diff options
-rw-r--r-- | ChangeLog.gssapi | 113 | ||||
-rw-r--r-- | Makefile.in | 5 | ||||
-rw-r--r-- | auth-krb5.c | 17 | ||||
-rw-r--r-- | auth2-gss.c | 48 | ||||
-rw-r--r-- | auth2.c | 2 | ||||
-rw-r--r-- | clientloop.c | 13 | ||||
-rw-r--r-- | config.h.in | 6 | ||||
-rw-r--r-- | configure.ac | 24 | ||||
-rw-r--r-- | gss-genr.c | 275 | ||||
-rw-r--r-- | gss-serv-krb5.c | 85 | ||||
-rw-r--r-- | gss-serv.c | 185 | ||||
-rw-r--r-- | kex.c | 16 | ||||
-rw-r--r-- | kex.h | 14 | ||||
-rw-r--r-- | kexgssc.c | 336 | ||||
-rw-r--r-- | kexgsss.c | 295 | ||||
-rw-r--r-- | monitor.c | 108 | ||||
-rw-r--r-- | monitor.h | 3 | ||||
-rw-r--r-- | monitor_wrap.c | 47 | ||||
-rw-r--r-- | monitor_wrap.h | 4 | ||||
-rw-r--r-- | readconf.c | 42 | ||||
-rw-r--r-- | readconf.h | 5 | ||||
-rw-r--r-- | servconf.c | 28 | ||||
-rw-r--r-- | servconf.h | 2 | ||||
-rw-r--r-- | ssh-gss.h | 41 | ||||
-rw-r--r-- | ssh_config | 2 | ||||
-rw-r--r-- | ssh_config.5 | 36 | ||||
-rw-r--r-- | sshconnect2.c | 124 | ||||
-rw-r--r-- | sshd.c | 110 | ||||
-rw-r--r-- | sshd_config | 2 | ||||
-rw-r--r-- | sshd_config.5 | 11 | ||||
-rw-r--r-- | sshkey.c | 3 | ||||
-rw-r--r-- | sshkey.h | 1 |
32 files changed, 1957 insertions, 46 deletions
diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi new file mode 100644 index 000000000..f117a336a --- /dev/null +++ b/ChangeLog.gssapi | |||
@@ -0,0 +1,113 @@ | |||
1 | 20110101 | ||
2 | - Finally update for OpenSSH 5.6p1 | ||
3 | - Add GSSAPIServerIdentity option from Jim Basney | ||
4 | |||
5 | 20100308 | ||
6 | - [ Makefile.in, key.c, key.h ] | ||
7 | Updates for OpenSSH 5.4p1 | ||
8 | - [ servconf.c ] | ||
9 | Include GSSAPI options in the sshd -T configuration dump, and flag | ||
10 | some older configuration options as being unsupported. Thanks to Colin | ||
11 | Watson. | ||
12 | - | ||
13 | |||
14 | 20100124 | ||
15 | - [ sshconnect2.c ] | ||
16 | Adapt to deal with additional element in Authmethod structure. Thanks to | ||
17 | Colin Watson | ||
18 | |||
19 | 20090615 | ||
20 | - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c | ||
21 | sshd.c ] | ||
22 | Fix issues identified by Greg Hudson following a code review | ||
23 | Check return value of gss_indicate_mechs | ||
24 | Protect GSSAPI calls in monitor, so they can only be used if enabled | ||
25 | Check return values of bignum functions in key exchange | ||
26 | Use BN_clear_free to clear other side's DH value | ||
27 | Make ssh_gssapi_id_kex more robust | ||
28 | Only configure kex table pointers if GSSAPI is enabled | ||
29 | Don't leak mechanism list, or gss mechanism list | ||
30 | Cast data.length before printing | ||
31 | If serverkey isn't provided, use an empty string, rather than NULL | ||
32 | |||
33 | 20090201 | ||
34 | - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h | ||
35 | ssh_config.5 sshconnet2.c ] | ||
36 | Add support for the GSSAPIClientIdentity option, which allows the user | ||
37 | to specify which GSSAPI identity to use to contact a given server | ||
38 | |||
39 | 20080404 | ||
40 | - [ gss-serv.c ] | ||
41 | Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow | ||
42 | been omitted from a previous version of this patch. Reported by Borislav | ||
43 | Stoichkov | ||
44 | |||
45 | 20070317 | ||
46 | - [ gss-serv-krb5.c ] | ||
47 | Remove C99ism, where new_ccname was being declared in the middle of a | ||
48 | function | ||
49 | |||
50 | 20061220 | ||
51 | - [ servconf.c ] | ||
52 | Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and | ||
53 | documented, behaviour. Reported by Dan Watson. | ||
54 | |||
55 | 20060910 | ||
56 | - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c | ||
57 | ssh-gss.h ] | ||
58 | add support for gss-group14-sha1 key exchange mechanisms | ||
59 | - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ] | ||
60 | Add GSSAPIStrictAcceptorCheck option to allow the disabling of | ||
61 | acceptor principal checking on multi-homed machines. | ||
62 | <Bugzilla #928> | ||
63 | - [ sshd_config ssh_config ] | ||
64 | Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample | ||
65 | configuration files | ||
66 | - [ kexgss.c kegsss.c sshconnect2.c sshd.c ] | ||
67 | Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf() | ||
68 | Limit length of error messages displayed by client | ||
69 | |||
70 | 20060909 | ||
71 | - [ gss-genr.c gss-serv.c ] | ||
72 | move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server | ||
73 | only, where they belong | ||
74 | <Bugzilla #1225> | ||
75 | |||
76 | 20060829 | ||
77 | - [ gss-serv-krb5.c ] | ||
78 | Fix CCAPI credentials cache name when creating KRB5CCNAME environment | ||
79 | variable | ||
80 | |||
81 | 20060828 | ||
82 | - [ gss-genr.c ] | ||
83 | Avoid Heimdal context freeing problem | ||
84 | <Fixed upstream 20060829> | ||
85 | |||
86 | 20060818 | ||
87 | - [ gss-genr.c ssh-gss.h sshconnect2.c ] | ||
88 | Make sure that SPENGO is disabled | ||
89 | <Bugzilla #1218 - Fixed upstream 20060818> | ||
90 | |||
91 | 20060421 | ||
92 | - [ gssgenr.c, sshconnect2.c ] | ||
93 | a few type changes (signed versus unsigned, int versus size_t) to | ||
94 | fix compiler errors/warnings | ||
95 | (from jbasney AT ncsa.uiuc.edu) | ||
96 | - [ kexgssc.c, sshconnect2.c ] | ||
97 | fix uninitialized variable warnings | ||
98 | (from jbasney AT ncsa.uiuc.edu) | ||
99 | - [ gssgenr.c ] | ||
100 | pass oid to gss_display_status (helpful when using GSSAPI mechglue) | ||
101 | (from jbasney AT ncsa.uiuc.edu) | ||
102 | <Bugzilla #1220 > | ||
103 | - [ gss-serv-krb5.c ] | ||
104 | #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H | ||
105 | (from jbasney AT ncsa.uiuc.edu) | ||
106 | <Fixed upstream 20060304> | ||
107 | - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c | ||
108 | add client-side GssapiKeyExchange option | ||
109 | (from jbasney AT ncsa.uiuc.edu) | ||
110 | - [ sshconnect2.c ] | ||
111 | add support for GssapiTrustDns option for gssapi-with-mic | ||
112 | (from jbasney AT ncsa.uiuc.edu) | ||
113 | <gssapi-with-mic support is Bugzilla #1008> | ||
diff --git a/Makefile.in b/Makefile.in index 40cc7aae1..3d2a328e7 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -91,7 +91,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
91 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ | 91 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ |
92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ | 93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ |
94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o | 94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ |
95 | kexgssc.o | ||
95 | 96 | ||
96 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 97 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
97 | sshconnect.o sshconnect1.o sshconnect2.o mux.o \ | 98 | sshconnect.o sshconnect1.o sshconnect2.o mux.o \ |
@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
105 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ | 106 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
106 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ | 107 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
107 | monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ | 108 | monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ |
108 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ | 109 | auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ |
109 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ | 110 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
110 | sftp-server.o sftp-common.o \ | 111 | sftp-server.o sftp-common.o \ |
111 | roaming_common.o roaming_serv.o \ | 112 | roaming_common.o roaming_serv.o \ |
diff --git a/auth-krb5.c b/auth-krb5.c index 0089b1844..ec4786924 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -183,8 +183,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
183 | 183 | ||
184 | len = strlen(authctxt->krb5_ticket_file) + 6; | 184 | len = strlen(authctxt->krb5_ticket_file) + 6; |
185 | authctxt->krb5_ccname = xmalloc(len); | 185 | authctxt->krb5_ccname = xmalloc(len); |
186 | #ifdef USE_CCAPI | ||
187 | snprintf(authctxt->krb5_ccname, len, "API:%s", | ||
188 | authctxt->krb5_ticket_file); | ||
189 | #else | ||
186 | snprintf(authctxt->krb5_ccname, len, "FILE:%s", | 190 | snprintf(authctxt->krb5_ccname, len, "FILE:%s", |
187 | authctxt->krb5_ticket_file); | 191 | authctxt->krb5_ticket_file); |
192 | #endif | ||
188 | 193 | ||
189 | #ifdef USE_PAM | 194 | #ifdef USE_PAM |
190 | if (options.use_pam) | 195 | if (options.use_pam) |
@@ -241,15 +246,22 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
241 | #ifndef HEIMDAL | 246 | #ifndef HEIMDAL |
242 | krb5_error_code | 247 | krb5_error_code |
243 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | 248 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { |
244 | int tmpfd, ret, oerrno; | 249 | int ret, oerrno; |
245 | char ccname[40]; | 250 | char ccname[40]; |
246 | mode_t old_umask; | 251 | mode_t old_umask; |
252 | #ifdef USE_CCAPI | ||
253 | char cctemplate[] = "API:krb5cc_%d"; | ||
254 | #else | ||
255 | char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX"; | ||
256 | int tmpfd; | ||
257 | #endif | ||
247 | 258 | ||
248 | ret = snprintf(ccname, sizeof(ccname), | 259 | ret = snprintf(ccname, sizeof(ccname), |
249 | "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); | 260 | cctemplate, geteuid()); |
250 | if (ret < 0 || (size_t)ret >= sizeof(ccname)) | 261 | if (ret < 0 || (size_t)ret >= sizeof(ccname)) |
251 | return ENOMEM; | 262 | return ENOMEM; |
252 | 263 | ||
264 | #ifndef USE_CCAPI | ||
253 | old_umask = umask(0177); | 265 | old_umask = umask(0177); |
254 | tmpfd = mkstemp(ccname + strlen("FILE:")); | 266 | tmpfd = mkstemp(ccname + strlen("FILE:")); |
255 | oerrno = errno; | 267 | oerrno = errno; |
@@ -266,6 +278,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | |||
266 | return oerrno; | 278 | return oerrno; |
267 | } | 279 | } |
268 | close(tmpfd); | 280 | close(tmpfd); |
281 | #endif | ||
269 | 282 | ||
270 | return (krb5_cc_resolve(ctx, ccname, ccache)); | 283 | return (krb5_cc_resolve(ctx, ccname, ccache)); |
271 | } | 284 | } |
diff --git a/auth2-gss.c b/auth2-gss.c index 1ca835773..3b5036dfd 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -53,6 +53,40 @@ static int input_gssapi_mic(int type, u_int32_t plen, void *ctxt); | |||
53 | static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); | 53 | static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); |
54 | static int input_gssapi_errtok(int, u_int32_t, void *); | 54 | static int input_gssapi_errtok(int, u_int32_t, void *); |
55 | 55 | ||
56 | /* | ||
57 | * The 'gssapi_keyex' userauth mechanism. | ||
58 | */ | ||
59 | static int | ||
60 | userauth_gsskeyex(Authctxt *authctxt) | ||
61 | { | ||
62 | int authenticated = 0; | ||
63 | Buffer b; | ||
64 | gss_buffer_desc mic, gssbuf; | ||
65 | u_int len; | ||
66 | |||
67 | mic.value = packet_get_string(&len); | ||
68 | mic.length = len; | ||
69 | |||
70 | packet_check_eom(); | ||
71 | |||
72 | ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, | ||
73 | "gssapi-keyex"); | ||
74 | |||
75 | gssbuf.value = buffer_ptr(&b); | ||
76 | gssbuf.length = buffer_len(&b); | ||
77 | |||
78 | /* gss_kex_context is NULL with privsep, so we can't check it here */ | ||
79 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, | ||
80 | &gssbuf, &mic)))) | ||
81 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, | ||
82 | authctxt->pw)); | ||
83 | |||
84 | buffer_free(&b); | ||
85 | free(mic.value); | ||
86 | |||
87 | return (authenticated); | ||
88 | } | ||
89 | |||
56 | /* | 90 | /* |
57 | * We only support those mechanisms that we know about (ie ones that we know | 91 | * We only support those mechanisms that we know about (ie ones that we know |
58 | * how to check local user kuserok and the like) | 92 | * how to check local user kuserok and the like) |
@@ -238,7 +272,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | |||
238 | 272 | ||
239 | packet_check_eom(); | 273 | packet_check_eom(); |
240 | 274 | ||
241 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 275 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, |
276 | authctxt->pw)); | ||
242 | 277 | ||
243 | authctxt->postponed = 0; | 278 | authctxt->postponed = 0; |
244 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 279 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
@@ -274,7 +309,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
274 | gssbuf.length = buffer_len(&b); | 309 | gssbuf.length = buffer_len(&b); |
275 | 310 | ||
276 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) | 311 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
277 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 312 | authenticated = |
313 | PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw)); | ||
278 | else | 314 | else |
279 | logit("GSSAPI MIC check failed"); | 315 | logit("GSSAPI MIC check failed"); |
280 | 316 | ||
@@ -290,6 +326,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
290 | return 0; | 326 | return 0; |
291 | } | 327 | } |
292 | 328 | ||
329 | Authmethod method_gsskeyex = { | ||
330 | "gssapi-keyex", | ||
331 | userauth_gsskeyex, | ||
332 | &options.gss_authentication | ||
333 | }; | ||
334 | |||
293 | Authmethod method_gssapi = { | 335 | Authmethod method_gssapi = { |
294 | "gssapi-with-mic", | 336 | "gssapi-with-mic", |
295 | userauth_gssapi, | 337 | userauth_gssapi, |
@@ -70,6 +70,7 @@ extern Authmethod method_passwd; | |||
70 | extern Authmethod method_kbdint; | 70 | extern Authmethod method_kbdint; |
71 | extern Authmethod method_hostbased; | 71 | extern Authmethod method_hostbased; |
72 | #ifdef GSSAPI | 72 | #ifdef GSSAPI |
73 | extern Authmethod method_gsskeyex; | ||
73 | extern Authmethod method_gssapi; | 74 | extern Authmethod method_gssapi; |
74 | #endif | 75 | #endif |
75 | 76 | ||
@@ -77,6 +78,7 @@ Authmethod *authmethods[] = { | |||
77 | &method_none, | 78 | &method_none, |
78 | &method_pubkey, | 79 | &method_pubkey, |
79 | #ifdef GSSAPI | 80 | #ifdef GSSAPI |
81 | &method_gsskeyex, | ||
80 | &method_gssapi, | 82 | &method_gssapi, |
81 | #endif | 83 | #endif |
82 | &method_passwd, | 84 | &method_passwd, |
diff --git a/clientloop.c b/clientloop.c index 87ceb3dab..fba1b5496 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -115,6 +115,10 @@ | |||
115 | #include "ssherr.h" | 115 | #include "ssherr.h" |
116 | #include "hostfile.h" | 116 | #include "hostfile.h" |
117 | 117 | ||
118 | #ifdef GSSAPI | ||
119 | #include "ssh-gss.h" | ||
120 | #endif | ||
121 | |||
118 | /* import options */ | 122 | /* import options */ |
119 | extern Options options; | 123 | extern Options options; |
120 | 124 | ||
@@ -1610,6 +1614,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1610 | /* Do channel operations unless rekeying in progress. */ | 1614 | /* Do channel operations unless rekeying in progress. */ |
1611 | if (!rekeying) { | 1615 | if (!rekeying) { |
1612 | channel_after_select(readset, writeset); | 1616 | channel_after_select(readset, writeset); |
1617 | |||
1618 | #ifdef GSSAPI | ||
1619 | if (options.gss_renewal_rekey && | ||
1620 | ssh_gssapi_credentials_updated(NULL)) { | ||
1621 | debug("credentials updated - forcing rekey"); | ||
1622 | need_rekeying = 1; | ||
1623 | } | ||
1624 | #endif | ||
1625 | |||
1613 | if (need_rekeying || packet_need_rekeying()) { | 1626 | if (need_rekeying || packet_need_rekeying()) { |
1614 | debug("need rekeying"); | 1627 | debug("need rekeying"); |
1615 | active_state->kex->done = 0; | 1628 | active_state->kex->done = 0; |
diff --git a/config.h.in b/config.h.in index 7500df532..97accd8ec 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -1623,6 +1623,9 @@ | |||
1623 | /* Use btmp to log bad logins */ | 1623 | /* Use btmp to log bad logins */ |
