ssh-keysign.c revision 126274
198675Sdes/* 298675Sdes * Copyright (c) 2002 Markus Friedl. All rights reserved. 398675Sdes * 498675Sdes * Redistribution and use in source and binary forms, with or without 598675Sdes * modification, are permitted provided that the following conditions 698675Sdes * are met: 798675Sdes * 1. Redistributions of source code must retain the above copyright 898675Sdes * notice, this list of conditions and the following disclaimer. 998675Sdes * 2. Redistributions in binary form must reproduce the above copyright 1098675Sdes * notice, this list of conditions and the following disclaimer in the 1198675Sdes * documentation and/or other materials provided with the distribution. 1298675Sdes * 1398675Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1498675Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1598675Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1698675Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1798675Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1898675Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1998675Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2098675Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2198675Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2298675Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2398675Sdes */ 2498675Sdes#include "includes.h" 25126274SdesRCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); 2698675Sdes 2798675Sdes#include <openssl/evp.h> 28106121Sdes#include <openssl/rand.h> 29106121Sdes#include <openssl/rsa.h> 3098675Sdes 3198675Sdes#include "log.h" 3298675Sdes#include "key.h" 33106121Sdes#include "ssh.h" 3498675Sdes#include "ssh2.h" 3598675Sdes#include "misc.h" 3698675Sdes#include "xmalloc.h" 3798675Sdes#include "buffer.h" 3898675Sdes#include "bufaux.h" 3998675Sdes#include "authfile.h" 4098675Sdes#include "msg.h" 4198675Sdes#include "canohost.h" 4298675Sdes#include "pathnames.h" 43106121Sdes#include "readconf.h" 4498675Sdes 45124208Sdes/* XXX readconf.c needs these */ 46124208Sdesuid_t original_real_uid; 47106121Sdes 4898937Sdes#ifdef HAVE___PROGNAME 4998937Sdesextern char *__progname; 5098937Sdes#else 5198937Sdeschar *__progname; 5298937Sdes#endif 5398937Sdes 5498675Sdesstatic int 5598675Sdesvalid_request(struct passwd *pw, char *host, Key **ret, u_char *data, 5698675Sdes u_int datalen) 5798675Sdes{ 5898675Sdes Buffer b; 59124208Sdes Key *key = NULL; 6098675Sdes u_char *pkblob; 6198675Sdes u_int blen, len; 6298675Sdes char *pkalg, *p; 6398675Sdes int pktype, fail; 6498675Sdes 6598675Sdes fail = 0; 6698675Sdes 6798675Sdes buffer_init(&b); 6898675Sdes buffer_append(&b, data, datalen); 6998675Sdes 7098675Sdes /* session id, currently limited to SHA1 (20 bytes) */ 7198675Sdes p = buffer_get_string(&b, &len); 7298675Sdes if (len != 20) 7398675Sdes fail++; 7498675Sdes xfree(p); 7598675Sdes 7698675Sdes if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 7798675Sdes fail++; 7898675Sdes 7998675Sdes /* server user */ 8098675Sdes buffer_skip_string(&b); 8198675Sdes 8298675Sdes /* service */ 8398675Sdes p = buffer_get_string(&b, NULL); 8498675Sdes if (strcmp("ssh-connection", p) != 0) 8598675Sdes fail++; 8698675Sdes xfree(p); 8798675Sdes 8898675Sdes /* method */ 8998675Sdes p = buffer_get_string(&b, NULL); 9098675Sdes if (strcmp("hostbased", p) != 0) 9198675Sdes fail++; 9298675Sdes xfree(p); 9398675Sdes 9498675Sdes /* pubkey */ 9598675Sdes pkalg = buffer_get_string(&b, NULL); 9698675Sdes pkblob = buffer_get_string(&b, &blen); 9798675Sdes 9898675Sdes pktype = key_type_from_name(pkalg); 9998675Sdes if (pktype == KEY_UNSPEC) 10098675Sdes fail++; 10198675Sdes else if ((key = key_from_blob(pkblob, blen)) == NULL) 10298675Sdes fail++; 10398675Sdes else if (key->type != pktype) 10498675Sdes fail++; 10598675Sdes xfree(pkalg); 10698675Sdes xfree(pkblob); 10798675Sdes 10898675Sdes /* client host name, handle trailing dot */ 10998675Sdes p = buffer_get_string(&b, &len); 11098675Sdes debug2("valid_request: check expect chost %s got %s", host, p); 11198675Sdes if (strlen(host) != len - 1) 11298675Sdes fail++; 11398675Sdes else if (p[len - 1] != '.') 