andersk Git - openssh.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* $OpenBSD: authfd.c,v 1.79 2006/07/26 13:57:17 stevesk Exp $ */
	2	/*
	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	5	* All rights reserved
	6	* Functions for connecting the local authentication agent.
	7	*
	8	* As far as I am concerned, the code I have written for this software
	9	* can be used freely for any purpose. Any derived versions of this
	10	* software must be clearly marked as such, and if the derived work is
	11	* incompatible with the protocol description in the RFC file, it must be
	12	* called by a name other than "ssh" or "Secure Shell".
	13	*
	14	* SSH2 implementation,
	15	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	16	*
	17	* Redistribution and use in source and binary forms, with or without
	18	* modification, are permitted provided that the following conditions
	19	* are met:
	20	* 1. Redistributions of source code must retain the above copyright
	21	* notice, this list of conditions and the following disclaimer.
	22	* 2. Redistributions in binary form must reproduce the above copyright
	23	* notice, this list of conditions and the following disclaimer in the
	24	* documentation and/or other materials provided with the distribution.
	25	*
	26	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	27	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	28	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	29	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	30	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	31	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	32	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	33	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	34	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	35	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	36	*/
	37
	38	#include "includes.h"
	39
	40	#include <sys/types.h>
	41	#include <sys/un.h>
	42	#include <sys/socket.h>
	43
	44	#include <openssl/evp.h>
	45
	46	#include <fcntl.h>
	47	#include <stdlib.h>
	48	#include <string.h>
	49	#include <unistd.h>
	50
	51	#include "ssh.h"
	52	#include "rsa.h"
	53	#include "buffer.h"
	54	#include "bufaux.h"
	55	#include "xmalloc.h"
	56	#include "key.h"
	57	#include "authfd.h"
	58	#include "cipher.h"
	59	#include "kex.h"
	60	#include "compat.h"
	61	#include "log.h"
	62	#include "atomicio.h"
	63	#include "misc.h"
	64
	65	static int agent_present = 0;
	66
	67	/* helper */
	68	int decode_reply(int type);
	69
	70	/* macro to check for "agent failure" message */
	71	#define agent_failed(x) \
	72	((x == SSH_AGENT_FAILURE) \|\| (x == SSH_COM_AGENT2_FAILURE) \|\| \
	73	(x == SSH2_AGENT_FAILURE))
	74
	75	int
	76	ssh_agent_present(void)
	77	{
	78	int authfd;
	79
	80	if (agent_present)
	81	return 1;
	82	if ((authfd = ssh_get_authentication_socket()) == -1)
	83	return 0;
	84	else {
	85	ssh_close_authentication_socket(authfd);
	86	return 1;
	87	}
	88	}
	89
	90	/* Returns the number of the authentication fd, or -1 if there is none. */
	91
	92	int
	93	ssh_get_authentication_socket(void)
	94	{
	95	const char *authsocket;
	96	int sock;
	97	struct sockaddr_un sunaddr;
	98
	99	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
	100	if (!authsocket)
	101	return -1;
	102
	103	sunaddr.sun_family = AF_UNIX;
	104	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
	105
	106	sock = socket(AF_UNIX, SOCK_STREAM, 0);
	107	if (sock < 0)
	108	return -1;
	109
	110	/* close on exec */
	111	if (fcntl(sock, F_SETFD, 1) == -1) {
	112	close(sock);
	113	return -1;
	114	}
	115	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
	116	close(sock);
	117	return -1;
	118	}
	119	agent_present = 1;
	120	return sock;
	121	}
	122
	123	static int
	124	ssh_request_reply(AuthenticationConnection auth, Buffer request, Buffer *reply)
	125	{
	126	u_int l, len;
	127	char buf[1024];
	128
	129	/* Get the length of the message, and format it in the buffer. */
	130	len = buffer_len(request);
	131	put_u32(buf, len);
	132
	133	/* Send the length and then the packet to the agent. */
	134	if (atomicio(vwrite, auth->fd, buf, 4) != 4 \|\|
	135	atomicio(vwrite, auth->fd, buffer_ptr(request),
	136	buffer_len(request)) != buffer_len(request)) {
	137	error("Error writing to authentication socket.");
	138	return 0;
	139	}
	140	/*
	141	* Wait for response from the agent. First read the length of the
	142	* response packet.
