[gssapi-openssh.git] / openssh / gss-genr.c

/*
 * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved. *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#ifdef GSSAPI

#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "compat.h"
#include <openssl/evp.h>
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "compat.h"
#include "monitor_wrap.h"
#include "canohost.h"

#include <netdb.h>

#include "ssh-gss.h"

/* Assorted globals for tracking the clients identity once they've
 * authenticated */
 
gss_buffer_desc gssapi_client_name = {0,NULL}; /* Name of our client */
gss_cred_id_t   gssapi_client_creds = GSS_C_NO_CREDENTIAL; /* Their credentials */
enum ssh_gss_id gssapi_client_type = GSS_LAST_ENTRY;

unsigned char ssh1_key_digest[16]; /* used for ssh1 gssapi */

/* The mechanism name used in the list below is defined in the internet
 * draft as the Base 64 encoding of the MD5 hash of the ASN.1 DER encoding 
 * of the underlying GSSAPI mechanism's OID.
 *
 * Also from the draft, before considering adding SPNEGO, bear in mind that
 * "mechanisms ... MUST NOT use SPNEGO as the underlying GSSAPI mechanism"
 */

/* These must be in the same order as ssh_gss_id, in ssh-gss.h */

ssh_gssapi_mech supported_mechs[]= {
#ifdef KRB5
 /* Official OID - 1.2.850.113554.1.2.2 */
 {"Se3H81ismmOC3OE+FwYCiQ==","Kerberos",
 	{9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}},
#endif
#ifdef GSI
 /* gssapi_ssleay 1.3.6.1.4.1.3536.1.1 */
 {"N3+k7/4wGxHyuP8Yxi4RhA==",
  "GSI",
  {9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"}
 },
#endif /* GSI */
 {NULL,NULL,{0,0}}
};

char gssprefix[]=KEX_GSS_SHA1;

/* Return a list of the gss-group1-sha1-x mechanisms supported by this
 * program.
 *
 * We only support the mechanisms that we've indicated in the list above,
 * but we check that they're supported by the GSSAPI mechanism on the 
 * machine. We also check, before including them in the list, that
 * we have the necesary information in order to carry out the key exchange
 * (that is, that the user has credentials, the server's creds are accessible,
 * etc)
 *
 * The way that this is done is fairly nasty, as we do a lot of work that
 * is then thrown away. This should possibly be implemented with a cache
 * that stores the results (in an expanded Gssctxt structure), which are
 * then used by the first calls if that key exchange mechanism is chosen.
 */
 
char * 
ssh_gssapi_mechanisms(int server,char *host) {
	gss_OID_set 	supported;
	OM_uint32	maj_status, min_status;
	Buffer		buf;
	int 		i = 0;
	int		present;
	int		mech_count=0;
	char *		mechs;
	Gssctxt *	ctx = NULL;	

	if (datafellows & SSH_OLD_GSSAPI) return NULL;
	
	PRIVSEP(gss_indicate_mechs(&min_status, &supported));
	
	buffer_init(&buf);	

	do {
		if ((maj_status=gss_test_oid_set_member(&min_status,
						   	&supported_mechs[i].oid,
						   	supported,
						   	&present))) {
			present=0;
		}
		if (present) {
		    	if ((server && 
		    	     !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx,
		    	  			            &supported_mechs[i].oid)))) 
		    	    || (!server &&
		    	        !GSS_ERROR(ssh_gssapi_client_ctx(&ctx,
		    	 			       &supported_mechs[i].oid,
		    	 			       host)))) {
				/* Append gss_group1_sha1_x to our list */
				if (++mech_count > 1) {
				    buffer_append(&buf, ",", 1);
				}
				buffer_append(&buf, gssprefix,
					      strlen(gssprefix));
		        	buffer_append(&buf, 
		        		      supported_mechs[i].enc_name,
	        	      		      strlen(supported_mechs[i].enc_name));
				debug("GSSAPI mechanism %s (%s%s) supported",
				      supported_mechs[i].name, gssprefix,
				      supported_mechs[i].enc_name);
			} else {
			    debug("no credentials for GSSAPI mechanism %s",
				  supported_mechs[i].name);
			}
 		} else {
		    debug("GSSAPI mechanism %s not supported",
			  supported_mechs[i].name);
		}
	} while (supported_mechs[++i].name != NULL);
	
	buffer_put_char(&buf,'\0');
	
	mechs=xmalloc(buffer_len(&buf));
	buffer_get(&buf,mechs,buffer_len(&buf));
	buffer_free(&buf);
	if (strlen(mechs)==0)
	   return(NULL);
	else
	   return(mechs);
}

void ssh_gssapi_supported_oids(gss_OID_set *oidset) {
	enum ssh_gss_id i =0;
	OM_uint32 maj_status,min_status;
	int present;
	gss_OID_set supported;
	
	gss_create_empty_oid_set(&min_status,oidset);
	PRIVSEP(gss_indicate_mechs(&min_status, &supported));

	while (supported_mechs[i].name!=NULL) {
		if ((maj_status=gss_test_oid_set_member(&min_status,
						       &supported_mechs[i].oid,
						       supported,
						       &present))) {
			present=0;
		}
		if (present) {
			gss_add_oid_set_member(&min_status,
					       &supported_mechs[i].oid,
				       	       oidset);	
		}
		i++;
	}
}	

