Skip to content

Commit 4d75af1

Browse files
simo5simo5
committed
Allow building without NTLMSSP support
If gssapi/gssapi_ntlmssp.h is not available simply disable NTLMSSP. Coauthored Signed-off-by: Dennis Schridde <dennis.schridde@uni-heidelberg.de> Signed-off-by: Simo Sorce <simo@redhat.com> Closes #52 Closes #53 Closes #54
1 parent 7d7e020 commit 4d75af1

File tree

3 files changed

+28
-13
lines changed

3 files changed

+28
-13
lines changed

configure.ac

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ AC_SUBST([OPENSSL_LIBS])
5555

5656
AC_CHECK_HEADERS([gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h],
5757
,[AC_MSG_ERROR([Could not find GSSAPI headers])])
58+
AC_CHECK_HEADERS([gssapi/gssapi_ntlmssp.h])
5859
AC_PATH_PROG(KRB5_CONFIG, krb5-config, failed)
5960
if test x$KRB5_CONFIG = xfailed; then
6061
AC_MSG_ERROR([Could not find GSSAPI development libraries])

src/mod_auth_gssapi.c

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,21 @@ const gss_OID_desc gss_mech_spnego = {
2828
6, "\x2b\x06\x01\x05\x05\x02"
2929
};
3030

31-
const gss_OID_desc gss_mech_ntlmssp = {
31+
#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
32+
const gss_OID_desc gss_mech_ntlmssp_desc = {
3233
GSS_NTLMSSP_OID_LENGTH, GSS_NTLMSSP_OID_STRING
3334
};
35+
gss_const_OID gss_mech_ntlmssp = &gss_mech_ntlmssp_desc;
3436

35-
const gss_OID_set_desc gss_mech_set_ntlmssp = {
36-
1, discard_const(&gss_mech_ntlmssp)
37+
const gss_OID_set_desc gss_mech_set_ntlmssp_desc = {
38+
1, discard_const(&gss_mech_ntlmssp_desc)
3739
};
40+
gss_const_OID_set gss_mech_set_ntlmssp = &gss_mech_set_ntlmssp_desc;
41+
42+
#else
43+
gss_OID gss_mech_ntlmssp = GSS_C_NO_OID;
44+
gss_OID_set gss_mech_set_ntlmssp = GSS_C_NO_OID_SET;
45+
#endif
3846

3947
#define MOD_AUTH_GSSAPI_VERSION PACKAGE_NAME "/" PACKAGE_VERSION
4048

@@ -292,10 +300,12 @@ static bool parse_auth_header(apr_pool_t *pool, const char **auth_header,
292300
return true;
293301
}
294302

295-
static bool is_mech_allowed(gss_OID_set allowed_mechs, gss_const_OID mech,
303+
static bool is_mech_allowed(gss_OID_set allowed_mechs, gss_const_OID mech,
296304
bool multi_step_supported)
297305
{
298-
if (!multi_step_supported && gss_oid_equal(&gss_mech_ntlmssp, mech))
306+
if (mech == GSS_C_NO_OID) return false;
307+
308+
if (!multi_step_supported && gss_oid_equal(gss_mech_ntlmssp, mech))
299309
return false;
300310

301311
if (allowed_mechs == GSS_C_NO_OID_SET) return true;
@@ -814,6 +824,7 @@ static int mag_auth(request_rec *req)
814824
ba_user.value = ap_getword_nulls_nc(req->pool,
815825
(char **)&ba_pwd.value, ':');
816826
if (!ba_user.value) goto done;
827+
817828
if (((char *)ba_user.value)[0] == '\0' ||
818829
((char *)ba_pwd.value)[0] == '\0') {
819830
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req,
@@ -835,7 +846,7 @@ static int mag_auth(request_rec *req)
835846
break;
836847

837848
case AUTH_TYPE_RAW_NTLM:
838-
if (!is_mech_allowed(desired_mechs, &gss_mech_ntlmssp,
849+
if (!is_mech_allowed(desired_mechs, gss_mech_ntlmssp,
839850
cfg->gss_conn_ctx)) {
840851
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req,
841852
"NTLM Authentication is not allowed!");
@@ -846,7 +857,7 @@ static int mag_auth(request_rec *req)
846857
goto done;
847858
}
848859

849-
desired_mechs = discard_const(&gss_mech_set_ntlmssp);
860+
desired_mechs = discard_const(gss_mech_set_ntlmssp);
850861
break;
851862

852863
default:
@@ -997,7 +1008,7 @@ static int mag_auth(request_rec *req)
9971008
} else if (ret == HTTP_UNAUTHORIZED) {
9981009
apr_table_add(req->err_headers_out, req_cfg->rep_proto, "Negotiate");
9991010

1000-
if (is_mech_allowed(desired_mechs, &gss_mech_ntlmssp,
1011+
if (is_mech_allowed(desired_mechs, gss_mech_ntlmssp,
10011012
cfg->gss_conn_ctx)) {
10021013
apr_table_add(req->err_headers_out, req_cfg->rep_proto, "NTLM");
10031014
}
@@ -1232,7 +1243,7 @@ static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
12321243
} else if (strcmp(w, "iakerb") == 0) {
12331244
oid = discard_const(gss_mech_iakerb);
12341245
} else if (strcmp(w, "ntlmssp") == 0) {
1235-
oid = discard_const(&gss_mech_ntlmssp);
1246+
oid = discard_const(gss_mech_ntlmssp);
12361247
} else {
12371248
buf.value = discard_const(w);
12381249
buf.length = strlen(w);

src/mod_auth_gssapi.h

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,6 @@
33
#include <stdbool.h>
44
#include <stdint.h>
55
#include <time.h>
6-
#include <gssapi/gssapi.h>
7-
#include <gssapi/gssapi_ext.h>
8-
#include <gssapi/gssapi_krb5.h>
9-
#include <gssapi/gssapi_ntlmssp.h>
106

117
#define APR_WANT_STRFUNC
128
#include "apr_want.h"
@@ -31,6 +27,13 @@
3127
#undef PACKAGE_VERSION
3228
#include "config.h"
3329

30+
#include <gssapi/gssapi.h>
31+
#include <gssapi/gssapi_ext.h>
32+
#include <gssapi/gssapi_krb5.h>
33+
#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
34+
# include <gssapi/gssapi_ntlmssp.h>
35+
#endif
36+
3437
#include "crypto.h"
3538
#include "sessions.h"
3639

0 commit comments

Comments
 (0)