# PaCkAgE DaTaStReAm
LNFcyrus-sasl 1 7203
# end of header
0707010001f884000081a4000017820000044e0000000153419f6300000219000002350000002700000000000000000000001600000000LNFcyrus-sasl/pkginfo CLASSES=none manifest rename
PSTAMP=q20140406203931
LICFILE=cmu-sasl.txt
LICURL=http://www.cmu.edu/computing/
LICINFO=CMU SASL license (BSD)
DESC=This package contains the Cyrus SASL API implentation. It can be used on the client or server side to provide authentication and authorization services. See RFC 2222 for more information.
BASEDIR=/usr
VENDOR=LINOFEE, http://www.linofee.org
EMAIL=developers@linofee.org
CATEGORY=network,utils,application
NAME=Cyrus-SASL
SERIALNUM=002
MAXINST=1000
VERSION=2.1.26
ARCH=i386
PKG=LNFcyrus-sasl
0707010001f883000081a4000017820000044e0000000153419f6300002035000002350000002700000000000000000000001500000000LNFcyrus-sasl/pkgmap : 1 7203
1 d none /etc ? ? ?
1 d none /etc/sasl2 0755 bin bin
1 f none /etc/sasl2/LDAP_SASLAUTHD 0644 bin bin 9400 36534 1327707096
1 f none /etc/sasl2/Sendmail.conf.sample 0644 bin bin 76 7115 1169409189
1 d none /lib ? ? ?
1 d none /lib/svc ? ? ?
1 d none /lib/svc/manifest ? ? ?
1 d none /lib/svc/manifest/network ? ? ?
1 f manifest /lib/svc/manifest/network/saslauthd.xml 0444 root sys 2594 24356 1396596842
1 d none /lib/svc/method ? ? ?
1 f rename /lib/svc/method/saslauthd 0555 root bin 2761 9626 1396744872
1 i depend 264 22265 1396750411
1 i i.manifest 3032 45333 1396296162
1 i i.rename 313 24364 1169409199
1 d none include ? ? ?
1 d none include/sasl2 0755 bin bin
1 d none include/sasl2/sasl 0755 bin bin
1 f none include/sasl2/sasl/hmac-md5.h 0644 bin bin 1368 46672 1396809569
1 f none include/sasl2/sasl/md5.h 0644 bin bin 1401 51951 1396809569
1 f none include/sasl2/sasl/md5global.h 0644 bin bin 1026 16377 1396809569
1 f none include/sasl2/sasl/prop.h 0644 bin bin 7211 21101 1396809569
1 f none include/sasl2/sasl/sasl.h 0644 bin bin 52053 857 1396809569
1 f none include/sasl2/sasl/saslplug.h 0644 bin bin 34564 14385 1396809569
1 f none include/sasl2/sasl/saslutil.h 0644 bin bin 2825 35963 1396809569
1 d none lib ? ? ?
1 d none lib/amd64 ? ? ?
1 s none lib/amd64/libsasl2.so=libsasl2.so.3.0.0
1 s none lib/amd64/libsasl2.so.3=libsasl2.so.3.0.0
1 f none lib/amd64/libsasl2.so.3.0.0 0755 bin bin 541984 44285 1396809569
1 d none lib/amd64/pkgconfig ? ? ?
1 f rename lib/amd64/pkgconfig/libsasl2.pc 0644 bin bin 327 29093 1396809571
1 d none lib/sasl2 0755 bin bin
1 s none lib/sasl2/libanonymous.so=libanonymous.so.3.0.0
1 s none lib/sasl2/libanonymous.so.3=libanonymous.so.3.0.0
1 f none lib/sasl2/libanonymous.so.3.0.0 0755 bin bin 89280 43118 1396809570
1 s none lib/sasl2/libcrammd5.so=libcrammd5.so.3.0.0
1 s none lib/sasl2/libcrammd5.so.3=libcrammd5.so.3.0.0
1 f none lib/sasl2/libcrammd5.so.3.0.0 0755 bin bin 104024 5018 1396809569
1 s none lib/sasl2/libdigestmd5.so=libdigestmd5.so.3.0.0
1 s none lib/sasl2/libdigestmd5.so.3=libdigestmd5.so.3.0.0
1 f none lib/sasl2/libdigestmd5.so.3.0.0 0755 bin bin 223936 83 1396809569
1 s none lib/sasl2/libgssapiv2.so=libgssapiv2.so.3.0.0
1 s none lib/sasl2/libgssapiv2.so.3=libgssapiv2.so.3.0.0
1 f none lib/sasl2/libgssapiv2.so.3.0.0 0755 bin bin 128536 4518 1396809570
1 s none lib/sasl2/libldapdb.so=libldapdb.so.3.0.0
1 s none lib/sasl2/libldapdb.so.3=libldapdb.so.3.0.0
1 f none lib/sasl2/libldapdb.so.3.0.0 0755 bin bin 96448 40409 1396809570
1 s none lib/sasl2/liblogin.so=liblogin.so.3.0.0
1 s none lib/sasl2/liblogin.so.3=liblogin.so.3.0.0
1 f none lib/sasl2/liblogin.so.3.0.0 0755 bin bin 89432 1562 1396809570
1 s none lib/sasl2/libntlm.so=libntlm.so.3.0.0
1 s none lib/sasl2/libntlm.so.3=libntlm.so.3.0.0
1 f none lib/sasl2/libntlm.so.3.0.0 0755 bin bin 153744 14727 1396809570
1 s none lib/sasl2/libotp.so=libotp.so.3.0.0
1 s none lib/sasl2/libotp.so.3=libotp.so.3.0.0
1 f none lib/sasl2/libotp.so.3.0.0 0755 bin bin 223960 8533 1396809570
1 s none lib/sasl2/libpassdss.so=libpassdss.so.3.0.0
1 s none lib/sasl2/libpassdss.so.3=libpassdss.so.3.0.0
1 f none lib/sasl2/libpassdss.so.3.0.0 0755 bin bin 138080 22405 1396809570
1 s none lib/sasl2/libplain.so=libplain.so.3.0.0
1 s none lib/sasl2/libplain.so.3=libplain.so.3.0.0
1 f none lib/sasl2/libplain.so.3.0.0 0755 bin bin 90568 52078 1396809570
1 s none lib/sasl2/libsasldb.so=libsasldb.so.3.0.0
1 s none lib/sasl2/libsasldb.so.3=libsasldb.so.3.0.0
1 f none lib/sasl2/libsasldb.so.3.0.0 0755 bin bin 143304 2684 1396809569
1 s none lib/sasl2/libscram.so=libscram.so.3.0.0
1 s none lib/sasl2/libscram.so.3=libscram.so.3.0.0
1 f none lib/sasl2/libscram.so.3.0.0 0755 bin bin 151008 37880 1396809570
1 s none lib/sasl2/libsql.so=libsql.so.3.0.0
1 s none lib/sasl2/libsql.so.3=libsql.so.3.0.0
1 f none lib/sasl2/libsql.so.3.0.0 0755 bin bin 102728 59970 1396809570
1 s none lib/sasl2/libsrp.so=libsrp.so.3.0.0
1 s none lib/sasl2/libsrp.so.3=libsrp.so.3.0.0
1 f none lib/sasl2/libsrp.so.3.0.0 0755 bin bin 186408 32805 1396809570
1 i pkginfo 537 45001 1396809571
1 i postinstall 772 60455 1396809571
1 i postremove 682 51942 1396809571
1 i r.manifest 2198 47773 1384053089
1 d none sbin ? ? ?
1 f none sbin/pluginviewer 0755 bin bin 49488 7851 1396809570
1 f none sbin/saslauthd 0755 bin bin 396656 65148 1396809571
1 f none sbin/sasldblistusers2 0755 bin bin 92000 51006 1396809570
1 f none sbin/saslpasswd2 0755 bin bin 33080 62692 1396809570
1 f none sbin/testsaslauthd 0755 bin bin 39944 18579 1396809571
1 d none share ? ? ?
1 d none share/man ? ? ?
1 d none share/man/man1m ? ? ?
1 f none share/man/man1m/pluginviewer.1m 0644 bin bin 3928 64022 1396809571
1 f none share/man/man1m/saslauthd.1m 0644 bin bin 9236 11051 1396742694
1 f none share/man/man1m/sasldblistusers2.1m 0644 bin bin 2492 3560 1396809571
1 f none share/man/man1m/saslpasswd2.1m 0644 bin bin 3186 62509 1396809571
1 d none share/man/man3 ? ? ?
1 f none share/man/man3/sasl.3 0644 bin bin 3257 9834 1396809571
1 f none share/man/man3/sasl_authorize_t.3 0644 bin bin 2916 38863 1396809570
1 f none share/man/man3/sasl_auxprop.3 0644 bin bin 7378 36802 1396809571
1 f none share/man/man3/sasl_auxprop_getctx.3 0644 bin bin 2509 7050 1396809571
1 f none share/man/man3/sasl_auxprop_request.3 0644 bin bin 3029 52825 1396809571
1 f none share/man/man3/sasl_callbacks.3 0644 bin bin 4189 27431 1396809570
1 f none share/man/man3/sasl_canon_user_t.3 0644 bin bin 3403 12549 1396809570
1 f none share/man/man3/sasl_chalprompt_t.3 0644 bin bin 2873 32566 1396809571
1 f none share/man/man3/sasl_checkapop.3 0644 bin bin 3110 54590 1396809571
1 f none share/man/man3/sasl_checkpass.3 0644 bin bin 2928 40029 1396809570
1 f none share/man/man3/sasl_client_init.3 0644 bin bin 3145 62309 1396809571
1 f none share/man/man3/sasl_client_new.3 0644 bin bin 4479 43145 1396809571
1 f none share/man/man3/sasl_client_start.3 0644 bin bin 4298 33511 1396809571
1 f none share/man/man3/sasl_client_step.3 0644 bin bin 4150 20630 1396809571
1 f none share/man/man3/sasl_decode.3 0644 bin bin 3003 45682 1396809571
1 f none share/man/man3/sasl_dispose.3 0644 bin bin 2442 65141 1396809570
1 f none share/man/man3/sasl_done.3 0644 bin bin 2281 50256 1396809570
1 f none share/man/man3/sasl_encode.3 0644 bin bin 3155 54698 1396809570
1 f none share/man/man3/sasl_encodev.3 0644 bin bin 3155 54698 1396809570
1 f none share/man/man3/sasl_errdetail.3 0644 bin bin 2500 5858 1396809571
1 f none share/man/man3/sasl_errors.3 0644 bin bin 3936 57239 1396809571
1 f none share/man/man3/sasl_errstring.3 0644 bin bin 3139 59332 1396809570
1 f none share/man/man3/sasl_getconfpath_t.3 0644 bin bin 2668 18128 1396809571
1 f none share/man/man3/sasl_getopt_t.3 0644 bin bin 3247 3833 1396809571
1 f none share/man/man3/sasl_getpath_t.3 0644 bin bin 2647 16422 1396809571
1 f none share/man/man3/sasl_getprop.3 0644 bin bin 3489 18762 1396809571
1 f none share/man/man3/sasl_getrealm_t.3 0644 bin bin 2923 39635 1396809571
1 f none share/man/man3/sasl_getsecret_t.3 0644 bin bin 2769 24622 1396809571
1 f none share/man/man3/sasl_getsimple_t.3 0644 bin bin 2903 35382 1396809571
1 f none share/man/man3/sasl_global_listmech.3 0644 bin bin 2477 3464 1396809571
1 f none share/man/man3/sasl_idle.3 0644 bin bin 2425 63316 1396809571
1 f none share/man/man3/sasl_listmech.3 0644 bin bin 3445 14842 1396809570
1 f none share/man/man3/sasl_log_t.3 0644 bin bin 2471 65005 1396809570
1 f none share/man/man3/sasl_server_init.3 0644 bin bin 3177 46 1396809571
1 f none share/man/man3/sasl_server_new.3 0644 bin bin 4165 15131 1396809571
1 f none share/man/man3/sasl_server_start.3 0644 bin bin 4046 8339 1396809571
1 f none share/man/man3/sasl_server_step.3 0644 bin bin 3291 6492 1396809571
1 f none share/man/man3/sasl_server_userdb_checkpass_t.3 0644 bin bin 3111 51113 1396809571
1 f none share/man/man3/sasl_server_userdb_setpass_t.3 0644 bin bin 3203 56694 1396809571
1 f none share/man/man3/sasl_setpass.3 0644 bin bin 3060 48885 1396809571
1 f none share/man/man3/sasl_setprop.3 0644 bin bin 3200 59511 1396809571
1 f none share/man/man3/sasl_user_exists.3 0644 bin bin 2641 12964 1396809571
1 f none share/man/man3/sasl_verifyfile_t.3 0644 bin bin 2959 40972 1396809571
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!! 0707010001f884000081a4000017820000044e0000000153419f6300000219000002350000002700000000000000000000000800000000pkginfo CLASSES=none manifest rename
PSTAMP=q20140406203931
LICFILE=cmu-sasl.txt
LICURL=http://www.cmu.edu/computing/
LICINFO=CMU SASL license (BSD)
DESC=This package contains the Cyrus SASL API implentation. It can be used on the client or server side to provide authentication and authorization services. See RFC 2222 for more information.
BASEDIR=/usr
VENDOR=LINOFEE, http://www.linofee.org
EMAIL=developers@linofee.org
CATEGORY=network,utils,application
NAME=Cyrus-SASL
SERIALNUM=002
MAXINST=1000
VERSION=2.1.26
ARCH=i386
PKG=LNFcyrus-sasl
0707010001f883000081a4000017820000044e0000000153419f6300002035000002350000002700000000000000000000000700000000pkgmap : 1 7203
1 d none /etc ? ? ?
1 d none /etc/sasl2 0755 bin bin
1 f none /etc/sasl2/LDAP_SASLAUTHD 0644 bin bin 9400 36534 1327707096
1 f none /etc/sasl2/Sendmail.conf.sample 0644 bin bin 76 7115 1169409189
1 d none /lib ? ? ?
1 d none /lib/svc ? ? ?
1 d none /lib/svc/manifest ? ? ?
1 d none /lib/svc/manifest/network ? ? ?
1 f manifest /lib/svc/manifest/network/saslauthd.xml 0444 root sys 2594 24356 1396596842
1 d none /lib/svc/method ? ? ?
1 f rename /lib/svc/method/saslauthd 0555 root bin 2761 9626 1396744872
1 i depend 264 22265 1396750411
1 i i.manifest 3032 45333 1396296162
1 i i.rename 313 24364 1169409199
1 d none include ? ? ?
1 d none include/sasl2 0755 bin bin
1 d none include/sasl2/sasl 0755 bin bin
1 f none include/sasl2/sasl/hmac-md5.h 0644 bin bin 1368 46672 1396809569
1 f none include/sasl2/sasl/md5.h 0644 bin bin 1401 51951 1396809569
1 f none include/sasl2/sasl/md5global.h 0644 bin bin 1026 16377 1396809569
1 f none include/sasl2/sasl/prop.h 0644 bin bin 7211 21101 1396809569
1 f none include/sasl2/sasl/sasl.h 0644 bin bin 52053 857 1396809569
1 f none include/sasl2/sasl/saslplug.h 0644 bin bin 34564 14385 1396809569
1 f none include/sasl2/sasl/saslutil.h 0644 bin bin 2825 35963 1396809569
1 d none lib ? ? ?
1 d none lib/amd64 ? ? ?
1 s none lib/amd64/libsasl2.so=libsasl2.so.3.0.0
1 s none lib/amd64/libsasl2.so.3=libsasl2.so.3.0.0
1 f none lib/amd64/libsasl2.so.3.0.0 0755 bin bin 541984 44285 1396809569
1 d none lib/amd64/pkgconfig ? ? ?
1 f rename lib/amd64/pkgconfig/libsasl2.pc 0644 bin bin 327 29093 1396809571
1 d none lib/sasl2 0755 bin bin
1 s none lib/sasl2/libanonymous.so=libanonymous.so.3.0.0
1 s none lib/sasl2/libanonymous.so.3=libanonymous.so.3.0.0
1 f none lib/sasl2/libanonymous.so.3.0.0 0755 bin bin 89280 43118 1396809570
1 s none lib/sasl2/libcrammd5.so=libcrammd5.so.3.0.0
1 s none lib/sasl2/libcrammd5.so.3=libcrammd5.so.3.0.0
1 f none lib/sasl2/libcrammd5.so.3.0.0 0755 bin bin 104024 5018 1396809569
1 s none lib/sasl2/libdigestmd5.so=libdigestmd5.so.3.0.0
1 s none lib/sasl2/libdigestmd5.so.3=libdigestmd5.so.3.0.0
1 f none lib/sasl2/libdigestmd5.so.3.0.0 0755 bin bin 223936 83 1396809569
1 s none lib/sasl2/libgssapiv2.so=libgssapiv2.so.3.0.0
1 s none lib/sasl2/libgssapiv2.so.3=libgssapiv2.so.3.0.0
1 f none lib/sasl2/libgssapiv2.so.3.0.0 0755 bin bin 128536 4518 1396809570
1 s none lib/sasl2/libldapdb.so=libldapdb.so.3.0.0
1 s none lib/sasl2/libldapdb.so.3=libldapdb.so.3.0.0
1 f none lib/sasl2/libldapdb.so.3.0.0 0755 bin bin 96448 40409 1396809570
1 s none lib/sasl2/liblogin.so=liblogin.so.3.0.0
1 s none lib/sasl2/liblogin.so.3=liblogin.so.3.0.0
1 f none lib/sasl2/liblogin.so.3.0.0 0755 bin bin 89432 1562 1396809570
1 s none lib/sasl2/libntlm.so=libntlm.so.3.0.0
1 s none lib/sasl2/libntlm.so.3=libntlm.so.3.0.0
1 f none lib/sasl2/libntlm.so.3.0.0 0755 bin bin 153744 14727 1396809570
1 s none lib/sasl2/libotp.so=libotp.so.3.0.0
1 s none lib/sasl2/libotp.so.3=libotp.so.3.0.0
1 f none lib/sasl2/libotp.so.3.0.0 0755 bin bin 223960 8533 1396809570
1 s none lib/sasl2/libpassdss.so=libpassdss.so.3.0.0
1 s none lib/sasl2/libpassdss.so.3=libpassdss.so.3.0.0
1 f none lib/sasl2/libpassdss.so.3.0.0 0755 bin bin 138080 22405 1396809570
1 s none lib/sasl2/libplain.so=libplain.so.3.0.0
1 s none lib/sasl2/libplain.so.3=libplain.so.3.0.0
1 f none lib/sasl2/libplain.so.3.0.0 0755 bin bin 90568 52078 1396809570
1 s none lib/sasl2/libsasldb.so=libsasldb.so.3.0.0
1 s none lib/sasl2/libsasldb.so.3=libsasldb.so.3.0.0
1 f none lib/sasl2/libsasldb.so.3.0.0 0755 bin bin 143304 2684 1396809569
1 s none lib/sasl2/libscram.so=libscram.so.3.0.0
1 s none lib/sasl2/libscram.so.3=libscram.so.3.0.0
1 f none lib/sasl2/libscram.so.3.0.0 0755 bin bin 151008 37880 1396809570
1 s none lib/sasl2/libsql.so=libsql.so.3.0.0
1 s none lib/sasl2/libsql.so.3=libsql.so.3.0.0
1 f none lib/sasl2/libsql.so.3.0.0 0755 bin bin 102728 59970 1396809570
1 s none lib/sasl2/libsrp.so=libsrp.so.3.0.0
1 s none lib/sasl2/libsrp.so.3=libsrp.so.3.0.0
1 f none lib/sasl2/libsrp.so.3.0.0 0755 bin bin 186408 32805 1396809570
1 i pkginfo 537 45001 1396809571
1 i postinstall 772 60455 1396809571
1 i postremove 682 51942 1396809571
1 i r.manifest 2198 47773 1384053089
1 d none sbin ? ? ?
1 f none sbin/pluginviewer 0755 bin bin 49488 7851 1396809570
1 f none sbin/saslauthd 0755 bin bin 396656 65148 1396809571
1 f none sbin/sasldblistusers2 0755 bin bin 92000 51006 1396809570
1 f none sbin/saslpasswd2 0755 bin bin 33080 62692 1396809570
1 f none sbin/testsaslauthd 0755 bin bin 39944 18579 1396809571
1 d none share ? ? ?
1 d none share/man ? ? ?
1 d none share/man/man1m ? ? ?
1 f none share/man/man1m/pluginviewer.1m 0644 bin bin 3928 64022 1396809571
1 f none share/man/man1m/saslauthd.1m 0644 bin bin 9236 11051 1396742694
1 f none share/man/man1m/sasldblistusers2.1m 0644 bin bin 2492 3560 1396809571
1 f none share/man/man1m/saslpasswd2.1m 0644 bin bin 3186 62509 1396809571
1 d none share/man/man3 ? ? ?
1 f none share/man/man3/sasl.3 0644 bin bin 3257 9834 1396809571
1 f none share/man/man3/sasl_authorize_t.3 0644 bin bin 2916 38863 1396809570
1 f none share/man/man3/sasl_auxprop.3 0644 bin bin 7378 36802 1396809571
1 f none share/man/man3/sasl_auxprop_getctx.3 0644 bin bin 2509 7050 1396809571
1 f none share/man/man3/sasl_auxprop_request.3 0644 bin bin 3029 52825 1396809571
1 f none share/man/man3/sasl_callbacks.3 0644 bin bin 4189 27431 1396809570
1 f none share/man/man3/sasl_canon_user_t.3 0644 bin bin 3403 12549 1396809570
1 f none share/man/man3/sasl_chalprompt_t.3 0644 bin bin 2873 32566 1396809571
1 f none share/man/man3/sasl_checkapop.3 0644 bin bin 3110 54590 1396809571
1 f none share/man/man3/sasl_checkpass.3 0644 bin bin 2928 40029 1396809570
1 f none share/man/man3/sasl_client_init.3 0644 bin bin 3145 62309 1396809571
1 f none share/man/man3/sasl_client_new.3 0644 bin bin 4479 43145 1396809571
1 f none share/man/man3/sasl_client_start.3 0644 bin bin 4298 33511 1396809571
1 f none share/man/man3/sasl_client_step.3 0644 bin bin 4150 20630 1396809571
1 f none share/man/man3/sasl_decode.3 0644 bin bin 3003 45682 1396809571
1 f none share/man/man3/sasl_dispose.3 0644 bin bin 2442 65141 1396809570
1 f none share/man/man3/sasl_done.3 0644 bin bin 2281 50256 1396809570
1 f none share/man/man3/sasl_encode.3 0644 bin bin 3155 54698 1396809570
1 f none share/man/man3/sasl_encodev.3 0644 bin bin 3155 54698 1396809570
1 f none share/man/man3/sasl_errdetail.3 0644 bin bin 2500 5858 1396809571
1 f none share/man/man3/sasl_errors.3 0644 bin bin 3936 57239 1396809571
1 f none share/man/man3/sasl_errstring.3 0644 bin bin 3139 59332 1396809570
1 f none share/man/man3/sasl_getconfpath_t.3 0644 bin bin 2668 18128 1396809571
1 f none share/man/man3/sasl_getopt_t.3 0644 bin bin 3247 3833 1396809571
1 f none share/man/man3/sasl_getpath_t.3 0644 bin bin 2647 16422 1396809571
1 f none share/man/man3/sasl_getprop.3 0644 bin bin 3489 18762 1396809571
1 f none share/man/man3/sasl_getrealm_t.3 0644 bin bin 2923 39635 1396809571
1 f none share/man/man3/sasl_getsecret_t.3 0644 bin bin 2769 24622 1396809571
1 f none share/man/man3/sasl_getsimple_t.3 0644 bin bin 2903 35382 1396809571
1 f none share/man/man3/sasl_global_listmech.3 0644 bin bin 2477 3464 1396809571
1 f none share/man/man3/sasl_idle.3 0644 bin bin 2425 63316 1396809571
1 f none share/man/man3/sasl_listmech.3 0644 bin bin 3445 14842 1396809570
1 f none share/man/man3/sasl_log_t.3 0644 bin bin 2471 65005 1396809570
1 f none share/man/man3/sasl_server_init.3 0644 bin bin 3177 46 1396809571
1 f none share/man/man3/sasl_server_new.3 0644 bin bin 4165 15131 1396809571
1 f none share/man/man3/sasl_server_start.3 0644 bin bin 4046 8339 1396809571
1 f none share/man/man3/sasl_server_step.3 0644 bin bin 3291 6492 1396809571
1 f none share/man/man3/sasl_server_userdb_checkpass_t.3 0644 bin bin 3111 51113 1396809571
1 f none share/man/man3/sasl_server_userdb_setpass_t.3 0644 bin bin 3203 56694 1396809571
1 f none share/man/man3/sasl_setpass.3 0644 bin bin 3060 48885 1396809571
1 f none share/man/man3/sasl_setprop.3 0644 bin bin 3200 59511 1396809571
1 f none share/man/man3/sasl_user_exists.3 0644 bin bin 2641 12964 1396809571
1 f none share/man/man3/sasl_verifyfile_t.3 0644 bin bin 2959 40972 1396809571
0707010001f891000041ed000017820000044e0000000253419f6400000000000002350000002700000000000000000000000800000000install 0707010001f8b6000081ed000017820000044e00000001527ef96100000896000002350000002700000000000000000000001300000000install/r.manifest #!/bin/sh
#
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# Portions Copyright (c) 2007-2013 Jens Elkner.
