diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2018-07-09 21:37:55 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-10 15:28:30 +1000 |
| commit | b8d9214d969775e409e1408ecdf0d58fad99b344 (patch) | |
| tree | a14a0ac02bd578cb35129946f86aaa12797d0199 /auth2-gss.c | |
| parent | c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 (diff) | |
upstream: sshd: switch GSSAPI to sshbuf API; ok djm@
OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
Diffstat (limited to 'auth2-gss.c')
| -rw-r--r-- | auth2-gss.c | 95 |
1 files changed, 55 insertions, 40 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index 589283b72..a6f2a7125 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.27 2018/07/09 21:37:55 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -33,13 +33,14 @@ | |||
| 33 | #include <stdarg.h> | 33 | #include <stdarg.h> |
| 34 | 34 | ||
| 35 | #include "xmalloc.h" | 35 | #include "xmalloc.h" |
| 36 | #include "key.h" | 36 | #include "sshkey.h" |
| 37 | #include "hostfile.h" | 37 | #include "hostfile.h" |
| 38 | #include "auth.h" | 38 | #include "auth.h" |
| 39 | #include "ssh2.h" | 39 | #include "ssh2.h" |
| 40 | #include "log.h" | 40 | #include "log.h" |
| 41 | #include "dispatch.h" | 41 | #include "dispatch.h" |
| 42 | #include "buffer.h" | 42 | #include "sshbuf.h" |
| 43 | #include "ssherr.h" | ||
| 43 | #include "misc.h" | 44 | #include "misc.h" |
| 44 | #include "servconf.h" | 45 | #include "servconf.h" |
| 45 | #include "packet.h" | 46 | #include "packet.h" |
| @@ -63,16 +64,18 @@ userauth_gssapi(struct ssh *ssh) | |||
| 63 | Authctxt *authctxt = ssh->authctxt; | 64 | Authctxt *authctxt = ssh->authctxt; |
| 64 | gss_OID_desc goid = {0, NULL}; | 65 | gss_OID_desc goid = {0, NULL}; |
| 65 | Gssctxt *ctxt = NULL; | 66 | Gssctxt *ctxt = NULL; |
| 66 | int mechs; | 67 | int r, present; |
| 67 | int present; | 68 | u_int mechs; |
| 68 | OM_uint32 ms; | 69 | OM_uint32 ms; |
| 69 | u_int len; | 70 | size_t len; |
| 70 | u_char *doid = NULL; | 71 | u_char *doid = NULL; |
| 71 | 72 | ||
| 72 | if (!authctxt->valid || authctxt->user == NULL) | 73 | if (!authctxt->valid || authctxt->user == NULL) |
| 73 | return (0); | 74 | return (0); |
| 74 | 75 | ||
| 75 | mechs = packet_get_int(); | 76 | if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) |
| 77 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 78 | |||
| 76 | if (mechs == 0) { | 79 | if (mechs == 0) { |
| 77 | debug("Mechanism negotiation is not supported"); | 80 | debug("Mechanism negotiation is not supported"); |
| 78 | return (0); | 81 | return (0); |
| @@ -84,7 +87,8 @@ userauth_gssapi(struct ssh *ssh) | |||
| 84 | free(doid); | 87 | free(doid); |
| 85 | 88 | ||
| 86 | present = 0; | 89 | present = 0; |
| 87 | doid = packet_get_string(&len); | 90 | if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) |
| 91 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 88 | 92 | ||
| 89 | if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && | 93 | if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && |
| 90 | doid[1] == len - 2) { | 94 | doid[1] == len - 2) { |
| @@ -112,12 +116,12 @@ userauth_gssapi(struct ssh *ssh) | |||
| 112 | 116 | ||
| 113 | authctxt->methoddata = (void *)ctxt; | 117 | authctxt->methoddata = (void *)ctxt; |
| 114 | 118 | ||
| 115 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); | ||
| 116 | |||
| 117 | /* Return the OID that we received */ | 119 | /* Return the OID that we received */ |
| 118 | packet_put_string(doid, len); | 120 | if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || |
| 121 | (r = sshpkt_put_string(ssh, doid, len)) != 0 || | ||
| 122 | (r = sshpkt_send(ssh)) != 0) | ||
