crypto/openssh/gss-genr.c

   1 /* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */
   2
   3 /*
   4  * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in the
  13  *    documentation and/or other materials provided with the distribution.
  14  *
  15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
  16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  25  */
  26
  27 #include "includes.h"
  28
  29 #ifdef GSSAPI
  30
  31 #include <sys/types.h>
  32
  33 #include <limits.h>
  34 #include <stdarg.h>
  35 #include <string.h>
  36 #include <signal.h>
  37 #include <unistd.h>
  38
  39 #include "xmalloc.h"
  40 #include "buffer.h"
  41 #include "log.h"
  42 #include "ssh2.h"
  43
  44 #include "ssh-gss.h"
  45
  46 extern u_char *session_id2;
  47 extern u_int session_id2_len;
  48
  49 /* Check that the OID in a data stream matches that in the context */
  50 int
  51 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
  52 {
  53         return (ctx != NULL && ctx->oid != GSS_C_NO_OID &&
  54             ctx->oid->length == len &&
  55             memcmp(ctx->oid->elements, data, len) == 0);
  56 }
  57
  58 /* Set the contexts OID from a data stream */
  59 void
  60 ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
  61 {
  62         if (ctx->oid != GSS_C_NO_OID) {
  63                 free(ctx->oid->elements);
  64                 free(ctx->oid);
  65         }
  66         ctx->oid = xcalloc(1, sizeof(gss_OID_desc));
  67         ctx->oid->length = len;
  68         ctx->oid->elements = xmalloc(len);
  69         memcpy(ctx->oid->elements, data, len);
  70 }
  71
  72 /* Set the contexts OID */
  73 void
  74 ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
  75 {
  76         ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length);
  77 }
  78
  79 /* All this effort to report an error ... */
  80 void
  81 ssh_gssapi_error(Gssctxt *ctxt)
  82 {
  83         char *s;
  84
  85         s = ssh_gssapi_last_error(ctxt, NULL, NULL);
  86         debug("%s", s);
  87         free(s);
  88 }
  89
  90 char *
  91 ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
  92     OM_uint32 *minor_status)
  93 {
  94         OM_uint32 lmin;
  95         gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
  96         OM_uint32 ctx;
  97         Buffer b;
  98         char *ret;
  99
 100         buffer_init(&b);
 101
 102         if (major_status != NULL)
 103                 *major_status = ctxt->major;
 104         if (minor_status != NULL)
 105                 *minor_status = ctxt->minor;
 106
 107         ctx = 0;
 108         /* The GSSAPI error */
 109         do {
 110                 gss_display_status(&lmin, ctxt->major,
 111                     GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
 112
 113                 buffer_append(&b, msg.value, msg.length);
 114                 buffer_put_char(&b, '\n');
 115
 116                 gss_release_buffer(&lmin, &msg);
 117         } while (ctx != 0);
 118
 119         /* The mechanism specific error */
 120         do {
 121                 gss_display_status(&lmin, ctxt->minor,
 122                     GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
 123
 124                 buffer_append(&b, msg.value, msg.length);
 125                 buffer_put_char(&b, '\n');
 126
 127                 gss_release_buffer(&lmin, &msg);
 128         } while (ctx != 0);
 129
 130         buffer_put_char(&b, '\0');
 131         ret = xmalloc(buffer_len(&b));
 132         buffer_get(&b, ret, buffer_len(&b));
 133         buffer_free(&b);
 134         return (ret);
 135 }
 136
 137 /*
 138  * Initialise our GSSAPI context. We use this opaque structure to contain all
 139  * of the data which both the client and server need to persist across
 140  * {accept,init}_sec_context calls, so that when we do it from the userauth
 141  * stuff life is a little easier
 142  */
 143 void
 144 ssh_gssapi_build_ctx(Gssctxt **ctx)
 145 {
 146         *ctx = xcalloc(1, sizeof (Gssctxt));
 147         (*ctx)->context = GSS_C_NO_CONTEXT;
 148         (*ctx)->name = GSS_C_NO_NAME;
 149         (*ctx)->oid = GSS_C_NO_OID;
 150         (*ctx)->creds = GSS_C_NO_CREDENTIAL;
 151         (*ctx)->client = GSS_C_NO_NAME;
 152         (*ctx)->client_creds = GSS_C_NO_CREDENTIAL;
 153 }
 154
 155 /* Delete our context, providing it has been built correctly */
 156 void
 157 ssh_gssapi_delete_ctx(Gssctxt **ctx)
