diff options
author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /gss-serv.c | |
parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'gss-serv.c')
-rw-r--r-- | gss-serv.c | 100 |
1 files changed, 49 insertions, 51 deletions
diff --git a/gss-serv.c b/gss-serv.c index 841d8bb2f..e157ec515 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. |
@@ -29,6 +29,7 @@ | |||
29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
30 | 30 | ||
31 | #include <sys/types.h> | 31 | #include <sys/types.h> |
32 | #include <sys/param.h> | ||
32 | 33 | ||
33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
34 | #include <string.h> | 35 | #include <string.h> |
@@ -68,6 +69,53 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
68 | &gssapi_null_mech, | 69 | &gssapi_null_mech, |
69 | }; | 70 | }; |
70 | 71 | ||
72 | |||
73 | /* | ||
74 | * Acquire credentials for a server running on the current host. | ||
75 | * Requires that the context structure contains a valid OID | ||
76 | */ | ||
77 | |||
78 | /* Returns a GSSAPI error code */ | ||
79 | /* Privileged (called from ssh_gssapi_server_ctx) */ | ||
80 | static OM_uint32 | ||
81 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
82 | { | ||
83 | OM_uint32 status; | ||
84 | char lname[MAXHOSTNAMELEN]; | ||
85 | gss_OID_set oidset; | ||
86 | |||
87 | gss_create_empty_oid_set(&status, &oidset); | ||
88 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
89 | |||
90 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
91 | gss_release_oid_set(&status, &oidset); | ||
92 | return (-1); | ||
93 | } | ||
94 | |||
95 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
96 | gss_release_oid_set(&status, &oidset); | ||
97 | return (ctx->major); | ||
98 | } | ||
99 | |||
100 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
101 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) | ||
102 | ssh_gssapi_error(ctx); | ||
103 | |||
104 | gss_release_oid_set(&status, &oidset); | ||
105 | return (ctx->major); | ||
106 | } | ||
107 | |||
108 | /* Privileged */ | ||
109 | OM_uint32 | ||
110 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
111 | { | ||
112 | if (*ctx) | ||
113 | ssh_gssapi_delete_ctx(ctx); | ||
114 | ssh_gssapi_build_ctx(ctx); | ||
115 | ssh_gssapi_set_oid(*ctx, oid); | ||
116 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
117 | } | ||
118 | |||
71 | /* Unprivileged */ | 119 | /* Unprivileged */ |
72 | char * | 120 | char * |
73 | ssh_gssapi_server_mechanisms() { | 121 | ssh_gssapi_server_mechanisms() { |
@@ -115,56 +163,6 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
115 | gss_release_oid_set(&min_status, &supported); | 163 | gss_release_oid_set(&min_status, &supported); |
116 | } | 164 | } |
117 | 165 | ||
118 | OM_uint32 | ||
119 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
120 | { | ||
121 | if (*ctx) | ||
122 | ssh_gssapi_delete_ctx(ctx); | ||
123 | ssh_gssapi_build_ctx(ctx); | ||
124 | ssh_gssapi_set_oid(*ctx, oid); | ||
125 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
126 | } | ||
127 | |||
128 | /* Acquire credentials for a server running on the current host. | ||
129 | * Requires that the context structure contains a valid OID | ||
130 | */ | ||
131 | |||
132 | /* Returns a GSSAPI error code */ | ||
133 | OM_uint32 | ||
134 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
135 | { | ||
136 | OM_uint32 status; | ||
137 | char lname[MAXHOSTNAMELEN]; | ||
138 | gss_OID_set oidset; | ||
139 | |||
140 | if (options.gss_strict_acceptor) { | ||
141 | gss_create_empty_oid_set(&status, &oidset); | ||
142 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
143 | |||
144 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
145 | gss_release_oid_set(&status, &oidset); | ||
146 | return (-1); | ||
147 | } | ||
148 | |||
149 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
150 | gss_release_oid_set(&status, &oidset); | ||
151 | return (ctx->major); | ||
152 | } | ||
153 | |||
154 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
155 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, | ||
156 | NULL, NULL))) | ||
157 | ssh_gssapi_error(ctx); | ||
158 | |||
159 | gss_release_oid_set(&status, &oidset); | ||
160 | return (ctx->major); | ||
161 | } else { | ||
162 | ctx->name = GSS_C_NO_NAME; | ||
163 | ctx->creds = GSS_C_NO_CREDENTIAL; | ||
164 | } | ||
165 | return GSS_S_COMPLETE; | ||
166 | } | ||
167 | |||
168 | 166 | ||
169 | /* Wrapper around accept_sec_context | 167 | /* Wrapper around accept_sec_context |
170 | * Requires that the context contains: | 168 | * Requires that the context contains: |