xref: /titanic_41/usr/src/cmd/ssh/sshd/auth2-gss.c (revision 0c79d02b29618f74322989ec8ceafaa5486ac1db)
1 /*
2  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23  */
24 /*
25  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
26  * Use is subject to license terms.
27  */
28 
29 #include "includes.h"
30 
31 #ifdef GSSAPI
32 #include "auth.h"
33 #include "ssh2.h"
34 #include "xmalloc.h"
35 #include "log.h"
36 #include "dispatch.h"
37 #include "buffer.h"
38 #include "servconf.h"
39 #include "compat.h"
40 #include "bufaux.h"
41 #include "packet.h"
42 
43 #include <gssapi/gssapi.h>
44 #include "ssh-gss.h"
45 
46 extern ServerOptions options;
47 extern uchar_t *session_id2;
48 extern int session_id2_len;
49 extern Gssctxt *xxx_gssctxt;
50 
51 static void userauth_gssapi_finish(Authctxt *authctxt, Gssctxt *gssctxt);
52 
53 static void
54 userauth_gssapi_keyex(Authctxt *authctxt)
55 {
56 	gss_buffer_desc g_mic_data, mic_tok;
57 	Buffer mic_data;
58 	OM_uint32 maj_status, min_status;
59 
60 	if (authctxt == NULL || authctxt->method == NULL)
61 		fatal("No authentication context during gssapi-keyex userauth");
62 
63 	if (xxx_gssctxt == NULL || xxx_gssctxt->context == GSS_C_NO_CONTEXT) {
64 		/* fatal()?  or return? */
65 		debug("No GSS-API context during gssapi-keyex userauth");
66 		return;
67 	}
68 
69 	/* Make data buffer to verify MIC with */
70 	buffer_init(&mic_data);
71 	buffer_put_string(&mic_data, session_id2, session_id2_len);
72 	buffer_put_char(&mic_data, SSH2_MSG_USERAUTH_REQUEST);
73 	buffer_put_cstring(&mic_data, authctxt->user);
74 	buffer_put_cstring(&mic_data, authctxt->service);
75 	buffer_put_cstring(&mic_data, authctxt->method->name);
76 
77 	g_mic_data.value  = buffer_ptr(&mic_data);
78 	g_mic_data.length = buffer_len(&mic_data);
79 
80 	mic_tok.value = packet_get_string(&mic_tok.length);
81 
82 	maj_status = gss_verify_mic(&min_status, xxx_gssctxt->context,
83 	    &g_mic_data, &mic_tok, NULL);
84 
85 	packet_check_eom();
86 	buffer_clear(&mic_data);
87 
88 	if (maj_status != GSS_S_COMPLETE)
89 		debug2("MIC verification failed, GSSAPI userauth failed");
90 	else
91 		userauth_gssapi_finish(authctxt, xxx_gssctxt);
92 
93 	/* Leave Gssctxt around for ssh_gssapi_cleanup/storecreds() */
94 	if (xxx_gssctxt->deleg_creds == GSS_C_NO_CREDENTIAL)
95 		ssh_gssapi_delete_ctx(&xxx_gssctxt);
96 }
97 
98 static void ssh_gssapi_userauth_error(Gssctxt *ctxt);
99 static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
100 static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
101 static void input_gssapi_errtok(int, u_int32_t, void *);
102 static void input_gssapi_exchange_complete(int type, u_int32_t plen,
103     void *ctxt);
104 
105 static void
106 userauth_gssapi_abandon(Authctxt *authctxt, Authmethod *method)
107 {
108 	ssh_gssapi_delete_ctx((Gssctxt **)&method->method_data);
109 	xxx_gssctxt = NULL;
110 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
111 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
112 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
113 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
114 }
115 
116 static void
117 userauth_gssapi(Authctxt *authctxt)
118 {
119 	gss_OID_set supported_mechs;
120 	int mechs, present = 0;
121 	OM_uint32 min_status;
122 	uint_t len;
123 	char *doid = NULL;
124 	gss_OID oid = GSS_C_NULL_OID;
125 
126 	if (datafellows & SSH_OLD_GSSAPI) {
127 		debug("Early drafts of GSSAPI userauth not supported");
128 		return;
129 	}
130 
131 	mechs = packet_get_int();
132 	if (mechs == 0) {
133 		packet_check_eom();
134 		debug("Mechanism negotiation is not supported");
135 		return;
136 	}
137 
138 	ssh_gssapi_server_mechs(&supported_mechs);
139 
140 	do {
141 		mechs--;
142 
143 		if (oid != GSS_C_NULL_OID)
144 			ssh_gssapi_release_oid(&oid);
145 
146 		doid = packet_get_string(&len);
147 
148 		/* ick */
149 		if (doid[0] != 0x06 || (len > 2 && doid[1] != len - 2)) {
150 			log("Mechanism OID received using the old "
151 			    "encoding form");
152 			oid = ssh_gssapi_make_oid(len, doid);
153 		} else {
154 			oid = ssh_gssapi_make_oid(len - 2, doid + 2);
155 		}
156 
