1 files changed, 120 insertions, 4 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 775103185..e2ea82656 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
        struct kex *kex;
        int r;
+#ifdef GSSAPI
+        char *orig = NULL, *gss = NULL;
+        char *gss_host = NULL;
+#endif
        xxx_host = host;
        xxx_hostaddr = hostaddr;
+#ifdef GSSAPI
+        if (options.gss_keyex) {
+                /* Add the GSSAPI mechanisms currently supported on this 
+                 * client to the key exchange algorithm proposal */
+                orig = myproposal[PROPOSAL_KEX_ALGS];
+                if (options.gss_trust_dns)
+                        gss_host = (char *)get_canonical_hostname(1);
+                else
+                        gss_host = host;
+                gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
+                if (gss) {
+                        debug("Offering GSSAPI proposal: %s", gss);
+                        xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+                            "%s,%s", gss, orig);
+                }
+        }
+#endif
        myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
            options.kex_algorithms);
        myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -193,6 +218,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
                    order_hostkeyalgs(host, hostaddr, port));
        }
+#ifdef GSSAPI
+        /* If we've got GSSAPI algorithms, then we also support the
+         * 'null' hostkey, as a last resort */
+        if (options.gss_keyex && gss) {
+                orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+                xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 
+                    "%s,null", orig);
+                free(gss);
+        }
+#endif
        if (options.rekey_limit || options.rekey_interval)
                packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                    (time_t)options.rekey_interval);
@@ -211,10 +247,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 # endif
 #endif
        kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
+                kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
+                kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
+        }
+#endif
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;
        kex->verify_host_key=&verify_host_key_callback;
+#ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->gss_deleg_creds = options.gss_deleg_creds;
+                kex->gss_trust_dns = options.gss_trust_dns;
+                kex->gss_client = options.gss_client_identity;
+                if (options.gss_server_identity) {
+                        kex->gss_host = options.gss_server_identity;
+                } else {
+                        kex->gss_host = gss_host;
+        }
+        }
+#endif
        dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
        if (options.use_roaming && !kex->roaming) {
@@ -306,6 +362,7 @@ int	input_gssapi_token(int type, u_int32_t, void *);
 int     input_gssapi_hash(int type, u_int32_t, void *);
 int     input_gssapi_error(int, u_int32_t, void *);
 int     input_gssapi_errtok(int, u_int32_t, void *);
+int     userauth_gsskeyex(Authctxt *authctxt);
 #endif
 void    userauth(Authctxt *, char *);
@@ -321,6 +378,11 @@ static char *authmethods_get(void);
 Authmethod authmethods[] = {
 #ifdef GSSAPI
+        {"gssapi-keyex",
+                userauth_gsskeyex,
+                NULL,
+                &options.gss_authentication,
+                NULL},
        {"gssapi-with-mic",
                userauth_gssapi,
                NULL,
@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt)
        static u_int mech = 0;
        OM_uint32 min;
        int ok = 0;
+        const char *gss_host;
+        if (options.gss_server_identity)
+                gss_host = options.gss_server_identity;
+        else if (options.gss_trust_dns)
+                gss_host = get_canonical_hostname(1);
+        else
+                gss_host = authctxt->host;
        /* Try one GSSAPI method at a time, rather than sending them all at
         * once. */
        if (gss_supported == NULL)
-                gss_indicate_mechs(&min, &gss_supported);
+                if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
+                        gss_supported = NULL;
+                        return 0;
+                }
        /* Check to see if the mechanism is usable before we offer it */
        while (mech < gss_supported->count && !ok) {
                /* My DER encoding requires length<128 */
                if (gss_supported->elements[mech].length < 128 &&
                    ssh_gssapi_check_mechanism(&gssctxt, 
-                    &gss_supported->elements[mech], authctxt->host)) {
