md5.h   md5.h 
skipping to change at line 36 skipping to change at line 36
typedef struct { typedef struct {
UINT4 state[4]; /* state (ABCD) */ UINT4 state[4]; /* state (ABCD) */
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */ unsigned char buffer[64]; /* input buffer */
} MD5_CTX; } MD5_CTX;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
void _sasl_MD5Init PROTO_LIST ((MD5_CTX *)); void _sasl_MD5Init (MD5_CTX *);
void _sasl_MD5Update PROTO_LIST void _sasl_MD5Update (MD5_CTX *, const unsigned char *, unsigned int);
((MD5_CTX *, const unsigned char *, unsigned int)); void _sasl_MD5Final (unsigned char [16], MD5_CTX *);
void _sasl_MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
4 lines changed or deleted 3 lines changed or added


 sasl.h   sasl.h 
skipping to change at line 127 skipping to change at line 127
* If the server forbids the use of "@" in user names for other * If the server forbids the use of "@" in user names for other
* purposes, this simplifies security validation. * purposes, this simplifies security validation.
*/ */
#ifndef SASL_H #ifndef SASL_H
#define SASL_H 1 #define SASL_H 1
/* Keep in sync with win32/common.mak */ /* Keep in sync with win32/common.mak */
#define SASL_VERSION_MAJOR 2 #define SASL_VERSION_MAJOR 2
#define SASL_VERSION_MINOR 1 #define SASL_VERSION_MINOR 1
#define SASL_VERSION_STEP 23 #define SASL_VERSION_STEP 25
/* A convenience macro: same as was defined in the OpenLDAP LDAPDB */ /* A convenience macro: same as was defined in the OpenLDAP LDAPDB */
#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\ #define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
(SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP) (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
#include "prop.h" #include "prop.h"
/************* /*************
* Basic API * * Basic API *
*************/ *************/
skipping to change at line 174 skipping to change at line 174
#define SASL_DISABLED -19 /* account disabled */ #define SASL_DISABLED -19 /* account disabled */
#define SASL_NOUSER -20 /* user not found */ #define SASL_NOUSER -20 /* user not found */
#define SASL_BADVERS -23 /* version mismatch with plug-in */ #define SASL_BADVERS -23 /* version mismatch with plug-in */
#define SASL_UNAVAIL -24 /* remote authentication server unavailable */ #define SASL_UNAVAIL -24 /* remote authentication server unavailable */
#define SASL_NOVERIFY -26 /* user exists, but no verifier for user */ #define SASL_NOVERIFY -26 /* user exists, but no verifier for user */
/* -- codes for password setting -- */ /* -- codes for password setting -- */
#define SASL_PWLOCK -21 /* passphrase locked */ #define SASL_PWLOCK -21 /* passphrase locked */
#define SASL_NOCHANGE -22 /* requested change was not needed */ #define SASL_NOCHANGE -22 /* requested change was not needed */
#define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */ #define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */
#define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */ #define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */
#define SASL_NEED_OLD_PASSWD -29 /* sasl_setpass needs old password in orde
r
to perform password change */
#define SASL_CONSTRAINT_VIOLAT -30 /* a property can't be stored,
because of some constrains/policy vio
lation */
#define SASL_BADBINDING -32 /* channel binding failure */
/* max size of a sasl mechanism name */ /* max size of a sasl mechanism name */
#define SASL_MECHNAMEMAX 20 #define SASL_MECHNAMEMAX 20
#ifdef _WIN32 #ifdef _WIN32
/* Define to have the same layout as a WSABUF */ /* Define to have the same layout as a WSABUF */
#ifndef STRUCT_IOVEC_DEFINED #ifndef STRUCT_IOVEC_DEFINED
#define STRUCT_IOVEC_DEFINED 1 #define STRUCT_IOVEC_DEFINED 1
struct iovec { struct iovec {
long iov_len; long iov_len;
skipping to change at line 269 skipping to change at line 275
* 112 = triple-DES * 112 = triple-DES
* 128 = 128-bit RC2/RC4/BLOWFISH * 128 = 128-bit RC2/RC4/BLOWFISH
* 256 = baseline AES * 256 = baseline AES
*/ */
typedef unsigned sasl_ssf_t; typedef unsigned sasl_ssf_t;
/* usage flags provided to sasl_server_new and sasl_client_new: /* usage flags provided to sasl_server_new and sasl_client_new:
*/ */
#define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */ #define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */
#define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */ #define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */
#define SASL_NEED_HTTP 0x0010 /* require a mech that can do HTTP auth */
/*************************** /***************************
* Security Property Types * * Security Property Types *
***************************/ ***************************/
/* Structure specifying the client or server's security policy /* Structure specifying the client or server's security policy
* and optional additional properties. * and optional additional properties.
