1 /* $NetBSD: gss-genr.c,v 1.16 2026/04/08 18:58:40 christos Exp $ */ 2 /* $OpenBSD: gss-genr.c,v 1.31 2026/02/08 19:54:31 dtucker Exp $ */ 3 4 /* 5 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include "includes.h" 29 __RCSID("$NetBSD"); 30 #ifdef GSSAPI 31 32 #include <sys/types.h> 33 34 #include <limits.h> 35 #include <stdarg.h> 36 #include <string.h> 37 #include <signal.h> 38 #include <stdlib.h> 39 #include <unistd.h> 40 41 #include "xmalloc.h" 42 #include "ssherr.h" 43 #include "sshbuf.h" 44 #include "log.h" 45 #include "ssh2.h" 46 47 #include "ssh-gss.h" 48 49 /* sshbuf_get for gss_buffer_desc */ 50 int 51 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) 52 { 53 int r; 54 u_char *p; 55 size_t len; 56 57 if ((r = sshbuf_get_string(b, &p, &len)) != 0) 58 return r; 59 g->value = p; 60 g->length = len; 61 return 0; 62 } 63 64 /* Check that the OID in a data stream matches that in the context */ 65 int 66 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) 67 { 68 return (ctx != NULL && ctx->oid != GSS_C_NO_OID && 69 ctx->oid->length == len && 70 memcmp(ctx->oid->elements, data, len) == 0); 71 } 72 73 /* Set the contexts OID from a data stream */ 74 void 75 ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) 76 { 77 if (ctx->oid != GSS_C_NO_OID) { 78 free(ctx->oid->elements); 79 free(ctx->oid); 80 } 81 ctx->oid = xcalloc(1, sizeof(gss_OID_desc)); 82 ctx->oid->length = len; 83 ctx->oid->elements = xmalloc(len); 84 memcpy(ctx->oid->elements, data, len); 85 } 86 87 /* Set the contexts OID */ 88 void 89 ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) 90 { 91 ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length); 92 } 93 94 /* All this effort to report an error ... */ 95 void 96 ssh_gssapi_error(Gssctxt *ctxt) 97 { 98 char *s; 99 100 s = ssh_gssapi_last_error(ctxt, NULL, NULL); 101 debug("%s", s); 102 free(s); 103 } 104 105 char * 106 ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, 107 OM_uint32 *minor_status) 108 { 109 OM_uint32 lmin; 110 gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; 111 OM_uint32 ctx; 112 struct sshbuf *b; 113 char *ret; 114 int r; 115 116 if ((b = sshbuf_new()) == NULL) 117 fatal_f("sshbuf_new failed"); 118 119 if (major_status != NULL) 120 *major_status = ctxt->major; 121 if (minor_status != NULL) 122 *minor_status = ctxt->minor; 123 124 ctx = 0; 125 /* The GSSAPI error */ 126 do { 127 gss_display_status(&lmin, ctxt->major, 128 GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg); 129 130 if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || 131 (r = sshbuf_put_u8(b, '\n')) != 0) 132 fatal_fr(r, "assemble GSS_CODE"); 133 134 gss_release_buffer(&lmin, &msg); 135 } while (ctx != 0); 136 137 /* The mechanism specific error */ 138 do { 139 gss_display_status(&lmin, ctxt->minor, 140 GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg); 141 142 if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || 143 (r = sshbuf_put_u8(b, '\n')) != 0) 144 fatal_fr(r, "assemble MECH_CODE"); 145 146 gss_release_buffer(&lmin, &msg); 147 } while (ctx != 0); 148 149 if ((r = sshbuf_put_u8(b, '\n')) != 0) 150 fatal_fr(r, "assemble newline"); 151 ret = xstrdup((const char *)sshbuf_ptr(b)); 152 sshbuf_free(b); 153 return (ret); 154 } 155 156 /* 157 * Initialise our GSSAPI context. We use this opaque structure to contain all 158 * of the data which both the client and server need to persist across 159 * {accept,init}_sec_context calls, so that when we do it from the userauth 160 * stuff life is a little easier 161 */ 162 void 163 ssh_gssapi_build_ctx(Gssctxt **ctx) 164 { 165 *ctx = xcalloc(1, sizeof (Gssctxt)); 166 (*ctx)->context = GSS_C_NO_CONTEXT; 167 (*ctx)->name = GSS_C_NO_NAME; 168 (*ctx)->oid = GSS_C_NO_OID; 169 (*ctx)->creds = GSS_C_NO_CREDENTIAL; 170 (*ctx)->client = GSS_C_NO_NAME; 