| sasl.h | sasl.h | |||
|---|---|---|---|---|
| skipping to change at line 124 | skipping to change at line 124 | |||
| * | * | |||
| * If the server forbids the use of "@" in user names for other | * If the server forbids the use of "@" in user names for other | |||
| * purposes, this simplifies security validation. | * purposes, this simplifies security validation. | |||
| */ | */ | |||
| #ifndef SASL_H | #ifndef SASL_H | |||
| #define SASL_H 1 | #define SASL_H 1 | |||
| #define SASL_VERSION_MAJOR 2 | #define SASL_VERSION_MAJOR 2 | |||
| #define SASL_VERSION_MINOR 1 | #define SASL_VERSION_MINOR 1 | |||
| #define SASL_VERSION_STEP 6 | #define SASL_VERSION_STEP 8 | |||
| #include "prop.h" | #include "prop.h" | |||
| #define LIBSASL_API | #define LIBSASL_API | |||
| /************* | /************* | |||
| * Basic API * | * Basic API * | |||
| *************/ | *************/ | |||
| /* SASL result codes: */ | /* SASL result codes: */ | |||
| #define SASL_CONTINUE 1 /* another step is needed in authentication */ | #define SASL_CONTINUE 1 /* another step is needed in authentication */ | |||
| skipping to change at line 258 | skipping to change at line 258 | |||
| * 56 = DES | * 56 = DES | |||
| * 112 = triple-DES | * 112 = triple-DES | |||
| * 128 = 128-bit RC2/RC4/BLOWFISH | * 128 = 128-bit RC2/RC4/BLOWFISH | |||
| * 256 = baseline AES | * 256 = baseline AES | |||
| */ | */ | |||
| typedef unsigned sasl_ssf_t; | typedef unsigned sasl_ssf_t; | |||
| /* usage flags provided to sasl_server_new and sasl_client_new: | /* usage flags provided to sasl_server_new and sasl_client_new: | |||
| */ | */ | |||
| #define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */ | #define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */ | |||
| #define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */ | ||||
| /*************************** | /*************************** | |||
| * Security Property Types * | * Security Property Types * | |||
| ***************************/ | ***************************/ | |||
| /* Structure specifying the client or server's security policy | /* Structure specifying the client or server's security policy | |||
| * and optional additional properties. | * and optional additional properties. | |||
| */ | */ | |||
| /* These are the various security flags apps can specify. */ | /* These are the various security flags apps can specify. */ | |||
| skipping to change at line 698 | skipping to change at line 699 | |||
| /* or set with setprop */ | /* or set with setprop */ | |||
| #define SASL_GETOPTCTX 4 /* context for getopt callback */ | #define SASL_GETOPTCTX 4 /* context for getopt callback */ | |||
| #define SASL_CALLBACK 7 /* current callback function list */ | #define SASL_CALLBACK 7 /* current callback function list */ | |||
| #define SASL_IPLOCALPORT 8 /* iplocalport string passed to server_new * / | #define SASL_IPLOCALPORT 8 /* iplocalport string passed to server_new * / | |||
| #define SASL_IPREMOTEPORT 9 /* ipremoteport string passed to server_new */ | #define SASL_IPREMOTEPORT 9 /* ipremoteport string passed to server_new */ | |||
| #define SASL_SERVICE 12 /* service passed to sasl_*_new */ | #define SASL_SERVICE 12 /* service passed to sasl_*_new */ | |||
| #define SASL_SERVERFQDN 13 /* serverFQDN passed to sasl_*_new */ | #define SASL_SERVERFQDN 13 /* serverFQDN passed to sasl_*_new */ | |||
| #define SASL_AUTHSOURCE 14 /* name of auth source last used, useful | #define SASL_AUTHSOURCE 14 /* name of auth source last used, useful | |||
| * for failed authentication tracking */ | * for failed authentication tracking */ | |||
| #define SASL_MECHNAME 15 /* active mechanism name, if any */ | #define SASL_MECHNAME 15 /* active mechanism name, if any */ | |||
| #define SASL_AUTHUSER 16 /* authentication/admin user */ | ||||
| /* This returns a string which is either empty or has an error message | /* This returns a string which is either empty or has an error message | |||
| * from sasl_seterror (e.g., from a plug-in or callback). It differs | * from sasl_seterror (e.g., from a plug-in or callback). It differs | |||
