1 files changed, 101 insertions, 41 deletions
diff --git a/kexgssc.c b/kexgssc.c
index eee96dd23..1843403b6 100644
--- a/kexgssc.c
+++ b/kexgssc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2004 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -42,34 +42,68 @@
 void
 kexgss_client(Kex *kex) {
-        gss_buffer_desc gssbuf, send_tok, recv_tok, msg_tok, *token_ptr;
+        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
        Gssctxt *ctxt;
        OM_uint32 maj_status, min_status, ret_flags;
        unsigned int klen, kout;
        DH *dh; 
-        BIGNUM *dh_server_pub = 0;
+        BIGNUM *dh_server_pub = NULL;
-        BIGNUM *shared_secret = 0;      
+        BIGNUM *shared_secret = NULL;
+        BIGNUM *p = NULL;
+        BIGNUM *g = NULL;       
        unsigned char *kbuf;
        unsigned char *hash;
-        unsigned char *serverhostkey;
+        unsigned char *serverhostkey = NULL;
        char *msg;
        char *lang;
        int type = 0;
        int first = 1;
        int slen = 0;
+        int gex = 0;
+        int nbits, min, max;
        u_int strlen;
-        
+        /* Initialise our GSSAPI world */       
        ssh_gssapi_build_ctx(&ctxt);
-        if (ssh_gssapi_id_kex(ctxt,kex->name) == NULL)
+        if (ssh_gssapi_id_kex(ctxt, kex->name, &gex) == NULL)
                fatal("Couldn't identify host exchange");
-        if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1)))
+        if (ssh_gssapi_import_name(ctxt, kex->gss_host))
-                fatal("Couldn't import hostname ");
+                fatal("Couldn't import hostname");
+        
+        if (gex) {
+                debug("Doing group exchange\n");
+                nbits = dh_estimate(kex->we_need * 8);
+                min = DH_GRP_MIN;
+                max = DH_GRP_MAX;
+                packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
+                packet_put_int(min);
+                packet_put_int(nbits);
+                packet_put_int(max);
+                packet_send();
+                packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
+                if ((p = BN_new()) == NULL)
+                        fatal("BN_new() failed");
+                packet_get_bignum2(p);
+                if ((g = BN_new()) == NULL)
+                        fatal("BN_new() failed");
+                packet_get_bignum2(g);
+                packet_check_eom();
+                if (BN_num_bits(p) < min || BN_num_bits(p) > max)
+                        fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
+                            min, BN_num_bits(p), max);
+                dh = dh_new_group(g, p);
+        } else {
+                dh = dh_new_group1();
+        }
        
-        /* This code should match that in ssh_dh1_client */
-                
        /* Step 1 - e is dh->pub_key */
-        dh = dh_new_group1();
        dh_gen_key(dh, kex->we_need * 8);
        /* This is f, we initialise it now to make life easier */
@@ -97,7 +131,7 @@ kexgss_client(Kex *kex) {
                /* If we've got an old receive buffer get rid of it */
                if (token_ptr != GSS_C_NO_BUFFER)
-                        (void) gss_release_buffer(&min_status, &recv_tok);
+                        xfree(recv_tok.value);
                if (maj_status == GSS_S_COMPLETE) {
                        /* If mutual state flag is not true, kex fails */
@@ -126,15 +160,21 @@ kexgss_client(Kex *kex) {
                                    send_tok.length);
                        }
                        packet_send();
+                        gss_release_buffer(&min_status, &send_tok);
                        /* If we've sent them data, they should reply */
-                
+                        do {    
-                        type = packet_read();
+                                type = packet_read();
