openssh/gss-genr.c

   1 /*
   2  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. *
   3  * Redistribution and use in source and binary forms, with or without
   4  * modification, are permitted provided that the following conditions
   5  * are met:
   6  * 1. Redistributions of source code must retain the above copyright
   7  *    notice, this list of conditions and the following disclaimer.
   8  * 2. Redistributions in binary form must reproduce the above copyright
   9  *    notice, this list of conditions and the following disclaimer in the
  10  *    documentation and/or other materials provided with the distribution.
  11  *
  12  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
  13  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  14  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  15  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  16  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  17  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  18  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  19  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  20  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  21  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  22  */
  23
  24 #include "includes.h"
  25
  26 #ifdef GSSAPI
  27
  28 #include "ssh.h"
  29 #include "ssh2.h"
  30 #include "xmalloc.h"
  31 #include "buffer.h"
  32 #include "bufaux.h"
  33 #include "packet.h"
  34 #include "compat.h"
  35 #include <openssl/evp.h>
  36 #include "cipher.h"
  37 #include "kex.h"
  38 #include "log.h"
  39 #include "compat.h"
  40 #include "monitor_wrap.h"
  41 #include "canohost.h"
  42
  43 #include <netdb.h>
  44
  45 #include "ssh-gss.h"
  46
  47 typedef struct {
  48         char *encoded;
  49         gss_OID oid;
  50 } ssh_gss_kex_mapping;
  51
  52 static ssh_gss_kex_mapping *gss_enc2oid;
  53
  54 /* Return a list of the gss-group1-sha1-x mechanisms supported by this
  55  * program.
  56  *
  57  * On the client side, we don't need to worry about whether we 'know'
  58  * about the mechanism or not - we assume that any mechanism that we've been
  59  * linked against is suitable for inclusion.
  60  *
  61  * XXX - We might want to make this configurable in the future, so as to
  62  * XXX - allow the user control over which mechanisms to use.
  63  */
  64
  65 char *
  66 ssh_gssapi_client_mechanisms(char *host) {
  67         gss_OID_set     supported;
  68         OM_uint32       min_status;
  69         Buffer          buf;
  70         int             i = 0;
  71         char            *mechs;
  72         char            *encoded;
  73         int             enclen;
  74         char            digest[EVP_MAX_MD_SIZE];
  75         char            deroid[2];
  76         const EVP_MD    *evp_md = EVP_md5();
  77         EVP_MD_CTX      md;
  78         int             oidpos=0;
  79
  80         if (datafellows & SSH_OLD_GSSAPI) return NULL;
  81
  82         gss_indicate_mechs(&min_status,&supported);
  83         if (datafellows & SSH_BUG_GSSAPI_BER) {
  84                 gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
  85                                         *((supported->count*2)+1));
  86         } else {
  87                 gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
  88                                         *(supported->count+1));
  89         }
  90
  91         buffer_init(&buf);
  92
  93
  94         for (i=0;i<supported->count;i++) {
  95
  96                 gss_enc2oid[oidpos].encoded=NULL;
  97
  98                 if (supported->elements[i].length<128 &&
  99                     ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
 100
 101                         /* Earlier versions of this code interpreted the
 102                          * spec incorrectly with regard to OID encoding. They
 103                          * also mis-encoded the krb5 OID. The following
 104                          * _temporary_ code interfaces with these broken
 105                          * servers */
 106
 107                         if (datafellows & SSH_BUG_GSSAPI_BER) {
 108                                 char *bodge=NULL;
 109                                 gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
 110                                 gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
 111
 112                                 if (supported->elements[i].length==krb5oid.length &&
 113                                     memcmp(supported->elements[i].elements,
 114                                            krb5oid.elements, krb5oid.length)==0) {
 115                                         bodge="Se3H81ismmOC3OE+FwYCiQ==";
 116                                 }
