X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/7cac2b656d969b64094f20b40ddcaca5ac1ca924..826a9049465ce20a8a4ce06ed284048d07c699c8:/openssh/sshconnect2.c diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 8da71b4..0485095 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $"); #include "openbsd-compat/sys-queue.h" @@ -43,7 +43,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $"); #include "authfd.h" #include "log.h" #include "readconf.h" -#include "readpass.h" +#include "misc.h" #include "match.h" #include "dispatch.h" #include "canohost.h" @@ -58,6 +58,12 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $"); extern char *client_version_string; extern char *server_version_string; extern Options options; +extern Kex *xxx_kex; + +/* tty_flag is set in ssh.c. use this in ssh_userauth2 */ +/* if it is set then prevent the switch to the null cipher */ + +extern int tty_flag; /* * SSH2 key exchange @@ -83,9 +89,11 @@ void ssh_kex2(char *host, struct sockaddr *hostaddr) { Kex *kex; + #ifdef GSSAPI - char *orig, *gss; + char *orig = NULL, *gss = NULL; int len; + char *gss_host = NULL; #endif xxx_host = host; @@ -93,19 +101,21 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) #ifdef GSSAPI if (options.gss_keyex) { - char *canonhost; /* Add the GSSAPI mechanisms currently supported on this client to * the key exchange algorithm proposal */ orig = myproposal[PROPOSAL_KEX_ALGS]; - canonhost = xstrdup(get_canonical_hostname(1)); - resolve_localhost(&canonhost); - gss = ssh_gssapi_client_mechanisms(canonhost); - xfree(canonhost); - canonhost=NULL; + if (options.gss_trust_dns) + gss_host = (char *)get_canonical_hostname(1); + else + gss_host = host; + + gss = ssh_gssapi_client_mechanisms(gss_host); if (gss) { - len = strlen(orig)+strlen(gss)+2; - myproposal[PROPOSAL_KEX_ALGS]=xmalloc(len); - snprintf(myproposal[PROPOSAL_KEX_ALGS],len,"%s,%s",gss,orig); + debug("Offering GSSAPI proposal: %s", gss); + len = strlen(orig) + strlen(gss) + 2; + myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len); + snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s", gss, + orig); } } #endif @@ -124,10 +134,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); if (options.compression) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; } else { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; } if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = @@ -138,13 +148,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) options.hostkeyalgorithms; #ifdef GSSAPI - /* If we've got GSSAPI algorithms, then we also support the - * 'null' hostkey, as a last resort */ + /* If we've got GSSAPI algorithms, then we also support the + * 'null' hostkey, as a last resort */ if (options.gss_keyex && gss) { - orig=myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; - len = strlen(orig)+sizeof(",null"); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]=xmalloc(len); - snprintf(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],len,"%s,null",orig); + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; + len = strlen(orig) + sizeof(",null"); + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xmalloc(len); + snprintf(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], len, + "%s,null", orig); } #endif @@ -154,15 +165,20 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* start key exchange */ kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; #ifdef GSSAPI kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; + kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client; #endif kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; + #ifdef GSSAPI - kex->options.gss_deleg_creds=options.gss_deleg_creds; + kex->gss_deleg_creds = options.gss_deleg_creds; + kex->gss_trust_dns = options.gss_trust_dns; + kex->gss_host = gss_host; #endif xxx_kex = kex; @@ -240,23 +256,17 @@ int userauth_kbdint(Authctxt *); int userauth_hostbased(Authctxt *); int userauth_kerberos(Authctxt *); -#ifdef GSSAPI -int userauth_gssapi(Authctxt *authctxt); -void input_gssapi_response(int type, u_int32_t, void *); -void input_gssapi_token(int type, u_int32_t, void *); -void input_gssapi_hash(int type, u_int32_t, void *); -void input_gssapi_error(int, u_int32_t, void *); -void input_gssapi_errtok(int, u_int32_t, void *); -#endif - #ifdef GSSAPI int userauth_external(Authctxt *authctxt); int