| 1 | <?xml version="1.0"?> |
| 2 | <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><title>auth_sasl</title><link rel="stylesheet" type="text/css" href="style.css"/><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"/><link rel="home" href="#auth-sasl" title="auth_sasl"/><link xmlns="" rel="stylesheet" type="text/css" href="manpage.css"/><meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/><link xmlns="" rel="icon" href="icon.gif" type="image/gif"/><!-- |
| 3 | |
| 4 | Copyright 1998 - 2009 Double Precision, Inc. See COPYING for distribution |
| 5 | information. |
| 6 | |
| 7 | --></head><body><div class="refentry"><a id="auth-sasl" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>auth_sasl, auth_sasl_ex — <acronym class="acronym">SASL</acronym> implementation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="literallayout"><p><br clear="none"/> |
| 8 | #include <courierauthsasl.h><br clear="none"/> |
| 9 | </p></div><div class="funcsynopsis"><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td rowspan="1" colspan="1"><code class="funcdef">int rc=<strong>auth_sasl</strong>(</code></td><td rowspan="1" colspan="1">const char *<var class="pdparam">method</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">initialresponse</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char *<var class="pdparam">(*conversation_func)</var><code>(</code>const char *, void *)<code>)</code>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">void *<var class="pdparam">callback_arg</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authtype_ret</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authdata_ret</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div></div><div class="funcsynopsis"><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td rowspan="1" colspan="1"><code class="funcdef">int rc=<strong>auth_sasl_ex</strong>(</code></td><td rowspan="1" colspan="1">const char *<var class="pdparam">method</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">initialresponse</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">const char *<var class="pdparam">externalauth</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char *<var class="pdparam">(*conversation_func)</var><code>(</code>const char *, void *)<code>)</code>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">void *<var class="pdparam">callback_arg</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authtype_ret</var>, </td></tr><tr><td rowspan="1" colspan="1"> </td><td rowspan="1" colspan="1">char **<var class="pdparam">authdata_ret</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div></div></div><div class="refsect1"><a id="idm255224876048" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
| 10 | <code class="function">auth_sasl</code> |
| 11 | is a generic <acronym class="acronym">SASL</acronym> server implementation. |
| 12 | <em class="parameter"><code>method</code></em> is the requested <acronym class="acronym">SASL</acronym> |
| 13 | method. |
| 14 | At this time |
| 15 | <code class="function">auth_sasl</code> |
| 16 | knows how to handle the following SASL methods:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><code class="literal">LOGIN</code></p></li><li class="listitem"><p><code class="literal">PLAIN</code></p></li><li class="listitem"><p><code class="literal">CRAM-MD5</code></p></li><li class="listitem"><p><code class="literal">CRAM-SHA1</code></p></li></ul></div><p> |
| 17 | <em class="parameter"><code>initialresponse</code></em> |
| 18 | is a base64-encoded initial response provided in the client's |
| 19 | <acronym class="acronym">SASL</acronym> request. |
| 20 | <em class="parameter"><code>initialresponse</code></em> |
| 21 | must be <code class="literal">NULL</code> if an initial response was not included in |
| 22 | the client's <acronym class="acronym">SASL</acronym> request.</p><p> |
| 23 | <em class="parameter"><code>conversation_func</code></em> |
| 24 | is the application-implemented <acronym class="acronym">SASL</acronym> |
| 25 | conversation callback function. |
| 26 | <em class="parameter"><code>conversation_func</code></em> |
| 27 | receives a base64-encoded <acronym class="acronym">SASL</acronym> prompt, |
| 28 | and the <em class="parameter"><code>callback_arg</code></em> |
| 29 | argument to <code class="function">auth_sasl</code>. |
| 30 | <em class="parameter"><code>conversation_func</code></em> |
