feat: add "gssapi-keyex" for server

feat: add negative auth client tests, and more key exchange server tests feat: add function for checkinf if GSSAPI key exchange was performed Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2024-08-15 07:11:20 +00:00
parent bc5211d055
commit 9044fcdb52
11 changed files with 397 additions and 56 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -2473,9 +2473,7 @@ int ssh_userauth_gssapi_keyex(ssh_session session)
 {
    int rc = SSH_AUTH_DENIED;
 #ifdef WITH_GSSAPI
-    ssh_buffer buf = ssh_buffer_new();
-    gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
-    OM_uint32 maj_stat, min_stat;
+    OM_uint32 min_stat;
    gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;

    switch(session->pending_call_state) {
@@ -2492,15 +2490,11 @@ int ssh_userauth_gssapi_keyex(ssh_session session)
    }

    /* Check if GSSAPI Key exchange was performed */
-    switch (session->current_crypto->kex_type) {
-        case SSH_GSS_KEX_DH_GROUP14_SHA256:
-        case SSH_GSS_KEX_DH_GROUP16_SHA512:
-            break;
-        default:
-            ssh_set_error(session,
-                          SSH_FATAL,
-                          "Attempt to authenticate with \"gssapi-keyex\" without doing GSSAPI Key exchange.");
-            return SSH_ERROR;
+    if (!ssh_kex_is_gss(session->current_crypto)) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Attempt to authenticate with \"gssapi-keyex\" without doing GSSAPI Key exchange.");
+        return SSH_ERROR;
    }

    rc = ssh_userauth_request_service(session);
@@ -2515,38 +2509,14 @@ int ssh_userauth_gssapi_keyex(ssh_session session)
    session->auth.state = SSH_AUTH_STATE_NONE;
    session->pending_call_state = SSH_PENDING_CALL_AUTH_GSSAPI_KEYEX;

-    rc = ssh_buffer_pack(buf,
-                         "dPbsss",
-                         session->current_crypto->session_id_len,
-                         session->current_crypto->session_id_len,
-                         session->current_crypto->session_id,
-                         SSH2_MSG_USERAUTH_REQUEST,
-                         session->opts.username,
-                         "ssh-connection",
-                         "gssapi-keyex");
+    session->gssapi->user = strdup(session->opts.username);
+    rc = ssh_gssapi_auth_keyex_mic(session, &mic_token_buf);
    if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
        session->auth.state = SSH_AUTH_STATE_NONE;
        session->pending_call_state = SSH_PENDING_CALL_NONE;
        return rc;
    }

-    mic_buf.length = ssh_buffer_get_len(buf);
-    mic_buf.value = ssh_buffer_get(buf);
-
-    maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT,
-                           &mic_buf, &mic_token_buf);
-    if (GSS_ERROR(maj_stat)) {
-        ssh_gssapi_log_error(SSH_LOG_DEBUG,
-                             "generating MIC",
-                             maj_stat,
-                             min_stat);
-        session->auth.state = SSH_AUTH_STATE_NONE;
-        session->pending_call_state = SSH_PENDING_CALL_NONE;
-        return SSH_ERROR;
-    }
-    SSH_BUFFER_FREE(buf);
-
    rc = ssh_buffer_pack(session->out_buffer,
                         "bsssdP",
                         SSH2_MSG_USERAUTH_REQUEST,
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -457,7 +457,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)

 #endif /* WITH_SERVER */

-static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
+ssh_buffer ssh_gssapi_build_mic(ssh_session session, const char *context)
 {
    struct ssh_crypto_struct *crypto = NULL;
    ssh_buffer mic_buffer = NULL;
@@ -481,7 +481,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
                         SSH2_MSG_USERAUTH_REQUEST,
                         session->gssapi->user,
                         "ssh-connection",
-                         "gssapi-with-mic");
+                         context);
    if (rc != SSH_OK) {
        ssh_set_error_oom(session);
        SSH_BUFFER_FREE(mic_buffer);
@@ -516,7 +516,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
        goto error;
    }

-    mic_buffer = ssh_gssapi_build_mic(session);
+    mic_buffer = ssh_gssapi_build_mic(session, "gssapi-with-mic");
    if (mic_buffer == NULL) {
        ssh_set_error_oom(session);
        goto error;
@@ -1166,6 +1166,40 @@ out:
    return SSH_AUTH_ERROR;
 }

+/**
+ * @brief Get the MIC for "gssapi-keyex" authentication.
+ * @returns SSH_ERROR:   A serious error happened\n
+ *          SSH_OK:      MIC token is stored in mic_token_buf
+ */
+int ssh_gssapi_auth_keyex_mic(ssh_session session, gss_buffer_desc *mic_token_buf) {
+    ssh_buffer buf = NULL;
+    gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
+    OM_uint32 maj_stat, min_stat;
+
+    buf = ssh_gssapi_build_mic(session, "gssapi-keyex");
+    if (buf == NULL) {
+        ssh_set_error_oom(session);
+        return SSH_ERROR;
+    }
+
+    mic_buf.length = ssh_buffer_get_len(buf);
+    mic_buf.value = ssh_buffer_get(buf);
+
+    maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT,
+                           &mic_buf, mic_token_buf);
+    if (GSS_ERROR(maj_stat)) {
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
+                             "generating MIC",
+                             maj_stat,
+                             min_stat);
+        SSH_BUFFER_FREE(buf);
+        return SSH_ERROR;
+    }
+    SSH_BUFFER_FREE(buf);
+
+    return SSH_OK;
+}
+
 static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
 {
    gss_OID ret = NULL;
@@ -1275,7 +1309,7 @@ static int ssh_gssapi_send_mic(ssh_session session)

