openssh/gss-genr.c

   1 /*
   2  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. *
   3  * Redistribution and use in source and binary forms, with or without
   4  * modification, are permitted provided that the following conditions
   5  * are met:
   6  * 1. Redistributions of source code must retain the above copyright
   7  *    notice, this list of conditions and the following disclaimer.
   8  * 2. Redistributions in binary form must reproduce the above copyright
   9  *    notice, this list of conditions and the following disclaimer in the
  10  *    documentation and/or other materials provided with the distribution.
  11  *
  12  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
  13  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  14  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  15  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  16  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  17  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  18  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  19  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  20  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  21  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  22  */
  23
  24 #include "includes.h"
  25
  26 #ifdef GSSAPI
  27
  28 #include "ssh.h"
  29 #include "ssh2.h"
  30 #include "xmalloc.h"
  31 #include "buffer.h"
  32 #include "bufaux.h"
  33 #include "packet.h"
  34 #include "compat.h"
  35 #include <openssl/evp.h>
  36 #include "cipher.h"
  37 #include "kex.h"
  38 #include "log.h"
  39 #include "compat.h"
  40 #include "monitor_wrap.h"
  41
  42 #include <netdb.h>
  43
  44 #include "ssh-gss.h"
  45
  46 typedef struct {
  47         char *encoded;
  48         gss_OID oid;
  49 } ssh_gss_kex_mapping;
  50
  51 static ssh_gss_kex_mapping *gss_enc2oid;
  52
  53 /* Return a list of the gss-group1-sha1-x mechanisms supported by this
  54  * program.
  55  *
  56  * On the client side, we don't need to worry about whether we 'know'
  57  * about the mechanism or not - we assume that any mechanism that we've been
  58  * linked against is suitable for inclusion.
  59  *
  60  * XXX - We might want to make this configurable in the future, so as to
  61  * XXX - allow the user control over which mechanisms to use.
  62  */
  63
  64 char *
  65 ssh_gssapi_client_mechanisms(char *host) {
  66         gss_OID_set     supported;
  67         OM_uint32       min_status;
  68         Buffer          buf;
  69         int             i = 0;
  70         char            *mechs;
  71         char            *encoded;
  72         int             enclen;
  73         char            digest[EVP_MAX_MD_SIZE];
  74         char            deroid[2];
  75         const EVP_MD    *evp_md = EVP_md5();
  76         EVP_MD_CTX      md;
  77         int             oidpos=0;
  78
  79         if (datafellows & SSH_OLD_GSSAPI) return NULL;
  80
  81         gss_indicate_mechs(&min_status,&supported);
  82         if (datafellows & SSH_BUG_GSSAPI_BER) {
  83                 gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
  84                                         *((supported->count*2)+1));
  85         } else {
  86                 gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
  87                                         *(supported->count+1));
  88         }
  89
  90         buffer_init(&buf);
  91
  92
  93         for (i=0;i<supported->count;i++) {
  94
  95                 gss_enc2oid[oidpos].encoded=NULL;
  96
  97                 if (supported->elements[i].length<128 &&
  98                     ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
  99
 100                         /* Earlier versions of this code interpreted the
 101                          * spec incorrectly with regard to OID encoding. They
 102                          * also mis-encoded the krb5 OID. The following
 103                          * _temporary_ code interfaces with these broken
 104                          * servers */
 105
 106                         if (datafellows & SSH_BUG_GSSAPI_BER) {
 107                                 char *bodge=NULL;
 108                                 gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
 109                                 gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
 110
 111                                 if (supported->elements[i].length==krb5oid.length &&
