xref: /netbsd-src/external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_security.c (revision 28e9a2d236810de35a8d65f9a4169cc55aab083f) 
1 /*	$NetBSD: xsasl_cyrus_security.c,v 1.1.1.2 2010/06/17 18:07:18 tron Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	xsasl_cyrus_security 3
6 /* SUMMARY
7 /*	convert Cyrus SASL security properties to bit mask
8 /* SYNOPSIS
9 /*	#include <xsasl_cyrus_common.h>
10 /*
11 /*	int	xsasl_cyrus_security_parse_opts(properties)
12 /*	const char *properties;
13 /* DESCRIPTION
14 /*	xsasl_cyrus_security_parse_opts() converts a list of security
15 /*	properties to a bit mask. The result is zero in case of error.
16 /*
17 /*	Arguments:
18 /* .IP properties
19 /*	A comma or space separated list of zero or more of the
20 /*	following:
21 /* .RS
22 /* .IP noplaintext
23 /*	Disallow authentication methods that use plaintext passwords.
24 /* .IP noactive
25 /*	Disallow authentication methods that are vulnerable to
26 /*	non-dictionary active attacks.
27 /* .IP nodictionary
28 /*	Disallow authentication methods that are vulnerable to
29 /*	passive dictionary attack.
30 /* .IP forward_secrecy
31 /*	Require forward secrecy between sessions.
32 /* .IP noanonymous
33 /*	Disallow anonymous logins.
34 /* .RE
35 /* DIAGNOSTICS:
36 /*	Warning: bad input.
37 /* LICENSE
38 /* .ad
39 /* .fi
40 /*	The Secure Mailer license must be distributed with this software.
41 /* AUTHOR(S)
42 /*	Wietse Venema
43 /*	IBM T.J. Watson Research
44 /*	P.O. Box 704
45 /*	Yorktown Heights, NY 10598, USA
46 /*--*/
47 
48 /* System library. */
49 
50 #include <sys_defs.h>
51 
52 /* Utility library. */
53 
54 #include <name_mask.h>
55 
56 /* Application-specific. */
57 
58 #include <xsasl_cyrus_common.h>
59 
60 #if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)
61 
62 #include <sasl.h>
63 
64  /*
65   * SASL Security options.
66   */
67 static const NAME_MASK xsasl_cyrus_sec_mask[] = {
68     "noplaintext", SASL_SEC_NOPLAINTEXT,
69     "noactive", SASL_SEC_NOACTIVE,
70     "nodictionary", SASL_SEC_NODICTIONARY,
71 #ifdef SASL_SEC_FORWARD_SECRECY
72     "forward_secrecy", SASL_SEC_FORWARD_SECRECY,
73 #endif
74     "noanonymous", SASL_SEC_NOANONYMOUS,
75 #if SASL_VERSION_MAJOR >= 2
76     "mutual_auth", SASL_SEC_MUTUAL_AUTH,
77 #endif
78     0,
79 };
80 
81 /* xsasl_cyrus_security - parse security options */
82 
xsasl_cyrus_security_parse_opts(const char * sasl_opts_val)83 int     xsasl_cyrus_security_parse_opts(const char *sasl_opts_val)
84 {
85     return (name_mask_opt("SASL security options", xsasl_cyrus_sec_mask,
86 			  sasl_opts_val, NAME_MASK_RETURN));
87 }
88 
89 #endif
90