	143	*/
	144	if (atomicio(read, auth->fd, buf, 4) != 4) {
	145	error("Error reading response length from authentication socket.");
	146	return 0;
	147	}
	148
	149	/* Extract the length, and check it for sanity. */
	150	len = get_u32(buf);
	151	if (len > 256 * 1024)
	152	fatal("Authentication response too long: %u", len);
	153
	154	/* Read the rest of the response in to the buffer. */
	155	buffer_clear(reply);
	156	while (len > 0) {
	157	l = len;
	158	if (l > sizeof(buf))
	159	l = sizeof(buf);
	160	if (atomicio(read, auth->fd, buf, l) != l) {
	161	error("Error reading response from authentication socket.");
	162	return 0;
	163	}
	164	buffer_append(reply, buf, l);
	165	len -= l;
	166	}
	167	return 1;
	168	}
	169
	170	/*
	171	* Closes the agent socket if it should be closed (depends on how it was
	172	* obtained). The argument must have been returned by
	173	* ssh_get_authentication_socket().
	174	*/
	175
	176	void
	177	ssh_close_authentication_socket(int sock)
	178	{
	179	if (getenv(SSH_AUTHSOCKET_ENV_NAME))
	180	close(sock);
	181	}
	182
	183	/*
	184	* Opens and connects a private socket for communication with the
	185	* authentication agent. Returns the file descriptor (which must be
	186	* shut down and closed by the caller when no longer needed).
	187	* Returns NULL if an error occurred and the connection could not be
	188	* opened.
	189	*/
	190
	191	AuthenticationConnection *
	192	ssh_get_authentication_connection(void)
	193	{
	194	AuthenticationConnection *auth;
	195	int sock;
	196
	197	sock = ssh_get_authentication_socket();
	198
	199	/*
	200	* Fail if we couldn't obtain a connection. This happens if we
	201	* exited due to a timeout.
	202	*/
	203	if (sock < 0)
	204	return NULL;
	205
	206	auth = xmalloc(sizeof(*auth));
	207	auth->fd = sock;
	208	buffer_init(&auth->identities);
	209	auth->howmany = 0;
	210
	211	return auth;
	212	}
	213
	214	/*
	215	* Closes the connection to the authentication agent and frees any associated
	216	* memory.
	217	*/
	218
	219	void
	220	ssh_close_authentication_connection(AuthenticationConnection *auth)
	221	{
	222	buffer_free(&auth->identities);
	223	close(auth->fd);
	224	xfree(auth);
	225	}
	226
	227	/* Lock/unlock agent */
	228	int
	229	ssh_lock_agent(AuthenticationConnection auth, int lock, const char password)
	230	{
	231	int type;
	232	Buffer msg;
	233
	234	buffer_init(&msg);
	235	buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK);
	236	buffer_put_cstring(&msg, password);
	237
	238	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	239	buffer_free(&msg);
	240	return 0;
	241	}
	242	type = buffer_get_char(&msg);
	243	buffer_free(&msg);
	244	return decode_reply(type);
	245	}
	246
	247	/*
	248	* Returns the first authentication identity held by the agent.
	249	*/
	250
	251	int
	252	ssh_get_num_identities(AuthenticationConnection *auth, int version)
	253	{
	254	int type, code1 = 0, code2 = 0;
	255	Buffer request;
	256
	257	switch (version) {
	258	case 1:
	259	code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
	260	code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER;
	261	break;
	262	case 2:
	263	code1 = SSH2_AGENTC_REQUEST_IDENTITIES;
	264	code2 = SSH2_AGENT_IDENTITIES_ANSWER;
	265	break;
	266	default:
	267	return 0;
	268	}
	269
	270	/*
	271	* Send a message to the agent requesting for a list of the
	272	* identities it can represent.