*/ */
/* These are the various security flags apps can specify. */ /* These are the various security flags apps can specify. */
skipping to change at line 348 skipping to change at line 355
* *
* It may be freed after sasl_*_step returns SASL_OK. if the mechanism * It may be freed after sasl_*_step returns SASL_OK. if the mechanism
* requires this information to persist (for a security layer, for example) * requires this information to persist (for a security layer, for example)
* it must maintain a private copy. * it must maintain a private copy.
*/ */
typedef struct sasl_callback { typedef struct sasl_callback {
/* Identifies the type of the callback function. /* Identifies the type of the callback function.
* Mechanisms must ignore callbacks with id's they don't recognize. * Mechanisms must ignore callbacks with id's they don't recognize.
*/ */
unsigned long id; unsigned long id;
int (*proc)(); /* Callback function. Types of arguments vary by 'id' */ int (*proc)(void); /* Callback function. Types of arguments vary by 'id' */
void *context; void *context;
} sasl_callback_t; } sasl_callback_t;
/* callback ids & functions: /* callback ids & functions:
*/ */
#define SASL_CB_LIST_END 0 /* end of list */ #define SASL_CB_LIST_END 0 /* end of list */
/* option reading callback -- this allows a SASL configuration to be /* option reading callback -- this allows a SASL configuration to be
* encapsulated in the caller's configuration system. Some implementation s * encapsulated in the caller's configuration system. Some implementation s
* may use default config file(s) if this is omitted. Configuration items * may use default config file(s) if this is omitted. Configuration items
skipping to change at line 627 skipping to change at line 634
* SASL_OK on success * SASL_OK on success
* SASL_BADPROT username contains invalid character * SASL_BADPROT username contains invalid character
*/ */
/* User Canonicalization Function Flags */ /* User Canonicalization Function Flags */
#define SASL_CU_NONE 0x00 /* Not a valid flag to pass */ #define SASL_CU_NONE 0x00 /* Not a valid flag to pass */
/* One of the following two is required */ /* One of the following two is required */
#define SASL_CU_AUTHID 0x01 #define SASL_CU_AUTHID 0x01
#define SASL_CU_AUTHZID 0x02 #define SASL_CU_AUTHZID 0x02
/* Combine the following with SASL_CU_AUTHID, if you don't want
to fail if auxprop returned SASL_NOUSER */
#define SASL_CU_EXTERNALLY_VERIFIED 0x04
#define SASL_CU_OVERRIDE 0x08 /* mapped to SASL_AUXPROP_OVERRI
DE */
/* The following CU flags are passed "as is" down to auxprop lookup */
#define SASL_CU_ASIS_MASK 0xFFF0
/* NOTE: Keep in sync with SASL_AUXPROP_<XXX> flags */
#define SASL_CU_VERIFY_AGAINST_HASH 0x10
typedef int sasl_canon_user_t(sasl_conn_t *conn, typedef int sasl_canon_user_t(sasl_conn_t *conn,
void *context, void *context,
const char *in, unsigned inlen, const char *in, unsigned inlen,
unsigned flags, unsigned flags,
const char *user_realm, const char *user_realm,
char *out, char *out,
unsigned out_max, unsigned *out_len); unsigned out_max, unsigned *out_len);
#define SASL_CB_CANON_USER (0x8007) #define SASL_CB_CANON_USER (0x8007)
skipping to change at line 680 skipping to change at line 697
*/ */
LIBSASL_API void sasl_version_info (const char **implementation, LIBSASL_API void sasl_version_info (const char **implementation,
const char **version_string, const char **version_string,
int *version_major, int *version_major,
int *version_minor, int *version_minor,
int *version_step, int *version_step,
int *version_patch); int *version_patch);
/* dispose of all SASL plugins. Connection /* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this. * states have to be disposed of before calling this.
*
* This function is DEPRECATED in favour of sasl_server_done/
* sasl_client_done.
*/ */
LIBSASL_API void sasl_done(void); LIBSASL_API void sasl_done(void);
/* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this.
* This function should be called instead of sasl_done(),
whenever possible.
*/
LIBSASL_API int sasl_server_done(void);
/* dispose of all SASL plugins. Connection
* states have to be disposed of before calling this.
* This function should be called instead of sasl_done(),
whenever possible.
*/
LIBSASL_API int sasl_client_done(void);
/* dispose connection state, sets it to NULL /* dispose connection state, sets it to NULL
* checks for pointer to NULL * checks for pointer to NULL
*/ */
LIBSASL_API void sasl_dispose(sasl_conn_t **pconn); LIBSASL_API void sasl_dispose(sasl_conn_t **pconn);
/* translate an error number into a string /* translate an error number into a string
* input: * input:
* saslerr -- the error number * saslerr -- the error number
* langlist -- comma separated list of RFC 1766 languages (may be NULL) * langlist -- comma separated list of RFC 1766 languages (may be NULL)
* results: * results:
skipping to change at line 792 skipping to change at line 826
* or gss_accept_sec_context(). * or gss_accept_sec_context().
