1/* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include "includes.h" 28 29#ifdef GSSAPI 30 31#include <sys/types.h> 32 33#include <limits.h> 34#include <stdarg.h> 35#include <string.h> 36#include <signal.h> 37#include <unistd.h> 38 39#include "xmalloc.h" 40#include "buffer.h" 41#include "log.h" 42#include "ssh2.h" 43 44#include "ssh-gss.h" 45 46extern u_char *session_id2; 47extern u_int session_id2_len; 48 49/* Check that the OID in a data stream matches that in the context */ 50int 51ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) 52{ 53 return (ctx != NULL && ctx->oid != GSS_C_NO_OID && 54 ctx->oid->length == len && 55 memcmp(ctx->oid->elements, data, len) == 0); 56} 57 58/* Set the contexts OID from a data stream */ 59void 60ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) 61{ 62 if (ctx->oid != GSS_C_NO_OID) { 63 free(ctx->oid->elements); 64 free(ctx->oid); 65 } 66 ctx->oid = xcalloc(1, sizeof(gss_OID_desc)); 67 ctx->oid->length = len; 68 ctx->oid->elements = xmalloc(len); 69 memcpy(ctx->oid->elements, data, len); 70} 71 72/* Set the contexts OID */ 73void 74ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) 75{ 76 ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length); 77} 78 79/* All this effort to report an error ... */ 80void 81ssh_gssapi_error(Gssctxt *ctxt) 82{ 83 char *s; 84 85 s = ssh_gssapi_last_error(ctxt, NULL, NULL); 86 debug("%s", s); 87 free(s); 88} 89 90char * 91ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, 92 OM_uint32 *minor_status) 93{ 94 OM_uint32 lmin; 95 gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; 96 OM_uint32 ctx; 97 Buffer b; 98 char *ret; 99 100 buffer_init(&b); 101 102 if (major_status != NULL) 103 *major_status = ctxt->major; 104 if (minor_status != NULL) 105 *minor_status = ctxt->minor; 106 107 ctx = 0; 108 /* The GSSAPI error */ 109 do { 110 gss_display_status(&lmin, ctxt->major, 111 GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg); 112 113 buffer_append(&b, msg.value, msg.length); 114 buffer_put_char(&b, '\n'); 115 116 gss_release_buffer(&lmin, &msg); 117 } while (ctx != 0); 118 119 /* The mechanism specific error */ 120 do { 121 gss_display_status(&lmin, ctxt->minor, 122 GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg); 123 124 buffer_append(&b, msg.value, msg.length); 125 buffer_put_char(&b, '\n'); 126 127 gss_release_buffer(&lmin, &msg); 128 } while (ctx != 0); 129 130 buffer_put_char(&b, '\0'); 131 ret = xmalloc(buffer_len(&b)); 132 buffer_get(&b, ret, buffer_len(&b)); 133 buffer_free(&b); 134 return (ret); 135} 136 137/* 138 * Initialise our GSSAPI context. We use this opaque structure to contain all 139 * of the data which both the client and server need to persist across 140 * {accept,init}_sec_context calls, so that when we do it from the userauth 141 * stuff life is a little easier 142 */ 143void 144ssh_gssapi_build_ctx(Gssctxt **ctx) 145{ 146 *ctx = xcalloc(1, sizeof (Gssctxt)); 147 (*ctx)->context = GSS_C_NO_CONTEXT; 148 (*ctx)->name = GSS_C_NO_NAME; 149 (*ctx)->oid = GSS_C_NO_OID; 150 (*ctx)->creds = GSS_C_NO_CREDENTIAL; 151 (*ctx)->client = GSS_C_NO_NAME; 152 (*ctx)->client_creds = GSS_C_NO_CREDENTIAL; 153} 154 155/* Delete our context, providing it has been built correctly */ 156void 157ssh_gssapi_delete_ctx(Gssctxt **ctx) 158{ 159 OM_uint32 ms; 160 161 if ((*ctx) == NULL) 162 return; 163 if ((*ctx)->context != GSS_C_NO_CONTEXT) 164 gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER); 165 if ((*ctx)->name != GSS_C_NO_NAME) 166 gss_release_name(&ms, &(*ctx)->name); 167 if ((*ctx)->oid != GSS_C_NO_OID) { 168 free((*ctx)->oid->elements); 169 free((*ctx)->oid); 170 (*ctx)->oid = GSS_C_NO_OID; 171 } 172 if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) 173 gss_release_cred(&ms, &(*ctx)->creds); 174 if ((*ctx)->client != GSS_C_NO_NAME) 175 gss_release_name(&ms, &(*ctx)->client); 176 if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) 177 gss_release_cred(&ms, &(*ctx)->client_creds); 178 179 free(*ctx); 180 *ctx = NULL; 181} 182 183/* 184 * Wrapper to init_sec_context 185 * Requires that the context contains: 186 * oid 187 * server name (from ssh_gssapi_import_name) 188 */ 189OM_uint32 190ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, 191 gss_buffer_desc* send_tok, OM_uint32 *flags) 192{ 193 int deleg_flag = 0; 194 195 if (deleg_creds) { 196 deleg_flag = GSS_C_DELEG_FLAG; 197 debug("Delegating credentials"); 198 } 199 200 ctx->major = gss_init_sec_context(&ctx->minor, 201 GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, 202 GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 203 0, NULL, recv_tok, NULL, send_tok, flags, NULL); 204 205 if (GSS_ERROR(ctx->major)) 206 ssh_gssapi_error(ctx); 207 208 return (ctx->major); 209} 210 211/* Create a service name for the given host */ 212OM_uint32 213ssh_gssapi_import_name(Gssctxt *ctx, const char *host) 214{ 215 gss_buffer_desc gssbuf; 216 char *val; 217 218 xasprintf(&val, "host@%s", host); 219 gssbuf.value = val; 220 gssbuf.length = strlen(gssbuf.value); 221 222 if ((ctx->major = gss_import_name(&ctx->minor, 223 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 224 ssh_gssapi_error(ctx); 225 226 free(gssbuf.value); 227 return (ctx->major); 228} 229 230OM_uint32 231ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 232{ 233 if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, 234 GSS_C_QOP_DEFAULT, buffer, hash))) 235 ssh_gssapi_error(ctx); 236 237 return (ctx->major); 238} 239 240void 241ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, 242 const char *context) 243{ 244 buffer_init(b); 245 buffer_put_string(b, session_id2, session_id2_len); 246 buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST); 247 buffer_put_cstring(b, user); 248 buffer_put_cstring(b, service); 249 buffer_put_cstring(b, context); 250} 251 252int 253ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 254{ 255 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 256 OM_uint32 major, minor; 257 gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; 258 259 /* RFC 4462 says we MUST NOT do SPNEGO */ 260 if (oid->length == spnego_oid.length && 261 (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) 262 return 0; /* false */ 263 264 ssh_gssapi_build_ctx(ctx); 265 ssh_gssapi_set_oid(*ctx, oid); 266 major = ssh_gssapi_import_name(*ctx, host); 267 if (!GSS_ERROR(major)) { 268 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 269 NULL); 270 gss_release_buffer(&minor, &token); 271 if ((*ctx)->context != GSS_C_NO_CONTEXT) 272 gss_delete_sec_context(&minor, &(*ctx)->context, 273 GSS_C_NO_BUFFER); 274 } 275 276 if (GSS_ERROR(major)) 277 ssh_gssapi_delete_ctx(ctx); 278 279 return (!GSS_ERROR(major)); 280} 281 282#endif /* GSSAPI */ 283