#
# r.manifest - smf(5) manifest remove class action script
#
if [ "$PKG_INSTALL_ROOT" != '' -a "$PKG_INSTALL_ROOT" != '/' ]; then
# We can't safely disable the service in this case.
smf_alive=no
else
# We can verify if the service is disabled prior to removal.
[ -r /etc/svc/volatile/repository_door ] && smf_alive=yes
fi
MFSTSCAN=/lib/svc/bin/mfstscan
SVCCFG=/usr/sbin/svccfg
SVCPROP=/usr/bin/svcprop
osrel=`uname -r`
while read mfst; do
if [ "$smf_alive" = 'yes' ]; then
ENTITIES=`$SVCCFG inventory $mfst`
for fmri in $ENTITIES; do
# Determine whether any of our instances are enabled.
en_p=`$SVCPROP -C -p general/enabled $fmri 2>/dev/null`
en_o=`$SVCPROP -C -p general_ovr/enabled $fmri 2>/dev/null`
if [ "$en_p" = 'true' -o "$en_o" = 'true' ]; then
echo "$fmri remains enabled; aborting"
exit 1
fi
[ "$osrel" = '5.10' ] && $SVCCFG delete $fmri
done
# Delete the manifest hash value.
if [ "$osrel" = '5.10' ]; then
pg_name=`$MFSTSCAN -t $mfst`
if $SVCPROP -q -p $pg_name smf/manifest; then
$SVCCFG -s smf/manifest delpg $pg_name
fi
fi
fi
/usr/bin/rm $mfst
done
if [ "$osrel" != '5.10' -a "$smf_alive" = 'yes' ]; then
/usr/sbin/svcadm restart manifest-import
fi
exit 0
0707010001f8b4000081a4000017820000044e0000000153419f6300000304000002350000002700000000000000000000001400000000install/postinstall
echo "
NOTE:
To activate the saslauthd services automatically at boot time,
use 'svcadm enable saslauthd' .
You may de-activate the automatic startup at boot time via
'svcadm disable saslauthd' etc..
"
if [ "$CLIENT_BASEDIR" = "/usr" ]; then
exit 0
fi
echo " "
echo "You may add the following library[s] to the default library search path"
echo "of your system using the crle tool, so that other applications are able"
echo "to find the installed libraries automatically:"
echo " "
LP=""
for l in lib; do
if [ -n "$l" ]; then
if [ -z "$LP" ]; then
LP="$CLIENT_BASEDIR/$l"
else
LP="${LP}:$CLIENT_BASEDIR/$l"
fi
fi
done
echo " $LP"
echo " "
echo "E.g.:"
echo " crle -c /var/ld/ld.config -l /usr/lib:$LP"
echo " "
exit 0
0707010001f894000081a4000017820000044e0000000145b3c4af00000139000002350000002700000000000000000000001100000000install/i.rename # substitute the build path with the install path
while read src dst
do
sed -e "s#@CLIENT_BASEDIR@#$CLIENT_BASEDIR#g" $src > $dst || exit 2
# removef $PKGINST $dst
# installf -c rename $PKGINST $dst
done
#if [ "$1" = ENDOFCLASS ]; then
# removef -f -c rename $PKGINST
# installf -f -c rename $PKGINST
#fi
exit 0
0707010001f893000081a4000017820000044e000000015339c9e200000bd8000002350000002700000000000000000000001300000000install/i.manifest #!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# Portions Copyright (c) 2007-2013 Jens Elkner.
#
# i.manifest - smf(5) service manifest install class action script
#
repfile=$PKG_INSTALL_ROOT/etc/svc/repository.db
export repfile
#
# If the repository does not yet exist, create it from the appropriate seed. If
# for some reason the seeds do not exist, svccfg(1M) will create the repository
# automatically.
#
if [ -z "${UNRELOCATE4IPS}" -a ! -f $repfile ]; then
if [ -n "$SUNW_PKG_INSTALL_ZONENAME" -a \
"$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then
[ -f $PKG_INSTALL_ROOT/lib/svc/seed/nonglobal.db ] && \
/usr/bin/cp $PKG_INSTALL_ROOT/lib/svc/seed/nonglobal.db \
$repfile
else
[ -f $PKG_INSTALL_ROOT/lib/svc/seed/global.db ] && \
/usr/bin/cp $PKG_INSTALL_ROOT/lib/svc/seed/global.db \
$repfile
fi
/usr/bin/chmod 0600 $repfile
/usr/bin/chown root:sys $repfile
fi
osrel=`uname -r`
if [ -n "${UNRELOCATE4IPS}" -o \
! -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]
then
#
# smf(5) is not presently running for the destination environment.
# Since we presently cannot refresh without a running svc.startd(1M), we
# cannot consistently handle dependent placement. Defer to next boot.
#
while read src dst; do
if [ "$osrel" = '5.10' ]; then
/usr/bin/sed -e "s#@CLIENT_BASEDIR@#${CLIENT_BASEDIR}#g" \
-e 's,,,' $src >$dst
else
/usr/bin/sed -e "s#@CLIENT_BASEDIR@#${CLIENT_BASEDIR}#g" $src >$dst
fi
done
else
#
# Local package install.
#
while read src dst; do
if [ "$osrel" = '5.10' ]; then
/usr/bin/sed -e "s#@CLIENT_BASEDIR@#${CLIENT_BASEDIR}#g" \
-e 's,,,' $src >$dst
else
/usr/bin/sed -e "s#@CLIENT_BASEDIR@#${CLIENT_BASEDIR}#g" $src >$dst
fi
if [ "$PKG_INSTALL_ROOT" = '' -o "$PKG_INSTALL_ROOT" = '/' ]; then
SVCCFG_CHECKHASH=1
if [ "$osrel" = '5.10' ]; then
/usr/sbin/svccfg import $dst
fi
fi
done
if [ "$osrel" != '5.10' -a "$SVCCFG_CHECKHASH" = '1' ]; then
/usr/sbin/svcadm restart manifest-import
fi
fi
exit 0
0707010001f8b5000081a4000017820000044e0000000153419f63000002aa000002350000002700000000000000000000001300000000install/postremove echo "
In case you do not need any sasl configuration files anymore, feel free to
remove /etc/sasl2 completely.
"
if [ "$CLIENT_BASEDIR" = "/usr" -o "$CLIENT_BASEDIR" = "/usr/local" ]; then
exit 0
fi
LIBS=""
for l in lib ; do
_TMP=`crle | awk '/Default Library Path/ { print ":" $5 ":" }' \
| egrep ":$CLIENT_BASEDIR/$l"`
if [ -n "$_TMP" ]; then
LIBS="$LIBS \n$_TMP"
fi
done
if [ -n "$LIBS" ]; then
echo " "
echo "NOTE: The following library path[s] are still listed in the systems"
echo " default library search path (You may remove it using the crle"
echo " tool if they are not required anymore):"
echo " "
echo "$LIBS"
echo " "
fi
exit 0
0707010001f892000081a4000017820000044e000000015340b84b00000108000002350000002700000000000000000000000f00000000install/depend P SUNWcsl Core Solaris, (Shared Libs)
P SUNWcsu Core Solaris, (Usr)
P SUNWesu Extended System Utilities
P SUNWipc Interprocess Communications
P SUNWopensslr OpenSSL Libraries (Root)
# optional
#P SUNWgss GSSAPI V2
#P SUNWsqlite3 SQL database engine library
0707010001f895000041ed000017820000044e0000000653419f6400000000000002350000002700000000000000000000000600000000reloc 0707010001f896000041ed000017820000044e0000000353419f6300000000000002350000002700000000000000000000000e00000000reloc/include 0707010001f897000041ed000017820000044e0000000353419f6300000000000002350000002700000000000000000000001400000000reloc/include/sasl2 0707010001f898000041ed000017820000044e0000000253419f6300000000000002350000002700000000000000000000001900000000reloc/include/sasl2/sasl 0707010001f89a000081a4000017820000044e0000000153419f6100000579000002350000002700000000000000000000001f00000000reloc/include/sasl2/sasl/md5.h /* MD5.H - header file for MD5C.C
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* MD5 context. */
typedef struct {
UINT4 state[4]; /* state (ABCD) */
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
} MD5_CTX;
#ifdef __cplusplus
extern "C" {
#endif
void _sasl_MD5Init (MD5_CTX *);
void _sasl_MD5Update (MD5_CTX *, const unsigned char *, unsigned int);
void _sasl_MD5Final (unsigned char [16], MD5_CTX *);
#ifdef __cplusplus
}
#endif
0707010001f899000081a4000017820000044e0000000153419f6100000558000002350000002700000000000000000000002400000000reloc/include/sasl2/sasl/hmac-md5.h /* hmac-md5.h -- HMAC_MD5 functions
*/
#ifndef HMAC_MD5_H
#define HMAC_MD5_H 1
#define HMAC_MD5_SIZE 16
/* intermediate MD5 context */
typedef struct HMAC_MD5_CTX_s {
MD5_CTX ictx, octx;
} HMAC_MD5_CTX;
/* intermediate HMAC state
* values stored in network byte order (Big Endian)
*/
typedef struct HMAC_MD5_STATE_s {
UINT4 istate[4];
UINT4 ostate[4];
} HMAC_MD5_STATE;
#ifdef __cplusplus
extern "C" {
#endif
/* One step hmac computation
*
* digest may be same as text or key
*/
void _sasl_hmac_md5(const unsigned char *text, int text_len,
const unsigned char *key, int key_len,
unsigned char digest[HMAC_MD5_SIZE]);
/* create context from key
*/
void _sasl_hmac_md5_init(HMAC_MD5_CTX *hmac,
const unsigned char *key, int key_len);
/* precalculate intermediate state from key
*/
void _sasl_hmac_md5_precalc(HMAC_MD5_STATE *hmac,
const unsigned char *key, int key_len);
/* initialize context from intermediate state
*/
void _sasl_hmac_md5_import(HMAC_MD5_CTX *hmac, HMAC_MD5_STATE *state);
#define _sasl_hmac_md5_update(hmac, text, text_len) _sasl_MD5Update(&(hmac)->ictx, (text), (text_len))
/* finish hmac from intermediate result. Intermediate result is zeroed.
*/
void _sasl_hmac_md5_final(unsigned char digest[HMAC_MD5_SIZE],
HMAC_MD5_CTX *hmac);
#ifdef __cplusplus
}
#endif
#endif /* HMAC_MD5_H */
0707010001f89e000081a4000017820000044e0000000153419f6100008704000002350000002700000000000000000000002400000000reloc/include/sasl2/sasl/saslplug.h /* saslplug.h -- API for SASL plug-ins
*/
#ifndef SASLPLUG_H
#define SASLPLUG_H 1
#ifndef MD5GLOBAL_H
#include "md5global.h"
#endif
#ifndef MD5_H
#include "md5.h"
#endif
#ifndef HMAC_MD5_H
#include "hmac-md5.h"
#endif
#ifndef PROP_H
#include "prop.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* callback to lookup a sasl_callback_t for a connection
* input:
* conn -- the connection to lookup a callback for
* callbacknum -- the number of the callback
* output:
* pproc -- pointer to the callback function (set to NULL on failure)
* pcontext -- pointer to the callback context (set to NULL on failure)
* returns:
* SASL_OK -- no error
* SASL_FAIL -- unable to find a callback of the requested type
* SASL_INTERACT -- caller must use interaction to get data
*/
typedef int (*sasl_callback_ft)(void);
typedef int sasl_getcallback_t(sasl_conn_t *conn,
unsigned long callbackid,
sasl_callback_ft * pproc,
void **pcontext);
/* The sasl_utils structure will remain backwards compatible unless
* the SASL_*_PLUG_VERSION is changed incompatibly
* higher SASL_UTILS_VERSION numbers indicate more functions are available
*/
#define SASL_UTILS_VERSION 4
/* utility function set for plug-ins
*/
typedef struct sasl_utils {
int version;
/* contexts */
sasl_conn_t *conn;
sasl_rand_t *rpool;
void *getopt_context;
/* option function */
sasl_getopt_t *getopt;
/* allocation functions: */
sasl_malloc_t *malloc;
sasl_calloc_t *calloc;
sasl_realloc_t *realloc;
sasl_free_t *free;
/* mutex functions: */
sasl_mutex_alloc_t *mutex_alloc;
sasl_mutex_lock_t *mutex_lock;
sasl_mutex_unlock_t *mutex_unlock;
sasl_mutex_free_t *mutex_free;
/* MD5 hash and HMAC functions */
void (*MD5Init)(MD5_CTX *);
void (*MD5Update)(MD5_CTX *, const unsigned char *text, unsigned int len);
void (*MD5Final)(unsigned char [16], MD5_CTX *);
void (*hmac_md5)(const unsigned char *text, int text_len,
const unsigned char *key, int key_len,
unsigned char [16]);
void (*hmac_md5_init)(HMAC_MD5_CTX *, const unsigned char *key, int len);
/* hmac_md5_update() is just a call to MD5Update on inner context */
void (*hmac_md5_final)(unsigned char [16], HMAC_MD5_CTX *);
void (*hmac_md5_precalc)(HMAC_MD5_STATE *,
const unsigned char *key, int len);
void (*hmac_md5_import)(HMAC_MD5_CTX *, HMAC_MD5_STATE *);
/* mechanism utility functions (same as above): */
int (*mkchal)(sasl_conn_t *conn, char *buf, unsigned maxlen,
unsigned hostflag);
int (*utf8verify)(const char *str, unsigned len);
void (*rand)(sasl_rand_t *rpool, char *buf, unsigned len);
void (*churn)(sasl_rand_t *rpool, const char *data, unsigned len);
/* This allows recursive calls to the sasl_checkpass() routine from
* within a SASL plug-in. This MUST NOT be used in the PLAIN mechanism
* as sasl_checkpass MAY be a front-end for the PLAIN mechanism.
* This is intended for use by the non-standard LOGIN mechanism and
* potentially by a future mechanism which uses public-key technology to
* set up a lightweight encryption layer just for sending a password.
*/
int (*checkpass)(sasl_conn_t *conn,
const char *user, unsigned userlen,
const char *pass, unsigned passlen);
/* Access to base64 encode/decode routines */
int (*decode64)(const char *in, unsigned inlen,
char *out, unsigned outmax, unsigned *outlen);
int (*encode64)(const char *in, unsigned inlen,
char *out, unsigned outmax, unsigned *outlen);
/* erase a buffer */
void (*erasebuffer)(char *buf, unsigned len);
/* callback to sasl_getprop() and sasl_setprop() */
int (*getprop)(sasl_conn_t *conn, int propnum, const void **pvalue);
int (*setprop)(sasl_conn_t *conn, int propnum, const void *value);
/* callback function */
sasl_getcallback_t *getcallback;
/* format a message and then pass it to the SASL_CB_LOG callback
*
* use syslog()-style formatting (printf with %m as a human readable text
* (strerror()) for the error specified as the parameter).
* The implementation may use a fixed size buffer not smaller
* than 512 octets if it securely truncates the message.
*
* level is a SASL_LOG_* level (see sasl.h)
*/
void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...);
/* callback to sasl_seterror() */
void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, ...);
/* spare function pointer */
int *(*spare_fptr)(void);
/* auxiliary property utilities */
struct propctx *(*prop_new)(unsigned estimate);
int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx);
int (*prop_request)(struct propctx *ctx, const char **names);
const struct propval *(*prop_get)(struct propctx *ctx);
int (*prop_getnames)(struct propctx *ctx, const char **names,
struct propval *vals);
void (*prop_clear)(struct propctx *ctx, int requests);
void (*prop_dispose)(struct propctx **ctx);
int (*prop_format)(struct propctx *ctx, const char *sep, int seplen,
char *outbuf, unsigned outmax, unsigned *outlen);
int (*prop_set)(struct propctx *ctx, const char *name,
const char *value, int vallen);
int (*prop_setvals)(struct propctx *ctx, const char *name,
const char **values);
void (*prop_erase)(struct propctx *ctx, const char *name);
int (*auxprop_store)(sasl_conn_t *conn,
struct propctx *ctx, const char *user);
/* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(void);
int (*spare_fptr2)(void);
} sasl_utils_t;
/*
* output parameters from SASL API
*
* created / destroyed by the glue code, though probably filled in
* by a combination of the plugin, the glue code, and the canon_user callback.
*
*/
typedef struct sasl_out_params {
unsigned doneflag; /* exchange complete */
const char *user; /* canonicalized user name */
const char *authid; /* canonicalized authentication id */
unsigned ulen; /* length of canonicalized user name */
unsigned alen; /* length of canonicalized authid */
/* security layer information */
unsigned maxoutbuf; /* Maximum buffer size, which will
produce buffer no bigger than the
negotiated SASL maximum buffer size */
sasl_ssf_t mech_ssf; /* Should be set non-zero if negotiation of a
* security layer was *attempted*, even if
* the negotiation failed */
void *encode_context;
int (*encode)(void *context, const struct iovec *invec, unsigned numiov,
const char **output, unsigned *outputlen);
void *decode_context;
int (*decode)(void *context, const char *input, unsigned inputlen,
const char **output, unsigned *outputlen);
/* Pointer to delegated (client's) credentials, if supported by
the SASL mechanism */
void *client_creds;
/* for additions which don't require a version upgrade; set to 0 */
const void *gss_peer_name;
const void *gss_local_name;
const char *cbindingname; /* channel binding name from packet */
int (*spare_fptr1)(void);
int (*spare_fptr2)(void);
unsigned int cbindingdisp; /* channel binding disposition from client */
int spare_int2;
int spare_int3;
int spare_int4;
/* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters
* are added.
*/
int param_version;
} sasl_out_params_t;
/* Used by both client and server side plugins */
typedef enum {
SASL_INFO_LIST_START = 0,
SASL_INFO_LIST_MECH,
SASL_INFO_LIST_END
} sasl_info_callback_stage_t;
/******************************
* Channel binding macros **
******************************/
typedef enum {
SASL_CB_DISP_NONE = 0, /* client did not support CB */
SASL_CB_DISP_WANT, /* client supports CB, thinks server does not */
SASL_CB_DISP_USED /* client supports and used CB */
} sasl_cbinding_disp_t;
/* TRUE if channel binding is non-NULL */
#define SASL_CB_PRESENT(params) ((params)->cbinding != NULL)
/* TRUE if channel binding is marked critical */
#define SASL_CB_CRITICAL(params) (SASL_CB_PRESENT(params) && \
(params)->cbinding->critical)
/******************************
* Client Mechanism Functions *
******************************/
/*
* input parameters to client SASL plugin
*
* created / destroyed by the glue code
*
*/
typedef struct sasl_client_params {
const char *service; /* service name */
const char *serverFQDN; /* server fully qualified domain name */
const char *clientFQDN; /* client's fully qualified domain name */
const sasl_utils_t *utils; /* SASL API utility routines --
* for a particular sasl_conn_t,
* MUST remain valid until mech_free is
* called */
const sasl_callback_t *prompt_supp; /* client callback list */
const char *iplocalport; /* server IP domain literal & port */
const char *ipremoteport; /* client IP domain literal & port */
unsigned servicelen; /* length of service */
unsigned slen; /* length of serverFQDN */
unsigned clen; /* length of clientFQDN */
unsigned iploclen; /* length of iplocalport */
unsigned ipremlen; /* length of ipremoteport */
/* application's security requirements & info */
sasl_security_properties_t props;
sasl_ssf_t external_ssf; /* external SSF active */
/* for additions which don't require a version upgrade; set to 0 */
const void *gss_creds; /* GSS credential handle */
const sasl_channel_binding_t *cbinding; /* client channel binding */
const sasl_http_request_t *http_request;/* HTTP Digest request method */
void *spare_ptr4;
/* Canonicalize a user name from on-wire to internal format
* added rjs3 2001-05-23
* Must be called once user name aquired if canon_user is non-NULL.
* conn connection context
* in user name from wire protocol (need not be NUL terminated)
* len length of user name from wire protocol (0 = strlen(user))
* flags for SASL_CU_* flags
* oparams the user, authid, ulen, alen, fields are
* set appropriately after canonicalization/copying and
* authorization of arguments
*
* responsible for setting user, ulen, authid, and alen in the oparams
* structure
*
* default behavior is to strip leading and trailing whitespace, as
* well as allocating space for and copying the parameters.
*
* results:
* SASL_OK -- success
* SASL_NOMEM -- out of memory
* SASL_BADPARAM -- invalid conn
* SASL_BADPROT -- invalid user/authid
*/
int (*canon_user)(sasl_conn_t *conn,
const char *in, unsigned len,
unsigned flags,
sasl_out_params_t *oparams);
int (*spare_fptr1)(void);
unsigned int cbindingdisp;
int spare_int2;
int spare_int3;
/* flags field as passed to sasl_client_new */
unsigned flags;
/* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters
* are added.
*/
int param_version;
} sasl_client_params_t;
/* features shared between client and server */
/* These allow the glue code to handle client-first and server-last issues */
/* This indicates that the mechanism prefers to do client-send-first
* if the protocol allows it. */
#define SASL_FEAT_WANT_CLIENT_FIRST 0x0002
/* This feature is deprecated. Instead, plugins should set *serverout to
* non-NULL and return SASL_OK intelligently to allow flexible use of
* server-last semantics
#define SASL_FEAT_WANT_SERVER_LAST 0x0004
*/
/* This feature is deprecated. Instead, plugins should correctly set
* SASL_FEAT_SERVER_FIRST as needed
#define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008
*/
/* This indicates that the plugin is server-first only.
* Not defining either of SASL_FEAT_SERVER_FIRST or
* SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism
* will handle the client-first situation internally.
*/
#define SASL_FEAT_SERVER_FIRST 0x0010
/* This plugin allows proxying */
#define SASL_FEAT_ALLOWS_PROXY 0x0020
/* server plugin don't use cleartext userPassword attribute */
#define SASL_FEAT_DONTUSE_USERPASSWD 0x0080
/* Underlying mechanism uses GSS framing */
#define SASL_FEAT_GSS_FRAMING 0x0100
/* Underlying mechanism supports channel binding */
#define SASL_FEAT_CHANNEL_BINDING 0x0800
/* This plugin can be used for HTTP authentication */
#define SASL_FEAT_SUPPORTS_HTTP 0x1000
/* client plug-in features */
#define SASL_FEAT_NEEDSERVERFQDN 0x0001
/* a C object for a client mechanism
*/
typedef struct sasl_client_plug {
/* mechanism name */
const char *mech_name;
/* best mech additional security layer strength factor */
sasl_ssf_t max_ssf;
/* best security flags, as defined in sasl_security_properties_t */
unsigned security_flags;
/* features of plugin */
unsigned features;
/* required prompt ids, NULL = user/pass only */
const unsigned long *required_prompts;
/* global state for mechanism */
void *glob_context;
/* create context for mechanism, using params supplied
* glob_context -- from above
* params -- params from sasl_client_new
* conn_context -- context for one connection
* returns:
* SASL_OK -- success
* SASL_NOMEM -- not enough memory
* SASL_WRONGMECH -- mech doesn't support security params
*/
int (*mech_new)(void *glob_context,
sasl_client_params_t *cparams,
void **conn_context);
/* perform one step of exchange. NULL is passed for serverin on
* first step.
