Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | #include "includes.h" | - |
27 | | - |
28 | #include <sys/types.h> | - |
29 | #include <sys/stat.h> | - |
30 | | - |
31 | #include <errno.h> | - |
32 | #include <fcntl.h> | - |
33 | #ifdef HAVE_PATHS_H | - |
34 | # include <paths.h> | - |
35 | #endif | - |
36 | #include <pwd.h> | - |
37 | #include <signal.h> | - |
38 | #include <stdio.h> | - |
39 | #include <stdarg.h> | - |
40 | #include <string.h> | - |
41 | #include <time.h> | - |
42 | #include <unistd.h> | - |
43 | #include <limits.h> | - |
44 | | - |
45 | #include "xmalloc.h" | - |
46 | #include "ssh.h" | - |
47 | #include "ssh2.h" | - |
48 | #include "packet.h" | - |
49 | #include "sshbuf.h" | - |
50 | #include "log.h" | - |
51 | #include "misc.h" | - |
52 | #include "servconf.h" | - |
53 | #include "compat.h" | - |
54 | #include "sshkey.h" | - |
55 | #include "hostfile.h" | - |
56 | #include "auth.h" | - |
57 | #include "pathnames.h" | - |
58 | #include "uidswap.h" | - |
59 | #include "auth-options.h" | - |
60 | #include "canohost.h" | - |
61 | #ifdef GSSAPI | - |
62 | #include "ssh-gss.h" | - |
63 | #endif | - |
64 | #include "monitor_wrap.h" | - |
65 | #include "authfile.h" | - |
66 | #include "match.h" | - |
67 | #include "ssherr.h" | - |
68 | #include "channels.h" /* XXX for session.h */ | - |
69 | #include "session.h" /* XXX for child_set_env(); refactor? */ | - |
70 | | - |
71 | | - |
72 | extern ServerOptions options; | - |
73 | extern u_char *session_id2; | - |
74 | extern u_int session_id2_len; | - |
75 | | - |
76 | static char * | - |
77 | format_key(const struct sshkey *key) | - |
78 | { | - |
79 | char *ret, *fp = sshkey_fingerprint(key, | - |
80 | options.fingerprint_hash, SSH_FP_DEFAULT); | - |
81 | | - |
82 | xasprintf(&ret, "%s %s", sshkey_type(key), fp); | - |
83 | free(fp); | - |
84 | return ret; never executed: return ret; | 0 |
85 | } | - |
86 | | - |
87 | static int | - |
88 | userauth_pubkey(struct ssh *ssh) | - |
89 | { | - |
90 | Authctxt *authctxt = ssh->authctxt; | - |
91 | struct passwd *pw = authctxt->pw; | - |
92 | struct sshbuf *b = NULL; | - |
93 | struct sshkey *key = NULL; | - |
94 | char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; | - |
95 | u_char *pkblob = NULL, *sig = NULL, have_sig; | - |
96 | size_t blen, slen; | - |
97 | int r, pktype; | - |
98 | int authenticated = 0; | - |
99 | struct sshauthopt *authopts = NULL; | - |
100 | | - |
101 | if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
102 | (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
103 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
104 | fatal("%s: parse request failed: %s", __func__, ssh_err(r)); never executed: fatal("%s: parse request failed: %s", __func__, ssh_err(r)); | 0 |
105 | pktype = sshkey_type_from_name(pkalg); | - |
106 | if (pktype == KEY_UNSPEC) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
107 | | - |
108 | verbose("%s: unsupported public key algorithm: %s", | - |
109 | __func__, pkalg); | - |
110 | goto done; never executed: goto done; | 0 |
111 | } | - |
112 | if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | error("%s: could not parse key: %s", __func__, ssh_err(r)); | - |
114 | goto done; never executed: goto done; | 0 |
115 | } | - |
116 | if (key == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
117 | error("%s: cannot decode key: %s", __func__, pkalg); | - |
118 | goto done; never executed: goto done; | 0 |
119 | } | - |
120 | if (key->type != pktype) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
121 | error("%s: type mismatch for decoded key " | - |
122 | "(received %d, expected %d)", __func__, key->type, pktype); | - |
123 | goto done; never executed: goto done; | 0 |
124 | } | - |
125 | if (sshkey_type_plain(key->type) == KEY_RSA &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
126 | (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
127 | logit("Refusing RSA key because client uses unsafe " | - |
128 | "signature scheme"); | - |
129 | goto done; never executed: goto done; | 0 |
130 | } | - |
131 | if (auth2_key_already_used(authctxt, key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
132 | logit("refusing previously-used %s key", sshkey_type(key)); | - |
133 | goto done; never executed: goto done; | 0 |
134 | } | - |
135 | if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
136 | logit("%s: key type %s not in PubkeyAcceptedKeyTypes", | - |
137 | __func__, sshkey_ssh_name(key)); | - |
138 | goto done; never executed: goto done; | 0 |
139 | } | - |
140 | if ((r = sshkey_check_cert_sigtype(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
141 | options.ca_sign_algorithms)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
142 | logit("%s: certificate signature algorithm %s: %s", __func__, | - |
143 | (key->cert == NULL || key->cert->signature_type == NULL) ? | - |
144 | "(null)" : key->cert->signature_type, ssh_err(r)); | - |
145 | goto done; never executed: goto done; | 0 |
146 | } | - |
147 | key_s = format_key(key); | - |
148 | if (sshkey_is_cert(key))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
149 | ca_s = format_key(key->cert->signature_key); never executed: ca_s = format_key(key->cert->signature_key); | 0 |
150 | | - |
151 | if (have_sig) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
152 | debug3("%s: have %s signature for %s%s%s", | - |
153 | __func__, pkalg, key_s, | - |
154 | ca_s == NULL ? "" : " CA ", | - |
155 | ca_s == NULL ? "" : ca_s); | - |
156 | if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
