diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2013-02-20 23:20:44 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-07-13 14:21:36 +0200 |
commit | 3b52e38a333cb204673b9401b0e895d96d9fb02f (patch) | |
tree | ff395dc6a182153cde6b2a33cdb40d4982505652 | |
parent | 6bb50630462cf20b5d7fa42ef1cc99c8f80ccac9 (diff) | |
download | libssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.tar.gz libssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.tar.xz libssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.zip |
auth: adapt libssh to gssapi-with-mic server
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | include/libssh/libssh.h | 1 | ||||
-rw-r--r-- | include/libssh/priv.h | 5 | ||||
-rw-r--r-- | include/libssh/server.h | 2 | ||||
-rw-r--r-- | include/libssh/session.h | 1 | ||||
-rw-r--r-- | src/messages.c | 53 | ||||
-rw-r--r-- | src/packet.c | 13 |
6 files changed, 70 insertions, 5 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index d9cc8478..2c62b2fe 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -164,6 +164,7 @@ enum ssh_auth_e { #define SSH_AUTH_METHOD_PUBLICKEY 0x0004 #define SSH_AUTH_METHOD_HOSTBASED 0x0008 #define SSH_AUTH_METHOD_INTERACTIVE 0x0010 +#define SSH_AUTH_METHOD_GSSAPI_MIC 0x0020 /* messages */ enum ssh_requests_e { diff --git a/include/libssh/priv.h b/include/libssh/priv.h index 912a1918..c985a3ab 100644 --- a/include/libssh/priv.h +++ b/include/libssh/priv.h @@ -179,8 +179,9 @@ void _ssh_set_error_oom(void *error, const char *function); void _ssh_set_error_invalid(void *error, const char *function); - - +/* server.c */ +int ssh_auth_reply_default(ssh_session session,int partial); +int ssh_auth_reply_success(ssh_session session, int partial); /* client.c */ diff --git a/include/libssh/server.h b/include/libssh/server.h index 6ed8002a..28be4596 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -254,6 +254,8 @@ LIBSSH_API int ssh_handle_key_exchange(ssh_session session); */ LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o); +LIBSSH_API void ssh_set_auth_methods(ssh_session session, int auth_methods); + /********************************************************** * SERVER MESSAGING **********************************************************/ diff --git a/include/libssh/session.h b/include/libssh/session.h index e6bea771..4764a1ef 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -143,6 +143,7 @@ struct ssh_session_struct { /* keyb interactive data */ struct ssh_kbdint_struct *kbdint; + struct ssh_gssapi_struct *gssapi; int version; /* 1 or 2 */ /* server host keys */ struct { diff --git a/src/messages.c b/src/messages.c index 147ab16c..a82cb5c7 100644 --- a/src/messages.c +++ b/src/messages.c @@ -44,6 +44,7 @@ #include "libssh/messages.h" #ifdef WITH_SERVER #include "libssh/server.h" +#include "libssh/gssapi.h" #endif /** @@ -740,6 +741,54 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){ } goto end; } + if (strncmp(method, "gssapi-with-mic", method_size) == 0) { + uint32_t n_oid; + ssh_string *oids; + ssh_string oid; + char *hexa; + int i; + buffer_get_u32(packet, &n_oid); + n_oid=ntohl(n_oid); + if(n_oid > 100){ + ssh_set_error(session, SSH_FATAL, "USERAUTH_REQUEST: gssapi-with-mic OID count too big (%d)",n_oid); + goto error; + } + ssh_log(session, SSH_LOG_PACKET, "gssapi: %d OIDs", n_oid); + oids = calloc(n_oid, sizeof(ssh_string)); + if (oids == NULL){ + ssh_set_error_oom(session); + goto error; + } + for (i=0;i<(int) n_oid;++i){ + oid=buffer_get_ssh_string(packet); + if(oid == NULL){ + for(i=i-1;i>=0;--i){ + SAFE_FREE(oids[i]); + } + SAFE_FREE(oids); + ssh_set_error(session, SSH_LOG_PACKET, "USERAUTH_REQUEST: gssapi-with-mic missing OID"); + goto error; + } + oids[i] = oid; + if(session->common.log_verbosity >= SSH_LOG_PACKET){ + hexa = ssh_get_hexa(ssh_string_data(oid), ssh_string_len(oid)); + ssh_log(session, SSH_LOG_PACKET,"gssapi: OID %d: %s",i, hexa); + SAFE_FREE(hexa); + } + } + ssh_gssapi_handle_userauth(session, msg->auth_request.username, n_oid, oids); + + for(i=0;i<(int)n_oid;++i){ + SAFE_FREE(oids[i]); + } + SAFE_FREE(oids); + /* bypass the message queue thing */ + SAFE_FREE(service); + SAFE_FREE(method); + ssh_message_free(msg); + leave_function(); + return SSH_PACKET_USED; + } msg->auth_request.method = SSH_AUTH_METHOD_UNKNOWN; SAFE_FREE(method); @@ -783,6 +832,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ ssh_message msg = NULL; + /* GSSAPI_TOKEN has same packed number. XXX fix this */ + if (session->gssapi != NULL) + return ssh_packet_userauth_gssapi_token(session, type, packet, user); + enter_function(); (void)user; diff --git a/src/packet.c b/src/packet.c index 440e47c6..0276a155 100644 --- a/src/packet.c +++ b/src/packet.c @@ -46,6 +46,7 @@ #include "libssh/pcap.h" #include "libssh/kex.h" #include "libssh/auth.h" +#include "libssh/gssapi.h" #define MACSIZE SHA_DIGEST_LEN @@ -83,11 +84,17 @@ static ssh_packet_callback default_packet_handlers[]= { NULL,NULL,NULL,NULL,NULL,NULL, // 54-59 ssh_packet_userauth_pk_ok, // SSH2_MSG_USERAUTH_PK_OK 60 // SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 - // SSH2_MSG_USERAUTH_INFO_REQUEST 60 + // SSH2_MSG_USERAUTH_INFO_REQUEST 60 ssh_packet_userauth_info_response, // SSH2_MSG_USERAUTH_INFO_RESPONSE 61 + // SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61 + NULL, // 62 + NULL, // SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63 + NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERROR 64 + NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65 + ssh_packet_userauth_gssapi_mic, // SSH2_MSG_USERAUTH_GSSAPI_MIC 66 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, // 62-79 + NULL, NULL, NULL, NULL, // 67-79 #ifdef WITH_SERVER ssh_packet_global_request, // SSH2_MSG_GLOBAL_REQUEST 80 #else /* WITH_SERVER */ |