* Update to current GSSAPI patch from

http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042).
author: Colin Watson <cjwatson@debian.org> 2006-05-12 09:46:51 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-05-12 09:46:51 +0000
commit: 2a3e00306c9b3b4db71a777a7c3ccb70e470c675 (patch)
tree: f00af0128b0ac750d739384f111000c1c97007e4 /kexgssc.c
parent: 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (diff)
1 files changed, 110 insertions, 49 deletions
diff --git a/kexgssc.c b/kexgssc.c
index eee96dd23..9830ad384 100644
--- a/kexgssc.c
+++ b/kexgssc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2004 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -42,34 +42,65 @@
 void
 kexgss_client(Kex *kex) {
-        gss_buffer_desc gssbuf, send_tok, recv_tok, msg_tok, *token_ptr;
+        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
        Gssctxt *ctxt;
        OM_uint32 maj_status, min_status, ret_flags;
-        unsigned int klen, kout;
+        u_int klen, kout, slen = 0, hashlen, strlen;
        DH *dh; 
-        BIGNUM *dh_server_pub = 0;
+        BIGNUM *dh_server_pub = NULL;
-        BIGNUM *shared_secret = 0;      
+        BIGNUM *shared_secret = NULL;
-        unsigned char *kbuf;
+        BIGNUM *p = NULL;
-        unsigned char *hash;
+        BIGNUM *g = NULL;       
-        unsigned char *serverhostkey;
+        u_char *kbuf, *hash;
+        u_char *serverhostkey = NULL;
        char *msg;
        char *lang;
        int type = 0;
        int first = 1;
-        int slen = 0;
+        int gex = 0;
-        u_int strlen;
+        int nbits, min, max;
-        
+        /* Initialise our GSSAPI world */       
        ssh_gssapi_build_ctx(&ctxt);
-        if (ssh_gssapi_id_kex(ctxt,kex->name) == NULL)
+        if (ssh_gssapi_id_kex(ctxt, kex->name, &gex) == NULL)
                fatal("Couldn't identify host exchange");
-        if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1)))
+        if (ssh_gssapi_import_name(ctxt, kex->gss_host))
-                fatal("Couldn't import hostname ");
+                fatal("Couldn't import hostname");
+        
+        if (gex) {
+                debug("Doing group exchange\n");
+                nbits = dh_estimate(kex->we_need * 8);
+                min = DH_GRP_MIN;
+                max = DH_GRP_MAX;
+                packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
+                packet_put_int(min);
+                packet_put_int(nbits);
+                packet_put_int(max);
+                packet_send();
+                packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
+                if ((p = BN_new()) == NULL)
+                        fatal("BN_new() failed");
+                packet_get_bignum2(p);
+                if ((g = BN_new()) == NULL)
+                        fatal("BN_new() failed");
+                packet_get_bignum2(g);
+                packet_check_eom();
+                if (BN_num_bits(p) < min || BN_num_bits(p) > max)
+                        fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
+                            min, BN_num_bits(p), max);
+                dh = dh_new_group(g, p);
+        } else {
+                dh = dh_new_group1();
+        }
        
-        /* This code should match that in ssh_dh1_client */
-                
        /* Step 1 - e is dh->pub_key */
-        dh = dh_new_group1();
        dh_gen_key(dh, kex->we_need * 8);
        /* This is f, we initialise it now to make life easier */
@@ -97,7 +128,7 @@ kexgss_client(Kex *kex) {
                /* If we've got an old receive buffer get rid of it */
                if (token_ptr != GSS_C_NO_BUFFER)
-                        (void) gss_release_buffer(&min_status, &recv_tok);
+                        xfree(recv_tok.value);
                if (maj_status == GSS_S_COMPLETE) {
                        /* If mutual state flag is not true, kex fails */
@@ -126,15 +157,21 @@ kexgss_client(Kex *kex) {
                                    send_tok.length);
                        }
                        packet_send();
+                        gss_release_buffer(&min_status, &send_tok);
                        /* If we've sent them data, they should reply */
-                
+                        do {    