157 | (r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
158 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
159 | if ((b = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
160 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
161 | if (ssh->compat & SSH_OLD_SESSIONID) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
162 | if ((r = sshbuf_put(b, session_id2,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
163 | session_id2_len)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
164 | fatal("%s: sshbuf_put session id: %s", never executed: fatal("%s: sshbuf_put session id: %s", __func__, ssh_err(r)); | 0 |
165 | __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_put session id: %s", __func__, ssh_err(r)); | 0 |
166 | } else { never executed: end of block | 0 |
167 | if ((r = sshbuf_put_string(b, session_id2,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
168 | session_id2_len)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
169 | fatal("%s: sshbuf_put_string session id: %s", never executed: fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); | 0 |
170 | __func__, ssh_err(r)); never executed: fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); | 0 |
171 | } never executed: end of block | 0 |
172 | if (!authctxt->valid || authctxt->user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
173 | debug2("%s: disabled because of invalid user", | - |
174 | __func__); | - |
175 | goto done; never executed: goto done; | 0 |
176 | } | - |
177 | | - |
178 | xasprintf(&userstyle, "%s%s%s", authctxt->user, | - |
179 | authctxt->style ? ":" : "", | - |
180 | authctxt->style ? authctxt->style : ""); | - |
181 | if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
182 | (r = sshbuf_put_cstring(b, userstyle)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
183 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
184 | (r = sshbuf_put_cstring(b, "publickey")) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
185 | (r = sshbuf_put_u8(b, have_sig)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
186 | (r = sshbuf_put_cstring(b, pkalg)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
187 | (r = sshbuf_put_string(b, pkblob, blen)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
188 | fatal("%s: build packet failed: %s", never executed: fatal("%s: build packet failed: %s", __func__, ssh_err(r)); | 0 |
189 | __func__, ssh_err(r)); never executed: fatal("%s: build packet failed: %s", __func__, ssh_err(r)); | 0 |
190 | #ifdef DEBUG_PK | - |
191 | sshbuf_dump(b, stderr); | - |
192 | #endif | - |
193 | | - |
194 | authenticated = 0; | - |
195 | if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
196 | PRIVSEP(sshkey_verify(key, sig, slen,TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
197 | sshbuf_ptr(b), sshbuf_len(b),TRUE | never evaluated | FALSE | never evaluated |
| 0 |
198 | (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
199 | ssh->compat)) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
200 | authenticated = 1; | - |
201 | } never executed: end of block | 0 |
202 | auth2_record_key(authctxt, authenticated, key); | - |
203 | } else { never executed: end of block | 0 |
204 | debug("%s: test pkalg %s pkblob %s%s%s", | - |
205 | __func__, pkalg, key_s, | - |
206 | ca_s == NULL ? "" : " CA ", | - |
207 | ca_s == NULL ? "" : ca_s); | - |
208 | | - |
209 | if ((r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
210 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
211 | | - |
212 | if (!authctxt->valid || authctxt->user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
213 | debug2("%s: disabled because of invalid user", | - |
214 | __func__); | - |
215 | goto done; never executed: goto done; | 0 |
216 | } | - |
217 | | - |
218 | | - |
219 | | - |
220 | | - |
221 | | - |
222 | | - |
223 | | - |
224 | | - |
225 | if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
226 | if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
227 | != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
228 | (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
229 | (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
230 | (r = sshpkt_send(ssh)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
231 | (r = ssh_packet_write_wait(ssh)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
232 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
233 | authctxt->postponed = 1; | - |
234 | } never executed: end of block | 0 |
235 | } never executed: end of block | 0 |
236 | done: code before this statement never executed: done: | 0 |
237 | if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
238 | debug("%s: key options inconsistent with existing", __func__); | - |
239 | authenticated = 0; | - |
240 | } never executed: end of block | 0 |
241 | debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); | - |
242 | | - |
243 | sshbuf_free(b); | - |
244 | sshauthopt_free(authopts); | - |
245 | sshkey_free(key); | - |
246 | free(userstyle); | - |
247 | free(pkalg); | - |
248 | free(pkblob); | - |
249 | free(key_s); | - |
250 | free(ca_s); | - |
251 | free(sig); | - |
252 | return authenticated; never executed: return authenticated; | 0 |
253 | } | - |
254 | | - |
255 | static int | - |
256 | match_principals_option(const char *principal_list, struct sshkey_cert *cert) | - |
257 | { | - |
258 | char *result; | - |
259 | u_int i; | - |
260 | | - |
261 | | - |
262 | | - |
263 | for (i = 0; i < cert->nprincipals; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
