162321Salfred/*	$NetBSD: auth2-hostbased.c,v 1.23 2023/07/26 17:58:15 christos Exp $	*/
262321Salfred/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */
362321Salfred/*
462321Salfred * Copyright (c) 2000 Markus Friedl.  All rights reserved.
562321Salfred *
662321Salfred * Redistribution and use in source and binary forms, with or without
762321Salfred * modification, are permitted provided that the following conditions
862321Salfred * are met:
962321Salfred * 1. Redistributions of source code must retain the above copyright
1062321Salfred *    notice, this list of conditions and the following disclaimer.
1162321Salfred * 2. Redistributions in binary form must reproduce the above copyright
1262321Salfred *    notice, this list of conditions and the following disclaimer in the
1362321Salfred *    documentation and/or other materials provided with the distribution.
1462321Salfred *
1562321Salfred * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1662321Salfred * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1762321Salfred * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1862321Salfred * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1962321Salfred * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2062321Salfred * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2162321Salfred * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2262321Salfred * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2362321Salfred * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2462321Salfred * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2562321Salfred */
2662321Salfred
2779754Sdd#include "includes.h"
2862321Salfred__RCSID("$NetBSD: auth2-hostbased.c,v 1.23 2023/07/26 17:58:15 christos Exp $");
2962321Salfred#include <sys/types.h>
3062321Salfred
3162321Salfred#include <stdlib.h>
3262321Salfred#include <pwd.h>
3362321Salfred#include <string.h>
3471895Sru#include <stdarg.h>
3562321Salfred
3662321Salfred#include "xmalloc.h"
3783206Sasmodai#include "ssh2.h"
3862321Salfred#include "packet.h"
39103012Stjr#include "kex.h"
4062321Salfred#include "sshbuf.h"
41104400Smike#include "log.h"
4262321Salfred#include "misc.h"
4370482Sru#include "servconf.h"
4462321Salfred#include "sshkey.h"
45159879Skeramida#include "hostfile.h"
4662321Salfred#include "auth.h"
4762321Salfred#include "canohost.h"
4862321Salfred#ifdef GSSAPI
4962321Salfred#include "ssh-gss.h"
5062321Salfred#endif
5162321Salfred#include "monitor_wrap.h"
5262321Salfred#include "pathnames.h"
5362321Salfred#include "ssherr.h"
54131504Sru#include "match.h"
55131504Sru
5662321Salfred/* import */
5762321Salfredextern ServerOptions options;
5862321Salfred
59108037Srustatic int
60108037Sruuserauth_hostbased(struct ssh *ssh, const char *method)
61108037Sru{
6262321Salfred	Authctxt *authctxt = ssh->authctxt;
6362321Salfred	struct sshbuf *b;
6462321Salfred	struct sshkey *key = NULL;
6562321Salfred	char *pkalg, *cuser, *chost;
6662321Salfred	u_char *pkblob, *sig;
6762321Salfred	size_t alen, blen, slen;
6862321Salfred	int r, pktype, authenticated = 0;
69108037Sru
70108037Sru	/* XXX use sshkey_froms() */
71108037Sru	if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
7262321Salfred	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
7362321Salfred	    (r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 ||
7462321Salfred	    (r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 ||
7562321Salfred	    (r = sshpkt_get_string(ssh, &sig, &slen)) != 0)
76131504Sru		fatal_fr(r, "parse packet");
77131504Sru
7862321Salfred	debug_f("cuser %s chost %s pkalg %s slen %zu",
7962321Salfred	    cuser, chost, pkalg, slen);
8062321Salfred#ifdef DEBUG_PK
81108037Sru	debug("signature:");
82108037Sru	sshbuf_dump_data(sig, slen, stderr);
83108037Sru#endif
8462321Salfred	pktype = sshkey_type_from_name(pkalg);
8562321Salfred	if (pktype == KEY_UNSPEC) {
8662321Salfred		/* this is perfectly legal */
8762321Salfred		logit_f("unsupported public key algorithm: %s",
8862321Salfred		    pkalg);
8962321Salfred		goto done;
9062321Salfred	}
9162321Salfred	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
9262321Salfred		error_fr(r, "key_from_blob");
9362321Salfred		goto done;
94108037Sru	}
95108037Sru	if (key == NULL) {
96108037Sru		error_f("cannot decode key: %s", pkalg);
9762321Salfred		goto done;
9868395Sru	}
9962321Salfred	if (key->type != pktype) {
10062321Salfred		error_f("type mismatch for decoded key "
10162321Salfred		    "(received %d, expected %d)", key->type, pktype);
102108087Sru		goto done;
103108087Sru	}
104108087Sru	if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
10562321Salfred		logit_f("signature algorithm %s not in "
10679754Sdd		    "HostbasedAcceptedAlgorithms", pkalg);
10762321Salfred		goto done;
10862321Salfred	}
10962321Salfred	if ((r = sshkey_check_cert_sigtype(key,
11062321Salfred	    options.ca_sign_algorithms)) != 0) {
11162321Salfred		logit_fr(r, "certificate signature algorithm %s",
11262321Salfred		    (key->cert == NULL || key->cert->signature_type == NULL) ?
