« back to all changes in this revision
Viewing changes to libssh/keyfiles.c
- browse files at revision 7
- compare with another revision
- download diff
- download tarball
- view history from revision 7
- Committer: Bazaar Package Importer
- Author(s): Laurent Bigonville
- Date: 2009-12-12 14:29:12 UTC
- mfrom: (1.1.3 upstream)
- Revision ID: james.westby@ubuntu.com-20091212142912-ha5g2iibt6nfnjq8
Tags: 0.4.0-1
* New upstream release.
- Bump soname
- Adjust .symbols file
* Readd static library in -dev package
* Let dh_lintian install override file
* debian/README.Debian: Update file
* debian/rules: Add list-missing rule
- Bump soname
- Adjust .symbols file
* Readd static library in -dev package
* Let dh_lintian install override file
* debian/README.Debian: Update file
* debian/rules: Add list-missing rule
- files added:
- debian/libssh-4.install
- examples
- tests/sftp_stress
- files removed:
- debian/libssh-3.install
- files modified:
- CMakeLists.txt
added
removed
libssh/keyfiles.c
22
22
* MA 02111-1307, USA.
23
23
*/
24
24
25
#include "config.h"
26
25
27
#include <ctype.h>
26
28
#include <errno.h>
27
29
#include <fcntl.h>
29
31
#include <sys/types.h>
30
32
#include <stdio.h>
31
33
#include <string.h>
32
#include <unistd.h>
33
34
#include <stdlib.h>
34
35
35
36
#ifndef _WIN32
37
38
#endif
38
39
39
40
#include "libssh/priv.h"
41
#include "libssh/buffer.h"
42
#include "libssh/keyfiles.h"
43
#include "libssh/session.h"
44
#include "libssh/wrapper.h"
45
#include "libssh/misc.h"
46
#include "libssh/keys.h"
47
48
/*todo: remove this include */
49
#include "libssh/string.h"
50
40
51
41
52
#ifdef HAVE_LIBGCRYPT
42
53
#include <gcrypt.h>
89
100
return 0;
90
101
}
91
102
92
static u32 char_to_u32(unsigned char *data, u32 size) {
93
u32 ret;
94
u32 i;
103
static uint32_t char_to_u32(unsigned char *data, uint32_t size) {
104
uint32_t ret;
105
uint32_t i;
95
106
96
107
for (i = 0, ret = 0; i < size; ret = ret << 8, ret += data[i++])
97
108
;
98
109
return ret;
99
110
}
100
111
101
static u32 asn1_get_len(BUFFER *buffer) {
102
u32 len;
112
static uint32_t asn1_get_len(ssh_buffer buffer) {
113
uint32_t len;
103
114
unsigned char tmp[4];
104
115
105
116
if (buffer_get_data(buffer,tmp,1) == 0) {
122
133
return len;
123
134
}
124
135
125
static STRING *asn1_get_int(BUFFER *buffer) {
126
STRING *str;
136
static ssh_string asn1_get_int(ssh_buffer buffer) {
137
ssh_string str;
127
138
unsigned char type;
128
u32 size;
139
uint32_t size;
129
140
130
141
if (buffer_get_data(buffer, &type, 1) == 0 || type != ASN1_INTEGER) {
131
142
return NULL;
148
159
return str;
149
160
}
150
161
151
static int asn1_check_sequence(BUFFER *buffer) {
162
static int asn1_check_sequence(ssh_buffer buffer) {
152
163
unsigned char *j = NULL;
153
164
unsigned char tmp;
154
165
int i;
155
u32 size;
156
u32 padding;
166
uint32_t size;
167
uint32_t padding;
157
168
158
169
if (buffer_get_data(buffer, &tmp, 1) == 0 || tmp != ASN1_SEQUENCE) {
159
170
return 0;
162
173
size = asn1_get_len(buffer);
163
174
if ((padding = buffer_get_len(buffer) - buffer->pos - size) > 0) {
164
175
for (i = buffer_get_len(buffer) - buffer->pos - size,
165
j = buffer_get(buffer) + size + buffer->pos;
176
j = (unsigned char*)buffer_get(buffer) + size + buffer->pos;
166
177
i;
167
178
i--, j++)
168
179
{
230
241
231
242
