Fail server startup on bad mechanisms

author Isaac Boukris <iboukris@gmail.com>

Wed, 24 Jun 2015 00:42:06 +0000 (03:42 +0300)

committer Simo Sorce <simo@redhat.com>

Wed, 24 Jun 2015 19:47:25 +0000 (15:47 -0400)
author Isaac Boukris <iboukris@gmail.com>
Wed, 24 Jun 2015 00:42:06 +0000 (03:42 +0300)
committer Simo Sorce <simo@redhat.com>
Wed, 24 Jun 2015 19:47:25 +0000 (15:47 -0400)
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c

index 45ddb27..87a1051 100644 (file)
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -1152,7 +1152,7 @@ static apr_status_t mag_oid_set_destroy(void *ptr)
      return APR_SUCCESS;
  }
  
-static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
+static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
                                bool add_spnego, const char *w)
  {
      gss_buffer_desc buf = { 0 };
@@ -1167,7 +1167,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
              ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                           "gss_create_empty_oid_set() failed.");
              *oidset = GSS_C_NO_OID_SET;
-            return;
+            return false;
          }
          if (add_spnego) {
              oid = discard_const(&gss_mech_spnego);
@@ -1177,7 +1177,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
                               "gss_add_oid_set_member() failed.");
                  (void)gss_release_oid_set(&min, &set);
                  *oidset = GSS_C_NO_OID_SET;
-                return;
+                return false;
              }
          }
          /* register in the pool so it can be released once the server
@@ -1203,7 +1203,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
          if (maj != GSS_S_COMPLETE) {
              ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                           "Unrecognized GSSAPI Mechanism: [%s]", w);
-            return;
+            return false;
          }
          release_oid = true;
      }
@@ -1215,6 +1215,8 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
      if (release_oid) {
          (void)gss_release_oid(&min, &oid);
      }
+
+    return true;
  }
  
  static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
@@ -1222,7 +1224,8 @@ static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
  {
      struct mag_config *cfg = (struct mag_config *)mconfig;
  
-    mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w);
+    if (!mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w))
+        return "Failed to apply GssapiAllowedMech directive";
  
      return NULL;
  }
@@ -1233,7 +1236,8 @@ static const char *mag_basic_auth_mechs(cmd_parms *parms, void *mconfig,
  {
      struct mag_config *cfg = (struct mag_config *)mconfig;
  
-    mag_list_of_mechs(parms, &cfg->basic_mechs, false, w);
+    if (!mag_list_of_mechs(parms, &cfg->basic_mechs, false, w))
+        return "Failed to apply GssapiBasicAuthMech directive";
  
      return NULL;
  }
author	Isaac Boukris <iboukris@gmail.com>
	Wed, 24 Jun 2015 00:42:06 +0000 (03:42 +0300)
committer	Simo Sorce <simo@redhat.com>
	Wed, 24 Jun 2015 19:47:25 +0000 (15:47 -0400)