11362321Salfred		    "(null)" : key->cert->signature_type);
11462321Salfred		goto done;
11562321Salfred	}
116108037Sru	if ((r = sshkey_check_rsa_length(key,
117108037Sru	    options.required_rsa_size)) != 0) {
11862321Salfred		logit_r(r, "refusing %s key", sshkey_type(key));
11962321Salfred		goto done;
12062321Salfred	}
121108037Sru
12262321Salfred	if (!authctxt->valid || authctxt->user == NULL) {
12362321Salfred		debug2_f("disabled because of invalid user");
12462321Salfred		goto done;
12562321Salfred	}
12662321Salfred
12762321Salfred	if ((b = sshbuf_new()) == NULL)
12862321Salfred		fatal_f("sshbuf_new failed");
129140505Sru	/* reconstruct packet */
130140505Sru	if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
131140505Sru	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
132140505Sru	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
133	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
134	    (r = sshbuf_put_cstring(b, method)) != 0 ||
135	    (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
136	    (r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
137	    (r = sshbuf_put_cstring(b, chost)) != 0 ||
138	    (r = sshbuf_put_cstring(b, cuser)) != 0)
139		fatal_fr(r, "reconstruct packet");
140#ifdef DEBUG_PK
141	sshbuf_dump(b, stderr);
142#endif
143
144	auth2_record_info(authctxt,
145	    "client user \"%.100s\", client host \"%.100s\"", cuser, chost);
146
147	/* test for allowed key and correct signature */
148	authenticated = 0;
149	if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
150	    chost, key)) &&
151	    PRIVSEP(sshkey_verify(key, sig, slen,
152	    sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
153		authenticated = 1;
154
155	auth2_record_key(authctxt, authenticated, key);
156	sshbuf_free(b);
157done:
158	debug2_f("authenticated %d", authenticated);
159	sshkey_free(key);
160	free(pkalg);
161	free(pkblob);
162	free(cuser);
163	free(chost);
164	free(sig);
165	return authenticated;
166}
167
168/* return 1 if given hostkey is allowed */
169int
170hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
171    const char *cuser, char *chost, struct sshkey *key)
172{
173	const char *resolvedname, *ipaddr, *lookup, *reason;
174	HostStatus host_status;
175	int len;
176	char *fp;
177
178	if (auth_key_is_revoked(key))
179		return 0;
180
181	resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
182	ipaddr = ssh_remote_ipaddr(ssh);
183
184	debug2_f("chost %s resolvedname %s ipaddr %s",
185	    chost, resolvedname, ipaddr);
186
187	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
188		debug2("stripping trailing dot from chost %s", chost);
189		chost[len - 1] = '\0';
190	}
191
192	if (options.hostbased_uses_name_from_packet_only) {
193		if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
194			debug2_f("auth_rhosts2 refused user \"%.100s\" "
195			    "host \"%.100s\" (from packet)", cuser, chost);
196			return 0;
197		}
198		lookup = chost;
199	} else {
200		if (strcasecmp(resolvedname, chost) != 0)
201			logit("userauth_hostbased mismatch: "
202			    "client sends %s, but we resolve %s to %s",
203			    chost, ipaddr, resolvedname);
204		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
205			debug2_f("auth_rhosts2 refused "
206			    "user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
207			    cuser, resolvedname, ipaddr);
208			return 0;
209		}
210		lookup = resolvedname;
211	}
212	debug2_f("access allowed by auth_rhosts2");
213
214	if (sshkey_is_cert(key) &&
215	    sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) {
216		error("%s", reason);
217		auth_debug_add("%s", reason);
218		return 0;
219	}
220
221	host_status = check_key_in_hostfiles(pw, key, lookup,
222	    _PATH_SSH_SYSTEM_HOSTFILE,
223	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
224
225	/* backward compat if no key has been found. */
226	if (host_status == HOST_NEW) {
227		host_status = check_key_in_hostfiles(pw, key, lookup,
228		    _PATH_SSH_SYSTEM_HOSTFILE2,
229		    options.ignore_user_known_hosts ? NULL :
230		    _PATH_SSH_USER_HOSTFILE2);
231	}
232
233	if (host_status == HOST_OK) {
234		if (sshkey_is_cert(key)) {
235			if ((fp = sshkey_fingerprint(key->cert->signature_key,
236			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
237				fatal_f("sshkey_fingerprint fail");
238			verbose("Accepted certificate ID \"%s\" signed by "
239			    "%s CA %s from %s@%s", key->cert->key_id,
240			    sshkey_type(key->cert->signature_key), fp,
241			    cuser, lookup);
242		} else {
243			if ((fp = sshkey_fingerprint(key,
244			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
245				fatal_f("sshkey_fingerprint fail");
246			verbose("Accepted %s public key %s from %s@%s",
247			    sshkey_type(key), fp, cuser, lookup);
248		}
249		free(fp);
250	}
251
252	return (host_status == HOST_OK);
253}
254
255Authmethod method_hostbased = {
256	"hostbased",
257	NULL,
258	userauth_hostbased,
259	&options.hostbased_authentication
260};
261