Attachment #125 for bug #324




/*
 * Try krb5 authentication. server_user is passed for logging purposes
 * only, in auth is received ticket, in client is returned principal
 * from the ticket, put things to send back in reply.
 */
int
auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
{
	krb5_error_code problem;
	krb5_principal server;
	krb5_data reply;
	krb5_ticket *ticket;
	int fd, ret;

	ret = 0;
	server = NULL;
	ticket = NULL;
	reply.length = 0;

	problem = krb5_init(authctxt);
	if (problem)


	/* if client wants mutual auth */
	problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
	    reply);
	if (problem)
		goto err;


		krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
		    client);

	/* sending reply in caller */
	packet_put_string((char *) reply.data, reply.length);
	packet_send();
	packet_write_wait();

	ret = 1;
 err:

		krb5_free_principal(authctxt->krb5_ctx, server);
	if (ticket)
		krb5_free_ticket(authctxt->krb5_ctx, ticket);
	if (reply.length)
		xfree(reply.data);

	if (problem) {
		if (authctxt->krb5_ctx != NULL)

Lines 398-406 Link Here

(-)openssh-3.4p1/sshconnect1.c (-2 / +3 lines)
398	struct stat st;	398	struct stat st;
399		399
400	/* Don't do anything if we don't have any tickets. */	400	/* Don't do anything if we don't have any tickets. */
401	if (stat(tkt_string(), &st) < 0)	401	if (stat(tkt_string(), &st) < 0) {
		402	debug("Kerberos v4: no ticket file %s",tkt_string());
402	return 0;	403	return 0;
403		404	}
404	strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),	405	strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
405	INST_SZ);	406	INST_SZ);
406		407




				if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
					KTEXT_ST tkt;
					KTEXT_ST reply;
					tkt.length = dlen;
					if (tkt.length < MAX_KTXT_LEN)
						memcpy(tkt.dat, kdata, tkt.length);

					if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) {
						authenticated = 1;

						packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
						packet_put_string((char *) reply.dat, reply.length);
						packet_send();
						packet_write_wait();

						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);

#endif /* KRB4 */
				} else {
#ifdef KRB5
				  	krb5_data tkt, reply;
					tkt.length = dlen;
					tkt.data = kdata;
					reply.length = 0;

					if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) {
						authenticated = 1;

						packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
						packet_put_string((char *) reply.data, reply.length);
						packet_send();
						packet_write_wait();
						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);
					}
					if (reply.length)
				        	xfree(reply.data);

#endif /* KRB5 */
				}
				xfree(kdata);




}

int
auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
{
	AUTH_DAT adat = {0};
	KTEXT_ST reply;
	Key_schedule schedule;
	struct sockaddr_in local, foreign;
	char instance[INST_SZ];


	/* If we can't successfully encrypt the checksum, we send back an
	   empty message, admitting our failure. */
	if ((r = krb_mk_priv((u_char *) & cksum, reply->dat, sizeof(cksum) + 1,
	    schedule, &adat.session, &local, &foreign)) < 0) {
		debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]);
		reply->dat[0] = 0;
		reply->length = 0;
	} else
		reply->length = r;

	/* Clear session key. */
	memset(&adat.session, 0, sizeof(&adat.session));

	packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
	packet_put_string((char *) reply.dat, reply.length);
	packet_send();
	packet_write_wait();
	return (1);
}
#endif /* KRB4 */

#ifdef AFS
int
auth_krb4_tgt(Authctxt *authctxt, const char *string, const int /*unused*/ length)
{
	CREDENTIALS creds;
	struct passwd *pw;

}

int
auth_afs_token(Authctxt *authctxt, const char *token_string, const int /*unused*/ token_length)
{
	CREDENTIALS creds;
	struct passwd *pw;




	MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
	MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
#ifdef KRB4
	MONITOR_REQ_AUTHKRB4, MONITOR_ANS_AUTHKRB4,
#endif
#ifdef AFS
	MONITOR_REQ_KRB4TGT, MONITOR_ANS_KRB4TGT,
	MONITOR_REQ_AFSTOKEN, MONITOR_ANS_AFSTOKEN,
#endif
#ifdef KRB5
	MONITOR_REQ_AUTHKRB5, MONITOR_ANS_AUTHKRB5,
	MONITOR_REQ_KRB5TGT, MONITOR_ANS_KRB5TGT,
#endif
	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
	MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,
	MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,