/* Set the contexts OID from a data stream */
void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) { 
  if (ctx->oid != GSS_C_NO_OID) {
	xfree(ctx->oid->elements);
   	xfree(ctx->oid);
  }
  ctx->oid=xmalloc(sizeof(gss_OID_desc));
  ctx->oid->length=len;
  ctx->oid->elements=xmalloc(len);
  memcpy(ctx->oid->elements,data,len);
}

/* Set the contexts OID */
void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) {  
  ssh_gssapi_set_oid_data(ctx,oid->elements,oid->length);
}

/* Find out which GSS type (out of the list we define in ssh-gss.h) a
 * particular connection is using 
 */
enum ssh_gss_id ssh_gssapi_get_ctype(Gssctxt *ctxt) {
	enum ssh_gss_id i=0;
	
	while(supported_mechs[i].name!=NULL) {
	   if (supported_mechs[i].oid.length == ctxt->oid->length &&
	       (memcmp(supported_mechs[i].oid.elements,
		       ctxt->oid->elements,ctxt->oid->length) == 0))
	       return i;
	   i++;
	}
	return(GSS_LAST_ENTRY);
}

/* Set the GSS context's OID to the oid indicated by the given key exchange
 * name. */
gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name) {
  enum ssh_gss_id i=0;
  
  if (strncmp(name, gssprefix, strlen(gssprefix)-1) !=0) {
     return(NULL);
  }
  
  name+=strlen(gssprefix); /* Move to the start of the MIME string */
  
  while (supported_mechs[i].name!=NULL &&
  	 strcmp(name,supported_mechs[i].enc_name)!=0) {
  	i++;
  }

  if (supported_mechs[i].name==NULL)
     return (NULL);

  if (ctx) ssh_gssapi_set_oid(ctx,&supported_mechs[i].oid);

  debug("using GSSAPI mechanism %s (%s%s)", supported_mechs[i].name,
	gssprefix, supported_mechs[i].enc_name);

  return &supported_mechs[i].oid;
}


/* All this effort to report an error ... */
static void
ssh_gssapi_error_ex(gss_OID mech, OM_uint32 major_status,
		    OM_uint32 minor_status,
		    int send_packet) {
	OM_uint32 lmaj, lmin;
        gss_buffer_desc msg = {0,NULL};
        OM_uint32 ctx;
        
        ctx = 0;
	/* The GSSAPI error */
        do {
        	lmaj = PRIVSEP(gss_display_status(&lmin, major_status,
						  GSS_C_GSS_CODE,
						  mech,
						  &ctx, &msg));
        	if (lmaj == GSS_S_COMPLETE) {
        	    	debug((char *)msg.value);
			if (send_packet) packet_send_debug((char *)msg.value);
        	    	(void) gss_release_buffer(&lmin, &msg);
        	}
        } while (ctx!=0);	   

        /* The mechanism specific error */
        do {
        	lmaj = PRIVSEP(gss_display_status(&lmin, minor_status,
						  GSS_C_MECH_CODE,
						  mech,
						  &ctx, &msg));
        	if (lmaj == GSS_S_COMPLETE) {
        	    	debug((char *)msg.value);
			if (send_packet) packet_send_debug((char *)msg.value);
        	    	(void) gss_release_buffer(&lmin, &msg);
        	}
        } while (ctx!=0);
}

void
ssh_gssapi_error(gss_OID mech,OM_uint32 major_status,OM_uint32 minor_status) {
    ssh_gssapi_error_ex(mech, major_status, minor_status, 0);
}

void
ssh_gssapi_send_error(gss_OID mech,
		      OM_uint32 major_status,OM_uint32 minor_status) {
    ssh_gssapi_error_ex(mech, major_status, minor_status, 1);
}


/* Initialise our GSSAPI context. We use this opaque structure to contain all
 * of the data which both the client and server need to persist across
 * {accept,init}_sec_context calls, so that when we do it from the userauth
 * stuff life is a little easier
 */
void
ssh_gssapi_build_ctx(Gssctxt **ctx)
{
	*ctx=xmalloc(sizeof (Gssctxt));
	(*ctx)->context=GSS_C_NO_CONTEXT;
	(*ctx)->name=GSS_C_NO_NAME;
	(*ctx)->oid=GSS_C_NO_OID;
	(*ctx)->creds=GSS_C_NO_CREDENTIAL;
	(*ctx)->client=GSS_C_NO_NAME;
	(*ctx)->client_creds=GSS_C_NO_CREDENTIAL;
}

/* Delete our context, providing it has been built correctly */
void
ssh_gssapi_delete_ctx(Gssctxt **ctx)
{
#if !defined(MECHGLUE)
	OM_uint32 ms;
#endif
	
	/* Return if there's no context */
	if ((*ctx)==NULL)
		return;
		
