static AgentConnection *ServerConnection(const char *server, FileCopy fc, int *err)
{
AgentConnection *conn;
*err = 0;
#if !defined(__MINGW32__)
signal(SIGPIPE, SIG_IGN);
#endif /* !__MINGW32__ */
#if !defined(__MINGW32__)
static sigset_t signal_mask;
sigemptyset(&signal_mask);
sigaddset(&signal_mask, SIGPIPE);
pthread_sigmask(SIG_BLOCK, &signal_mask, NULL);
#endif
conn = NewAgentConn(server);
if (strcmp(server, "localhost") == 0)
{
conn->authenticated = true;
return conn;
}
conn->authenticated = false;
conn->encryption_type = CfEnterpriseOptions();
/* username of the client - say root from Windows */
#ifdef __MINGW32__
snprintf(conn->username, CF_SMALLBUF, "root");
#else
GetCurrentUserName(conn->username, CF_SMALLBUF);
#endif /* !__MINGW32__ */
if (conn->sd == SOCKET_INVALID)
{
if (!ServerConnect(conn, server, fc))
{
Log(LOG_LEVEL_INFO, "No server is responding on this port");
DisconnectServer(conn);
*err = -1;
return NULL;
}
if (conn->sd < 0) /* INVALID or OFFLINE socket */
{
UnexpectedError("ServerConnect() succeeded but socket descriptor is %d!",
conn->sd);
*err = -1;
return NULL;
}
if (!IdentifyAgent(conn->sd))
{
Log(LOG_LEVEL_ERR, "Id-authentication for '%s' failed", VFQNAME);
errno = EPERM;
DisconnectServer(conn);
*err = -2; // auth err
return NULL;
}
if (!AuthenticateAgent(conn, fc.trustkey))
{
Log(LOG_LEVEL_ERR, "Authentication dialogue with '%s' failed", server);
errno = EPERM;
DisconnectServer(conn);
*err = -2; // auth err
return NULL;
}
conn->authenticated = true;
return conn;
}
return conn;
}
int AuthenticateAgent(AgentConnection *conn, bool trust_key)
{
char sendbuffer[CF_EXPANDSIZE], in[CF_BUFSIZE], *out, *decrypted_cchall;
BIGNUM *nonce_challenge, *bn = NULL;
unsigned char digest[EVP_MAX_MD_SIZE];
int encrypted_len, nonce_len = 0, len, session_size;
bool need_to_implicitly_trust_server;
char enterprise_field = 'c';
RSA *server_pubkey = NULL;
if ((PUBKEY == NULL) || (PRIVKEY == NULL))
{
/* Try once more to load the keys, maybe the system is converging. */
LoadSecretKeys();
if ((PUBKEY == NULL) || (PRIVKEY == NULL))
{
char *pubkeyfile = PublicKeyFile(GetWorkDir());
Log(LOG_LEVEL_ERR, "No public/private key pair found at: %s", pubkeyfile);
free(pubkeyfile);
return false;
}
}
enterprise_field = CfEnterpriseOptions();
session_size = CfSessionKeySize(enterprise_field);
/* Generate a random challenge to authenticate the server */
nonce_challenge = BN_new();
if (nonce_challenge == NULL)
{
Log(LOG_LEVEL_ERR, "Cannot allocate BIGNUM structure for server challenge");
return false;
}
BN_rand(nonce_challenge, CF_NONCELEN, 0, 0);
nonce_len = BN_bn2mpi(nonce_challenge, in);
if (FIPS_MODE)
{
HashString(in, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(in, nonce_len, digest, HASH_METHOD_MD5);
}
/* We assume that the server bound to the remote socket is the official one i.e. = root's */
/* Ask the server to send us the public key if we don't have it. */
if ((server_pubkey = HavePublicKeyByIP(conn->username, conn->remoteip)))
{
need_to_implicitly_trust_server = false;
encrypted_len = RSA_size(server_pubkey);
}
else
{
need_to_implicitly_trust_server = true;
encrypted_len = nonce_len;
}
// Server pubkey is what we want to has as a unique ID
snprintf(sendbuffer, sizeof(sendbuffer), "SAUTH %c %d %d %c",
need_to_implicitly_trust_server ? 'n': 'y',
encrypted_len, nonce_len, enterprise_field);
out = xmalloc(encrypted_len);
if (server_pubkey != NULL)
{
if (RSA_public_encrypt(nonce_len, in, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
Log(LOG_LEVEL_ERR,
"Public encryption failed. (RSA_public_encrypt: %s)",
CryptoLastErrorString());
free(out);
RSA_free(server_pubkey);
return false;
}
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, out, encrypted_len);
}
else
{
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, in, nonce_len);
}
/* proposition C1 - Send challenge / nonce */
SendTransaction(conn->conn_info, sendbuffer, CF_RSA_PROTO_OFFSET + encrypted_len, CF_DONE);
BN_free(bn);
BN_free(nonce_challenge);
free(out);
/*Send the public key - we don't know if server has it */
/* proposition C2 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->n, sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, len, CF_DONE); /* No need to encrypt the public key ... */