	return (authenticated);
}

/* do Kerberos4 .klogin authentication */
#ifdef KRB4
int
mm_auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
{
 	Buffer m;
	int rlen;
	int authenticated = 0;
	char* reply_tmp;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, auth->dat, auth->length);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHKRB4, &m);

	debug3("%s: waiting for MONITOR_ANS_AUTHKRB4", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHKRB4, &m);

	authenticated = buffer_get_int(&m);
	if(authenticated) {
		*client = buffer_get_string(&m, NULL);
		reply_tmp =  buffer_get_string(&m, &rlen);
		/* have to get the string back into the fixed char field */
		if(rlen >= MAX_KTXT_LEN)
		 fatal("%s: received too large KRB4 reply from monitor", __func__);
		memcpy(reply->dat, reply_tmp, rlen);
		reply->length = rlen;
		memset(reply_tmp,0, rlen);
		xfree(reply_tmp);
	}
	buffer_free(&m);

	debug3("%s: user %s %sauthenticated",
	    __func__, *client, authenticated ? "" : "not ");
	return (authenticated); 
}
#endif /* KRB4 */

#ifdef AFS
int
mm_auth_krb4_tgt(Authctxt *authctxt, const char *tgt_string, const int tgt_length)
{
 	Buffer m;
	int accepted = 0;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, tgt_string, tgt_length);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4TGT, &m);

	debug3("%s: waiting for MONITOR_ANS_KRB4TGT", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4TGT, &m);

	accepted = buffer_get_int(&m);
	buffer_free(&m);

	debug3("%s: KRB4 TGT %saccepted",
	    __func__, accepted ? "" : "not ");
	return (accepted); 
}

int
mm_auth_afs_token(Authctxt *authctxt, const char *token_string, const int token_length)
{
 	Buffer m;
	int accepted = 0;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, token_string, token_length);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AFSTOKEN, &m);

	debug3("%s: waiting for MONITOR_ANS_AFSTOKEN", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AFSTOKEN, &m);

	accepted = buffer_get_int(&m);
	buffer_free(&m);

	debug3("%s: AFS token %saccepted",
	    __func__, accepted ? "" : "not ");
	return (accepted); 
}
#endif /* AFS */

/* do Kerberos5 .klogin authentication */
#ifdef KRB5
int
mm_auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
{
 	Buffer m;
	int authenticated = 0;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, auth->data, auth->length);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHKRB5, &m);

	debug3("%s: waiting for MONITOR_ANS_AUTHKRB5", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHKRB5, &m);

	authenticated = buffer_get_int(&m);
	if(authenticated) {
		*client = buffer_get_string(&m, NULL);
		reply->data =  buffer_get_string(&m, &(reply->length));
	}
	buffer_free(&m);

	debug3("%s: user %s %sauthenticated",
	    __func__, *client, authenticated ? "" : "not ");
	return (authenticated); 
}

int
mm_auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt)
{
 	Buffer m;
	int accepted = 0;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, tgt->data, tgt->length);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5TGT, &m);

	debug3("%s: waiting for MONITOR_ANS_KRB5TGT", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5TGT, &m);

	accepted = buffer_get_int(&m);
	buffer_free(&m);

	debug3("%s: KRB5 TGT %saccepted",
	    __func__, accepted ? "" : "not ");
	return (accepted); 
}
#endif /* KRB5 */

int
mm_user_key_allowed(struct passwd *pw, Key *key)
{





#ifdef KRB4
#include <krb.h>
int     auth_krb4(Authctxt *, KTEXT, char **, KTEXT);
int	auth_krb4_password(Authctxt *, const char *);
void    krb4_cleanup_proc(void *);

#ifdef AFS
#include <kafs.h>
int     auth_krb4_tgt(Authctxt *, const char *, const int);
int     auth_afs_token(Authctxt *, const char *, const int);
#endif /* AFS */

#endif /* KRB4 */

#ifdef KRB5
int	auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply);
int	auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
int	auth_krb5_password(Authctxt *authctxt, const char *password);
void	krb5_cleanup_proc(void *authctxt);




					tgt.data = kdata;
					tgt.length = dlen;

					if (PRIVSEP(auth_krb5_tgt(s->authctxt, &tgt)))
						success = 1;
					else
						verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
#endif /* KRB5 */
				} else {
#ifdef AFS
				  	if (PRIVSEP(auth_krb4_tgt(s->authctxt, kdata, dlen)))
						success = 1;
					else
						verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
#endif /* AFS */
				}
				memset(kdata, 0, dlen);
				xfree(kdata);
			}
			break;

				char *token = packet_get_string(&dlen);
				packet_check_eom();

				if (PRIVSEP(auth_afs_token(s->authctxt, token, dlen)))
					success = 1;
				else
					verbose("AFS token refused for %.100s",
					    s->authctxt->user);
				memset(token, 0, dlen);
				xfree(token);
			}
			break;