| 31 | must return a buffer containing the base64-encoded reply from the client. |
| 32 | <code class="function">auth_sasl</code> |
| 33 | will |
| 34 | <span class="citerefentry"><span class="refentrytitle">free</span>(3)</span> |
| 35 | this buffer when it's done. |
| 36 | <em class="parameter"><code>conversation_func</code></em> |
| 37 | should return <code class="literal">NULL</code> |
| 38 | to abort the <acronym class="acronym">SASL</acronym> conversation.</p><p> |
| 39 | <code class="function">auth_sasl_ex</code> is a version of |
| 40 | <code class="function">auth_sasl</code> that recognizes the <code class="literal">EXTERNAL</code> |
| 41 | <acronym class="acronym">SASL</acronym> method. It takes an extra parameter, |
| 42 | <em class="parameter"><code>externalauth</code></em>. This parameter should be set to indicate |
| 43 | an login that was authenticated via some other means, such as, perhaps, |
| 44 | an <acronym class="acronym">SSL</acronym> certificate, or <code class="literal">NULL</code> if no |
| 45 | externally-authenticated identity was established.</p><p> |
| 46 | If <em class="parameter"><code>method</code></em> is not <code class="literal">EXTERNAL</code>, |
| 47 | <code class="function">auth_sasl_ex</code> is identical to |
| 48 | <code class="function">auth_sasl</code>, and <em class="parameter"><code>externalauth</code></em> is |
| 49 | ignored. Otherwise, if <em class="parameter"><code>method</code></em> is |
| 50 | <code class="literal">EXTERNAL</code> and <em class="parameter"><code>externalauth</code></em> is not |
| 51 | <code class="literal">NULL</code>, <code class="function">auth_sasl_ex</code> returns |
| 52 | <code class="literal">AUTHSASL_OK</code>, and sets |
| 53 | <em class="parameter"><code>*authtype_ret</code></em> and |
| 54 | <em class="parameter"><code>*authdata_ret</code></em> accordingly, so that the subsequent |
| 55 | invocation of <code class="function">auth_generic</code>() returns authentication |
| 56 | information for the login ID specified by |
| 57 | <em class="parameter"><code>externalauth</code></em>.</p></div><div class="refsect1"><a id="idm255219556352" shape="rect"> </a><h2>RETURNS</h2><p> |
| 58 | If the <acronym class="acronym">SASL</acronym> conversation succesfully completes, |
| 59 | <code class="function">auth_sasl</code> or <code class="function">auth_sasl_ex</code> |
| 60 | initializes <em class="parameter"><code>*authtype_ret</code></em> and |
| 61 | <em class="parameter"><code>*authdata_ret</code></em>. |
| 62 | They will be set to a |
| 63 | <span class="citerefentry"><span class="refentrytitle">malloc</span>(3)</span>-ed |
| 64 | buffers that can be directly passed as arguments to |
| 65 | <a class="ulink" href="auth_generic.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">auth_generic</span>(3)</span></a>. |
| 66 | It is the application's responsibility to |
| 67 | <span class="citerefentry"><span class="refentrytitle">free</span>(3)</span> |
| 68 | these buffers when it's done with them.</p><p> |
| 69 | <code class="function">auth_sasl</code> or <code class="function">auth_sasl_ex</code> |
| 70 | returns |
| 71 | <code class="literal">AUTHSASL_OK</code> when the |
| 72 | <acronym class="acronym">SASL</acronym> conversation succesfully completes, and |
| 73 | <em class="parameter"><code>*authtype_ret</code></em> and |
| 74 | <em class="parameter"><code>*authdata_ret</code></em> are succesfully assembled. |
| 75 | Any other return indicates an error condition. |
| 76 | Right now two error conditions are defined:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="literal">AUTHSASL_ABORTED</code></span></dt><dd><p> |
| 77 | The <acronym class="acronym">SASL</acronym> conversation was aborted by the client.</p></dd><dt><span class="term"><code class="literal">AUTHSASL_ERROR</code></span></dt><dd><p> |
| 78 | General error (insufficient memory, or some other reason). |
| 79 | Check <code class="varname">errno</code> for any clues.</p></dd></dl></div></div><div class="refsect1"><a id="idm255219540672" shape="rect"> </a><h2>SEE ALSO</h2><p> |
| 80 | <a class="ulink" href="authlib.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">authlib</span>(3)</span></a>, |
| 81 | |
| 82 | <a class="ulink" href="auth_generic.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">auth_generic</span>(3)</span></a>.</p></div></div></body></html> |