* returns:
* SASL_OK -- success
* SASL_INTERACT -- user interaction needed to fill in prompts
* SASL_BADPROT -- server protocol incorrect/cancelled
* SASL_BADSERV -- server failed mutual auth
*/
int (*mech_step)(void *conn_context,
sasl_client_params_t *cparams,
const char *serverin,
unsigned serverinlen,
sasl_interact_t **prompt_need,
const char **clientout,
unsigned *clientoutlen,
sasl_out_params_t *oparams);
/* dispose of connection context from mech_new
*/
void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils);
/* free all global space used by mechanism
* mech_dispose must be called on all mechanisms first
*/
void (*mech_free)(void *glob_context, const sasl_utils_t *utils);
/* perform precalculations during a network round-trip
* or idle period. conn_context may be NULL
* returns 1 if action taken, 0 if no action taken
*/
int (*idle)(void *glob_context,
void *conn_context,
sasl_client_params_t *cparams);
/* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(void);
int (*spare_fptr2)(void);
} sasl_client_plug_t;
#define SASL_CLIENT_PLUG_VERSION 4
/* plug-in entry point:
* utils -- utility callback functions
* max_version -- highest client plug version supported
* returns:
* out_version -- client plug version of result
* pluglist -- list of mechanism plug-ins
* plugcount -- number of mechanism plug-ins
* results:
* SASL_OK -- success
* SASL_NOMEM -- failure
* SASL_BADVERS -- max_version too small
* SASL_BADPARAM -- bad config string
* ...
*/
typedef int sasl_client_plug_init_t(const sasl_utils_t *utils,
int max_version,
int *out_version,
sasl_client_plug_t **pluglist,
int *plugcount);
/* add a client plug-in
*/
LIBSASL_API int sasl_client_add_plugin(const char *plugname,
sasl_client_plug_init_t *cplugfunc);
typedef struct client_sasl_mechanism
{
int version;
char *plugname;
const sasl_client_plug_t *plug;
} client_sasl_mechanism_t;
typedef void sasl_client_info_callback_t (client_sasl_mechanism_t *m,
sasl_info_callback_stage_t stage,
void *rock);
/* Dump information about available client plugins */
LIBSASL_API int sasl_client_plugin_info (const char *mech_list,
sasl_client_info_callback_t *info_cb,
void *info_cb_rock);
/********************
* Server Functions *
********************/
/* log message formatting routine */
typedef void sasl_logmsg_p(sasl_conn_t *conn, const char *fmt, ...);
/*
* input parameters to server SASL plugin
*
* created / destroyed by the glue code
*
*/
typedef struct sasl_server_params {
const char *service; /* NULL = default service for user_exists
and setpass */
const char *appname; /* name of calling application */
const char *serverFQDN; /* server default fully qualified domain name
* (e.g., gethostname) */
const char *user_realm; /* realm for user (NULL = client supplied) */
const char *iplocalport; /* server IP domain literal & port */
const char *ipremoteport; /* client IP domain literal & port */
unsigned servicelen; /* length of service */
unsigned applen; /* length of appname */
unsigned slen; /* length of serverFQDN */
unsigned urlen; /* length of user_realm */
unsigned iploclen; /* length of iplocalport */
unsigned ipremlen; /* length of ipremoteport */
/* This indicates the level of logging desired. See SASL_LOG_*
* in sasl.h
*
* Plug-ins can ignore this and just pass their desired level to
* the log callback. This is primarily used to eliminate logging which
* might be a performance problem (e.g., full protocol trace) and
* to select between SASL_LOG_TRACE and SASL_LOG_PASS alternatives
*/
int log_level;
const sasl_utils_t *utils; /* SASL API utility routines --
* for a particular sasl_conn_t,
* MUST remain valid until mech_free is
* called */
const sasl_callback_t *callbacks; /* Callbacks from application */
/* application's security requirements */
sasl_security_properties_t props;
sasl_ssf_t external_ssf; /* external SSF active */
/* Pointer to the function which takes the plaintext passphrase and
* transitions a user to non-plaintext mechanisms via setpass calls.
* (NULL = auto transition not enabled/supported)
*
* If passlen is 0, it defaults to strlen(pass).
* returns 0 if no entry added, 1 if entry added
*/
int (*transition)(sasl_conn_t *conn, const char *pass, unsigned passlen);
/* Canonicalize a user name from on-wire to internal format
* added cjn 1999-09-21
* Must be called once user name acquired if canon_user is non-NULL.
* conn connection context
* user user name from wire protocol (need not be NUL terminated)
* ulen length of user name from wire protocol (0 = strlen(user))
* flags for SASL_CU_* flags
* oparams the user, authid, ulen, alen, fields are
* set appropriately after canonicalization/copying and
* authorization of arguments
*
* responsible for setting user, ulen, authid, and alen in the oparams
* structure
*
* default behavior is to strip leading and trailing whitespace, as
* well as allocating space for and copying the parameters.
*
* results:
* SASL_OK -- success
* SASL_NOMEM -- out of memory
* SASL_BADPARAM -- invalid conn
* SASL_BADPROT -- invalid user/authid
*/
int (*canon_user)(sasl_conn_t *conn,
const char *user, unsigned ulen,
unsigned flags,
sasl_out_params_t *oparams);
/* auxiliary property context (see definitions in prop.h)
* added cjn 2000-01-30
*
* NOTE: these properties are the ones associated with the
* canonicalized "user" (user to login as / authorization id), not
* the "authid" (user whose credentials are used / authentication id)
* Prefix the property name with a "*" if a property associated with
* the "authid" is interesting.
*/
struct propctx *propctx;
/* for additions which don't require a version upgrade; set to 0 */
const void *gss_creds; /* GSS credential handle */
const sasl_channel_binding_t *cbinding; /* server channel binding */
const sasl_http_request_t *http_request;/* HTTP Digest request method */
void *spare_ptr4;
int (*spare_fptr1)(void);
int (*spare_fptr2)(void);
int spare_int1;
int spare_int2;
int spare_int3;
/* flags field as passed to sasl_server_new */
unsigned flags;
/* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters
* are added.
*/
int param_version;
} sasl_server_params_t;
/* logging levels (more levels may be added later, if necessary):
*/
#define SASL_LOG_NONE 0 /* don't log anything */
#define SASL_LOG_ERR 1 /* log unusual errors (default) */
#define SASL_LOG_FAIL 2 /* log all authentication failures */
#define SASL_LOG_WARN 3 /* log non-fatal warnings */
#define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */
#define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */
#define SASL_LOG_TRACE 6 /* traces of internal protocols */
#define SASL_LOG_PASS 7 /* traces of internal protocols, including
* passwords */
/* additional flags for setpass() function below:
*/
/* SASL_SET_CREATE create user if pass non-NULL */
/* SASL_SET_DISABLE disable user */
#define SASL_SET_REMOVE SASL_SET_CREATE /* remove user if pass is NULL */
/* features for server plug-in
*/
#define SASL_FEAT_SERVICE 0x0200 /* service-specific passwords supported */
#define SASL_FEAT_GETSECRET 0x0400 /* sasl_server_{get,put}secret_t callbacks
* required by plug-in */
/* a C object for a server mechanism
*/
typedef struct sasl_server_plug {
/* mechanism name */
const char *mech_name;
/* best mech additional security layer strength factor */
sasl_ssf_t max_ssf;
/* best security flags, as defined in sasl_security_properties_t */
unsigned security_flags;
/* features of plugin */
unsigned features;
/* global state for mechanism */
void *glob_context;
/* create a new mechanism handler
* glob_context -- global context
* sparams -- server config params
* challenge -- server challenge from previous instance or NULL
* challen -- length of challenge from previous instance or 0
* out:
* conn_context -- connection context
* errinfo -- error information
*
* returns:
* SASL_OK -- successfully created mech instance
* SASL_* -- any other server error code
*/
int (*mech_new)(void *glob_context,
sasl_server_params_t *sparams,
const char *challenge,
unsigned challen,
void **conn_context);
/* perform one step in exchange
*
* returns:
* SASL_OK -- success, all done
* SASL_CONTINUE -- success, one more round trip
* SASL_* -- any other server error code
*/
int (*mech_step)(void *conn_context,
sasl_server_params_t *sparams,
const char *clientin,
unsigned clientinlen,
const char **serverout,
unsigned *serveroutlen,
sasl_out_params_t *oparams);
/* dispose of a connection state
*/
void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils);
/* free global state for mechanism
* mech_dispose must be called on all mechanisms first
*/
void (*mech_free)(void *glob_context, const sasl_utils_t *utils);
/* set a password (optional)
* glob_context -- global context
* sparams -- service, middleware utilities, etc. props ignored
* user -- user name
* pass -- password/passphrase (NULL = disable/remove/delete)
* passlen -- length of password/passphrase
* oldpass -- old password/passphrase (NULL = transition)
* oldpasslen -- length of password/passphrase
* flags -- see above
*
* returns:
* SASL_NOCHANGE -- no change was needed
* SASL_NOUSER -- no entry for user
* SASL_NOVERIFY -- no mechanism compatible entry for user
* SASL_PWLOCK -- password locked
* SASL_DIABLED -- account disabled
* etc.
*/
int (*setpass)(void *glob_context,
sasl_server_params_t *sparams,
const char *user,
const char *pass, unsigned passlen,
const char *oldpass, unsigned oldpasslen,
unsigned flags);
/* query which mechanisms are available for user
* glob_context -- context
* sparams -- service, middleware utilities, etc. props ignored
* user -- NUL terminated user name
* maxmech -- max number of strings in mechlist (0 = no output)
* output:
* mechlist -- an array of C string pointers, filled in with
* mechanism names available to the user
*
* returns:
* SASL_OK -- success
* SASL_NOMEM -- not enough memory
* SASL_FAIL -- lower level failure
* SASL_DISABLED -- account disabled
* SASL_NOUSER -- user not found
* SASL_BUFOVER -- maxmech is too small
* SASL_NOVERIFY -- user found, but no mechanisms available
*/
int (*user_query)(void *glob_context,
sasl_server_params_t *sparams,
const char *user,
int maxmech,
const char **mechlist);
/* perform precalculations during a network round-trip
* or idle period. conn_context may be NULL (optional)
* returns 1 if action taken, 0 if no action taken
*/
int (*idle)(void *glob_context,
void *conn_context,
sasl_server_params_t *sparams);
/* check if mechanism is available
* optional--if NULL, mechanism is available based on ENABLE= in config
*
* If this routine sets conn_context to a non-NULL value, then the call
* to mech_new will be skipped. This should not be done unless
* there's a significant performance benefit, since it can cause
* additional memory allocation in SASL core code to keep track of
* contexts potentially for multiple mechanisms.
*
* This is called by the first call to sasl_listmech() for a
* given connection context, thus for a given protocol it may
* never be called. Note that if mech_avail returns SASL_NOMECH,
* then that mechanism is considered disabled for the remainder
* of the session. If mech_avail returns SASL_NOTDONE, then a
* future call to mech_avail may still return either SASL_OK
* or SASL_NOMECH.
*
* returns SASL_OK on success,
* SASL_NOTDONE if mech is not available now, but may be later
* (e.g. EXTERNAL w/o auth_id)
* SASL_NOMECH if mech disabled
*/
int (*mech_avail)(void *glob_context,
sasl_server_params_t *sparams,
void **conn_context);
/* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr2)(void);
} sasl_server_plug_t;
#define SASL_SERVER_PLUG_VERSION 4
/* plug-in entry point:
* utils -- utility callback functions
* plugname -- name of plug-in (may be NULL)
* max_version -- highest server plug version supported
* returns:
* out_version -- server plug-in version of result
* pluglist -- list of mechanism plug-ins
* plugcount -- number of mechanism plug-ins
* results:
* SASL_OK -- success
* SASL_NOMEM -- failure
* SASL_BADVERS -- max_version too small
* SASL_BADPARAM -- bad config string
* ...
*/
typedef int sasl_server_plug_init_t(const sasl_utils_t *utils,
int max_version,
int *out_version,
sasl_server_plug_t **pluglist,
int *plugcount);
/*
* add a server plug-in
*/
LIBSASL_API int sasl_server_add_plugin(const char *plugname,
sasl_server_plug_init_t *splugfunc);
typedef struct server_sasl_mechanism
{
int version;
int condition; /* set to SASL_NOUSER if no available users;
set to SASL_CONTINUE if delayed plugin loading */
char *plugname; /* for AUTHSOURCE tracking */
const sasl_server_plug_t *plug;
char *f; /* where should i load the mechanism from? */
} server_sasl_mechanism_t;
typedef void sasl_server_info_callback_t (server_sasl_mechanism_t *m,
sasl_info_callback_stage_t stage,
void *rock);
/* Dump information about available server plugins (separate functions are
used for canon and auxprop plugins) */
LIBSASL_API int sasl_server_plugin_info (const char *mech_list,
sasl_server_info_callback_t *info_cb,
void *info_cb_rock);
/*********************************************************
* user canonicalization plug-in -- added cjn 1999-09-29 *
*********************************************************/
typedef struct sasl_canonuser {
/* optional features of plugin (set to 0) */
int features;
/* spare integer (set to 0) */
int spare_int1;
/* global state for plugin */
void *glob_context;
/* name of plugin */
char *name;
/* free global state for plugin */
void (*canon_user_free)(void *glob_context, const sasl_utils_t *utils);
/* canonicalize a username
* glob_context -- global context from this structure
* sparams -- server params, note user_realm&propctx elements
* user -- user to login as (may not be NUL terminated)
* len -- length of user name (0 = strlen(user))
* flags -- for SASL_CU_* flags
* out -- buffer to copy user name
* out_max -- max length of user name
* out_len -- set to length of user name
*
* note that the output buffers MAY be the same as the input buffers.
*
* returns
* SASL_OK on success
* SASL_BADPROT username contains invalid character
*/
int (*canon_user_server)(void *glob_context,
sasl_server_params_t *sparams,
const char *user, unsigned len,
unsigned flags,
char *out,
unsigned out_umax, unsigned *out_ulen);
int (*canon_user_client)(void *glob_context,
sasl_client_params_t *cparams,
const char *user, unsigned len,
unsigned flags,
char *out,
unsigned out_max, unsigned *out_len);
/* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(void);
int (*spare_fptr2)(void);
int (*spare_fptr3)(void);
} sasl_canonuser_plug_t;
#define SASL_CANONUSER_PLUG_VERSION 5
/* default name for canonuser plug-in entry point is "sasl_canonuser_init"
* similar to sasl_server_plug_init model, except only returns one
* sasl_canonuser_plug_t structure;
*/
typedef int sasl_canonuser_init_t(const sasl_utils_t *utils,
int max_version,
int *out_version,
sasl_canonuser_plug_t **plug,
const char *plugname);
/* add a canonuser plugin
*/
LIBSASL_API int sasl_canonuser_add_plugin(const char *plugname,
sasl_canonuser_init_t *canonuserfunc);
/******************************************************
* auxiliary property plug-in -- added cjn 1999-09-29 *
******************************************************/
typedef struct sasl_auxprop_plug {
/* optional features of plugin (none defined yet, set to 0) */
int features;
/* spare integer, must be set to 0 */
int spare_int1;
/* global state for plugin */
void *glob_context;
/* free global state for plugin (OPTIONAL) */
void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils);
/* fill in fields of an auxiliary property context
* last element in array has id of SASL_AUX_END
* elements with non-0 len should be ignored.
*/
int (*auxprop_lookup)(void *glob_context,
sasl_server_params_t *sparams,
unsigned flags,
const char *user, unsigned ulen);
/* name of the auxprop plugin */
char *name;
/* store the fields/values of an auxiliary property context (OPTIONAL)
*
* if ctx is NULL, just check if storing properties is enabled
*
* returns
* SASL_OK on success
* SASL_FAIL on failure
*/
int (*auxprop_store)(void *glob_context,
sasl_server_params_t *sparams,
struct propctx *ctx,
const char *user, unsigned ulen);
} sasl_auxprop_plug_t;
/* auxprop lookup flags */
#define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties
* with non-zero len field. If set,
* override value of those properties */
#define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the
* authid flags (prefixed with *), otherwise
* we are looking up the authzid flags
* (no prefix) */
/* NOTE: Keep in sync with SASL_CU_ flags */
#define SASL_AUXPROP_VERIFY_AGAINST_HASH 0x10
#define SASL_AUXPROP_PLUG_VERSION 8
/* default name for auxprop plug-in entry point is "sasl_auxprop_init"
* similar to sasl_server_plug_init model, except only returns one
* sasl_auxprop_plug_t structure;
*/
typedef int sasl_auxprop_init_t(const sasl_utils_t *utils,
int max_version,
int *out_version,
sasl_auxprop_plug_t **plug,
const char *plugname);
/* add an auxiliary property plug-in
*/
LIBSASL_API int sasl_auxprop_add_plugin(const char *plugname,
sasl_auxprop_init_t *auxpropfunc);
typedef void auxprop_info_callback_t (sasl_auxprop_plug_t *m,
sasl_info_callback_stage_t stage,
void *rock);
/* Dump information about available auxprop plugins (separate functions are
used for canon and server authentication plugins) */
LIBSASL_API int auxprop_plugin_info (const char *mech_list,
auxprop_info_callback_t *info_cb,
void *info_cb_rock);
#ifdef __cplusplus
}
#endif
#endif /* SASLPLUG_H */
0707010001f89b000081a4000017820000044e0000000153419f6100000402000002350000002700000000000000000000002500000000reloc/include/sasl2/sasl/md5global.h /* GLOBAL.H - RSAREF types and constants
*/
#ifndef MD5GLOBAL_H
#define MD5GLOBAL_H
/* PROTOTYPES should be set to one if and only if the compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 0 if it has not already
been defined with C compiler flags.
*/
#ifndef PROTOTYPES
#define PROTOTYPES 0
#endif
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
typedef signed char INT1; /* 8 bits */
typedef short INT2; /* 16 bits */
typedef int INT4; /* 32 bits */
typedef long INT8; /* 64 bits */
typedef unsigned char UINT1; /* 8 bits */
typedef unsigned short UINT2; /* 16 bits */
typedef unsigned int UINT4; /* 32 bits */
typedef unsigned long UINT8; /* 64 bits */
/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
returns an empty list.
*/
#if PROTOTYPES
#define PROTO_LIST(list) list
#else
#define PROTO_LIST(list) ()
#endif
#endif /* MD5GLOBAL_H */
0707010001f89c000081a4000017820000044e0000000153419f6100001c2b000002350000002700000000000000000000002000000000reloc/include/sasl2/sasl/prop.h /* prop.h -- property request/response management routines
*
* Author: Chris Newman
* Removal of implementation-specific details by: Rob Siemborski
*
* This is intended to be used to create a list of properties to request,
* and _then_ request values for all properties. Any change to the request
* list will discard any existing values. This assumption allows a very
* efficient and simple memory model. This was designed for SASL API auxiliary
* property support, but would be fine for other contexts where this property
* model is appropriate.
*
* The "struct propctx" is allocated by prop_new and is a fixed size structure.
* If a prop_init() call were added, it would be reasonable to embed a "struct
* propctx" in another structure. prop_new also allocates a pool of memory
* (in the vbase field) which will be used for an array of "struct propval"
* to list all the requested properties.
*
* Properties may be multi-valued.
*/
#ifndef PROP_H
#define PROP_H 1
/* The following ifdef block is the standard way of creating macros
* which make exporting from a DLL simpler. All files within this DLL
* are compiled with the LIBSASL_EXPORTS symbol defined on the command
* line. this symbol should not be defined on any project that uses
* this DLL. This way any other project whose source files include
* this file see LIBSASL_API functions as being imported from a DLL,
* wheras this DLL sees symbols defined with this macro as being
* exported. */
/* Under Unix, life is simpler: we just need to mark library functions
* as extern. (Technically, we don't even have to do that.) */
#ifdef WIN32
# ifdef LIBSASL_EXPORTS
# define LIBSASL_API extern __declspec(dllexport)
# else /* LIBSASL_EXPORTS */
# define LIBSASL_API extern __declspec(dllimport)
# endif /* LIBSASL_EXPORTS */
#else /* WIN32 */
# define LIBSASL_API extern
#endif /* WIN32 */
/* Same as above, but used during a variable declaration. */
#ifdef WIN32
# ifdef LIBSASL_EXPORTS
# define LIBSASL_VAR extern __declspec(dllexport)
# else /* LIBSASL_EXPORTS */
# define LIBSASL_VAR extern __declspec(dllimport)
# endif /* LIBSASL_EXPORTS */
#else /* WIN32 */
# define LIBSASL_VAR extern
#endif /* WIN32 */
/* the resulting structure for property values
*/
struct propval {
const char *name; /* name of property; NULL = end of list */
/* same pointer used in request will be used here */
const char **values; /* list of strings, values == NULL if property not
* found, *values == NULL if property found with
* no values */
unsigned nvalues; /* total number of value strings */
unsigned valsize; /* total size in characters of all value strings */
};
/*
* private internal structure
*/
#define PROP_DEFAULT 4 /* default number of propvals to assume */
struct propctx;
#ifdef __cplusplus
extern "C" {
#endif
/* create a property context
* estimate -- an estimate of the storage needed for requests & responses
* 0 will use module default
* returns a new property context on success and NULL on any error
*/
LIBSASL_API struct propctx *prop_new(unsigned estimate);
/* create new propctx which duplicates the contents of an existing propctx
* returns SASL_OK on success
* possible other return values include: SASL_NOMEM, SASL_BADPARAM
*/
LIBSASL_API int prop_dup(struct propctx *src_ctx, struct propctx **dst_ctx);
/* Add property names to request
* ctx -- context from prop_new()
* names -- list of property names; must persist until context freed
* or requests cleared (This extends to other contexts that
* are dup'ed from this one, and their children, etc)
*
* NOTE: may clear values from context as side-effect
* returns SASL_OK on success
* possible other return values include: SASL_NOMEM, SASL_BADPARAM
*/
LIBSASL_API int prop_request(struct propctx *ctx, const char **names);
/* return array of struct propval from the context
* return value persists until next call to
* prop_request, prop_clear or prop_dispose on context
*
* returns NULL on error
*/
LIBSASL_API const struct propval *prop_get(struct propctx *ctx);
/* Fill in an array of struct propval based on a list of property names
* return value persists until next call to
* prop_request, prop_clear or prop_dispose on context
* returns number of matching properties which were found (values != NULL)
* if a name requested here was never requested by a prop_request, then
* the name field of the associated vals entry will be set to NULL
*
* The vals array MUST be atleast as long as the names array.
