diff options
-rw-r--r-- | ChangeLog.gssapi | 113 | ||||
-rw-r--r-- | Makefile.in | 3 | ||||
-rw-r--r-- | auth-krb5.c | 17 | ||||
-rw-r--r-- | auth.c | 96 | ||||
-rw-r--r-- | auth2-gss.c | 48 | ||||
-rw-r--r-- | auth2.c | 2 | ||||
-rw-r--r-- | canohost.c | 93 | ||||
-rw-r--r-- | canohost.h | 3 | ||||
-rw-r--r-- | clientloop.c | 15 | ||||
-rw-r--r-- | config.h.in | 6 | ||||
-rw-r--r-- | configure.ac | 24 | ||||
-rw-r--r-- | gss-genr.c | 275 | ||||
-rw-r--r-- | gss-serv-krb5.c | 85 | ||||
-rw-r--r-- | gss-serv.c | 184 | ||||
-rw-r--r-- | kex.c | 19 | ||||
-rw-r--r-- | kex.h | 14 | ||||
-rw-r--r-- | kexgssc.c | 338 | ||||
-rw-r--r-- | kexgsss.c | 295 | ||||
-rw-r--r-- | monitor.c | 115 | ||||
-rw-r--r-- | monitor.h | 3 | ||||
-rw-r--r-- | monitor_wrap.c | 47 | ||||
-rw-r--r-- | monitor_wrap.h | 4 | ||||
-rw-r--r-- | readconf.c | 42 | ||||
-rw-r--r-- | readconf.h | 5 | ||||
-rw-r--r-- | servconf.c | 28 | ||||
-rw-r--r-- | servconf.h | 2 | ||||
-rw-r--r-- | ssh-gss.h | 41 | ||||
-rw-r--r-- | ssh_config | 2 | ||||
-rw-r--r-- | ssh_config.5 | 32 | ||||
-rw-r--r-- | sshconnect2.c | 122 | ||||
-rw-r--r-- | sshd.c | 112 | ||||
-rw-r--r-- | sshd_config | 2 | ||||
-rw-r--r-- | sshd_config.5 | 10 | ||||
-rw-r--r-- | sshkey.c | 3 | ||||
-rw-r--r-- | sshkey.h | 1 |
35 files changed, 2053 insertions, 148 deletions
diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi new file mode 100644 index 000000000..f117a336a --- /dev/null +++ b/ChangeLog.gssapi | |||
@@ -0,0 +1,113 @@ | |||
1 | 20110101 | ||
2 | - Finally update for OpenSSH 5.6p1 | ||
3 | - Add GSSAPIServerIdentity option from Jim Basney | ||
4 | |||
5 | 20100308 | ||
6 | - [ Makefile.in, key.c, key.h ] | ||
7 | Updates for OpenSSH 5.4p1 | ||
8 | - [ servconf.c ] | ||
9 | Include GSSAPI options in the sshd -T configuration dump, and flag | ||
10 | some older configuration options as being unsupported. Thanks to Colin | ||
11 | Watson. | ||
12 | - | ||
13 | |||
14 | 20100124 | ||
15 | - [ sshconnect2.c ] | ||
16 | Adapt to deal with additional element in Authmethod structure. Thanks to | ||
17 | Colin Watson | ||
18 | |||
19 | 20090615 | ||
20 | - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c | ||
21 | sshd.c ] | ||
22 | Fix issues identified by Greg Hudson following a code review | ||
23 | Check return value of gss_indicate_mechs | ||
24 | Protect GSSAPI calls in monitor, so they can only be used if enabled | ||
25 | Check return values of bignum functions in key exchange | ||
26 | Use BN_clear_free to clear other side's DH value | ||
27 | Make ssh_gssapi_id_kex more robust | ||
28 | Only configure kex table pointers if GSSAPI is enabled | ||
29 | Don't leak mechanism list, or gss mechanism list | ||
30 | Cast data.length before printing | ||
31 | If serverkey isn't provided, use an empty string, rather than NULL | ||
32 | |||
33 | 20090201 | ||
34 | - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h | ||
35 | ssh_config.5 sshconnet2.c ] | ||
36 | Add support for the GSSAPIClientIdentity option, which allows the user | ||
37 | to specify which GSSAPI identity to use to contact a given server | ||
38 | |||
39 | 20080404 | ||
40 | - [ gss-serv.c ] | ||
41 | Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow | ||
42 | been omitted from a previous version of this patch. Reported by Borislav | ||
43 | Stoichkov | ||
44 | |||
45 | 20070317 | ||
46 | - [ gss-serv-krb5.c ] | ||
47 | Remove C99ism, where new_ccname was being declared in the middle of a | ||
48 | function | ||
49 | |||
50 | 20061220 | ||
51 | - [ servconf.c ] | ||
52 | Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and | ||
53 | documented, behaviour. Reported by Dan Watson. | ||
54 | |||
55 | 20060910 | ||
56 | - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c | ||
57 | ssh-gss.h ] | ||
58 | add support for gss-group14-sha1 key exchange mechanisms | ||
59 | - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ] | ||
60 | Add GSSAPIStrictAcceptorCheck option to allow the disabling of | ||
61 | acceptor principal checking on multi-homed machines. | ||
62 | <Bugzilla #928> | ||
63 | - [ sshd_config ssh_config ] | ||
64 | Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample | ||
65 | configuration files | ||
66 | - [ kexgss.c kegsss.c sshconnect2.c sshd.c ] | ||
67 | Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf() | ||
68 | Limit length of error messages displayed by client | ||
69 | |||
70 | 20060909 | ||
71 | - [ gss-genr.c gss-serv.c ] | ||
72 | move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server | ||
73 | only, where they belong | ||
74 | <Bugzilla #1225> | ||
75 | |||
76 | 20060829 | ||
77 | - [ gss-serv-krb5.c ] | ||
78 | Fix CCAPI credentials cache name when creating KRB5CCNAME environment | ||
79 | variable | ||
80 | |||
81 | 20060828 | ||
82 | - [ gss-genr.c ] | ||
83 | Avoid Heimdal context freeing problem | ||
84 | <Fixed upstream 20060829> | ||
85 | |||
86 | 20060818 | ||
87 | - [ gss-genr.c ssh-gss.h sshconnect2.c ] | ||
88 | Make sure that SPENGO is disabled | ||
89 | <Bugzilla #1218 - Fixed upstream 20060818> | ||
90 | |||
91 | 20060421 | ||
92 | - [ gssgenr.c, sshconnect2.c ] | ||
93 | a few type changes (signed versus unsigned, int versus size_t) to | ||
94 | fix compiler errors/warnings | ||
95 | (from jbasney AT ncsa.uiuc.edu) | ||
96 | - [ kexgssc.c, sshconnect2.c ] | ||
97 | fix uninitialized variable warnings | ||
98 | (from jbasney AT ncsa.uiuc.edu) | ||
99 | - [ gssgenr.c ] | ||
100 | pass oid to gss_display_status (helpful when using GSSAPI mechglue) | ||
101 | (from jbasney AT ncsa.uiuc.edu) | ||
102 | <Bugzilla #1220 > | ||
103 | - [ gss-serv-krb5.c ] | ||
104 | #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H | ||
105 | (from jbasney AT ncsa.uiuc.edu) | ||
106 | <Fixed upstream 20060304> | ||
107 | - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c | ||
108 | add client-side GssapiKeyExchange option | ||
109 | (from jbasney AT ncsa.uiuc.edu) | ||
110 | - [ sshconnect2.c ] | ||
111 | add support for GssapiTrustDns option for gssapi-with-mic | ||
112 | (from jbasney AT ncsa.uiuc.edu) | ||
113 | <gssapi-with-mic support is Bugzilla #1008> | ||
diff --git a/Makefile.in b/Makefile.in index e10f3742a..00a320e1e 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ | 93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ |
94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ | 94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ |
95 | kexgssc.o \ | ||
95 | platform-pledge.o platform-tracing.o | 96 | platform-pledge.o platform-tracing.o |
96 | 97 | ||
97 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 98 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ | |||
105 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ | 106 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
106 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ | 107 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
107 | monitor.o monitor_wrap.o auth-krb5.o \ | 108 | monitor.o monitor_wrap.o auth-krb5.o \ |
108 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ | 109 | auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ |
109 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ | 110 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
110 | sftp-server.o sftp-common.o \ | 111 | sftp-server.o sftp-common.o \ |
111 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | 112 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
diff --git a/auth-krb5.c b/auth-krb5.c index a5a81ed2e..38e7fee21 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
182 | 182 | ||
183 | len = strlen(authctxt->krb5_ticket_file) + 6; | 183 | len = strlen(authctxt->krb5_ticket_file) + 6; |
184 | authctxt->krb5_ccname = xmalloc(len); | 184 | authctxt->krb5_ccname = xmalloc(len); |
185 | #ifdef USE_CCAPI | ||
186 | snprintf(authctxt->krb5_ccname, len, "API:%s", | ||
187 | authctxt->krb5_ticket_file); | ||
188 | #else | ||
185 | snprintf(authctxt->krb5_ccname, len, "FILE:%s", | 189 | snprintf(authctxt->krb5_ccname, len, "FILE:%s", |
186 | authctxt->krb5_ticket_file); | 190 | authctxt->krb5_ticket_file); |
191 | #endif | ||
187 | 192 | ||
188 | #ifdef USE_PAM | 193 | #ifdef USE_PAM |
189 | if (options.use_pam) | 194 | if (options.use_pam) |
@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
240 | #ifndef HEIMDAL | 245 | #ifndef HEIMDAL |
241 | krb5_error_code | 246 | krb5_error_code |
242 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | 247 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { |
243 | int tmpfd, ret, oerrno; | 248 | int ret, oerrno; |
244 | char ccname[40]; | 249 | char ccname[40]; |
245 | mode_t old_umask; | 250 | mode_t old_umask; |
251 | #ifdef USE_CCAPI | ||
252 | char cctemplate[] = "API:krb5cc_%d"; | ||
253 | #else | ||
254 | char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX"; | ||
255 | int tmpfd; | ||
256 | #endif | ||
246 | 257 | ||
247 | ret = snprintf(ccname, sizeof(ccname), | 258 | ret = snprintf(ccname, sizeof(ccname), |
248 | "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); | 259 | cctemplate, geteuid()); |
249 | if (ret < 0 || (size_t)ret >= sizeof(ccname)) | 260 | if (ret < 0 || (size_t)ret >= sizeof(ccname)) |
250 | return ENOMEM; | 261 | return ENOMEM; |
251 | 262 | ||
263 | #ifndef USE_CCAPI | ||
252 | old_umask = umask(0177); | 264 | old_umask = umask(0177); |
253 | tmpfd = mkstemp(ccname + strlen("FILE:")); | 265 | tmpfd = mkstemp(ccname + strlen("FILE:")); |
254 | oerrno = errno; | 266 | oerrno = errno; |
@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | |||
265 | return oerrno; | 277 | return oerrno; |
266 | } | 278 | } |
267 | close(tmpfd); | 279 | close(tmpfd); |
280 | #endif | ||
268 | 281 | ||
269 | return (krb5_cc_resolve(ctx, ccname, ccache)); | 282 | return (krb5_cc_resolve(ctx, ccname, ccache)); |
270 | } | 283 | } |
@@ -372,7 +372,8 @@ auth_root_allowed(const char *method) | |||
372 | case PERMIT_NO_PASSWD: | 372 | case PERMIT_NO_PASSWD: |
373 | if (strcmp(method, "publickey") == 0 || | 373 | if (strcmp(method, "publickey") == 0 || |
374 | strcmp(method, "hostbased") == 0 || | 374 | strcmp(method, "hostbased") == 0 || |
375 | strcmp(method, "gssapi-with-mic") == 0) | 375 | strcmp(method, "gssapi-with-mic") == 0 || |
376 | strcmp(method, "gssapi-keyex") == 0) | ||
376 | return 1; | 377 | return 1; |
377 | break; | 378 | break; |
378 | case PERMIT_FORCED_ONLY: | 379 | case PERMIT_FORCED_ONLY: |
@@ -795,99 +796,6 @@ fakepw(void) | |||
795 | } | 796 | } |
796 | 797 | ||
797 | /* | 798 | /* |
798 | * Returns the remote DNS hostname as a string. The returned string must not | ||
799 | * be freed. NB. this will usually trigger a DNS query the first time it is | ||
800 | * called. | ||
801 | * This function does additional checks on the hostname to mitigate some | ||
802 | * attacks on legacy rhosts-style authentication. | ||
803 | * XXX is RhostsRSAAuthentication vulnerable to these? | ||
804 | * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) | ||
805 | */ | ||
806 | |||
807 | static char * | ||
808 | remote_hostname(struct ssh *ssh) | ||
809 | { | ||
810 | struct sockaddr_storage from; | ||
811 | socklen_t fromlen; | ||
812 | struct addrinfo hints, *ai, *aitop; | ||
813 | char name[NI_MAXHOST], ntop2[NI_MAXHOST]; | ||
814 | const char *ntop = ssh_remote_ipaddr(ssh); | ||
815 | |||
816 | /* Get IP address of client. */ | ||
817 | fromlen = sizeof(from); | ||
818 | memset(&from, 0, sizeof(from)); | ||
819 | if (getpeername(ssh_packet_get_connection_in(ssh), | ||
820 | (struct sockaddr *)&from, &fromlen) < 0) { | ||
821 | debug("getpeername failed: %.100s", strerror(errno)); | ||
822 | return strdup(ntop); | ||
823 | } | ||
824 | |||
825 | ipv64_normalise_mapped(&from, &fromlen); | ||
826 | if (from.ss_family == AF_INET6) | ||
827 | fromlen = sizeof(struct sockaddr_in6); | ||
828 | |||
829 | debug3("Trying to reverse map address %.100s.", ntop); | ||
830 | /* Map the IP address to a host name. */ | ||
831 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | ||
832 | NULL, 0, NI_NAMEREQD) != 0) { | ||
833 | /* Host name not found. Use ip address. */ | ||
834 | return strdup(ntop); | ||
835 | } | ||
836 | |||
837 | /* | ||
838 | * if reverse lookup result looks like a numeric hostname, | ||
839 | * someone is trying to trick us by PTR record like following: | ||
840 | * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 | ||
841 | */ | ||
842 | memset(&hints, 0, sizeof(hints)); | ||
843 | hints.ai_socktype = SOCK_DGRAM; /*dummy*/ | ||
844 | hints.ai_flags = AI_NUMERICHOST; | ||
845 | if (getaddrinfo(name, NULL, &hints, &ai) == 0) { | ||
846 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", | ||
847 | name, ntop); | ||
848 | freeaddrinfo(ai); | ||
849 | return strdup(ntop); | ||
850 | } | ||
851 | |||
852 | /* Names are stored in lowercase. */ | ||
853 | lowercase(name); | ||
854 | |||
855 | /* | ||
856 | * Map it back to an IP address and check that the given | ||
857 | * address actually is an address of this host. This is | ||
858 | * necessary because anyone with access to a name server can | ||
859 | * define arbitrary names for an IP address. Mapping from | ||
860 | * name to IP address can be trusted better (but can still be | ||
861 | * fooled if the intruder has access to the name server of | ||
862 | * the domain). | ||
863 | */ | ||
864 | memset(&hints, 0, sizeof(hints)); | ||
865 | hints.ai_family = from.ss_family; | ||
866 | hints.ai_socktype = SOCK_STREAM; | ||
867 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | ||
868 | logit("reverse mapping checking getaddrinfo for %.700s " | ||
869 | "[%s] failed.", name, ntop); | ||
870 | return strdup(ntop); | ||
871 | } | ||
872 | /* Look for the address from the list of addresses. */ | ||
873 | for (ai = aitop; ai; ai = ai->ai_next) { | ||
874 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, | ||
875 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && | ||
876 | (strcmp(ntop, ntop2) == 0)) | ||
877 | break; | ||
878 | } | ||
879 | freeaddrinfo(aitop); | ||
880 | /* If we reached the end of the list, the address was not there. */ | ||
881 | if (ai == NULL) { | ||
882 | /* Address not found for the host name. */ | ||
883 | logit("Address %.100s maps to %.600s, but this does not " | ||
884 | "map back to the address.", ntop, name); | ||
885 | return strdup(ntop); | ||
886 | } | ||
887 | return strdup(name); | ||
888 | } | ||
889 | |||
890 | /* | ||
891 | * Return the canonical name of the host in the other side of the current | 799 | * Return the canonical name of the host in the other side of the current |
892 | * connection. The host name is cached, so it is efficient to call this | 800 | * connection. The host name is cached, so it is efficient to call this |
893 | * several times. | 801 | * several times. |
diff --git a/auth2-gss.c b/auth2-gss.c index 1ca835773..3b5036dfd 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -53,6 +53,40 @@ static int input_gssapi_mic(int type, u_int32_t plen, void *ctxt); | |||
53 | static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); | 53 | static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); |
54 | static int input_gssapi_errtok(int, u_int32_t, void *); | 54 | static int input_gssapi_errtok(int, u_int32_t, void *); |
55 | 55 | ||
56 | /* | ||
57 | * The 'gssapi_keyex' userauth mechanism. | ||
58 | */ | ||
59 | static int | ||
60 | userauth_gsskeyex(Authctxt *authctxt) | ||
61 | { | ||
62 | int authenticated = 0; | ||
63 | Buffer b; | ||
64 | gss_buffer_desc mic, gssbuf; | ||
65 | u_int len; | ||
66 | |||
67 | mic.value = packet_get_string(&len); | ||
68 | mic.length = len; | ||
69 | |||
70 | packet_check_eom(); | ||
71 | |||
72 | ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, | ||
73 | "gssapi-keyex"); | ||
74 | |||
75 | gssbuf.value = buffer_ptr(&b); | ||
76 | gssbuf.length = buffer_len(&b); | ||
77 | |||
78 | /* gss_kex_context is NULL with privsep, so we can't check it here */ | ||
79 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, | ||
80 | &gssbuf, &mic)))) | ||
81 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, | ||
82 | authctxt->pw)); | ||
83 | |||
84 | buffer_free(&b); | ||
85 | free(mic.value); | ||
86 | |||
87 | return (authenticated); | ||
88 | } | ||
89 | |||
56 | /* | 90 | /* |
57 | * We only support those mechanisms that we know about (ie ones that we know | 91 | * We only support those mechanisms that we know about (ie ones that we know |
58 | * how to check local user kuserok and the like) | 92 | * how to check local user kuserok and the like) |
@@ -238,7 +272,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | |||
238 | 272 | ||
239 | packet_check_eom(); | 273 | packet_check_eom(); |
240 | 274 | ||
241 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 275 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, |
276 | authctxt->pw)); | ||
242 | 277 | ||
243 | authctxt->postponed = 0; | 278 | authctxt->postponed = 0; |
244 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 279 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
