From c413f99cd6bb2df8465f1307c3e901626f11f4c2 Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@brun.one>
Date: Thu, 23 Feb 2023 20:37:05 +0100
Subject: sshd: exclude gssapi when building without cgo

MR #682 broke building without cgo enabled as it introduced a dependency
on a Kerberos library. This can only be disabled at runtime and thus
static builds of gitlab-sshd are no longer possible.

This change introduces an alternative implementation of the GSSAPI
structure which just rejects attempts to use it.
That alternative implementation gets automatically activated in case the
user is building without cgo.
---
 internal/sshd/gssapi.go             |  2 ++
 internal/sshd/gssapi_test.go        |  2 ++
 internal/sshd/gssapi_unsupported.go | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 internal/sshd/gssapi_unsupported.go

diff --git a/internal/sshd/gssapi.go b/internal/sshd/gssapi.go
index bf65a15..c67b707 100644
--- a/internal/sshd/gssapi.go
+++ b/internal/sshd/gssapi.go
@@ -1,3 +1,5 @@
+//go:build cgo
+
 package sshd
 
 import (
diff --git a/internal/sshd/gssapi_test.go b/internal/sshd/gssapi_test.go
index f4f19cf..c417a41 100644
--- a/internal/sshd/gssapi_test.go
+++ b/internal/sshd/gssapi_test.go
@@ -1,3 +1,5 @@
+//go:build cgo
+
 package sshd
 
 import (
diff --git a/internal/sshd/gssapi_unsupported.go b/internal/sshd/gssapi_unsupported.go
new file mode 100644
index 0000000..27660af
--- /dev/null
+++ b/internal/sshd/gssapi_unsupported.go
@@ -0,0 +1,34 @@
+//go:build !cgo
+
+package sshd
+
+import (
+	"errors"
+
+	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
+
+	"gitlab.com/gitlab-org/labkit/log"
+)
+
+func LoadGSSAPILib(c *config.GSSAPIConfig) error {
+	if c.Enabled {
+		log.New().Error("gssapi-with-mic disabled, built without CGO")
+		c.Enabled = false
+	}
+	return nil
+}
+
+type OSGSSAPIServer struct {
+	ServicePrincipalName string
+}
+
+func (*OSGSSAPIServer) AcceptSecContext([]byte) ([]byte, string, bool, error) {
+	return []byte{}, "", false, errors.New("gssapi is unsupported")
+}
+
+func (*OSGSSAPIServer) VerifyMIC([]byte, []byte) error {
+	return errors.New("gssapi is unsupported")
+}
+func (*OSGSSAPIServer) DeleteSecContext() error {
+	return errors.New("gssapi is unsupported")
+}
-- 
cgit v1.2.1