search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:heimdal A real fix for bug 6801
[heimdal.git] / appl / ftp / ftp / gssapi.c
blob4d1669d8e4ce31faf64481185764f4ebd2bf22e6
1 /*
2 * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef FTP_SERVER
35 #include "ftpd_locl.h"
36 #else
37 #include "ftp_locl.h"
38 #endif
39 #include <gssapi/gssapi.h>
40 #include <gssapi/gssapi_krb5.h>
41 #include <krb5_err.h>
42
43 RCSID("$Id$");
44
45 int ftp_do_gss_bindings = 0;
46 int ftp_do_gss_delegate = 1;
47
48 struct gss_data {
49 gss_ctx_id_t context_hdl;
50 char *client_name;
51 gss_cred_id_t delegated_cred_handle;
52 void *mech_data;
53 };
54
55 static int
56 gss_init(void *app_data)
57 {
58 struct gss_data *d = app_data;
59 d->context_hdl = GSS_C_NO_CONTEXT;
60 d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
61 #if defined(FTP_SERVER)
62 return 0;
63 #else
64 /* XXX Check the gss mechanism; with gss_indicate_mechs() ? */
65 #ifdef KRB5
66 return !use_kerberos;
67 #else
68 return 0;
69 #endif /* KRB5 */
70 #endif /* FTP_SERVER */
71 }
72
73 static int
74 gss_check_prot(void *app_data, int level)
75 {
76 if(level == prot_confidential)
77 return -1;
78 return 0;
79 }
80
81 static int
82 gss_decode(void *app_data, void *buf, int len, int level)
83 {
84 OM_uint32 maj_stat, min_stat;
85 gss_buffer_desc input, output;
86 gss_qop_t qop_state;
87 int conf_state;
88 struct gss_data *d = app_data;
89 size_t ret_len;
90
91 input.length = len;
92 input.value = buf;
93 maj_stat = gss_unwrap (&min_stat,
94 d->context_hdl,
95 &input,
96 &output,
97 &conf_state,
98 &qop_state);
99 if(GSS_ERROR(maj_stat))
100 return -1;
101 memmove(buf, output.value, output.length);
102 ret_len = output.length;
103 gss_release_buffer(&min_stat, &output);
104 return ret_len;
105 }
106
107 static int
108 gss_overhead(void *app_data, int level, int len)
109 {
110 return 100; /* dunno? */
111 }
112
113
114 static int
115 gss_encode(void *app_data, void *from, int length, int level, void **to)
116 {
117 OM_uint32 maj_stat, min_stat;
118 gss_buffer_desc input, output;
119 int conf_state;
120 struct gss_data *d = app_data;
121
122 input.length = length;
123 input.value = from;
124 maj_stat = gss_wrap (&min_stat,
125 d->context_hdl,
126 level == prot_private,
127 GSS_C_QOP_DEFAULT,
128 &input,
129 &conf_state,
130 &output);
131 *to = output.value;
132 return output.length;
133 }
134
135 static void
136 sockaddr_to_gss_address (struct sockaddr *sa,
137 OM_uint32 *addr_type,
138 gss_buffer_desc *gss_addr)
139 {
140 switch (sa->sa_family) {
141 #ifdef HAVE_IPV6
142 case AF_INET6 : {
143 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
144
145 gss_addr->length = 16;
146 gss_addr->value = &sin6->sin6_addr;
147 *addr_type = GSS_C_AF_INET6;
148 break;
149 }
150 #endif
151 case AF_INET : {
152 struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
153
154 gss_addr->length = 4;
155 gss_addr->value = &sin4->sin_addr;
156 *addr_type = GSS_C_AF_INET;
157 break;
158 }
159 default :
160 errx (1, "unknown address family %d", sa->sa_family);
161
162 }
163 }
164
165 /* end common stuff */
166
167 #ifdef FTP_SERVER
168
169 static int
170 gss_adat(void *app_data, void *buf, size_t len)
171 {
172 char *p = NULL;
173 gss_buffer_desc input_token, output_token;
174 OM_uint32 maj_stat, min_stat;
175 gss_name_t client_name;
176 struct gss_data *d = app_data;
177 gss_channel_bindings_t bindings;
178
179 if (ftp_do_gss_bindings) {
180 bindings = malloc(sizeof(*bindings));
181 if (bindings == NULL)
182 errx(1, "out of memory");
183
184 sockaddr_to_gss_address (his_addr,
185 &bindings->initiator_addrtype,
186 &bindings->initiator_address);
187 sockaddr_to_gss_address (ctrl_addr,
188 &bindings->acceptor_addrtype,
189 &bindings->acceptor_address);
190
191 bindings->application_data.length = 0;
192 bindings->application_data.value = NULL;
193 } else
194 bindings = GSS_C_NO_CHANNEL_BINDINGS;
195
196 input_token.value = buf;
197 input_token.length = len;
198
199 maj_stat = gss_accept_sec_context (&min_stat,