Lines 101-106 Link Here

(-)openssh-3.4p1/monitor.c (+171 lines)
101	int mm_answer_auth2_read_banner(int, Buffer *);	101	int mm_answer_auth2_read_banner(int, Buffer *);
102	int mm_answer_authserv(int, Buffer *);	102	int mm_answer_authserv(int, Buffer *);
103	int mm_answer_authpassword(int, Buffer *);	103	int mm_answer_authpassword(int, Buffer *);
		104	#ifdef KRB4
		105	int mm_answer_authkrb4(int, Buffer *);
		106	#endif
		107	#ifdef AFS
		108	int mm_answer_krb4tgt(int, Buffer *);
		109	int mm_answer_afstoken(int, Buffer *);
		110	#endif
		111	#ifdef KRB5
		112	int mm_answer_authkrb5(int, Buffer *);
		113	int mm_answer_krb5tgt(int, Buffer *);
		114	#endif
104	int mm_answer_bsdauthquery(int, Buffer *);	115	int mm_answer_bsdauthquery(int, Buffer *);
105	int mm_answer_bsdauthrespond(int, Buffer *);	116	int mm_answer_bsdauthrespond(int, Buffer *);
106	int mm_answer_skeyquery(int, Buffer *);	117	int mm_answer_skeyquery(int, Buffer *);
Lines 188-197 Link Here
188	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},	199	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
189	{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},	200	{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
190	{MONITOR_REQ_RSARESPONSE, MON_ONCE\|MON_AUTHDECIDE, mm_answer_rsa_response},	201	{MONITOR_REQ_RSARESPONSE, MON_ONCE\|MON_AUTHDECIDE, mm_answer_rsa_response},
		202	#ifdef KRB4
		203	{MONITOR_REQ_AUTHKRB4, MON_AUTH, mm_answer_authkrb4},
		204	#endif
		205	#ifdef KRB5
		206	{MONITOR_REQ_AUTHKRB5, MON_AUTH, mm_answer_authkrb5},
		207	{MONITOR_REQ_KRB5TGT, MON_ONCE, mm_answer_krb5tgt},
		208	#endif
191	#ifdef BSD_AUTH	209	#ifdef BSD_AUTH
192	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},	210	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
193	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},	211	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
194	#endif	212	#endif
		213	#ifdef AFS
		214	{MONITOR_REQ_KRB4TGT, MON_ONCE, mm_answer_krb4tgt},
		215	{MONITOR_REQ_AFSTOKEN, MON_ONCE, mm_answer_afstoken},
		216	#endif
195	#ifdef SKEY	217	#ifdef SKEY
196	{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},	218	{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
197	{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},	219	{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
Lines 719-724 Link Here
719	}	741	}
720	#endif	742	#endif
721		743
		744	#ifdef KRB4
		745	int
		746	mm_answer_authkrb4(int socket, Buffer *m)
		747	{
		748	KTEXT_ST auth;
		749	KTEXT_ST reply;
		750	char localuser, auth_tmp;
		751	int authenticated, authlen;
		752
		753	auth_tmp = buffer_get_string(m, &authlen);
		754	if (authlen >= MAX_KTXT_LEN)
		755	fatal("%s: received too large KRB4 auth from privsep", __func__);
		756	memcpy(auth.dat, auth_tmp, authlen);
		757	auth.length = authlen;
		758	memset(auth_tmp,0, authlen);
		759	xfree(auth_tmp);
		760	/* Only authenticate if the context is valid */
		761	authenticated = options.kerberos_authentication &&
		762	authctxt->valid &&
		763	auth_krb4(authctxt, &auth, &localuser, &reply);
		764
		765	memset(auth.dat, 0, authlen);
		766
		767	buffer_clear(m);
		768	buffer_put_int(m, authenticated);
		769	if(authenticated) {