1624 | #undef USE_BTMP | 1624 | #undef USE_BTMP |
1625 | 1625 | ||
1626 | /* platform uses an in-memory credentials cache */ | ||
1627 | #undef USE_CCAPI | ||
1628 | |||
1626 | /* Use libedit for sftp */ | 1629 | /* Use libedit for sftp */ |
1627 | #undef USE_LIBEDIT | 1630 | #undef USE_LIBEDIT |
1628 | 1631 | ||
@@ -1638,6 +1641,9 @@ | |||
1638 | /* Use PIPES instead of a socketpair() */ | 1641 | /* Use PIPES instead of a socketpair() */ |
1639 | #undef USE_PIPES | 1642 | #undef USE_PIPES |
1640 | 1643 | ||
1644 | /* platform has the Security Authorization Session API */ | ||
1645 | #undef USE_SECURITY_SESSION_API | ||
1646 | |||
1641 | /* Define if you have Solaris process contracts */ | 1647 | /* Define if you have Solaris process contracts */ |
1642 | #undef USE_SOLARIS_PROCESS_CONTRACTS | 1648 | #undef USE_SOLARIS_PROCESS_CONTRACTS |
1643 | 1649 | ||
diff --git a/configure.ac b/configure.ac index 9b05c30f8..7a256034d 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -625,6 +625,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
625 | [Use tunnel device compatibility to OpenBSD]) | 625 | [Use tunnel device compatibility to OpenBSD]) |
626 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 626 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
627 | [Prepend the address family to IP tunnel traffic]) | 627 | [Prepend the address family to IP tunnel traffic]) |
628 | AC_MSG_CHECKING([if we have the Security Authorization Session API]) | ||
629 | AC_TRY_COMPILE([#include <Security/AuthSession.h>], | ||
630 | [SessionCreate(0, 0);], | ||
631 | [ac_cv_use_security_session_api="yes" | ||
632 | AC_DEFINE([USE_SECURITY_SESSION_API], [1], | ||
633 | [platform has the Security Authorization Session API]) | ||
634 | LIBS="$LIBS -framework Security" | ||
635 | AC_MSG_RESULT([yes])], | ||
636 | [ac_cv_use_security_session_api="no" | ||
637 | AC_MSG_RESULT([no])]) | ||
638 | AC_MSG_CHECKING([if we have an in-memory credentials cache]) | ||
639 | AC_TRY_COMPILE( | ||
640 | [#include <Kerberos/Kerberos.h>], | ||
641 | [cc_context_t c; | ||
642 | (void) cc_initialize (&c, 0, NULL, NULL);], | ||
643 | [AC_DEFINE([USE_CCAPI], [1], | ||
644 | [platform uses an in-memory credentials cache]) | ||
645 | LIBS="$LIBS -framework Security" | ||
646 | AC_MSG_RESULT([yes]) | ||
647 | if test "x$ac_cv_use_security_session_api" = "xno"; then | ||
648 | AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***]) | ||
649 | fi], | ||
650 | [AC_MSG_RESULT([no])] | ||
651 | ) | ||
628 | m4_pattern_allow([AU_IPv]) | 652 | m4_pattern_allow([AU_IPv]) |
629 | AC_CHECK_DECL([AU_IPv4], [], | 653 | AC_CHECK_DECL([AU_IPv4], [], |
630 | AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) | 654 | AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) |
diff --git a/gss-genr.c b/gss-genr.c index d617d600a..b4eca3feb 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -41,12 +41,167 @@ | |||
41 | #include "buffer.h" | 41 | #include "buffer.h" |
42 | #include "log.h" | 42 | #include "log.h" |
43 | #include "ssh2.h" | 43 | #include "ssh2.h" |
44 | #include "cipher.h" | ||
45 | #include "key.h" | ||
46 | #include "kex.h" | ||
47 | #include <openssl/evp.h> | ||
44 | 48 | ||
45 | #include "ssh-gss.h" | 49 | #include "ssh-gss.h" |
46 | 50 | ||
47 | extern u_char *session_id2; | 51 | extern u_char *session_id2; |
48 | extern u_int session_id2_len; | 52 | extern u_int session_id2_len; |
49 | 53 | ||
54 | typedef struct { | ||
55 | char *encoded; | ||
56 | gss_OID oid; | ||
57 | } ssh_gss_kex_mapping; | ||
58 | |||
59 | /* | ||
60 | * XXX - It would be nice to find a more elegant way of handling the | ||
61 | * XXX passing of the key exchange context to the userauth routines | ||
62 | */ | ||
63 | |||
64 | Gssctxt *gss_kex_context = NULL; | ||
65 | |||
66 | static ssh_gss_kex_mapping *gss_enc2oid = NULL; | ||
67 | |||
68 | int | ||
69 | ssh_gssapi_oid_table_ok(void) { | ||
70 | return (gss_enc2oid != NULL); | ||
71 | } | ||
72 | |||
73 | /* | ||
74 | * Return a list of the gss-group1-sha1 mechanisms supported by this program | ||
75 | * | ||
76 | * We test mechanisms to ensure that we can use them, to avoid starting | ||
77 | * a key exchange with a bad mechanism | ||
78 | */ | ||
79 | |||
80 | char * | ||
81 | ssh_gssapi_client_mechanisms(const char *host, const char *client) { | ||
82 | gss_OID_set gss_supported; | ||
83 | OM_uint32 min_status; | ||
84 | |||
85 | if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported))) | ||
86 | return NULL; | ||
87 | |||
88 | return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism, | ||
89 | host, client)); | ||
90 | } | ||
91 | |||
92 | char * | ||
93 | ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | ||
94 | const char *host, const char *client) { | ||
95 | Buffer buf; | ||
96 | size_t i; | ||
97 | int oidpos, enclen; | ||
98 | char *mechs, *encoded; | ||
99 | u_char digest[EVP_MAX_MD_SIZE]; | ||
100 | char deroid[2]; | ||
101 | const EVP_MD *evp_md = EVP_md5(); | ||
102 | EVP_MD_CTX md; | ||
103 | |||
104 | if (gss_enc2oid != NULL) { | ||
105 | for (i = 0; gss_enc2oid[i].encoded != NULL; i++) | ||
106 | free(gss_enc2oid[i].encoded); | ||
107 | free(gss_enc2oid); | ||
108 | } | ||
109 | |||
110 | gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * | ||
111 | (gss_supported->count + 1)); | ||
112 | |||
113 | buffer_init(&buf); | ||
114 | |||
115 | oidpos = 0; | ||
116 | for (i = 0; i < gss_supported->count; i++) { | ||
117 | if (gss_supported->elements[i].length < 128 && | ||
118 | (*check)(NULL, &(gss_supported->elements[i]), host, client)) { | ||
119 | |||
120 | deroid[0] = SSH_GSS_OIDTYPE; | ||
121 | deroid[1] = gss_supported->elements[i].length; | ||
122 | |||
123 | EVP_DigestInit(&md, evp_md); | ||
124 | EVP_DigestUpdate(&md, deroid, 2); | ||
125 | EVP_DigestUpdate(&md, | ||
126 | gss_supported->elements[i].elements, | ||
127 | gss_supported->elements[i].length); | ||
128 | EVP_DigestFinal(&md, digest, NULL); | ||
129 | |||
130 | encoded = xmalloc(EVP_MD_size(evp_md) * 2); | ||
131 | enclen = __b64_ntop(digest, EVP_MD_size(evp_md), | ||
132 | encoded, EVP_MD_size(evp_md) * 2); | ||
133 | |||
134 | if (oidpos != 0) | ||
135 | buffer_put_char(&buf, ','); | ||
136 | |||
137 | buffer_append(&buf, KEX_GSS_GEX_SHA1_ID, | ||
138 | sizeof(KEX_GSS_GEX_SHA1_ID) - 1); | ||
139 | buffer_append(&buf, encoded, enclen); | ||
140 | buffer_put_char(&buf, ','); | ||
141 | buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, | ||
142 | sizeof(KEX_GSS_GRP1_SHA1_ID) - 1); | ||
143 | buffer_append(&buf, encoded, enclen); | ||
144 | buffer_put_char(&buf, ','); | ||
145 | buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID, | ||
146 | sizeof(KEX_GSS_GRP14_SHA1_ID) - 1); | ||
147 | buffer_append(&buf, encoded, enclen); | ||
148 | |||
149 | gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); | ||
150 | gss_enc2oid[oidpos].encoded = encoded; | ||
151 | oidpos++; | ||
152 | } | ||
153 | } | ||
154 | gss_enc2oid[oidpos].oid = NULL; | ||
155 | gss_enc2oid[oidpos].encoded = NULL; | ||
156 | |||
157 | buffer_put_char(&buf, '\0'); | ||
158 | |||
159 | mechs = xmalloc(buffer_len(&buf)); | ||
160 | buffer_get(&buf, mechs, buffer_len(&buf)); | ||
161 | buffer_free(&buf); | ||
162 | |||
163 | if (strlen(mechs) == 0) { | ||
164 | free(mechs); | ||
165 | mechs = NULL; | ||
166 | } | ||
167 | |||
168 | return (mechs); | ||
169 | } | ||
170 | |||
171 | gss_OID | ||
172 | ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) { | ||
173 | int i = 0; | ||
174 | |||
175 | switch (kex_type) { | ||
176 | case KEX_GSS_GRP1_SHA1: | ||
177 | if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID)) | ||
178 | return GSS_C_NO_OID; | ||
179 | name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1; | ||
180 | break; | ||
181 | case KEX_GSS_GRP14_SHA1: | ||
182 | if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID)) | ||
183 | return GSS_C_NO_OID; | ||
184 | name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1; | ||
185 | break; | ||
186 | case KEX_GSS_GEX_SHA1: | ||
187 | if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID)) | ||
188 | return GSS_C_NO_OID; | ||
189 | name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1; | ||
190 | break; | ||
191 | default: | ||
192 | return GSS_C_NO_OID; | ||
193 | } | ||
194 | |||
195 | while (gss_enc2oid[i].encoded != NULL && | ||
196 | strcmp(name, gss_enc2oid[i].encoded) != 0) | ||
197 | i++; | ||
198 | |||
199 | if (gss_enc2oid[i].oid != NULL && ctx != NULL) | ||
200 | ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid); | ||
201 | |||
202 | return gss_enc2oid[i].oid; | ||
203 | } | ||
204 | |||
50 | /* Check that the OID in a data stream matches that in the context */ | 205 | /* Check that the OID in a data stream matches that in the context */ |
51 | int | 206 | int |
52 | ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) | 207 | ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) |
@@ -199,7 +354,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, | |||
199 | } | 354 | } |
200 | 355 | ||
201 | ctx->major = gss_init_sec_context(&ctx->minor, | 356 | ctx->major = gss_init_sec_context(&ctx->minor, |
202 | GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, | 357 | ctx->client_creds, &ctx->context, ctx->name, ctx->oid, |
203 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, | 358 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, |
204 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); | 359 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); |
205 | 360 | ||
@@ -229,8 +384,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | |||
229 | } | 384 | } |
230 | 385 | ||
231 | OM_uint32 | 386 | OM_uint32 |
387 | ssh_gssapi_client_identity(Gssctxt *ctx, const char *name) | ||
388 | { | ||
389 | gss_buffer_desc gssbuf; | ||
390 | gss_name_t gssname; | ||
391 | OM_uint32 status; | ||
392 | gss_OID_set oidset; | ||
393 | |||
394 | gssbuf.value = (void *) name; | ||
395 | gssbuf.length = strlen(gssbuf.value); | ||
396 | |||
397 | gss_create_empty_oid_set(&status, &oidset); | ||
398 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
399 | |||
400 | ctx->major = gss_import_name(&ctx->minor, &gssbuf, | ||
401 | GSS_C_NT_USER_NAME, &gssname); | ||
402 | |||
403 | if (!ctx->major) | ||
404 | ctx->major = gss_acquire_cred(&ctx->minor, | ||
405 | gssname, 0, oidset, GSS_C_INITIATE, | ||
406 | &ctx->client_creds, NULL, NULL); | ||
407 | |||
408 | gss_release_name(&status, &gssname); | ||
409 | gss_release_oid_set(&status, &oidset); | ||
410 | |||
411 | if (ctx->major) | ||
412 | ssh_gssapi_error(ctx); | ||
413 | |||
414 | return(ctx->major); | ||
415 | } | ||
416 | |||
417 | OM_uint32 | ||
232 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | 418 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) |
233 | { | 419 | { |
420 | if (ctx == NULL) | ||
421 | return -1; | ||
422 | |||
234 | if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, | 423 | if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, |
235 | GSS_C_QOP_DEFAULT, buffer, hash))) | 424 | GSS_C_QOP_DEFAULT, buffer, hash))) |
236 | ssh_gssapi_error(ctx); | 425 | ssh_gssapi_error(ctx); |
@@ -238,6 +427,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | |||
238 | return (ctx->major); | 427 | return (ctx->major); |
239 | } | 428 | } |
240 | 429 | ||
430 | /* Priviledged when used by server */ | ||
431 | OM_uint32 | ||
432 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | ||
433 | { | ||
434 | if (ctx == NULL) | ||
435 | return -1; | ||
436 | |||
437 | ctx->major = gss_verify_mic(&ctx->minor, ctx->context, | ||
438 | gssbuf, gssmic, NULL); | ||
439 | |||
440 | return (ctx->major); | ||
441 | } | ||
442 | |||
241 | void | 443 | void |
242 | ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, | 444 | ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, |
243 | const char *context) | 445 | const char *context) |
@@ -251,11 +453,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, | |||
251 | } | 453 | } |
252 | 454 | ||
253 | int | 455 | int |
254 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | 456 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host, |
457 | const char *client) | ||
255 | { | 458 | { |
256 | gss_buffer_desc token = GSS_C_EMPTY_BUFFER; | 459 | gss_buffer_desc token = GSS_C_EMPTY_BUFFER; |
257 | OM_uint32 major, minor; | 460 | OM_uint32 major, minor; |
258 | gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; | 461 | gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; |
462 | Gssctxt *intctx = NULL; | ||
463 | |||
464 | if (ctx == NULL) | ||
465 | ctx = &intctx; | ||
259 | 466 | ||
260 | /* RFC 4462 says we MUST NOT do SPNEGO */ | 467 | /* RFC 4462 says we MUST NOT do SPNEGO */ |
261 | if (oid->length == spnego_oid.length && | 468 | if (oid->length == spnego_oid.length && |
@@ -265,6 +472,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | |||
265 | ssh_gssapi_build_ctx(ctx); | 472 | ssh_gssapi_build_ctx(ctx); |
266 | ssh_gssapi_set_oid(*ctx, oid); | 473 | ssh_gssapi_set_oid(*ctx, oid); |
267 | major = ssh_gssapi_import_name(*ctx, host); | 474 | major = ssh_gssapi_import_name(*ctx, host); |
475 | |||
476 | if (!GSS_ERROR(major) && client) | ||
477 | major = ssh_gssapi_client_identity(*ctx, client); | ||
478 | |||
268 | if (!GSS_ERROR(major)) { | 479 | if (!GSS_ERROR(major)) { |
269 | major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, | 480 | major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, |
270 | NULL); | 481 | NULL); |
@@ -274,10 +485,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | |||
274 | GSS_C_NO_BUFFER); | 485 | GSS_C_NO_BUFFER); |
275 | } | 486 | } |
276 | 487 | ||
277 | if (GSS_ERROR(major)) | 488 | if (GSS_ERROR(major) || intctx != NULL) |
278 | ssh_gssapi_delete_ctx(ctx); | 489 | ssh_gssapi_delete_ctx(ctx); |
279 | 490 | ||
280 | return (!GSS_ERROR(major)); | 491 | return (!GSS_ERROR(major)); |
281 | } | 492 | } |
282 | 493 | ||
494 | int | ||
495 | ssh_gssapi_credentials_updated(Gssctxt *ctxt) { | ||
496 | static gss_name_t saved_name = GSS_C_NO_NAME; | ||
497 | static OM_uint32 saved_lifetime = 0; | ||
498 | static gss_OID saved_mech = GSS_C_NO_OID; | ||
499 | static gss_name_t name; | ||
500 | static OM_uint32 last_call = 0; | ||
501 | OM_uint32 lifetime, now, major, minor; | ||
502 | int equal; | ||
503 | |||
504 | now = time(NULL); | ||
505 | |||
506 | if (ctxt) { | ||
507 | debug("Rekey has happened - updating saved versions"); | ||
508 | |||
509 | if (saved_name != GSS_C_NO_NAME) | ||
510 | gss_release_name(&minor, &saved_name); | ||
511 | |||
512 | major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, | ||
513 | &saved_name, &saved_lifetime, NULL, NULL); | ||
514 | |||
515 | if (!GSS_ERROR(major)) { | ||
516 | saved_mech = ctxt->oid; | ||
517 | saved_lifetime+= now; | ||
518 | } else { | ||
519 | /* Handle the error */ | ||
520 | } | ||
521 | return 0; | ||
522 | } | ||
523 | |||
524 | if (now - last_call < 10) | ||
525 | return 0; | ||
526 | |||
527 | last_call = now; | ||
528 | |||
529 | if (saved_mech == GSS_C_NO_OID) | ||
530 | return 0; | ||
531 | |||
532 | major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, | ||
533 | &name, &lifetime, NULL, NULL); | ||
534 | if (major == GSS_S_CREDENTIALS_EXPIRED) | ||
535 | return 0; | ||
536 | else if (GSS_ERROR(major)) | ||
537 | return 0; | ||
538 | |||
539 | major = gss_compare_name(&minor, saved_name, name, &equal); | ||
540 | gss_release_name(&minor, &name); | ||
541 | if (GSS_ERROR(major)) | ||
542 | return 0; | ||
543 | |||
544 | if (equal && (saved_lifetime < lifetime + now - 10)) | ||
545 | return 1; | ||
546 | |||
547 | return 0; | ||
548 | } | ||
549 | |||
283 | #endif /* GSSAPI */ | 550 | #endif /* GSSAPI */ |