* On server end this is similar to SASL_USERNAME, but the gss_name_t * On server end this is similar to SASL_USERNAME, but the gss_name_t
* structure can contain additional attributes associated with the peer. * structure can contain additional attributes associated with the peer.
*/ */
#define SASL_GSS_PEER_NAME 19 #define SASL_GSS_PEER_NAME 19
/* Local GSS name (gss_name_t) as output by gss_inquire_context(). This /* Local GSS name (gss_name_t) as output by gss_inquire_context(). This
* is particularly useful for servers that respond to multiple names. */ * is particularly useful for servers that respond to multiple names. */
#define SASL_GSS_LOCAL_NAME 20 #define SASL_GSS_LOCAL_NAME 20
/* Channel binding information. Memory is managed by the caller. */
typedef struct sasl_channel_binding {
const char *name;
int critical;
unsigned long len;
const unsigned char *data;
} sasl_channel_binding_t;
#define SASL_CHANNEL_BINDING 21
/* HTTP Request (RFC 2616) - ONLY used for HTTP Digest Auth (RFC 2617) */
typedef struct sasl_http_request {
const char *method; /* HTTP Method */
const char *uri; /* request-URI */
const unsigned char *entity; /* entity-body */
unsigned long elen; /* entity-body length */
unsigned non_persist; /* Is it a non-persistent connection
? */
} sasl_http_request_t;
#define SASL_HTTP_REQUEST 22
/* set property in SASL connection state /* set property in SASL connection state
* returns: * returns:
* SASL_OK -- value set * SASL_OK -- value set
* SASL_BADPARAM -- invalid property or value * SASL_BADPARAM -- invalid property or value
*/ */
LIBSASL_API int sasl_setprop(sasl_conn_t *conn, LIBSASL_API int sasl_setprop(sasl_conn_t *conn,
int propnum, int propnum,
const void *value); const void *value);
#define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */ #define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */
#define SASL_SEC_PROPS 101 /* sasl_security_properties_t */ #define SASL_SEC_PROPS 101 /* sasl_security_properties_t */
skipping to change at line 1103 skipping to change at line 1158
* service -- registered name of the service using SASL (e.g. "imap" ) * service -- registered name of the service using SASL (e.g. "imap" )
* user_realm -- permits multiple user realms on server, NULL = default * user_realm -- permits multiple user realms on server, NULL = default
* user -- NUL terminated user name * user -- NUL terminated user name
* *
* returns: * returns:
* SASL_OK -- success * SASL_OK -- success
* SASL_DISABLED -- account disabled * SASL_DISABLED -- account disabled
* SASL_NOUSER -- user not found * SASL_NOUSER -- user not found
* SASL_NOVERIFY -- user found, but no usable mechanism * SASL_NOVERIFY -- user found, but no usable mechanism
* SASL_NOMECH -- no mechanisms enabled * SASL_NOMECH -- no mechanisms enabled
* SASL_UNAVAIL -- remote authentication server unavailable, try again la ter
*/ */
LIBSASL_API int sasl_user_exists(sasl_conn_t *conn, LIBSASL_API int sasl_user_exists(sasl_conn_t *conn,
const char *service, const char *service,
const char *user_realm, const char *user_realm,
const char *user); const char *user);
/* set the password for a user /* set the password for a user
* conn -- SASL connection * conn -- SASL connection
* user -- user name * user -- user name
* pass -- plaintext password, may be NULL to remove user * pass -- plaintext password, may be NULL to remove user
skipping to change at line 1147 skipping to change at line 1203
#define SASL_SET_NOPLAIN 0x04 /* do not store secret in plain text */ #define SASL_SET_NOPLAIN 0x04 /* do not store secret in plain text */
#define SASL_SET_CURMECH_ONLY 0x08 /* set the mechanism specific passwo rd only. #define SASL_SET_CURMECH_ONLY 0x08 /* set the mechanism specific passwo rd only.