@@ -274,7 +309,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
274 | gssbuf.length = buffer_len(&b); | 309 | gssbuf.length = buffer_len(&b); |
275 | 310 | ||
276 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) | 311 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
277 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 312 | authenticated = |
313 | PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw)); | ||
278 | else | 314 | else |
279 | logit("GSSAPI MIC check failed"); | 315 | logit("GSSAPI MIC check failed"); |
280 | 316 | ||
@@ -290,6 +326,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
290 | return 0; | 326 | return 0; |
291 | } | 327 | } |
292 | 328 | ||
329 | Authmethod method_gsskeyex = { | ||
330 | "gssapi-keyex", | ||
331 | userauth_gsskeyex, | ||
332 | &options.gss_authentication | ||
333 | }; | ||
334 | |||
293 | Authmethod method_gssapi = { | 335 | Authmethod method_gssapi = { |
294 | "gssapi-with-mic", | 336 | "gssapi-with-mic", |
295 | userauth_gssapi, | 337 | userauth_gssapi, |
@@ -70,6 +70,7 @@ extern Authmethod method_passwd; | |||
70 | extern Authmethod method_kbdint; | 70 | extern Authmethod method_kbdint; |
71 | extern Authmethod method_hostbased; | 71 | extern Authmethod method_hostbased; |
72 | #ifdef GSSAPI | 72 | #ifdef GSSAPI |
73 | extern Authmethod method_gsskeyex; | ||
73 | extern Authmethod method_gssapi; | 74 | extern Authmethod method_gssapi; |
74 | #endif | 75 | #endif |
75 | 76 | ||
@@ -77,6 +78,7 @@ Authmethod *authmethods[] = { | |||
77 | &method_none, | 78 | &method_none, |
78 | &method_pubkey, | 79 | &method_pubkey, |
79 | #ifdef GSSAPI | 80 | #ifdef GSSAPI |
81 | &method_gsskeyex, | ||
80 | &method_gssapi, | 82 | &method_gssapi, |
81 | #endif | 83 | #endif |
82 | &method_passwd, | 84 | &method_passwd, |
diff --git a/canohost.c b/canohost.c index f71a08568..404731d24 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -35,6 +35,99 @@ | |||
35 | #include "canohost.h" | 35 | #include "canohost.h" |
36 | #include "misc.h" | 36 | #include "misc.h" |
37 | 37 | ||
38 | /* | ||
39 | * Returns the remote DNS hostname as a string. The returned string must not | ||
40 | * be freed. NB. this will usually trigger a DNS query the first time it is | ||
41 | * called. | ||
42 | * This function does additional checks on the hostname to mitigate some | ||
43 | * attacks on legacy rhosts-style authentication. | ||
44 | * XXX is RhostsRSAAuthentication vulnerable to these? | ||
45 | * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) | ||
46 | */ | ||
47 | |||
48 | char * | ||
49 | remote_hostname(struct ssh *ssh) | ||
50 | { | ||
51 | struct sockaddr_storage from; | ||
52 | socklen_t fromlen; | ||
53 | struct addrinfo hints, *ai, *aitop; | ||
54 | char name[NI_MAXHOST], ntop2[NI_MAXHOST]; | ||
55 | const char *ntop = ssh_remote_ipaddr(ssh); | ||
56 | |||
57 | /* Get IP address of client. */ | ||
58 | fromlen = sizeof(from); | ||
59 | memset(&from, 0, sizeof(from)); | ||
60 | if (getpeername(ssh_packet_get_connection_in(ssh), | ||
61 | (struct sockaddr *)&from, &fromlen) < 0) { | ||
62 | debug("getpeername failed: %.100s", strerror(errno)); | ||
63 | return strdup(ntop); | ||
64 | } | ||
65 | |||
66 | ipv64_normalise_mapped(&from, &fromlen); | ||
67 | if (from.ss_family == AF_INET6) | ||
68 | fromlen = sizeof(struct sockaddr_in6); | ||
69 | |||
70 | debug3("Trying to reverse map address %.100s.", ntop); | ||
71 | /* Map the IP address to a host name. */ | ||
72 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | ||
73 | NULL, 0, NI_NAMEREQD) != 0) { | ||
74 | /* Host name not found. Use ip address. */ | ||
75 | return strdup(ntop); | ||
76 | } | ||
77 | |||
78 | /* | ||
79 | * if reverse lookup result looks like a numeric hostname, | ||
80 | * someone is trying to trick us by PTR record like following: | ||
81 | * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 | ||
82 | */ | ||
83 | memset(&hints, 0, sizeof(hints)); | ||
84 | hints.ai_socktype = SOCK_DGRAM; /*dummy*/ | ||
85 | hints.ai_flags = AI_NUMERICHOST; | ||
86 | if (getaddrinfo(name, NULL, &hints, &ai) == 0) { | ||
87 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", | ||
88 | name, ntop); | ||
89 | freeaddrinfo(ai); | ||
90 | return strdup(ntop); | ||
91 | } | ||
92 | |||
93 | /* Names are stored in lowercase. */ | ||
94 | lowercase(name); | ||
95 | |||
96 | /* | ||
97 | * Map it back to an IP address and check that the given | ||
98 | * address actually is an address of this host. This is | ||
99 | * necessary because anyone with access to a name server can | ||
100 | * define arbitrary names for an IP address. Mapping from | ||
101 | * name to IP address can be trusted better (but can still be | ||
102 | * fooled if the intruder has access to the name server of | ||
103 | * the domain). | ||
104 | */ | ||
105 | memset(&hints, 0, sizeof(hints)); | ||
106 | hints.ai_family = from.ss_family; | ||
107 | hints.ai_socktype = SOCK_STREAM; | ||
108 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | ||
109 | logit("reverse mapping checking getaddrinfo for %.700s " | ||
110 | "[%s] failed.", name, ntop); | ||
111 | return strdup(ntop); | ||
112 | } | ||
113 | /* Look for the address from the list of addresses. */ | ||
114 | for (ai = aitop; ai; ai = ai->ai_next) { | ||
115 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, | ||
116 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && | ||
117 | (strcmp(ntop, ntop2) == 0)) | ||
118 | break; | ||
119 | } | ||
120 | freeaddrinfo(aitop); | ||
121 | /* If we reached the end of the list, the address was not there. */ | ||
122 | if (ai == NULL) { | ||
123 | /* Address not found for the host name. */ | ||
124 | logit("Address %.100s maps to %.600s, but this does not " | ||
125 | "map back to the address.", ntop, name); | ||
126 | return strdup(ntop); | ||
127 | } | ||
128 | return strdup(name); | ||
129 | } | ||
130 | |||
38 | void | 131 | void |
39 | ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) | 132 | ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) |
40 | { | 133 | { |
diff --git a/canohost.h b/canohost.h index 26d62855a..0cadc9f18 100644 --- a/canohost.h +++ b/canohost.h | |||
@@ -15,6 +15,9 @@ | |||
15 | #ifndef _CANOHOST_H | 15 | #ifndef _CANOHOST_H |
16 | #define _CANOHOST_H | 16 | #define _CANOHOST_H |
17 | 17 | ||
18 | struct ssh; | ||
19 | |||
20 | char *remote_hostname(struct ssh *); | ||
18 | char *get_peer_ipaddr(int); | 21 | char *get_peer_ipaddr(int); |
19 | int get_peer_port(int); | 22 | int get_peer_port(int); |
20 | char *get_local_ipaddr(int); | 23 | char *get_local_ipaddr(int); |
diff --git a/clientloop.c b/clientloop.c index 4289a4081..99c68b690 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -113,6 +113,10 @@ | |||
113 | #include "ssherr.h" | 113 | #include "ssherr.h" |
114 | #include "hostfile.h" | 114 | #include "hostfile.h" |
115 | 115 | ||
116 | #ifdef GSSAPI | ||
117 | #include "ssh-gss.h" | ||
118 | #endif | ||
119 | |||
116 | /* import options */ | 120 | /* import options */ |
117 | extern Options options; | 121 | extern Options options; |
118 | 122 | ||
@@ -1664,9 +1668,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1664 | break; | 1668 | break; |
1665 | 1669 | ||
1666 | /* Do channel operations unless rekeying in progress. */ | 1670 | /* Do channel operations unless rekeying in progress. */ |
1667 | if (!ssh_packet_is_rekeying(active_state)) | 1671 | if (!ssh_packet_is_rekeying(active_state)) { |
1668 | channel_after_select(readset, writeset); | 1672 | channel_after_select(readset, writeset); |
1669 | 1673 | ||
1674 | #ifdef GSSAPI | ||
1675 | if (options.gss_renewal_rekey && | ||
1676 | ssh_gssapi_credentials_updated(NULL)) { | ||
1677 | debug("credentials updated - forcing rekey"); | ||
1678 | need_rekeying = 1; | ||
1679 | } | ||
1680 | #endif | ||
1681 | } | ||
1682 | |||
1670 | /* Buffer input from the connection. */ | 1683 | /* Buffer input from the connection. */ |
1671 | client_process_net_input(readset); | 1684 | client_process_net_input(readset); |
1672 | 1685 | ||
diff --git a/config.h.in b/config.h.in index 75e02ab45..afe540e9c 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -1667,6 +1667,9 @@ | |||
1667 | /* Use btmp to log bad logins */ | 1667 | /* Use btmp to log bad logins */ |
1668 | #undef USE_BTMP | 1668 | #undef USE_BTMP |
1669 | 1669 | ||
1670 | /* platform uses an in-memory credentials cache */ | ||
1671 | #undef USE_CCAPI | ||
1672 | |||
1670 | /* Use libedit for sftp */ | 1673 | /* Use libedit for sftp */ |
1671 | #undef USE_LIBEDIT | 1674 | #undef USE_LIBEDIT |
1672 | 1675 | ||
@@ -1682,6 +1685,9 @@ | |||
1682 | /* Use PIPES instead of a socketpair() */ | 1685 | /* Use PIPES instead of a socketpair() */ |
1683 | #undef USE_PIPES | 1686 | #undef USE_PIPES |
1684 | 1687 | ||
1688 | /* platform has the Security Authorization Session API */ | ||
1689 | #undef USE_SECURITY_SESSION_API | ||
1690 | |||
1685 | /* Define if you have Solaris privileges */ | 1691 | /* Define if you have Solaris privileges */ |
1686 | #undef USE_SOLARIS_PRIVS | 1692 | #undef USE_SOLARIS_PRIVS |
1687 | 1693 | ||
diff --git a/configure.ac b/configure.ac index eb9f45dcc..5fdc696c8 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
623 | [Use tunnel device compatibility to OpenBSD]) | 623 | [Use tunnel device compatibility to OpenBSD]) |
624 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 624 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
625 | [Prepend the address family to IP tunnel traffic]) | 625 | [Prepend the address family to IP tunnel traffic]) |
626 | AC_MSG_CHECKING([if we have the Security Authorization Session API]) | ||
627 | AC_TRY_COMPILE([#include <Security/AuthSession.h>], | ||
628 | [SessionCreate(0, 0);], | ||
629 | [ac_cv_use_security_session_api="yes" | ||
630 | AC_DEFINE([USE_SECURITY_SESSION_API], [1], | ||
631 | [platform has the Security Authorization Session API]) | ||
632 | LIBS="$LIBS -framework Security" | ||
633 | AC_MSG_RESULT([yes])], | ||
634 | [ac_cv_use_security_session_api="no" | ||
635 | AC_MSG_RESULT([no])]) | ||
636 | AC_MSG_CHECKING([if we have an in-memory credentials cache]) | ||
637 | AC_TRY_COMPILE( | ||
638 | [#include <Kerberos/Kerberos.h>], | ||
639 | [cc_context_t c; | ||
640 | (void) cc_initialize (&c, 0, NULL, NULL);], | ||
641 | [AC_DEFINE([USE_CCAPI], [1], | ||
642 | [platform uses an in-memory credentials cache]) | ||
643 | LIBS="$LIBS -framework Security" | ||
644 | AC_MSG_RESULT([yes]) | ||
645 | if test "x$ac_cv_use_security_session_api" = "xno"; then | ||
646 | AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***]) | ||
647 | fi], | ||
648 | [AC_MSG_RESULT([no])] | ||
649 | ) | ||
626 | m4_pattern_allow([AU_IPv]) | 650 | m4_pattern_allow([AU_IPv]) |
627 | AC_CHECK_DECL([AU_IPv4], [], | 651 | AC_CHECK_DECL([AU_IPv4], [], |
628 | AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) | 652 | AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) |
diff --git a/gss-genr.c b/gss-genr.c index 62559ed9e..0b3ae073c 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -40,12 +40,167 @@ | |||
40 | #include "buffer.h" | 40 | #include "buffer.h" |
41 | #include "log.h" | 41 | #include "log.h" |
42 | #include "ssh2.h" | 42 | #include "ssh2.h" |
43 | #include "cipher.h" | ||
44 | #include "key.h" | ||
45 | #include "kex.h" | ||
46 | #include <openssl/evp.h> | ||
43 | 47 | ||
44 | #include "ssh-gss.h" | 48 | #include "ssh-gss.h" |
45 | 49 | ||
46 | extern u_char *session_id2; | 50 | extern u_char *session_id2; |
47 | extern u_int session_id2_len; | 51 | extern u_int session_id2_len; |
48 | 52 | ||
53 | typedef struct { | ||
54 | char *encoded; | ||
55 | gss_OID oid; | ||
56 | } ssh_gss_kex_mapping; | ||
57 | |||
58 | /* | ||
59 | * XXX - It would be nice to find a more elegant way of handling the | ||
60 | * XXX passing of the key exchange context to the userauth routines | ||
61 | */ | ||
62 | |||
63 | Gssctxt *gss_kex_context = NULL; | ||
64 | |||
65 | static ssh_gss_kex_mapping *gss_enc2oid = NULL; | ||
66 | |||
67 | int | ||
68 | ssh_gssapi_oid_table_ok(void) { | ||
69 | return (gss_enc2oid != NULL); | ||
70 | } | ||
71 | |||
72 | /* | ||
73 | * Return a list of the gss-group1-sha1 mechanisms supported by this program | ||
74 | * | ||
75 | * We test mechanisms to ensure that we can use them, to avoid starting | ||
76 | * a key exchange with a bad mechanism | ||
77 | */ | ||
78 | |||
79 | char * | ||
80 | ssh_gssapi_client_mechanisms(const char *host, const char *client) { | ||
81 | gss_OID_set gss_supported; | ||
82 | OM_uint32 min_status; | ||
83 | |||
84 | if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported))) | ||
85 | return NULL; | ||
86 | |||
87 | return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism, | ||
88 | host, client)); | ||
89 | } | ||
90 | |||
91 | char * | ||
92 | ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | ||
93 | const char *host, const char *client) { | ||
94 | Buffer buf; | ||
95 | size_t i; | ||
96 | int oidpos, enclen; | ||
97 | char *mechs, *encoded; | ||
98 | u_char digest[EVP_MAX_MD_SIZE]; | ||
99 | char deroid[2]; | ||
100 | const EVP_MD *evp_md = EVP_md5(); | ||
101 | EVP_MD_CTX md; | ||
102 | |||
103 | if (gss_enc2oid != NULL) { | ||
104 | for (i = 0; gss_enc2oid[i].encoded != NULL; i++) | ||
105 | free(gss_enc2oid[i].encoded); | ||
106 | free(gss_enc2oid); | ||
107 | } | ||
108 | |||
109 | gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * | ||
110 | (gss_supported->count + 1)); | ||
111 | |||
112 | buffer_init(&buf); | ||
113 | |||
114 | oidpos = 0; | ||
115 | for (i = 0; i < gss_supported->count; i++) { | ||
116 | if (gss_supported->elements[i].length < 128 && | ||
117 | (*check)(NULL, &(gss_supported->elements[i]), host, client)) { | ||
118 | |||
119 | deroid[0] = SSH_GSS_OIDTYPE; | ||
120 | deroid[1] = gss_supported->elements[i].length; | ||
121 | |||
122 | EVP_DigestInit(&md, evp_md); | ||
123 | EVP_DigestUpdate(&md, deroid, 2); | ||
124 | EVP_DigestUpdate(&md, | ||
125 | gss_supported->elements[i].elements, | ||
126 | gss_supported->elements[i].length); | ||
127 | EVP_DigestFinal(&md, digest, NULL); | ||
128 | |||
129 | encoded = xmalloc(EVP_MD_size(evp_md) * 2); | ||
130 | enclen = __b64_ntop(digest, EVP_MD_size(evp_md), | ||
131 | encoded, EVP_MD_size(evp_md) * 2); | ||
132 | |||
133 | if (oidpos != 0) | ||
134 | buffer_put_char(&buf, ','); | ||
135 | |||
136 | buffer_append(&buf, KEX_GSS_GEX_SHA1_ID, | ||
137 | sizeof(KEX_GSS_GEX_SHA1_ID) - 1); | ||
138 | buffer_append(&buf, encoded, enclen); | ||
139 | buffer_put_char(&buf, ','); | ||
140 | buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, | ||
141 | sizeof(KEX_GSS_GRP1_SHA1_ID) - 1); | ||
142 | buffer_append(&buf, encoded, enclen); | ||
143 | buffer_put_char(&buf, ','); | ||
144 | buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID, | ||
145 | sizeof(KEX_GSS_GRP14_SHA1_ID) - 1); | ||
146 | buffer_append(&buf, encoded, enclen); | ||
147 | |||
148 | gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); | ||
149 | gss_enc2oid[oidpos].encoded = encoded; | ||
150 | oidpos++; | ||
151 | } | ||
152 | } | ||
153 | gss_enc2oid[oidpos].oid = NULL; | ||
154 | gss_enc2oid[oidpos].encoded = NULL; | ||
155 | |||
156 | buffer_put_char(&buf, '\0'); | ||
157 | |||
158 | mechs = xmalloc(buffer_len(&buf)); | ||
159 | buffer_get(&buf, mechs, buffer_len(&buf)); | ||
160 | buffer_free(&buf); | ||
161 | |||
162 | if (strlen(mechs) == 0) { | ||
163 | free(mechs); | ||
164 | mechs = NULL; | ||
165 | } | ||
166 | |||
167 | return (mechs); | ||
168 | } | ||
169 | |||
170 | gss_OID | ||
171 | ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) { | ||
172 | int i = 0; | ||
173 | |||
174 | switch (kex_type) { | ||
175 | case KEX_GSS_GRP1_SHA1: | ||
176 | if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID)) | ||
177 | return GSS_C_NO_OID; | ||
178 | name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1; | ||
179 | break; | ||
180 | case KEX_GSS_GRP14_SHA1: | ||
181 | if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID)) | ||
182 | return GSS_C_NO_OID; | ||
183 | name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1; | ||
184 | break; | ||
185 | case KEX_GSS_GEX_SHA1: | ||
186 | if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID)) | ||
187 | return GSS_C_NO_OID; | ||
188 | name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1; | ||
189 | break; | ||
190 | default: | ||
191 | return GSS_C_NO_OID; | ||
192 | } | ||
193 | |||
194 | while (gss_enc2oid[i].encoded != NULL && | ||
195 | strcmp(name, gss_enc2oid[i].encoded) != 0) | ||
196 | i++; | ||
197 | |||
198 | if (gss_enc2oid[i].oid != NULL && ctx != NULL) | ||
199 | ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid); | ||
200 | |||
201 | return gss_enc2oid[i].oid; | ||
202 | } | ||
203 | |||
49 | /* Check that the OID in a data stream matches that in the context */ | 204 | /* Check that the OID in a data stream matches that in the context */ |
50 | int | 205 | int |