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9f..fd8b37183 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -121,8 +121,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
121 | krb5_error_code problem; | 121 | krb5_error_code problem; |
122 | krb5_principal princ; | 122 | krb5_principal princ; |
123 | OM_uint32 maj_status, min_status; | 123 | OM_uint32 maj_status, min_status; |
124 | int len; | ||
125 | const char *errmsg; | 124 | const char *errmsg; |
125 | const char *new_ccname; | ||
126 | 126 | ||
127 | if (client->creds == NULL) { | 127 | if (client->creds == NULL) { |
128 | debug("No credentials stored"); | 128 | debug("No credentials stored"); |
@@ -181,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
181 | return; | 181 | return; |
182 | } | 182 | } |
183 | 183 | ||
184 | client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); | 184 | new_ccname = krb5_cc_get_name(krb_context, ccache); |
185 | |||
185 | client->store.envvar = "KRB5CCNAME"; | 186 | client->store.envvar = "KRB5CCNAME"; |
186 | len = strlen(client->store.filename) + 6; | 187 | #ifdef USE_CCAPI |
187 | client->store.envval = xmalloc(len); | 188 | xasprintf(&client->store.envval, "API:%s", new_ccname); |
188 | snprintf(client->store.envval, len, "FILE:%s", client->store.filename); | 189 | client->store.filename = NULL; |
190 | #else | ||
191 | xasprintf(&client->store.envval, "FILE:%s", new_ccname); | ||
192 | client->store.filename = xstrdup(new_ccname); | ||
193 | #endif | ||
189 | 194 | ||
190 | #ifdef USE_PAM | 195 | #ifdef USE_PAM |
191 | if (options.use_pam) | 196 | if (options.use_pam) |
@@ -197,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
197 | return; | 202 | return; |
198 | } | 203 | } |
199 | 204 | ||
205 | int | ||
206 | ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, | ||
207 | ssh_gssapi_client *client) | ||
208 | { | ||
209 | krb5_ccache ccache = NULL; | ||
210 | krb5_principal principal = NULL; | ||
211 | char *name = NULL; | ||
212 | krb5_error_code problem; | ||
213 | OM_uint32 maj_status, min_status; | ||
214 | |||
215 | if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) { | ||
216 | logit("krb5_cc_resolve(): %.100s", | ||
217 | krb5_get_err_text(krb_context, problem)); | ||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | /* Find out who the principal in this cache is */ | ||
222 | if ((problem = krb5_cc_get_principal(krb_context, ccache, | ||
223 | &principal))) { | ||
224 | logit("krb5_cc_get_principal(): %.100s", | ||
225 | krb5_get_err_text(krb_context, problem)); | ||
226 | krb5_cc_close(krb_context, ccache); | ||
227 | return 0; | ||
228 | } | ||
229 | |||
230 | if ((problem = krb5_unparse_name(krb_context, principal, &name))) { | ||
231 | logit("krb5_unparse_name(): %.100s", | ||
232 | krb5_get_err_text(krb_context, problem)); | ||
233 | krb5_free_principal(krb_context, principal); | ||
234 | krb5_cc_close(krb_context, ccache); | ||
235 | return 0; | ||
236 | } | ||
237 | |||
238 | |||
239 | if (strcmp(name,client->exportedname.value)!=0) { | ||
240 | debug("Name in local credentials cache differs. Not storing"); | ||
241 | krb5_free_principal(krb_context, principal); | ||
242 | krb5_cc_close(krb_context, ccache); | ||
243 | krb5_free_unparsed_name(krb_context, name); | ||
244 | return 0; | ||
245 | } | ||
246 | krb5_free_unparsed_name(krb_context, name); | ||
247 | |||
248 | /* Name matches, so lets get on with it! */ | ||
249 | |||
250 | if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) { | ||
251 | logit("krb5_cc_initialize(): %.100s", | ||
252 | krb5_get_err_text(krb_context, problem)); | ||
253 | krb5_free_principal(krb_context, principal); | ||
254 | krb5_cc_close(krb_context, ccache); | ||
255 | return 0; | ||
256 | } | ||
257 | |||
258 | krb5_free_principal(krb_context, principal); | ||
259 | |||
260 | if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds, | ||
261 | ccache))) { | ||
262 | logit("gss_krb5_copy_ccache() failed. Sorry!"); | ||
263 | krb5_cc_close(krb_context, ccache); | ||
264 | return 0; | ||
265 | } | ||
266 | |||
267 | return 1; | ||
268 | } | ||
269 | |||
200 | ssh_gssapi_mech gssapi_kerberos_mech = { | 270 | ssh_gssapi_mech gssapi_kerberos_mech = { |
201 | "toWM5Slw5Ew8Mqkay+al2g==", | 271 | "toWM5Slw5Ew8Mqkay+al2g==", |
202 | "Kerberos", | 272 | "Kerberos", |
@@ -204,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { | |||
204 | NULL, | 274 | NULL, |
205 | &ssh_gssapi_krb5_userok, | 275 | &ssh_gssapi_krb5_userok, |
206 | NULL, | 276 | NULL, |
207 | &ssh_gssapi_krb5_storecreds | 277 | &ssh_gssapi_krb5_storecreds, |
278 | &ssh_gssapi_krb5_updatecreds | ||
208 | }; | 279 | }; |
209 | 280 | ||
210 | #endif /* KRB5 */ | 281 | #endif /* KRB5 */ |
diff --git a/gss-serv.c b/gss-serv.c index 53993d674..2f6baf70d 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -45,17 +45,22 @@ | |||
45 | #include "session.h" | 45 | #include "session.h" |
46 | #include "misc.h" | 46 | #include "misc.h" |
47 | #include "servconf.h" | 47 | #include "servconf.h" |
48 | #include "uidswap.h" | ||
48 | 49 | ||
49 | #include "ssh-gss.h" | 50 | #include "ssh-gss.h" |
51 | #include "monitor_wrap.h" | ||
52 | |||
53 | extern ServerOptions options; | ||
50 | 54 | ||
51 | extern ServerOptions options; | 55 | extern ServerOptions options; |
52 | 56 | ||
53 | static ssh_gssapi_client gssapi_client = | 57 | static ssh_gssapi_client gssapi_client = |
54 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 58 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
55 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; | 59 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, |
60 | {NULL, NULL, NULL, NULL, NULL}, 0, 0}; | ||
56 | 61 | ||
57 | ssh_gssapi_mech gssapi_null_mech = | 62 | ssh_gssapi_mech gssapi_null_mech = |
58 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; | 63 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; |
59 | 64 | ||
60 | #ifdef KRB5 | 65 | #ifdef KRB5 |
61 | extern ssh_gssapi_mech gssapi_kerberos_mech; | 66 | extern ssh_gssapi_mech gssapi_kerberos_mech; |
@@ -142,6 +147,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | |||
142 | } | 147 | } |
143 | 148 | ||
144 | /* Unprivileged */ | 149 | /* Unprivileged */ |
150 | char * | ||
151 | ssh_gssapi_server_mechanisms(void) { | ||
152 | gss_OID_set supported; | ||
153 | |||
154 | ssh_gssapi_supported_oids(&supported); | ||
155 | return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech, | ||
156 | NULL, NULL)); | ||
157 | } | ||
158 | |||
159 | /* Unprivileged */ | ||
160 | int | ||
161 | ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data, | ||
162 | const char *dummy) { | ||
163 | Gssctxt *ctx = NULL; | ||
164 | int res; | ||
165 | |||
166 | res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); | ||
167 | ssh_gssapi_delete_ctx(&ctx); | ||
168 | |||
169 | return (res); | ||
170 | } | ||
171 | |||
172 | /* Unprivileged */ | ||
145 | void | 173 | void |
146 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 174 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
147 | { | 175 | { |
@@ -151,7 +179,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
151 | gss_OID_set supported; | 179 | gss_OID_set supported; |
152 | 180 | ||
153 | gss_create_empty_oid_set(&min_status, oidset); | 181 | gss_create_empty_oid_set(&min_status, oidset); |
154 | gss_indicate_mechs(&min_status, &supported); | 182 | |
183 | if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported))) | ||
184 | return; | ||
155 | 185 | ||
156 | while (supported_mechs[i]->name != NULL) { | 186 | while (supported_mechs[i]->name != NULL) { |
157 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, | 187 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, |
@@ -277,8 +307,48 @@ OM_uint32 | |||
277 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 307 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
278 | { | 308 | { |
279 | int i = 0; | 309 | int i = 0; |
310 | int equal = 0; | ||
311 | gss_name_t new_name = GSS_C_NO_NAME; | ||
312 | gss_buffer_desc ename = GSS_C_EMPTY_BUFFER; | ||
313 | |||
314 | if (options.gss_store_rekey && client->used && ctx->client_creds) { | ||
315 | if (client->mech->oid.length != ctx->oid->length || | ||
316 | (memcmp(client->mech->oid.elements, | ||
317 | ctx->oid->elements, ctx->oid->length) !=0)) { | ||
318 | debug("Rekeyed credentials have different mechanism"); | ||
319 | return GSS_S_COMPLETE; | ||
320 | } | ||
321 | |||
322 | if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, | ||
323 | ctx->client_creds, ctx->oid, &new_name, | ||
324 | NULL, NULL, NULL))) { | ||
325 | ssh_gssapi_error(ctx); | ||
326 | return (ctx->major); | ||
327 | } | ||
328 | |||
329 | ctx->major = gss_compare_name(&ctx->minor, client->name, | ||
330 | new_name, &equal); | ||
331 | |||
332 | if (GSS_ERROR(ctx->major)) { | ||
333 | ssh_gssapi_error(ctx); | ||
334 | return (ctx->major); | ||
335 | } | ||
336 | |||
337 | if (!equal) { | ||
338 | debug("Rekeyed credentials have different name"); | ||
339 | return GSS_S_COMPLETE; | ||
340 | } | ||
280 | 341 | ||
281 | gss_buffer_desc ename; | 342 | debug("Marking rekeyed credentials for export"); |
343 | |||
344 | gss_release_name(&ctx->minor, &client->name); | ||
345 | gss_release_cred(&ctx->minor, &client->creds); | ||
346 | client->name = new_name; | ||
347 | client->creds = ctx->client_creds; | ||
348 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | ||
349 | client->updated = 1; | ||
350 | return GSS_S_COMPLETE; | ||
351 | } | ||
282 | 352 | ||
283 | client->mech = NULL; | 353 | client->mech = NULL; |
284 | 354 | ||
@@ -293,6 +363,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | |||
293 | if (client->mech == NULL) | 363 | if (client->mech == NULL) |
294 | return GSS_S_FAILURE; | 364 | return GSS_S_FAILURE; |
295 | 365 | ||
366 | if (ctx->client_creds && | ||
367 | (ctx->major = gss_inquire_cred_by_mech(&ctx->minor, | ||
368 | ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) { | ||
369 | ssh_gssapi_error(ctx); | ||
370 | return (ctx->major); | ||
371 | } | ||
372 | |||
296 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, | 373 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, |
297 | &client->displayname, NULL))) { | 374 | &client->displayname, NULL))) { |
298 | ssh_gssapi_error(ctx); | 375 | ssh_gssapi_error(ctx); |
@@ -310,6 +387,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | |||
310 | return (ctx->major); | 387 | return (ctx->major); |
311 | } | 388 | } |
312 | 389 | ||
390 | gss_release_buffer(&ctx->minor, &ename); | ||
391 | |||
313 | /* We can't copy this structure, so we just move the pointer to it */ | 392 | /* We can't copy this structure, so we just move the pointer to it */ |
314 | client->creds = ctx->client_creds; | 393 | client->creds = ctx->client_creds; |
315 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | 394 | ctx->client_creds = GSS_C_NO_CREDENTIAL; |
@@ -357,7 +436,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
357 | 436 | ||
358 | /* Privileged */ | 437 | /* Privileged */ |
359 | int | 438 | int |
360 | ssh_gssapi_userok(char *user) | 439 | ssh_gssapi_userok(char *user, struct passwd *pw) |
361 | { | 440 | { |
362 | OM_uint32 lmin; | 441 | OM_uint32 lmin; |
363 | 442 | ||
@@ -367,9 +446,11 @@ ssh_gssapi_userok(char *user) | |||
367 | return 0; | 446 | return 0; |
368 | } | 447 | } |
369 | if (gssapi_client.mech && gssapi_client.mech->userok) | 448 | if (gssapi_client.mech && gssapi_client.mech->userok) |
370 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) | 449 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) { |
450 | gssapi_client.used = 1; | ||
451 | gssapi_client.store.owner = pw; | ||
371 | return 1; | 452 | return 1; |
372 | else { | 453 | } else { |
373 | /* Destroy delegated credentials if userok fails */ | 454 | /* Destroy delegated credentials if userok fails */ |
374 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 455 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
375 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 456 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
@@ -383,14 +464,90 @@ ssh_gssapi_userok(char *user) | |||
383 | return (0); | 464 | return (0); |
384 | } | 465 | } |
385 | 466 | ||
386 | /* Privileged */ | 467 | /* These bits are only used for rekeying. The unpriviledged child is running |
387 | OM_uint32 | 468 | * as the user, the monitor is root. |
388 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 469 | * |
470 | * In the child, we want to : | ||
471 | * *) Ask the monitor to store our credentials into the store we specify | ||
472 | * *) If it succeeds, maybe do a PAM update | ||
473 | */ | ||
474 | |||
475 | /* Stuff for PAM */ | ||
476 | |||
477 | #ifdef USE_PAM | ||
478 | static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg, | ||
479 | struct pam_response **resp, void *data) | ||
389 | { | 480 | { |
390 | ctx->major = gss_verify_mic(&ctx->minor, ctx->context, | 481 | return (PAM_CONV_ERR); |
391 | gssbuf, gssmic, NULL); | 482 | } |
483 | #endif | ||
392 | 484 | ||
393 | return (ctx->major); | 485 | void |
486 | ssh_gssapi_rekey_creds(void) { | ||
487 | int ok; | ||
488 | int ret; | ||
489 | #ifdef USE_PAM | ||
490 | pam_handle_t *pamh = NULL; | ||
491 | struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL}; | ||
492 | char *envstr; | ||
493 | #endif | ||
494 | |||
495 | if (gssapi_client.store.filename == NULL && | ||
496 | gssapi_client.store.envval == NULL && | ||
497 | gssapi_client.store.envvar == NULL) | ||
498 | return; | ||
499 | |||
500 | ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store)); | ||
501 | |||
502 | if (!ok) | ||
503 | return; | ||
504 | |||
505 | debug("Rekeyed credentials stored successfully"); | ||
506 | |||
507 | /* Actually managing to play with the ssh pam stack from here will | ||
508 | * be next to impossible. In any case, we may want different options | ||
509 | * for rekeying. So, use our own :) | ||
510 | */ | ||
511 | #ifdef USE_PAM | ||
512 | if (!use_privsep) { | ||
513 | debug("Not even going to try and do PAM with privsep disabled"); | ||
514 | return; | ||
515 | } | ||
516 | |||
517 | ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name, | ||
518 | &pamconv, &pamh); | ||
519 | if (ret) | ||
520 | return; | ||
521 | |||
522 | xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, | ||
523 | gssapi_client.store.envval); | ||
524 | |||
525 | ret = pam_putenv(pamh, envstr); | ||
526 | if (!ret) | ||
527 | pam_setcred(pamh, PAM_REINITIALIZE_CRED); | ||
528 | pam_end(pamh, PAM_SUCCESS); | ||
529 | #endif | ||
530 | } | ||
531 | |||
532 | int | ||
533 | ssh_gssapi_update_creds(ssh_gssapi_ccache *store) { | ||
534 | int ok = 0; | ||
535 | |||
536 | /* Check we've got credentials to store */ | ||
537 | if (!gssapi_client.updated) | ||
538 | return 0; | ||
539 | |||
540 | gssapi_client.updated = 0; | ||
541 | |||
542 | temporarily_use_uid(gssapi_client.store.owner); | ||
543 | if (gssapi_client.mech && gssapi_client.mech->updatecreds) | ||
544 | ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client); | ||
545 | else | ||
546 | debug("No update function for this mechanism"); | ||
547 | |||
548 | restore_uid(); | ||
549 | |||
550 | return ok; | ||
394 | } | 551 | } |
395 | 552 | ||
396 | #endif | 553 | #endif |
@@ -55,6 +55,10 @@ | |||
55 | #include "sshbuf.h" | 55 | #include "sshbuf.h" |
56 | #include "digest.h" | 56 | #include "digest.h" |
57 | 57 | ||
58 | #ifdef GSSAPI | ||
59 | #include "ssh-gss.h" | ||
60 | #endif | ||
61 | |||
58 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 62 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
59 | # if defined(HAVE_EVP_SHA256) | 63 | # if defined(HAVE_EVP_SHA256) |
60 | # define evp_ssh_sha256 EVP_sha256 | 64 | # define evp_ssh_sha256 EVP_sha256 |
@@ -97,6 +101,14 @@ static const struct kexalg kexalgs[] = { | |||