fail if no current mechanism */ fail if no current mechanism */
/********************************************************* /*********************************************************
* Auxiliary Property Support -- added by cjn 1999-09-29 * * Auxiliary Property Support -- added by cjn 1999-09-29 *
*********************************************************/ *********************************************************/
#define SASL_AUX_END NULL /* last auxiliary property */ #define SASL_AUX_END NULL /* last auxiliary property */
#define SASL_AUX_ALL "*" /* A special flag to signal user deletion */
/* traditional Posix items (should be implemented on Posix systems) */ /* traditional Posix items (should be implemented on Posix systems) */
#define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */ #define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */
#define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of a uthid) */ #define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of a uthid) */
#define SASL_AUX_UIDNUM "uidNumber" /* UID number for the user */ #define SASL_AUX_UIDNUM "uidNumber" /* UID number for the user */
#define SASL_AUX_GIDNUM "gidNumber" /* GID for the user */ #define SASL_AUX_GIDNUM "gidNumber" /* GID for the user */
#define SASL_AUX_FULLNAME "gecos" /* full name of the user, unix-style */ #define SASL_AUX_FULLNAME "gecos" /* full name of the user, unix-style */
#define SASL_AUX_HOMEDIR "homeDirectory" /* home directory for user */ #define SASL_AUX_HOMEDIR "homeDirectory" /* home directory for user */
#define SASL_AUX_SHELL "loginShell" /* login shell for the user */ #define SASL_AUX_SHELL "loginShell" /* login shell for the user */
/* optional additional items (not necessarily implemented) */ /* optional additional items (not necessarily implemented) */
 End of changes. 10 change blocks. 
2 lines changed or deleted 64 lines changed or added


 saslplug.h   saslplug.h 
skipping to change at line 36 skipping to change at line 36
* conn -- the connection to lookup a callback for * conn -- the connection to lookup a callback for
* callbacknum -- the number of the callback * callbacknum -- the number of the callback
* output: * output:
* pproc -- pointer to the callback function (set to NULL on failure ) * pproc -- pointer to the callback function (set to NULL on failure )
* pcontext -- pointer to the callback context (set to NULL on failure) * pcontext -- pointer to the callback context (set to NULL on failure)
* returns: * returns:
* SASL_OK -- no error * SASL_OK -- no error
* SASL_FAIL -- unable to find a callback of the requested type * SASL_FAIL -- unable to find a callback of the requested type
* SASL_INTERACT -- caller must use interaction to get data * SASL_INTERACT -- caller must use interaction to get data
*/ */
typedef int (*sasl_callback_ft)(void);
typedef int sasl_getcallback_t(sasl_conn_t *conn, typedef int sasl_getcallback_t(sasl_conn_t *conn,
unsigned long callbackid, unsigned long callbackid,
int (**pproc)(), sasl_callback_ft * pproc,
void **pcontext); void **pcontext);
/* The sasl_utils structure will remain backwards compatible unless /* The sasl_utils structure will remain backwards compatible unless
* the SASL_*_PLUG_VERSION is changed incompatibly * the SASL_*_PLUG_VERSION is changed incompatibly
* higher SASL_UTILS_VERSION numbers indicate more functions are available * higher SASL_UTILS_VERSION numbers indicate more functions are available
*/ */
#define SASL_UTILS_VERSION 4 #define SASL_UTILS_VERSION 4
/* utility function set for plug-ins /* utility function set for plug-ins
*/ */
skipping to change at line 135 skipping to change at line 136
* than 512 octets if it securely truncates the message. * than 512 octets if it securely truncates the message.
* *
* level is a SASL_LOG_* level (see sasl.h) * level is a SASL_LOG_* level (see sasl.h)
*/ */
void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...); void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...);
/* callback to sasl_seterror() */ /* callback to sasl_seterror() */
void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, .. .); void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, .. .);
/* spare function pointer */ /* spare function pointer */
int *(*spare_fptr)(); int *(*spare_fptr)(void);
/* auxiliary property utilities */ /* auxiliary property utilities */
struct propctx *(*prop_new)(unsigned estimate); struct propctx *(*prop_new)(unsigned estimate);
int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx); int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx);
int (*prop_request)(struct propctx *ctx, const char **names); int (*prop_request)(struct propctx *ctx, const char **names);
const struct propval *(*prop_get)(struct propctx *ctx); const struct propval *(*prop_get)(struct propctx *ctx);
int (*prop_getnames)(struct propctx *ctx, const char **names, int (*prop_getnames)(struct propctx *ctx, const char **names,
struct propval *vals); struct propval *vals);
void (*prop_clear)(struct propctx *ctx, int requests); void (*prop_clear)(struct propctx *ctx, int requests);
void (*prop_dispose)(struct propctx **ctx); void (*prop_dispose)(struct propctx **ctx);
skipping to change at line 157 skipping to change at line 158
char *outbuf, unsigned outmax, unsigned *outlen); char *outbuf, unsigned outmax, unsigned *outlen);
int (*prop_set)(struct propctx *ctx, const char *name, int (*prop_set)(struct propctx *ctx, const char *name,
const char *value, int vallen); const char *value, int vallen);
int (*prop_setvals)(struct propctx *ctx, const char *name, int (*prop_setvals)(struct propctx *ctx, const char *name,
const char **values); const char **values);
void (*prop_erase)(struct propctx *ctx, const char *name); void (*prop_erase)(struct propctx *ctx, const char *name);
int (*auxprop_store)(sasl_conn_t *conn, int (*auxprop_store)(sasl_conn_t *conn,
struct propctx *ctx, const char *user); struct propctx *ctx, const char *user);
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int (*spare_fptr2)(); int (*spare_fptr2)(void);
} sasl_utils_t; } sasl_utils_t;
/* /*
* output parameters from SASL API * output parameters from SASL API
* *
* created / destroyed by the glue code, though probably filled in * created / destroyed by the glue code, though probably filled in
* by a combination of the plugin, the glue code, and the canon_user callba ck. * by a combination of the plugin, the glue code, and the canon_user callba ck.