		770	buffer_put_cstring(m, localuser);
		771	buffer_put_string(m, reply.dat, reply.length);
		772	}
		773
		774	memset(reply.dat, 0, reply.length);
		775
		776	debug3("%s: sending result %d", __func__, authenticated);
		777	mm_request_send(socket, MONITOR_ANS_AUTHKRB4, m);
		778
		779	auth_method = "KRB4.klogin";
		780
		781	/* Causes monitor loop to terminate if authenticated */
		782	return (authenticated);
		783	}
		784	#endif /* KRB4 */
		785
		786	#ifdef AFS
		787	int
		788	mm_answer_krb4tgt(int socket, Buffer *m)
		789	{
		790	char *tgt_string;
		791	int tgt_length;
		792
		793	int accepted;
		794
		795	tgt_string = buffer_get_string(m, &tgt_length);
		796
		797	accepted = options.kerberos_tgt_passing &&
		798	auth_krb4_tgt(authctxt, tgt_string, tgt_length);
		799	memset(tgt_string, 0, tgt_length);
		800
		801	buffer_clear(m);
		802	buffer_put_int(m, accepted);
		803	debug3("%s: sending result %d", __func__, accepted);
		804	mm_request_send(socket, MONITOR_ANS_KRB4TGT, m);
		805
		806	return (0);
		807	}
808
809	int
810	mm_answer_afstoken(int socket, Buffer *m)
811	{
812	char *token_string;
813	int token_length;
814
815	int accepted;
816
817	token_string = buffer_get_string(m, &token_length);
818
819	accepted = options.afs_token_passing &&
820	k_hasafs() &&
821	auth_afs_token(authctxt, token_string, token_length);
822	memset(token_string, 0, token_length);
823
824	buffer_clear(m);
825	buffer_put_int(m, accepted);
826	debug3("%s: sending result %d", __func__, accepted);
827	mm_request_send(socket, MONITOR_ANS_AFSTOKEN, m);
828
829	return (0);
830	}
831	#endif /* AFS */
832
833	#ifdef KRB5
834	int
835	mm_answer_authkrb5(int socket, Buffer *m)
836	{
837	krb5_data auth;
838	krb5_data reply;
839	char *localuser;
840	int authenticated;
841
842	auth.data = buffer_get_string(m, &auth.length);
843
844	/* Only authenticate if the context is valid */
845	authenticated = options.kerberos_authentication &&
846	authctxt->valid &&
847	auth_krb5(authctxt, &auth, &localuser, &reply);
848
849	memset(auth.data, 0, auth.length);
850	xfree(auth.data);
851
852	buffer_clear(m);
853	buffer_put_int(m, authenticated);
854	if(authenticated) {
855	buffer_put_cstring(m, localuser);
856	buffer_put_string(m, reply.data, reply.length);
857	}
858
859	memset(reply.data, 0, reply.length);
860	xfree(reply.data);
861
862	debug3("%s: sending result %d", __func__, authenticated);
863	mm_request_send(socket, MONITOR_ANS_AUTHKRB5, m);
864
865	auth_method = "KRB5.klogin";
866
867	/* Causes monitor loop to terminate if authenticated */
868	return (authenticated);
869	}
870
871	int
872	mm_answer_krb5tgt(int socket, Buffer *m)
873	{
874	krb5_data tgt;
875
876	int accepted;
877
878	tgt.data = buffer_get_string(m, &(tgt.length));
879
880	accepted = options.kerberos_tgt_passing &&
881	auth_krb5_tgt(authctxt, &tgt);
882	memset(tgt.data, 0, tgt.length);
883
884	buffer_clear(m);
885	buffer_put_int(m, accepted);
886	debug3("%s: sending result %d", __func__, accepted);
887	mm_request_send(socket, MONITOR_ANS_KRB5TGT, m);
888
889	return (0);
890	}
891	#endif /* KRB5 */
892
722	#ifdef USE_PAM	893	#ifdef USE_PAM
723	int	894	int
724	mm_answer_pam_start(int socket, Buffer *m)	895	mm_answer_pam_start(int socket, Buffer *m)

