1 files changed, 116 insertions, 3 deletions
diff --git a/sshd.c b/sshd.c
index 0a76f2d3a..dd873ef72 100644
--- a/sshd.c
+++ b/sshd.c
@@ -117,6 +117,10 @@
 #include "monitor_fdpass.h"
 #include "version.h"
+#ifdef USE_SECURITY_SESSION_API
+#include <Security/AuthSession.h>
+#endif
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
@@ -419,7 +423,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                major = PROTOCOL_MAJOR_1;
                minor = PROTOCOL_MINOR_1;
        }
-        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
+        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
        server_version_string = xstrdup(buf);
        /* Send our protocol version identification. */
@@ -1305,7 +1309,12 @@ main(int ac, char **av)
                        /* ignored */
                        break;
                case 'q':
-                        options.log_level = SYSLOG_LEVEL_QUIET;
+                        if (options.log_level == SYSLOG_LEVEL_QUIET) { 
+                                options.log_level = SYSLOG_LEVEL_SILENT; 
+                        } 
+                        else if (options.log_level != SYSLOG_LEVEL_SILENT) { 
+                                options.log_level = SYSLOG_LEVEL_QUIET; 
+                        } 
                        break;
                case 'b':
                        options.server_key_bits = (int)strtonum(optarg, 256,
@@ -1477,10 +1486,13 @@ main(int ac, char **av)
                logit("Disabling protocol version 1. Could not load host key");
                options.protocol &= ~SSH_PROTO_1;
        }
+#ifndef GSSAPI
+        /* The GSSAPI key exchange can run without a host key */
        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
                logit("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
+#endif
        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
@@ -1707,7 +1719,7 @@ main(int ac, char **av)
         * Register our connection.  This turns encryption off because we do
         * not have a key.
         */
-        packet_set_connection(sock_in, sock_out);
+        packet_set_connection(sock_in, sock_out, -1);
        packet_set_server();
        /* Set SO_KEEPALIVE if requested. */
@@ -1755,6 +1767,60 @@ main(int ac, char **av)
        /* Log the connection. */
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
+#ifdef USE_SECURITY_SESSION_API
+        /*
+         * Create a new security session for use by the new user login if
+         * the current session is the root session or we are not launched
+         * by inetd (eg: debugging mode or server mode).  We do not
+         * necessarily need to create a session if we are launched from
+         * inetd because Panther xinetd will create a session for us.
+         *
+         * The only case where this logic will fail is if there is an
+         * inetd running in a non-root session which is not creating
+         * new sessions for us.  Then all the users will end up in the
+         * same session (bad).
+         *
+         * When the client exits, the session will be destroyed for us
+         * automatically.
+         *
+         * We must create the session before any credentials are stored
+         * (including AFS pags, which happens a few lines below).
+         */
+        {
+                OSStatus err = 0;
+                SecuritySessionId sid = 0;
+                SessionAttributeBits sattrs = 0;
+                err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
+                if (err)
+                        error("SessionGetInfo() failed with error %.8X",
+                            (unsigned) err);
+                else
+                        debug("Current Session ID is %.8X / Session Attributes are %.8X",
+                            (unsigned) sid, (unsigned) sattrs);
+                if (inetd_flag && !(sattrs & sessionIsRoot))
+                        debug("Running in inetd mode in a non-root session... "
+                            "assuming inetd created the session for us.");
+                else {
+                        debug("Creating new security session...");
+                        err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
+                        if (err)
+                                error("SessionCreate() failed with error %.8X",
+                                    (unsigned) err);
+                        err = SessionGetInfo(callerSecuritySession, &sid, 
+                            &sattrs);
+                        if (err)
+                                error("SessionGetInfo() failed with error %.8X",
+                                    (unsigned) err);
+                        else
