summaryrefslogtreecommitdiffstats
path: root/src/xsasl/xsasl_cyrus_security.c
blob: 7ca721653d660cbf266a14b7f5330b7ea4c252d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/*++
/* NAME
/*	xsasl_cyrus_security 3
/* SUMMARY
/*	convert Cyrus SASL security properties to bit mask
/* SYNOPSIS
/*	#include <xsasl_cyrus_common.h>
/*
/*	int	xsasl_cyrus_security_parse_opts(properties)
/*	const char *properties;
/* DESCRIPTION
/*	xsasl_cyrus_security_parse_opts() converts a list of security
/*	properties to a bit mask. The result is zero in case of error.
/*
/*	Arguments:
/* .IP properties
/*	A comma or space separated list of zero or more of the
/*	following:
/* .RS
/* .IP noplaintext
/*	Disallow authentication methods that use plaintext passwords.
/* .IP noactive
/*	Disallow authentication methods that are vulnerable to
/*	non-dictionary active attacks.
/* .IP nodictionary
/*	Disallow authentication methods that are vulnerable to
/*	passive dictionary attack.
/* .IP forward_secrecy
/*	Require forward secrecy between sessions.
/* .IP noanonymous
/*	Disallow anonymous logins.
/* .RE
/* DIAGNOSTICS:
/*	Warning: bad input.
/* LICENSE
/* .ad
/* .fi
/*	The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*	Wietse Venema
/*	IBM T.J. Watson Research
/*	P.O. Box 704
/*	Yorktown Heights, NY 10598, USA
/*--*/

/* System library. */

#include <sys_defs.h>

/* Utility library. */

#include <name_mask.h>

/* Application-specific. */

#include <xsasl_cyrus_common.h>

#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)

#include <sasl.h>

 /*
  * SASL Security options.
  */
static const NAME_MASK xsasl_cyrus_sec_mask[] = {
    "noplaintext", SASL_SEC_NOPLAINTEXT,
    "noactive", SASL_SEC_NOACTIVE,
    "nodictionary", SASL_SEC_NODICTIONARY,
#ifdef SASL_SEC_FORWARD_SECRECY
    "forward_secrecy", SASL_SEC_FORWARD_SECRECY,
#endif
    "noanonymous", SASL_SEC_NOANONYMOUS,
#if SASL_VERSION_MAJOR >= 2
    "mutual_auth", SASL_SEC_MUTUAL_AUTH,
#endif
    0,
};

/* xsasl_cyrus_security - parse security options */

int     xsasl_cyrus_security_parse_opts(const char *sasl_opts_val)
{
    return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask,
			  sasl_opts_val, NAME_MASK_RETURN));
}

#endif