+                                if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
+                                        debug("Received KEXGSS_HOSTKEY");
+                                        if (serverhostkey)
+                                                fatal("Server host key received more than once");
+                                        serverhostkey = 
+                                            packet_get_string(&slen);
+                                }
+                        } while (type == SSH2_MSG_KEXGSS_HOSTKEY);
                        switch (type) {
-                        case SSH2_MSG_KEXGSS_HOSTKEY:
-                                debug("Received KEXGSS_HOSTKEY");
-                                serverhostkey = packet_get_string(&slen);
-                                break;
                        case SSH2_MSG_KEXGSS_CONTINUE:
                                debug("Received GSSAPI_CONTINUE");
                                if (maj_status == GSS_S_COMPLETE) 
@@ -144,8 +184,8 @@ kexgss_client(Kex *kex) {
                                break;
                        case SSH2_MSG_KEXGSS_COMPLETE:
                                debug("Received GSSAPI_COMPLETE");
-                                packet_get_bignum2(dh_server_pub);
+                                packet_get_bignum2(dh_server_pub);
-                                msg_tok.value = packet_get_string(&strlen);
+                                msg_tok.value =  packet_get_string(&strlen);
                                msg_tok.length = strlen; 
                                /* Is there a token included? */
@@ -156,10 +196,10 @@ kexgss_client(Kex *kex) {
                                        /* If we're already complete - protocol error */
                                        if (maj_status == GSS_S_COMPLETE)
                                                packet_disconnect("Protocol error: received token when complete");
-                                } else {
+                                        } else {
-                                        /* No token included */
+                                                /* No token included */
-                                        if (maj_status != GSS_S_COMPLETE)
+                                                if (maj_status != GSS_S_COMPLETE)
-                                                packet_disconnect("Protocol error: did not receive final token");
+                                                        packet_disconnect("Protocol error: did not receive final token");
                                }
                                break;
                        case SSH2_MSG_KEXGSS_ERROR:
@@ -168,7 +208,7 @@ kexgss_client(Kex *kex) {
                                min_status = packet_get_int();
                                msg = packet_get_string(NULL);
                                lang = packet_get_string(NULL);
-                                fprintf(stderr,"GSSAPI Error: \n%s",msg);
+                                fatal("GSSAPI Error: \n%s",msg);
                        default:
                                packet_disconnect("Protocol error: didn't expect packet type %d",
                                type);
@@ -181,12 +221,12 @@ kexgss_client(Kex *kex) {
                }
        } while (maj_status & GSS_S_CONTINUE_NEEDED);
-        /* 
+        /* 
         * We _must_ have received a COMPLETE message in reply from the 
-         * server, which will have set dh_server_pub and msg_tok 
+         * server, which will have set dh_server_pub and msg_tok 
         */
-        if (type!=SSH2_MSG_KEXGSS_COMPLETE)
+        if (type != SSH2_MSG_KEXGSS_COMPLETE)
                fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
        /* Check f in range [1, p-1] */
@@ -203,25 +243,45 @@ kexgss_client(Kex *kex) {
