vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Petr Lautrbach 3e1dd6
diff --git a/Makefile.in b/Makefile.in
Petr Lautrbach 3e1dd6
index 581b121..2ad26ff 100644
Petr Lautrbach 3e1dd6
--- a/Makefile.in
Petr Lautrbach 3e1dd6
+++ b/Makefile.in
Petr Lautrbach 3e1dd6
@@ -77,6 +77,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
Petr Lautrbach 84822b
 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
Petr Lautrbach 84822b
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
Petr Lautrbach 84822b
 	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
Petr Lautrbach 84822b
+	kexgssc.o \
Petr Lautrbach 84822b
 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
Petr Lautrbach 3e1dd6
 	ssh-pkcs11.o krl.o smult_curve25519_ref.o \
Petr Lautrbach 3e1dd6
 	kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
Petr Lautrbach 3e1dd6
@@ -96,7 +97,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
Petr Lautrbach 3e1dd6
 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
Petr Lautrbach 84822b
 	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
Petr Lautrbach 3e1dd6
 	kexc25519s.o auth-krb5.o \
Petr Lautrbach 84822b
-	auth2-gss.o gss-serv.o gss-serv-krb5.o \
Petr Lautrbach 3e1dd6
+	auth2-gss.o gss-serv.o gss-serv-krb5.o  kexgsss.o \
Petr Lautrbach 84822b
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
Petr Lautrbach 84822b
 	sftp-server.o sftp-common.o \
Petr Lautrbach 84822b
 	roaming_common.o roaming_serv.o \
Petr Lautrbach 3e1dd6
diff --git a/auth2-gss.c b/auth2-gss.c
Petr Lautrbach 3e1dd6
index 4756dd7..ad65059 100644
Petr Lautrbach 3e1dd6
--- a/auth2-gss.c
Petr Lautrbach 3e1dd6
+++ b/auth2-gss.c
Petr Lautrbach 3e1dd6
@@ -52,6 +52,40 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
Petr Lautrbach 84822b
 static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
Petr Lautrbach 84822b
 static void input_gssapi_errtok(int, u_int32_t, void *);
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
+/* 
Petr Lautrbach 84822b
+ * The 'gssapi_keyex' userauth mechanism.
Petr Lautrbach 84822b
+ */
Petr Lautrbach 84822b
+static int
Petr Lautrbach 84822b
+userauth_gsskeyex(Authctxt *authctxt)
Petr Lautrbach 84822b
+{
Petr Lautrbach 84822b
+	int authenticated = 0;
Petr Lautrbach 84822b
+	Buffer b;
Petr Lautrbach 84822b
+	gss_buffer_desc mic, gssbuf;
Petr Lautrbach 84822b
+	u_int len;
Petr Lautrbach 51ca3b
+
Petr Lautrbach 84822b
+	mic.value = packet_get_string(&len;;
Petr Lautrbach 84822b
+	mic.length = len;
Petr Lautrbach 51ca3b
+
Petr Lautrbach 84822b
+	packet_check_eom();
Petr Lautrbach 51ca3b
+
Petr Lautrbach 84822b
+	ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
Petr Lautrbach 84822b
+	    "gssapi-keyex");
Petr Lautrbach 51ca3b
+
Petr Lautrbach 84822b
+	gssbuf.value = buffer_ptr(&b);
Petr Lautrbach 84822b
+	gssbuf.length = buffer_len(&b);
Petr Lautrbach 5039c7
+
Petr Lautrbach 84822b
+	/* gss_kex_context is NULL with privsep, so we can't check it here */
Petr Lautrbach 84822b
+	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, 
Petr Lautrbach 84822b
+	    &gssbuf, &mic))))
Petr Lautrbach 84822b
+		authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
Petr Lautrbach 84822b
+		    authctxt->pw));
Petr Lautrbach 84822b
+	
Petr Lautrbach 84822b
+	buffer_free(&b);
Petr Lautrbach 84822b
+	free(mic.value);
Petr Lautrbach 5039c7
+
Petr Lautrbach 84822b
+	return (authenticated);
Petr Lautrbach 84822b
+}
Petr Lautrbach 5039c7
+
Petr Lautrbach 84822b
 /*
Petr Lautrbach 84822b
  * We only support those mechanisms that we know about (ie ones that we know
Petr Lautrbach 84822b
  * how to check local user kuserok and the like)
Petr Lautrbach 3e1dd6
@@ -235,7 +269,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 	packet_check_eom();
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
-	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
Petr Lautrbach 84822b
+	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
Petr Lautrbach 84822b
+	    authctxt->pw));
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 	authctxt->postponed = 0;
Petr Lautrbach 84822b
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
Petr Lautrbach 3e1dd6
@@ -277,7 +312,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
Petr Lautrbach 84822b
 	gssbuf.length = buffer_len(&b);
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
Petr Lautrbach 84822b
-		authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
Petr Lautrbach 84822b
+		authenticated = 
Petr Lautrbach 84822b
+		    PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw));
Petr Lautrbach 84822b
 	else
Petr Lautrbach 84822b
 		logit("GSSAPI MIC check failed");
Petr Lautrbach 84822b
 
Petr Lautrbach 3e1dd6
@@ -294,6 +330,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
Petr Lautrbach 84822b
 	userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
Petr Lautrbach 84822b
 }
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
+Authmethod method_gsskeyex = {
Petr Lautrbach 84822b
+	"gssapi-keyex",
Petr Lautrbach 84822b
+	userauth_gsskeyex,
Petr Lautrbach 84822b
+	&options.gss_authentication
Petr Lautrbach 84822b
+};
Petr Lautrbach 5039c7
+
Petr Lautrbach 84822b
 Authmethod method_gssapi = {
Petr Lautrbach 84822b
 	"gssapi-with-mic",
Petr Lautrbach 84822b
 	userauth_gssapi,
Petr Lautrbach 3e1dd6
diff --git a/auth2.c b/auth2.c
Petr Lautrbach 3e1dd6
index 5f4f26f..0f52b68 100644
Petr Lautrbach 3e1dd6
--- a/auth2.c
Petr Lautrbach 3e1dd6
+++ b/auth2.c
Petr Lautrbach 84822b
@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
Petr Lautrbach 84822b
 extern Authmethod method_kbdint;
Petr Lautrbach 84822b
 extern Authmethod method_hostbased;
Petr Lautrbach 84822b
 #ifdef GSSAPI
Petr Lautrbach 84822b
+extern Authmethod method_gsskeyex;
Petr Lautrbach 84822b
 extern Authmethod method_gssapi;
Petr Lautrbach 84822b
 #endif
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
@@ -76,6 +77,7 @@ Authmethod *authmethods[] = {
Petr Lautrbach 84822b
 	&method_none,
Petr Lautrbach 84822b
 	&method_pubkey,
Petr Lautrbach 84822b
 #ifdef GSSAPI
Petr Lautrbach 84822b
+	&method_gsskeyex,
Petr Lautrbach 84822b
 	&method_gssapi,
Petr Lautrbach 84822b
 #endif
Petr Lautrbach 3e1dd6
 	&method_passwd,
Petr Lautrbach 3e1dd6
diff --git a/clientloop.c b/clientloop.c
Petr Lautrbach 3e1dd6
index 59ad3a2..9c60108 100644
Petr Lautrbach 3e1dd6
--- a/clientloop.c
Petr Lautrbach 3e1dd6
+++ b/clientloop.c
Jan F. Chadima 69dd72
@@ -111,6 +111,10 @@
Jan F. Chadima 69dd72
 #include "msg.h"
Jan F. Chadima 69dd72
 #include "roaming.h"
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+#include "ssh-gss.h"
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 /* import options */
Jan F. Chadima 69dd72
 extern Options options;
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
@@ -1608,6 +1612,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
Jan F. Chadima 69dd72
 		/* Do channel operations unless rekeying in progress. */
Jan F. Chadima 69dd72
 		if (!rekeying) {
Jan F. Chadima 69dd72
 			channel_after_select(readset, writeset);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+			if (options.gss_renewal_rekey &&
Jan F. Chadima 69dd72
+			    ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
Jan F. Chadima 69dd72
+				debug("credentials updated - forcing rekey");
Jan F. Chadima 69dd72
+				need_rekeying = 1;
Jan F. Chadima 69dd72
+			}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 			if (need_rekeying || packet_need_rekeying()) {
Jan F. Chadima 69dd72
 				debug("need rekeying");
Jan F. Chadima 69dd72
 				xxx_kex->done = 0;
Petr Lautrbach 3e1dd6
diff --git a/configure.ac b/configure.ac
Petr Lautrbach 3e1dd6
index 74e77db..9bde04e 100644
Petr Lautrbach 3e1dd6
--- a/configure.ac
Petr Lautrbach 3e1dd6
+++ b/configure.ac
Petr Lautrbach 3e1dd6
@@ -584,6 +584,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
Jan F. Chadima 69dd72
 	    [Use tunnel device compatibility to OpenBSD])
Jan F. Chadima 69dd72
 	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
Jan F. Chadima 69dd72
 	    [Prepend the address family to IP tunnel traffic])
Jan F. Chadima 69dd72
+	AC_MSG_CHECKING(if we have the Security Authorization Session API)
Jan F. Chadima 69dd72
+	AC_TRY_COMPILE([#include <Security/AuthSession.h>],
Jan F. Chadima 69dd72
+		[SessionCreate(0, 0);],
Jan F. Chadima 69dd72
+		[ac_cv_use_security_session_api="yes"
Jan F. Chadima 69dd72
+		 AC_DEFINE(USE_SECURITY_SESSION_API, 1, 
Jan F. Chadima 69dd72
+			[platform has the Security Authorization Session API])
Jan F. Chadima 69dd72
+		 LIBS="$LIBS -framework Security"
Jan F. Chadima 69dd72
+		 AC_MSG_RESULT(yes)],
Jan F. Chadima 69dd72
+		[ac_cv_use_security_session_api="no"
Jan F. Chadima 69dd72
+		 AC_MSG_RESULT(no)])
Jan F. Chadima 69dd72
+	AC_MSG_CHECKING(if we have an in-memory credentials cache)
Jan F. Chadima 69dd72
+	AC_TRY_COMPILE(
Jan F. Chadima 69dd72
+		[#include <Kerberos/Kerberos.h>],
Jan F. Chadima 69dd72
+		[cc_context_t c;
Jan F. Chadima 69dd72
+		 (void) cc_initialize (&c, 0, NULL, NULL);],
Jan F. Chadima 69dd72
+		[AC_DEFINE(USE_CCAPI, 1, 
Jan F. Chadima 69dd72
+			[platform uses an in-memory credentials cache])
Jan F. Chadima 69dd72
+		 LIBS="$LIBS -framework Security"
Jan F. Chadima 69dd72
+		 AC_MSG_RESULT(yes)
Jan F. Chadima 69dd72
+		 if test "x$ac_cv_use_security_session_api" = "xno"; then
Jan F. Chadima 69dd72
+			AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
Jan F. Chadima 69dd72
+		fi],
Jan F. Chadima 69dd72
+		[AC_MSG_RESULT(no)]
Jan F. Chadima 69dd72
+	)
Jan F. Chadima 69dd72
 	m4_pattern_allow([AU_IPv])
Jan F. Chadima 69dd72
 	AC_CHECK_DECL([AU_IPv4], [], 
Jan F. Chadima 69dd72
 	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
Petr Lautrbach 3e1dd6
diff --git a/gss-genr.c b/gss-genr.c
Petr Lautrbach 3e1dd6
index b39281b..a3a2289 100644
Petr Lautrbach 3e1dd6
--- a/gss-genr.c
Petr Lautrbach 3e1dd6
+++ b/gss-genr.c
Jan F. Chadima 69dd72
@@ -39,12 +39,167 @@
Jan F. Chadima 69dd72
 #include "buffer.h"
Jan F. Chadima 69dd72
 #include "log.h"
Jan F. Chadima 69dd72
 #include "ssh2.h"
Jan F. Chadima 69dd72
+#include "cipher.h"
Jan F. Chadima 69dd72
+#include "key.h"
Jan F. Chadima 69dd72
+#include "kex.h"
Jan F. Chadima 69dd72
+#include <openssl/evp.h>
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #include "ssh-gss.h"
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 extern u_char *session_id2;
Jan F. Chadima 69dd72
 extern u_int session_id2_len;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+typedef struct {
Jan F. Chadima 69dd72
+	char *encoded;
Jan F. Chadima 69dd72
+	gss_OID oid;
Jan F. Chadima 69dd72
+} ssh_gss_kex_mapping;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * XXX - It would be nice to find a more elegant way of handling the
Jan F. Chadima 69dd72
+ * XXX   passing of the key exchange context to the userauth routines
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+Gssctxt *gss_kex_context = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+static ssh_gss_kex_mapping *gss_enc2oid = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+int 
Jan F. Chadima 69dd72
+ssh_gssapi_oid_table_ok() {
Jan F. Chadima 69dd72
+	return (gss_enc2oid != NULL);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Return a list of the gss-group1-sha1 mechanisms supported by this program
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * We test mechanisms to ensure that we can use them, to avoid starting
Jan F. Chadima 69dd72
+ * a key exchange with a bad mechanism
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+char *
Jan F. Chadima 69dd72
+ssh_gssapi_client_mechanisms(const char *host, const char *client) {
Jan F. Chadima 69dd72
+	gss_OID_set gss_supported;
Jan F. Chadima 69dd72
+	OM_uint32 min_status;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported)))
Jan F. Chadima 69dd72
+		return NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
Jan F. Chadima 69dd72
+	    host, client));
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+char *
Jan F. Chadima 69dd72
+ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
Jan F. Chadima 69dd72
+    const char *host, const char *client) {
Jan F. Chadima 69dd72
+	Buffer buf;
Jan F. Chadima 69dd72
+	size_t i;
Jan F. Chadima 69dd72
+	int oidpos, enclen;
Jan F. Chadima 69dd72
+	char *mechs, *encoded;
Jan F. Chadima 69dd72
+	u_char digest[EVP_MAX_MD_SIZE];
Jan F. Chadima 69dd72
+	char deroid[2];
Jan F. Chadima 69dd72
+	const EVP_MD *evp_md = EVP_md5();
Jan F. Chadima 69dd72
+	EVP_MD_CTX md;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss_enc2oid != NULL) {
Jan F. Chadima 69dd72
+		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
Petr Lautrbach 84822b
+			free(gss_enc2oid[i].encoded);
Petr Lautrbach 84822b
+		free(gss_enc2oid);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *
Jan F. Chadima 69dd72
+	    (gss_supported->count + 1));
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_init(&buf;;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	oidpos = 0;
Jan F. Chadima 69dd72
+	for (i = 0; i < gss_supported->count; i++) {
Jan F. Chadima 69dd72
+		if (gss_supported->elements[i].length < 128 &&
Jan F. Chadima 69dd72
+		    (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			deroid[0] = SSH_GSS_OIDTYPE;
Jan F. Chadima 69dd72
+			deroid[1] = gss_supported->elements[i].length;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			EVP_DigestInit(&md, evp_md);
Jan F. Chadima 69dd72
+			EVP_DigestUpdate(&md, deroid, 2);
Jan F. Chadima 69dd72
+			EVP_DigestUpdate(&md,
Jan F. Chadima 69dd72
+			    gss_supported->elements[i].elements,
Jan F. Chadima 69dd72
+			    gss_supported->elements[i].length);
Jan F. Chadima 69dd72
+			EVP_DigestFinal(&md, digest, NULL);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			encoded = xmalloc(EVP_MD_size(evp_md) * 2);
Jan F. Chadima 69dd72
+			enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
Jan F. Chadima 69dd72
+			    encoded, EVP_MD_size(evp_md) * 2);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			if (oidpos != 0)
Jan F. Chadima 69dd72
+				buffer_put_char(&buf, ',');
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
Jan F. Chadima 69dd72
+			    sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
Jan F. Chadima 69dd72
+			buffer_append(&buf, encoded, enclen);
Jan F. Chadima 69dd72
+			buffer_put_char(&buf, ',');
Jan F. Chadima 69dd72
+			buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
Jan F. Chadima 69dd72
+			    sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
Jan F. Chadima 69dd72
+			buffer_append(&buf, encoded, enclen);
Jan F. Chadima 69dd72
+			buffer_put_char(&buf, ',');
Jan F. Chadima 69dd72
+			buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
Jan F. Chadima 69dd72
+			    sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
Jan F. Chadima 69dd72
+			buffer_append(&buf, encoded, enclen);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
Jan F. Chadima 69dd72
+			gss_enc2oid[oidpos].encoded = encoded;
Jan F. Chadima 69dd72
+			oidpos++;
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+	gss_enc2oid[oidpos].oid = NULL;
Jan F. Chadima 69dd72
+	gss_enc2oid[oidpos].encoded = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_put_char(&buf, '\0');
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	mechs = xmalloc(buffer_len(&buf));
Jan F. Chadima 69dd72
+	buffer_get(&buf, mechs, buffer_len(&buf));
Jan F. Chadima 69dd72
+	buffer_free(&buf;;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (strlen(mechs) == 0) {
Petr Lautrbach 84822b
+		free(mechs);
Jan F. Chadima 69dd72
+		mechs = NULL;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	return (mechs);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+gss_OID
Jan F. Chadima 69dd72
+ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) {
Jan F. Chadima 69dd72
+	int i = 0;
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	switch (kex_type) {
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP1_SHA1:
Jan F. Chadima 69dd72
+		if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID))
Jan F. Chadima 69dd72
+			return GSS_C_NO_OID;
Jan F. Chadima 69dd72
+		name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1;
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP14_SHA1:
Jan F. Chadima 69dd72
+		if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID))
Jan F. Chadima 69dd72
+			return GSS_C_NO_OID;
Jan F. Chadima 69dd72
+		name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1;
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GEX_SHA1:
Jan F. Chadima 69dd72
+		if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID))
Jan F. Chadima 69dd72
+			return GSS_C_NO_OID;
Jan F. Chadima 69dd72
+		name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1;
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	default:
Jan F. Chadima 69dd72
+		return GSS_C_NO_OID;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	while (gss_enc2oid[i].encoded != NULL &&
Jan F. Chadima 69dd72
+	    strcmp(name, gss_enc2oid[i].encoded) != 0)
Jan F. Chadima 69dd72
+		i++;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss_enc2oid[i].oid != NULL && ctx != NULL)
Jan F. Chadima 69dd72
+		ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return gss_enc2oid[i].oid;
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 /* Check that the OID in a data stream matches that in the context */
Jan F. Chadima 69dd72
 int
Jan F. Chadima 69dd72
 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
Petr Lautrbach 3e1dd6
@@ -197,7 +352,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	ctx->major = gss_init_sec_context(&ctx->minor,
Jan F. Chadima 69dd72
-	    GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
Jan F. Chadima 69dd72
+	    ctx->client_creds, &ctx->context, ctx->name, ctx->oid,
Jan F. Chadima 69dd72
 	    GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
Jan F. Chadima 69dd72
 	    0, NULL, recv_tok, NULL, send_tok, flags, NULL);
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
@@ -227,8 +382,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 OM_uint32
Jan F. Chadima 69dd72
+ssh_gssapi_client_identity(Gssctxt *ctx, const char *name)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	gss_buffer_desc gssbuf;
Jan F. Chadima 69dd72
+	gss_name_t gssname;
Jan F. Chadima 69dd72
+	OM_uint32 status;
Jan F. Chadima 69dd72
+	gss_OID_set oidset;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gssbuf.value = (void *) name;
Jan F. Chadima 69dd72
+	gssbuf.length = strlen(gssbuf.value);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gss_create_empty_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
+	gss_add_oid_set_member(&status, ctx->oid, &oidset);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ctx->major = gss_import_name(&ctx->minor, &gssbuf,
Jan F. Chadima 69dd72
+	    GSS_C_NT_USER_NAME, &gssname);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!ctx->major)
Jan F. Chadima 69dd72
+		ctx->major = gss_acquire_cred(&ctx->minor, 
Jan F. Chadima 69dd72
+		    gssname, 0, oidset, GSS_C_INITIATE, 
Jan F. Chadima 69dd72
+		    &ctx->client_creds, NULL, NULL);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gss_release_name(&status, &gssname);
Jan F. Chadima 69dd72
+	gss_release_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (ctx->major)
Jan F. Chadima 69dd72
+		ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return(ctx->major);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+OM_uint32
Jan F. Chadima 69dd72
 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
+	if (ctx == NULL) 
Jan F. Chadima 69dd72
+		return -1;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
Jan F. Chadima 69dd72
 	    GSS_C_QOP_DEFAULT, buffer, hash)))
Jan F. Chadima 69dd72
 		ssh_gssapi_error(ctx);
Petr Lautrbach 3e1dd6
@@ -236,6 +425,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
Jan F. Chadima 69dd72
 	return (ctx->major);
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+/* Priviledged when used by server */
Jan F. Chadima 69dd72
+OM_uint32
Jan F. Chadima 69dd72
+ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	if (ctx == NULL)
Jan F. Chadima 69dd72
+		return -1;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
Jan F. Chadima 69dd72
+	    gssbuf, gssmic, NULL);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return (ctx->major);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 void
Jan F. Chadima 69dd72
 ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
Jan F. Chadima 69dd72
     const char *context)
Petr Lautrbach 3e1dd6
@@ -249,11 +451,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 int
Jan F. Chadima 69dd72
-ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
Jan F. Chadima 69dd72
+ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host, 
Jan F. Chadima 69dd72
+    const char *client)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
 	OM_uint32 major, minor;
Jan F. Chadima 69dd72
 	gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
Jan F. Chadima 69dd72
+	Gssctxt *intctx = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (ctx == NULL)
Jan F. Chadima 69dd72
+		ctx = &intct;;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	/* RFC 4462 says we MUST NOT do SPNEGO */
Jan F. Chadima 69dd72
 	if (oid->length == spnego_oid.length && 
Petr Lautrbach 3e1dd6
@@ -263,6 +470,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
Jan F. Chadima 69dd72
 	ssh_gssapi_build_ctx(ctx);
Jan F. Chadima 69dd72
 	ssh_gssapi_set_oid(*ctx, oid);
Jan F. Chadima 69dd72
 	major = ssh_gssapi_import_name(*ctx, host);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!GSS_ERROR(major) && client)
Jan F. Chadima 69dd72
+		major = ssh_gssapi_client_identity(*ctx, client);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	if (!GSS_ERROR(major)) {
Jan F. Chadima 69dd72
 		major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
Jan F. Chadima 69dd72
 		    NULL);
Petr Lautrbach 3e1dd6
@@ -272,10 +483,67 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
Jan F. Chadima 69dd72
 			    GSS_C_NO_BUFFER);
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-	if (GSS_ERROR(major)) 
Jan F. Chadima 69dd72
+	if (GSS_ERROR(major) || intctx != NULL) 
Jan F. Chadima 69dd72
 		ssh_gssapi_delete_ctx(ctx);
Jan F. Chadima 69dd72
 