171 (*ctx)->client_creds = GSS_C_NO_CREDENTIAL; 172 } 173 174 /* Delete our context, providing it has been built correctly */ 175 void 176 ssh_gssapi_delete_ctx(Gssctxt **ctx) 177 { 178 OM_uint32 ms; 179 180 if ((*ctx) == NULL) 181 return; 182 if ((*ctx)->context != GSS_C_NO_CONTEXT) 183 gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER); 184 if ((*ctx)->name != GSS_C_NO_NAME) 185 gss_release_name(&ms, &(*ctx)->name); 186 if ((*ctx)->oid != GSS_C_NO_OID) { 187 free((*ctx)->oid->elements); 188 free((*ctx)->oid); 189 (*ctx)->oid = GSS_C_NO_OID; 190 } 191 if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) 192 gss_release_cred(&ms, &(*ctx)->creds); 193 if ((*ctx)->client != GSS_C_NO_NAME) 194 gss_release_name(&ms, &(*ctx)->client); 195 if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) 196 gss_release_cred(&ms, &(*ctx)->client_creds); 197 198 free(*ctx); 199 *ctx = NULL; 200 } 201 202 /* 203 * Wrapper to init_sec_context 204 * Requires that the context contains: 205 * oid 206 * server name (from ssh_gssapi_import_name) 207 */ 208 OM_uint32 209 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, 210 gss_buffer_desc* send_tok, OM_uint32 *flags) 211 { 212 int deleg_flag = 0; 213 214 if (deleg_creds) { 215 deleg_flag = GSS_C_DELEG_FLAG; 216 debug("Delegating credentials"); 217 } 218 219 ctx->major = gss_init_sec_context(&ctx->minor, 220 GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, 221 GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 222 0, NULL, recv_tok, NULL, send_tok, flags, NULL); 223 224 if (GSS_ERROR(ctx->major)) 225 ssh_gssapi_error(ctx); 226 227 return (ctx->major); 228 } 229 230 /* Create a service name for the given host */ 231 OM_uint32 232 ssh_gssapi_import_name(Gssctxt *ctx, const char *host) 233 { 234 gss_buffer_desc gssbuf; 235 char *val; 236 237 xasprintf(&val, "host@%s", host); 238 gssbuf.value = val; 239 gssbuf.length = strlen(gssbuf.value); 240 241 if ((ctx->major = gss_import_name(&ctx->minor, 242 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 243 ssh_gssapi_error(ctx); 244 245 free(gssbuf.value); 246 return (ctx->major); 247 } 248 249 OM_uint32 250 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 251 { 252 if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, 253 GSS_C_QOP_DEFAULT, buffer, hash))) 254 ssh_gssapi_error(ctx); 255 256 return (ctx->major); 257 } 258 259 void 260 ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, 261 const char *context, const struct sshbuf *session_id) 262 { 263 int r; 264 265 sshbuf_reset(b); 266 if ((r = sshbuf_put_stringb(b, session_id)) != 0 || 267 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 268 (r = sshbuf_put_cstring(b, user)) != 0 || 269 (r = sshbuf_put_cstring(b, service)) != 0 || 270 (r = sshbuf_put_cstring(b, context)) != 0) 271 fatal_fr(r, "assemble buildmic"); 272 } 273 274 int 275 ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 276 { 277 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 278 OM_uint32 major, minor; 279 gss_OID_desc spnego_oid = {6, __UNCONST("\x2B\x06\x01\x05\x05\x02")}; 280 281 /* RFC 4462 says we MUST NOT do SPNEGO */ 282 if (oid->length == spnego_oid.length && 283 (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) 284 return 0; /* false */ 285 286 ssh_gssapi_build_ctx(ctx); 287 ssh_gssapi_set_oid(*ctx, oid); 288 major = ssh_gssapi_import_name(*ctx, host); 289 if (!GSS_ERROR(major)) { 290 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 291 NULL); 292 gss_release_buffer(&minor, &token); 293 if ((*ctx)->context != GSS_C_NO_CONTEXT) 294 gss_delete_sec_context(&minor, &(*ctx)->context, 295 GSS_C_NO_BUFFER); 296 } 297 298 if (GSS_ERROR(major)) 299 ssh_gssapi_delete_ctx(ctx); 300 301 return (!GSS_ERROR(major)); 302 } 303 304 #endif /* GSSAPI */ 305
Indexes created Fri Jun 26 00:24:39 UTC 2026