157 		(void) gss_test_oid_set_member(&min_status, oid,
158 		    supported_mechs, &present);
159 
160 		debug("Client offered gssapi userauth with %s (%s)",
161 		    ssh_gssapi_oid_to_str(oid),
162 		    present ? "supported" : "unsupported");
163 	} while (!present && (mechs > 0));
164 
165 	if (!present) {
166 		/* userauth_finish() will send SSH2_MSG_USERAUTH_FAILURE */
167 		debug2("No mechanism offered by the client is available");
168 		ssh_gssapi_release_oid(&oid);
169 		return;
170 	}
171 
172 	ssh_gssapi_build_ctx((Gssctxt **)&authctxt->method->method_data,
173 	    0, oid);
174 	ssh_gssapi_release_oid(&oid);
175 	/* Send SSH_MSG_USERAUTH_GSSAPI_RESPONSE */
176 
177 	packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
178 
179 	/* Just return whatever we found -- the matched mech does us no good */
180 	packet_put_string(doid, len);
181 	xfree(doid);
182 
183 	packet_send();
184 	packet_write_wait();
185 
186 	/* Setup rest of gssapi userauth conversation */
187 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
188 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
189 	authctxt->method->postponed = 1;
190 }
191 
192 static void
193 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
194 {
195 	Authctxt *authctxt = ctxt;
196 	Gssctxt *gssctxt;
197 	gss_buffer_desc send_tok, recv_tok;
198 	OM_uint32 maj_status, min_status;
199 	uint_t len;
200 
201 	if (authctxt == NULL || authctxt->method == NULL ||
202 	    (authctxt->method->method_data == NULL)) {
203 		fatal("No authentication or GSSAPI context during "
204 		    "gssapi-with-mic userauth");
205 	}
206 
207 	gssctxt = authctxt->method->method_data;
208 	recv_tok.value = packet_get_string(&len);
209 	recv_tok.length = len; /* u_int vs. size_t */
210 
211 	maj_status = ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok);
212 	packet_check_eom();
213 
214 	if (GSS_ERROR(maj_status)) {
215 		ssh_gssapi_userauth_error(gssctxt);
216 		if (send_tok.length != 0) {
217 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
218 			packet_put_string(send_tok.value, send_tok.length);
219 			packet_send();
220 			packet_write_wait();
221 		}
222 		authctxt->method->postponed = 0;
223 		dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
224 		userauth_finish(authctxt, authctxt->method->name);
225 	} else {
226 		if (send_tok.length != 0) {
227 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
228 			packet_put_string(send_tok.value, send_tok.length);
229 			packet_send();
230 			packet_write_wait();
231 		}
232 		if (maj_status == GSS_S_COMPLETE) {
233 			dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
234 			dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
235 			    &input_gssapi_mic);
236 			dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
237 			    &input_gssapi_exchange_complete);
238 		}
239 	}
240 
241 	gss_release_buffer(&min_status, &send_tok);
242 }
243 
244 static void
245 input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
246 {
247 	Authctxt *authctxt = ctxt;
248 	Gssctxt *gssctxt;
249 	gss_buffer_desc send_tok, recv_tok;
250 
251 	if (authctxt == NULL || authctxt->method == NULL ||
252 	    (authctxt->method->method_data == NULL)) {
253 		fatal("No authentication or GSSAPI context during "
254 		    "gssapi-with-mic userauth");
255 	}
256 
257 	gssctxt = authctxt->method->method_data;
258 	recv_tok.value = packet_get_string(&recv_tok.length);
259 	packet_check_eom();
260 
261 	/* Push the error token into GSSAPI to see what it says */
262 	(void) ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok);
263 
264 	debug("Client sent GSS-API error token during GSS userauth-- %s",
265 	    ssh_gssapi_last_error(gssctxt, NULL, NULL));
266 
267 	/* We can't return anything to the client, even if we wanted to */
268 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
269 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
270 
271 
272 	/*
273 	 * The client will have already moved on to the next auth and
274 	 * will send a new userauth request.  The spec says that the
275 	 * server MUST NOT send a SSH_MSG_USERAUTH_FAILURE packet in
276 	 * response to this.
