From: Michał Kępień Date: Fri, 16 Apr 2021 12:40:06 +0000 (+0200) Subject: Fix handling undefined GSS_SPNEGO_MECHANISM macro X-Git-Tag: v9.11.32~12^2~1 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=870701c336c0c26bf657dd55c549a6fa73230447;p=thirdparty%2Fbind9.git Fix handling undefined GSS_SPNEGO_MECHANISM macro BIND 9 attempts to look up GSSAPI OIDs for the Kerberos 5 and SPNEGO mechanisms in the relevant header files provided by the Kerberos/GSSAPI library used. Due to the differences between various Kerberos/GSSAPI implementations, if any of the expected preprocessor macros (GSS_KRB5_MECHANISM, GSS_SPNEGO_MECHANISM) is not defined in the header files provided by the library used, the code in lib/dns/gssapictx.c defines its own version of each missing macro, so that BIND 9 can attempt to use the relevant security mechanisms anyway. Commit 7f08c756aa54d10a71bdf8242479ffeb82e52396, which contains a partial backport of the changes introduced in commit 978c7b2e89aa37a7ddfe2f6b6ba12ce73dd04528, left a block of code in the lib/dns/include/dst/gssapi.h header which defines the GSS_SPNEGO_MECHANISM preprocessor macro to NULL if it is not defined by any header file provided by the Kerberos/GSSAPI library used. This causes the gss_add_oid_set_member() call in the mech_oid_set_create() helper function to always return an error. This in turn causes the dst_gssapi_acquirecred() function to also always return an error, which ultimately prevents any named instance whose configuration includes the "tkey-gssapi-credential" option from starting. Remove the offending conditional definition of the GSS_SPNEGO_MECHANISM preprocessor macro from lib/dns/include/dst/gssapi.h, so that a proper GSSAPI OID is assigned to that macro in lib/dns/gssapictx.c when the Kerberos/GSSAPI library used does not define it. (cherry picked from commit 648ef3a2b4f8bc7928bf976fcba3b159ac5768e5) --- diff --git a/lib/dns/include/dst/gssapi.h b/lib/dns/include/dst/gssapi.h index a70ad7a7046..8e31587871e 100644 --- a/lib/dns/include/dst/gssapi.h +++ b/lib/dns/include/dst/gssapi.h @@ -37,9 +37,6 @@ #include ISC_PLATFORM_GSSAPI_KRB5_HEADER #endif #endif -#ifndef GSS_SPNEGO_MECHANISM -#define GSS_SPNEGO_MECHANISM ((void*)0) -#endif #endif ISC_LANG_BEGINDECLS