diff options
Diffstat (limited to 'ssh-gss.h')
| -rw-r--r-- | ssh-gss.h | 50 |
1 files changed, 46 insertions, 4 deletions
| @@ -1,6 +1,6 @@ | |||
| 1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -61,10 +61,30 @@ | |||
| 61 | 61 | ||
| 62 | #define SSH_GSS_OIDTYPE 0x06 | 62 | #define SSH_GSS_OIDTYPE 0x06 |
| 63 | 63 | ||
| 64 | #define SSH2_MSG_KEXGSS_INIT 30 | ||
| 65 | #define SSH2_MSG_KEXGSS_CONTINUE 31 | ||
| 66 | #define SSH2_MSG_KEXGSS_COMPLETE 32 | ||
| 67 | #define SSH2_MSG_KEXGSS_HOSTKEY 33 | ||
| 68 | #define SSH2_MSG_KEXGSS_ERROR 34 | ||
| 69 | #define SSH2_MSG_KEXGSS_GROUPREQ 40 | ||
| 70 | #define SSH2_MSG_KEXGSS_GROUP 41 | ||
| 71 | #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" | ||
| 72 | #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" | ||
| 73 | #define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-" | ||
| 74 | #define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-" | ||
| 75 | #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" | ||
| 76 | #define KEX_GSS_NISTP256_SHA256_ID "gss-nistp256-sha256-" | ||
| 77 | #define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" | ||
| 78 | |||
| 79 | #define GSS_KEX_DEFAULT_KEX \ | ||
| 80 | KEX_GSS_GEX_SHA1_ID "," \ | ||
| 81 | KEX_GSS_GRP14_SHA1_ID | ||
| 82 | |||
| 64 | typedef struct { | 83 | typedef struct { |
| 65 | char *filename; | 84 | char *filename; |
| 66 | char *envvar; | 85 | char *envvar; |
| 67 | char *envval; | 86 | char *envval; |
| 87 | struct passwd *owner; | ||
| 68 | void *data; | 88 | void *data; |
| 69 | } ssh_gssapi_ccache; | 89 | } ssh_gssapi_ccache; |
| 70 | 90 | ||
| @@ -72,8 +92,11 @@ typedef struct { | |||
| 72 | gss_buffer_desc displayname; | 92 | gss_buffer_desc displayname; |
| 73 | gss_buffer_desc exportedname; | 93 | gss_buffer_desc exportedname; |
| 74 | gss_cred_id_t creds; | 94 | gss_cred_id_t creds; |
| 95 | gss_name_t name; | ||
| 75 | struct ssh_gssapi_mech_struct *mech; | 96 | struct ssh_gssapi_mech_struct *mech; |
| 76 | ssh_gssapi_ccache store; | 97 | ssh_gssapi_ccache store; |
| 98 | int used; | ||
| 99 | int updated; | ||
| 77 | } ssh_gssapi_client; | 100 | } ssh_gssapi_client; |
| 78 | 101 | ||
| 79 | typedef struct ssh_gssapi_mech_struct { | 102 | typedef struct ssh_gssapi_mech_struct { |
| @@ -84,6 +107,7 @@ typedef struct ssh_gssapi_mech_struct { | |||
| 84 | int (*userok) (ssh_gssapi_client *, char *); | 107 | int (*userok) (ssh_gssapi_client *, char *); |
| 85 | int (*localname) (ssh_gssapi_client *, char **); | 108 | int (*localname) (ssh_gssapi_client *, char **); |
| 86 | void (*storecreds) (ssh_gssapi_client *); | 109 | void (*storecreds) (ssh_gssapi_client *); |
| 110 | int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); | ||
| 87 | } ssh_gssapi_mech; | 111 | } ssh_gssapi_mech; |
| 88 | 112 | ||
| 89 | typedef struct { | 113 | typedef struct { |
| @@ -94,10 +118,11 @@ typedef struct { | |||
| 94 | gss_OID oid; /* client */ | 118 | gss_OID oid; /* client */ |
| 95 | gss_cred_id_t creds; /* server */ | 119 | gss_cred_id_t creds; /* server */ |
| 96 | gss_name_t client; /* server */ | 120 | gss_name_t client; /* server */ |
| 97 | gss_cred_id_t client_creds; /* server */ | 121 | gss_cred_id_t client_creds; /* both */ |
| 98 | } Gssctxt; | 122 | } Gssctxt; |
| 99 | 123 | ||
| 100 | extern ssh_gssapi_mech *supported_mechs[]; | 124 | extern ssh_gssapi_mech *supported_mechs[]; |
| 125 | extern Gssctxt *gss_kex_context; | ||
| 101 | 126 | ||
| 102 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 127 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
| 103 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 128 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
| @@ -109,6 +134,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); | |||
| 109 | 134 | ||
| 110 | struct sshbuf; | 135 | struct sshbuf; |
| 111 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); | 136 | int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); |
| 137 | int ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *, gss_buffer_desc *); | ||
| 112 | 138 | ||
| 113 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); | 139 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); |
| 114 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, | 140 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, |
| @@ -123,17 +149,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **); | |||
| 123 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 149 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 124 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, | 150 | void ssh_gssapi_buildmic(struct sshbuf *, const char *, |
| 125 | const char *, const char *); | 151 | const char *, const char *); |
| 126 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 152 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); |
| 153 | OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); | ||
| 154 | int ssh_gssapi_credentials_updated(Gssctxt *); | ||
| 127 | 155 | ||
| 128 | /* In the server */ | 156 | /* In the server */ |
| 157 | typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, | ||
| 158 | const char *); | ||
| 159 | char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *); | ||
| 160 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, | ||
| 161 | const char *, const char *); | ||
| 162 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | ||
| 163 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, | ||
| 164 | const char *); | ||
| 129 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 165 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
| 130 | int ssh_gssapi_userok(char *name); | 166 | int ssh_gssapi_userok(char *name, struct passwd *, int kex); |
| 131 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 167 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 132 | void ssh_gssapi_do_child(char ***, u_int *); | 168 | void ssh_gssapi_do_child(char ***, u_int *); |
| 133 | void ssh_gssapi_cleanup_creds(void); | 169 | void ssh_gssapi_cleanup_creds(void); |
| 134 | void ssh_gssapi_storecreds(void); | 170 | void ssh_gssapi_storecreds(void); |
| 135 | const char *ssh_gssapi_displayname(void); | 171 | const char *ssh_gssapi_displayname(void); |
| 136 | 172 | ||
| 173 | char *ssh_gssapi_server_mechanisms(void); | ||
| 174 | int ssh_gssapi_oid_table_ok(void); | ||
| 175 | |||
| 176 | int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); | ||
| 177 | void ssh_gssapi_rekey_creds(void); | ||
| 178 | |||
| 137 | #endif /* GSSAPI */ | 179 | #endif /* GSSAPI */ |
| 138 | 180 | ||
| 139 | #endif /* _SSH_GSS_H */ | 181 | #endif /* _SSH_GSS_H */ |