*
* returns # of matching properties on success
* possible other return values include: SASL_BADPARAM
*/
LIBSASL_API int prop_getnames(struct propctx *ctx, const char **names,
struct propval *vals);
/* clear values and optionally requests from property context
* ctx -- property context
* requests -- 0 = don't clear requests, 1 = clear requests
*/
LIBSASL_API void prop_clear(struct propctx *ctx, int requests);
/* erase the value of a property
*/
LIBSASL_API void prop_erase(struct propctx *ctx, const char *name);
/* dispose of property context
* ctx -- is disposed and set to NULL; noop if ctx or *ctx is NULL
*/
LIBSASL_API void prop_dispose(struct propctx **ctx);
/****fetcher interfaces****/
/* format the requested property names into a string
* ctx -- context from prop_new()/prop_request()
* sep -- separator between property names (unused if none requested)
* seplen -- length of separator, if < 0 then strlen(sep) will be used
* outbuf -- output buffer
* outmax -- maximum length of output buffer including NUL terminator
* outlen -- set to length of output string excluding NUL terminator
* returns SASL_OK on success
* returns SASL_BADPARAM or amount of additional space needed on failure
*/
LIBSASL_API int prop_format(struct propctx *ctx, const char *sep, int seplen,
char *outbuf, unsigned outmax, unsigned *outlen);
/* add a property value to the context
* ctx -- context from prop_new()/prop_request()
* name -- name of property to which value will be added
* if NULL, add to the same name as previous prop_set/setvals call
* value -- a value for the property; will be copied into context
* if NULL, remove existing values
* vallen -- length of value, if <= 0 then strlen(value) will be used
* returns SASL_OK on success
* possible error return values include: SASL_BADPARAM, SASL_NOMEM
*/
LIBSASL_API int prop_set(struct propctx *ctx, const char *name,
const char *value, int vallen);
/* set the values for a property
* ctx -- context from prop_new()/prop_request()
* name -- name of property to which value will be added
* if NULL, add to the same name as previous prop_set/setvals call
* values -- array of values, ending in NULL. Each value is a NUL terminated
* string
* returns SASL_OK on success
* possible error return values include: SASL_BADPARAM, SASL_NOMEM
*/
LIBSASL_API int prop_setvals(struct propctx *ctx, const char *name,
const char **values);
#ifdef __cplusplus
}
#endif
#endif /* PROP_H */
0707010001f89d000081a4000017820000044e0000000153419f610000cb55000002350000002700000000000000000000002000000000reloc/include/sasl2/sasl/sasl.h /* This is a proposed C API for support of SASL
*
*********************************IMPORTANT*******************************
* send email to chris.newman@innosoft.com and cyrus-bugs@andrew.cmu.edu *
* if you need to add new error codes, callback types, property values, *
* etc. It is important to keep the multiple implementations of this *
* API from diverging. *
*********************************IMPORTANT*******************************
*
* Basic Type Summary:
* sasl_conn_t Context for a SASL connection negotiation
* sasl_ssf_t Security layer Strength Factor
* sasl_callback_t A typed client/server callback function and context
* sasl_interact_t A client interaction descriptor
* sasl_secret_t A client password
* sasl_rand_t Random data context structure
* sasl_security_properties_t An application's required security level
*
* Callbacks:
* sasl_getopt_t client/server: Get an option value
* sasl_logmsg_t client/server: Log message handler
* sasl_getsimple_t client: Get user/language list
* sasl_getsecret_t client: Get authentication secret
* sasl_chalprompt_t client: Display challenge and prompt for response
*
* Server only Callbacks:
* sasl_authorize_t user authorization policy callback
* sasl_getconfpath_t get path to search for config file
* sasl_server_userdb_checkpass check password and auxprops in userdb
* sasl_server_userdb_setpass set password in userdb
* sasl_server_canon_user canonicalize username routine
*
* Client/Server Function Summary:
* sasl_done Release all SASL global state
* sasl_dispose Connection done: Dispose of sasl_conn_t
* sasl_getprop Get property (e.g., user name, security layer info)
* sasl_setprop Set property (e.g., external ssf)
* sasl_errdetail Generate string from last error on connection
* sasl_errstring Translate sasl error code to a string
* sasl_encode Encode data to send using security layer
* sasl_decode Decode data received using security layer
*
* Utility functions:
* sasl_encode64 Encode data to send using MIME base64 encoding
* sasl_decode64 Decode data received using MIME base64 encoding
* sasl_erasebuffer Erase a buffer
*
* Client Function Summary:
* sasl_client_init Load and initialize client plug-ins (call once)
* sasl_client_new Initialize client connection context: sasl_conn_t
* sasl_client_start Select mechanism for connection
* sasl_client_step Perform one authentication step
*
* Server Function Summary
* sasl_server_init Load and initialize server plug-ins (call once)
* sasl_server_new Initialize server connection context: sasl_conn_t
* sasl_listmech Create list of available mechanisms
* sasl_server_start Begin an authentication exchange
* sasl_server_step Perform one authentication exchange step
* sasl_checkpass Check a plaintext passphrase
* sasl_checkapop Check an APOP challenge/response (uses pseudo "APOP"
* mechanism similar to CRAM-MD5 mechanism; optional)
* sasl_user_exists Check if user exists
* sasl_setpass Change a password or add a user entry
* sasl_auxprop_request Request auxiliary properties
* sasl_auxprop_getctx Get auxiliary property context for connection
* sasl_auxprop_store Store a set of auxiliary properties
*
* Basic client model:
* 1. client calls sasl_client_init() at startup to load plug-ins
* 2. when connection formed, call sasl_client_new()
* 3. once list of supported mechanisms received from server, client
* calls sasl_client_start(). goto 4a
* 4. client calls sasl_client_step()
* [4a. If SASL_INTERACT, fill in prompts and goto 4
* -- doesn't happen if callbacks provided]
* 4b. If SASL error, goto 7 or 3
* 4c. If SASL_OK, continue or goto 6 if last server response was success
* 5. send message to server, wait for response
* 5a. On data or success with server response, goto 4
* 5b. On failure goto 7 or 3
* 5c. On success with no server response continue
* 6. continue with application protocol until connection closes
* call sasl_getprop/sasl_encode/sasl_decode() if using security layer
* 7. call sasl_dispose(), may return to step 2
* 8. call sasl_done() when program terminates
*
* Basic Server model:
* 1. call sasl_server_init() at startup to load plug-ins
* 2. On connection, call sasl_server_new()
* 3. call sasl_listmech() and send list to client]
* 4. after client AUTH command, call sasl_server_start(), goto 5a
* 5. call sasl_server_step()
* 5a. If SASL_CONTINUE, output to client, wait response, repeat 5
* 5b. If SASL error, then goto 7
* 5c. If SASL_OK, move on
* 6. continue with application protocol until connection closes
* call sasl_getprop to get username
* call sasl_getprop/sasl_encode/sasl_decode() if using security layer
* 7. call sasl_dispose(), may return to step 2
* 8. call sasl_done() when program terminates
*
*************************************************
* IMPORTANT NOTE: server realms / username syntax
*
* If a user name contains a "@", then the rightmost "@" in the user name
* separates the account name from the realm in which this account is
* located. A single server may support multiple realms. If the
* server knows the realm at connection creation time (e.g., a server
* with multiple IP addresses tightly binds one address to a specific
* realm) then that realm must be passed in the user_realm field of
* the sasl_server_new call. If user_realm is non-empty and an
* unqualified user name is supplied, then the canon_user facility is
* expected to append "@" and user_realm to the user name. The canon_user
* facility may treat other characters such as "%" as equivalent to "@".
*
* If the server forbids the use of "@" in user names for other
* purposes, this simplifies security validation.
*/
#ifndef SASL_H
#define SASL_H 1
/* Keep in sync with win32/common.mak */
#define SASL_VERSION_MAJOR 2
#define SASL_VERSION_MINOR 1
#define SASL_VERSION_STEP 26
/* A convenience macro: same as was defined in the OpenLDAP LDAPDB */
#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
(SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
#include "prop.h"
/*************
* Basic API *
*************/
/* SASL result codes: */
#define SASL_CONTINUE 1 /* another step is needed in authentication */
#define SASL_OK 0 /* successful result */
#define SASL_FAIL -1 /* generic failure */
#define SASL_NOMEM -2 /* memory shortage failure */
#define SASL_BUFOVER -3 /* overflowed buffer */
#define SASL_NOMECH -4 /* mechanism not supported */
#define SASL_BADPROT -5 /* bad protocol / cancel */
#define SASL_NOTDONE -6 /* can't request info until later in exchange */
#define SASL_BADPARAM -7 /* invalid parameter supplied */
#define SASL_TRYAGAIN -8 /* transient failure (e.g., weak key) */
#define SASL_BADMAC -9 /* integrity check failed */
#define SASL_NOTINIT -12 /* SASL library not initialized */
/* -- client only codes -- */
#define SASL_INTERACT 2 /* needs user interaction */
#define SASL_BADSERV -10 /* server failed mutual authentication step */
#define SASL_WRONGMECH -11 /* mechanism doesn't support requested feature */
/* -- server only codes -- */
#define SASL_BADAUTH -13 /* authentication failure */
#define SASL_NOAUTHZ -14 /* authorization failure */
#define SASL_TOOWEAK -15 /* mechanism too weak for this user */
#define SASL_ENCRYPT -16 /* encryption needed to use mechanism */
#define SASL_TRANS -17 /* One time use of a plaintext password will
enable requested mechanism for user */
#define SASL_EXPIRED -18 /* passphrase expired, has to be reset */
#define SASL_DISABLED -19 /* account disabled */
#define SASL_NOUSER -20 /* user not found */
#define SASL_BADVERS -23 /* version mismatch with plug-in */
#define SASL_UNAVAIL -24 /* remote authentication server unavailable */
#define SASL_NOVERIFY -26 /* user exists, but no verifier for user */
/* -- codes for password setting -- */
#define SASL_PWLOCK -21 /* passphrase locked */
#define SASL_NOCHANGE -22 /* requested change was not needed */
#define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */
#define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */
#define SASL_NEED_OLD_PASSWD -29 /* sasl_setpass needs old password in order
to perform password change */
#define SASL_CONSTRAINT_VIOLAT -30 /* a property can't be stored,
because of some constrains/policy violation */
#define SASL_BADBINDING -32 /* channel binding failure */
/* max size of a sasl mechanism name */
#define SASL_MECHNAMEMAX 20
#ifdef _WIN32
/* Define to have the same layout as a WSABUF */
#ifndef STRUCT_IOVEC_DEFINED
#define STRUCT_IOVEC_DEFINED 1
struct iovec {
long iov_len;
char *iov_base;
};
#endif
#else
struct iovec; /* Defined in OS headers */
#endif
/* per-connection SASL negotiation state for client or server
*/
typedef struct sasl_conn sasl_conn_t;
/* Plain text password structure.
* len is the length of the password, data is the text.
*/
typedef struct sasl_secret {
unsigned long len;
unsigned char data[1]; /* variable sized */
} sasl_secret_t;
/* random data context structure
*/
typedef struct sasl_rand_s sasl_rand_t;
#ifdef __cplusplus
extern "C" {
#endif
/****************************
* Configure Basic Services *
****************************/
/* the following functions are used to adjust how allocation and mutexes work
* they must be called before all other SASL functions:
*/
/* memory allocation functions which may optionally be replaced:
*/
typedef void *sasl_malloc_t(size_t);
typedef void *sasl_calloc_t(size_t, size_t);
typedef void *sasl_realloc_t(void *, size_t);
typedef void sasl_free_t(void *);
LIBSASL_API void sasl_set_alloc(sasl_malloc_t *,
sasl_calloc_t *,
sasl_realloc_t *,
sasl_free_t *);
/* mutex functions which may optionally be replaced:
* sasl_mutex_alloc allocates a mutex structure
* sasl_mutex_lock blocks until mutex locked
* returns -1 on deadlock or parameter error
* returns 0 on success
* sasl_mutex_unlock unlocks mutex if it's locked
* returns -1 if not locked or parameter error
* returns 0 on success
* sasl_mutex_free frees a mutex structure
*/
typedef void *sasl_mutex_alloc_t(void);
typedef int sasl_mutex_lock_t(void *mutex);
typedef int sasl_mutex_unlock_t(void *mutex);
typedef void sasl_mutex_free_t(void *mutex);
LIBSASL_API void sasl_set_mutex(sasl_mutex_alloc_t *, sasl_mutex_lock_t *,
sasl_mutex_unlock_t *, sasl_mutex_free_t *);
/*****************************
* Security preference types *
*****************************/
/* security layer strength factor -- an unsigned integer usable by the caller
* to specify approximate security layer strength desired. Roughly
* correlated to effective key length for encryption.
* 0 = no protection
* 1 = integrity protection only
* 40 = 40-bit DES or 40-bit RC2/RC4
* 56 = DES
* 112 = triple-DES
* 128 = 128-bit RC2/RC4/BLOWFISH
* 256 = baseline AES
*/
typedef unsigned sasl_ssf_t;
/* usage flags provided to sasl_server_new and sasl_client_new:
*/
#define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */
#define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */
#define SASL_NEED_HTTP 0x0010 /* require a mech that can do HTTP auth */
/***************************
* Security Property Types *
***************************/
/* Structure specifying the client or server's security policy
* and optional additional properties.
*/
/* These are the various security flags apps can specify. */
/* NOPLAINTEXT -- don't permit mechanisms susceptible to simple
* passive attack (e.g., PLAIN, LOGIN)
* NOACTIVE -- protection from active (non-dictionary) attacks
* during authentication exchange.
* Authenticates server.
* NODICTIONARY -- don't permit mechanisms susceptible to passive
* dictionary attack
* FORWARD_SECRECY -- require forward secrecy between sessions
* (breaking one won't help break next)
* NOANONYMOUS -- don't permit mechanisms that allow anonymous login
* PASS_CREDENTIALS -- require mechanisms which pass client
* credentials, and allow mechanisms which can pass
* credentials to do so
* MUTUAL_AUTH -- require mechanisms which provide mutual
* authentication
*/
#define SASL_SEC_NOPLAINTEXT 0x0001
#define SASL_SEC_NOACTIVE 0x0002
#define SASL_SEC_NODICTIONARY 0x0004
#define SASL_SEC_FORWARD_SECRECY 0x0008
#define SASL_SEC_NOANONYMOUS 0x0010
#define SASL_SEC_PASS_CREDENTIALS 0x0020
#define SASL_SEC_MUTUAL_AUTH 0x0040
#define SASL_SEC_MAXIMUM 0x00FF
typedef struct sasl_security_properties
{
/* security strength factor
* min_ssf = minimum acceptable final level
* max_ssf = maximum acceptable final level
*/
sasl_ssf_t min_ssf;
sasl_ssf_t max_ssf;
/* Maximum security layer receive buffer size.
* 0=security layer not supported
*/
unsigned maxbufsize;
/* bitfield for attacks to protect against */
unsigned security_flags;
/* NULL terminated array of additional property names, values */
const char **property_names;
const char **property_values;
} sasl_security_properties_t;
/******************
* Callback types *
******************/
/*
* Extensible type for a client/server callbacks
* id -- identifies callback type
* proc -- procedure call arguments vary based on id
* context -- context passed to procedure
*/
/* Note that any memory that is allocated by the callback needs to be
* freed by the application, be it via function call or interaction.
*
* It may be freed after sasl_*_step returns SASL_OK. if the mechanism
* requires this information to persist (for a security layer, for example)
* it must maintain a private copy.
*/
typedef struct sasl_callback {
/* Identifies the type of the callback function.
* Mechanisms must ignore callbacks with id's they don't recognize.
*/
unsigned long id;
int (*proc)(void); /* Callback function. Types of arguments vary by 'id' */
void *context;
} sasl_callback_t;
/* callback ids & functions:
*/
#define SASL_CB_LIST_END 0 /* end of list */
/* option reading callback -- this allows a SASL configuration to be
* encapsulated in the caller's configuration system. Some implementations
* may use default config file(s) if this is omitted. Configuration items
* may be plugin-specific and are arbitrary strings.
*
* inputs:
* context -- option context from callback record
* plugin_name -- name of plugin (NULL = general SASL option)
* option -- name of option
* output:
* result -- set to result which persists until next getopt in
* same thread, unchanged if option not found
* len -- length of result (may be NULL)
* returns:
* SASL_OK -- no error
* SASL_FAIL -- error
*/
typedef int sasl_getopt_t(void *context, const char *plugin_name,
const char *option,
const char **result, unsigned *len);
#define SASL_CB_GETOPT 1
/* Logging levels for use with the logging callback function. */
#define SASL_LOG_NONE 0 /* don't log anything */
#define SASL_LOG_ERR 1 /* log unusual errors (default) */
#define SASL_LOG_FAIL 2 /* log all authentication failures */
#define SASL_LOG_WARN 3 /* log non-fatal warnings */
#define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */
#define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */
#define SASL_LOG_TRACE 6 /* traces of internal protocols */
#define SASL_LOG_PASS 7 /* traces of internal protocols, including
* passwords */
/* logging callback -- this allows plugins and the middleware to
* log operations they perform.
* inputs:
* context -- logging context from the callback record
* level -- logging level; see above
* message -- message to log
* returns:
* SASL_OK -- no error
* SASL_FAIL -- error
*/
typedef int sasl_log_t(void *context,
int level,
const char *message);
#define SASL_CB_LOG 2
/* getpath callback -- this allows applications to specify the
* colon-separated path to search for plugins (by default,
* taken from an implementation-specific location).
* inputs:
* context -- getpath context from the callback record
* outputs:
* path -- colon seperated path
* returns:
* SASL_OK -- no error
* SASL_FAIL -- error
*/
typedef int sasl_getpath_t(void *context,
const char **path);
#define SASL_CB_GETPATH 3
/* verify file callback -- this allows applications to check if they
* want SASL to use files, file by file. This is intended to allow
* applications to sanity check the environment to make sure plugins
* or the configuration file can't be written to, etc.
* inputs:
* context -- verifypath context from the callback record
* file -- full path to file to verify
* type -- type of file to verify (see below)
* returns:
* SASL_OK -- no error (file can safely be used)
* SASL_CONTINUE -- continue WITHOUT using this file
* SASL_FAIL -- error
*/
/* these are the types of files libsasl will ask about */
typedef enum {
SASL_VRFY_PLUGIN=0, /* a DLL/shared library plug-in */
SASL_VRFY_CONF=1, /* a configuration file */
SASL_VRFY_PASSWD=2, /* a password storage file/db */
SASL_VRFY_OTHER=3 /* some other file */
} sasl_verify_type_t;
typedef int sasl_verifyfile_t(void *context,
const char *file, sasl_verify_type_t type);
#define SASL_CB_VERIFYFILE 4
/* getconfpath callback -- this allows applications to specify the
* colon-separated path to search for config files (by default,
* taken from the SASL_CONF_PATH environment variable).
* inputs:
* context -- getconfpath context from the callback record
* outputs:
* path -- colon seperated path (allocated on the heap; the
* library will free it using the sasl_free_t *
* passed to sasl_set_callback, or the standard free()
* library call).
* returns:
* SASL_OK -- no error
* SASL_FAIL -- error
*/
typedef int sasl_getconfpath_t(void *context,
char **path);
#define SASL_CB_GETCONFPATH 5
/* client/user interaction callbacks:
*/
/* Simple prompt -- result must persist until next call to getsimple on
* same connection or until connection context is disposed
* inputs:
* context -- context from callback structure
* id -- callback id
* outputs:
* result -- set to NUL terminated string
* NULL = user cancel
* len -- length of result
* returns SASL_OK
*/
typedef int sasl_getsimple_t(void *context, int id,
const char **result, unsigned *len);
#define SASL_CB_USER 0x4001 /* client user identity to login as */
#define SASL_CB_AUTHNAME 0x4002 /* client authentication name */
#define SASL_CB_LANGUAGE 0x4003 /* comma separated list of RFC 1766
* language codes in order of preference
* to be used to localize client prompts
* or server error codes */
#define SASL_CB_CNONCE 0x4007 /* caller supplies client-nonce
* primarily for testing purposes */
/* get a sasl_secret_t (plaintext password with length)
* inputs:
* conn -- connection context
* context -- context from callback structure
* id -- callback id
* outputs:
* psecret -- set to NULL to cancel
* set to password structure which must persist until
* next call to getsecret in same connection, but middleware
* will erase password data when it's done with it.
* returns SASL_OK
*/
typedef int sasl_getsecret_t(sasl_conn_t *conn, void *context, int id,
sasl_secret_t **psecret);
#define SASL_CB_PASS 0x4004 /* client passphrase-based secret */
/* prompt for input in response to a challenge.
* input:
* context -- context from callback structure
* id -- callback id
* challenge -- server challenge
* output:
* result -- NUL terminated result, NULL = user cancel
* len -- length of result
* returns SASL_OK
*/
typedef int sasl_chalprompt_t(void *context, int id,
const char *challenge,
const char *prompt, const char *defresult,
const char **result, unsigned *len);
#define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */
#define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */
/* prompt (or autoselect) the realm to do authentication in.
* may get a list of valid realms.
* input:
* context -- context from callback structure
* id -- callback id
* availrealms -- available realms; string list; NULL terminated
* list may be empty.
* output:
* result -- NUL terminated realm; NULL is equivalent to ""
* returns SASL_OK
* result must persist until the next callback
*/
typedef int sasl_getrealm_t(void *context, int id,
const char **availrealms,
const char **result);
#define SASL_CB_GETREALM (0x4008) /* realm to attempt authentication in */
/* server callbacks:
*/
/* improved callback to verify authorization;
* canonicalization now handled elsewhere
* conn -- connection context
* requested_user -- the identity/username to authorize (NUL terminated)
* rlen -- length of requested_user
* auth_identity -- the identity associated with the secret (NUL terminated)
* alen -- length of auth_identity
* default_realm -- default user realm, as passed to sasl_server_new if
* urlen -- length of default realm
* propctx -- auxiliary properties
* returns SASL_OK on success,
* SASL_NOAUTHZ or other SASL response on failure
*/
typedef int sasl_authorize_t(sasl_conn_t *conn,
void *context,
const char *requested_user, unsigned rlen,
const char *auth_identity, unsigned alen,
const char *def_realm, unsigned urlen,
struct propctx *propctx);
#define SASL_CB_PROXY_POLICY 0x8001
/* functions for "userdb" based plugins to call to get/set passwords.
* the location for the passwords is determined by the caller or middleware.
* plug-ins may get passwords from other locations.
*/
/* callback to verify a plaintext password against the caller-supplied
* user database. This is necessary to allow additional s for
* encoding of the userPassword property.
* user -- NUL terminated user name with user@realm syntax
* pass -- password to check (may not be NUL terminated)
* passlen -- length of password to check
* propctx -- auxiliary properties for user
*/
typedef int sasl_server_userdb_checkpass_t(sasl_conn_t *conn,
void *context,
const char *user,
const char *pass,
unsigned passlen,
struct propctx *propctx);
#define SASL_CB_SERVER_USERDB_CHECKPASS (0x8005)
/* callback to store/change a plaintext password in the user database
* user -- NUL terminated user name with user@realm syntax
* pass -- password to store (may not be NUL terminated)
* passlen -- length of password to store
* propctx -- auxiliary properties (not stored)
* flags -- see SASL_SET_* flags below (SASL_SET_CREATE optional)
*/
typedef int sasl_server_userdb_setpass_t(sasl_conn_t *conn,
void *context,
const char *user,
const char *pass,
unsigned passlen,
struct propctx *propctx,
unsigned flags);
#define SASL_CB_SERVER_USERDB_SETPASS (0x8006)
/* callback for a server-supplied user canonicalization function.
*
* This function is called directly after the mechanism has the
* authentication and authorization IDs. It is called before any
* User Canonicalization plugin is called. It has the responsibility
* of copying its output into the provided output buffers.
*
* in, inlen -- user name to canonicalize, may not be NUL terminated
* may be same buffer as out
* flags -- not currently used, supplied by auth mechanism
* user_realm -- the user realm (may be NULL in case of client)
* out -- buffer to copy user name
* out_max -- max length of user name
* out_len -- set to length of user name
*
* returns
* SASL_OK on success
* SASL_BADPROT username contains invalid character
*/
/* User Canonicalization Function Flags */
#define SASL_CU_NONE 0x00 /* Not a valid flag to pass */
/* One of the following two is required */
#define SASL_CU_AUTHID 0x01
#define SASL_CU_AUTHZID 0x02
/* Combine the following with SASL_CU_AUTHID, if you don't want
to fail if auxprop returned SASL_NOUSER/SASL_NOMECH.