Lines 30-35 Link Here

(-)openssh-3.4p1/monitor_wrap.h (+22 lines)
30	#include "key.h"	30	#include "key.h"
31	#include "buffer.h"	31	#include "buffer.h"
32		32
		33	#ifdef KRB4
		34	#include <krb.h>
		35	#endif
		36
		37	#ifdef KRB5
		38	#include <krb5.h>
		39	#endif
		40
33	extern int use_privsep;	41	extern int use_privsep;
34	#define PRIVSEP(x) (use_privsep ? mm_##x : x)	42	#define PRIVSEP(x) (use_privsep ? mm_##x : x)
35		43
Lines 59-64 Link Here
59	void mm_start_pam(char *);	67	void mm_start_pam(char *);
60	#endif	68	#endif
61		69
		70	#ifdef KRB4
		71	int mm_auth_krb4(struct Authctxt , KTEXT , char *, KTEXT );
		72	#endif
		73
		74	#ifdef AFS
		75	int mm_auth_krb4_tgt(struct Authctxt , const char , const int);
		76	int mm_auth_afs_token(struct Authctxt , const char , const int);
		77	#endif
		78
		79	#ifdef KRB5
		80	int mm_auth_krb5(struct Authctxt , krb5_data , char *, krb5_data );
		81	int mm_auth_krb5_tgt(struct Authctxt , krb5_data );
		82	#endif
		83
62	void mm_terminate(void);	84	void mm_terminate(void);
63	int mm_pty_allocate(int , int , char *, int);	85	int mm_pty_allocate(int , int , char *, int);
64	void mm_session_pty_cleanup2(void *);	86	void mm_session_pty_cleanup2(void *);

Return to bug 324

Lines 119-131 Link Here

(-)openssh-3.4p1/auth1.c (-4 / +19 lines)
119	if (kdata[0] == 4) { /* KRB_PROT_VERSION */	119	if (kdata[0] == 4) { /* KRB_PROT_VERSION */
120	#ifdef KRB4	120	#ifdef KRB4
121	KTEXT_ST tkt;	121	KTEXT_ST tkt;
122		122	KTEXT_ST reply;
123	tkt.length = dlen;	123	tkt.length = dlen;
124	if (tkt.length < MAX_KTXT_LEN)	124	if (tkt.length < MAX_KTXT_LEN)
125	memcpy(tkt.dat, kdata, tkt.length);	125	memcpy(tkt.dat, kdata, tkt.length);
126		126
127	if (auth_krb4(authctxt, &tkt, &client_user)) {	127	if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) {
128	authenticated = 1;	128	authenticated = 1;
		129
		130	packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
		131	packet_put_string((char *) reply.dat, reply.length);
		132	packet_send();
		133	packet_write_wait();
		134
129	snprintf(info, sizeof(info),	135	snprintf(info, sizeof(info),
130	" tktuser %.100s",	136	" tktuser %.100s",
131	client_user);	137	client_user);
Lines 133-148 Link Here
133	#endif /* KRB4 */	139	#endif /* KRB4 */
134	} else {	140	} else {
135	#ifdef KRB5	141	#ifdef KRB5
136	krb5_data tkt;	142	krb5_data tkt, reply;
137	tkt.length = dlen;	143	tkt.length = dlen;
138	tkt.data = kdata;	144	tkt.data = kdata;
		145	reply.length = 0;
139		146
140	if (auth_krb5(authctxt, &tkt, &client_user)) {	147	if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) {
141	authenticated = 1;	148	authenticated = 1;
		149
		150	packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
		151	packet_put_string((char *) reply.data, reply.length);
		152	packet_send();
		153	packet_write_wait();
142	snprintf(info, sizeof(info),	154	snprintf(info, sizeof(info),
143	" tktuser %.100s",	155	" tktuser %.100s",
144	client_user);	156	client_user);
145	}	157	}
		158	if (reply.length)
		159	xfree(reply.data);
		160
146	#endif /* KRB5 */	161	#endif /* KRB5 */
147	}	162	}
148	xfree(kdata);	163	xfree(kdata);