264 | if ((result = match_list(cert->principals[i],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
265 | principal_list, NULL)) != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
266 | debug3("matched principal from key options \"%.100s\"", | - |
267 | result); | - |
268 | free(result); | - |
269 | return 1; never executed: return 1; | 0 |
270 | } | - |
271 | } never executed: end of block | 0 |
272 | return 0; never executed: return 0; | 0 |
273 | } | - |
274 | | - |
275 | | - |
276 | | - |
277 | | - |
278 | | - |
279 | | - |
280 | static int | - |
281 | check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert, | - |
282 | const char *loc, struct sshauthopt **authoptsp) | - |
283 | { | - |
284 | u_int i, found = 0; | - |
285 | char *ep, *line_opts; | - |
286 | const char *reason = NULL; | - |
287 | struct sshauthopt *opts = NULL; | - |
288 | | - |
289 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
290 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
291 | | - |
292 | | - |
293 | ep = cp + strlen(cp) - 1; | - |
294 | while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t'))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
295 | *ep-- = '\0'; never executed: *ep-- = '\0'; | 0 |
296 | | - |
297 | | - |
298 | | - |
299 | | - |
300 | | - |
301 | line_opts = NULL; | - |
302 | if ((ep = strrchr(cp, ' ')) != NULL ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
303 | (ep = strrchr(cp, '\t')) != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
304 | for (; *ep == ' ' || *ep == '\t'; ep++)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
305 | ; never executed: ; | 0 |
306 | line_opts = cp; | - |
307 | cp = ep; | - |
308 | } never executed: end of block | 0 |
309 | if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
310 | debug("%s: bad principals options: %s", loc, reason); | - |
311 | auth_debug_add("%s: bad principals options: %s", loc, reason); | - |
312 | return -1; never executed: return -1; | 0 |
313 | } | - |
314 | | - |
315 | for (i = 0; i < cert->nprincipals; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
316 | if (strcmp(cp, cert->principals[i]) != 0) never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( cert->principals[i] ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | continue; never executed: continue; | 0 |
318 | debug3("%s: matched principal \"%.100s\"", | - |
319 | loc, cert->principals[i]); | - |
320 | found = 1; | - |
321 | } never executed: end of block | 0 |
322 | if (found && authoptsp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
323 | *authoptsp = opts; | - |
324 | opts = NULL; | - |
325 | } never executed: end of block | 0 |
326 | sshauthopt_free(opts); | - |
327 | return found ? 0 : -1; never executed: return found ? 0 : -1; TRUE | never evaluated | FALSE | never evaluated |
| 0 |
328 | } | - |
329 | | - |
330 | static int | - |
331 | process_principals(struct ssh *ssh, FILE *f, const char *file, | - |
332 | const struct sshkey_cert *cert, struct sshauthopt **authoptsp) | - |
333 | { | - |
334 | char loc[256], *line = NULL, *cp, *ep; | - |
335 | size_t linesize = 0; | - |
336 | u_long linenum = 0; | - |
337 | u_int found_principal = 0; | - |
338 | | - |
339 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
340 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
341 | | - |
342 | while (getline(&line, &linesize, f) != -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
343 | linenum++; | - |
344 | | - |
345 | if (found_principal)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | continue; never executed: continue; | 0 |
347 | | - |
348 | | - |
349 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
350 | ; never executed: ; | 0 |
351 | | - |
352 | if ((ep = strchr(cp, '#')) != NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
353 | *ep = '\0'; never executed: *ep = '\0'; | 0 |
354 | if (!*cp || *cp == '\n')TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
355 | continue; never executed: continue; | 0 |
356 | | - |
357 | snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); | - |
358 | if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
359 | found_principal = 1; never executed: found_principal = 1; | 0 |
360 | } never executed: end of block | 0 |
361 | free(line); | - |
362 | return found_principal; never executed: return found_principal; | 0 |
363 | } | - |
364 | | - |
365 | | - |
366 | | - |
367 | static int | - |
368 | match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, | - |
369 | struct sshkey_cert *cert, struct sshauthopt **authoptsp) | - |
370 | { | - |
371 | FILE *f; | - |
372 | int success; | - |
373 | | - |
374 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
375 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
376 | | - |
377 | temporarily_use_uid(pw); | - |
378 | debug("trying authorized principals file %s", file); | - |
379 | if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
380 | restore_uid(); | - |
381 | return 0; never executed: return 0; | 0 |
382 | } | - |
383 | success = process_principals(ssh, f, file, cert, authoptsp); | - |
384 | fclose(f); | - |
385 | restore_uid(); | - |
386 | return success; never executed: return success; | 0 |
387 | } | - |
388 | | - |
389 | | - |
390 | | - |
391 | | - |
392 | | - |
393 | static int | - |
394 | match_principals_command(struct ssh *ssh, struct passwd *user_pw, | - |
395 | const struct sshkey *key, struct sshauthopt **authoptsp) | - |
396 | { | - |
397 | struct passwd *runas_pw = NULL; | - |
398 | const struct sshkey_cert *cert = key->cert; | - |
