xsasl_cyrus_security.c revision 1.1.1.2
1/* $NetBSD: xsasl_cyrus_security.c,v 1.1.1.2 2010/06/17 18:07:18 tron Exp $ */ 2 3/*++ 4/* NAME 5/* xsasl_cyrus_security 3 6/* SUMMARY 7/* convert Cyrus SASL security properties to bit mask 8/* SYNOPSIS 9/* #include <xsasl_cyrus_common.h> 10/* 11/* int xsasl_cyrus_security_parse_opts(properties) 12/* const char *properties; 13/* DESCRIPTION 14/* xsasl_cyrus_security_parse_opts() converts a list of security 15/* properties to a bit mask. The result is zero in case of error. 16/* 17/* Arguments: 18/* .IP properties 19/* A comma or space separated list of zero or more of the 20/* following: 21/* .RS 22/* .IP noplaintext 23/* Disallow authentication methods that use plaintext passwords. 24/* .IP noactive 25/* Disallow authentication methods that are vulnerable to 26/* non-dictionary active attacks. 27/* .IP nodictionary 28/* Disallow authentication methods that are vulnerable to 29/* passive dictionary attack. 30/* .IP forward_secrecy 31/* Require forward secrecy between sessions. 32/* .IP noanonymous 33/* Disallow anonymous logins. 34/* .RE 35/* DIAGNOSTICS: 36/* Warning: bad input. 37/* LICENSE 38/* .ad 39/* .fi 40/* The Secure Mailer license must be distributed with this software. 41/* AUTHOR(S) 42/* Wietse Venema 43/* IBM T.J. Watson Research 44/* P.O. Box 704 45/* Yorktown Heights, NY 10598, USA 46/*--*/ 47 48/* System library. */ 49 50#include <sys_defs.h> 51 52/* Utility library. */ 53 54#include <name_mask.h> 55 56/* Application-specific. */ 57 58#include <xsasl_cyrus_common.h> 59 60#if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL) 61 62#include <sasl.h> 63 64 /* 65 * SASL Security options. 66 */ 67static const NAME_MASK xsasl_cyrus_sec_mask[] = { 68 "noplaintext", SASL_SEC_NOPLAINTEXT, 69 "noactive", SASL_SEC_NOACTIVE, 70 "nodictionary", SASL_SEC_NODICTIONARY, 71#ifdef SASL_SEC_FORWARD_SECRECY 72 "forward_secrecy", SASL_SEC_FORWARD_SECRECY, 73#endif 74 "noanonymous", SASL_SEC_NOANONYMOUS, 75#if SASL_VERSION_MAJOR >= 2 76 "mutual_auth", SASL_SEC_MUTUAL_AUTH, 77#endif 78 0, 79}; 80 81/* xsasl_cyrus_security - parse security options */ 82 83int xsasl_cyrus_security_parse_opts(const char *sasl_opts_val) 84{ 85 return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask, 86 sasl_opts_val, NAME_MASK_RETURN)); 87} 88 89#endif 90