diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-10-03 08:11:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-10-03 18:31:49 +1000 |
| commit | 13cee44ef907824083d89cb9395adbbd552e46c1 (patch) | |
| tree | 7b742893adfac8c1243f912b1b403686d5ad0fa7 | |
| parent | 12ae8f95e2e0c273e9e7ef930b01a028ef796a3f (diff) | |
| download | openssh-git-13cee44ef907824083d89cb9395adbbd552e46c1.tar.gz | |
upstream: record when the host key checking code downgrades a
certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@
OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
| -rw-r--r-- | kex.h | 8 | ||||
| -rw-r--r-- | sshconnect.c | 55 | ||||
| -rw-r--r-- | sshconnect.h | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 9 |
4 files changed, 57 insertions, 19 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.110 2020/10/03 08:11:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -105,8 +105,10 @@ enum kex_exchange { KEX_MAX }; -#define KEX_INIT_SENT 0x0001 -#define KEX_INITIAL 0x0002 +/* kex->flags values */ +#define KEX_INIT_SENT 0x0001 /* KEXINIT sent */ +#define KEX_INITIAL 0x0002 /* Initial KEX, not rekey */ +#define KEX_HOSTCERT_CONVERT 0x0004 /* Client downgraded hostcert->plain */ struct sshenc { char *name; diff --git a/sshconnect.c b/sshconnect.c index 9ec0618a..3c80756b 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.332 2020/09/09 21:57:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.333 2020/10/03 08:11:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -707,6 +707,10 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, /* * check whether the supplied host key is valid, return -1 if the key * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. + * + * If cert_fallbackp is not NULL then will attempt to convert certificate host + * keys to plain keys if no certificate match was found and will return + * non-zero via *cert_fallbackp if this fall-back was used. */ #define RDRW 0 #define RDONLY 1 @@ -715,7 +719,7 @@ static int check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, struct sshkey *host_key, int readonly, char **user_hostfiles, u_int num_user_hostfiles, - char **system_hostfiles, u_int num_system_hostfiles) + char **system_hostfiles, u_int num_system_hostfiles, int *cert_fallbackp) { HostStatus host_status; HostStatus ip_status; @@ -726,12 +730,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, const char *type; const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0, confirmed; - int local = sockaddr_is_local(hostaddr); + int local = sockaddr_is_local(hostaddr), cert_fallback = 0; int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ struct hostkeys *host_hostkeys, *ip_hostkeys; u_int i; + if (cert_fallbackp != NULL) + *cert_fallbackp = 0; + /* * Force accepting of the host key for loopback/localhost. The * problem is that if the home directory is NFS-mounted to multiple @@ -847,9 +854,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, if (options.host_key_alias == NULL && port != 0 && port != SSH_DEFAULT_PORT) { debug("checking without port identifier"); + /* + * NB. do not perform cert->key fallback in this + * recursive call. Fallback will only be performed in + * the top-level call. + */ if (check_host_key(hostname, hostaddr, 0, host_key, ROQUIET, user_hostfiles, num_user_hostfiles, - system_hostfiles, num_system_hostfiles) == 0) { + system_hostfiles, num_system_hostfiles, + NULL) == 0) { debug("found matching key w/out port"); break; } @@ -1126,10 +1139,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, free_hostkeys(host_hostkeys); if (ip_hostkeys != NULL) free_hostkeys(ip_hostkeys); + if (cert_fallbackp != NULL) + *cert_fallbackp = cert_fallback; return 0; fail: - if (want_cert && host_status != HOST_REVOKED) { + if (cert_fallbackp != NULL && want_cert && + host_status != HOST_REVOKED) { /* * No matching certificate. Downgrade cert to raw key and * search normally. @@ -1141,6 +1157,7 @@ fail: if ((r = sshkey_drop_cert(raw_key)) != 0) fatal("Couldn't drop certificate: %s", ssh_err(r)); host_key = raw_key; + cert_fallback = 1; goto retry; } sshkey_free(raw_key); @@ -1153,15 +1170,24 @@ fail: return -1; } -/* returns 0 if key verifies or -1 if key does NOT verify */ +/* + * returns 0 if key verifies or -1 if key does NOT verify. + * + * If the host key was a certificate that was downgraded to a plain key in + * the process of matching, then cert_fallbackp will be non-zero. + */ int -verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) +verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, + int *cert_fallbackp) { u_int i; - int r = -1, flags = 0; + int r = -1, flags = 0, cert_fallback = 0; char valid[64], *fp = NULL, *cafp = NULL; struct sshkey *plain = NULL; + if (cert_fallbackp != NULL) + *cert_fallbackp = 0; + if ((fp = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { error("%s: fingerprint host key: %s", __func__, ssh_err(r)); @@ -1252,15 +1278,20 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) } r = check_host_key(host, hostaddr, options.port, host_key, RDRW, options.user_hostfiles, options.num_user_hostfiles, - options.system_hostfiles, options.num_system_hostfiles); + options.system_hostfiles, options.num_system_hostfiles, + &cert_fallback); out: sshkey_free(plain); free(fp); free(cafp); - if (r == 0 && host_key != NULL) { - sshkey_free(previous_host_key); - r = sshkey_from_private(host_key, &previous_host_key); + if (r == 0) { + if (host_key != NULL) { + sshkey_free(previous_host_key); + r = sshkey_from_private(host_key, &previous_host_key); + } + if (r == 0 && cert_fallbackp != NULL) + *cert_fallbackp = cert_fallback; } return r; diff --git a/sshconnect.h b/sshconnect.h index 7c091e2b..6d63075e 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.40 2020/01/25 07:17:18 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.41 2020/10/03 08:11:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -41,7 +41,7 @@ void ssh_kill_proxy_command(void); void ssh_login(struct ssh *, Sensitive *, const char *, struct sockaddr *, u_short, struct passwd *, int); -int verify_host_key(char *, struct sockaddr *, struct sshkey *); +int verify_host_key(char *, struct sockaddr *, struct sshkey *, int *); void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, char **, char **); diff --git a/sshconnect2.c b/sshconnect2.c index f64aae66..44d7e682 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.326 2020/09/18 05:23:03 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.327 2020/10/03 08:11:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -97,8 +97,13 @@ struct sockaddr *xxx_hostaddr; static int verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) { - if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) + int cert_downgraded = 0; + + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, + &cert_downgraded) == -1) fatal("Host key verification failed."); + if (cert_downgraded) + ssh->kex->flags |= KEX_HOSTCERT_CONVERT; return 0; } |