1 files changed, 110 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index a7d3ee5c4..06a2e1e5c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -120,6 +120,10 @@
 #include "roaming.h"
 #include "version.h"
+#ifdef USE_SECURITY_SESSION_API
+#include <Security/AuthSession.h>
+#endif
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
@@ -1586,10 +1590,13 @@ main(int ac, char **av)
                logit("Disabling protocol version 1. Could not load host key");
                options.protocol &= ~SSH_PROTO_1;
        }
+#ifndef GSSAPI
+        /* The GSSAPI key exchange can run without a host key */
        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
                logit("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
+#endif
        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
@@ -1918,6 +1925,60 @@ main(int ac, char **av)
        /* Log the connection. */
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
+#ifdef USE_SECURITY_SESSION_API
+        /*
+         * Create a new security session for use by the new user login if
+         * the current session is the root session or we are not launched
+         * by inetd (eg: debugging mode or server mode).  We do not
+         * necessarily need to create a session if we are launched from
+         * inetd because Panther xinetd will create a session for us.
+         *
+         * The only case where this logic will fail is if there is an
+         * inetd running in a non-root session which is not creating
+         * new sessions for us.  Then all the users will end up in the
+         * same session (bad).
+         *
+         * When the client exits, the session will be destroyed for us
+         * automatically.
+         *
+         * We must create the session before any credentials are stored
+         * (including AFS pags, which happens a few lines below).
+         */
+        {
+                OSStatus err = 0;
+                SecuritySessionId sid = 0;
+                SessionAttributeBits sattrs = 0;
+                err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
+                if (err)
+                        error("SessionGetInfo() failed with error %.8X",
+                            (unsigned) err);
+                else
+                        debug("Current Session ID is %.8X / Session Attributes are %.8X",
+                            (unsigned) sid, (unsigned) sattrs);
+                if (inetd_flag && !(sattrs & sessionIsRoot))
+                        debug("Running in inetd mode in a non-root session... "
+                            "assuming inetd created the session for us.");
+                else {
+                        debug("Creating new security session...");
+                        err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
+                        if (err)
+                                error("SessionCreate() failed with error %.8X",
+                                    (unsigned) err);
+                        err = SessionGetInfo(callerSecuritySession, &sid, 
+                            &sattrs);
+                        if (err)
+                                error("SessionGetInfo() failed with error %.8X",
+                                    (unsigned) err);
+                        else
+                                debug("New Session ID is %.8X / Session Attributes are %.8X",
+                                    (unsigned) sid, (unsigned) sattrs);
+                }
+        }
+#endif
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2296,12 +2357,61 @@ do_ssh2_kex(void)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+#ifdef GSSAPI
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /* 
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig)
+                xasprintf(&newstr, "%s,%s", gss, orig);
+        else if (gss)
+                newstr = gss;
+        else if (orig)
+                newstr = orig;
+        /* 
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
        /* start key exchange */
        kex = kex_setup(myproposal);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+        }
+#endif
        kex->server = 1;
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;

diff --git a/sshd.c b/sshd.c index a7d3ee5c4..06a2e1e5c 100644 --- a/sshd.c +++ b/sshd.c
@@ -120,6 +120,10 @@
120	#include "roaming.h"	120	#include "roaming.h"
121	#include "version.h"	121	#include "version.h"
122		122
		123	#ifdef USE_SECURITY_SESSION_API
		124	#include <Security/AuthSession.h>
		125	#endif
		126
123	#ifdef LIBWRAP	127	#ifdef LIBWRAP
124	#include <tcpd.h>	128	#include <tcpd.h>
125	#include <syslog.h>	129	#include <syslog.h>
@@ -1586,10 +1590,13 @@ main(int ac, char **av)
1586	logit("Disabling protocol version 1. Could not load host key");	1590	logit("Disabling protocol version 1. Could not load host key");
1587	options.protocol &= ~SSH_PROTO_1;	1591	options.protocol &= ~SSH_PROTO_1;
1588	}	1592	}
		1593	#ifndef GSSAPI
		1594	/* The GSSAPI key exchange can run without a host key */
1589	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {	1595	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1590	logit("Disabling protocol version 2. Could not load host key");	1596	logit("Disabling protocol version 2. Could not load host key");
1591	options.protocol &= ~SSH_PROTO_2;	1597	options.protocol &= ~SSH_PROTO_2;
1592	}	1598	}
		1599	#endif
1593	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {	1600	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
1594	logit("sshd: no hostkeys available -- exiting.");	1601	logit("sshd: no hostkeys available -- exiting.");
1595	exit(1);	1602	exit(1);
@@ -1918,6 +1925,60 @@ main(int ac, char **av)
1918	/* Log the connection. */	1925	/* Log the connection. */
1919	verbose("Connection from %.500s port %d", remote_ip, remote_port);	1926	verbose("Connection from %.500s port %d", remote_ip, remote_port);
1920		1927
		1928	#ifdef USE_SECURITY_SESSION_API
		1929	/*
		1930	* Create a new security session for use by the new user login if
		1931	* the current session is the root session or we are not launched
		1932	* by inetd (eg: debugging mode or server mode). We do not
		1933	* necessarily need to create a session if we are launched from
		1934	* inetd because Panther xinetd will create a session for us.
