diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 110 |
1 files changed, 110 insertions, 0 deletions
@@ -121,6 +121,10 @@ | |||
121 | #include "ssh-sandbox.h" | 121 | #include "ssh-sandbox.h" |
122 | #include "version.h" | 122 | #include "version.h" |
123 | 123 | ||
124 | #ifdef USE_SECURITY_SESSION_API | ||
125 | #include <Security/AuthSession.h> | ||
126 | #endif | ||
127 | |||
124 | #ifdef LIBWRAP | 128 | #ifdef LIBWRAP |
125 | #include <tcpd.h> | 129 | #include <tcpd.h> |
126 | #include <syslog.h> | 130 | #include <syslog.h> |
@@ -1612,10 +1616,13 @@ main(int ac, char **av) | |||
1612 | logit("Disabling protocol version 1. Could not load host key"); | 1616 | logit("Disabling protocol version 1. Could not load host key"); |
1613 | options.protocol &= ~SSH_PROTO_1; | 1617 | options.protocol &= ~SSH_PROTO_1; |
1614 | } | 1618 | } |
1619 | #ifndef GSSAPI | ||
1620 | /* The GSSAPI key exchange can run without a host key */ | ||
1615 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { | 1621 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { |
1616 | logit("Disabling protocol version 2. Could not load host key"); | 1622 | logit("Disabling protocol version 2. Could not load host key"); |
1617 | options.protocol &= ~SSH_PROTO_2; | 1623 | options.protocol &= ~SSH_PROTO_2; |
1618 | } | 1624 | } |
1625 | #endif | ||
1619 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 1626 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
1620 | logit("sshd: no hostkeys available -- exiting."); | 1627 | logit("sshd: no hostkeys available -- exiting."); |
1621 | exit(1); | 1628 | exit(1); |
@@ -1944,6 +1951,60 @@ main(int ac, char **av) | |||
1944 | /* Log the connection. */ | 1951 | /* Log the connection. */ |
1945 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 1952 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
1946 | 1953 | ||
1954 | #ifdef USE_SECURITY_SESSION_API | ||
1955 | /* | ||
1956 | * Create a new security session for use by the new user login if | ||
1957 | * the current session is the root session or we are not launched | ||
1958 | * by inetd (eg: debugging mode or server mode). We do not | ||
1959 | * necessarily need to create a session if we are launched from | ||
1960 | * inetd because Panther xinetd will create a session for us. | ||
1961 | * | ||
1962 | * The only case where this logic will fail is if there is an | ||
1963 | * inetd running in a non-root session which is not creating | ||
1964 | * new sessions for us. Then all the users will end up in the | ||
1965 | * same session (bad). | ||
1966 | * | ||
1967 | * When the client exits, the session will be destroyed for us | ||
1968 | * automatically. | ||
1969 | * | ||
1970 | * We must create the session before any credentials are stored | ||
1971 | * (including AFS pags, which happens a few lines below). | ||
1972 | */ | ||
1973 | { | ||
1974 | OSStatus err = 0; | ||
1975 | SecuritySessionId sid = 0; | ||
1976 | SessionAttributeBits sattrs = 0; | ||
1977 | |||
1978 | err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); | ||
1979 | if (err) | ||
1980 | error("SessionGetInfo() failed with error %.8X", | ||
1981 | (unsigned) err); | ||
1982 | else | ||
1983 | debug("Current Session ID is %.8X / Session Attributes are %.8X", | ||
1984 | (unsigned) sid, (unsigned) sattrs); | ||
1985 | |||
1986 | if (inetd_flag && !(sattrs & sessionIsRoot)) | ||
1987 | debug("Running in inetd mode in a non-root session... " | ||
1988 | "assuming inetd created the session for us."); | ||
1989 | else { | ||
1990 | debug("Creating new security session..."); | ||
1991 | err = SessionCreate(0, sessionHasTTY | sessionIsRemote); | ||
1992 | if (err) | ||
1993 | error("SessionCreate() failed with error %.8X", | ||
1994 | (unsigned) err); | ||
1995 | |||
1996 | err = SessionGetInfo(callerSecuritySession, &sid, | ||
1997 | &sattrs); | ||
1998 | if (err) | ||
1999 | error("SessionGetInfo() failed with error %.8X", | ||
2000 | (unsigned) err); | ||
2001 | else | ||
2002 | debug("New Session ID is %.8X / Session Attributes are %.8X", | ||
2003 | (unsigned) sid, (unsigned) sattrs); | ||
2004 | } | ||
2005 | } | ||
2006 | #endif | ||
2007 | |||
1947 | /* | 2008 | /* |
1948 | * We don't want to listen forever unless the other side | 2009 | * We don't want to listen forever unless the other side |
1949 | * successfully authenticates itself. So we set up an alarm which is | 2010 | * successfully authenticates itself. So we set up an alarm which is |
@@ -2325,6 +2386,48 @@ do_ssh2_kex(void) | |||
2325 | 2386 | ||
2326 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2387 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2327 | 2388 | ||
2389 | #ifdef GSSAPI | ||
2390 | { | ||
2391 | char *orig; | ||
2392 | char *gss = NULL; | ||
2393 | char *newstr = NULL; | ||
2394 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
2395 | |||
2396 | /* | ||
2397 | * If we don't have a host key, then there's no point advertising | ||
2398 | * the other key exchange algorithms | ||
2399 | */ | ||
2400 | |||
2401 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
2402 | orig = NULL; | ||
2403 | |||
2404 | if (options.gss_keyex) | ||
2405 | gss = ssh_gssapi_server_mechanisms(); | ||
2406 | else | ||
2407 | gss = NULL; | ||
2408 | |||
2409 | if (gss && orig) | ||
2410 | xasprintf(&newstr, "%s,%s", gss, orig); | ||
2411 | else if (gss) | ||
2412 | newstr = gss; | ||
2413 | else if (orig) | ||
2414 | newstr = orig; | ||
2415 | |||
2416 | /* | ||
2417 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
2418 | * key alg, but we can't tell people about it unless its the only | ||
2419 | * host key algorithm we support | ||
2420 | */ | ||
2421 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
2422 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
2423 | |||
2424 | if (newstr) | ||
2425 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
2426 | else | ||
2427 | fatal("No supported key exchange algorithms"); | ||
2428 | } | ||
2429 | #endif | ||
2430 | |||
2328 | /* start key exchange */ | 2431 | /* start key exchange */ |
2329 | kex = kex_setup(myproposal); | 2432 | kex = kex_setup(myproposal); |
2330 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2433 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
@@ -2332,6 +2435,13 @@ do_ssh2_kex(void) | |||
2332 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2435 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2333 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2436 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
2334 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 2437 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
2438 | #ifdef GSSAPI | ||
2439 | if (options.gss_keyex) { | ||
2440 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | ||
2441 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
2442 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | ||
2443 | } | ||
2444 | #endif | ||
2335 | kex->server = 1; | 2445 | kex->server = 1; |
2336 | kex->client_version_string=client_version_string; | 2446 | kex->client_version_string=client_version_string; |
2337 | kex->server_version_string=server_version_string; | 2447 | kex->server_version_string=server_version_string; |