97 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ | 101 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ |
98 | { NULL, -1, -1, -1}, | 102 | { NULL, -1, -1, -1}, |
99 | }; | 103 | }; |
104 | static const struct kexalg kexalg_prefixes[] = { | ||
105 | #ifdef GSSAPI | ||
106 | { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
107 | { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
108 | { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, | ||
109 | #endif | ||
110 | { NULL, -1, -1, -1 }, | ||
111 | }; | ||
100 | 112 | ||
101 | char * | 113 | char * |
102 | kex_alg_list(char sep) | 114 | kex_alg_list(char sep) |
@@ -129,6 +141,10 @@ kex_alg_by_name(const char *name) | |||
129 | if (strcmp(k->name, name) == 0) | 141 | if (strcmp(k->name, name) == 0) |
130 | return k; | 142 | return k; |
131 | } | 143 | } |
144 | for (k = kexalg_prefixes; k->name != NULL; k++) { | ||
145 | if (strncmp(k->name, name, strlen(k->name)) == 0) | ||
146 | return k; | ||
147 | } | ||
132 | return NULL; | 148 | return NULL; |
133 | } | 149 | } |
134 | 150 | ||
@@ -93,6 +93,9 @@ enum kex_exchange { | |||
93 | KEX_DH_GEX_SHA256, | 93 | KEX_DH_GEX_SHA256, |
94 | KEX_ECDH_SHA2, | 94 | KEX_ECDH_SHA2, |
95 | KEX_C25519_SHA256, | 95 | KEX_C25519_SHA256, |
96 | KEX_GSS_GRP1_SHA1, | ||
97 | KEX_GSS_GRP14_SHA1, | ||
98 | KEX_GSS_GEX_SHA1, | ||
96 | KEX_MAX | 99 | KEX_MAX |
97 | }; | 100 | }; |
98 | 101 | ||
@@ -139,6 +142,12 @@ struct kex { | |||
139 | u_int flags; | 142 | u_int flags; |
140 | int hash_alg; | 143 | int hash_alg; |
141 | int ec_nid; | 144 | int ec_nid; |
145 | #ifdef GSSAPI | ||
146 | int gss_deleg_creds; | ||
147 | int gss_trust_dns; | ||
148 | char *gss_host; | ||
149 | char *gss_client; | ||
150 | #endif | ||
142 | char *client_version_string; | 151 | char *client_version_string; |
143 | char *server_version_string; | 152 | char *server_version_string; |
144 | char *failed_choice; | 153 | char *failed_choice; |
@@ -187,6 +196,11 @@ int kexecdh_server(struct ssh *); | |||
187 | int kexc25519_client(struct ssh *); | 196 | int kexc25519_client(struct ssh *); |
188 | int kexc25519_server(struct ssh *); | 197 | int kexc25519_server(struct ssh *); |
189 | 198 | ||
199 | #ifdef GSSAPI | ||
200 | int kexgss_client(struct ssh *); | ||
201 | int kexgss_server(struct ssh *); | ||
202 | #endif | ||
203 | |||
190 | int kex_dh_hash(const char *, const char *, | 204 | int kex_dh_hash(const char *, const char *, |
191 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 205 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
192 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); | 206 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); |
diff --git a/kexgssc.c b/kexgssc.c new file mode 100644 index 000000000..a49bac295 --- /dev/null +++ b/kexgssc.c | |||
@@ -0,0 +1,336 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | #ifdef GSSAPI | ||
28 | |||
29 | #include "includes.h" | ||
30 | |||
31 | #include <openssl/crypto.h> | ||
32 | #include <openssl/bn.h> | ||
33 | |||
34 | #include <string.h> | ||
35 | |||
36 | #include "xmalloc.h" | ||
37 | #include "buffer.h" | ||
38 | #include "ssh2.h" | ||
39 | #include "key.h" | ||
40 | #include "cipher.h" | ||
41 | #include "kex.h" | ||
42 | #include "log.h" | ||
43 | #include "packet.h" | ||
44 | #include "dh.h" | ||
45 | #include "digest.h" | ||
46 | |||
47 | #include "ssh-gss.h" | ||
48 | |||
49 | int | ||
50 | kexgss_client(struct ssh *ssh) { | ||
51 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | ||
52 | gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr; | ||
53 | Gssctxt *ctxt; | ||
54 | OM_uint32 maj_status, min_status, ret_flags; | ||
55 | u_int klen, kout, slen = 0, strlen; | ||
56 | DH *dh; | ||
57 | BIGNUM *dh_server_pub = NULL; | ||
58 | BIGNUM *shared_secret = NULL; | ||
59 | BIGNUM *p = NULL; | ||
60 | BIGNUM *g = NULL; | ||
61 | u_char *kbuf; | ||
62 | u_char *serverhostkey = NULL; | ||
63 | u_char *empty = ""; | ||
64 | char *msg; | ||
65 | int type = 0; | ||
66 | int first = 1; | ||
67 | int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX; | ||
68 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
69 | size_t hashlen; | ||
70 | |||
71 | /* Initialise our GSSAPI world */ | ||
72 | ssh_gssapi_build_ctx(&ctxt); | ||
73 | if (ssh_gssapi_id_kex(ctxt, ssh->kex->name, ssh->kex->kex_type) | ||
74 | == GSS_C_NO_OID) | ||
75 | fatal("Couldn't identify host exchange"); | ||
76 | |||
77 | if (ssh_gssapi_import_name(ctxt, ssh->kex->gss_host)) | ||
78 | fatal("Couldn't import hostname"); | ||
79 | |||
80 | if (ssh->kex->gss_client && | ||
81 | ssh_gssapi_client_identity(ctxt, ssh->kex->gss_client)) | ||
82 | fatal("Couldn't acquire client credentials"); | ||
83 | |||
84 | switch (ssh->kex->kex_type) { | ||
85 | case KEX_GSS_GRP1_SHA1: | ||
86 | dh = dh_new_group1(); | ||
87 | break; | ||
88 | case KEX_GSS_GRP14_SHA1: | ||
89 | dh = dh_new_group14(); | ||
90 | break; | ||
91 | case KEX_GSS_GEX_SHA1: | ||
92 | debug("Doing group exchange\n"); | ||
93 | nbits = dh_estimate(ssh->kex->we_need * 8); | ||
94 | packet_start(SSH2_MSG_KEXGSS_GROUPREQ); | ||
95 | packet_put_int(min); | ||
96 | packet_put_int(nbits); | ||
97 | packet_put_int(max); | ||
98 | |||
99 | packet_send(); | ||
100 | |||
101 | packet_read_expect(SSH2_MSG_KEXGSS_GROUP); | ||
102 | |||
103 | if ((p = BN_new()) == NULL) | ||
104 | fatal("BN_new() failed"); | ||
105 | packet_get_bignum2(p); | ||
106 | if ((g = BN_new()) == NULL) | ||
107 | fatal("BN_new() failed"); | ||
108 | packet_get_bignum2(g); | ||
109 | packet_check_eom(); | ||
110 | |||
111 | if (BN_num_bits(p) < min || BN_num_bits(p) > max) | ||
112 | fatal("GSSGRP_GEX group out of range: %d !< %d !< %d", | ||
113 | min, BN_num_bits(p), max); | ||
114 | |||
115 | dh = dh_new_group(g, p); | ||
116 | break; | ||
117 | default: | ||
118 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
119 | } | ||
120 | |||
121 | /* Step 1 - e is dh->pub_key */ | ||
122 | dh_gen_key(dh, ssh->kex->we_need * 8); | ||
123 | |||
124 | /* This is f, we initialise it now to make life easier */ | ||
125 | dh_server_pub = BN_new(); | ||
126 | if (dh_server_pub == NULL) | ||
127 | fatal("dh_server_pub == NULL"); | ||
128 | |||
129 | token_ptr = GSS_C_NO_BUFFER; | ||
130 | |||
131 | do { | ||
132 | debug("Calling gss_init_sec_context"); | ||
133 | |||
134 | maj_status = ssh_gssapi_init_ctx(ctxt, | ||
135 | ssh->kex->gss_deleg_creds, token_ptr, &send_tok, | ||
136 | &ret_flags); | ||
137 | |||
138 | if (GSS_ERROR(maj_status)) { | ||
139 | if (send_tok.length != 0) { | ||
140 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
141 | packet_put_string(send_tok.value, | ||
142 | send_tok.length); | ||
143 | } | ||
144 | fatal("gss_init_context failed"); | ||
145 | } | ||
146 | |||
147 | /* If we've got an old receive buffer get rid of it */ | ||
148 | if (token_ptr != GSS_C_NO_BUFFER) | ||
149 | free(recv_tok.value); | ||
150 | |||
151 | if (maj_status == GSS_S_COMPLETE) { | ||
152 | /* If mutual state flag is not true, kex fails */ | ||
153 | if (!(ret_flags & GSS_C_MUTUAL_FLAG)) | ||
154 | fatal("Mutual authentication failed"); | ||
155 | |||
156 | /* If integ avail flag is not true kex fails */ | ||
157 | if (!(ret_flags & GSS_C_INTEG_FLAG)) | ||
158 | fatal("Integrity check failed"); | ||
159 | } | ||
160 | |||
161 | /* | ||
162 | * If we have data to send, then the last message that we | ||
163 | * received cannot have been a 'complete'. | ||
164 | */ | ||
165 | if (send_tok.length != 0) { | ||
166 | if (first) { | ||
167 | packet_start(SSH2_MSG_KEXGSS_INIT); | ||
168 | packet_put_string(send_tok.value, | ||
169 | send_tok.length); | ||
170 | packet_put_bignum2(dh->pub_key); | ||
171 | first = 0; | ||
172 | } else { | ||
173 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
174 | packet_put_string(send_tok.value, | ||
175 | send_tok.length); | ||
176 | } | ||
177 | packet_send(); | ||
178 | gss_release_buffer(&min_status, &send_tok); | ||
179 | |||
180 | /* If we've sent them data, they should reply */ | ||
181 | do { | ||
182 | type = packet_read(); | ||
183 | if (type == SSH2_MSG_KEXGSS_HOSTKEY) { | ||
184 | debug("Received KEXGSS_HOSTKEY"); | ||
185 | if (serverhostkey) | ||
186 | fatal("Server host key received more than once"); | ||
187 | serverhostkey = | ||
188 | packet_get_string(&slen); | ||
189 | } | ||
190 | } while (type == SSH2_MSG_KEXGSS_HOSTKEY); | ||
191 | |||
192 | switch (type) { | ||
193 | case SSH2_MSG_KEXGSS_CONTINUE: | ||
194 | debug("Received GSSAPI_CONTINUE"); | ||
195 | if (maj_status == GSS_S_COMPLETE) | ||
196 | fatal("GSSAPI Continue received from server when complete"); | ||
197 | recv_tok.value = packet_get_string(&strlen); | ||
198 | recv_tok.length = strlen; | ||
199 | break; | ||
200 | case SSH2_MSG_KEXGSS_COMPLETE: | ||
201 | debug("Received GSSAPI_COMPLETE"); | ||
202 | packet_get_bignum2(dh_server_pub); | ||
203 | msg_tok.value = packet_get_string(&strlen); | ||
204 | msg_tok.length = strlen; | ||
205 | |||
206 | /* Is there a token included? */ | ||
207 | if (packet_get_char()) { | ||
208 | recv_tok.value= | ||
209 | packet_get_string(&strlen); | ||
210 | recv_tok.length = strlen; | ||
211 | /* If we're already complete - protocol error */ | ||
212 | if (maj_status == GSS_S_COMPLETE) | ||
213 | packet_disconnect("Protocol error: received token when complete"); | ||
214 | } else { | ||
215 | /* No token included */ | ||
216 | if (maj_status != GSS_S_COMPLETE) | ||
217 | packet_disconnect("Protocol error: did not receive final token"); | ||
218 | } | ||
219 | break; | ||
220 | case SSH2_MSG_KEXGSS_ERROR: | ||
221 | debug("Received Error"); | ||
222 | maj_status = packet_get_int(); | ||
223 | min_status = packet_get_int(); | ||
224 | msg = packet_get_string(NULL); | ||
225 | (void) packet_get_string_ptr(NULL); | ||
226 | fatal("GSSAPI Error: \n%.400s",msg); | ||
227 | default: | ||
228 | packet_disconnect("Protocol error: didn't expect packet type %d", | ||
229 | type); | ||
230 | } | ||
231 | token_ptr = &recv_tok; | ||
232 | } else { | ||
233 | /* No data, and not complete */ | ||
234 | if (maj_status != GSS_S_COMPLETE) | ||
235 | fatal("Not complete, and no token output"); | ||
236 | } | ||
237 | } while (maj_status & GSS_S_CONTINUE_NEEDED); | ||
238 | |||
239 | /* | ||
240 | * We _must_ have received a COMPLETE message in reply from the | ||
241 | * server, which will have set dh_server_pub and msg_tok | ||
242 | */ | ||
243 | |||
244 | if (type != SSH2_MSG_KEXGSS_COMPLETE) | ||
245 | fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it"); | ||
246 | |||
247 | /* Check f in range [1, p-1] */ | ||
248 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
249 | packet_disconnect("bad server public DH value"); | ||
250 | |||
251 | /* compute K=f^x mod p */ | ||
252 | klen = DH_size(dh); | ||
253 | kbuf = xmalloc(klen); | ||
254 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
255 | if (kout < 0) | ||
256 | fatal("DH_compute_key: failed"); | ||
257 | |||
258 | shared_secret = BN_new(); | ||
259 | if (shared_secret == NULL) | ||
260 | fatal("kexgss_client: BN_new failed"); | ||
261 | |||
262 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
263 | fatal("kexdh_client: BN_bin2bn failed"); | ||
264 | |||
265 | memset(kbuf, 0, klen); | ||
266 | free(kbuf); | ||
267 | |||
268 | hashlen = sizeof(hash); | ||
269 | switch (ssh->kex->kex_type) { | ||
270 | case KEX_GSS_GRP1_SHA1: | ||
271 | case KEX_GSS_GRP14_SHA1: | ||
272 | kex_dh_hash( ssh->kex->client_version_string, | ||
273 | ssh->kex->server_version_string, | ||
274 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
275 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
276 | (serverhostkey ? serverhostkey : empty), slen, | ||
277 | dh->pub_key, /* e */ | ||
278 | dh_server_pub, /* f */ | ||
279 | shared_secret, /* K */ | ||
280 | hash, &hashlen | ||
281 | ); | ||
282 | break; | ||
283 | case KEX_GSS_GEX_SHA1: | ||
284 | kexgex_hash( | ||
285 | ssh->kex->hash_alg, | ||
286 | ssh->kex->client_version_string, | ||
287 | ssh->kex->server_version_string, | ||
288 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
289 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
290 | (serverhostkey ? serverhostkey : empty), slen, | ||
291 | min, nbits, max, | ||
292 | dh->p, dh->g, | ||
293 | dh->pub_key, | ||
294 | dh_server_pub, | ||
295 | shared_secret, | ||
296 | hash, &hashlen | ||
297 | ); | ||
298 | break; | ||
299 | default: | ||
300 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
301 | } | ||
302 | |||
303 | gssbuf.value = hash; | ||
304 | gssbuf.length = hashlen; | ||
305 | |||
306 | /* Verify that the hash matches the MIC we just got. */ | ||
307 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) | ||
308 | packet_disconnect("Hash's MIC didn't verify"); | ||
309 | |||
310 | free(msg_tok.value); | ||
311 | |||
312 | DH_free(dh); | ||
313 | free(serverhostkey); | ||
314 | BN_clear_free(dh_server_pub); | ||
315 | |||
316 | /* save session id */ | ||
317 | if (ssh->kex->session_id == NULL) { | ||
318 | ssh->kex->session_id_len = hashlen; | ||
319 | ssh->kex->session_id = xmalloc(ssh->kex->session_id_len); | ||
320 | memcpy(ssh->kex->session_id, hash, ssh->kex->session_id_len); | ||
321 | } | ||
322 | |||
323 | if (ssh->kex->gss_deleg_creds) | ||
324 | ssh_gssapi_credentials_updated(ctxt); | ||
325 | |||
326 | if (gss_kex_context == NULL) | ||
327 | gss_kex_context = ctxt; | ||
328 | else | ||
329 | ssh_gssapi_delete_ctx(&ctxt); | ||
330 | |||
331 | kex_derive_keys_bn(ssh, hash, hashlen, shared_secret); | ||
332 | BN_clear_free(shared_secret); | ||
333 | return kex_send_newkeys(ssh); | ||
334 | } | ||
335 | |||
336 | #endif /* GSSAPI */ | ||
diff --git a/kexgsss.c b/kexgsss.c new file mode 100644 index 000000000..0847469af --- /dev/null +++ b/kexgsss.c | |||
@@ -0,0 +1,295 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | #ifdef GSSAPI | ||
28 | |||
29 | #include <string.h> | ||
30 | |||
31 | #include <openssl/crypto.h> | ||
32 | #include <openssl/bn.h> | ||
33 | |||
34 | #include "xmalloc.h" | ||
35 | #include "buffer.h" | ||
36 | #include "ssh2.h" | ||
37 | #include "key.h" | ||
38 | #include "cipher.h" | ||
39 | #include "kex.h" | ||
40 | #include "log.h" | ||
41 | #include "packet.h" | ||
42 | #include "dh.h" | ||
43 | #include "ssh-gss.h" | ||
44 | #include "monitor_wrap.h" | ||
45 | #include "misc.h" | ||
46 | #include "servconf.h" | ||
47 | #include "digest.h" | ||
48 | |||
49 | extern ServerOptions options; | ||
50 | |||
51 | int | ||
52 | kexgss_server(struct ssh *ssh) | ||
53 | { | ||
54 | OM_uint32 maj_status, min_status; | ||
55 | |||
56 | /* | ||
57 | * Some GSSAPI implementations use the input value of ret_flags (an | ||
58 | * output variable) as a means of triggering mechanism specific | ||
59 | * features. Initializing it to zero avoids inadvertently | ||
60 | * activating this non-standard behaviour. | ||
61 | */ | ||
62 | |||
63 | OM_uint32 ret_flags = 0; | ||
64 | gss_buffer_desc gssbuf, recv_tok, msg_tok; | ||
65 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | ||
66 | Gssctxt *ctxt = NULL; | ||
67 | u_int slen, klen, kout; | ||
68 | u_char *kbuf; | ||
69 | DH *dh; | ||
70 | int min = -1, max = -1, nbits = -1; | ||
71 | BIGNUM *shared_secret = NULL; | ||
72 | BIGNUM *dh_client_pub = NULL; | ||
73 | int type = 0; | ||
74 | gss_OID oid; | ||
75 | char *mechs; | ||
76 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
77 | size_t hashlen; | ||
78 | |||
79 | /* Initialise GSSAPI */ | ||
80 | |||
81 | /* If we're rekeying, privsep means that some of the private structures | ||
82 | * in the GSSAPI code are no longer available. This kludges them back | ||
83 | * into life | ||
84 | */ | ||
85 | if (!ssh_gssapi_oid_table_ok()) { | ||
86 | mechs = ssh_gssapi_server_mechanisms(); | ||
87 | free(mechs); | ||
88 | } | ||
