1/*++
2/* NAME
3/*	xsasl_cyrus_security 3
4/* SUMMARY
5/*	convert Cyrus SASL security properties to bit mask
6/* SYNOPSIS
7/*	#include <xsasl_cyrus_common.h>
8/*
9/*	int	xsasl_cyrus_security_parse_opts(properties)
10/*	const char *properties;
11/* DESCRIPTION
12/*	xsasl_cyrus_security_parse_opts() converts a list of security
13/*	properties to a bit mask. The result is zero in case of error.
14/*
15/*	Arguments:
16/* .IP properties
17/*	A comma or space separated list of zero or more of the
18/*	following:
19/* .RS
20/* .IP noplaintext
21/*	Disallow authentication methods that use plaintext passwords.
22/* .IP noactive
23/*	Disallow authentication methods that are vulnerable to
24/*	non-dictionary active attacks.
25/* .IP nodictionary
26/*	Disallow authentication methods that are vulnerable to
27/*	passive dictionary attack.
28/* .IP forward_secrecy
29/*	Require forward secrecy between sessions.
30/* .IP noanonymous
31/*	Disallow anonymous logins.
32/* .RE
33/* DIAGNOSTICS:
34/*	Warning: bad input.
35/* LICENSE
36/* .ad
37/* .fi
38/*	The Secure Mailer license must be distributed with this software.
39/* AUTHOR(S)
40/*	Wietse Venema
41/*	IBM T.J. Watson Research
42/*	P.O. Box 704
43/*	Yorktown Heights, NY 10598, USA
44/*--*/
45
46/* System library. */
47
48#include <sys_defs.h>
49
50/* Utility library. */
51
52#include <name_mask.h>
53
54/* Application-specific. */
55
56#include <xsasl_cyrus_common.h>
57
58#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)
59
60#include <sasl.h>
61
62 /*
63  * SASL Security options.
64  */
65static const NAME_MASK xsasl_cyrus_sec_mask[] = {
66    "noplaintext", SASL_SEC_NOPLAINTEXT,
67    "noactive", SASL_SEC_NOACTIVE,
68    "nodictionary", SASL_SEC_NODICTIONARY,
69#ifdef SASL_SEC_FORWARD_SECRECY
70    "forward_secrecy", SASL_SEC_FORWARD_SECRECY,
71#endif
72    "noanonymous", SASL_SEC_NOANONYMOUS,
73#if SASL_VERSION_MAJOR >= 2
74    "mutual_auth", SASL_SEC_MUTUAL_AUTH,
75#endif
76    0,
77};
78
79/* xsasl_cyrus_security - parse security options */
80
81int     xsasl_cyrus_security_parse_opts(const char *sasl_opts_val)
82{
83    return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask,
84			  sasl_opts_val, NAME_MASK_RETURN));
85}
86
87#endif
88