-                        type = packet_read();
+                                type = packet_read();
+                                if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
+                                        debug("Received KEXGSS_HOSTKEY");
+                                        if (serverhostkey)
+                                                fatal("Server host key received more than once");
+                                        serverhostkey = 
+                                            packet_get_string(&slen);
+                                }
+                        } while (type == SSH2_MSG_KEXGSS_HOSTKEY);
                        switch (type) {
-                        case SSH2_MSG_KEXGSS_HOSTKEY:
-                                debug("Received KEXGSS_HOSTKEY");
-                                serverhostkey = packet_get_string(&slen);
-                                break;
                        case SSH2_MSG_KEXGSS_CONTINUE:
                                debug("Received GSSAPI_CONTINUE");
                                if (maj_status == GSS_S_COMPLETE) 
@@ -144,8 +181,8 @@ kexgss_client(Kex *kex) {
                                break;
                        case SSH2_MSG_KEXGSS_COMPLETE:
                                debug("Received GSSAPI_COMPLETE");
-                                packet_get_bignum2(dh_server_pub);
+                                packet_get_bignum2(dh_server_pub);
-                                msg_tok.value = packet_get_string(&strlen);
+                                msg_tok.value =  packet_get_string(&strlen);
                                msg_tok.length = strlen; 
                                /* Is there a token included? */
@@ -156,10 +193,10 @@ kexgss_client(Kex *kex) {
                                        /* If we're already complete - protocol error */
                                        if (maj_status == GSS_S_COMPLETE)
                                                packet_disconnect("Protocol error: received token when complete");
-                                } else {
+                                        } else {
-                                        /* No token included */
+                                                /* No token included */
-                                        if (maj_status != GSS_S_COMPLETE)
+                                                if (maj_status != GSS_S_COMPLETE)
-                                                packet_disconnect("Protocol error: did not receive final token");
+                                                        packet_disconnect("Protocol error: did not receive final token");
                                }
                                break;
                        case SSH2_MSG_KEXGSS_ERROR:
@@ -168,7 +205,7 @@ kexgss_client(Kex *kex) {
                                min_status = packet_get_int();
                                msg = packet_get_string(NULL);
                                lang = packet_get_string(NULL);
-                                fprintf(stderr,"GSSAPI Error: \n%s",msg);
+                                fatal("GSSAPI Error: \n%s",msg);
                        default:
                                packet_disconnect("Protocol error: didn't expect packet type %d",
                                type);
@@ -181,12 +218,12 @@ kexgss_client(Kex *kex) {
                }
        } while (maj_status & GSS_S_CONTINUE_NEEDED);
-        /* 
+        /* 
         * We _must_ have received a COMPLETE message in reply from the 
-         * server, which will have set dh_server_pub and msg_tok 
+         * server, which will have set dh_server_pub and msg_tok 
         */
-        if (type!=SSH2_MSG_KEXGSS_COMPLETE)
+        if (type != SSH2_MSG_KEXGSS_COMPLETE)
                fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
        /* Check f in range [1, p-1] */
@@ -203,28 +240,52 @@ kexgss_client(Kex *kex) {
        memset(kbuf, 0, klen);
        xfree(kbuf);
-        /* The GSS hash is identical to the DH one */
+        if (gex) {
-        hash = kex_dh_hash( kex->client_version_string, 
+                kexgex_hash(
-            kex->server_version_string,
+                    kex->evp_md,
-            buffer_ptr(&kex->my), buffer_len(&kex->my),