Petr Lautrbach 84822b
 	return (!GSS_ERROR(major));
Petr Lautrbach 84822b
 }
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
+int
Petr Lautrbach 84822b
+ssh_gssapi_credentials_updated(Gssctxt *ctxt) {
Petr Lautrbach 84822b
+	static gss_name_t saved_name = GSS_C_NO_NAME;
Petr Lautrbach 84822b
+	static OM_uint32 saved_lifetime = 0;
Petr Lautrbach 84822b
+	static gss_OID saved_mech = GSS_C_NO_OID;
Petr Lautrbach 84822b
+	static gss_name_t name;
Petr Lautrbach 84822b
+	static OM_uint32 last_call = 0;
Petr Lautrbach 84822b
+	OM_uint32 lifetime, now, major, minor;
Petr Lautrbach 84822b
+	int equal;
Petr Lautrbach 84822b
+	gss_cred_usage_t usage = GSS_C_INITIATE;
Petr Lautrbach 84822b
+	
Petr Lautrbach 84822b
+	now = time(NULL);
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	if (ctxt) {
Petr Lautrbach 84822b
+		debug("Rekey has happened - updating saved versions");
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+		if (saved_name != GSS_C_NO_NAME)
Petr Lautrbach 84822b
+			gss_release_name(&minor, &saved_name);
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+		major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL,
Petr Lautrbach 84822b
+		    &saved_name, &saved_lifetime, NULL, NULL);
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+		if (!GSS_ERROR(major)) {
Petr Lautrbach 84822b
+			saved_mech = ctxt->oid;
Petr Lautrbach 84822b
+		        saved_lifetime+= now;
Petr Lautrbach 84822b
+		} else {
Petr Lautrbach 84822b
+			/* Handle the error */
Petr Lautrbach 84822b
+		}
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+	}
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	if (now - last_call < 10)
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	last_call = now;
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	if (saved_mech == GSS_C_NO_OID)
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+	
Petr Lautrbach 84822b
+	major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, 
Petr Lautrbach 84822b
+	    &name, &lifetime, NULL, NULL);
Petr Lautrbach 84822b
+	if (major == GSS_S_CREDENTIALS_EXPIRED)
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+	else if (GSS_ERROR(major))
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	major = gss_compare_name(&minor, saved_name, name, &equal);
Petr Lautrbach 84822b
+	gss_release_name(&minor, &name);
Petr Lautrbach 84822b
+	if (GSS_ERROR(major))
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	if (equal && (saved_lifetime < lifetime + now - 10))
Petr Lautrbach 84822b
+		return 1;
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	return 0;
Petr Lautrbach 84822b
+}
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
 #endif /* GSSAPI */
Petr Lautrbach 3e1dd6
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
Petr Lautrbach 3e1dd6
index 759fa10..42de994 100644
Petr Lautrbach 3e1dd6
--- a/gss-serv-krb5.c
Petr Lautrbach 3e1dd6
+++ b/gss-serv-krb5.c
Petr Lautrbach 3e1dd6
@@ -120,7 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
Petr Lautrbach 84822b
 	krb5_error_code problem;
Petr Lautrbach 84822b
 	krb5_principal princ;
Petr Lautrbach 84822b
 	OM_uint32 maj_status, min_status;
Petr Lautrbach 84822b
-	int len;
Petr Lautrbach 84822b
+	const char *new_ccname, *new_cctype;
Petr Lautrbach 84822b
 	const char *errmsg;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 	if (client->creds == NULL) {
Petr Lautrbach 3e1dd6
@@ -180,11 +180,26 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
Petr Lautrbach 84822b
 		return;
Petr Lautrbach 84822b
 	}
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
-	client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
Petr Lautrbach 84822b
+	new_cctype = krb5_cc_get_type(krb_context, ccache);
Petr Lautrbach 84822b
+	new_ccname = krb5_cc_get_name(krb_context, ccache);
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
 	client->store.envvar = "KRB5CCNAME";
Petr Lautrbach 84822b
-	len = strlen(client->store.filename) + 6;
Petr Lautrbach 84822b
-	client->store.envval = xmalloc(len);
Petr Lautrbach 84822b
-	snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
Petr Lautrbach 84822b
+#ifdef USE_CCAPI
Petr Lautrbach 84822b
+	xasprintf(&client->store.envval, "API:%s", new_ccname);
Petr Lautrbach 84822b
+	client->store.filename = NULL;
Petr Lautrbach 84822b
+#else
Petr Lautrbach 84822b
+	if (new_ccname[0] == ':')
Petr Lautrbach 84822b
+		new_ccname++;
Petr Lautrbach 84822b
+	xasprintf(&client->store.envval, "%s:%s", new_cctype, new_ccname);
Petr Lautrbach 84822b
+	if (strcmp(new_cctype, "DIR") == 0) {
Petr Lautrbach 84822b
+		char *p;
Petr Lautrbach 84822b
+		p = strrchr(client->store.envval, '/');
Petr Lautrbach 84822b
+		if (p)
Petr Lautrbach 84822b
+			*p = '\0';
Petr Lautrbach 84822b
+	}
Petr Lautrbach 99076b
+	if ((strcmp(new_cctype, "FILE") == 0) || (strcmp(new_cctype, "DIR") == 0))
Petr Lautrbach 99076b
+		client->store.filename = xstrdup(new_ccname);
Petr Lautrbach 84822b
+#endif
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 #ifdef USE_PAM
Petr Lautrbach 84822b
 	if (options.use_pam)
Petr Lautrbach 3e1dd6
@@ -193,9 +208,76 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
Petr Lautrbach 99076b
 
Petr Lautrbach 99076b
 	krb5_cc_close(krb_context, ccache);
Petr Lautrbach 99076b
 
Petr Lautrbach 99076b
+	client->store.data = krb_context;
Petr Lautrbach 99076b
+
Petr Lautrbach 84822b
 	return;
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+int
Petr Lautrbach 84822b
+ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, 
Petr Lautrbach 84822b
+    ssh_gssapi_client *client)
Petr Lautrbach 84822b
+{
Petr Lautrbach 84822b
+	krb5_ccache ccache = NULL;
Petr Lautrbach 84822b
+	krb5_principal principal = NULL;
Petr Lautrbach 84822b
+	char *name = NULL;
Petr Lautrbach 84822b
+	krb5_error_code problem;
Petr Lautrbach 84822b
+	OM_uint32 maj_status, min_status;
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+   	if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
Petr Lautrbach 84822b
+                logit("krb5_cc_resolve(): %.100s",
Petr Lautrbach 84822b
+                    krb5_get_err_text(krb_context, problem));
Petr Lautrbach 84822b
+                return 0;
Petr Lautrbach 84822b
+       	}
Petr Lautrbach 84822b
+	
Petr Lautrbach 84822b
+	/* Find out who the principal in this cache is */
Petr Lautrbach 84822b
+	if ((problem = krb5_cc_get_principal(krb_context, ccache, 
Petr Lautrbach 84822b
+	    &principal))) {
Petr Lautrbach 84822b
+		logit("krb5_cc_get_principal(): %.100s",
Petr Lautrbach 84822b
+		    krb5_get_err_text(krb_context, problem));
Petr Lautrbach 84822b
+		krb5_cc_close(krb_context, ccache);
Jan F. Chadima 69dd72
+		return 0;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
Petr Lautrbach 84822b
+		logit("krb5_unparse_name(): %.100s",
Petr Lautrbach 84822b
+		    krb5_get_err_text(krb_context, problem));
Petr Lautrbach 84822b
+		krb5_free_principal(krb_context, principal);
Petr Lautrbach 84822b
+		krb5_cc_close(krb_context, ccache);
Jan F. Chadima 69dd72
+		return 0;
Petr Lautrbach 84822b
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	if (strcmp(name,client->exportedname.value)!=0) {
Petr Lautrbach 84822b
+		debug("Name in local credentials cache differs. Not storing");
Petr Lautrbach 84822b
+		krb5_free_principal(krb_context, principal);
Petr Lautrbach 84822b
+		krb5_cc_close(krb_context, ccache);
Petr Lautrbach 84822b
+		krb5_free_unparsed_name(krb_context, name);
Jan F. Chadima 69dd72
+		return 0;
Petr Lautrbach 84822b
+	}
Petr Lautrbach 84822b
+	krb5_free_unparsed_name(krb_context, name);
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	/* Name matches, so lets get on with it! */
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
Petr Lautrbach 84822b
+		logit("krb5_cc_initialize(): %.100s",
Petr Lautrbach 84822b
+		    krb5_get_err_text(krb_context, problem));
Petr Lautrbach 84822b
+		krb5_free_principal(krb_context, principal);
Petr Lautrbach 84822b
+		krb5_cc_close(krb_context, ccache);
Jan F. Chadima 69dd72
+		return 0;
Petr Lautrbach 84822b
+	}
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	krb5_free_principal(krb_context, principal);
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
Petr Lautrbach 84822b
+	    ccache))) {
Petr Lautrbach 84822b
+		logit("gss_krb5_copy_ccache() failed. Sorry!");
Petr Lautrbach 84822b
+		krb5_cc_close(krb_context, ccache);
Petr Lautrbach 84822b
+		return 0;
Petr Lautrbach 84822b
+	}
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+	return 1;
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
 ssh_gssapi_mech gssapi_kerberos_mech = {
Petr Lautrbach 84822b
 	"toWM5Slw5Ew8Mqkay+al2g==",
Petr Lautrbach 84822b
 	"Kerberos",
Petr Lautrbach 3e1dd6
@@ -203,7 +285,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
Petr Lautrbach 84822b
 	NULL,
Petr Lautrbach 84822b
 	&ssh_gssapi_krb5_userok,
Petr Lautrbach 84822b
 	NULL,
Petr Lautrbach 84822b
-	&ssh_gssapi_krb5_storecreds
Petr Lautrbach 84822b
+	&ssh_gssapi_krb5_storecreds,
Petr Lautrbach 84822b
+	&ssh_gssapi_krb5_updatecreds
Petr Lautrbach 84822b
 };
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 #endif /* KRB5 */
Petr Lautrbach 3e1dd6
diff --git a/gss-serv.c b/gss-serv.c
Petr Lautrbach 3e1dd6
index e61b37b..14f540e 100644
Petr Lautrbach 3e1dd6
--- a/gss-serv.c
Petr Lautrbach 3e1dd6
+++ b/gss-serv.c
Jan F. Chadima 69dd72
@@ -45,15 +45,20 @@
Jan F. Chadima 69dd72
 #include "channels.h"
Jan F. Chadima 69dd72
 #include "session.h"
Jan F. Chadima 69dd72
 #include "misc.h"
Jan F. Chadima 69dd72
+#include "servconf.h"
Jan F. Chadima 69dd72
+#include "uidswap.h"
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #include "ssh-gss.h"
Jan F. Chadima 69dd72
+#include "monitor_wrap.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+extern ServerOptions options;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 static ssh_gssapi_client gssapi_client =
Jan F. Chadima 69dd72
     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
Petr Lautrbach 84822b
-    GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
Jan F. Chadima 69dd72
+    GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,  NULL, {NULL, NULL, NULL}, 0, 0};
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 ssh_gssapi_mech gssapi_null_mech =
Jan F. Chadima 69dd72
-    { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
Jan F. Chadima 69dd72
+    { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL};
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #ifdef KRB5
Jan F. Chadima 69dd72
 extern ssh_gssapi_mech gssapi_kerberos_mech;
Petr Lautrbach 3e1dd6
@@ -100,25 +105,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
Jan F. Chadima 69dd72
 	char lname[MAXHOSTNAMELEN];
Jan F. Chadima 69dd72
 	gss_OID_set oidset;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-	gss_create_empty_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
-	gss_add_oid_set_member(&status, ctx->oid, &oidset);
Jan F. Chadima 69dd72
+	if (options.gss_strict_acceptor) {
Jan F. Chadima 69dd72
+		gss_create_empty_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
+		gss_add_oid_set_member(&status, ctx->oid, &oidset);
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-	if (gethostname(lname, MAXHOSTNAMELEN)) {
Jan F. Chadima 69dd72
-		gss_release_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
-		return (-1);
Jan F. Chadima 69dd72
-	}
Petr Lautrbach 3e1dd6
+		if (gethostname(lname, MAXHOSTNAMELEN)) {
Petr Lautrbach 3e1dd6
+			gss_release_oid_set(&status, &oidset);
Petr Lautrbach 3e1dd6
+			return (-1);
Petr Lautrbach 3e1dd6
+		}
Petr Lautrbach 3e1dd6
+
Jan F. Chadima 69dd72
+		if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
Jan F. Chadima 69dd72
+			gss_release_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
+			return (ctx->major);
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if ((ctx->major = gss_acquire_cred(&ctx->minor,
Jan F. Chadima 69dd72
+		    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 
Jan F. Chadima 69dd72
+		    NULL, NULL)))
Jan F. Chadima 69dd72
+			ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
Jan F. Chadima 69dd72
 		gss_release_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
 		return (ctx->major);
Jan F. Chadima 69dd72
+	} else {
Jan F. Chadima 69dd72
+		ctx->name = GSS_C_NO_NAME;
Jan F. Chadima 69dd72
+		ctx->creds = GSS_C_NO_CREDENTIAL;
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
-
Jan F. Chadima 69dd72
-	if ((ctx->major = gss_acquire_cred(&ctx->minor,
Jan F. Chadima 69dd72
-	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
Jan F. Chadima 69dd72
-		ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
-
Jan F. Chadima 69dd72
-	gss_release_oid_set(&status, &oidset);
Jan F. Chadima 69dd72
-	return (ctx->major);
Jan F. Chadima 69dd72
+	return GSS_S_COMPLETE;
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 /* Privileged */
Petr Lautrbach 3e1dd6
@@ -133,6 +145,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 /* Unprivileged */
Jan F. Chadima 69dd72
+char *
Jan F. Chadima 69dd72
+ssh_gssapi_server_mechanisms() {
Jan F. Chadima 69dd72
+	gss_OID_set	supported;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ssh_gssapi_supported_oids(&supported);
Jan F. Chadima 69dd72
+	return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
Jan F. Chadima 69dd72
+	    NULL, NULL));
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/* Unprivileged */
Jan F. Chadima 69dd72
+int
Jan F. Chadima 69dd72
+ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data,
Jan F. Chadima 69dd72
+    const char *dummy) {
Jan F. Chadima 69dd72
+	Gssctxt *ctx = NULL;
Jan F. Chadima 69dd72
+	int res;
Jan F. Chadima 69dd72
+ 
Jan F. Chadima 69dd72
+	res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
Jan F. Chadima 69dd72
+	ssh_gssapi_delete_ctx(&ctx;;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return (res);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/* Unprivileged */
Jan F. Chadima 69dd72
 void
Jan F. Chadima 69dd72
 ssh_gssapi_supported_oids(gss_OID_set *oidset)
Jan F. Chadima 69dd72
 {
Petr Lautrbach 3e1dd6
@@ -142,7 +177,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
Jan F. Chadima 69dd72
 	gss_OID_set supported;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	gss_create_empty_oid_set(&min_status, oidset);
Jan F. Chadima 69dd72
-	gss_indicate_mechs(&min_status, &supported);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported)))
Jan F. Chadima 69dd72
+		return;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	while (supported_mechs[i]->name != NULL) {
Jan F. Chadima 69dd72
 		if (GSS_ERROR(gss_test_oid_set_member(&min_status,
Petr Lautrbach 3e1dd6
@@ -268,8 +305,48 @@ OM_uint32
Jan F. Chadima 69dd72
 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	int i = 0;
Jan F. Chadima 69dd72
+	int equal = 0;
Jan F. Chadima 69dd72
+	gss_name_t new_name = GSS_C_NO_NAME;
Jan F. Chadima 69dd72
+	gss_buffer_desc ename = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (options.gss_store_rekey && client->used && ctx->client_creds) {
Jan F. Chadima 69dd72
+		if (client->mech->oid.length != ctx->oid->length ||
Jan F. Chadima 69dd72
+		    (memcmp(client->mech->oid.elements,
Jan F. Chadima 69dd72
+		     ctx->oid->elements, ctx->oid->length) !=0)) {
Jan F. Chadima 69dd72
+			debug("Rekeyed credentials have different mechanism");
Jan F. Chadima 69dd72
+			return GSS_S_COMPLETE;
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, 
Jan F. Chadima 69dd72
+		    ctx->client_creds, ctx->oid, &new_name, 
Jan F. Chadima 69dd72
+		    NULL, NULL, NULL))) {
Jan F. Chadima 69dd72
+			ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
+			return (ctx->major);
Jan F. Chadima 69dd72
+		}
Petr Lautrbach 99076b
+
Jan F. Chadima 69dd72
+		ctx->major = gss_compare_name(&ctx->minor, client->name, 
Jan F. Chadima 69dd72
+		    new_name, &equal);
Petr Lautrbach 99076b
 