#if !defined(MECHGLUE) /* mechglue has some memory management issues */
	if ((*ctx)->context != GSS_C_NO_CONTEXT) 
		gss_delete_sec_context(&ms,&(*ctx)->context,GSS_C_NO_BUFFER);
	if ((*ctx)->name != GSS_C_NO_NAME)
		gss_release_name(&ms,&(*ctx)->name);
	if ((*ctx)->oid != GSS_C_NO_OID) {
		xfree((*ctx)->oid->elements);
		xfree((*ctx)->oid);
		(*ctx)->oid = GSS_C_NO_OID;
	}
	if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
		gss_release_cred(&ms,&(*ctx)->creds);
	if ((*ctx)->client != GSS_C_NO_NAME)
		gss_release_name(&ms,&(*ctx)->client);	
	if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
		gss_release_cred(&ms,&(*ctx)->client_creds);
#endif
	
	xfree(*ctx);
	*ctx=NULL; 
}

/* Wrapper to init_sec_context 
 * Requires that the context contains:
 *	oid
 * 	server name (from ssh_gssapi_import_name)
 */
OM_uint32 
ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
       	      	    gss_buffer_desc* send_tok, OM_uint32 *flags) 
{
      	OM_uint32 maj_status, min_status;
	int deleg_flag = 0;
	
	if (deleg_creds) {
		deleg_flag=GSS_C_DELEG_FLAG;
		debug("Delegating credentials");
	}
	      	
      	maj_status=gss_init_sec_context(&min_status,
      					GSS_C_NO_CREDENTIAL, /* def. cred */
      					&ctx->context,
      					ctx->name,
      					ctx->oid,
      					GSS_C_MUTUAL_FLAG |
      					GSS_C_INTEG_FLAG |
      					deleg_flag,
      					0, /* default lifetime */
      					NULL, /* no channel bindings */
      					recv_tok,
      					NULL,
      					send_tok,
      					flags,
      					NULL);
	ctx->status=maj_status;
      	if (GSS_ERROR(maj_status)) {
      		ssh_gssapi_error(ctx->oid,maj_status,min_status);
      	}
      	return(maj_status);
}

/* Wrapper arround accept_sec_context
 * Requires that the context contains:
 *    oid		
 *    credentials	(from ssh_gssapi_acquire_cred)
 */
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,gss_buffer_desc *recv_tok,
				gss_buffer_desc *send_tok, OM_uint32 *flags) 
{
	OM_uint32 maj_status, min_status;
	gss_OID mech;
	
	maj_status=gss_accept_sec_context(&min_status,
					  &ctx->context,
					  ctx->creds,
					  recv_tok,
					  GSS_C_NO_CHANNEL_BINDINGS,
					  &ctx->client,
					  &mech, /* read-only pointer */
					  send_tok,
					  flags,
					  NULL,
					  &ctx->client_creds);
	if (GSS_ERROR(maj_status)) {
		ssh_gssapi_send_error(ctx->oid,maj_status,min_status);
	}
	
	if (ctx->client_creds) {
		debug("Received some client credentials");
	} else {
		debug("Got no client credentials");
	}

	/* FIXME: We should check that the me
	 * the one that we asked for (in ctx->oid) */

	ctx->status=maj_status;
	
	/* Now, if we're complete and we have the right flags, then
	 * we flag the user as also having been authenticated
	 */
	
	if (((flags==NULL) || ((*flags & GSS_C_MUTUAL_FLAG) && 
	                       (*flags & GSS_C_INTEG_FLAG))) &&
	    (maj_status == GSS_S_COMPLETE)) {
		if (ssh_gssapi_getclient(ctx,&gssapi_client_type,
	  			         &gssapi_client_name,
	  			         &gssapi_client_creds))
	  		fatal("Couldn't convert client name");
	}

	return(maj_status);
}

/* Create a service name for the given host */
OM_uint32
ssh_gssapi_import_name(Gssctxt *ctx, const char *host) {
	gss_buffer_desc gssbuf = {0,NULL};
	OM_uint32 maj_status, min_status;
	char *xhost;
	
	/* Make a copy of the host name, in case it was returned by a
	 * previous call to gethostbyname(). */	
	xhost = xstrdup(host);

	/* Make sure we have the FQHN. Some GSSAPI implementations don't do
	 * this for us themselves */
	resolve_hostname(&xhost);

        gssbuf.length = sizeof("host@")+strlen(xhost);

        gssbuf.value = xmalloc(gssbuf.length);
        if (gssbuf.value == NULL) {
		xfree(xhost);
		return(-1);
        }
        snprintf(gssbuf.value,gssbuf.length,"host@%s",xhost);
        if ((maj_status=gss_import_name(&min_status,
                                   	&gssbuf,
                                        GSS_C_NT_HOSTBASED_SERVICE,
                                        &ctx->name))) {
		ssh_gssapi_error(ctx->oid, maj_status,min_status);
	}
	
	xfree(xhost);
	xfree(gssbuf.value);
	return(maj_status);
}

/* Acquire credentials for a server running on the current host.
 * Requires that the context structure contains a valid OID
 */
 
/* Returns a GSSAPI error code */
OM_uint32
ssh_gssapi_acquire_cred(Gssctxt *ctx) {
	OM_uint32 maj_status, min_status;
	char lname[MAXHOSTNAMELEN];
	gss_OID_set oidset;
	
	gss_create_empty_oid_set(&min_status,&oidset);
	gss_add_oid_set_member(&min_status,ctx->oid,&oidset);
	
        if (gethostname(lname, MAXHOSTNAMELEN)) {
                return(-1);
        }

	if ((maj_status=ssh_gssapi_import_name(ctx,lname))) {
		return(maj_status);
	}
	if ((maj_status=gss_acquire_cred(&min_status,
			 	    ctx->name,
				    0,
				    oidset,
				    GSS_C_ACCEPT,
				    &ctx->creds,
				    NULL,
				    NULL))) {
	    ssh_gssapi_error(ctx->oid,maj_status,min_status);
	}
				
	gss_release_oid_set(&min_status, &oidset);
	return(maj_status);
}

/* Extract the client details from a given context. This can only reliably
 * be called once for a context */

