1/*++ 2/* NAME 3/* xsasl_cyrus_security 3 4/* SUMMARY 5/* convert Cyrus SASL security properties to bit mask 6/* SYNOPSIS 7/* #include <xsasl_cyrus_common.h> 8/* 9/* int xsasl_cyrus_security_parse_opts(properties) 10/* const char *properties; 11/* DESCRIPTION 12/* xsasl_cyrus_security_parse_opts() converts a list of security 13/* properties to a bit mask. The result is zero in case of error. 14/* 15/* Arguments: 16/* .IP properties 17/* A comma or space separated list of zero or more of the 18/* following: 19/* .RS 20/* .IP noplaintext 21/* Disallow authentication methods that use plaintext passwords. 22/* .IP noactive 23/* Disallow authentication methods that are vulnerable to 24/* non-dictionary active attacks. 25/* .IP nodictionary 26/* Disallow authentication methods that are vulnerable to 27/* passive dictionary attack. 28/* .IP forward_secrecy 29/* Require forward secrecy between sessions. 30/* .IP noanonymous 31/* Disallow anonymous logins. 32/* .RE 33/* DIAGNOSTICS: 34/* Warning: bad input. 35/* LICENSE 36/* .ad 37/* .fi 38/* The Secure Mailer license must be distributed with this software. 39/* AUTHOR(S) 40/* Wietse Venema 41/* IBM T.J. Watson Research 42/* P.O. Box 704 43/* Yorktown Heights, NY 10598, USA 44/*--*/ 45 46/* System library. */ 47 48#include <sys_defs.h> 49 50/* Utility library. */ 51 52#include <name_mask.h> 53 54/* Application-specific. */ 55 56#include <xsasl_cyrus_common.h> 57 58#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL) 59 60#include <sasl.h> 61 62 /* 63 * SASL Security options. 64 */ 65static const NAME_MASK xsasl_cyrus_sec_mask[] = { 66 "noplaintext", SASL_SEC_NOPLAINTEXT, 67 "noactive", SASL_SEC_NOACTIVE, 68 "nodictionary", SASL_SEC_NODICTIONARY, 69#ifdef SASL_SEC_FORWARD_SECRECY 70 "forward_secrecy", SASL_SEC_FORWARD_SECRECY, 71#endif 72 "noanonymous", SASL_SEC_NOANONYMOUS, 73#if SASL_VERSION_MAJOR >= 2 74 "mutual_auth", SASL_SEC_MUTUAL_AUTH, 75#endif 76 0, 77}; 78 79/* xsasl_cyrus_security - parse security options */ 80 81int xsasl_cyrus_security_parse_opts(const char *sasl_opts_val) 82{ 83 return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask, 84 sasl_opts_val, NAME_MASK_RETURN)); 85} 86 87#endif 88