Skip to content

Commit

Permalink
Improve reporting when GSSAPI auth requested but not compiled in
Browse files Browse the repository at this point in the history 
If distributions build without GSSAPI support and people would have needed
it, let them have a clear indication that they *could* have had it, so
they don't just assume it wasn't supported.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jul 11, 2014
1 parent 0835a9d commit 5a4be39
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
18 changes: 17 additions & 1 deletion http.c
View file
Expand Up @@ -1562,6 +1562,8 @@ static int process_socks_proxy(struct openconnect_info *vpninfo)
case SOCKS_AUTH_NO_ACCEPTABLE:
vpn_progress(vpninfo, PRG_ERR,
_("SOCKS server requires authentication\n"));
vpn_progress(vpninfo, PRG_INFO,
_("This version of OpenConnect was built without GSSAPI support\n"));
return -EIO;

default:
Expand Down Expand Up @@ -1794,6 +1796,17 @@ static int basic_authorization(struct openconnect_info *vpninfo, struct oc_text_
return 0;
}

#if !defined(HAVE_GSSAPI) && !defined(_WIN32)
static int no_gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *hdrbuf)
{
/* This comes last so just complain. We're about to bail. */
vpn_progress(vpninfo, PRG_ERR,
_("This version of OpenConnect was built without GSSAPI support\n"));
vpninfo->auth[AUTH_TYPE_GSSAPI].state = AUTH_FAILED;
return -ENOENT;
}
#endif

struct auth_method {
int state_index;
const char *name;
Expand All @@ -1805,7 +1818,10 @@ struct auth_method {
#endif
{ AUTH_TYPE_NTLM, "NTLM", ntlm_authorization, cleanup_ntlm_auth },
{ AUTH_TYPE_DIGEST, "Digest", digest_authorization, NULL },
{ AUTH_TYPE_BASIC, "Basic", basic_authorization, NULL }
{ AUTH_TYPE_BASIC, "Basic", basic_authorization, NULL },
#if !defined(HAVE_GSSAPI) && !defined(_WIN32)
{ AUTH_TYPE_GSSAPI, "Negotiate", no_gssapi_authorization, NULL }
#endif
};

/* Generate Proxy-Authorization: header for request if appropriate */
Expand Down
1 change: 1 addition & 0 deletions www/changelog.xml
View file
Expand Up @@ -15,6 +15,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li>Improve reporting when GSSAPI auth requested but not compiled in.</li>
<li>Fix parsing of split include routes on Windows.</li>
<li>Fix crash on invocation with <tt>--token-mode</tt> but no <tt>--token-secret</tt>.</li>
</ul><br/>
Expand Down

0 comments on commit 5a4be39

Please sign in to comment.