 117
 118                                 if (supported->elements[i].length==gsioid.length &&
 119                                     memcmp(supported->elements[i].elements,
 120                                            gsioid.elements, gsioid.length)==0) {
 121                                         bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
 122                                 }
 123
 124                                 if (bodge) {
 125                                         if (oidpos!=0) {
 126                                                 buffer_put_char(&buf,',');
 127                                         }
 128
 129                                         buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
 130                                         buffer_append(&buf, bodge, strlen(bodge));
 131
 132                                         gss_enc2oid[oidpos].oid=&(supported->elements[i]);
 133                                         gss_enc2oid[oidpos].encoded=bodge;
 134
 135                                         oidpos++;
 136                                 }
 137                         }
 138
 139                         /* Add the required DER encoding octets and MD5 hash */
 140                         deroid[0]=0x06; /* Object Identifier */
 141                         deroid[1]=supported->elements[i].length;
 142
 143                         EVP_DigestInit(&md, evp_md);
 144                         EVP_DigestUpdate(&md,deroid,2);
 145                         EVP_DigestUpdate(&md,
 146                                          supported->elements[i].elements,
 147                                          supported->elements[i].length);
 148                         EVP_DigestFinal(&md, digest, NULL);
 149
 150                         /* Base64 encode it */
 151                         encoded=xmalloc(EVP_MD_size(evp_md)*2);
 152                         enclen=__b64_ntop(digest, EVP_MD_size(evp_md),
 153                                           encoded,EVP_MD_size(evp_md)*2);
 154                         if (oidpos!=0) {
 155                                 buffer_put_char(&buf,',');
 156                         }
 157                         buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
 158                         buffer_append(&buf, encoded, enclen);
 159
 160                         debug("Mechanism encoded as %s",encoded);
 161
 162                         gss_enc2oid[oidpos].oid=&(supported->elements[i]);
 163                         gss_enc2oid[oidpos].encoded=encoded;
 164                         oidpos++;
 165                 }
 166         }
 167         gss_enc2oid[oidpos].oid=NULL;
 168         gss_enc2oid[oidpos].encoded=NULL;
 169
 170         buffer_put_char(&buf,'\0');
 171
 172         mechs=xmalloc(buffer_len(&buf));
 173         buffer_get(&buf,mechs,buffer_len(&buf));
 174         buffer_free(&buf);
 175         if (strlen(mechs)==0)
 176                 return(NULL);
 177         else
 178                 return(mechs);
 179 }
 180
 181 gss_OID
 182 ssh_gssapi_client_id_kex(Gssctxt *ctx, char *name) {
 183         int i=0;
 184
 185         if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) !=0) {
 186                 return(NULL);
 187         }
 188
 189         name+=sizeof(KEX_GSS_SHA1)-1; /* Move to the start of the ID string */
 190
 191         while (gss_enc2oid[i].encoded!=NULL &&
 192                 strcmp(name,gss_enc2oid[i].encoded)!=0) {
 193                 i++;
 194         }
 195
 196         if (gss_enc2oid[i].oid!=NULL) {
 197                 ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);
 198         }
 199
 200         return gss_enc2oid[i].oid;
 201 }
 202
 203 /* Check that the OID in a data stream matches that in the context */
 204 int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) {
 205
 206   return (ctx!=NULL && ctx->oid != GSS_C_NO_OID &&
 207           ctx->oid->length == len &&
 208           memcmp(ctx->oid->elements,data,len)==0);
 209 }
 210
 211 /* Set the contexts OID from a data stream */
 212 void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) {
 213   if (ctx->oid != GSS_C_NO_OID) {
 214         xfree(ctx->oid->elements);
 215         xfree(ctx->oid);
 216   }
 217   ctx->oid=xmalloc(sizeof(gss_OID_desc));
 218   ctx->oid->length=len;
 219   ctx->oid->elements=xmalloc(len);
 220   memcpy(ctx->oid->elements,data,len);
 221 }
 222
 223 /* Set the contexts OID */
 224 void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) {
 225   ssh_gssapi_set_oid_data(ctx,oid->elements,oid->length);
 226 }
 227
 228 /* All this effort to report an error ... */
 229
 230 void
 231 ssh_gssapi_error(Gssctxt *ctxt) {
 232
