diff options
author | Lorenz Brun <lorenz@brun.one> | 2023-02-23 20:37:05 +0100 |
---|---|---|
committer | Lorenz Brun <lorenz@brun.one> | 2023-02-23 20:37:05 +0100 |
commit | c413f99cd6bb2df8465f1307c3e901626f11f4c2 (patch) | |
tree | 61542db1398c44b7b3c8ae3bce4b4341b06fa24e | |
parent | 84324a0f22c5ee708d5174e76a2cba17702a5eca (diff) | |
download | gitlab-shell-c413f99cd6bb2df8465f1307c3e901626f11f4c2.tar.gz |
sshd: exclude gssapi when building without cgo
MR #682 broke building without cgo enabled as it introduced a dependency
on a Kerberos library. This can only be disabled at runtime and thus
static builds of gitlab-sshd are no longer possible.
This change introduces an alternative implementation of the GSSAPI
structure which just rejects attempts to use it.
That alternative implementation gets automatically activated in case the
user is building without cgo.
-rw-r--r-- | internal/sshd/gssapi.go | 2 | ||||
-rw-r--r-- | internal/sshd/gssapi_test.go | 2 | ||||
-rw-r--r-- | internal/sshd/gssapi_unsupported.go | 34 |
3 files changed, 38 insertions, 0 deletions
diff --git a/internal/sshd/gssapi.go b/internal/sshd/gssapi.go index bf65a15..c67b707 100644 --- a/internal/sshd/gssapi.go +++ b/internal/sshd/gssapi.go @@ -1,3 +1,5 @@ +//go:build cgo + package sshd import ( diff --git a/internal/sshd/gssapi_test.go b/internal/sshd/gssapi_test.go index f4f19cf..c417a41 100644 --- a/internal/sshd/gssapi_test.go +++ b/internal/sshd/gssapi_test.go @@ -1,3 +1,5 @@ +//go:build cgo + package sshd import ( diff --git a/internal/sshd/gssapi_unsupported.go b/internal/sshd/gssapi_unsupported.go new file mode 100644 index 0000000..27660af --- /dev/null +++ b/internal/sshd/gssapi_unsupported.go @@ -0,0 +1,34 @@ +//go:build !cgo + +package sshd + +import ( + "errors" + + "gitlab.com/gitlab-org/gitlab-shell/v14/internal/config" + + "gitlab.com/gitlab-org/labkit/log" +) + +func LoadGSSAPILib(c *config.GSSAPIConfig) error { + if c.Enabled { + log.New().Error("gssapi-with-mic disabled, built without CGO") + c.Enabled = false + } + return nil +} + +type OSGSSAPIServer struct { + ServicePrincipalName string +} + +func (*OSGSSAPIServer) AcceptSecContext([]byte) ([]byte, string, bool, error) { + return []byte{}, "", false, errors.New("gssapi is unsupported") +} + +func (*OSGSSAPIServer) VerifyMIC([]byte, []byte) error { + return errors.New("gssapi is unsupported") +} +func (*OSGSSAPIServer) DeleteSecContext() error { + return errors.New("gssapi is unsupported") +} |