GSSAPI key exchange support

This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2016-01-04 Patch-Name: gssapi.patch
author: Simon Wilkinson <simon@sxw.org.uk> 2014-02-09 16:09:48 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-02-29 12:31:33 +0000
commit: 374db1757fc18bd6647539b80977e6907a2cecd4 (patch)
tree: 9fd8227bdf3548c6fcce1e72b7edf3ebaf71d050 /sshd.c
parent: c52a95cc4754e6630c96fe65ae0c65eb41d2c590 (diff)
1 files changed, 110 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 430569c46..5cd9129d0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -125,6 +125,10 @@
 #include "version.h"
 #include "ssherr.h"
+#ifdef USE_SECURITY_SESSION_API
+#include <Security/AuthSession.h>
+#endif
 #ifndef O_NOCTTY
 #define O_NOCTTY        0
 #endif
@@ -1833,10 +1837,13 @@ main(int ac, char **av)
                logit("Disabling protocol version 1. Could not load host key");
                options.protocol &= ~SSH_PROTO_1;
        }
+#ifndef GSSAPI
+        /* The GSSAPI key exchange can run without a host key */
        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
                logit("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
+#endif
        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
@@ -2151,6 +2158,60 @@ main(int ac, char **av)
            remote_ip, remote_port, laddr,  get_local_port());
        free(laddr);
+#ifdef USE_SECURITY_SESSION_API
+        /*
+         * Create a new security session for use by the new user login if
+         * the current session is the root session or we are not launched
+         * by inetd (eg: debugging mode or server mode).  We do not
+         * necessarily need to create a session if we are launched from
+         * inetd because Panther xinetd will create a session for us.
+         *
+         * The only case where this logic will fail is if there is an
+         * inetd running in a non-root session which is not creating
+         * new sessions for us.  Then all the users will end up in the
+         * same session (bad).
+         *
+         * When the client exits, the session will be destroyed for us
+         * automatically.
+         *
+         * We must create the session before any credentials are stored
+         * (including AFS pags, which happens a few lines below).
+         */
+        {
+                OSStatus err = 0;
+                SecuritySessionId sid = 0;
+                SessionAttributeBits sattrs = 0;
+                err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
+                if (err)
+                        error("SessionGetInfo() failed with error %.8X",
+                            (unsigned) err);
+                else
+                        debug("Current Session ID is %.8X / Session Attributes are %.8X",
+                            (unsigned) sid, (unsigned) sattrs);
+                if (inetd_flag && !(sattrs & sessionIsRoot))
+                        debug("Running in inetd mode in a non-root session... "
+                            "assuming inetd created the session for us.");
+                else {
+                        debug("Creating new security session...");
+                        err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
+                        if (err)
+                                error("SessionCreate() failed with error %.8X",
+                                    (unsigned) err);
+                        err = SessionGetInfo(callerSecuritySession, &sid, 
+                            &sattrs);
+                        if (err)
+                                error("SessionGetInfo() failed with error %.8X",
+                                    (unsigned) err);
+                        else
+                                debug("New Session ID is %.8X / Session Attributes are %.8X",
+                                    (unsigned) sid, (unsigned) sattrs);
+                }
+        }
+#endif
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2571,6 +2632,48 @@ do_ssh2_kex(void)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
            list_hostkey_types());
+#ifdef GSSAPI
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /* 
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig)
+                xasprintf(&newstr, "%s,%s", gss, orig);
+        else if (gss)
+                newstr = gss;
+        else if (orig)
+                newstr = orig;
+        /* 
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
        /* start key exchange */
        if ((r = kex_setup(active_state, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
@@ -2585,6 +2688,13 @@ do_ssh2_kex(void)
 # endif
 #endif
        kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+        }
+#endif
        kex->server = 1;
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;
author	Simon Wilkinson <simon@sxw.org.uk>	2014-02-09 16:09:48 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-02-29 12:31:33 +0000
commit	374db1757fc18bd6647539b80977e6907a2cecd4 (patch)
tree	9fd8227bdf3548c6fcce1e72b7edf3ebaf71d050 /sshd.c
parent	c52a95cc4754e6630c96fe65ae0c65eb41d2c590 (diff)

diff --git a/sshd.c b/sshd.c index 430569c46..5cd9129d0 100644 --- a/sshd.c +++ b/sshd.c
@@ -125,6 +125,10 @@
125	#include "version.h"	125	#include "version.h"
126	#include "ssherr.h"	126	#include "ssherr.h"
127		127
		128	#ifdef USE_SECURITY_SESSION_API
		129	#include <Security/AuthSession.h>
		130	#endif
		131
128	#ifndef O_NOCTTY	132	#ifndef O_NOCTTY
129	#define O_NOCTTY 0	133	#define O_NOCTTY 0
130	#endif	134	#endif
@@ -1833,10 +1837,13 @@ main(int ac, char **av)
1833	logit("Disabling protocol version 1. Could not load host key");	1837	logit("Disabling protocol version 1. Could not load host key");
1834	options.protocol &= ~SSH_PROTO_1;	1838	options.protocol &= ~SSH_PROTO_1;
1835	}	1839	}
		1840	#ifndef GSSAPI
		1841	/* The GSSAPI key exchange can run without a host key */
1836	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {	1842	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1837	logit("Disabling protocol version 2. Could not load host key");	1843	logit("Disabling protocol version 2. Could not load host key");
1838	options.protocol &= ~SSH_PROTO_2;	1844	options.protocol &= ~SSH_PROTO_2;
1839	}	1845	}
		1846	#endif
1840	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {	1847	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
1841	logit("sshd: no hostkeys available -- exiting.");	1848	logit("sshd: no hostkeys available -- exiting.");
1842	exit(1);	1849	exit(1);
@@ -2151,6 +2158,60 @@ main(int ac, char **av)
2151	remote_ip, remote_port, laddr, get_local_port());	2158	remote_ip, remote_port, laddr, get_local_port());
2152	free(laddr);	2159	free(laddr);
2153		2160
		2161	#ifdef USE_SECURITY_SESSION_API
		2162	/*
		2163	* Create a new security session for use by the new user login if
		2164	* the current session is the root session or we are not launched
		2165	* by inetd (eg: debugging mode or server mode). We do not
		2166	* necessarily need to create a session if we are launched from
		2167	* inetd because Panther xinetd will create a session for us.