static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
232
243
unsigned char *iv, unsigned int iv_len,
233
BUFFER *data, ssh_auth_callback cb,
244
ssh_buffer data, ssh_auth_callback cb,
234
245
void *userdata,
235
246
const char *desc)
236
247
{
331
342
return load_iv(header + iv_pos, *iv, *iv_len);
332
343
}
333
344
334
static BUFFER *privatekey_file_to_buffer(FILE *fp, int type,
345
static ssh_buffer privatekey_file_to_buffer(FILE *fp, int type,
335
346
ssh_auth_callback cb, void *userdata, const char *desc) {
336
BUFFER *buffer = NULL;
337
BUFFER *out = NULL;
347
ssh_buffer buffer = NULL;
348
ssh_buffer out = NULL;
338
349
char buf[MAXLINESIZE] = {0};
339
350
unsigned char *iv = NULL;
340
351
const char *header_begin;
445
456
446
457
static int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r,
447
458
ssh_auth_callback cb, void *userdata, const char *desc) {
448
STRING *n = NULL;
449
STRING *e = NULL;
450
STRING *d = NULL;
451
STRING *p = NULL;
452
STRING *q = NULL;
453
STRING *unused1 = NULL;
454
STRING *unused2 = NULL;
455
STRING *u = NULL;
456
STRING *v = NULL;
457
BUFFER *buffer = NULL;
459
ssh_string n = NULL;
460
ssh_string e = NULL;
461
ssh_string d = NULL;
462
ssh_string p = NULL;
463
ssh_string q = NULL;
464
ssh_string unused1 = NULL;
465
ssh_string unused2 = NULL;
466
ssh_string u = NULL;
467
ssh_string v = NULL;
468
ssh_buffer buffer = NULL;
458
469
int rc = 1;
459
470
460
471
buffer = privatekey_file_to_buffer(fp, TYPE_RSA, cb, userdata, desc);
517
528
518
529
static int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, ssh_auth_callback cb,
519
530
void *userdata, const char *desc) {
520
BUFFER *buffer = NULL;
521
STRING *p = NULL;
522
STRING *q = NULL;
523
STRING *g = NULL;
524
STRING *y = NULL;
525
STRING *x = NULL;
526
STRING *v = NULL;
531
ssh_buffer buffer = NULL;
532
ssh_string p = NULL;
533
ssh_string q = NULL;
534
ssh_string g = NULL;
535
ssh_string y = NULL;
536
ssh_string x = NULL;
537
ssh_string v = NULL;
527
538
int rc = 1;
528
539
529
540
buffer = privatekey_file_to_buffer(fp, TYPE_DSS, cb, userdata, desc);
578
589
579
590
#ifdef HAVE_LIBCRYPTO
580
591
static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
581
SSH_SESSION *session = userdata;
592
ssh_session session = userdata;
582
593
583
594
/* unused flag */
584
595
(void) rwflag;
585
596
586
597
ZERO_STRUCTP(buf);
598
ssh_log(session, SSH_LOG_RARE,
599
"Trying to call external authentication function");
587
600
588
if (session && session->options->auth_function) {
589
if ((*session->options->auth_function)("Passphrase for private key:", buf, size, 0, 0,
590
session->options->auth_userdata ? session->options->auth_userdata : NULL) < 0) {
601
if (session && session->callbacks->auth_function) {
602
if (session->callbacks->auth_function("Passphrase for private key:", buf, size, 0, 0,
603
session->callbacks->userdata) < 0) {
591
604
return 0;
592
605
}
593
606
611
624
* \see privatekey_free()
612
625
* \see publickey_from_privatekey()
613
626
*/
614
PRIVATE_KEY *privatekey_from_file(SSH_SESSION *session, const char *filename,
627
ssh_private_key privatekey_from_file(ssh_session session, const char *filename,
615
628
int type, const char *passphrase) {
616
629
ssh_auth_callback auth_cb = NULL;
617
PRIVATE_KEY *privkey = NULL;
630
ssh_private_key privkey = NULL;