userauth_gssapi(Authctxt *authctxt); +int userauth_gssapi_with_mic(Authctxt *authctxt); +int userauth_gssapi_without_mic(Authctxt *authctxt); void input_gssapi_response(int type, u_int32_t, void *); void input_gssapi_token(int type, u_int32_t, void *); void input_gssapi_hash(int type, u_int32_t, void *); void input_gssapi_error(int, u_int32_t, void *); void input_gssapi_errtok(int, u_int32_t, void *); +int userauth_gsskeyex(Authctxt *authctxt); #endif void userauth(Authctxt *, char *); @@ -272,10 +282,18 @@ static char *authmethods_get(void); Authmethod authmethods[] = { #ifdef GSSAPI + {"gssapi-keyex", + userauth_gsskeyex, + &options.gss_authentication, + NULL}, {"external-keyx", userauth_external, &options.gss_authentication, NULL}, + {"gssapi-with-mic", + userauth_gssapi, + &options.gss_authentication, + NULL}, {"gssapi", userauth_gssapi, &options.gss_authentication, @@ -362,7 +380,15 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); - + if ((options.none_switch == 1) && !tty_flag) /* no null on tty sessions */ + { + debug("Requesting none rekeying..."); + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; + kex_prop2buf(&xxx_kex->my,myproposal); + packet_request_rekeying(); + fprintf(stderr, "WARNING: ENABLED NULL CIPHER\n"); + } debug("Authentication succeeded (%s).", authctxt.method->name); } @@ -405,17 +431,19 @@ void input_userauth_error(int type, u_int32_t seq, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " - "type %d", type); + "type %d", type); } void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { char *msg, *lang; + debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); - logit("%s", msg); + if (options.log_level > SYSLOG_LEVEL_QUIET) + fprintf(stderr, "%s", msg); xfree(msg); xfree(lang); } @@ -426,10 +454,14 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) Authctxt *authctxt = ctxt; if (authctxt == NULL) fatal("input_userauth_success: no authentication context"); - if (authctxt->authlist) + if (authctxt->authlist) { xfree(authctxt->authlist); - if (authctxt->methoddata) + authctxt->authlist = NULL; + } + if (authctxt->methoddata) { xfree(authctxt->methoddata); + authctxt->methoddata = NULL; + } authctxt->success = 1; /* break out */ } @@ -501,7 +533,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); - TAILQ_FOREACH(id, &authctxt->keys, next) { + /* + * search keys in the reverse order, because last candidate has been + * moved to the end of the queue. this also avoids confusion by + * duplicate keys + */ + TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { if (key_equal(key, id->key)) { sent = sign_and_send_pubkey(authctxt, id); break; @@ -519,44 +556,53 @@ done: } #ifdef GSSAPI -int +int userauth_gssapi(Authctxt *authctxt) { Gssctxt *gssctxt = NULL; - static gss_OID_set supported = NULL; - static int mech = 0; + static gss_OID_set gss_supported = NULL; + static u_int mech = 0; OM_uint32 min; int ok = 0; + char *gss_host = NULL; if (!options.gss_authentication) { verbose("GSSAPI authentication disabled."); return 0; } + if (options.gss_trust_dns) + gss_host = (char *)get_canonical_hostname(1); + else + gss_host = (char *)authctxt->host; + /* Try one GSSAPI method at a time, rather than sending them all at * once. */ - if (supported == NULL) - gss_indicate_mechs(&min, &supported); + if (gss_supported == NULL) + gss_indicate_mechs(&min, &gss_supported); /* Check to see if the mechanism is usable before we offer it */ - while (mechcount && !ok) { + while (mech < gss_supported->count && !ok) { if (gssctxt) ssh_gssapi_delete_ctx(&gssctxt); ssh_gssapi_build_ctx(&gssctxt); - ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]); + ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]); /* My DER encoding requires length<128 */ - if (supported->elements[mech].length < 128 && + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gss_supported->elements[mech], + gss_host) && !GSS_ERROR(ssh_gssapi_import_name(gssctxt, - authctxt->host))) { + gss_host))) { ok = 1; /* Mechanism works */ } else { mech++; } } - if (!ok) return 0; + if (!ok) + return 0; authctxt->methoddata=(void *)gssctxt; @@ -567,17 +613,11 @@ userauth_gssapi(Authctxt *authctxt) packet_put_int(1); - /* Some servers encode the OID incorrectly (as we used to) */ - if (datafellows & SSH_BUG_GSSAPI_BER) { - packet_put_string(supported->elements[mech].elements, - supported->elements[mech].length); - } else { - packet_put_int((supported->elements[mech].length)+2); - packet_put_char(SSH_GSS_OIDTYPE); - packet_put_char(supported->elements[mech].length); - packet_put_raw(supported->elements[mech].elements, - supported->elements[mech].length); - } + packet_put_int((gss_supported->elements[mech].length) + 2); + packet_put_char(SSH_GSS_OIDTYPE); + packet_put_char(gss_supported->elements[mech].length); + packet_put_raw(gss_supported->elements[mech].elements, + gss_supported->elements[mech].length); packet_send(); @@ -591,15 +631,68 @@ userauth_gssapi(Authctxt *authctxt) return 1; } +static OM_uint32 +process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt = authctxt->methoddata; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; + gss_buffer_desc gssbuf; + OM_uint32 status, ms, flags; + Buffer b; + + status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + recv_tok, &send_tok, &flags); + + if (send_tok.length > 0) { + if (GSS_ERROR(status)) + packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); + else + packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); + + packet_put_string(send_tok.value, send_tok.length); + packet_send(); + gss_release_buffer(&ms, &send_tok); + } + + if (status == GSS_S_COMPLETE) { + /* send either complete or MIC, depending on mechanism */ + if (strcmp(authctxt->method->name,"gssapi")==0 || + (!(flags & GSS_C_INTEG_FLAG))) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + packet_send(); + } else { + ssh_gssapi_buildmic(&b, authctxt->server_user, + authctxt->service, "gssapi-with-mic"); + + gssbuf.value = buffer_ptr(&b); + gssbuf.length = buffer_len(&b); + + status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); + + if (!GSS_ERROR(status)) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); + packet_put_string(mic.value, mic.length); + + packet_send(); + } + + buffer_free(&b); + gss_release_buffer(&ms, &mic); + } + } + + return status; +} + void input_gssapi_response(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; Gssctxt *gssctxt; - OM_uint32 status, ms; - int oidlen; - char *oidv; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + unsigned int oidlen; + unsigned char *oidv; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); @@ -608,94 +701,55 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) /* Setup our OID */ oidv = packet_get_string(&oidlen); - if (datafellows & SSH_BUG_GSSAPI_BER) { - if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen)) - fatal("Server returned different OID than expected"); - } else { - if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) { - debug("Badly encoded mechanism OID received"); - userauth(authctxt, NULL); - xfree(oidv); - return; - } - if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2)) - fatal("Server returned different OID than expected"); + if (oidlen <= 2 || + oidv[0] != SSH_GSS_OIDTYPE || + oidv[1] != oidlen - 2) { + xfree(oidv); + debug("Badly encoded mechanism OID received"); + userauth(authctxt, NULL); + return; } + if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) + fatal("Server returned different OID than expected"); + packet_check_eom(); xfree(oidv); - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - GSS_C_NO_BUFFER, &send_tok, NULL); - if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } + if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); userauth(authctxt, NULL); return; } - - /* We must have data to send */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); } void input_gssapi_token(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 status, ms; + OM_uint32 status; u_int slen; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); - gssctxt = authctxt->methoddata; recv_tok.value = packet_get_string(&slen); recv_tok.length = slen; /* safe typecast */ packet_check_eom(); - status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - &recv_tok, &send_tok, NULL); + status = process_gssapi_token(ctxt, &recv_tok); xfree(recv_tok.value); if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } /* Start again with the next method in the list */ userauth(authctxt, NULL); return; } - - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } - - if (status == GSS_S_COMPLETE) { - /* If that succeeded, send a exchange complete message */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); - packet_send(); - } } void @@ -719,7 +773,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) /* Stick it into GSSAPI and see what it says */ status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - &recv_tok, &send_tok, NULL); + &recv_tok, &send_tok, NULL); xfree(recv_tok.value); gss_release_buffer(&ms, &send_tok); @@ -741,11 +795,20 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) packet_check_eom(); - debug("Server GSSAPI Error:\n%s\n", msg); + debug("Server GSSAPI Error:\n%s", msg); xfree(msg); xfree(lang); } +#ifdef GSI +extern +const gss_OID_desc * const gss_mech_globus_gssapi_openssl; +#define is_gsi_oid(oid) \ + (oid->length == gss_mech_globus_gssapi_openssl->length && \ + (memcmp(oid->elements, gss_mech_globus_gssapi_openssl->elements, \ + oid->length) == 0)) +#endif + int userauth_external(Authctxt *authctxt) { @@ -754,14 +817,22 @@ userauth_external(Authctxt *authctxt) if (attempt++ >= 1) return 0; + /* The client MUST NOT try this method if initial key exchange + was not performed using a GSSAPI-based key exchange + method. */ + if (gss_kex_context == NULL) { + debug2("gsskex not performed, skipping external-keyx"); + return 0; + } + debug2("userauth_external"); packet_start(SSH2_MSG_USERAUTH_REQUEST); #ifdef GSI - if(options.implicit && !(datafellows & SSH_BUG_GSS_EMPTYUSER)) { - packet_put_cstring(""); + if (options.implicit && is_gsi_oid(gss_kex_context->oid)) { + packet_put_cstring(""); } else { #endif - packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->server_user); #ifdef GSI } #endif @@ -771,6 +842,63 @@ userauth_external(Authctxt *authctxt) packet_write_wait(); return 1; } +int +userauth_gsskeyex(Authctxt *authctxt) +{ + Buffer b; + gss_buffer_desc gssbuf; + gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; + OM_uint32 ms; + + static int attempt = 0; + if (attempt++ >= 1) + return (0); + + if (gss_kex_context == NULL) { + debug("No valid Key exchange context"); + return (0); + } + +#ifdef GSI + if (options.implicit && is_gsi_oid(gss_kex_context->oid)) { + ssh_gssapi_buildmic(&b, "", authctxt->service, "gssapi-keyex"); + } else { +#endif + ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service, + "gssapi-keyex"); +#ifdef GSI + } +#endif + + gssbuf.value = buffer_ptr(&b); + gssbuf.length = buffer_len(&b); + + if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) { + buffer_free(&b); + return (0); + } + + packet_start(SSH2_MSG_USERAUTH_REQUEST); +#ifdef GSI + if (options.implicit && is_gsi_oid(gss_kex_context->oid)) { + packet_put_cstring(""); + } else { +#endif + packet_put_cstring(authctxt->server_user); +#ifdef GSI + } +#endif + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_string(mic.value, mic.length); + packet_send(); + + buffer_free(&b); + gss_release_buffer(&ms, &mic); + + return (1); +} + #endif /* GSSAPI */ int @@ -1101,7 +1229,7 @@ pubkey_prepare(Authctxt *authctxt) key = ssh_get_next_identity(ac, &comment, 2)) { found = 0; TAILQ_FOREACH(id, &files, next) { - /* agent keys from the config file are preferred */ + /* agent keys from the config file are preferred */ if (key_equal(key, id->key)) { key_free(key); xfree(comment); @@ -1112,7 +1240,7 @@ pubkey_prepare(Authctxt *authctxt) break; } } - if (!found) { + if (!found && !options.identities_only) { id = xmalloc(sizeof(*id)); memset(id, 0, sizeof(*id)); id->key = key; @@ -1165,6 +1293,7 @@ userauth_pubkey(Authctxt *authctxt) while ((id = TAILQ_FIRST(&authctxt->keys))) { if (id->tried++) return (0); + /* move key to the end of the queue */ TAILQ_REMOVE(&authctxt->keys, id, next); TAILQ_INSERT_TAIL(&authctxt->keys, id, next); /* @@ -1329,11 +1458,12 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, buffer_init(&b); buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ buffer_put_string(&b, data, datalen); - ssh_msg_send(to[1], version, &b); + if (ssh_msg_send(to[1], version, &b) == -1) + fatal("ssh_keysign: couldn't send request"); if (ssh_msg_recv(from[0], &b) < 0) { error("ssh_keysign: no reply"); - buffer_clear(&b); + buffer_free(&b); return -1; } close(from[0]); @@ -1345,11 +1475,11 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, if (buffer_get_char(&b) != version) { error("ssh_keysign: bad version"); - buffer_clear(&b); + buffer_free(&b); return -1; } *sigp = buffer_get_string(&b, lenp); - buffer_clear(&b); + buffer_free(&b); return 0; }