* *
*/ */
typedef struct sasl_out_params { typedef struct sasl_out_params {
skipping to change at line 196 skipping to change at line 197
const char **output, unsigned *outputlen); const char **output, unsigned *outputlen);
void *decode_context; void *decode_context;
int (*decode)(void *context, const char *input, unsigned inputlen, int (*decode)(void *context, const char *input, unsigned inputlen,
const char **output, unsigned *outputlen); const char **output, unsigned *outputlen);
/* Pointer to delegated (client's) credentials, if supported by /* Pointer to delegated (client's) credentials, if supported by
the SASL mechanism */ the SASL mechanism */
void *client_creds; void *client_creds;
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
void *spare_ptr2; const void *gss_peer_name;
void *spare_ptr3; const void *gss_local_name;
void *spare_ptr4; const char *cbindingname; /* channel binding name from packet */
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int (*spare_fptr2)(); int (*spare_fptr2)(void);
int spare_int1; unsigned int cbindingdisp; /* channel binding disposition from client
*/
int spare_int2; int spare_int2;
int spare_int3; int spare_int3;
int spare_int4; int spare_int4;
/* set to 0 initially, this allows a plugin with extended parameters /* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters * to work with an older framework by updating version as parameters
* are added. * are added.
*/ */
int param_version; int param_version;
} sasl_out_params_t; } sasl_out_params_t;
/* Used by both client and server side plugins */ /* Used by both client and server side plugins */
typedef enum { typedef enum {
SASL_INFO_LIST_START = 0, SASL_INFO_LIST_START = 0,
SASL_INFO_LIST_MECH, SASL_INFO_LIST_MECH,
SASL_INFO_LIST_END SASL_INFO_LIST_END
} sasl_info_callback_stage_t; } sasl_info_callback_stage_t;
/****************************** /******************************
* Channel binding macros **
******************************/
typedef enum {
SASL_CB_DISP_NONE = 0, /* client did not support CB */
SASL_CB_DISP_WANT, /* client supports CB, thinks server do
es not */
SASL_CB_DISP_USED /* client supports and used CB */
} sasl_cbinding_disp_t;
/* TRUE if channel binding is non-NULL */
#define SASL_CB_PRESENT(params) ((params)->cbinding != NULL)
/* TRUE if channel binding is marked critical */
#define SASL_CB_CRITICAL(params) (SASL_CB_PRESENT(params) && \
(params)->cbinding->critical)
/******************************
* Client Mechanism Functions * * Client Mechanism Functions *
******************************/ ******************************/
/* /*
* input parameters to client SASL plugin * input parameters to client SASL plugin
* *
* created / destroyed by the glue code * created / destroyed by the glue code
* *
*/ */
typedef struct sasl_client_params { typedef struct sasl_client_params {
skipping to change at line 253 skipping to change at line 270
unsigned slen; /* length of serverFQDN */ unsigned slen; /* length of serverFQDN */
unsigned clen; /* length of clientFQDN */ unsigned clen; /* length of clientFQDN */
unsigned iploclen; /* length of iplocalport */ unsigned iploclen; /* length of iplocalport */
unsigned ipremlen; /* length of ipremoteport */ unsigned ipremlen; /* length of ipremoteport */
/* application's security requirements & info */ /* application's security requirements & info */
sasl_security_properties_t props; sasl_security_properties_t props;
sasl_ssf_t external_ssf; /* external SSF active */ sasl_ssf_t external_ssf; /* external SSF active */
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
void *spare_ptr1; const void *gss_creds; /* GSS credential handle */
void *spare_ptr2; const sasl_channel_binding_t *cbinding; /* client channel binding */
void *spare_ptr3; const sasl_http_request_t *http_request;/* HTTP Digest request method *
/
void *spare_ptr4; void *spare_ptr4;
/* Canonicalize a user name from on-wire to internal format /* Canonicalize a user name from on-wire to internal format
* added rjs3 2001-05-23 * added rjs3 2001-05-23
* Must be called once user name aquired if canon_user is non-NULL. * Must be called once user name aquired if canon_user is non-NULL.