618
631
void *auth_ud = NULL;
619
632
FILE *file = NULL;
620
633
#ifdef HAVE_LIBGCRYPT
625
638
DSA *dsa = NULL;
626
639
RSA *rsa = NULL;
627
640
#endif
641
ssh_log(session, SSH_LOG_RARE, "Trying to open %s", filename);
628
642
file = fopen(filename,"r");
629
643
if (file == NULL) {
630
644
ssh_set_error(session, SSH_REQUEST_DENIED,
632
646
return NULL;
633
647
}
634
648
649
ssh_log(session, SSH_LOG_RARE, "Trying to read %s, passphase=%s, authcb=%s",
650
filename, passphrase ? "true" : "false",
651
session->callbacks && session->callbacks->auth_function ? "true" : "false");
635
652
switch (type) {
636
653
case TYPE_DSS:
637
654
if (passphrase == NULL) {
638
if (session->options->auth_function) {
639
auth_cb = session->options->auth_function;
640
if (session->options->auth_userdata) {
641
auth_ud = session->options->auth_userdata;
642
}
655
if (session->callbacks->auth_function) {
656
auth_cb = session->callbacks->auth_function;
657
auth_ud = session->callbacks->userdata;
658
643
659
#ifdef HAVE_LIBGCRYPT
644
660
valid = read_dsa_privatekey(file, &dsa, auth_cb, auth_ud,
645
661
"Passphrase for private key:");
676
692
break;
677
693
case TYPE_RSA:
678
694
if (passphrase == NULL) {
679
if (session->options->auth_function) {
680
auth_cb = session->options->auth_function;
681
if (session->options->auth_userdata) {
682
auth_ud = session->options->auth_userdata;
683
}
695
if (session->callbacks && session->callbacks->auth_function) {
696
auth_cb = session->callbacks->auth_function;
697
auth_ud = session->callbacks->userdata;
684
698
#ifdef HAVE_LIBGCRYPT
685
699
valid = read_rsa_privatekey(file, &rsa, auth_cb, auth_ud,
686
700
"Passphrase for private key:");
721
735
return NULL;
722
736
} /* switch */
723
737
724
privkey = malloc(sizeof(PRIVATE_KEY));
738
privkey = malloc(sizeof(struct ssh_private_key_struct));
725
739
if (privkey == NULL) {
726
740
#ifdef HAVE_LIBGCRYPT
727
741
gcry_sexp_release(dsa);
741
755
}
742
756
743
757
/* same that privatekey_from_file() but without any passphrase things. */
744
PRIVATE_KEY *_privatekey_from_file(void *session, const char *filename,
758
ssh_private_key _privatekey_from_file(void *session, const char *filename,
745
759
int type) {
746
PRIVATE_KEY *privkey = NULL;
760
ssh_private_key privkey = NULL;
747
761
FILE *file = NULL;
748
762
#ifdef HAVE_LIBGCRYPT
749
763
gcry_sexp_t dsa = NULL;
809
823
return NULL;
810
824
}
811
825
812
privkey = malloc(sizeof(PRIVATE_KEY));
826
privkey = malloc(sizeof(struct ssh_private_key_struct));
813
827
if (privkey == NULL) {
814
828
#ifdef HAVE_LIBGCRYPT
815
829
gcry_sexp_release(dsa);
831
845
/** \brief deallocate a private key
832
846
* \param prv a PRIVATE_KEY object
833
847
*/
834
void privatekey_free(PRIVATE_KEY *prv) {
848
void privatekey_free(ssh_private_key prv) {
835
849
if (prv == NULL) {
836
850
return;
837
851
}
843
857
DSA_free(prv->dsa_priv);
844
858
RSA_free(prv->rsa_priv);
845
859
#endif
846
memset(prv, 0, sizeof(PRIVATE_KEY));
860
memset(prv, 0, sizeof(struct ssh_private_key_struct));
847
861
SAFE_FREE(prv);
848
862
}
849
863
850
864
/** \brief Retrieve a public key from a file
851
865
* \param session the SSH session
852
866
* \param filename Filename of the key
853
* \param _type Pointer to a integer. If it is not null, it contains the type of the key after execution.