277 	 *
278 	 * We leave authctxt->method->postponed == 1 here so that a call
279 	 * to input_userauth_request() will detect this failure (as
280 	 * userauth abandonment) and act accordingly.
281 	 */
282 }
283 
284 static void
285 input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
286 {
287 	Authctxt *authctxt = ctxt;
288 	Gssctxt *gssctxt;
289 	gss_buffer_desc g_mic_data, mic_tok;
290 	Buffer mic_data;
291 	OM_uint32 maj_status, min_status;
292 
293 	if (authctxt == NULL || authctxt->method == NULL ||
294 	    (authctxt->method->method_data == NULL)) {
295 		debug3("No authentication or GSSAPI context during "
296 		    "gssapi-with-mic userauth");
297 		return;
298 	}
299 
300 	gssctxt = authctxt->method->method_data;
301 
302 	/* Make data buffer to verify MIC with */
303 	buffer_init(&mic_data);
304 	buffer_put_string(&mic_data, session_id2, session_id2_len);
305 	buffer_put_char(&mic_data, SSH2_MSG_USERAUTH_REQUEST);
306 	buffer_put_cstring(&mic_data, authctxt->user);
307 	buffer_put_cstring(&mic_data, authctxt->service);
308 	buffer_put_cstring(&mic_data, authctxt->method->name);
309 
310 	g_mic_data.value  = buffer_ptr(&mic_data);
311 	g_mic_data.length = buffer_len(&mic_data);
312 
313 	mic_tok.value = packet_get_string(&mic_tok.length);
314 
315 	maj_status = gss_verify_mic(&min_status, gssctxt->context,
316 	    &g_mic_data, &mic_tok, NULL);
317 
318 	packet_check_eom();
319 	buffer_free(&mic_data);
320 
321 	if (maj_status != GSS_S_COMPLETE)
322 		debug2("MIC verification failed, GSSAPI userauth failed");
323 	else
324 		userauth_gssapi_finish(authctxt, gssctxt);
325 
326 	/* Delete context from keyex */
327 	if (xxx_gssctxt != gssctxt)
328 		ssh_gssapi_delete_ctx(&xxx_gssctxt);
329 
330 	/* Leave Gssctxt around for ssh_gssapi_cleanup/storecreds() */
331 	if (gssctxt->deleg_creds == GSS_C_NO_CREDENTIAL)
332 		ssh_gssapi_delete_ctx(&gssctxt);
333 
334 	xxx_gssctxt = gssctxt;
335 
336 	authctxt->method->postponed = 0;
337 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
338 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
339 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
340 	userauth_finish(authctxt, authctxt->method->name);
341 }
342 
343 /*
344  * This is called when the client thinks we've completed authentication.
345  * It should only be enabled in the dispatch handler by the function above,
346  * which only enables it once the GSSAPI exchange is complete.
347  */
348 static void
349 input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
350 {
351 	Authctxt *authctxt = ctxt;
352 	Gssctxt *gssctxt;
353 
354 	packet_check_eom();
355 
356 	if (authctxt == NULL || authctxt->method == NULL ||
357 	    (authctxt->method->method_data == NULL))
358 		fatal("No authentication or GSSAPI context");
359 
360 	gssctxt = authctxt->method->method_data;
361 
362 	/*
363 	 * SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE -> gssapi userauth
364 	 * failure, the client should use SSH2_MSG_USERAUTH_GSSAPI_MIC
365 	 * instead.
366 	 *
367 	 * There's two reasons for this:
368 	 *
369 	 * 1) we don't have GSS mechs that don't support integrity
370 	 * protection, and even if we did we'd not want to use them with
371 	 * SSHv2, and,
372 	 *
373 	 * 2) we currently have no way to dynamically detect whether a
374 	 * given mechanism does or does not support integrity
375 	 * protection, so when a context's flags do not indicate
376 	 * integrity protection we can't know if the client simply
377 	 * didn't request it, so we assume it didn't and reject the
378 	 * userauth.
379 	 *
380 	 * We could fail partially (i.e., force the use of other
381 	 * userauth methods without counting this one as failed).  But
382 	 * this will do for now.