89 | |||
90 | debug2("%s: Identifying %s", __func__, ssh->kex->name); | ||
91 | oid = ssh_gssapi_id_kex(NULL, ssh->kex->name, ssh->kex->kex_type); | ||
92 | if (oid == GSS_C_NO_OID) | ||
93 | fatal("Unknown gssapi mechanism"); | ||
94 | |||
95 | debug2("%s: Acquiring credentials", __func__); | ||
96 | |||
97 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) | ||
98 | fatal("Unable to acquire credentials for the server"); | ||
99 | |||
100 | switch (ssh->kex->kex_type) { | ||
101 | case KEX_GSS_GRP1_SHA1: | ||
102 | dh = dh_new_group1(); | ||
103 | break; | ||
104 | case KEX_GSS_GRP14_SHA1: | ||
105 | dh = dh_new_group14(); | ||
106 | break; | ||
107 | case KEX_GSS_GEX_SHA1: | ||
108 | debug("Doing group exchange"); | ||
109 | packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ); | ||
110 | min = packet_get_int(); | ||
111 | nbits = packet_get_int(); | ||
112 | max = packet_get_int(); | ||
113 | min = MAX(DH_GRP_MIN, min); | ||
114 | max = MIN(DH_GRP_MAX, max); | ||
115 | packet_check_eom(); | ||
116 | if (max < min || nbits < min || max < nbits) | ||
117 | fatal("GSS_GEX, bad parameters: %d !< %d !< %d", | ||
118 | min, nbits, max); | ||
119 | dh = PRIVSEP(choose_dh(min, nbits, max)); | ||
120 | if (dh == NULL) | ||
121 | packet_disconnect("Protocol error: no matching group found"); | ||
122 | |||
123 | packet_start(SSH2_MSG_KEXGSS_GROUP); | ||
124 | packet_put_bignum2(dh->p); | ||
125 | packet_put_bignum2(dh->g); | ||
126 | packet_send(); | ||
127 | |||
128 | packet_write_wait(); | ||
129 | break; | ||
130 | default: | ||
131 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
132 | } | ||
133 | |||
134 | dh_gen_key(dh, ssh->kex->we_need * 8); | ||
135 | |||
136 | do { | ||
137 | debug("Wait SSH2_MSG_GSSAPI_INIT"); | ||
138 | type = packet_read(); | ||
139 | switch(type) { | ||
140 | case SSH2_MSG_KEXGSS_INIT: | ||
141 | if (dh_client_pub != NULL) | ||
142 | fatal("Received KEXGSS_INIT after initialising"); | ||
143 | recv_tok.value = packet_get_string(&slen); | ||
144 | recv_tok.length = slen; | ||
145 | |||
146 | if ((dh_client_pub = BN_new()) == NULL) | ||
147 | fatal("dh_client_pub == NULL"); | ||
148 | |||
149 | packet_get_bignum2(dh_client_pub); | ||
150 | |||
151 | /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */ | ||
152 | break; | ||
153 | case SSH2_MSG_KEXGSS_CONTINUE: | ||
154 | recv_tok.value = packet_get_string(&slen); | ||
155 | recv_tok.length = slen; | ||
156 | break; | ||
157 | default: | ||
158 | packet_disconnect( | ||
159 | "Protocol error: didn't expect packet type %d", | ||
160 | type); | ||
161 | } | ||
162 | |||
163 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, | ||
164 | &send_tok, &ret_flags)); | ||
165 | |||
166 | free(recv_tok.value); | ||
167 | |||
168 | if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) | ||
169 | fatal("Zero length token output when incomplete"); | ||
170 | |||
171 | if (dh_client_pub == NULL) | ||
172 | fatal("No client public key"); | ||
173 | |||
174 | if (maj_status & GSS_S_CONTINUE_NEEDED) { | ||
175 | debug("Sending GSSAPI_CONTINUE"); | ||
176 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
177 | packet_put_string(send_tok.value, send_tok.length); | ||
178 | packet_send(); | ||
179 | gss_release_buffer(&min_status, &send_tok); | ||
180 | } | ||
181 | } while (maj_status & GSS_S_CONTINUE_NEEDED); | ||
182 | |||
183 | if (GSS_ERROR(maj_status)) { | ||
184 | if (send_tok.length > 0) { | ||
185 | packet_start(SSH2_MSG_KEXGSS_CONTINUE); | ||
186 | packet_put_string(send_tok.value, send_tok.length); | ||
187 | packet_send(); | ||
188 | } | ||
189 | fatal("accept_ctx died"); | ||
190 | } | ||
191 | |||
192 | if (!(ret_flags & GSS_C_MUTUAL_FLAG)) | ||
193 | fatal("Mutual Authentication flag wasn't set"); | ||
194 | |||
195 | if (!(ret_flags & GSS_C_INTEG_FLAG)) | ||
196 | fatal("Integrity flag wasn't set"); | ||
197 | |||
198 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
199 | packet_disconnect("bad client public DH value"); | ||
200 | |||
201 | klen = DH_size(dh); | ||
202 | kbuf = xmalloc(klen); | ||
203 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
204 | if (kout < 0) | ||
205 | fatal("DH_compute_key: failed"); | ||
206 | |||
207 | shared_secret = BN_new(); | ||
208 | if (shared_secret == NULL) | ||
209 | fatal("kexgss_server: BN_new failed"); | ||
210 | |||
211 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
212 | fatal("kexgss_server: BN_bin2bn failed"); | ||
213 | |||
214 | memset(kbuf, 0, klen); | ||
215 | free(kbuf); | ||
216 | |||
217 | hashlen = sizeof(hash); | ||
218 | switch (ssh->kex->kex_type) { | ||
219 | case KEX_GSS_GRP1_SHA1: | ||
220 | case KEX_GSS_GRP14_SHA1: | ||
221 | kex_dh_hash( | ||
222 | ssh->kex->client_version_string, ssh->kex->server_version_string, | ||
223 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
224 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
225 | NULL, 0, /* Change this if we start sending host keys */ | ||
226 | dh_client_pub, dh->pub_key, shared_secret, | ||
227 | hash, &hashlen | ||
228 | ); | ||
229 | break; | ||
230 | case KEX_GSS_GEX_SHA1: | ||
231 | kexgex_hash( | ||
232 | ssh->kex->hash_alg, | ||
233 | ssh->kex->client_version_string, ssh->kex->server_version_string, | ||
234 | buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), | ||
235 | buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), | ||
236 | NULL, 0, | ||
237 | min, nbits, max, | ||
238 | dh->p, dh->g, | ||
239 | dh_client_pub, | ||
240 | dh->pub_key, | ||
241 | shared_secret, | ||
242 | hash, &hashlen | ||
243 | ); | ||
244 | break; | ||
245 | default: | ||
246 | fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type); | ||
247 | } | ||
248 | |||
249 | BN_clear_free(dh_client_pub); | ||
250 | |||
251 | if (ssh->kex->session_id == NULL) { | ||
252 | ssh->kex->session_id_len = hashlen; | ||
253 | ssh->kex->session_id = xmalloc(ssh->kex->session_id_len); | ||
254 | memcpy(ssh->kex->session_id, hash, ssh->kex->session_id_len); | ||
255 | } | ||
256 | |||
257 | gssbuf.value = hash; | ||
258 | gssbuf.length = hashlen; | ||
259 | |||
260 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok)))) | ||
261 | fatal("Couldn't get MIC"); | ||
262 | |||
263 | packet_start(SSH2_MSG_KEXGSS_COMPLETE); | ||
264 | packet_put_bignum2(dh->pub_key); | ||
265 | packet_put_string(msg_tok.value,msg_tok.length); | ||
266 | |||
267 | if (send_tok.length != 0) { | ||
268 | packet_put_char(1); /* true */ | ||
269 | packet_put_string(send_tok.value, send_tok.length); | ||
270 | } else { | ||
271 | packet_put_char(0); /* false */ | ||
272 | } | ||
273 | packet_send(); | ||
274 | |||
275 | gss_release_buffer(&min_status, &send_tok); | ||
276 | gss_release_buffer(&min_status, &msg_tok); | ||
277 | |||
278 | if (gss_kex_context == NULL) | ||
279 | gss_kex_context = ctxt; | ||
280 | else | ||
281 | ssh_gssapi_delete_ctx(&ctxt); | ||
282 | |||
283 | DH_free(dh); | ||
284 | |||
285 | kex_derive_keys_bn(ssh, hash, hashlen, shared_secret); | ||
286 | BN_clear_free(shared_secret); | ||
287 | kex_send_newkeys(ssh); | ||
288 | |||
289 | /* If this was a rekey, then save out any delegated credentials we | ||
290 | * just exchanged. */ | ||
291 | if (options.gss_store_rekey) | ||
292 | ssh_gssapi_rekey_creds(); | ||
293 | return 0; | ||
294 | } | ||
295 | #endif /* GSSAPI */ | ||
@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); | |||
157 | int mm_answer_gss_accept_ctx(int, Buffer *); | 157 | int mm_answer_gss_accept_ctx(int, Buffer *); |
158 | int mm_answer_gss_userok(int, Buffer *); | 158 | int mm_answer_gss_userok(int, Buffer *); |
159 | int mm_answer_gss_checkmic(int, Buffer *); | 159 | int mm_answer_gss_checkmic(int, Buffer *); |
160 | int mm_answer_gss_sign(int, Buffer *); | ||
161 | int mm_answer_gss_updatecreds(int, Buffer *); | ||
160 | #endif | 162 | #endif |
161 | 163 | ||
162 | #ifdef SSH_AUDIT_EVENTS | 164 | #ifdef SSH_AUDIT_EVENTS |
@@ -234,11 +236,18 @@ struct mon_table mon_dispatch_proto20[] = { | |||
234 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 236 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
235 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 237 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
236 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 238 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
239 | {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, | ||
237 | #endif | 240 | #endif |
238 | {0, 0, NULL} | 241 | {0, 0, NULL} |
239 | }; | 242 | }; |
240 | 243 | ||
241 | struct mon_table mon_dispatch_postauth20[] = { | 244 | struct mon_table mon_dispatch_postauth20[] = { |
245 | #ifdef GSSAPI | ||
246 | {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, | ||
247 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, | ||
248 | {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign}, | ||
249 | {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds}, | ||
250 | #endif | ||
242 | #ifdef WITH_OPENSSL | 251 | #ifdef WITH_OPENSSL |
243 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, | 252 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
244 | #endif | 253 | #endif |
@@ -353,6 +362,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
353 | /* Permit requests for moduli and signatures */ | 362 | /* Permit requests for moduli and signatures */ |
354 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 363 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
355 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 364 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
365 | #ifdef GSSAPI | ||
366 | /* and for the GSSAPI key exchange */ | ||
367 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | ||
368 | #endif | ||
356 | } else { | 369 | } else { |
357 | mon_dispatch = mon_dispatch_proto15; | 370 | mon_dispatch = mon_dispatch_proto15; |
358 | 371 | ||
@@ -461,6 +474,10 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
461 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 474 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
462 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 475 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
463 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 476 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
477 | #ifdef GSSAPI | ||
478 | /* and for the GSSAPI key exchange */ | ||
479 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | ||
480 | #endif | ||
464 | } else { | 481 | } else { |
465 | mon_dispatch = mon_dispatch_postauth15; | 482 | mon_dispatch = mon_dispatch_postauth15; |
466 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 483 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
@@ -1864,6 +1881,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1864 | # endif | 1881 | # endif |
1865 | #endif /* WITH_OPENSSL */ | 1882 | #endif /* WITH_OPENSSL */ |
1866 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 1883 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
1884 | #ifdef GSSAPI | ||
1885 | if (options.gss_keyex) { | ||
1886 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | ||
1887 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
1888 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | ||
1889 | } | ||
1890 | #endif | ||
1867 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1891 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1868 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1892 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1869 | kex->host_key_index=&get_hostkey_index; | 1893 | kex->host_key_index=&get_hostkey_index; |
@@ -1963,6 +1987,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
1963 | OM_uint32 major; | 1987 | OM_uint32 major; |
1964 | u_int len; | 1988 | u_int len; |
1965 | 1989 | ||
1990 | if (!options.gss_authentication && !options.gss_keyex) | ||
1991 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | ||
1992 | |||
1966 | goid.elements = buffer_get_string(m, &len); | 1993 | goid.elements = buffer_get_string(m, &len); |
1967 | goid.length = len; | 1994 | goid.length = len; |
1968 | 1995 | ||
@@ -1990,6 +2017,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
1990 | OM_uint32 flags = 0; /* GSI needs this */ | 2017 | OM_uint32 flags = 0; /* GSI needs this */ |
1991 | u_int len; | 2018 | u_int len; |
1992 | 2019 | ||
2020 | if (!options.gss_authentication && !options.gss_keyex) | ||
2021 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | ||
2022 | |||
1993 | in.value = buffer_get_string(m, &len); | 2023 | in.value = buffer_get_string(m, &len); |
1994 | in.length = len; | 2024 | in.length = len; |
1995 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2025 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
@@ -2007,6 +2037,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2007 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2037 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
2008 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2038 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
2009 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2039 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
2040 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); | ||
2010 | } | 2041 | } |
2011 | return (0); | 2042 | return (0); |
2012 | } | 2043 | } |
@@ -2018,6 +2049,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2018 | OM_uint32 ret; | 2049 | OM_uint32 ret; |
2019 | u_int len; | 2050 | u_int len; |
2020 | 2051 | ||
2052 | if (!options.gss_authentication && !options.gss_keyex) | ||
2053 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | ||
2054 | |||
2021 | gssbuf.value = buffer_get_string(m, &len); | 2055 | gssbuf.value = buffer_get_string(m, &len); |
2022 | gssbuf.length = len; | 2056 | gssbuf.length = len; |
2023 | mic.value = buffer_get_string(m, &len); | 2057 | mic.value = buffer_get_string(m, &len); |
@@ -2044,7 +2078,11 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
2044 | { | 2078 | { |
2045 | int authenticated; | 2079 | int authenticated; |
2046 | 2080 | ||
2047 | authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); | 2081 | if (!options.gss_authentication && !options.gss_keyex) |
2082 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | ||
2083 | |||
2084 | authenticated = authctxt->valid && | ||
2085 | ssh_gssapi_userok(authctxt->user, authctxt->pw); | ||
2048 | 2086 | ||
2049 | buffer_clear(m); | 2087 | buffer_clear(m); |
2050 | buffer_put_int(m, authenticated); | 2088 | buffer_put_int(m, authenticated); |
@@ -2057,5 +2095,73 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
2057 | /* Monitor loop will terminate if authenticated */ | 2095 | /* Monitor loop will terminate if authenticated */ |
2058 | return (authenticated); | 2096 | return (authenticated); |
2059 | } | 2097 | } |
2098 | |||
2099 | int | ||
2100 | mm_answer_gss_sign(int socket, Buffer *m) | ||
2101 | { | ||
2102 | gss_buffer_desc data; | ||
2103 | gss_buffer_desc hash = GSS_C_EMPTY_BUFFER; | ||
2104 | OM_uint32 major, minor; | ||
2105 | u_int len; | ||
2106 | |||
2107 | if (!options.gss_authentication && !options.gss_keyex) | ||
2108 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | ||
2109 | |||
2110 | data.value = buffer_get_string(m, &len); | ||
2111 | data.length = len; | ||
2112 | if (data.length != 20) | ||
2113 | fatal("%s: data length incorrect: %d", __func__, | ||
2114 | (int) data.length); | ||
2115 | |||
2116 | /* Save the session ID on the first time around */ | ||
2117 | if (session_id2_len == 0) { | ||
2118 | session_id2_len = data.length; | ||
2119 | session_id2 = xmalloc(session_id2_len); | ||
2120 | memcpy(session_id2, data.value, session_id2_len); | ||
2121 | } | ||
2122 | major = ssh_gssapi_sign(gsscontext, &data, &hash); | ||
2123 | |||
2124 | free(data.value); | ||
2125 | |||
2126 | buffer_clear(m); | ||