/* proposition C3 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->e, sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, len, CF_DONE);
/* check reply about public key - server can break conn_info here */
/* proposition S1 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->conn_info, in, NULL) == -1)
{
Log(LOG_LEVEL_ERR, "Protocol transaction broken off (1). (ReceiveTransaction: %s)", GetErrorStr());
RSA_free(server_pubkey);
return false;
}
if (BadProtoReply(in))
{
Log(LOG_LEVEL_ERR, "Bad protocol reply: %s", in);
RSA_free(server_pubkey);
return false;
}
/* Get challenge response - should be CF_DEFAULT_DIGEST of challenge */
/* proposition S2 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->conn_info, in, NULL) == -1)
{
Log(LOG_LEVEL_ERR, "Protocol transaction broken off (2). (ReceiveTransaction: %s)", GetErrorStr());
RSA_free(server_pubkey);
return false;
}
/* Check if challenge reply was correct */
if ((HashesMatch(digest, in, CF_DEFAULT_DIGEST)) ||
(HashesMatch(digest, in, HASH_METHOD_MD5))) // Legacy
{
if (need_to_implicitly_trust_server == false)
{
/* The IP was found in lastseen. */
Log(LOG_LEVEL_VERBOSE,
".....................[.h.a.i.l.].................................");
Log(LOG_LEVEL_VERBOSE,
"Strong authentication of server '%s' connection confirmed",
conn->this_server);
}
else /* IP was not found in lastseen */
{
if (trust_key)
{
Log(LOG_LEVEL_VERBOSE,
"Trusting server identity, promise to accept key from '%s' = '%s'",
conn->this_server, conn->remoteip);
}
else
{
Log(LOG_LEVEL_ERR,
"Not authorized to trust public key of server '%s' (trustkey = false)",
conn->this_server);
RSA_free(server_pubkey);
return false;
}
}
}
else
{
Log(LOG_LEVEL_ERR, "Challenge response from server '%s/%s' was incorrect", conn->this_server,
conn->remoteip);
RSA_free(server_pubkey);
return false;
}
/* Receive counter challenge from server */
/* proposition S3 */
memset(in, 0, CF_BUFSIZE);
encrypted_len = ReceiveTransaction(conn->conn_info, in, NULL);
if (encrypted_len <= 0)
{
Log(LOG_LEVEL_ERR, "Protocol transaction sent illegal cipher length");
RSA_free(server_pubkey);
return false;
}
decrypted_cchall = xmalloc(encrypted_len);
if (RSA_private_decrypt(encrypted_len, in, decrypted_cchall, PRIVKEY, RSA_PKCS1_PADDING) <= 0)
{
Log(LOG_LEVEL_ERR,
"Private decrypt failed, abandoning. (RSA_private_decrypt: %s)",
CryptoLastErrorString());
RSA_free(server_pubkey);
return false;
}
/* proposition C4 */
if (FIPS_MODE)
{
HashString(decrypted_cchall, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(decrypted_cchall, nonce_len, digest, HASH_METHOD_MD5);
}
if (FIPS_MODE)
{
SendTransaction(conn->conn_info, digest, CF_DEFAULT_DIGEST_LEN, CF_DONE);
}
else
{
SendTransaction(conn->conn_info, digest, CF_MD5_LEN, CF_DONE);
}
free(decrypted_cchall);
/* If we don't have the server's public key, it will be sent */
if (server_pubkey == NULL)
{
RSA *newkey = RSA_new();
Log(LOG_LEVEL_VERBOSE, "Collecting public key from server!");
/* proposition S4 - conditional */
if ((len = ReceiveTransaction(conn->conn_info, in, NULL)) <= 0)
{
Log(LOG_LEVEL_ERR, "Protocol error in RSA authentation from IP '%s'", conn->this_server);
return false;
}
if ((newkey->n = BN_mpi2bn(in, len, NULL)) == NULL)
{
Log(LOG_LEVEL_ERR,
"Private key decrypt failed. (BN_mpi2bn: %s)",
CryptoLastErrorString());
RSA_free(newkey);
return false;
}
/* proposition S5 - conditional */
if ((len = ReceiveTransaction(conn->conn_info, in, NULL)) <= 0)
{
Log(LOG_LEVEL_INFO, "Protocol error in RSA authentation from IP '%s'",
conn->this_server);
RSA_free(newkey);
return false;
}
if ((newkey->e = BN_mpi2bn(in, len, NULL)) == NULL)
{
Log(LOG_LEVEL_ERR,
"Public key decrypt failed. (BN_mpi2bn: %s)",
CryptoLastErrorString());
RSA_free(newkey);
return false;
}
server_pubkey = RSAPublicKey_dup(newkey);
RSA_free(newkey);
}
assert(server_pubkey != NULL);
/* proposition C5 */
if (!SetSessionKey(conn))
{
Log(LOG_LEVEL_ERR, "Unable to set session key");
return false;
}
if (conn->session_key == NULL)
{
Log(LOG_LEVEL_ERR, "A random session key could not be established");
RSA_free(server_pubkey);
