openssh/openssh-6.6p1-gssapimitm.patch

# The patch below adds support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not
# susceptible to.
#
# To use the patch apply it to a OpenSSH 3.8p1 source tree. After compiling,
# backwards compatibility may be obtained by supplying the
# 'GssapiEnableMitmAttack yes' option to either the client or server.
#
# It should be noted that this patch is being made available purely as a means
# of easing the process of moving to OpenSSH 3.8p1. Any new installations are
# recommended to use the 'gssapi-with-mic' mechanism. Existing installations
# are encouraged to upgrade as soon as possible.

diff --git a/openssh-6.6p1/auth2-gss.c b/openssh-6.6p1/auth2-gss.c
--- a/openssh-6.6p1/auth2-gss.c
+++ b/openssh-6.6p1/auth2-gss.c
@@ -168,16 +168,25 @@ input_gssapi_token(int type, u_int32_t p
 			dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
 			if (flags & GSS_C_INTEG_FLAG)
 				dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
 				    &input_gssapi_mic);
 			else
 				dispatch_set(
 				    SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
 				    &input_gssapi_exchange_complete);
+
+			/* 
+			 * Old style 'gssapi' didn't have the GSSAPI_MIC 
+			 * and went straight to sending exchange_complete 
+			 */
+			if (options.gss_enable_mitm)
+				dispatch_set(
+				    SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
+				    &input_gssapi_exchange_complete);
 		}
 	}
 
 	gss_release_buffer(&min_status, &send_tok);
 }
 
 static void
 input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
@@ -286,9 +295,15 @@ input_gssapi_mic(int type, u_int32_t ple
 }
 
 Authmethod method_gssapi = {
 	"gssapi-with-mic",
 	userauth_gssapi,
 	&options.gss_authentication
 };
 
+Authmethod method_gssapi_old = {
+	"gssapi",
+	userauth_gssapi,
+	&options.gss_enable_mitm
+};
+
 #endif /* GSSAPI */
diff --git a/openssh-6.6p1/auth2.c b/openssh-6.6p1/auth2.c
--- a/openssh-6.6p1/auth2.c
+++ b/openssh-6.6p1/auth2.c
@@ -65,23 +65,25 @@ extern Buffer loginmsg;
 
 extern Authmethod method_none;
 extern Authmethod method_pubkey;
 extern Authmethod method_passwd;
 extern Authmethod method_kbdint;
 extern Authmethod method_hostbased;
 #ifdef GSSAPI
 extern Authmethod method_gssapi;
+extern Authmethod method_gssapi_old;
 #endif
 
 Authmethod *authmethods[] = {
 	&method_none,
 	&method_pubkey,
 #ifdef GSSAPI
 	&method_gssapi,
+	&method_gssapi_old,
 #endif
 	&method_passwd,
 	&method_kbdint,
 	&method_hostbased,
 	NULL
 };
 
 /* protocol */
diff --git a/openssh-6.6p1/readconf.c b/openssh-6.6p1/readconf.c
--- a/openssh-6.6p1/readconf.c
+++ b/openssh-6.6p1/readconf.c
@@ -135,17 +135,17 @@ typedef enum {
 	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
 	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
-	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+	oAddressFamily, oGssAuthentication, oGssDelegateCreds, oGssEnableMITM,
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
 	oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming,
 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
@@ -179,19 +179,21 @@ static struct {
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
 	{ "kerberosauthentication", oUnsupported },
 	{ "kerberostgtpassing", oUnsupported },
 	{ "afstokenpassing", oUnsupported },
 #if defined(GSSAPI)
 	{ "gssapiauthentication", oGssAuthentication },
 	{ "gssapidelegatecredentials", oGssDelegateCreds },
+	{ "gssapienablemitmattack", oGssEnableMITM },
 #else
 	{ "gssapiauthentication", oUnsupported },
 	{ "gssapidelegatecredentials", oUnsupported },
+	{ "gssapienablemitmattack", oUnsupported },
 #endif
 	{ "fallbacktorsh", oDeprecated },
 	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
 	{ "identityfile2", oIdentityFile },			/* obsolete */
 	{ "identitiesonly", oIdentitiesOnly },
 	{ "hostname", oHostName },
 	{ "hostkeyalias", oHostKeyAlias },
@@ -839,16 +841,20 @@ parse_time:
 
 	case oGssAuthentication:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
 
 	case oGssDelegateCreds:
 		intptr = &options->gss_deleg_creds;
 		goto parse_flag;
+		
+	case oGssEnableMITM:
+		intptr = &options->gss_enable_mitm;
+		goto parse_flag;
 
