static int xsasl_cyrus_server_set_security(XSASL_SERVER *xp,
const char *sasl_opts_val)
{
XSASL_CYRUS_SERVER *server = (XSASL_CYRUS_SERVER *) xp;
sasl_security_properties_t sec_props;
int sasl_status;
/*
* Security options. Some information can be found in the sasl.h include
* file.
*/
memset(&sec_props, 0, sizeof(sec_props));
sec_props.min_ssf = 0;
sec_props.max_ssf = 0; /* don't allow real SASL
* security layer */
if (*sasl_opts_val == 0) {
sec_props.security_flags = 0;
} else {
sec_props.security_flags =
xsasl_cyrus_security_parse_opts(sasl_opts_val);
if (sec_props.security_flags == 0) {
msg_warn("bad per-session SASL security properties");
return (XSASL_AUTH_FAIL);
}
}
sec_props.maxbufsize = 0;
sec_props.property_names = 0;
sec_props.property_values = 0;
if ((sasl_status = sasl_setprop(server->sasl_conn, SASL_SEC_PROPS,
&sec_props)) != SASL_OK) {
msg_warn("SASL per-connection security setup; %s",
xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
return (XSASL_AUTH_OK);
}
static int xsasl_cyrus_client_set_security(XSASL_CLIENT *xp,
const char *sasl_opts_val)
{
XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp;
sasl_security_properties_t sec_props;
int sasl_status;
/*
* Per-session security properties. XXX This routine is not sufficiently
* documented. What is the purpose of all this?
*/
memset(&sec_props, 0, sizeof(sec_props));
sec_props.min_ssf = 0;
sec_props.max_ssf = 0; /* don't allow real SASL
* security layer */
if (*sasl_opts_val == 0) {
sec_props.security_flags = 0;
} else {
sec_props.security_flags =
xsasl_cyrus_security_parse_opts(sasl_opts_val);
if (sec_props.security_flags == 0) {
msg_warn("bad per-session SASL security properties");
return (XSASL_AUTH_FAIL);
}
}
sec_props.maxbufsize = 0;
sec_props.property_names = 0;
sec_props.property_values = 0;
if ((sasl_status = sasl_setprop(client->sasl_conn, SASL_SEC_PROPS,
&sec_props)) != SASL_OK) {
msg_warn("set per-session SASL security properties: %s",
xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
return (XSASL_AUTH_OK);
}