OM_uint32 
ssh_gssapi_getclient(Gssctxt *ctx, enum ssh_gss_id *type,
		     gss_buffer_desc *name, gss_cred_id_t *creds) {

	OM_uint32 maj_status,min_status;
	
	*type=ssh_gssapi_get_ctype(ctx);
	if ((maj_status=gss_display_name(&min_status,ctx->client,name,NULL))) {
		ssh_gssapi_error(ctx->oid,maj_status,min_status);
	}
	
	/* This is icky. There appears to be no way to copy this structure,
	 * rather than the pointer to it, so we simply copy the pointer and
	 * mark the originator as empty so we don't destroy it. 
	 */
	*creds=ctx->client_creds;
	ctx->client_creds=GSS_C_NO_CREDENTIAL;
	return(maj_status);
}

OM_uint32
ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, gss_buffer_desc *hash) {
	OM_uint32 maj_status,min_status;
	
	/* ssh1 needs to exchange the hash of the keys */
	/* will us this hash to return it */
	if (!compat20) {
		if ((maj_status=gss_wrap(&min_status,ctx->context,
					0,
					GSS_C_QOP_DEFAULT,
					buffer,
					NULL,
					hash)))
			ssh_gssapi_error(ctx->oid,maj_status,min_status);
	}
	else

	if ((maj_status=gss_get_mic(&min_status,ctx->context,
				    GSS_C_QOP_DEFAULT, buffer, hash))) {
		ssh_gssapi_error(ctx->oid,maj_status,min_status);
	}
	
	return(maj_status);
}

OM_uint32
ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid) {
	if (*ctx) ssh_gssapi_delete_ctx(ctx);
	ssh_gssapi_build_ctx(ctx);
	ssh_gssapi_set_oid(*ctx,oid);
	return(ssh_gssapi_acquire_cred(*ctx));
}

OM_uint32 
ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid, char *host) {
	gss_buffer_desc token = {0,NULL};
	OM_uint32 major,minor;
	
	if (*ctx) ssh_gssapi_delete_ctx(ctx);
	ssh_gssapi_build_ctx(ctx);
	ssh_gssapi_set_oid(*ctx,oid);
	ssh_gssapi_import_name(*ctx,host);
	major=ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL);
	gss_release_buffer(&minor,&token);
	return(major);
}
                                                                                        
