crypto/heimdal/appl/ftp/ftpd/gssapi.c

   1 /*
   2  * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #ifdef FTP_SERVER
  35 #include "ftpd_locl.h"
  36 #else
  37 #include "ftp_locl.h"
  38 #endif
  39 #include <gssapi/gssapi.h>
  40 #include <gssapi/gssapi_krb5.h>
  41 #include <krb5_err.h>
  42
  43 RCSID("$Id$");
  44
  45 int ftp_do_gss_bindings = 0;
  46 int ftp_do_gss_delegate = 1;
  47
  48 struct gssapi_data {
  49     gss_ctx_id_t context_hdl;
  50     gss_name_t client_name;
  51     gss_cred_id_t delegated_cred_handle;
  52     void *mech_data;
  53 };
  54
  55 static int
  56 gss_init(void *app_data)
  57 {
  58     struct gssapi_data *d = app_data;
  59     d->context_hdl = GSS_C_NO_CONTEXT;
  60     d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
  61 #if defined(FTP_SERVER)
  62     return 0;
  63 #else
  64     /* XXX Check the gss mechanism; with  gss_indicate_mechs() ? */
  65 #ifdef KRB5
  66     return !use_kerberos;
  67 #else
  68     return 0;
  69 #endif /* KRB5 */
  70 #endif /* FTP_SERVER */
  71 }
  72
  73 static int
  74 gss_check_prot(void *app_data, int level)
  75 {
  76     if(level == prot_confidential)
  77         return -1;
  78     return 0;
  79 }
  80
  81 static int
  82 gss_decode(void *app_data, void *buf, int len, int level)
  83 {
  84     OM_uint32 maj_stat, min_stat;
  85     gss_buffer_desc input, output;
  86     gss_qop_t qop_state;
  87     int conf_state;
  88     struct gssapi_data *d = app_data;
  89     size_t ret_len;
  90
  91     input.length = len;
  92     input.value = buf;
  93     maj_stat = gss_unwrap (&min_stat,
  94                            d->context_hdl,
  95                            &input,
  96                            &output,
  97                            &conf_state,
  98                            &qop_state);
  99     if(GSS_ERROR(maj_stat))
 100         return -1;
 101     memmove(buf, output.value, output.length);
 102     ret_len = output.length;
 103     gss_release_buffer(&min_stat, &output);
 104     return ret_len;
 105 }
 106
 107 static int
 108 gss_overhead(void *app_data, int level, int len)
 109 {
 110     return 100; /* dunno? */
 111 }
 112
 113
 114 static int
 115 gss_encode(void *app_data, void *from, int length, int level, void **to)
 116 {
 117     OM_uint32 maj_stat, min_stat;
 118     gss_buffer_desc input, output;
 119     int conf_state;
 120     struct gssapi_data *d = app_data;
 121
 122     input.length = length;
 123     input.value = from;
 124     maj_stat = gss_wrap (&min_stat,
 125                          d->context_hdl,
 126                          level == prot_private,
 127                          GSS_C_QOP_DEFAULT,
 128                          &input,
 129                          &conf_state,
 130                          &output);
 131     *to = output.value;
 132     return output.length;
 133 }
 134
 135 static void
 136 sockaddr_to_gss_address (struct sockaddr *sa,
 137                          OM_uint32 *addr_type,
 138                          gss_buffer_desc *gss_addr)
 139 {
 140     switch (sa->sa_family) {
 141 #ifdef HAVE_IPV6
 142     case AF_INET6 : {
 143         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
 144
 145         gss_addr->length = 16;
 146         gss_addr->value  = &sin6->sin6_addr;
 147         *addr_type       = GSS_C_AF_INET6;
 148         break;
 149     }
 150 #endif
 151     case AF_INET : {
 152         struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
 153
 154         gss_addr->length = 4;
 155         gss_addr->value  = &sin4->sin_addr;
 156         *addr_type       = GSS_C_AF_INET;
 157         break;
 158     }
 159     default :
 160         errx (1, "unknown address family %d", sa->sa_family);
 161
 162     }
 163 }
 164
 165 /* end common stuff */
 166
 167 #ifdef FTP_SERVER
 168
 169 static int
 170 gss_adat(void *app_data, void *buf, size_t len)
 171 {
 172     char *p = NULL;
 173     gss_buffer_desc input_token, output_token;
 174     OM_uint32 maj_stat, min_stat;
 175     gss_name_t client_name;
 176     struct gssapi_data *d = app_data;
 177     gss_channel_bindings_t bindings;
 178
 179     if (ftp_do_gss_bindings) {
 180         bindings = malloc(sizeof(*bindings));
 181         if (bindings == NULL)
 182             errx(1, "out of memory");
 183
 184         sockaddr_to_gss_address (his_addr,
 185                                  &bindings->initiator_addrtype,
 186                                  &bindings->initiator_address);
 187         sockaddr_to_gss_address (ctrl_addr,
 188                                  &bindings->acceptor_addrtype,
 189                                  &bindings->acceptor_address);
 190
 191         bindings->application_data.length = 0;
 192         bindings->application_data.value = NULL;
 193     } else
 194         bindings = GSS_C_NO_CHANNEL_BINDINGS;
 195
 196     input_token.value = buf;
 197     input_token.length = len;
 198
 199     maj_stat = gss_accept_sec_context (&min_stat,
 200                                        &d->context_hdl,
 201                                        GSS_C_NO_CREDENTIAL,
 202                                        &input_token,
 203                                        bindings,
 204                                        &client_name,
 205                                        NULL,
 206                                        &output_token,
 207                                        NULL,
