X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/4ea2f92f36fcf39727438cd55580c99a5a6e6ad8..b0aa8cdb1c264e42d4931ca24968689c73381278:/h/netsec.h diff --git a/h/netsec.h b/h/netsec.h index 65b867bd..e05e79f1 100644 --- a/h/netsec.h +++ b/h/netsec.h @@ -34,10 +34,11 @@ void netsec_shutdown(netsec_context *ns_context, int closeflag); * Arguments: * * ns_context - Network security context - * fd - File descriptor of network connection. + * readfd - Read file descriptor of remote connection. + * writefd - Write file descriptor of remote connection */ -void netset_set_fd(netsec_context *ns_context, int fd); +void netsec_set_fd(netsec_context *ns_context, int readfd, int writefd); /* * Set the userid used to authenticate to this connection. @@ -74,6 +75,44 @@ int netsec_get_snoop(netsec_context *ns_context); void netsec_set_snoop(netsec_context *ns_context, int snoop); +/* + * A callback designed to handle the snoop output; it can be used by + * a protocol to massage the data in a more user-friendly way. + * + * Arguments: + * + * ns_context - Network security context + * string - String to output + * len - Length of string + * context - "Extra" context information to be used by callback. + */ + +typedef void (netsec_snoop_callback)(netsec_context *ns_context, + const char *string, size_t len, + void *context); + +/* + * Set the snoop callback function; will be used to handle protocol-specific + * messages. Set to NULL to disable. + * + * Arguments: + * + * ns_context - Network security context + * callback - Snoop callback + * context - Extra context information to be passed to callback. + */ + +void netsec_set_snoop_callback(netsec_context *ns_context, + netsec_snoop_callback *callback, void *context); + +/* + * A sample callback protocols can utilize; decode base64 tokens in the + * output. The context is a pointer to an int which contains an offset + * into the data to start decoding. + */ + +extern netsec_snoop_callback netsec_b64_snoop_decoder; + /* * Set the read timeout for this connection. * @@ -89,18 +128,19 @@ void netsec_set_timeout(netsec_context *ns_context, int timeout); * Read a "line" from the network. This reads one CR/LF terminated line. * Returns a pointer to a NUL-terminated string. This memory is valid * until the next call to any read function. Will return an error if - * the line does not terminated with CR/LF. Note that this will not work - * if the data might have embedded NULs. + * the line does not terminate with a CR/LF. * * Arguments: * * ns_context - Network security context + * length - Returned length of string * errstr - Error string * * Returns pointer to string, or NULL on error. */ -char *netsec_readline(netsec_context *ns_context, char **errstr); +char *netsec_readline(netsec_context *ns_context, size_t *length, + char **errstr); /* * Read bytes from the network. @@ -209,15 +249,17 @@ enum sasl_message_type { * outdatasize - Size of output data * errstr - An error string to be returned (freed by caller). * + * As a general note, plugins should perform their own I/O. Buffers returned + * by NETSEC_SASL_READ should be allocated by the plugins and will be freed + * by the netsec package. Error messages returned should be created by + * netsec_err(). + * * Parameter interpretation based on mtype value: * * NETSEC_SASL_START - Create a protocol message that starts SASL * authentication. If an initial response is * supported, indata and indatasize will contain it. * Otherwise they will be set to NULL and 0. - * The complete protocol message should be - * stored in outdata/outdatasize, to be free()d - * by the caller. * NETSEC_SASL_READ - Parse and decode a protocol message and extract * out the SASL payload data. indata will be set * to NULL; the callback must read in the necessary @@ -226,8 +268,7 @@ enum sasl_message_type { * SASL message (again, must be free()d by the caller). * NETSEC_SASL_WRITE - Generate a protocol message to send over the * network. indata/indatasize will contain the - * SASL payload data. outdata/outdatasize should - * contain the complete protocol message. + * SASL payload data. * NETSEC_SASL_FINISH - Process the final SASL message exchange; at * this point SASL exchange should have completed * and we should get a message back from the server @@ -348,3 +389,17 @@ int netsec_set_tls(netsec_context *context, int tls, char **errstr); */ int netsec_negotiate_tls(netsec_context *ns_context, char **errstr); + +/* + * Allocate and format an error string; should be used by plugins + * to report errors. + * + * Arguments: + * + * errstr - Error string to be returned + * format - printf(3) format string + * ... - Arguments to printf(3) + * + */ + +void netsec_err(char **errstr, const char *format, ...);