867
* \param type Pointer to a integer. If it is not null, it contains the type of the key after execution.
854
868
* \return a SSH String containing the public key, or NULL if it failed.
855
869
* \see string_free()
856
870
* \see publickey_from_privatekey()
857
871
*/
858
STRING *publickey_from_file(SSH_SESSION *session, const char *filename,
872
ssh_string publickey_from_file(ssh_session session, const char *filename,
859
873
int *type) {
860
BUFFER *buffer = NULL;
874
ssh_buffer buffer = NULL;
861
875
char buf[4096] = {0};
862
STRING *str = NULL;
876
ssh_string str = NULL;
863
877
char *ptr = NULL;
864
878
int key_type;
865
879
int fd = -1;
924
938
return str;
925
939
}
926
940
927
STRING *try_publickey_from_file(SSH_SESSION *session, struct keys_struct keytab,
941
ssh_string try_publickey_from_file(ssh_session session, struct ssh_keys_struct keytab,
928
942
char **privkeyfile, int *type) {
929
static char *home = NULL;
930
931
char public[256] = {0};
932
char private[256] = {0};
943
char *public;
944
char *private;
933
945
const char *priv;
934
946
const char *pub;
935
947
char *new;
936
STRING *pubkey;
937
938
if (home == NULL) {
939
home = ssh_get_user_home_dir();
940
if (home == NULL) {
941
ssh_set_error(session,SSH_FATAL,"User home dir impossible to guess");
942
return NULL;
943
}
944
}
948
ssh_string pubkey=NULL;
945
949
946
950
pub = keytab.publickey;
947
951
if (pub == NULL) {
952
956
return NULL;
953
957
}
954
958
959
if (session->sshdir == NULL) {
960
if (ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL) < 0) {
961
return NULL;
962
}
963
}
964
955
965
/* are them readable ? */
956
snprintf(public, sizeof(public), pub, home);
957
ssh_log(session, SSH_LOG_PACKET, "Trying to open public key %s", public);
966
public=dir_expand_dup(session,pub,1);
967
private=dir_expand_dup(session,priv,1);
968
//snprintf(public, sizeof(public), "%s/%s", session->sshdir, pub);
969
//snprintf(private, sizeof(private), "%s/%s", session->sshdir, priv);
970
971
ssh_log(session, SSH_LOG_PACKET, "Trying to open publickey %s", public);
958
972
if (!ssh_file_readaccess_ok(public)) {
959
ssh_log(session, SSH_LOG_PACKET, "Failed");
960
return NULL;
973
ssh_log(session, SSH_LOG_PACKET, "Failed to open publickey %s", public);
974
goto error;
961
975
}
962
976
963
snprintf(private, sizeof(private), priv, home);
964
ssh_log(session, SSH_LOG_PACKET, "Trying to open private key %s", private);
977
ssh_log(session, SSH_LOG_PACKET, "Trying to open privatekey %s", private);
965
978
if (!ssh_file_readaccess_ok(private)) {
966
ssh_log(session, SSH_LOG_PACKET, "Failed");
967
return NULL;
979
ssh_log(session, SSH_LOG_PACKET, "Failed to open privatekey %s", private);
980
goto error;
968
981
}
969
982
970
ssh_log(session, SSH_LOG_PACKET, "Success reading public and private key");
983
ssh_log(session, SSH_LOG_PACKET, "Success opening public and private key");
971
984
972
985
/*
973
986
* We are sure both the private and public key file is readable. We return
979
992
"Wasn't able to open public key file %s: %s",
980
993
public,
981
994
ssh_get_error(session));
982
return NULL;
995
goto error;
983
996
}
984
997
985
998
new = realloc(*privkeyfile, strlen(private) + 1);
986
999
if (new == NULL) {
987
1000
string_free(pubkey);
988
return NULL;
1001
goto error;
989
1002
}
990
1003
991
1004
strcpy(new, private);
992
1005
*privkeyfile = new;
993
1006
error:
1007
SAFE_FREE(public);
1008
SAFE_FREE(private);
994
1009
return pubkey;
995
1010
}
996
1011
1019
1034
* \internal
1020
1035
*/
1021
1036
static char *lowercase(const char* str) {
1022
char *p = 0;
1023
char *new = strdup(str);
1024
1025
if((str == NULL) || (new == NULL)) {
1037
char *new, *p;
1038
1039
if (str == NULL) {
1040
return NULL;
1041
}
1042
1043
new = strdup(str);
1044
if (new == NULL) {
1026
1045
return NULL;
1027
1046
}
1028
1047
1057
1076
* \returns NULL if no match was found or the file was not found
1058
1077
* \returns found_type type of key (ie "dsa","ssh-rsa1"). Don't free that value.