+                                debug("New Session ID is %.8X / Session Attributes are %.8X",
+                                    (unsigned) sid, (unsigned) sattrs);
+                }
+        }
+#endif
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2113,12 +2179,59 @@ do_ssh2_kex(void)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+#ifdef GSSAPI
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /* 
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig)
+                xasprintf(&newstr, "%s,%s", gss, orig);
+        else if (gss)
+                newstr = gss;
+        else if (orig)
+                newstr = orig;
+        /* 
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
        /* start key exchange */
        kex = kex_setup(myproposal);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef GSSAPI
+        kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+        kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+        kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+#endif
        kex->server = 1;
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;

diff --git a/sshd.c b/sshd.c index 0a76f2d3a..dd873ef72 100644 --- a/sshd.c +++ b/sshd.c
@@ -117,6 +117,10 @@
117	#include "monitor_fdpass.h"	117	#include "monitor_fdpass.h"
118	#include "version.h"	118	#include "version.h"
119		119
		120	#ifdef USE_SECURITY_SESSION_API
		121	#include <Security/AuthSession.h>
		122	#endif
		123
120	#ifdef LIBWRAP	124	#ifdef LIBWRAP
121	#include <tcpd.h>	125	#include <tcpd.h>
122	#include <syslog.h>	126	#include <syslog.h>
@@ -419,7 +423,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
419	major = PROTOCOL_MAJOR_1;	423	major = PROTOCOL_MAJOR_1;
420	minor = PROTOCOL_MINOR_1;	424	minor = PROTOCOL_MINOR_1;
421	}	425	}
422	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);	426	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
423	server_version_string = xstrdup(buf);	427	server_version_string = xstrdup(buf);
424		428
425	/* Send our protocol version identification. */	429	/* Send our protocol version identification. */
@@ -1305,7 +1309,12 @@ main(int ac, char **av)
1305	/* ignored */	1309	/* ignored */
1306	break;	1310	break;
1307	case 'q':	1311	case 'q':
1308	options.log_level = SYSLOG_LEVEL_QUIET;	1312	if (options.log_level == SYSLOG_LEVEL_QUIET) {
		1313	options.log_level = SYSLOG_LEVEL_SILENT;
		1314	}
		1315	else if (options.log_level != SYSLOG_LEVEL_SILENT) {
		1316	options.log_level = SYSLOG_LEVEL_QUIET;
		1317	}
1309	break;	1318	break;
1310	case 'b':	1319	case 'b':
1311	options.server_key_bits = (int)strtonum(optarg, 256,	1320	options.server_key_bits = (int)strtonum(optarg, 256,
@@ -1477,10 +1486,13 @@ main(int ac, char **av)
1477	logit("Disabling protocol version 1. Could not load host key");	1486	logit("Disabling protocol version 1. Could not load host key");
1478	options.protocol &= ~SSH_PROTO_1;	1487	options.protocol &= ~SSH_PROTO_1;
1479	}	1488	}
		1489	#ifndef GSSAPI
		1490	/* The GSSAPI key exchange can run without a host key */
1480	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {	1491	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1481	logit("Disabling protocol version 2. Could not load host key");	1492	logit("Disabling protocol version 2. Could not load host key");
1482	options.protocol &= ~SSH_PROTO_2;	1493	options.protocol &= ~SSH_PROTO_2;
1483	}	1494	}
		1495	#endif
1484	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {	1496	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
1485	logit("sshd: no hostkeys available -- exiting.");	1497	logit("sshd: no hostkeys available -- exiting.");
1486	exit(1);	1498	exit(1);
@@ -1707,7 +1719,7 @@ main(int ac, char **av)
1707	* Register our connection. This turns encryption off because we do	1719	* Register our connection. This turns encryption off because we do
1708	* not have a key.	1720	* not have a key.
1709	*/	1721	*/
1710	packet_set_connection(sock_in, sock_out);	1722	packet_set_connection(sock_in, sock_out, -1);
1711	packet_set_server();	1723	packet_set_server();
1712		1724
1713	/* Set SO_KEEPALIVE if requested. */	1725	/* Set SO_KEEPALIVE if requested. */
@@ -1755,6 +1767,60 @@ main(int ac, char **av)
1755	/* Log the connection. */	1767	/* Log the connection. */
1756	verbose("Connection from %.500s port %d", remote_ip, remote_port);	1768	verbose("Connection from %.500s port %d", remote_ip, remote_port);
1757		1769
		1770	#ifdef USE_SECURITY_SESSION_API
		1771	/*
		1772	* Create a new security session for use by the new user login if
		1773	* the current session is the root session or we are not launched
		1774	* by inetd (eg: debugging mode or server mode). We do not
		1775	* necessarily need to create a session if we are launched from
		1776	* inetd because Panther xinetd will create a session for us.