return false;
}
encrypted_len = RSA_size(server_pubkey);
out = xmalloc(encrypted_len);
if (RSA_public_encrypt(session_size, conn->session_key, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
Log(LOG_LEVEL_ERR,
"Public encryption failed. (RSA_public_encrypt: %s)",
CryptoLastErrorString());
free(out);
RSA_free(server_pubkey);
return false;
}
SendTransaction(conn->conn_info, out, encrypted_len, CF_DONE);
Key *key = KeyNew(server_pubkey, CF_DEFAULT_DIGEST);
conn->conn_info->remote_key = key;
Log(LOG_LEVEL_VERBOSE, "Public key identity of host '%s' is: %s",
conn->remoteip, KeyPrintableHash(conn->conn_info->remote_key));
SavePublicKey(conn->username, KeyPrintableHash(conn->conn_info->remote_key), server_pubkey);
unsigned int length = 0;
LastSaw(conn->remoteip, KeyBinaryHash(conn->conn_info->remote_key, &length), LAST_SEEN_ROLE_CONNECT);
free(out);
return true;
}
int AuthenticateAgent(AgentConnection *conn, bool trust_key)
{
char sendbuffer[CF_EXPANDSIZE], in[CF_BUFSIZE], *out, *decrypted_cchall;
BIGNUM *nonce_challenge, *bn = NULL;
unsigned long err;
unsigned char digest[EVP_MAX_MD_SIZE];
int encrypted_len, nonce_len = 0, len, session_size;
bool implicitly_trust_server;
char enterprise_field = 'c';
RSA *server_pubkey = NULL;
if ((PUBKEY == NULL) || (PRIVKEY == NULL))
{
Log(LOG_LEVEL_ERR, "No public/private key pair found at %s", PublicKeyFile(GetWorkDir()));
return false;
}
enterprise_field = CfEnterpriseOptions();
session_size = CfSessionKeySize(enterprise_field);
/* Generate a random challenge to authenticate the server */
nonce_challenge = BN_new();
if (nonce_challenge == NULL)
{
Log(LOG_LEVEL_ERR, "Cannot allocate BIGNUM structure for server challenge");
return false;
}
BN_rand(nonce_challenge, CF_NONCELEN, 0, 0);
nonce_len = BN_bn2mpi(nonce_challenge, in);
if (FIPS_MODE)
{
HashString(in, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(in, nonce_len, digest, HASH_METHOD_MD5);
}
/* We assume that the server bound to the remote socket is the official one i.e. = root's */
if ((server_pubkey = HavePublicKeyByIP(conn->username, conn->remoteip)))
{
implicitly_trust_server = false;
encrypted_len = RSA_size(server_pubkey);
}
else
{
implicitly_trust_server = true;
encrypted_len = nonce_len;
}
// Server pubkey is what we want to has as a unique ID
snprintf(sendbuffer, sizeof(sendbuffer), "SAUTH %c %d %d %c", implicitly_trust_server ? 'n': 'y', encrypted_len,
nonce_len, enterprise_field);
out = xmalloc(encrypted_len);
if (server_pubkey != NULL)
{
if (RSA_public_encrypt(nonce_len, in, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Public encryption failed = %s", ERR_reason_error_string(err));
free(out);
RSA_free(server_pubkey);
return false;
}
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, out, encrypted_len);
}
else
{
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, in, nonce_len);
}
/* proposition C1 - Send challenge / nonce */
SendTransaction(conn->sd, sendbuffer, CF_RSA_PROTO_OFFSET + encrypted_len, CF_DONE);
BN_free(bn);
BN_free(nonce_challenge);
free(out);
if (DEBUG)
{
RSA_print_fp(stdout, PUBKEY, 0);
}
/*Send the public key - we don't know if server has it */
/* proposition C2 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->n, sendbuffer);
SendTransaction(conn->sd, sendbuffer, len, CF_DONE); /* No need to encrypt the public key ... */
/* proposition C3 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->e, sendbuffer);
SendTransaction(conn->sd, sendbuffer, len, CF_DONE);
/* check reply about public key - server can break connection here */
/* proposition S1 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->sd, in, NULL) == -1)
{
Log(LOG_LEVEL_ERR, "Protocol transaction broken off (1): %s", GetErrorStr());
RSA_free(server_pubkey);
return false;
}
if (BadProtoReply(in))
{
Log(LOG_LEVEL_ERR, "%s", in);
RSA_free(server_pubkey);
return false;
}
/* Get challenge response - should be CF_DEFAULT_DIGEST of challenge */
/* proposition S2 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->sd, in, NULL) == -1)
{
Log(LOG_LEVEL_ERR, "Protocol transaction broken off (2): %s", GetErrorStr());
RSA_free(server_pubkey);
return false;
}
