summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-25 00:52:46 +0000
committerDamien Miller <djm@mindrot.org>2019-11-25 12:23:40 +1100
commit0fddf2967ac51d518e300408a0d7e6adf4cd2634 (patch)
treed7fe4a4f7cd92c565a765e21b7cb19b9c7544d29 /monitor.c
parentb7e74ea072919b31391bc0f5ff653f80b9f5e84f (diff)
upstream: Add a sshd_config PubkeyAuthOptions directive
This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@ OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c63
1 files changed, 39 insertions, 24 deletions
diff --git a/monitor.c b/monitor.c
index 40ff43ee2..9b171c447 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.202 2019/11/25 00:51:37 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.203 2019/11/25 00:52:46 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -95,6 +95,7 @@
95#include "authfd.h" 95#include "authfd.h"
96#include "match.h" 96#include "match.h"
97#include "ssherr.h" 97#include "ssherr.h"
98#include "sk-api.h"
98 99
99#ifdef GSSAPI 100#ifdef GSSAPI
100static Gssctxt *gsscontext = NULL; 101static Gssctxt *gsscontext = NULL;
@@ -542,7 +543,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
542 543
543/* allowed key state */ 544/* allowed key state */
544static int 545static int
545monitor_allowed_key(u_char *blob, u_int bloblen) 546monitor_allowed_key(const u_char *blob, u_int bloblen)
546{ 547{
547 /* make sure key is allowed */ 548 /* make sure key is allowed */
548 if (key_blob == NULL || key_bloblen != bloblen || 549 if (key_blob == NULL || key_bloblen != bloblen ||
@@ -1247,7 +1248,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
1247} 1248}
1248 1249
1249static int 1250static int
1250monitor_valid_userblob(u_char *data, u_int datalen) 1251monitor_valid_userblob(const u_char *data, u_int datalen)
1251{ 1252{
1252 struct sshbuf *b; 1253 struct sshbuf *b;
1253 const u_char *p; 1254 const u_char *p;
@@ -1256,10 +1257,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1256 u_char type; 1257 u_char type;
1257 int r, fail = 0; 1258 int r, fail = 0;
1258 1259
1259 if ((b = sshbuf_new()) == NULL) 1260 if ((b = sshbuf_from(data, datalen)) == NULL)
1260 fatal("%s: sshbuf_new", __func__); 1261 fatal("%s: sshbuf_from", __func__);
1261 if ((r = sshbuf_put(b, data, datalen)) != 0)
1262 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1263 1262
1264 if (datafellows & SSH_OLD_SESSIONID) { 1263 if (datafellows & SSH_OLD_SESSIONID) {
1265 p = sshbuf_ptr(b); 1264 p = sshbuf_ptr(b);
@@ -1314,8 +1313,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1314} 1313}
1315 1314
1316static int 1315static int
1317monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1316monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
1318 char *chost) 1317 const char *cuser, const char *chost)
1319{ 1318{
1320 struct sshbuf *b; 1319 struct sshbuf *b;
1321 const u_char *p; 1320 const u_char *p;
@@ -1324,10 +1323,9 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1324 int r, fail = 0; 1323 int r, fail = 0;
1325 u_char type; 1324 u_char type;
1326 1325
1327 if ((b = sshbuf_new()) == NULL) 1326 if ((b = sshbuf_from(data, datalen)) == NULL)
1328 fatal("%s: sshbuf_new", __func__); 1327 fatal("%s: sshbuf_new", __func__);
1329 if ((r = sshbuf_put(b, data, datalen)) != 0 || 1328 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1330 (r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1331 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1329 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1332 1330
1333 if ((session_id2 == NULL) || 1331 if ((session_id2 == NULL) ||
@@ -1387,15 +1385,15 @@ int
1387mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) 1385mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1388{ 1386{
1389 struct sshkey *key; 1387 struct sshkey *key;
1390 u_char *signature, *data, *blob; 1388 const u_char *signature, *data, *blob;
1391 char *sigalg; 1389 char *sigalg = NULL, *fp = NULL;
1392 size_t signaturelen, datalen, bloblen; 1390 size_t signaturelen, datalen, bloblen;
1393 int r, ret, valid_data = 0, encoded_ret; 1391 int r, ret, req_presence = 0, valid_data = 0, encoded_ret;
1394 struct sshkey_sig_details *sig_details = NULL; 1392 struct sshkey_sig_details *sig_details = NULL;
1395 1393
1396 if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || 1394 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
1397 (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || 1395 (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||
1398 (r = sshbuf_get_string(m, &data, &datalen)) != 0 || 1396 (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||
1399 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) 1397 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
1400 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1398 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1401 1399
@@ -1430,23 +1428,36 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1430 if (!valid_data) 1428 if (!valid_data)
1431 fatal("%s: bad signature data blob", __func__); 1429 fatal("%s: bad signature data blob", __func__);
1432 1430
1431 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
1432 SSH_FP_DEFAULT)) == NULL)
1433 fatal("%s: sshkey_fingerprint failed", __func__);
1434
1433 ret = sshkey_verify(key, signature, signaturelen, data, datalen, 1435 ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1434 sigalg, ssh->compat, &sig_details); 1436 sigalg, ssh->compat, &sig_details);
1435 debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key, 1437 debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
1436 (ret == 0) ? "verified" : "unverified", 1438 (ret == 0) ? "verified" : "unverified",
1437 (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); 1439 (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
1438 auth2_record_key(authctxt, ret == 0, key);
1439 1440
1440 free(blob); 1441 if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) {
1441 free(signature); 1442 req_presence = (options.pubkey_auth_options &
1442 free(data); 1443 PUBKEYAUTH_TOUCH_REQUIRED);
1443 free(sigalg); 1444 if (req_presence &&
1445 (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) {
1446 error("public key %s %s signature for %s%s from %.128s "
1447 "port %d rejected: user presence (key touch) "
1448 "requirement not met ", sshkey_type(key), fp,
1449 authctxt->valid ? "" : "invalid user ",
1450 authctxt->user, ssh_remote_ipaddr(ssh),
1451 ssh_remote_port(ssh));
1452 ret = SSH_ERR_SIGNATURE_INVALID;
1453 }
1454 }
1455 auth2_record_key(authctxt, ret == 0, key);
1444 1456
1445 if (key_blobtype == MM_USERKEY) 1457 if (key_blobtype == MM_USERKEY)
1446 auth_activate_options(ssh, key_opts); 1458 auth_activate_options(ssh, key_opts);
1447 monitor_reset_key_state(); 1459 monitor_reset_key_state();
1448 1460
1449 sshkey_free(key);
1450 sshbuf_reset(m); 1461 sshbuf_reset(m);
1451 1462
1452 /* encode ret != 0 as positive integer, since we're sending u32 */ 1463 /* encode ret != 0 as positive integer, since we're sending u32 */
@@ -1462,6 +1473,10 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1462 sshkey_sig_details_free(sig_details); 1473 sshkey_sig_details_free(sig_details);
1463 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1474 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1464 1475
1476 free(sigalg);
1477 free(fp);
1478 sshkey_free(key);
1479
1465 return ret == 0; 1480 return ret == 0;
1466} 1481}
1467 1482
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 09:37:02 +0000