Lines 210-219 Link Here

(-)openssh-3.4p1/auth-krb4.c (-13 / +7 lines)
210	}	210	}
211		211
212	int	212	int
213	auth_krb4(Authctxt authctxt, KTEXT auth, char *client)	213	auth_krb4(Authctxt authctxt, KTEXT auth, char *client, KTEXT reply)
214	{	214	{
215	AUTH_DAT adat = {0};	215	AUTH_DAT adat = {0};
216	KTEXT_ST reply;
217	Key_schedule schedule;	216	Key_schedule schedule;
218	struct sockaddr_in local, foreign;	217	struct sockaddr_in local, foreign;
219	char instance[INST_SZ];	218	char instance[INST_SZ];
Lines 263-290 Link Here
263		262
264	/* If we can't successfully encrypt the checksum, we send back an	263	/* If we can't successfully encrypt the checksum, we send back an
265	empty message, admitting our failure. */	264	empty message, admitting our failure. */
266	if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1,	265	if ((r = krb_mk_priv((u_char *) & cksum, reply->dat, sizeof(cksum) + 1,
267	schedule, &adat.session, &local, &foreign)) < 0) {	266	schedule, &adat.session, &local, &foreign)) < 0) {
268	debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]);	267	debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]);
269	reply.dat[0] = 0;	268	reply->dat[0] = 0;
270	reply.length = 0;	269	reply->length = 0;
271	} else	270	} else
272	reply.length = r;	271	reply->length = r;
273		272
274	/* Clear session key. */	273	/* Clear session key. */
275	memset(&adat.session, 0, sizeof(&adat.session));	274	memset(&adat.session, 0, sizeof(&adat.session));
276
277	packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
278	packet_put_string((char *) reply.dat, reply.length);
279	packet_send();
280	packet_write_wait();
281	return (1);	275	return (1);
282	}	276	}
283	#endif /* KRB4 */	277	#endif /* KRB4 */
284		278
285	#ifdef AFS	279	#ifdef AFS
286	int	280	int
287	auth_krb4_tgt(Authctxt authctxt, const char string)	281	auth_krb4_tgt(Authctxt authctxt, const char string, const int /unused/ length)
288	{	282	{
289	CREDENTIALS creds;	283	CREDENTIALS creds;
290	struct passwd *pw;	284	struct passwd *pw;
Lines 339-345 Link Here
339	}	333	}
340		334
341	int	335	int
342	auth_afs_token(Authctxt authctxt, const char token_string)	336	auth_afs_token(Authctxt authctxt, const char token_string, const int /unused/ token_length)
343	{	337	{
344	CREDENTIALS creds;	338	CREDENTIALS creds;
345	struct passwd *pw;	339	struct passwd *pw;

Lines 268-273 Link Here

(-)openssh-3.4p1/monitor_wrap.c (+140 lines)
268	return (authenticated);	268	return (authenticated);
269	}	269	}
270		270
		271	/* do Kerberos4 .klogin authentication */
		272	#ifdef KRB4
		273	int
		274	mm_auth_krb4(Authctxt authctxt, KTEXT auth, char *client, KTEXT reply)
		275	{
		276	Buffer m;
		277	int rlen;
		278	int authenticated = 0;
		279	char* reply_tmp;
		280
		281	debug3("%s entering", __func__);
		282
		283	buffer_init(&m);
		284	buffer_put_string(&m, auth->dat, auth->length);
		285	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHKRB4, &m);
		286
		287	debug3("%s: waiting for MONITOR_ANS_AUTHKRB4", __func__);
		288	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHKRB4, &m);
		289
		290	authenticated = buffer_get_int(&m);
		291	if(authenticated) {
		292	*client = buffer_get_string(&m, NULL);
		293	reply_tmp = buffer_get_string(&m, &rlen);
		294	/* have to get the string back into the fixed char field */
		295	if(rlen >= MAX_KTXT_LEN)
		296	fatal("%s: received too large KRB4 reply from monitor", __func__);
		297	memcpy(reply->dat, reply_tmp, rlen);
		298	reply->length = rlen;
		299	memset(reply_tmp,0, rlen);
		300	xfree(reply_tmp);
		301	}
		302	buffer_free(&m);
		303
		304	debug3("%s: user %s %sauthenticated",
		305	__func__, *client, authenticated ? "" : "not ");
		306	return (authenticated);
		307	}
		308	#endif /* KRB4 */
		309
		310	#ifdef AFS
		311	int
		312	mm_auth_krb4_tgt(Authctxt authctxt, const char tgt_string, const int tgt_length)
		313	{
		314	Buffer m;
		315	int accepted = 0;
		316
		317	debug3("%s entering", __func__);
		318
		319	buffer_init(&m);
		320	buffer_put_string(&m, tgt_string, tgt_length);
		321	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4TGT, &m);
		322
		323	debug3("%s: waiting for MONITOR_ANS_KRB4TGT", __func__);
		324	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4TGT, &m);
		325
		326	accepted = buffer_get_int(&m);
		327	buffer_free(&m);
		328
		329	debug3("%s: KRB4 TGT %saccepted",
		330	__func__, accepted ? "" : "not ");
		331	return (accepted);
		332	}
		333
		334	int
335	mm_auth_afs_token(Authctxt authctxt, const char token_string, const int token_length)
336	{
337	Buffer m;
338	int accepted = 0;
339
340	debug3("%s entering", __func__);
341
342	buffer_init(&m);
343	buffer_put_string(&m, token_string, token_length);
344	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AFSTOKEN, &m);
345
346	debug3("%s: waiting for MONITOR_ANS_AFSTOKEN", __func__);
347	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AFSTOKEN, &m);
348
349	accepted = buffer_get_int(&m);
350	buffer_free(&m);
351
352	debug3("%s: AFS token %saccepted",
353	__func__, accepted ? "" : "not ");
354	return (accepted);
355	}
356	#endif /* AFS */
357
358	/* do Kerberos5 .klogin authentication */
359	#ifdef KRB5
360	int
361	mm_auth_krb5(Authctxt authctxt, krb5_data auth, char *client, krb5_data reply)
362	{
363	Buffer m;
364	int authenticated = 0;
365
366	debug3("%s entering", __func__);
367
368	buffer_init(&m);
369	buffer_put_string(&m, auth->data, auth->length);
370	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHKRB5, &m);
371
372	debug3("%s: waiting for MONITOR_ANS_AUTHKRB5", __func__);
373	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHKRB5, &m);
374
375	authenticated = buffer_get_int(&m);
376	if(authenticated) {
377	*client = buffer_get_string(&m, NULL);
378	reply->data = buffer_get_string(&m, &(reply->length));
379	}
380	buffer_free(&m);
381
382	debug3("%s: user %s %sauthenticated",
383	__func__, *client, authenticated ? "" : "not ");
384	return (authenticated);
385	}
386
387	int
388	mm_auth_krb5_tgt(Authctxt authctxt, krb5_data tgt)
389	{
390	Buffer m;
391	int accepted = 0;
392
393	debug3("%s entering", __func__);
394
395	buffer_init(&m);
396	buffer_put_string(&m, tgt->data, tgt->length);
397	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5TGT, &m);
398
399	debug3("%s: waiting for MONITOR_ANS_KRB5TGT", __func__);
400	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5TGT, &m);
401
402	accepted = buffer_get_int(&m);
403	buffer_free(&m);
404
405	debug3("%s: KRB5 TGT %saccepted",
406	__func__, accepted ? "" : "not ");
407	return (accepted);
408	}
409	#endif /* KRB5 */
410
271	int	411	int
272	mm_user_key_allowed(struct passwd pw, Key key)	412	mm_user_key_allowed(struct passwd pw, Key key)
273	{	413	{

