2 * authreadkeys.c - routines to support the reading of the key file
8 #include "ntpd.h" /* Only for DPRINTF */
11 #include "ntp_syslog.h"
12 #include "ntp_stdlib.h"
13 #include "ntp_keyacc.h"
16 #include "openssl/objects.h"
17 #include "openssl/evp.h"
21 static char *nexttok (char **);
24 * nexttok - basic internal tokenizing routine
37 * Space past white space
39 while (*cp == ' ' || *cp == '\t')
43 * Save this and space to end of token
46 while (*cp != '\0' && *cp != '\n' && *cp != ' '
47 && *cp != '\t' && *cp != '#')
51 * If token length is zero return an error, else set end of
52 * token to zero and return start.
57 if (*cp == ' ' || *cp == '\t')
67 /* TALOS-CAN-0055: possibly DoS attack by setting the key file to the
68 * log file. This is hard to prevent (it would need to check two files
69 * to be the same on the inode level, which will not work so easily with
70 * Windows or VMS) but we can avoid the self-amplification loop: We only
71 * log the first 5 errors, silently ignore the next 10 errors, and give
72 * up when when we have found more than 15 errors.
74 * This avoids the endless file iteration we will end up with otherwise,
75 * and also avoids overflowing the log file.
77 * Nevertheless, once this happens, the keys are gone since this would
78 * require a save/swap strategy that is not easy to apply due to the
79 * data on global/static level.
82 static const u_int nerr_loglimit = 5u;
83 static const u_int nerr_maxlimit = 15;
85 static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
87 typedef struct keydata KeyDataT;
89 KeyDataT *next; /* queue/stack link */
90 KeyAccT *keyacclist; /* key access list */
91 keyid_t keyid; /* stored key ID */
92 u_short keytype; /* stored key type */
93 u_short seclen; /* length of secret */
94 u_char secbuf[1]; /* begin of secret (formal only)*/
104 if (++(*pnerr) <= nerr_loglimit) {
106 mvsyslog(LOG_ERR, fmt, ap);
112 * authreadkeys - (re)read keys from a file.
124 char buf[512]; /* lots of room for line */
125 u_char keystr[32]; /* Bug 2537 */
129 KeyDataT *list = NULL;
130 KeyDataT *next = NULL;
132 * Open file. Complain and return if it can't be opened.
134 fp = fopen(file, "r");
136 msyslog(LOG_ERR, "authreadkeys: file '%s': %m",
143 * Now read lines from the file, looking for key entries. Put
144 * the data into temporary store for later propagation to avoid
145 * two-pass processing.
148 while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
149 if (nerr > nerr_maxlimit)
151 token = nexttok(&line);
156 * First is key number. See if it is okay.
161 "authreadkeys: cannot change key %s",
166 if (keyno > NTP_MAXKEY) {
168 "authreadkeys: key %s > %d reserved for Autokey",
174 * Next is keytype. See if that is all right.
176 token = nexttok(&line);
179 "authreadkeys: no key type for key %d",
185 * The key type is the NID used by the message digest
186 * algorithm. There are a number of inconsistencies in
187 * the OpenSSL database. We attempt to discover them
188 * here and prevent use of inconsistent data later.
190 keytype = keytype_from_text(token, NULL);
193 "authreadkeys: invalid type for key %d",
197 if (EVP_get_digestbynid(keytype) == NULL) {
199 "authreadkeys: no algorithm for key %d",
203 #else /* !OPENSSL follows */
206 * The key type is unused, but is required to be 'M' or
207 * 'm' for compatibility.
209 if (!(*token == 'M' || *token == 'm')) {
211 "authreadkeys: invalid type for key %d",
215 keytype = KEY_TYPE_MD5;
216 #endif /* !OPENSSL */
219 * Finally, get key and insert it. If it is longer than 20
220 * characters, it is a binary string encoded in hex;
221 * otherwise, it is a text string of printable ASCII
224 token = nexttok(&line);
227 "authreadkeys: no key for key %d", keyno);
232 if (len <= 20) { /* Bug 2537 */
233 next = emalloc(sizeof(KeyDataT) + len);
234 next->keyacclist = NULL;
236 next->keytype = keytype;
238 memcpy(next->secbuf, token, len);
240 static const char hex[] = "0123456789abcdef";
245 jlim = min(len, 2 * sizeof(keystr));
246 for (j = 0; j < jlim; j++) {
247 ptr = strchr(hex, tolower((unsigned char)token[j]));
249 break; /* abort decoding */
250 temp = (u_char)(ptr - hex);
252 keystr[j / 2] |= temp;
254 keystr[j / 2] = temp << 4;
258 "authreadkeys: invalid hex digit for key %d",
262 len = jlim/2; /* hmmmm.... what about odd length?!? */
263 next = emalloc(sizeof(KeyDataT) + len);
264 next->keyacclist = NULL;
266 next->keytype = keytype;
268 memcpy(next->secbuf, keystr, len);
271 token = nexttok(&line);
272 DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
273 if (token != NULL) { /* A comma-separated IP access list */
280 i = strchr(tp, (int)',');
283 DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
285 if (is_ip_address(tp, AF_UNSPEC, &ka.addr)) {
288 kap = emalloc(sizeof(KeyAccT));
289 memcpy(kap, &ka, sizeof ka);
290 kap->next = next->keyacclist;
291 next->keyacclist = kap;
294 "authreadkeys: invalid IP address <%s> for key %d",
306 INSIST(NULL != next);
311 if (nerr > nerr_maxlimit) {
313 "authreadkeys: rejecting file '%s' after %u errors (emergency break)",
319 "authreadkeys: rejecting file '%s' after %u error(s)",
324 /* first remove old file-based keys */
326 /* insert the new key material */
327 while (NULL != (next = list)) {
329 MD5auth_setkey(next->keyid, next->keytype,
330 next->secbuf, next->seclen, next->keyacclist);
331 /* purge secrets from memory before free()ing it */
332 memset(next, 0, sizeof(*next) + next->seclen);
338 /* Mop up temporary storage before bailing out. */
339 while (NULL != (next = list)) {
342 while (next->keyacclist) {
343 KeyAccT *kap = next->keyacclist;
345 next->keyacclist = kap->next;
349 /* purge secrets from memory before free()ing it */
350 memset(next, 0, sizeof(*next) + next->seclen);