summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorSimon Wilkinson <simon@sxw.org.uk>2014-02-09 16:09:48 +0000
committerColin Watson <cjwatson@debian.org>2016-03-10 13:00:39 +0000
commit6dfd41bb6858c6446c1da47449e2108fbabf220e (patch)
treeff5693073f78b4cc1ba6c92c8280f4ec80ced188 /sshd.c
parentf0329aac23c61e1a5197d6d57349a63f459bccb0 (diff)
GSSAPI key exchange support
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2016-01-04 Patch-Name: gssapi.patch
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c110
1 files changed, 110 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 430569c46..5cd9129d0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -125,6 +125,10 @@
125#include "version.h" 125#include "version.h"
126#include "ssherr.h" 126#include "ssherr.h"
127 127
128#ifdef USE_SECURITY_SESSION_API
129#include <Security/AuthSession.h>
130#endif
131
128#ifndef O_NOCTTY 132#ifndef O_NOCTTY
129#define O_NOCTTY 0 133#define O_NOCTTY 0
130#endif 134#endif
@@ -1833,10 +1837,13 @@ main(int ac, char **av)
1833 logit("Disabling protocol version 1. Could not load host key"); 1837 logit("Disabling protocol version 1. Could not load host key");
1834 options.protocol &= ~SSH_PROTO_1; 1838 options.protocol &= ~SSH_PROTO_1;
1835 } 1839 }
1840#ifndef GSSAPI
1841 /* The GSSAPI key exchange can run without a host key */
1836 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { 1842 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1837 logit("Disabling protocol version 2. Could not load host key"); 1843 logit("Disabling protocol version 2. Could not load host key");
1838 options.protocol &= ~SSH_PROTO_2; 1844 options.protocol &= ~SSH_PROTO_2;
1839 } 1845 }
1846#endif
1840 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 1847 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
1841 logit("sshd: no hostkeys available -- exiting."); 1848 logit("sshd: no hostkeys available -- exiting.");
1842 exit(1); 1849 exit(1);
@@ -2151,6 +2158,60 @@ main(int ac, char **av)
2151 remote_ip, remote_port, laddr, get_local_port()); 2158 remote_ip, remote_port, laddr, get_local_port());
2152 free(laddr); 2159 free(laddr);
2153 2160
2161#ifdef USE_SECURITY_SESSION_API
2162 /*
2163 * Create a new security session for use by the new user login if
2164 * the current session is the root session or we are not launched
2165 * by inetd (eg: debugging mode or server mode). We do not
2166 * necessarily need to create a session if we are launched from
2167 * inetd because Panther xinetd will create a session for us.
2168 *
2169 * The only case where this logic will fail is if there is an
2170 * inetd running in a non-root session which is not creating
2171 * new sessions for us. Then all the users will end up in the
2172 * same session (bad).
2173 *
2174 * When the client exits, the session will be destroyed for us
2175 * automatically.
2176 *
2177 * We must create the session before any credentials are stored
2178 * (including AFS pags, which happens a few lines below).
2179 */
2180 {
2181 OSStatus err = 0;
2182 SecuritySessionId sid = 0;
2183 SessionAttributeBits sattrs = 0;
2184
2185 err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
2186 if (err)
2187 error("SessionGetInfo() failed with error %.8X",
2188 (unsigned) err);
2189 else
2190 debug("Current Session ID is %.8X / Session Attributes are %.8X",
2191 (unsigned) sid, (unsigned) sattrs);
2192
2193 if (inetd_flag && !(sattrs & sessionIsRoot))
2194 debug("Running in inetd mode in a non-root session... "
2195 "assuming inetd created the session for us.");
2196 else {
2197 debug("Creating new security session...");
2198 err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
2199 if (err)
2200 error("SessionCreate() failed with error %.8X",
2201 (unsigned) err);
2202
2203 err = SessionGetInfo(callerSecuritySession, &sid,
2204 &sattrs);
2205 if (err)
2206 error("SessionGetInfo() failed with error %.8X",
2207 (unsigned) err);
2208 else
2209 debug("New Session ID is %.8X / Session Attributes are %.8X",
2210 (unsigned) sid, (unsigned) sattrs);
2211 }
2212 }
2213#endif
2214
2154 /* 2215 /*
2155 * We don't want to listen forever unless the other side 2216 * We don't want to listen forever unless the other side
2156 * successfully authenticates itself. So we set up an alarm which is 2217 * successfully authenticates itself. So we set up an alarm which is
@@ -2571,6 +2632,48 @@ do_ssh2_kex(void)
2571 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 2632 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2572 list_hostkey_types()); 2633 list_hostkey_types());
2573 2634
2635#ifdef GSSAPI
2636 {
2637 char *orig;
2638 char *gss = NULL;
2639 char *newstr = NULL;
2640 orig = myproposal[PROPOSAL_KEX_ALGS];
2641
2642 /*
2643 * If we don't have a host key, then there's no point advertising
2644 * the other key exchange algorithms
2645 */
2646
2647 if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
2648 orig = NULL;
2649
2650 if (options.gss_keyex)
2651 gss = ssh_gssapi_server_mechanisms();
2652 else
2653 gss = NULL;
2654
2655 if (gss && orig)
2656 xasprintf(&newstr, "%s,%s", gss, orig);
2657 else if (gss)
2658 newstr = gss;
2659 else if (orig)
2660 newstr = orig;
2661
2662 /*
2663 * If we've got GSSAPI mechanisms, then we've got the 'null' host
2664 * key alg, but we can't tell people about it unless its the only
2665 * host key algorithm we support
2666 */
2667 if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
2668 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
2669
2670 if (newstr)
2671 myproposal[PROPOSAL_KEX_ALGS] = newstr;
2672 else
2673 fatal("No supported key exchange algorithms");
2674 }
2675#endif
2676
2574 /* start key exchange */ 2677 /* start key exchange */
2575 if ((r = kex_setup(active_state, myproposal)) != 0) 2678 if ((r = kex_setup(active_state, myproposal)) != 0)
2576 fatal("kex_setup: %s", ssh_err(r)); 2679 fatal("kex_setup: %s", ssh_err(r));
@@ -2585,6 +2688,13 @@ do_ssh2_kex(void)
2585# endif 2688# endif
2586#endif 2689#endif
2587 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 2690 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
2691#ifdef GSSAPI
2692 if (options.gss_keyex) {
2693 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
2694 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
2695 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
2696 }
2697#endif
2588 kex->server = 1; 2698 kex->server = 1;
2589 kex->client_version_string=client_version_string; 2699 kex->client_version_string=client_version_string;
2590 kex->server_version_string=server_version_string; 2700 kex->server_version_string=server_version_string;