2127 | buffer_put_int(m, major); | ||
2128 | buffer_put_string(m, hash.value, hash.length); | ||
2129 | |||
2130 | mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); | ||
2131 | |||
2132 | gss_release_buffer(&minor, &hash); | ||
2133 | |||
2134 | /* Turn on getpwnam permissions */ | ||
2135 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | ||
2136 | |||
2137 | /* And credential updating, for when rekeying */ | ||
2138 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1); | ||
2139 | |||
2140 | return (0); | ||
2141 | } | ||
2142 | |||
2143 | int | ||
2144 | mm_answer_gss_updatecreds(int socket, Buffer *m) { | ||
2145 | ssh_gssapi_ccache store; | ||
2146 | int ok; | ||
2147 | |||
2148 | store.filename = buffer_get_string(m, NULL); | ||
2149 | store.envvar = buffer_get_string(m, NULL); | ||
2150 | store.envval = buffer_get_string(m, NULL); | ||
2151 | |||
2152 | ok = ssh_gssapi_update_creds(&store); | ||
2153 | |||
2154 | free(store.filename); | ||
2155 | free(store.envvar); | ||
2156 | free(store.envval); | ||
2157 | |||
2158 | buffer_clear(m); | ||
2159 | buffer_put_int(m, ok); | ||
2160 | |||
2161 | mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m); | ||
2162 | |||
2163 | return(0); | ||
2164 | } | ||
2165 | |||
2060 | #endif /* GSSAPI */ | 2166 | #endif /* GSSAPI */ |
2061 | 2167 | ||
@@ -65,6 +65,9 @@ enum monitor_reqtype { | |||
65 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, | 65 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, |
66 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, | 66 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, |
67 | 67 | ||
68 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, | ||
69 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, | ||
70 | |||
68 | }; | 71 | }; |
69 | 72 | ||
70 | struct mm_master; | 73 | struct mm_master; |
diff --git a/monitor_wrap.c b/monitor_wrap.c index eac421ba1..81ceddb8f 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1068,7 +1068,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
1068 | } | 1068 | } |
1069 | 1069 | ||
1070 | int | 1070 | int |
1071 | mm_ssh_gssapi_userok(char *user) | 1071 | mm_ssh_gssapi_userok(char *user, struct passwd *pw) |
1072 | { | 1072 | { |
1073 | Buffer m; | 1073 | Buffer m; |
1074 | int authenticated = 0; | 1074 | int authenticated = 0; |
@@ -1085,5 +1085,50 @@ mm_ssh_gssapi_userok(char *user) | |||
1085 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 1085 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
1086 | return (authenticated); | 1086 | return (authenticated); |
1087 | } | 1087 | } |
1088 | |||
1089 | OM_uint32 | ||
1090 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | ||
1091 | { | ||
1092 | Buffer m; | ||
1093 | OM_uint32 major; | ||
1094 | u_int len; | ||
1095 | |||
1096 | buffer_init(&m); | ||
1097 | buffer_put_string(&m, data->value, data->length); | ||
1098 | |||
1099 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m); | ||
1100 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m); | ||
1101 | |||
1102 | major = buffer_get_int(&m); | ||
1103 | hash->value = buffer_get_string(&m, &len); | ||
1104 | hash->length = len; | ||
1105 | |||
1106 | buffer_free(&m); | ||
1107 | |||
1108 | return(major); | ||
1109 | } | ||
1110 | |||
1111 | int | ||
1112 | mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | ||
1113 | { | ||
1114 | Buffer m; | ||
1115 | int ok; | ||
1116 | |||
1117 | buffer_init(&m); | ||
1118 | |||
1119 | buffer_put_cstring(&m, store->filename ? store->filename : ""); | ||
1120 | buffer_put_cstring(&m, store->envvar ? store->envvar : ""); | ||
1121 | buffer_put_cstring(&m, store->envval ? store->envval : ""); | ||
1122 | |||
1123 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m); | ||
1124 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m); | ||
1125 | |||
1126 | ok = buffer_get_int(&m); | ||
1127 | |||
1128 | buffer_free(&m); | ||
1129 | |||
1130 | return (ok); | ||
1131 | } | ||
1132 | |||
1088 | #endif /* GSSAPI */ | 1133 | #endif /* GSSAPI */ |
1089 | 1134 | ||
diff --git a/monitor_wrap.h b/monitor_wrap.h index de4a08f99..975829027 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *); | |||
58 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 58 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
59 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, | 59 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, |
60 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); | 60 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |
61 | int mm_ssh_gssapi_userok(char *user); | 61 | int mm_ssh_gssapi_userok(char *user, struct passwd *); |
62 | OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 62 | OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
63 | OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | ||
64 | int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *); | ||
63 | #endif | 65 | #endif |
64 | 66 | ||
65 | #ifdef USE_PAM | 67 | #ifdef USE_PAM |
diff --git a/readconf.c b/readconf.c index 1d03bdf72..43b7570a4 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -147,6 +147,8 @@ typedef enum { | |||
147 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 147 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
148 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 148 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
149 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 149 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
150 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
151 | oGssServerIdentity, | ||
150 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 152 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
151 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 153 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
152 | oHashKnownHosts, | 154 | oHashKnownHosts, |
@@ -192,10 +194,19 @@ static struct { | |||
192 | { "afstokenpassing", oUnsupported }, | 194 | { "afstokenpassing", oUnsupported }, |
193 | #if defined(GSSAPI) | 195 | #if defined(GSSAPI) |
194 | { "gssapiauthentication", oGssAuthentication }, | 196 | { "gssapiauthentication", oGssAuthentication }, |
197 | { "gssapikeyexchange", oGssKeyEx }, | ||
195 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 198 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
199 | { "gssapitrustdns", oGssTrustDns }, | ||
200 | { "gssapiclientidentity", oGssClientIdentity }, | ||
201 | { "gssapiserveridentity", oGssServerIdentity }, | ||
202 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
196 | #else | 203 | #else |
197 | { "gssapiauthentication", oUnsupported }, | 204 | { "gssapiauthentication", oUnsupported }, |
205 | { "gssapikeyexchange", oUnsupported }, | ||
198 | { "gssapidelegatecredentials", oUnsupported }, | 206 | { "gssapidelegatecredentials", oUnsupported }, |
207 | { "gssapitrustdns", oUnsupported }, | ||
208 | { "gssapiclientidentity", oUnsupported }, | ||
209 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
199 | #endif | 210 | #endif |
200 | { "fallbacktorsh", oDeprecated }, | 211 | { "fallbacktorsh", oDeprecated }, |
201 | { "usersh", oDeprecated }, | 212 | { "usersh", oDeprecated }, |
@@ -894,10 +905,30 @@ parse_time: | |||
894 | intptr = &options->gss_authentication; | 905 | intptr = &options->gss_authentication; |
895 | goto parse_flag; | 906 | goto parse_flag; |
896 | 907 | ||
908 | case oGssKeyEx: | ||
909 | intptr = &options->gss_keyex; | ||
910 | goto parse_flag; | ||
911 | |||
897 | case oGssDelegateCreds: | 912 | case oGssDelegateCreds: |
898 | intptr = &options->gss_deleg_creds; | 913 | intptr = &options->gss_deleg_creds; |
899 | goto parse_flag; | 914 | goto parse_flag; |
900 | 915 | ||
916 | case oGssTrustDns: | ||
917 | intptr = &options->gss_trust_dns; | ||
918 | goto parse_flag; | ||
919 | |||
920 | case oGssClientIdentity: | ||
921 | charptr = &options->gss_client_identity; | ||
922 | goto parse_string; | ||
923 | |||
924 | case oGssServerIdentity: | ||
925 | charptr = &options->gss_server_identity; | ||
926 | goto parse_string; | ||
927 | |||
928 | case oGssRenewalRekey: | ||
929 | intptr = &options->gss_renewal_rekey; | ||
930 | goto parse_flag; | ||
931 | |||
901 | case oBatchMode: | 932 | case oBatchMode: |
902 | intptr = &options->batch_mode; | 933 | intptr = &options->batch_mode; |
903 | goto parse_flag; | 934 | goto parse_flag; |
@@ -1601,7 +1632,12 @@ initialize_options(Options * options) | |||
1601 | options->pubkey_authentication = -1; | 1632 | options->pubkey_authentication = -1; |
1602 | options->challenge_response_authentication = -1; | 1633 | options->challenge_response_authentication = -1; |
1603 | options->gss_authentication = -1; | 1634 | options->gss_authentication = -1; |
1635 | options->gss_keyex = -1; | ||
1604 | options->gss_deleg_creds = -1; | 1636 | options->gss_deleg_creds = -1; |
1637 | options->gss_trust_dns = -1; | ||
1638 | options->gss_renewal_rekey = -1; | ||
1639 | options->gss_client_identity = NULL; | ||
1640 | options->gss_server_identity = NULL; | ||
1605 | options->password_authentication = -1; | 1641 | options->password_authentication = -1; |
1606 | options->kbd_interactive_authentication = -1; | 1642 | options->kbd_interactive_authentication = -1; |
1607 | options->kbd_interactive_devices = NULL; | 1643 | options->kbd_interactive_devices = NULL; |
@@ -1729,8 +1765,14 @@ fill_default_options(Options * options) | |||
1729 | options->challenge_response_authentication = 1; | 1765 | options->challenge_response_authentication = 1; |
1730 | if (options->gss_authentication == -1) | 1766 | if (options->gss_authentication == -1) |
1731 | options->gss_authentication = 0; | 1767 | options->gss_authentication = 0; |
1768 | if (options->gss_keyex == -1) | ||
1769 | options->gss_keyex = 0; | ||
1732 | if (options->gss_deleg_creds == -1) | 1770 | if (options->gss_deleg_creds == -1) |
1733 | options->gss_deleg_creds = 0; | 1771 | options->gss_deleg_creds = 0; |
1772 | if (options->gss_trust_dns == -1) | ||
1773 | options->gss_trust_dns = 0; | ||
1774 | if (options->gss_renewal_rekey == -1) | ||
1775 | options->gss_renewal_rekey = 0; | ||
1734 | if (options->password_authentication == -1) | 1776 | if (options->password_authentication == -1) |
1735 | options->password_authentication = 1; | 1777 | options->password_authentication = 1; |
1736 | if (options->kbd_interactive_authentication == -1) | 1778 | if (options->kbd_interactive_authentication == -1) |
diff --git a/readconf.h b/readconf.h index bb2d55283..e7e80c344 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -45,7 +45,12 @@ typedef struct { | |||
45 | int challenge_response_authentication; | 45 | int challenge_response_authentication; |
46 | /* Try S/Key or TIS, authentication. */ | 46 | /* Try S/Key or TIS, authentication. */ |
47 | int gss_authentication; /* Try GSS authentication */ | 47 | int gss_authentication; /* Try GSS authentication */ |
48 | int gss_keyex; /* Try GSS key exchange */ | ||
48 | int gss_deleg_creds; /* Delegate GSS credentials */ | 49 | int gss_deleg_creds; /* Delegate GSS credentials */ |
50 | int gss_trust_dns; /* Trust DNS for GSS canonicalization */ | ||
51 | int gss_renewal_rekey; /* Credential renewal forces rekey */ | ||
52 | char *gss_client_identity; /* Principal to initiate GSSAPI with */ | ||
53 | char *gss_server_identity; /* GSSAPI target principal */ | ||
49 | int password_authentication; /* Try password | 54 | int password_authentication; /* Try password |
50 | * authentication. */ | 55 | * authentication. */ |
51 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 56 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
diff --git a/servconf.c b/servconf.c index 6c7a91e6b..cfe7029e6 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options) | |||
117 | options->kerberos_ticket_cleanup = -1; | 117 | options->kerberos_ticket_cleanup = -1; |
118 | options->kerberos_get_afs_token = -1; | 118 | options->kerberos_get_afs_token = -1; |
119 | options->gss_authentication=-1; | 119 | options->gss_authentication=-1; |
120 | options->gss_keyex = -1; | ||
120 | options->gss_cleanup_creds = -1; | 121 | options->gss_cleanup_creds = -1; |
121 | options->gss_strict_acceptor = -1; | 122 | options->gss_strict_acceptor = -1; |
123 | options->gss_store_rekey = -1; | ||
122 | options->password_authentication = -1; | 124 | options->password_authentication = -1; |
123 | options->kbd_interactive_authentication = -1; | 125 | options->kbd_interactive_authentication = -1; |
124 | options->challenge_response_authentication = -1; | 126 | options->challenge_response_authentication = -1; |
@@ -275,10 +277,14 @@ fill_default_server_options(ServerOptions *options) | |||
275 | options->kerberos_get_afs_token = 0; | 277 | options->kerberos_get_afs_token = 0; |
276 | if (options->gss_authentication == -1) | 278 | if (options->gss_authentication == -1) |
277 | options->gss_authentication = 0; | 279 | options->gss_authentication = 0; |
280 | if (options->gss_keyex == -1) | ||
281 | options->gss_keyex = 0; | ||
278 | if (options->gss_cleanup_creds == -1) | 282 | if (options->gss_cleanup_creds == -1) |
279 | options->gss_cleanup_creds = 1; | 283 | options->gss_cleanup_creds = 1; |
280 | if (options->gss_strict_acceptor == -1) | 284 | if (options->gss_strict_acceptor == -1) |
281 | options->gss_strict_acceptor = 0; | 285 | options->gss_strict_acceptor = 1; |
286 | if (options->gss_store_rekey == -1) | ||
287 | options->gss_store_rekey = 0; | ||
282 | if (options->password_authentication == -1) | 288 | if (options->password_authentication == -1) |
283 | options->password_authentication = 1; | 289 | options->password_authentication = 1; |
284 | if (options->kbd_interactive_authentication == -1) | 290 | if (options->kbd_interactive_authentication == -1) |
@@ -412,6 +418,7 @@ typedef enum { | |||
412 | sHostKeyAlgorithms, | 418 | sHostKeyAlgorithms, |
413 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 419 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
414 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 420 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
421 | sGssKeyEx, sGssStoreRekey, | ||
415 | sAcceptEnv, sPermitTunnel, | 422 | sAcceptEnv, sPermitTunnel, |
416 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 423 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
417 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 424 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -485,12 +492,20 @@ static struct { | |||
485 | #ifdef GSSAPI | 492 | #ifdef GSSAPI |
486 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 493 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
487 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 494 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
495 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
488 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 496 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
497 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
498 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
489 | #else | 499 | #else |
490 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 500 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
491 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 501 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
502 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
492 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 503 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
504 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
505 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
493 | #endif | 506 | #endif |
507 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
508 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
494 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 509 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
