1 files changed, 118 insertions, 5 deletions
diff --git a/sshd.c b/sshd.c
index 92aa9bbd2..da0b26587 100644
--- a/sshd.c
+++ b/sshd.c
@@ -86,6 +86,10 @@ RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
+#ifdef USE_SECURITY_SESSION_API
+#include <Security/AuthSession.h>
+#endif
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
@@ -1117,10 +1121,13 @@ main(int ac, char **av)
                logit("Disabling protocol version 1. Could not load host key");
                options.protocol &= ~SSH_PROTO_1;
        }
+#ifndef GSSAPI
+        /* The GSSAPI key exchange can run without a host key */
        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
                logit("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
+#endif
        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
@@ -1663,6 +1670,62 @@ main(int ac, char **av)
        /* Log the connection. */
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
+#ifdef USE_SECURITY_SESSION_API
+        /*
+         * Create a new security session for use by the new user login if
+         * the current session is the root session or we are not launched
+         * by inetd (eg: debugging mode or server mode).  We do not
+         * necessarily need to create a session if we are launched from
+         * inetd because Panther xinetd will create a session for us.
+         *
+         * The only case where this logic will fail is if there is an
+         * inetd running in a non-root session which is not creating
+         * new sessions for us.  Then all the users will end up in the
+         * same session (bad).
+         *
+         * When the client exits, the session will be destroyed for us
+         * automatically.
+         *
+         * We must create the session before any credentials are stored
+         * (including AFS pags, which happens a few lines below).
+         */
+        {
+                OSStatus err = 0;
+                SecuritySessionId sid = 0;
+                SessionAttributeBits sattrs = 0;
+                err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
+                if (err)
+                        error("SessionGetInfo() failed with error %.8X",
+                            (unsigned) err);
+                else
+                        debug("Current Session ID is %.8X / Session Attributes a
+re %.8X",
+                            (unsigned) sid, (unsigned) sattrs);
+                if (inetd_flag && !(sattrs & sessionIsRoot))
+                        debug("Running in inetd mode in a non-root session... "
+                            "assuming inetd created the session for us.");
+                else {
+                        debug("Creating new security session...");
+                        err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
+                        if (err)
+                                error("SessionCreate() failed with error %.8X",
+                                    (unsigned) err);
+                        err = SessionGetInfo(callerSecuritySession, &sid, 
+                            &sattrs);
+                        if (err)
+                                error("SessionGetInfo() failed with error %.8X",
+                                    (unsigned) err);
+                        else
+                                debug("New Session ID is %.8X / Session Attribut
+es are %.8X",
+                                    (unsigned) sid, (unsigned) sattrs);
+                }
+        }
+#endif
        /*
         * We don\'t want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2006,13 +2069,63 @@ do_ssh2_kex(void)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
        /* start key exchange */
-        kex = kex_setup(myproposal);
+  
-        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+#ifdef GSSAPI
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /* 
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig) {
+                int len = strlen(orig) + strlen(gss) + 2;
+                newstr = xmalloc(len);
+                snprintf(newstr, len, "%s,%s", gss, orig);
+        } else if (gss) {
+                newstr = gss;
+        } else if (orig) {
+                newstr = orig;
+        }
+        /* 
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
+        /* start key exchange */
+        kex = kex_setup(myproposal);
+        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
-        kex->server = 1;
+#ifdef GSSAPI
-        kex->client_version_string=client_version_string;
+        kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-        kex->server_version_string=server_version_string;
+        kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+#endif
+        kex->server = 1;
+        kex->client_version_string=client_version_string;
+        kex->server_version_string=server_version_string;
        kex->load_host_key=&get_hostkey_by_type;
        kex->host_key_index=&get_hostkey_index;

diff --git a/sshd.c b/sshd.c index 92aa9bbd2..da0b26587 100644 --- a/sshd.c +++ b/sshd.c
@@ -86,6 +86,10 @@ RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
86	#include "monitor_wrap.h"	86	#include "monitor_wrap.h"
87	#include "monitor_fdpass.h"	87	#include "monitor_fdpass.h"
88		88
		89	#ifdef USE_SECURITY_SESSION_API
		90	#include <Security/AuthSession.h>
		91	#endif
		92
89	#ifdef LIBWRAP	93	#ifdef LIBWRAP
90	#include <tcpd.h>	94	#include <tcpd.h>
91	#include <syslog.h>	95	#include <syslog.h>
@@ -1117,10 +1121,13 @@ main(int ac, char **av)
1117	logit("Disabling protocol version 1. Could not load host key");	1121	logit("Disabling protocol version 1. Could not load host key");
1118	options.protocol &= ~SSH_PROTO_1;	1122	options.protocol &= ~SSH_PROTO_1;
1119	}	1123	}
		1124	#ifndef GSSAPI
		1125	/* The GSSAPI key exchange can run without a host key */
1120	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {	1126	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1121	logit("Disabling protocol version 2. Could not load host key");	1127	logit("Disabling protocol version 2. Could not load host key");
1122	options.protocol &= ~SSH_PROTO_2;	1128	options.protocol &= ~SSH_PROTO_2;
1123	}	1129	}
		1130	#endif
1124	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {	1131	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
1125	logit("sshd: no hostkeys available -- exiting.");	1132	logit("sshd: no hostkeys available -- exiting.");
1126	exit(1);	1133	exit(1);
@@ -1663,6 +1670,62 @@ main(int ac, char **av)
1663	/* Log the connection. */	1670	/* Log the connection. */
1664	verbose("Connection from %.500s port %d", remote_ip, remote_port);	1671	verbose("Connection from %.500s port %d", remote_ip, remote_port);
1665		1672
		1673	#ifdef USE_SECURITY_SESSION_API
		1674	/*
		1675	* Create a new security session for use by the new user login if
		1676	* the current session is the root session or we are not launched
		1677	* by inetd (eg: debugging mode or server mode). We do not
		1678	* necessarily need to create a session if we are launched from
		1679	* inetd because Panther xinetd will create a session for us.
