_IWOTH)) {
416 TRACE(("leave checkfileperm: wrong perms"));
417 return DROPBEAR_FAILURE;
418 }
419 TRACE(("leave checkfileperm: success"));
420 return DROPBEAR_SUCCESS;
421 }
422
423
424 #endif /* DROPBEAR_PUBKEY_AUTH */