This flag has no effect on SASL_CU_AUTHZID. */
#define SASL_CU_EXTERNALLY_VERIFIED 0x04
#define SASL_CU_OVERRIDE 0x08 /* mapped to SASL_AUXPROP_OVERRIDE */
/* The following CU flags are passed "as is" down to auxprop lookup */
#define SASL_CU_ASIS_MASK 0xFFF0
/* NOTE: Keep in sync with SASL_AUXPROP_ flags */
#define SASL_CU_VERIFY_AGAINST_HASH 0x10
typedef int sasl_canon_user_t(sasl_conn_t *conn,
void *context,
const char *in, unsigned inlen,
unsigned flags,
const char *user_realm,
char *out,
unsigned out_max, unsigned *out_len);
#define SASL_CB_CANON_USER (0x8007)
/**********************************
* Common Client/server functions *
**********************************/
/* Types of paths to set (see sasl_set_path below). */
#define SASL_PATH_TYPE_PLUGIN 0
#define SASL_PATH_TYPE_CONFIG 1
/* a simpler way to set plugin path or configuration file path
* without the need to set sasl_getpath_t callback.
*
* This function can be called before sasl_server_init/sasl_client_init.
*/
LIBSASL_API int sasl_set_path (int path_type, char * path);
/* get sasl library version information
* implementation is a vendor-defined string
* version is a vender-defined representation of the version #.
*
* This function is being deprecated in favor of sasl_version_info. */
LIBSASL_API void sasl_version(const char **implementation,
int *version);
/* Extended version of sasl_version().
*
* This function is to be used
* for library version display and logging
* for bug workarounds in old library versions
*
* The sasl_version_info is not to be used for API feature detection.
*
* All parameters are optional. If NULL is specified, the value is not returned.
*/
LIBSASL_API void sasl_version_info (const char **implementation,
const char **version_string,
int *version_major,
int *version_minor,
int *version_step,
int *version_patch);
/* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this.
*
* This function is DEPRECATED in favour of sasl_server_done/
* sasl_client_done.
*/
LIBSASL_API void sasl_done(void);
/* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this.
* This function should be called instead of sasl_done(),
whenever possible.
*/
LIBSASL_API int sasl_server_done(void);
/* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this.
* This function should be called instead of sasl_done(),
whenever possible.
*/
LIBSASL_API int sasl_client_done(void);
/* dispose connection state, sets it to NULL
* checks for pointer to NULL
*/
LIBSASL_API void sasl_dispose(sasl_conn_t **pconn);
/* translate an error number into a string
* input:
* saslerr -- the error number
* langlist -- comma separated list of RFC 1766 languages (may be NULL)
* results:
* outlang -- the language actually used (may be NULL if don't care)
* returns:
* the error message in UTF-8 (only the US-ASCII subset if langlist is NULL)
*/
LIBSASL_API const char *sasl_errstring(int saslerr,
const char *langlist,
const char **outlang);
/* get detail about the last error that occurred on a connection
* text is sanitized so it's suitable to send over the wire
* (e.g., no distinction between SASL_BADAUTH and SASL_NOUSER)
* input:
* conn -- mandatory connection context
* returns:
* the error message in UTF-8 (only the US-ASCII subset permitted if no
* SASL_CB_LANGUAGE callback is present)
*/
LIBSASL_API const char *sasl_errdetail(sasl_conn_t *conn);
/* set the error string which will be returned by sasl_errdetail() using
* syslog()-style formatting (e.g. printf-style with %m as most recent
* errno error)
*
* primarily for use by server callbacks such as the sasl_authorize_t
* callback and internally to plug-ins
*
* This will also trigger a call to the SASL logging callback (if any)
* with a level of SASL_LOG_FAIL unless the SASL_NOLOG flag is set.
*
* Messages should be sensitive to the current language setting. If there
* is no SASL_CB_LANGUAGE callback messages MUST be US-ASCII otherwise UTF-8
* is used and use of RFC 2482 for mixed-language text is encouraged.
*
* if conn is NULL, function does nothing
*/
LIBSASL_API void sasl_seterror(sasl_conn_t *conn, unsigned flags,
const char *fmt, ...);
#define SASL_NOLOG 0x01
/* get property from SASL connection state
* propnum -- property number
* pvalue -- pointer to value
* returns:
* SASL_OK -- no error
* SASL_NOTDONE -- property not available yet
* SASL_BADPARAM -- bad property number
*/
LIBSASL_API int sasl_getprop(sasl_conn_t *conn, int propnum,
const void **pvalue);
#define SASL_USERNAME 0 /* pointer to NUL terminated user name */
#define SASL_SSF 1 /* security layer security strength factor,
* if 0, call to sasl_encode, sasl_decode
* unnecessary */
#define SASL_MAXOUTBUF 2 /* security layer max output buf unsigned */
#define SASL_DEFUSERREALM 3 /* default realm passed to server_new */
/* or set with setprop */
#define SASL_GETOPTCTX 4 /* context for getopt callback */
#define SASL_CALLBACK 7 /* current callback function list */
#define SASL_IPLOCALPORT 8 /* iplocalport string passed to server_new */
#define SASL_IPREMOTEPORT 9 /* ipremoteport string passed to server_new */
/* This returns a string which is either empty or has an error message
* from sasl_seterror (e.g., from a plug-in or callback). It differs
* from the result of sasl_errdetail() which also takes into account the
* last return status code.
*/
#define SASL_PLUGERR 10
/* a handle to any delegated credentials or NULL if none is present
* is returned by the mechanism. The user will probably need to know
* which mechanism was used to actually known how to make use of them
* currently only implemented for the gssapi mechanism */
#define SASL_DELEGATEDCREDS 11
#define SASL_SERVICE 12 /* service passed to sasl_*_new */
#define SASL_SERVERFQDN 13 /* serverFQDN passed to sasl_*_new */
#define SASL_AUTHSOURCE 14 /* name of auth source last used, useful
* for failed authentication tracking */
#define SASL_MECHNAME 15 /* active mechanism name, if any */
#define SASL_AUTHUSER 16 /* authentication/admin user */
#define SASL_APPNAME 17 /* application name (used for logging/
configuration), same as appname parameter
to sasl_server_init */
/* GSS-API credential handle for sasl_client_step() or sasl_server_step().
* The application is responsible for releasing this credential handle. */
#define SASL_GSS_CREDS 18
/* GSS name (gss_name_t) of the peer, as output by gss_inquire_context()
* or gss_accept_sec_context().
* On server end this is similar to SASL_USERNAME, but the gss_name_t
* structure can contain additional attributes associated with the peer.
*/
#define SASL_GSS_PEER_NAME 19
/* Local GSS name (gss_name_t) as output by gss_inquire_context(). This
* is particularly useful for servers that respond to multiple names. */
#define SASL_GSS_LOCAL_NAME 20
/* Channel binding information. Memory is managed by the caller. */
typedef struct sasl_channel_binding {
const char *name;
int critical;
unsigned long len;
const unsigned char *data;
} sasl_channel_binding_t;
#define SASL_CHANNEL_BINDING 21
/* HTTP Request (RFC 2616) - ONLY used for HTTP Digest Auth (RFC 2617) */
typedef struct sasl_http_request {
const char *method; /* HTTP Method */
const char *uri; /* request-URI */
const unsigned char *entity; /* entity-body */
unsigned long elen; /* entity-body length */
unsigned non_persist; /* Is it a non-persistent connection? */
} sasl_http_request_t;
#define SASL_HTTP_REQUEST 22
/* set property in SASL connection state
* returns:
* SASL_OK -- value set
* SASL_BADPARAM -- invalid property or value
*/
LIBSASL_API int sasl_setprop(sasl_conn_t *conn,
int propnum,
const void *value);
#define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */
#define SASL_SEC_PROPS 101 /* sasl_security_properties_t */
#define SASL_AUTH_EXTERNAL 102 /* external authentication ID (const char *) */
/* If the SASL_AUTH_EXTERNAL value is non-NULL, then a special version of the
* EXTERNAL mechanism is enabled (one for server-embedded EXTERNAL mechanisms).
* Otherwise, the EXTERNAL mechanism will be absent unless a plug-in
* including EXTERNAL is present.
*/
/* do precalculations during an idle period or network round trip
* may pass NULL to precompute for some mechanisms prior to connect
* returns 1 if action taken, 0 if no action taken
*/
LIBSASL_API int sasl_idle(sasl_conn_t *conn);
/**************
* Client API *
**************/
/* list of client interactions with user for caller to fill in
*/
typedef struct sasl_interact {
unsigned long id; /* same as client/user callback ID */
const char *challenge; /* presented to user (e.g. OTP challenge) */
const char *prompt; /* presented to user (e.g. "Username: ") */
const char *defresult; /* default result string */
const void *result; /* set to point to result */
unsigned len; /* set to length of result */
} sasl_interact_t;
/* initialize the SASL client drivers
* callbacks -- base callbacks for all client connections;
* must include getopt callback
* returns:
* SASL_OK -- Success
* SASL_NOMEM -- Not enough memory
* SASL_BADVERS -- Mechanism version mismatch
* SASL_BADPARAM -- missing getopt callback or error in config file
* SASL_NOMECH -- No mechanisms available
* ...
*/
LIBSASL_API int sasl_client_init(const sasl_callback_t *callbacks);
/* initialize a client exchange based on the specified mechanism
* service -- registered name of the service using SASL (e.g. "imap")
* serverFQDN -- the fully qualified domain name of the server
* iplocalport -- client IPv4/IPv6 domain literal string with port
* (if NULL, then mechanisms requiring IPaddr are disabled)
* ipremoteport -- server IPv4/IPv6 domain literal string with port
* (if NULL, then mechanisms requiring IPaddr are disabled)
* prompt_supp -- list of client interactions supported
* may also include sasl_getopt_t context & call
* NULL prompt_supp = user/pass via SASL_INTERACT only
* NULL proc = interaction supported via SASL_INTERACT
* flags -- server usage flags (see above)
* in/out:
* pconn -- connection negotiation structure
* pointer to NULL => allocate new
*
* Returns:
* SASL_OK -- success
* SASL_NOMECH -- no mechanism meets requested properties
* SASL_NOMEM -- not enough memory
*/
LIBSASL_API int sasl_client_new(const char *service,
const char *serverFQDN,
const char *iplocalport,
const char *ipremoteport,
const sasl_callback_t *prompt_supp,
unsigned flags,
sasl_conn_t **pconn);
/* select a mechanism for a connection
* mechlist -- mechanisms server has available (punctuation ignored)
* if NULL, then discard cached info and retry last mech
* output:
* prompt_need -- on SASL_INTERACT, list of prompts needed to continue
* may be NULL if callbacks provided
* clientout -- the initial client response to send to the server
* will be valid until next call to client_start/client_step
* NULL if mech doesn't include initial client challenge
* mech -- set to mechansm name of selected mechanism (may be NULL)
*
* Returns:
* SASL_OK -- success
* SASL_NOMEM -- not enough memory
* SASL_NOMECH -- no mechanism meets requested properties
* SASL_INTERACT -- user interaction needed to fill in prompt_need list
*/
LIBSASL_API int sasl_client_start(sasl_conn_t *conn,
const char *mechlist,
sasl_interact_t **prompt_need,
const char **clientout,
unsigned *clientoutlen,
const char **mech);
/* do a single authentication step.
* serverin -- the server message received by the client, MUST have a NUL
* sentinel, not counted by serverinlen
* output:
* prompt_need -- on SASL_INTERACT, list of prompts needed to continue
* clientout -- the client response to send to the server
* will be valid until next call to client_start/client_step
*
* returns:
* SASL_OK -- success
* SASL_INTERACT -- user interaction needed to fill in prompt_need list
* SASL_BADPROT -- server protocol incorrect/cancelled
* SASL_BADSERV -- server failed mutual auth
*/
LIBSASL_API int sasl_client_step(sasl_conn_t *conn,
const char *serverin,
unsigned serverinlen,
sasl_interact_t **prompt_need,
const char **clientout,
unsigned *clientoutlen);
/**************
* Server API *
**************/
/* initialize server drivers, done once per process
* callbacks -- callbacks for all server connections; must include
* getopt callback
* appname -- name of calling application (for lower level logging)
* results:
* state -- server state
* returns:
* SASL_OK -- success
* SASL_BADPARAM -- error in config file
* SASL_NOMEM -- memory failure
* SASL_BADVERS -- Mechanism version mismatch
*/
LIBSASL_API int sasl_server_init(const sasl_callback_t *callbacks,
const char *appname);
/* IP/port syntax:
* a.b.c.d;p where a-d are 0-255 and p is 0-65535 port number.
* e:f:g:h:i:j:k:l;p where e-l are 0000-ffff lower-case hexidecimal
* e:f:g:h:i:j:a.b.c.d;p alternate syntax for previous
*
* Note that one or more "0" fields in f-k can be replaced with "::"
* Thus: e:f:0000:0000:0000:j:k:l;p
* can be abbreviated: e:f::j:k:l;p
*
* A buffer of size 52 is adequate for the longest format with NUL terminator.
*/
/* create context for a single SASL connection
* service -- registered name of the service using SASL (e.g. "imap")
* serverFQDN -- Fully qualified domain name of server. NULL means use
* gethostname() or equivalent.
* Useful for multi-homed servers.
* user_realm -- permits multiple user realms on server, NULL = default
* iplocalport -- server IPv4/IPv6 domain literal string with port
* (if NULL, then mechanisms requiring IPaddr are disabled)
* ipremoteport -- client IPv4/IPv6 domain literal string with port
* (if NULL, then mechanisms requiring IPaddr are disabled)
* callbacks -- callbacks (e.g., authorization, lang, new getopt context)
* flags -- usage flags (see above)
* returns:
* pconn -- new connection context
*
* returns:
* SASL_OK -- success
* SASL_NOMEM -- not enough memory
*/
LIBSASL_API int sasl_server_new(const char *service,
const char *serverFQDN,
const char *user_realm,
const char *iplocalport,
const char *ipremoteport,
const sasl_callback_t *callbacks,
unsigned flags,
sasl_conn_t **pconn);
/* Return an array of NUL-terminated strings, terminated by a NULL pointer,
* which lists all possible mechanisms that the library can supply
*
* Returns NULL on failure. */
LIBSASL_API const char ** sasl_global_listmech(void);
/* This returns a list of mechanisms in a NUL-terminated string
* conn -- the connection to list mechanisms for (either client
* or server)
* user -- restricts mechanisms to those available to that user
* (may be NULL, not used for client case)
* prefix -- appended to beginning of result
* sep -- appended between mechanisms
* suffix -- appended to end of result
* results:
* result -- NUL terminated result which persists until next
* call to sasl_listmech for this sasl_conn_t
* plen -- gets length of result (excluding NUL), may be NULL
* pcount -- gets number of mechanisms, may be NULL
*
* returns:
* SASL_OK -- success
* SASL_NOMEM -- not enough memory
* SASL_NOMECH -- no enabled mechanisms
*/
LIBSASL_API int sasl_listmech(sasl_conn_t *conn,
const char *user,
const char *prefix,
const char *sep,
const char *suffix,
const char **result,
unsigned *plen,
int *pcount);
/* start a mechanism exchange within a connection context
* mech -- the mechanism name client requested
* clientin -- client initial response (NUL terminated), NULL if empty
* clientinlen -- length of initial response
* serverout -- initial server challenge, NULL if done
* (library handles freeing this string)
* serveroutlen -- length of initial server challenge
* output:
* pconn -- the connection negotiation state on success
*
* Same returns as sasl_server_step() or
* SASL_NOMECH if mechanism not available.
*/
LIBSASL_API int sasl_server_start(sasl_conn_t *conn,
const char *mech,
const char *clientin,
unsigned clientinlen,
const char **serverout,
unsigned *serveroutlen);
/* perform one step of the SASL exchange
* inputlen & input -- client data
* NULL on first step if no optional client step
* outputlen & output -- set to the server data to transmit
* to the client in the next step
* (library handles freeing this)
*
* returns:
* SASL_OK -- exchange is complete.
* SASL_CONTINUE -- indicates another step is necessary.
* SASL_TRANS -- entry for user exists, but not for mechanism
* and transition is possible
* SASL_BADPARAM -- service name needed
* SASL_BADPROT -- invalid input from client
* ...
*/
LIBSASL_API int sasl_server_step(sasl_conn_t *conn,
const char *clientin,
unsigned clientinlen,
const char **serverout,
unsigned *serveroutlen);
/* check if an apop exchange is valid
* (note this is an optional part of the SASL API)
* if challenge is NULL, just check if APOP is enabled
* inputs:
* challenge -- challenge which was sent to client
* challen -- length of challenge, 0 = strlen(challenge)
* response -- client response, " " (RFC 1939)
* resplen -- length of response, 0 = strlen(response)
* returns
* SASL_OK -- success
* SASL_BADAUTH -- authentication failed
* SASL_BADPARAM -- missing challenge
* SASL_BADPROT -- protocol error (e.g., response in wrong format)
* SASL_NOVERIFY -- user found, but no verifier
* SASL_NOMECH -- mechanism not supported
* SASL_NOUSER -- user not found
*/
LIBSASL_API int sasl_checkapop(sasl_conn_t *conn,
const char *challenge, unsigned challen,
const char *response, unsigned resplen);
/* check if a plaintext password is valid
* if user is NULL, check if plaintext passwords are enabled
* inputs:
* user -- user to query in current user_domain
* userlen -- length of username, 0 = strlen(user)
* pass -- plaintext password to check
* passlen -- length of password, 0 = strlen(pass)
* returns
* SASL_OK -- success
* SASL_NOMECH -- mechanism not supported
* SASL_NOVERIFY -- user found, but no verifier
* SASL_NOUSER -- user not found
*/
LIBSASL_API int sasl_checkpass(sasl_conn_t *conn,
const char *user, unsigned userlen,
const char *pass, unsigned passlen);
/* check if a user exists on server
* conn -- connection context
* service -- registered name of the service using SASL (e.g. "imap")
* user_realm -- permits multiple user realms on server, NULL = default
* user -- NUL terminated user name
*
* returns:
* SASL_OK -- success
* SASL_DISABLED -- account disabled
* SASL_NOUSER -- user not found
* SASL_NOVERIFY -- user found, but no usable mechanism
* SASL_NOMECH -- no mechanisms enabled
* SASL_UNAVAIL -- remote authentication server unavailable, try again later
*/
LIBSASL_API int sasl_user_exists(sasl_conn_t *conn,
const char *service,
const char *user_realm,
const char *user);
/* set the password for a user
* conn -- SASL connection
* user -- user name
* pass -- plaintext password, may be NULL to remove user
* passlen -- length of password, 0 = strlen(pass)
* oldpass -- NULL will sometimes work
* oldpasslen -- length of password, 0 = strlen(oldpass)
* flags -- see flags below
*
* returns:
* SASL_NOCHANGE -- proper entry already exists
* SASL_NOMECH -- no authdb supports password setting as configured
* SASL_NOVERIFY -- user exists, but no settable password present
* SASL_DISABLED -- account disabled
* SASL_PWLOCK -- password locked
* SASL_WEAKPASS -- password too weak for security policy
* SASL_NOUSERPASS -- user-supplied passwords not permitted
* SASL_FAIL -- OS error
* SASL_BADPARAM -- password too long
* SASL_OK -- successful
*/
LIBSASL_API int sasl_setpass(sasl_conn_t *conn,
const char *user,
const char *pass, unsigned passlen,
const char *oldpass, unsigned oldpasslen,
unsigned flags);
#define SASL_SET_CREATE 0x01 /* create a new entry for user */
#define SASL_SET_DISABLE 0x02 /* disable user account */
#define SASL_SET_NOPLAIN 0x04 /* do not store secret in plain text */
#define SASL_SET_CURMECH_ONLY 0x08 /* set the mechanism specific password only.
fail if no current mechanism */
/*********************************************************
* Auxiliary Property Support -- added by cjn 1999-09-29 *
*********************************************************/
#define SASL_AUX_END NULL /* last auxiliary property */
#define SASL_AUX_ALL "*" /* A special flag to signal user deletion */
/* traditional Posix items (should be implemented on Posix systems) */
#define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */
#define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of authid) */
#define SASL_AUX_UIDNUM "uidNumber" /* UID number for the user */
#define SASL_AUX_GIDNUM "gidNumber" /* GID for the user */
#define SASL_AUX_FULLNAME "gecos" /* full name of the user, unix-style */
#define SASL_AUX_HOMEDIR "homeDirectory" /* home directory for user */
#define SASL_AUX_SHELL "loginShell" /* login shell for the user */
/* optional additional items (not necessarily implemented) */
/* single preferred mail address for user canonically-quoted
* RFC821/822 syntax */
#define SASL_AUX_MAILADDR "mail"
/* path to unix-style mailbox for user */
#define SASL_AUX_UNIXMBX "mailMessageStore"
/* SMTP mail channel name to use if user authenticates successfully */
#define SASL_AUX_MAILCHAN "mailSMTPSubmitChannel"
/* Request a set of auxiliary properties
* conn connection context
* propnames list of auxiliary property names to request ending with
* NULL.
*
* Subsequent calls will add items to the request list. Call with NULL
* to clear the request list.
*
* errors
* SASL_OK -- success
* SASL_BADPARAM -- bad count/conn parameter
* SASL_NOMEM -- out of memory
*/
LIBSASL_API int sasl_auxprop_request(sasl_conn_t *conn,
const char **propnames);
/* Returns current auxiliary property context.
* Use functions in prop.h to access content
*
* if authentication hasn't completed, property values may be empty/NULL
*
* properties not recognized by active plug-ins will be left empty/NULL
*
* returns NULL if conn is invalid.
*/
LIBSASL_API struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn);
/* Store the set of auxiliary properties for the given user.
* Use functions in prop.h to set the content.
*
* conn connection context
* ctx property context from prop_new()/prop_request()/prop_set()
* user NUL terminated user
*
* Call with NULL 'ctx' to see if the backend allows storing properties.
*
* errors
* SASL_OK -- success
* SASL_NOMECH -- can not store some/all properties
* SASL_BADPARAM -- bad conn/ctx/user parameter
* SASL_NOMEM -- out of memory
* SASL_FAIL -- failed to store
*/
LIBSASL_API int sasl_auxprop_store(sasl_conn_t *conn,
struct propctx *ctx, const char *user);
/**********************
* security layer API *
**********************/
/* encode a block of data for transmission using security layer,
* returning the input buffer if there is no security layer.
* output is only valid until next call to sasl_encode or sasl_encodev
* returns:
* SASL_OK -- success (returns input if no layer negotiated)
* SASL_NOTDONE -- security layer negotiation not finished
* SASL_BADPARAM -- inputlen is greater than the SASL_MAXOUTBUF
*/
LIBSASL_API int sasl_encode(sasl_conn_t *conn,
const char *input, unsigned inputlen,
const char **output, unsigned *outputlen);
/* encode a block of data for transmission using security layer
* output is only valid until next call to sasl_encode or sasl_encodev
* returns:
* SASL_OK -- success (returns input if no layer negotiated)
* SASL_NOTDONE -- security layer negotiation not finished
* SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF
* or no security layer
*/
LIBSASL_API int sasl_encodev(sasl_conn_t *conn,
const struct iovec *invec, unsigned numiov,
const char **output, unsigned *outputlen);
/* decode a block of data received using security layer
* returning the input buffer if there is no security layer.
* output is only valid until next call to sasl_decode
*
* if outputlen is 0 on return, than the value of output is undefined.
*
* returns:
* SASL_OK -- success (returns input if no layer negotiated)
* SASL_NOTDONE -- security layer negotiation not finished
* SASL_BADMAC -- bad message integrity check
*/
LIBSASL_API int sasl_decode(sasl_conn_t *conn,
const char *input, unsigned inputlen,
const char **output, unsigned *outputlen);
#ifdef __cplusplus
}
#endif
#endif /* SASL_H */
0707010001f89f000081a4000017820000044e0000000153419f6100000b09000002350000002700000000000000000000002400000000reloc/include/sasl2/sasl/saslutil.h /* saslutil.h -- various utility functions in SASL library
*/
#ifndef SASLUTIL_H
#define SASLUTIL_H 1
#ifndef SASL_H
#include "sasl.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* base64 decode
* in -- input data
* inlen -- length of input data
* out -- output data (may be same as in, must have enough space)
* outmax -- max size of output buffer
* result:
* outlen -- actual output length
*
* returns SASL_BADPROT on bad base64,
* SASL_BUFOVER if result won't fit
* SASL_OK on success
*/
LIBSASL_API int sasl_decode64(const char *in, unsigned inlen,
char *out, unsigned outmax, unsigned *outlen);
/* base64 encode
* in -- input data
* inlen -- input data length
* out -- output buffer (will be NUL terminated)
* outmax -- max size of output buffer
* result:
* outlen -- gets actual length of output buffer (optional)
*
* Returns SASL_OK on success, SASL_BUFOVER if result won't fit
*/
LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
char *out, unsigned outmax, unsigned *outlen);
/* make a challenge string (NUL terminated)
* buf -- buffer for result
* maxlen -- max length of result
* hostflag -- 0 = don't include hostname, 1 = include hostname
* returns final length or 0 if not enough space
*/
LIBSASL_API int sasl_mkchal(sasl_conn_t *conn, char *buf,
unsigned maxlen, unsigned hostflag);
/* verify a string is valid UTF-8
* if len == 0, strlen(str) will be used.