+                    kex->client_version_string,
-            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+                    kex->server_version_string,
-            serverhostkey, slen, /* server host key */
+                    buffer_ptr(&kex->my), buffer_len(&kex->my),
-            dh->pub_key,        /* e */
+                    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
-            dh_server_pub,      /* f */
+                    serverhostkey, slen,
-            shared_secret       /* K */
+                    min, nbits, max,
-        );
+                    dh->p, dh->g,
-        
+                    dh->pub_key,
+                    dh_server_pub,
+                    shared_secret,
+                    &hash, &hashlen
+                );
+        } else {
+                /* The GSS hash is identical to the DH one */
+                kex_dh_hash( kex->client_version_string, 
+                    kex->server_version_string,
+                    buffer_ptr(&kex->my), buffer_len(&kex->my),
+                    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+                    serverhostkey, slen, /* server host key */
+                    dh->pub_key,        /* e */
+                    dh_server_pub,      /* f */
+                    shared_secret,      /* K */
+                    &hash, &hashlen
+                );
+        }
        gssbuf.value = hash;
-        gssbuf.length = 20;
+        gssbuf.length = hashlen;
        /* Verify that the hash matches the MIC we just got. */
        if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
                packet_disconnect("Hash's MIC didn't verify");
-        
+        xfree(msg_tok.value);
        DH_free(dh);
+        if (serverhostkey)
+                xfree(serverhostkey);
+        BN_clear_free(dh_server_pub);
        /* save session id */
        if (kex->session_id == NULL) {
-                kex->session_id_len = 20;
+                kex->session_id_len = hashlen;
                kex->session_id = xmalloc(kex->session_id_len);
                memcpy(kex->session_id, hash, kex->session_id_len);
        }
@@ -234,7 +295,7 @@ kexgss_client(Kex *kex) {
        else
                ssh_gssapi_delete_ctx(&ctxt);
-        kex_derive_keys(kex, hash, shared_secret);
+        kex_derive_keys(kex, hash, hashlen, shared_secret);
        BN_clear_free(shared_secret);
        kex_finish(kex);
 }
author	Colin Watson <cjwatson@debian.org>	2006-05-12 09:46:51 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-05-12 09:46:51 +0000
commit	2a3e00306c9b3b4db71a777a7c3ccb70e470c675 (patch)
tree	f00af0128b0ac750d739384f111000c1c97007e4 /kexgssc.c
parent	2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (diff)

diff --git a/kexgssc.c b/kexgssc.c index eee96dd23..9830ad384 100644 --- a/kexgssc.c +++ b/kexgssc.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	* Copyright (c) 2001-2004 Simon Wilkinson. All rights reserved.	2	* Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
3	*	3	*
4	* Redistribution and use in source and binary forms, with or without	4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions	5	* modification, are permitted provided that the following conditions
@@ -42,34 +42,65 @@
42		42
43	void	43	void
44	kexgss_client(Kex *kex) {	44	kexgss_client(Kex *kex) {
45	gss_buffer_desc gssbuf, send_tok, recv_tok, msg_tok, *token_ptr;	45	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
		46	gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
46	Gssctxt *ctxt;	47	Gssctxt *ctxt;
47	OM_uint32 maj_status, min_status, ret_flags;	48	OM_uint32 maj_status, min_status, ret_flags;
48	unsigned int klen, kout;	49	u_int klen, kout, slen = 0, hashlen, strlen;
49	DH *dh;	50	DH *dh;
50	BIGNUM *dh_server_pub = 0;	51	BIGNUM *dh_server_pub = NULL;
51	BIGNUM *shared_secret = 0;	52	BIGNUM *shared_secret = NULL;
52	unsigned char *kbuf;	53	BIGNUM *p = NULL;
53	unsigned char *hash;	54	BIGNUM *g = NULL;
54	unsigned char *serverhostkey;	55	u_char kbuf, hash;
		56	u_char *serverhostkey = NULL;
55	char *msg;	57	char *msg;
56	char *lang;	58	char *lang;
57	int type = 0;	59	int type = 0;
58	int first = 1;	60	int first = 1;
59	int slen = 0;	61	int gex = 0;
60	u_int strlen;	62	int nbits, min, max;
61		63
