33 #elif defined(HAVE_GSSAPI_GSSAPI_H)
34 #include <gssapi/gssapi.h>
39 # ifdef HAVE_GSSAPI_GENERIC_H
40 # include <gssapi_generic.h>
41 # elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
42 # include <gssapi/gssapi_generic.h>
47 # if !HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
48 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
54 extern char **k5users_allowed_cmds;
59 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
60 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
61 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
62 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
63 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
64 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
66 #define SSH_GSS_OIDTYPE 0x06
68 #define SSH2_MSG_KEXGSS_INIT 30
69 #define SSH2_MSG_KEXGSS_CONTINUE 31
70 #define SSH2_MSG_KEXGSS_COMPLETE 32
71 #define SSH2_MSG_KEXGSS_HOSTKEY 33
72 #define SSH2_MSG_KEXGSS_ERROR 34
73 #define SSH2_MSG_KEXGSS_GROUPREQ 40
74 #define SSH2_MSG_KEXGSS_GROUP 41
75 #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-"
76 #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-"
77 #define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-"
78 #define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-"
79 #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-"
80 #define KEX_GSS_NISTP256_SHA256_ID "gss-nistp256-sha256-"
81 #define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-"
83 #define GSS_KEX_DEFAULT_KEX \
84 KEX_GSS_GRP14_SHA256_ID "," \
85 KEX_GSS_GRP16_SHA512_ID "," \
86 KEX_GSS_NISTP256_SHA256_ID "," \
87 KEX_GSS_C25519_SHA256_ID "," \
88 KEX_GSS_GRP14_SHA1_ID "," \
101 gss_buffer_desc displayname;
102 gss_buffer_desc exportedname;
104 gss_name_t cred_name, ctx_name;
105 struct ssh_gssapi_mech_struct *mech;
106 ssh_gssapi_ccache store;
107 gss_ctx_id_t context;
112 typedef struct ssh_gssapi_mech_struct {
116 int (*dochild) (ssh_gssapi_client *);
117 int (*userok) (ssh_gssapi_client *,
char *);
118 int (*localname) (ssh_gssapi_client *,
char **);
119 int (*storecreds) (ssh_gssapi_client *);
120 int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
126 gss_ctx_id_t context;
131 gss_cred_id_t client_creds;
134 extern ssh_gssapi_mech *supported_mechs[];
135 extern Gssctxt *gss_kex_context;
137 int ssh_gssapi_check_oid(Gssctxt *,
void *,
size_t);
138 void ssh_gssapi_set_oid_data(Gssctxt *,
void *,
size_t);
139 void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
140 void ssh_gssapi_supported_oids(gss_OID_set *);
141 ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
142 void ssh_gssapi_prepare_supported_oids(
void);
143 OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID,
int *);
146 int ssh_gssapi_get_buffer_desc(
struct sshbuf *, gss_buffer_desc *);
147 int ssh_gssapi_sshpkt_get_buffer_desc(
struct ssh *, gss_buffer_desc *);
149 OM_uint32 ssh_gssapi_import_name(Gssctxt *,
const char *);
150 OM_uint32 ssh_gssapi_init_ctx(Gssctxt *,
int,
151 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
152 OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
153 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
154 OM_uint32 ssh_gssapi_getclient(Gssctxt *, ssh_gssapi_client *);
155 void ssh_gssapi_error(Gssctxt *);
156 char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
157 void ssh_gssapi_build_ctx(Gssctxt **);
158 void ssh_gssapi_delete_ctx(Gssctxt **);
159 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
160 void ssh_gssapi_buildmic(
struct sshbuf *,
const char *,
161 const char *,
const char *,
const struct sshbuf *);
162 int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID,
const char *,
const char *);
163 OM_uint32 ssh_gssapi_client_identity(Gssctxt *,
const char *);
164 int ssh_gssapi_credentials_updated(Gssctxt *);
166 int ssh_gssapi_localname(
char **name);
167 void ssh_gssapi_rekey_creds();
170 typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID,
const char *,
172 char *ssh_gssapi_client_mechanisms(
const char *,
const char *,
const char *);
173 char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *,
const char *,
174 const char *,
const char *);
175 gss_OID ssh_gssapi_id_kex(Gssctxt *,
char *,
int);
176 int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID,
const char *,
178 OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
179 int ssh_gssapi_userok(
char *name,
struct passwd *,
int kex);
180 OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
181 void ssh_gssapi_do_child(
char ***, u_int *);
182 void ssh_gssapi_cleanup_creds(
void);
183 int ssh_gssapi_storecreds(
void);
184 const char *ssh_gssapi_displayname(
void);
186 char *ssh_gssapi_server_mechanisms(
void);
187 int ssh_gssapi_oid_table_ok(
void);
189 int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
190 void ssh_gssapi_rekey_creds(
void);