 112                                     memcmp(supported->elements[i].elements,
 113                                            krb5oid.elements, krb5oid.length)==0) {
 114                                         bodge="Se3H81ismmOC3OE+FwYCiQ==";
 115                                 }
 116
 117                                 if (supported->elements[i].length==gsioid.length &&
 118                                     memcmp(supported->elements[i].elements,
 119                                            gsioid.elements, gsioid.length)==0) {
 120                                         bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
 121                                 }
 122
 123                                 if (bodge) {
 124                                         if (oidpos!=0) {
 125                                                 buffer_put_char(&buf,',');
 126                                         }
 127
 128                                         buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
 129                                         buffer_append(&buf, bodge, strlen(bodge));
 130
 131                                         gss_enc2oid[oidpos].oid=&(supported->elements[i]);
 132                                         gss_enc2oid[oidpos].encoded=bodge;
 133
 134                                         oidpos++;
 135                                 }
 136                         }
 137
 138                         /* Add the required DER encoding octets and MD5 hash */
 139                         deroid[0]=0x06; /* Object Identifier */
 140                         deroid[1]=supported->elements[i].length;
 141
 142                         EVP_DigestInit(&md, evp_md);
 143                         EVP_DigestUpdate(&md,deroid,2);
 144                         EVP_DigestUpdate(&md,
 145                                          supported->elements[i].elements,
 146                                          supported->elements[i].length);
 147                         EVP_DigestFinal(&md, digest, NULL);
 148
 149                         /* Base64 encode it */
 150                         encoded=xmalloc(EVP_MD_size(evp_md)*2);
 151                         enclen=__b64_ntop(digest, EVP_MD_size(evp_md),
 152                                           encoded,EVP_MD_size(evp_md)*2);
 153                         if (oidpos!=0) {
 154                                 buffer_put_char(&buf,',');
 155                         }
 156                         buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
 157                         buffer_append(&buf, encoded, enclen);
 158
 159                         debug("Mechanism encoded as %s",encoded);
 160
 161                         gss_enc2oid[oidpos].oid=&(supported->elements[i]);
 162                         gss_enc2oid[oidpos].encoded=encoded;
 163                         oidpos++;
 164                 }
 165         }
 166         gss_enc2oid[oidpos].oid=NULL;
 167         gss_enc2oid[oidpos].encoded=NULL;
 168
 169         buffer_put_char(&buf,'\0');
 170
 171         mechs=xmalloc(buffer_len(&buf));
 172         buffer_get(&buf,mechs,buffer_len(&buf));
 173         buffer_free(&buf);
 174         if (strlen(mechs)==0)
 175                 return(NULL);
 176         else
 177                 return(mechs);
 178 }
 179
 180 gss_OID
 181 ssh_gssapi_client_id_kex(Gssctxt *ctx, char *name) {
 182         int i=0;
 183
 184         if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) !=0) {
 185                 return(NULL);
 186         }
 187
 188         name+=sizeof(KEX_GSS_SHA1)-1; /* Move to the start of the ID string */
 189
 190         while (gss_enc2oid[i].encoded!=NULL &&
 191                 strcmp(name,gss_enc2oid[i].encoded)!=0) {
 192                 i++;
 193         }
 194
 195         if (gss_enc2oid[i].oid!=NULL) {
 196                 ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);
 197         }
 198
 199         return gss_enc2oid[i].oid;
 200 }
 201
 202 /* Check that the OID in a data stream matches that in the context */
 203 int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) {
 204
 205   return (ctx!=NULL && ctx->oid != GSS_C_NO_OID &&
 206           ctx->oid->length == len &&
 207           memcmp(ctx->oid->elements,data,len)==0);
 208 }
 209
 210 /* Set the contexts OID from a data stream */
 211 void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) {
 212   if (ctx->oid != GSS_C_NO_OID) {
