lib-sasl: sasl-server-mech-gssapi - Move mech_gssapi_oid_cmp() to lib-auth/auth-gssap...

diff --git a/configure.ac b/configure.ac
index 2c47f971a2feafcda74c7651c56a01a4123f5321..cf5857c836ed8657af44df9ac6238b92b0888c09 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -626,7 +626,7 @@ else
     LIBDOVECOT_LUA='$(top_builddir)/src/lib-lua/libdlua.la'
   fi
   if test $want_gssapi != no; then
-    LIBDOVECOT_GSSAPI='$(top_builddir)/src/lib-sasl/libsasl-gssapi.la'
+    LIBDOVECOT_GSSAPI='$(top_builddir)/src/lib-auth/libauth-gssapi.la $(top_builddir)/src/lib-sasl/libsasl-gssapi.la'
   fi
 fi
 LIBDOVECOT_GSSAPI_DEPS="$LIBDOVECOT_GSSAPI"

diff --git a/src/lib-auth/Makefile.am b/src/lib-auth/Makefile.am
index 817afd21d8db5f94dcaa1ba22cce81a982f70150..fefb78448ada2b938ad98332d6496977cbc2a4d8 100644 (file)
--- a/src/lib-auth/Makefile.am
+++ b/src/lib-auth/Makefile.am
@@ -1,4 +1,7 @@
 noinst_LTLIBRARIES = libauth-crypt.la libauth.la
+if HAVE_GSSAPI
+noinst_LTLIBRARIES += libauth-gssapi.la
+endif
 
 AM_CPPFLAGS = \
        $(LIBSODIUM_CFLAGS) \
@@ -28,6 +31,9 @@ libauth_crypt_la_LIBADD = \
        $(LIBSODIUM_LIBS) \
        $(CRYPT_LIBS)
 
+libauth_gssapi_la_SOURCES = \
+       auth-gssapi.c
+
 headers = \
        mycrypt.h \
        auth-digest.h \

diff --git a/src/lib-auth/auth-gssapi.c b/src/lib-auth/auth-gssapi.c
new file mode 100644 (file)
index 0000000..008dfdb
--- /dev/null
+++ b/src/lib-auth/auth-gssapi.c
@@ -0,0 +1,11 @@
+/* Copyright (c) 2025 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "auth-gssapi.h"
+
+bool auth_gssapi_oid_equal(const gss_OID_desc *oid1, const gss_OID_desc *oid2)
+{
+       return (oid1->length == oid2->length &&
+               mem_equals_timing_safe(oid1->elements, oid2->elements,
+                                      oid1->length));
+}

diff --git a/src/lib-auth/auth-gssapi.h b/src/lib-auth/auth-gssapi.h
index 9c55999725d1731eca7e1f06fee89a3ab31e766b..3dd28638e0e3b968f0fa83646d3feb87236aef93 100644 (file)
--- a/src/lib-auth/auth-gssapi.h
+++ b/src/lib-auth/auth-gssapi.h
@@ -17,4 +17,6 @@
 #  include <gssapi/gssapi_ext.h>
 #endif
 
+bool auth_gssapi_oid_equal(const gss_OID_desc *oid1, const gss_OID_desc *oid2);
+
 #endif

diff --git a/src/lib-dovecot/Makefile.am b/src/lib-dovecot/Makefile.am
index 4b27ee60241353a352db31f1abbddcec25b16994..feb9d064aecfc965d48f6402645f9f01148a74bb 100644 (file)
--- a/src/lib-dovecot/Makefile.am
+++ b/src/lib-dovecot/Makefile.am
@@ -16,10 +16,12 @@ libdovecot_gssapi_la_CPPFLAGS = $(AM_CPPFLAGS) $(KRB5_CFLAGS)
 libdovecot_gssapi_la_SOURCES =
 libdovecot_gssapi_la_LIBADD = \
        $(top_builddir)/src/lib-sasl/libsasl-gssapi.la \
+       $(top_builddir)/src/lib-auth/libauth-gssapi.la \
        $(MODULE_LIBS) \
        $(KRB5_LIBS) \
        $(RELRO_LDFLAGS)
 libdovecot_gssapi_la_DEPENDENCIES = \
-       $(top_builddir)/src/lib-sasl/libsasl-gssapi.la
+       $(top_builddir)/src/lib-sasl/libsasl-gssapi.la \
+       $(top_builddir)/src/lib-auth/libauth-gssapi.la
 libdovecot_gssapi_la_LDFLAGS = -export-dynamic
 endif

diff --git a/src/lib-sasl/Makefile.am b/src/lib-sasl/Makefile.am
index b338e341c95e7cd353a5571ad689723b84e16373..9cf297712a8a0b2ea968896c38fb612e5382eee9 100644 (file)
--- a/src/lib-sasl/Makefile.am
+++ b/src/lib-sasl/Makefile.am
@@ -56,7 +56,9 @@ libsasl_gssapi_la_SOURCES = \
        sasl-server-mech-gssapi.c
 libsasl_gssapi_la_LIBADD = $(KRB5_LIBS)
 libsasl_gssapi_la_CPPFLAGS = $(AM_CPPFLAGS) $(KRB5_CFLAGS)
-libsasl_gssapi_la_DEPENDENCIES = libsasl.la
+libsasl_gssapi_la_DEPENDENCIES = \
+       libsasl.la \
+       ../lib-auth/libauth-gssapi.la
 endif
 
 headers = \

diff --git a/src/lib-sasl/sasl-server-mech-gssapi.c b/src/lib-sasl/sasl-server-mech-gssapi.c
index 204675712afc9734b7645327ff65ee8d6c12016f..963c30b70ca7e85773222c2ba73ac95847e1300e 100644 (file)
--- a/src/lib-sasl/sasl-server-mech-gssapi.c
+++ b/src/lib-sasl/sasl-server-mech-gssapi.c
@@ -225,14 +225,6 @@ get_display_name(struct gssapi_auth_request *request, gss_name_t name,
        return 0;
 }
 
-static bool
-mech_gssapi_oid_cmp(const gss_OID_desc *oid1, const gss_OID_desc *oid2)
-{
-       return (oid1->length == oid2->length &&
-               mem_equals_timing_safe(oid1->elements, oid2->elements,
-                                      oid1->length));
-}
-
 static int
 mech_gssapi_sec_context(struct gssapi_auth_request *request,
                        gss_buffer_desc inbuf)
@@ -269,7 +261,7 @@ mech_gssapi_sec_context(struct gssapi_auth_request *request,
 
        switch (major_status) {
        case GSS_S_COMPLETE:
-               if (!mech_gssapi_oid_cmp(mech_type, &mech_gssapi_krb5_oid)) {
+               if (!auth_gssapi_oid_equal(mech_type, &mech_gssapi_krb5_oid)) {
                        e_info(auth_request->event,
                               "GSSAPI mechanism not Kerberos5");
                        ret = -1;
@@ -392,7 +384,7 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request,
                             &princ_display_name) < 0)
                return FALSE;
 
-       if (!mech_gssapi_oid_cmp(name_type, GSS_KRB5_NT_PRINCIPAL_NAME) &&
+       if (!auth_gssapi_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME) &&
            check_name_type) {
                e_info(auth_request->event, "OID not kerberos principal name");
                return FALSE;