| 123 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 119 | 124 | ||
| 120 | packet_send(); | ||
| 121 | free(doid); | 125 | free(doid); |
| 122 | 126 | ||
| 123 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); | 127 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
| @@ -135,36 +139,45 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) | |||
| 135 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 139 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
| 136 | gss_buffer_desc recv_tok; | 140 | gss_buffer_desc recv_tok; |
| 137 | OM_uint32 maj_status, min_status, flags; | 141 | OM_uint32 maj_status, min_status, flags; |
| 138 | u_int len; | 142 | u_char *p; |
| 143 | size_t len; | ||
| 144 | int r; | ||
| 139 | 145 | ||
| 140 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 146 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| 141 | fatal("No authentication or GSSAPI context"); | 147 | fatal("No authentication or GSSAPI context"); |
| 142 | 148 | ||
| 143 | gssctxt = authctxt->methoddata; | 149 | gssctxt = authctxt->methoddata; |
| 144 | recv_tok.value = packet_get_string(&len); | 150 | if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
| 145 | recv_tok.length = len; /* u_int vs. size_t */ | 151 | (r = sshpkt_get_end(ssh)) != 0) |
| 146 | 152 | fatal("%s: %s", __func__, ssh_err(r)); | |
| 147 | packet_check_eom(); | ||
| 148 | 153 | ||
| 154 | recv_tok.value = p; | ||
| 155 | recv_tok.length = len; | ||
| 149 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 156 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| 150 | &send_tok, &flags)); | 157 | &send_tok, &flags)); |
| 151 | 158 | ||
| 152 | free(recv_tok.value); | 159 | free(p); |
| 153 | 160 | ||
| 154 | if (GSS_ERROR(maj_status)) { | 161 | if (GSS_ERROR(maj_status)) { |
| 155 | if (send_tok.length != 0) { | 162 | if (send_tok.length != 0) { |
| 156 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); | 163 | if ((r = sshpkt_start(ssh, |
| 157 | packet_put_string(send_tok.value, send_tok.length); | 164 | SSH2_MSG_USERAUTH_GSSAPI_ERRTOK)) != 0 || |
| 158 | packet_send(); | 165 | (r = sshpkt_put_string(ssh, send_tok.value, |
| 166 | send_tok.length)) != 0 || | ||
| 167 | (r = sshpkt_send(ssh)) != 0) | ||
| 168 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 159 | } | 169 | } |
| 160 | authctxt->postponed = 0; | 170 | authctxt->postponed = 0; |
| 161 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 171 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| 162 | userauth_finish(ssh, 0, "gssapi-with-mic", NULL); | 172 | userauth_finish(ssh, 0, "gssapi-with-mic", NULL); |
| 163 | } else { | 173 | } else { |
| 164 | if (send_tok.length != 0) { | 174 | if (send_tok.length != 0) { |
| 165 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); | 175 | if ((r = sshpkt_start(ssh, |
| 166 | packet_put_string(send_tok.value, send_tok.length); | 176 | SSH2_MSG_USERAUTH_GSSAPI_TOKEN)) != 0 || |
| 167 | packet_send(); | 177 | (r = sshpkt_put_string(ssh, send_tok.value, |
| 178 | send_tok.length)) != 0 || | ||
| 179 | (r = sshpkt_send(ssh)) != 0) | ||
| 180 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 168 | } | 181 | } |
| 169 | if (maj_status == GSS_S_COMPLETE) { | 182 | if (maj_status == GSS_S_COMPLETE) { |
| 170 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 183 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| @@ -190,16 +203,16 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) | |||
| 190 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 203 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
| 191 | gss_buffer_desc recv_tok; | 204 | gss_buffer_desc recv_tok; |
| 192 | OM_uint32 maj_status; | 205 | OM_uint32 maj_status; |