    SSH_LOG(SSH_LOG_PACKET,"Sending SSH_MSG_USERAUTH_GSSAPI_MIC");

-    mic_buffer = ssh_gssapi_build_mic(session);
+    mic_buffer = ssh_gssapi_build_mic(session, "gssapi-with-mic");
    if (mic_buffer == NULL) {
        ssh_set_error_oom(session);
        return SSH_ERROR;
--- a/src/kex.c
+++ b/src/kex.c
@@ -1480,14 +1480,9 @@ int ssh_make_sessionid(ssh_session session)
    }

    if (session->server) {
-        switch (session->next_crypto->kex_type) {
-        case SSH_GSS_KEX_DH_GROUP14_SHA256:
-        case SSH_GSS_KEX_DH_GROUP16_SHA512:
+        if (ssh_kex_is_gss(session->next_crypto)) {
            ssh_string_free(server_pubkey_blob);
            server_pubkey_blob = ssh_string_new(0);
-            break;
-        default:
-            break;
        }
    }

@@ -2020,3 +2015,21 @@ error:

    return rc;
 }
+
+/** @internal
+ * @brief Check if a given crypto context has a GSSAPI KEX set
+ *
+ * @param[in] crypto The SSH crypto context
+ * @return true if the KEX of the context is a GSSAPI KEX, false otherwise
+ */
+bool
+ssh_kex_is_gss(struct ssh_crypto_struct *crypto)
+{
+    switch (crypto->kex_type) {
+    case SSH_GSS_KEX_DH_GROUP14_SHA256:
+    case SSH_GSS_KEX_DH_GROUP16_SHA512:
+        return true;
+    default:
+        return false;
+    }
+}
--- a/src/messages.c
+++ b/src/messages.c
@@ -1145,6 +1145,67 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request)
        SAFE_FREE(method);
        SSH_MESSAGE_FREE(msg);

+        return SSH_PACKET_USED;
+    }
+    if (strcmp(method, "gssapi-keyex") == 0) {
+        gss_buffer_desc received_mic = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
+        ssh_string mic_token_string = NULL;
+        OM_uint32 maj_stat, min_stat;
+        ssh_buffer buf = NULL;
+
+        if (!ssh_kex_is_gss(session->current_crypto)) {
+            ssh_set_error(session,
+                          SSH_FATAL,
+                          "Attempt to authenticate with \"gssapi-keyex\" without doing GSSAPI Key Exchange");
+            ssh_auth_reply_default(session, 0);
+            goto error;
+        }
+
+        rc = ssh_buffer_unpack(packet, "S", &mic_token_string);
+        if (rc != SSH_OK){
+            ssh_auth_reply_default(session, 0);
+            goto error;
+        }
+        received_mic.length = ssh_string_len(mic_token_string);
+        received_mic.value = ssh_string_data(mic_token_string);
+
+        session->gssapi->user = strdup(msg->auth_request.username);
+        buf = ssh_gssapi_build_mic(session, "gssapi-keyex");
+        if (buf == NULL) {
+            ssh_set_error_oom(session);
+            SSH_STRING_FREE(mic_token_string);
+            ssh_auth_reply_default(session, 0);
+            goto error;
+        }
+
+        mic_buf.length = ssh_buffer_get_len(buf);
+        mic_buf.value = ssh_buffer_get(buf);
+
+        maj_stat = gss_verify_mic(&min_stat,
+                                  session->gssapi->ctx,
+                                  &mic_buf,
+                                  &received_mic,
+                                  NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            ssh_set_error(session,
+                          SSH_FATAL,
+                          "Failed to verify MIC for \"gssapi-keyex\" auth");
+            SSH_BUFFER_FREE(buf);
+            SSH_STRING_FREE(mic_token_string);
+            ssh_auth_reply_default(session, 0);
+            goto error;
+        }
+
+        ssh_auth_reply_success(session, 0);
+
+        /* bypass the message queue thing */
+        SAFE_FREE(service);
+        SAFE_FREE(method);
+        SSH_BUFFER_FREE(buf);
+        SSH_MESSAGE_FREE(msg);
+        SSH_STRING_FREE(mic_token_string);
+
        return SSH_PACKET_USED;
    }
 #endif
--- a/src/server.c
+++ b/src/server.c
@@ -699,6 +699,12 @@ int ssh_auth_reply_default(ssh_session session,int partial) {
 	  strncat(methods_c,"gssapi-with-mic,",
 			  sizeof(methods_c) - strlen(methods_c) - 1);
  }
+    /* Check if GSSAPI Key exchange was performed */
+    if (session->auth.supported_methods & SSH_AUTH_METHOD_GSSAPI_KEYEX) {
+        if (ssh_kex_is_gss(session->current_crypto)) {
+            strncat(methods_c, "gssapi-keyex,", sizeof(methods_c) - strlen(methods_c) - 1);
+        }
+    }
  if (session->auth.supported_methods & SSH_AUTH_METHOD_INTERACTIVE) {
    strncat(methods_c, "keyboard-interactive,",
            sizeof(methods_c) - strlen(methods_c) - 1);