X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/2ea6899cdfc1dabed68a587cd1f38093180cc206..000433d171b74e82024add9f11536b42c118dde3:/sbr/netsec.c

diff --git a/sbr/netsec.c b/sbr/netsec.c
index 3b546a30..3f0ea221 100644
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -6,10 +6,13 @@
  * complete copyright information.
  */
 
-#include <h/mh.h>
-#include <h/utils.h>
-#include <h/netsec.h>
-#include <h/oauth.h>
+#include "h/mh.h"
+#include "credentials.h"
+#include "getcpy.h"
+#include "brkstring.h"
+#include "h/utils.h"
+#include "h/netsec.h"
+#include "h/oauth.h"
 #include <stdarg.h>
 #include <sys/select.h>
 #include "base64.h"
@@ -30,7 +33,7 @@ static int netsec_get_user(void *context, int id, const char **result,
 static int netsec_get_password(sasl_conn_t *conn, void *context, int id,
 			       sasl_secret_t **psecret);
 
-static int sasl_initialized = 0;
+static bool sasl_initialized;
 
 #define SASL_MAXRECVBUF 65536
 #endif /* CYRUS_SASL */
@@ -39,7 +42,7 @@ static int sasl_initialized = 0;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
-static int tls_initialized = 0;
+static bool tls_initialized;
 static SSL_CTX *sslctx = NULL;		/* SSL Context */
 
 #endif /* TLS_SUPPORT */
@@ -288,7 +291,8 @@ netsec_set_snoop(netsec_context *nsc, int snoop)
  * Set the snoop callback for this connection.
  */
 
-void netsec_set_snoop_callback(netsec_context *nsc,
+void
+netsec_set_snoop_callback(netsec_context *nsc,
 			       netsec_snoop_callback callback, void *context)
 {
     nsc->ns_snoop_cb = callback;
@@ -806,6 +810,7 @@ netsec_vprintf(netsec_context *nsc, char **errstr, const char *format,
 	       va_list ap)
 {
     int rc;
+    va_list apcopy;
 
     /*
      * Cheat a little.  If we can fit the data into our outgoing buffer,
@@ -813,8 +818,10 @@ netsec_vprintf(netsec_context *nsc, char **errstr, const char *format,
      */
 
 retry:
+    va_copy(apcopy, ap);
     rc = vsnprintf((char *) nsc->ns_outptr,
-		   nsc->ns_outbufsize - nsc->ns_outbuflen, format, ap);
+		   nsc->ns_outbufsize - nsc->ns_outbuflen, format, apcopy);
+    va_end(apcopy);
 
     if (rc >= (int) (nsc->ns_outbufsize - nsc->ns_outbuflen)) {
 	/*
@@ -1032,7 +1039,7 @@ netsec_set_sasl_params(netsec_context *nsc, const char *service,
 		       sasl_errstring(retval, NULL, NULL));
 	    return NOTOK;
 	}
-	sasl_initialized++;
+	sasl_initialized = true;
     }
 
     /*
@@ -1103,7 +1110,8 @@ netsec_set_sasl_params(netsec_context *nsc, const char *service,
  * library when asked.
  */
 
-int netsec_get_user(void *context, int id, const char **result,
+int
+netsec_get_user(void *context, int id, const char **result,
 		    unsigned int *len)
 {
     netsec_context *nsc = (netsec_context *) context;
@@ -1479,6 +1487,20 @@ netsec_get_sasl_mechanism(netsec_context *nsc)
     return nsc->sasl_chosen_mech;
 }
 
+/*
+ * Return the negotiated SASL strength security factor (SSF)
+ */
+
+int
+netsec_get_sasl_ssf(netsec_context *nsc)
+{
+#ifdef CYRUS_SASL
+    return nsc->sasl_ssf;
+#else /* CYRUS_SASL */
+    return 0;
+#endif /* CYRUS_SASL */
+}
+
 /*
  * Set an OAuth2 service name, if we support it.
  */
@@ -1536,7 +1558,7 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 		return NOTOK;
 	    }
 
-	    tls_initialized++;
+	    tls_initialized = true;
 	}
 
 	if (nsc->ns_readfd == -1 || nsc->ns_writefd == -1) {