1059
1078
*/
1060
static char **ssh_get_knownhost_line(SSH_SESSION *session, FILE **file,
1079
static char **ssh_get_knownhost_line(ssh_session session, FILE **file,
1061
1080
const char *filename, const char **found_type) {
1062
1081
char buffer[4096] = {0};
1063
1082
char *ptr;
1139
1158
* \return 0 if the key doesn't match
1140
1159
* \return -1 on error
1141
1160
*/
1142
static int check_public_key(SSH_SESSION *session, char **tokens) {
1143
STRING *pubkey = session->current_crypto->server_pubkey;
1144
BUFFER *pubkey_buffer;
1161
static int check_public_key(ssh_session session, char **tokens) {
1162
ssh_string pubkey = session->current_crypto->server_pubkey;
1163
ssh_buffer pubkey_buffer;
1145
1164
char *pubkey_64;
1146
1165
1147
1166
/* ok we found some public key in known hosts file. now un-base64it */
1148
1167
if (alldigits(tokens[1])) {
1149
1168
/* openssh rsa1 format */
1150
1169
bignum tmpbn;
1151
STRING *tmpstring;
1170
ssh_string tmpstring;
1152
1171
unsigned int len;
1153
1172
int i;
1154
1173
1188
1207
bignum_free(tmpbn);
1189
1208
return -1;
1190
1209
}
1210
/* TODO: fix the hardcoding */
1191
1211
tmpstring->size = htonl(len);
1192
1212
#ifdef HAVE_LIBGCRYPT
1193
1213
bignum_bn2bin(tmpbn, len, tmpstring->string);
1238
1258
* \returns 1 if it matches
1239
1259
* \returns 0 otherwise
1240
1260
*/
1241
static int match_hashed_host(SSH_SESSION *session, const char *host,
1261
static int match_hashed_host(ssh_session session, const char *host,
1242
1262
const char *sourcehash) {
1243
1263
/* Openssh hash structure :
1244
1264
* |1|base64 encoded salt|base64 encoded hash
1246
1266
* hash := HMAC_SHA1(key=salt,data=host)
1247
1267
*/
1248
1268
unsigned char buffer[256] = {0};
1249
BUFFER *salt;
1250
BUFFER *hash;
1269
ssh_buffer salt;
1270
ssh_buffer hash;
1251
1271
HMACCTX mac;
1252
1272
char *source;
1253
1273
char *b64hash;
1350
1370
* if host key is accepted\n
1351
1371
* SSH_SERVER_ERROR: Some error happened
1352
1372
*
1353
* \see ssh_options_set_wanted_algo()
1373
* \see ssh_options_set()
1354
1374
* \see ssh_get_pubkey_hash()
1355
1375
*
1356
1376
* \bug There is no current way to remove or modify an entry into the known
1357
1377
* host table.