	273	*/
	274	buffer_init(&request);
	275	buffer_put_char(&request, code1);
	276
	277	buffer_clear(&auth->identities);
	278	if (ssh_request_reply(auth, &request, &auth->identities) == 0) {
	279	buffer_free(&request);
	280	return 0;
	281	}
	282	buffer_free(&request);
	283
	284	/* Get message type, and verify that we got a proper answer. */
	285	type = buffer_get_char(&auth->identities);
	286	if (agent_failed(type)) {
	287	return 0;
	288	} else if (type != code2) {
	289	fatal("Bad authentication reply message type: %d", type);
	290	}
	291
	292	/* Get the number of entries in the response and check it for sanity. */
	293	auth->howmany = buffer_get_int(&auth->identities);
	294	if ((u_int)auth->howmany > 1024)
	295	fatal("Too many identities in authentication reply: %d",
	296	auth->howmany);
	297
	298	return auth->howmany;
	299	}
	300
	301	Key *
	302	ssh_get_first_identity(AuthenticationConnection auth, char *comment, int version)
	303	{
	304	/* get number of identities and return the first entry (if any). */
	305	if (ssh_get_num_identities(auth, version) > 0)
	306	return ssh_get_next_identity(auth, comment, version);
	307	return NULL;
	308	}
	309
	310	Key *
	311	ssh_get_next_identity(AuthenticationConnection auth, char *comment, int version)
	312	{
	313	int keybits;
	314	u_int bits;
	315	u_char *blob;
	316	u_int blen;
	317	Key *key = NULL;
	318
	319	/* Return failure if no more entries. */
	320	if (auth->howmany <= 0)
	321	return NULL;
	322
	323	/*
	324	* Get the next entry from the packet. These will abort with a fatal
	325	* error if the packet is too short or contains corrupt data.
	326	*/
	327	switch (version) {
	328	case 1:
	329	key = key_new(KEY_RSA1);
	330	bits = buffer_get_int(&auth->identities);
	331	buffer_get_bignum(&auth->identities, key->rsa->e);
	332	buffer_get_bignum(&auth->identities, key->rsa->n);
	333	*comment = buffer_get_string(&auth->identities, NULL);
	334	keybits = BN_num_bits(key->rsa->n);
	335	if (keybits < 0 \|\| bits != (u_int)keybits)
	336	logit("Warning: identity keysize mismatch: actual %d, announced %u",
	337	BN_num_bits(key->rsa->n), bits);
	338	break;
	339	case 2:
	340	blob = buffer_get_string(&auth->identities, &blen);
	341	*comment = buffer_get_string(&auth->identities, NULL);
	342	key = key_from_blob(blob, blen);
	343	xfree(blob);
	344	break;
	345	default:
	346	return NULL;
	347	}
	348	/* Decrement the number of remaining entries. */
	349	auth->howmany--;
	350	return key;
	351	}
	352
	353	/*
	354	* Generates a random challenge, sends it to the agent, and waits for
	355	* response from the agent. Returns true (non-zero) if the agent gave the
	356	* correct answer, zero otherwise. Response type selects the style of
	357	* response desired, with 0 corresponding to protocol version 1.0 (no longer
	358	* supported) and 1 corresponding to protocol version 1.1.
	359	*/
	360
	361	int
	362	ssh_decrypt_challenge(AuthenticationConnection *auth,
	363	Key* key, BIGNUM *challenge,
	364	u_char session_id[16],
	365	u_int response_type,
	366	u_char response[16])
	367	{
	368	Buffer buffer;
	369	int success = 0;
	370	int i;
	371	int type;
	372
	373	if (key->type != KEY_RSA1)
	374	return 0;
	375	if (response_type == 0) {
	376	logit("Compatibility with ssh protocol version 1.0 no longer supported.");
	377	return 0;
	378	}
	379	buffer_init(&buffer);
	380	buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
	381	buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
	382	buffer_put_bignum(&buffer, key->rsa->e);
	383	buffer_put_bignum(&buffer, key->rsa->n);
	384	buffer_put_bignum(&buffer, challenge);
	385	buffer_append(&buffer, session_id, 16);
	386	buffer_put_int(&buffer, response_type);
	387
	388	if (ssh_request_reply(auth, &buffer, &buffer) == 0) {
	389	buffer_free(&buffer);
	390	return 0;
	391	}
	392	type = buffer_get_char(&buffer);
	393
	394	if (agent_failed(type)) {
	395	logit("Agent admitted failure to authenticate using the key.");
	396	} else if (type != SSH_AGENT_RSA_RESPONSE) {
	397	fatal("Bad authentication response: %d", type);
	398	} else {
	399	success = 1;
	400	/*
	401	* Get the response from the packet. This will abort with a
	402	* fatal error if the packet is corrupt.