Petr Lautrbach 99076b
-	gss_buffer_desc ename;
Jan F. Chadima 69dd72
+		if (GSS_ERROR(ctx->major)) {
Jan F. Chadima 69dd72
+			ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
+			return (ctx->major);
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+ 
Jan F. Chadima 69dd72
+		if (!equal) {
Jan F. Chadima 69dd72
+			debug("Rekeyed credentials have different name");
Jan F. Chadima 69dd72
+			return GSS_S_COMPLETE;
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		debug("Marking rekeyed credentials for export");
Petr Lautrbach 51ca3b
+
Jan F. Chadima 69dd72
+		gss_release_name(&ctx->minor, &client->name);
Jan F. Chadima 69dd72
+		gss_release_cred(&ctx->minor, &client->creds);
Jan F. Chadima 69dd72
+		client->name = new_name;
Jan F. Chadima 69dd72
+		client->creds = ctx->client_creds;
Jan F. Chadima 69dd72
+        	ctx->client_creds = GSS_C_NO_CREDENTIAL;
Jan F. Chadima 69dd72
+		client->updated = 1;
Jan F. Chadima 69dd72
+		return GSS_S_COMPLETE;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	client->mech = NULL;
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
@@ -284,6 +361,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
Jan F. Chadima 69dd72
 	if (client->mech == NULL)
Jan F. Chadima 69dd72
 		return GSS_S_FAILURE;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	if (ctx->client_creds &&
Jan F. Chadima 69dd72
+	    (ctx->major = gss_inquire_cred_by_mech(&ctx->minor,
Jan F. Chadima 69dd72
+	     ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) {
Jan F. Chadima 69dd72
+		ssh_gssapi_error(ctx);
Jan F. Chadima 69dd72
+		return (ctx->major);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
Jan F. Chadima 69dd72
 	    &client->displayname, NULL))) {
Jan F. Chadima 69dd72
 		ssh_gssapi_error(ctx);
Petr Lautrbach 3e1dd6
@@ -301,6 +385,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
Jan F. Chadima 69dd72
 		return (ctx->major);
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	gss_release_buffer(&ctx->minor, &ename);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	/* We can't copy this structure, so we just move the pointer to it */
Jan F. Chadima 69dd72
 	client->creds = ctx->client_creds;
Jan F. Chadima 69dd72
 	ctx->client_creds = GSS_C_NO_CREDENTIAL;
Petr Lautrbach 3e1dd6
@@ -311,11 +397,20 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
Petr Lautrbach 51ca3b
 void
Petr Lautrbach 51ca3b
 ssh_gssapi_cleanup_creds(void)
Petr Lautrbach 51ca3b
 {
Petr Lautrbach 99076b
-	if (gssapi_client.store.filename != NULL) {
Petr Lautrbach 99076b
-		/* Unlink probably isn't sufficient */
Petr Lautrbach 99076b
-		debug("removing gssapi cred file\"%s\"",
Petr Lautrbach 99076b
-		    gssapi_client.store.filename);
Petr Lautrbach 99076b
-		unlink(gssapi_client.store.filename);
Petr Lautrbach 99076b
+	krb5_ccache ccache = NULL;
Petr Lautrbach 99076b
+	krb5_error_code problem;
Petr Lautrbach 99076b
+
Petr Lautrbach 99076b
+	if (gssapi_client.store.data != NULL) {
Petr Lautrbach 99076b
+		if ((problem = krb5_cc_resolve(gssapi_client.store.data, gssapi_client.store.envval, &ccache))) {
Petr Lautrbach 99076b
+			debug("%s: krb5_cc_resolve(): %.100s", __func__,
Petr Lautrbach 99076b
+				krb5_get_err_text(gssapi_client.store.data, problem));
Petr Lautrbach 99076b
+		} else if ((problem = krb5_cc_destroy(gssapi_client.store.data, ccache))) {
Petr Lautrbach 99076b
+			debug("%s: krb5_cc_resolve(): %.100s", __func__,
Petr Lautrbach 99076b
+				krb5_get_err_text(gssapi_client.store.data, problem));
Petr Lautrbach 99076b
+		} else {
Petr Lautrbach 99076b
+			krb5_free_context(gssapi_client.store.data);
Petr Lautrbach 99076b
+			gssapi_client.store.data = NULL;
Petr Lautrbach 51ca3b
+		}
Petr Lautrbach 51ca3b
 	}
Petr Lautrbach 51ca3b
 }
Petr Lautrbach 51ca3b
 
Petr Lautrbach 3e1dd6
@@ -348,7 +443,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 /* Privileged */
Jan F. Chadima 69dd72
 int
Jan F. Chadima 69dd72
-ssh_gssapi_userok(char *user)
Jan F. Chadima 69dd72
+ssh_gssapi_userok(char *user, struct passwd *pw)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	OM_uint32 lmin;
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
@@ -358,9 +453,11 @@ ssh_gssapi_userok(char *user)
Jan F. Chadima 69dd72
 		return 0;
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
 	if (gssapi_client.mech && gssapi_client.mech->userok)
Jan F. Chadima 69dd72
-		if ((*gssapi_client.mech->userok)(&gssapi_client, user))
Jan F. Chadima 69dd72
+		if ((*gssapi_client.mech->userok)(&gssapi_client, user)) {
Jan F. Chadima 69dd72
+			gssapi_client.used = 1;
Jan F. Chadima 69dd72
+			gssapi_client.store.owner = pw;
Jan F. Chadima 69dd72
 			return 1;
Jan F. Chadima 69dd72
-		else {
Jan F. Chadima 69dd72
+		} else {
Jan F. Chadima 69dd72
 			/* Destroy delegated credentials if userok fails */
Jan F. Chadima 69dd72
 			gss_release_buffer(&lmin, &gssapi_client.displayname);
Jan F. Chadima 69dd72
 			gss_release_buffer(&lmin, &gssapi_client.exportedname);
Petr Lautrbach 3e1dd6
@@ -374,14 +471,90 @@ ssh_gssapi_userok(char *user)
Jan F. Chadima 69dd72
 	return (0);
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-/* Privileged */
Jan F. Chadima 69dd72
-OM_uint32
Jan F. Chadima 69dd72
-ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
Jan F. Chadima 69dd72
+/* These bits are only used for rekeying. The unpriviledged child is running 
Jan F. Chadima 69dd72
+ * as the user, the monitor is root.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * In the child, we want to :
Jan F. Chadima 69dd72
+ *    *) Ask the monitor to store our credentials into the store we specify
Jan F. Chadima 69dd72
+ *    *) If it succeeds, maybe do a PAM update
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Petr Lautrbach d9e618
+/* Stuff for PAM */
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+#ifdef USE_PAM
Petr Lautrbach d9e618
+static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg, 
Petr Lautrbach d9e618
+    struct pam_response **resp, void *data)
Petr Lautrbach d9e618
 {
Petr Lautrbach d9e618
-	ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
Petr Lautrbach d9e618
-	    gssbuf, gssmic, NULL);
Petr Lautrbach d9e618
+	return (PAM_CONV_ERR);
Petr Lautrbach d9e618
+}
Petr Lautrbach d9e618
+#endif
Petr Lautrbach d9e618
 
Petr Lautrbach d9e618
-	return (ctx->major);
Petr Lautrbach d9e618
+void
Petr Lautrbach d9e618
+ssh_gssapi_rekey_creds() {
Petr Lautrbach d9e618
+	int ok;
Petr Lautrbach d9e618
+	int ret;
Petr Lautrbach d9e618
+#ifdef USE_PAM
Petr Lautrbach d9e618
+	pam_handle_t *pamh = NULL;
Petr Lautrbach d9e618
+	struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL};
Petr Lautrbach d9e618
+	char *envstr;
Petr Lautrbach d9e618
+#endif
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	if (gssapi_client.store.filename == NULL && 
Petr Lautrbach d9e618
+	    gssapi_client.store.envval == NULL &&
Petr Lautrbach d9e618
+	    gssapi_client.store.envvar == NULL)
Petr Lautrbach d9e618
+		return;
Petr Lautrbach d9e618
+ 
Petr Lautrbach d9e618
+	ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store));
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	if (!ok)
Petr Lautrbach d9e618
+		return;
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	debug("Rekeyed credentials stored successfully");
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	/* Actually managing to play with the ssh pam stack from here will
Petr Lautrbach d9e618
+	 * be next to impossible. In any case, we may want different options
Petr Lautrbach d9e618
+	 * for rekeying. So, use our own :)
Petr Lautrbach d9e618
+	 */
Petr Lautrbach d9e618
+#ifdef USE_PAM	
Petr Lautrbach d9e618
+	if (!use_privsep) {
Petr Lautrbach d9e618
+		debug("Not even going to try and do PAM with privsep disabled");
Petr Lautrbach d9e618
+		return;
Petr Lautrbach d9e618
+	}
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name,
Petr Lautrbach d9e618
+ 	    &pamconv, &pamh);
Petr Lautrbach d9e618
+	if (ret)
Petr Lautrbach d9e618
+		return;
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, 
Petr Lautrbach d9e618
+	    gssapi_client.store.envval);
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	ret = pam_putenv(pamh, envstr);
Petr Lautrbach d9e618
+	if (!ret)
Petr Lautrbach d9e618
+		pam_setcred(pamh, PAM_REINITIALIZE_CRED);
Petr Lautrbach d9e618
+	pam_end(pamh, PAM_SUCCESS);
Petr Lautrbach d9e618
+#endif
Petr Lautrbach d9e618
+}
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+int 
Petr Lautrbach d9e618
+ssh_gssapi_update_creds(ssh_gssapi_ccache *store) {
Petr Lautrbach d9e618
+	int ok = 0;
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	/* Check we've got credentials to store */
Petr Lautrbach d9e618
+	if (!gssapi_client.updated)
Petr Lautrbach d9e618
+		return 0;
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	gssapi_client.updated = 0;
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	temporarily_use_uid(gssapi_client.store.owner);
Petr Lautrbach d9e618
+	if (gssapi_client.mech && gssapi_client.mech->updatecreds)
Petr Lautrbach d9e618
+		ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client);
Petr Lautrbach d9e618
+	else
Petr Lautrbach d9e618
+		debug("No update function for this mechanism");
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	restore_uid();
Petr Lautrbach d9e618
+
Petr Lautrbach d9e618
+	return ok;
Petr Lautrbach d9e618
 }
Petr Lautrbach d9e618
 
Petr Lautrbach d9e618
 #endif
Petr Lautrbach 3e1dd6
diff --git a/kex.c b/kex.c
Petr Lautrbach 3e1dd6
index 74e2b86..bce2ab8 100644
Petr Lautrbach 3e1dd6
--- a/kex.c
Petr Lautrbach 3e1dd6
+++ b/kex.c
Jan F. Chadima 69dd72
@@ -51,6 +51,10 @@
Jan F. Chadima 69dd72
 #include "roaming.h"
Petr Lautrbach 3e1dd6
 #include "digest.h"
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+#include "ssh-gss.h"
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
Jan F. Chadima 69dd72
 # if defined(HAVE_EVP_SHA256)
Jan F. Chadima 69dd72
 # define evp_ssh_sha256 EVP_sha256
Petr Lautrbach 3e1dd6
@@ -90,6 +94,11 @@ static const struct kexalg kexalgs[] = {
Petr Lautrbach 3e1dd6
 #ifdef HAVE_EVP_SHA256
Petr Lautrbach 3e1dd6
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
Jan F. Chadima 69dd72
 #endif
Petr Lautrbach 383448
+#ifdef GSSAPI
Petr Lautrbach 3e1dd6
+	{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
Petr Lautrbach 3e1dd6
+	{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
Petr Lautrbach 3e1dd6
+	{ KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
Petr Lautrbach 383448
+#endif
Petr Lautrbach 3e1dd6
 	{ NULL, -1, -1, -1},
Petr Lautrbach 84822b
 };
Petr Lautrbach 84822b
 
Petr Lautrbach 3e1dd6
@@ -119,6 +128,12 @@ kex_alg_by_name(const char *name)
Petr Lautrbach 383448
 	for (k = kexalgs; k->name != NULL; k++) {
Petr Lautrbach 383448
 		if (strcmp(k->name, name) == 0)
Petr Lautrbach 383448
 			return k;
Petr Lautrbach 383448
+#ifdef GSSAPI
Petr Lautrbach 383448
+		if (strncmp(name, "gss-", 4) == 0) {
Petr Lautrbach 383448
+			if (strncmp(k->name, name, strlen(k->name)) == 0)
Petr Lautrbach 383448
+				return k;
Petr Lautrbach 383448
+		}
Petr Lautrbach 383448
+#endif
Petr Lautrbach 383448
 	}
Petr Lautrbach 383448
 	return NULL;
Petr Lautrbach 383448
 }
Petr Lautrbach 3e1dd6
diff --git a/kex.h b/kex.h
Petr Lautrbach 3e1dd6
index c85680e..313bb51 100644
Petr Lautrbach 3e1dd6
--- a/kex.h
Petr Lautrbach 3e1dd6
+++ b/kex.h
Petr Lautrbach 3e1dd6
@@ -76,6 +76,11 @@ enum kex_exchange {
Petr Lautrbach 84822b
 	KEX_DH_GEX_SHA256,
Petr Lautrbach 84822b
 	KEX_ECDH_SHA2,
Petr Lautrbach 3e1dd6
 	KEX_C25519_SHA256,
Petr Lautrbach 3e1dd6
+#ifdef GSSAPI
Petr Lautrbach 84822b
+	KEX_GSS_GRP1_SHA1,
Petr Lautrbach 84822b
+	KEX_GSS_GRP14_SHA1,
Petr Lautrbach 84822b
+	KEX_GSS_GEX_SHA1,
Petr Lautrbach 3e1dd6
+#endif
Petr Lautrbach 84822b
 	KEX_MAX
Petr Lautrbach 84822b
 };
Petr Lautrbach 84822b
 