		1680	*
		1681	* The only case where this logic will fail is if there is an
		1682	* inetd running in a non-root session which is not creating
		1683	* new sessions for us. Then all the users will end up in the
		1684	* same session (bad).
		1685	*
		1686	* When the client exits, the session will be destroyed for us
		1687	* automatically.
		1688	*
		1689	* We must create the session before any credentials are stored
		1690	* (including AFS pags, which happens a few lines below).
		1691	*/
		1692	{
		1693	OSStatus err = 0;
		1694	SecuritySessionId sid = 0;
		1695	SessionAttributeBits sattrs = 0;
		1696
		1697	err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
		1698	if (err)
		1699	error("SessionGetInfo() failed with error %.8X",
		1700	(unsigned) err);
		1701	else
		1702	debug("Current Session ID is %.8X / Session Attributes a
		1703	re %.8X",
		1704	(unsigned) sid, (unsigned) sattrs);
		1705
		1706	if (inetd_flag && !(sattrs & sessionIsRoot))
		1707	debug("Running in inetd mode in a non-root session... "
		1708	"assuming inetd created the session for us.");
		1709	else {
		1710	debug("Creating new security session...");
		1711	err = SessionCreate(0, sessionHasTTY \| sessionIsRemote);
		1712	if (err)
		1713	error("SessionCreate() failed with error %.8X",
		1714	(unsigned) err);
		1715
		1716	err = SessionGetInfo(callerSecuritySession, &sid,
		1717	&sattrs);
		1718	if (err)
		1719	error("SessionGetInfo() failed with error %.8X",
		1720	(unsigned) err);
		1721	else
		1722	debug("New Session ID is %.8X / Session Attribut
		1723	es are %.8X",
		1724	(unsigned) sid, (unsigned) sattrs);
		1725	}
		1726	}
		1727	#endif
		1728
1666	/*	1729	/*
1667	* We don\'t want to listen forever unless the other side	1730	* We don\'t want to listen forever unless the other side
1668	* successfully authenticates itself. So we set up an alarm which is	1731	* successfully authenticates itself. So we set up an alarm which is
@@ -2006,13 +2069,63 @@ do_ssh2_kex(void)
2006	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();	2069	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2007		2070
2008	/* start key exchange */	2071	/* start key exchange */
2009	kex = kex_setup(myproposal);	2072
2010	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	2073	#ifdef GSSAPI
		2074	{
		2075	char *orig;
		2076	char *gss = NULL;
		2077	char *newstr = NULL;
		2078	orig = myproposal[PROPOSAL_KEX_ALGS];
		2079
		2080	/*
		2081	* If we don't have a host key, then there's no point advertising
		2082	* the other key exchange algorithms
		2083	*/
		2084
		2085	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2086	orig = NULL;
		2087
		2088	if (options.gss_keyex)
		2089	gss = ssh_gssapi_server_mechanisms();
		2090	else
		2091	gss = NULL;
		2092
		2093	if (gss && orig) {
		2094	int len = strlen(orig) + strlen(gss) + 2;
		2095	newstr = xmalloc(len);
		2096	snprintf(newstr, len, "%s,%s", gss, orig);
		2097	} else if (gss) {
		2098	newstr = gss;
		2099	} else if (orig) {
		2100	newstr = orig;
		2101	}
		2102	/*
		2103	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2104	* key alg, but we can't tell people about it unless its the only
		2105	* host key algorithm we support
		2106	*/
		2107	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2108	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2109
		2110	if (newstr)
		2111	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2112	else
		2113	fatal("No supported key exchange algorithms");
		2114	}
		2115	#endif
		2116
		2117	/* start key exchange */
		2118	kex = kex_setup(myproposal);
		2119	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2011	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	2120	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2012	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	2121	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2013	kex->server = 1;	2122	#ifdef GSSAPI
2014	kex->client_version_string=client_version_string;	2123	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
2015	kex->server_version_string=server_version_string;	2124	kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
		2125	#endif
		2126	kex->server = 1;
		2127	kex->client_version_string=client_version_string;
		2128	kex->server_version_string=server_version_string;
2016	kex->load_host_key=&get_hostkey_by_type;	2129	kex->load_host_key=&get_hostkey_by_type;
2017	kex->host_key_index=&get_hostkey_index;	2130	kex->host_key_index=&get_hostkey_index;
2018		2131