X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/e65127948dd214fcfc807d2ff15f871aaf5904e1..94187a80bd60baab4b9c4b949ad820d730578123:/h/netsec.h?ds=sidebyside

diff --git a/h/netsec.h b/h/netsec.h
index e05e79f1..3e7975b4 100644
--- a/h/netsec.h
+++ b/h/netsec.h
@@ -1,11 +1,9 @@
-/*
- * Network security library routines for nmh.
+/* netsec.h -- network-security library routines.
  *
  * These are a common set of routines to handle network security for
  * things like SASL and OpenSSL.
  */
 
-struct _netsec_context;
 typedef struct _netsec_context netsec_context;
 
 /*
@@ -17,15 +15,15 @@ netsec_context *netsec_init(void);
 
 /*
  * Shuts down the security context for a connection and frees all
- * associated resources.
+ * associated resources.  Will unconditionally close the network socket
+ * as well.
  *
  * Arguments:
  *
  * ns_context	- Network security context
- * closeflag	- If set to 1, close the socket descriptor as well.
  */
 
-void netsec_shutdown(netsec_context *ns_context, int closeflag);
+void netsec_shutdown(netsec_context *ns_context);
 
 /*
  * Sets the file descriptor for this connection.  This will be used by
@@ -51,6 +49,19 @@ void netsec_set_fd(netsec_context *ns_context, int readfd, int writefd);
 
 void netsec_set_userid(netsec_context *ns_context, const char *userid);
 
+/*
+ * Set the hostname of the server we're connecting to.  This is used
+ * by the Cyrus-SASL library and by the TLS code.  This must be called
+ * before netsec_negotiate_tls() or netsec_set_sasl_params().
+ *
+ * Arguments:
+ *
+ * ns_context	- Network security context
+ * hostname	- FQDN of remote host.  Cannot be NULL.
+ */
+
+void netsec_set_hostname(netsec_context *ns_context, const char *hostname);
+
 /*
  * Returns "snoop" status on current connection.
  *
@@ -61,7 +72,7 @@ void netsec_set_userid(netsec_context *ns_context, const char *userid);
  * Returns "1" if snoop is enabled, 0 if it is not.
  */
 
-int netsec_get_snoop(netsec_context *ns_context);
+int netsec_get_snoop(netsec_context *ns_context) PURE;
 
 /*
  * Sets "snoop" status; if snoop is set to a nonzero value, network traffic
@@ -190,7 +201,7 @@ int netsec_write(netsec_context *ns_context, const void *buffer, size_t size,
  */
 
 int netsec_printf(netsec_context *ns_context, char **errstr,
-		  const char *format, ...);
+		  const char *format, ...) CHECK_PRINTF(3, 4);
 
 /*
  * Write bytes using a va_list argument.
@@ -206,7 +217,7 @@ int netsec_printf(netsec_context *ns_context, char **errstr,
  */
 
 int netsec_vprintf(netsec_context *ns_context, char **errstr,
-		   const char *format, va_list ap);
+		   const char *format, va_list ap) CHECK_PRINTF(3, 0);
 
 /*
  * Flush any buffered bytes to the network.
@@ -247,6 +258,7 @@ enum sasl_message_type {
  * indatasize	- The size of the input data in bytes
  * outdata	- Output data (freed by caller)
  * outdatasize	- Size of output data
+ * context	- Extra context information potentially required by callback
  * errstr	- An error string to be returned (freed by caller).
  *
  * As a general note, plugins should perform their own I/O.  Buffers returned
@@ -273,10 +285,12 @@ enum sasl_message_type {
  *			  this point SASL exchange should have completed
  *			  and we should get a message back from the server
  *			  telling us whether or not authentication is
- *			  successful.  All buffer parameters are NULL.
+ *			  successful; the plugin should return OK/NOTOK
+ *			  to indicate whether or not the authentication
+ *			  was successful.  All buffer parameters are NULL.
  * NETSEC_SASL_CANCEL	- Generate a protocol message that cancels the
- *			  SASL protocol exchange; outdata/outdatasize
- *			  should contain this message.
+ *			  SASL protocol exchange; the plugin should
+ *			  send this message.  All buffer parameters are NULL.
  *
  * The callback should return OK on success, NOTOK on failure.  Depending
  * at the point of the authentication exchange, the callback may be asked
@@ -287,7 +301,8 @@ typedef int (*netsec_sasl_callback)(enum sasl_message_type mtype,
 				    unsigned const char *indata,
 				    unsigned int indatasize,
 				    unsigned char **outdata,
-				    unsigned int *outdatasize, char **errstr);
+				    unsigned int *outdatasize,
+				    void *context, char **errstr);
 