#endif /* GSSAPI */
Commit	Line	Data
5598e598	1	/*
b59afbfe	2	* Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved. *
5598e598	3	* Redistribution and use in source and binary forms, with or without
	4	* modification, are permitted provided that the following conditions
	5	* are met:
	6	* 1. Redistributions of source code must retain the above copyright
	7	* notice, this list of conditions and the following disclaimer.
	8	* 2. Redistributions in binary form must reproduce the above copyright
	9	* notice, this list of conditions and the following disclaimer in the
	10	* documentation and/or other materials provided with the distribution.
	11	*
	12	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
	13	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	14	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	15	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	16	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	17	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	18	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	19	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	20	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	21	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	22	*/
	23
	24	#include "includes.h"
	25
	26	#ifdef GSSAPI
	27
	28	#include "ssh.h"
	29	#include "ssh2.h"
	30	#include "xmalloc.h"
	31	#include "buffer.h"
	32	#include "bufaux.h"
	33	#include "packet.h"
	34	#include "compat.h"
	35	#include <openssl/evp.h>
	36	#include "cipher.h"
	37	#include "kex.h"
	38	#include "log.h"
905081a4	39	#include "compat.h"
b59afbfe	40	#include "monitor_wrap.h"
4dd35ca9	41	#include "canohost.h"
5598e598	42
	43	#include <netdb.h>
	44
	45	#include "ssh-gss.h"
	46
	47	/* Assorted globals for tracking the clients identity once they've
	48	* authenticated */
	49
	50	gss_buffer_desc gssapi_client_name = {0,NULL}; /* Name of our client */
	51	gss_cred_id_t gssapi_client_creds = GSS_C_NO_CREDENTIAL; /* Their credentials */
	52	enum ssh_gss_id gssapi_client_type = GSS_LAST_ENTRY;
	53
b59afbfe	54	unsigned char ssh1_key_digest[16]; /* used for ssh1 gssapi */
b59afbfe	55
5598e598	56	/* The mechanism name used in the list below is defined in the internet
	57	* draft as the Base 64 encoding of the MD5 hash of the ASN.1 DER encoding
	58	* of the underlying GSSAPI mechanism's OID.
	59	*
	60	* Also from the draft, before considering adding SPNEGO, bear in mind that
	61	* "mechanisms ... MUST NOT use SPNEGO as the underlying GSSAPI mechanism"
	62	*/
	63
	64	/* These must be in the same order as ssh_gss_id, in ssh-gss.h */
	65
	66	ssh_gssapi_mech supported_mechs[]= {
	67	#ifdef KRB5
	68	/* Official OID - 1.2.850.113554.1.2.2 */
	69	{"Se3H81ismmOC3OE+FwYCiQ==","Kerberos",
	70	{9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}},
	71	#endif
	72	#ifdef GSI
	73	/* gssapi_ssleay 1.3.6.1.4.1.3536.1.1 */
	74	{"N3+k7/4wGxHyuP8Yxi4RhA==",
	75	"GSI",
	76	{9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"}
	77	},
	78	#endif /* GSI */
	79	{NULL,NULL,{0,0}}
	80	};
	81
	82	char gssprefix[]=KEX_GSS_SHA1;
	83
	84	/* Return a list of the gss-group1-sha1-x mechanisms supported by this
	85	* program.
	86	*
	87	* We only support the mechanisms that we've indicated in the list above,
	88	* but we check that they're supported by the GSSAPI mechanism on the
	89	* machine. We also check, before including them in the list, that
	90	* we have the necesary information in order to carry out the key exchange
	91	* (that is, that the user has credentials, the server's creds are accessible,
	92	* etc)
	93	*
	94	* The way that this is done is fairly nasty, as we do a lot of work that
	95	* is then thrown away. This should possibly be implemented with a cache
	96	* that stores the results (in an expanded Gssctxt structure), which are
	97	* then used by the first calls if that key exchange mechanism is chosen.
	98	*/
	99
	100	char *
	101	ssh_gssapi_mechanisms(int server,char *host) {
	102	gss_OID_set supported;
	103	OM_uint32 maj_status, min_status;
	104	Buffer buf;
	105	int i = 0;
	106	int present;
d4ab470d	107	int mech_count=0;
5598e598	108	char * mechs;
b59afbfe	109	Gssctxt * ctx = NULL;
5598e598	110
905081a4	111	if (datafellows & SSH_OLD_GSSAPI) return NULL;
905081a4	112
9eeaa28e	113	PRIVSEP(gss_indicate_mechs(&min_status, &supported));
5598e598	114
	115	buffer_init(&buf);
	116
	117	do {
	118	if ((maj_status=gss_test_oid_set_member(&min_status,
	119	&supported_mechs[i].oid,
	120	supported,
	121	&present))) {
	122	present=0;
	123	}
	124	if (present) {
b59afbfe	125	if ((server &&
	126	!GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx,
	127	&supported_mechs[i].oid))))
