From: Ken Hornstein <kenh@pobox.com>
Date: Tue, 13 Sep 2016 20:00:46 +0000 (-0400)
Subject: Save this for now.
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/9dbb49a38ef76acdaa1217d2f66af1c58449d6ff?ds=inline;hp=-c

Save this for now.
---

9dbb49a38ef76acdaa1217d2f66af1c58449d6ff
diff --git a/Makefile.am b/Makefile.am
index 1b31fa1a..d8a57eaa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -610,7 +610,8 @@ sbr_libmh_a_SOURCES = sbr/addrsbr.c sbr/ambigsw.c sbr/atooi.c sbr/arglist.c \
 		      sbr/m_draft.c sbr/m_getfld.c sbr/m_gmprot.c \
 		      sbr/m_maildir.c sbr/m_name.c sbr/m_popen.c sbr/m_rand.c \
 		      sbr/makedir.c sbr/md5.c sbr/message_id.c \
-		      sbr/mime_type.c sbr/mts.c sbr/norm_charmap.c sbr/path.c \
+		      sbr/mime_type.c sbr/mts.c sbr/netsec.c \
+		      sbr/norm_charmap.c sbr/path.c \
 		      sbr/peekc.c sbr/pidwait.c sbr/pidstatus.c \
 		      sbr/print_help.c sbr/print_sw.c sbr/print_version.c \
 		      sbr/push.c sbr/putenv.c sbr/refile.c sbr/remdir.c \
diff --git a/h/netsec.h b/h/netsec.h
index 176d7e0f..3daa1940 100644
--- a/h/netsec.h
+++ b/h/netsec.h
@@ -105,13 +105,12 @@ enum sasl_message_type {
  * to generate a cancel message.
  */
 
-typedef int (*_netsec_sasl_callback)(sasl_message_type mtype,
-				     unsigned char *indata,
-				     unsigned int indatasize,
-				     unsigned char **outdata,
-				     unsigned int *outdatasize,
-				     int snoop, char **errstr)
-	netsec_sasl_callback;
+typedef int (*netsec_sasl_callback)(enum sasl_message_type mtype,
+				    unsigned char *indata,
+				    unsigned int indatasize,
+				    unsigned char **outdata,
+				    unsigned int *outdatasize,
+				    int snoop, char **errstr);
 
 /*
  * Sets the SASL parameters for this connection.  If this function is
diff --git a/sbr/netsec.c b/sbr/netsec.c
new file mode 100644
index 00000000..26e90c9c
--- /dev/null
+++ b/sbr/netsec.c
@@ -0,0 +1,83 @@
+
+/*
+ * netsec.c -- Network security routines for handling protocols that
+ *	       require SASL and/or TLS.
+ *
+ * This code is Copyright (c) 2016, by the authors of nmh.  See the
+ * COPYRIGHT file in the root directory of the nmh distribution for
+ * complete copyright information.
+ */
+
+#include <h/mh.h>
+#include <h/utils.h>
+#include <h/netsec.h>
+
+#ifdef CYRUS_SASL
+#include <sasl/sasl.h>
+#include <sasl/saslutil.h>
+# if SASL_VERSION_FULL < 0x020125
+  /* Cyrus SASL 2.1.25 introduced the sasl_callback_ft prototype,
+     which has an explicit void parameter list, according to best
+     practice.  So we need to cast to avoid compile warnings.
+     Provide this prototype for earlier versions. */
+  typedef int (*sasl_callback_ft)();
+# endif /* SASL_VERSION_FULL < 0x020125 */
+#endif /* CYRUS_SASL */
+
+#ifdef TLS_SUPPORT
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+static int tls_initialized = 0;
+
+#endif /* TLS_SUPPORT */
+
+/*
+ * Our context structure, which holds all of the relevant information
+ * about a connection.
+ */
+
+struct _netsec_context {
+    int ns_fd;			/* Descriptor for network connection */
+    int ns_snoop;		/* If true, display network data */
+    unsigned char *ns_inbuffer;	/* Our read input buffer */
+    unsigned char *ns_inptr;	/* Our read buffer input pointer */
+    unsigned int ns_inbuflen;	/* Length of data in input buffer */
+    unsigned int ns_inbufsize;	/* Size of input buffer */
+    unsigned char *ns_outbuffer;/* Output buffer */
+    unsigned char *ns_outptr;	/* Output buffer pointer */
+    unsigned int ns_outbuflen;	/* Output buffer data length */
+    unsigned int ns_outbufsize;	/* Output buffer size */
+#ifdef CYRUS_SASL
+    sasl_conn_t *sasl_conn;	/* SASL connection context */
+    sasl_ssf_t sasl_ssf;	/* SASL Security Strength Factor */
+#endif /* CYRUS_SASL */
+#ifdef TLS_SUPPORT
+    SSL_CTX *sslctx;		/* SSL Context */
+    SSL *ssl;			/* SSL connection information */
+    BIO *ssl_io;		/* BIO used for connection I/O */
+#endif /* TLS_SUPPORT */
+};
+
+/*
+ * How this code works, in general.
+ *
+ * _If_ we are using no encryption or SASL encryption, then we buffer the
+ * network data through ns_inbuffer and ns_outbuffer.  That should be
+ * relatively self-explanatory.
+ *
+ * If we are using SSL for encryption, then use a buffering BIO for output
+ * (that just easier).  Still do buffering for reads; when we need more
+ * data we call the BIO_read() function to fill our local buffer.
+ */
+
+netsec_context *
+netsec_init(void)
+{
+    netsec_context *nsc = mh_xmalloc(sizeof(*nsc));
+
+    nsc->ns_fd = -1;
+    nsc->ns_snoop = 0;
+
+    return nsc;
+}