From b7c15c31519dc44c1f691e0466badd556ffe9423 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 18:18:56 +0200
Subject: Adding upstream version 3.7.10.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/xsasl/xsasl_cyrus_security.c | 87 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 src/xsasl/xsasl_cyrus_security.c

(limited to 'src/xsasl/xsasl_cyrus_security.c')

diff --git a/src/xsasl/xsasl_cyrus_security.c b/src/xsasl/xsasl_cyrus_security.c
new file mode 100644
index 0000000..7ca7216
--- /dev/null
+++ b/src/xsasl/xsasl_cyrus_security.c
@@ -0,0 +1,87 @@
+/*++
+/* NAME
+/*	xsasl_cyrus_security 3
+/* SUMMARY
+/*	convert Cyrus SASL security properties to bit mask
+/* SYNOPSIS
+/*	#include <xsasl_cyrus_common.h>
+/*
+/*	int	xsasl_cyrus_security_parse_opts(properties)
+/*	const char *properties;
+/* DESCRIPTION
+/*	xsasl_cyrus_security_parse_opts() converts a list of security
+/*	properties to a bit mask. The result is zero in case of error.
+/*
+/*	Arguments:
+/* .IP properties
+/*	A comma or space separated list of zero or more of the
+/*	following:
+/* .RS
+/* .IP noplaintext
+/*	Disallow authentication methods that use plaintext passwords.
+/* .IP noactive
+/*	Disallow authentication methods that are vulnerable to
+/*	non-dictionary active attacks.
+/* .IP nodictionary
+/*	Disallow authentication methods that are vulnerable to
+/*	passive dictionary attack.
+/* .IP forward_secrecy
+/*	Require forward secrecy between sessions.
+/* .IP noanonymous
+/*	Disallow anonymous logins.
+/* .RE
+/* DIAGNOSTICS:
+/*	Warning: bad input.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library. */
+
+#include <name_mask.h>
+
+/* Application-specific. */
+
+#include <xsasl_cyrus_common.h>
+
+#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)
+
+#include <sasl.h>
+
+ /*
+  * SASL Security options.
+  */
+static const NAME_MASK xsasl_cyrus_sec_mask[] = {
+    "noplaintext", SASL_SEC_NOPLAINTEXT,
+    "noactive", SASL_SEC_NOACTIVE,
+    "nodictionary", SASL_SEC_NODICTIONARY,
+#ifdef SASL_SEC_FORWARD_SECRECY
+    "forward_secrecy", SASL_SEC_FORWARD_SECRECY,
+#endif
+    "noanonymous", SASL_SEC_NOANONYMOUS,
+#if SASL_VERSION_MAJOR >= 2
+    "mutual_auth", SASL_SEC_MUTUAL_AUTH,
+#endif
+    0,
+};
+
+/* xsasl_cyrus_security - parse security options */
+
+int     xsasl_cyrus_security_parse_opts(const char *sasl_opts_val)
+{
+    return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask,
+			  sasl_opts_val, NAME_MASK_RETURN));
+}
+
+#endif
-- 
cgit v1.2.3