summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c110
1 files changed, 110 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index ba26287ba..539a000fd 100644
--- a/sshd.c
+++ b/sshd.c
@@ -123,6 +123,10 @@
123#include "version.h" 123#include "version.h"
124#include "ssherr.h" 124#include "ssherr.h"
125 125
126#ifdef USE_SECURITY_SESSION_API
127#include <Security/AuthSession.h>
128#endif
129
126/* Re-exec fds */ 130/* Re-exec fds */
127#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 131#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
128#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 132#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -1810,10 +1814,13 @@ main(int ac, char **av)
1810 free(fp); 1814 free(fp);
1811 } 1815 }
1812 accumulate_host_timing_secret(cfg, NULL); 1816 accumulate_host_timing_secret(cfg, NULL);
1817#ifndef GSSAPI
1818 /* The GSSAPI key exchange can run without a host key */
1813 if (!sensitive_data.have_ssh2_key) { 1819 if (!sensitive_data.have_ssh2_key) {
1814 logit("sshd: no hostkeys available -- exiting."); 1820 logit("sshd: no hostkeys available -- exiting.");
1815 exit(1); 1821 exit(1);
1816 } 1822 }
1823#endif
1817 1824
1818 /* 1825 /*
1819 * Load certificates. They are stored in an array at identical 1826 * Load certificates. They are stored in an array at identical
@@ -2104,6 +2111,60 @@ main(int ac, char **av)
2104 rdomain == NULL ? "" : "\""); 2111 rdomain == NULL ? "" : "\"");
2105 free(laddr); 2112 free(laddr);
2106 2113
2114#ifdef USE_SECURITY_SESSION_API
2115 /*
2116 * Create a new security session for use by the new user login if
2117 * the current session is the root session or we are not launched
2118 * by inetd (eg: debugging mode or server mode). We do not
2119 * necessarily need to create a session if we are launched from
2120 * inetd because Panther xinetd will create a session for us.
2121 *
2122 * The only case where this logic will fail is if there is an
2123 * inetd running in a non-root session which is not creating
2124 * new sessions for us. Then all the users will end up in the
2125 * same session (bad).
2126 *
2127 * When the client exits, the session will be destroyed for us
2128 * automatically.
2129 *
2130 * We must create the session before any credentials are stored
2131 * (including AFS pags, which happens a few lines below).
2132 */
2133 {
2134 OSStatus err = 0;
2135 SecuritySessionId sid = 0;
2136 SessionAttributeBits sattrs = 0;
2137
2138 err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
2139 if (err)
2140 error("SessionGetInfo() failed with error %.8X",
2141 (unsigned) err);
2142 else
2143 debug("Current Session ID is %.8X / Session Attributes are %.8X",
2144 (unsigned) sid, (unsigned) sattrs);
2145
2146 if (inetd_flag && !(sattrs & sessionIsRoot))
2147 debug("Running in inetd mode in a non-root session... "
2148 "assuming inetd created the session for us.");
2149 else {
2150 debug("Creating new security session...");
2151 err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
2152 if (err)
2153 error("SessionCreate() failed with error %.8X",
2154 (unsigned) err);
2155
2156 err = SessionGetInfo(callerSecuritySession, &sid,
2157 &sattrs);
2158 if (err)
2159 error("SessionGetInfo() failed with error %.8X",
2160 (unsigned) err);
2161 else
2162 debug("New Session ID is %.8X / Session Attributes are %.8X",
2163 (unsigned) sid, (unsigned) sattrs);
2164 }
2165 }
2166#endif
2167
2107 /* 2168 /*
2108 * We don't want to listen forever unless the other side 2169 * We don't want to listen forever unless the other side
2109 * successfully authenticates itself. So we set up an alarm which is 2170 * successfully authenticates itself. So we set up an alarm which is
@@ -2287,6 +2348,48 @@ do_ssh2_kex(void)
2287 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 2348 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2288 list_hostkey_types()); 2349 list_hostkey_types());
2289 2350
2351#ifdef GSSAPI
2352 {
2353 char *orig;
2354 char *gss = NULL;
2355 char *newstr = NULL;
2356 orig = myproposal[PROPOSAL_KEX_ALGS];
2357
2358 /*
2359 * If we don't have a host key, then there's no point advertising
2360 * the other key exchange algorithms
2361 */
2362
2363 if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
2364 orig = NULL;
2365
2366 if (options.gss_keyex)
2367 gss = ssh_gssapi_server_mechanisms();
2368 else
2369 gss = NULL;
2370
2371 if (gss && orig)
2372 xasprintf(&newstr, "%s,%s", gss, orig);
2373 else if (gss)
2374 newstr = gss;
2375 else if (orig)
2376 newstr = orig;
2377
2378 /*
2379 * If we've got GSSAPI mechanisms, then we've got the 'null' host
2380 * key alg, but we can't tell people about it unless its the only
2381 * host key algorithm we support
2382 */
2383 if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
2384 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
2385
2386 if (newstr)
2387 myproposal[PROPOSAL_KEX_ALGS] = newstr;
2388 else
2389 fatal("No supported key exchange algorithms");
2390 }
2391#endif
2392
2290 /* start key exchange */ 2393 /* start key exchange */
2291 if ((r = kex_setup(active_state, myproposal)) != 0) 2394 if ((r = kex_setup(active_state, myproposal)) != 0)
2292 fatal("kex_setup: %s", ssh_err(r)); 2395 fatal("kex_setup: %s", ssh_err(r));
@@ -2304,6 +2407,13 @@ do_ssh2_kex(void)
2304# endif 2407# endif
2305#endif 2408#endif
2306 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 2409 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
2410#ifdef GSSAPI
2411 if (options.gss_keyex) {
2412 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
2413 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
2414 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
2415 }
2416#endif
2307 kex->server = 1; 2417 kex->server = 1;
2308 kex->client_version_string=client_version_string; 2418 kex->client_version_string=client_version_string;
2309 kex->server_version_string=server_version_string; 2419 kex->server_version_string=server_version_string;