diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 121 |
1 files changed, 116 insertions, 5 deletions
@@ -86,6 +86,10 @@ RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $"); | |||
86 | #include "monitor_wrap.h" | 86 | #include "monitor_wrap.h" |
87 | #include "monitor_fdpass.h" | 87 | #include "monitor_fdpass.h" |
88 | 88 | ||
89 | #ifdef USE_SECURITY_SESSION_API | ||
90 | #include <Security/AuthSession.h> | ||
91 | #endif | ||
92 | |||
89 | #ifdef LIBWRAP | 93 | #ifdef LIBWRAP |
90 | #include <tcpd.h> | 94 | #include <tcpd.h> |
91 | #include <syslog.h> | 95 | #include <syslog.h> |
@@ -1123,10 +1127,13 @@ main(int ac, char **av) | |||
1123 | logit("Disabling protocol version 1. Could not load host key"); | 1127 | logit("Disabling protocol version 1. Could not load host key"); |
1124 | options.protocol &= ~SSH_PROTO_1; | 1128 | options.protocol &= ~SSH_PROTO_1; |
1125 | } | 1129 | } |
1130 | #ifndef GSSAPI | ||
1131 | /* The GSSAPI key exchange can run without a host key */ | ||
1126 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { | 1132 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { |
1127 | logit("Disabling protocol version 2. Could not load host key"); | 1133 | logit("Disabling protocol version 2. Could not load host key"); |
1128 | options.protocol &= ~SSH_PROTO_2; | 1134 | options.protocol &= ~SSH_PROTO_2; |
1129 | } | 1135 | } |
1136 | #endif | ||
1130 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 1137 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
1131 | logit("sshd: no hostkeys available -- exiting."); | 1138 | logit("sshd: no hostkeys available -- exiting."); |
1132 | exit(1); | 1139 | exit(1); |
@@ -1674,6 +1681,60 @@ main(int ac, char **av) | |||
1674 | /* Log the connection. */ | 1681 | /* Log the connection. */ |
1675 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 1682 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
1676 | 1683 | ||
1684 | #ifdef USE_SECURITY_SESSION_API | ||
1685 | /* | ||
1686 | * Create a new security session for use by the new user login if | ||
1687 | * the current session is the root session or we are not launched | ||
1688 | * by inetd (eg: debugging mode or server mode). We do not | ||
1689 | * necessarily need to create a session if we are launched from | ||
1690 | * inetd because Panther xinetd will create a session for us. | ||
1691 | * | ||
1692 | * The only case where this logic will fail is if there is an | ||
1693 | * inetd running in a non-root session which is not creating | ||
1694 | * new sessions for us. Then all the users will end up in the | ||
1695 | * same session (bad). | ||
1696 | * | ||
1697 | * When the client exits, the session will be destroyed for us | ||
1698 | * automatically. | ||
1699 | * | ||
1700 | * We must create the session before any credentials are stored | ||
1701 | * (including AFS pags, which happens a few lines below). | ||
1702 | */ | ||
1703 | { | ||
1704 | OSStatus err = 0; | ||
1705 | SecuritySessionId sid = 0; | ||
1706 | SessionAttributeBits sattrs = 0; | ||
1707 | |||
1708 | err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); | ||
1709 | if (err) | ||
1710 | error("SessionGetInfo() failed with error %.8X", | ||
1711 | (unsigned) err); | ||
1712 | else | ||
1713 | debug("Current Session ID is %.8X / Session Attributes are %.8X", | ||
1714 | (unsigned) sid, (unsigned) sattrs); | ||
1715 | |||
1716 | if (inetd_flag && !(sattrs & sessionIsRoot)) | ||
1717 | debug("Running in inetd mode in a non-root session... " | ||
1718 | "assuming inetd created the session for us."); | ||
1719 | else { | ||
1720 | debug("Creating new security session..."); | ||
1721 | err = SessionCreate(0, sessionHasTTY | sessionIsRemote); | ||
1722 | if (err) | ||
1723 | error("SessionCreate() failed with error %.8X", | ||
1724 | (unsigned) err); | ||
1725 | |||
1726 | err = SessionGetInfo(callerSecuritySession, &sid, | ||
1727 | &sattrs); | ||
1728 | if (err) | ||
1729 | error("SessionGetInfo() failed with error %.8X", | ||
1730 | (unsigned) err); | ||
1731 | else | ||
1732 | debug("New Session ID is %.8X / Session Attributes are %.8X", | ||
1733 | (unsigned) sid, (unsigned) sattrs); | ||
1734 | } | ||
1735 | } | ||
1736 | #endif | ||
1737 | |||
1677 | /* | 1738 | /* |
1678 | * We don't want to listen forever unless the other side | 1739 | * We don't want to listen forever unless the other side |
1679 | * successfully authenticates itself. So we set up an alarm which is | 1740 | * successfully authenticates itself. So we set up an alarm which is |
@@ -2028,13 +2089,63 @@ do_ssh2_kex(void) | |||
2028 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2089 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2029 | 2090 | ||
2030 | /* start key exchange */ | 2091 | /* start key exchange */ |
2031 | kex = kex_setup(myproposal); | 2092 | |
2032 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2093 | #ifdef GSSAPI |
2094 | { | ||
2095 | char *orig; | ||
2096 | char *gss = NULL; | ||
2097 | char *newstr = NULL; | ||
2098 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
2099 | |||
2100 | /* | ||
2101 | * If we don't have a host key, then there's no point advertising | ||
2102 | * the other key exchange algorithms | ||
2103 | */ | ||
2104 | |||
2105 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
2106 | orig = NULL; | ||
2107 | |||
2108 | if (options.gss_keyex) | ||
2109 | gss = ssh_gssapi_server_mechanisms(); | ||
2110 | else | ||
2111 | gss = NULL; | ||
2112 | |||
2113 | if (gss && orig) { | ||
2114 | int len = strlen(orig) + strlen(gss) + 2; | ||
2115 | newstr = xmalloc(len); | ||
2116 | snprintf(newstr, len, "%s,%s", gss, orig); | ||
2117 | } else if (gss) { | ||
2118 | newstr = gss; | ||
2119 | } else if (orig) { | ||
2120 | newstr = orig; | ||
2121 | } | ||
2122 | /* | ||
2123 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
2124 | * key alg, but we can't tell people about it unless its the only | ||
2125 | * host key algorithm we support | ||
2126 | */ | ||
2127 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
2128 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
2129 | |||
2130 | if (newstr) | ||
2131 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
2132 | else | ||
2133 | fatal("No supported key exchange algorithms"); | ||
2134 | } | ||
2135 | #endif | ||
2136 | |||
2137 | /* start key exchange */ | ||
2138 | kex = kex_setup(myproposal); | ||
2139 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | ||
2033 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2140 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
2034 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2141 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2035 | kex->server = 1; | 2142 | #ifdef GSSAPI |
2036 | kex->client_version_string=client_version_string; | 2143 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
2037 | kex->server_version_string=server_version_string; | 2144 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; |
2145 | #endif | ||
2146 | kex->server = 1; | ||
2147 | kex->client_version_string=client_version_string; | ||
2148 | kex->server_version_string=server_version_string; | ||
2038 | kex->load_host_key=&get_hostkey_by_type; | 2149 | kex->load_host_key=&get_hostkey_by_type; |
2039 | kex->host_key_index=&get_hostkey_index; | 2150 | kex->host_key_index=&get_hostkey_index; |
2040 | 2151 | ||