+                    &gss_supported->elements[mech], gss_host, 
+                    options.gss_client_identity)) {
                        ok = 1; /* Mechanism works */
                } else {
                        mech++;
@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        Gssctxt *gssctxt;
-        int oidlen;
+        u_int oidlen;
-        char *oidv;
+        u_char *oidv;
        if (authctxt == NULL)
                fatal("input_gssapi_response: no authentication context");
@@ -850,6 +924,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
        free(lang);
        return 0;
 }
+int
+userauth_gsskeyex(Authctxt *authctxt)
+{
+        Buffer b;
+        gss_buffer_desc gssbuf;
+        gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+        OM_uint32 ms;
+        static int attempt = 0;
+        if (attempt++ >= 1)
+                return (0);
+        if (gss_kex_context == NULL) {
+                debug("No valid Key exchange context"); 
+                return (0);
+        }
+        ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
+            "gssapi-keyex");
+        gssbuf.value = buffer_ptr(&b);
+        gssbuf.length = buffer_len(&b);
+        if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
+                buffer_free(&b);
+                return (0);
+        }
+        packet_start(SSH2_MSG_USERAUTH_REQUEST);
+        packet_put_cstring(authctxt->server_user);
+        packet_put_cstring(authctxt->service);
+        packet_put_cstring(authctxt->method->name);
+        packet_put_string(mic.value, mic.length);
+        packet_send();
+        buffer_free(&b);
+        gss_release_buffer(&ms, &mic);
+        return (1);
+}
 #endif /* GSSAPI */
 int

diff --git a/sshconnect2.c b/sshconnect2.c index 775103185..e2ea82656 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -160,9 +160,34 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
160	struct kex *kex;	160	struct kex *kex;
161	int r;	161	int r;
162		162
		163	#ifdef GSSAPI
		164	char orig = NULL, gss = NULL;
		165	char *gss_host = NULL;
		166	#endif
		167
163	xxx_host = host;	168	xxx_host = host;
164	xxx_hostaddr = hostaddr;	169	xxx_hostaddr = hostaddr;
165		170
		171	#ifdef GSSAPI
		172	if (options.gss_keyex) {
		173	/* Add the GSSAPI mechanisms currently supported on this
		174	* client to the key exchange algorithm proposal */
		175	orig = myproposal[PROPOSAL_KEX_ALGS];
		176
		177	if (options.gss_trust_dns)
		178	gss_host = (char *)get_canonical_hostname(1);
		179	else
		180	gss_host = host;
		181
		182	gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
		183	if (gss) {
		184	debug("Offering GSSAPI proposal: %s", gss);
		185	xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
		186	"%s,%s", gss, orig);
		187	}
		188	}
		189	#endif
		190
166	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(	191	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
167	options.kex_algorithms);	192	options.kex_algorithms);
168	myproposal[PROPOSAL_ENC_ALGS_CTOS] =	193	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -193,6 +218,17 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
193	order_hostkeyalgs(host, hostaddr, port));	218	order_hostkeyalgs(host, hostaddr, port));
194	}	219	}
195		220
		221	#ifdef GSSAPI
		222	/* If we've got GSSAPI algorithms, then we also support the
		223	* 'null' hostkey, as a last resort */
		224	if (options.gss_keyex && gss) {
		225	orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
		226	xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
		227	"%s,null", orig);
		228	free(gss);
		229	}
		230	#endif
		231
196	if (options.rekey_limit \|\| options.rekey_interval)	232	if (options.rekey_limit \|\| options.rekey_interval)
197	packet_set_rekey_limits((u_int32_t)options.rekey_limit,	233	packet_set_rekey_limits((u_int32_t)options.rekey_limit,
198	(time_t)options.rekey_interval);	234	(time_t)options.rekey_interval);
@@ -211,10 +247,30 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
211	# endif	247	# endif
212	#endif	248	#endif
213	kex->kex[KEX_C25519_SHA256] = kexc25519_client;	249	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
		250	#ifdef GSSAPI
		251	if (options.gss_keyex) {
		252	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
		253	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
		254	kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
		255	}
		256	#endif
214	kex->client_version_string=client_version_string;	257	kex->client_version_string=client_version_string;
215	kex->server_version_string=server_version_string;	258	kex->server_version_string=server_version_string;
216	kex->verify_host_key=&verify_host_key_callback;	259	kex->verify_host_key=&verify_host_key_callback;
217		260
		261	#ifdef GSSAPI
		262	if (options.gss_keyex) {