Petr Lautrbach 3e1dd6
@@ -135,6 +140,12 @@ struct Kex {
Petr Lautrbach 84822b
 	int	flags;
Petr Lautrbach 3e1dd6
 	int	hash_alg;
Petr Lautrbach 84822b
 	int	ec_nid;
Petr Lautrbach 84822b
+#ifdef GSSAPI
Petr Lautrbach 84822b
+	int	gss_deleg_creds;
Petr Lautrbach 84822b
+	int	gss_trust_dns;
Petr Lautrbach 84822b
+	char    *gss_host;
Petr Lautrbach 84822b
+	char	*gss_client;
Petr Lautrbach 84822b
+#endif
Petr Lautrbach 84822b
 	char	*client_version_string;
Petr Lautrbach 84822b
 	char	*server_version_string;
Petr Lautrbach 84822b
 	int	(*verify_host_key)(Key *);
Petr Lautrbach 3e1dd6
@@ -166,6 +177,10 @@ void	 kexecdh_client(Kex *);
Petr Lautrbach 84822b
 void	 kexecdh_server(Kex *);
Petr Lautrbach 3e1dd6
 void	 kexc25519_client(Kex *);
Petr Lautrbach 3e1dd6
 void	 kexc25519_server(Kex *);
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Petr Lautrbach 3e1dd6
+void	 kexgss_client(Kex *);
Petr Lautrbach 3e1dd6
+void	 kexgss_server(Kex *);
Jan F. Chadima 69dd72
+#endif
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 void
Petr Lautrbach 3e1dd6
 kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
Petr Lautrbach 3e1dd6
diff --git a/kexgssc.c b/kexgssc.c
Petr Lautrbach 3e1dd6
new file mode 100644
Petr Lautrbach 3e1dd6
index 0000000..e90b567
Petr Lautrbach 3e1dd6
--- /dev/null
Petr Lautrbach 3e1dd6
+++ b/kexgssc.c
Jan F. Chadima 69dd72
@@ -0,0 +1,334 @@
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * Redistribution and use in source and binary forms, with or without
Jan F. Chadima 69dd72
+ * modification, are permitted provided that the following conditions
Jan F. Chadima 69dd72
+ * are met:
Jan F. Chadima 69dd72
+ * 1. Redistributions of source code must retain the above copyright
Jan F. Chadima 69dd72
+ *    notice, this list of conditions and the following disclaimer.
Jan F. Chadima 69dd72
+ * 2. Redistributions in binary form must reproduce the above copyright
Jan F. Chadima 69dd72
+ *    notice, this list of conditions and the following disclaimer in the
Jan F. Chadima 69dd72
+ *    documentation and/or other materials provided with the distribution.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
Jan F. Chadima 69dd72
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
Jan F. Chadima 69dd72
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Jan F. Chadima 69dd72
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
Jan F. Chadima 69dd72
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
Jan F. Chadima 69dd72
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
Jan F. Chadima 69dd72
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
Jan F. Chadima 69dd72
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
Jan F. Chadima 69dd72
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
Jan F. Chadima 69dd72
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "includes.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "includes.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <openssl/crypto.h>
Jan F. Chadima 69dd72
+#include <openssl/bn.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <string.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "xmalloc.h"
Jan F. Chadima 69dd72
+#include "buffer.h"
Jan F. Chadima 69dd72
+#include "ssh2.h"
Jan F. Chadima 69dd72
+#include "key.h"
Jan F. Chadima 69dd72
+#include "cipher.h"
Jan F. Chadima 69dd72
+#include "kex.h"
Jan F. Chadima 69dd72
+#include "log.h"
Jan F. Chadima 69dd72
+#include "packet.h"
Jan F. Chadima 69dd72
+#include "dh.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "ssh-gss.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+void
Jan F. Chadima 69dd72
+kexgss_client(Kex *kex) {
Jan F. Chadima 69dd72
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
+	gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
Jan F. Chadima 69dd72
+	Gssctxt *ctxt;
Jan F. Chadima 69dd72
+	OM_uint32 maj_status, min_status, ret_flags;
Jan F. Chadima 69dd72
+	u_int klen, kout, slen = 0, hashlen, strlen;
Jan F. Chadima 69dd72
+	DH *dh; 
Jan F. Chadima 69dd72
+	BIGNUM *dh_server_pub = NULL;
Jan F. Chadima 69dd72
+	BIGNUM *shared_secret = NULL;
Jan F. Chadima 69dd72
+	BIGNUM *p = NULL;
Jan F. Chadima 69dd72
+	BIGNUM *g = NULL;	
Jan F. Chadima 69dd72
+	u_char *kbuf, *hash;
Jan F. Chadima 69dd72
+	u_char *serverhostkey = NULL;
Jan F. Chadima 69dd72
+	u_char *empty = "";
Jan F. Chadima 69dd72
+	char *msg;
Jan F. Chadima 69dd72
+	char *lang;
Jan F. Chadima 69dd72
+	int type = 0;
Jan F. Chadima 69dd72
+	int first = 1;
Jan F. Chadima 69dd72
+	int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Initialise our GSSAPI world */	
Jan F. Chadima 69dd72
+	ssh_gssapi_build_ctx(&ctxt);
Jan F. Chadima 69dd72
+	if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type) 
Jan F. Chadima 69dd72
+	    == GSS_C_NO_OID)
Jan F. Chadima 69dd72
+		fatal("Couldn't identify host exchange");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (ssh_gssapi_import_name(ctxt, kex->gss_host))
Jan F. Chadima 69dd72
+		fatal("Couldn't import hostname");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (kex->gss_client && 
Jan F. Chadima 69dd72
+	    ssh_gssapi_client_identity(ctxt, kex->gss_client))
Jan F. Chadima 69dd72
+		fatal("Couldn't acquire client credentials");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	switch (kex->kex_type) {
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP1_SHA1:
Jan F. Chadima 69dd72
+		dh = dh_new_group1();
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP14_SHA1:
Jan F. Chadima 69dd72
+		dh = dh_new_group14();
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GEX_SHA1:
Jan F. Chadima 69dd72
+		debug("Doing group exchange\n");
Jan F. Chadima 69dd72
+		nbits = dh_estimate(kex->we_need * 8);
Jan F. Chadima 69dd72
+		packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
Jan F. Chadima 69dd72
+		packet_put_int(min);
Jan F. Chadima 69dd72
+		packet_put_int(nbits);
Jan F. Chadima 69dd72
+		packet_put_int(max);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		packet_send();
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if ((p = BN_new()) == NULL)
Jan F. Chadima 69dd72
+			fatal("BN_new() failed");
Jan F. Chadima 69dd72
+		packet_get_bignum2(p);
Jan F. Chadima 69dd72
+		if ((g = BN_new()) == NULL)
Jan F. Chadima 69dd72
+			fatal("BN_new() failed");
Jan F. Chadima 69dd72
+		packet_get_bignum2(g);
Jan F. Chadima 69dd72
+		packet_check_eom();
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (BN_num_bits(p) < min || BN_num_bits(p) > max)
Jan F. Chadima 69dd72
+			fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
Jan F. Chadima 69dd72
+			    min, BN_num_bits(p), max);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		dh = dh_new_group(g, p);
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	default:
Jan F. Chadima 69dd72
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	/* Step 1 - e is dh->pub_key */
Jan F. Chadima 69dd72
+	dh_gen_key(dh, kex->we_need * 8);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* This is f, we initialise it now to make life easier */
Jan F. Chadima 69dd72
+	dh_server_pub = BN_new();
Jan F. Chadima 69dd72
+	if (dh_server_pub == NULL)
Jan F. Chadima 69dd72
+		fatal("dh_server_pub == NULL");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	token_ptr = GSS_C_NO_BUFFER;
Jan F. Chadima 69dd72
+			 
Jan F. Chadima 69dd72
+	do {
Jan F. Chadima 69dd72
+		debug("Calling gss_init_sec_context");
Jan F. Chadima 69dd72
+		
Jan F. Chadima 69dd72
+		maj_status = ssh_gssapi_init_ctx(ctxt,
Jan F. Chadima 69dd72
+		    kex->gss_deleg_creds, token_ptr, &send_tok,
Jan F. Chadima 69dd72
+		    &ret_flags);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (GSS_ERROR(maj_status)) {
Jan F. Chadima 69dd72
+			if (send_tok.length != 0) {
Jan F. Chadima 69dd72
+				packet_start(SSH2_MSG_KEXGSS_CONTINUE);
Jan F. Chadima 69dd72
+				packet_put_string(send_tok.value,
Jan F. Chadima 69dd72
+				    send_tok.length);
Jan F. Chadima 69dd72
+			}
Jan F. Chadima 69dd72
+			fatal("gss_init_context failed");
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		/* If we've got an old receive buffer get rid of it */
Jan F. Chadima 69dd72
+		if (token_ptr != GSS_C_NO_BUFFER)
Petr Lautrbach 84822b
+			free(recv_tok.value);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (maj_status == GSS_S_COMPLETE) {
Jan F. Chadima 69dd72
+			/* If mutual state flag is not true, kex fails */
Jan F. Chadima 69dd72
+			if (!(ret_flags & GSS_C_MUTUAL_FLAG))
Jan F. Chadima 69dd72
+				fatal("Mutual authentication failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			/* If integ avail flag is not true kex fails */
Jan F. Chadima 69dd72
+			if (!(ret_flags & GSS_C_INTEG_FLAG))
Jan F. Chadima 69dd72
+				fatal("Integrity check failed");
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		/* 
Jan F. Chadima 69dd72
+		 * If we have data to send, then the last message that we
Jan F. Chadima 69dd72
+		 * received cannot have been a 'complete'. 
Jan F. Chadima 69dd72
+		 */
Jan F. Chadima 69dd72
+		if (send_tok.length != 0) {
Jan F. Chadima 69dd72
+			if (first) {
Jan F. Chadima 69dd72
+				packet_start(SSH2_MSG_KEXGSS_INIT);
Jan F. Chadima 69dd72
+				packet_put_string(send_tok.value,
Jan F. Chadima 69dd72
+				    send_tok.length);
Jan F. Chadima 69dd72
+				packet_put_bignum2(dh->pub_key);
Jan F. Chadima 69dd72
+				first = 0;
Jan F. Chadima 69dd72
+			} else {
Jan F. Chadima 69dd72
+				packet_start(SSH2_MSG_KEXGSS_CONTINUE);
Jan F. Chadima 69dd72
+				packet_put_string(send_tok.value,
Jan F. Chadima 69dd72
+				    send_tok.length);
Jan F. Chadima 69dd72
+			}
Jan F. Chadima 69dd72
+			packet_send();
Jan F. Chadima 69dd72
+			gss_release_buffer(&min_status, &send_tok);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			/* If we've sent them data, they should reply */
Jan F. Chadima 69dd72
+			do {	
Jan F. Chadima 69dd72
+				type = packet_read();
Jan F. Chadima 69dd72
+				if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
Jan F. Chadima 69dd72
+					debug("Received KEXGSS_HOSTKEY");
Jan F. Chadima 69dd72
+					if (serverhostkey)
Jan F. Chadima 69dd72
+						fatal("Server host key received more than once");
Jan F. Chadima 69dd72
+					serverhostkey = 
Jan F. Chadima 69dd72
+					    packet_get_string(&slen);
Jan F. Chadima 69dd72
+				}
Jan F. Chadima 69dd72
+			} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			switch (type) {
Jan F. Chadima 69dd72
+			case SSH2_MSG_KEXGSS_CONTINUE:
Jan F. Chadima 69dd72
+				debug("Received GSSAPI_CONTINUE");
Jan F. Chadima 69dd72
+				if (maj_status == GSS_S_COMPLETE) 
Jan F. Chadima 69dd72
+					fatal("GSSAPI Continue received from server when complete");
Jan F. Chadima 69dd72
+				recv_tok.value = packet_get_string(&strlen);
Jan F. Chadima 69dd72
+				recv_tok.length = strlen; 
Jan F. Chadima 69dd72
+				break;
Jan F. Chadima 69dd72
+			case SSH2_MSG_KEXGSS_COMPLETE:
Jan F. Chadima 69dd72
+				debug("Received GSSAPI_COMPLETE");
Jan F. Chadima 69dd72
+				packet_get_bignum2(dh_server_pub);
Jan F. Chadima 69dd72
+				msg_tok.value =  packet_get_string(&strlen);
Jan F. Chadima 69dd72
+				msg_tok.length = strlen; 
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+				/* Is there a token included? */
Jan F. Chadima 69dd72
+				if (packet_get_char()) {
Jan F. Chadima 69dd72
+					recv_tok.value=
Jan F. Chadima 69dd72
+					    packet_get_string(&strlen);
Jan F. Chadima 69dd72
+					recv_tok.length = strlen;
Jan F. Chadima 69dd72
+					/* If we're already complete - protocol error */
Jan F. Chadima 69dd72
+					if (maj_status == GSS_S_COMPLETE)
Jan F. Chadima 69dd72
+						packet_disconnect("Protocol error: received token when complete");
Jan F. Chadima 69dd72
+					} else {
Jan F. Chadima 69dd72
+						/* No token included */
Jan F. Chadima 69dd72
+						if (maj_status != GSS_S_COMPLETE)
Jan F. Chadima 69dd72
+							packet_disconnect("Protocol error: did not receive final token");
Jan F. Chadima 69dd72
+				}
Jan F. Chadima 69dd72
+				break;
Jan F. Chadima 69dd72
+			case SSH2_MSG_KEXGSS_ERROR:
Jan F. Chadima 69dd72
+				debug("Received Error");
Jan F. Chadima 69dd72
+				maj_status = packet_get_int();
Jan F. Chadima 69dd72
+				min_status = packet_get_int();
Jan F. Chadima 69dd72
+				msg = packet_get_string(NULL);
Jan F. Chadima 69dd72
+				lang = packet_get_string(NULL);
Jan F. Chadima 69dd72
+				fatal("GSSAPI Error: \n%.400s",msg);
Jan F. Chadima 69dd72
+			default:
Jan F. Chadima 69dd72
+				packet_disconnect("Protocol error: didn't expect packet type %d",
Jan F. Chadima 69dd72
+		    		type);
Jan F. Chadima 69dd72
+			}
Jan F. Chadima 69dd72
+			token_ptr = &recv_tok;
Jan F. Chadima 69dd72
+		} else {
Jan F. Chadima 69dd72
+			/* No data, and not complete */
Jan F. Chadima 69dd72
+			if (maj_status != GSS_S_COMPLETE)
Jan F. Chadima 69dd72
+				fatal("Not complete, and no token output");
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+	} while (maj_status & GSS_S_CONTINUE_NEEDED);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* 
Jan F. Chadima 69dd72
+	 * We _must_ have received a COMPLETE message in reply from the 
Jan F. Chadima 69dd72
+	 * server, which will have set dh_server_pub and msg_tok 
Jan F. Chadima 69dd72
+	 */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (type != SSH2_MSG_KEXGSS_COMPLETE)
Jan F. Chadima 69dd72
+		fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Check f in range [1, p-1] */
Jan F. Chadima 69dd72
+	if (!dh_pub_is_valid(dh, dh_server_pub))
Jan F. Chadima 69dd72
+		packet_disconnect("bad server public DH value");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* compute K=f^x mod p */
Jan F. Chadima 69dd72
+	klen = DH_size(dh);
Jan F. Chadima 69dd72
+	kbuf = xmalloc(klen);
Jan F. Chadima 69dd72
+	kout = DH_compute_key(kbuf, dh_server_pub, dh);
Jan F. Chadima 3b545b
+	if ((int)kout < 0)
Jan F. Chadima 69dd72
+		fatal("DH_compute_key: failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	shared_secret = BN_new();
Jan F. Chadima 69dd72
+	if (shared_secret == NULL)
Jan F. Chadima 69dd72
+		fatal("kexgss_client: BN_new failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
Jan F. Chadima 69dd72
+		fatal("kexdh_client: BN_bin2bn failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	memset(kbuf, 0, klen);
Petr Lautrbach 84822b
+	free(kbuf);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	switch (kex->kex_type) {
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP1_SHA1:
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP14_SHA1:
Jan F. Chadima 69dd72
+		kex_dh_hash( kex->client_version_string, 
Jan F. Chadima 69dd72
+		    kex->server_version_string,
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->my), buffer_len(&kex->my),
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Jan F. Chadima 69dd72
+		    (serverhostkey ? serverhostkey : empty), slen,
Jan F. Chadima 69dd72
+		    dh->pub_key,	/* e */
Jan F. Chadima 69dd72
+		    dh_server_pub,	/* f */
Jan F. Chadima 69dd72
+		    shared_secret,	/* K */
Jan F. Chadima 69dd72
+		    &hash, &hashlen
Jan F. Chadima 69dd72
+		);
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GEX_SHA1:
Jan F. Chadima 69dd72
+		kexgex_hash(
Petr Lautrbach 3e1dd6
+		    kex->hash_alg,
Jan F. Chadima 69dd72
+		    kex->client_version_string,
Jan F. Chadima 69dd72
+		    kex->server_version_string,
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->my), buffer_len(&kex->my),
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Jan F. Chadima 69dd72
+		    (serverhostkey ? serverhostkey : empty), slen,
Jan F. Chadima 69dd72
+ 		    min, nbits, max,
Jan F. Chadima 69dd72
+		    dh->p, dh->g,
Jan F. Chadima 69dd72
+		    dh->pub_key,
Jan F. Chadima 69dd72
+		    dh_server_pub,
Jan F. Chadima 69dd72
+		    shared_secret,
Jan F. Chadima 69dd72
+		    &hash, &hashlen
Jan F. Chadima 69dd72
+		);
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	default:
Jan F. Chadima 69dd72
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gssbuf.value = hash;
Jan F. Chadima 69dd72
+	gssbuf.length = hashlen;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Verify that the hash matches the MIC we just got. */
Jan F. Chadima 69dd72
+	if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
Jan F. Chadima 69dd72
+		packet_disconnect("Hash's MIC didn't verify");
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	free(msg_tok.value);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	DH_free(dh);
Jan F. Chadima 69dd72
+	if (serverhostkey)
Petr Lautrbach 84822b
+		free(serverhostkey);
Jan F. Chadima 69dd72
+	BN_clear_free(dh_server_pub);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* save session id */
Jan F. Chadima 69dd72
+	if (kex->session_id == NULL) {
Jan F. Chadima 69dd72
+		kex->session_id_len = hashlen;
Jan F. Chadima 69dd72
+		kex->session_id = xmalloc(kex->session_id_len);
Jan F. Chadima 69dd72
+		memcpy(kex->session_id, hash, kex->session_id_len);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (kex->gss_deleg_creds)
Jan F. Chadima 69dd72
+		ssh_gssapi_credentials_updated(ctxt);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss_kex_context == NULL)
Jan F. Chadima 69dd72
+		gss_kex_context = ctxt;
Jan F. Chadima 69dd72
+	else
Jan F. Chadima 69dd72
+		ssh_gssapi_delete_ctx(&ctxt);
Jan F. Chadima 69dd72
+
Petr Lautrbach 3e1dd6
+	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
Jan F. Chadima 69dd72
+	BN_clear_free(shared_secret);
Jan F. Chadima 69dd72
+	kex_finish(kex);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#endif /* GSSAPI */
Petr Lautrbach 3e1dd6
diff --git a/kexgsss.c b/kexgsss.c
Petr Lautrbach 3e1dd6
new file mode 100644
Petr Lautrbach 3e1dd6
index 0000000..6d7518c
Petr Lautrbach 3e1dd6
--- /dev/null
Petr Lautrbach 3e1dd6
+++ b/kexgsss.c
Jan F. Chadima 69dd72
@@ -0,0 +1,288 @@
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * Redistribution and use in source and binary forms, with or without
Jan F. Chadima 69dd72
+ * modification, are permitted provided that the following conditions
Jan F. Chadima 69dd72
+ * are met:
Jan F. Chadima 69dd72
+ * 1. Redistributions of source code must retain the above copyright
Jan F. Chadima 69dd72
+ *    notice, this list of conditions and the following disclaimer.
Jan F. Chadima 69dd72
+ * 2. Redistributions in binary form must reproduce the above copyright
Jan F. Chadima 69dd72
+ *    notice, this list of conditions and the following disclaimer in the
Jan F. Chadima 69dd72
+ *    documentation and/or other materials provided with the distribution.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
Jan F. Chadima 69dd72
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
Jan F. Chadima 69dd72
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Jan F. Chadima 69dd72
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
Jan F. Chadima 69dd72
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
Jan F. Chadima 69dd72
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
Jan F. Chadima 69dd72
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
Jan F. Chadima 69dd72
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
Jan F. Chadima 69dd72
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
Jan F. Chadima 69dd72
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "includes.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <string.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <openssl/crypto.h>
Jan F. Chadima 69dd72
+#include <openssl/bn.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "xmalloc.h"
Jan F. Chadima 69dd72
+#include "buffer.h"
Jan F. Chadima 69dd72
+#include "ssh2.h"
Jan F. Chadima 69dd72
+#include "key.h"
Jan F. Chadima 69dd72
+#include "cipher.h"
Jan F. Chadima 69dd72
+#include "kex.h"
Jan F. Chadima 69dd72
+#include "log.h"
Jan F. Chadima 69dd72
+#include "packet.h"
Jan F. Chadima 69dd72
+#include "dh.h"
Jan F. Chadima 69dd72
+#include "ssh-gss.h"
Jan F. Chadima 69dd72
+#include "monitor_wrap.h"
Jan F. Chadima 69dd72
+#include "servconf.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+extern ServerOptions options;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+void
Jan F. Chadima 69dd72
+kexgss_server(Kex *kex)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	OM_uint32 maj_status, min_status;
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	/* 
Jan F. Chadima 69dd72
+	 * Some GSSAPI implementations use the input value of ret_flags (an
Jan F. Chadima 69dd72
+ 	 * output variable) as a means of triggering mechanism specific 
Jan F. Chadima 69dd72
+ 	 * features. Initializing it to zero avoids inadvertently 
Jan F. Chadima 69dd72
+ 	 * activating this non-standard behaviour.
Jan F. Chadima 69dd72
+	 */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	OM_uint32 ret_flags = 0;
Jan F. Chadima 69dd72
+	gss_buffer_desc gssbuf, recv_tok, msg_tok;
Jan F. Chadima 69dd72
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
+	Gssctxt *ctxt = NULL;
Jan F. Chadima 69dd72
+	u_int slen, klen, kout, hashlen;
Jan F. Chadima 69dd72
+	u_char *kbuf, *hash;
Jan F. Chadima 69dd72
+	DH *dh;
Jan F. Chadima 69dd72
+	int min = -1, max = -1, nbits = -1;
Jan F. Chadima 69dd72
+	BIGNUM *shared_secret = NULL;
Jan F. Chadima 69dd72
+	BIGNUM *dh_client_pub = NULL;
Jan F. Chadima 69dd72
+	int type = 0;
Jan F. Chadima 69dd72
+	gss_OID oid;
Jan F. Chadima 69dd72
+	char *mechs;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Initialise GSSAPI */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* If we're rekeying, privsep means that some of the private structures
Jan F. Chadima 69dd72
+	 * in the GSSAPI code are no longer available. This kludges them back
Jan F. Chadima 69dd72
+	 * into life
Jan F. Chadima 69dd72
+	 */
Jan F. Chadima 69dd72
+	if (!ssh_gssapi_oid_table_ok()) 
Jan F. Chadima 69dd72
+		if ((mechs = ssh_gssapi_server_mechanisms()))
Petr Lautrbach 84822b
+			free(mechs);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	debug2("%s: Identifying %s", __func__, kex->name);
Jan F. Chadima 69dd72
+	oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
Jan F. Chadima 69dd72
+	if (oid == GSS_C_NO_OID)
Jan F. Chadima 69dd72
+	   fatal("Unknown gssapi mechanism");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	debug2("%s: Acquiring credentials", __func__);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid))))
Jan F. Chadima 69dd72
+		fatal("Unable to acquire credentials for the server");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	switch (kex->kex_type) {
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP1_SHA1:
Jan F. Chadima 69dd72
+		dh = dh_new_group1();
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP14_SHA1:
Jan F. Chadima 69dd72
+		dh = dh_new_group14();
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GEX_SHA1:
Jan F. Chadima 69dd72
+		debug("Doing group exchange");
Jan F. Chadima 69dd72
+		packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
Jan F. Chadima 69dd72
+		min = packet_get_int();
Jan F. Chadima 69dd72
+		nbits = packet_get_int();
Jan F. Chadima 69dd72
+		max = packet_get_int();
Jan F. Chadima 69dd72
+		min = MAX(DH_GRP_MIN, min);
Jan F. Chadima 69dd72
+		max = MIN(DH_GRP_MAX, max);
Jan F. Chadima 69dd72
+		packet_check_eom();
Jan F. Chadima 69dd72
+		if (max < min || nbits < min || max < nbits)
Jan F. Chadima 69dd72
+			fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
Jan F. Chadima 69dd72
+			    min, nbits, max);
Jan F. Chadima 69dd72
+		dh = PRIVSEP(choose_dh(min, nbits, max));
Jan F. Chadima 69dd72
+		if (dh == NULL)
Jan F. Chadima 69dd72
+			packet_disconnect("Protocol error: no matching group found");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		packet_start(SSH2_MSG_KEXGSS_GROUP);
Jan F. Chadima 69dd72
+		packet_put_bignum2(dh->p);
Jan F. Chadima 69dd72
+		packet_put_bignum2(dh->g);
Jan F. Chadima 69dd72
+		packet_send();
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		packet_write_wait();
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	default:
Jan F. Chadima 69dd72
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	dh_gen_key(dh, kex->we_need * 8);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	do {
Jan F. Chadima 69dd72
+		debug("Wait SSH2_MSG_GSSAPI_INIT");
Jan F. Chadima 69dd72
+		type = packet_read();
Jan F. Chadima 69dd72
+		switch(type) {
Jan F. Chadima 69dd72
+		case SSH2_MSG_KEXGSS_INIT:
Jan F. Chadima 69dd72
+			if (dh_client_pub != NULL) 
Jan F. Chadima 69dd72
+				fatal("Received KEXGSS_INIT after initialising");
Jan F. Chadima 69dd72
+			recv_tok.value = packet_get_string(&slen);
Jan F. Chadima 69dd72
+			recv_tok.length = slen; 
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			if ((dh_client_pub = BN_new()) == NULL)
Jan F. Chadima 69dd72
+				fatal("dh_client_pub == NULL");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			packet_get_bignum2(dh_client_pub);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+			/* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
Jan F. Chadima 69dd72
+			break;
Jan F. Chadima 69dd72
+		case SSH2_MSG_KEXGSS_CONTINUE:
Jan F. Chadima 69dd72
+			recv_tok.value = packet_get_string(&slen);
Jan F. Chadima 69dd72
+			recv_tok.length = slen; 
Jan F. Chadima 69dd72
+			break;
Jan F. Chadima 69dd72
+		default:
Jan F. Chadima 69dd72
+			packet_disconnect(
Jan F. Chadima 69dd72
+			    "Protocol error: didn't expect packet type %d",
Jan F. Chadima 69dd72
+			    type);
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, 
Jan F. Chadima 69dd72
+		    &send_tok, &ret_flags));
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+		free(recv_tok.value);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
Jan F. Chadima 69dd72
+			fatal("Zero length token output when incomplete");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (dh_client_pub == NULL)
Jan F. Chadima 69dd72
+			fatal("No client public key");
Jan F. Chadima 69dd72
+		
Jan F. Chadima 69dd72
+		if (maj_status & GSS_S_CONTINUE_NEEDED) {
Jan F. Chadima 69dd72
+			debug("Sending GSSAPI_CONTINUE");
Jan F. Chadima 69dd72
+			packet_start(SSH2_MSG_KEXGSS_CONTINUE);
Jan F. Chadima 69dd72
+			packet_put_string(send_tok.value, send_tok.length);
Jan F. Chadima 69dd72
+			packet_send();
Jan F. Chadima 69dd72
+			gss_release_buffer(&min_status, &send_tok);
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+	} while (maj_status & GSS_S_CONTINUE_NEEDED);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(maj_status)) {
Jan F. Chadima 69dd72
+		if (send_tok.length > 0) {
Jan F. Chadima 69dd72
+			packet_start(SSH2_MSG_KEXGSS_CONTINUE);
Jan F. Chadima 69dd72
+			packet_put_string(send_tok.value, send_tok.length);
Jan F. Chadima 69dd72
+			packet_send();
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+		fatal("accept_ctx died");
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!(ret_flags & GSS_C_MUTUAL_FLAG))
Jan F. Chadima 69dd72
+		fatal("Mutual Authentication flag wasn't set");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!(ret_flags & GSS_C_INTEG_FLAG))
Jan F. Chadima 69dd72
+		fatal("Integrity flag wasn't set");
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	if (!dh_pub_is_valid(dh, dh_client_pub))
Jan F. Chadima 69dd72
+		packet_disconnect("bad client public DH value");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	klen = DH_size(dh);
Jan F. Chadima 69dd72
+	kbuf = xmalloc(klen); 
Jan F. Chadima 69dd72
+	kout = DH_compute_key(kbuf, dh_client_pub, dh);
Jan F. Chadima 3b545b
+	if ((int)kout < 0)
Jan F. Chadima 69dd72
+		fatal("DH_compute_key: failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	shared_secret = BN_new();
Jan F. Chadima 69dd72
+	if (shared_secret == NULL)
Jan F. Chadima 69dd72
+		fatal("kexgss_server: BN_new failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
Jan F. Chadima 69dd72
+		fatal("kexgss_server: BN_bin2bn failed");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	memset(kbuf, 0, klen);
Petr Lautrbach 84822b
+	free(kbuf);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	switch (kex->kex_type) {
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP1_SHA1:
Jan F. Chadima 69dd72
+	case KEX_GSS_GRP14_SHA1:
Jan F. Chadima 69dd72
+		kex_dh_hash(
Jan F. Chadima 69dd72
+		    kex->client_version_string, kex->server_version_string,
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->my), buffer_len(&kex->my),
Jan F. Chadima 69dd72
+		    NULL, 0, /* Change this if we start sending host keys */
Jan F. Chadima 69dd72
+		    dh_client_pub, dh->pub_key, shared_secret,
Jan F. Chadima 69dd72
+		    &hash, &hashlen
Jan F. Chadima 69dd72
+		);
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	case KEX_GSS_GEX_SHA1:
Jan F. Chadima 69dd72
+		kexgex_hash(
Petr Lautrbach 3e1dd6
+		    kex->hash_alg,
Jan F. Chadima 69dd72
+		    kex->client_version_string, kex->server_version_string,
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Jan F. Chadima 69dd72
+		    buffer_ptr(&kex->my), buffer_len(&kex->my),
Jan F. Chadima 69dd72
+		    NULL, 0,
Jan F. Chadima 69dd72
+		    min, nbits, max,
Jan F. Chadima 69dd72
+		    dh->p, dh->g,
Jan F. Chadima 69dd72
+		    dh_client_pub,
Jan F. Chadima 69dd72
+		    dh->pub_key,
Jan F. Chadima 69dd72
+		    shared_secret,
Jan F. Chadima 69dd72
+		    &hash, &hashlen
Jan F. Chadima 69dd72
+		);
Jan F. Chadima 69dd72
+		break;
Jan F. Chadima 69dd72
+	default:
Jan F. Chadima 69dd72
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	BN_clear_free(dh_client_pub);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (kex->session_id == NULL) {
Jan F. Chadima 69dd72
+		kex->session_id_len = hashlen;
Jan F. Chadima 69dd72
+		kex->session_id = xmalloc(kex->session_id_len);
Jan F. Chadima 69dd72
+		memcpy(kex->session_id, hash, kex->session_id_len);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gssbuf.value = hash;
Jan F. Chadima 69dd72
+	gssbuf.length = hashlen;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok))))
Jan F. Chadima 69dd72
+		fatal("Couldn't get MIC");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	packet_start(SSH2_MSG_KEXGSS_COMPLETE);
Jan F. Chadima 69dd72
+	packet_put_bignum2(dh->pub_key);
Jan F. Chadima 69dd72
+	packet_put_string(msg_tok.value,msg_tok.length);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (send_tok.length != 0) {
Jan F. Chadima 69dd72
+		packet_put_char(1); /* true */
Jan F. Chadima 69dd72
+		packet_put_string(send_tok.value, send_tok.length);
Jan F. Chadima 69dd72
+	} else {
Jan F. Chadima 69dd72
+		packet_put_char(0); /* false */
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+	packet_send();
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gss_release_buffer(&min_status, &send_tok);
Jan F. Chadima 69dd72
+	gss_release_buffer(&min_status, &msg_tok);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss_kex_context == NULL)
Jan F. Chadima 69dd72
+		gss_kex_context = ctxt;
Jan F. Chadima 69dd72
+	else 
Jan F. Chadima 69dd72
+		ssh_gssapi_delete_ctx(&ctxt);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	DH_free(dh);
Jan F. Chadima 69dd72
+
Petr Lautrbach 3e1dd6
+	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
Jan F. Chadima 69dd72
+	BN_clear_free(shared_secret);
Jan F. Chadima 69dd72
+	kex_finish(kex);
Jan F. Chadima 69dd72
+
Petr Lautrbach d9e618
+	/* If this was a rekey, then save out any delegated credentials we
Petr Lautrbach d9e618
+	 * just exchanged.  */
Petr Lautrbach d9e618
+	if (options.gss_store_rekey)
Petr Lautrbach d9e618
+		ssh_gssapi_rekey_creds();
Petr Lautrbach d9e618
+}
Petr Lautrbach d9e618
+#endif /* GSSAPI */
Petr Lautrbach 3e1dd6
diff --git a/key.c b/key.c
Petr Lautrbach 3e1dd6
index eb98ea8..900b9e3 100644
Petr Lautrbach 3e1dd6
--- a/key.c
Petr Lautrbach 3e1dd6
+++ b/key.c
Petr Lautrbach 3e1dd6
@@ -1013,6 +1013,7 @@ static const struct keytype keytypes[] = {
Petr Lautrbach 84822b
 	    KEY_DSA_CERT_V00, 0, 1 },
Petr Lautrbach 3e1dd6
 	{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
Petr Lautrbach 3e1dd6
 	    KEY_ED25519_CERT, 0, 1 },
Petr Lautrbach 84822b
+	{ "null", "null", KEY_NULL, 0, 0 },
Petr Lautrbach 84822b
 	{ NULL, NULL, -1, -1, 0 }
Petr Lautrbach d9e618
 };
Petr Lautrbach d9e618
 