51 | ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) | 206 | ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) |
@@ -198,7 +353,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, | |||
198 | } | 353 | } |
199 | 354 | ||
200 | ctx->major = gss_init_sec_context(&ctx->minor, | 355 | ctx->major = gss_init_sec_context(&ctx->minor, |
201 | GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, | 356 | ctx->client_creds, &ctx->context, ctx->name, ctx->oid, |
202 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, | 357 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, |
203 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); | 358 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); |
204 | 359 | ||
@@ -228,8 +383,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | |||
228 | } | 383 | } |
229 | 384 | ||
230 | OM_uint32 | 385 | OM_uint32 |
386 | ssh_gssapi_client_identity(Gssctxt *ctx, const char *name) | ||
387 | { | ||
388 | gss_buffer_desc gssbuf; | ||
389 | gss_name_t gssname; | ||
390 | OM_uint32 status; | ||
391 | gss_OID_set oidset; | ||
392 | |||
393 | gssbuf.value = (void *) name; | ||
394 | gssbuf.length = strlen(gssbuf.value); | ||
395 | |||
396 | gss_create_empty_oid_set(&status, &oidset); | ||
397 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
398 | |||
399 | ctx->major = gss_import_name(&ctx->minor, &gssbuf, | ||
400 | GSS_C_NT_USER_NAME, &gssname); | ||
401 | |||
402 | if (!ctx->major) | ||
403 | ctx->major = gss_acquire_cred(&ctx->minor, | ||
404 | gssname, 0, oidset, GSS_C_INITIATE, | ||
405 | &ctx->client_creds, NULL, NULL); | ||
406 | |||
407 | gss_release_name(&status, &gssname); | ||
408 | gss_release_oid_set(&status, &oidset); | ||
409 | |||
410 | if (ctx->major) | ||
411 | ssh_gssapi_error(ctx); | ||
412 | |||
413 | return(ctx->major); | ||
414 | } | ||
415 | |||
416 | OM_uint32 | ||
231 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | 417 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) |
232 | { | 418 | { |
419 | if (ctx == NULL) | ||
420 | return -1; | ||
421 | |||
233 | if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, | 422 | if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, |
234 | GSS_C_QOP_DEFAULT, buffer, hash))) | 423 | GSS_C_QOP_DEFAULT, buffer, hash))) |
235 | ssh_gssapi_error(ctx); | 424 | ssh_gssapi_error(ctx); |
@@ -237,6 +426,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | |||
237 | return (ctx->major); | 426 | return (ctx->major); |
238 | } | 427 | } |
239 | 428 | ||
429 | /* Priviledged when used by server */ | ||
430 | OM_uint32 | ||
431 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | ||
432 | { | ||
433 | if (ctx == NULL) | ||
434 | return -1; | ||
435 | |||
436 | ctx->major = gss_verify_mic(&ctx->minor, ctx->context, | ||
437 | gssbuf, gssmic, NULL); | ||
438 | |||
439 | return (ctx->major); | ||
440 | } | ||
441 | |||
240 | void | 442 | void |
241 | ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, | 443 | ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, |
242 | const char *context) | 444 | const char *context) |
@@ -250,11 +452,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, | |||
250 | } | 452 | } |
251 | 453 | ||
252 | int | 454 | int |
253 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | 455 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host, |
456 | const char *client) | ||
254 | { | 457 | { |
255 | gss_buffer_desc token = GSS_C_EMPTY_BUFFER; | 458 | gss_buffer_desc token = GSS_C_EMPTY_BUFFER; |
256 | OM_uint32 major, minor; | 459 | OM_uint32 major, minor; |
257 | gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; | 460 | gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; |
461 | Gssctxt *intctx = NULL; | ||
462 | |||
463 | if (ctx == NULL) | ||
464 | ctx = &intctx; | ||
258 | 465 | ||
259 | /* RFC 4462 says we MUST NOT do SPNEGO */ | 466 | /* RFC 4462 says we MUST NOT do SPNEGO */ |
260 | if (oid->length == spnego_oid.length && | 467 | if (oid->length == spnego_oid.length && |
@@ -264,6 +471,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | |||
264 | ssh_gssapi_build_ctx(ctx); | 471 | ssh_gssapi_build_ctx(ctx); |
265 | ssh_gssapi_set_oid(*ctx, oid); | 472 | ssh_gssapi_set_oid(*ctx, oid); |
266 | major = ssh_gssapi_import_name(*ctx, host); | 473 | major = ssh_gssapi_import_name(*ctx, host); |
474 | |||
475 | if (!GSS_ERROR(major) && client) | ||
476 | major = ssh_gssapi_client_identity(*ctx, client); | ||
477 | |||
267 | if (!GSS_ERROR(major)) { | 478 | if (!GSS_ERROR(major)) { |
268 | major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, | 479 | major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, |
269 | NULL); | 480 | NULL); |
@@ -273,10 +484,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | |||
273 | GSS_C_NO_BUFFER); | 484 | GSS_C_NO_BUFFER); |
274 | } | 485 | } |
275 | 486 | ||
276 | if (GSS_ERROR(major)) | 487 | if (GSS_ERROR(major) || intctx != NULL) |
277 | ssh_gssapi_delete_ctx(ctx); | 488 | ssh_gssapi_delete_ctx(ctx); |
278 | 489 | ||
279 | return (!GSS_ERROR(major)); | 490 | return (!GSS_ERROR(major)); |
280 | } | 491 | } |
281 | 492 | ||
493 | int | ||
494 | ssh_gssapi_credentials_updated(Gssctxt *ctxt) { | ||
495 | static gss_name_t saved_name = GSS_C_NO_NAME; | ||
496 | static OM_uint32 saved_lifetime = 0; | ||
497 | static gss_OID saved_mech = GSS_C_NO_OID; | ||
498 | static gss_name_t name; | ||
499 | static OM_uint32 last_call = 0; | ||
500 | OM_uint32 lifetime, now, major, minor; | ||
501 | int equal; | ||
502 | |||
503 | now = time(NULL); | ||
504 | |||
505 | if (ctxt) { | ||
506 | debug("Rekey has happened - updating saved versions"); | ||
507 | |||
508 | if (saved_name != GSS_C_NO_NAME) | ||
509 | gss_release_name(&minor, &saved_name); | ||
510 | |||
511 | major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, | ||
512 | &saved_name, &saved_lifetime, NULL, NULL); | ||
513 | |||
514 | if (!GSS_ERROR(major)) { | ||
515 | saved_mech = ctxt->oid; | ||
516 | saved_lifetime+= now; | ||
517 | } else { | ||
518 | /* Handle the error */ | ||
519 | } | ||
520 | return 0; | ||
521 | } | ||
522 | |||
523 | if (now - last_call < 10) | ||
524 | return 0; | ||
525 | |||
526 | last_call = now; | ||
527 | |||
528 | if (saved_mech == GSS_C_NO_OID) | ||
529 | return 0; | ||
530 | |||
531 | major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, | ||
532 | &name, &lifetime, NULL, NULL); | ||
533 | if (major == GSS_S_CREDENTIALS_EXPIRED) | ||
534 | return 0; | ||
535 | else if (GSS_ERROR(major)) | ||
536 | return 0; | ||
537 | |||
538 | major = gss_compare_name(&minor, saved_name, name, &equal); | ||
539 | gss_release_name(&minor, &name); | ||
540 | if (GSS_ERROR(major)) | ||
541 | return 0; | ||
542 | |||
543 | if (equal && (saved_lifetime < lifetime + now - 10)) | ||
544 | return 1; | ||
545 | |||
546 | return 0; | ||
547 | } | ||
548 | |||
282 | #endif /* GSSAPI */ | 549 | #endif /* GSSAPI */ |
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9f..fd8b37183 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -121,8 +121,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
121 | krb5_error_code problem; | 121 | krb5_error_code problem; |
122 | krb5_principal princ; | 122 | krb5_principal princ; |
123 | OM_uint32 maj_status, min_status; | 123 | OM_uint32 maj_status, min_status; |
124 | int len; | ||
125 | const char *errmsg; | 124 | const char *errmsg; |
125 | const char *new_ccname; | ||
126 | 126 | ||
127 | if (client->creds == NULL) { | 127 | if (client->creds == NULL) { |
128 | debug("No credentials stored"); | 128 | debug("No credentials stored"); |
@@ -181,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
181 | return; | 181 | return; |
182 | } | 182 | } |
183 | 183 | ||
184 | client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); | 184 | new_ccname = krb5_cc_get_name(krb_context, ccache); |
185 | |||
185 | client->store.envvar = "KRB5CCNAME"; | 186 | client->store.envvar = "KRB5CCNAME"; |
186 | len = strlen(client->store.filename) + 6; | 187 | #ifdef USE_CCAPI |
187 | client->store.envval = xmalloc(len); | 188 | xasprintf(&client->store.envval, "API:%s", new_ccname); |
188 | snprintf(client->store.envval, len, "FILE:%s", client->store.filename); | 189 | client->store.filename = NULL; |
190 | #else | ||
191 | xasprintf(&client->store.envval, "FILE:%s", new_ccname); | ||
192 | client->store.filename = xstrdup(new_ccname); | ||
193 | #endif | ||
189 | 194 | ||
190 | #ifdef USE_PAM | 195 | #ifdef USE_PAM |
191 | if (options.use_pam) | 196 | if (options.use_pam) |
@@ -197,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
197 | return; | 202 | return; |
198 | } | 203 | } |
199 | 204 | ||
205 | int | ||
206 | ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, | ||
207 | ssh_gssapi_client *client) | ||
208 | { | ||
209 | krb5_ccache ccache = NULL; | ||
210 | krb5_principal principal = NULL; | ||
211 | char *name = NULL; | ||
212 | krb5_error_code problem; | ||
213 | OM_uint32 maj_status, min_status; | ||
214 | |||
215 | if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) { | ||
216 | logit("krb5_cc_resolve(): %.100s", | ||
217 | krb5_get_err_text(krb_context, problem)); | ||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | /* Find out who the principal in this cache is */ | ||
222 | if ((problem = krb5_cc_get_principal(krb_context, ccache, | ||
223 | &principal))) { | ||
224 | logit("krb5_cc_get_principal(): %.100s", | ||
225 | krb5_get_err_text(krb_context, problem)); | ||
226 | krb5_cc_close(krb_context, ccache); | ||
227 | return 0; | ||
228 | } | ||
229 | |||
230 | if ((problem = krb5_unparse_name(krb_context, principal, &name))) { | ||
231 | logit("krb5_unparse_name(): %.100s", | ||
232 | krb5_get_err_text(krb_context, problem)); | ||
233 | krb5_free_principal(krb_context, principal); | ||
234 | krb5_cc_close(krb_context, ccache); | ||
235 | return 0; | ||
236 | } | ||
237 | |||
238 | |||
239 | if (strcmp(name,client->exportedname.value)!=0) { | ||
240 | debug("Name in local credentials cache differs. Not storing"); | ||
241 | krb5_free_principal(krb_context, principal); | ||
242 | krb5_cc_close(krb_context, ccache); | ||
243 | krb5_free_unparsed_name(krb_context, name); | ||
244 | return 0; | ||
245 | } | ||
246 | krb5_free_unparsed_name(krb_context, name); | ||
247 | |||
248 | /* Name matches, so lets get on with it! */ | ||
249 | |||
250 | if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) { | ||
251 | logit("krb5_cc_initialize(): %.100s", | ||
252 | krb5_get_err_text(krb_context, problem)); | ||
253 | krb5_free_principal(krb_context, principal); | ||
254 | krb5_cc_close(krb_context, ccache); | ||
255 | return 0; | ||
256 | } | ||
257 | |||
258 | krb5_free_principal(krb_context, principal); | ||
259 | |||
260 | if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds, | ||
261 | ccache))) { | ||
262 | logit("gss_krb5_copy_ccache() failed. Sorry!"); | ||
263 | krb5_cc_close(krb_context, ccache); | ||
264 | return 0; | ||
265 | } | ||
266 | |||
267 | return 1; | ||
268 | } | ||
269 | |||
200 | ssh_gssapi_mech gssapi_kerberos_mech = { | 270 | ssh_gssapi_mech gssapi_kerberos_mech = { |
201 | "toWM5Slw5Ew8Mqkay+al2g==", | 271 | "toWM5Slw5Ew8Mqkay+al2g==", |
202 | "Kerberos", | 272 | "Kerberos", |
@@ -204,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { | |||
204 | NULL, | 274 | NULL, |
205 | &ssh_gssapi_krb5_userok, | 275 | &ssh_gssapi_krb5_userok, |
206 | NULL, | 276 | NULL, |
207 | &ssh_gssapi_krb5_storecreds | 277 | &ssh_gssapi_krb5_storecreds, |
278 | &ssh_gssapi_krb5_updatecreds | ||
208 | }; | 279 | }; |
209 | 280 | ||
210 | #endif /* KRB5 */ | 281 | #endif /* KRB5 */ |
diff --git a/gss-serv.c b/gss-serv.c index 53993d674..2e27cbf9c 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -45,17 +45,22 @@ | |||
45 | #include "session.h" | 45 | #include "session.h" |
46 | #include "misc.h" | 46 | #include "misc.h" |
47 | #include "servconf.h" | 47 | #include "servconf.h" |
48 | #include "uidswap.h" | ||
48 | 49 | ||
49 | #include "ssh-gss.h" | 50 | #include "ssh-gss.h" |
51 | #include "monitor_wrap.h" | ||
52 | |||
53 | extern ServerOptions options; | ||
50 | 54 | ||
51 | extern ServerOptions options; | 55 | extern ServerOptions options; |
52 | 56 | ||
53 | static ssh_gssapi_client gssapi_client = | 57 | static ssh_gssapi_client gssapi_client = |
54 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 58 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
55 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; | 59 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, |
60 | {NULL, NULL, NULL, NULL, NULL}, 0, 0}; | ||
56 | 61 | ||
57 | ssh_gssapi_mech gssapi_null_mech = | 62 | ssh_gssapi_mech gssapi_null_mech = |
58 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; | 63 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; |
59 | 64 | ||
60 | #ifdef KRB5 | 65 | #ifdef KRB5 |
61 | extern ssh_gssapi_mech gssapi_kerberos_mech; | 66 | extern ssh_gssapi_mech gssapi_kerberos_mech; |
@@ -142,6 +147,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | |||
142 | } | 147 | } |
143 | 148 | ||
144 | /* Unprivileged */ | 149 | /* Unprivileged */ |
150 | char * | ||
151 | ssh_gssapi_server_mechanisms(void) { | ||
152 | if (supported_oids == NULL) | ||
153 | ssh_gssapi_prepare_supported_oids(); | ||
154 | return (ssh_gssapi_kex_mechs(supported_oids, | ||
155 | &ssh_gssapi_server_check_mech, NULL, NULL)); | ||
156 | } | ||
157 | |||
158 | /* Unprivileged */ | ||
159 | int | ||
160 | ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data, | ||
161 | const char *dummy) { | ||
162 | Gssctxt *ctx = NULL; | ||
163 | int res; | ||
164 | |||
165 | res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); | ||
166 | ssh_gssapi_delete_ctx(&ctx); | ||
167 | |||
168 | return (res); | ||
169 | } | ||
170 | |||
171 | /* Unprivileged */ | ||
145 | void | 172 | void |
146 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 173 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
147 | { | 174 | { |
@@ -151,7 +178,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
151 | gss_OID_set supported; | 178 | gss_OID_set supported; |
152 | 179 | ||
153 | gss_create_empty_oid_set(&min_status, oidset); | 180 | gss_create_empty_oid_set(&min_status, oidset); |
154 | gss_indicate_mechs(&min_status, &supported); | 181 | |
182 | if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported))) | ||
183 | return; | ||
155 | 184 | ||
156 | while (supported_mechs[i]->name != NULL) { | 185 | while (supported_mechs[i]->name != NULL) { |
157 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, | 186 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, |
@@ -277,8 +306,48 @@ OM_uint32 | |||
277 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 306 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
278 | { | 307 | { |
279 | int i = 0; | 308 | int i = 0; |
309 | int equal = 0; | ||
310 | gss_name_t new_name = GSS_C_NO_NAME; | ||
311 | gss_buffer_desc ename = GSS_C_EMPTY_BUFFER; | ||
312 | |||
313 | if (options.gss_store_rekey && client->used && ctx->client_creds) { | ||
314 | if (client->mech->oid.length != ctx->oid->length || | ||
315 | (memcmp(client->mech->oid.elements, | ||
316 | ctx->oid->elements, ctx->oid->length) !=0)) { | ||
317 | debug("Rekeyed credentials have different mechanism"); | ||
318 | return GSS_S_COMPLETE; | ||
319 | } | ||
320 | |||
321 | if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, | ||
322 | ctx->client_creds, ctx->oid, &new_name, | ||
323 | NULL, NULL, NULL))) { | ||
324 | ssh_gssapi_error(ctx); | ||
325 | return (ctx->major); | ||
326 | } | ||
327 | |||
328 | ctx->major = gss_compare_name(&ctx->minor, client->name, | ||
329 | new_name, &equal); | ||
330 | |||
331 | if (GSS_ERROR(ctx->major)) { | ||
332 | ssh_gssapi_error(ctx); | ||
333 | return (ctx->major); | ||
334 | } | ||
335 | |||
336 | if (!equal) { | ||
337 | debug("Rekeyed credentials have different name"); | ||
338 | return GSS_S_COMPLETE; | ||
339 | } | ||
280 | 340 | ||
281 | gss_buffer_desc ename; | 341 | debug("Marking rekeyed credentials for export"); |
342 | |||
343 | gss_release_name(&ctx->minor, &client->name); | ||
344 | gss_release_cred(&ctx->minor, &client->creds); | ||
345 | client->name = new_name; | ||
346 | client->creds = ctx->client_creds; | ||
347 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | ||
348 | client->updated = 1; | ||
349 | return GSS_S_COMPLETE; | ||
350 | } | ||
282 | 351 | ||
283 | client->mech = NULL; | 352 | client->mech = NULL; |
284 | 353 | ||
@@ -293,6 +362,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | |||
293 | if (client->mech == NULL) | 362 | if (client->mech == NULL) |
294 | return GSS_S_FAILURE; | 363 | return GSS_S_FAILURE; |
295 | 364 | ||
365 | if (ctx->client_creds && | ||
366 | (ctx->major = gss_inquire_cred_by_mech(&ctx->minor, | ||
367 | ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) { | ||
368 | ssh_gssapi_error(ctx); | ||
369 | return (ctx->major); | ||
370 | } | ||
371 | |||
296 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, | 372 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, |
