1 /* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */ 2 3 /* 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 29 #ifdef GSSAPI 30 31 #include <sys/types.h> 32 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <string.h> 36 #include <signal.h> 37 #include <stdlib.h> 38 #include <unistd.h> 39 40 #include "xmalloc.h" 41 #include "ssherr.h" 42 #include "sshbuf.h" 43 #include "log.h" 44 #include "ssh2.h" 45 46 #include "ssh-gss.h" 47 48 /* sshbuf_get for gss_buffer_desc */ 49 int 50 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) 51 { 52 int r; 53 u_char *p; 54 size_t len; 55 56 if ((r = sshbuf_get_string(b, &p, &len)) != 0) 57 return r; 58 g->value = p; 59 g->length = len; 60 return 0; 61 } 62 63 /* Check that the OID in a data stream matches that in the context */ 64 int 65 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) 66 { 67 return (ctx != NULL && ctx->oid != GSS_C_NO_OID && 68 ctx->oid->length == len && 69 memcmp(ctx->oid->elements, data, len) == 0); 70 } 71 72 /* Set the contexts OID from a data stream */ 73 void 74 ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) 75 { 76 if (ctx->oid != GSS_C_NO_OID) { 77 free(ctx->oid->elements); 78 free(ctx->oid); 79 } 80 ctx->oid = xcalloc(1, sizeof(gss_OID_desc)); 81 ctx->oid->length = len; 82 ctx->oid->elements = xmalloc(len); 83 memcpy(ctx->oid->elements, data, len); 84 } 85 86 /* Set the contexts OID */ 87 void 88 ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) 89 { 90 ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length); 91 } 92 93 /* All this effort to report an error ... */ 94 void 95 ssh_gssapi_error(Gssctxt *ctxt) 96 { 97 char *s; 98 99 s = ssh_gssapi_last_error(ctxt, NULL, NULL); 100 debug("%s", s); 101 free(s); 102 } 103 104 char * 105 ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, 106 OM_uint32 *minor_status) 107 { 108 OM_uint32 lmin; 109 gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; 110 OM_uint32 ctx; 111 struct sshbuf *b; 112 char *ret; 113 int r; 114 115 if ((b = sshbuf_new()) == NULL) 116 fatal_f("sshbuf_new failed"); 117 118 if (major_status != NULL) 119 *major_status = ctxt->major; 120 if (minor_status != NULL) 121 *minor_status = ctxt->minor; 122 123 ctx = 0; 124 /* The GSSAPI error */ 125 do { 126 gss_display_status(&lmin, ctxt->major, 127 GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg); 128 129 if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || 130 (r = sshbuf_put_u8(b, '\n')) != 0) 131 fatal_fr(r, "assemble GSS_CODE"); 132 133 gss_release_buffer(&lmin, &msg); 134 } while (ctx != 0); 135 136 /* The mechanism specific error */ 137 do { 138 gss_display_status(&lmin, ctxt->minor, 139 GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg); 140 141 if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || 142 (r = sshbuf_put_u8(b, '\n')) != 0) 143 fatal_fr(r, "assemble MECH_CODE"); 144 145 gss_release_buffer(&lmin, &msg); 146 } while (ctx != 0); 147 148 if ((r = sshbuf_put_u8(b, '\n')) != 0) 149 fatal_fr(r, "assemble newline"); 150 ret = xstrdup((const char *)sshbuf_ptr(b)); 151 sshbuf_free(b); 152 return (ret); 153 } 154 155 /* 156 * Initialise our GSSAPI context. We use this opaque structure to contain all 157 * of the data which both the client and server need to persist across 158 * {accept,init}_sec_context calls, so that when we do it from the userauth 159 * stuff life is a little easier 160 */ 161 void 162 ssh_gssapi_build_ctx(Gssctxt **ctx) 163 { 164 *ctx = xcalloc(1, sizeof (Gssctxt)); 165 (*ctx)->context = GSS_C_NO_CONTEXT; 166 (*ctx)->name = GSS_C_NO_NAME; 167 (*ctx)->oid = GSS_C_NO_OID; 168 (*ctx)->creds = GSS_C_NO_CREDENTIAL; 169 (*ctx)->client = GSS_C_NO_NAME; 170 (*ctx)->client_creds = GSS_C_NO_CREDENTIAL; 