diff options
Diffstat (limited to 'ssh-gss.h')
-rw-r--r-- | ssh-gss.h | 54 |
1 files changed, 50 insertions, 4 deletions
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -61,10 +61,34 @@ | |||
61 | 61 | ||
62 | #define SSH_GSS_OIDTYPE 0x06 | 62 | #define SSH_GSS_OIDTYPE 0x06 |
63 | 63 | ||
64 | #define SSH2_MSG_KEXGSS_INIT 30 | ||
65 | #define SSH2_MSG_KEXGSS_CONTINUE 31 | ||
66 | #define SSH2_MSG_KEXGSS_COMPLETE 32 | ||
67 | #define SSH2_MSG_KEXGSS_HOSTKEY 33 | ||
68 | #define SSH2_MSG_KEXGSS_ERROR 34 | ||
69 | #define SSH2_MSG_KEXGSS_GROUPREQ 40 | ||
70 | #define SSH2_MSG_KEXGSS_GROUP 41 | ||
71 | #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" | ||
72 | #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" | ||
73 | #define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-" | ||
74 | #define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-" | ||
75 | #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" | ||
76 | #define KEX_GSS_NISTP256_SHA256_ID "gss-nistp256-sha256-" | ||
77 | #define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" | ||
78 | |||
79 | #define GSS_KEX_DEFAULT_KEX \ | ||
80 | KEX_GSS_GRP14_SHA256_ID "," \ | ||
81 | KEX_GSS_GRP16_SHA512_ID "," \ | ||
82 | KEX_GSS_NISTP256_SHA256_ID "," \ | ||
83 | KEX_GSS_C25519_SHA256_ID "," \ | ||
84 | KEX_GSS_GRP14_SHA1_ID "," \ | ||
85 | KEX_GSS_GEX_SHA1_ID | ||
86 | |||
64 | typedef struct { | 87 | typedef struct { |
65 | char *filename; | 88 | char *filename; |
66 | char *envvar; | 89 | char *envvar; |
67 | char *envval; | 90 | char *envval; |
91 | struct passwd *owner; | ||
68 | void *data; | 92 | void *data; |
69 | } ssh_gssapi_ccache; | 93 | } ssh_gssapi_ccache; |
70 | 94 | ||
@@ -72,8 +96,11 @@ typedef struct { | |||
72 | gss_buffer_desc displayname; | 96 | gss_buffer_desc displayname; |
73 | gss_buffer_desc exportedname; | 97 | gss_buffer_desc exportedname; |
74 | gss_cred_id_t creds; | 98 | gss_cred_id_t creds; |
99 | gss_name_t name; | ||
75 | struct ssh_gssapi_mech_struct *mech; | 100 | struct ssh_gssapi_mech_struct *mech; |
76 | ssh_gssapi_ccache store; | 101 | ssh_gssapi_ccache store; |
102 | int used; | ||
103 | int updated; | ||
77 | } ssh_gssapi_client; | 104 | } ssh_gssapi_client; |
78 | 105 | ||
79 | typedef struct ssh_gssapi_mech_struct { | 106 | typedef struct ssh_gssapi_mech_struct { |
@@ -84,6 +111,7 @@ typedef struct ssh_gssapi_mech_struct { | |||
84 | int (*userok) (ssh_gssapi_client *, char *); | 111 | int (*userok) (ssh_gssapi_client *, char *); |
85 | int (*localname) (ssh_gssapi_client *, char **); | 112 | int (*localname) (ssh_gssapi_client *, char **); |
86 | void (*storecreds) (ssh_gssapi_client *); | 113 | void (*storecreds) (ssh_gssapi_client *); |
114 | int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); | ||
87 | } ssh_gssapi_mech; | 115 | } ssh_gssapi_mech; |
88 | 116 | ||
89 | typedef struct { | 117 | typedef struct { |
@@ -94,10 +122,11 @@ typedef struct { | |||
94 | gss_OID oid; /* client */ | 122 | gss_OID oid; /* client */ |
95 | gss_cred_id_t creds; /* server */ | 123 | gss_cred_id_t creds; /* server */ |
96 | gss_name_t client; /* server */ | 124 | gss_name_t client; /* server */ |
97 | gss_cred_id_t client_creds; /* server */ | 125 | gss_cred_id_t client_creds; /* both */ |
98 | } Gssctxt; | 126 | } Gssctxt; |
99 | 127 | ||
100 | extern ssh_gssapi_mech *supported_mechs[]; | 128 | extern ssh_gssapi_mech *supported_mechs[]; |
129 | extern Gssctxt *gss_kex_context; | ||
101 | 130 | ||
102 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 131 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
103 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 132 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
@@ -109,6 +138,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); | |||
109 | 138 | ||
110 | struct sshbuf; | 139 | struct sshbuf; |
111 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); | 140 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); |
141 | int ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *, gss_buffer_desc *); | ||
112 | 142 | ||
113 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); | 143 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); |
114 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, | 144 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, |
@@ -123,17 +153,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **); | |||
123 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 153 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
124 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, | 154 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, |
125 | const char *, const char *); | 155 | const char *, const char *); |
126 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 156 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); |
157 | OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); | ||
158 | int ssh_gssapi_credentials_updated(Gssctxt *); | ||
127 | 159 | ||
128 | /* In the server */ | 160 | /* In the server */ |
161 | typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, | ||
162 | const char *); | ||
163 | char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *); | ||
164 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, | ||
165 | const char *, const char *); | ||
166 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | ||
167 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, | ||
168 | const char *); | ||
129 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 169 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
130 | int ssh_gssapi_userok(char *name); | 170 | int ssh_gssapi_userok(char *name, struct passwd *, int kex); |
131 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 171 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
132 | void ssh_gssapi_do_child(char ***, u_int *); | 172 | void ssh_gssapi_do_child(char ***, u_int *); |
133 | void ssh_gssapi_cleanup_creds(void); | 173 | void ssh_gssapi_cleanup_creds(void); |
134 | void ssh_gssapi_storecreds(void); | 174 | void ssh_gssapi_storecreds(void); |
135 | const char *ssh_gssapi_displayname(void); | 175 | const char *ssh_gssapi_displayname(void); |
136 | 176 | ||
177 | char *ssh_gssapi_server_mechanisms(void); | ||
178 | int ssh_gssapi_oid_table_ok(void); | ||
179 | |||
180 | int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); | ||
181 | void ssh_gssapi_rekey_creds(void); | ||
182 | |||
137 | #endif /* GSSAPI */ | 183 | #endif /* GSSAPI */ |
138 | 184 | ||
139 | #endif /* _SSH_GSS_H */ | 185 | #endif /* _SSH_GSS_H */ |