* returns SASL_BADPROT on error, SASL_OK on success
*/
LIBSASL_API int sasl_utf8verify(const char *str, unsigned len);
/* create random pool seeded with OS-based params */
LIBSASL_API int sasl_randcreate(sasl_rand_t **rpool);
/* free random pool from randcreate */
LIBSASL_API void sasl_randfree(sasl_rand_t **rpool);
/* seed random number generator */
LIBSASL_API void sasl_randseed(sasl_rand_t *rpool, const char *seed,
unsigned len);
/* generate random octets */
LIBSASL_API void sasl_rand(sasl_rand_t *rpool, char *buf, unsigned len);
/* churn data into random number generator */
LIBSASL_API void sasl_churn(sasl_rand_t *rpool, const char *data,
unsigned len);
/* erase a security sensitive buffer or password.
* Implementation may use recovery-resistant erase logic.
*/
LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len);
/* Lowercase string in place */
LIBSASL_API char *sasl_strlower (char *val);
LIBSASL_API int sasl_config_init(const char *filename);
LIBSASL_API void sasl_config_done(void);
#ifdef WIN32
/* Just in case a different DLL defines this as well */
#if defined(NEED_GETOPT)
LIBSASL_API int getopt(int argc, char **argv, char *optstring);
#endif
LIBSASL_API char * getpass(const char *prompt);
#endif /* WIN32 */
#ifdef __cplusplus
}
#endif
#endif /* SASLUTIL_H */
0707010001f8bd000041ed000017820000044e0000000353419f6400000000000002350000002700000000000000000000000c00000000reloc/share 0707010001f8be000041ed000017820000044e0000000453419f6400000000000002350000002700000000000000000000001000000000reloc/share/man 0707010001f8c4000041ed000017820000044e0000000253419f6400000000000002350000002700000000000000000000001500000000reloc/share/man/man3 0707010001f8d1000081a4000017820000044e0000000153419f63000010ca000002350000002700000000000000000000002900000000reloc/share/man/man3/sasl_client_start.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_client_start 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_client_start \- Begin an authentication negotiation
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_client_start(sasl_conn_t * " conn ", "
.BI " const char * " mechlist ", "
.BI " sasl_interact_t ** " prompt_need ", "
.BI " const char ** " clientout ", "
.BI " unsigned * " clientoutlen ", "
.BI " const char ** " mech ");"
.fi
.SH DESCRIPTION
.B sasl_client_start()
selects a mechanism for authentication and starts the authentication
session. The mechlist is the list of mechanisms the client might like
to use. The mechanisms in the list are not necessarily supported by
the client or even valid. SASL determines which of these to use based
upon the security preferences specified earlier. The list of
mechanisms is typically a list of mechanisms the server supports
acquired from a capability request.
If SASL_INTERACT is returned the library needs some values to be
filled in before it can proceed. The prompt_need structure will be
filled in with requests. The application should fulfill these requests
and call sasl_client_start again with identical parameters (the
prompt_need parameter will be the same pointer as before but filled in
by the application).
.PP
.I mechlist
is a list of mechanisms the server has available. Punctuation is ignored.
.PP
.I prompt_need
is filled in with a list of prompts needed to continue (if necessary).
.PP
.I clientout
and
.I clientoutlen
is created. It is the initial client response to send to the
server. It is the job of the
client to send it over the network to the server.
Any protocol specific encoding (such as base64
encoding) necessary needs to be done by the client.
If the protocol lacks client-send-first capability, then set
.I clientout
to NULL.
If there is no initial client-send, then
.I *clientout
will be set to NULL on return.
.I mech
contains the name of the chosen SASL mechanism (on success)
.SH "RETURN VALUE"
sasl_client_start returns an integer which corresponds to one of the
following codes. SASL_CONTINUE indicates success and that there are
more steps needed in the authentication. All other return codes
indicate errors and should either be handled or the authentication
session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_step(3)
0707010001f8ca000081a4000017820000044e0000000153419f620000105d000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_callbacks.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_callbacks 3 "12 February 2006" SASL "SASL man pages"
.SH NAME
sasl_callbacks \- How to work with SASL callbacks
.SH SYNOPSIS
.nf
.B #include
.fi
.SH DESCRIPTION
.B sasl_callbacks
are used when the application needs some information from the
application. Common reasons are getting for getting usernames and
passwords. A client MUST specify what callbacks they support in the
sasl_client/server_init() or sasl_client/server_new() calls. If an
authentication mechanism needs a callback that the application does
not state it supports it cannot be used.
If a callback has an
.B id
parameter that should be checked to make sure you are giving the appropriate value.
If an application is using the client side of the library functions to handle the callbacks are not necessary. Instead the application may deal with callbacks via SASL_INTERACT's. See sasl_client_start/step() for more information.
The list of callbacks follows:
.SH Common Callbacks
.TP 0.8i
sasl_getopt_t
Get an option value
.TP 0.8i
sasl_log_t
Log message handler
.TP 0.8i
sasl_getpath_t
Get path to search for plugins (e.g. SASL mechanisms)
.TP 0.8i
sasl_verifyfile_t
Verify files for use by SASL
.TP 0.8i
sasl_canon_user_t
Username canonicalization function.
.SH Client-only Callbacks
.TP 0.8i
sasl_getsimple_t
Get user/language list
.TP 0.8i
sasl_getsecret_t
Get authentication secret
.TP 0.8i
sasl_chalprompt_t
Display challenge and prompt for response
.TP 0.8i
sasl_getrealm_t
Get the realm for authentication
.SH Server-only Callbacks
.TP 0.8i
sasl_authorize_t
Authorize policy callback
.TP 0.8i
sasl_server_userdb_checkpass_t
verify plaintext password
.TP 0.8i
sasl_server_userdb_setpass_t
set plaintext password
.TP 0.8i
sasl_getconfpath_t
Get path to search for SASL configuration file (server side only). New in SASL 2.1.22.
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK typically indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_authorize_t(3), sasl_log_t(3), sasl_getpath_t(3),
sasl_getconfpath_t(3), sasl_verifyfile_t(3), sasl_canon_user_t(3), sasl_getsimple(3),
sasl_getsecret_t(3), sasl_chalprompt_t(3), sasl_getrealm_t(3),
sasl_authorize_t(3), sasl_server_userdb_checkpass_t(3),
sasl_server_userdb_setpass_t(3)
0707010001f8ec000081a4000017820000044e0000000153419f6300000bf4000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_setpass.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_setpass 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_setpass \- Check a plaintext password
.SH SYNOPSIS
.nf
.B #include
.BI "int sasl_setpass(sasl_conn_t *" conn ", "
.BI " const char *" user ", "
.BI " const char *" pass ", unsigned " passlen ","
.BI " const char *" oldpass ", unsigned " oldpasslen ","
.BI " unsigned " flags ")"
.SH DESCRIPTION
.B sasl_setpass
will set passwords in the sasldb, and trigger the setpass callbacks for all
available mechanisms.
.I user
is the username to set the password for.
.I pass
and
.I passlen
are the password to set and its length
.I oldpass
and
.I oldpasslen
are the old password & its length (and are optional)
.I flags
Are flags including SASL_SET_CREATE and SASL_SET_DISABLE (to cause the
creating of nonexistent accounts and the disabling of an account,
respectively)
.SH NOTES
.I oldpass
and
.I oldpasslen
are unused in the Cyrus SASL implementation, though are passed on to
any mechanisms that may require them.
.SH "RETURN VALUE"
Returns SASL_OK on success. SASL error code on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_checkpass(3)0707010001f8eb000081a4000017820000044e0000000153419f6300000c83000002350000002700000000000000000000003400000000reloc/share/man/man3/sasl_server_userdb_setpass_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_userdb_setpass_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_userdb_setpass_t \- UserDB Plaintext Password Setting Callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_userdb_setpass_t(sasl_conn_t " *conn ","
.BI " void " *context ","
.BI " const char " *user ","
.BI " const char " *pass ","
.BI " unsigned " passlen ","
.BI " struct propctx " *propctx ","
.BI " unsigned " flags ")"
.fi
.SH DESCRIPTION
.B sasl_server_userdb_setpass_t
is used to store or change a plaintext password in the callback-supplier's
user database.
.I context
context from the callback record
.I user
NUL terminated user name with user@realm syntax
.I pass
password to check (may not be NUL terminated)
.I passlen
length of the password
.I propctx
Auxilliary Properties (not stored)
.I flags
These are the same flags that are passed to sasl_setpass(3), and are documented
on that man page.
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_userdb_checkpass_t(3), sasl_setpass(3) 0707010001f8c6000081a4000017820000044e0000000153419f6200000b64000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_authorize_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_authorize_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_authorize_t \- The SASL authorization callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_authorize_t(void " *context ", "
.BI " const char " *requested_user ", unsigned " alen ","
.BI " const char " *auth_identity ", unsigned " alen ","
.BI " const char " *def_realm ", unsigned " urlen ","
.BI " struct propctx " *propctx ") "
.fi
.SH DESCRIPTION
.B sasl_authorize_t
is used to check whether the authorized user
.I auth_identity
may act as the user
.I requested_user.
For example the user root may wish to authenticate with his
credentials but act as the user tmartin (with all of tmartin's rights
not roots). A server application should be very careful, and probably
err on the side of caution, when determining which users may proxy as
whom.
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3)0707010001f8e9000081a4000017820000044e0000000153419f6300000cdb000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_server_step.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_step 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_step \- Perform a step in the authentication negotiation
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_step(sasl_conn_t " *conn ", "
.BI " const char " *clientin ", "
.BI " unsigned " clientinlen ", "
.BI " const char ** " serverout ", "
.BI " unsigned * " serveroutlen ");"
.SH DESCRIPTION
.B sasl_server_step()
performs a step in the authentication negotiation. It returns SASL_OK
if the whole negotiation is successful and SASL_CONTINUE if this step
is ok but at least one more step is needed.
.PP
.I conn
is the SASL connection context
.PP
.I clientin
is the data given by the client (decoded if the protocol encodes requests sent over the wire)
.I clientinlen
is the length of
.I clientin
.PP
.I serverout
and
.I serveroutlen
are set by the library and should be sent to the client.
.PP
.SH "RETURN VALUE"
sasl_server_step returns an integer which corresponds to one of the
SASL error codes. SASL_CONTINUE indicates success and that there are
more steps needed in the authentication. SASL_OK indicates that the
authentication is complete. All other return codes indicate errors and
should either be handled or the authentication session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3)
0707010001f8d6000081a4000017820000044e0000000153419f6200000c53000002350000002700000000000000000000002300000000reloc/share/man/man3/sasl_encode.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_encode 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_encode \- Encode data for transport to authenticated host
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_encode(sasl_conn_t " *conn ", "
.BI " const char * " input ", "
.BI " unsigned " inputlen ", "
.BI " const char ** " output ", "
.BI " unsigned * " outputlen ");"
.BI "int sasl_encodev(sasl_conn_t " *conn ", "
.BI " const struct iovec * " invec ", "
.BI " unsigned " numiov ", "
.BI " const char ** " output ", "
.BI " unsigned * " outputlen ");"
.fi
.SH DESCRIPTION
.B sasl_encode
encodes data to be sent to be sent to a remote host who we've had a successful authentication session with. If there is a negotiated security the data in signed/encrypted and the output should be sent without modification to the remote host. If there is no security layer the output is identical to the input.
.B sasl_encodev
does the same, but for a struct iovec instead of a character buffer.
.I output
contains the encoded data and is allocated/freed by the library.
.SH "RETURN VALUE"
Returns SASL_OK on success. See sasl_errors(3) for meanings of other return
codes.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_decode(3) 0707010001f8e3000081a4000017820000044e0000000153419f6300000979000002350000002700000000000000000000002100000000reloc/share/man/man3/sasl_idle.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_idle 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_idle \- Perform precalculations during an idle period
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_idle( sasl_conn_t " *conn ")"
.fi
.SH DESCRIPTION
.B sasl_idle
may be called during an idle period to allow the SASL library or any mechanisms
to perform any necessary precalculation.
.I conn
may be NULL to do precalculation prior to a connection taking place.
.SH "RETURN VALUE"
Returns 1 if action was taken, 0 if no action was taken.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3)
0707010001f8d3000081a4000017820000044e0000000153419f6300000bbb000002350000002700000000000000000000002300000000reloc/share/man/man3/sasl_decode.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_decode 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_decode \- Decode data received
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_decode(sasl_conn_t " *conn ", "
.BI " const char * " input ", "
.BI " unsigned " inputlen ", "
.BI " const char ** " output ", "
.BI " unsigned * " outputlen ");"
.fi
.SH DESCRIPTION
.B sasl_decode
decodes data received. After successful authentication this function
should be called on all data received. It decodes the data from
encrypted or signed form to plain data. If there was no security layer
negotiated the output is identical to the input.
.I output
contains the decoded data and is allocated/freed by the library.
One should not to give sasl_decode more data than the negotiated maxbufsize (see sasl_getprop).
Note that sasl_decode can succeed and outputlen can be zero. If this
is the case simply wait for more data and call sasl_decode again.
.PP
.SH "RETURN VALUE"
Returns SASL_OK on success. See sasl_errors(3) for meanings of other return
codes.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_encode(3) 0707010001f8ea000081a4000017820000044e0000000153419f6300000c27000002350000002700000000000000000000003600000000reloc/share/man/man3/sasl_server_userdb_checkpass_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_userdb_checkpass_t(sasl_conn_t " *conn ","
.BI " void " *context ","
.BI " const char " *user ","
.BI " const char " *pass ","
.BI " unsigned " passlen ","
.BI " struct propctx " *propctx ")"
.fi
.SH DESCRIPTION
.B sasl_server_userdb_checkpass_t
is used to verify a plaintext password against the callback supplier's user
database. This is to allow additional ways to encode the userPassword
property.
.I context
context from the callback record
.I user
NUL terminated user name with user@realm syntax
.I pass
password to check (may not be NUL terminated)
.I passlen
length of the password
.I propctx
property context to fill in with userPassword
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_userdb_setpass_t(3) 0707010001f8d7000081a4000017820000044e0000000153419f6200000c53000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_encodev.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_encode 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_encode \- Encode data for transport to authenticated host
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_encode(sasl_conn_t " *conn ", "
.BI " const char * " input ", "
.BI " unsigned " inputlen ", "
.BI " const char ** " output ", "
.BI " unsigned * " outputlen ");"
.BI "int sasl_encodev(sasl_conn_t " *conn ", "
.BI " const struct iovec * " invec ", "
.BI " unsigned " numiov ", "
.BI " const char ** " output ", "
.BI " unsigned * " outputlen ");"
.fi
.SH DESCRIPTION
.B sasl_encode
encodes data to be sent to be sent to a remote host who we've had a successful authentication session with. If there is a negotiated security the data in signed/encrypted and the output should be sent without modification to the remote host. If there is no security layer the output is identical to the input.
.B sasl_encodev
does the same, but for a struct iovec instead of a character buffer.
.I output
contains the encoded data and is allocated/freed by the library.
.SH "RETURN VALUE"
Returns SASL_OK on success. See sasl_errors(3) for meanings of other return
codes.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_decode(3) 0707010001f8d2000081a4000017820000044e0000000153419f6300001036000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_client_step.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_client_step 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_client_step \- Perform a step in the authentication negotiation
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_client_step(sasl_conn_t " *conn ", "
.BI " const char " *serverin ", "
.BI " unsigned " serverinlen ", "
.BI " sasl_interact_t ** " prompt_need ", "
.BI " const char ** " clientout ", "
.BI " unsigned * " clientoutlen ");"
.fi
.SH DESCRIPTION
.B sasl_client_step()
performs a step in the authentication negotiation. It returns SASL_OK
if the whole negotiation is successful and SASL_CONTINUE if this step
is ok but at least one more step is needed. A client should not assume
an authentication negotiation is successful just because the server
signaled success via protocol (i.e. if the server said ". OK
Authentication succeeded" in IMAP sasl_client_step should still be
called one more time with a serverinlen of zero.
If SASL_INTERACT is returned the library needs some values to be
filled in before it can proceed. The prompt_need structure will be
filled in with requests. The application should fulfill these requests
and call sasl_client_start again with identical parameters (the
prompt_need parameter will be the same pointer as before but filled in
by the application).
.I conn
is the SASL connection context
.PP
.I serverin
is the data given by the server (decoded if the protocol encodes requests sent over the wire)
.PP
.I serverinlen
is the length of serverin
.PP
.I clientout
and
.I clientoutlen
is created. It is the initial client response to send to the
server. It is the job of the
client to send it over the network to the server.
Any protocol specific encoding (such as base64
encoding) necessary needs to be done by the client.
.SH "RETURN VALUE"
sasl_client_step returns an integer which corresponds to one of the
following codes. SASL_CONTINUE indicates success and that there are
more steps needed in the authentication. SASL_OK indicates that the
authentication is complete. All other return codes indicate errors and
should either be handled or the authentication session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3)
0707010001f8d8000081a4000017820000044e0000000153419f63000009c4000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_errdetail.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_errdetail 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_errdetail \- Retrieve detailed information about an error
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "const char *sasl_errdetail( sasl_conn_t *conn )";
.fi
.SH DESCRIPTION
.B sasl_errdetail
provides more detailed information about the most recent error to occur,
beyond the information contained in the SASL result code.
.I conn
the connection context to inquire about.
.SH "RETURN VALUE"
Returns the string describing the error that occurred, or NULL if
no error has occurred, or there was an error retrieving it.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3)0707010001f8cc000081a4000017820000044e0000000153419f6300000b39000002350000002700000000000000000000002900000000reloc/share/man/man3/sasl_chalprompt_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_chalprompt_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_chalprompt_t \- Realm Acquisition Callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_chalprompt_t(void " *context ", int " id ", "
.BI " const char " *challenge ","
.BI " const char " *prompt ", const char " *defresult ","
.BI " const char " **result ", unsigned " *len ")"
.fi
.SH DESCRIPTION
.B sasl_chalprompt_t
is used to prompt for input in response to a server challenge.
.I context
context from the callback record
.I id
callback id (either SASL_CB_ECHOPROMPT or SASL_CB_NOECHOPROMPT)
.I challenge
the server's challenge
.I prompt
A prompt for the user
.I defresult
Default result (may be NULL)
.I result
The user's response (a NUL terminated string)
.I len
Length of the user's response.
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3) 0707010001f8c5000081a4000017820000044e0000000153419f6300000cb9000002350000002700000000000000000000001c00000000reloc/share/man/man3/sasl.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH SASL 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
SASL \- SASL authentication library
.SH DESCRIPTION
The CMU Cyrus SASL library is a general purpose authentication library for sever and client applications.
.B System Administrators:
For information on setting up/configuring the SASL library see the
.I System Administrators Guide
in the doc/ directory of the SASL distribution.
.B Programmers:
See man pages for individual sasl functions or the
.I Programmers Guide
in the doc/ directory of the SASL distribution.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl_authorize_t(3), sasl_auxprop(3), sasl_auxprop_getctx(3), sasl_auxprop_request(3), sasl_canon_user_t(3), sasl_callbacks(3), sasl_chalprompt_t(3), sasl_checkapop(3), sasl_checkpass(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3), sasl_decode(3), sasl_dispose(3), sasl_done(3), sasl_encode(3), sasl_encodev(3), sasl_errdetail(3), sasl_errors(3), sasl_errstring(3), sasl_errors(3), sasl_getopt_t(3), sasl_getpath_t(3), sasl_getprop(3), sasl_getrealm_t(3), sasl_getsecret_t(3), sasl_getsimple_t(3), sasl_idle(3), sasl_listmech(3), sasl_log_t(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3), sasl_server_userdb_checkpass_t(3), sasl_server_userdb_setpass_t(3), sasl_setpass(3), sasl_setprop(3), sasl_user_exists(3), sasl_verifyfile_t(3), sasl_global_listmech(3)
0707010001f8db000081a4000017820000044e0000000153419f6300000a6c000002350000002700000000000000000000002a00000000reloc/share/man/man3/sasl_getconfpath_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getconfpath_t 3 "12 February 2006" SASL "SASL man pages"
.SH NAME
sasl_getconfpath_t \- The SASL callback to indicate location of the config files
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getconfpath_t(void " *context ", "
.BI " char ** " path ")";
.fi
.SH DESCRIPTION
.B sasl_getconfpath_t
is used if the application wishes to use a different location for the SASL configuration files. If this callback is not used SASL will either use the location in the environment variable SASL_CONF_PATH (provided we are not SUID or SGID) or /etc/sasl2 by default.
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3)
0707010001f8c8000081a4000017820000044e0000000153419f63000009cd000002350000002700000000000000000000002b00000000reloc/share/man/man3/sasl_auxprop_getctx.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_auxprop_getctx 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_auxprop_getctx \- Acquire an auxiliary property context
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_auxprop_getctx(sasl_conn_t " *conn ")"
.fi
.SH DESCRIPTION
.B sasl_auxprop_getctx
will return an auxiliary property context for the given sasl_conn_t on which
the functions described in sasl_auxprop(3) can operate.
.I conn
the sasl_conn_t for which the request is being made.
.SH "RETURN VALUE"
Returns a pointer the the context on success. Returns NULL on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_auxprop(3), sasl_auxprop_request(3) 0707010001f8cb000081a4000017820000044e0000000153419f6200000d4b000002350000002700000000000000000000002900000000reloc/share/man/man3/sasl_canon_user_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_canon_user_t(sasl_conn_t " *conn ","
.BI " void " *context ","
.BI " const char " *user ", unsigned " ulen ","
.BI " unsigned " flags ","
.BI " const char " *user_realm ","
.BI " char " *out_user ", unsigned " out_umax ","
.BI " unsigned " *out_ulen ")"
.fi
.SH DESCRIPTION
.B sasl_canon_user_t
Is the callback for an application-supplied user canonicalization function.
This function is subject to the requirements that all user canonicalization
functions are: It must copy the result into the output buffers, but the
output buffers and the input buffers may be the same.
.I context
context from the callback record
.I user
and
.I ulen
Un-canonicalized username (and length)
.I flags
Either SASL_CU_AUTHID (indicating the authentication ID is being canonicalized)
or SASL_CU_AUTHZID (indicating the authorization ID is to be canonicalized)
or a bitwise OR of the the two.
.I user_realm
Realm of authentication.
.I out_user
and
.I out_umax
and
.I out_ulen
The output buffer, max length, and actual length for the username.
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3)
0707010001f8e5000081a4000017820000044e0000000153419f62000009a7000002350000002700000000000000000000002200000000reloc/share/man/man3/sasl_log_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_log_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_log_t \- The SASL logging callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_log_t(void " *context ", "
.BI " int " level ", "
.BI " const char * " message ")";
.fi
.SH DESCRIPTION
.B sasl_log_t
is used to log warning/error messages from the SASL library. If not
specified syslog will be used.