* conn connection context * conn connection context
* in user name from wire protocol (need not be NUL terminate d) * in user name from wire protocol (need not be NUL terminate d)
* len length of user name from wire protocol (0 = strlen(user )) * len length of user name from wire protocol (0 = strlen(user ))
* flags for SASL_CU_* flags * flags for SASL_CU_* flags
* oparams the user, authid, ulen, alen, fields are * oparams the user, authid, ulen, alen, fields are
skipping to change at line 286 skipping to change at line 303
* SASL_OK -- success * SASL_OK -- success
* SASL_NOMEM -- out of memory * SASL_NOMEM -- out of memory
* SASL_BADPARAM -- invalid conn * SASL_BADPARAM -- invalid conn
* SASL_BADPROT -- invalid user/authid * SASL_BADPROT -- invalid user/authid
*/ */
int (*canon_user)(sasl_conn_t *conn, int (*canon_user)(sasl_conn_t *conn,
const char *in, unsigned len, const char *in, unsigned len,
unsigned flags, unsigned flags,
sasl_out_params_t *oparams); sasl_out_params_t *oparams);
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int spare_int1; unsigned int cbindingdisp;
int spare_int2; int spare_int2;
int spare_int3; int spare_int3;
/* flags field as passed to sasl_client_new */ /* flags field as passed to sasl_client_new */
unsigned flags; unsigned flags;
/* set to 0 initially, this allows a plugin with extended parameters /* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters * to work with an older framework by updating version as parameters
* are added. * are added.
*/ */
int param_version; int param_version;
} sasl_client_params_t; } sasl_client_params_t;
/* features shared between client and server */ /* features shared between client and server */
/* These allow the glue code to handle client-first and server-last issues */ /* These allow the glue code to handle client-first and server-last issues */
/* This indicates that the mechanism prefers to do client-send-first /* This indicates that the mechanism prefers to do client-send-first
* if the protocol allows it. */ * if the protocol allows it. */
#define SASL_FEAT_WANT_CLIENT_FIRST 0x0002 #define SASL_FEAT_WANT_CLIENT_FIRST 0x0002
/* This feature is deprecated, instead, plugins should set *serverout to /* This feature is deprecated. Instead, plugins should set *serverout to
* non-NULL and return SASL_OK intelligently to allow flexible use of * non-NULL and return SASL_OK intelligently to allow flexible use of
* server-last semantics */ * server-last semantics
/* #define SASL_FEAT_WANT_SERVER_LAST 0x0004 */ #define SASL_FEAT_WANT_SERVER_LAST 0x0004
*/
/* This feature is deprecated, instead plugins should correctly set
* SASL_FEAT_SERVER_FIRST as needed */ /* This feature is deprecated. Instead, plugins should correctly set
/* #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ * SASL_FEAT_SERVER_FIRST as needed
#define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008
*/
/* This indicates that the plugin is server-first only. /* This indicates that the plugin is server-first only.
* Not defining either of SASL_FEAT_SERVER_FIRST or * Not defining either of SASL_FEAT_SERVER_FIRST or
* SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism will take care * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism
* of the client-first situation internally. * will handle the client-first situation internally.