399 | FILE *f = NULL; | - |
400 | int r, ok, found_principal = 0; | - |
401 | int i, ac = 0, uid_swapped = 0; | - |
402 | pid_t pid; | - |
403 | char *tmp, *username = NULL, *command = NULL, **av = NULL; | - |
404 | char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; | - |
405 | char serial_s[16], uidstr[32]; | - |
406 | void (*osigchld)(int); | - |
407 | | - |
408 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
409 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
410 | if (options.authorized_principals_command == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
411 | return 0; never executed: return 0; | 0 |
412 | if (options.authorized_principals_command_user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
413 | error("No user for AuthorizedPrincipalsCommand specified, " | - |
414 | "skipping"); | - |
415 | return 0; never executed: return 0; | 0 |
416 | } | - |
417 | | - |
418 | | - |
419 | | - |
420 | | - |
421 | | - |
422 | osigchld = signal(SIGCHLD, SIG_DFL); | - |
423 | | - |
424 | | - |
425 | username = percent_expand(options.authorized_principals_command_user, | - |
426 | "u", user_pw->pw_name, (char *)NULL); | - |
427 | runas_pw = getpwnam(username); | - |
428 | if (runas_pw == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
429 | error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s", | - |
430 | username, strerror(errno)); | - |
431 | goto out; never executed: goto out; | 0 |
432 | } | - |
433 | | - |
434 | | - |
435 | if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
436 | error("AuthorizedPrincipalsCommand \"%s\" contains " | - |
437 | "invalid quotes", command); | - |
438 | goto out; never executed: goto out; | 0 |
439 | } | - |
440 | if (ac == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
441 | error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments", | - |
442 | command); | - |
443 | goto out; never executed: goto out; | 0 |
444 | } | - |
445 | if ((ca_fp = sshkey_fingerprint(cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
446 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
447 | error("%s: sshkey_fingerprint failed", __func__); | - |
448 | goto out; never executed: goto out; | 0 |
449 | } | - |
450 | if ((key_fp = sshkey_fingerprint(key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
451 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
452 | error("%s: sshkey_fingerprint failed", __func__); | - |
453 | goto out; never executed: goto out; | 0 |
454 | } | - |
455 | if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
456 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
457 | goto out; never executed: goto out; | 0 |
458 | } | - |
459 | if ((r = sshkey_to_base64(key, &keytext)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
460 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
461 | goto out; never executed: goto out; | 0 |
462 | } | - |
463 | snprintf(serial_s, sizeof(serial_s), "%llu", | - |
464 | (unsigned long long)cert->serial); | - |
465 | snprintf(uidstr, sizeof(uidstr), "%llu", | - |
466 | (unsigned long long)user_pw->pw_uid); | - |
467 | for (i = 1; i < ac; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
468 | tmp = percent_expand(av[i], | - |
469 | "U", uidstr, | - |
470 | "u", user_pw->pw_name, | - |
471 | "h", user_pw->pw_dir, | - |
472 | "t", sshkey_ssh_name(key), | - |
473 | "T", sshkey_ssh_name(cert->signature_key), | - |
474 | "f", key_fp, | - |
475 | "F", ca_fp, | - |
476 | "k", keytext, | - |
477 | "K", catext, | - |
478 | "i", cert->key_id, | - |
479 | "s", serial_s, | - |
480 | (char *)NULL); | - |
481 | if (tmp == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
482 | fatal("%s: percent_expand failed", __func__); never executed: fatal("%s: percent_expand failed", __func__); | 0 |
483 | free(av[i]); | - |
484 | av[i] = tmp; | - |
485 | } never executed: end of block | 0 |
486 | | - |
487 | command = argv_assemble(ac, av); | - |
488 | | - |
489 | if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
490 | ac, av, &f,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
491 | SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
492 | goto out; never executed: goto out; | 0 |
493 | | - |
494 | uid_swapped = 1; | - |
495 | temporarily_use_uid(runas_pw); | - |
496 | | - |
497 | ok = process_principals(ssh, f, "(command)", cert, authoptsp); | - |
498 | | - |
499 | fclose(f); | - |
500 | f = NULL; | - |
501 | | - |
502 | if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command, 0) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
503 | goto out; never executed: goto out; | 0 |
504 | | - |
505 | | - |
506 | found_principal = ok; | - |
507 | out: code before this statement never executed: out: | 0 |
508 | if (f != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
509 | fclose(f); never executed: fclose(f); | 0 |
510 | signal(SIGCHLD, osigchld); | - |
511 | for (i = 0; i < ac; i++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
512 | free(av[i]); never executed: free(av[i]); | 0 |
513 | free(av); | - |
514 | if (uid_swapped)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
515 | restore_uid(); never executed: restore_uid(); | 0 |
516 | free(command); | - |
517 | free(username); | - |
518 | free(ca_fp); | - |
519 | free(key_fp); | - |
520 | free(catext); | - |
521 | free(keytext); | - |
522 | return found_principal; never executed: return found_principal; | 0 |
523 | } | - |
524 | | - |
525 | static void | - |
526 | skip_space(char **cpp) | - |
527 | { | - |