495 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 510 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
496 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 511 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1231,6 +1246,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1231 | intptr = &options->gss_authentication; | 1246 | intptr = &options->gss_authentication; |
1232 | goto parse_flag; | 1247 | goto parse_flag; |
1233 | 1248 | ||
1249 | case sGssKeyEx: | ||
1250 | intptr = &options->gss_keyex; | ||
1251 | goto parse_flag; | ||
1252 | |||
1234 | case sGssCleanupCreds: | 1253 | case sGssCleanupCreds: |
1235 | intptr = &options->gss_cleanup_creds; | 1254 | intptr = &options->gss_cleanup_creds; |
1236 | goto parse_flag; | 1255 | goto parse_flag; |
@@ -1239,6 +1258,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1239 | intptr = &options->gss_strict_acceptor; | 1258 | intptr = &options->gss_strict_acceptor; |
1240 | goto parse_flag; | 1259 | goto parse_flag; |
1241 | 1260 | ||
1261 | case sGssStoreRekey: | ||
1262 | intptr = &options->gss_store_rekey; | ||
1263 | goto parse_flag; | ||
1264 | |||
1242 | case sPasswordAuthentication: | 1265 | case sPasswordAuthentication: |
1243 | intptr = &options->password_authentication; | 1266 | intptr = &options->password_authentication; |
1244 | goto parse_flag; | 1267 | goto parse_flag; |
@@ -2246,7 +2269,10 @@ dump_config(ServerOptions *o) | |||
2246 | #endif | 2269 | #endif |
2247 | #ifdef GSSAPI | 2270 | #ifdef GSSAPI |
2248 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2271 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2272 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2249 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2273 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2274 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2275 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2250 | #endif | 2276 | #endif |
2251 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2277 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2252 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2278 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |
diff --git a/servconf.h b/servconf.h index f4137af7d..778ba1742 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -118,8 +118,10 @@ typedef struct { | |||
118 | int kerberos_get_afs_token; /* If true, try to get AFS token if | 118 | int kerberos_get_afs_token; /* If true, try to get AFS token if |
119 | * authenticated with Kerberos. */ | 119 | * authenticated with Kerberos. */ |
120 | int gss_authentication; /* If true, permit GSSAPI authentication */ | 120 | int gss_authentication; /* If true, permit GSSAPI authentication */ |
121 | int gss_keyex; /* If true, permit GSSAPI key exchange */ | ||
121 | int gss_cleanup_creds; /* If true, destroy cred cache on logout */ | 122 | int gss_cleanup_creds; /* If true, destroy cred cache on logout */ |
122 | int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ | 123 | int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ |
124 | int gss_store_rekey; | ||
123 | int password_authentication; /* If true, permit password | 125 | int password_authentication; /* If true, permit password |
124 | * authentication. */ | 126 | * authentication. */ |
125 | int kbd_interactive_authentication; /* If true, permit */ | 127 | int kbd_interactive_authentication; /* If true, permit */ |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -61,10 +61,22 @@ | |||
61 | 61 | ||
62 | #define SSH_GSS_OIDTYPE 0x06 | 62 | #define SSH_GSS_OIDTYPE 0x06 |
63 | 63 | ||
64 | #define SSH2_MSG_KEXGSS_INIT 30 | ||
65 | #define SSH2_MSG_KEXGSS_CONTINUE 31 | ||
66 | #define SSH2_MSG_KEXGSS_COMPLETE 32 | ||
67 | #define SSH2_MSG_KEXGSS_HOSTKEY 33 | ||
68 | #define SSH2_MSG_KEXGSS_ERROR 34 | ||
69 | #define SSH2_MSG_KEXGSS_GROUPREQ 40 | ||
70 | #define SSH2_MSG_KEXGSS_GROUP 41 | ||
71 | #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" | ||
72 | #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" | ||
73 | #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" | ||
74 | |||
64 | typedef struct { | 75 | typedef struct { |
65 | char *filename; | 76 | char *filename; |
66 | char *envvar; | 77 | char *envvar; |
67 | char *envval; | 78 | char *envval; |
79 | struct passwd *owner; | ||
68 | void *data; | 80 | void *data; |
69 | } ssh_gssapi_ccache; | 81 | } ssh_gssapi_ccache; |
70 | 82 | ||
@@ -72,8 +84,11 @@ typedef struct { | |||
72 | gss_buffer_desc displayname; | 84 | gss_buffer_desc displayname; |
73 | gss_buffer_desc exportedname; | 85 | gss_buffer_desc exportedname; |
74 | gss_cred_id_t creds; | 86 | gss_cred_id_t creds; |
87 | gss_name_t name; | ||
75 | struct ssh_gssapi_mech_struct *mech; | 88 | struct ssh_gssapi_mech_struct *mech; |
76 | ssh_gssapi_ccache store; | 89 | ssh_gssapi_ccache store; |
90 | int used; | ||
91 | int updated; | ||
77 | } ssh_gssapi_client; | 92 | } ssh_gssapi_client; |
78 | 93 | ||
79 | typedef struct ssh_gssapi_mech_struct { | 94 | typedef struct ssh_gssapi_mech_struct { |
@@ -84,6 +99,7 @@ typedef struct ssh_gssapi_mech_struct { | |||
84 | int (*userok) (ssh_gssapi_client *, char *); | 99 | int (*userok) (ssh_gssapi_client *, char *); |
85 | int (*localname) (ssh_gssapi_client *, char **); | 100 | int (*localname) (ssh_gssapi_client *, char **); |
86 | void (*storecreds) (ssh_gssapi_client *); | 101 | void (*storecreds) (ssh_gssapi_client *); |
102 | int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); | ||
87 | } ssh_gssapi_mech; | 103 | } ssh_gssapi_mech; |
88 | 104 | ||
89 | typedef struct { | 105 | typedef struct { |
@@ -94,10 +110,11 @@ typedef struct { | |||
94 | gss_OID oid; /* client */ | 110 | gss_OID oid; /* client */ |
95 | gss_cred_id_t creds; /* server */ | 111 | gss_cred_id_t creds; /* server */ |
96 | gss_name_t client; /* server */ | 112 | gss_name_t client; /* server */ |
97 | gss_cred_id_t client_creds; /* server */ | 113 | gss_cred_id_t client_creds; /* both */ |
98 | } Gssctxt; | 114 | } Gssctxt; |
99 | 115 | ||
100 | extern ssh_gssapi_mech *supported_mechs[]; | 116 | extern ssh_gssapi_mech *supported_mechs[]; |
117 | extern Gssctxt *gss_kex_context; | ||
101 | 118 | ||
102 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 119 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
103 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 120 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
@@ -119,16 +136,32 @@ void ssh_gssapi_build_ctx(Gssctxt **); | |||
119 | void ssh_gssapi_delete_ctx(Gssctxt **); | 136 | void ssh_gssapi_delete_ctx(Gssctxt **); |
120 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 137 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
121 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); | 138 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); |
122 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 139 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); |
140 | OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); | ||
141 | int ssh_gssapi_credentials_updated(Gssctxt *); | ||
123 | 142 | ||
124 | /* In the server */ | 143 | /* In the server */ |
144 | typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, | ||
145 | const char *); | ||
146 | char *ssh_gssapi_client_mechanisms(const char *, const char *); | ||
147 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, | ||
148 | const char *); | ||
149 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | ||
150 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, | ||
151 | const char *); | ||
125 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 152 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
126 | int ssh_gssapi_userok(char *name); | 153 | int ssh_gssapi_userok(char *name, struct passwd *); |
127 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 154 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
128 | void ssh_gssapi_do_child(char ***, u_int *); | 155 | void ssh_gssapi_do_child(char ***, u_int *); |
129 | void ssh_gssapi_cleanup_creds(void); | 156 | void ssh_gssapi_cleanup_creds(void); |
130 | void ssh_gssapi_storecreds(void); | 157 | void ssh_gssapi_storecreds(void); |
131 | 158 | ||
159 | char *ssh_gssapi_server_mechanisms(void); | ||
160 | int ssh_gssapi_oid_table_ok(void); | ||
161 | |||
162 | int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); | ||
163 | void ssh_gssapi_rekey_creds(void); | ||
164 | |||
132 | #endif /* GSSAPI */ | 165 | #endif /* GSSAPI */ |
133 | 166 | ||
134 | #endif /* _SSH_GSS_H */ | 167 | #endif /* _SSH_GSS_H */ |
diff --git a/ssh_config b/ssh_config index 03a228fbd..228e5abce 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -26,6 +26,8 @@ | |||
26 | # HostbasedAuthentication no | 26 | # HostbasedAuthentication no |
27 | # GSSAPIAuthentication no | 27 | # GSSAPIAuthentication no |
28 | # GSSAPIDelegateCredentials no | 28 | # GSSAPIDelegateCredentials no |
29 | # GSSAPIKeyExchange no | ||
30 | # GSSAPITrustDNS no | ||
29 | # BatchMode no | 31 | # BatchMode no |
30 | # CheckHostIP yes | 32 | # CheckHostIP yes |
31 | # AddressFamily any | 33 | # AddressFamily any |
diff --git a/ssh_config.5 b/ssh_config.5 index 5b0975f87..b2dc49b09 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -749,11 +749,45 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
749 | The default is | 749 | The default is |
750 | .Dq no . | 750 | .Dq no . |
751 | Note that this option applies to protocol version 2 only. | 751 | Note that this option applies to protocol version 2 only. |
752 | .It Cm GSSAPIKeyExchange | ||
753 | Specifies whether key exchange based on GSSAPI may be used. When using | ||
754 | GSSAPI key exchange the server need not have a host key. | ||
755 | The default is | ||
756 | .Dq no . | ||
757 | Note that this option applies to protocol version 2 only. | ||
758 | .It Cm GSSAPIClientIdentity | ||
759 | If set, specifies the GSSAPI client identity that ssh should use when | ||
760 | connecting to the server. The default is unset, which means that the default | ||
761 | identity will be used. | ||
762 | .It Cm GSSAPIServerIdentity | ||
763 | If set, specifies the GSSAPI server identity that ssh should expect when | ||
764 | connecting to the server. The default is unset, which means that the | ||
765 | expected GSSAPI server identity will be determined from the target | ||
766 | hostname. | ||
752 | .It Cm GSSAPIDelegateCredentials | 767 | .It Cm GSSAPIDelegateCredentials |
753 | Forward (delegate) credentials to the server. | 768 | Forward (delegate) credentials to the server. |
754 | The default is | 769 | The default is |
755 | .Dq no . | 770 | .Dq no . |
756 | Note that this option applies to protocol version 2 only. | 771 | Note that this option applies to protocol version 2 connections using GSSAPI. |
772 | .It Cm GSSAPIRenewalForcesRekey | ||
773 | If set to | ||
774 | .Dq yes | ||
775 | then renewal of the client's GSSAPI credentials will force the rekeying of the | ||
776 | ssh connection. With a compatible server, this can delegate the renewed | ||
777 | credentials to a session on the server. | ||
778 | The default is | ||
779 | .Dq no . | ||
780 | .It Cm GSSAPITrustDns | ||
781 | Set to | ||
782 | .Dq yes | ||
783 | to indicate that the DNS is trusted to securely canonicalize | ||
784 | the name of the host being connected to. If | ||
785 | .Dq no , | ||
786 | the hostname entered on the | ||
787 | command line will be passed untouched to the GSSAPI library. | ||
788 | The default is | ||
789 | .Dq no . | ||
790 | This option only applies to protocol version 2 connections using GSSAPI. | ||
757 | .It Cm HashKnownHosts | 791 | .It Cm HashKnownHosts |
758 | Indicates that | 792 | Indicates that |
759 | .Xr ssh 1 | 793 | .Xr ssh 1 |
diff --git a/sshconnect2.c b/sshconnect2.c index 775103185..e2ea82656 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
160 | struct kex *kex; | 160 | struct kex *kex; |
161 | int r; | 161 | int r; |
162 | 162 | ||
163 | #ifdef GSSAPI | ||
164 | char *orig = NULL, *gss = NULL; | ||
165 | char *gss_host = NULL; | ||
166 | #endif | ||
167 | |||
163 | xxx_host = host; | 168 | xxx_host = host; |
164 | xxx_hostaddr = hostaddr; | 169 | xxx_hostaddr = hostaddr; |
165 | 170 | ||
171 | #ifdef GSSAPI | ||
172 | if (options.gss_keyex) { | ||
173 | /* Add the GSSAPI mechanisms currently supported on this | ||
174 | * client to the key exchange algorithm proposal */ | ||
175 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
176 | |||
177 | if (options.gss_trust_dns) | ||
178 | gss_host = (char *)get_canonical_hostname(1); | ||
179 | else | ||
180 | gss_host = host; | ||
181 | |||
182 | gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity); | ||
183 | if (gss) { | ||
184 | debug("Offering GSSAPI proposal: %s", gss); | ||
185 | xasprintf(&myproposal[PROPOSAL_KEX_ALGS], | ||
186 | "%s,%s", gss, orig); | ||
187 | } | ||
188 | } | ||
189 | #endif | ||
190 | |||
166 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | 191 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( |
167 | options.kex_algorithms); | 192 | options.kex_algorithms); |
168 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 193 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
@@ -193,6 +218,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
193 | order_hostkeyalgs(host, hostaddr, port)); | 218 | order_hostkeyalgs(host, hostaddr, port)); |
194 | } | 219 | } |
195 | 220 | ||
221 | #ifdef GSSAPI | ||
222 | /* If we've got GSSAPI algorithms, then we also support the | ||
223 | * 'null' hostkey, as a last resort */ | ||
224 | if (options.gss_keyex && gss) { | ||
225 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
226 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
227 | "%s,null", orig); | ||
228 | free(gss); | ||
229 | } | ||
230 | #endif | ||
231 | |||
196 | if (options.rekey_limit || options.rekey_interval) | 232 | if (options.rekey_limit || options.rekey_interval) |
197 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 233 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
198 | (time_t)options.rekey_interval); | 234 | (time_t)options.rekey_interval); |
@@ -211,10 +247,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
211 | # endif | 247 | # endif |
212 | #endif | 248 | #endif |
213 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 249 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
250 | #ifdef GSSAPI | ||
251 | if (options.gss_keyex) { | ||
252 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; | ||
253 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client; | ||
254 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client; | ||
255 | } | ||
256 | #endif | ||
214 | kex->client_version_string=client_version_string; | 257 | kex->client_version_string=client_version_string; |
215 | kex->server_version_string=server_version_string; | 258 | kex->server_version_string=server_version_string; |
216 | kex->verify_host_key=&verify_host_key_callback; | 259 | kex->verify_host_key=&verify_host_key_callback; |
217 | 260 | ||
261 | #ifdef GSSAPI | ||
262 | if (options.gss_keyex) { | ||
263 | kex->gss_deleg_creds = options.gss_deleg_creds; | ||
264 | kex->gss_trust_dns = options.gss_trust_dns; | ||
265 | kex->gss_client = options.gss_client_identity; | ||
266 | if (options.gss_server_identity) { | ||
267 | kex->gss_host = options.gss_server_identity; | ||
268 | } else { | ||
269 | kex->gss_host = gss_host; | ||
270 | } | ||
271 | } | ||
272 | #endif | ||
273 | |||
218 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 274 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
219 | 275 | ||
220 | if (options.use_roaming && !kex->roaming) { | 276 | if (options.use_roaming && !kex->roaming) { |
@@ -306,6 +362,7 @@ int input_gssapi_token(int type, u_int32_t, void *); | |||
306 | int input_gssapi_hash(int type, u_int32_t, void *); | 362 | int input_gssapi_hash(int type, u_int32_t, void *); |
307 | int input_gssapi_error(int, u_int32_t, void *); | 363 | int input_gssapi_error(int, u_int32_t, void *); |
308 | int input_gssapi_errtok(int, u_int32_t, void *); | 364 | int input_gssapi_errtok(int, u_int32_t, void *); |
365 | int userauth_gsskeyex(Authctxt *authctxt); | ||
309 | #endif | 366 | #endif |
310 | 367 | ||
311 | void userauth(Authctxt *, char *); | 368 | void userauth(Authctxt *, char *); |
@@ -321,6 +378,11 @@ static char *authmethods_get(void); | |||
321 | 378 | ||
322 | Authmethod authmethods[] = { | 379 | Authmethod authmethods[] = { |
323 | #ifdef GSSAPI | 380 | #ifdef GSSAPI |
381 | {"gssapi-keyex", | ||
382 | userauth_gsskeyex, | ||
383 | NULL, | ||
384 | &options.gss_authentication, | ||
385 | NULL}, | ||
324 | {"gssapi-with-mic", | 386 | {"gssapi-with-mic", |
325 | userauth_gssapi, | 387 | userauth_gssapi, |
326 | NULL, | 388 | NULL, |
@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt) | |||
627 | static u_int mech = 0; | 689 | static u_int mech = 0; |
628 | OM_uint32 min; | 690 | OM_uint32 min; |
629 | int ok = 0; | 691 | int ok = 0; |
692 | const char *gss_host; | ||
693 | |||
694 | if (options.gss_server_identity) | ||
695 | gss_host = options.gss_server_identity; | ||
696 | else if (options.gss_trust_dns) | ||
697 | gss_host = get_canonical_hostname(1); | ||
698 | else | ||
699 | gss_host = authctxt->host; | ||
630 | 700 | ||
631 | /* Try one GSSAPI method at a time, rather than sending them all at | 701 | /* Try one GSSAPI method at a time, rather than sending them all at |
632 | * once. */ | 702 | * once. */ |
633 | 703 | ||
634 | if (gss_supported == NULL) | 704 | if (gss_supported == NULL) |
635 | gss_indicate_mechs(&min, &gss_supported); | 705 | if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) { |
706 | gss_supported = NULL; | ||
707 | return 0; | ||
708 | } | ||
636 | 709 | ||
637 | /* Check to see if the mechanism is usable before we offer it */ | 710 | /* Check to see if the mechanism is usable before we offer it */ |
638 | while (mech < gss_supported->count && !ok) { | 711 | while (mech < gss_supported->count && !ok) { |
639 | /* My DER encoding requires length<128 */ | 712 | /* My DER encoding requires length<128 */ |
640 | if (gss_supported->elements[mech].length < 128 && | 713 | if (gss_supported->elements[mech].length < 128 && |
641 | ssh_gssapi_check_mechanism(&gssctxt, | 714 | ssh_gssapi_check_mechanism(&gssctxt, |
642 | &gss_supported->elements[mech], authctxt->host)) { | 715 | &gss_supported->elements[mech], gss_host, |
716 | options.gss_client_identity)) { | ||
643 | ok = 1; /* Mechanism works */ | 717 | ok = 1; /* Mechanism works */ |
644 | } else { | 718 | } else { |
645 | mech++; | 719 | mech++; |
@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
736 | { | 810 | { |
737 | Authctxt *authctxt = ctxt; | 811 | Authctxt *authctxt = ctxt; |
738 | Gssctxt *gssctxt; | 812 | Gssctxt *gssctxt; |
739 | int oidlen; | 813 | u_int oidlen; |
740 | char *oidv; | 814 | u_char *oidv; |
741 | 815 | ||
742 | if (authctxt == NULL) | 816 | if (authctxt == NULL) |
743 | fatal("input_gssapi_response: no authentication context"); | 817 | fatal("input_gssapi_response: no authentication context"); |
@@ -850,6 +924,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) | |||
850 | free(lang); | 924 | free(lang); |
851 | return 0; | 925 | return 0; |
852 | } | 926 | } |
927 | |||
928 | int | ||
929 | userauth_gsskeyex(Authctxt *authctxt) | ||
930 | { | ||
931 | Buffer b; | ||
932 | gss_buffer_desc gssbuf; | ||
933 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; | ||
934 | OM_uint32 ms; | ||
935 | |||
936 | static int attempt = 0; | ||
937 | if (attempt++ >= 1) | ||
938 | return (0); | ||
939 | |||
940 | if (gss_kex_context == NULL) { | ||
941 | debug("No valid Key exchange context"); | ||
942 | return (0); | ||
943 | } | ||
944 | |||
945 | ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service, | ||
946 | "gssapi-keyex"); | ||
947 | |||
948 | gssbuf.value = buffer_ptr(&b); | ||
949 | gssbuf.length = buffer_len(&b); | ||
950 | |||
951 | if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) { | ||
952 | buffer_free(&b); | ||
953 | return (0); | ||
954 | } | ||
955 | |||
956 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | ||
957 | packet_put_cstring(authctxt->server_user); | ||
958 | packet_put_cstring(authctxt->service); | ||
959 | packet_put_cstring(authctxt->method->name); | ||
960 | packet_put_string(mic.value, mic.length); | ||
961 | packet_send(); | ||
962 | |||
963 | buffer_free(&b); | ||
964 | gss_release_buffer(&ms, &mic); | ||
965 | |||
966 | return (1); | ||
967 | } | ||
968 | |||
853 | #endif /* GSSAPI */ | 969 | #endif /* GSSAPI */ |
854 | 970 | ||
855 | int | 971 | int |
@@ -126,6 +126,10 @@ | |||
126 | #include "version.h" | 126 | #include "version.h" |
127 | #include "ssherr.h" | 127 | #include "ssherr.h" |
128 | 128 | ||
129 | #ifdef USE_SECURITY_SESSION_API | ||
130 | #include <Security/AuthSession.h> | ||
131 | #endif | ||
132 | |||
129 | #ifndef O_NOCTTY | 133 | #ifndef O_NOCTTY |
130 | #define O_NOCTTY 0 | 134 | #define O_NOCTTY 0 |
131 | #endif | 135 | #endif |
@@ -1827,10 +1831,13 @@ main(int ac, char **av) | |||
1827 | logit("Disabling protocol version 1. Could not load host key"); | 1831 | logit("Disabling protocol version 1. Could not load host key"); |
1828 | options.protocol &= ~SSH_PROTO_1; | 1832 | options.protocol &= ~SSH_PROTO_1; |
1829 | } | 1833 | } |
1834 | #ifndef GSSAPI | ||
1835 | /* The GSSAPI key exchange can run without a host key */ | ||
1830 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { | 1836 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { |
1831 | logit("Disabling protocol version 2. Could not load host key"); | 1837 | logit("Disabling protocol version 2. Could not load host key"); |
1832 | options.protocol &= ~SSH_PROTO_2; | 1838 | options.protocol &= ~SSH_PROTO_2; |
1833 | } | 1839 | } |
1840 | #endif | ||
1834 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 1841 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
1835 | logit("sshd: no hostkeys available -- exiting."); | 1842 | logit("sshd: no hostkeys available -- exiting."); |
1836 | exit(1); | 1843 | exit(1); |
@@ -2145,6 +2152,60 @@ main(int ac, char **av) | |||
2145 | remote_ip, remote_port, laddr, get_local_port()); | 2152 | remote_ip, remote_port, laddr, get_local_port()); |
2146 | free(laddr); | 2153 | free(laddr); |
2147 | 2154 | ||
2155 | #ifdef USE_SECURITY_SESSION_API | ||
2156 | /* | ||
2157 | * Create a new security session for use by the new user login if | ||
2158 | * the current session is the root session or we are not launched | ||
2159 | * by inetd (eg: debugging mode or server mode). We do not | ||
2160 | * necessarily need to create a session if we are launched from | ||
2161 | * inetd because Panther xinetd will create a session for us. | ||
2162 | * | ||
2163 | * The only case where this logic will fail is if there is an | ||
2164 | * inetd running in a non-root session which is not creating | ||
2165 | * new sessions for us. Then all the users will end up in the | ||
2166 | * same session (bad). | ||
2167 | * | ||
2168 | * When the client exits, the session will be destroyed for us | ||
2169 | * automatically. | ||
2170 | * | ||
2171 | * We must create the session before any credentials are stored | ||
2172 | * (including AFS pags, which happens a few lines below). | ||
2173 | */ | ||
2174 | { | ||
2175 | OSStatus err = 0; | ||
2176 | SecuritySessionId sid = 0; | ||
2177 | SessionAttributeBits sattrs = 0; | ||
2178 | |||
2179 | err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); | ||
2180 | if (err) | ||
2181 | error("SessionGetInfo() failed with error %.8X", | ||
2182 | (unsigned) err); | ||
2183 | else | ||
2184 | debug("Current Session ID is %.8X / Session Attributes are %.8X", | ||
2185 | (unsigned) sid, (unsigned) sattrs); | ||
2186 | |||
2187 | if (inetd_flag && !(sattrs & sessionIsRoot)) | ||
2188 | debug("Running in inetd mode in a non-root session... " | ||
2189 | "assuming inetd created the session for us."); | ||
2190 | else { | ||
2191 | debug("Creating new security session..."); | ||
2192 | err = SessionCreate(0, sessionHasTTY | sessionIsRemote); | ||
2193 | if (err) | ||
2194 | error("SessionCreate() failed with error %.8X", | ||
2195 | (unsigned) err); | ||
2196 | |||
2197 | err = SessionGetInfo(callerSecuritySession, &sid, | ||
2198 | &sattrs); | ||
2199 | if (err) | ||
2200 | error("SessionGetInfo() failed with error %.8X", | ||
2201 | (unsigned) err); | ||
2202 | else | ||
2203 | debug("New Session ID is %.8X / Session Attributes are %.8X", | ||
2204 | (unsigned) sid, (unsigned) sattrs); | ||
2205 | } | ||
2206 | } | ||
2207 | #endif | ||
2208 | |||
2148 | /* | 2209 | /* |
2149 | * We don't want to listen forever unless the other side | 2210 | * We don't want to listen forever unless the other side |
2150 | * successfully authenticates itself. So we set up an alarm which is | 2211 | * successfully authenticates itself. So we set up an alarm which is |
@@ -2563,6 +2624,48 @@ do_ssh2_kex(void) | |||
2563 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 2624 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
2564 | list_hostkey_types()); | 2625 | list_hostkey_types()); |
2565 | 2626 | ||
2627 | #ifdef GSSAPI | ||
2628 | { | ||
2629 | char *orig; | ||
2630 | char *gss = NULL; | ||
2631 | char *newstr = NULL; | ||
2632 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
2633 | |||
2634 | /* | ||
2635 | * If we don't have a host key, then there's no point advertising | ||
2636 | * the other key exchange algorithms | ||
2637 | */ | ||
2638 | |||
2639 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
2640 | orig = NULL; | ||
2641 | |||
2642 | if (options.gss_keyex) | ||
2643 | gss = ssh_gssapi_server_mechanisms(); | ||
2644 | else | ||
2645 | gss = NULL; | ||
2646 | |||
2647 | if (gss && orig) | ||
2648 | xasprintf(&newstr, "%s,%s", gss, orig); | ||
2649 | else if (gss) | ||
2650 | newstr = gss; | ||
2651 | else if (orig) | ||
2652 | newstr = orig; | ||
2653 | |||
2654 | /* | ||
2655 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
2656 | * key alg, but we can't tell people about it unless its the only | ||
2657 | * host key algorithm we support | ||
2658 | */ | ||
2659 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
2660 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
2661 | |||
2662 | if (newstr) | ||
2663 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
2664 | else | ||
2665 | fatal("No supported key exchange algorithms"); | ||
2666 | } | ||
2667 | #endif | ||
2668 | |||
2566 | /* start key exchange */ | 2669 | /* start key exchange */ |
2567 | if ((r = kex_setup(active_state, myproposal)) != 0) | 2670 | if ((r = kex_setup(active_state, myproposal)) != 0) |
2568 | fatal("kex_setup: %s", ssh_err(r)); | 2671 | fatal("kex_setup: %s", ssh_err(r)); |
@@ -2577,6 +2680,13 @@ do_ssh2_kex(void) | |||
2577 | # endif | 2680 | # endif |
2578 | #endif | 2681 | #endif |
2579 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 2682 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
2683 | #ifdef GSSAPI | ||
2684 | if (options.gss_keyex) { | ||
2685 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | ||
2686 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
2687 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | ||
2688 | } | ||
2689 | #endif | ||
2580 | kex->server = 1; | 2690 | kex->server = 1; |
2581 | kex->client_version_string=client_version_string; | 2691 | kex->client_version_string=client_version_string; |
2582 | kex->server_version_string=server_version_string; | 2692 | kex->server_version_string=server_version_string; |
diff --git a/sshd_config b/sshd_config index 4d77f05aa..64786c935 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -84,6 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
84 | # GSSAPI options | 84 | # GSSAPI options |
85 | #GSSAPIAuthentication no | 85 | #GSSAPIAuthentication no |
86 | #GSSAPICleanupCredentials yes | 86 | #GSSAPICleanupCredentials yes |
87 | #GSSAPIStrictAcceptorCheck yes | ||
88 | #GSSAPIKeyExchange no | ||
87 | 89 | ||
88 | # Set this to 'yes' to enable PAM authentication, account processing, | 90 | # Set this to 'yes' to enable PAM authentication, account processing, |
89 | # and session processing. If this is enabled, PAM authentication will | 91 | # and session processing. If this is enabled, PAM authentication will |
diff --git a/sshd_config.5 b/sshd_config.5 index 58e277f95..712f62019 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -621,6 +621,12 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
621 | The default is | 621 | The default is |
622 | .Dq no . | 622 | .Dq no . |
623 | Note that this option applies to protocol version 2 only. | 623 | Note that this option applies to protocol version 2 only. |
624 | .It Cm GSSAPIKeyExchange | ||
625 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
626 | doesn't rely on ssh keys to verify host identity. | ||
627 | The default is | ||
628 | .Dq no . | ||
629 | Note that this option applies to protocol version 2 only. | ||
624 | .It Cm GSSAPICleanupCredentials | 630 | .It Cm GSSAPICleanupCredentials |
625 | Specifies whether to automatically destroy the user's credentials cache | 631 | Specifies whether to automatically destroy the user's credentials cache |
626 | on logout. | 632 | on logout. |
@@ -642,6 +648,11 @@ machine's default store. | |||
642 | This facility is provided to assist with operation on multi homed machines. | 648 | This facility is provided to assist with operation on multi homed machines. |
643 | The default is | 649 | The default is |
644 | .Dq yes . | 650 | .Dq yes . |
651 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
652 | Controls whether the user's GSSAPI credentials should be updated following a | ||
653 | successful connection rekeying. This option can be used to accepted renewed | ||
654 | or updated credentials from a compatible client. The default is | ||
655 | .Dq no . | ||
645 | .It Cm HostbasedAcceptedKeyTypes | 656 | .It Cm HostbasedAcceptedKeyTypes |
646 | Specifies the key types that will be accepted for hostbased authentication | 657 | Specifies the key types that will be accepted for hostbased authentication |
647 | as a comma-separated pattern list. | 658 | as a comma-separated pattern list. |
@@ -112,6 +112,7 @@ static const struct keytype keytypes[] = { | |||
112 | # endif /* OPENSSL_HAS_NISTP521 */ | 112 | # endif /* OPENSSL_HAS_NISTP521 */ |
113 | # endif /* OPENSSL_HAS_ECC */ | 113 | # endif /* OPENSSL_HAS_ECC */ |
114 | #endif /* WITH_OPENSSL */ | 114 | #endif /* WITH_OPENSSL */ |
115 | { "null", "null", KEY_NULL, 0, 0 }, | ||
115 | { NULL, NULL, -1, -1, 0 } | 116 | { NULL, NULL, -1, -1, 0 } |
116 | }; | 117 | }; |
117 | 118 | ||
@@ -200,7 +201,7 @@ key_alg_list(int certs_only, int plain_only) | |||
200 | const struct keytype *kt; | 201 | const struct keytype *kt; |
201 | 202 | ||
202 | for (kt = keytypes; kt->type != -1; kt++) { | 203 | for (kt = keytypes; kt->type != -1; kt++) { |
203 | if (kt->name == NULL) | 204 | if (kt->name == NULL || kt->type == KEY_NULL) |
204 | continue; | 205 | continue; |
205 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) | 206 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
206 | continue; | 207 | continue; |
@@ -62,6 +62,7 @@ enum sshkey_types { | |||
62 | KEY_DSA_CERT, | 62 | KEY_DSA_CERT, |
63 | KEY_ECDSA_CERT, | 63 | KEY_ECDSA_CERT, |
64 | KEY_ED25519_CERT, | 64 | KEY_ED25519_CERT, |
65 | KEY_NULL, | ||
65 | KEY_UNSPEC | 66 | KEY_UNSPEC |
66 | }; | 67 | }; |
67 | 68 | ||