 213         xfree(ctx->oid->elements);
 214         xfree(ctx->oid);
 215   }
 216   ctx->oid=xmalloc(sizeof(gss_OID_desc));
 217   ctx->oid->length=len;
 218   ctx->oid->elements=xmalloc(len);
 219   memcpy(ctx->oid->elements,data,len);
 220 }
 221
 222 /* Set the contexts OID */
 223 void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) {
 224   ssh_gssapi_set_oid_data(ctx,oid->elements,oid->length);
 225 }
 226
 227 /* All this effort to report an error ... */
 228
 229 void
 230 ssh_gssapi_error(Gssctxt *ctxt) {
 231
 232         debug(ssh_gssapi_last_error(ctxt,NULL,NULL));
 233 }
 234
 235 char *
 236 ssh_gssapi_last_error(Gssctxt *ctxt,
 237                       OM_uint32 *major_status, OM_uint32 *minor_status) {
 238         OM_uint32 lmin;
 239         gss_buffer_desc msg;
 240         OM_uint32 ctx;
 241         Buffer b;
 242         char *ret;
 243
 244         buffer_init(&b);
 245
 246         if (major_status!=NULL) *major_status=ctxt->major;
 247         if (minor_status!=NULL) *minor_status=ctxt->minor;
 248
 249         ctx = 0;
 250         /* The GSSAPI error */
 251         do {
 252                 gss_display_status(&lmin, ctxt->major,
 253                                    GSS_C_GSS_CODE, GSS_C_NULL_OID,
 254                                    &ctx, &msg);
 255
 256                 buffer_append(&b,msg.value,msg.length);
 257                 buffer_put_char(&b,'\n');
 258
 259                 gss_release_buffer(&lmin, &msg);
 260         } while (ctx!=0);
 261
 262         /* The mechanism specific error */
 263         do {
 264                 gss_display_status(&lmin, ctxt->minor,
 265                                    GSS_C_MECH_CODE, GSS_C_NULL_OID,
 266                                    &ctx, &msg);
 267
 268                 buffer_append(&b,msg.value,msg.length);
 269                 buffer_put_char(&b,'\n');
 270
 271                 gss_release_buffer(&lmin, &msg);
 272         } while (ctx!=0);
 273
 274         buffer_put_char(&b,'\0');
 275         ret=xmalloc(buffer_len(&b));
 276         buffer_get(&b,ret,buffer_len(&b));
 277         buffer_free(&b);
 278         return(ret);
 279 }
 280
 281 /* Initialise our GSSAPI context. We use this opaque structure to contain all
 282  * of the data which both the client and server need to persist across
 283  * {accept,init}_sec_context calls, so that when we do it from the userauth
 284  * stuff life is a little easier
 285  */
 286 void
 287 ssh_gssapi_build_ctx(Gssctxt **ctx)
 288 {
 289         *ctx=xmalloc(sizeof (Gssctxt));
 290         (*ctx)->major=0;
 291         (*ctx)->minor=0;
 292         (*ctx)->context=GSS_C_NO_CONTEXT;
 293         (*ctx)->name=GSS_C_NO_NAME;
 294         (*ctx)->oid=GSS_C_NO_OID;
 295         (*ctx)->creds=GSS_C_NO_CREDENTIAL;
 296         (*ctx)->client=GSS_C_NO_NAME;
 297         (*ctx)->client_creds=GSS_C_NO_CREDENTIAL;
 298 }
 299
 300 /* Delete our context, providing it has been built correctly */
 301 void
 302 ssh_gssapi_delete_ctx(Gssctxt **ctx)
 303 {
 304         OM_uint32 ms;
 305
 306         /* Return if there's no context */
 307         if ((*ctx)==NULL)
 308                 return;
 309
 310         if ((*ctx)->context != GSS_C_NO_CONTEXT)
 311                 gss_delete_sec_context(&ms,&(*ctx)->context,GSS_C_NO_BUFFER);
 312         if ((*ctx)->name != GSS_C_NO_NAME)
 313                 gss_release_name(&ms,&(*ctx)->name);
 314         if ((*ctx)->oid != GSS_C_NO_OID) {
 315                 xfree((*ctx)->oid->elements);
 316                 xfree((*ctx)->oid);
 317                 (*ctx)->oid = GSS_C_NO_OID;
 318         }
 319         if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
 320                 gss_release_cred(&ms,&(*ctx)->creds);
 321         if ((*ctx)->client != GSS_C_NO_NAME)
 322                 gss_release_name(&ms,&(*ctx)->client);
 323         if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
 324                 gss_release_cred(&ms,&(*ctx)->client_creds);
 325
 326         xfree(*ctx);
 327         *ctx=NULL;
 328 }
 329
 330 /* Wrapper to init_sec_context
 331  * Requires that the context contains:
 332  *      oid
 333  *      server name (from ssh_gssapi_import_name)
 334  */
 335 OM_uint32
 336 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
 337                     gss_buffer_desc* send_tok, OM_uint32 *flags)
 338 {
 339         int deleg_flag = 0;
 340
 341         if (deleg_creds) {