 208                                        NULL,
 209                                        &d->delegated_cred_handle);
 210
 211     if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 212         free(bindings);
 213
 214     if(output_token.length) {
 215         if(base64_encode(output_token.value, output_token.length, &p) < 0) {
 216             reply(535, "Out of memory base64-encoding.");
 217             return -1;
 218         }
 219         gss_release_buffer(&min_stat, &output_token);
 220     }
 221     if(maj_stat == GSS_S_COMPLETE){
 222         d->client_name = client_name;
 223         client_name = GSS_C_NO_NAME;
 224         if(p)
 225             reply(235, "ADAT=%s", p);
 226         else
 227             reply(235, "ADAT Complete");
 228         sec_complete = 1;
 229
 230     } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
 231         if(p)
 232             reply(335, "ADAT=%s", p);
 233         else
 234             reply(335, "OK, need more data");
 235     } else {
 236         OM_uint32 new_stat;
 237         OM_uint32 msg_ctx = 0;
 238         gss_buffer_desc status_string;
 239         gss_display_status(&new_stat,
 240                            min_stat,
 241                            GSS_C_MECH_CODE,
 242                            GSS_C_NO_OID,
 243                            &msg_ctx,
 244                            &status_string);
 245         syslog(LOG_ERR, "gss_accept_sec_context: %.*s",
 246                (int)status_string.length,
 247                (char*)status_string.value);
 248         gss_release_buffer(&new_stat, &status_string);
 249         reply(431, "Security resource unavailable");
 250     }
 251
 252     if (client_name)
 253         gss_release_name(&min_stat, &client_name);
 254     free(p);
 255     return 0;
 256 }
 257
 258 int gssapi_userok(void*, char*);
 259 int gssapi_session(void*, char*);
 260
 261 struct sec_server_mech gss_server_mech = {
 262     "GSSAPI",
 263     sizeof(struct gssapi_data),
 264     gss_init, /* init */
 265     NULL, /* end */
 266     gss_check_prot,
 267     gss_overhead,
 268     gss_encode,
 269     gss_decode,
 270     /* */
 271     NULL,
 272     gss_adat,
 273     NULL, /* pbsz */
 274     NULL, /* ccc */
 275     gssapi_userok,
 276     gssapi_session
 277 };
 278
 279 #else /* FTP_SERVER */
 280
 281 extern struct sockaddr *hisctladdr, *myctladdr;
 282
 283 static int
 284 import_name(const char *kname, const char *host, gss_name_t *target_name)
 285 {
 286     OM_uint32 maj_stat, min_stat;
 287     gss_buffer_desc name;
 288     char *str;
 289
 290     name.length = asprintf(&str, "%s@%s", kname, host);
 291     if (str == NULL) {
 292         printf("Out of memory\n");
 293         return AUTH_ERROR;
 294     }
 295     name.value = str;
 296
 297     maj_stat = gss_import_name(&min_stat,
 298                                &name,
 299                                GSS_C_NT_HOSTBASED_SERVICE,
 300                                target_name);
 301     if (GSS_ERROR(maj_stat)) {
 302         OM_uint32 new_stat;
 303         OM_uint32 msg_ctx = 0;
 304         gss_buffer_desc status_string;
 305
 306         gss_display_status(&new_stat,
 307                            min_stat,
 308                            GSS_C_MECH_CODE,
 309                            GSS_C_NO_OID,
 310                            &msg_ctx,
 311                            &status_string);
 312         printf("Error importing name %.*s: %.*s\n",
 313                (int)name.length,
 314                (char *)name.value,
 315                (int)status_string.length,
 316                (char *)status_string.value);
 317         free(name.value);
 318         gss_release_buffer(&new_stat, &status_string);
 319         return AUTH_ERROR;
 320     }
 321     free(name.value);
 322     return 0;
 323 }
 324
 325 static int
 326 gss_auth(void *app_data, char *host)
 327 {
 328
 329     OM_uint32 maj_stat, min_stat;
 330     gss_name_t target_name;
 331     gss_buffer_desc input, output_token;
 332     int context_established = 0;
 333     char *p;
 334     int n;
 335     gss_channel_bindings_t bindings;
 336     struct gssapi_data *d = app_data;
 337     OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
 338
 339     const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
 340
 341
 342     if(import_name(*kname++, host, &target_name))
 343         return AUTH_ERROR;
 344
 345     input.length = 0;
 346     input.value = NULL;
 347
 348     if (ftp_do_gss_bindings) {
 349         bindings = malloc(sizeof(*bindings));
 350         if (bindings == NULL)
 351             errx(1, "out of memory");
 352
 353         sockaddr_to_gss_address (myctladdr,
 354                                  &bindings->initiator_addrtype,
 355                                  &bindings->initiator_address);
 356         sockaddr_to_gss_address (hisctladdr,
 357                                  &bindings->acceptor_addrtype,
 358                                  &bindings->acceptor_address);
 359
 360         bindings->application_data.length = 0;
 361         bindings->application_data.value = NULL;
 362     } else
 363         bindings = GSS_C_NO_CHANNEL_BINDINGS;
 364
 365     if (ftp_do_gss_delegate)
 366         mech_flags |= GSS_C_DELEG_FLAG;
 367
 368     while(!context_established) {
 369         maj_stat = gss_init_sec_context(&min_stat,
 370                                         GSS_C_NO_CREDENTIAL,
