sshd: exclude gssapi when building without cgo

lorenz · lorenz · commit c413f99cd6bb · 2023-02-23T20:37:05.000+01:00
MR #682 broke building without cgo enabled as it introduced a dependency
on a Kerberos library. This can only be disabled at runtime and thus
static builds of gitlab-sshd are no longer possible.

This change introduces an alternative implementation of the GSSAPI
structure which just rejects attempts to use it.
That alternative implementation gets automatically activated in case the
user is building without cgo.
diff --git a/internal/sshd/gssapi.go b/internal/sshd/gssapi.go
@@ -1,3 +1,5 @@
+//go:build cgo
+
 package sshd
 
 import (
diff --git a/internal/sshd/gssapi_test.go b/internal/sshd/gssapi_test.go
@@ -1,3 +1,5 @@
+//go:build cgo
+
 package sshd
 
 import (
diff --git a/internal/sshd/gssapi_unsupported.go b/internal/sshd/gssapi_unsupported.go
@@ -0,0 +1,34 @@
+//go:build !cgo
+
+package sshd
+
+import (
+	"errors"
+
+	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
+
+	"gitlab.com/gitlab-org/labkit/log"
+)
+
+func LoadGSSAPILib(c *config.GSSAPIConfig) error {
+	if c.Enabled {
+		log.New().Error("gssapi-with-mic disabled, built without CGO")
+		c.Enabled = false
+	}
+	return nil
+}
+
+type OSGSSAPIServer struct {
+	ServicePrincipalName string
+}
+
+func (*OSGSSAPIServer) AcceptSecContext([]byte) ([]byte, string, bool, error) {
+	return []byte{}, "", false, errors.New("gssapi is unsupported")
+}
+
+func (*OSGSSAPIServer) VerifyMIC([]byte, []byte) error {
+	return errors.New("gssapi is unsupported")
+}
+func (*OSGSSAPIServer) DeleteSecContext() error {
+	return errors.New("gssapi is unsupported")
+}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+//go:build cgo`
	`2`	`+`
`1`	`3`	`package sshd`
`2`	`4`
`3`	`5`	`import (`