 158 {
 159         OM_uint32 ms;
 160
 161         if ((*ctx) == NULL)
 162                 return;
 163         if ((*ctx)->context != GSS_C_NO_CONTEXT)
 164                 gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER);
 165         if ((*ctx)->name != GSS_C_NO_NAME)
 166                 gss_release_name(&ms, &(*ctx)->name);
 167         if ((*ctx)->oid != GSS_C_NO_OID) {
 168                 free((*ctx)->oid->elements);
 169                 free((*ctx)->oid);
 170                 (*ctx)->oid = GSS_C_NO_OID;
 171         }
 172         if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
 173                 gss_release_cred(&ms, &(*ctx)->creds);
 174         if ((*ctx)->client != GSS_C_NO_NAME)
 175                 gss_release_name(&ms, &(*ctx)->client);
 176         if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
 177                 gss_release_cred(&ms, &(*ctx)->client_creds);
 178
 179         free(*ctx);
 180         *ctx = NULL;
 181 }
 182
 183 /*
 184  * Wrapper to init_sec_context
 185  * Requires that the context contains:
 186  *      oid
 187  *      server name (from ssh_gssapi_import_name)
 188  */
 189 OM_uint32
 190 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
 191     gss_buffer_desc* send_tok, OM_uint32 *flags)
 192 {
 193         int deleg_flag = 0;
 194
 195         if (deleg_creds) {
 196                 deleg_flag = GSS_C_DELEG_FLAG;
 197                 debug("Delegating credentials");
 198         }
 199
 200         ctx->major = gss_init_sec_context(&ctx->minor,
 201             GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
 202             GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
 203             0, NULL, recv_tok, NULL, send_tok, flags, NULL);
 204
 205         if (GSS_ERROR(ctx->major))
 206                 ssh_gssapi_error(ctx);
 207
 208         return (ctx->major);
 209 }
 210
 211 /* Create a service name for the given host */
 212 OM_uint32
 213 ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
 214 {
 215         gss_buffer_desc gssbuf;
 216         char *val;
 217
 218         xasprintf(&val, "host@%s", host);
 219         gssbuf.value = val;
 220         gssbuf.length = strlen(gssbuf.value);
 221
 222         if ((ctx->major = gss_import_name(&ctx->minor,
 223             &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
 224                 ssh_gssapi_error(ctx);
 225
 226         free(gssbuf.value);
 227         return (ctx->major);
 228 }
 229
 230 OM_uint32
 231 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
 232 {
 233         if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
 234             GSS_C_QOP_DEFAULT, buffer, hash)))
 235                 ssh_gssapi_error(ctx);
 236
 237         return (ctx->major);
 238 }
 239
 240 void
 241 ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
 242     const char *context)
 243 {
 244         buffer_init(b);
 245         buffer_put_string(b, session_id2, session_id2_len);
 246         buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST);
 247         buffer_put_cstring(b, user);
 248         buffer_put_cstring(b, service);
 249         buffer_put_cstring(b, context);
 250 }
 251
 252 int
 253 ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
 254 {
 255         gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
 256         OM_uint32 major, minor;
 257         gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
 258
 259         /* RFC 4462 says we MUST NOT do SPNEGO */
 260         if (oid->length == spnego_oid.length &&
 261             (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))
 262                 return 0; /* false */
 263
 264         ssh_gssapi_build_ctx(ctx);
 265         ssh_gssapi_set_oid(*ctx, oid);
 266         major = ssh_gssapi_import_name(*ctx, host);
 267         if (!GSS_ERROR(major)) {
 268                 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
 269                     NULL);
 270                 gss_release_buffer(&minor, &token);
 271                 if ((*ctx)->context != GSS_C_NO_CONTEXT)
 272                         gss_delete_sec_context(&minor, &(*ctx)->context,
 273                             GSS_C_NO_BUFFER);
 274         }
 275
 276         if (GSS_ERROR(major))
 277                 ssh_gssapi_delete_ctx(ctx);
 278
 279         return (!GSS_ERROR(major));
 280 }
 281
 282 #endif /* GSSAPI */