11498675Sdes fail++; 11598675Sdes else if (strncasecmp(host, p, len - 1) != 0) 11698675Sdes fail++; 11798675Sdes xfree(p); 11898675Sdes 11998675Sdes /* local user */ 12098675Sdes p = buffer_get_string(&b, NULL); 12198675Sdes 12298675Sdes if (strcmp(pw->pw_name, p) != 0) 12398675Sdes fail++; 12498675Sdes xfree(p); 12598675Sdes 12698675Sdes /* end of message */ 12798675Sdes if (buffer_len(&b) != 0) 12898675Sdes fail++; 129126274Sdes buffer_free(&b); 13098675Sdes 13198675Sdes debug3("valid_request: fail %d", fail); 13298675Sdes 13398675Sdes if (fail && key != NULL) 13498675Sdes key_free(key); 13598675Sdes else 13698675Sdes *ret = key; 13798675Sdes 13898675Sdes return (fail ? -1 : 0); 13998675Sdes} 14098675Sdes 14198675Sdesint 14298675Sdesmain(int argc, char **argv) 14398675Sdes{ 14498675Sdes Buffer b; 145106121Sdes Options options; 14698675Sdes Key *keys[2], *key; 14798675Sdes struct passwd *pw; 14898675Sdes int key_fd[2], i, found, version = 2, fd; 14998675Sdes u_char *signature, *data; 15098675Sdes char *host; 15198675Sdes u_int slen, dlen; 152106121Sdes u_int32_t rnd[256]; 15398675Sdes 15498675Sdes key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); 15598675Sdes key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); 15698675Sdes 15798675Sdes seteuid(getuid()); 15898675Sdes setuid(getuid()); 15998675Sdes 16098937Sdes init_rng(); 16198937Sdes seed_rng(); 16298937Sdes arc4random_stir(); 16398937Sdes 16498675Sdes#ifdef DEBUG_SSH_KEYSIGN 16598675Sdes log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); 16698675Sdes#endif 16798675Sdes 168106121Sdes /* verify that ssh-keysign is enabled by the admin */ 169106121Sdes original_real_uid = getuid(); /* XXX readconf.c needs this */ 170106121Sdes initialize_options(&options); 171106121Sdes (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); 172106121Sdes fill_default_options(&options); 173113908Sdes if (options.enable_ssh_keysign != 1) 174113908Sdes fatal("ssh-keysign not enabled in %s", 175106121Sdes _PATH_HOST_CONFIG_FILE); 176106121Sdes 17798675Sdes if (key_fd[0] == -1 && key_fd[1] == -1) 17898675Sdes fatal("could not open any host key"); 17998675Sdes 18098675Sdes if ((pw = getpwuid(getuid())) == NULL) 18198675Sdes fatal("getpwuid failed"); 18298675Sdes pw = pwcopy(pw); 18398675Sdes 18498675Sdes SSLeay_add_all_algorithms(); 185106121Sdes for (i = 0; i < 256; i++) 186106121Sdes rnd[i] = arc4random(); 187106121Sdes RAND_seed(rnd, sizeof(rnd)); 18898675Sdes 18998675Sdes found = 0; 19098675Sdes for (i = 0; i < 2; i++) { 19198675Sdes keys[i] = NULL; 19298675Sdes if (key_fd[i] == -1) 19398675Sdes continue; 19498675Sdes keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, 19598675Sdes NULL, NULL); 19698675Sdes close(key_fd[i]); 19798675Sdes if (keys[i] != NULL) 19898675Sdes found = 1; 19998675Sdes } 20098675Sdes if (!found) 20198675Sdes fatal("no hostkey found"); 20298675Sdes 20398675Sdes buffer_init(&b); 204106121Sdes if (ssh_msg_recv(STDIN_FILENO, &b) < 0) 205106121Sdes fatal("ssh_msg_recv failed"); 20698675Sdes if (buffer_get_char(&b) != version) 20798675Sdes fatal("bad version"); 20898675Sdes fd = buffer_get_int(&b); 20998675Sdes if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO)) 21098675Sdes fatal("bad fd"); 21198675Sdes if ((host = get_local_name(fd)) == NULL) 21298675Sdes fatal("cannot get sockname for fd"); 21398675Sdes 21498675Sdes data = buffer_get_string(&b, &dlen); 21598675Sdes if (valid_request(pw, host, &key, data, dlen) < 0) 21698675Sdes fatal("not a valid request"); 21798675Sdes xfree(host); 21898675Sdes 21998675Sdes found = 0; 22098675Sdes for (i = 0; i < 2; i++) { 22198675Sdes if (keys[i] != NULL && 22298675Sdes key_equal(key, keys[i])) { 22398675Sdes found = 1; 22498675Sdes break; 22598675Sdes } 22698675Sdes } 22798675Sdes if (!found) 22898675Sdes fatal("no matching hostkey found"); 22998675Sdes 23098675Sdes if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) 23198675Sdes fatal("key_sign failed"); 232106121Sdes xfree(data); 23398675Sdes 23498675Sdes /* send reply */ 23598675Sdes buffer_clear(&b); 23698675Sdes buffer_put_string(&b, signature, slen); 237126274Sdes if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1) 238126274Sdes fatal("ssh_msg_send failed"); 23998675Sdes 24098675Sdes return (0); 24198675Sdes} 242