INN commit: trunk/nnrpd (sasl.c)
INN Commit
Russ_Allbery at isc.org
Tue Sep 23 17:51:32 UTC 2008
Date: Tuesday, September 23, 2008 @ 10:51:31
Author: iulius
Revision: 8048
* Properly set TLS negociation for the SASL server.
* Do not use the ANONYMOUS mechanism.
Modified:
trunk/nnrpd/sasl.c
--------+
sasl.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
Modified: sasl.c
===================================================================
--- sasl.c 2008-09-22 18:50:21 UTC (rev 8047)
+++ sasl.c 2008-09-23 17:51:31 UTC (rev 8048)
@@ -14,6 +14,8 @@
#include "inn/ov.h"
#ifdef HAVE_SSL
+extern int tls_cipher_usebits;
+extern char *tls_peer_CN;
extern bool nnrpd_starttls_done;
#endif /* HAVE_SSL */
@@ -87,9 +89,23 @@
sasl_security_properties_t secprops;
memset(&secprops, 0, sizeof(secprops));
+ secprops.security_flags = SASL_SEC_NOANONYMOUS;
secprops.max_ssf = 256;
secprops.maxbufsize = NNTP_MAXLEN_COMMAND;
sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
+#ifdef HAVE_SSL
+ /* Tell SASL about the negotiated TLS layer. */
+ if (nnrpd_starttls_done) {
+ if (sasl_setprop(sasl_conn, SASL_SSF_EXTERNAL,
+ (sasl_ssf_t *) &tls_cipher_usebits) != SASL_OK) {
+ syslog(L_NOTICE, "sasl_setprop() failed: TLS layer for SASL");
+ }
+ if (sasl_setprop(sasl_conn, SASL_AUTH_EXTERNAL, tls_peer_CN)
+ != SASL_OK) {
+ syslog(L_NOTICE, "sasl_setprop() failed: TLS layer for SASL");
+ }
+ }
+#endif
}
}
More information about the inn-committers
mailing list