528 | char *cp; | - |
529 | | - |
530 | for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
531 | ; never executed: ; | 0 |
532 | *cpp = cp; | - |
533 | } never executed: end of block | 0 |
534 | | - |
535 | | - |
536 | | - |
537 | | - |
538 | | - |
539 | | - |
540 | static int | - |
541 | advance_past_options(char **cpp) | - |
542 | { | - |
543 | char *cp = *cpp; | - |
544 | int quoted = 0; | - |
545 | | - |
546 | for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
547 | if (*cp == '\\' && cp[1] == '"')TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
548 | cp++; never executed: cp++; | 0 |
549 | else if (*cp == '"')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
550 | quoted = !quoted; never executed: quoted = !quoted; | 0 |
551 | } never executed: end of block | 0 |
552 | *cpp = cp; | - |
553 | | - |
554 | return (*cp == '\0' && quoted) ? -1 : 0; never executed: return (*cp == '\0' && quoted) ? -1 : 0; TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
555 | } | - |
556 | | - |
557 | | - |
558 | | - |
559 | | - |
560 | | - |
561 | | - |
562 | static int | - |
563 | check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
564 | char *cp, const char *loc, struct sshauthopt **authoptsp) | - |
565 | { | - |
566 | int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
567 | struct sshkey *found = NULL; | - |
568 | struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL; | - |
569 | char *key_options = NULL, *fp = NULL; | - |
570 | const char *reason = NULL; | - |
571 | int ret = -1; | - |
572 | | - |
573 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
574 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
575 | | - |
576 | if ((found = sshkey_new(want_keytype)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
577 | debug3("%s: keytype %d failed", __func__, want_keytype); | - |
578 | goto out; never executed: goto out; | 0 |
579 | } | - |
580 | | - |
581 | | - |
582 | | - |
583 | if (sshkey_read(found, &cp) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
584 | | - |
585 | debug2("%s: check options: '%s'", loc, cp); | - |
586 | key_options = cp; | - |
587 | if (advance_past_options(&cp) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
588 | reason = "invalid key option string"; | - |
589 | goto fail_reason; never executed: goto fail_reason; | 0 |
590 | } | - |
591 | skip_space(&cp); | - |
592 | if (sshkey_read(found, &cp) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
593 | | - |
594 | debug2("%s: advance: '%s'", loc, cp); | - |
595 | goto out; never executed: goto out; | 0 |
596 | } | - |
597 | } never executed: end of block | 0 |
598 | | - |
599 | if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
600 | debug("%s: bad key options: %s", loc, reason); | - |
601 | auth_debug_add("%s: bad key options: %s", loc, reason); | - |
602 | goto out; never executed: goto out; | 0 |
603 | } | - |
604 | | - |
605 | if (sshkey_is_cert(key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
606 | | - |
607 | if (!sshkey_equal(found, key->cert->signature_key) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
608 | !keyopts->cert_authority)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
609 | goto out; never executed: goto out; | 0 |
610 | } else { never executed: end of block | 0 |
611 | | - |
612 | if (!sshkey_equal(found, key) || keyopts->cert_authority)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
613 | goto out; never executed: goto out; | 0 |
614 | } never executed: end of block | 0 |
615 | | - |
616 | | - |
617 | if ((fp = sshkey_fingerprint(found,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
618 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
619 | fatal("%s: fingerprint failed", __func__); never executed: fatal("%s: fingerprint failed", __func__); | 0 |
620 | | - |
621 | debug("%s: matching %s found: %s %s", loc, | - |
622 | sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); | - |
623 | | - |
624 | if (auth_authorise_keyopts(ssh, pw, keyopts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
625 | sshkey_is_cert(key), loc) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
626 | reason = "Refused by key options"; | - |
627 | goto fail_reason; never executed: goto fail_reason; | 0 |
628 | } | - |
629 | | - |
630 | if (!sshkey_is_cert(key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
631 | verbose("Accepted key %s %s found at %s", | - |
632 | sshkey_type(found), fp, loc); | - |
633 | finalopts = keyopts; | - |
634 | keyopts = NULL; | - |
635 | goto success; never executed: goto success; | 0 |
636 | } | - |
637 | | - |
638 | | - |
639 | | - |
640 | | - |
641 | | - |
642 | | - |
643 | if ((certopts = sshauthopt_from_cert(key)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
644 | reason = "Invalid certificate options"; | - |
645 | goto fail_reason; never executed: goto fail_reason; | 0 |
646 | } | - |
647 | if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
648 | reason = "Refused by certificate options"; | - |
649 | goto fail_reason; never executed: goto fail_reason; | 0 |
650 | } | - |
651 | if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
652 | goto fail_reason; never executed: goto fail_reason; | 0 |
653 | | - |
654 | | - |
655 | | - |
656 | | - |
657 | | - |
658 | | - |
659 | if (keyopts->cert_principals != NULL &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
660 | !match_principals_option(keyopts->cert_principals, key->cert)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
661 | reason = "Certificate does not contain an authorized principal"; | - |