		2168	*
		2169	* The only case where this logic will fail is if there is an
		2170	* inetd running in a non-root session which is not creating
		2171	* new sessions for us. Then all the users will end up in the
		2172	* same session (bad).
		2173	*
		2174	* When the client exits, the session will be destroyed for us
		2175	* automatically.
		2176	*
		2177	* We must create the session before any credentials are stored
		2178	* (including AFS pags, which happens a few lines below).
		2179	*/
		2180	{
		2181	OSStatus err = 0;
		2182	SecuritySessionId sid = 0;
		2183	SessionAttributeBits sattrs = 0;
		2184
		2185	err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
		2186	if (err)
		2187	error("SessionGetInfo() failed with error %.8X",
		2188	(unsigned) err);
		2189	else
		2190	debug("Current Session ID is %.8X / Session Attributes are %.8X",
		2191	(unsigned) sid, (unsigned) sattrs);
		2192
		2193	if (inetd_flag && !(sattrs & sessionIsRoot))
		2194	debug("Running in inetd mode in a non-root session... "
		2195	"assuming inetd created the session for us.");
		2196	else {
		2197	debug("Creating new security session...");
		2198	err = SessionCreate(0, sessionHasTTY \| sessionIsRemote);
		2199	if (err)
		2200	error("SessionCreate() failed with error %.8X",
		2201	(unsigned) err);
		2202
		2203	err = SessionGetInfo(callerSecuritySession, &sid,
		2204	&sattrs);
		2205	if (err)
		2206	error("SessionGetInfo() failed with error %.8X",
		2207	(unsigned) err);
		2208	else
		2209	debug("New Session ID is %.8X / Session Attributes are %.8X",
		2210	(unsigned) sid, (unsigned) sattrs);
		2211	}
		2212	}
		2213	#endif
		2214
2154	/*	2215	/*
2155	* We don't want to listen forever unless the other side	2216	* We don't want to listen forever unless the other side
2156	* successfully authenticates itself. So we set up an alarm which is	2217	* successfully authenticates itself. So we set up an alarm which is
@@ -2571,6 +2632,48 @@ do_ssh2_kex(void)
2571	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2632	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2572	list_hostkey_types());	2633	list_hostkey_types());
2573		2634
		2635	#ifdef GSSAPI
		2636	{
		2637	char *orig;
		2638	char *gss = NULL;
		2639	char *newstr = NULL;
		2640	orig = myproposal[PROPOSAL_KEX_ALGS];
		2641
		2642	/*
		2643	* If we don't have a host key, then there's no point advertising
		2644	* the other key exchange algorithms
		2645	*/
		2646
		2647	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2648	orig = NULL;
		2649
		2650	if (options.gss_keyex)
		2651	gss = ssh_gssapi_server_mechanisms();
		2652	else
		2653	gss = NULL;
		2654
		2655	if (gss && orig)
		2656	xasprintf(&newstr, "%s,%s", gss, orig);
		2657	else if (gss)
		2658	newstr = gss;
		2659	else if (orig)
		2660	newstr = orig;
		2661
		2662	/*
		2663	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2664	* key alg, but we can't tell people about it unless its the only
		2665	* host key algorithm we support
		2666	*/
		2667	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2668	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2669
		2670	if (newstr)
		2671	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2672	else
		2673	fatal("No supported key exchange algorithms");
		2674	}
		2675	#endif
		2676
2574	/* start key exchange */	2677	/* start key exchange */
2575	if ((r = kex_setup(active_state, myproposal)) != 0)	2678	if ((r = kex_setup(active_state, myproposal)) != 0)
2576	fatal("kex_setup: %s", ssh_err(r));	2679	fatal("kex_setup: %s", ssh_err(r));
@@ -2585,6 +2688,13 @@ do_ssh2_kex(void)
2585	# endif	2688	# endif
2586	#endif	2689	#endif
2587	kex->kex[KEX_C25519_SHA256] = kexc25519_server;	2690	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
		2691	#ifdef GSSAPI
		2692	if (options.gss_keyex) {
		2693	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
		2694	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
		2695	kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
		2696	}
		2697	#endif
2588	kex->server = 1;	2698	kex->server = 1;
2589	kex->client_version_string=client_version_string;	2699	kex->client_version_string=client_version_string;
2590	kex->server_version_string=server_version_string;	2700	kex->server_version_string=server_version_string;