297 | &client->displayname, NULL))) { | 373 | &client->displayname, NULL))) { |
298 | ssh_gssapi_error(ctx); | 374 | ssh_gssapi_error(ctx); |
@@ -310,6 +386,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | |||
310 | return (ctx->major); | 386 | return (ctx->major); |
311 | } | 387 | } |
312 | 388 | ||
389 | gss_release_buffer(&ctx->minor, &ename); | ||
390 | |||
313 | /* We can't copy this structure, so we just move the pointer to it */ | 391 | /* We can't copy this structure, so we just move the pointer to it */ |
314 | client->creds = ctx->client_creds; | 392 | client->creds = ctx->client_creds; |
315 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | 393 | ctx->client_creds = GSS_C_NO_CREDENTIAL; |
@@ -357,7 +435,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
357 | 435 | ||
358 | /* Privileged */ | 436 | /* Privileged */ |
359 | int | 437 | int |
360 | ssh_gssapi_userok(char *user) | 438 | ssh_gssapi_userok(char *user, struct passwd *pw) |
361 | { | 439 | { |
362 | OM_uint32 lmin; | 440 | OM_uint32 lmin; |
363 | 441 | ||
@@ -367,9 +445,11 @@ ssh_gssapi_userok(char *user) | |||
367 | return 0; | 445 | return 0; |
368 | } | 446 | } |
369 | if (gssapi_client.mech && gssapi_client.mech->userok) | 447 | if (gssapi_client.mech && gssapi_client.mech->userok) |
370 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) | 448 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) { |
449 | gssapi_client.used = 1; | ||
450 | gssapi_client.store.owner = pw; | ||
371 | return 1; | 451 | return 1; |
372 | else { | 452 | } else { |
373 | /* Destroy delegated credentials if userok fails */ | 453 | /* Destroy delegated credentials if userok fails */ |
374 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 454 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
375 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 455 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
@@ -383,14 +463,90 @@ ssh_gssapi_userok(char *user) | |||
383 | return (0); | 463 | return (0); |
384 | } | 464 | } |
385 | 465 | ||
386 | /* Privileged */ | 466 | /* These bits are only used for rekeying. The unpriviledged child is running |
387 | OM_uint32 | 467 | * as the user, the monitor is root. |
388 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 468 | * |
469 | * In the child, we want to : | ||
470 | * *) Ask the monitor to store our credentials into the store we specify | ||
471 | * *) If it succeeds, maybe do a PAM update | ||
472 | */ | ||
473 | |||
474 | /* Stuff for PAM */ | ||
475 | |||
476 | #ifdef USE_PAM | ||
477 | static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg, | ||
478 | struct pam_response **resp, void *data) | ||
389 | { | 479 | { |
390 | ctx->major = gss_verify_mic(&ctx->minor, ctx->context, | 480 | return (PAM_CONV_ERR); |
391 | gssbuf, gssmic, NULL); | 481 | } |
482 | #endif | ||
392 | 483 | ||
393 | return (ctx->major); | 484 | void |
485 | ssh_gssapi_rekey_creds(void) { | ||
486 | int ok; | ||
487 | int ret; | ||
488 | #ifdef USE_PAM | ||
489 | pam_handle_t *pamh = NULL; | ||
490 | struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL}; | ||
491 | char *envstr; | ||
492 | #endif | ||
493 | |||
494 | if (gssapi_client.store.filename == NULL && | ||
495 | gssapi_client.store.envval == NULL && | ||
496 | gssapi_client.store.envvar == NULL) | ||
497 | return; | ||
498 | |||
499 | ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store)); | ||
500 | |||
501 | if (!ok) | ||
502 | return; | ||
503 | |||
504 | debug("Rekeyed credentials stored successfully"); | ||
505 | |||
506 | /* Actually managing to play with the ssh pam stack from here will | ||
507 | * be next to impossible. In any case, we may want different options | ||
508 | * for rekeying. So, use our own :) | ||
509 | */ | ||
510 | #ifdef USE_PAM | ||
511 | if (!use_privsep) { | ||
512 | debug("Not even going to try and do PAM with privsep disabled"); | ||
513 | return; | ||
514 | } | ||
515 | |||
516 | ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name, | ||
517 | &pamconv, &pamh); | ||
518 | if (ret) | ||
519 | return; | ||
520 | |||
521 | xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, | ||
522 | gssapi_client.store.envval); | ||
523 | |||
524 | ret = pam_putenv(pamh, envstr); | ||
525 | if (!ret) | ||
526 | pam_setcred(pamh, PAM_REINITIALIZE_CRED); | ||
527 | pam_end(pamh, PAM_SUCCESS); | ||
528 | #endif | ||
529 | } | ||
530 | |||
531 | int | ||
532 | ssh_gssapi_update_creds(ssh_gssapi_ccache *store) { | ||
533 | int ok = 0; | ||
534 | |||
535 | /* Check we've got credentials to store */ | ||
536 | if (!gssapi_client.updated) | ||
537 | return 0; | ||
538 | |||
539 | gssapi_client.updated = 0; | ||
540 | |||
541 | temporarily_use_uid(gssapi_client.store.owner); | ||
542 | if (gssapi_client.mech && gssapi_client.mech->updatecreds) | ||
543 | ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client); | ||
544 | else | ||
545 | debug("No update function for this mechanism"); | ||
546 | |||
547 | restore_uid(); | ||
548 | |||
549 | return ok; | ||
394 | } | 550 | } |
395 | 551 | ||
396 | #endif | 552 | #endif |
@@ -54,6 +54,10 @@ | |||
54 | #include "sshbuf.h" | 54 | #include "sshbuf.h" |
55 | #include "digest.h" | 55 | #include "digest.h" |
56 | 56 | ||
57 | #ifdef GSSAPI | ||
58 | #include "ssh-gss.h" | ||
59 | #endif | ||
60 | |||
57 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 61 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
58 | # if defined(HAVE_EVP_SHA256) | 62 | # if defined(HAVE_EVP_SHA256) |
59 | # define evp_ssh_sha256 EVP_sha256 | 63 | # define evp_ssh_sha256 EVP_sha256 |
@@ -113,6 +117,14 @@ static const struct kexalg kexalgs[] = { | |||
113 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ | 117 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ |
114 | { NULL, -1, -1, -1}, | 118 | { NULL, -1, -1, -1}, |
115 | }; | 119 | }; |
120 | static const struct kexalg kexalg_prefixes[] = { | ||
121 | #ifdef GSSAPI | ||
122 | { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
123 | { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
124 | { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
125 | #endif | ||
126 | { NULL, -1, -1, -1 }, | ||
127 | }; | ||
116 | 128 | ||
117 | char * | 129 | char * |
118 | kex_alg_list(char sep) | 130 | kex_alg_list(char sep) |
@@ -145,6 +157,10 @@ kex_alg_by_name(const char *name) | |||
145 | if (strcmp(k->name, name) == 0) | 157 | if (strcmp(k->name, name) == 0) |
146 | return k; | 158 | return k; |
147 | } | 159 | } |
160 | for (k = kexalg_prefixes; k->name != NULL; k++) { | ||
161 | if (strncmp(k->name, name, strlen(k->name)) == 0) | ||
162 | return k; | ||
163 | } | ||
148 | return NULL; | 164 | return NULL; |
149 | } | 165 | } |
150 | 166 | ||
@@ -597,6 +613,9 @@ kex_free(struct kex *kex) | |||
597 | sshbuf_free(kex->peer); | 613 | sshbuf_free(kex->peer); |
598 | sshbuf_free(kex->my); | 614 | sshbuf_free(kex->my); |
599 | free(kex->session_id); | 615 | free(kex->session_id); |
616 | #ifdef GSSAPI | ||
617 | free(kex->gss_host); | ||
618 | #endif /* GSSAPI */ | ||
600 | free(kex->client_version_string); | 619 | free(kex->client_version_string); |
601 | free(kex->server_version_string); | 620 | free(kex->server_version_string); |
602 | free(kex->failed_choice); | 621 | free(kex->failed_choice); |
@@ -99,6 +99,9 @@ enum kex_exchange { | |||
99 | KEX_DH_GEX_SHA256, | 99 | KEX_DH_GEX_SHA256, |
100 | KEX_ECDH_SHA2, | 100 | KEX_ECDH_SHA2, |
101 | KEX_C25519_SHA256, | 101 | KEX_C25519_SHA256, |
102 | KEX_GSS_GRP1_SHA1, | ||
103 | KEX_GSS_GRP14_SHA1, | ||
104 | KEX_GSS_GEX_SHA1, | ||
102 | KEX_MAX | 105 | KEX_MAX |
103 | }; | 106 | }; |
104 | 107 | ||
@@ -147,6 +150,12 @@ struct kex { | |||
147 | u_int flags; | 150 | u_int flags; |
148 | int hash_alg; | 151 | int hash_alg; |
149 | int ec_nid; | 152 | int ec_nid; |
153 | #ifdef GSSAPI | ||
154 | int gss_deleg_creds; | ||
155 | int gss_trust_dns; | ||
156 | char *gss_host; | ||
157 | char *gss_client; | ||
158 | #endif | ||
150 | char *client_version_string; | 159 | char *client_version_string; |
151 | char *server_version_string; | 160 | char *server_version_string; |
152 | char *failed_choice; | 161 | char *failed_choice; |
@@ -197,6 +206,11 @@ int kexecdh_server(struct ssh *); | |||
197 | int kexc25519_client(struct ssh *); | 206 | int kexc25519_client(struct ssh *); |
198 | int kexc25519_server(struct ssh *); | 207 | int kexc25519_server(struct ssh *); |
199 | 208 | ||
209 | #ifdef GSSAPI | ||
210 | int kexgss_client(struct ssh *); | ||
211 | int kexgss_server(struct ssh *); | ||
212 | #endif | ||
213 | |||
200 | int kex_dh_hash(int, const char *, const char *, | 214 | int kex_dh_hash(int, const char *, const char *, |
201 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 215 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
202 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); | 216 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); |
diff --git a/kexgssc.c b/kexgssc.c new file mode 100644 index 000000000..10447f2b0 --- /dev/null +++ b/kexgssc.c | |||
@@ -0,0 +1,338 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | #ifdef GSSAPI | ||
28 | |||
29 | #include "includes.h" | ||
30 | |||
31 | #include <openssl/crypto.h> | ||
32 | #include <openssl/bn.h> | ||
33 | |||
34 | #include <string.h> | ||
35 | |||
36 | #include "xmalloc.h" | ||
37 | #include "buffer.h" | ||
38 | #include "ssh2.h" | ||
39 | #include "key.h" | ||
40 | #include "cipher.h" | ||
41 | #include "kex.h" | ||
42 | #include "log.h" | ||
43 | #include "packet.h" | ||
44 | #include "dh.h" | ||
45 | #include "digest.h" | ||
46 | |||
47 | #include "ssh-gss.h" | ||
48 | |||
49 | int | ||
50 | kexgss_client(struct ssh *ssh) { | ||
51 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | ||
52 | gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr; | ||
53 | Gssctxt *ctxt; | ||
54 | OM_uint32 maj_status, min_status, ret_flags; | ||
55 | u_int klen, kout, slen = 0, strlen; | ||
56 | DH *dh; | ||
57 | BIGNUM *dh_server_pub = NULL; | ||
58 | BIGNUM *shared_secret = NULL; | ||
59 | BIGNUM *p = NULL; | ||
60 | BIGNUM *g = NULL; | ||
61 | u_char *kbuf; | ||
62 | u_char *serverhostkey = NULL; | ||
63 | u_char *empty = ""; | ||
64 | char *msg; | ||
65 | int type = 0; | ||
66 | int first = 1; | ||
67 | int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX; | ||
68 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
69 | size_t hashlen; | ||
70 | |||
71 | /* Initialise our GSSAPI world */ | ||
72 | ssh_gssapi_build_ctx(&ctxt); | ||
73 | if (ssh_gssapi_id_kex(ctxt, ssh->kex->name, ssh->kex->kex_type) | ||
74 | == GSS_C_NO_OID) | ||
75 | fatal("Couldn't identify host exchange"); | ||
76 | |||
77 | if (ssh_gssapi_import_name(ctxt, ssh->kex->gss_host)) | ||
78 | fatal("Couldn't import hostname"); | ||
79 | |||
80 | if (ssh->kex->gss_client && | ||
81 | ssh_gssapi_client_identity(ctxt, ssh->kex->gss_client)) | ||
82 | fatal("Couldn't acquire client credentials"); | ||
83 | |||
84 | switch (ssh->kex->kex_type) { | ||
85 | case KEX_GSS_GRP1_SHA1: | ||
86 | dh = dh_new_group1(); | ||
87 | break; | ||
88 | case KEX_GSS_GRP14_SHA1: | ||
89 | dh = dh_new_group14(); | ||
90 | break; | ||
91 | case KEX_GSS_GEX_SHA1: | ||
92 | debug("Doing group exchange\n"); | ||
93 | nbits = dh_estimate(ssh->kex->we_need * 8); | ||
94 | packet_start(SSH2_MSG_KEXGSS_GROUPREQ); | ||
95 | packet_put_int(min); | ||
96 | packet_put_int(nbits); | ||
97 | packet_put_int(max); | ||
98 | |||
99 | packet_send(); | ||
100 | |||
101 | packet_read_expect(SSH2_MSG_KEXGSS_GROUP); | ||
102 | |||
103 | if ((p = BN_new()) == NULL) | ||
104 | fatal("BN_new() failed"); | ||
105 | packet_get_bignum2(p); | ||
106 | if ((g = BN_new()) == NULL) | ||
107 | fatal("BN_new() failed"); | ||
108 | packet_get_bignum2(g); | ||
109 | packet_check_eom(); | ||
110 | |||
111 | if (BN_num_bits(p) < min || BN_num_bits(p) > max) | ||
112 | fatal("GSSGRP_GEX group out of range: %d !< %d !< %d", | ||
113 | min, BN_num_bits(p), max); | ||
114 | |||
115 | dh = dh_new_group(g, p); | ||
116 | break; | ||
117 | default: | ||
118 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
119 | } | ||
120 | |||
121 | /* Step 1 - e is dh->pub_key */ | ||
122 | dh_gen_key(dh, ssh->kex->we_need * 8); | ||
123 | |||
124 | /* This is f, we initialise it now to make life easier */ | ||
125 | dh_server_pub = BN_new(); | ||
126 | if (dh_server_pub == NULL) | ||
127 | fatal("dh_server_pub == NULL"); | ||
128 | |||
129 | token_ptr = GSS_C_NO_BUFFER; | ||
130 | |||
131 | do { | ||
132 | debug("Calling gss_init_sec_context"); | ||
133 | |||
134 | maj_status = ssh_gssapi_init_ctx(ctxt, | ||
135 | ssh->kex->gss_deleg_creds, token_ptr, &send_tok, | ||
136 | &ret_flags); | ||
137 | |||
138 | if (GSS_ERROR(maj_status)) { | ||
139 | if (send_tok.length != 0) { | ||
140 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
141 | packet_put_string(send_tok.value, | ||
142 | send_tok.length); | ||
143 | } | ||
144 | fatal("gss_init_context failed"); | ||
145 | } | ||
146 | |||
147 | /* If we've got an old receive buffer get rid of it */ | ||
148 | if (token_ptr != GSS_C_NO_BUFFER) | ||
149 | free(recv_tok.value); | ||
150 | |||
151 | if (maj_status == GSS_S_COMPLETE) { | ||
152 | /* If mutual state flag is not true, kex fails */ | ||
153 | if (!(ret_flags & GSS_C_MUTUAL_FLAG)) | ||
154 | fatal("Mutual authentication failed"); | ||
155 | |||
156 | /* If integ avail flag is not true kex fails */ | ||
157 | if (!(ret_flags & GSS_C_INTEG_FLAG)) | ||
158 | fatal("Integrity check failed"); | ||
159 | } | ||
160 | |||
161 | /* | ||
162 | * If we have data to send, then the last message that we | ||
163 | * received cannot have been a 'complete'. | ||
164 | */ | ||
165 | if (send_tok.length != 0) { | ||
166 | if (first) { | ||
167 | packet_start(SSH2_MSG_KEXGSS_INIT); | ||
168 | packet_put_string(send_tok.value, | ||
169 | send_tok.length); | ||
170 | packet_put_bignum2(dh->pub_key); | ||
171 | first = 0; | ||
172 | } else { | ||
173 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
174 | packet_put_string(send_tok.value, | ||
175 | send_tok.length); | ||
176 | } | ||
177 | packet_send(); | ||
178 | gss_release_buffer(&min_status, &send_tok); | ||
179 | |||
180 | /* If we've sent them data, they should reply */ | ||
181 | do { | ||
182 | type = packet_read(); | ||
183 | if (type == SSH2_MSG_KEXGSS_HOSTKEY) { | ||
184 | debug("Received KEXGSS_HOSTKEY"); | ||
185 | if (serverhostkey) | ||
186 | fatal("Server host key received more than once"); | ||
187 | serverhostkey = | ||
188 | packet_get_string(&slen); | ||
189 | } | ||
190 | } while (type == SSH2_MSG_KEXGSS_HOSTKEY); | ||
191 | |||
192 | switch (type) { | ||
193 | case SSH2_MSG_KEXGSS_CONTINUE: | ||
194 | debug("Received GSSAPI_CONTINUE"); | ||
195 | if (maj_status == GSS_S_COMPLETE) | ||
196 | fatal("GSSAPI Continue received from server when complete"); | ||
197 | recv_tok.value = packet_get_string(&strlen); | ||
198 | recv_tok.length = strlen; | ||
199 | break; | ||
200 | case SSH2_MSG_KEXGSS_COMPLETE: | ||
201 | debug("Received GSSAPI_COMPLETE"); | ||
202 | packet_get_bignum2(dh_server_pub); | ||
203 | msg_tok.value = packet_get_string(&strlen); | ||
204 | msg_tok.length = strlen; | ||
205 | |||
206 | /* Is there a token included? */ | ||
207 | if (packet_get_char()) { | ||
208 | recv_tok.value= | ||
209 | packet_get_string(&strlen); | ||
210 | recv_tok.length = strlen; | ||
211 | /* If we're already complete - protocol error */ | ||
212 | if (maj_status == GSS_S_COMPLETE) | ||
213 | packet_disconnect("Protocol error: received token when complete"); | ||
214 | } else { | ||
215 | /* No token included */ | ||
216 | if (maj_status != GSS_S_COMPLETE) | ||
217 | packet_disconnect("Protocol error: did not receive final token"); | ||
218 | } | ||
219 | break; | ||
220 | case SSH2_MSG_KEXGSS_ERROR: | ||
221 | debug("Received Error"); | ||
222 | maj_status = packet_get_int(); | ||
223 | min_status = packet_get_int(); | ||
224 | msg = packet_get_string(NULL); | ||
225 | (void) packet_get_string_ptr(NULL); | ||
226 | fatal("GSSAPI Error: \n%.400s",msg); | ||
227 | default: | ||
228 | packet_disconnect("Protocol error: didn't expect packet type %d", | ||
229 | type); | ||
230 | } | ||
231 | token_ptr = &recv_tok; | ||
232 | } else { | ||
233 | /* No data, and not complete */ | ||
234 | if (maj_status != GSS_S_COMPLETE) | ||
235 | fatal("Not complete, and no token output"); | ||
236 | } | ||
237 | } while (maj_status & GSS_S_CONTINUE_NEEDED); | ||
238 | |||
239 | /* | ||
240 | * We _must_ have received a COMPLETE message in reply from the | ||
241 | * server, which will have set dh_server_pub and msg_tok | ||
242 | */ | ||
243 | |||
244 | if (type != SSH2_MSG_KEXGSS_COMPLETE) | ||
245 | fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it"); | ||
246 | |||
247 | /* Check f in range [1, p-1] */ | ||
248 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
249 | packet_disconnect("bad server public DH value"); | ||
250 | |||
251 | /* compute K=f^x mod p */ | ||
252 | klen = DH_size(dh); | ||