662 | goto fail_reason; never executed: goto fail_reason; | 0 |
663 | } | - |
664 | if (sshkey_cert_check_authority(key, 0, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
665 | keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
666 | goto fail_reason; never executed: goto fail_reason; | 0 |
667 | | - |
668 | verbose("Accepted certificate ID \"%s\" (serial %llu) " | - |
669 | "signed by CA %s %s found at %s", | - |
670 | key->cert->key_id, | - |
671 | (unsigned long long)key->cert->serial, | - |
672 | sshkey_type(found), fp, loc); | - |
673 | | - |
674 | success: code before this statement never executed: success: | 0 |
675 | if (finalopts == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
676 | fatal("%s: internal error: missing options", __func__); never executed: fatal("%s: internal error: missing options", __func__); | 0 |
677 | if (authoptsp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
678 | *authoptsp = finalopts; | - |
679 | finalopts = NULL; | - |
680 | } never executed: end of block | 0 |
681 | | - |
682 | ret = 0; | - |
683 | goto out; never executed: goto out; | 0 |
684 | | - |
685 | fail_reason: | - |
686 | error("%s", reason); | - |
687 | auth_debug_add("%s", reason); | - |
688 | out: code before this statement never executed: out: | 0 |
689 | free(fp); | - |
690 | sshauthopt_free(keyopts); | - |
691 | sshauthopt_free(certopts); | - |
692 | sshauthopt_free(finalopts); | - |
693 | sshkey_free(found); | - |
694 | return ret; never executed: return ret; | 0 |
695 | } | - |
696 | | - |
697 | | - |
698 | | - |
699 | | - |
700 | | - |
701 | static int | - |
702 | check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, | - |
703 | char *file, struct sshkey *key, struct sshauthopt **authoptsp) | - |
704 | { | - |
705 | char *cp, *line = NULL, loc[256]; | - |
706 | size_t linesize = 0; | - |
707 | int found_key = 0; | - |
708 | u_long linenum = 0; | - |
709 | | - |
710 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
711 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
712 | | - |
713 | while (getline(&line, &linesize, f) != -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
714 | linenum++; | - |
715 | | - |
716 | if (found_key)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
717 | continue; never executed: continue; | 0 |
718 | | - |
719 | | - |
720 | cp = line; | - |
721 | skip_space(&cp); | - |
722 | if (!*cp || *cp == '\n' || *cp == '#')TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
723 | continue; never executed: continue; | 0 |
724 | snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); | - |
725 | if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
726 | found_key = 1; never executed: found_key = 1; | 0 |
727 | } never executed: end of block | 0 |
728 | free(line); | - |
729 | return found_key; never executed: return found_key; | 0 |
730 | } | - |
731 | | - |
732 | | - |
733 | static int | - |
734 | user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
735 | struct sshauthopt **authoptsp) | - |
736 | { | - |
737 | char *ca_fp, *principals_file = NULL; | - |
738 | const char *reason; | - |
739 | struct sshauthopt *principals_opts = NULL, *cert_opts = NULL; | - |
740 | struct sshauthopt *final_opts = NULL; | - |
741 | int r, ret = 0, found_principal = 0, use_authorized_principals; | - |
742 | | - |
743 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
744 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
745 | | - |
746 | if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
747 | return 0; never executed: return 0; | 0 |
748 | | - |
749 | if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
750 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
751 | return 0; never executed: return 0; | 0 |
752 | | - |
753 | if ((r = sshkey_in_file(key->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
754 | options.trusted_user_ca_keys, 1, 0)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
755 | debug2("%s: CA %s %s is not listed in %s: %s", __func__, | - |
756 | sshkey_type(key->cert->signature_key), ca_fp, | - |
757 | options.trusted_user_ca_keys, ssh_err(r)); | - |
758 | goto out; never executed: goto out; | 0 |
759 | } | - |
760 | | - |
761 | | - |
762 | | - |
763 | | - |
764 | | - |
765 | if ((principals_file = authorized_principals_file(pw)) != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
766 | if (match_principals_file(ssh, pw, principals_file,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
767 | key->cert, &principals_opts))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
768 | found_principal = 1; never executed: found_principal = 1; | 0 |
769 | } never executed: end of block | 0 |
770 | | - |
771 | if (!found_principal && match_principals_command(ssh, pw, key,TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
772 | &principals_opts))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
773 | found_principal = 1; never executed: found_principal = 1; | 0 |
774 | | - |
775 | use_authorized_principals = principals_file != NULL ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
776 | options.authorized_principals_command != NULL;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
777 | if (!found_principal && use_authorized_principals) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
778 | reason = "Certificate does not contain an authorized principal"; | - |
779 | goto fail_reason; never executed: goto fail_reason; | 0 |
780 | } | - |