| * from the result of sasl_errdetail() which also takes into account the | * from the result of sasl_errdetail() which also takes into account the | |||
| * last return status code. | * last return status code. | |||
| */ | */ | |||
| #define SASL_PLUGERR 10 | #define SASL_PLUGERR 10 | |||
| /* set property in SASL connection state | /* set property in SASL connection state | |||
| * returns: | * returns: | |||
| skipping to change at line 1133 | skipping to change at line 1135 | |||
| * SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF | * SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF | |||
| * or no security layer | * or no security layer | |||
| */ | */ | |||
| LIBSASL_API int sasl_encodev(sasl_conn_t *conn, | LIBSASL_API int sasl_encodev(sasl_conn_t *conn, | |||
| const struct iovec *invec, unsigned numiov, | const struct iovec *invec, unsigned numiov, | |||
| const char **output, unsigned *outputlen); | const char **output, unsigned *outputlen); | |||
| /* decode a block of data received using security layer | /* decode a block of data received using security layer | |||
| * returning the input buffer if there is no security layer. | * returning the input buffer if there is no security layer. | |||
| * output is only valid until next call to sasl_decode | * output is only valid until next call to sasl_decode | |||
| * | ||||
| * if outputlen is 0 on return, than the value of output is undefined. | ||||
| * | ||||
| * returns: | * returns: | |||
| * SASL_OK -- success (returns input if no layer negotiated) | * SASL_OK -- success (returns input if no layer negotiated) | |||
| * SASL_NOTDONE -- security layer negotiation not finished | * SASL_NOTDONE -- security layer negotiation not finished | |||
| * SASL_BADMAC -- bad message integrity check | * SASL_BADMAC -- bad message integrity check | |||
| */ | */ | |||
| LIBSASL_API int sasl_decode(sasl_conn_t *conn, | LIBSASL_API int sasl_decode(sasl_conn_t *conn, | |||
| const char *input, unsigned inputlen, | const char *input, unsigned inputlen, | |||
| const char **output, unsigned *outputlen); | const char **output, unsigned *outputlen); | |||
| #endif /* SASL_H */ | #endif /* SASL_H */ | |||
| End of changes. 4 change blocks. | ||||
| 1 lines changed or deleted | 6 lines changed or added | |||
| saslplug.h | saslplug.h | |||
|---|---|---|---|---|
| skipping to change at line 307 | skipping to change at line 307 | |||
| * SASL_FEAT_SERVER_FIRST as needed */ | * SASL_FEAT_SERVER_FIRST as needed */ | |||
| /* #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ | /* #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ | |||
| /* This indicates that the plugin is server-first only. | /* This indicates that the plugin is server-first only. | |||
| * Not defining either of SASL_FEAT_SERVER_FIRST or | * Not defining either of SASL_FEAT_SERVER_FIRST or | |||
| * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism will take care | * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism will take care | |||
| * of the client-first situation internally. | * of the client-first situation internally. | |||
| */ | */ | |||
| #define SASL_FEAT_SERVER_FIRST 0x0010 | #define SASL_FEAT_SERVER_FIRST 0x0010 | |||
| /* This plugin allows proxying */ | ||||
| #define SASL_FEAT_ALLOWS_PROXY 0x0020 | ||||
| /* client plug-in features */ | /* client plug-in features */ | |||
| #define SASL_FEAT_NEEDSERVERFQDN 0x0001 | #define SASL_FEAT_NEEDSERVERFQDN 0x0001 | |||
| /* a C object for a client mechanism | /* a C object for a client mechanism | |||
| */ | */ | |||
| typedef struct sasl_client_plug { | typedef struct sasl_client_plug { | |||
| /* mechanism name */ | /* mechanism name */ | |||
| const char *mech_name; | const char *mech_name; | |||
| /* best mech additional security layer strength factor */ | /* best mech additional security layer strength factor */ | |||
| End of changes. 1 change blocks. | ||||
| 0 lines changed or deleted | 3 lines changed or added | |||