383 	 */
384 #if 0
385 	authctxt->method->authenticated = ssh_gssapi_userok(gssctxt,
386 	    authctxt->user);
387 #endif
388 
389 	if (xxx_gssctxt != gssctxt)
390 		ssh_gssapi_delete_ctx(&gssctxt);
391 	ssh_gssapi_delete_ctx(&gssctxt);
392 	authctxt->method->postponed = 0;
393 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
394 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
395 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
396 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
397 	userauth_finish(authctxt, authctxt->method->name);
398 }
399 
400 static void
401 ssh_gssapi_userauth_error(Gssctxt *ctxt)
402 {
403 	char *errstr;
404 	OM_uint32 maj, min;
405 
406 	errstr = ssh_gssapi_last_error(ctxt, &maj, &min);
407 	if (errstr) {
408 		packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERROR);
409 		packet_put_int(maj);
410 		packet_put_int(min);
411 		packet_put_cstring(errstr);
412 		packet_put_cstring("");
413 		packet_send();
414 		packet_write_wait();
415 		xfree(errstr);
416 	}
417 }
418 
419 /*
420  * Code common to gssapi-keyex and gssapi-with-mic userauth.
421  *
422  * Does authorization, figures out how to store delegated creds.
423  */
424 static void
425 userauth_gssapi_finish(Authctxt *authctxt, Gssctxt *gssctxt)
426 {
427 	char *local_user = NULL;
428 	gss_buffer_desc dispname;
429 	OM_uint32 major;
430 
431 	if (*authctxt->user != '\0' &&
432 	    ssh_gssapi_userok(gssctxt, authctxt->user)) {
433 
434 		/*
435 		 * If the client princ did not map to the requested
436 		 * username then we don't want to clobber existing creds
437 		 * for the user with the delegated creds.
438 		 */
439 		local_user = ssh_gssapi_localname(gssctxt);
440 		if (local_user == NULL ||
441 		    strcmp(local_user, authctxt->user) == 0)
442 			gssctxt->default_creds = 1; /* store creds as default */
443 
444 		authctxt->method->authenticated =
445 		    do_pam_non_initial_userauth(authctxt);
446 
447 	} else if (*authctxt->user == '\0') {
448 		/* Requested username == ""; derive username from princ name */
449 		if ((local_user = ssh_gssapi_localname(gssctxt)) == NULL)
450 			return;
451 
452 		/* Changed username (from implicit, '') */
453 		userauth_user_svc_change(authctxt, local_user, NULL);
454 
455 		gssctxt->default_creds = 1; /* store creds as default */
456 
457 		authctxt->method->authenticated =
458 		    do_pam_non_initial_userauth(authctxt);
459 	}
460 
461 	if (local_user != NULL)
462 		xfree(local_user);
463 
464 	if (*authctxt->user != '\0' && authctxt->method->authenticated != 0) {
465 		major = gss_display_name(&gssctxt->minor, gssctxt->src_name,
466 		    &dispname, NULL);
467 		if (major == GSS_S_COMPLETE) {
468 			log("Authorized principal %.*s, authenticated with "
469 			    "GSS mechanism %s, to: %s",
470 			    dispname.length, (char *)dispname.value,
471 			    ssh_gssapi_oid_to_name(gssctxt->actual_mech),
472 			    authctxt->user);
473 		}
474 		(void) gss_release_buffer(&gssctxt->minor, &dispname);
475 	}
476 }
477 
478 #if 0
479 /* Deprecated userauths -- should not be enabled */
480 Authmethod method_external = {
481 	"external-keyx",
482 	&options.gss_authentication,
483 	userauth_gssapi_keyex,
484 	NULL,	/* no abandon function */
485 	NULL,
486 	NULL,
487 	/* State counters */
488 	0, 0, 0, 0,
489 	/* State flags */
490 	0, 0, 0, 0, 0, 0
491 };
492 
493 Authmethod method_gssapi = {
494 	"gssapi",
495 	&options.gss_authentication,
496 	userauth_gssapi,
497 	userauth_gssapi_abandon,
498 	NULL,
499 	NULL,
500 	/* State counters */
501 	0, 0, 0, 0,
502 	/* State flags */
503 	0, 0, 0, 0, 0, 0
504 };
505 #endif
506 
507 Authmethod method_external = {
508 	"gssapi-keyex",
509 	&options.gss_authentication,
510 	userauth_gssapi_keyex,
511 	NULL,	/* no abandon function */
512 	NULL,
513 	NULL,
514 	/* State counters */
515 	0, 0, 0, 0,
516 	/* State flags */
517 	0, 0, 0, 0, 0, 0
518 };
519 
520 Authmethod method_gssapi = {
521 	"gssapi-with-mic",
522 	&options.gss_authentication,
523 	userauth_gssapi,
524 	userauth_gssapi_abandon,
525 	NULL,
526 	NULL,
527 	/* State counters */
528 	0, 0, 0, 0,
529 	/* State flags */
530 	0, 0, 0, 0, 0, 0
531 };
532 
533 #endif /* GSSAPI */
534