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
 
 	case oCheckHostIP:
 		intptr = &options->check_host_ip;
 		goto parse_flag;
@@ -1493,16 +1499,17 @@ initialize_options(Options * options)
 	options->xauth_location = NULL;
 	options->gateway_ports = -1;
 	options->use_privileged_port = -1;
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
 	options->gss_authentication = -1;
 	options->gss_deleg_creds = -1;
+	options->gss_enable_mitm = -1;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
 	options->rhosts_rsa_authentication = -1;
 	options->hostbased_authentication = -1;
 	options->batch_mode = -1;
 	options->check_host_ip = -1;
 	options->strict_host_key_checking = -1;
@@ -1613,16 +1620,18 @@ fill_default_options(Options * options)
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
 	if (options->gss_deleg_creds == -1)
 		options->gss_deleg_creds = 0;
+	if (options->gss_enable_mitm == -1)
+		options->gss_enable_mitm = 0;
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 1;
 	if (options->rhosts_rsa_authentication == -1)
 		options->rhosts_rsa_authentication = 0;
 	if (options->hostbased_authentication == -1)
 		options->hostbased_authentication = 0;
diff --git a/openssh-6.6p1/readconf.h b/openssh-6.6p1/readconf.h
--- a/openssh-6.6p1/readconf.h
+++ b/openssh-6.6p1/readconf.h
@@ -50,16 +50,17 @@ typedef struct {
 						 * authentication. */
 	int     rsa_authentication;	/* Try RSA authentication. */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
 	int     challenge_response_authentication;
 					/* Try S/Key or TIS, authentication. */
 	int     gss_authentication;	/* Try GSS authentication */
 	int     gss_deleg_creds;	/* Delegate GSS credentials */
+	int 	gss_enable_mitm;	/* Enable old style gssapi auth */
 	int     password_authentication;	/* Try password
 						 * authentication. */
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 	char	*kbd_interactive_devices; /* Keyboard-interactive auth devices. */
 	int     batch_mode;	/* Batch mode: do not ask for passwords. */
 	int     check_host_ip;	/* Also keep track of keys for IP address */
 	int     strict_host_key_checking;	/* Strict host key checking. */
 	int     compression;	/* Compress packets in both directions. */
diff --git a/openssh-6.6p1/servconf.c b/openssh-6.6p1/servconf.c
--- a/openssh-6.6p1/servconf.c
+++ b/openssh-6.6p1/servconf.c
@@ -104,16 +104,17 @@ initialize_server_options(ServerOptions 
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->kerberos_authentication = -1;
 	options->kerberos_or_local_passwd = -1;
 	options->kerberos_ticket_cleanup = -1;
 	options->kerberos_get_afs_token = -1;
 	options->gss_authentication=-1;
 	options->gss_cleanup_creds = -1;
+	options->gss_enable_mitm = -1;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
 	options->permit_empty_passwd = -1;
 	options->permit_user_env = -1;
 	options->use_login = -1;
 	options->compression = -1;
 	options->rekey_limit = -1;
@@ -241,16 +242,18 @@ fill_default_server_options(ServerOption
 	if (options->kerberos_ticket_cleanup == -1)
 		options->kerberos_ticket_cleanup = 1;
 	if (options->kerberos_get_afs_token == -1)
 		options->kerberos_get_afs_token = 0;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
 	if (options->gss_cleanup_creds == -1)
 		options->gss_cleanup_creds = 1;
+	if (options->gss_enable_mitm == -1)
+		options->gss_enable_mitm = 0;
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 0;
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
 	if (options->permit_empty_passwd == -1)
 		options->permit_empty_passwd = 0;
@@ -335,17 +338,17 @@ typedef enum {
 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
 	sMaxStartups, sMaxAuthTries, sMaxSessions,
 	sBanner, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile,
-	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
 	sHostCertificate,
 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
 	sKexAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent,
 	sDeprecated, sUnsupported
@@ -402,19 +405,21 @@ static struct {
 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
 #endif
 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
 #ifdef GSSAPI
 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+	{ "gssapienablemitmattack", sGssEnableMITM },
 #else
 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+	{ "gssapienablemitmattack", sUnsupported },
 #endif
 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
 	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
 	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
 	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
@@ -1085,16 +1090,20 @@ process_server_config_line(ServerOptions
 	case sGssAuthentication:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
 
 	case sGssCleanupCreds:
 		intptr = &options->gss_cleanup_creds;
 		goto parse_flag;
 
