2 * authreadkeys.c - routines to support the reading of the key file
8 #include "ntpd.h" /* Only for DPRINTF */
11 #include "ntp_syslog.h"
12 #include "ntp_stdlib.h"
13 #include "ntp_keyacc.h"
16 #include "openssl/objects.h"
17 #include "openssl/evp.h"
21 static char *nexttok (char **);
24 * nexttok - basic internal tokenizing routine
37 * Space past white space
39 while (*cp == ' ' || *cp == '\t')
43 * Save this and space to end of token
46 while (*cp != '\0' && *cp != '\n' && *cp != ' '
47 && *cp != '\t' && *cp != '#')
51 * If token length is zero return an error, else set end of
52 * token to zero and return start.
57 if (*cp == ' ' || *cp == '\t')
67 /* TALOS-CAN-0055: possibly DoS attack by setting the key file to the
68 * log file. This is hard to prevent (it would need to check two files
69 * to be the same on the inode level, which will not work so easily with
70 * Windows or VMS) but we can avoid the self-amplification loop: We only
71 * log the first 5 errors, silently ignore the next 10 errors, and give
72 * up when when we have found more than 15 errors.
74 * This avoids the endless file iteration we will end up with otherwise,
75 * and also avoids overflowing the log file.
77 * Nevertheless, once this happens, the keys are gone since this would
78 * require a save/swap strategy that is not easy to apply due to the
79 * data on global/static level.
82 static const u_int nerr_loglimit = 5u;
83 static const u_int nerr_maxlimit = 15;
85 static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
87 typedef struct keydata KeyDataT;
89 KeyDataT *next; /* queue/stack link */
90 KeyAccT *keyacclist; /* key access list */
91 keyid_t keyid; /* stored key ID */
92 u_short keytype; /* stored key type */
93 u_short seclen; /* length of secret */
94 u_char secbuf[1]; /* begin of secret (formal only)*/
104 if ((NULL == pnerr) || (++(*pnerr) <= nerr_loglimit)) {
106 mvsyslog(LOG_ERR, fmt, ap);
119 while (node->keyacclist) {
120 kap = node->keyacclist;
121 node->keyacclist = kap->next;
125 /* purge secrets from memory before free()ing it */
126 memset(node, 0, sizeof(*node) + node->seclen);
132 * authreadkeys - (re)read keys from a file.
144 char buf[512]; /* lots of room for line */
145 u_char keystr[32]; /* Bug 2537 */
149 KeyDataT *list = NULL;
150 KeyDataT *next = NULL;
152 * Open file. Complain and return if it can't be opened.
154 fp = fopen(file, "r");
156 msyslog(LOG_ERR, "authreadkeys: file '%s': %m",
163 * Now read lines from the file, looking for key entries. Put
164 * the data into temporary store for later propagation to avoid
165 * two-pass processing.
168 while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
169 if (nerr > nerr_maxlimit)
171 token = nexttok(&line);
176 * First is key number. See if it is okay.
181 "authreadkeys: cannot change key %s",
186 if (keyno > NTP_MAXKEY) {
188 "authreadkeys: key %s > %d reserved for Autokey",
194 * Next is keytype. See if that is all right.
196 token = nexttok(&line);
199 "authreadkeys: no key type for key %d",
204 /* We want to silently ignore keys where we do not
205 * support the requested digest type. OTOH, we want to
206 * make sure the file is well-formed. That means we
207 * have to process the line completely and have to
208 * finally throw away the result... This is a bit more
209 * work, but it also results in better error detection.
213 * The key type is the NID used by the message digest
214 * algorithm. There are a number of inconsistencies in
215 * the OpenSSL database. We attempt to discover them
216 * here and prevent use of inconsistent data later.
218 keytype = keytype_from_text(token, NULL);
221 "authreadkeys: invalid type for key %d",
223 } else if (EVP_get_digestbynid(keytype) == NULL) {
225 "authreadkeys: no algorithm for key %d",
229 #else /* !OPENSSL follows */
231 * The key type is unused, but is required to be 'M' or
232 * 'm' for compatibility.
234 if (!(*token == 'M' || *token == 'm')) {
236 "authreadkeys: invalid type for key %d",
240 keytype = KEY_TYPE_MD5;
242 #endif /* !OPENSSL */
245 * Finally, get key and insert it. If it is longer than 20
246 * characters, it is a binary string encoded in hex;
247 * otherwise, it is a text string of printable ASCII
250 token = nexttok(&line);
253 "authreadkeys: no key for key %d", keyno);
258 if (len <= 20) { /* Bug 2537 */
259 next = emalloc(sizeof(KeyDataT) + len);
260 next->keyacclist = NULL;
262 next->keytype = keytype;
264 memcpy(next->secbuf, token, len);
266 static const char hex[] = "0123456789abcdef";
271 jlim = min(len, 2 * sizeof(keystr));
272 for (j = 0; j < jlim; j++) {
273 ptr = strchr(hex, tolower((unsigned char)token[j]));
275 break; /* abort decoding */
276 temp = (u_char)(ptr - hex);
278 keystr[j / 2] |= temp;
280 keystr[j / 2] = temp << 4;
284 "authreadkeys: invalid hex digit for key %d",
288 len = jlim/2; /* hmmmm.... what about odd length?!? */
289 next = emalloc(sizeof(KeyDataT) + len);
290 next->keyacclist = NULL;
292 next->keytype = keytype;
294 memcpy(next->secbuf, keystr, len);
297 token = nexttok(&line);
298 DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
299 if (token != NULL) { /* A comma-separated IP access list */
306 i = strchr(tp, (int)',');
309 DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
311 if (is_ip_address(tp, AF_UNSPEC, &addr)) {
312 next->keyacclist = keyacc_new_push(
313 next->keyacclist, &addr);
316 "authreadkeys: invalid IP address <%s> for key %d",
328 /* check if this has to be weeded out... */
335 INSIST(NULL != next);
341 const char * why = "";
342 if (nerr > nerr_maxlimit)
343 why = " (emergency break)";
345 "authreadkeys: rejecting file '%s' after %u error(s)%s",
350 /* first remove old file-based keys */
352 /* insert the new key material */
353 while (NULL != (next = list)) {
355 MD5auth_setkey(next->keyid, next->keytype,
356 next->secbuf, next->seclen, next->keyacclist);
357 next->keyacclist = NULL; /* consumed by MD5auth_setkey */
363 /* Mop up temporary storage before bailing out. */
364 while (NULL != (next = list)) {