*/ */
#define SASL_FEAT_SERVER_FIRST 0x0010 #define SASL_FEAT_SERVER_FIRST 0x0010
/* This plugin allows proxying */ /* This plugin allows proxying */
#define SASL_FEAT_ALLOWS_PROXY 0x0020 #define SASL_FEAT_ALLOWS_PROXY 0x0020
/* server plugin don't use cleartext userPassword attribute */
#define SASL_FEAT_DONTUSE_USERPASSWD 0x0080
/* Underlying mechanism uses GSS framing */
#define SASL_FEAT_GSS_FRAMING 0x0100
/* Underlying mechanism supports channel binding */
#define SASL_FEAT_CHANNEL_BINDING 0x0800
/* This plugin can be used for HTTP authentication */
#define SASL_FEAT_SUPPORTS_HTTP 0x1000
/* client plug-in features */ /* client plug-in features */
#define SASL_FEAT_NEEDSERVERFQDN 0x0001 #define SASL_FEAT_NEEDSERVERFQDN 0x0001
/* a C object for a client mechanism /* a C object for a client mechanism
*/ */
typedef struct sasl_client_plug { typedef struct sasl_client_plug {
/* mechanism name */ /* mechanism name */
const char *mech_name; const char *mech_name;
/* best mech additional security layer strength factor */ /* best mech additional security layer strength factor */
sasl_ssf_t max_ssf; sasl_ssf_t max_ssf;
skipping to change at line 400 skipping to change at line 431
/* perform precalculations during a network round-trip /* perform precalculations during a network round-trip
* or idle period. conn_context may be NULL * or idle period. conn_context may be NULL
* returns 1 if action taken, 0 if no action taken * returns 1 if action taken, 0 if no action taken
*/ */
int (*idle)(void *glob_context, int (*idle)(void *glob_context,
void *conn_context, void *conn_context,
sasl_client_params_t *cparams); sasl_client_params_t *cparams);
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int (*spare_fptr2)(); int (*spare_fptr2)(void);
} sasl_client_plug_t; } sasl_client_plug_t;
#define SASL_CLIENT_PLUG_VERSION 4 #define SASL_CLIENT_PLUG_VERSION 4
/* plug-in entry point: /* plug-in entry point:
* utils -- utility callback functions * utils -- utility callback functions
* max_version -- highest client plug version supported * max_version -- highest client plug version supported
* returns: * returns:
* out_version -- client plug version of result * out_version -- client plug version of result
* pluglist -- list of mechanism plug-ins * pluglist -- list of mechanism plug-ins
skipping to change at line 547 skipping to change at line 578
* *
* NOTE: these properties are the ones associated with the * NOTE: these properties are the ones associated with the
* canonicalized "user" (user to login as / authorization id), not * canonicalized "user" (user to login as / authorization id), not
* the "authid" (user whose credentials are used / authentication id) * the "authid" (user whose credentials are used / authentication id)
* Prefix the property name with a "*" if a property associated with * Prefix the property name with a "*" if a property associated with
* the "authid" is interesting. * the "authid" is interesting.
*/ */
struct propctx *propctx; struct propctx *propctx;
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
void *spare_ptr1; const void *gss_creds; /* GSS credential handle */
void *spare_ptr2; const sasl_channel_binding_t *cbinding; /* server channel binding */
void *spare_ptr3; const sasl_http_request_t *http_request;/* HTTP Digest request method *
/
void *spare_ptr4; void *spare_ptr4;
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int (*spare_fptr2)(); int (*spare_fptr2)(void);
int spare_int1; int spare_int1;
int spare_int2; int spare_int2;
int spare_int3; int spare_int3;
/* flags field as passed to sasl_server_new */ /* flags field as passed to sasl_server_new */
unsigned flags; unsigned flags;
/* set to 0 initially, this allows a plugin with extended parameters /* set to 0 initially, this allows a plugin with extended parameters
* to work with an older framework by updating version as parameters * to work with an older framework by updating version as parameters
* are added. * are added.
skipping to change at line 736 skipping to change at line 767
* returns SASL_OK on success, * returns SASL_OK on success,
* SASL_NOTDONE if mech is not available now, but may be later * SASL_NOTDONE if mech is not available now, but may be later
* (e.g. EXTERNAL w/o auth_id) * (e.g. EXTERNAL w/o auth_id)
* SASL_NOMECH if mech disabled * SASL_NOMECH if mech disabled
*/ */
int (*mech_avail)(void *glob_context, int (*mech_avail)(void *glob_context,
sasl_server_params_t *sparams, sasl_server_params_t *sparams,
void **conn_context); void **conn_context);
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr2)(); int (*spare_fptr2)(void);
} sasl_server_plug_t; } sasl_server_plug_t;
#define SASL_SERVER_PLUG_VERSION 4 #define SASL_SERVER_PLUG_VERSION 4
/* plug-in entry point: /* plug-in entry point:
* utils -- utility callback functions * utils -- utility callback functions
* plugname -- name of plug-in (may be NULL) * plugname -- name of plug-in (may be NULL)
* max_version -- highest server plug version supported * max_version -- highest server plug version supported
* returns: * returns:
* out_version -- server plug-in version of result * out_version -- server plug-in version of result
skipping to change at line 839 skipping to change at line 870
unsigned out_umax, unsigned *out_ulen); unsigned out_umax, unsigned *out_ulen);
int (*canon_user_client)(void *glob_context, int (*canon_user_client)(void *glob_context,
sasl_client_params_t *cparams, sasl_client_params_t *cparams,
const char *user, unsigned len, const char *user, unsigned len,
unsigned flags, unsigned flags,
char *out, char *out,
unsigned out_max, unsigned *out_len); unsigned out_max, unsigned *out_len);
/* for additions which don't require a version upgrade; set to 0 */ /* for additions which don't require a version upgrade; set to 0 */
int (*spare_fptr1)(); int (*spare_fptr1)(void);
int (*spare_fptr2)(); int (*spare_fptr2)(void);
int (*spare_fptr3)(); int (*spare_fptr3)(void);
} sasl_canonuser_plug_t; } sasl_canonuser_plug_t;
#define SASL_CANONUSER_PLUG_VERSION 5 #define SASL_CANONUSER_PLUG_VERSION 5
/* default name for canonuser plug-in entry point is "sasl_canonuser_init" /* default name for canonuser plug-in entry point is "sasl_canonuser_init"
* similar to sasl_server_plug_init model, except only returns one * similar to sasl_server_plug_init model, except only returns one
* sasl_canonuser_plug_t structure; * sasl_canonuser_plug_t structure;
*/ */
typedef int sasl_canonuser_init_t(const sasl_utils_t *utils, typedef int sasl_canonuser_init_t(const sasl_utils_t *utils,
int max_version, int max_version,
skipping to change at line 882 skipping to change at line 913
/* global state for plugin */ /* global state for plugin */
void *glob_context; void *glob_context;
/* free global state for plugin (OPTIONAL) */ /* free global state for plugin (OPTIONAL) */
void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils); void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils);
/* fill in fields of an auxiliary property context /* fill in fields of an auxiliary property context
* last element in array has id of SASL_AUX_END * last element in array has id of SASL_AUX_END
* elements with non-0 len should be ignored. * elements with non-0 len should be ignored.