if ((HashesMatch(digest, in, CF_DEFAULT_DIGEST)) || (HashesMatch(digest, in, HASH_METHOD_MD5))) // Legacy
{
if (implicitly_trust_server == false) /* challenge reply was correct */
{
Log(LOG_LEVEL_VERBOSE, ".....................[.h.a.i.l.].................................");
Log(LOG_LEVEL_VERBOSE, "Strong authentication of server=%s connection confirmed", conn->this_server);
}
else
{
if (trust_key)
{
Log(LOG_LEVEL_VERBOSE, " -> Trusting server identity, promise to accept key from %s=%s", conn->this_server,
conn->remoteip);
}
else
{
Log(LOG_LEVEL_ERR, " !! Not authorized to trust the server=%s's public key (trustkey=false)",
conn->this_server);
RSA_free(server_pubkey);
return false;
}
}
}
else
{
Log(LOG_LEVEL_ERR, "Challenge response from server %s/%s was incorrect!", conn->this_server,
conn->remoteip);
RSA_free(server_pubkey);
return false;
}
/* Receive counter challenge from server */
/* proposition S3 */
memset(in, 0, CF_BUFSIZE);
encrypted_len = ReceiveTransaction(conn->sd, in, NULL);
if (encrypted_len <= 0)
{
Log(LOG_LEVEL_ERR, "Protocol transaction sent illegal cipher length");
RSA_free(server_pubkey);
return false;
}
decrypted_cchall = xmalloc(encrypted_len);
if (RSA_private_decrypt(encrypted_len, in, decrypted_cchall, PRIVKEY, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Private decrypt failed = %s, abandoning",
ERR_reason_error_string(err));
RSA_free(server_pubkey);
return false;
}
/* proposition C4 */
if (FIPS_MODE)
{
HashString(decrypted_cchall, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(decrypted_cchall, nonce_len, digest, HASH_METHOD_MD5);
}
if (FIPS_MODE)
{
SendTransaction(conn->sd, digest, CF_DEFAULT_DIGEST_LEN, CF_DONE);
}
else
{
SendTransaction(conn->sd, digest, CF_MD5_LEN, CF_DONE);
}
free(decrypted_cchall);
/* If we don't have the server's public key, it will be sent */
if (server_pubkey == NULL)
{
RSA *newkey = RSA_new();
Log(LOG_LEVEL_VERBOSE, " -> Collecting public key from server!");
/* proposition S4 - conditional */
if ((len = ReceiveTransaction(conn->sd, in, NULL)) <= 0)
{
Log(LOG_LEVEL_ERR, "Protocol error in RSA authentation from IP %s", conn->this_server);
return false;
}
if ((newkey->n = BN_mpi2bn(in, len, NULL)) == NULL)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Private key decrypt failed = %s", ERR_reason_error_string(err));
RSA_free(newkey);
return false;
}
/* proposition S5 - conditional */
if ((len = ReceiveTransaction(conn->sd, in, NULL)) <= 0)
{
Log(LOG_LEVEL_INFO, "Protocol error in RSA authentation from IP %s",
conn->this_server);
RSA_free(newkey);
return false;
}
if ((newkey->e = BN_mpi2bn(in, len, NULL)) == NULL)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Public key decrypt failed = %s", ERR_reason_error_string(err));
RSA_free(newkey);
return false;
}
server_pubkey = RSAPublicKey_dup(newkey);
RSA_free(newkey);
}
/* proposition C5 */
if (!SetSessionKey(conn))
{
Log(LOG_LEVEL_ERR, "Unable to set session key");
return false;
}
if (conn->session_key == NULL)
{
Log(LOG_LEVEL_ERR, "A random session key could not be established");
RSA_free(server_pubkey);
return false;
}
encrypted_len = RSA_size(server_pubkey);
out = xmalloc(encrypted_len);
if (RSA_public_encrypt(session_size, conn->session_key, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Public encryption failed = %s", ERR_reason_error_string(err));
free(out);
RSA_free(server_pubkey);
return false;
}
SendTransaction(conn->sd, out, encrypted_len, CF_DONE);
if (server_pubkey != NULL)
{
char buffer[EVP_MAX_MD_SIZE * 4];
HashPubKey(server_pubkey, conn->digest, CF_DEFAULT_DIGEST);
Log(LOG_LEVEL_VERBOSE, " -> Public key identity of host \"%s\" is \"%s\"", conn->remoteip,
HashPrintSafe(CF_DEFAULT_DIGEST, conn->digest, buffer));
SavePublicKey(conn->username, conn->remoteip, buffer, server_pubkey); // FIXME: username is local
LastSaw(conn->remoteip, conn->digest, LAST_SEEN_ROLE_CONNECT);
}
free(out);
RSA_free(server_pubkey);
return true;
}
int AuthenticateAgent(AgentConnection *conn, Attributes attr, Promise *pp)
{
char sendbuffer[CF_EXPANDSIZE], in[CF_BUFSIZE], *out, *decrypted_cchall;
BIGNUM *nonce_challenge, *bn = NULL;
unsigned long err;
unsigned char digest[EVP_MAX_MD_SIZE];
int encrypted_len, nonce_len = 0, len, session_size;