| 193 | u_int len; | 206 | int r; |
| 194 | 207 | ||
| 195 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 208 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| 196 | fatal("No authentication or GSSAPI context"); | 209 | fatal("No authentication or GSSAPI context"); |
| 197 | 210 | ||
| 198 | gssctxt = authctxt->methoddata; | 211 | gssctxt = authctxt->methoddata; |
| 199 | recv_tok.value = packet_get_string(&len); | 212 | if ((r = sshpkt_get_string(ssh, |
| 200 | recv_tok.length = len; | 213 | &recv_tok.value, &recv_tok.length)) != 0 || |
| 201 | 214 | (r = sshpkt_get_end(ssh)) != 0) | |
| 202 | packet_check_eom(); | 215 | fatal("%s: %s", __func__, ssh_err(r)); |
| 203 | 216 | ||
| 204 | /* Push the error token into GSSAPI to see what it says */ | 217 | /* Push the error token into GSSAPI to see what it says */ |
| 205 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 218 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| @@ -238,7 +251,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) | |||
| 238 | * the dispatcher once the exchange is complete | 251 | * the dispatcher once the exchange is complete |
| 239 | */ | 252 | */ |
| 240 | 253 | ||
| 241 | packet_check_eom(); | 254 | if ((r = sshpkt_get_end(ssh)) != 0) |
| 255 | fatal("%s: %s", __func__, ssh_err(r)); | ||
| 242 | 256 | ||
| 243 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 257 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
| 244 | 258 | ||
| @@ -260,10 +274,9 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) | |||
| 260 | { | 274 | { |
| 261 | Authctxt *authctxt = ssh->authctxt; | 275 | Authctxt *authctxt = ssh->authctxt; |
| 262 | Gssctxt *gssctxt; | 276 | Gssctxt *gssctxt; |
| 263 | int authenticated = 0; | 277 | int r, authenticated = 0; |
| 264 | Buffer b; | 278 | struct sshbuf *b; |
| 265 | gss_buffer_desc mic, gssbuf; | 279 | gss_buffer_desc mic, gssbuf; |
| 266 | u_int len; | ||
| 267 | const char *displayname; | 280 | const char *displayname; |
| 268 | 281 | ||
| 269 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 282 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| @@ -271,21 +284,23 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) | |||
| 271 | 284 | ||
| 272 | gssctxt = authctxt->methoddata; | 285 | gssctxt = authctxt->methoddata; |
| 273 | 286 | ||
| 274 | mic.value = packet_get_string(&len); | 287 | if ((r = sshpkt_get_string(ssh, &mic.value, &mic.length)) != 0) |
| 275 | mic.length = len; | 288 | fatal("%s: %s", __func__, ssh_err(r)); |
| 276 | 289 | if ((b = sshbuf_new()) == NULL) | |
| 277 | ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, | 290 | fatal("%s: sshbuf_new failed", __func__); |
| 291 | ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, | ||
| 278 | "gssapi-with-mic"); | 292 | "gssapi-with-mic"); |
| 279 | 293 | ||
| 280 | gssbuf.value = buffer_ptr(&b); | 294 | if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) |
| 281 | gssbuf.length = buffer_len(&b); | 295 | fatal("%s: sshbuf_mutable_ptr failed", __func__); |
| 296 | gssbuf.length = sshbuf_len(b); | ||
| 282 | 297 | ||
| 283 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) | 298 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
| 284 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 299 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
| 285 | else | 300 | else |
| 286 | logit("GSSAPI MIC check failed"); | 301 | logit("GSSAPI MIC check failed"); |
| 287 | 302 | ||
| 288 | buffer_free(&b); | 303 | sshbuf_free(b); |
| 289 | free(mic.value); | 304 | free(mic.value); |
| 290 | 305 | ||
| 291 | if ((!use_privsep || mm_is_monitor()) && | 306 | if ((!use_privsep || mm_is_monitor()) && |