*/ */
void (*auxprop_lookup)(void *glob_context, int (*auxprop_lookup)(void *glob_context,
sasl_server_params_t *sparams, sasl_server_params_t *sparams,
unsigned flags, unsigned flags,
const char *user, unsigned ulen); const char *user, unsigned ulen);
/* name of the auxprop plugin */ /* name of the auxprop plugin */
char *name; char *name;
/* store the fields/values of an auxiliary property context (OPTIONAL) /* store the fields/values of an auxiliary property context (OPTIONAL)
* *
* if ctx is NULL, just check if storing properties is enabled * if ctx is NULL, just check if storing properties is enabled
skipping to change at line 913 skipping to change at line 944
/* auxprop lookup flags */ /* auxprop lookup flags */
#define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties #define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties
* with non-zero len field. If set, * with non-zero len field. If set,
* override value of those properties */ * override value of those properties */
#define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the #define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the
* authid flags (prefixed with *), otherw ise * authid flags (prefixed with *), otherw ise
* we are looking up the authzid flags * we are looking up the authzid flags
* (no prefix) */ * (no prefix) */
#define SASL_AUXPROP_PLUG_VERSION 4 /* NOTE: Keep in sync with SASL_CU_<XXX> flags */
#define SASL_AUXPROP_VERIFY_AGAINST_HASH 0x10
#define SASL_AUXPROP_PLUG_VERSION 8
/* default name for auxprop plug-in entry point is "sasl_auxprop_init" /* default name for auxprop plug-in entry point is "sasl_auxprop_init"
* similar to sasl_server_plug_init model, except only returns one * similar to sasl_server_plug_init model, except only returns one
* sasl_auxprop_plug_t structure; * sasl_auxprop_plug_t structure;
*/ */
typedef int sasl_auxprop_init_t(const sasl_utils_t *utils, typedef int sasl_auxprop_init_t(const sasl_utils_t *utils,
int max_version, int max_version,
int *out_version, int *out_version,
sasl_auxprop_plug_t **plug, sasl_auxprop_plug_t **plug,
const char *plugname); const char *plugname);
 End of changes. 23 change blocks. 
41 lines changed or deleted 79 lines changed or added


 saslutil.h   saslutil.h 
skipping to change at line 80 skipping to change at line 80
/* churn data into random number generator */ /* churn data into random number generator */
LIBSASL_API void sasl_churn(sasl_rand_t *rpool, const char *data, LIBSASL_API void sasl_churn(sasl_rand_t *rpool, const char *data,
unsigned len); unsigned len);
/* erase a security sensitive buffer or password. /* erase a security sensitive buffer or password.
* Implementation may use recovery-resistant erase logic. * Implementation may use recovery-resistant erase logic.
*/ */
LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len); LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len);
/* Lowercase string in place */
LIBSASL_API char *sasl_strlower (char *val);
LIBSASL_API int sasl_config_init(const char *filename);
#ifdef WIN32 #ifdef WIN32
/* Just in case a different DLL defines this as well */ /* Just in case a different DLL defines this as well */
#if defined(NEED_GETOPT) #if defined(NEED_GETOPT)
LIBSASL_API int getopt(int argc, char **argv, char *optstring); LIBSASL_API int getopt(int argc, char **argv, char *optstring);
#endif #endif
LIBSASL_API char * getpass(const char *prompt); LIBSASL_API char * getpass(const char *prompt);
#endif /* WIN32 */ #endif /* WIN32 */
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 1 change blocks. 
0 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/