char dont_implicitly_trust_server, enterprise_field = 'c';
RSA *server_pubkey = NULL;
if (PUBKEY == NULL || PRIVKEY == NULL)
{
CfOut(cf_error, "", "No public/private key pair found\n");
return false;
}
enterprise_field = CfEnterpriseOptions();
session_size = CfSessionKeySize(enterprise_field);
/* Generate a random challenge to authenticate the server */
nonce_challenge = BN_new();
BN_rand(nonce_challenge, CF_NONCELEN, 0, 0);
nonce_len = BN_bn2mpi(nonce_challenge, in);
if (FIPS_MODE)
{
HashString(in, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(in, nonce_len, digest, cf_md5);
}
/* We assume that the server bound to the remote socket is the official one i.e. = root's */
if ((server_pubkey = HavePublicKeyByIP(conn->username, conn->remoteip)))
{
dont_implicitly_trust_server = 'y';
encrypted_len = RSA_size(server_pubkey);
}
else
{
dont_implicitly_trust_server = 'n'; /* have to trust server, since we can't verify id */
encrypted_len = nonce_len;
}
// Server pubkey is what we want to has as a unique ID
snprintf(sendbuffer, sizeof(sendbuffer), "SAUTH %c %d %d %c", dont_implicitly_trust_server, encrypted_len,
nonce_len, enterprise_field);
out = xmalloc(encrypted_len);
if (server_pubkey != NULL)
{
if (RSA_public_encrypt(nonce_len, in, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
cfPS(cf_error, CF_FAIL, "", pp, attr, "Public encryption failed = %s\n", ERR_reason_error_string(err));
free(out);
FreeRSAKey(server_pubkey);
return false;
}
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, out, encrypted_len);
}
else
{
memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, in, nonce_len);
}
/* proposition C1 - Send challenge / nonce */
SendTransaction(conn->sd, sendbuffer, CF_RSA_PROTO_OFFSET + encrypted_len, CF_DONE);
BN_free(bn);
BN_free(nonce_challenge);
free(out);
if (DEBUG)
{
RSA_print_fp(stdout, PUBKEY, 0);
}
/*Send the public key - we don't know if server has it */
/* proposition C2 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->n, sendbuffer);
SendTransaction(conn->sd, sendbuffer, len, CF_DONE); /* No need to encrypt the public key ... */
/* proposition C3 */
memset(sendbuffer, 0, CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->e, sendbuffer);
SendTransaction(conn->sd, sendbuffer, len, CF_DONE);
/* check reply about public key - server can break connection here */
/* proposition S1 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->sd, in, NULL) == -1)
{
cfPS(cf_error, CF_INTERPT, "recv", pp, attr, "Protocol transaction broken off (1)");
FreeRSAKey(server_pubkey);
return false;
}
if (BadProtoReply(in))
{
CfOut(cf_error, "", "%s", in);
FreeRSAKey(server_pubkey);
return false;
}
/* Get challenge response - should be CF_DEFAULT_DIGEST of challenge */
/* proposition S2 */
memset(in, 0, CF_BUFSIZE);
if (ReceiveTransaction(conn->sd, in, NULL) == -1)
{
cfPS(cf_error, CF_INTERPT, "recv", pp, attr, "Protocol transaction broken off (2)");
FreeRSAKey(server_pubkey);
return false;
}
if (HashesMatch(digest, in, CF_DEFAULT_DIGEST) || HashesMatch(digest, in, cf_md5)) // Legacy
{
if (dont_implicitly_trust_server == 'y') /* challenge reply was correct */
{
CfOut(cf_verbose, "", ".....................[.h.a.i.l.].................................\n");
CfOut(cf_verbose, "", "Strong authentication of server=%s connection confirmed\n", pp->this_server);
}
else
{
if (attr.copy.trustkey)
{
CfOut(cf_verbose, "", " -> Trusting server identity, promise to accept key from %s=%s", pp->this_server,
conn->remoteip);
}
else
{
CfOut(cf_error, "", " !! Not authorized to trust the server=%s's public key (trustkey=false)\n",
pp->this_server);
PromiseRef(cf_verbose, pp);
FreeRSAKey(server_pubkey);
return false;
}
}
}
else
{
cfPS(cf_error, CF_INTERPT, "", pp, attr, "Challenge response from server %s/%s was incorrect!", pp->this_server,
conn->remoteip);
FreeRSAKey(server_pubkey);
return false;
}
/* Receive counter challenge from server */
CfDebug("Receive counter challenge from server\n");
/* proposition S3 */
memset(in, 0, CF_BUFSIZE);
encrypted_len = ReceiveTransaction(conn->sd, in, NULL);
if (encrypted_len <= 0)
{
CfOut(cf_error, "", "Protocol transaction sent illegal cipher length");