        memset(kbuf, 0, klen);
        xfree(kbuf);
-        /* The GSS hash is identical to the DH one */
+        if (gex) {
-        hash = kex_dh_hash( kex->client_version_string, 
+                hash = kexgex_hash( kex->client_version_string,
-            kex->server_version_string,
+                    kex->server_version_string,
-            buffer_ptr(&kex->my), buffer_len(&kex->my),
+                    buffer_ptr(&kex->my), buffer_len(&kex->my),
-            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+                    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
-            serverhostkey, slen, /* server host key */
+                    serverhostkey, slen,
-            dh->pub_key,        /* e */
+                    min, nbits, max,
-            dh_server_pub,      /* f */
+                    dh->p, dh->g,
-            shared_secret       /* K */
+                    dh->pub_key,
-        );
+                    dh_server_pub,
-        
+                    shared_secret
+                );
+        } else {
+                /* The GSS hash is identical to the DH one */
+                hash = kex_dh_hash( kex->client_version_string, 
+                    kex->server_version_string,
+                    buffer_ptr(&kex->my), buffer_len(&kex->my),
+                    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+                    serverhostkey, slen, /* server host key */
+                    dh->pub_key,        /* e */
+                    dh_server_pub,      /* f */
+                    shared_secret       /* K */
+                );
+        }
        gssbuf.value = hash;
        gssbuf.length = 20;
        /* Verify that the hash matches the MIC we just got. */
        if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
                packet_disconnect("Hash's MIC didn't verify");
-        
+        xfree(msg_tok.value);
        DH_free(dh);
+        if (serverhostkey)
+                xfree(serverhostkey);
+        BN_clear_free(dh_server_pub);
        /* save session id */
        if (kex->session_id == NULL) {
                kex->session_id_len = 20;

diff --git a/kexgssc.c b/kexgssc.c index eee96dd23..1843403b6 100644 --- a/kexgssc.c +++ b/kexgssc.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	* Copyright (c) 2001-2004 Simon Wilkinson. All rights reserved.	2	* Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
3	*	3	*
4	* Redistribution and use in source and binary forms, with or without	4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions	5	* modification, are permitted provided that the following conditions
@@ -42,34 +42,68 @@
42		42
43	void	43	void
44	kexgss_client(Kex *kex) {	44	kexgss_client(Kex *kex) {
45	gss_buffer_desc gssbuf, send_tok, recv_tok, msg_tok, *token_ptr;	45	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
		46	gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
46	Gssctxt *ctxt;	47	Gssctxt *ctxt;
47	OM_uint32 maj_status, min_status, ret_flags;	48	OM_uint32 maj_status, min_status, ret_flags;
48	unsigned int klen, kout;	49	unsigned int klen, kout;
49	DH *dh;	50	DH *dh;
50	BIGNUM *dh_server_pub = 0;	51	BIGNUM *dh_server_pub = NULL;
51	BIGNUM *shared_secret = 0;	52	BIGNUM *shared_secret = NULL;
		53	BIGNUM *p = NULL;
		54	BIGNUM *g = NULL;
52	unsigned char *kbuf;	55	unsigned char *kbuf;
53	unsigned char *hash;	56	unsigned char *hash;
54	unsigned char *serverhostkey;	57	unsigned char *serverhostkey = NULL;
55	char *msg;	58	char *msg;
56	char *lang;	59	char *lang;
57	int type = 0;	60	int type = 0;
58	int first = 1;	61	int first = 1;
59	int slen = 0;	62	int slen = 0;
		63	int gex = 0;
		64	int nbits, min, max;
60	u_int strlen;	65	u_int strlen;
61		66
		67	/* Initialise our GSSAPI world */
62	ssh_gssapi_build_ctx(&ctxt);	68	ssh_gssapi_build_ctx(&ctxt);
63	if (ssh_gssapi_id_kex(ctxt,kex->name) == NULL)	69	if (ssh_gssapi_id_kex(ctxt, kex->name, &gex) == NULL)