	128	\|\| (!server &&
	129	!GSS_ERROR(ssh_gssapi_client_ctx(&ctx,
	130	&supported_mechs[i].oid,
	131	host)))) {
	132	/* Append gss_group1_sha1_x to our list */
d4ab470d	133	if (++mech_count > 1) {
	134	buffer_append(&buf, ",", 1);
	135	}
b59afbfe	136	buffer_append(&buf, gssprefix,
	137	strlen(gssprefix));
	138	buffer_append(&buf,
	139	supported_mechs[i].enc_name,
	140	strlen(supported_mechs[i].enc_name));
d4ab470d	141	debug("GSSAPI mechanism %s (%s%s) supported",
	142	supported_mechs[i].name, gssprefix,
	143	supported_mechs[i].enc_name);
	144	} else {
	145	debug("no credentials for GSSAPI mechanism %s",
	146	supported_mechs[i].name);
	147	}
	148	} else {
	149	debug("GSSAPI mechanism %s not supported",
	150	supported_mechs[i].name);
	151	}
5598e598	152	} while (supported_mechs[++i].name != NULL);
	153
	154	buffer_put_char(&buf,'\0');
	155
	156	mechs=xmalloc(buffer_len(&buf));
	157	buffer_get(&buf,mechs,buffer_len(&buf));
	158	buffer_free(&buf);
	159	if (strlen(mechs)==0)
	160	return(NULL);
	161	else
	162	return(mechs);
	163	}
	164
	165	void ssh_gssapi_supported_oids(gss_OID_set *oidset) {
	166	enum ssh_gss_id i =0;
	167	OM_uint32 maj_status,min_status;
	168	int present;
	169	gss_OID_set supported;
	170
	171	gss_create_empty_oid_set(&min_status,oidset);
9eeaa28e	172	PRIVSEP(gss_indicate_mechs(&min_status, &supported));
5598e598	173
	174	while (supported_mechs[i].name!=NULL) {
	175	if ((maj_status=gss_test_oid_set_member(&min_status,
	176	&supported_mechs[i].oid,
	177	supported,
	178	&present))) {
	179	present=0;
	180	}
	181	if (present) {
	182	gss_add_oid_set_member(&min_status,
	183	&supported_mechs[i].oid,
	184	oidset);
	185	}
	186	i++;
	187	}
	188	}
	189
	190	/* Set the contexts OID from a data stream */
	191	void ssh_gssapi_set_oid_data(Gssctxt ctx, void data, size_t len) {
	192	if (ctx->oid != GSS_C_NO_OID) {
	193	xfree(ctx->oid->elements);
	194	xfree(ctx->oid);
	195	}
	196	ctx->oid=xmalloc(sizeof(gss_OID_desc));
	197	ctx->oid->length=len;
	198	ctx->oid->elements=xmalloc(len);
	199	memcpy(ctx->oid->elements,data,len);
	200	}
	201
	202	/* Set the contexts OID */
	203	void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) {
	204	ssh_gssapi_set_oid_data(ctx,oid->elements,oid->length);
	205	}
	206
	207	/* Find out which GSS type (out of the list we define in ssh-gss.h) a
	208	* particular connection is using
	209	*/
	210	enum ssh_gss_id ssh_gssapi_get_ctype(Gssctxt *ctxt) {
	211	enum ssh_gss_id i=0;
	212
c57ffeb1	213	while(supported_mechs[i].name!=NULL) {
	214	if (supported_mechs[i].oid.length == ctxt->oid->length &&
	215	(memcmp(supported_mechs[i].oid.elements,
	216	ctxt->oid->elements,ctxt->oid->length) == 0))
	217	return i;
5598e598	218	i++;
5598e598	219	}
c57ffeb1	220	return(GSS_LAST_ENTRY);
5598e598	221	}
	222
	223	/* Set the GSS context's OID to the oid indicated by the given key exchange
	224	* name. */
b59afbfe	225	gss_OID ssh_gssapi_id_kex(Gssctxt ctx, char name) {
5598e598	226	enum ssh_gss_id i=0;
	227
	228	if (strncmp(name, gssprefix, strlen(gssprefix)-1) !=0) {
b59afbfe	229	return(NULL);
5598e598	230	}
	231
	232	name+=strlen(gssprefix); /* Move to the start of the MIME string */
	233
	234	while (supported_mechs[i].name!=NULL &&
	235	strcmp(name,supported_mechs[i].enc_name)!=0) {
	236	i++;
	237	}
	238
	239	if (supported_mechs[i].name==NULL)
b59afbfe	240	return (NULL);
5598e598	241
b59afbfe	242	if (ctx) ssh_gssapi_set_oid(ctx,&supported_mechs[i].oid);
5598e598	243
d4ab470d	244	debug("using GSSAPI mechanism %s (%s%s)", supported_mechs[i].name,
	245	gssprefix, supported_mechs[i].enc_name);
	246
b59afbfe	247	return &supported_mechs[i].oid;
5598e598	248	}
	249
	250
	251	/* All this effort to report an error ... */
de4d4506	252	static void
6f9f4dab	253	ssh_gssapi_error_ex(gss_OID mech, OM_uint32 major_status,
6f9f4dab	254	OM_uint32 minor_status,
de4d4506	255	int send_packet) {
5598e598	256	OM_uint32 lmaj, lmin;
d4ab470d	257	gss_buffer_desc msg = {0,NULL};
5598e598	258	OM_uint32 ctx;
	259
	260	ctx = 0;
	261	/* The GSSAPI error */
	262	do {
9eeaa28e	263	lmaj = PRIVSEP(gss_display_status(&lmin, major_status,
	264	GSS_C_GSS_CODE,
	265	mech,
	266	&ctx, &msg));
5598e598	267	if (lmaj == GSS_S_COMPLETE) {
5598e598	268	debug((char *)msg.value);
de4d4506	269	if (send_packet) packet_send_debug((char *)msg.value);
5598e598	270	(void) gss_release_buffer(&lmin, &msg);
	271	}
	272	} while (ctx!=0);
	273
	274	/* The mechanism specific error */
	275	do {
9eeaa28e	276	lmaj = PRIVSEP(gss_display_status(&lmin, minor_status,
	277	GSS_C_MECH_CODE,
	278	mech,
	279	&ctx, &msg));
5598e598	280	if (lmaj == GSS_S_COMPLETE) {
5598e598	281	debug((char *)msg.value);
de4d4506	282	if (send_packet) packet_send_debug((char *)msg.value);