Petr Lautrbach 3e1dd6
diff --git a/key.h b/key.h
Petr Lautrbach 3e1dd6
index 0e3eea5..d51ed81 100644
Petr Lautrbach 3e1dd6
--- a/key.h
Petr Lautrbach 3e1dd6
+++ b/key.h
Petr Lautrbach 3e1dd6
@@ -46,6 +46,7 @@ enum types {
Petr Lautrbach 3e1dd6
 	KEY_ED25519_CERT,
Jan F. Chadima 69dd72
 	KEY_RSA_CERT_V00,
Jan F. Chadima 69dd72
 	KEY_DSA_CERT_V00,
Jan F. Chadima 69dd72
+	KEY_NULL,
Jan F. Chadima 69dd72
 	KEY_UNSPEC
Jan F. Chadima 69dd72
 };
Jan F. Chadima 69dd72
 enum fp_type {
Petr Lautrbach 3e1dd6
diff --git a/monitor.c b/monitor.c
Petr Lautrbach 3e1dd6
index 229fada..aa70945 100644
Petr Lautrbach 3e1dd6
--- a/monitor.c
Petr Lautrbach 3e1dd6
+++ b/monitor.c
Petr Lautrbach 3e1dd6
@@ -178,6 +178,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
Jan F. Chadima 69dd72
 int mm_answer_gss_accept_ctx(int, Buffer *);
Jan F. Chadima 69dd72
 int mm_answer_gss_userok(int, Buffer *);
Jan F. Chadima 69dd72
 int mm_answer_gss_checkmic(int, Buffer *);
Jan F. Chadima 69dd72
+int mm_answer_gss_sign(int, Buffer *);
Jan F. Chadima 69dd72
+int mm_answer_gss_updatecreds(int, Buffer *);
Jan F. Chadima 69dd72
 #endif
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #ifdef SSH_AUDIT_EVENTS
Petr Lautrbach 57666d
@@ -253,11 +255,18 @@ struct mon_table mon_dispatch_proto20[] = {
Petr Lautrbach 57666d
     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
Petr Lautrbach 57666d
     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
Petr Lautrbach 57666d
     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
Petr Lautrbach 57666d
+    {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
Petr Lautrbach 57666d
 #endif
Petr Lautrbach 57666d
     {0, 0, NULL}
Jan F. Chadima 69dd72
 };
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 struct mon_table mon_dispatch_postauth20[] = {
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+    {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
Jan F. Chadima 69dd72
+    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
Jan F. Chadima 69dd72
+    {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
Jan F. Chadima 69dd72
+    {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
Jan F. Chadima 69dd72
     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
Jan F. Chadima 69dd72
     {MONITOR_REQ_PTY, 0, mm_answer_pty},
Petr Lautrbach 57666d
@@ -366,6 +375,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
Jan F. Chadima 69dd72
 		/* Permit requests for moduli and signatures */
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+		/* and for the GSSAPI key exchange */
Jan F. Chadima 69dd72
+		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
 	} else {
Jan F. Chadima 69dd72
 		mon_dispatch = mon_dispatch_proto15;
Petr Lautrbach 5039c7
 
Petr Lautrbach 57666d
@@ -471,6 +484,10 @@ monitor_child_postauth(struct monitor *pmonitor)
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+		/* and for the GSSAPI key exchange */
Jan F. Chadima 69dd72
+		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
Jan F. Chadima 69dd72
+#endif		
Jan F. Chadima 69dd72
 	} else {
Jan F. Chadima 69dd72
 		mon_dispatch = mon_dispatch_postauth15;
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
Petr Lautrbach 57666d
@@ -1866,6 +1883,13 @@ mm_get_kex(Buffer *m)
Jan F. Chadima 69dd72
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
Jan F. Chadima 69dd72
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
Petr Lautrbach 3e1dd6
 	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	if (options.gss_keyex) {
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
 	kex->server = 1;
Jan F. Chadima 69dd72
 	kex->hostkey_type = buffer_get_int(m);
Jan F. Chadima 69dd72
 	kex->kex_type = buffer_get_int(m);
Petr Lautrbach 57666d
@@ -2073,6 +2097,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
Jan F. Chadima 69dd72
 	OM_uint32 major;
Jan F. Chadima 69dd72
 	u_int len;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	if (!options.gss_authentication && !options.gss_keyex)
Jan F. Chadima 69dd72
+		fatal("In GSSAPI monitor when GSSAPI is disabled");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	goid.elements = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72
 	goid.length = len;
Jan F. Chadima 69dd72
 
