xsasl_cyrus_security.c revision 1.1.1.2 
1/*	$NetBSD: xsasl_cyrus_security.c,v 1.1.1.2 2010/06/17 18:07:18 tron Exp $	*/
2
3/*++
4/* NAME
5/*	xsasl_cyrus_security 3
6/* SUMMARY
7/*	convert Cyrus SASL security properties to bit mask
8/* SYNOPSIS
9/*	#include <xsasl_cyrus_common.h>
10/*
11/*	int	xsasl_cyrus_security_parse_opts(properties)
12/*	const char *properties;
13/* DESCRIPTION
14/*	xsasl_cyrus_security_parse_opts() converts a list of security
15/*	properties to a bit mask. The result is zero in case of error.
16/*
17/*	Arguments:
18/* .IP properties
19/*	A comma or space separated list of zero or more of the
20/*	following:
21/* .RS
22/* .IP noplaintext
23/*	Disallow authentication methods that use plaintext passwords.
24/* .IP noactive
25/*	Disallow authentication methods that are vulnerable to
26/*	non-dictionary active attacks.
27/* .IP nodictionary
28/*	Disallow authentication methods that are vulnerable to
29/*	passive dictionary attack.
30/* .IP forward_secrecy
31/*	Require forward secrecy between sessions.
32/* .IP noanonymous
33/*	Disallow anonymous logins.
34/* .RE
35/* DIAGNOSTICS:
36/*	Warning: bad input.
37/* LICENSE
38/* .ad
39/* .fi
40/*	The Secure Mailer license must be distributed with this software.
41/* AUTHOR(S)
42/*	Wietse Venema
43/*	IBM T.J. Watson Research
44/*	P.O. Box 704
45/*	Yorktown Heights, NY 10598, USA
46/*--*/
47
48/* System library. */
49
50#include <sys_defs.h>
51
52/* Utility library. */
53
54#include <name_mask.h>
55
56/* Application-specific. */
57
58#include <xsasl_cyrus_common.h>
59
60#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)
61
62#include <sasl.h>
63
64 /*
65  * SASL Security options.
66  */
67static const NAME_MASK xsasl_cyrus_sec_mask[] = {
68    "noplaintext", SASL_SEC_NOPLAINTEXT,
69    "noactive", SASL_SEC_NOACTIVE,
70    "nodictionary", SASL_SEC_NODICTIONARY,
71#ifdef SASL_SEC_FORWARD_SECRECY
72    "forward_secrecy", SASL_SEC_FORWARD_SECRECY,
73#endif
74    "noanonymous", SASL_SEC_NOANONYMOUS,
75#if SASL_VERSION_MAJOR >= 2
76    "mutual_auth", SASL_SEC_MUTUAL_AUTH,
77#endif
78    0,
79};
80
81/* xsasl_cyrus_security - parse security options */
82
83int     xsasl_cyrus_security_parse_opts(const char *sasl_opts_val)
84{
85    return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask,
86			  sasl_opts_val, NAME_MASK_RETURN));
87}
88
89#endif
90