200 &d->context_hdl,
201 GSS_C_NO_CREDENTIAL,
202 &input_token,
203 bindings,
204 &client_name,
205 NULL,
206 &output_token,
207 NULL,
208 NULL,
209 &d->delegated_cred_handle);
210
211 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
212 free(bindings);
213
214 if(output_token.length) {
215 if(base64_encode(output_token.value, output_token.length, &p) < 0) {
216 reply(535, "Out of memory base64-encoding.");
217 return -1;
218 }
219 gss_release_buffer(&min_stat, &output_token);
220 }
221 if(maj_stat == GSS_S_COMPLETE){
222 char *name;
223 gss_buffer_desc export_name;
224 gss_OID oid;
225
226 maj_stat = gss_display_name(&min_stat, client_name,
227 &export_name, &oid);
228 if(maj_stat != 0) {
229 reply(500, "Error displaying name");
230 goto out;
231 }
232 /* XXX kerberos */
233 if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
234 reply(500, "OID not kerberos principal name");
235 gss_release_buffer(&min_stat, &export_name);
236 goto out;
237 }
238 name = malloc(export_name.length + 1);
239 if(name == NULL) {
240 reply(500, "Out of memory");
241 gss_release_buffer(&min_stat, &export_name);
242 goto out;
243 }
244 memcpy(name, export_name.value, export_name.length);
245 name[export_name.length] = '\0';
246 gss_release_buffer(&min_stat, &export_name);
247 d->client_name = name;
248 if(p)
249 reply(235, "ADAT=%s", p);
250 else
251 reply(235, "ADAT Complete");
252 sec_complete = 1;
253
254 } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
255 if(p)
256 reply(335, "ADAT=%s", p);
257 else
258 reply(335, "OK, need more data");
259 } else {
260 OM_uint32 new_stat;
261 OM_uint32 msg_ctx = 0;
262 gss_buffer_desc status_string;
263 gss_display_status(&new_stat,
264 min_stat,
265 GSS_C_MECH_CODE,
266 GSS_C_NO_OID,
267 &msg_ctx,
268 &status_string);
269 syslog(LOG_ERR, "gss_accept_sec_context: %.*s",
270 (int)status_string.length,
271 (char*)status_string.value);
272 gss_release_buffer(&new_stat, &status_string);
273 reply(431, "Security resource unavailable");
274 }
275 out:
276 if (client_name)
277 gss_release_name(&min_stat, &client_name);
278 free(p);
279 return 0;
280 }
281
282 int gss_userok(void*, char*);
283 int gss_session(void*, char*);
284
285 struct sec_server_mech gss_server_mech = {
286 "GSSAPI",
287 sizeof(struct gss_data),
288 gss_init, /* init */
289 NULL, /* end */
290 gss_check_prot,
291 gss_overhead,
292 gss_encode,
293 gss_decode,
294 /* */
295 NULL,
296 gss_adat,
297 NULL, /* pbsz */
298 NULL, /* ccc */
299 gss_userok,
300 gss_session
301 };
302
303 #else /* FTP_SERVER */
304
305 extern struct sockaddr *hisctladdr, *myctladdr;
306
307 static int
308 import_name(const char *kname, const char *host, gss_name_t *target_name)
309 {
310 OM_uint32 maj_stat, min_stat;
311 gss_buffer_desc name;
312 char *str;
313
314 name.length = asprintf(&str, "%s@%s", kname, host);
315 if (str == NULL) {
316 printf("Out of memory\n");
317 return AUTH_ERROR;
318 }
319 name.value = str;
320
321 maj_stat = gss_import_name(&min_stat,
322 &name,
323 GSS_C_NT_HOSTBASED_SERVICE,
324 target_name);
325 if (GSS_ERROR(maj_stat)) {
326 OM_uint32 new_stat;
327 OM_uint32 msg_ctx = 0;
328 gss_buffer_desc status_string;
329
330 gss_display_status(&new_stat,
331 min_stat,
332 GSS_C_MECH_CODE,
333 GSS_C_NO_OID,
334 &msg_ctx,
335 &status_string);
336 printf("Error importing name %.*s: %.*s\n",
337 (int)name.length,
338 (char *)name.value,
339 (int)status_string.length,
340 (char *)status_string.value);
341 free(name.value);
342 gss_release_buffer(&new_stat, &status_string);
343 return AUTH_ERROR;
344 }
345 free(name.value);
346 return 0;
347 }
348
349 static int
350 gss_auth(void *app_data, char *host)
351 {
352
353 OM_uint32 maj_stat, min_stat;
354 gss_name_t target_name;
355 gss_buffer_desc input, output_token;
356 int context_established = 0;
357 char *p;
358 int n;
359 gss_channel_bindings_t bindings;
360 struct gss_data *d = app_data;
361 OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
362
363 const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