 233         debug(ssh_gssapi_last_error(ctxt,NULL,NULL));
 234 }
 235
 236 char *
 237 ssh_gssapi_last_error(Gssctxt *ctxt,
 238                       OM_uint32 *major_status, OM_uint32 *minor_status) {
 239         OM_uint32 lmin;
 240         gss_buffer_desc msg;
 241         OM_uint32 ctx;
 242         Buffer b;
 243         char *ret;
 244
 245         buffer_init(&b);
 246
 247         if (major_status!=NULL) *major_status=ctxt->major;
 248         if (minor_status!=NULL) *minor_status=ctxt->minor;
 249
 250         ctx = 0;
 251         /* The GSSAPI error */
 252         do {
 253                 gss_display_status(&lmin, ctxt->major,
 254                                    GSS_C_GSS_CODE, ctxt->oid,
 255                                    &ctx, &msg);
 256
 257                 buffer_append(&b,msg.value,msg.length);
 258                 buffer_put_char(&b,'\n');
 259
 260                 gss_release_buffer(&lmin, &msg);
 261         } while (ctx!=0);
 262
 263         /* The mechanism specific error */
 264         do {
 265                 gss_display_status(&lmin, ctxt->minor,
 266                                    GSS_C_MECH_CODE, ctxt->oid,
 267                                    &ctx, &msg);
 268
 269                 buffer_append(&b,msg.value,msg.length);
 270                 buffer_put_char(&b,'\n');
 271
 272                 gss_release_buffer(&lmin, &msg);
 273         } while (ctx!=0);
 274
 275         buffer_put_char(&b,'\0');
 276         ret=xmalloc(buffer_len(&b));
 277         buffer_get(&b,ret,buffer_len(&b));
 278         buffer_free(&b);
 279         return(ret);
 280 }
 281
 282 /* Initialise our GSSAPI context. We use this opaque structure to contain all
 283  * of the data which both the client and server need to persist across
 284  * {accept,init}_sec_context calls, so that when we do it from the userauth
 285  * stuff life is a little easier
 286  */
 287 void
 288 ssh_gssapi_build_ctx(Gssctxt **ctx)
 289 {
 290         *ctx=xmalloc(sizeof (Gssctxt));
 291         (*ctx)->major=0;
 292         (*ctx)->minor=0;
 293         (*ctx)->context=GSS_C_NO_CONTEXT;
 294         (*ctx)->name=GSS_C_NO_NAME;
 295         (*ctx)->oid=GSS_C_NO_OID;
 296         (*ctx)->creds=GSS_C_NO_CREDENTIAL;
 297         (*ctx)->client=GSS_C_NO_NAME;
 298         (*ctx)->client_creds=GSS_C_NO_CREDENTIAL;
 299 }
 300
 301 /* Delete our context, providing it has been built correctly */
 302 void
 303 ssh_gssapi_delete_ctx(Gssctxt **ctx)
 304 {
 305 #if !defined(MECHGLUE)
 306         OM_uint32 ms;
 307 #endif
 308
 309         /* Return if there's no context */
 310         if ((*ctx)==NULL)
 311                 return;
 312
 313 #if !defined(MECHGLUE) /* mechglue has some memory management issues */
 314         if ((*ctx)->context != GSS_C_NO_CONTEXT)
 315                 gss_delete_sec_context(&ms,&(*ctx)->context,GSS_C_NO_BUFFER);
 316         if ((*ctx)->name != GSS_C_NO_NAME)
 317                 gss_release_name(&ms,&(*ctx)->name);
 318         if ((*ctx)->oid != GSS_C_NO_OID) {
 319                 xfree((*ctx)->oid->elements);
 320                 xfree((*ctx)->oid);
 321                 (*ctx)->oid = GSS_C_NO_OID;
 322         }
 323         if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
 324                 gss_release_cred(&ms,&(*ctx)->creds);
 325         if ((*ctx)->client != GSS_C_NO_NAME)
 326                 gss_release_name(&ms,&(*ctx)->client);
 327         if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
 328                 gss_release_cred(&ms,&(*ctx)->client_creds);
 329 #endif
 330
 331         xfree(*ctx);
 332         *ctx=NULL;
 333 }
 334
 335 /* Wrapper to init_sec_context
 336  * Requires that the context contains:
 337  *      oid
 338  *      server name (from ssh_gssapi_import_name)
 339  */
 340 OM_uint32
 341 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
 342                     gss_buffer_desc* send_tok, OM_uint32 *flags)
 343 {
 344         int deleg_flag = 0;
 345
 346         if (deleg_creds) {
 347                 deleg_flag=GSS_C_DELEG_FLAG;
 348                 debug("Delegating credentials");
 349         }
 350
 351         ctx->major=gss_init_sec_context(&ctx->minor,
 352                                         GSS_C_NO_CREDENTIAL, /* def. cred */
 353                                         &ctx->context,
 354                                         ctx->name,
 355                                         ctx->oid,
 356                                         GSS_C_MUTUAL_FLAG |
 357                                         GSS_C_INTEG_FLAG |
 358                                         deleg_flag,
 359                                         0, /* default lifetime */
 360                                         NULL, /* no channel bindings */