FreeRSAKey(server_pubkey);
return false;
}
decrypted_cchall = xmalloc(encrypted_len);
if (RSA_private_decrypt(encrypted_len, in, decrypted_cchall, PRIVKEY, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
cfPS(cf_error, CF_INTERPT, "", pp, attr, "Private decrypt failed = %s, abandoning\n",
ERR_reason_error_string(err));
FreeRSAKey(server_pubkey);
return false;
}
/* proposition C4 */
if (FIPS_MODE)
{
HashString(decrypted_cchall, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(decrypted_cchall, nonce_len, digest, cf_md5);
}
CfDebug("Replying to counter challenge with hash\n");
if (FIPS_MODE)
{
SendTransaction(conn->sd, digest, CF_DEFAULT_DIGEST_LEN, CF_DONE);
}
else
{
SendTransaction(conn->sd, digest, CF_MD5_LEN, CF_DONE);
}
free(decrypted_cchall);
/* If we don't have the server's public key, it will be sent */
if (server_pubkey == NULL)
{
RSA *newkey = RSA_new();
CfOut(cf_verbose, "", " -> Collecting public key from server!\n");
/* proposition S4 - conditional */
if ((len = ReceiveTransaction(conn->sd, in, NULL)) <= 0)
{
CfOut(cf_error, "", "Protocol error in RSA authentation from IP %s\n", pp->this_server);
return false;
}
if ((newkey->n = BN_mpi2bn(in, len, NULL)) == NULL)
{
err = ERR_get_error();
cfPS(cf_error, CF_INTERPT, "", pp, attr, "Private key decrypt failed = %s\n", ERR_reason_error_string(err));
FreeRSAKey(newkey);
return false;
}
/* proposition S5 - conditional */
if ((len = ReceiveTransaction(conn->sd, in, NULL)) <= 0)
{
cfPS(cf_inform, CF_INTERPT, "", pp, attr, "Protocol error in RSA authentation from IP %s\n",
pp->this_server);
FreeRSAKey(newkey);
return false;
}
if ((newkey->e = BN_mpi2bn(in, len, NULL)) == NULL)
{
err = ERR_get_error();
cfPS(cf_error, CF_INTERPT, "", pp, attr, "Public key decrypt failed = %s\n", ERR_reason_error_string(err));
FreeRSAKey(newkey);
return false;
}
server_pubkey = RSAPublicKey_dup(newkey);
FreeRSAKey(newkey);
}
/* proposition C5 */
SetSessionKey(conn);
if (conn->session_key == NULL)
{
CfOut(cf_error, "", "A random session key could not be established");
FreeRSAKey(server_pubkey);
return false;
}
encrypted_len = RSA_size(server_pubkey);
CfDebug("Encrypt %d bytes of session key into %d RSA bytes\n", session_size, encrypted_len);
out = xmalloc(encrypted_len);
if (RSA_public_encrypt(session_size, conn->session_key, out, server_pubkey, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
cfPS(cf_error, CF_INTERPT, "", pp, attr, "Public encryption failed = %s\n", ERR_reason_error_string(err));
free(out);
FreeRSAKey(server_pubkey);
return false;
}
SendTransaction(conn->sd, out, encrypted_len, CF_DONE);
if (server_pubkey != NULL)
{
HashPubKey(server_pubkey, conn->digest, CF_DEFAULT_DIGEST);
CfOut(cf_verbose, "", " -> Public key identity of host \"%s\" is \"%s\"", conn->remoteip,
HashPrint(CF_DEFAULT_DIGEST, conn->digest));
SavePublicKey(conn->username, conn->remoteip, HashPrint(CF_DEFAULT_DIGEST, conn->digest), server_pubkey); // FIXME: username is local
LastSaw(conn->remoteip, conn->digest, cf_connect);
}
free(out);
FreeRSAKey(server_pubkey);
return true;
}
int EncryptCopyRegularFileNet(const char *source, const char *dest, off_t size, AgentConnection *conn)
{
int dd, blocksize = 2048, n_read = 0, towrite, plainlen, more = true, finlen, cnt = 0;
int tosend, cipherlen = 0;
char *buf, in[CF_BUFSIZE], out[CF_BUFSIZE], workbuf[CF_BUFSIZE], cfchangedstr[265];
unsigned char iv[32] =
{ 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8 };
long n_read_total = 0;
EVP_CIPHER_CTX crypto_ctx;
snprintf(cfchangedstr, 255, "%s%s", CF_CHANGEDSTR1, CF_CHANGEDSTR2);
if ((strlen(dest) > CF_BUFSIZE - 20))
{
Log(LOG_LEVEL_ERR, "Filename too long");
return false;
}
unlink(dest); /* To avoid link attacks */
if ((dd = safe_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY, 0600)) == -1)
{
Log(LOG_LEVEL_ERR,
"Copy from server '%s' to destination '%s' failed (open: %s)",
conn->this_server, dest, GetErrorStr());
unlink(dest);
return false;
}
if (size == 0)
{
// No sense in copying an empty file
close(dd);
return true;
}
workbuf[0] = '\0';
EVP_CIPHER_CTX_init(&crypto_ctx);
snprintf(in, CF_BUFSIZE - CF_PROTO_OFFSET, "GET dummykey %s", source);
