Log ciphersuite info after successful initiation of TLS connection

* include/mailutils/stream.h (MU_IOCTL_TLSSTREAM): New ioctl code.
(MU_IOCTL_TLS_GET_CIPHER_INFO): New ioctl opcode.
* libmailutils/property/assocprop.c (_assoc_prop_fill)
(_assoc_prop_save): allow for NULL stream pointer.
* libmu_auth/tls.c (_tls_io_ioctl,_tls_ioctl): Handle
MU_IOCTL_TLSSTREAM/MU_IOCTL_TLS_GET_CIPHER_INFO ioctl.

* imap4d/io.c (log_cipher): New function.
(io_setio, imap4d_init_tls_server): Call log_cipher after successfully
establishing the TLS connection.
* imap4d/starttls.c (tls_encryption_on): Remove diagnostic output.
* pop3d/extra.c (log_cipher): New function.
(pop3d_setio,pop3d_init_tls_server): Call log_cipher after successfully
establishing the TLS connection.

@@ -16,9 +16,39 @@
    along with GNU Mailutils.  If not, see <http://www.gnu.org/licenses/>. */
    along with GNU Mailutils.  If not, see <http://www.gnu.org/licenses/>. */
 
 
 #include "imap4d.h"
 #include "imap4d.h"
+#include <mailutils/property.h>
 
 
 mu_stream_t iostream;
 mu_stream_t iostream;
 
 
+static void
+log_cipher (mu_stream_t stream)
+{
+  mu_property_t prop;
+  int rc = mu_stream_ioctl (stream, MU_IOCTL_TLSSTREAM,
+			    MU_IOCTL_TLS_GET_CIPHER_INFO, &prop);
+  if (rc)
+    {
+      mu_diag_output (MU_DIAG_INFO, _("TLS established"));
+      mu_diag_output (MU_DIAG_ERROR, _("can't get TLS details: %s"),
+		      mu_strerror (rc));
+    }
+  else
+    {
+      char const *cipher, *mac, *proto;
+      if (mu_property_sget_value (prop, "cipher", &cipher))
+	cipher = "UNKNOWN";	
+      if (mu_property_sget_value (prop, "mac", &mac))
+	mac = "UNKNOWN";
+      if (mu_property_sget_value (prop, "protocol", &proto))
+	proto = "UNKNOWN";
+      
+      mu_diag_output (MU_DIAG_INFO, _("TLS established using %s-%s (%s)"),
+		      cipher, mac, proto);
+      
+      mu_property_destroy (&prop);
+    }
+}
+
 void
 void
 io_setio (int ifd, int ofd, int tls)
 io_setio (int ifd, int ofd, int tls)
 {
 {
@@ -49,6 +79,7 @@ io_setio (int ifd, int ofd, int tls)
 	  mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc));
 	  mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc));
 	  imap4d_bye (ERR_STREAM_CREATE);
 	  imap4d_bye (ERR_STREAM_CREATE);
 	}
 	}
+      log_cipher (str);
     }
     }
   else
   else
 #endif
 #endif
@@ -112,6 +143,8 @@ imap4d_init_tls_server ()
       return 1;
       return 1;
     }
     }
 
 
+  log_cipher (tlsstream);
+
   mu_stream_unref (stream[0]);
   mu_stream_unref (stream[0]);
   mu_stream_unref (stream[1]);
   mu_stream_unref (stream[1]);
   stream[0] = stream[1] = tlsstream;
   stream[0] = stream[1] = tlsstream;

