This helps to detect mis-configurations early.
Configuration errors are considered fatal in apache anyway.
Reviewed-by: Simo Sorce <simo@redhat.com>
-static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
+static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
bool add_spnego, const char *w)
{
gss_buffer_desc buf = { 0 };
bool add_spnego, const char *w)
{
gss_buffer_desc buf = { 0 };
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_create_empty_oid_set() failed.");
*oidset = GSS_C_NO_OID_SET;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_create_empty_oid_set() failed.");
*oidset = GSS_C_NO_OID_SET;
}
if (add_spnego) {
oid = discard_const(&gss_mech_spnego);
}
if (add_spnego) {
oid = discard_const(&gss_mech_spnego);
"gss_add_oid_set_member() failed.");
(void)gss_release_oid_set(&min, &set);
*oidset = GSS_C_NO_OID_SET;
"gss_add_oid_set_member() failed.");
(void)gss_release_oid_set(&min, &set);
*oidset = GSS_C_NO_OID_SET;
}
}
/* register in the pool so it can be released once the server
}
}
/* register in the pool so it can be released once the server
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Unrecognized GSSAPI Mechanism: [%s]", w);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Unrecognized GSSAPI Mechanism: [%s]", w);
if (release_oid) {
(void)gss_release_oid(&min, &oid);
}
if (release_oid) {
(void)gss_release_oid(&min, &oid);
}
}
static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
}
static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
{
struct mag_config *cfg = (struct mag_config *)mconfig;
{
struct mag_config *cfg = (struct mag_config *)mconfig;
- mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w);
+ if (!mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w))
+ return "Failed to apply GssapiAllowedMech directive";
{
struct mag_config *cfg = (struct mag_config *)mconfig;
{
struct mag_config *cfg = (struct mag_config *)mconfig;
- mag_list_of_mechs(parms, &cfg->basic_mechs, false, w);
+ if (!mag_list_of_mechs(parms, &cfg->basic_mechs, false, w))
+ return "Failed to apply GssapiBasicAuthMech directive";