64	fatal("Couldn't identify host exchange");	70	fatal("Couldn't identify host exchange");
65		71
66	if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1)))	72	if (ssh_gssapi_import_name(ctxt, kex->gss_host))
67	fatal("Couldn't import hostname ");	73	fatal("Couldn't import hostname");
		74
		75	if (gex) {
		76	debug("Doing group exchange\n");
		77	nbits = dh_estimate(kex->we_need * 8);
		78	min = DH_GRP_MIN;
		79	max = DH_GRP_MAX;
		80	packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
		81	packet_put_int(min);
		82	packet_put_int(nbits);
		83	packet_put_int(max);
		84
		85	packet_send();
		86
		87	packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
		88
		89	if ((p = BN_new()) == NULL)
		90	fatal("BN_new() failed");
		91	packet_get_bignum2(p);
		92	if ((g = BN_new()) == NULL)
		93	fatal("BN_new() failed");
		94	packet_get_bignum2(g);
		95	packet_check_eom();
		96
		97	if (BN_num_bits(p) < min \|\| BN_num_bits(p) > max)
		98	fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
		99	min, BN_num_bits(p), max);
		100
		101	dh = dh_new_group(g, p);
		102	} else {
		103	dh = dh_new_group1();
		104	}
68		105
69	/* This code should match that in ssh_dh1_client */
70
71	/* Step 1 - e is dh->pub_key */	106	/* Step 1 - e is dh->pub_key */
72	dh = dh_new_group1();
73	dh_gen_key(dh, kex->we_need * 8);	107	dh_gen_key(dh, kex->we_need * 8);
74		108
75	/* This is f, we initialise it now to make life easier */	109	/* This is f, we initialise it now to make life easier */
@@ -97,7 +131,7 @@ kexgss_client(Kex *kex) {
97		131
98	/* If we've got an old receive buffer get rid of it */	132	/* If we've got an old receive buffer get rid of it */
99	if (token_ptr != GSS_C_NO_BUFFER)	133	if (token_ptr != GSS_C_NO_BUFFER)
100	(void) gss_release_buffer(&min_status, &recv_tok);	134	xfree(recv_tok.value);
101		135
102	if (maj_status == GSS_S_COMPLETE) {	136	if (maj_status == GSS_S_COMPLETE) {
103	/* If mutual state flag is not true, kex fails */	137	/* If mutual state flag is not true, kex fails */
@@ -126,15 +160,21 @@ kexgss_client(Kex *kex) {
126	send_tok.length);	160	send_tok.length);
127	}	161	}
128	packet_send();	162	packet_send();
		163	gss_release_buffer(&min_status, &send_tok);
129		164
130	/* If we've sent them data, they should reply */	165	/* If we've sent them data, they should reply */
131		166	do {
132	type = packet_read();	167	type = packet_read();
		168	if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
		169	debug("Received KEXGSS_HOSTKEY");
		170	if (serverhostkey)
		171	fatal("Server host key received more than once");
		172	serverhostkey =
		173	packet_get_string(&slen);
		174	}
		175	} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
		176
133	switch (type) {	177	switch (type) {
134	case SSH2_MSG_KEXGSS_HOSTKEY:
135	debug("Received KEXGSS_HOSTKEY");
136	serverhostkey = packet_get_string(&slen);
137	break;
138	case SSH2_MSG_KEXGSS_CONTINUE:	178	case SSH2_MSG_KEXGSS_CONTINUE:
139	debug("Received GSSAPI_CONTINUE");	179	debug("Received GSSAPI_CONTINUE");
140	if (maj_status == GSS_S_COMPLETE)	180	if (maj_status == GSS_S_COMPLETE)
@@ -144,8 +184,8 @@ kexgss_client(Kex *kex) {
144	break;	184	break;
145	case SSH2_MSG_KEXGSS_COMPLETE:	185	case SSH2_MSG_KEXGSS_COMPLETE:
146	debug("Received GSSAPI_COMPLETE");	186	debug("Received GSSAPI_COMPLETE");
147	packet_get_bignum2(dh_server_pub);	187	packet_get_bignum2(dh_server_pub);
148	msg_tok.value = packet_get_string(&strlen);	188	msg_tok.value = packet_get_string(&strlen);
149	msg_tok.length = strlen;	189	msg_tok.length = strlen;
150		190
151	/* Is there a token included? */	191	/* Is there a token included? */
@@ -156,10 +196,10 @@ kexgss_client(Kex *kex) {
156	/* If we're already complete - protocol error */	196	/* If we're already complete - protocol error */
157	if (maj_status == GSS_S_COMPLETE)	197	if (maj_status == GSS_S_COMPLETE)