1358
1378
*/
1359
int ssh_is_server_known(SSH_SESSION *session) {
1379
int ssh_is_server_known(ssh_session session) {
1360
1380
FILE *file = NULL;
1361
1381
char **tokens;
1362
1382
char *host;
1366
1386
1367
1387
enter_function();
1368
1388
1369
if (ssh_options_default_known_hosts_file(session->options) < 0) {
1370
ssh_set_error(session, SSH_REQUEST_DENIED,
1371
"Can't find a known_hosts file");
1372
leave_function();
1373
return SSH_SERVER_FILE_NOT_FOUND;
1389
if (session->knownhosts == NULL) {
1390
if (ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, NULL) < 0) {
1391
ssh_set_error(session, SSH_REQUEST_DENIED,
1392
"Can't find a known_hosts file");
1393
leave_function();
1394
return SSH_SERVER_FILE_NOT_FOUND;
1395
}
1374
1396
}
1375
1397
1376
if (session->options->host == NULL) {
1398
if (session->host == NULL) {
1377
1399
ssh_set_error(session, SSH_FATAL,
1378
1400
"Can't verify host in known hosts if the hostname isn't known");
1379
1401
leave_function();
1380
1402
return SSH_SERVER_ERROR;
1381
1403
}
1382
1404
1383
host = lowercase(session->options->host);
1405
host = lowercase(session->host);
1384
1406
if (host == NULL) {
1385
1407
ssh_set_error(session, SSH_FATAL, "Not enough space!");
1386
1408
leave_function();
1389
1411
1390
1412
do {
1391
1413
tokens = ssh_get_knownhost_line(session, &file,
1392
session->options->known_hosts_file, &type);
1414
session->knownhosts, &type);
1393
1415
1394
1416
/* End of file, return the current state */
1395
1417
if (tokens == NULL) {
1444
1466
* \param session ssh session
1445
1467
* \return 0 on success, -1 on error
1446
1468
*/
1447
int ssh_write_knownhost(SSH_SESSION *session) {
1448
STRING *pubkey = session->current_crypto->server_pubkey;
1469
int ssh_write_knownhost(ssh_session session) {
1470
ssh_string pubkey = session->current_crypto->server_pubkey;
1449
1471
unsigned char *pubkey_64;
1450
1472
char buffer[4096] = {0};
1451
1473
FILE *file;
1452
1474
char *dir;
1453
1475
size_t len = 0;
1454
1476
1455
if (ssh_options_default_known_hosts_file(session->options) < 0) {
1477
if (ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, NULL) < 0) {
1456
1478
ssh_set_error(session, SSH_FATAL, "Cannot find known_hosts file.");
1457
1479
return -1;
1458
1480
}
1459
1481
1460
if (session->options->host == NULL) {
1482
if (session->host == NULL) {
1461
1483
ssh_set_error(session, SSH_FATAL,
1462
1484
"Cannot write host in known hosts if the hostname is unknown");
1463
1485
return -1;
1464
1486
}
1465
1487
1466
1488
/* Check if ~/.ssh exists and create it if not */
1467
dir = ssh_dirname(session->options->known_hosts_file);
1489
dir = ssh_dirname(session->knownhosts);
1468
1490
if (dir == NULL) {
1469
1491
ssh_set_error(session, SSH_FATAL, "%s", strerror(errno));
1470
1492
return -1;
1479
1501
}
1480
1502
SAFE_FREE(dir);
1481
1503
1482
file = fopen(session->options->known_hosts_file, "a");
1504
file = fopen(session->knownhosts, "a");
1483
1505
if (file == NULL) {
1484
1506
ssh_set_error(session, SSH_FATAL,
1485
1507
"Couldn't open known_hosts file %s for appending: %s",
1486
session->options->known_hosts_file, strerror(errno));
1508
session->knownhosts, strerror(errno));
1487
1509
return -1;
1488
1510
}
1489
1511
1490
1512
if (strcmp(session->current_crypto->server_pubkey_type, "ssh-rsa1") == 0) {
1491
1513
/* openssh uses a different format for ssh-rsa1 keys.
1492
1514
Be compatible --kv */
1493
PUBLIC_KEY *key;
1515
ssh_public_key key;
1494
1516
char *e_string = NULL;
1495
1517
char *n_string = NULL;
1496
1518
bignum e = NULL;
1563
1585
1564
1586
snprintf(buffer, sizeof(buffer),
1565
1587
"%s %d %s %s\n",
1566
session->options->host,
1588
session->host,
1567
1589
rsa_size << 3,
1568
1590
e_string,
1569
1591
n_string);
1588
1610
1589
1611
snprintf(buffer, sizeof(buffer),
1590
1612
"%s %s %s\n",
1591
session->options->host,
1613
session->host,
1592
1614
session->current_crypto->server_pubkey_type,
1593
1615
pubkey_64);
1594
1616
Loggerhead is a web-based interface for Breezy
Version: 2.0.1