/* must acquire creds based on the actual mechs we want to try */
if (!mag_acquire_creds(req, cfg, actual_mechs,
- GSS_C_BOTH, &acquired_cred, NULL)) {
+ cred_usage, &acquired_cred, NULL)) {
goto done;
}
for (int i = 0; i < actual_mechs->count; i++) {
- /* skip spnego if present */
- if (gss_oid_equal(&actual_mechs->elements[i],
- &gss_mech_spnego)) {
- continue;
- }
-
/* free these if looping */
gss_release_buffer(&min, &output);
gss_release_buffer(&min, &input);
return APR_SUCCESS;
}
-static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
+static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
bool add_spnego, const char *w)
{
gss_buffer_desc buf = { 0 };
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_create_empty_oid_set() failed.");
*oidset = GSS_C_NO_OID_SET;
- return;
+ return false;
}
if (add_spnego) {
oid = discard_const(&gss_mech_spnego);
"gss_add_oid_set_member() failed.");
(void)gss_release_oid_set(&min, &set);
*oidset = GSS_C_NO_OID_SET;
- return;
+ return false;
}
}
/* register in the pool so it can be released once the server
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Unrecognized GSSAPI Mechanism: [%s]", w);
- return;
+ return false;
}
release_oid = true;
}
if (release_oid) {
(void)gss_release_oid(&min, &oid);
}
+
+ return true;
}
static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
{
struct mag_config *cfg = (struct mag_config *)mconfig;
- mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w);
+ if (!mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w))
+ return "Failed to apply GssapiAllowedMech directive";
return NULL;
}
{
struct mag_config *cfg = (struct mag_config *)mconfig;
- mag_list_of_mechs(parms, &cfg->basic_mechs, false, w);
+ if (!mag_list_of_mechs(parms, &cfg->basic_mechs, false, w))
+ return "Failed to apply GssapiBasicAuthMech directive";
return NULL;
}
projects / mod_auth_gssapi.git / blobdiff