diff options
Diffstat (limited to 'ssh-gss.h')
| -rw-r--r-- | ssh-gss.h | 54 |
1 files changed, 50 insertions, 4 deletions
| @@ -1,6 +1,6 @@ | |||
| 1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -61,10 +61,34 @@ | |||
| 61 | 61 | ||
| 62 | #define SSH_GSS_OIDTYPE 0x06 | 62 | #define SSH_GSS_OIDTYPE 0x06 |
| 63 | 63 | ||
| 64 | #define SSH2_MSG_KEXGSS_INIT 30 | ||
| 65 | #define SSH2_MSG_KEXGSS_CONTINUE 31 | ||
| 66 | #define SSH2_MSG_KEXGSS_COMPLETE 32 | ||
| 67 | #define SSH2_MSG_KEXGSS_HOSTKEY 33 | ||
| 68 | #define SSH2_MSG_KEXGSS_ERROR 34 | ||
| 69 | #define SSH2_MSG_KEXGSS_GROUPREQ 40 | ||
| 70 | #define SSH2_MSG_KEXGSS_GROUP 41 | ||
| 71 | #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" | ||
| 72 | #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" | ||
| 73 | #define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-" | ||
| 74 | #define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-" | ||
| 75 | #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" | ||
| 76 | #define KEX_GSS_NISTP256_SHA256_ID "gss-nistp256-sha256-" | ||
| 77 | #define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" | ||
| 78 | |||
| 79 | #define GSS_KEX_DEFAULT_KEX \ | ||
| 80 | KEX_GSS_GRP14_SHA256_ID "," \ | ||
| 81 | KEX_GSS_GRP16_SHA512_ID "," \ | ||
| 82 | KEX_GSS_NISTP256_SHA256_ID "," \ | ||
| 83 | KEX_GSS_C25519_SHA256_ID "," \ | ||
| 84 | KEX_GSS_GRP14_SHA1_ID "," \ | ||
| 85 | KEX_GSS_GEX_SHA1_ID | ||
| 86 | |||
| 64 | typedef struct { | 87 | typedef struct { |
| 65 | char *filename; | 88 | char *filename; |
| 66 | char *envvar; | 89 | char *envvar; |
| 67 | char *envval; | 90 | char *envval; |
| 91 | struct passwd *owner; | ||
| 68 | void *data; | 92 | void *data; |
| 69 | } ssh_gssapi_ccache; | 93 | } ssh_gssapi_ccache; |
| 70 | 94 | ||
| @@ -72,8 +96,11 @@ typedef struct { | |||
| 72 | gss_buffer_desc displayname; | 96 | gss_buffer_desc displayname; |
| 73 | gss_buffer_desc exportedname; | 97 | gss_buffer_desc exportedname; |
| 74 | gss_cred_id_t creds; | 98 | gss_cred_id_t creds; |
| 99 | gss_name_t name; | ||
| 75 | struct ssh_gssapi_mech_struct *mech; | 100 | struct ssh_gssapi_mech_struct *mech; |
| 76 | ssh_gssapi_ccache store; | 101 | ssh_gssapi_ccache store; |
| 102 | int used; | ||
| 103 | int updated; | ||
| 77 | } ssh_gssapi_client; | 104 | } ssh_gssapi_client; |
| 78 | 105 | ||
| 79 | typedef struct ssh_gssapi_mech_struct { | 106 | typedef struct ssh_gssapi_mech_struct { |
| @@ -84,6 +111,7 @@ typedef struct ssh_gssapi_mech_struct { | |||
| 84 | int (*userok) (ssh_gssapi_client *, char *); | 111 | int (*userok) (ssh_gssapi_client *, char *); |
| 85 | int (*localname) (ssh_gssapi_client *, char **); | 112 | int (*localname) (ssh_gssapi_client *, char **); |
| 86 | void (*storecreds) (ssh_gssapi_client *); | 113 | void (*storecreds) (ssh_gssapi_client *); |
| 114 | int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); | ||
| 87 | } ssh_gssapi_mech; | 115 | } ssh_gssapi_mech; |
| 88 | 116 | ||
| 89 | typedef struct { | 117 | typedef struct { |
| @@ -94,10 +122,11 @@ typedef struct { | |||
| 94 | gss_OID oid; /* client */ | 122 | gss_OID oid; /* client */ |
| 95 | gss_cred_id_t creds; /* server */ | 123 | gss_cred_id_t creds; /* server */ |
| 96 | gss_name_t client; /* server */ | 124 | gss_name_t client; /* server */ |
| 97 | gss_cred_id_t client_creds; /* server */ | 125 | gss_cred_id_t client_creds; /* both */ |
| 98 | } Gssctxt; | 126 | } Gssctxt; |
| 99 | 127 | ||
| 100 | extern ssh_gssapi_mech *supported_mechs[]; | 128 | extern ssh_gssapi_mech *supported_mechs[]; |
| 129 | extern Gssctxt *gss_kex_context; | ||
| 101 | 130 | ||
| 102 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 131 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
| 103 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 132 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
| @@ -109,6 +138,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); | |||
| 109 | 138 | ||
| 110 | struct sshbuf; | 139 | struct sshbuf; |
| 111 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); | 140 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); |
| 141 | int ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *, gss_buffer_desc *); | ||
| 112 | 142 | ||
| 113 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); | 143 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); |
| 114 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, | 144 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, |
| @@ -123,17 +153,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **); | |||
| 123 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 153 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 124 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, | 154 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, |
| 125 | const char *, const char *); | 155 | const char *, const char *); |
| 126 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 156 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); |
| 157 | OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); | ||
| 158 | int ssh_gssapi_credentials_updated(Gssctxt *); | ||
| 127 | 159 | ||
| 128 | /* In the server */ | 160 | /* In the server */ |
| 161 | typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, | ||
| 162 | const char *); | ||
| 163 | char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *); | ||
| 164 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, | ||
| 165 | const char *, const char *); | ||
| 166 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | ||
| 167 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, | ||
| 168 | const char *); | ||
| 129 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 169 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
| 130 | int ssh_gssapi_userok(char *name); | 170 | int ssh_gssapi_userok(char *name, struct passwd *, int kex); |
| 131 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 171 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 132 | void ssh_gssapi_do_child(char ***, u_int *); | 172 | void ssh_gssapi_do_child(char ***, u_int *); |
| 133 | void ssh_gssapi_cleanup_creds(void); | 173 | void ssh_gssapi_cleanup_creds(void); |
| 134 | void ssh_gssapi_storecreds(void); | 174 | void ssh_gssapi_storecreds(void); |
| 135 | const char *ssh_gssapi_displayname(void); | 175 | const char *ssh_gssapi_displayname(void); |
| 136 | 176 | ||
| 177 | char *ssh_gssapi_server_mechanisms(void); | ||
| 178 | int ssh_gssapi_oid_table_ok(void); | ||
| 179 | |||
| 180 | int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); | ||
| 181 | void ssh_gssapi_rekey_creds(void); | ||
| 182 | |||
| 137 | #endif /* GSSAPI */ | 183 | #endif /* GSSAPI */ |
| 138 | 184 | ||
| 139 | #endif /* _SSH_GSS_H */ | 185 | #endif /* _SSH_GSS_H */ |