 /*
  * Sets the SASL parameters for this connection.  If this function is
@@ -300,19 +315,20 @@ typedef int (*netsec_sasl_callback)(enum sasl_message_type mtype,
  * Arguments:
  *
  * ns_context	- Network security context
- * hostname	- Fully qualified hostname of remote host.
  * service	- Service name (set to NULL to disable SASL).
  * mechanism	- The mechanism desired by the user.  If NULL, the SASL
  *		  library will attempt to negotiate the best mechanism.
  * callback	- SASL protocol callbacks 
+ * context	- Extra context information passed to the protocol callback
  * errstr	- Error string.
  *
  * Returns NOTOK if SASL is not supported.
  */
 
-int netsec_set_sasl_params(netsec_context *ns_context, const char *hostname,
-			   const char *service, const char *mechanism,
-			   netsec_sasl_callback callback, char **errstr);
+int netsec_set_sasl_params(netsec_context *ns_context, const char *service,
+			   const char *mechanism,
+			   netsec_sasl_callback callback,
+			   void *context, char **errstr);
 
 /*
  * Start SASL negotiation.  The Netsec library will use the callbacks
@@ -342,7 +358,25 @@ int netsec_negotiate_sasl(netsec_context *ns_context, const char *mechlist,
  * supported or in use.
  */
 
-char *netsec_get_sasl_mechanism(netsec_context *ns_context);
+char *netsec_get_sasl_mechanism(netsec_context *ns_context) PURE;
+
+/*
+ * Returns the SASL strength security factor (SSF) for the negotiated
+ * authentication mechanism.
+ *
+ * The exact meaning of the SSF depends on the mechanism chosen, but in
+ * general:
+ *
+ * 0	- No encryption or integrity protection via SASL.
+ * 1	- Integrity protection only.
+ * >1	- Encryption
+ *
+ * The SSF is distinct from any encryption that is negotiated by TLS;
+ * if TLS is negotiated then the netsec SASL code will automatically disable
+ * any attempt to negotiate a security layer and thus the SSF will be 0.
+ */
+
+int netsec_get_sasl_ssf(netsec_context *ns_context) PURE;
 
 /*
  * Set the OAuth service name used to retrieve the OAuth parameters from
@@ -364,17 +398,23 @@ int netsec_set_oauth_service(netsec_context *ns_context, const char *service);
  * Controls whether or not TLS will be negotiated for this connection.
  *
  * Note: callers still have to call netsec_tls_negotiate() to start
- * TLS negotiation at the appropriate point in the protocol.
+ * TLS negotiation at the appropriate point in the protocol.  The
+ * remote hostname (controlled by netsec_set_hostname()) should have
+ * already been set before this function is called unless certificate
+ * verification is disabled.
  *
  * Arguments
  *
  * tls		- If nonzero, enable TLS. Otherwise disable TLS
  *		  negotiation.
+ * noverify	- If nonzero, disable server certificate and hostname
+ *		  validation.
  *
  * Returns NOTOK if TLS is not supported or was unable to initialize.
  */
 
-int netsec_set_tls(netsec_context *context, int tls, char **errstr);
+int netsec_set_tls(netsec_context *context, int tls, int noverify,
+		   char **errstr);
 
 /*
  * Start TLS negotiation on this protocol.  This connection should have
@@ -402,4 +442,5 @@ int netsec_negotiate_tls(netsec_context *ns_context, char **errstr);
  *
  */
 
-void netsec_err(char **errstr, const char *format, ...);
+void netsec_err(char **errstr, const char *format, ...)
+    CHECK_PRINTF(2, 3);