253 | kbuf = xmalloc(klen); | ||
254 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
255 | if (kout < 0) | ||
256 | fatal("DH_compute_key: failed"); | ||
257 | |||
258 | shared_secret = BN_new(); | ||
259 | if (shared_secret == NULL) | ||
260 | fatal("kexgss_client: BN_new failed"); | ||
261 | |||
262 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
263 | fatal("kexdh_client: BN_bin2bn failed"); | ||
264 | |||
265 | memset(kbuf, 0, klen); | ||
266 | free(kbuf); | ||
267 | |||
268 | hashlen = sizeof(hash); | ||
269 | switch (ssh->kex->kex_type) { | ||
270 | case KEX_GSS_GRP1_SHA1: | ||
271 | case KEX_GSS_GRP14_SHA1: | ||
272 | kex_dh_hash( | ||
273 | ssh->kex->hash_alg, | ||
274 | ssh->kex->client_version_string, | ||
275 | ssh->kex->server_version_string, | ||
276 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
277 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
278 | (serverhostkey ? serverhostkey : empty), slen, | ||
279 | dh->pub_key, /* e */ | ||
280 | dh_server_pub, /* f */ | ||
281 | shared_secret, /* K */ | ||
282 | hash, &hashlen | ||
283 | ); | ||
284 | break; | ||
285 | case KEX_GSS_GEX_SHA1: | ||
286 | kexgex_hash( | ||
287 | ssh->kex->hash_alg, | ||
288 | ssh->kex->client_version_string, | ||
289 | ssh->kex->server_version_string, | ||
290 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
291 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
292 | (serverhostkey ? serverhostkey : empty), slen, | ||
293 | min, nbits, max, | ||
294 | dh->p, dh->g, | ||
295 | dh->pub_key, | ||
296 | dh_server_pub, | ||
297 | shared_secret, | ||
298 | hash, &hashlen | ||
299 | ); | ||
300 | break; | ||
301 | default: | ||
302 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
303 | } | ||
304 | |||
305 | gssbuf.value = hash; | ||
306 | gssbuf.length = hashlen; | ||
307 | |||
308 | /* Verify that the hash matches the MIC we just got. */ | ||
309 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) | ||
310 | packet_disconnect("Hash's MIC didn't verify"); | ||
311 | |||
312 | free(msg_tok.value); | ||
313 | |||
314 | DH_free(dh); | ||
315 | free(serverhostkey); | ||
316 | BN_clear_free(dh_server_pub); | ||
317 | |||
318 | /* save session id */ | ||
319 | if (ssh->kex->session_id == NULL) { | ||
320 | ssh->kex->session_id_len = hashlen; | ||
321 | ssh->kex->session_id = xmalloc(ssh->kex->session_id_len); | ||
322 | memcpy(ssh->kex->session_id, hash, ssh->kex->session_id_len); | ||
323 | } | ||
324 | |||
325 | if (ssh->kex->gss_deleg_creds) | ||
326 | ssh_gssapi_credentials_updated(ctxt); | ||
327 | |||
328 | if (gss_kex_context == NULL) | ||
329 | gss_kex_context = ctxt; | ||
330 | else | ||
331 | ssh_gssapi_delete_ctx(&ctxt); | ||
332 | |||
333 | kex_derive_keys_bn(ssh, hash, hashlen, shared_secret); | ||
334 | BN_clear_free(shared_secret); | ||
335 | return kex_send_newkeys(ssh); | ||
336 | } | ||
337 | |||
338 | #endif /* GSSAPI */ | ||
diff --git a/kexgsss.c b/kexgsss.c new file mode 100644 index 000000000..38ca082ba --- /dev/null +++ b/kexgsss.c | |||
@@ -0,0 +1,295 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | #ifdef GSSAPI | ||
28 | |||
29 | #include <string.h> | ||
30 | |||
31 | #include <openssl/crypto.h> | ||
32 | #include <openssl/bn.h> | ||
33 | |||
34 | #include "xmalloc.h" | ||
35 | #include "buffer.h" | ||
36 | #include "ssh2.h" | ||
37 | #include "key.h" | ||
38 | #include "cipher.h" | ||
39 | #include "kex.h" | ||
40 | #include "log.h" | ||
41 | #include "packet.h" | ||
42 | #include "dh.h" | ||
43 | #include "ssh-gss.h" | ||
44 | #include "monitor_wrap.h" | ||
45 | #include "misc.h" | ||
46 | #include "servconf.h" | ||
47 | #include "digest.h" | ||
48 | |||
49 | extern ServerOptions options; | ||
50 | |||
51 | int | ||
52 | kexgss_server(struct ssh *ssh) | ||
53 | { | ||
54 | OM_uint32 maj_status, min_status; | ||
55 | |||
56 | /* | ||
57 | * Some GSSAPI implementations use the input value of ret_flags (an | ||
58 | * output variable) as a means of triggering mechanism specific | ||
59 | * features. Initializing it to zero avoids inadvertently | ||
60 | * activating this non-standard behaviour. | ||
61 | */ | ||
62 | |||
63 | OM_uint32 ret_flags = 0; | ||
64 | gss_buffer_desc gssbuf, recv_tok, msg_tok; | ||
65 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | ||
66 | Gssctxt *ctxt = NULL; | ||
67 | u_int slen, klen, kout; | ||
68 | u_char *kbuf; | ||
69 | DH *dh; | ||
70 | int min = -1, max = -1, nbits = -1; | ||
71 | BIGNUM *shared_secret = NULL; | ||
72 | BIGNUM *dh_client_pub = NULL; | ||
73 | int type = 0; | ||
74 | gss_OID oid; | ||
75 | char *mechs; | ||
76 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
77 | size_t hashlen; | ||
78 | |||
79 | /* Initialise GSSAPI */ | ||
80 | |||
81 | /* If we're rekeying, privsep means that some of the private structures | ||
82 | * in the GSSAPI code are no longer available. This kludges them back | ||
83 | * into life | ||
84 | */ | ||
85 | if (!ssh_gssapi_oid_table_ok()) { | ||
86 | mechs = ssh_gssapi_server_mechanisms(); | ||
87 | free(mechs); | ||
88 | } | ||
89 | |||
90 | debug2("%s: Identifying %s", __func__, ssh->kex->name); | ||
91 | oid = ssh_gssapi_id_kex(NULL, ssh->kex->name, ssh->kex->kex_type); | ||
92 | if (oid == GSS_C_NO_OID) | ||
93 | fatal("Unknown gssapi mechanism"); | ||
94 | |||
95 | debug2("%s: Acquiring credentials", __func__); | ||
96 | |||
97 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) | ||
98 | fatal("Unable to acquire credentials for the server"); | ||
99 | |||
100 | switch (ssh->kex->kex_type) { | ||
101 | case KEX_GSS_GRP1_SHA1: | ||
102 | dh = dh_new_group1(); | ||
103 | break; | ||
104 | case KEX_GSS_GRP14_SHA1: | ||
105 | dh = dh_new_group14(); | ||
106 | break; | ||
107 | case KEX_GSS_GEX_SHA1: | ||
108 | debug("Doing group exchange"); | ||
109 | packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ); | ||
110 | min = packet_get_int(); | ||
111 | nbits = packet_get_int(); | ||
112 | max = packet_get_int(); | ||
113 | packet_check_eom(); | ||
114 | if (max < min || nbits < min || max < nbits) | ||
115 | fatal("GSS_GEX, bad parameters: %d !< %d !< %d", | ||
116 | min, nbits, max); | ||
117 | dh = PRIVSEP(choose_dh(MAX(DH_GRP_MIN, min), | ||
118 | nbits, MIN(DH_GRP_MAX, max))); | ||
119 | if (dh == NULL) | ||
120 | packet_disconnect("Protocol error: no matching group found"); | ||
121 | |||
122 | packet_start(SSH2_MSG_KEXGSS_GROUP); | ||
123 | packet_put_bignum2(dh->p); | ||
124 | packet_put_bignum2(dh->g); | ||
125 | packet_send(); | ||
126 | |||
127 | packet_write_wait(); | ||
128 | break; | ||
129 | default: | ||
130 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
131 | } | ||
132 | |||
133 | dh_gen_key(dh, ssh->kex->we_need * 8); | ||
134 | |||
135 | do { | ||
136 | debug("Wait SSH2_MSG_GSSAPI_INIT"); | ||
137 | type = packet_read(); | ||
138 | switch(type) { | ||
139 | case SSH2_MSG_KEXGSS_INIT: | ||
140 | if (dh_client_pub != NULL) | ||
141 | fatal("Received KEXGSS_INIT after initialising"); | ||
142 | recv_tok.value = packet_get_string(&slen); | ||
143 | recv_tok.length = slen; | ||
144 | |||
145 | if ((dh_client_pub = BN_new()) == NULL) | ||
146 | fatal("dh_client_pub == NULL"); | ||
147 | |||
148 | packet_get_bignum2(dh_client_pub); | ||
149 | |||
150 | /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */ | ||
151 | break; | ||
152 | case SSH2_MSG_KEXGSS_CONTINUE: | ||
153 | recv_tok.value = packet_get_string(&slen); | ||
154 | recv_tok.length = slen; | ||
155 | break; | ||
156 | default: | ||
157 | packet_disconnect( | ||
158 | "Protocol error: didn't expect packet type %d", | ||
159 | type); | ||
160 | } | ||
161 | |||
162 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, | ||
163 | &send_tok, &ret_flags)); | ||
164 | |||
165 | free(recv_tok.value); | ||
166 | |||
167 | if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) | ||
168 | fatal("Zero length token output when incomplete"); | ||
169 | |||
170 | if (dh_client_pub == NULL) | ||
171 | fatal("No client public key"); | ||
172 | |||
173 | if (maj_status & GSS_S_CONTINUE_NEEDED) { | ||
174 | debug("Sending GSSAPI_CONTINUE"); | ||
175 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
176 | packet_put_string(send_tok.value, send_tok.length); | ||
177 | packet_send(); | ||
178 | gss_release_buffer(&min_status, &send_tok); | ||
179 | } | ||
180 | } while (maj_status & GSS_S_CONTINUE_NEEDED); | ||
181 | |||
182 | if (GSS_ERROR(maj_status)) { | ||
183 | if (send_tok.length > 0) { | ||
184 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
185 | packet_put_string(send_tok.value, send_tok.length); | ||
186 | packet_send(); | ||
187 | } | ||
188 | fatal("accept_ctx died"); | ||
189 | } | ||
190 | |||
191 | if (!(ret_flags & GSS_C_MUTUAL_FLAG)) | ||
192 | fatal("Mutual Authentication flag wasn't set"); | ||
193 | |||
194 | if (!(ret_flags & GSS_C_INTEG_FLAG)) | ||
195 | fatal("Integrity flag wasn't set"); | ||
196 | |||
197 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
198 | packet_disconnect("bad client public DH value"); | ||
199 | |||
200 | klen = DH_size(dh); | ||
201 | kbuf = xmalloc(klen); | ||
202 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
203 | if (kout < 0) | ||
204 | fatal("DH_compute_key: failed"); | ||
205 | |||
206 | shared_secret = BN_new(); | ||
207 | if (shared_secret == NULL) | ||
208 | fatal("kexgss_server: BN_new failed"); | ||
209 | |||
210 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
211 | fatal("kexgss_server: BN_bin2bn failed"); | ||
212 | |||
213 | memset(kbuf, 0, klen); | ||
214 | free(kbuf); | ||
215 | |||
216 | hashlen = sizeof(hash); | ||
217 | switch (ssh->kex->kex_type) { | ||
218 | case KEX_GSS_GRP1_SHA1: | ||
219 | case KEX_GSS_GRP14_SHA1: | ||
220 | kex_dh_hash( | ||
221 | ssh->kex->hash_alg, | ||
222 | ssh->kex->client_version_string, ssh->kex->server_version_string, | ||
223 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
224 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
225 | NULL, 0, /* Change this if we start sending host keys */ | ||
226 | dh_client_pub, dh->pub_key, shared_secret, | ||
227 | hash, &hashlen | ||
228 | ); | ||
229 | break; | ||
230 | case KEX_GSS_GEX_SHA1: | ||
231 | kexgex_hash( | ||
232 | ssh->kex->hash_alg, | ||
233 | ssh->kex->client_version_string, ssh->kex->server_version_string, | ||
234 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
235 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
236 | NULL, 0, | ||
237 | min, nbits, max, | ||
238 | dh->p, dh->g, | ||
239 | dh_client_pub, | ||
240 | dh->pub_key, | ||
241 | shared_secret, | ||
242 | hash, &hashlen | ||
243 | ); | ||
244 | break; | ||
245 | default: | ||
246 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
247 | } | ||
248 | |||
249 | BN_clear_free(dh_client_pub); | ||
250 | |||
251 | if (ssh->kex->session_id == NULL) { | ||
252 | ssh->kex->session_id_len = hashlen; | ||
253 | ssh->kex->session_id = xmalloc(ssh->kex->session_id_len); | ||
254 | memcpy(ssh->kex->session_id, hash, ssh->kex->session_id_len); | ||
255 | } | ||
256 | |||
257 | gssbuf.value = hash; | ||
258 | gssbuf.length = hashlen; | ||
259 | |||
260 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok)))) | ||
261 | fatal("Couldn't get MIC"); | ||
262 | |||
263 | packet_start(SSH2_MSG_KEXGSS_COMPLETE); | ||
264 | packet_put_bignum2(dh->pub_key); | ||
265 | packet_put_string(msg_tok.value,msg_tok.length); | ||
266 | |||
267 | if (send_tok.length != 0) { | ||
268 | packet_put_char(1); /* true */ | ||
269 | packet_put_string(send_tok.value, send_tok.length); | ||
270 | } else { | ||
271 | packet_put_char(0); /* false */ | ||
272 | } | ||
273 | packet_send(); | ||
274 | |||
275 | gss_release_buffer(&min_status, &send_tok); | ||
276 | gss_release_buffer(&min_status, &msg_tok); | ||
277 | |||
278 | if (gss_kex_context == NULL) | ||
279 | gss_kex_context = ctxt; | ||
280 | else | ||
281 | ssh_gssapi_delete_ctx(&ctxt); | ||
282 | |||
283 | DH_free(dh); | ||
284 | |||
285 | kex_derive_keys_bn(ssh, hash, hashlen, shared_secret); | ||
286 | BN_clear_free(shared_secret); | ||
287 | kex_send_newkeys(ssh); | ||
288 | |||
289 | /* If this was a rekey, then save out any delegated credentials we | ||
290 | * just exchanged. */ | ||
291 | if (options.gss_store_rekey) | ||
292 | ssh_gssapi_rekey_creds(); | ||
293 | return 0; | ||
294 | } | ||
295 | #endif /* GSSAPI */ | ||
@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); | |||
157 | int mm_answer_gss_accept_ctx(int, Buffer *); | 157 | int mm_answer_gss_accept_ctx(int, Buffer *); |
158 | int mm_answer_gss_userok(int, Buffer *); | 158 | int mm_answer_gss_userok(int, Buffer *); |
159 | int mm_answer_gss_checkmic(int, Buffer *); | 159 | int mm_answer_gss_checkmic(int, Buffer *); |
160 | int mm_answer_gss_sign(int, Buffer *); | ||
161 | int mm_answer_gss_updatecreds(int, Buffer *); | ||
160 | #endif | 162 | #endif |
161 | 163 | ||
162 | #ifdef SSH_AUDIT_EVENTS | 164 | #ifdef SSH_AUDIT_EVENTS |
@@ -230,11 +232,18 @@ struct mon_table mon_dispatch_proto20[] = { | |||
230 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, | 232 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, |
231 | {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, | 233 | {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, |
232 | {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, | 234 | {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, |
235 | {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, | ||
233 | #endif | 236 | #endif |
234 | {0, 0, NULL} | 237 | {0, 0, NULL} |
235 | }; | 238 | }; |
236 | 239 | ||
237 | struct mon_table mon_dispatch_postauth20[] = { | 240 | struct mon_table mon_dispatch_postauth20[] = { |
241 | #ifdef GSSAPI | ||
242 | {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, | ||
243 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, | ||
244 | {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign}, | ||
245 | {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds}, | ||
246 | #endif | ||
238 | #ifdef WITH_OPENSSL | 247 | #ifdef WITH_OPENSSL |
239 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, | 248 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
240 | #endif | 249 | #endif |
@@ -301,6 +310,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
301 | /* Permit requests for moduli and signatures */ | 310 | /* Permit requests for moduli and signatures */ |
302 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 311 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
303 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 312 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
313 | #ifdef GSSAPI | ||
314 | /* and for the GSSAPI key exchange */ | ||
315 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | ||
316 | #endif | ||
304 | 317 | ||
305 | /* The first few requests do not require asynchronous access */ | 318 | /* The first few requests do not require asynchronous access */ |
306 | while (!authenticated) { | 319 | while (!authenticated) { |
@@ -400,6 +413,10 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
400 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 413 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
401 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 414 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
402 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 415 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
416 | #ifdef GSSAPI | ||
417 | /* and for the GSSAPI key exchange */ | ||
418 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | ||
419 | #endif | ||
403 | 420 | ||
404 | if (!no_pty_flag) { | 421 | if (!no_pty_flag) { |
405 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 422 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
@@ -1601,6 +1618,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1601 | # endif | 1618 | # endif |
1602 | #endif /* WITH_OPENSSL */ | 1619 | #endif /* WITH_OPENSSL */ |
1603 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 1620 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
1621 | #ifdef GSSAPI | ||
1622 | if (options.gss_keyex) { | ||
1623 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | ||
1624 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
1625 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | ||
1626 | } | ||
1627 | #endif | ||
1604 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1628 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1605 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1629 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1606 | kex->host_key_index=&get_hostkey_index; | 1630 | kex->host_key_index=&get_hostkey_index; |
@@ -1680,8 +1704,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
1680 | OM_uint32 major; | 1704 | OM_uint32 major; |
1681 | u_int len; | 1705 | u_int len; |
1682 | 1706 | ||
1683 | if (!options.gss_authentication) | 1707 | if (!options.gss_authentication && !options.gss_keyex) |
1684 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1708 | fatal("%s: GSSAPI not enabled", __func__); |
