From 8b806ee99239d48fd3c2920c19f5cac7d54d2e8d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 18 Jan 2010 23:10:42 -0500 Subject: [PATCH] flesh out check for reasonable-looking service names --- src/monkeysphere-host | 74 +++++++++++++++++++++++++++++++++++++++++-- src/share/common | 22 +++++++++++++ tests/basic | 30 +++++++++--------- 3 files changed, 109 insertions(+), 17 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index fab3ef7..5007cac 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -102,10 +102,80 @@ update_pgp_pub_file() { > "$HOST_KEY_FILE" } -# check that the service name is well formed +# check that the service name is well formed. we assume that the +# service name refers to a host; DNS labels for host names are limited +# to a very small range of characters (see RFC 1912, section 2.1). + +# FIXME: i'm failing to check here for label components that are +# all-number (e.g. ssh://666.666), which are technically not allowed +# (though some exist on the 'net, apparently) + check_service_name() { local name="$1" - log error "FIX ME: check service name" + local errs="" + local scheme + local port + local assigned_ports + + [ -n "$name" ] || \ + failure "You must supply a service name to check" + + printf '%s' "$name" | perl -n -e '($str = $_) =~ s/\s//g ; exit !(lc($str) eq $_);' || \ + failure "Not a valid service name: '$name' + +Service names should be canonicalized to all lower-case, +with no whitespace" + + [[ "$name" =~ ^[a-z0-9./:-]+$ ]] || \ + failure "Not a valid service name: '$name' + +Service names should contain only lower-case ASCII letters +numbers, dots (.), hyphens (-), slashes (/), and a colon (:). +If you are using non-ASCII characters (e.g. IDN), you should +use the canonicalized ASCII (NAMEPREP -> Punycode) representation +(see RFC 3490)." + + [[ "$name" =~ \. ]] || \ + failure "Not a valid service name: '$name' + +Service names should use fully-qualified domain names (FQDN), but the +domain name you chose appears to only have the local part. For +example: don't use 'ssh://foo' ; use 'ssh://foo.example.com' instead." + + [[ "$name" =~ ^[a-z]([a-z0-9-]*[a-z0-9])?://[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.|((\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+))(:[1-9][0-9]{0,4})?$ ]] || \ + failure "Not a valid service name: '$name' + +Service names look like ://full.example.com[:], +where is something like ssh or https, and is +a decimal number (supplied only if the service is on a non-standard +port)." + + scheme=$(cut -f1 -d: <<<"$name") + port=$(cut -f3 -d: <<<"$name") + + # check that the scheme name is found in the system services + # database + available_=$(get_port_for_service "$scheme") || \ + log error "Error looking up service scheme named '%s'" "$scheme" + + # FIXME: if the service isn't found, or does not have a port, what + # should we do? at the moment, we're just warning. + + if [ -n "$port" ]; then + # check that the port number is a legitimate port number (> 0, < 65536) + [ "$port" -gt 0 ] && [ "$port" -lt 65536 ] || \ + failure "The given port number should be greater than 0 and +less than 65536. '$port' is not OK" + + # if the port number is given, and the scheme is in the services + # database, check that the port number does *not* match the + # default port. + if (printf '%s' "$assigned_ports" | grep -q -F -x "$port" ) ; then + failure $(printf "The scheme %s uses port number %d by default. +You should leave off the port number if it is the default" "$scheme" "$port") + fi + fi + } # fail if host key not present diff --git a/src/share/common b/src/share/common index 97f001a..0a7fe87 100644 --- a/src/share/common +++ b/src/share/common @@ -436,6 +436,28 @@ list_users() { fi } +# take one argument, a service name. in response, print a series of +# lines, each with a unique numeric port number that might be +# associated with that service name. (e.g. in: "https", out: "443") +# if nothing is found, print nothing, and return 0. +# +# return 1 if there was an error in the search somehow +get_port_for_service() { + + [[ "$1" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$ ]] || \ + failure $(printf "This is not a valid service name: '%s'" "$1") + if type getent &>/dev/null ; then + # for linux and FreeBSD systems (getent returns 2 if not found, 0 on success, 1 or 3 on various failures) + (getent services "$service" || if [ "$?" -eq 2 ] ; then true ; else false; fi) | awk '{ print $2 }' | cut -f1 -d/ | sort -u + elif [ -r /etc/services ] ; then + # fall back to /etc/services for systems that don't have getent (MacOS?) + # FIXME: doesn't handle aliases like "null" (or "http"?), which don't show up at the beginning of the line. + awk $(printf '/^%s[[:space:]]/{ print $2 }' "$1") /etc/services | cut -f1 -d/ | sort -u + else + return 1 + fi +} + # return the path to the home directory of a user get_homedir() { local uname=${1:-`whoami`} diff --git a/tests/basic b/tests/basic index 6755329..4ceabd4 100755 --- a/tests/basic +++ b/tests/basic @@ -73,7 +73,7 @@ ssh_test() { # make a client connection to the socket echo "##### starting ssh client..." ssh-agent bash -c \ - "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost} true" \ + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost.example} true" \ || RETURN="$?" # kill the sshd process if it's still running @@ -252,7 +252,7 @@ echo echo "##################################################" echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost +monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost.example echo echo "##################################################" @@ -297,7 +297,7 @@ EOF monkeysphere-authentication setup get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf -# add admin as identity certifier for testhost +# add admin as identity certifier for testhost.example echo echo "##################################################" echo "### adding admin as certifier..." @@ -346,7 +346,7 @@ monkeysphere-authentication update-users $(whoami) echo echo "##################################################" echo "### testing monkeysphere keys-for-userid ..." -diff -q <( monkeysphere keys-for-userid ssh://testhost ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub ) +diff -q <( monkeysphere keys-for-userid ssh://testhost.example ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub ) # connect to test sshd, using monkeysphere ssh-proxycommand to verify # the identity before connection. This should work in both directions! @@ -503,36 +503,36 @@ ssh_test echo echo "##################################################" -echo "### ssh connection test directly to 'testhost2' without new name..." -target_hostname=testhost2 ssh_test 255 +echo "### ssh connection test directly to 'testhost2.example' without new name..." +target_hostname=testhost2.example ssh_test 255 echo echo "##################################################" echo "### add servicename, certify by admin, import by user..." -monkeysphere-host add-servicename ssh://testhost2 +monkeysphere-host add-servicename ssh://testhost2.example <"$HOST_KEY_FILE" gpgadmin --import printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" echo echo "##################################################" -echo "### ssh connection test with hostname 'testhost2' added..." +echo "### ssh connection test with hostname 'testhost2.example' added..." gpgadmin --export "$SSHHOSTKEYID" | gpg --import gpg --check-trustdb ssh_test echo echo "##################################################" -echo "### ssh connection test directly to 'testhost2' ..." +echo "### ssh connection test directly to 'testhost2.example' ..." gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb -target_hostname=testhost2 ssh_test +target_hostname=testhost2.example ssh_test echo echo "##################################################" -echo "### ssh connection test for failure with 'testhost2' revoked..." -monkeysphere-host revoke-servicename ssh://testhost2 +echo "### ssh connection test for failure with 'testhost2.example' revoked..." +monkeysphere-host revoke-servicename ssh://testhost2.example gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb -target_hostname=testhost2 ssh_test 255 +target_hostname=testhost2.example ssh_test 255 # FIXME: addtest: remove admin as id-certifier and check ssh failure @@ -553,8 +553,8 @@ echo echo "##################################################" echo "### Testing TLS setup..." -openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=net/DC=example/DC=testhost/CN=testhost.example.net/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem -monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost +openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=example/DC=testhost/CN=testhost.example/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem +monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost.example # FIXME: how can we test this via an https client? # We don't currently provide one. -- 2.26.2