Lines 361-379 Link Here

(-)openssh-3.4p1/session.c (-3 / +5 lines)
361	tgt.data = kdata;	361	tgt.data = kdata;
362	tgt.length = dlen;	362	tgt.length = dlen;
363		363
364	if (auth_krb5_tgt(s->authctxt, &tgt))	364	if (PRIVSEP(auth_krb5_tgt(s->authctxt, &tgt)))
365	success = 1;	365	success = 1;
366	else	366	else
367	verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);	367	verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
368	#endif /* KRB5 */	368	#endif /* KRB5 */
369	} else {	369	} else {
370	#ifdef AFS	370	#ifdef AFS
371	if (auth_krb4_tgt(s->authctxt, kdata))	371	if (PRIVSEP(auth_krb4_tgt(s->authctxt, kdata, dlen)))
372	success = 1;	372	success = 1;
373	else	373	else
374	verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);	374	verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
375	#endif /* AFS */	375	#endif /* AFS */
376	}	376	}
		377	memset(kdata, 0, dlen);
377	xfree(kdata);	378	xfree(kdata);
378	}	379	}
379	break;	380	break;
Lines 388-398 Link Here
388	char *token = packet_get_string(&dlen);	389	char *token = packet_get_string(&dlen);
389	packet_check_eom();	390	packet_check_eom();
390		391
391	if (auth_afs_token(s->authctxt, token))	392	if (PRIVSEP(auth_afs_token(s->authctxt, token, dlen)))
392	success = 1;	393	success = 1;
393	else	394	else
394	verbose("AFS token refused for %.100s",	395	verbose("AFS token refused for %.100s",
395	s->authctxt->user);	396	s->authctxt->user);
		397	memset(token, 0, dlen);
396	xfree(token);	398	xfree(token);
397	}	399	}
398	break;	400	break;