1685 | 1709 | ||
1686 | goid.elements = buffer_get_string(m, &len); | 1710 | goid.elements = buffer_get_string(m, &len); |
1687 | goid.length = len; | 1711 | goid.length = len; |
@@ -1710,8 +1734,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
1710 | OM_uint32 flags = 0; /* GSI needs this */ | 1734 | OM_uint32 flags = 0; /* GSI needs this */ |
1711 | u_int len; | 1735 | u_int len; |
1712 | 1736 | ||
1713 | if (!options.gss_authentication) | 1737 | if (!options.gss_authentication && !options.gss_keyex) |
1714 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1738 | fatal("%s: GSSAPI not enabled", __func__); |
1715 | 1739 | ||
1716 | in.value = buffer_get_string(m, &len); | 1740 | in.value = buffer_get_string(m, &len); |
1717 | in.length = len; | 1741 | in.length = len; |
@@ -1730,6 +1754,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
1730 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 1754 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
1731 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 1755 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
1732 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 1756 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
1757 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); | ||
1733 | } | 1758 | } |
1734 | return (0); | 1759 | return (0); |
1735 | } | 1760 | } |
@@ -1741,8 +1766,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
1741 | OM_uint32 ret; | 1766 | OM_uint32 ret; |
1742 | u_int len; | 1767 | u_int len; |
1743 | 1768 | ||
1744 | if (!options.gss_authentication) | 1769 | if (!options.gss_authentication && !options.gss_keyex) |
1745 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1770 | fatal("%s: GSSAPI not enabled", __func__); |
1746 | 1771 | ||
1747 | gssbuf.value = buffer_get_string(m, &len); | 1772 | gssbuf.value = buffer_get_string(m, &len); |
1748 | gssbuf.length = len; | 1773 | gssbuf.length = len; |
@@ -1770,10 +1795,11 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
1770 | { | 1795 | { |
1771 | int authenticated; | 1796 | int authenticated; |
1772 | 1797 | ||
1773 | if (!options.gss_authentication) | 1798 | if (!options.gss_authentication && !options.gss_keyex) |
1774 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1799 | fatal("%s: GSSAPI not enabled", __func__); |
1775 | 1800 | ||
1776 | authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); | 1801 | authenticated = authctxt->valid && |
1802 | ssh_gssapi_userok(authctxt->user, authctxt->pw); | ||
1777 | 1803 | ||
1778 | buffer_clear(m); | 1804 | buffer_clear(m); |
1779 | buffer_put_int(m, authenticated); | 1805 | buffer_put_int(m, authenticated); |
@@ -1786,5 +1812,76 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
1786 | /* Monitor loop will terminate if authenticated */ | 1812 | /* Monitor loop will terminate if authenticated */ |
1787 | return (authenticated); | 1813 | return (authenticated); |
1788 | } | 1814 | } |
1815 | |||
1816 | int | ||
1817 | mm_answer_gss_sign(int socket, Buffer *m) | ||
1818 | { | ||
1819 | gss_buffer_desc data; | ||
1820 | gss_buffer_desc hash = GSS_C_EMPTY_BUFFER; | ||
1821 | OM_uint32 major, minor; | ||
1822 | u_int len; | ||
1823 | |||
1824 | if (!options.gss_authentication && !options.gss_keyex) | ||
1825 | fatal("%s: GSSAPI not enabled", __func__); | ||
1826 | |||
1827 | data.value = buffer_get_string(m, &len); | ||
1828 | data.length = len; | ||
1829 | if (data.length != 20) | ||
1830 | fatal("%s: data length incorrect: %d", __func__, | ||
1831 | (int) data.length); | ||
1832 | |||
1833 | /* Save the session ID on the first time around */ | ||
1834 | if (session_id2_len == 0) { | ||
1835 | session_id2_len = data.length; | ||
1836 | session_id2 = xmalloc(session_id2_len); | ||
1837 | memcpy(session_id2, data.value, session_id2_len); | ||
1838 | } | ||
1839 | major = ssh_gssapi_sign(gsscontext, &data, &hash); | ||
1840 | |||
1841 | free(data.value); | ||
1842 | |||
1843 | buffer_clear(m); | ||
1844 | buffer_put_int(m, major); | ||
1845 | buffer_put_string(m, hash.value, hash.length); | ||
1846 | |||
1847 | mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); | ||
1848 | |||
1849 | gss_release_buffer(&minor, &hash); | ||
1850 | |||
1851 | /* Turn on getpwnam permissions */ | ||
1852 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | ||
1853 | |||
1854 | /* And credential updating, for when rekeying */ | ||
1855 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1); | ||
1856 | |||
1857 | return (0); | ||
1858 | } | ||
1859 | |||
1860 | int | ||
1861 | mm_answer_gss_updatecreds(int socket, Buffer *m) { | ||
1862 | ssh_gssapi_ccache store; | ||
1863 | int ok; | ||
1864 | |||
1865 | if (!options.gss_authentication && !options.gss_keyex) | ||
1866 | fatal("%s: GSSAPI not enabled", __func__); | ||
1867 | |||
1868 | store.filename = buffer_get_string(m, NULL); | ||
1869 | store.envvar = buffer_get_string(m, NULL); | ||
1870 | store.envval = buffer_get_string(m, NULL); | ||
1871 | |||
1872 | ok = ssh_gssapi_update_creds(&store); | ||
1873 | |||
1874 | free(store.filename); | ||
1875 | free(store.envvar); | ||
1876 | free(store.envval); | ||
1877 | |||
1878 | buffer_clear(m); | ||
1879 | buffer_put_int(m, ok); | ||
1880 | |||
1881 | mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m); | ||
1882 | |||
1883 | return(0); | ||
1884 | } | ||
1885 | |||
1789 | #endif /* GSSAPI */ | 1886 | #endif /* GSSAPI */ |
1790 | 1887 | ||
@@ -65,6 +65,9 @@ enum monitor_reqtype { | |||
65 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, | 65 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, |
66 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, | 66 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, |
67 | 67 | ||
68 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, | ||
69 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, | ||
70 | |||
68 | }; | 71 | }; |
69 | 72 | ||
70 | struct monitor { | 73 | struct monitor { |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 64ff92885..d5cb640af 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -924,7 +924,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
924 | } | 924 | } |
925 | 925 | ||
926 | int | 926 | int |
927 | mm_ssh_gssapi_userok(char *user) | 927 | mm_ssh_gssapi_userok(char *user, struct passwd *pw) |
928 | { | 928 | { |
929 | Buffer m; | 929 | Buffer m; |
930 | int authenticated = 0; | 930 | int authenticated = 0; |
@@ -941,5 +941,50 @@ mm_ssh_gssapi_userok(char *user) | |||
941 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 941 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
942 | return (authenticated); | 942 | return (authenticated); |
943 | } | 943 | } |
944 | |||
945 | OM_uint32 | ||
946 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | ||
947 | { | ||
948 | Buffer m; | ||
949 | OM_uint32 major; | ||
950 | u_int len; | ||
951 | |||
952 | buffer_init(&m); | ||
953 | buffer_put_string(&m, data->value, data->length); | ||
954 | |||
955 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m); | ||
956 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m); | ||
957 | |||
958 | major = buffer_get_int(&m); | ||
959 | hash->value = buffer_get_string(&m, &len); | ||
960 | hash->length = len; | ||
961 | |||
962 | buffer_free(&m); | ||
963 | |||
964 | return(major); | ||
965 | } | ||
966 | |||
967 | int | ||
968 | mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | ||
969 | { | ||
970 | Buffer m; | ||
971 | int ok; | ||
972 | |||
973 | buffer_init(&m); | ||
974 | |||
975 | buffer_put_cstring(&m, store->filename ? store->filename : ""); | ||
976 | buffer_put_cstring(&m, store->envvar ? store->envvar : ""); | ||
977 | buffer_put_cstring(&m, store->envval ? store->envval : ""); | ||
978 | |||
979 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m); | ||
980 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m); | ||
981 | |||
982 | ok = buffer_get_int(&m); | ||
983 | |||
984 | buffer_free(&m); | ||
985 | |||
986 | return (ok); | ||
987 | } | ||
988 | |||
944 | #endif /* GSSAPI */ | 989 | #endif /* GSSAPI */ |
945 | 990 | ||
diff --git a/monitor_wrap.h b/monitor_wrap.h index db5902f55..8f9dd8961 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -55,8 +55,10 @@ int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); | |||
55 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 55 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
56 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, | 56 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, |
57 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); | 57 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |
58 | int mm_ssh_gssapi_userok(char *user); | 58 | int mm_ssh_gssapi_userok(char *user, struct passwd *); |
59 | OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 59 | OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
60 | OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | ||
61 | int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *); | ||
60 | #endif | 62 | #endif |
61 | 63 | ||
62 | #ifdef USE_PAM | 64 | #ifdef USE_PAM |
diff --git a/readconf.c b/readconf.c index fa3fab8f0..7902ef26b 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -160,6 +160,8 @@ typedef enum { | |||
160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
163 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
164 | oGssServerIdentity, | ||
163 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 165 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
164 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 166 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
165 | oHashKnownHosts, | 167 | oHashKnownHosts, |
@@ -205,10 +207,19 @@ static struct { | |||
205 | { "afstokenpassing", oUnsupported }, | 207 | { "afstokenpassing", oUnsupported }, |
206 | #if defined(GSSAPI) | 208 | #if defined(GSSAPI) |
207 | { "gssapiauthentication", oGssAuthentication }, | 209 | { "gssapiauthentication", oGssAuthentication }, |
210 | { "gssapikeyexchange", oGssKeyEx }, | ||
208 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 211 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
212 | { "gssapitrustdns", oGssTrustDns }, | ||
213 | { "gssapiclientidentity", oGssClientIdentity }, | ||
214 | { "gssapiserveridentity", oGssServerIdentity }, | ||
215 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
209 | #else | 216 | #else |
210 | { "gssapiauthentication", oUnsupported }, | 217 | { "gssapiauthentication", oUnsupported }, |
218 | { "gssapikeyexchange", oUnsupported }, | ||
211 | { "gssapidelegatecredentials", oUnsupported }, | 219 | { "gssapidelegatecredentials", oUnsupported }, |
220 | { "gssapitrustdns", oUnsupported }, | ||
221 | { "gssapiclientidentity", oUnsupported }, | ||
222 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
212 | #endif | 223 | #endif |
213 | { "fallbacktorsh", oDeprecated }, | 224 | { "fallbacktorsh", oDeprecated }, |
214 | { "usersh", oDeprecated }, | 225 | { "usersh", oDeprecated }, |
@@ -961,10 +972,30 @@ parse_time: | |||
961 | intptr = &options->gss_authentication; | 972 | intptr = &options->gss_authentication; |
962 | goto parse_flag; | 973 | goto parse_flag; |
963 | 974 | ||
975 | case oGssKeyEx: | ||
976 | intptr = &options->gss_keyex; | ||
977 | goto parse_flag; | ||
978 | |||
964 | case oGssDelegateCreds: | 979 | case oGssDelegateCreds: |
965 | intptr = &options->gss_deleg_creds; | 980 | intptr = &options->gss_deleg_creds; |
966 | goto parse_flag; | 981 | goto parse_flag; |
967 | 982 | ||
983 | case oGssTrustDns: | ||
984 | intptr = &options->gss_trust_dns; | ||
985 | goto parse_flag; | ||
986 | |||
987 | case oGssClientIdentity: | ||
988 | charptr = &options->gss_client_identity; | ||
989 | goto parse_string; | ||
990 | |||
991 | case oGssServerIdentity: | ||
992 | charptr = &options->gss_server_identity; | ||
993 | goto parse_string; | ||
994 | |||
995 | case oGssRenewalRekey: | ||
996 | intptr = &options->gss_renewal_rekey; | ||
997 | goto parse_flag; | ||
998 | |||
968 | case oBatchMode: | 999 | case oBatchMode: |
969 | intptr = &options->batch_mode; | 1000 | intptr = &options->batch_mode; |
970 | goto parse_flag; | 1001 | goto parse_flag; |
@@ -1776,7 +1807,12 @@ initialize_options(Options * options) | |||
1776 | options->pubkey_authentication = -1; | 1807 | options->pubkey_authentication = -1; |
1777 | options->challenge_response_authentication = -1; | 1808 | options->challenge_response_authentication = -1; |
1778 | options->gss_authentication = -1; | 1809 | options->gss_authentication = -1; |
1810 | options->gss_keyex = -1; | ||
1779 | options->gss_deleg_creds = -1; | 1811 | options->gss_deleg_creds = -1; |
1812 | options->gss_trust_dns = -1; | ||
1813 | options->gss_renewal_rekey = -1; | ||
1814 | options->gss_client_identity = NULL; | ||
1815 | options->gss_server_identity = NULL; | ||
1780 | options->password_authentication = -1; | 1816 | options->password_authentication = -1; |
1781 | options->kbd_interactive_authentication = -1; | 1817 | options->kbd_interactive_authentication = -1; |
1782 | options->kbd_interactive_devices = NULL; | 1818 | options->kbd_interactive_devices = NULL; |
@@ -1920,8 +1956,14 @@ fill_default_options(Options * options) | |||
1920 | options->challenge_response_authentication = 1; | 1956 | options->challenge_response_authentication = 1; |
1921 | if (options->gss_authentication == -1) | 1957 | if (options->gss_authentication == -1) |
1922 | options->gss_authentication = 0; | 1958 | options->gss_authentication = 0; |
1959 | if (options->gss_keyex == -1) | ||
1960 | options->gss_keyex = 0; | ||
1923 | if (options->gss_deleg_creds == -1) | 1961 | if (options->gss_deleg_creds == -1) |
1924 | options->gss_deleg_creds = 0; | 1962 | options->gss_deleg_creds = 0; |
1963 | if (options->gss_trust_dns == -1) | ||
1964 | options->gss_trust_dns = 0; | ||
1965 | if (options->gss_renewal_rekey == -1) | ||
1966 | options->gss_renewal_rekey = 0; | ||
1925 | if (options->password_authentication == -1) | 1967 | if (options->password_authentication == -1) |
1926 | options->password_authentication = 1; | 1968 | options->password_authentication = 1; |
1927 | if (options->kbd_interactive_authentication == -1) | 1969 | if (options->kbd_interactive_authentication == -1) |
diff --git a/readconf.h b/readconf.h index cef55f71c..fd3d7c75d 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -45,7 +45,12 @@ typedef struct { | |||
45 | int challenge_response_authentication; | 45 | int challenge_response_authentication; |
46 | /* Try S/Key or TIS, authentication. */ | 46 | /* Try S/Key or TIS, authentication. */ |
47 | int gss_authentication; /* Try GSS authentication */ | 47 | int gss_authentication; /* Try GSS authentication */ |
48 | int gss_keyex; /* Try GSS key exchange */ | ||
48 | int gss_deleg_creds; /* Delegate GSS credentials */ | 49 | int gss_deleg_creds; /* Delegate GSS credentials */ |
50 | int gss_trust_dns; /* Trust DNS for GSS canonicalization */ | ||
51 | int gss_renewal_rekey; /* Credential renewal forces rekey */ | ||
52 | char *gss_client_identity; /* Principal to initiate GSSAPI with */ | ||
53 | char *gss_server_identity; /* GSSAPI target principal */ | ||
49 | int password_authentication; /* Try password | 54 | int password_authentication; /* Try password |
50 | * authentication. */ | 55 | * authentication. */ |
51 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 56 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
diff --git a/servconf.c b/servconf.c index 795ddbab7..14c81fa92 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options) | |||
113 | options->kerberos_ticket_cleanup = -1; | 113 | options->kerberos_ticket_cleanup = -1; |
114 | options->kerberos_get_afs_token = -1; | 114 | options->kerberos_get_afs_token = -1; |
115 | options->gss_authentication=-1; | 115 | options->gss_authentication=-1; |
116 | options->gss_keyex = -1; | ||
116 | options->gss_cleanup_creds = -1; | 117 | options->gss_cleanup_creds = -1; |
117 | options->gss_strict_acceptor = -1; | 118 | options->gss_strict_acceptor = -1; |
119 | options->gss_store_rekey = -1; | ||
118 | options->password_authentication = -1; | 120 | options->password_authentication = -1; |
119 | options->kbd_interactive_authentication = -1; | 121 | options->kbd_interactive_authentication = -1; |
120 | options->challenge_response_authentication = -1; | 122 | options->challenge_response_authentication = -1; |
@@ -267,10 +269,14 @@ fill_default_server_options(ServerOptions *options) | |||
267 | options->kerberos_get_afs_token = 0; | 269 | options->kerberos_get_afs_token = 0; |
268 | if (options->gss_authentication == -1) | 270 | if (options->gss_authentication == -1) |
269 | options->gss_authentication = 0; | 271 | options->gss_authentication = 0; |
272 | if (options->gss_keyex == -1) | ||
273 | options->gss_keyex = 0; | ||
270 | if (options->gss_cleanup_creds == -1) | 274 | if (options->gss_cleanup_creds == -1) |
271 | options->gss_cleanup_creds = 1; | 275 | options->gss_cleanup_creds = 1; |