		1935	*
		1936	* The only case where this logic will fail is if there is an
		1937	* inetd running in a non-root session which is not creating
		1938	* new sessions for us. Then all the users will end up in the
		1939	* same session (bad).
		1940	*
		1941	* When the client exits, the session will be destroyed for us
		1942	* automatically.
		1943	*
		1944	* We must create the session before any credentials are stored
		1945	* (including AFS pags, which happens a few lines below).
		1946	*/
		1947	{
		1948	OSStatus err = 0;
		1949	SecuritySessionId sid = 0;
		1950	SessionAttributeBits sattrs = 0;
		1951
		1952	err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
		1953	if (err)
		1954	error("SessionGetInfo() failed with error %.8X",
		1955	(unsigned) err);
		1956	else
		1957	debug("Current Session ID is %.8X / Session Attributes are %.8X",
		1958	(unsigned) sid, (unsigned) sattrs);
		1959
		1960	if (inetd_flag && !(sattrs & sessionIsRoot))
		1961	debug("Running in inetd mode in a non-root session... "
		1962	"assuming inetd created the session for us.");
		1963	else {
		1964	debug("Creating new security session...");
		1965	err = SessionCreate(0, sessionHasTTY \| sessionIsRemote);
		1966	if (err)
		1967	error("SessionCreate() failed with error %.8X",
		1968	(unsigned) err);
		1969
		1970	err = SessionGetInfo(callerSecuritySession, &sid,
		1971	&sattrs);
		1972	if (err)
		1973	error("SessionGetInfo() failed with error %.8X",
		1974	(unsigned) err);
		1975	else
		1976	debug("New Session ID is %.8X / Session Attributes are %.8X",
		1977	(unsigned) sid, (unsigned) sattrs);
		1978	}
		1979	}
		1980	#endif
		1981
1921	/*	1982	/*
1922	* We don't want to listen forever unless the other side	1983	* We don't want to listen forever unless the other side
1923	* successfully authenticates itself. So we set up an alarm which is	1984	* successfully authenticates itself. So we set up an alarm which is
@@ -2296,12 +2357,61 @@ do_ssh2_kex(void)
2296		2357
2297	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();	2358	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2298		2359
		2360	#ifdef GSSAPI
		2361	{
		2362	char *orig;
		2363	char *gss = NULL;
		2364	char *newstr = NULL;
		2365	orig = myproposal[PROPOSAL_KEX_ALGS];
		2366
		2367	/*
		2368	* If we don't have a host key, then there's no point advertising
		2369	* the other key exchange algorithms
		2370	*/
		2371
		2372	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2373	orig = NULL;
		2374
		2375	if (options.gss_keyex)
		2376	gss = ssh_gssapi_server_mechanisms();
		2377	else
		2378	gss = NULL;
		2379
		2380	if (gss && orig)
		2381	xasprintf(&newstr, "%s,%s", gss, orig);
		2382	else if (gss)
		2383	newstr = gss;
		2384	else if (orig)
		2385	newstr = orig;
		2386
		2387	/*
		2388	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2389	* key alg, but we can't tell people about it unless its the only
		2390	* host key algorithm we support
		2391	*/
		2392	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2393	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2394
		2395	if (newstr)
		2396	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2397	else
		2398	fatal("No supported key exchange algorithms");
		2399	}
		2400	#endif
		2401
2299	/* start key exchange */	2402	/* start key exchange */
2300	kex = kex_setup(myproposal);	2403	kex = kex_setup(myproposal);
2301	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	2404	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2302	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	2405	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2303	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	2406	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2304	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	2407	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
		2408	#ifdef GSSAPI
		2409	if (options.gss_keyex) {
		2410	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
		2411	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
		2412	kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
		2413	}
		2414	#endif
2305	kex->server = 1;	2415	kex->server = 1;
2306	kex->client_version_string=client_version_string;	2416	kex->client_version_string=client_version_string;
2307	kex->server_version_string=server_version_string;	2417	kex->server_version_string=server_version_string;