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3) 0707010001f8d9000081a4000017820000044e0000000153419f6300000f60000002350000002700000000000000000000002300000000reloc/share/man/man3/sasl_errors.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_errors 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_errors \- SASL error codes
.SH SYNOPSIS
.nf
.B #include
.fi
.SH DESCRIPTION
The following are the general error codes that may be returned by
calls into the SASL library, and their meanings (that may vary
slightly based on context):
.SH Common Result Codes
.TP 0.8i
SASL_OK
Success
.TP 0.8i
SASL_CONTINUE
Another step is needed in authentication
.TP 0.8i
SASL_FAIL
Generic Failure
.TP 0.8i
SASL_NOMEM
Memory shortage failure
.TP 0.8i
SASL_BUFOVER
Overflowed buffer
.TP 0.8i
SASL_NOMECH
Mechanism not supported / No mechanisms matched requirements
.TP 0.8i
SASL_BADPROT
Bad / Invalid Protocol or Protocol cancel
.TP 0.8i
SASL_NOTDONE
Can't request information / Not applicable until later in exchange
.TP 0.8i
SASL_BADPARAM
Invalid Parameter Supplied
.TP 0.8i
SASL_TRYAGAIN
Transient Failure (e.g. weak key)
.TP 0.8i
SASL_BADMAC
Integrity Check Failed
.TP 0.8i
SASL_NOTINIT
SASL library not initialized
.SH Client-only Result Codes
.TP 0.8i
SASL_INTERACT
Needs user interaction
.TP 0.8i
SASL_BADSERV
Server failed mutual authentication step
.TP 0.8i
SASL_WRONGMECH
Mechanism does not support requested feature
.SH Server-only Result Codes
.TP 0.8i
SASL_BADAUTH
Authentication Failure
.TP 0.8i
SASL_NOAUTHZ
Authorization Failure
.TP 0.8i
SASL_TOOWEAK
Mechanism too weak for this user
.TP 0.8i
SASL_ENCRYPT
Encryption needed to use mechanism
.TP 0.8i
SASL_TRANS
One time use of a plaintext password will enable requested mechanism for user
.TP 0.8i
SASL_EXPIRED
Passphrase expired, must be reset
.TP 0.8i
SASL_DISABLED
Account Disabled
.TP 0.8i
SASL_NOUSER
User Not Found
.TP 0.8i
SASL_BADVERS
Version mismatch with plug-in
.TP 0.8i
SASL_NOVERIFY
USer exists, but no verifier for user
.SH Password Setting Result Codes
.TP 0.8i
SASL_PWLOCK
Passphrase locked
.TP 0.8i
SASL_NOCHANGE
Requested change was not needed
.TP 0.8i
SASL_WEAKPASS
Passphrase is too week for security policy.
.TP 0.8i
SASL_NOUSERPASS
User supplied passwords are not permitted
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3)
0707010001f8c7000081a4000017820000044e0000000153419f6300001cd2000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_auxprop.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_auxprop 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_auxprop \- How to work with SASL auxiliary properties
.SH SYNOPSIS
.nf
.B #include
.BI "struct propctx *prop_new(unsigned " estimate ") "
.BI "int prop_dup(struct propctx " *src_ctx ", "
.BI " struct propctx " *dst_ctx ")"
.BI "int prop_request(struct propctx " *ctx ", "
.BI " const char " **names ")"
.BI "const struct propval *prop_get(struct propctx " *ctx ")"
.BI "int prop_getnames(struct propctx " *ctx ", const char " **names ","
.BI " struct porpval " *vals ")"
.BI "void prop_clear(struct propctx " *ctx ", int " requests ")"
.BI "void prop_erase(struct propctx " *ctx ", const char " *name ")"
.BI "void prop_dispose(struct propctx " **ctx ")"
.BI "int prop_format(struct propctx " *ctx ", const char " *sep ", int " seplen ", "
.BI " char " *outbuf ", unsigned " outmax ", unsigned " *outlen ")"
.BI "int prop_set(struct propctx " *ctx ", const char " *name ","
.BI " const char " *value ", int " vallen ")"
.BI "int prop_setvals(struct propctx " *ctx ", const char " *name ","
.BI " const char " **values ")"
.SH DESCRIPTION
.B SASL auxiliary properties
are used to obtain properties from external sources during the authentication
process. For example, a mechanism might need to query an LDAP server to
obtain the authentication secret. The application probably needs other
information from there as well, such as home directory or UID. The
auxiliary property interface allows the two to cooperate, and only results
in a single query against the LDAP server (or other property sources).
Property lookups take place directly after user canonicalization occurs.
Therefore, all requests should be registered with he context before that
time. Note that requests can also be registered using the
sasl_auxprop_request(3) function. Most of the functions listed below,
however, require a property context which can be obtained by calling
sasl_auxprop_getctx(3).
.SH API Description
.TP 0.8i
struct propctx *prop_new(unsigned estimate)
Create a new property context. Probably unnecessary for application
developers to call this at any point.
.I estimate
is the estimate of storage needed total for requests & responses.
A value of 0 will imply the library default.
.TP 0.8i
int prop_dup(struct propctx *src_ctx, struct propctx *dst_ctx)
Duplicate a given property context.
.TP 0.8i
int prop_request(struct propctx *ctx, const char **names)
Add properties to the request list of a given context.
.I names
is the NULL-terminated array of property names, and must persist until
the requests are cleared or the context is disposed of with a call
to prop_dispose.
.TP 0.8i
const struct propval *prop_get(struct propctx *ctx)
Returns a NULL-terminated array of struct propval from the given context.
.TP 0.8i
int prop_getnames(struct propctx *ctx, const char **names,
struct porpval *vals)
Fill in a (provided) array of struct propval based on a list of property
names. This implies that the vals array is at least as long as the
names array. The values that are filled in by this call
persist until next call to prop_request, prop_clear,
or prop_dispose on context. If a name specified here was never requested,
that its associated values entry will be set to NULL.
Returns number of matching properties that were found, or a SASL error code.
.TP 0.8i
void prop_clear(struct propctx *ctx, int requests)
Clear values and optionally requests from a property context.
.I requests
is 1 if the requests should be cleared, 0 otherwise.
.TP 0.8i
void prop_erase(struct propctx *ctx, const char *name)
Securely erase the value of a property.
.I name
is the name of the property to erase.
.TP 0.8i
void prop_dispose(struct propctx **ctx)
Disposes of a property context and NULLifys the pointer.
.TP 0.8i
int prop_format(struct propctx *ctx, const char *sep, int seplen,
char *outbuf, unsigned outmax, unsigned *outlen)
Format the requested property names into a string. This not intended
for use by the application (only by auxprop plugins).
.I sep
Is the separator to use for the string
.I outbuf
Is the caller-allocated buffer of length
.I outmax
that the resulting string will be placed in (including NUL terminator).
.I outlen
if non-NULL, will contain the length of the resulting string (excluding NUL terminator).
.TP 0.8i
int prop_set(struct propctx *ctx, const char *name, const char *value,
int vallen)
Adds a property value to the context. This is intended for use by auxprop
plugins only.
.I name
is the name of the property to receive the new value, or NULL, which
implies that the value will be added to the same property as the last
call to either prop_set or prop_setvals.
.I value
is a value for the property of length
.I vallen
.TP 0.8i
int prop_setvals(struct propctx *ctx, const char *name, const char **values)
Adds multiple values to a single property. This is intended for use by
auxprop plugins only.
.I name
has the same meaning as in
.B prop_set
.I values
are a NULL-terminated array of values to be added the property.
.SH "RETURN VALUE"
The property functions that return an int return SASL error codes.
See sasl_errors(3). Those that return pointers will return a valid pointer
on success, or NULL on any error.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_auxprop_request(3), sasl_auxprop_getctx(3)
0707010001f8d5000081a4000017820000044e0000000153419f62000008e9000002350000002700000000000000000000002100000000reloc/share/man/man3/sasl_done.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_done 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_done \- Dispose of a SASL connection object
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "void sasl_done( void )";
.fi
.SH DESCRIPTION
.B sasl_done
is called when the application is completely done with the SASL library.
.PP
.SH "RETURN VALUE"
No return values
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_server_init(3), sasl_client_init(3) 0707010001f8ce000081a4000017820000044e0000000153419f6200000b70000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_checkpass.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_checkpass 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_checkpass \- Check a plaintext password
.SH SYNOPSIS
.nf
.B #include
.BI "int sasl_checkpass(sasl_conn_t *" conn ", "
.BI " const char *" user ", "
.BI " unsigned " userlen ", "
.BI " const char *" pass ", "
.BI " unsigned " passlen "); "
.SH DESCRIPTION
.B sasl_checkpass()
will check a plaintext password. This is needed for protocols that had a login method before SASL (for example the LOGIN command in IMAP). The password is checked with the
.I pwcheck_method
See sasl_callbacks(3) for information on how this parameter is set.
.SH "RETURN VALUE"
sasl_checkpass returns an integer which corresponds to one of the
following codes. SASL_OK indicates that the authentication is
complete. All other return codes indicate errors and should either be
handled or the authentication session should be quit. See sasl_errors(3)
for meanings of return codes.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_callbacks(3), sasl_setpass(3)
0707010001f8e4000081a4000017820000044e0000000153419f6200000d75000002350000002700000000000000000000002500000000reloc/share/man/man3/sasl_listmech.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_listmech \- Retrieve a list of the supported SASL mechanisms
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_listmech(sasl_conn_t *" conn ", "
.BI " const char *" user ", "
.BI " const char *" prefix ", "
.BI " const char *" sep ", "
.BI " const char *" suffix ", "
.BI " const char **" result ", "
.BI " unsigned *" plen ", "
.BI " int *" pcount ");"
.fi
.SH DESCRIPTION
.B sasl_listmech()
returns a string listing the SASL names of all the mechanisms available to the specified user. This is typically given to the client through a capability command or initial server response. Client applications need this list so that they know what mechanisms the server supports.
.I conn
the SASL context for this connection
.I user
(optional) restricts the mechanism list to only those available to the user.
.I prefix
appended to beginning of result
.I sep
appended between mechanisms
.I suffix
appended to end of result
.I result
NULL terminated result string (allocated/freed by library)
.I plen
length of result filled in by library. May be NULL
.I pcount
Number of mechanisms available (filled in by library). May be NULL
.nf
Example:
sasl_listmech(conn,NULL,"(",",",")",&mechlist,NULL,NULL);
may give the string
.BI (ANONYMOUS,KERBEROS_V4,DIGEST-MD5)
as a result
.PP
.SH "RETURN VALUE"
Returns SASL_OK on success. SASL error code on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3)
0707010001f8e8000081a4000017820000044e0000000153419f6300000fce000002350000002700000000000000000000002900000000reloc/share/man/man3/sasl_server_start.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_start 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_start \- Begin an authentication negotiation
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_start(sasl_conn_t * " conn ", "
.BI " const char * " mech ", "
.BI " const char * " clientin ", "
.BI " unsigned * " clientinlen ", "
.BI " const char ** " serverout ", "
.BI " unsigned * " serveroutlen ");"
.fi
.SH DESCRIPTION
.B sasl_server_start()
begins the authentication with the mechanism specified with mech. This
fails if the mechanism is not supported. SASL_OK is returned if the
authentication is complete and the user is
authenticated. SASL_CONTINUE is returned if one or more steps are
still required in the authentication. All other return values indicate
failure.
.PP
.I conn
is the SASL context for this connection
.PP
.I mech
is the mechanism name that the client requested
.PP
.I clientin
is the client initial response, NULL if the protocol lacks support for
client-send-first or if the other end did not have an initial send. Note that
no initial client send is distinct from an initial send of a null string,
and the protocol MUST account for this difference.
.PP
.I clientinlen
is the length of initial response
.PP
.I serverout
is created by the plugin library. It is the initial server response to send to the client. This is allocated/freed by the library and it is the job of the client to send it over the network to the server. Also protocol specific encoding (such as base64 encoding) must needs to be done by the server.
.PP
.I serveroutlen
is set to the length of initial server challenge
.PP
.PP
.SH "RETURN VALUE"
sasl_server_start returns an integer which corresponds to one of the
SASL errorcodes. SASL_OK indicates that authentication is completed
successfully. SASL_CONTINUE indicates success and that there are
more steps needed in the authentication. All other return codes
indicate errors and should either be handled or the authentication
session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_step(3)
0707010001f8e6000081a4000017820000044e0000000153419f6300000c69000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_server_init.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_init 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_server_init \- SASL server authentication initialization
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_init(const sasl_callback_t " *callbacks ", "
.BI " const char " *appname ");"
.fi
.SH DESCRIPTION
.B sasl_server_init()
initializes SASL. It must be called before any calls to
sasl_server_start, and only once per process.
This call initializes all SASL mechanism drivers
(e.g. authentication mechanisms). These are usually found in the
/usr/lib/sasl2 directory but the directory may be overridden with the
SASL_PATH environment variable (or at compile time).
.PP
.I callbacks
specifies the base callbacks for all client connections. See
the sasl_callbacks man page for more information.
.PP
.I appname
is the name of the application. It is used for where to find the
default configuration file.
.PP
.SH "RETURN VALUE"
sasl_server_init returns an integer which corresponds to one of the
SASL error codes. SASL_OK is the only one that indicates success. All
others indicate errors and should either be handled or the
authentication session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3)
0707010001f8df000081a4000017820000044e0000000153419f6300000b6b000002350000002700000000000000000000002700000000reloc/share/man/man3/sasl_getrealm_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getrealm_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getrealm_t \- Realm Acquisition Callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getrealm_t(void " *context ", int " id ", "
.BI " const char " **availrealms ","
.BI " const char " **result ")"
.fi
.SH DESCRIPTION
.B sasl_getrealm_t
is used when there is an interaction with SASL_CB_GETREALM as the type.
If a mechanism would use this callback, but it is not present, then the first
realm listed is automatically selected. (Note that a mechanism may still
force the existence of a getrealm callback by SASL_CB_GETREALM to its
required_prompts list).
.I context
context from the callback record
.I id
callback ID (SASL_CB_GETREALM)
.I availrealms
A string list of the available realms. NULL terminated, may be empty.
.I result
The chosen realm. (a NUL terminated string)
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3)
0707010001f8de000081a4000017820000044e0000000153419f6300000da1000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_getprop.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getprop 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getprop \- Get a SASL property
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getprop(sasl_conn_t " *conn ", "
.BI " int " propnum ", "
.BI " const void ** " pvalue ");"
.fi
.SH DESCRIPTION
.B sasl_getprop
gets the value of a SASL property. For example after successful
authentication a server may wish to know the authorization name. Or a
client application may wish to know the strength of the negotiated
security layer.
.I conn
is the SASL connection object.
.I propnum
is the identifier for the property requested and
.I pvalue
is filled in on success. List of properties follows:
.nf
SASL_USERNAME - pointer to NUL terminated user name
SASL_SSF - security layer security strength factor,
if 0, call to sasl_encode, sasl_decode unnecessary
SASL_MAXOUTBUF - security layer max output buf unsigned
SASL_DEFUSERREALM - server authentication realm used
SASL_GETOPTCTX - context for getopt callback
SASL_IPLOCALPORT - local address string
SASL_IPREMOTEPORT - remote address string
SASL_SERVICE - service passed to sasl_*_new
SASL_SERVERFQDN - serverFQDN passed to sasl_*_new
SASL_AUTHSOURCE - name of auth source last used, useful for failed
authentication tracking
SASL_MECHNAME - active mechanism name, if any
SASL_PLUGERR - similar to sasl_errdetail
.fi
.PP
.SH "RETURN VALUE"
Returns SASL_OK on success. SASL error code on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3)
0707010001f8ed000081a4000017820000044e0000000153419f6300000c80000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_setprop.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_setprop 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_setprop \- Set a SASL property
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_setprop(sasl_conn_t " *conn ", "
.BI " int " propnum ", "
.BI " const void * " pvalue ")"
.fi
.SH DESCRIPTION
.B sasl_setprop
sets the value of a SASL property. For example an application should tell the SASL library about any external negotiated security layer (i.e. TLS).
.I conn
is the SASL connection object.
.I propnum
is the identifier for the property requested and
.I pvalue
contains a pointer to the data. It is the applications job to make sure this type is correct. This is an easy way to crash a program.
.nf
SASL_AUTH_EXTERNAL - external authentication ID (const char *)
SASL_SSF_EXTERNAL - external SSF active -- (sasl_ssf_t)
SASL_DEFUSERREALM - user realm (const char *)
SASL_SEC_PROPS - sasl_security_properties_t (may be freed after call)
SASL_IPLOCALPORT - string describing the local ip and port in the form
"a.b.c.d;p", or "e:f:g:h:i:j:k:l;port"
SASL_IPREMOTEPORT - string describing the remote ip and port in the form
"a.b.c.d;p", or "e:f:g:h:i:j:k:l;port"
.fi
.SH "RETURN VALUE"
Returns SASL_OK on success. SASL error code on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3)
0707010001f8dc000081a4000017820000044e0000000153419f6300000caf000002350000002700000000000000000000002500000000reloc/share/man/man3/sasl_getopt_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getopt_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getopt_t \- The SASL get option callback
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getopt_t(void " *context ", "
.BI " const char " *plugin_name ", "
.BI " const char " *option ", "
.BI " const char ** " result ", "
.BI " unsigned * " len ")";
.fi
.SH DESCRIPTION
.B sasl_getopt_t
is used to retrieve an option, often mechanism specific, from the
application. An example of this is requested what KERBEROS_V4 srvtab
file to use.
.I plugin_name
is the plugin this value if for.
.I option
is a string representing the option. A common option that all server
applications should handle is \"pwcheck_method\" which represents the
method for checking plaintext passwords. See the administrators guide
for a full description of this option.
.PP
Memory management of options supplied by the getopt callback should be
done by the application, however, any requested option must remain available
until the callback is no longer valid. That is, when sasl_dispose is called for a
the connection it is associated with, or sasl_done is called for global callbacks.
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3)
0707010001f8d4000081a4000017820000044e0000000153419f620000098a000002350000002700000000000000000000002400000000reloc/share/man/man3/sasl_dispose.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_dispose 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_dispose \- Dispose of a SASL connection object
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "void sasl_dispose(" sasl_conn_t " **pconn )";
.fi
.SH DESCRIPTION
.B sasl_dispose
is called when a SASL connection object is no longer needed. Note that
this is usually when the protocol session is done NOT when the
authentication is done since a security layer may have been
negotiated.
.PP
.SH "RETURN VALUE"
No return values
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_server_new(3), sasl_client_new(3) 0707010001f8e0000081a4000017820000044e0000000153419f6300000ad1000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_getsecret_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getsecret_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getsecret_t \- The SASL callback for secrets (passwords)
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getsecret_t(sasl_conn_t " *conn ", "
.BI " void " *context ", "
.BI " int " id ", "
.BI " sasl_secret_t ** " psecret ")";
.fi
.SH DESCRIPTION
.B sasl_getsecret_t
is used to retrieve the secret from the application. A sasl_secret_t should be allocated to length sizeof(sasl_secret_t)+. It has two fields
.I len
which is the length of the secret in bytes and
.I data
which contains the secret itself (does not need to be null terminated).
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3) 0707010001f8da000081a4000017820000044e0000000153419f6200000c43000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_errstring.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_errstring 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_errstring \- Translate a SASL return code to a human-readable form
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "const char * sasl_errstring(int " saslerr ", "
.BI " const char * " langlist ", "
.BI " const char ** " outlang ");"
.fi
.SH DESCRIPTION
.B sasl_usererr
is called to convert a SASL return code (an integer) into a human
readable string. At this time the only language available is american
english written by programmers (aka gobbledygook).
Note that a server should call sasl_usererr on a return code first if
the string is going to be sent to the client.
.PP
.I saslerr
specifies the error number to convert.
.PP
.I langlist
is currently unused; Use NULL.
.PP
.I outlang
specifies the desired RFC 1766 language for output. NULL defaults to "en-us,"
currently the only supported language.
.PP
It should be noted that this function is not the recommended means of
extracting error code information from SASL, instead application should
use sasl_errdetail(3), which contains this information (and more)
.PP
.SH "RETURN VALUE"
Returns the string. If langlist is NULL, US-ASCII is used.
.PP
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errdetail(3), sasl_errors(3)
0707010001f8d0000081a4000017820000044e0000000153419f630000117f000002350000002700000000000000000000002700000000reloc/share/man/man3/sasl_client_new.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_client_new 3 "21 June 2001" SASL "SASL man pages"
.SH NAME
sasl_client_new \- Create a new client authentication object
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_client_new(const char " *service ", "
.BI " const char " *serverFQDN ", "
.BI " const char " *iplocalport ", "
.BI " const char " *ipremoteport ", "
.BI " const sasl_callback_t " *prompt_supp,
.BI " unsigned " flags ", "
.BI " sasl_conn_t ** " pconn ");"
.fi
.SH DESCRIPTION
.B sasl_client_new()
creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentication and integrity/encryption layers after authentication.
.PP
.I service
is the registered name of the service (usually the protocol name) using SASL (e.g. "imap").
.PP
.I serverFQDN
is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu").
.PP
.I iplocalport
is the IP and port of the local side of the connection, or NULL. If
iplocalport is NULL it will disable mechanisms that require IP address
information. This strings must be in one of the following formats:
"a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6),
or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)
.PP
.I ipremoteport
is the IP and port of the remote side of the connection, or NULL (see
iplocalport)
.PP
.I prompt_supp
is a list of client interactions supported that is unique to this connection. If this parameter is NULL the global callbacks (specified in sasl_client_init) will be used. See sasl_callback for more information.
.PP
.I flags
are connection flags (see below)
.PP
.I pconn
is the connection context allocated by the library. This structure will be used for all future SASL calls for this connection.
.PP
.B Connection Flags
.PP
Flags that may be passed to
.B sasl_server_new()
include
.TP 0.8i
.B SASL_SUCCESS_DATA
The protocol supports a server-last send
.TP 0.8i
.B SASL_NEED_PROXY
Force the use of a mechanism that supports an authorization id that is
not the authentication id.
.SH "RETURN VALUE"
sasl_client_new returns an integer which corresponds to one of the
following codes. SASL_OK is the only one that indicates success. All
others indicate errors and should either be handled or the
authentication session should be quit.
.SH ERRORS
.TP 0.8i
.B SASL_OK
Success
.TP 0.8i
.B SASL_BADPARAM
Error in config file or passed parameters
.TP 0.8i
.B SASL_NOMECH
No mechanism meets requested properties
.TP 0.8i
.B SASL_NOMEM
Not enough memory to complete operation
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3)
0707010001f8e1000081a4000017820000044e0000000153419f6300000b57000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_getsimple_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getsimple_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getsimple_t \- The SASL callback for username/authname/realm
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getsimple_t(void " *context ", "
.BI " int " id ", "
.BI " const char ** " result ", "
.BI " unsigned * " len ")";
.fi
.SH DESCRIPTION
.B sasl_getsimple_t
is used to retrieve simple things from the application. In practice this is authentication name, authorization name, and realm. The
.BI id
parameter indicates which value is being requested.
Possible values include:
.nf
SASL_CB_USER - Client user identity to login as
SASL_CB_AUTHNAME - Client authentication name
SASL_CB_LANGUAGE - Comma-separated list of RFC 1766 languages
SASL_CB_CNONCE - Client-nonce (for testing mostly)
.fi
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3) 0707010001f8ef000081a4000017820000044e0000000153419f6300000b8f000002350000002700000000000000000000002900000000reloc/share/man/man3/sasl_verifyfile_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_verifyfile_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_verifyfile_t \- The SASL file verification
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "typedef enum {"
SASL_VRFY_PLUGIN, /* a DLL/shared library plugin */
SASL_VRFY_CONF, /* a configuration file */
SASL_VRFY_PASSWD, /* a password storage file */
SASL_VRFY_OTHER /* some other file type */
.BI "} sasl_verify_type_t"
.BI "int sasl_verifyfile_t(void " *context ", "
.BI " const char " *file ","
.BI " sasl_verify_type_t " type ")"
.fi
.SH DESCRIPTION
.B sasl_verifyfile_t
is used to check whether a given file is okay for use by the SASL library.
this is intended to allow applications to sanity check the environment to
ensure that plugins or the config file cannot be written to, etc.
.I context
context from the callback record
.I file
full path of the file to verify
.I type
type of the file.