cipherlen = EncryptString(conn->encryption_type, in, out, conn->session_key, strlen(in) + 1);
snprintf(workbuf, CF_BUFSIZE, "SGET %4d %4d", cipherlen, blocksize);
memcpy(workbuf + CF_PROTO_OFFSET, out, cipherlen);
tosend = cipherlen + CF_PROTO_OFFSET;
/* Send proposition C0 - query */
if (SendTransaction(conn->conn_info, workbuf, tosend, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Couldn't send data. (SendTransaction: %s)", GetErrorStr());
close(dd);
return false;
}
buf = xmalloc(CF_BUFSIZE + sizeof(int));
n_read_total = 0;
while (more)
{
if ((cipherlen = ReceiveTransaction(conn->conn_info, buf, &more)) == -1)
{
free(buf);
return false;
}
cnt++;
/* If the first thing we get is an error message, break. */
if ((n_read_total == 0) && (strncmp(buf + CF_INBAND_OFFSET, CF_FAILEDSTR, strlen(CF_FAILEDSTR)) == 0))
{
Log(LOG_LEVEL_INFO, "Network access to '%s:%s' denied", conn->this_server, source);
close(dd);
free(buf);
return false;
}
if (strncmp(buf + CF_INBAND_OFFSET, cfchangedstr, strlen(cfchangedstr)) == 0)
{
Log(LOG_LEVEL_INFO, "Source '%s:%s' changed while copying", conn->this_server, source);
close(dd);
free(buf);
return false;
}
EVP_DecryptInit_ex(&crypto_ctx, CfengineCipher(CfEnterpriseOptions()), NULL, conn->session_key, iv);
if (!EVP_DecryptUpdate(&crypto_ctx, workbuf, &plainlen, buf, cipherlen))
{
close(dd);
free(buf);
return false;
}
if (!EVP_DecryptFinal_ex(&crypto_ctx, workbuf + plainlen, &finlen))
{
close(dd);
free(buf);
return false;
}
towrite = n_read = plainlen + finlen;
n_read_total += n_read;
if (!FSWrite(dest, dd, workbuf, towrite))
{
Log(LOG_LEVEL_ERR, "Local disk write failed copying '%s:%s' to '%s:%s'",
conn->this_server, source, dest, GetErrorStr());
if (conn)
{
conn->error = true;
}
free(buf);
unlink(dest);
close(dd);
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return false;
}
}
/* If the file ends with a `hole', something needs to be written at
the end. Otherwise the kernel would truncate the file at the end
of the last write operation. Write a null character and truncate
it again. */
if (ftruncate(dd, n_read_total) < 0)
{
Log(LOG_LEVEL_ERR, "Copy failed (no space?) while copying '%s' from network '%s'",
dest, GetErrorStr());
free(buf);
unlink(dest);
close(dd);
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return false;
}
close(dd);
free(buf);
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return true;
}
/**
* @NOTE if #flags.protocol_version is CF_PROTOCOL_UNDEFINED, then classic
* protocol is used by default.
*/
AgentConnection *ServerConnection(const char *server, const char *port,
unsigned int connect_timeout,
ConnectionFlags flags, int *err)
{
AgentConnection *conn = NULL;
int ret;
*err = 0;
conn = NewAgentConn(server, port, flags);
#if !defined(__MINGW32__)
signal(SIGPIPE, SIG_IGN);
sigset_t signal_mask;
sigemptyset(&signal_mask);
sigaddset(&signal_mask, SIGPIPE);
pthread_sigmask(SIG_BLOCK, &signal_mask, NULL);
/* FIXME: username is local */
GetCurrentUserName(conn->username, sizeof(conn->username));
#else
/* Always say "root" as username from windows. */
strlcpy(conn->username, "root", sizeof(conn->username));
#endif
if (port == NULL || *port == '\0')
{
port = CFENGINE_PORT_STR;
}
char txtaddr[CF_MAX_IP_LEN] = "";
conn->conn_info->sd = SocketConnect(server, port, connect_timeout,
flags.force_ipv4,
txtaddr, sizeof(txtaddr));
if (conn->conn_info->sd == -1)
{
Log(LOG_LEVEL_INFO, "No server is responding on port: %s",
port);
DisconnectServer(conn);
*err = -1;
return NULL;
}
assert(sizeof(conn->remoteip) >= sizeof(txtaddr));
strcpy(conn->remoteip, txtaddr);
switch (flags.protocol_version)
{
case CF_PROTOCOL_UNDEFINED:
case CF_PROTOCOL_TLS:
/* Set the version to request during protocol negotiation. After
* TLSConnect() it will have the version we finally ended up with. */
conn->conn_info->protocol = CF_PROTOCOL_LATEST;
ret = TLSConnect(conn->conn_info, flags.trust_server,
conn->remoteip, conn->username);
if (ret == -1) /* Error */
{
DisconnectServer(conn);
*err = -1;
return NULL;
}
else if (ret == 0) /* Auth/ID error */
{
DisconnectServer(conn);
errno = EPERM;
*err = -2;
return NULL;
}
assert(ret == 1);
conn->conn_info->status = CONNECTIONINFO_STATUS_ESTABLISHED;