 361                                         recv_tok,
 362                                         NULL,
 363                                         send_tok,
 364                                         flags,
 365                                         NULL);
 366         if (GSS_ERROR(ctx->major)) {
 367                 ssh_gssapi_error(ctx);
 368         }
 369         return(ctx->major);
 370 }
 371
 372 /* Create a service name for the given host */
 373 OM_uint32
 374 ssh_gssapi_import_name(Gssctxt *ctx, const char *host) {
 375         gss_buffer_desc gssbuf;
 376         char *xhost;
 377
 378         /* Make a copy of the host name, in case it was returned by a
 379          * previous call to gethostbyname(). */
 380         xhost = xstrdup(host);
 381
 382         /* Make sure we have the FQDN. Some GSSAPI implementations don't do
 383          * this for us themselves */
 384         resolve_localhost(&xhost);
 385
 386         gssbuf.length = sizeof("host@")+strlen(xhost);
 387
 388         gssbuf.value = xmalloc(gssbuf.length);
 389         if (gssbuf.value == NULL) {
 390                 xfree(xhost);
 391                 return(-1);
 392         }
 393         snprintf(gssbuf.value,gssbuf.length,"host@%s",xhost);
 394         if ((ctx->major=gss_import_name(&ctx->minor,
 395                                         &gssbuf,
 396                                         GSS_C_NT_HOSTBASED_SERVICE,
 397                                         &ctx->name))) {
 398                 ssh_gssapi_error(ctx);
 399         }
 400
 401         xfree(xhost);
 402         xfree(gssbuf.value);
 403         return(ctx->major);
 404 }
 405
 406 /* Acquire credentials for a server running on the current host.
 407  * Requires that the context structure contains a valid OID
 408  */
 409
 410 /* Returns a GSSAPI error code */
 411 OM_uint32
 412 ssh_gssapi_acquire_cred(Gssctxt *ctx) {
 413         OM_uint32 status;
 414         char lname[MAXHOSTNAMELEN];
 415         gss_OID_set oidset;
 416
 417         gss_create_empty_oid_set(&status,&oidset);
 418         gss_add_oid_set_member(&status,ctx->oid,&oidset);
 419
 420         if (gethostname(lname, MAXHOSTNAMELEN)) {
 421                 return(-1);
 422         }
 423
 424         if (GSS_ERROR(ssh_gssapi_import_name(ctx,lname))) {
 425                 return(ctx->major);
 426         }
 427
 428         if ((ctx->major=gss_acquire_cred(&ctx->minor,
 429                                     ctx->name,
 430                                     0,
 431                                     oidset,
 432                                     GSS_C_ACCEPT,
 433                                     &ctx->creds,
 434                                     NULL,
 435                                     NULL))) {
 436                 ssh_gssapi_error(ctx);
 437         }
 438
 439         gss_release_oid_set(&status, &oidset);
 440         return(ctx->major);
 441 }
 442
 443 OM_uint32
 444 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, gss_buffer_desc *hash) {
 445
 446         /* ssh1 needs to exchange the hash of the keys */
 447         /* will us this hash to return it */
 448         if (!compat20) {
 449                 if ((ctx->major=gss_wrap(&ctx->minor,ctx->context,
 450                                          0,
 451                                          GSS_C_QOP_DEFAULT,
 452                                          buffer,
 453                                          NULL,
 454                                          hash)))
 455                     ssh_gssapi_error(ctx);
 456         }
 457         else
 458
 459         if ((ctx->major=gss_get_mic(&ctx->minor,ctx->context,
 460                                     GSS_C_QOP_DEFAULT, buffer, hash))) {
 461                 ssh_gssapi_error(ctx);
 462         }
 463
 464         return(ctx->major);
 465 }
 466
 467 OM_uint32
 468 ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid) {
 469         if (*ctx) ssh_gssapi_delete_ctx(ctx);
 470         ssh_gssapi_build_ctx(ctx);
 471         ssh_gssapi_set_oid(*ctx,oid);
 472         return(ssh_gssapi_acquire_cred(*ctx));
 473 }
 474
 475 int
 476 ssh_gssapi_check_mechanism(gss_OID oid, char *host) {
 477         Gssctxt * ctx = NULL;
 478         gss_buffer_desc token;
 479         OM_uint32 major,minor;
 480
 481         ssh_gssapi_build_ctx(&ctx);
 482         ssh_gssapi_set_oid(ctx,oid);
 483         ssh_gssapi_import_name(ctx,host);
 484         major=ssh_gssapi_init_ctx(ctx,0, GSS_C_NO_BUFFER, &token, NULL);
 485         gss_release_buffer(&minor,&token);
 486         ssh_gssapi_delete_ctx(&ctx);
 487         return(!GSS_ERROR(major));
 488 }
 489
 490 #endif /* GSSAPI */