	403	*/
	404	for (i = 0; i < 16; i++)
	405	response[i] = (u_char)buffer_get_char(&buffer);
	406	}
	407	buffer_free(&buffer);
	408	return success;
	409	}
	410
	411	/* ask agent to sign data, returns -1 on error, 0 on success */
	412	int
	413	ssh_agent_sign(AuthenticationConnection *auth,
	414	Key *key,
	415	u_char *sigp, u_int lenp,
	416	u_char *data, u_int datalen)
	417	{
	418	extern int datafellows;
	419	Buffer msg;
	420	u_char *blob;
	421	u_int blen;
	422	int type, flags = 0;
	423	int ret = -1;
	424
	425	if (key_to_blob(key, &blob, &blen) == 0)
	426	return -1;
	427
	428	if (datafellows & SSH_BUG_SIGBLOB)
	429	flags = SSH_AGENT_OLD_SIGNATURE;
	430
	431	buffer_init(&msg);
	432	buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
	433	buffer_put_string(&msg, blob, blen);
	434	buffer_put_string(&msg, data, datalen);
	435	buffer_put_int(&msg, flags);
	436	xfree(blob);
	437
	438	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	439	buffer_free(&msg);
	440	return -1;
	441	}
	442	type = buffer_get_char(&msg);
	443	if (agent_failed(type)) {
	444	logit("Agent admitted failure to sign using the key.");
	445	} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
	446	fatal("Bad authentication response: %d", type);
	447	} else {
	448	ret = 0;
	449	*sigp = buffer_get_string(&msg, lenp);
	450	}
	451	buffer_free(&msg);
	452	return ret;
	453	}
	454
	455	/* Encode key for a message to the agent. */
	456
	457	static void
	458	ssh_encode_identity_rsa1(Buffer b, RSA key, const char *comment)
	459	{
	460	buffer_put_int(b, BN_num_bits(key->n));
	461	buffer_put_bignum(b, key->n);
	462	buffer_put_bignum(b, key->e);
	463	buffer_put_bignum(b, key->d);
	464	/* To keep within the protocol: p < q for ssh. in SSL p > q */
	465	buffer_put_bignum(b, key->iqmp); /* ssh key->u */
	466	buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */
	467	buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
	468	buffer_put_cstring(b, comment);
	469	}
	470
	471	static void
	472	ssh_encode_identity_ssh2(Buffer b, Key key, const char *comment)
	473	{
	474	buffer_put_cstring(b, key_ssh_name(key));
	475	switch (key->type) {
	476	case KEY_RSA:
	477	buffer_put_bignum2(b, key->rsa->n);
	478	buffer_put_bignum2(b, key->rsa->e);
	479	buffer_put_bignum2(b, key->rsa->d);
	480	buffer_put_bignum2(b, key->rsa->iqmp);
	481	buffer_put_bignum2(b, key->rsa->p);
	482	buffer_put_bignum2(b, key->rsa->q);
	483	break;
	484	case KEY_DSA:
	485	buffer_put_bignum2(b, key->dsa->p);
	486	buffer_put_bignum2(b, key->dsa->q);
	487	buffer_put_bignum2(b, key->dsa->g);
	488	buffer_put_bignum2(b, key->dsa->pub_key);
	489	buffer_put_bignum2(b, key->dsa->priv_key);
	490	break;
	491	}
	492	buffer_put_cstring(b, comment);
	493	}
	494
	495	/*
	496	* Adds an identity to the authentication server. This call is not meant to
	497	* be used by normal applications.
	498	*/
	499
	500	int
	501	ssh_add_identity_constrained(AuthenticationConnection auth, Key key,
	502	const char *comment, u_int life, u_int confirm)
	503	{
	504	Buffer msg;
	505	int type, constrained = (life \|\| confirm);
	506
	507	buffer_init(&msg);
	508
	509	switch (key->type) {
	510	case KEY_RSA1:
	511	type = constrained ?
	512	SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
	513	SSH_AGENTC_ADD_RSA_IDENTITY;
	514	buffer_put_char(&msg, type);
	515	ssh_encode_identity_rsa1(&msg, key->rsa, comment);
	516	break;
	517	case KEY_RSA:
	518	case KEY_DSA:
	519	type = constrained ?