Lines 70-90 Link Here

(-)openssh-3.4p1/auth-krb5.c (-11 / +4 lines)
70	/*	70	/*
71	* Try krb5 authentication. server_user is passed for logging purposes	71	* Try krb5 authentication. server_user is passed for logging purposes
72	* only, in auth is received ticket, in client is returned principal	72	* only, in auth is received ticket, in client is returned principal
73	* from the ticket	73	* from the ticket, put things to send back in reply.
74	*/	74	*/
75	int	75	int
76	auth_krb5(Authctxt authctxt, krb5_data auth, char **client)	76	auth_krb5(Authctxt authctxt, krb5_data auth, char *client, krb5_data reply)
77	{	77	{
78	krb5_error_code problem;	78	krb5_error_code problem;
79	krb5_principal server;	79	krb5_principal server;
80	krb5_data reply;
81	krb5_ticket *ticket;	80	krb5_ticket *ticket;
82	int fd, ret;	81	int fd, ret;
83		82
84	ret = 0;	83	ret = 0;
85	server = NULL;	84	server = NULL;
86	ticket = NULL;	85	ticket = NULL;
87	reply.length = 0;
88		86
89	problem = krb5_init(authctxt);	87	problem = krb5_init(authctxt);
90	if (problem)	88	if (problem)
Lines 131-137 Link Here
131		129
132	/* if client wants mutual auth */	130	/* if client wants mutual auth */
133	problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,	131	problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
134	&reply);	132	reply);
135	if (problem)	133	if (problem)
136	goto err;	134	goto err;
137		135
Lines 144-153 Link Here
144	krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,	142	krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
145	client);	143	client);
146		144
147	packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);	145	/* sending reply in caller */
148	packet_put_string((char *) reply.data, reply.length);
149	packet_send();
150	packet_write_wait();
151		146
152	ret = 1;	147	ret = 1;
153	err:	148	err:
Lines 155-162 Link Here
155	krb5_free_principal(authctxt->krb5_ctx, server);	150	krb5_free_principal(authctxt->krb5_ctx, server);
156	if (ticket)	151	if (ticket)
157	krb5_free_ticket(authctxt->krb5_ctx, ticket);	152	krb5_free_ticket(authctxt->krb5_ctx, ticket);
158	if (reply.length)
159	xfree(reply.data);
160		153
161	if (problem) {	154	if (problem) {
162	if (authctxt->krb5_ctx != NULL)	155	if (authctxt->krb5_ctx != NULL)

Lines 33-38 Link Here

(-)openssh-3.4p1/monitor.h (+11 lines)
33	MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,	33	MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
34	MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,	34	MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
35	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,	35	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
		36	#ifdef KRB4
		37	MONITOR_REQ_AUTHKRB4, MONITOR_ANS_AUTHKRB4,
		38	#endif
		39	#ifdef AFS
		40	MONITOR_REQ_KRB4TGT, MONITOR_ANS_KRB4TGT,
		41	MONITOR_REQ_AFSTOKEN, MONITOR_ANS_AFSTOKEN,
		42	#endif
		43	#ifdef KRB5
		44	MONITOR_REQ_AUTHKRB5, MONITOR_ANS_AUTHKRB5,
		45	MONITOR_REQ_KRB5TGT, MONITOR_ANS_KRB5TGT,
		46	#endif
36	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,	47	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
37	MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,	48	MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,
38	MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,	49	MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,

Lines 113-132 Link Here

(-)openssh-3.4p1/auth.h (-4 / +4 lines)
113		113
114	#ifdef KRB4	114	#ifdef KRB4
115	#include <krb.h>	115	#include <krb.h>
116	int auth_krb4(Authctxt , KTEXT, char *);	116	int auth_krb4(Authctxt , KTEXT, char *, KTEXT);
117	int auth_krb4_password(Authctxt , const char );	117	int auth_krb4_password(Authctxt , const char );
118	void krb4_cleanup_proc(void *);	118	void krb4_cleanup_proc(void *);
119		119
120	#ifdef AFS	120	#ifdef AFS
121	#include <kafs.h>	121	#include <kafs.h>
122	int auth_krb4_tgt(Authctxt , const char );	122	int auth_krb4_tgt(Authctxt , const char , const int);
123	int auth_afs_token(Authctxt , const char );	123	int auth_afs_token(Authctxt , const char , const int);
124	#endif /* AFS */	124	#endif /* AFS */
125		125
126	#endif /* KRB4 */	126	#endif /* KRB4 */
127		127
128	#ifdef KRB5	128	#ifdef KRB5
129	int auth_krb5(Authctxt authctxt, krb5_data auth, char **client);	129	int auth_krb5(Authctxt authctxt, krb5_data auth, char *client, krb5_data reply);
130	int auth_krb5_tgt(Authctxt authctxt, krb5_data tgt);	130	int auth_krb5_tgt(Authctxt authctxt, krb5_data tgt);
131	int auth_krb5_password(Authctxt authctxt, const char password);	131	int auth_krb5_password(Authctxt authctxt, const char password);
132	void krb5_cleanup_proc(void *authctxt);	132	void krb5_cleanup_proc(void *authctxt);