@@ -71,7 +71,6 @@ tls_encryption_on (struct imap4d_session *session)
 
 
   session->tls_mode = tls_no;
   session->tls_mode = tls_no;
   imap4d_capability_remove (IMAP_CAPA_XTLSREQUIRED);
   imap4d_capability_remove (IMAP_CAPA_XTLSREQUIRED);
-  mu_diag_output (MU_DIAG_INFO, _("TLS established"));
 }
 }
 
 
 void
 void

@@ -77,7 +77,8 @@ enum mu_buffer_type
 #define MU_IOCTL_TOPSTREAM       12 /* Same as MU_IOCTL_SUBSTREAM, but
 #define MU_IOCTL_TOPSTREAM       12 /* Same as MU_IOCTL_SUBSTREAM, but
 				       always returns the topmost substream.
 				       always returns the topmost substream.
 				    */
 				    */
-  
+#define MU_IOCTL_TLSSTREAM       13 /* TLS stream */
+
   /* Opcodes common for various families */
   /* Opcodes common for various families */
 #define MU_IOCTL_OP_GET 0
 #define MU_IOCTL_OP_GET 0
 #define MU_IOCTL_OP_SET 1  
 #define MU_IOCTL_OP_SET 1  
@@ -192,6 +193,13 @@ enum mu_buffer_type
   */
   */
 #define MU_IOCTL_FILTER_GET_DISABLED 0
 #define MU_IOCTL_FILTER_GET_DISABLED 0
 #define MU_IOCTL_FILTER_SET_DISABLED 1  
 #define MU_IOCTL_FILTER_SET_DISABLED 1  
+
+  /* TLS transport streams */
+  /* Get cipher info.
+     Arg: mu_property_t *
+     On success, the following keys are defined: "protocol", "cipher", "mac"
+  */
+#define MU_IOCTL_TLS_GET_CIPHER_INFO 0
   
   
 #define MU_TRANSPORT_INPUT  0
 #define MU_TRANSPORT_INPUT  0
 #define MU_TRANSPORT_OUTPUT 1
 #define MU_TRANSPORT_OUTPUT 1

@@ -145,7 +145,7 @@ _assoc_prop_fill (struct _mu_property *prop)
   size_t size[2] = { 0, 0 }, n;
   size_t size[2] = { 0, 0 }, n;
   
   
   if (!str)
   if (!str)
-    return EINVAL;
+    return 0;
   mu_stream_seek (str, 0, MU_SEEK_SET, NULL);
   mu_stream_seek (str, 0, MU_SEEK_SET, NULL);
   while ((rc = mu_stream_getdelim (str, &buf[state], &size[state],
   while ((rc = mu_stream_getdelim (str, &buf[state], &size[state],
 				   0, &n)) == 0 &&
 				   0, &n)) == 0 &&
@@ -169,7 +169,7 @@ _assoc_prop_save (struct _mu_property *prop)
   mu_off_t off;
   mu_off_t off;
   
   
   if (!str)
   if (!str)
-    return EINVAL;
+    return 0;
   rc = mu_property_get_iterator (prop, &itr);
   rc = mu_property_get_iterator (prop, &itr);
   if (rc)
   if (rc)
     return rc;
     return rc;

@@ -34,6 +34,7 @@
 #include <mailutils/stream.h>
 #include <mailutils/stream.h>
 #include <mailutils/errno.h>
 #include <mailutils/errno.h>
 #include <mailutils/util.h>
 #include <mailutils/util.h>
+#include <mailutils/property.h>
 
 
 struct mu_tls_module_config mu_tls_module_config = {
 struct mu_tls_module_config mu_tls_module_config = {
 #ifdef WITH_TLS
 #ifdef WITH_TLS
@@ -295,6 +296,34 @@ _tls_wr_wait (struct _mu_stream *stream, int *pflags, struct timeval *tvp)
 }
 }
 
 
 static int
 static int
+get_cipher_info (gnutls_session_t session, mu_property_t *pprop)
+{
+  mu_property_t prop;
+  const char *s;
+  int rc;
+
+  if (!pprop)
+    return EINVAL;
+
+  rc = mu_property_create_init (&prop, mu_assoc_property_init, NULL);
+  if (rc)
+    return rc;
+
+  s = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
+  mu_property_set_value (prop, "protocol", s, 1);
+
+  s = gnutls_cipher_get_name (gnutls_cipher_get (session));
+  mu_property_set_value (prop, "cipher", s, 1);
+
+  s = gnutls_mac_get_name (gnutls_mac_get (session));
+  mu_property_set_value (prop, "mac", s, 1);
+
+  *pprop = prop;
+
+  return 0;
+}
+
+static int
 _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
 _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
 {
 {
   struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream;
   struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream;
@@ -323,6 +352,17 @@ _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
 	}
 	}
       break;
       break;
 