Petr Lautrbach 57666d
@@ -2100,6 +2127,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
Jan F. Chadima 69dd72
 	OM_uint32 flags = 0; /* GSI needs this */
Jan F. Chadima 69dd72
 	u_int len;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	if (!options.gss_authentication && !options.gss_keyex)
Jan F. Chadima 69dd72
+		fatal("In GSSAPI monitor when GSSAPI is disabled");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	in.value = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72
 	in.length = len;
Jan F. Chadima 69dd72
 	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
Petr Lautrbach 57666d
@@ -2117,6 +2147,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
Jan F. Chadima 69dd72
 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
Jan F. Chadima 69dd72
+		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
 	return (0);
Jan F. Chadima 69dd72
 }
Petr Lautrbach 57666d
@@ -2128,6 +2159,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
Jan F. Chadima 69dd72
 	OM_uint32 ret;
Jan F. Chadima 69dd72
 	u_int len;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	if (!options.gss_authentication && !options.gss_keyex)
Jan F. Chadima 69dd72
+		fatal("In GSSAPI monitor when GSSAPI is disabled");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	gssbuf.value = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72
 	gssbuf.length = len;
Jan F. Chadima 69dd72
 	mic.value = buffer_get_string(m, &len;;
Petr Lautrbach 57666d
@@ -2154,7 +2188,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	int authenticated;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
Jan F. Chadima 69dd72
+	if (!options.gss_authentication && !options.gss_keyex)
Jan F. Chadima 69dd72
+		fatal("In GSSAPI monitor when GSSAPI is disabled");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	authenticated = authctxt->valid && 
Jan F. Chadima 69dd72
+	    ssh_gssapi_userok(authctxt->user, authctxt->pw);
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	buffer_clear(m);
Jan F. Chadima 69dd72
 	buffer_put_int(m, authenticated);
Petr Lautrbach 57666d
@@ -2167,5 +2205,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
Jan F. Chadima 69dd72
 	/* Monitor loop will terminate if authenticated */
Jan F. Chadima 69dd72
 	return (authenticated);
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+int 
Jan F. Chadima 69dd72
+mm_answer_gss_sign(int socket, Buffer *m)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	gss_buffer_desc data;
Jan F. Chadima 69dd72
+	gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
+	OM_uint32 major, minor;
Jan F. Chadima 69dd72
+	u_int len;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!options.gss_authentication && !options.gss_keyex)
Jan F. Chadima 69dd72
+		fatal("In GSSAPI monitor when GSSAPI is disabled");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	data.value = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72
+	data.length = len;
Jan F. Chadima 69dd72
+	if (data.length != 20) 
Jan F. Chadima 69dd72
+		fatal("%s: data length incorrect: %d", __func__, 
Jan F. Chadima 69dd72
+		    (int) data.length);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Save the session ID on the first time around */
Jan F. Chadima 69dd72
+	if (session_id2_len == 0) {
Jan F. Chadima 69dd72
+		session_id2_len = data.length;
Jan F. Chadima 69dd72
+		session_id2 = xmalloc(session_id2_len);
Jan F. Chadima 69dd72
+		memcpy(session_id2, data.value, session_id2_len);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+	major = ssh_gssapi_sign(gsscontext, &data, &hash);
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	free(data.value);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_clear(m);
Jan F. Chadima 69dd72
+	buffer_put_int(m, major);
Jan F. Chadima 69dd72
+	buffer_put_string(m, hash.value, hash.length);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gss_release_buffer(&minor, &hash);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* Turn on getpwnam permissions */
Jan F. Chadima 69dd72
+	monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
Jan F. Chadima 69dd72
+	
Jan F. Chadima 69dd72
+	/* And credential updating, for when rekeying */
Jan F. Chadima 69dd72
+	monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return (0);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+int
Jan F. Chadima 69dd72
+mm_answer_gss_updatecreds(int socket, Buffer *m) {
Jan F. Chadima 69dd72
+	ssh_gssapi_ccache store;
Jan F. Chadima 69dd72
+	int ok;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	store.filename = buffer_get_string(m, NULL);
Jan F. Chadima 69dd72
+	store.envvar   = buffer_get_string(m, NULL);
Jan F. Chadima 69dd72
+	store.envval   = buffer_get_string(m, NULL);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ok = ssh_gssapi_update_creds(&store);
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
+	free(store.filename);
Petr Lautrbach 84822b
+	free(store.envvar);
Petr Lautrbach 84822b
+	free(store.envval);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_clear(m);
Jan F. Chadima 69dd72
+	buffer_put_int(m, ok);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return(0);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 #endif /* GSSAPI */
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
diff --git a/monitor.h b/monitor.h
Petr Lautrbach 3e1dd6
index 20e2b4a..ff79fbb 100644
Petr Lautrbach 3e1dd6
--- a/monitor.h
Petr Lautrbach 3e1dd6
+++ b/monitor.h
Petr Lautrbach 3e1dd6
@@ -60,6 +60,8 @@ enum monitor_reqtype {
Petr Lautrbach 8a29de
 #ifdef WITH_SELINUX
Petr Lautrbach 8a29de
 	MONITOR_REQ_AUTHROLE = 80,
Petr Lautrbach 8a29de
 #endif
Petr Lautrbach 8a29de
+	MONITOR_REQ_GSSSIGN = 82, MONITOR_ANS_GSSSIGN = 83,
Petr Lautrbach 8a29de
+	MONITOR_REQ_GSSUPCREDS = 84, MONITOR_ANS_GSSUPCREDS = 85,
Petr Lautrbach 8a29de
 
Petr Lautrbach 8a29de
 	MONITOR_REQ_PAM_START = 100,
Petr Lautrbach 8a29de
 	MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
Petr Lautrbach 3e1dd6
diff --git a/monitor_wrap.c b/monitor_wrap.c
Petr Lautrbach 3e1dd6
index d1b6d99..d1e1caa 100644
Petr Lautrbach 3e1dd6
--- a/monitor_wrap.c
Petr Lautrbach 3e1dd6
+++ b/monitor_wrap.c
Petr Lautrbach 3e1dd6
@@ -1290,7 +1290,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 int
Jan F. Chadima 69dd72
-mm_ssh_gssapi_userok(char *user)
Jan F. Chadima 69dd72
+mm_ssh_gssapi_userok(char *user, struct passwd *pw)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	Buffer m;
Jan F. Chadima 69dd72
 	int authenticated = 0;
Petr Lautrbach 3e1dd6
@@ -1307,5 +1307,50 @@ mm_ssh_gssapi_userok(char *user)
Jan F. Chadima 69dd72
 	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
Jan F. Chadima 69dd72
 	return (authenticated);
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+OM_uint32
Jan F. Chadima 69dd72
+mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	Buffer m;
Jan F. Chadima 69dd72
+	OM_uint32 major;
Jan F. Chadima 69dd72
+	u_int len;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_init(&m);
Jan F. Chadima 69dd72
+	buffer_put_string(&m, data->value, data->length);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
Jan F. Chadima 69dd72
+	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	major = buffer_get_int(&m);
Jan F. Chadima 69dd72
+	hash->value = buffer_get_string(&m, &len;;
Jan F. Chadima 69dd72
+	hash->length = len;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_free(&m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return(major);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+int
Jan F. Chadima 69dd72
+mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	Buffer m;
Jan F. Chadima 69dd72
+	int ok;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_init(&m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_put_cstring(&m, store->filename ? store->filename : "");
Jan F. Chadima 69dd72
+	buffer_put_cstring(&m, store->envvar ? store->envvar : "");
Jan F. Chadima 69dd72
+	buffer_put_cstring(&m, store->envval ? store->envval : "");
Petr Lautrbach 3e1dd6
+
Jan F. Chadima 69dd72
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m);
Jan F. Chadima 69dd72
+	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ok = buffer_get_int(&m);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_free(&m);
Petr Lautrbach 3e1dd6
+
Jan F. Chadima 69dd72
+	return (ok);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 #endif /* GSSAPI */
Jan F. Chadima 69dd72
 