5598e598	283	(void) gss_release_buffer(&lmin, &msg);
	284	}
	285	} while (ctx!=0);
	286	}
	287
de4d4506	288	void
6f9f4dab	289	ssh_gssapi_error(gss_OID mech,OM_uint32 major_status,OM_uint32 minor_status) {
6f9f4dab	290	ssh_gssapi_error_ex(mech, major_status, minor_status, 0);
de4d4506	291	}
	292
	293	void
6f9f4dab	294	ssh_gssapi_send_error(gss_OID mech,
	295	OM_uint32 major_status,OM_uint32 minor_status) {
	296	ssh_gssapi_error_ex(mech, major_status, minor_status, 1);
de4d4506	297	}
	298
	299
	300
	301
5598e598	302	/* Initialise our GSSAPI context. We use this opaque structure to contain all
	303	* of the data which both the client and server need to persist across
	304	* {accept,init}_sec_context calls, so that when we do it from the userauth
	305	* stuff life is a little easier
	306	*/
	307	void
b59afbfe	308	ssh_gssapi_build_ctx(Gssctxt **ctx)
5598e598	309	{
b59afbfe	310	*ctx=xmalloc(sizeof (Gssctxt));
	311	(*ctx)->context=GSS_C_NO_CONTEXT;
	312	(*ctx)->name=GSS_C_NO_NAME;
	313	(*ctx)->oid=GSS_C_NO_OID;
	314	(*ctx)->creds=GSS_C_NO_CREDENTIAL;
	315	(*ctx)->client=GSS_C_NO_NAME;
	316	(*ctx)->client_creds=GSS_C_NO_CREDENTIAL;
5598e598	317	}
	318
	319	/* Delete our context, providing it has been built correctly */
	320	void
b59afbfe	321	ssh_gssapi_delete_ctx(Gssctxt **ctx)
5598e598	322	{
9eeaa28e	323	#if !defined(MECHGLUE)
5598e598	324	OM_uint32 ms;
9eeaa28e	325	#endif
5598e598	326
b59afbfe	327	/* Return if there's no context */
	328	if ((*ctx)==NULL)
	329	return;
	330
d4ab470d	331	#if !defined(MECHGLUE) /* mechglue has some memory management issues */
b59afbfe	332	if ((*ctx)->context != GSS_C_NO_CONTEXT)
	333	gss_delete_sec_context(&ms,&(*ctx)->context,GSS_C_NO_BUFFER);
	334	if ((*ctx)->name != GSS_C_NO_NAME)
	335	gss_release_name(&ms,&(*ctx)->name);
	336	if ((*ctx)->oid != GSS_C_NO_OID) {
	337	xfree((*ctx)->oid->elements);
	338	xfree((*ctx)->oid);
	339	(*ctx)->oid = GSS_C_NO_OID;
5598e598	340	}
b59afbfe	341	if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
	342	gss_release_cred(&ms,&(*ctx)->creds);
	343	if ((*ctx)->client != GSS_C_NO_NAME)
	344	gss_release_name(&ms,&(*ctx)->client);
	345	if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
	346	gss_release_cred(&ms,&(*ctx)->client_creds);
d4ab470d	347	#endif
b59afbfe	348
	349	xfree(*ctx);
	350	*ctx=NULL;
5598e598	351	}
	352
	353	/* Wrapper to init_sec_context
	354	* Requires that the context contains:
	355	* oid
	356	* server name (from ssh_gssapi_import_name)
	357	*/
	358	OM_uint32
	359	ssh_gssapi_init_ctx(Gssctxt ctx, int deleg_creds, gss_buffer_desc recv_tok,
	360	gss_buffer_desc* send_tok, OM_uint32 *flags)
	361	{
	362	OM_uint32 maj_status, min_status;
	363	int deleg_flag = 0;
	364
	365	if (deleg_creds) {
	366	deleg_flag=GSS_C_DELEG_FLAG;
	367	debug("Delegating credentials");
	368	}
	369
	370	maj_status=gss_init_sec_context(&min_status,
	371	GSS_C_NO_CREDENTIAL, /* def. cred */
	372	&ctx->context,
	373	ctx->name,
	374	ctx->oid,
	375	GSS_C_MUTUAL_FLAG \|
	376	GSS_C_INTEG_FLAG \|
	377	deleg_flag,
	378	0, /* default lifetime */
	379	NULL, /* no channel bindings */
	380	recv_tok,
	381	NULL,
	382	send_tok,
	383	flags,
	384	NULL);
	385	ctx->status=maj_status;
	386	if (GSS_ERROR(maj_status)) {
6f9f4dab	387	ssh_gssapi_error(ctx->oid,maj_status,min_status);
5598e598	388	}
	389	return(maj_status);
	390	}
	391
	392	/* Wrapper arround accept_sec_context
	393	* Requires that the context contains:
	394	* oid
	395	* credentials (from ssh_gssapi_acquire_cred)
	396	*/
	397	OM_uint32 ssh_gssapi_accept_ctx(Gssctxt ctx,gss_buffer_desc recv_tok,
	398	gss_buffer_desc send_tok, OM_uint32 flags)
	399	{
	400	OM_uint32 maj_status, min_status;
b7997926	401	gss_OID mech;
5598e598	402
	403	maj_status=gss_accept_sec_context(&min_status,
	404	&ctx->context,
	405	ctx->creds,
	406	recv_tok,
	407	GSS_C_NO_CHANNEL_BINDINGS,
	408	&ctx->client,
b7997926	409	&mech, /* read-only pointer */
5598e598	410	send_tok,
	411	flags,
	412	NULL,
	413	&ctx->client_creds);
	414	if (GSS_ERROR(maj_status)) {
6f9f4dab	415	ssh_gssapi_send_error(ctx->oid,maj_status,min_status);
5598e598	416	}
	417
	418	if (ctx->client_creds) {
	419	debug("Received some client credentials");
	420	} else {
	421	debug("Got no client credentials");
	422	}
	423
b59afbfe	424	/* FIXME: We should check that the me
5598e598	425	* the one that we asked for (in ctx->oid) */
	426
	427	ctx->status=maj_status;
	428
b59afbfe	429	/* Now, if we're complete and we have the right flags, then
	430	* we flag the user as also having been authenticated
	431	*/
	432
	433	if (((flags==NULL) \|\| ((*flags & GSS_C_MUTUAL_FLAG) &&
	434	(*flags & GSS_C_INTEG_FLAG))) &&
	435	(maj_status == GSS_S_COMPLETE)) {
