Merge branch 'debian'
[hcoop/debian/courier-authlib.git] / auth_sasl.html
CommitLineData
d9898ee8 1<?xml version="1.0"?>
b0322a85 2<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><title>auth_sasl</title><link rel="stylesheet" type="text/css" href="style.css"/><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"/><link rel="home" href="#auth-sasl" title="auth_sasl"/><link xmlns="" rel="stylesheet" type="text/css" href="manpage.css"/><meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/><link xmlns="" rel="icon" href="icon.gif" type="image/gif"/><!--
d9898ee8 3
b0322a85 4Copyright 1998 - 2009 Double Precision, Inc. See COPYING for distribution
d9898ee8 5information.
6
b0322a85 7--></head><body><div class="refentry"><a id="auth-sasl" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>auth_sasl, auth_sasl_ex — <acronym class="acronym">SASL</acronym> implementation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="literallayout"><p><br clear="none"/>
d9898ee8 8#include &lt;courierauthsasl.h&gt;<br clear="none"/>
b0322a85 9</p></div><div class="funcsynopsis"><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td rowspan="1" colspan="1"><code class="funcdef">int rc=<strong>auth_sasl</strong>(</code></td><td rowspan="1" colspan="1">const char *<var class="pdparam">method</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">initialresponse</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char *<var class="pdparam">(*conversation_func)</var><code>(</code>const char *, void *)<code>)</code>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">void *<var class="pdparam">callback_arg</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authtype_ret</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authdata_ret</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div></div><div class="funcsynopsis"><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td rowspan="1" colspan="1"><code class="funcdef">int rc=<strong>auth_sasl_ex</strong>(</code></td><td rowspan="1" colspan="1">const char *<var class="pdparam">method</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">initialresponse</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">externalauth</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char *<var class="pdparam">(*conversation_func)</var><code>(</code>const char *, void *)<code>)</code>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">void *<var class="pdparam">callback_arg</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authtype_ret</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authdata_ret</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div></div></div><div class="refsect1"><a id="idm247890112096" shape="rect"> </a><h2>DESCRIPTION</h2><p>
d9898ee8 10<code class="function">auth_sasl</code>
11is a generic <acronym class="acronym">SASL</acronym> server implementation.
12<em class="parameter"><code>method</code></em> is the requested <acronym class="acronym">SASL</acronym>
13method.
14At this time
15<code class="function">auth_sasl</code>
b0322a85 16knows how to handle the following SASL methods:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><code class="literal">LOGIN</code></p></li><li class="listitem"><p><code class="literal">PLAIN</code></p></li><li class="listitem"><p><code class="literal">CRAM-MD5</code></p></li><li class="listitem"><p><code class="literal">CRAM-SHA1</code></p></li></ul></div><p>
d9898ee8 17<em class="parameter"><code>initialresponse</code></em>
18is a base64-encoded initial response provided in the client's
19<acronym class="acronym">SASL</acronym> request.
20<em class="parameter"><code>initialresponse</code></em>
21must be <code class="literal">NULL</code> if an initial response was not included in
22the client's <acronym class="acronym">SASL</acronym> request.</p><p>
23<em class="parameter"><code>conversation_func</code></em>
24is the application-implemented <acronym class="acronym">SASL</acronym>
25conversation callback function.
26<em class="parameter"><code>conversation_func</code></em>
27receives a base64-encoded <acronym class="acronym">SASL</acronym> prompt,
28and the <em class="parameter"><code>callback_arg</code></em>
29argument to <code class="function">auth_sasl</code>.
30<em class="parameter"><code>conversation_func</code></em>
31must return a buffer containing the base64-encoded reply from the client.
32<code class="function">auth_sasl</code>
33will
34<span class="citerefentry"><span class="refentrytitle">free</span>(3)</span>
35this buffer when it's done.
36<em class="parameter"><code>conversation_func</code></em>
37should return <code class="literal">NULL</code>
8d138742
CE
38to abort the <acronym class="acronym">SASL</acronym> conversation.</p><p>
39<code class="function">auth_sasl_ex</code> is a version of
40<code class="function">auth_sasl</code> that recognizes the <code class="literal">EXTERNAL</code>
41<acronym class="acronym">SASL</acronym> method. It takes an extra parameter,
42<em class="parameter"><code>externalauth</code></em>. This parameter should be set to indicate
43an login that was authenticated via some other means, such as, perhaps,
44an <acronym class="acronym">SSL</acronym> certificate, or <code class="literal">NULL</code> if no
45externally-authenticated identity was established.</p><p>
46If <em class="parameter"><code>method</code></em> is not <code class="literal">EXTERNAL</code>,
47<code class="function">auth_sasl_ex</code> is identical to
48<code class="function">auth_sasl</code>, and <em class="parameter"><code>externalauth</code></em> is
49ignored. Otherwise, if <em class="parameter"><code>method</code></em> is
50<code class="literal">EXTERNAL</code> and <em class="parameter"><code>externalauth</code></em> is not
51<code class="literal">NULL</code>, <code class="function">auth_sasl_ex</code> returns
52<code class="literal">AUTHSASL_OK</code>, and sets
53<em class="parameter"><code>*authtype_ret</code></em> and
54<em class="parameter"><code>*authdata_ret</code></em> accordingly, so that the subsequent
55invocation of <code class="function">auth_generic</code>() returns authentication
56information for the login ID specified by
b0322a85 57<em class="parameter"><code>externalauth</code></em>.</p></div><div class="refsect1"><a id="idm247890163856" shape="rect"> </a><h2>RETURNS</h2><p>
d9898ee8 58If the <acronym class="acronym">SASL</acronym> conversation succesfully completes,
8d138742 59<code class="function">auth_sasl</code> or <code class="function">auth_sasl_ex</code>
d9898ee8 60initializes <em class="parameter"><code>*authtype_ret</code></em> and
61<em class="parameter"><code>*authdata_ret</code></em>.
62They will be set to a
63<span class="citerefentry"><span class="refentrytitle">malloc</span>(3)</span>-ed
64buffers that can be directly passed as arguments to
8d138742 65<a class="ulink" href="auth_generic.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">auth_generic</span>(3)</span></a>.
d9898ee8 66It is the application's responsibility to
67<span class="citerefentry"><span class="refentrytitle">free</span>(3)</span>
68these buffers when it's done with them.</p><p>
8d138742 69<code class="function">auth_sasl</code> or <code class="function">auth_sasl_ex</code>
d9898ee8 70returns
71<code class="literal">AUTHSASL_OK</code> when the
72<acronym class="acronym">SASL</acronym> conversation succesfully completes, and
73<em class="parameter"><code>*authtype_ret</code></em> and
74<em class="parameter"><code>*authdata_ret</code></em> are succesfully assembled.
75Any other return indicates an error condition.
b0322a85 76Right now two error conditions are defined:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="literal">AUTHSASL_ABORTED</code></span></dt><dd><p>
d9898ee8 77The <acronym class="acronym">SASL</acronym> conversation was aborted by the client.</p></dd><dt><span class="term"><code class="literal">AUTHSASL_ERROR</code></span></dt><dd><p>
78General error (insufficient memory, or some other reason).
b0322a85 79Check <code class="varname">errno</code> for any clues.</p></dd></dl></div></div><div class="refsect1"><a id="idm247890146720" shape="rect"> </a><h2>SEE ALSO</h2><p>
8d138742 80<a class="ulink" href="authlib.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">authlib</span>(3)</span></a>,
d9898ee8 81
8d138742 82<a class="ulink" href="auth_generic.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">auth_generic</span>(3)</span></a>.</p></div></div></body></html>