Petr Lautrbach 3e1dd6
diff --git a/monitor_wrap.h b/monitor_wrap.h
Petr Lautrbach 3e1dd6
index 9d5e5ba..93929e0 100644
Petr Lautrbach 3e1dd6
--- a/monitor_wrap.h
Petr Lautrbach 3e1dd6
+++ b/monitor_wrap.h
Petr Lautrbach 3e1dd6
@@ -61,8 +61,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
Jan F. Chadima 69dd72
 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
Jan F. Chadima 69dd72
 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
Jan F. Chadima 69dd72
    gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
Jan F. Chadima 69dd72
-int mm_ssh_gssapi_userok(char *user);
Jan F. Chadima 69dd72
+int mm_ssh_gssapi_userok(char *user, struct passwd *);
Jan F. Chadima 69dd72
 OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
Jan F. Chadima 69dd72
+OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
Jan F. Chadima 69dd72
+int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *);
Jan F. Chadima 69dd72
 #endif
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #ifdef USE_PAM
Petr Lautrbach 3e1dd6
diff --git a/readconf.c b/readconf.c
Petr Lautrbach 3e1dd6
index dc884c9..7613ff2 100644
Petr Lautrbach 3e1dd6
--- a/readconf.c
Petr Lautrbach 3e1dd6
+++ b/readconf.c
Petr Lautrbach 3e1dd6
@@ -141,6 +141,8 @@ typedef enum {
Jan F. Chadima 69dd72
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
Jan F. Chadima 69dd72
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
Jan F. Chadima 69dd72
 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
Jan F. Chadima 69dd72
+	oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
Jan F. Chadima 69dd72
+	oGssServerIdentity, 
Jan F. Chadima 69dd72
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
Jan F. Chadima 69dd72
 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
Jan F. Chadima 69dd72
 	oHashKnownHosts,
Petr Lautrbach 3e1dd6
@@ -183,10 +185,19 @@ static struct {
Jan F. Chadima 69dd72
 	{ "afstokenpassing", oUnsupported },
Jan F. Chadima 69dd72
 #if defined(GSSAPI)
Jan F. Chadima 69dd72
 	{ "gssapiauthentication", oGssAuthentication },
Jan F. Chadima 69dd72
+	{ "gssapikeyexchange", oGssKeyEx },
Jan F. Chadima 69dd72
 	{ "gssapidelegatecredentials", oGssDelegateCreds },
Jan F. Chadima 69dd72
+	{ "gssapitrustdns", oGssTrustDns },
Jan F. Chadima 69dd72
+	{ "gssapiclientidentity", oGssClientIdentity },
Jan F. Chadima 69dd72
+	{ "gssapiserveridentity", oGssServerIdentity },
Jan F. Chadima 69dd72
+	{ "gssapirenewalforcesrekey", oGssRenewalRekey },
Jan F. Chadima 69dd72
 #else
Jan F. Chadima 69dd72
 	{ "gssapiauthentication", oUnsupported },
Jan F. Chadima 69dd72
+	{ "gssapikeyexchange", oUnsupported },
Jan F. Chadima 69dd72
 	{ "gssapidelegatecredentials", oUnsupported },
Jan F. Chadima 69dd72
+	{ "gssapitrustdns", oUnsupported },
Jan F. Chadima 69dd72
+	{ "gssapiclientidentity", oUnsupported },
Jan F. Chadima 69dd72
+	{ "gssapirenewalforcesrekey", oUnsupported },
Jan F. Chadima 69dd72
 #endif
Jan F. Chadima 69dd72
 	{ "fallbacktorsh", oDeprecated },
Jan F. Chadima 69dd72
 	{ "usersh", oDeprecated },
Petr Lautrbach 3e1dd6
@@ -841,10 +852,30 @@ parse_time:
Jan F. Chadima 69dd72
 		intptr = &options->gss_authentication;
Jan F. Chadima 69dd72
 		goto parse_flag;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	case oGssKeyEx:
Jan F. Chadima 69dd72
+		intptr = &options->gss_keyex;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	case oGssDelegateCreds:
Jan F. Chadima 69dd72
 		intptr = &options->gss_deleg_creds;
Jan F. Chadima 69dd72
 		goto parse_flag;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	case oGssTrustDns:
Jan F. Chadima 69dd72
+		intptr = &options->gss_trust_dns;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	case oGssClientIdentity:
Jan F. Chadima 69dd72
+		charptr = &options->gss_client_identity;
Jan F. Chadima 69dd72
+		goto parse_string;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	case oGssServerIdentity:
Jan F. Chadima 69dd72
+		charptr = &options->gss_server_identity;
Jan F. Chadima 69dd72
+		goto parse_string;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	case oGssRenewalRekey:
Jan F. Chadima 69dd72
+		intptr = &options->gss_renewal_rekey;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	case oBatchMode:
Jan F. Chadima 69dd72
 		intptr = &options->batch_mode;
Jan F. Chadima 69dd72
 		goto parse_flag;
Petr Lautrbach 3e1dd6
@@ -1497,7 +1528,12 @@ initialize_options(Options * options)
Jan F. Chadima 69dd72
 	options->pubkey_authentication = -1;
Jan F. Chadima 69dd72
 	options->challenge_response_authentication = -1;
Jan F. Chadima 69dd72
 	options->gss_authentication = -1;
Jan F. Chadima 69dd72
+	options->gss_keyex = -1;
Jan F. Chadima 69dd72
 	options->gss_deleg_creds = -1;
Jan F. Chadima 69dd72
+	options->gss_trust_dns = -1;
Jan F. Chadima 69dd72
+	options->gss_renewal_rekey = -1;
Jan F. Chadima 69dd72
+	options->gss_client_identity = NULL;
Jan F. Chadima 69dd72
+	options->gss_server_identity = NULL;
Jan F. Chadima 69dd72
 	options->password_authentication = -1;
Jan F. Chadima 69dd72
 	options->kbd_interactive_authentication = -1;
Jan F. Chadima 69dd72
 	options->kbd_interactive_devices = NULL;
Petr Lautrbach 3e1dd6
@@ -1616,8 +1652,14 @@ fill_default_options(Options * options)
Jan F. Chadima 69dd72
 		options->challenge_response_authentication = 1;
Jan F. Chadima 69dd72
 	if (options->gss_authentication == -1)
Jan F. Chadima 69dd72
 		options->gss_authentication = 0;
Jan F. Chadima 69dd72
+	if (options->gss_keyex == -1)
Jan F. Chadima 69dd72
+		options->gss_keyex = 0;
Jan F. Chadima 69dd72
 	if (options->gss_deleg_creds == -1)
Jan F. Chadima 69dd72
 		options->gss_deleg_creds = 0;
Jan F. Chadima 69dd72
+	if (options->gss_trust_dns == -1)
Jan F. Chadima 69dd72
+		options->gss_trust_dns = 0;
Jan F. Chadima 69dd72
+	if (options->gss_renewal_rekey == -1)
Jan F. Chadima 69dd72
+		options->gss_renewal_rekey = 0;
Jan F. Chadima 69dd72
 	if (options->password_authentication == -1)
Jan F. Chadima 69dd72
 		options->password_authentication = 1;
Jan F. Chadima 69dd72
 	if (options->kbd_interactive_authentication == -1)
Petr Lautrbach 3e1dd6
diff --git a/readconf.h b/readconf.h
Petr Lautrbach 3e1dd6
index 75e3f8f..5cc97f0 100644
Petr Lautrbach 3e1dd6
--- a/readconf.h
Petr Lautrbach 3e1dd6
+++ b/readconf.h
Petr Lautrbach 3e1dd6
@@ -54,7 +54,12 @@ typedef struct {
Jan F. Chadima 69dd72
 	int     challenge_response_authentication;
Jan F. Chadima 69dd72
 					/* Try S/Key or TIS, authentication. */
Jan F. Chadima 69dd72
 	int     gss_authentication;	/* Try GSS authentication */
Jan F. Chadima 69dd72
+	int     gss_keyex;		/* Try GSS key exchange */
Jan F. Chadima 69dd72
 	int     gss_deleg_creds;	/* Delegate GSS credentials */
Jan F. Chadima 69dd72
+	int	gss_trust_dns;		/* Trust DNS for GSS canonicalization */
Jan F. Chadima 69dd72
+	int	gss_renewal_rekey;	/* Credential renewal forces rekey */
Jan F. Chadima 69dd72
+	char    *gss_client_identity;   /* Principal to initiate GSSAPI with */
Jan F. Chadima 69dd72
+	char    *gss_server_identity;   /* GSSAPI target principal */
Jan F. Chadima 69dd72
 	int     password_authentication;	/* Try password
Jan F. Chadima 69dd72
 						 * authentication. */
Jan F. Chadima 69dd72
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
Petr Lautrbach 3e1dd6
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
Petr Lautrbach 3e1dd6
index 1d9e0ed..1277409 100644
Petr Lautrbach 3e1dd6
--- a/regress/cert-hostkey.sh
Petr Lautrbach 3e1dd6
+++ b/regress/cert-hostkey.sh
Petr Lautrbach 3e1dd6
@@ -17,7 +17,7 @@ ${SSHKEYGEN} -q -N '' -t rsa  -f $OBJ/host_ca_key ||\
Petr Lautrbach 3e1dd6
 	cat $OBJ/host_ca_key.pub
Petr Lautrbach 3e1dd6
 ) > $OBJ/known_hosts-cert
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
Petr Lautrbach 3e1dd6
+PLAIN_TYPES=`$SSH -Q key-plain | grep -v null | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
 type_has_legacy() {
Petr Lautrbach 3e1dd6
 	case $1 in
Petr Lautrbach 3e1dd6
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
Petr Lautrbach 3e1dd6
index b093a91..4c8da00 100644
Petr Lautrbach 3e1dd6
--- a/regress/cert-userkey.sh
Petr Lautrbach 3e1dd6
+++ b/regress/cert-userkey.sh
Petr Lautrbach 3e1dd6
@@ -6,7 +6,7 @@ tid="certified user keys"
Petr Lautrbach 3e1dd6
 rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
Petr Lautrbach 3e1dd6
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
Petr Lautrbach 3e1dd6
+PLAIN_TYPES=`$SSH -Q key-plain | grep -v null | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
 type_has_legacy() {
Petr Lautrbach 3e1dd6
 	case $1 in
Petr Lautrbach 3e1dd6
diff --git a/regress/kextype.sh b/regress/kextype.sh
Petr Lautrbach 3e1dd6
index 8c2ac09..a2a87ca 100644
Petr Lautrbach 3e1dd6
--- a/regress/kextype.sh
Petr Lautrbach 3e1dd6
+++ b/regress/kextype.sh
Petr Lautrbach 3e1dd6
@@ -9,6 +9,9 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
 tries="1 2 3 4"
Petr Lautrbach 3e1dd6
 for k in `${SSH} -Q kex`; do
Petr Lautrbach 3e1dd6
+	if [ $k = "gss-gex-sha1-" -o $k = "gss-group1-sha1-" -o $k = "gss-group14-sha1-" ]; then
Petr Lautrbach 3e1dd6
+		continue
Petr Lautrbach 3e1dd6
+	fi
Petr Lautrbach 3e1dd6
 	verbose "kex $k"
Petr Lautrbach 3e1dd6
 	for i in $tries; do
Petr Lautrbach 3e1dd6
 		${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
Petr Lautrbach 3e1dd6
diff --git a/regress/rekey.sh b/regress/rekey.sh
Petr Lautrbach 3e1dd6
index cf9401e..31fb0f7 100644
Petr Lautrbach 3e1dd6
--- a/regress/rekey.sh
Petr Lautrbach 3e1dd6
+++ b/regress/rekey.sh
Petr Lautrbach 3e1dd6
@@ -30,6 +30,9 @@ increase_datafile_size 300
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
 opts=""
Petr Lautrbach 3e1dd6
 for i in `${SSH} -Q kex`; do
Petr Lautrbach 3e1dd6
+	if [ $i = "gss-gex-sha1-" -o $i = "gss-group1-sha1-" -o $i = "gss-group14-sha1-" ]; then
Petr Lautrbach 3e1dd6
+		continue
Petr Lautrbach 3e1dd6
+	fi
Petr Lautrbach 3e1dd6
 	opts="$opts KexAlgorithms=$i"
Petr Lautrbach 3e1dd6
 done
Petr Lautrbach 3e1dd6
 for i in `${SSH} -Q cipher`; do
Petr Lautrbach 3e1dd6
@@ -48,6 +51,9 @@ done
Petr Lautrbach 3e1dd6
 if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then
Petr Lautrbach 3e1dd6
   for c in `${SSH} -Q cipher-auth`; do
Petr Lautrbach 3e1dd6
     for kex in `${SSH} -Q kex`; do
Petr Lautrbach 3e1dd6
+	if [ $kex = "gss-gex-sha1-" -o $kex = "gss-group1-sha1-" -o $kex = "gss-group14-sha1-" ]; then
Petr Lautrbach 3e1dd6
+		continue
Petr Lautrbach 3e1dd6
+	fi
Petr Lautrbach 3e1dd6
 	verbose "client rekey $c $kex"
Petr Lautrbach 3e1dd6
 	ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
Petr Lautrbach 3e1dd6
     done
Petr Lautrbach 3e1dd6
diff --git a/servconf.c b/servconf.c
Petr Lautrbach 3e1dd6
index f763317..68fb9ef 100644
Petr Lautrbach 3e1dd6
--- a/servconf.c
Petr Lautrbach 3e1dd6
+++ b/servconf.c
Petr Lautrbach 3e1dd6
@@ -108,7 +108,10 @@ initialize_server_options(ServerOptions *options)
Jan F. Chadima 69dd72
 	options->kerberos_ticket_cleanup = -1;
Jan F. Chadima 69dd72
 	options->kerberos_get_afs_token = -1;
Jan F. Chadima 69dd72
 	options->gss_authentication=-1;
Jan F. Chadima 69dd72
+	options->gss_keyex = -1;
Jan F. Chadima 69dd72
 	options->gss_cleanup_creds = -1;
Jan F. Chadima 69dd72
+	options->gss_strict_acceptor = -1;
Jan F. Chadima 69dd72
+	options->gss_store_rekey = -1;
Jan F. Chadima 69dd72
 	options->password_authentication = -1;
Jan F. Chadima 69dd72
 	options->kbd_interactive_authentication = -1;
Jan F. Chadima 69dd72
 	options->challenge_response_authentication = -1;
Petr Lautrbach 3e1dd6
@@ -245,8 +248,14 @@ fill_default_server_options(ServerOptions *options)
Jan F. Chadima 69dd72
 		options->kerberos_get_afs_token = 0;
Jan F. Chadima 69dd72
 	if (options->gss_authentication == -1)
Jan F. Chadima 69dd72
 		options->gss_authentication = 0;
Jan F. Chadima 69dd72
+	if (options->gss_keyex == -1)
Jan F. Chadima 69dd72
+		options->gss_keyex = 0;
Jan F. Chadima 69dd72
 	if (options->gss_cleanup_creds == -1)
Jan F. Chadima 69dd72
 		options->gss_cleanup_creds = 1;
Jan F. Chadima 69dd72
+	if (options->gss_strict_acceptor == -1)
Jan F. Chadima 69dd72
+		options->gss_strict_acceptor = 1;
Jan F. Chadima 69dd72
+	if (options->gss_store_rekey == -1)
Jan F. Chadima 69dd72
+		options->gss_store_rekey = 0;
Jan F. Chadima 69dd72
 	if (options->password_authentication == -1)
Jan F. Chadima 69dd72
 		options->password_authentication = 1;
Jan F. Chadima 69dd72
 	if (options->kbd_interactive_authentication == -1)
Petr Lautrbach 3e1dd6
@@ -344,7 +353,8 @@ typedef enum {
Petr Lautrbach d9e618
 	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
Petr Lautrbach d9e618
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Petr Lautrbach d9e618
 	sClientAliveCountMax, sAuthorizedKeysFile,
Jan F. Chadima 69dd72
-	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
Jan F. Chadima 69dd72
+	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
Petr Lautrbach 3e1dd6
+	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel,
Jan F. Chadima 69dd72
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
Jan F. Chadima 69dd72
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
Petr Lautrbach 3e1dd6
 	sHostCertificate,
Petr Lautrbach 3e1dd6
@@ -411,10 +421,20 @@ static struct {
Jan F. Chadima 69dd72
 #ifdef GSSAPI
Jan F. Chadima 69dd72
 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
Jan F. Chadima 69dd72
 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
 #else
Jan F. Chadima 69dd72
 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
Jan F. Chadima 69dd72
 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
 #endif
Jan F. Chadima 69dd72
+	{ "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
+	{ "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
Jan F. Chadima 69dd72
 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
Jan F. Chadima 69dd72
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
Jan F. Chadima 69dd72
 	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
Petr Lautrbach 3e1dd6
@@ -1091,10 +1111,22 @@ process_server_config_line(ServerOptions *options, char *line,
Jan F. Chadima 69dd72
 		intptr = &options->gss_authentication;
Jan F. Chadima 69dd72
 		goto parse_flag;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	case sGssKeyEx:
Jan F. Chadima 69dd72
+		intptr = &options->gss_keyex;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	case sGssCleanupCreds:
Jan F. Chadima 69dd72
 		intptr = &options->gss_cleanup_creds;
Jan F. Chadima 69dd72
 		goto parse_flag;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+	case sGssStrictAcceptor:
Jan F. Chadima 69dd72
+		intptr = &options->gss_strict_acceptor;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	case sGssStoreRekey:
Jan F. Chadima 69dd72
+		intptr = &options->gss_store_rekey;
Jan F. Chadima 69dd72
+		goto parse_flag;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	case sPasswordAuthentication:
Jan F. Chadima 69dd72
 		intptr = &options->password_authentication;
Jan F. Chadima 69dd72
 		goto parse_flag;
Petr Lautrbach 3e1dd6
@@ -2005,6 +2037,9 @@ dump_config(ServerOptions *o)
Petr Lautrbach d9e618
 #ifdef GSSAPI
Jan F. Chadima 69dd72
 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
Jan F. Chadima 69dd72
 	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
Jan F. Chadima 69dd72
+	dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
Jan F. Chadima 69dd72
+	dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
Jan F. Chadima 69dd72
+	dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
Jan F. Chadima 69dd72
 #endif
Petr Lautrbach 3e1dd6
 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
Petr Lautrbach 3e1dd6
 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
Petr Lautrbach 3e1dd6
diff --git a/servconf.h b/servconf.h
Petr Lautrbach 3e1dd6
index 4572066..37cfa9b 100644
Petr Lautrbach 3e1dd6
--- a/servconf.h
Petr Lautrbach 3e1dd6
+++ b/servconf.h
Petr Lautrbach 3e1dd6
@@ -112,7 +112,10 @@ typedef struct {
Jan F. Chadima 69dd72
 	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
Jan F. Chadima 69dd72
 						 * authenticated with Kerberos. */
Jan F. Chadima 69dd72
 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
Jan F. Chadima 69dd72
+	int     gss_keyex;		/* If true, permit GSSAPI key exchange */
Jan F. Chadima 69dd72
 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
Jan F. Chadima 69dd72
+	int 	gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
Jan F. Chadima 69dd72
+	int 	gss_store_rekey;
Jan F. Chadima 69dd72
 	int     password_authentication;	/* If true, permit password
Jan F. Chadima 69dd72
 						 * authentication. */
Jan F. Chadima 69dd72
 	int     kbd_interactive_authentication;	/* If true, permit */
Petr Lautrbach 3e1dd6
diff --git a/ssh-gss.h b/ssh-gss.h
Petr Lautrbach 3e1dd6
index a99d7f0..0374c88 100644
Petr Lautrbach 3e1dd6
--- a/ssh-gss.h
Petr Lautrbach 3e1dd6
+++ b/ssh-gss.h
Petr Lautrbach 84822b
@@ -1,6 +1,6 @@
Petr Lautrbach 3e1dd6
 /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
Petr Lautrbach 84822b
 /*
Petr Lautrbach 84822b
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
Petr Lautrbach 84822b
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
Petr Lautrbach 84822b
  *
Petr Lautrbach 84822b
  * Redistribution and use in source and binary forms, with or without
Petr Lautrbach 84822b
  * modification, are permitted provided that the following conditions
Petr Lautrbach 84822b
@@ -61,10 +61,22 @@
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 #define SSH_GSS_OIDTYPE 0x06
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_INIT                            30
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_CONTINUE                        31
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_COMPLETE                        32
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_HOSTKEY                         33
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_ERROR                           34
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_GROUPREQ			40
Petr Lautrbach 84822b
+#define SSH2_MSG_KEXGSS_GROUP				41
Petr Lautrbach 84822b
+#define KEX_GSS_GRP1_SHA1_ID				"gss-group1-sha1-"
Petr Lautrbach 84822b
+#define KEX_GSS_GRP14_SHA1_ID				"gss-group14-sha1-"
Petr Lautrbach 84822b
+#define KEX_GSS_GEX_SHA1_ID				"gss-gex-sha1-"
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
 typedef struct {
Petr Lautrbach 84822b
 	char *filename;
Petr Lautrbach 84822b
 	char *envvar;
Petr Lautrbach 84822b
 	char *envval;
Petr Lautrbach 84822b
+	struct passwd *owner;
Petr Lautrbach 84822b
 	void *data;
Petr Lautrbach 84822b
 } ssh_gssapi_ccache;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
@@ -72,8 +84,11 @@ typedef struct {
Petr Lautrbach 84822b
 	gss_buffer_desc displayname;
Petr Lautrbach 84822b
 	gss_buffer_desc exportedname;
Petr Lautrbach 84822b
 	gss_cred_id_t creds;
Petr Lautrbach 84822b
+	gss_name_t name;
Petr Lautrbach 84822b
 	struct ssh_gssapi_mech_struct *mech;
Petr Lautrbach 84822b
 	ssh_gssapi_ccache store;
Petr Lautrbach 84822b
+	int used;
Petr Lautrbach 84822b
+	int updated;
Petr Lautrbach 84822b
 } ssh_gssapi_client;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 typedef struct ssh_gssapi_mech_struct {
Petr Lautrbach 84822b
@@ -84,6 +99,7 @@ typedef struct ssh_gssapi_mech_struct {
Petr Lautrbach 84822b
 	int (*userok) (ssh_gssapi_client *, char *);
Petr Lautrbach 84822b
 	int (*localname) (ssh_gssapi_client *, char **);
Petr Lautrbach 84822b
 	void (*storecreds) (ssh_gssapi_client *);
Petr Lautrbach 84822b
+	int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
Petr Lautrbach 84822b
 } ssh_gssapi_mech;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 typedef struct {
Petr Lautrbach 84822b
@@ -94,10 +110,11 @@ typedef struct {
Petr Lautrbach 84822b
 	gss_OID		oid; /* client */
Petr Lautrbach 84822b
 	gss_cred_id_t	creds; /* server */
Petr Lautrbach 84822b
 	gss_name_t	client; /* server */
Petr Lautrbach 84822b
-	gss_cred_id_t	client_creds; /* server */
Petr Lautrbach 84822b
+	gss_cred_id_t	client_creds; /* both */
Petr Lautrbach 84822b
 } Gssctxt;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 extern ssh_gssapi_mech *supported_mechs[];
Petr Lautrbach 84822b
+extern Gssctxt *gss_kex_context;
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 int  ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
Petr Lautrbach 84822b
 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
Petr Lautrbach 3e1dd6
@@ -119,16 +136,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
Petr Lautrbach 84822b
 void ssh_gssapi_delete_ctx(Gssctxt **);
Petr Lautrbach 84822b
 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
Petr Lautrbach 84822b
 void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
Petr Lautrbach 84822b
-int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
Petr Lautrbach 84822b
+int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *);
Petr Lautrbach 84822b
+OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *);
Petr Lautrbach 84822b
+int ssh_gssapi_credentials_updated(Gssctxt *);
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 /* In the server */
Petr Lautrbach 84822b
+typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, 
Petr Lautrbach 84822b
+    const char *);
Petr Lautrbach 84822b
+char *ssh_gssapi_client_mechanisms(const char *, const char *);
Petr Lautrbach 84822b
+char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *,
Petr Lautrbach 84822b
+    const char *);
Petr Lautrbach 84822b
+gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
Petr Lautrbach 84822b
+int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, 
Petr Lautrbach 84822b
+    const char *);
Petr Lautrbach 84822b
 OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
Petr Lautrbach 84822b
-int ssh_gssapi_userok(char *name);
Petr Lautrbach 84822b
+int ssh_gssapi_userok(char *name, struct passwd *);
Petr Lautrbach 84822b
 OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
Petr Lautrbach 84822b
 void ssh_gssapi_do_child(char ***, u_int *);
Petr Lautrbach 84822b
 void ssh_gssapi_cleanup_creds(void);
Petr Lautrbach 84822b
 void ssh_gssapi_storecreds(void);
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
+char *ssh_gssapi_server_mechanisms(void);
Petr Lautrbach 84822b
+int ssh_gssapi_oid_table_ok();
Petr Lautrbach 84822b
+
Petr Lautrbach 84822b
+int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
Petr Lautrbach 84822b
 #endif /* GSSAPI */
Petr Lautrbach 84822b
 
