summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorSimon Wilkinson <simon@sxw.org.uk>2014-02-09 16:09:48 +0000
committerColin Watson <cjwatson@debian.org>2018-10-20 22:54:00 +0100
commit72b1d308e6400194ef6e4e7dd45bfa48fa39b5e6 (patch)
tree2a3b57ae5446f4273804064ccc42659adfc2a3b2 /monitor_wrap.c
parent3d246f10429fc9a37b98eabef94fe8dc7c61002b (diff)
GSSAPI key exchange support
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2018-10-20 Patch-Name: gssapi.patch
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c53
1 files changed, 52 insertions, 1 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 732fb3476..1865a122a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -984,7 +984,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
984} 984}
985 985
986int 986int
987mm_ssh_gssapi_userok(char *user) 987mm_ssh_gssapi_userok(char *user, struct passwd *pw)
988{ 988{
989 struct sshbuf *m; 989 struct sshbuf *m;
990 int r, authenticated = 0; 990 int r, authenticated = 0;
@@ -1003,4 +1003,55 @@ mm_ssh_gssapi_userok(char *user)
1003 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); 1003 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1004 return (authenticated); 1004 return (authenticated);
1005} 1005}
1006
1007OM_uint32
1008mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
1009{
1010 struct sshbuf *m;
1011 OM_uint32 major;
1012 int r;
1013
1014 if ((m = sshbuf_new()) == NULL)
1015 fatal("%s: sshbuf_new failed", __func__);
1016 if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
1017 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1018
1019 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
1020 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
1021
1022 if ((r = sshbuf_get_u32(m, &major)) != 0 ||
1023 (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
1024 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1025
1026 sshbuf_free(m);
1027
1028 return(major);
1029}
1030
1031int
1032mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
1033{
1034 struct sshbuf *m;
1035 int r, ok;
1036
1037 if ((m = sshbuf_new()) == NULL)
1038 fatal("%s: sshbuf_new failed", __func__);
1039 if ((r = sshbuf_put_cstring(m,
1040 store->filename ? store->filename : "")) != 0 ||
1041 (r = sshbuf_put_cstring(m,
1042 store->envvar ? store->envvar : "")) != 0 ||
1043 (r = sshbuf_put_cstring(m,
1044 store->envval ? store->envval : "")) != 0)
1045 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1046
1047 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
1048 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
1049
1050 if ((r = sshbuf_get_u32(m, &ok)) != 0)
1051 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1052 sshbuf_free(m);
1053
1054 return (ok);
1055}
1056
1006#endif /* GSSAPI */ 1057#endif /* GSSAPI */