	436	if (ssh_gssapi_getclient(ctx,&gssapi_client_type,
	437	&gssapi_client_name,
	438	&gssapi_client_creds))
	439	fatal("Couldn't convert client name");
	440	}
	441
5598e598	442	return(maj_status);
	443	}
	444
	445	/* Create a service name for the given host */
	446	OM_uint32
1c828c5c	447	ssh_gssapi_import_name(Gssctxt ctx, const char host) {
d4ab470d	448	gss_buffer_desc gssbuf = {0,NULL};
5598e598	449	OM_uint32 maj_status, min_status;
4dd35ca9	450	char *xhost;
5598e598	451
	452	/* Make a copy of the host name, in case it was returned by a
	453	* previous call to gethostbyname(). */
	454	xhost = xstrdup(host);
	455
4dd35ca9	456	/* Make sure we have the FQHN. Some GSSAPI implementations don't do
5598e598	457	* this for us themselves */
890e8b9d	458	resolve_hostname(&xhost);
9e495a24	459
33fd981a	460	gssbuf.length = sizeof("host@")+strlen(xhost);
5598e598	461
	462	gssbuf.value = xmalloc(gssbuf.length);
	463	if (gssbuf.value == NULL) {
1c828c5c	464	xfree(xhost);
5598e598	465	return(-1);
5598e598	466	}
33fd981a	467	snprintf(gssbuf.value,gssbuf.length,"host@%s",xhost);
5598e598	468	if ((maj_status=gss_import_name(&min_status,
	469	&gssbuf,
	470	GSS_C_NT_HOSTBASED_SERVICE,
	471	&ctx->name))) {
6f9f4dab	472	ssh_gssapi_error(ctx->oid, maj_status,min_status);
5598e598	473	}
5598e598	474
1c828c5c	475	xfree(xhost);
5598e598	476	xfree(gssbuf.value);
	477	return(maj_status);
	478	}
	479
	480	/* Acquire credentials for a server running on the current host.
	481	* Requires that the context structure contains a valid OID
b59afbfe	482	*/
	483
	484	/* Returns a GSSAPI error code */
5598e598	485	OM_uint32
	486	ssh_gssapi_acquire_cred(Gssctxt *ctx) {
	487	OM_uint32 maj_status, min_status;
	488	char lname[MAXHOSTNAMELEN];
	489	gss_OID_set oidset;
	490
	491	gss_create_empty_oid_set(&min_status,&oidset);
	492	gss_add_oid_set_member(&min_status,ctx->oid,&oidset);
	493
	494	if (gethostname(lname, MAXHOSTNAMELEN)) {
	495	return(-1);
	496	}
	497
	498	if ((maj_status=ssh_gssapi_import_name(ctx,lname))) {
	499	return(maj_status);
	500	}
	501	if ((maj_status=gss_acquire_cred(&min_status,
	502	ctx->name,
	503	0,
	504	oidset,
	505	GSS_C_ACCEPT,
	506	&ctx->creds,
	507	NULL,
	508	NULL))) {
9eeaa28e	509	ssh_gssapi_error(ctx->oid,maj_status,min_status);
5598e598	510	}
	511
	512	gss_release_oid_set(&min_status, &oidset);
	513	return(maj_status);
	514	}
	515
	516	/* Extract the client details from a given context. This can only reliably
	517	* be called once for a context */
	518
	519	OM_uint32
	520	ssh_gssapi_getclient(Gssctxt ctx, enum ssh_gss_id type,
	521	gss_buffer_desc name, gss_cred_id_t creds) {
	522
	523	OM_uint32 maj_status,min_status;
	524
	525	*type=ssh_gssapi_get_ctype(ctx);
	526	if ((maj_status=gss_display_name(&min_status,ctx->client,name,NULL))) {
9eeaa28e	527	ssh_gssapi_error(ctx->oid,maj_status,min_status);
5598e598	528	}
	529
	530	/* This is icky. There appears to be no way to copy this structure,
	531	* rather than the pointer to it, so we simply copy the pointer and
	532	* mark the originator as empty so we don't destroy it.
	533	*/
	534	*creds=ctx->client_creds;
	535	ctx->client_creds=GSS_C_NO_CREDENTIAL;
	536	return(maj_status);
	537	}
b59afbfe	538
	539	OM_uint32
	540	ssh_gssapi_sign(Gssctxt ctx, gss_buffer_desc buffer, gss_buffer_desc *hash) {
	541	OM_uint32 maj_status,min_status;
5598e598	542
b59afbfe	543	/* ssh1 needs to exchange the hash of the keys */
	544	/* will us this hash to return it */
	545	if (!compat20) {
	546	if ((maj_status=gss_wrap(&min_status,ctx->context,
	547	0,
	548	GSS_C_QOP_DEFAULT,
	549	buffer,
	550	NULL,
	551	hash)))
6f9f4dab	552	ssh_gssapi_error(ctx->oid,maj_status,min_status);
b59afbfe	553	}
	554	else
	555
	556	if ((maj_status=gss_get_mic(&min_status,ctx->context,
	557	GSS_C_QOP_DEFAULT, buffer, hash))) {
6f9f4dab	558	ssh_gssapi_error(ctx->oid,maj_status,min_status);
b59afbfe	559	}
	560
	561	return(maj_status);
	562	}
	563
	564	OM_uint32
	565	ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid) {
	566	if (*ctx) ssh_gssapi_delete_ctx(ctx);
	567	ssh_gssapi_build_ctx(ctx);
	568	ssh_gssapi_set_oid(*ctx,oid);
	569	return(ssh_gssapi_acquire_cred(*ctx));
	570	}
	571
	572	OM_uint32
	573	ssh_gssapi_client_ctx(Gssctxt *ctx,gss_OID oid, char host) {
d4ab470d	574	gss_buffer_desc token = {0,NULL};
b59afbfe	575	OM_uint32 major,minor;
	576
	577	if (*ctx) ssh_gssapi_delete_ctx(ctx);
	578	ssh_gssapi_build_ctx(ctx);
	579	ssh_gssapi_set_oid(*ctx,oid);
	580	ssh_gssapi_import_name(*ctx,host);
	581	major=ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL);
	582	gss_release_buffer(&minor,&token);
	583	return(major);
	584	}
	585
5598e598	586	#endif /* GSSAPI */