		64	/* Initialise our GSSAPI world */
62	ssh_gssapi_build_ctx(&ctxt);	65	ssh_gssapi_build_ctx(&ctxt);
63	if (ssh_gssapi_id_kex(ctxt,kex->name) == NULL)	66	if (ssh_gssapi_id_kex(ctxt, kex->name, &gex) == NULL)
64	fatal("Couldn't identify host exchange");	67	fatal("Couldn't identify host exchange");
65		68
66	if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1)))	69	if (ssh_gssapi_import_name(ctxt, kex->gss_host))
67	fatal("Couldn't import hostname ");	70	fatal("Couldn't import hostname");
		71
		72	if (gex) {
		73	debug("Doing group exchange\n");
		74	nbits = dh_estimate(kex->we_need * 8);
		75	min = DH_GRP_MIN;
		76	max = DH_GRP_MAX;
		77	packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
		78	packet_put_int(min);
		79	packet_put_int(nbits);
		80	packet_put_int(max);
		81
		82	packet_send();
		83
		84	packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
		85
		86	if ((p = BN_new()) == NULL)
		87	fatal("BN_new() failed");
		88	packet_get_bignum2(p);
		89	if ((g = BN_new()) == NULL)
		90	fatal("BN_new() failed");
		91	packet_get_bignum2(g);
		92	packet_check_eom();
		93
		94	if (BN_num_bits(p) < min \|\| BN_num_bits(p) > max)
		95	fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
		96	min, BN_num_bits(p), max);
		97
		98	dh = dh_new_group(g, p);
		99	} else {
		100	dh = dh_new_group1();
		101	}
68		102
69	/* This code should match that in ssh_dh1_client */
70
71	/* Step 1 - e is dh->pub_key */	103	/* Step 1 - e is dh->pub_key */
72	dh = dh_new_group1();
73	dh_gen_key(dh, kex->we_need * 8);	104	dh_gen_key(dh, kex->we_need * 8);
74		105
75	/* This is f, we initialise it now to make life easier */	106	/* This is f, we initialise it now to make life easier */
@@ -97,7 +128,7 @@ kexgss_client(Kex *kex) {
97		128
98	/* If we've got an old receive buffer get rid of it */	129	/* If we've got an old receive buffer get rid of it */
99	if (token_ptr != GSS_C_NO_BUFFER)	130	if (token_ptr != GSS_C_NO_BUFFER)
100	(void) gss_release_buffer(&min_status, &recv_tok);	131	xfree(recv_tok.value);
101		132
102	if (maj_status == GSS_S_COMPLETE) {	133	if (maj_status == GSS_S_COMPLETE) {
103	/* If mutual state flag is not true, kex fails */	134	/* If mutual state flag is not true, kex fails */
@@ -126,15 +157,21 @@ kexgss_client(Kex *kex) {
126	send_tok.length);	157	send_tok.length);
127	}	158	}
128	packet_send();	159	packet_send();
		160	gss_release_buffer(&min_status, &send_tok);
129		161
130	/* If we've sent them data, they should reply */	162	/* If we've sent them data, they should reply */
131		163	do {
132	type = packet_read();	164	type = packet_read();
		165	if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
		166	debug("Received KEXGSS_HOSTKEY");
		167	if (serverhostkey)
		168	fatal("Server host key received more than once");
		169	serverhostkey =
		170	packet_get_string(&slen);
		171	}
		172	} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
		173
133	switch (type) {	174	switch (type) {
134	case SSH2_MSG_KEXGSS_HOSTKEY:
135	debug("Received KEXGSS_HOSTKEY");
136	serverhostkey = packet_get_string(&slen);
137	break;
138	case SSH2_MSG_KEXGSS_CONTINUE:	175	case SSH2_MSG_KEXGSS_CONTINUE:
139	debug("Received GSSAPI_CONTINUE");	176	debug("Received GSSAPI_CONTINUE");
140	if (maj_status == GSS_S_COMPLETE)	177	if (maj_status == GSS_S_COMPLETE)
@@ -144,8 +181,8 @@ kexgss_client(Kex *kex) {
144	break;	181	break;
145	case SSH2_MSG_KEXGSS_COMPLETE:	182	case SSH2_MSG_KEXGSS_COMPLETE:
146	debug("Received GSSAPI_COMPLETE");	183	debug("Received GSSAPI_COMPLETE");
147	packet_get_bignum2(dh_server_pub);	184	packet_get_bignum2(dh_server_pub);
148	msg_tok.value = packet_get_string(&strlen);	185	msg_tok.value = packet_get_string(&strlen);
149	msg_tok.length = strlen;	186	msg_tok.length = strlen;
150		187
151	/* Is there a token included? */	188	/* Is there a token included? */
@@ -156,10 +193,10 @@ kexgss_client(Kex *kex) {
156	/* If we're already complete - protocol error */	193	/* If we're already complete - protocol error */
157	if (maj_status == GSS_S_COMPLETE)	194	if (maj_status == GSS_S_COMPLETE)
158	packet_disconnect("Protocol error: received token when complete");	195	packet_disconnect("Protocol error: received token when complete");
159	} else {	196	} else {
160	/* No token included */	197	/* No token included */
