Fail server startup on bad mechanisms

This helps to detect mis-configurations early.
Configuration errors are considered fatal in apache anyway.

Reviewed-by: Simo Sorce <simo@redhat.com>

1 files changed, 10 insertions, 6 deletions

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 45ddb27..87a1051 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -1152,7 +1152,7 @@ static apr_status_t mag_oid_set_destroy(void *ptr)
     return APR_SUCCESS;
 }
 
-static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
+static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
                               bool add_spnego, const char *w)
 {
     gss_buffer_desc buf = { 0 };
@@ -1167,7 +1167,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                          "gss_create_empty_oid_set() failed.");
             *oidset = GSS_C_NO_OID_SET;
-            return;
+            return false;
         }
         if (add_spnego) {
             oid = discard_const(&gss_mech_spnego);
@@ -1177,7 +1177,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
                              "gss_add_oid_set_member() failed.");
                 (void)gss_release_oid_set(&min, &set);
                 *oidset = GSS_C_NO_OID_SET;
-                return;
+                return false;
             }
         }
         /* register in the pool so it can be released once the server
@@ -1203,7 +1203,7 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
         if (maj != GSS_S_COMPLETE) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                          "Unrecognized GSSAPI Mechanism: [%s]", w);
-            return;
+            return false;
         }
         release_oid = true;
     }
@@ -1215,6 +1215,8 @@ static void mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
     if (release_oid) {
         (void)gss_release_oid(&min, &oid);
     }
+
+    return true;
 }
 
 static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
@@ -1222,7 +1224,8 @@ static const char *mag_allow_mech(cmd_parms *parms, void *mconfig,
 {
     struct mag_config *cfg = (struct mag_config *)mconfig;
 
-    mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w);
+    if (!mag_list_of_mechs(parms, &cfg->allowed_mechs, true, w))
+        return "Failed to apply GssapiAllowedMech directive";
 
     return NULL;
 }
@@ -1233,7 +1236,8 @@ static const char *mag_basic_auth_mechs(cmd_parms *parms, void *mconfig,
 {
     struct mag_config *cfg = (struct mag_config *)mconfig;
 
-    mag_list_of_mechs(parms, &cfg->basic_mechs, false, w);
+    if (!mag_list_of_mechs(parms, &cfg->basic_mechs, false, w))
+        return "Failed to apply GssapiBasicAuthMech directive";
 
     return NULL;
 }