 371                                         &d->context_hdl,
 372                                         target_name,
 373                                         GSS_C_NO_OID,
 374                                         mech_flags,
 375                                         0,
 376                                         bindings,
 377                                         &input,
 378                                         NULL,
 379                                         &output_token,
 380                                         NULL,
 381                                         NULL);
 382         if (GSS_ERROR(maj_stat)) {
 383             OM_uint32 new_stat;
 384             OM_uint32 msg_ctx = 0;
 385             gss_buffer_desc status_string;
 386
 387             d->context_hdl = GSS_C_NO_CONTEXT;
 388
 389             gss_release_name(&min_stat, &target_name);
 390
 391             if(*kname != NULL) {
 392
 393                 if(import_name(*kname++, host, &target_name)) {
 394                     if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 395                         free(bindings);
 396                     return AUTH_ERROR;
 397                 }
 398                 continue;
 399             }
 400
 401             if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 402                 free(bindings);
 403
 404             gss_display_status(&new_stat,
 405                                min_stat,
 406                                GSS_C_MECH_CODE,
 407                                GSS_C_NO_OID,
 408                                &msg_ctx,
 409                                &status_string);
 410             printf("Error initializing security context: %.*s\n",
 411                    (int)status_string.length,
 412                    (char*)status_string.value);
 413             gss_release_buffer(&new_stat, &status_string);
 414             return AUTH_CONTINUE;
 415         }
 416
 417         if (input.value) {
 418             free(input.value);
 419             input.value = NULL;
 420             input.length = 0;
 421         }
 422         if (output_token.length != 0) {
 423             base64_encode(output_token.value, output_token.length, &p);
 424             gss_release_buffer(&min_stat, &output_token);
 425             n = command("ADAT %s", p);
 426             free(p);
 427         }
 428         if (GSS_ERROR(maj_stat)) {
 429             if (d->context_hdl != GSS_C_NO_CONTEXT)
 430                 gss_delete_sec_context (&min_stat,
 431                                         &d->context_hdl,
 432                                         GSS_C_NO_BUFFER);
 433             break;
 434         }
 435         if (maj_stat & GSS_S_CONTINUE_NEEDED) {
 436             p = strstr(reply_string, "ADAT=");
 437             if(p == NULL){
 438                 printf("Error: expected ADAT in reply. got: %s\n",
 439                        reply_string);
 440                 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 441                     free(bindings);
 442                 return AUTH_ERROR;
 443             } else {
 444                 p+=5;
 445                 input.value = malloc(strlen(p));
 446                 input.length = base64_decode(p, input.value);
 447             }
 448         } else {
 449             if(code != 235) {
 450                 printf("Unrecognized response code: %d\n", code);
 451                 if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 452                     free(bindings);
 453                 return AUTH_ERROR;
 454             }
 455             context_established = 1;
 456         }
 457     }
 458
 459     gss_release_name(&min_stat, &target_name);
 460
 461     if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 462         free(bindings);
 463     if (input.value)
 464         free(input.value);
 465
 466     {
 467         gss_name_t targ_name;
 468
 469         maj_stat = gss_inquire_context(&min_stat,
 470                                        d->context_hdl,
 471                                        NULL,
 472                                        &targ_name,
 473                                        NULL,
 474                                        NULL,
 475                                        NULL,
 476                                        NULL,
 477                                        NULL);
 478         if (GSS_ERROR(maj_stat) == 0) {
 479             gss_buffer_desc name;
 480             maj_stat = gss_display_name (&min_stat,
 481                                          targ_name,
 482                                          &name,
 483                                          NULL);
 484             if (GSS_ERROR(maj_stat) == 0) {
 485                 printf("Authenticated to <%.*s>\n",
 486                         (int)name.length,
 487                         (char *)name.value);
 488                 gss_release_buffer(&min_stat, &name);
 489             }
 490             gss_release_name(&min_stat, &targ_name);
 491         } else
 492             printf("Failed to get gss name of peer.\n");
 493     }
 494
 495
 496     return AUTH_OK;
 497 }
 498
 499 struct sec_client_mech gss_client_mech = {
 500     "GSSAPI",
 501     sizeof(struct gssapi_data),
 502     gss_init,
 503     gss_auth,
 504     NULL, /* end */
 505     gss_check_prot,
 506     gss_overhead,
 507     gss_encode,
 508     gss_decode,
 509 };
 510
 511 #endif /* FTP_SERVER */