161	if (maj_status != GSS_S_COMPLETE)	198	if (maj_status != GSS_S_COMPLETE)
162	packet_disconnect("Protocol error: did not receive final token");	199	packet_disconnect("Protocol error: did not receive final token");
163	}	200	}
164	break;	201	break;
165	case SSH2_MSG_KEXGSS_ERROR:	202	case SSH2_MSG_KEXGSS_ERROR:
@@ -168,7 +205,7 @@ kexgss_client(Kex *kex) {
168	min_status = packet_get_int();	205	min_status = packet_get_int();
169	msg = packet_get_string(NULL);	206	msg = packet_get_string(NULL);
170	lang = packet_get_string(NULL);	207	lang = packet_get_string(NULL);
171	fprintf(stderr,"GSSAPI Error: \n%s",msg);	208	fatal("GSSAPI Error: \n%s",msg);
172	default:	209	default:
173	packet_disconnect("Protocol error: didn't expect packet type %d",	210	packet_disconnect("Protocol error: didn't expect packet type %d",
174	type);	211	type);
@@ -181,12 +218,12 @@ kexgss_client(Kex *kex) {
181	}	218	}
182	} while (maj_status & GSS_S_CONTINUE_NEEDED);	219	} while (maj_status & GSS_S_CONTINUE_NEEDED);
183		220
184	/*	221	/*
185	* We _must_ have received a COMPLETE message in reply from the	222	* We _must_ have received a COMPLETE message in reply from the
186	* server, which will have set dh_server_pub and msg_tok	223	* server, which will have set dh_server_pub and msg_tok
187	*/	224	*/
188		225
189	if (type!=SSH2_MSG_KEXGSS_COMPLETE)	226	if (type != SSH2_MSG_KEXGSS_COMPLETE)
190	fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");	227	fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
191		228
192	/* Check f in range [1, p-1] */	229	/* Check f in range [1, p-1] */
@@ -203,28 +240,52 @@ kexgss_client(Kex *kex) {
203	memset(kbuf, 0, klen);	240	memset(kbuf, 0, klen);
204	xfree(kbuf);	241	xfree(kbuf);
205		242
206	/* The GSS hash is identical to the DH one */	243	if (gex) {
207	hash = kex_dh_hash( kex->client_version_string,	244	kexgex_hash(
208	kex->server_version_string,	245	kex->evp_md,
209	buffer_ptr(&kex->my), buffer_len(&kex->my),	246	kex->client_version_string,
210	buffer_ptr(&kex->peer), buffer_len(&kex->peer),	247	kex->server_version_string,
211	serverhostkey, slen, /* server host key */	248	buffer_ptr(&kex->my), buffer_len(&kex->my),
212	dh->pub_key, /* e */	249	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
213	dh_server_pub, /* f */	250	serverhostkey, slen,
214	shared_secret /* K */	251	min, nbits, max,
215	);	252	dh->p, dh->g,
216		253	dh->pub_key,
		254	dh_server_pub,
		255	shared_secret,
		256	&hash, &hashlen
		257	);
		258	} else {
		259	/* The GSS hash is identical to the DH one */
		260	kex_dh_hash( kex->client_version_string,
		261	kex->server_version_string,
		262	buffer_ptr(&kex->my), buffer_len(&kex->my),
		263	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
		264	serverhostkey, slen, /* server host key */
		265	dh->pub_key, /* e */
		266	dh_server_pub, /* f */
		267	shared_secret, /* K */
		268	&hash, &hashlen
		269	);
		270	}
		271
217	gssbuf.value = hash;	272	gssbuf.value = hash;
218	gssbuf.length = 20;	273	gssbuf.length = hashlen;
219		274
220	/* Verify that the hash matches the MIC we just got. */	275	/* Verify that the hash matches the MIC we just got. */
221	if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))	276	if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
222	packet_disconnect("Hash's MIC didn't verify");	277	packet_disconnect("Hash's MIC didn't verify");
223		278
		279	xfree(msg_tok.value);
		280
224	DH_free(dh);	281	DH_free(dh);
		282	if (serverhostkey)
		283	xfree(serverhostkey);
		284	BN_clear_free(dh_server_pub);
		285
225	/* save session id */	286	/* save session id */
226	if (kex->session_id == NULL) {	287	if (kex->session_id == NULL) {
227	kex->session_id_len = 20;	288	kex->session_id_len = hashlen;
228	kex->session_id = xmalloc(kex->session_id_len);	289	kex->session_id = xmalloc(kex->session_id_len);
229	memcpy(kex->session_id, hash, kex->session_id_len);	290	memcpy(kex->session_id, hash, kex->session_id_len);
230	}	291	}
@@ -234,7 +295,7 @@ kexgss_client(Kex *kex) {
234	else	295	else
235	ssh_gssapi_delete_ctx(&ctxt);	296	ssh_gssapi_delete_ctx(&ctxt);
236		297
237	kex_derive_keys(kex, hash, shared_secret);	298	kex_derive_keys(kex, hash, hashlen, shared_secret);
238	BN_clear_free(shared_secret);	299	BN_clear_free(shared_secret);
239	kex_finish(kex);	300	kex_finish(kex);
240	}	301	}