Petr Lautrbach 84822b
 #endif /* _SSH_GSS_H */
Petr Lautrbach 3e1dd6
diff --git a/ssh_config b/ssh_config
Petr Lautrbach 3e1dd6
index 6d1abaf..b0d343b 100644
Petr Lautrbach 3e1dd6
--- a/ssh_config
Petr Lautrbach 3e1dd6
+++ b/ssh_config
Petr Lautrbach 3e1dd6
@@ -26,6 +26,8 @@
Petr Lautrbach 3e1dd6
 #   HostbasedAuthentication no
Petr Lautrbach 3e1dd6
 #   GSSAPIAuthentication no
Petr Lautrbach 3e1dd6
 #   GSSAPIDelegateCredentials no
Petr Lautrbach 3e1dd6
+#   GSSAPIKeyExchange no
Petr Lautrbach 3e1dd6
+#   GSSAPITrustDNS no
Petr Lautrbach 3e1dd6
 #   BatchMode no
Petr Lautrbach 3e1dd6
 #   CheckHostIP yes
Petr Lautrbach 3e1dd6
 #   AddressFamily any
Petr Lautrbach 3e1dd6
diff --git a/ssh_config.5 b/ssh_config.5
Petr Lautrbach 3e1dd6
index b580392..e7accd6 100644
Petr Lautrbach 3e1dd6
--- a/ssh_config.5
Petr Lautrbach 3e1dd6
+++ b/ssh_config.5
Petr Lautrbach 3e1dd6
@@ -682,11 +682,43 @@ Specifies whether user authentication based on GSSAPI is allowed.
Jan F. Chadima 69dd72
 The default is
Jan F. Chadima 69dd72
 .Dq no .
Jan F. Chadima 69dd72
 Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
+.It Cm GSSAPIKeyExchange
Jan F. Chadima 69dd72
+Specifies whether key exchange based on GSSAPI may be used. When using
Jan F. Chadima 69dd72
+GSSAPI key exchange the server need not have a host key.
Jan F. Chadima 69dd72
+The default is
Jan F. Chadima 69dd72
+.Dq no .
Jan F. Chadima 69dd72
+Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
+.It Cm GSSAPIClientIdentity
Jan F. Chadima 69dd72
+If set, specifies the GSSAPI client identity that ssh should use when 
Jan F. Chadima 69dd72
+connecting to the server. The default is unset, which means that the default 
Jan F. Chadima 69dd72
+identity will be used.
Jan F. Chadima 69dd72
+.It Cm GSSAPIServerIdentity
Jan F. Chadima 69dd72
+If set, specifies the GSSAPI server identity that ssh should expect when 
Jan F. Chadima 69dd72
+connecting to the server. The default is unset, which means that the
Jan F. Chadima 69dd72
+expected GSSAPI server identity will be determined from the target
Jan F. Chadima 69dd72
+hostname.
Jan F. Chadima 69dd72
 .It Cm GSSAPIDelegateCredentials
Jan F. Chadima 69dd72
 Forward (delegate) credentials to the server.
Jan F. Chadima 69dd72
 The default is
Jan F. Chadima 69dd72
 .Dq no .
Jan F. Chadima 69dd72
-Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
+Note that this option applies to protocol version 2 connections using GSSAPI.
Jan F. Chadima 69dd72
+.It Cm GSSAPIRenewalForcesRekey
Jan F. Chadima 69dd72
+If set to 
Jan F. Chadima 69dd72
+.Dq yes
Jan F. Chadima 69dd72
+then renewal of the client's GSSAPI credentials will force the rekeying of the
Jan F. Chadima 69dd72
+ssh connection. With a compatible server, this can delegate the renewed 
Jan F. Chadima 69dd72
+credentials to a session on the server.
Jan F. Chadima 69dd72
+The default is
Jan F. Chadima 69dd72
+.Dq no .
Jan F. Chadima 69dd72
+.It Cm GSSAPITrustDns
Jan F. Chadima 69dd72
+Set to 
Jan F. Chadima 69dd72
+.Dq yes to indicate that the DNS is trusted to securely canonicalize
Jan F. Chadima 69dd72
+the name of the host being connected to. If 
Jan F. Chadima 69dd72
+.Dq no, the hostname entered on the
Jan F. Chadima 69dd72
+command line will be passed untouched to the GSSAPI library.
Jan F. Chadima 69dd72
+The default is
Jan F. Chadima 69dd72
+.Dq no .
Jan F. Chadima 69dd72
+This option only applies to protocol version 2 connections using GSSAPI.
Jan F. Chadima 69dd72
 .It Cm HashKnownHosts
Jan F. Chadima 69dd72
 Indicates that
Jan F. Chadima 69dd72
 .Xr ssh 1
Petr Lautrbach 3e1dd6
diff --git a/sshconnect2.c b/sshconnect2.c
Petr Lautrbach 3e1dd6
index adbbfc7..cadf234 100644
Petr Lautrbach 3e1dd6
--- a/sshconnect2.c
Petr Lautrbach 3e1dd6
+++ b/sshconnect2.c
Petr Lautrbach 3e1dd6
@@ -158,9 +158,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	Kex *kex;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	char *orig = NULL, *gss = NULL;
Jan F. Chadima 69dd72
+	char *gss_host = NULL;
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	xxx_host = host;
Jan F. Chadima 69dd72
 	xxx_hostaddr = hostaddr;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	if (options.gss_keyex) {
Jan F. Chadima 69dd72
+		/* Add the GSSAPI mechanisms currently supported on this 
Jan F. Chadima 69dd72
+		 * client to the key exchange algorithm proposal */
Jan F. Chadima 69dd72
+		orig = myproposal[PROPOSAL_KEX_ALGS];
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		if (options.gss_trust_dns)
Jan F. Chadima 69dd72
+			gss_host = (char *)get_canonical_hostname(1);
Jan F. Chadima 69dd72
+		else
Jan F. Chadima 69dd72
+			gss_host = host;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+		gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
Jan F. Chadima 69dd72
+		if (gss) {
Jan F. Chadima 69dd72
+			debug("Offering GSSAPI proposal: %s", gss);
Jan F. Chadima 69dd72
+			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
Jan F. Chadima 69dd72
+			    "%s,%s", gss, orig);
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	if (options.ciphers == (char *)-1) {
Jan F. Chadima 69dd72
 		logit("No valid ciphers for protocol version 2 given, using defaults.");
Jan F. Chadima 69dd72
 		options.ciphers = NULL;
Petr Lautrbach 3e1dd6
@@ -196,6 +221,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
Jan F. Chadima 69dd72
 	if (options.kex_algorithms != NULL)
Jan F. Chadima 69dd72
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	/* If we've got GSSAPI algorithms, then we also support the
Jan F. Chadima 69dd72
+	 * 'null' hostkey, as a last resort */
Jan F. Chadima 69dd72
+	if (options.gss_keyex && gss) {
Jan F. Chadima 69dd72
+		orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
Jan F. Chadima 69dd72
+		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 
Jan F. Chadima 69dd72
+		    "%s,null", orig);
Petr Lautrbach 84822b
+		free(gss);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Petr Lautrbach 84822b
 	if (options.rekey_limit || options.rekey_interval)
Petr Lautrbach 84822b
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
Petr Lautrbach 84822b
 		    (time_t)options.rekey_interval);
Petr Lautrbach 3e1dd6
@@ -208,10 +244,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
Jan F. Chadima 69dd72
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
Jan F. Chadima 69dd72
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
Petr Lautrbach 3e1dd6
 	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	if (options.gss_keyex) {
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
 	kex->client_version_string=client_version_string;
Jan F. Chadima 69dd72
 	kex->server_version_string=server_version_string;
Jan F. Chadima 69dd72
 	kex->verify_host_key=&verify_host_key_callback;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	if (options.gss_keyex) {
Jan F. Chadima 69dd72
+		kex->gss_deleg_creds = options.gss_deleg_creds;
Jan F. Chadima 69dd72
+		kex->gss_trust_dns = options.gss_trust_dns;
Jan F. Chadima 69dd72
+		kex->gss_client = options.gss_client_identity;
Jan F. Chadima 69dd72
+		if (options.gss_server_identity) {
Jan F. Chadima 69dd72
+			kex->gss_host = options.gss_server_identity;
Jan F. Chadima 69dd72
+		} else {
Jan F. Chadima 69dd72
+			kex->gss_host = gss_host;
Jan F. Chadima 69dd72
+        }
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	xxx_kex = kex;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Petr Lautrbach 3e1dd6
@@ -301,6 +357,7 @@ void	input_gssapi_token(int type, u_int32_t, void *);
Jan F. Chadima 69dd72
 void	input_gssapi_hash(int type, u_int32_t, void *);
Jan F. Chadima 69dd72
 void	input_gssapi_error(int, u_int32_t, void *);
Jan F. Chadima 69dd72
 void	input_gssapi_errtok(int, u_int32_t, void *);
Jan F. Chadima 69dd72
+int	userauth_gsskeyex(Authctxt *authctxt);
Jan F. Chadima 69dd72
 #endif
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 void	userauth(Authctxt *, char *);
Petr Lautrbach 3e1dd6
@@ -316,6 +373,11 @@ static char *authmethods_get(void);
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 Authmethod authmethods[] = {
Jan F. Chadima 69dd72
 #ifdef GSSAPI
Jan F. Chadima 69dd72
+	{"gssapi-keyex",
Jan F. Chadima 69dd72
+		userauth_gsskeyex,
Jan F. Chadima 69dd72
+		NULL,
Jan F. Chadima 69dd72
+		&options.gss_authentication,
Jan F. Chadima 69dd72
+		NULL},
Jan F. Chadima 69dd72
 	{"gssapi-with-mic",
Jan F. Chadima 69dd72
 		userauth_gssapi,
Jan F. Chadima 69dd72
 		NULL,
Petr Lautrbach 3e1dd6
@@ -613,19 +675,31 @@ userauth_gssapi(Authctxt *authctxt)
Jan F. Chadima 69dd72
 	static u_int mech = 0;
Jan F. Chadima 69dd72
 	OM_uint32 min;
Jan F. Chadima 69dd72
 	int ok = 0;
Jan F. Chadima 69dd72
+	const char *gss_host;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (options.gss_server_identity)
Jan F. Chadima 69dd72
+		gss_host = options.gss_server_identity;
Jan F. Chadima 69dd72
+	else if (options.gss_trust_dns)
Jan F. Chadima 69dd72
+		gss_host = get_canonical_hostname(1);
Jan F. Chadima 69dd72
+	else
Jan F. Chadima 69dd72
+		gss_host = authctxt->host;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	/* Try one GSSAPI method at a time, rather than sending them all at
Jan F. Chadima 69dd72
 	 * once. */
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	if (gss_supported == NULL)
Jan F. Chadima 69dd72
-		gss_indicate_mechs(&min, &gss_supported);
Jan F. Chadima 69dd72
+		if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
Jan F. Chadima 69dd72
+			gss_supported = NULL;
Jan F. Chadima 69dd72
+			return 0;
Jan F. Chadima 69dd72
+		}
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	/* Check to see if the mechanism is usable before we offer it */
Jan F. Chadima 69dd72
 	while (mech < gss_supported->count && !ok) {
Jan F. Chadima 69dd72
 		/* My DER encoding requires length<128 */
Jan F. Chadima 69dd72
 		if (gss_supported->elements[mech].length < 128 &&
Jan F. Chadima 69dd72
 		    ssh_gssapi_check_mechanism(&gssctxt, 
Jan F. Chadima 69dd72
-		    &gss_supported->elements[mech], authctxt->host)) {
Jan F. Chadima 69dd72
+		    &gss_supported->elements[mech], gss_host, 
Jan F. Chadima 69dd72
+                    options.gss_client_identity)) {
Jan F. Chadima 69dd72
 			ok = 1; /* Mechanism works */
Jan F. Chadima 69dd72
 		} else {
Jan F. Chadima 69dd72
 			mech++;
Petr Lautrbach 3e1dd6
@@ -722,8 +796,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
Jan F. Chadima 69dd72
 {
Jan F. Chadima 69dd72
 	Authctxt *authctxt = ctxt;
Jan F. Chadima 69dd72
 	Gssctxt *gssctxt;
Jan F. Chadima 69dd72
-	int oidlen;
Jan F. Chadima 69dd72
-	char *oidv;
Jan F. Chadima 69dd72
+	u_int oidlen;
Jan F. Chadima 69dd72
+	u_char *oidv;
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 	if (authctxt == NULL)
Jan F. Chadima 69dd72
 		fatal("input_gssapi_response: no authentication context");
Petr Lautrbach 3e1dd6
@@ -832,6 +906,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
Petr Lautrbach 84822b
 	free(msg);
Petr Lautrbach 84822b
 	free(lang);
Jan F. Chadima 69dd72
 }
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+int
Jan F. Chadima 69dd72
+userauth_gsskeyex(Authctxt *authctxt)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	Buffer b;
Jan F. Chadima 69dd72
+	gss_buffer_desc gssbuf;
Jan F. Chadima 69dd72
+	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
Jan F. Chadima 69dd72
+	OM_uint32 ms;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	static int attempt = 0;
Jan F. Chadima 69dd72
+	if (attempt++ >= 1)
Jan F. Chadima 69dd72
+		return (0);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss_kex_context == NULL) {
Jan F. Chadima 69dd72
+		debug("No valid Key exchange context"); 
Jan F. Chadima 69dd72
+		return (0);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
Jan F. Chadima 69dd72
+	    "gssapi-keyex");
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	gssbuf.value = buffer_ptr(&b);
Jan F. Chadima 69dd72
+	gssbuf.length = buffer_len(&b);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
Jan F. Chadima 69dd72
+		buffer_free(&b);
Jan F. Chadima 69dd72
+		return (0);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Jan F. Chadima 69dd72
+	packet_put_cstring(authctxt->server_user);
Jan F. Chadima 69dd72
+	packet_put_cstring(authctxt->service);
Jan F. Chadima 69dd72
+	packet_put_cstring(authctxt->method->name);
Jan F. Chadima 69dd72
+	packet_put_string(mic.value, mic.length);
Jan F. Chadima 69dd72
+	packet_send();
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	buffer_free(&b);
Jan F. Chadima 69dd72
+	gss_release_buffer(&ms, &mic);
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	return (1);
Jan F. Chadima 69dd72
+}
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 #endif /* GSSAPI */
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 int
Petr Lautrbach 3e1dd6
diff --git a/sshd.c b/sshd.c
Petr Lautrbach 3e1dd6
index 24ab272..e4e406e 100644
Petr Lautrbach 3e1dd6
--- a/sshd.c
Petr Lautrbach 3e1dd6
+++ b/sshd.c
Petr Lautrbach 3e1dd6
@@ -122,6 +122,10 @@
Jan F. Chadima 69dd72
 #include "ssh-sandbox.h"
Jan F. Chadima 69dd72
 #include "version.h"
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef USE_SECURITY_SESSION_API
Jan F. Chadima 69dd72
+#include <Security/AuthSession.h>
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 #ifdef LIBWRAP
Jan F. Chadima 69dd72
 #include <tcpd.h>
Jan F. Chadima 69dd72
 #include <syslog.h>
Petr Lautrbach 3e1dd6
@@ -1744,10 +1748,13 @@ main(int ac, char **av)
Jan F. Chadima 69dd72
 		logit("Disabling protocol version 1. Could not load host key");
Jan F. Chadima 69dd72
 		options.protocol &= ~SSH_PROTO_1;
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
+#ifndef GSSAPI
Jan F. Chadima 69dd72
+	/* The GSSAPI key exchange can run without a host key */
Jan F. Chadima 69dd72
 	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
Jan F. Chadima 69dd72
 		logit("Disabling protocol version 2. Could not load host key");
Jan F. Chadima 69dd72
 		options.protocol &= ~SSH_PROTO_2;
Jan F. Chadima 69dd72
 	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
 	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
Jan F. Chadima 69dd72
 		logit("sshd: no hostkeys available -- exiting.");
Jan F. Chadima 69dd72
 		exit(1);
Petr Lautrbach 3e1dd6
@@ -2488,6 +2495,48 @@ do_ssh2_kex(void)
Petr Lautrbach 3e1dd6
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
Petr Lautrbach 3e1dd6
 	    list_hostkey_types());
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	{
Jan F. Chadima 69dd72
+	char *orig;
Jan F. Chadima 69dd72
+	char *gss = NULL;
Jan F. Chadima 69dd72
+	char *newstr = NULL;
Jan F. Chadima 69dd72
+	orig = myproposal[PROPOSAL_KEX_ALGS];
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* 
Jan F. Chadima 69dd72
+	 * If we don't have a host key, then there's no point advertising
Jan F. Chadima 69dd72
+	 * the other key exchange algorithms
Jan F. Chadima 69dd72
+	 */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
Jan F. Chadima 69dd72
+		orig = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (options.gss_keyex)
Jan F. Chadima 69dd72
+		gss = ssh_gssapi_server_mechanisms();
Jan F. Chadima 69dd72
+	else
Jan F. Chadima 69dd72
+		gss = NULL;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (gss && orig)
Jan F. Chadima 69dd72
+		xasprintf(&newstr, "%s,%s", gss, orig);
Jan F. Chadima 69dd72
+	else if (gss)
Jan F. Chadima 69dd72
+		newstr = gss;
Jan F. Chadima 69dd72
+	else if (orig)
Jan F. Chadima 69dd72
+		newstr = orig;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	/* 
Jan F. Chadima 69dd72
+	 * If we've got GSSAPI mechanisms, then we've got the 'null' host
Jan F. Chadima 69dd72
+	 * key alg, but we can't tell people about it unless its the only
Jan F. Chadima 69dd72
+  	 * host key algorithm we support
Jan F. Chadima 69dd72
+	 */
Jan F. Chadima 69dd72
+	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
Jan F. Chadima 69dd72
+		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (newstr)
Jan F. Chadima 69dd72
+		myproposal[PROPOSAL_KEX_ALGS] = newstr;
Jan F. Chadima 69dd72
+	else
Jan F. Chadima 69dd72
+		fatal("No supported key exchange algorithms");
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
 	/* start key exchange */
Jan F. Chadima 69dd72
 	kex = kex_setup(myproposal);
Jan F. Chadima 69dd72
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
Petr Lautrbach 3e1dd6
@@ -2496,6 +2545,13 @@ do_ssh2_kex(void)
Jan F. Chadima 69dd72
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
Jan F. Chadima 69dd72
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
Petr Lautrbach 3e1dd6
 	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
Jan F. Chadima 69dd72
+#ifdef GSSAPI
Jan F. Chadima 69dd72
+	if (options.gss_keyex) {
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+		kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+#endif
Jan F. Chadima 69dd72
 	kex->server = 1;
Jan F. Chadima 69dd72
 	kex->client_version_string=client_version_string;
Jan F. Chadima 69dd72
 	kex->server_version_string=server_version_string;
Petr Lautrbach 3e1dd6
diff --git a/sshd_config b/sshd_config
Petr Lautrbach 3e1dd6
index c1b7c03..adfd7b1 100644
Petr Lautrbach 3e1dd6
--- a/sshd_config
Petr Lautrbach 3e1dd6
+++ b/sshd_config
Petr Lautrbach 3e1dd6
@@ -91,6 +91,8 @@ ChallengeResponseAuthentication no
Petr Lautrbach 3e1dd6
 # GSSAPI options
Petr Lautrbach 3e1dd6
 GSSAPIAuthentication yes
Petr Lautrbach 3e1dd6
 GSSAPICleanupCredentials no
Petr Lautrbach 3e1dd6
+#GSSAPIStrictAcceptorCheck yes
Petr Lautrbach 3e1dd6
+#GSSAPIKeyExchange no
Petr Lautrbach 3e1dd6
 
Petr Lautrbach 3e1dd6
 # Set this to 'yes' to enable PAM authentication, account processing,
Petr Lautrbach 3e1dd6
 # and session processing. If this is enabled, PAM authentication will
Petr Lautrbach 3e1dd6
diff --git a/sshd_config.5 b/sshd_config.5
Petr Lautrbach 3e1dd6
index 95b5f8c..1fb002d 100644
Petr Lautrbach 3e1dd6
--- a/sshd_config.5
Petr Lautrbach 3e1dd6
+++ b/sshd_config.5
Petr Lautrbach 3e1dd6
@@ -493,12 +493,40 @@ Specifies whether user authentication based on GSSAPI is allowed.
Jan F. Chadima 69dd72
 The default is
Jan F. Chadima 69dd72
 .Dq no .
Jan F. Chadima 69dd72
 Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
+.It Cm GSSAPIKeyExchange
Jan F. Chadima 69dd72
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
Jan F. Chadima 69dd72
+doesn't rely on ssh keys to verify host identity.
Jan F. Chadima 69dd72
+The default is
Jan F. Chadima 69dd72
+.Dq no .
Jan F. Chadima 69dd72
+Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
 .It Cm GSSAPICleanupCredentials
Jan F. Chadima 69dd72
 Specifies whether to automatically destroy the user's credentials cache
Jan F. Chadima 69dd72
 on logout.
Jan F. Chadima 69dd72
 The default is
Jan F. Chadima 69dd72
 .Dq yes .
Jan F. Chadima 69dd72
 Note that this option applies to protocol version 2 only.
Jan F. Chadima 69dd72
+.It Cm GSSAPIStrictAcceptorCheck
Jan F. Chadima 69dd72
+Determines whether to be strict about the identity of the GSSAPI acceptor 
Jan F. Chadima 69dd72
+a client authenticates against. If
Jan F. Chadima 69dd72
+.Dq yes
Jan F. Chadima 69dd72
+then the client must authenticate against the
Jan F. Chadima 69dd72
+.Pa host
Jan F. Chadima 69dd72
+service on the current hostname. If 
Jan F. Chadima 69dd72
+.Dq no
Jan F. Chadima 69dd72
+then the client may authenticate against any service key stored in the 
Jan F. Chadima 69dd72
+machine's default store. This facility is provided to assist with operation 
Jan F. Chadima 69dd72
+on multi homed machines. 
Jan F. Chadima 69dd72
+The default is
Jan F. Chadima 69dd72
+.Dq yes .
Jan F. Chadima 69dd72
+Note that this option applies only to protocol version 2 GSSAPI connections,
Jan F. Chadima 69dd72
+and setting it to 
Jan F. Chadima 69dd72
+.Dq no
Jan F. Chadima 69dd72
+may only work with recent Kerberos GSSAPI libraries.
Jan F. Chadima 69dd72
+.It Cm GSSAPIStoreCredentialsOnRekey
Jan F. Chadima 69dd72
+Controls whether the user's GSSAPI credentials should be updated following a 
Jan F. Chadima 69dd72
+successful connection rekeying. This option can be used to accepted renewed 
Jan F. Chadima 69dd72
+or updated credentials from a compatible client. The default is
Jan F. Chadima 69dd72
+.Dq no .
Jan F. Chadima 69dd72
 .It Cm HostbasedAuthentication
Jan F. Chadima 69dd72
 Specifies whether rhosts or /etc/hosts.equiv authentication together
Jan F. Chadima 69dd72
 with successful public key client host authentication is allowed