171 } 172 173 /* Delete our context, providing it has been built correctly */ 174 void 175 ssh_gssapi_delete_ctx(Gssctxt **ctx) 176 { 177 OM_uint32 ms; 178 179 if ((*ctx) == NULL) 180 return; 181 if ((*ctx)->context != GSS_C_NO_CONTEXT) 182 gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER); 183 if ((*ctx)->name != GSS_C_NO_NAME) 184 gss_release_name(&ms, &(*ctx)->name); 185 if ((*ctx)->oid != GSS_C_NO_OID) { 186 free((*ctx)->oid->elements); 187 free((*ctx)->oid); 188 (*ctx)->oid = GSS_C_NO_OID; 189 } 190 if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) 191 gss_release_cred(&ms, &(*ctx)->creds); 192 if ((*ctx)->client != GSS_C_NO_NAME) 193 gss_release_name(&ms, &(*ctx)->client); 194 if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) 195 gss_release_cred(&ms, &(*ctx)->client_creds); 196 197 free(*ctx); 198 *ctx = NULL; 199 } 200 201 /* 202 * Wrapper to init_sec_context 203 * Requires that the context contains: 204 * oid 205 * server name (from ssh_gssapi_import_name) 206 */ 207 OM_uint32 208 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, 209 gss_buffer_desc* send_tok, OM_uint32 *flags) 210 { 211 int deleg_flag = 0; 212 213 if (deleg_creds) { 214 deleg_flag = GSS_C_DELEG_FLAG; 215 debug("Delegating credentials"); 216 } 217 218 ctx->major = gss_init_sec_context(&ctx->minor, 219 GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, 220 GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 221 0, NULL, recv_tok, NULL, send_tok, flags, NULL); 222 223 if (GSS_ERROR(ctx->major)) 224 ssh_gssapi_error(ctx); 225 226 return (ctx->major); 227 } 228 229 /* Create a service name for the given host */ 230 OM_uint32 231 ssh_gssapi_import_name(Gssctxt *ctx, const char *host) 232 { 233 gss_buffer_desc gssbuf; 234 char *val; 235 236 xasprintf(&val, "host@%s", host); 237 gssbuf.value = val; 238 gssbuf.length = strlen(gssbuf.value); 239 240 if ((ctx->major = gss_import_name(&ctx->minor, 241 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 242 ssh_gssapi_error(ctx); 243 244 free(gssbuf.value); 245 return (ctx->major); 246 } 247 248 OM_uint32 249 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 250 { 251 if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, 252 GSS_C_QOP_DEFAULT, buffer, hash))) 253 ssh_gssapi_error(ctx); 254 255 return (ctx->major); 256 } 257 258 void 259 ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, 260 const char *context, const struct sshbuf *session_id) 261 { 262 int r; 263 264 sshbuf_reset(b); 265 if ((r = sshbuf_put_stringb(b, session_id)) != 0 || 266 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 267 (r = sshbuf_put_cstring(b, user)) != 0 || 268 (r = sshbuf_put_cstring(b, service)) != 0 || 269 (r = sshbuf_put_cstring(b, context)) != 0) 270 fatal_fr(r, "assemble buildmic"); 271 } 272 273 int 274 ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 275 { 276 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 277 OM_uint32 major, minor; 278 gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; 279 280 /* RFC 4462 says we MUST NOT do SPNEGO */ 281 if (oid->length == spnego_oid.length && 282 (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) 283 return 0; /* false */ 284 285 ssh_gssapi_build_ctx(ctx); 286 ssh_gssapi_set_oid(*ctx, oid); 287 major = ssh_gssapi_import_name(*ctx, host); 288 if (!GSS_ERROR(major)) { 289 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 290 NULL); 291 gss_release_buffer(&minor, &token); 292 if ((*ctx)->context != GSS_C_NO_CONTEXT) 293 gss_delete_sec_context(&minor, &(*ctx)->context, 294 GSS_C_NO_BUFFER); 295 } 296 297 if (GSS_ERROR(major)) 298 ssh_gssapi_delete_ctx(ctx); 299 300 return (!GSS_ERROR(major)); 301 } 302 303 #endif /* GSSAPI */ 304