+	case sGssEnableMITM:
+		intptr = &options->gss_enable_mitm;
+		goto parse_flag;
+
 	case sPasswordAuthentication:
 		intptr = &options->password_authentication;
 		goto parse_flag;
 
 	case sKbdInteractiveAuthentication:
 		intptr = &options->kbd_interactive_authentication;
 		goto parse_flag;
 
diff --git a/openssh-6.6p1/servconf.h b/openssh-6.6p1/servconf.h
--- a/openssh-6.6p1/servconf.h
+++ b/openssh-6.6p1/servconf.h
@@ -108,16 +108,17 @@ typedef struct {
 						 * such as SecurID or
 						 * /etc/passwd */
 	int     kerberos_ticket_cleanup;	/* If true, destroy ticket
 						 * file on logout. */
 	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
 						 * authenticated with Kerberos. */
 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
+	int	    gss_enable_mitm;	/* If true, enable old style GSSAPI */
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
 	int     challenge_response_authentication;
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     permit_user_env;	/* If true, read ~/.ssh/environment */
 	int     use_login;	/* If true, login(1) is used */
diff --git a/openssh-6.6p1/ssh_config b/openssh-6.6p1/ssh_config
--- a/openssh-6.6p1/ssh_config
+++ b/openssh-6.6p1/ssh_config
@@ -51,9 +51,16 @@ ForwardX11Trusted yes
 #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
 #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
 #   PermitLocalCommand no
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+
+# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
+# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
+# in this release. The use of 'gssapi' is deprecated due to the presence of 
+# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
+#   GSSAPIEnableMITMAttack no
+
 #   RekeyLimit 1G 1h
diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
--- a/openssh-6.6p1/sshconnect2.c
+++ b/openssh-6.6p1/sshconnect2.c
@@ -318,16 +318,21 @@ static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
 #ifdef GSSAPI
 	{"gssapi-with-mic",
 		userauth_gssapi,
 		NULL,
 		&options.gss_authentication,
 		NULL},
+	{"gssapi",
+		userauth_gssapi,
+		NULL,
+		&options.gss_enable_mitm,
+		NULL},
 #endif
 	{"hostbased",
 		userauth_hostbased,
 		NULL,
 		&options.hostbased_authentication,
 		NULL},
 	{"publickey",
 		userauth_pubkey,
@@ -685,17 +690,19 @@ process_gssapi_token(void *ctxt, gss_buf
 
 		packet_put_string(send_tok.value, send_tok.length);
 		packet_send();
 		gss_release_buffer(&ms, &send_tok);
 	}
 
 	if (status == GSS_S_COMPLETE) {
 		/* send either complete or MIC, depending on mechanism */
-		if (!(flags & GSS_C_INTEG_FLAG)) {
+		
+		if (strcmp(authctxt->method->name,"gssapi") == 0 ||
+		    (!(flags & GSS_C_INTEG_FLAG))) {
 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
 			packet_send();
 		} else {
 			ssh_gssapi_buildmic(&b, authctxt->server_user,
 			    authctxt->service, "gssapi-with-mic");
 
 			gssbuf.value = buffer_ptr(&b);
 			gssbuf.length = buffer_len(&b);
diff --git a/openssh-6.6p1/sshd_config b/openssh-6.6p1/sshd_config
--- a/openssh-6.6p1/sshd_config
+++ b/openssh-6.6p1/sshd_config
@@ -80,16 +80,23 @@ PasswordAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
+# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
+# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
+# in this release. The use of 'gssapi' is deprecated due to the presence of 
+# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
+#GSSAPIEnableMITMAttack no
+ 
+
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication