cmake: Make GSSAPI optional.

CMakeLists.txt

@@ -67,10 +67,9 @@ endif(WITH_GCRYPT)
 set(CMAKE_THREAD_PREFER_PTHREADS ON)
 find_package(Threads)
 
-find_package(GSSAPI)
+if (WITH_GSSAPI)
-if (GSSAPI_LIBS)
+    find_package(GSSAPI REQUIRED)
-  set (WITH_GSSAPI "ON")
+endif (WITH_GSSAPI)
-endif (GSSAPI_LIBS)  
 
 # config.h checks
 include(ConfigureChecks.cmake)

DefineOptions.cmake

@@ -1,3 +1,4 @@
+option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SSH1 "Build with SSH1 support" OFF)
 option(WITH_SFTP "Build with SFTP support" ON)

config.h.cmake

@@ -120,6 +120,9 @@
 
 /**************************** OPTIONS ****************************/
 
+/* Define to 1 if you want to enable GSSAPI */
+#cmakedefine WITH_GSSAPI 1
+
 /* Define to 1 if you want to enable ZLIB */
 #cmakedefine WITH_ZLIB 1
 

examples/CMakeLists.txt

@@ -46,11 +46,13 @@ if (WITH_SERVER)
     add_executable(samplesshd samplesshd.c)
     target_link_libraries(samplesshd ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})
 
-    add_executable(samplesshd-cb samplesshd-cb.c)
+    if (WITH_GSSAPI)
-    target_link_libraries(samplesshd-cb ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})
+        add_executable(samplesshd-cb samplesshd-cb.c)
+        target_link_libraries(samplesshd-cb ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})
 
-    add_executable(proxy proxy.c)
+        add_executable(proxy proxy.c)
-    target_link_libraries(proxy ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})
+        target_link_libraries(proxy ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})
+    endif (WITH_GSSAPI)
 
     add_executable(samplesshd-kbdint samplesshd-kbdint.c)
     target_link_libraries(samplesshd-kbdint ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES})

src/CMakeLists.txt

@@ -64,12 +64,12 @@ if (WITH_ZLIB)
   )
 endif (WITH_ZLIB)
 
-if (GSSAPI_LIBS)
+if (WITH_GSSAPI AND GSSAPI_LIBS)
   set(LIBSSH_LINK_LIBRARIES
     ${LIBSSH_LINK_LIBRARIES}
     ${GSSAPI_LIBS}
   )
-endif (GSSAPI_LIBS)
+endif (WITH_GSSAPI AND GSSAPI_LIBS)
 
 set(LIBSSH_LINK_LIBRARIES
   ${LIBSSH_LINK_LIBRARIES}
@@ -102,7 +102,6 @@ set(libssh_SRCS
   ecdh.c
   error.c
   getpass.c
-  gssapi.c
   init.c
   kex.c
   known_hosts.c
@@ -181,6 +180,13 @@ if (WITH_ZLIB)
   )
 endif(WITH_ZLIB)
 
+if (WITH_GSSAPI AND GSSAPI_LIBS)
+  set(libssh_SRCS
+    ${libssh_SRCS}
+    gssapi.c
+  )
+endif (WITH_GSSAPI AND GSSAPI_LIBS)
+
 include_directories(
   ${LIBSSH_PUBLIC_INCLUDE_DIRS}
   ${LIBSSH_PRIVATE_INCLUDE_DIRS}

src/auth.c

@@ -291,8 +291,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok){
     SSH_LOG(session, SSH_LOG_TRACE,
             "keyboard-interactive context, assuming SSH_USERAUTH_INFO_REQUEST");
     rc=ssh_packet_userauth_info_request(session,type,packet,user);
+#if WITH_GSSAPI
   } else if (session->auth_state == SSH_AUTH_STATE_GSSAPI_REQUEST_SENT){
     rc = ssh_packet_userauth_gssapi_response(session, type, packet, user);
+#endif
   } else {
     session->auth_state=SSH_AUTH_STATE_PK_OK;
     SSH_LOG(session, SSH_LOG_TRACE, "Assuming SSH_USERAUTH_PK_OK");
@@ -2131,7 +2133,8 @@ int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
  *                            later.
  */
 int ssh_userauth_gssapi(ssh_session session) {
-	int rc;
+	int rc = SSH_AUTH_DENIED;
+#if WITH_GSSAPI
 	switch(session->pending_call_state) {
 	case SSH_PENDING_CALL_NONE:
 		break;
@@ -2166,7 +2169,7 @@ pending:
 	if (rc != SSH_AUTH_AGAIN) {
 		session->pending_call_state = SSH_PENDING_CALL_NONE;
 	}
-
+#endif
 	return rc;
 }
 

src/messages.c

@@ -817,6 +817,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
     }
     goto end;
   }
+#if WITH_GSSAPI
   if (strncmp(method, "gssapi-with-mic", method_size) == 0) {
      uint32_t n_oid;
      ssh_string *oids;
@@ -865,6 +866,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
      leave_function();
      return SSH_PACKET_USED;
   }
+#endif
 
   msg->auth_request.method = SSH_AUTH_METHOD_UNKNOWN;
   SAFE_FREE(method);
@@ -909,9 +911,11 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
   ssh_message msg = NULL;
 
   /* GSSAPI_TOKEN has same packed number. XXX fix this */
-  if (session->gssapi != NULL)
+#if WITH_GSSAPI
-	  return ssh_packet_userauth_gssapi_token(session, type, packet, user);
+  if (session->gssapi != NULL) {
-
+      return ssh_packet_userauth_gssapi_token(session, type, packet, user);
+  }
+#endif
   enter_function();
 
   (void)user;

src/packet.c

@@ -92,7 +92,11 @@ static ssh_packet_callback default_packet_handlers[]= {
   NULL,                             // SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
   NULL,                                    // SSH2_MSG_USERAUTH_GSSAPI_ERROR      64
   NULL,                                    // SSH2_MSG_USERAUTH_GSSAPI_ERRTOK     65
+#ifdef WITH_GSSAPI
   ssh_packet_userauth_gssapi_mic,          // SSH2_MSG_USERAUTH_GSSAPI_MIC        66
+#else /* WITH_GSSAPI */
+  NULL,
+#endif /* WITH_GSSAPI */
   NULL, NULL,
   NULL, NULL, NULL, NULL, NULL, NULL, NULL,
   NULL, NULL, NULL, NULL,                  //                                     67-79