 342                 deleg_flag=GSS_C_DELEG_FLAG;
 343                 debug("Delegating credentials");
 344         }
 345
 346         ctx->major=gss_init_sec_context(&ctx->minor,
 347                                         GSS_C_NO_CREDENTIAL, /* def. cred */
 348                                         &ctx->context,
 349                                         ctx->name,
 350                                         ctx->oid,
 351                                         GSS_C_MUTUAL_FLAG |
 352                                         GSS_C_INTEG_FLAG |
 353                                         deleg_flag,
 354                                         0, /* default lifetime */
 355                                         NULL, /* no channel bindings */
 356                                         recv_tok,
 357                                         NULL,
 358                                         send_tok,
 359                                         flags,
 360                                         NULL);
 361         if (GSS_ERROR(ctx->major)) {
 362                 ssh_gssapi_error(ctx);
 363         }
 364         return(ctx->major);
 365 }
 366
 367 /* Create a service name for the given host */
 368 OM_uint32
 369 ssh_gssapi_import_name(Gssctxt *ctx, const char *host) {
 370         gss_buffer_desc gssbuf;
 371
 372         gssbuf.length = sizeof("host@")+strlen(host);
 373
 374         gssbuf.value = xmalloc(gssbuf.length);
 375         if (gssbuf.value == NULL) {
 376                 return(-1);
 377         }
 378         snprintf(gssbuf.value,gssbuf.length,"host@%s",host);
 379         if ((ctx->major=gss_import_name(&ctx->minor,
 380                                         &gssbuf,
 381                                         GSS_C_NT_HOSTBASED_SERVICE,
 382                                         &ctx->name))) {
 383                 ssh_gssapi_error(ctx);
 384         }
 385
 386         xfree(gssbuf.value);
 387         return(ctx->major);
 388 }
 389
 390 /* Acquire credentials for a server running on the current host.
 391  * Requires that the context structure contains a valid OID
 392  */
 393
 394 /* Returns a GSSAPI error code */
 395 OM_uint32
 396 ssh_gssapi_acquire_cred(Gssctxt *ctx) {
 397         OM_uint32 status;
 398         char lname[MAXHOSTNAMELEN];
 399         gss_OID_set oidset;
 400
 401         gss_create_empty_oid_set(&status,&oidset);
 402         gss_add_oid_set_member(&status,ctx->oid,&oidset);
 403
 404         if (gethostname(lname, MAXHOSTNAMELEN)) {
 405                 return(-1);
 406         }
 407
 408         if (GSS_ERROR(ssh_gssapi_import_name(ctx,lname))) {
 409                 return(ctx->major);
 410         }
 411
 412         if ((ctx->major=gss_acquire_cred(&ctx->minor,
 413                                     ctx->name,
 414                                     0,
 415                                     oidset,
 416                                     GSS_C_ACCEPT,
 417                                     &ctx->creds,
 418                                     NULL,
 419                                     NULL))) {
 420                 ssh_gssapi_error(ctx);
 421         }
 422
 423         gss_release_oid_set(&status, &oidset);
 424         return(ctx->major);
 425 }
 426
 427 OM_uint32
 428 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, gss_buffer_desc *hash) {
 429
 430         if ((ctx->major=gss_get_mic(&ctx->minor,ctx->context,
 431                                     GSS_C_QOP_DEFAULT, buffer, hash))) {
 432                 ssh_gssapi_error(ctx);
 433         }
 434
 435         return(ctx->major);
 436 }
 437
 438 OM_uint32
 439 ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid) {
 440         if (*ctx) ssh_gssapi_delete_ctx(ctx);
 441         ssh_gssapi_build_ctx(ctx);
 442         ssh_gssapi_set_oid(*ctx,oid);
 443         return(ssh_gssapi_acquire_cred(*ctx));
 444 }
 445
 446 int
 447 ssh_gssapi_check_mechanism(gss_OID oid, char *host) {
 448         Gssctxt * ctx = NULL;
 449         gss_buffer_desc token;
 450         OM_uint32 major,minor;
 451
 452         ssh_gssapi_build_ctx(&ctx);
 453         ssh_gssapi_set_oid(ctx,oid);
 454         ssh_gssapi_import_name(ctx,host);
 455         major=ssh_gssapi_init_ctx(ctx,0, GSS_C_NO_BUFFER, &token, NULL);
 456         gss_release_buffer(&minor,&token);
 457         ssh_gssapi_delete_ctx(&ctx);
 458         return(!GSS_ERROR(major));
 459 }
 460
 461 #endif /* GSSAPI */