272 | if (options->gss_strict_acceptor == -1) | 276 | if (options->gss_strict_acceptor == -1) |
273 | options->gss_strict_acceptor = 0; | 277 | options->gss_strict_acceptor = 1; |
278 | if (options->gss_store_rekey == -1) | ||
279 | options->gss_store_rekey = 0; | ||
274 | if (options->password_authentication == -1) | 280 | if (options->password_authentication == -1) |
275 | options->password_authentication = 1; | 281 | options->password_authentication = 1; |
276 | if (options->kbd_interactive_authentication == -1) | 282 | if (options->kbd_interactive_authentication == -1) |
@@ -407,6 +413,7 @@ typedef enum { | |||
407 | sHostKeyAlgorithms, | 413 | sHostKeyAlgorithms, |
408 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 414 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
409 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 415 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
416 | sGssKeyEx, sGssStoreRekey, | ||
410 | sAcceptEnv, sPermitTunnel, | 417 | sAcceptEnv, sPermitTunnel, |
411 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 418 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
412 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 419 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -480,12 +487,20 @@ static struct { | |||
480 | #ifdef GSSAPI | 487 | #ifdef GSSAPI |
481 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 488 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
482 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 489 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
490 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
483 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 491 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
492 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
493 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
484 | #else | 494 | #else |
485 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 495 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
486 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 496 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
497 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
487 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 498 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
499 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
500 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
488 | #endif | 501 | #endif |
502 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
503 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
489 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 504 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
490 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 505 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
491 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 506 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1207,6 +1222,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1207 | intptr = &options->gss_authentication; | 1222 | intptr = &options->gss_authentication; |
1208 | goto parse_flag; | 1223 | goto parse_flag; |
1209 | 1224 | ||
1225 | case sGssKeyEx: | ||
1226 | intptr = &options->gss_keyex; | ||
1227 | goto parse_flag; | ||
1228 | |||
1210 | case sGssCleanupCreds: | 1229 | case sGssCleanupCreds: |
1211 | intptr = &options->gss_cleanup_creds; | 1230 | intptr = &options->gss_cleanup_creds; |
1212 | goto parse_flag; | 1231 | goto parse_flag; |
@@ -1215,6 +1234,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1215 | intptr = &options->gss_strict_acceptor; | 1234 | intptr = &options->gss_strict_acceptor; |
1216 | goto parse_flag; | 1235 | goto parse_flag; |
1217 | 1236 | ||
1237 | case sGssStoreRekey: | ||
1238 | intptr = &options->gss_store_rekey; | ||
1239 | goto parse_flag; | ||
1240 | |||
1218 | case sPasswordAuthentication: | 1241 | case sPasswordAuthentication: |
1219 | intptr = &options->password_authentication; | 1242 | intptr = &options->password_authentication; |
1220 | goto parse_flag; | 1243 | goto parse_flag; |
@@ -2248,7 +2271,10 @@ dump_config(ServerOptions *o) | |||
2248 | #endif | 2271 | #endif |
2249 | #ifdef GSSAPI | 2272 | #ifdef GSSAPI |
2250 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2273 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2274 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2251 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2275 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2276 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2277 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2252 | #endif | 2278 | #endif |
2253 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2279 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2254 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2280 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |
diff --git a/servconf.h b/servconf.h index 5853a9747..90dfa4c24 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -112,8 +112,10 @@ typedef struct { | |||
112 | int kerberos_get_afs_token; /* If true, try to get AFS token if | 112 | int kerberos_get_afs_token; /* If true, try to get AFS token if |
113 | * authenticated with Kerberos. */ | 113 | * authenticated with Kerberos. */ |
114 | int gss_authentication; /* If true, permit GSSAPI authentication */ | 114 | int gss_authentication; /* If true, permit GSSAPI authentication */ |
115 | int gss_keyex; /* If true, permit GSSAPI key exchange */ | ||
115 | int gss_cleanup_creds; /* If true, destroy cred cache on logout */ | 116 | int gss_cleanup_creds; /* If true, destroy cred cache on logout */ |
116 | int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ | 117 | int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ |
118 | int gss_store_rekey; | ||
117 | int password_authentication; /* If true, permit password | 119 | int password_authentication; /* If true, permit password |
118 | * authentication. */ | 120 | * authentication. */ |
119 | int kbd_interactive_authentication; /* If true, permit */ | 121 | int kbd_interactive_authentication; /* If true, permit */ |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -61,10 +61,22 @@ | |||
61 | 61 | ||
62 | #define SSH_GSS_OIDTYPE 0x06 | 62 | #define SSH_GSS_OIDTYPE 0x06 |
63 | 63 | ||
64 | #define SSH2_MSG_KEXGSS_INIT 30 | ||
65 | #define SSH2_MSG_KEXGSS_CONTINUE 31 | ||
66 | #define SSH2_MSG_KEXGSS_COMPLETE 32 | ||
67 | #define SSH2_MSG_KEXGSS_HOSTKEY 33 | ||
68 | #define SSH2_MSG_KEXGSS_ERROR 34 | ||
69 | #define SSH2_MSG_KEXGSS_GROUPREQ 40 | ||
70 | #define SSH2_MSG_KEXGSS_GROUP 41 | ||
71 | #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" | ||
72 | #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" | ||
73 | #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" | ||
74 | |||
64 | typedef struct { | 75 | typedef struct { |
65 | char *filename; | 76 | char *filename; |
66 | char *envvar; | 77 | char *envvar; |
67 | char *envval; | 78 | char *envval; |
79 | struct passwd *owner; | ||
68 | void *data; | 80 | void *data; |
69 | } ssh_gssapi_ccache; | 81 | } ssh_gssapi_ccache; |
70 | 82 | ||
@@ -72,8 +84,11 @@ typedef struct { | |||
72 | gss_buffer_desc displayname; | 84 | gss_buffer_desc displayname; |
73 | gss_buffer_desc exportedname; | 85 | gss_buffer_desc exportedname; |
74 | gss_cred_id_t creds; | 86 | gss_cred_id_t creds; |
87 | gss_name_t name; | ||
75 | struct ssh_gssapi_mech_struct *mech; | 88 | struct ssh_gssapi_mech_struct *mech; |
76 | ssh_gssapi_ccache store; | 89 | ssh_gssapi_ccache store; |
90 | int used; | ||
91 | int updated; | ||
77 | } ssh_gssapi_client; | 92 | } ssh_gssapi_client; |
78 | 93 | ||
79 | typedef struct ssh_gssapi_mech_struct { | 94 | typedef struct ssh_gssapi_mech_struct { |
@@ -84,6 +99,7 @@ typedef struct ssh_gssapi_mech_struct { | |||
84 | int (*userok) (ssh_gssapi_client *, char *); | 99 | int (*userok) (ssh_gssapi_client *, char *); |
85 | int (*localname) (ssh_gssapi_client *, char **); | 100 | int (*localname) (ssh_gssapi_client *, char **); |
86 | void (*storecreds) (ssh_gssapi_client *); | 101 | void (*storecreds) (ssh_gssapi_client *); |
102 | int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); | ||
87 | } ssh_gssapi_mech; | 103 | } ssh_gssapi_mech; |
88 | 104 | ||
89 | typedef struct { | 105 | typedef struct { |
@@ -94,10 +110,11 @@ typedef struct { | |||
94 | gss_OID oid; /* client */ | 110 | gss_OID oid; /* client */ |
95 | gss_cred_id_t creds; /* server */ | 111 | gss_cred_id_t creds; /* server */ |
96 | gss_name_t client; /* server */ | 112 | gss_name_t client; /* server */ |
97 | gss_cred_id_t client_creds; /* server */ | 113 | gss_cred_id_t client_creds; /* both */ |
98 | } Gssctxt; | 114 | } Gssctxt; |
99 | 115 | ||
100 | extern ssh_gssapi_mech *supported_mechs[]; | 116 | extern ssh_gssapi_mech *supported_mechs[]; |
117 | extern Gssctxt *gss_kex_context; | ||
101 | 118 | ||
102 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 119 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
103 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 120 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
@@ -119,16 +136,32 @@ void ssh_gssapi_build_ctx(Gssctxt **); | |||
119 | void ssh_gssapi_delete_ctx(Gssctxt **); | 136 | void ssh_gssapi_delete_ctx(Gssctxt **); |
120 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 137 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
121 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); | 138 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); |
122 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 139 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); |
140 | OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); | ||
141 | int ssh_gssapi_credentials_updated(Gssctxt *); | ||
123 | 142 | ||
124 | /* In the server */ | 143 | /* In the server */ |
144 | typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, | ||
145 | const char *); | ||
146 | char *ssh_gssapi_client_mechanisms(const char *, const char *); | ||
147 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, | ||
148 | const char *); | ||
149 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | ||
150 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, | ||
151 | const char *); | ||
125 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 152 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
126 | int ssh_gssapi_userok(char *name); | 153 | int ssh_gssapi_userok(char *name, struct passwd *); |
127 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 154 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
128 | void ssh_gssapi_do_child(char ***, u_int *); | 155 | void ssh_gssapi_do_child(char ***, u_int *); |
129 | void ssh_gssapi_cleanup_creds(void); | 156 | void ssh_gssapi_cleanup_creds(void); |
130 | void ssh_gssapi_storecreds(void); | 157 | void ssh_gssapi_storecreds(void); |
131 | 158 | ||
159 | char *ssh_gssapi_server_mechanisms(void); | ||
160 | int ssh_gssapi_oid_table_ok(void); | ||
161 | |||
162 | int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); | ||
163 | void ssh_gssapi_rekey_creds(void); | ||
164 | |||
132 | #endif /* GSSAPI */ | 165 | #endif /* GSSAPI */ |
133 | 166 | ||
134 | #endif /* _SSH_GSS_H */ | 167 | #endif /* _SSH_GSS_H */ |
diff --git a/ssh_config b/ssh_config index 90fb63f0b..4e879cd20 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -26,6 +26,8 @@ | |||
26 | # HostbasedAuthentication no | 26 | # HostbasedAuthentication no |
27 | # GSSAPIAuthentication no | 27 | # GSSAPIAuthentication no |
28 | # GSSAPIDelegateCredentials no | 28 | # GSSAPIDelegateCredentials no |
29 | # GSSAPIKeyExchange no | ||
30 | # GSSAPITrustDNS no | ||
29 | # BatchMode no | 31 | # BatchMode no |
30 | # CheckHostIP yes | 32 | # CheckHostIP yes |
31 | # AddressFamily any | 33 | # AddressFamily any |
diff --git a/ssh_config.5 b/ssh_config.5 index 591365f34..a7703fc77 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -748,10 +748,42 @@ The default is | |||
748 | Specifies whether user authentication based on GSSAPI is allowed. | 748 | Specifies whether user authentication based on GSSAPI is allowed. |
749 | The default is | 749 | The default is |
750 | .Cm no . | 750 | .Cm no . |
751 | .It Cm GSSAPIKeyExchange | ||
752 | Specifies whether key exchange based on GSSAPI may be used. When using | ||
753 | GSSAPI key exchange the server need not have a host key. | ||
754 | The default is | ||
755 | .Cm no . | ||
756 | .It Cm GSSAPIClientIdentity | ||
757 | If set, specifies the GSSAPI client identity that ssh should use when | ||
758 | connecting to the server. The default is unset, which means that the default | ||
759 | identity will be used. | ||
760 | .It Cm GSSAPIServerIdentity | ||
761 | If set, specifies the GSSAPI server identity that ssh should expect when | ||
762 | connecting to the server. The default is unset, which means that the | ||
763 | expected GSSAPI server identity will be determined from the target | ||
764 | hostname. | ||
751 | .It Cm GSSAPIDelegateCredentials | 765 | .It Cm GSSAPIDelegateCredentials |
752 | Forward (delegate) credentials to the server. | 766 | Forward (delegate) credentials to the server. |
753 | The default is | 767 | The default is |
754 | .Cm no . | 768 | .Cm no . |
769 | .It Cm GSSAPIRenewalForcesRekey | ||
770 | If set to | ||
771 | .Cm yes | ||
772 | then renewal of the client's GSSAPI credentials will force the rekeying of the | ||
773 | ssh connection. With a compatible server, this can delegate the renewed | ||
774 | credentials to a session on the server. | ||
775 | The default is | ||
776 | .Cm no . | ||
777 | .It Cm GSSAPITrustDns | ||
778 | Set to | ||
779 | .Cm yes | ||
780 | to indicate that the DNS is trusted to securely canonicalize | ||
781 | the name of the host being connected to. If | ||
782 | .Cm no , | ||
783 | the hostname entered on the | ||
784 | command line will be passed untouched to the GSSAPI library. | ||
785 | The default is | ||
786 | .Cm no . | ||
755 | .It Cm HashKnownHosts | 787 | .It Cm HashKnownHosts |
756 | Indicates that | 788 | Indicates that |
757 | .Xr ssh 1 | 789 | .Xr ssh 1 |
diff --git a/sshconnect2.c b/sshconnect2.c index 103a2b36a..d534e6190 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
162 | struct kex *kex; | 162 | struct kex *kex; |
163 | int r; | 163 | int r; |
164 | 164 | ||
165 | #ifdef GSSAPI | ||
166 | char *orig = NULL, *gss = NULL; | ||
167 | char *gss_host = NULL; | ||
168 | #endif | ||
169 | |||
165 | xxx_host = host; | 170 | xxx_host = host; |
166 | xxx_hostaddr = hostaddr; | 171 | xxx_hostaddr = hostaddr; |
167 | 172 | ||
@@ -192,6 +197,36 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
192 | order_hostkeyalgs(host, hostaddr, port)); | 197 | order_hostkeyalgs(host, hostaddr, port)); |
193 | } | 198 | } |
194 | 199 | ||
200 | #ifdef GSSAPI | ||
201 | if (options.gss_keyex) { | ||
202 | /* Add the GSSAPI mechanisms currently supported on this | ||
203 | * client to the key exchange algorithm proposal */ | ||
204 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
205 | |||
206 | if (options.gss_server_identity) | ||
207 | gss_host = xstrdup(options.gss_server_identity); | ||
208 | else if (options.gss_trust_dns) | ||
209 | gss_host = remote_hostname(active_state); | ||
210 | else | ||
211 | gss_host = xstrdup(host); | ||
212 | |||
213 | gss = ssh_gssapi_client_mechanisms(gss_host, | ||
214 | options.gss_client_identity); | ||
215 | if (gss) { | ||
216 | debug("Offering GSSAPI proposal: %s", gss); | ||
217 | xasprintf(&myproposal[PROPOSAL_KEX_ALGS], | ||
218 | "%s,%s", gss, orig); | ||
219 | |||
220 | /* If we've got GSSAPI algorithms, then we also | ||
221 | * support the 'null' hostkey, as a last resort */ | ||
222 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
223 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
224 | "%s,null", orig); | ||
225 | free(gss); | ||
226 | } | ||
227 | } | ||
228 | #endif | ||
229 | |||
195 | if (options.rekey_limit || options.rekey_interval) | 230 | if (options.rekey_limit || options.rekey_interval) |
196 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 231 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
197 | (time_t)options.rekey_interval); | 232 | (time_t)options.rekey_interval); |
@@ -213,10 +248,26 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
213 | # endif | 248 | # endif |
214 | #endif | 249 | #endif |
215 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 250 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
251 | #ifdef GSSAPI | ||
252 | if (options.gss_keyex) { | ||
253 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; | ||
254 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client; | ||
255 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client; | ||
256 | } | ||
257 | #endif | ||
216 | kex->client_version_string=client_version_string; | 258 | kex->client_version_string=client_version_string; |
217 | kex->server_version_string=server_version_string; | 259 | kex->server_version_string=server_version_string; |
218 | kex->verify_host_key=&verify_host_key_callback; | 260 | kex->verify_host_key=&verify_host_key_callback; |