		263	kex->gss_deleg_creds = options.gss_deleg_creds;
		264	kex->gss_trust_dns = options.gss_trust_dns;
		265	kex->gss_client = options.gss_client_identity;
		266	if (options.gss_server_identity) {
		267	kex->gss_host = options.gss_server_identity;
		268	} else {
		269	kex->gss_host = gss_host;
		270	}
		271	}
		272	#endif
		273
218	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);	274	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
219		275
220	if (options.use_roaming && !kex->roaming) {	276	if (options.use_roaming && !kex->roaming) {
@@ -306,6 +362,7 @@ int input_gssapi_token(int type, u_int32_t, void *);
306	int input_gssapi_hash(int type, u_int32_t, void *);	362	int input_gssapi_hash(int type, u_int32_t, void *);
307	int input_gssapi_error(int, u_int32_t, void *);	363	int input_gssapi_error(int, u_int32_t, void *);
308	int input_gssapi_errtok(int, u_int32_t, void *);	364	int input_gssapi_errtok(int, u_int32_t, void *);
		365	int userauth_gsskeyex(Authctxt *authctxt);
309	#endif	366	#endif
310		367
311	void userauth(Authctxt , char );	368	void userauth(Authctxt , char );
@@ -321,6 +378,11 @@ static char *authmethods_get(void);
321		378
322	Authmethod authmethods[] = {	379	Authmethod authmethods[] = {
323	#ifdef GSSAPI	380	#ifdef GSSAPI
		381	{"gssapi-keyex",
		382	userauth_gsskeyex,
		383	NULL,
		384	&options.gss_authentication,
		385	NULL},
324	{"gssapi-with-mic",	386	{"gssapi-with-mic",
325	userauth_gssapi,	387	userauth_gssapi,
326	NULL,	388	NULL,
@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt)
627	static u_int mech = 0;	689	static u_int mech = 0;
628	OM_uint32 min;	690	OM_uint32 min;
629	int ok = 0;	691	int ok = 0;
		692	const char *gss_host;
		693
		694	if (options.gss_server_identity)
		695	gss_host = options.gss_server_identity;
		696	else if (options.gss_trust_dns)
		697	gss_host = get_canonical_hostname(1);
		698	else
		699	gss_host = authctxt->host;
630		700
631	/* Try one GSSAPI method at a time, rather than sending them all at	701	/* Try one GSSAPI method at a time, rather than sending them all at
632	* once. */	702	* once. */
633		703
634	if (gss_supported == NULL)	704	if (gss_supported == NULL)
635	gss_indicate_mechs(&min, &gss_supported);	705	if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
		706	gss_supported = NULL;
		707	return 0;
		708	}
636		709
637	/* Check to see if the mechanism is usable before we offer it */	710	/* Check to see if the mechanism is usable before we offer it */
638	while (mech < gss_supported->count && !ok) {	711	while (mech < gss_supported->count && !ok) {
639	/* My DER encoding requires length<128 */	712	/* My DER encoding requires length<128 */
640	if (gss_supported->elements[mech].length < 128 &&	713	if (gss_supported->elements[mech].length < 128 &&
641	ssh_gssapi_check_mechanism(&gssctxt,	714	ssh_gssapi_check_mechanism(&gssctxt,
642	&gss_supported->elements[mech], authctxt->host)) {	715	&gss_supported->elements[mech], gss_host,
		716	options.gss_client_identity)) {
643	ok = 1; /* Mechanism works */	717	ok = 1; /* Mechanism works */
644	} else {	718	} else {
645	mech++;	719	mech++;
@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
736	{	810	{
737	Authctxt *authctxt = ctxt;	811	Authctxt *authctxt = ctxt;
738	Gssctxt *gssctxt;	812	Gssctxt *gssctxt;
739	int oidlen;	813	u_int oidlen;
740	char *oidv;	814	u_char *oidv;
741		815
742	if (authctxt == NULL)	816	if (authctxt == NULL)
743	fatal("input_gssapi_response: no authentication context");	817	fatal("input_gssapi_response: no authentication context");
@@ -850,6 +924,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
850	free(lang);	924	free(lang);
851	return 0;	925	return 0;
852	}	926	}
		927
		928	int
		929	userauth_gsskeyex(Authctxt *authctxt)
		930	{
		931	Buffer b;
		932	gss_buffer_desc gssbuf;
		933	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
		934	OM_uint32 ms;
		935
		936	static int attempt = 0;
		937	if (attempt++ >= 1)
		938	return (0);
		939
		940	if (gss_kex_context == NULL) {
		941	debug("No valid Key exchange context");
		942	return (0);
		943	}
		944
		945	ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
		946	"gssapi-keyex");
		947
		948	gssbuf.value = buffer_ptr(&b);
		949	gssbuf.length = buffer_len(&b);
		950
		951	if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
		952	buffer_free(&b);
		953	return (0);
		954	}
		955
		956	packet_start(SSH2_MSG_USERAUTH_REQUEST);
		957	packet_put_cstring(authctxt->server_user);
		958	packet_put_cstring(authctxt->service);
		959	packet_put_cstring(authctxt->method->name);
		960	packet_put_string(mic.value, mic.length);
		961	packet_send();
		962
		963	buffer_free(&b);
		964	gss_release_buffer(&ms, &mic);
		965
		966	return (1);
		967	}
		968
853	#endif /* GSSAPI */	969	#endif /* GSSAPI */
854		970
855	int	971	int