auth2-gss.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include "includes.h"
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef GSSAPI
#include "auth.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "log.h"
#include "dispatch.h"
#include "servconf.h"
#include "compat.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "monitor_wrap.h"
#include "ssh-gss.h"
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
extern Gssctxt *xxx_gssctxt;
static void
{
fatal("No authentication context during gssapi-keyex userauth");
/* fatal()? or return? */
debug("No GSS-API context during gssapi-keyex userauth");
return;
}
/* Make data buffer to verify MIC with */
if (maj_status != GSS_S_COMPLETE)
debug2("MIC verification failed, GSSAPI userauth failed");
else
/* Leave Gssctxt around for ssh_gssapi_cleanup/storecreds() */
return;
}
static void input_gssapi_errtok(int, u_int32_t, void *);
static void
{
xxx_gssctxt = NULL;
}
static void
{
int mechs;
int present = 0;
if (datafellows & SSH_OLD_GSSAPI) {
debug("Early drafts of GSSAPI userauth not supported");
return;
}
if (mechs==0) {
debug("Mechanism negotiation is not supported");
return;
}
do {
mechs--;
if (oid != GSS_C_NULL_OID)
/* ick */
log("Mechanism OID received using the old encoding form");
} else {
}
debug("Client offered gssapi userauth with %s (%s)",
if (!present) {
/* userauth_finish() will send SSH2_MSG_USERAUTH_FAILURE */
debug2("No mechanism offered by the client is available");
return;
}
/* Send SSH_MSG_USERAUTH_GSSAPI_RESPONSE */
/* Just return whatever we found -- the matched mech does us no good */
packet_send();
/* Setup rest of gssapi userauth conversation */
return;
}
static void
{
fatal("No authentication or GSSAPI context during gssapi-with-mic userauth");
&send_tok));
if (GSS_ERROR(maj_status)) {
packet_send();
}
} else {
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
}
}
}
static void
{
fatal("No authentication or GSSAPI context during gssapi-with-mic userauth");
/* Push the error token into GSSAPI to see what it says */
debug("Client sent GSS-API error token during GSS userauth-- %s",
/* We can't return anything to the client, even if we wanted to */
/*
* The client will have already moved on to the next auth and
* will send a new userauth request. The spec says that the
* server MUST NOT send a SSH_MSG_USERAUTH_FAILURE packet in
* response to this.
*
* We leave authctxt->method->postponed == 1 here so that a call
* to input_userauth_request() will detect this failure (as
* userauth abandonment) and act accordingly.
*/
}
static void
{
debug3("No authentication or GSSAPI context during gssapi-with-mic userauth");
return;
}
/* Make data buffer to verify MIC with */
if (maj_status != GSS_S_COMPLETE)
debug2("MIC verification failed, GSSAPI userauth failed");
else
/* Delete context from keyex */
if (xxx_gssctxt != gssctxt)
/* Leave Gssctxt around for ssh_gssapi_cleanup/storecreds() */
}
/* This is called when the client thinks we've completed authentication.
* It should only be enabled in the dispatch handler by the function above,
* which only enables it once the GSSAPI exchange is complete.
*/
static void
{
fatal("No authentication or GSSAPI context");
/*
* SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE -> gssapi userauth
* failure, the client should use SSH2_MSG_USERAUTH_GSSAPI_MIC
* instead.
*
* There's two reasons for this:
*
* 1) we don't have GSS mechs that don't support integrity
* protection, and even if we did we'd not want to use them with
* SSHv2, and,
*
* 2) we currently have no way to dynamically detect whether a
* given mechanism does or does not support integrity
* protection, so when a context's flags do not indicate
* integrity protection we can't know if the client simply
* didn't request it, so we assume it didn't and reject the
* userauth.
*
* We could fail partially (i.e., force the use of other
* userauth methods without counting this one as failed). But
* this will do for now.
*/
#if 0
#endif
if (xxx_gssctxt != gssctxt)
}
char *errstr;
if (errstr) {
packet_put_cstring("");
packet_send();
}
}
/*
* Code common to gssapi-keyex and gssapi-with-mic userauth.
*
* Does authorization, figures out how to store delegated creds.
*/
static
void
{
char *local_user = NULL;
/*
* If the client princ did not map to the requested
* username then we don't want to clobber existing creds
* for the user with the delegated creds.
*/
if (local_user == NULL ||
/* Requested username == ""; derive username from princ name */
return;
/* Changed username (from implicit, '') */
}
if (local_user != NULL)
}
#if 0
/* Deprecated userauths -- should not be enabled */
"external-keyx",
NULL, /* no abandon function */
NULL,
NULL,
/* State counters */
0, 0, 0, 0,
/* State flags */
0, 0, 0, 0, 0, 0
};
"gssapi",
NULL,
NULL,
/* State counters */
0, 0, 0, 0,
/* State flags */
0, 0, 0, 0, 0, 0
};
#endif
"gssapi-keyex",
NULL, /* no abandon function */
NULL,
NULL,
/* State counters */
0, 0, 0, 0,
/* State flags */
0, 0, 0, 0, 0, 0
};
"gssapi-with-mic",
NULL,
NULL,
/* State counters */
0, 0, 0, 0,
/* State flags */
0, 0, 0, 0, 0, 0
};
#endif /* GSSAPI */