219 | 261 | ||
262 | #ifdef GSSAPI | ||
263 | if (options.gss_keyex) { | ||
264 | kex->gss_deleg_creds = options.gss_deleg_creds; | ||
265 | kex->gss_trust_dns = options.gss_trust_dns; | ||
266 | kex->gss_client = options.gss_client_identity; | ||
267 | kex->gss_host = gss_host; | ||
268 | } | ||
269 | #endif | ||
270 | |||
220 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 271 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
221 | 272 | ||
222 | /* remove ext-info from the KEX proposals for rekeying */ | 273 | /* remove ext-info from the KEX proposals for rekeying */ |
@@ -311,6 +362,7 @@ int input_gssapi_token(int type, u_int32_t, void *); | |||
311 | int input_gssapi_hash(int type, u_int32_t, void *); | 362 | int input_gssapi_hash(int type, u_int32_t, void *); |
312 | int input_gssapi_error(int, u_int32_t, void *); | 363 | int input_gssapi_error(int, u_int32_t, void *); |
313 | int input_gssapi_errtok(int, u_int32_t, void *); | 364 | int input_gssapi_errtok(int, u_int32_t, void *); |
365 | int userauth_gsskeyex(Authctxt *authctxt); | ||
314 | #endif | 366 | #endif |
315 | 367 | ||
316 | void userauth(Authctxt *, char *); | 368 | void userauth(Authctxt *, char *); |
@@ -327,6 +379,11 @@ static char *authmethods_get(void); | |||
327 | 379 | ||
328 | Authmethod authmethods[] = { | 380 | Authmethod authmethods[] = { |
329 | #ifdef GSSAPI | 381 | #ifdef GSSAPI |
382 | {"gssapi-keyex", | ||
383 | userauth_gsskeyex, | ||
384 | NULL, | ||
385 | &options.gss_authentication, | ||
386 | NULL}, | ||
330 | {"gssapi-with-mic", | 387 | {"gssapi-with-mic", |
331 | userauth_gssapi, | 388 | userauth_gssapi, |
332 | NULL, | 389 | NULL, |
@@ -652,25 +709,40 @@ userauth_gssapi(Authctxt *authctxt) | |||
652 | static u_int mech = 0; | 709 | static u_int mech = 0; |
653 | OM_uint32 min; | 710 | OM_uint32 min; |
654 | int ok = 0; | 711 | int ok = 0; |
712 | char *gss_host; | ||
713 | |||
714 | if (options.gss_server_identity) | ||
715 | gss_host = xstrdup(options.gss_server_identity); | ||
716 | else if (options.gss_trust_dns) | ||
717 | gss_host = remote_hostname(active_state); | ||
718 | else | ||
719 | gss_host = xstrdup(authctxt->host); | ||
655 | 720 | ||
656 | /* Try one GSSAPI method at a time, rather than sending them all at | 721 | /* Try one GSSAPI method at a time, rather than sending them all at |
657 | * once. */ | 722 | * once. */ |
658 | 723 | ||
659 | if (gss_supported == NULL) | 724 | if (gss_supported == NULL) |
660 | gss_indicate_mechs(&min, &gss_supported); | 725 | if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) { |
726 | gss_supported = NULL; | ||
727 | free(gss_host); | ||
728 | return 0; | ||
729 | } | ||
661 | 730 | ||
662 | /* Check to see if the mechanism is usable before we offer it */ | 731 | /* Check to see if the mechanism is usable before we offer it */ |
663 | while (mech < gss_supported->count && !ok) { | 732 | while (mech < gss_supported->count && !ok) { |
664 | /* My DER encoding requires length<128 */ | 733 | /* My DER encoding requires length<128 */ |
665 | if (gss_supported->elements[mech].length < 128 && | 734 | if (gss_supported->elements[mech].length < 128 && |
666 | ssh_gssapi_check_mechanism(&gssctxt, | 735 | ssh_gssapi_check_mechanism(&gssctxt, |
667 | &gss_supported->elements[mech], authctxt->host)) { | 736 | &gss_supported->elements[mech], gss_host, |
737 | options.gss_client_identity)) { | ||
668 | ok = 1; /* Mechanism works */ | 738 | ok = 1; /* Mechanism works */ |
669 | } else { | 739 | } else { |
670 | mech++; | 740 | mech++; |
671 | } | 741 | } |
672 | } | 742 | } |
673 | 743 | ||
744 | free(gss_host); | ||
745 | |||
674 | if (!ok) | 746 | if (!ok) |
675 | return 0; | 747 | return 0; |
676 | 748 | ||
@@ -761,8 +833,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
761 | { | 833 | { |
762 | Authctxt *authctxt = ctxt; | 834 | Authctxt *authctxt = ctxt; |
763 | Gssctxt *gssctxt; | 835 | Gssctxt *gssctxt; |
764 | int oidlen; | 836 | u_int oidlen; |
765 | char *oidv; | 837 | u_char *oidv; |
766 | 838 | ||
767 | if (authctxt == NULL) | 839 | if (authctxt == NULL) |
768 | fatal("input_gssapi_response: no authentication context"); | 840 | fatal("input_gssapi_response: no authentication context"); |
@@ -875,6 +947,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) | |||
875 | free(lang); | 947 | free(lang); |
876 | return 0; | 948 | return 0; |
877 | } | 949 | } |
950 | |||
951 | int | ||
952 | userauth_gsskeyex(Authctxt *authctxt) | ||
953 | { | ||
954 | Buffer b; | ||
955 | gss_buffer_desc gssbuf; | ||
956 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; | ||
957 | OM_uint32 ms; | ||
958 | |||
959 | static int attempt = 0; | ||
960 | if (attempt++ >= 1) | ||
961 | return (0); | ||
962 | |||
963 | if (gss_kex_context == NULL) { | ||
964 | debug("No valid Key exchange context"); | ||
965 | return (0); | ||
966 | } | ||
967 | |||
968 | ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service, | ||
969 | "gssapi-keyex"); | ||
970 | |||
971 | gssbuf.value = buffer_ptr(&b); | ||
972 | gssbuf.length = buffer_len(&b); | ||
973 | |||
974 | if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) { | ||
975 | buffer_free(&b); | ||
976 | return (0); | ||
977 | } | ||
978 | |||
979 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | ||
980 | packet_put_cstring(authctxt->server_user); | ||
981 | packet_put_cstring(authctxt->service); | ||
982 | packet_put_cstring(authctxt->method->name); | ||
983 | packet_put_string(mic.value, mic.length); | ||
984 | packet_send(); | ||
985 | |||
986 | buffer_free(&b); | ||
987 | gss_release_buffer(&ms, &mic); | ||
988 | |||
989 | return (1); | ||
990 | } | ||
991 | |||
878 | #endif /* GSSAPI */ | 992 | #endif /* GSSAPI */ |
879 | 993 | ||
880 | int | 994 | int |
@@ -123,6 +123,10 @@ | |||
123 | #include "version.h" | 123 | #include "version.h" |
124 | #include "ssherr.h" | 124 | #include "ssherr.h" |
125 | 125 | ||
126 | #ifdef USE_SECURITY_SESSION_API | ||
127 | #include <Security/AuthSession.h> | ||
128 | #endif | ||
129 | |||
126 | /* Re-exec fds */ | 130 | /* Re-exec fds */ |
127 | #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) | 131 | #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) |
128 | #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) | 132 | #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) |
@@ -531,7 +535,7 @@ privsep_preauth_child(void) | |||
531 | 535 | ||
532 | #ifdef GSSAPI | 536 | #ifdef GSSAPI |
533 | /* Cache supported mechanism OIDs for later use */ | 537 | /* Cache supported mechanism OIDs for later use */ |
534 | if (options.gss_authentication) | 538 | if (options.gss_authentication || options.gss_keyex) |
535 | ssh_gssapi_prepare_supported_oids(); | 539 | ssh_gssapi_prepare_supported_oids(); |
536 | #endif | 540 | #endif |
537 | 541 | ||
@@ -1705,10 +1709,13 @@ main(int ac, char **av) | |||
1705 | key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); | 1709 | key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); |
1706 | free(fp); | 1710 | free(fp); |
1707 | } | 1711 | } |
1712 | #ifndef GSSAPI | ||
1713 | /* The GSSAPI key exchange can run without a host key */ | ||
1708 | if (!sensitive_data.have_ssh2_key) { | 1714 | if (!sensitive_data.have_ssh2_key) { |
1709 | logit("sshd: no hostkeys available -- exiting."); | 1715 | logit("sshd: no hostkeys available -- exiting."); |
1710 | exit(1); | 1716 | exit(1); |
1711 | } | 1717 | } |
1718 | #endif | ||
1712 | 1719 | ||
1713 | /* | 1720 | /* |
1714 | * Load certificates. They are stored in an array at identical | 1721 | * Load certificates. They are stored in an array at identical |
@@ -1978,6 +1985,60 @@ main(int ac, char **av) | |||
1978 | remote_ip, remote_port, laddr, ssh_local_port(ssh)); | 1985 | remote_ip, remote_port, laddr, ssh_local_port(ssh)); |
1979 | free(laddr); | 1986 | free(laddr); |
1980 | 1987 | ||
1988 | #ifdef USE_SECURITY_SESSION_API | ||
1989 | /* | ||
1990 | * Create a new security session for use by the new user login if | ||
1991 | * the current session is the root session or we are not launched | ||
1992 | * by inetd (eg: debugging mode or server mode). We do not | ||
1993 | * necessarily need to create a session if we are launched from | ||
1994 | * inetd because Panther xinetd will create a session for us. | ||
1995 | * | ||
1996 | * The only case where this logic will fail is if there is an | ||
1997 | * inetd running in a non-root session which is not creating | ||
1998 | * new sessions for us. Then all the users will end up in the | ||
1999 | * same session (bad). | ||
2000 | * | ||
2001 | * When the client exits, the session will be destroyed for us | ||
2002 | * automatically. | ||
2003 | * | ||
2004 | * We must create the session before any credentials are stored | ||
2005 | * (including AFS pags, which happens a few lines below). | ||
2006 | */ | ||
2007 | { | ||
2008 | OSStatus err = 0; | ||
2009 | SecuritySessionId sid = 0; | ||
2010 | SessionAttributeBits sattrs = 0; | ||
2011 | |||
2012 | err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); | ||
2013 | if (err) | ||
2014 | error("SessionGetInfo() failed with error %.8X", | ||
2015 | (unsigned) err); | ||
2016 | else | ||
2017 | debug("Current Session ID is %.8X / Session Attributes are %.8X", | ||
2018 | (unsigned) sid, (unsigned) sattrs); | ||
2019 | |||
2020 | if (inetd_flag && !(sattrs & sessionIsRoot)) | ||
2021 | debug("Running in inetd mode in a non-root session... " | ||
2022 | "assuming inetd created the session for us."); | ||
2023 | else { | ||
2024 | debug("Creating new security session..."); | ||
2025 | err = SessionCreate(0, sessionHasTTY | sessionIsRemote); | ||
2026 | if (err) | ||
2027 | error("SessionCreate() failed with error %.8X", | ||
2028 | (unsigned) err); | ||
2029 | |||
2030 | err = SessionGetInfo(callerSecuritySession, &sid, | ||
2031 | &sattrs); | ||
2032 | if (err) | ||
2033 | error("SessionGetInfo() failed with error %.8X", | ||
2034 | (unsigned) err); | ||
2035 | else | ||
2036 | debug("New Session ID is %.8X / Session Attributes are %.8X", | ||
2037 | (unsigned) sid, (unsigned) sattrs); | ||
2038 | } | ||
2039 | } | ||
2040 | #endif | ||
2041 | |||
1981 | /* | 2042 | /* |
1982 | * We don't want to listen forever unless the other side | 2043 | * We don't want to listen forever unless the other side |
1983 | * successfully authenticates itself. So we set up an alarm which is | 2044 | * successfully authenticates itself. So we set up an alarm which is |
@@ -2159,6 +2220,48 @@ do_ssh2_kex(void) | |||
2159 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 2220 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
2160 | list_hostkey_types()); | 2221 | list_hostkey_types()); |
2161 | 2222 | ||
2223 | #ifdef GSSAPI | ||
2224 | { | ||
2225 | char *orig; | ||
2226 | char *gss = NULL; | ||
2227 | char *newstr = NULL; | ||
2228 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
2229 | |||
2230 | /* | ||
2231 | * If we don't have a host key, then there's no point advertising | ||
2232 | * the other key exchange algorithms | ||
2233 | */ | ||
2234 | |||
2235 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
2236 | orig = NULL; | ||
2237 | |||
2238 | if (options.gss_keyex) | ||
2239 | gss = ssh_gssapi_server_mechanisms(); | ||
2240 | else | ||
2241 | gss = NULL; | ||
2242 | |||
2243 | if (gss && orig) | ||
2244 | xasprintf(&newstr, "%s,%s", gss, orig); | ||
2245 | else if (gss) | ||
2246 | newstr = gss; | ||
2247 | else if (orig) | ||
2248 | newstr = orig; | ||
2249 | |||
2250 | /* | ||
2251 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
2252 | * key alg, but we can't tell people about it unless its the only | ||
2253 | * host key algorithm we support | ||
2254 | */ | ||
2255 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
2256 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
2257 | |||
2258 | if (newstr) | ||
2259 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
2260 | else | ||
2261 | fatal("No supported key exchange algorithms"); | ||
2262 | } | ||
2263 | #endif | ||
2264 | |||
2162 | /* start key exchange */ | 2265 | /* start key exchange */ |
2163 | if ((r = kex_setup(active_state, myproposal)) != 0) | 2266 | if ((r = kex_setup(active_state, myproposal)) != 0) |
2164 | fatal("kex_setup: %s", ssh_err(r)); | 2267 | fatal("kex_setup: %s", ssh_err(r)); |
@@ -2176,6 +2279,13 @@ do_ssh2_kex(void) | |||
2176 | # endif | 2279 | # endif |
2177 | #endif | 2280 | #endif |
2178 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 2281 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
2282 | #ifdef GSSAPI | ||
2283 | if (options.gss_keyex) { | ||
2284 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | ||
2285 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
2286 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | ||
2287 | } | ||
2288 | #endif | ||
2179 | kex->server = 1; | 2289 | kex->server = 1; |
2180 | kex->client_version_string=client_version_string; | 2290 | kex->client_version_string=client_version_string; |
2181 | kex->server_version_string=server_version_string; | 2291 | kex->server_version_string=server_version_string; |
diff --git a/sshd_config b/sshd_config index 9f09e4a6e..00e5a728b 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -70,6 +70,8 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
70 | # GSSAPI options | 70 | # GSSAPI options |
71 | #GSSAPIAuthentication no | 71 | #GSSAPIAuthentication no |
72 | #GSSAPICleanupCredentials yes | 72 | #GSSAPICleanupCredentials yes |
73 | #GSSAPIStrictAcceptorCheck yes | ||
74 | #GSSAPIKeyExchange no | ||
73 | 75 | ||
74 | # Set this to 'yes' to enable PAM authentication, account processing, | 76 | # Set this to 'yes' to enable PAM authentication, account processing, |
75 | # and session processing. If this is enabled, PAM authentication will | 77 | # and session processing. If this is enabled, PAM authentication will |
diff --git a/sshd_config.5 b/sshd_config.5 index 32b29d240..dd765b391 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -623,6 +623,11 @@ The default is | |||
623 | Specifies whether user authentication based on GSSAPI is allowed. | 623 | Specifies whether user authentication based on GSSAPI is allowed. |
624 | The default is | 624 | The default is |
625 | .Cm no . | 625 | .Cm no . |
626 | .It Cm GSSAPIKeyExchange | ||
627 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
628 | doesn't rely on ssh keys to verify host identity. | ||
629 | The default is | ||
630 | .Cm no . | ||
626 | .It Cm GSSAPICleanupCredentials | 631 | .It Cm GSSAPICleanupCredentials |
627 | Specifies whether to automatically destroy the user's credentials cache | 632 | Specifies whether to automatically destroy the user's credentials cache |
628 | on logout. | 633 | on logout. |
@@ -642,6 +647,11 @@ machine's default store. | |||
642 | This facility is provided to assist with operation on multi homed machines. | 647 | This facility is provided to assist with operation on multi homed machines. |
643 | The default is | 648 | The default is |
644 | .Cm yes . | 649 | .Cm yes . |
650 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
651 | Controls whether the user's GSSAPI credentials should be updated following a | ||
652 | successful connection rekeying. This option can be used to accepted renewed | ||
653 | or updated credentials from a compatible client. The default is | ||
654 | .Cm no . | ||
645 | .It Cm HostbasedAcceptedKeyTypes | 655 | .It Cm HostbasedAcceptedKeyTypes |
646 | Specifies the key types that will be accepted for hostbased authentication | 656 | Specifies the key types that will be accepted for hostbased authentication |
647 | as a comma-separated pattern list. | 657 | as a comma-separated pattern list. |
@@ -114,6 +114,7 @@ static const struct keytype keytypes[] = { | |||
114 | # endif /* OPENSSL_HAS_NISTP521 */ | 114 | # endif /* OPENSSL_HAS_NISTP521 */ |
115 | # endif /* OPENSSL_HAS_ECC */ | 115 | # endif /* OPENSSL_HAS_ECC */ |
116 | #endif /* WITH_OPENSSL */ | 116 | #endif /* WITH_OPENSSL */ |
117 | { "null", "null", KEY_NULL, 0, 0, 0 }, | ||
117 | { NULL, NULL, -1, -1, 0, 0 } | 118 | { NULL, NULL, -1, -1, 0, 0 } |
118 | }; | 119 | }; |
119 | 120 | ||
@@ -202,7 +203,7 @@ sshkey_alg_list(int certs_only, int plain_only, char sep) | |||
202 | const struct keytype *kt; | 203 | const struct keytype *kt; |
203 | 204 | ||
204 | for (kt = keytypes; kt->type != -1; kt++) { | 205 | for (kt = keytypes; kt->type != -1; kt++) { |
205 | if (kt->name == NULL || kt->sigonly) | 206 | if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) |
206 | continue; | 207 | continue; |
207 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) | 208 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
208 | continue; | 209 | continue; |
@@ -62,6 +62,7 @@ enum sshkey_types { | |||
62 | KEY_DSA_CERT, | 62 | KEY_DSA_CERT, |
63 | KEY_ECDSA_CERT, | 63 | KEY_ECDSA_CERT, |
64 | KEY_ED25519_CERT, | 64 | KEY_ED25519_CERT, |
65 | KEY_NULL, | ||
65 | KEY_UNSPEC | 66 | KEY_UNSPEC |
66 | }; | 67 | }; |
67 | 68 | ||