158	packet_disconnect("Protocol error: received token when complete");	198	packet_disconnect("Protocol error: received token when complete");
159	} else {	199	} else {
160	/* No token included */	200	/* No token included */
161	if (maj_status != GSS_S_COMPLETE)	201	if (maj_status != GSS_S_COMPLETE)
162	packet_disconnect("Protocol error: did not receive final token");	202	packet_disconnect("Protocol error: did not receive final token");
163	}	203	}
164	break;	204	break;
165	case SSH2_MSG_KEXGSS_ERROR:	205	case SSH2_MSG_KEXGSS_ERROR:
@@ -168,7 +208,7 @@ kexgss_client(Kex *kex) {
168	min_status = packet_get_int();	208	min_status = packet_get_int();
169	msg = packet_get_string(NULL);	209	msg = packet_get_string(NULL);
170	lang = packet_get_string(NULL);	210	lang = packet_get_string(NULL);
171	fprintf(stderr,"GSSAPI Error: \n%s",msg);	211	fatal("GSSAPI Error: \n%s",msg);
172	default:	212	default:
173	packet_disconnect("Protocol error: didn't expect packet type %d",	213	packet_disconnect("Protocol error: didn't expect packet type %d",
174	type);	214	type);
@@ -181,12 +221,12 @@ kexgss_client(Kex *kex) {
181	}	221	}
182	} while (maj_status & GSS_S_CONTINUE_NEEDED);	222	} while (maj_status & GSS_S_CONTINUE_NEEDED);
183		223
184	/*	224	/*
185	* We _must_ have received a COMPLETE message in reply from the	225	* We _must_ have received a COMPLETE message in reply from the
186	* server, which will have set dh_server_pub and msg_tok	226	* server, which will have set dh_server_pub and msg_tok
187	*/	227	*/
188		228
189	if (type!=SSH2_MSG_KEXGSS_COMPLETE)	229	if (type != SSH2_MSG_KEXGSS_COMPLETE)
190	fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");	230	fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
191		231
192	/* Check f in range [1, p-1] */	232	/* Check f in range [1, p-1] */
@@ -203,25 +243,45 @@ kexgss_client(Kex *kex) {
203	memset(kbuf, 0, klen);	243	memset(kbuf, 0, klen);
204	xfree(kbuf);	244	xfree(kbuf);
205		245
206	/* The GSS hash is identical to the DH one */	246	if (gex) {
207	hash = kex_dh_hash( kex->client_version_string,	247	hash = kexgex_hash( kex->client_version_string,
208	kex->server_version_string,	248	kex->server_version_string,
209	buffer_ptr(&kex->my), buffer_len(&kex->my),	249	buffer_ptr(&kex->my), buffer_len(&kex->my),
210	buffer_ptr(&kex->peer), buffer_len(&kex->peer),	250	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
211	serverhostkey, slen, /* server host key */	251	serverhostkey, slen,
212	dh->pub_key, /* e */	252	min, nbits, max,
213	dh_server_pub, /* f */	253	dh->p, dh->g,
214	shared_secret /* K */	254	dh->pub_key,
215	);	255	dh_server_pub,
216		256	shared_secret
		257	);
		258	} else {
		259	/* The GSS hash is identical to the DH one */
		260	hash = kex_dh_hash( kex->client_version_string,
		261	kex->server_version_string,
		262	buffer_ptr(&kex->my), buffer_len(&kex->my),
		263	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
		264	serverhostkey, slen, /* server host key */
		265	dh->pub_key, /* e */
		266	dh_server_pub, /* f */
		267	shared_secret /* K */
		268	);
		269	}
		270
217	gssbuf.value = hash;	271	gssbuf.value = hash;
218	gssbuf.length = 20;	272	gssbuf.length = 20;
219		273
220	/* Verify that the hash matches the MIC we just got. */	274	/* Verify that the hash matches the MIC we just got. */
221	if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))	275	if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
222	packet_disconnect("Hash's MIC didn't verify");	276	packet_disconnect("Hash's MIC didn't verify");
223		277
		278	xfree(msg_tok.value);
		279
224	DH_free(dh);	280	DH_free(dh);
		281	if (serverhostkey)
		282	xfree(serverhostkey);
		283	BN_clear_free(dh_server_pub);
		284
225	/* save session id */	285	/* save session id */
226	if (kex->session_id == NULL) {	286	if (kex->session_id == NULL) {
227	kex->session_id_len = 20;	287	kex->session_id_len = 20;