X-Git-Url: http://git.hcoop.net/hcoop/debian/courier-authlib.git/blobdiff_plain/d9898ee81388d1eff40cf71e85d9ce9b5c1401fe..781cfcb8fd50934c470e0dabf79d32ab333dec68:/auth_sasl.html diff --git a/auth_sasl.html b/auth_sasl.html index 315d5c6..2826e10 100644 --- a/auth_sasl.html +++ b/auth_sasl.html @@ -1,12 +1,12 @@ -
auth_sasl â SASL implementation
+-->
auth_sasl, auth_sasl_ex â SASL implementation
#include <courierauthsasl.h>
-
int rc=auth_sasl( | const char *Â | method, |
 | const char * | initialresponse, |
 | char *(* | conversation_func, |
 | void * | callback_arg, |
 | char ** | authtype_ret, |
 | char ** | authdata_ret) ; |
int rc=auth_sasl( | const char *Â | method, |
 | const char * | initialresponse, |
 | char * | (*conversation_func)( const char *, void *)) , |
 | void * | callback_arg, |
 | char ** | authtype_ret, |
 | char ** | authdata_ret) ; |
int rc=auth_sasl_ex( | const char *Â | method, |
 | const char * | initialresponse, |
 | const char * | externalauth, |
 | char * | (*conversation_func)( const char *, void *)) , |
 | void * | callback_arg, |
 | char ** | authtype_ret, |
 | char ** | authdata_ret) ; |
auth_sasl
is a generic SASL server implementation.
method
is the requested SASL
@@ -35,19 +35,38 @@ will
this buffer when it's done.
conversation_func
should return NULL
-to abort the SASL conversation.
+to abort the SASL conversation.
+auth_sasl_ex
is a version of
+auth_sasl
that recognizes the EXTERNAL
+SASL method. It takes an extra parameter,
+externalauth
. This parameter should be set to indicate
+an login that was authenticated via some other means, such as, perhaps,
+an SSL certificate, or NULL
if no
+externally-authenticated identity was established.
+If method
is not EXTERNAL
,
+auth_sasl_ex
is identical to
+auth_sasl
, and externalauth
is
+ignored. Otherwise, if method
is
+EXTERNAL
and externalauth
is not
+NULL
, auth_sasl_ex
returns
+AUTHSASL_OK
, and sets
+*authtype_ret
and
+*authdata_ret
accordingly, so that the subsequent
+invocation of auth_generic
() returns authentication
+information for the login ID specified by
+externalauth
.
If the SASL conversation succesfully completes,
-auth_sasl
+auth_sasl
or auth_sasl_ex
initializes *authtype_ret
and
*authdata_ret
.
They will be set to a
malloc(3)-ed
buffers that can be directly passed as arguments to
-auth_generic(3).
+auth_generic(3).
It is the application's responsibility to
free(3)
these buffers when it's done with them.
-auth_sasl
+auth_sasl
or auth_sasl_ex
returns
AUTHSASL_OK
when the
SASL conversation succesfully completes, and
@@ -57,7 +76,7 @@ Any other return indicates an error condition.
Right now two error conditions are defined:
AUTHSASL_ABORTED
The SASL conversation was aborted by the client.
AUTHSASL_ERROR
General error (insufficient memory, or some other reason).
-Check errno
for any clues.