	520	SSH2_AGENTC_ADD_ID_CONSTRAINED :
	521	SSH2_AGENTC_ADD_IDENTITY;
	522	buffer_put_char(&msg, type);
	523	ssh_encode_identity_ssh2(&msg, key, comment);
	524	break;
	525	default:
	526	buffer_free(&msg);
	527	return 0;
	528	}
	529	if (constrained) {
	530	if (life != 0) {
	531	buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
	532	buffer_put_int(&msg, life);
	533	}
	534	if (confirm != 0)
	535	buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
	536	}
	537	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	538	buffer_free(&msg);
	539	return 0;
	540	}
	541	type = buffer_get_char(&msg);
	542	buffer_free(&msg);
	543	return decode_reply(type);
	544	}
	545
	546	int
	547	ssh_add_identity(AuthenticationConnection auth, Key key, const char *comment)
	548	{
	549	return ssh_add_identity_constrained(auth, key, comment, 0, 0);
	550	}
	551
	552	/*
	553	* Removes an identity from the authentication server. This call is not
	554	* meant to be used by normal applications.
	555	*/
	556
	557	int
	558	ssh_remove_identity(AuthenticationConnection auth, Key key)
	559	{
	560	Buffer msg;
	561	int type;
	562	u_char *blob;
	563	u_int blen;
	564
	565	buffer_init(&msg);
	566
	567	if (key->type == KEY_RSA1) {
	568	buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
	569	buffer_put_int(&msg, BN_num_bits(key->rsa->n));
	570	buffer_put_bignum(&msg, key->rsa->e);
	571	buffer_put_bignum(&msg, key->rsa->n);
	572	} else if (key->type == KEY_DSA \|\| key->type == KEY_RSA) {
	573	key_to_blob(key, &blob, &blen);
	574	buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
	575	buffer_put_string(&msg, blob, blen);
	576	xfree(blob);
	577	} else {
	578	buffer_free(&msg);
	579	return 0;
	580	}
	581	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	582	buffer_free(&msg);
	583	return 0;
	584	}
	585	type = buffer_get_char(&msg);
	586	buffer_free(&msg);
	587	return decode_reply(type);
	588	}
	589
	590	int
	591	ssh_update_card(AuthenticationConnection *auth, int add,
	592	const char reader_id, const char pin, u_int life, u_int confirm)
	593	{
	594	Buffer msg;
	595	int type, constrained = (life \|\| confirm);
	596
	597	if (add) {
	598	type = constrained ?
	599	SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED :
	600	SSH_AGENTC_ADD_SMARTCARD_KEY;
	601	} else
	602	type = SSH_AGENTC_REMOVE_SMARTCARD_KEY;
	603
	604	buffer_init(&msg);
	605	buffer_put_char(&msg, type);
	606	buffer_put_cstring(&msg, reader_id);
	607	buffer_put_cstring(&msg, pin);
	608
	609	if (constrained) {
	610	if (life != 0) {
	611	buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
	612	buffer_put_int(&msg, life);
	613	}
	614	if (confirm != 0)
	615	buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
	616	}
	617
	618	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	619	buffer_free(&msg);
	620	return 0;
	621	}
	622	type = buffer_get_char(&msg);
	623	buffer_free(&msg);
	624	return decode_reply(type);
	625	}
	626
	627	/*
	628	* Removes all identities from the agent. This call is not meant to be used
	629	* by normal applications.
	630	*/
	631
	632	int
	633	ssh_remove_all_identities(AuthenticationConnection *auth, int version)
	634	{
	635	Buffer msg;
	636	int type;
	637	int code = (version==1) ?
	638	SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES :
	639	SSH2_AGENTC_REMOVE_ALL_IDENTITIES;
	640
	641	buffer_init(&msg);
	642	buffer_put_char(&msg, code);
	643
	644	if (ssh_request_reply(auth, &msg, &msg) == 0) {
	645	buffer_free(&msg);
	646	return 0;
	647	}
	648	type = buffer_get_char(&msg);
	649	buffer_free(&msg);
	650	return decode_reply(type);
	651	}
	652
	653	int
	654	decode_reply(int type)
	655	{
	656	switch (type) {
	657	case SSH_AGENT_FAILURE:
	658	case SSH_COM_AGENT2_FAILURE:
	659	case SSH2_AGENT_FAILURE:
	660	logit("SSH_AGENT_FAILURE");
	661	return 0;
	662	case SSH_AGENT_SUCCESS:
	663	return 1;
	664	default:
	665	fatal("Bad response from authentication agent: %d", type);
	666	}
	667	/* NOTREACHED */
	668	return 0;
	669	}