		1777	*
		1778	* The only case where this logic will fail is if there is an
		1779	* inetd running in a non-root session which is not creating
		1780	* new sessions for us. Then all the users will end up in the
		1781	* same session (bad).
		1782	*
		1783	* When the client exits, the session will be destroyed for us
		1784	* automatically.
		1785	*
		1786	* We must create the session before any credentials are stored
		1787	* (including AFS pags, which happens a few lines below).
		1788	*/
		1789	{
		1790	OSStatus err = 0;
		1791	SecuritySessionId sid = 0;
		1792	SessionAttributeBits sattrs = 0;
		1793
		1794	err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
		1795	if (err)
		1796	error("SessionGetInfo() failed with error %.8X",
		1797	(unsigned) err);
		1798	else
		1799	debug("Current Session ID is %.8X / Session Attributes are %.8X",
		1800	(unsigned) sid, (unsigned) sattrs);
		1801
		1802	if (inetd_flag && !(sattrs & sessionIsRoot))
		1803	debug("Running in inetd mode in a non-root session... "
		1804	"assuming inetd created the session for us.");
		1805	else {
		1806	debug("Creating new security session...");
		1807	err = SessionCreate(0, sessionHasTTY \| sessionIsRemote);
		1808	if (err)
		1809	error("SessionCreate() failed with error %.8X",
		1810	(unsigned) err);
		1811
		1812	err = SessionGetInfo(callerSecuritySession, &sid,
		1813	&sattrs);
		1814	if (err)
		1815	error("SessionGetInfo() failed with error %.8X",
		1816	(unsigned) err);
		1817	else
		1818	debug("New Session ID is %.8X / Session Attributes are %.8X",
		1819	(unsigned) sid, (unsigned) sattrs);
		1820	}
		1821	}
		1822	#endif
		1823
1758	/*	1824	/*
1759	* We don't want to listen forever unless the other side	1825	* We don't want to listen forever unless the other side
1760	* successfully authenticates itself. So we set up an alarm which is	1826	* successfully authenticates itself. So we set up an alarm which is
@@ -2113,12 +2179,59 @@ do_ssh2_kex(void)
2113		2179
2114	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();	2180	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2115		2181
		2182	#ifdef GSSAPI
		2183	{
		2184	char *orig;
		2185	char *gss = NULL;
		2186	char *newstr = NULL;
		2187	orig = myproposal[PROPOSAL_KEX_ALGS];
		2188
		2189	/*
		2190	* If we don't have a host key, then there's no point advertising
		2191	* the other key exchange algorithms
		2192	*/
		2193
		2194	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2195	orig = NULL;
		2196
		2197	if (options.gss_keyex)
		2198	gss = ssh_gssapi_server_mechanisms();
		2199	else
		2200	gss = NULL;
		2201
		2202	if (gss && orig)
		2203	xasprintf(&newstr, "%s,%s", gss, orig);
		2204	else if (gss)
		2205	newstr = gss;
		2206	else if (orig)
		2207	newstr = orig;
		2208
		2209	/*
		2210	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2211	* key alg, but we can't tell people about it unless its the only
		2212	* host key algorithm we support
		2213	*/
		2214	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2215	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2216
		2217	if (newstr)
		2218	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2219	else
		2220	fatal("No supported key exchange algorithms");
		2221	}
		2222	#endif
		2223
2116	/* start key exchange */	2224	/* start key exchange */
2117	kex = kex_setup(myproposal);	2225	kex = kex_setup(myproposal);
2118	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	2226	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2119	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	2227	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2120	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	2228	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2121	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	2229	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
		2230	#ifdef GSSAPI
		2231	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
		2232	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
		2233	kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
		2234	#endif
2122	kex->server = 1;	2235	kex->server = 1;
2123	kex->client_version_string=client_version_string;	2236	kex->client_version_string=client_version_string;
2124	kex->server_version_string=server_version_string;	2237	kex->server_version_string=server_version_string;