781 | if (use_authorized_principals && principals_opts == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
782 | fatal("%s: internal error: missing principals_opts", __func__); never executed: fatal("%s: internal error: missing principals_opts", __func__); | 0 |
783 | if (sshkey_cert_check_authority(key, 0, 1,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
784 | use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
785 | goto fail_reason; never executed: goto fail_reason; | 0 |
786 | | - |
787 | | - |
788 | if ((cert_opts = sshauthopt_from_cert(key)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
789 | reason = "Invalid certificate options"; | - |
790 | goto fail_reason; never executed: goto fail_reason; | 0 |
791 | } | - |
792 | if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
793 | reason = "Refused by certificate options"; | - |
794 | goto fail_reason; never executed: goto fail_reason; | 0 |
795 | } | - |
796 | if (principals_opts == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
797 | final_opts = cert_opts; | - |
798 | cert_opts = NULL; | - |
799 | } else { never executed: end of block | 0 |
800 | if (auth_authorise_keyopts(ssh, pw, principals_opts, 0,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
801 | "principals") != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
802 | reason = "Refused by certificate principals options"; | - |
803 | goto fail_reason; never executed: goto fail_reason; | 0 |
804 | } | - |
805 | if ((final_opts = sshauthopt_merge(principals_opts,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
806 | cert_opts, &reason)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
807 | fail_reason: | - |
808 | error("%s", reason); | - |
809 | auth_debug_add("%s", reason); | - |
810 | goto out; never executed: goto out; | 0 |
811 | } | - |
812 | } never executed: end of block | 0 |
813 | | - |
814 | | - |
815 | verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " | - |
816 | "%s CA %s via %s", key->cert->key_id, | - |
817 | (unsigned long long)key->cert->serial, | - |
818 | sshkey_type(key->cert->signature_key), ca_fp, | - |
819 | options.trusted_user_ca_keys); | - |
820 | if (authoptsp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
821 | *authoptsp = final_opts; | - |
822 | final_opts = NULL; | - |
823 | } never executed: end of block | 0 |
824 | ret = 1; | - |
825 | out: code before this statement never executed: out: | 0 |
826 | sshauthopt_free(principals_opts); | - |
827 | sshauthopt_free(cert_opts); | - |
828 | sshauthopt_free(final_opts); | - |
829 | free(principals_file); | - |
830 | free(ca_fp); | - |
831 | return ret; never executed: return ret; | 0 |
832 | } | - |
833 | | - |
834 | | - |
835 | | - |
836 | | - |
837 | | - |
838 | static int | - |
839 | user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
840 | char *file, struct sshauthopt **authoptsp) | - |
841 | { | - |
842 | FILE *f; | - |
843 | int found_key = 0; | - |
844 | | - |
845 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
846 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
847 | | - |
848 | | - |
849 | temporarily_use_uid(pw); | - |
850 | | - |
851 | debug("trying public key file %s", file); | - |
852 | if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
853 | found_key = check_authkeys_file(ssh, pw, f, file, | - |
854 | key, authoptsp); | - |
855 | fclose(f); | - |
856 | } never executed: end of block | 0 |
857 | | - |
858 | restore_uid(); | - |
859 | return found_key; never executed: return found_key; | 0 |
860 | } | - |
861 | | - |
862 | | - |
863 | | - |
864 | | - |
865 | | - |
866 | static int | - |
867 | user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | - |
868 | struct sshkey *key, struct sshauthopt **authoptsp) | - |
869 | { | - |
870 | struct passwd *runas_pw = NULL; | - |
871 | FILE *f = NULL; | - |
872 | int r, ok, found_key = 0; | - |
873 | int i, uid_swapped = 0, ac = 0; | - |
874 | pid_t pid; | - |
875 | char *username = NULL, *key_fp = NULL, *keytext = NULL; | - |
876 | char uidstr[32], *tmp, *command = NULL, **av = NULL; | - |
877 | void (*osigchld)(int); | - |
878 | | - |
879 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
880 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
881 | if (options.authorized_keys_command == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
882 | return 0; never executed: return 0; | 0 |
883 | if (options.authorized_keys_command_user == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
884 | error("No user for AuthorizedKeysCommand specified, skipping"); | - |
885 | return 0; never executed: return 0; | 0 |
886 | } | - |
887 | | - |
888 | | - |
889 | | - |
890 | | - |
891 | | - |
892 | osigchld = signal(SIGCHLD, SIG_DFL); | - |
893 | | - |
894 | | - |
895 | username = percent_expand(options.authorized_keys_command_user, | - |
896 | "u", user_pw->pw_name, (char *)NULL); | - |
897 | runas_pw = getpwnam(username); | - |
898 | if (runas_pw == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
899 | error("AuthorizedKeysCommandUser \"%s\" not found: %s", | - |
900 | username, strerror(errno)); | - |
901 | goto out; never executed: goto out; | 0 |
902 | } | - |
903 | | - |
904 | | - |
905 | if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
906 | SSH_FP_DEFAULT)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
907 | error("%s: sshkey_fingerprint failed", __func__); | - |
908 | goto out; never executed: goto out; | 0 |
909 | } | - |
910 | if ((r = sshkey_to_base64(key, &keytext)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