 
+    case MU_IOCTL_TLSSTREAM:
+      switch (opcode)
+	{
+	case MU_IOCTL_TLS_GET_CIPHER_INFO:
+	  return get_cipher_info (sp->up->session, arg);
+
+	default:
+	  return EINVAL;
+	}
+      break;
+      
     default:
     default:
       return ENOSYS;
       return ENOSYS;
     }
     }
@@ -586,6 +626,17 @@ _tls_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
 	}
 	}
       break;
       break;
       
       
+    case MU_IOCTL_TLSSTREAM:
+      switch (opcode)
+	{
+	case MU_IOCTL_TLS_GET_CIPHER_INFO:
+	  return get_cipher_info (sp->session, arg);
+
+	default:
+	  return EINVAL;
+	}
+      break;
+      
     default:
     default:
       return ENOSYS;
       return ENOSYS;
     }
     }

@@ -17,6 +17,7 @@
 
 
 #include "pop3d.h"
 #include "pop3d.h"
 #include "mailutils/libargp.h"
 #include "mailutils/libargp.h"
+#include "mailutils/property.h"
 
 
 mu_stream_t iostream;
 mu_stream_t iostream;
 
 
@@ -128,6 +129,35 @@ pop3d_abquit (int reason)
   exit (code);
   exit (code);
 }
 }
 
 
+static void
+log_cipher (mu_stream_t stream)
+{
+  mu_property_t prop;
+  int rc = mu_stream_ioctl (stream, MU_IOCTL_TLSSTREAM,
+			    MU_IOCTL_TLS_GET_CIPHER_INFO, &prop);
+  if (rc)
+    {
+      mu_diag_output (MU_DIAG_INFO, _("TLS established"));
+      mu_diag_output (MU_DIAG_ERROR, _("can't get TLS details: %s"),
+		      mu_strerror (rc));
+    }
+  else
+    {
+      char const *cipher, *mac, *proto;
+      if (mu_property_sget_value (prop, "cipher", &cipher))
+	cipher = "UNKNOWN";	
+      if (mu_property_sget_value (prop, "mac", &mac))
+	mac = "UNKNOWN";
+      if (mu_property_sget_value (prop, "protocol", &proto))
+	proto = "UNKNOWN";
+      
+      mu_diag_output (MU_DIAG_INFO, _("TLS established using %s-%s (%s)"),
+		      cipher, mac, proto);
+      
+      mu_property_destroy (&prop);
+    }
+}
+
 void
 void
 pop3d_setio (int ifd, int ofd, int tls)
 pop3d_setio (int ifd, int ofd, int tls)
 {
 {
@@ -158,7 +188,7 @@ pop3d_setio (int ifd, int ofd, int tls)
 	  pop3d_abquit (ERR_FILE);
 	  pop3d_abquit (ERR_FILE);
 	}
 	}
       tls_done = 1;
       tls_done = 1;
-      mu_diag_output (MU_DIAG_INFO, _("TLS established"));
+      log_cipher (str);
     }
     }
   else
   else
 #endif
 #endif
@@ -220,6 +250,8 @@ pop3d_init_tls_server ()
   if (rc)
   if (rc)
     return 1;
     return 1;
 
 
+  log_cipher (tlsstream);
+
   stream[0] = stream[1] = tlsstream;
   stream[0] = stream[1] = tlsstream;
   rc = mu_stream_ioctl (iostream, MU_IOCTL_SUBSTREAM, MU_IOCTL_OP_SET, stream);
   rc = mu_stream_ioctl (iostream, MU_IOCTL_SUBSTREAM, MU_IOCTL_OP_SET, stream);
   mu_stream_unref (stream[0]);
   mu_stream_unref (stream[0]);