364
365
366 if(import_name(*kname++, host, &target_name))
367 return AUTH_ERROR;
368
369 input.length = 0;
370 input.value = NULL;
371
372 if (ftp_do_gss_bindings) {
373 bindings = malloc(sizeof(*bindings));
374 if (bindings == NULL)
375 errx(1, "out of memory");
376
377 sockaddr_to_gss_address (myctladdr,
378 &bindings->initiator_addrtype,
379 &bindings->initiator_address);
380 sockaddr_to_gss_address (hisctladdr,
381 &bindings->acceptor_addrtype,
382 &bindings->acceptor_address);
383
384 bindings->application_data.length = 0;
385 bindings->application_data.value = NULL;
386 } else
387 bindings = GSS_C_NO_CHANNEL_BINDINGS;
388
389 if (ftp_do_gss_delegate)
390 mech_flags |= GSS_C_DELEG_FLAG;
391
392 while(!context_established) {
393 maj_stat = gss_init_sec_context(&min_stat,
394 GSS_C_NO_CREDENTIAL,
395 &d->context_hdl,
396 target_name,
397 GSS_C_NO_OID,
398 mech_flags,
399 0,
400 bindings,
401 &input,
402 NULL,
403 &output_token,
404 NULL,
405 NULL);
406 if (GSS_ERROR(maj_stat)) {
407 OM_uint32 new_stat;
408 OM_uint32 msg_ctx = 0;
409 gss_buffer_desc status_string;
410
411 d->context_hdl = GSS_C_NO_CONTEXT;
412
413 gss_release_name(&min_stat, &target_name);
414
415 if(*kname != NULL) {
416
417 if(import_name(*kname++, host, &target_name)) {
418 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
419 free(bindings);
420 return AUTH_ERROR;
421 }
422 continue;
423 }
424
425 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
426 free(bindings);
427
428 gss_display_status(&new_stat,
429 min_stat,
430 GSS_C_MECH_CODE,
431 GSS_C_NO_OID,
432 &msg_ctx,
433 &status_string);
434 printf("Error initializing security context: %.*s\n",
435 (int)status_string.length,
436 (char*)status_string.value);
437 gss_release_buffer(&new_stat, &status_string);
438 return AUTH_CONTINUE;
439 }
440
441 if (input.value) {
442 free(input.value);
443 input.value = NULL;
444 input.length = 0;
445 }
446 if (output_token.length != 0) {
447 base64_encode(output_token.value, output_token.length, &p);
448 gss_release_buffer(&min_stat, &output_token);
449 n = command("ADAT %s", p);
450 free(p);
451 }
452 if (GSS_ERROR(maj_stat)) {
453 if (d->context_hdl != GSS_C_NO_CONTEXT)
454 gss_delete_sec_context (&min_stat,
455 &d->context_hdl,
456 GSS_C_NO_BUFFER);
457 break;
458 }
459 if (maj_stat & GSS_S_CONTINUE_NEEDED) {
460 p = strstr(reply_string, "ADAT=");
461 if(p == NULL){
462 printf("Error: expected ADAT in reply. got: %s\n",
463 reply_string);
464 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
465 free(bindings);
466 return AUTH_ERROR;
467 } else {
468 p+=5;
469 input.value = malloc(strlen(p));
470 input.length = base64_decode(p, input.value);
471 }
472 } else {
473 if(code != 235) {
474 printf("Unrecognized response code: %d\n", code);
475 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
476 free(bindings);
477 return AUTH_ERROR;
478 }
479 context_established = 1;
480 }
481 }
482
483 gss_release_name(&min_stat, &target_name);
484
485 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
486 free(bindings);
487 if (input.value)
488 free(input.value);
489
490 {
491 gss_name_t targ_name;
492
493 maj_stat = gss_inquire_context(&min_stat,
494 d->context_hdl,
495 NULL,
496 &targ_name,
497 NULL,
498 NULL,
499 NULL,
500 NULL,
501 NULL);
502 if (GSS_ERROR(maj_stat) == 0) {
503 gss_buffer_desc name;
504 maj_stat = gss_display_name (&min_stat,
505 targ_name,
506 &name,
507 NULL);
508 if (GSS_ERROR(maj_stat) == 0) {
509 printf("Authenticated to <%.*s>\n",
510 (int)name.length,
511 (char *)name.value);
512 gss_release_buffer(&min_stat, &name);
513 }
514 gss_release_name(&min_stat, &targ_name);
515 } else
516 printf("Failed to get gss name of peer.\n");
517 }
518
519
520 return AUTH_OK;
521 }
522
523 struct sec_client_mech gss_client_mech = {
524 "GSSAPI",
525 sizeof(struct gss_data),
526 gss_init,
527 gss_auth,
528 NULL, /* end */
529 gss_check_prot,
530 gss_overhead,
531 gss_encode,
532 gss_decode,
533 };
534
535 #endif /* FTP_SERVER */
Heimdal