aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2018-07-12 19:02:26 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-06 10:48:16 +0200
commit18dd90230739b3d2ac486f8dbbecde60cac83dc0 (patch)
tree47bea15aec0e02875c5f415e969fdd6e1a8d7555
parentd85827f646aa3c6f09546d8aef01c5b2206ea63a (diff)
downloadlibssh-18dd90230739b3d2ac486f8dbbecde60cac83dc0.tar.gz
libssh-18dd90230739b3d2ac486f8dbbecde60cac83dc0.tar.xz
libssh-18dd90230739b3d2ac486f8dbbecde60cac83dc0.zip
gssapi: set error state when GSSAPI auth fails
When errors occurred, the session auth state was not being updated, leading to failures due to the wrong state in following authentication methods. Fixes T56 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/gssapi.c62
1 files changed, 43 insertions, 19 deletions
diff --git a/src/gssapi.c b/src/gssapi.c
index 957eb57e..8e62f6a9 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -763,20 +763,27 @@ int ssh_gssapi_auth_mic(ssh_session session){
}
static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s){
- gss_OID ret = malloc(sizeof (gss_OID_desc));
+ gss_OID ret;
unsigned char *data = ssh_string_data(oid_s);
size_t len = ssh_string_len(oid_s);
- if(len > 256 || len <= 2){
+
+ ret = malloc(sizeof(gss_OID_desc));
+ if (ret == NULL) {
+ return NULL;
+ }
+
+ if (len > 256 || len <= 2) {
SAFE_FREE(ret);
return NULL;
}
- if(data[0] != SSH_OID_TAG || data[1] != len - 2){
+ if (data[0] != SSH_OID_TAG || data[1] != len - 2) {
SAFE_FREE(ret);
return NULL;
}
ret->elements = malloc(len - 2);
memcpy(ret->elements, &data[2], len-2);
ret->length = len-2;
+
return ret;
}
@@ -792,18 +799,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
SSH_LOG(SSH_LOG_PACKET, "Received SSH_USERAUTH_GSSAPI_RESPONSE");
if (session->auth_state != SSH_AUTH_STATE_GSSAPI_REQUEST_SENT){
ssh_set_error(session, SSH_FATAL, "Invalid state in ssh_packet_userauth_gssapi_response");
- return SSH_PACKET_USED;
+ goto error;
}
+
oid_s = ssh_buffer_get_ssh_string(packet);
if (!oid_s){
ssh_set_error(session, SSH_FATAL, "Missing OID");
- return SSH_PACKET_USED;
+ goto error;
}
session->gssapi->client.oid = ssh_gssapi_oid_from_string(oid_s);
ssh_string_free(oid_s);
if (!session->gssapi->client.oid) {
ssh_set_error(session, SSH_FATAL, "Invalid OID");
- return SSH_PACKET_USED;
+ goto error;
}
session->gssapi->client.flags = GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG;
@@ -825,11 +833,11 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
"Initializing gssapi context",
maj_stat,
min_stat);
- return SSH_PACKET_USED;
+ goto error;
}
if (output_token.length != 0){
hexa = ssh_get_hexa(output_token.value, output_token.length);
- SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
+ SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s", hexa);
SAFE_FREE(hexa);
ssh_buffer_pack(session->out_buffer,
"bdP",
@@ -840,6 +848,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN;
}
return SSH_PACKET_USED;
+
+error:
+ session->auth_state = SSH_AUTH_STATE_ERROR;
+ ssh_gssapi_free(session);
+ session->gssapi = NULL;
+ return SSH_PACKET_USED;
}
static int ssh_gssapi_send_mic(ssh_session session){
@@ -859,7 +873,8 @@ static int ssh_gssapi_send_mic(ssh_session session){
mic_buf.length = ssh_buffer_get_len(mic_buffer);
mic_buf.value = ssh_buffer_get(mic_buffer);
- maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf);
+ maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT,
+ &mic_buf, &mic_token_buf);
if (GSS_ERROR(maj_stat)){
ssh_buffer_free(mic_buffer);
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
@@ -892,16 +907,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
(void)type;
SSH_LOG(SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_TOKEN");
- if (!session->gssapi || session->auth_state != SSH_AUTH_STATE_GSSAPI_TOKEN){
- ssh_set_error(session, SSH_FATAL, "Received SSH_MSG_USERAUTH_GSSAPI_TOKEN in invalid state");
- return SSH_PACKET_USED;
+ if (!session->gssapi || session->auth_state != SSH_AUTH_STATE_GSSAPI_TOKEN) {
+ ssh_set_error(session, SSH_FATAL,
+ "Received SSH_MSG_USERAUTH_GSSAPI_TOKEN in invalid state");
+ goto error;
}
token = ssh_buffer_get_ssh_string(packet);
if (token == NULL){
- ssh_set_error(session, SSH_REQUEST_DENIED, "ssh_packet_userauth_gssapi_token: invalid packet");
- return SSH_PACKET_USED;
+ ssh_set_error(session, SSH_REQUEST_DENIED,
+ "ssh_packet_userauth_gssapi_token: invalid packet");
+ goto error;
}
+
hexa = ssh_get_hexa(ssh_string_data(token),ssh_string_len(token));
SSH_LOG(SSH_LOG_PACKET, "GSSAPI Token : %s",hexa);
SAFE_FREE(hexa);
@@ -926,12 +944,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
"Gssapi error",
maj_stat,
min_stat);
- ssh_gssapi_free(session);
- session->gssapi=NULL;
- return SSH_PACKET_USED;
+ goto error;
}
- if (output_token.length != 0){
+ if (output_token.length != 0) {
hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
SAFE_FREE(hexa);
@@ -942,9 +958,17 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
(size_t)output_token.length, output_token.value);
ssh_packet_send(session);
}
- if(maj_stat == GSS_S_COMPLETE){
+
+ if (maj_stat == GSS_S_COMPLETE) {
session->auth_state = SSH_AUTH_STATE_NONE;
ssh_gssapi_send_mic(session);
}
+
+ return SSH_PACKET_USED;
+
+error:
+ session->auth_state = SSH_AUTH_STATE_ERROR;
+ ssh_gssapi_free(session);
+ session->gssapi = NULL;
return SSH_PACKET_USED;
}