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3)
0707010001f8cf000081a4000017820000044e0000000153419f6300000c49000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_client_init.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_client_init 3 "21 June 2001" SASL "SASL man pages"
.SH NAME
sasl_client_init \- SASL client authentication initialization
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_client_init(const sasl_callback_t " *callbacks ");"
.fi
.SH DESCRIPTION
.B sasl_client_init()
initializes SASL. It must be called before any calls to
sasl_client_start. This call initializes all SASL client drivers
(e.g. authentication mechanisms). These are usually found in the
/usr/lib/sasl2 directory but the directory may be overridden with the
SASL_PATH environment variable.
.PP
.I callbacks
specifies the base callbacks for all client connections. See the sasl_callbacks man page for more information
.SH "RETURN VALUE"
sasl_client_init returns an integer which corresponds to one of the
following codes. SASL_OK is the only one that indicates success. All
others indicate errors and should either be handled or the
authentication session should be quit.
.SH ERRORS
.TP 0.8i
.B SASL_OK
Success
.TP 0.8i
.B SASL_BADVERS
Mechanism version mismatch
.TP 0.8i
.B SASL_BADPARAM
Error in config file
.TP 0.8i
.B SASL_NOMEM
Not enough memory to complete operation
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3)
0707010001f8cd000081a4000017820000044e0000000153419f6300000c26000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_checkapop.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_checkapop 3 "29 June 2001" SASL "SASL man pages"
.SH NAME
sasl_checkapop \- Check an APOP challenge/response
.SH SYNOPSIS
.nf
.B #include
.BI "int sasl_checkapop(sasl_conn_t *" conn ", "
.BI " const char *" challenge ", "
.BI " unsigned " challen ", "
.BI " const char *" response ", "
.BI " unsigned " resplen "); "
.SH DESCRIPTION
.B sasl_checkapop()
will check an APOP challenge/response. APOP is an optional POP3 (RFC 1939)
authentication command which uses a shared secret (password). The password is
stored in the SASL secrets database. For information on the SASL shared
secrets database see the
.I System Administrators Guide
in the doc/ directory of the SASL distribution.
.sp
If called with a
.BI "NULL" " challenge" ","
.B sasl_checkapop()
will check to see if the APOP mechanism is enabled.
.SH "RETURN VALUE"
sasl_checkapop returns an integer which corresponds to one of the
following codes. SASL_OK indicates that the authentication is
complete. All other return codes indicate errors and should either be
handled or the authentication session should be quit. See sasl_errors(3)
for meanings of return codes.
.SH "CONFORMING TO"
RFC 4422, RFC 1939
.SH "SEE ALSO"
sasl(3), sasl_errors(3) 0707010001f8dd000081a4000017820000044e0000000153419f6300000a57000002350000002700000000000000000000002600000000reloc/share/man/man3/sasl_getpath_t.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_getpath_t 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_getpath_t \- The SASL callback to indicate location of the mechanism drivers
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_getpath_t(void " *context ", "
.BI " char ** " path ")";
.fi
.SH DESCRIPTION
.B sasl_getpath_t
is used if the application wishes to use a different location for the SASL mechanism drivers (the shared library files). If this callback is not used SASL will either use the location in the environment variable SASL_PATH or /usr/lib/sasl2 by default.
.PP
.SH "RETURN VALUE"
SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_callbacks(3), sasl_errors(3)
0707010001f8c9000081a4000017820000044e0000000153419f6300000bd5000002350000002700000000000000000000002c00000000reloc/share/man/man3/sasl_auxprop_request.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_auxprop_request 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_auxprop_request \- Request Auxiliary Properties from SASL
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_auxprop_request(sasl_conn_t " *conn ", "
.BI " const char ** " propnames ")"
.fi
.SH DESCRIPTION
.B sasl_auxprop_request
will request that the SASL library obtain properties from any auxiliary
property plugins that might be installed (such as the user's home directory
from an LDAP server for example). Such lookup occurs just after username
canonicalization is complete. Therefore, the request should be made before
the call to sasl_server_start(3), but after the call to sasl_server_new(3).
.I conn
the sasl_conn_t for which the request is being made.
.I propnames
a NULL-terminated array of property names to request. Note that this
array must persist until a call to sasl_dispose on the sasl_conn_t.
.SH "RETURN VALUE"
Returns SASL_OK on success. See sasl_errors(3) for meanings of other return
codes.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_auxprop(3), sasl_auxprop_getctx(3),
sasl_server_new(3), sasl_server_start(3)
0707010001f8e2000081a4000017820000044e0000000153419f63000009ad000002350000002700000000000000000000002c00000000reloc/share/man/man3/sasl_global_listmech.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_listmech \- Retrieve a list of the supported SASL mechanisms
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "const char ** sasl_global_listmech()"
.fi
.SH DESCRIPTION
.B sasl_global_listmech()
returns a null-terminated array of strings that lists all mechanisms that
are loaded by either the client or server side of the library.
.SH "RETURN VALUE"
Returns a pointer to the array on success. NULL on failure (sasl library
uninitialized).
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_listmech(3), sasl_server_init(3), sasl_client_init(3)
0707010001f8e7000081a4000017820000044e0000000153419f6300001045000002350000002700000000000000000000002700000000reloc/share/man/man3/sasl_server_new.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_server_new 3 "16 May 2001" SASL "SASL man pages"
.SH NAME
sasl_server_new \- Create a new server authentication object
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_server_new(const char " *service ", "
.BI " const char " *serverFQDN ", "
.BI " const char " *user_realm ", "
.BI " const char " *iplocalport ", "
.BI " const char " *ipremoteport ", "
.BI " const sasl_callback_t " *callbacks ", "
.BI " unsigned " flags ", "
.BI " sasl_conn_t ** " pconn ");"
.fi
.SH DESCRIPTION
.B sasl_server_new()
creates a new SASL context. This context will be used for all SASL
calls for one connection. It handles both authentication and
integrity/encryption layers after authentication.
.PP
.I service
is the registered name of the service (usually the protocol name) using SASL (e.g. "imap").
.PP
.I serverFQDN
is the fully qualified server domain name. NULL means use gethostname(). This is useful for multi-homed servers.
.PP
.I user_realm
is the domain of the user agent. This is usually not necessary (NULL is default)
.PP
.I iplocalport
is the IP and port of the local side of the connection, or NULL. If
iplocalport is NULL it will disable mechanisms that require IP address
information. This strings must be in one of the following formats:
"a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6),
or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)
.PP
.I ipremoteport
is the IP and port of the remote side of the connection, or NULL (see
iplocalport)
.PP
.I flags
are connection flags (see below)
.PP
.I pconn
is a pointer to the connection context allocated by the library. This
structure will be used for all future SASL calls for this connection.
.PP
.B Connection Flags
.TP 0.8i
.B SASL_SUCCESS_DATA
The protocol supports a server-last send
.TP 0.8i
.B SASL_NEED_PROXY
Force the use of a mechanism that supports an authorization id that is
not the authentication id.
.SH "RETURN VALUE"
.B sasl_server_new()
returns an integer which corresponds to one of the
SASL error codes. SASL_OK is the only one that indicates success. All
others indicate errors and should either be handled or the
authentication session should be quit.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_start(3), sasl_server_step(3), sasl_setprop(3)
0707010001f8ee000081a4000017820000044e0000000153419f6300000a51000002350000002700000000000000000000002800000000reloc/share/man/man3/sasl_user_exists.3 .\" -*- nroff -*-
.\"
.\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name "Carnegie Mellon University" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH sasl_user_exists 3 "10 July 2001" SASL "SASL man pages"
.SH NAME
sasl_user_exists \- Check if a user exists on server
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int sasl_user_exists( sasl_conn_t " *conn ","
.BI " const char " *service ", const char " *user_realm ","
.BI " const char " *user ")"
.fi
.SH DESCRIPTION
.B sasl_user_exists
will check if a user exists on the server.
.I conn
a connection context
.I service
Service name or NULL (for service name of connection context)
.I user_realm
Realm to check in or NULL (for default realm)
.I user
User name to check for existence of.
.SH "RETURN VALUE"
Returns SASL_OK on success. SASL error code on failure.
.SH "CONFORMING TO"
RFC 4422
.SH "SEE ALSO"
sasl(3), sasl_errors(3)
0707010001f8bf000041ed000017820000044e0000000253419f6400000000000002350000002700000000000000000000001600000000reloc/share/man/man1m 0707010001f8c1000081a4000017820000044e0000000153409a2600002414000002350000002700000000000000000000002300000000reloc/share/man/man1m/saslauthd.1m '\" t
.\" Title: saslauthd
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2
.\" Date: October 13, 2007
.\" Manual: System Administration Commands
.\" Source: saslauthd 2.1.26
.\" Language: English
.\"
.TH "SASLAUTHD" "1m" "October 13, 2007" "saslauthd 2.1.26" "System Administration Commands"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
saslauthd \- sasl authentication server
.SH "SYNOPSIS"
.HP \w'\fBsaslauthd\fR\ 'u
\fBsaslauthd\fR [\-a\ \fIauthmech\fR] [\-T] [\-v] [\-d] [\-c] [\-h] [\-l] [\-r] [\-O\ \fIoption\fR] [\-m\ \fIdir\fR] [\-n\ \fIthreads\fR] [\-s\ \fIsize\fR] [\-t\ \fItimeout\fR]
.SH "DESCRIPTION"
.PP
\fBsaslauthd\fR
is a daemon process that handles plaintext authentication requests on behalf of the Cyrus SASL library\&.
.PP
The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide
\fIproxy\fR
authentication services to clients that do not understand SASL based authentication\&.
.PP
\fBsaslauthd\fR
should be started from the system boot scripts when going to multi\-user mode\&. When running against a protected authentication database (e\&.g\&. the shadow mechanism), it must be run as the superuser\&.
.SH "OPTIONS"
.PP
Options named by lower\-case letters configure the server itself\&. Upper\-case options control the behavior of specific authentication mechanisms; their applicability to a particular authentication mechanism is described in
the section called \(lqAUTHENTICATION MECHANISMS\(rq
.PP
\-a \fIauthmech\fR
.RS 4
Use
\fIauthmech\fR
as the authentication mechanism\&. This parameter is mandatory\&. See
the section called \(lqAUTHENTICATION MECHANISMS\(rq
below\&. This parameter is mandatory\&.
.RE
.PP
\-O \fIoption\fR
.RS 4
A mechanism specific option (e\&.g\&. rimap hostname or config file path)\&.
.RE
.PP
\-H \fIhostname\fR
.RS 4
The remote host to be contacted by the rimap authentication mechanism\&. Deprecated, use \-O instead\&.
.RE
.PP
\-m \fIdir\fR
.RS 4
Use
\fIdir\fR
as the pathname to the named socket to listen on for connection requests\&. This must be an absolute pathname, and
\fIMUST NOT\fR
include the trailing
/mux\&. This directory must exist for saslauthd to function\&. Default:
/system/volatile
.RE
.PP
\-n \fIthreads\fR
.RS 4
Use the specified number of
\fIthreads\fR
for responding to authentication queries (default: 5)\&. A value of zero will indicate that saslauthd should fork an individual process for each connection\&. This can solve leaks that occur in some deployments\&.
.RE
.PP
\-s \fIsize\fR
.RS 4
Use
\fIsize\fR
as the table size of the hash table (in kilobytes)\&.
.RE
.PP
\-t \fItimeout\fR
.RS 4
Use timeout as the expiration time of the authentication cache (in seconds)\&.
.RE
.PP
\-T
.RS 4
Honour time\-of\-day login restrictions\&.
.RE
.PP
\-h
.RS 4
Show usage information\&.
.RE
.PP
\-c
.RS 4
Enable cacheing of authentication credentials\&.
.RE
.PP
\-l
.RS 4
Disable the use of a lock file for controlling access to accept()\&.
.RE
.PP
\-r
.RS 4
Combine the realm with the login (with an \'@\' sign in between)\&. Note that the realm will still be passed, which may lead to unexpected behavior for authentication mechanisms that make use of the realm\&. However, for mechanisms which don\'t, such as
\fBgetpwent\fR, this is the only way to authenticate domain\-specific users sharing the same userid\&. E\&.g\&.
.sp
.if n \{\
.RS 4
.\}
.nf
login: \fIfoo\fR realm: \fIbar\fR
.fi
.if n \{\
.RE
.\}
.sp
will get passed as
.sp
.if n \{\
.RS 4
.\}
.nf
login: \fIfoo@bar\fR
.fi
.if n \{\
.RE
.\}
.sp
.RE
.PP
\-v
.RS 4
Print the version number and available authentication mechanisms on standard error, then exit\&.
.RE
.PP
\-d
.RS 4
Debugging mode\&.
.RE
.SH "LOGGING"
.PP
\fBsaslauthd\fR
logs it\'s activities via
\fBsyslogd\fR
using the
LOG_AUTH
facility\&.
.SH "AUTHENTICATION MECHANISMS"
.PP
\fBsaslauthd\fR
supports one or more "authentication mechanisms", dependent upon the facilities provided by the underlying operating system\&. The mechanism is selected by the
\fB\-aho\fR
flag from the following list of choices:
.PP
getpwent
.RS 4
Authenticate using the
\fBgetpwent\fR
library function\&. Typically this authenticates against the local password file\&. See your
\fBgetpwent\fR(3C)
man page for details\&.
.RE
.PP
kerberos5
.RS 4
Authenticate against the local Kerberos 5 realm\&.
.RE
.PP
pam
.RS 4
Authenticate using Pluggable Authentication Modules (PAM)\&.
.RE
.PP
rimap
.RS 4
Forward authentication requests to a remote IMAP server\&. This driver connects to a remote IMAP server, specified using the
\fB\-O\fR
flag, and attempts to login (via an IMAP
\fBLOGIN\fR
command) using the credentials supplied to the local server\&. If the remote authentication succeeds the local connection is also considered to be authenticated\&. The remote connection is closed as soon as the tagged response from the
\fBLOGIN\fR
command is received from the remote server\&.
.sp
The option parameter to the
\fB\-O\fR
flag describes the remote server to forward authentication requests to\&.
\fIhostname\fR
can be a hostname (imap\&.example\&.com) or a dotted\-quad IP address (192\&.168\&.0\&.1)\&. The latter is useful if the remote server is multi\-homed and has network interfaces that are unreachable from the local IMAP server\&. The remote host is contacted on the
imap
service port\&. A non\-default port can be specified by appending a slash and the port name or number to the hostname argument\&.
.sp
The
\fB\-O\fR
flag and argument are mandatory when using the rimap mechanism\&.
.RE
.PP
shadow
.RS 4
Authenticate against the local "shadow password file"\&. The exact mechanism is system dependent\&.
\fBsaslauthd\fR
currently understands
\fBgetspnam\fR(3C)
library routines\&. Some systems honour the
\fB\-T\fR
flag\&.
.RE
.PP
sasldb
.RS 4
Authenticate against the SASL authentication database\&. Note that this is probabally not what you want to be using, and is even disabled at compile\-time by default\&. If you want to use sasldb with the SASL library, you probably want to use the pwcheck_method of "auxprop" along with the sasldb auxprop plugin instead\&.
.RE
.PP
ldap
.RS 4
Authenticate against an ldap server\&. The ldap configuration parameters are read from
/etc/sasl2/saslauthd\&.conf\&. The location of this file can be changed with the
\fB\-O\fR
option\&. See
/etc/sasl2/LDAP_SASLAUTHD
for the list of available parameters\&.
.RE
.SH "NOTES"
.PP
The kerberos4 authentication driver consumes considerable resources\&. To perform an authentication it must obtain a ticket granting ticket from the TGT server
\fIon every authentication request\fR\&. The Kerberos library routines that obtain the TGT also create a local ticket file, on the reasonable assumption that you will want to save the TGT for use by other Kerberos applications\&. These ticket files are unusable by
\fBsaslauthd\fR, however there is no way not to create them\&. The overhead of creating and removing these ticket files can cause serious performance degradation on busy servers (Kerberos was never intended to be used in this manner, anyway)\&.
.SH "FILES"
.PP
/system/volatile/mux
.RS 4
The default communications socket\&.
.RE
.PP
/etc/sasl2/saslauthd\&.conf
.RS 4
The default configuration file for ldap support\&.
.RE
.PP
/etc/sasl2/\fIAppId\fR\&.conf
.RS 4
Default SASL configuration file, where the application identified by itself with
\fIAppId\fR
reads it\'s options\&. E\&.g\&. sendmail uses the application Id
\fBSendmail\fR
and thus tries to read it\'s SASL related options per default from
/etc/sasl2/Sendmail\&.conf\&.
.RE
.SH "SMF"
.PP
The
\fBsaslauthd\fR
server is managed by the service management facility,
\fBsmf\fR(5), under the service identifier:
.sp
.if n \{\
.RS 4
.\}
.nf
svc:/network/saslauthd
.fi
.if n \{\
.RE
.\}
.PP
Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using
\fBsvcadm\fR(1M)\&. The service\'s status can be queried using the
\fBsvcs\fR(1)
command\&.
.PP
One may use
\fBsvcprop\fR(1)
to list the properties and
\fBsvccfg\fR(8)
to make changes\&. The following application configuration properties are available to administrators:
.PP
config/authmech
.RS 4
The authentication mechanism to use (Default: shadow)\&. This property is the equivalent of the
\fB\-a\fR
option\&.
.RE
.PP
config/sockdir
.RS 4
The directory, where
\fBsaslauthd\fR
creates it\'s sockets (Default: /system/volatile)\&. This property is the equivalent of the
\fB\-m\fR
option\&.
.RE
.PP
config/options
.RS 4
Additional options, which should be passed verbatim to
\fBsaslauthd\fR\&.
.RE
.SH "SEE ALSO"
.PP
\fBpasswd\fR(1)
,
\fBgetpwent\fR(3C)
,
\fBgetspnam\fR(3C)
,
\fBsasl_checkpass\fR(3)
,
0707010001f8c2000081a4000017820000044e0000000153419f63000009bc000002350000002700000000000000000000002a00000000reloc/share/man/man1m/sasldblistusers2.1m .\" sasldblistusers - List users in sasldb file
.\" Tim Martin 3/8/00
.\"
.\" Copyright (c) 2000 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name ""Carnegie Mellon University"" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" ""This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/).""
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH SASLDBLISTUSERS2 1M "March 7, 2005" "CMU SASL"
.SH NAME
sasldblistusers2 \- list users in sasldb
.SH SYNOPSIS
.B sasldblistusers2
.RB [ -f\ file ]
.RB [ -v ]
.SH DESCRIPTION
.I sasldblistusers2
is used to list the users in the SASL password database (usually
/etc/sasldb2). This will NOT list all the users in /etc/passwd, shadow,
PAM, etc. only those created by SASL (via \fIsaslpasswd2\fR).
.SH OPTIONS
.TP
.B -f file
use
.B file
for sasldb
.TP
.B -v
Print libsasl2 version number and exit.
.SH SEE ALSO
saslpasswd2(1M)
.TP
rfc4422 \- Simple Authentication and Security Layer (SASL)
0707010001f8c3000081a4000017820000044e0000000153419f6300000c72000002350000002700000000000000000000002500000000reloc/share/man/man1m/saslpasswd2.1m .\" saslpasswd.8 -- saslpasswd man page
.\" Rob Earhart
.\"
.\" Copyright (c) 2000 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name ""Carnegie Mellon University"" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" ""This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/).""
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH SASLPASSWD2 1M "Mar 7, 2005" "CMU SASL"
.SH NAME
saslpasswd2 \- set a user's sasl password
.SH SYNOPSIS
.B saslpasswd2
.RB [ -p ]
.RB [ -d ]
.RB [ -c ]
.RB [ -n ]
.RB [ -f\ file ]
.RB [ -u\ domain ]
.RB [ -a\ appname ]
.RB [ -v ]
.B userid
.SH DESCRIPTION
.I saslpasswd2
is used by a server administrator to set a user's sasl password for
server programs and SASL mechanisms which use the standard libsasl
database of user secrets.
.SH OPTIONS
.TP
.B -p
Pipe mode \- saslpasswd2 will neither prompt for the password nor
verify that it was entered correctly. This is the default when
standard input is not a terminal.
.TP
.B -c
Creates an entry for the user if the user doesn't already exist. This
is mutually exclusive with the
.B -d
(delete user) flag.
.TP
.B -d
Deletes the entry for the user. This is mutually exclusive with the
.B -c
(create user) flag.
.TP
.B -n
Don't set the plaintext \fIuserPassword\fR property for the user. Only
mechanism-specific secrets will be set (e.g. OTP, SRP)
.TP
.B -u domain
use
.B domain
for user domain (realm).
.TP
.B -f file
use
.B file
for sasldb
.TP
.B -a appname
use
.B appname
as application name.
.TP
.B -v
Print libsasl2 version number and exit.
.SH SEE ALSO
sasldblistusers2(1M)
.TP
rfc4422 \- Simple Authentication and Security Layer (SASL)
0707010001f8c0000081a4000017820000044e0000000153419f6300000f58000002350000002700000000000000000000002600000000reloc/share/man/man1m/pluginviewer.1m .\" pluginviewer.8 -- pluginviewer man page
.\" Alexey Melnikov
.\"
.\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. The name ""Carnegie Mellon University"" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For permission or any other legal
.\" details, please contact
.\" Office of Technology Transfer
.\" Carnegie Mellon University
.\" 5000 Forbes Avenue
.\" Pittsburgh, PA 15213-3890
.\" (412) 268-4387, fax: (412) 268-7395
.\" tech-transfer@andrew.cmu.edu
.\"
.\" 4. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" ""This product includes software developed by Computing Services
.\" at Carnegie Mellon University (http://www.cmu.edu/computing/).""
.\"
.\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
.\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
.\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH PLUGINVIEWER 1M "Apr 10, 2006" "CMU SASL"
.SH NAME
pluginviewer \- list loadable SASL plugins and their properties
.SH SYNOPSIS
.B pluginviewer
.RB [ -a ]
.RB [ -s ]
.RB [ -c ]
.RB [ -b\ min=N,max=N ]
.RB [ -e\ ssf=N,id=ID ]
.RB [ -m\ MECHS ]
.RB [ -x\ AUXPROP_MECH ]
.RB [ -f\ FLAGS ]
.RB [ -p\ PATH ]
.SH DESCRIPTION
.I pluginviewer
can be used by a server administrator to troubleshoot SASL installations.
The utility can list loadable (properly configured) client and server
side plugins, as well as auxprop plugins.
.
.SH OPTIONS
.TP
.B -a
List auxprop plugins.
.TP
.B -s
List server authentication (SASL) plugins.
.TP
.B -c
List client authentication (SASL) plugins.
.TP
.B -b min=N1,max=N2
List client authentication (SASL) plugins.
Strength of the SASL security layer in bits. min=N1 specifies the minumum strength
to use (1 => integrity protection). max=N2 specifies the maximum strength to use.
Only SASL mechanisms which support security layer with strength M such that N1 <= M <= N2
will be shown.
.TP
.B -e ssf=N,id=ID
Assume that an external security layer (e.g. TLS) with N-bit strength is installed.
The ID is the authentication identity used by the external security layer.
.TP
.B -m MECHS
Limit listed SASL plugins to the ones included in the MECHS (space separated) list.
.TP
.B -x AUXPROP_MECHS
Limit listed auxprop plugins to the one listed in the AUXPROP_MECHS (space separated) list.
.TP
.B -f FLAGS
Set security flags. FLAGS is a comma separated list of one or more of the following security flags:
noplain (SASL mechanism doesn\'t send password in the clear during authentication),
noactive (require protection from active attacks), nodict (require mechanisms which are
secure against passive dictionary attacks), forwardsec (require forward secrecy),
passcred (require mechanisms that can delegate client credentials),
maximum (require all security flags).
.TP
.B -p PATH
Specifies a colon-separated search path for plugins.
.SH SEE ALSO
.TP
rfc4422 \- Simple Authentication and Security Layer (SASL)
0707010001f8b7000041ed000017820000044e0000000253419f6400000000000002350000002700000000000000000000000b00000000reloc/sbin 0707010001f8b9000081ed000017820000044e0000000153419f6300060d70000002350000002700000000000000000000001500000000reloc/sbin/saslauthd ELF > @ @ @ 8 @ ' &