911 | error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); | - |
912 | goto out; never executed: goto out; | 0 |
913 | } | - |
914 | | - |
915 | | - |
916 | if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
917 | error("AuthorizedKeysCommand \"%s\" contains invalid quotes", | - |
918 | command); | - |
919 | goto out; never executed: goto out; | 0 |
920 | } | - |
921 | if (ac == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
922 | error("AuthorizedKeysCommand \"%s\" yielded no arguments", | - |
923 | command); | - |
924 | goto out; never executed: goto out; | 0 |
925 | } | - |
926 | snprintf(uidstr, sizeof(uidstr), "%llu", | - |
927 | (unsigned long long)user_pw->pw_uid); | - |
928 | for (i = 1; i < ac; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
929 | tmp = percent_expand(av[i], | - |
930 | "U", uidstr, | - |
931 | "u", user_pw->pw_name, | - |
932 | "h", user_pw->pw_dir, | - |
933 | "t", sshkey_ssh_name(key), | - |
934 | "f", key_fp, | - |
935 | "k", keytext, | - |
936 | (char *)NULL); | - |
937 | if (tmp == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
938 | fatal("%s: percent_expand failed", __func__); never executed: fatal("%s: percent_expand failed", __func__); | 0 |
939 | free(av[i]); | - |
940 | av[i] = tmp; | - |
941 | } never executed: end of block | 0 |
942 | | - |
943 | command = argv_assemble(ac, av); | - |
944 | | - |
945 | | - |
946 | | - |
947 | | - |
948 | | - |
949 | | - |
950 | if (ac == 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
951 | av = xreallocarray(av, ac + 2, sizeof(*av)); | - |
952 | av[1] = xstrdup(user_pw->pw_name); | - |
953 | av[2] = NULL; | - |
954 | | - |
955 | free(command); | - |
956 | xasprintf(&command, "%s %s", av[0], av[1]); | - |
957 | } never executed: end of block | 0 |
958 | | - |
959 | if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
960 | ac, av, &f,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
961 | SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
962 | goto out; never executed: goto out; | 0 |
963 | | - |
964 | uid_swapped = 1; | - |
965 | temporarily_use_uid(runas_pw); | - |
966 | | - |
967 | ok = check_authkeys_file(ssh, user_pw, f, | - |
968 | options.authorized_keys_command, key, authoptsp); | - |
969 | | - |
970 | fclose(f); | - |
971 | f = NULL; | - |
972 | | - |
973 | if (exited_cleanly(pid, "AuthorizedKeysCommand", command, 0) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
974 | goto out; never executed: goto out; | 0 |
975 | | - |
976 | | - |
977 | found_key = ok; | - |
978 | out: code before this statement never executed: out: | 0 |
979 | if (f != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
980 | fclose(f); never executed: fclose(f); | 0 |
981 | signal(SIGCHLD, osigchld); | - |
982 | for (i = 0; i < ac; i++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
983 | free(av[i]); never executed: free(av[i]); | 0 |
984 | free(av); | - |
985 | if (uid_swapped)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
986 | restore_uid(); never executed: restore_uid(); | 0 |
987 | free(command); | - |
988 | free(username); | - |
989 | free(key_fp); | - |
990 | free(keytext); | - |
991 | return found_key; never executed: return found_key; | 0 |
992 | } | - |
993 | | - |
994 | | - |
995 | | - |
996 | | - |
997 | int | - |
998 | user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
999 | int auth_attempt, struct sshauthopt **authoptsp) | - |
1000 | { | - |
1001 | u_int success, i; | - |
1002 | char *file; | - |
1003 | struct sshauthopt *opts = NULL; | - |
1004 | if (authoptsp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1005 | *authoptsp = NULL; never executed: *authoptsp = ((void *)0) ; | 0 |
1006 | | - |
1007 | if (auth_key_is_revoked(key))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1008 | return 0; never executed: return 0; | 0 |
1009 | if (sshkey_is_cert(key) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1010 | auth_key_is_revoked(key->cert->signature_key))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1011 | return 0; never executed: return 0; | 0 |
1012 | | - |
1013 | if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1014 | goto out; never executed: goto out; | 0 |
1015 | sshauthopt_free(opts); | - |
1016 | opts = NULL; | - |
1017 | | - |
1018 | if ((success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1019 | goto out; never executed: goto out; | 0 |
1020 | sshauthopt_free(opts); | - |
1021 | opts = NULL; | - |
1022 | | - |
1023 | for (i = 0; !success && i < options.num_authkeys_files; i++) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1024 | if (strcasecmp(options.authorized_keys_files[i], "none") == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1025 | continue; never executed: continue; | 0 |
1026 | file = expand_authorized_keys( | - |
1027 | options.authorized_keys_files[i], pw); | - |
1028 | success = user_key_allowed2(ssh, pw, key, file, &opts); | - |
1029 | free(file); | - |
1030 | } never executed: end of block | 0 |
1031 | | - |
1032 | out: code before this statement never executed: out: | 0 |
1033 | if (success && authoptsp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
1034 | *authoptsp = opts; | - |
1035 | opts = NULL; | - |
1036 | } never executed: end of block | 0 |
1037 | sshauthopt_free(opts); | - |
1038 | return success; never executed: return success; | 0 |
1039 | } | - |
1040 | | - |
1041 | Authmethod method_pubkey = { | - |
1042 | "publickey", | - |
1043 | userauth_pubkey, | - |
1044 | &options.pubkey_authentication | - |
1045 | }; | - |
| | |