LastSaw1(conn->remoteip, KeyPrintableHash(conn->conn_info->remote_key),
LAST_SEEN_ROLE_CONNECT);
break;
case CF_PROTOCOL_CLASSIC:
conn->conn_info->protocol = CF_PROTOCOL_CLASSIC;
conn->encryption_type = CfEnterpriseOptions();
if (!IdentifyAgent(conn->conn_info))
{
Log(LOG_LEVEL_ERR, "Id-authentication for '%s' failed", VFQNAME);
errno = EPERM;
DisconnectServer(conn);
*err = -2; // auth err
return NULL;
}
if (!AuthenticateAgent(conn, flags.trust_server))
{
Log(LOG_LEVEL_ERR, "Authentication dialogue with '%s' failed", server);
errno = EPERM;
DisconnectServer(conn);
*err = -2; // auth err
return NULL;
}
conn->conn_info->status = CONNECTIONINFO_STATUS_ESTABLISHED;
break;
default:
ProgrammingError("ServerConnection: ProtocolVersion %d!",
flags.protocol_version);
}
conn->authenticated = true;
return conn;
}
int EncryptCopyRegularFileNet(const char *source, const char *dest, off_t size, AgentConnection *conn)
{
int dd, blocksize = 2048, n_read = 0, plainlen, more = true, finlen, cnt = 0;
int tosend, cipherlen = 0;
char *buf, in[CF_BUFSIZE], out[CF_BUFSIZE], workbuf[CF_BUFSIZE], cfchangedstr[265];
unsigned char iv[32] =
{ 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8 };
EVP_CIPHER_CTX crypto_ctx;
snprintf(cfchangedstr, 255, "%s%s", CF_CHANGEDSTR1, CF_CHANGEDSTR2);
if ((strlen(dest) > CF_BUFSIZE - 20))
{
Log(LOG_LEVEL_ERR, "Filename too long");
return false;
}
unlink(dest); /* To avoid link attacks */
if ((dd = safe_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY, 0600)) == -1)
{
Log(LOG_LEVEL_ERR,
"Copy from server '%s' to destination '%s' failed (open: %s)",
conn->this_server, dest, GetErrorStr());
unlink(dest);
return false;
}
if (size == 0)
{
// No sense in copying an empty file
close(dd);
return true;
}
workbuf[0] = '\0';
EVP_CIPHER_CTX_init(&crypto_ctx);
snprintf(in, CF_BUFSIZE - CF_PROTO_OFFSET, "GET dummykey %s", source);
cipherlen = EncryptString(out, sizeof(out), in, strlen(in) + 1, conn->encryption_type, conn->session_key);
tosend = cipherlen + CF_PROTO_OFFSET;
if(tosend > sizeof(workbuf))
{
ProgrammingError("EncryptCopyRegularFileNet: tosend (%d) > workbuf (%ld)",
tosend, sizeof(workbuf));
}
snprintf(workbuf, CF_BUFSIZE, "SGET %4d %4d", cipherlen, blocksize);
memcpy(workbuf + CF_PROTO_OFFSET, out, cipherlen);
/* Send proposition C0 - query */
if (SendTransaction(conn->conn_info, workbuf, tosend, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Couldn't send data. (SendTransaction: %s)", GetErrorStr());
close(dd);
return false;
}
buf = xmalloc(CF_BUFSIZE + sizeof(int));
bool last_write_made_hole = false;
size_t n_wrote_total = 0;
while (more)
{
if ((cipherlen = ReceiveTransaction(conn->conn_info, buf, &more)) == -1)
{
free(buf);
return false;
}
cnt++;
/* If the first thing we get is an error message, break. */
if (n_wrote_total == 0 &&
strncmp(buf + CF_INBAND_OFFSET, CF_FAILEDSTR, strlen(CF_FAILEDSTR)) == 0)
{
Log(LOG_LEVEL_INFO, "Network access to '%s:%s' denied", conn->this_server, source);
close(dd);
free(buf);
return false;
}
if (strncmp(buf + CF_INBAND_OFFSET, cfchangedstr, strlen(cfchangedstr)) == 0)
{
Log(LOG_LEVEL_INFO, "Source '%s:%s' changed while copying", conn->this_server, source);
close(dd);
free(buf);
return false;
}
EVP_DecryptInit_ex(&crypto_ctx, CfengineCipher(CfEnterpriseOptions()), NULL, conn->session_key, iv);
if (!EVP_DecryptUpdate(&crypto_ctx, workbuf, &plainlen, buf, cipherlen))
{
close(dd);
free(buf);
return false;
}
if (!EVP_DecryptFinal_ex(&crypto_ctx, workbuf + plainlen, &finlen))
{
close(dd);
free(buf);
return false;
}
n_read = plainlen + finlen;
bool w_ok = FileSparseWrite(dd, workbuf, n_read,
&last_write_made_hole);
if (!w_ok)
{
Log(LOG_LEVEL_ERR,
"Local disk write failed copying '%s:%s' to '%s'",
conn->this_server, source, dest);
free(buf);
unlink(dest);
close(dd);
conn->error = true;
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return false;
}
n_wrote_total += n_read;
}
const bool do_sync = false;
bool ret = FileSparseClose(dd, dest, do_sync,
n_wrote_total, last_write_made_hole);
if (!ret)
{
unlink(dest);
free(buf);
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return false;
}
free(buf);
EVP_CIPHER_CTX_cleanup(&crypto_ctx);
return true;
}
