1/*++
2/* NAME
3/*	tls_proxy_scan
4/* SUMMARY
5/*	read TLS session state from stream
6/* SYNOPSIS
7/*	#include <tls_proxy.h>
8/*
9/*	int     tls_proxy_context_scan(scan_fn, stream, flags, ptr)
10/*	ATTR_SCAN_MASTER_FN scan_fn;
11/*	VSTREAM *stream;
12/*	int     flags;
13/*	void    *ptr;
14/* DESCRIPTION
15/*	tls_proxy_context_scan() reads a TLS_SESS_STATE structure
16/*	from the named stream using the specified attribute scan
17/*	routine.  tls_proxy_context_scan() is meant to be passed as
18/*	a call-back to attr_scan(), thusly:
19/*
20/*	... ATTR_TYPE_FUNC, tls_proxy_context_scan, (void *) tls_context, ...
21/* DIAGNOSTICS
22/*	Fatal: out of memory.
23/* LICENSE
24/* .ad
25/* .fi
26/*	The Secure Mailer license must be distributed with this software.
27/* AUTHOR(S)
28/*	Wietse Venema
29/*	IBM T.J. Watson Research
30/*	P.O. Box 704
31/*	Yorktown Heights, NY 10598, USA
32/*--*/
33
34#ifdef USE_TLS
35
36/* System library. */
37
38#include <sys_defs.h>
39
40/* Utility library */
41
42#include <attr.h>
43
44/* Global library. */
45
46#include <mail_proto.h>
47
48/* TLS library. */
49
50#include <tls.h>
51#include <tls_proxy.h>
52
53/* tls_proxy_context_scan - receive TLS session state from stream */
54
55int     tls_proxy_context_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp,
56			               int flags, void *ptr)
57{
58    TLS_SESS_STATE *tls_context = (TLS_SESS_STATE *) ptr;
59    int     ret;
60    VSTRING *peer_CN = vstring_alloc(25);
61    VSTRING *issuer_CN = vstring_alloc(25);
62    VSTRING *peer_cert_fprint = vstring_alloc(60);	/* 60 for SHA-1 */
63    VSTRING *peer_pkey_fprint = vstring_alloc(60);	/* 60 for SHA-1 */
64    VSTRING *protocol = vstring_alloc(25);
65    VSTRING *cipher_name = vstring_alloc(25);
66
67    /*
68     * Note: memset() is not a portable way to initialize non-integer types.
69     */
70    memset(ptr, 0, sizeof(TLS_SESS_STATE));
71    ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
72		  ATTR_TYPE_STR, MAIL_ATTR_PEER_CN, peer_CN,
73		  ATTR_TYPE_STR, MAIL_ATTR_ISSUER_CN, issuer_CN,
74		  ATTR_TYPE_STR, MAIL_ATTR_PEER_CERT_FPT, peer_cert_fprint,
75		  ATTR_TYPE_STR, MAIL_ATTR_PEER_PKEY_FPT, peer_pkey_fprint,
76		  ATTR_TYPE_INT, MAIL_ATTR_PEER_STATUS,
77		  &tls_context->peer_status,
78		  ATTR_TYPE_STR, MAIL_ATTR_CIPHER_PROTOCOL, protocol,
79		  ATTR_TYPE_STR, MAIL_ATTR_CIPHER_NAME, cipher_name,
80		  ATTR_TYPE_INT, MAIL_ATTR_CIPHER_USEBITS,
81		  &tls_context->cipher_usebits,
82		  ATTR_TYPE_INT, MAIL_ATTR_CIPHER_ALGBITS,
83		  &tls_context->cipher_algbits,
84		  ATTR_TYPE_END);
85    tls_context->peer_CN = vstring_export(peer_CN);
86    tls_context->issuer_CN = vstring_export(issuer_CN);
87    tls_context->peer_cert_fprint = vstring_export(peer_cert_fprint);
88    tls_context->peer_pkey_fprint = vstring_export(peer_pkey_fprint);
89    tls_context->protocol = vstring_export(protocol);
90    tls_context->cipher_name = vstring_export(cipher_name);
91    return (ret == 9 ? 1 : -1);
92}
93
94#endif
95