diff options
Diffstat (limited to 'usr/src/lib/libsasl/include/saslplug.h')
| -rw-r--r-- | usr/src/lib/libsasl/include/saslplug.h | 892 |
1 files changed, 892 insertions, 0 deletions
diff --git a/usr/src/lib/libsasl/include/saslplug.h b/usr/src/lib/libsasl/include/saslplug.h new file mode 100644 index 0000000000..6bb59e8d90 --- /dev/null +++ b/usr/src/lib/libsasl/include/saslplug.h @@ -0,0 +1,892 @@ +/* + * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* saslplug.h -- API for SASL plug-ins */ + +#ifndef _SASL_SASLPLUG_H +#define _SASL_SASLPLUG_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifndef _SASL_SASL_H +#include <sasl/sasl.h> +#endif + +#ifndef _MD5_H +#include <md5.h> +#endif /* _MD5_H */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* intermediate MD5 context */ +typedef struct HMAC_MD5_CTX_s { + MD5_CTX ictx, octx; +} HMAC_MD5_CTX; + +/* + * intermediate HMAC state + * values stored in network byte order (Big Endian) + */ +typedef struct HMAC_MD5_STATE_s { + uint32_t istate[4]; + uint32_t ostate[4]; +} HMAC_MD5_STATE; + +/* + * callback to lookup a sasl_callback_t for a connection + * input: + * conn -- the connection to lookup a callback for + * callbacknum -- the number of the callback + * output: + * pproc -- pointer to the callback function (set to NULL on failure) + * pcontext -- pointer to the callback context (set to NULL on failure) + * returns: + * SASL_OK -- no error + * SASL_FAIL -- unable to find a callback of the requested type + * SASL_INTERACT -- caller must use interaction to get data + */ +typedef int sasl_getcallback_t(sasl_conn_t *conn, + unsigned long callbackid, + int (**pproc)(), + void **pcontext); + +/* + * The sasl_utils structure will remain backwards compatible unless + * the SASL_*_PLUG_VERSION is changed incompatibly + * higher SASL_UTILS_VERSION numbers indicate more functions are available + */ +#define SASL_UTILS_VERSION 4 + +/* utility function set for plug-ins */ +typedef struct sasl_utils { + int version; + + /* contexts */ + sasl_conn_t *conn; + sasl_rand_t *rpool; + void *getopt_context; + + /* option function */ + sasl_getopt_t *getopt; + + /* allocation functions: */ + sasl_malloc_t *malloc; + sasl_calloc_t *calloc; + sasl_realloc_t *realloc; + sasl_free_t *free; + + /* mutex functions: */ + sasl_mutex_alloc_t *mutex_alloc; + sasl_mutex_lock_t *mutex_lock; + sasl_mutex_unlock_t *mutex_unlock; + sasl_mutex_free_t *mutex_free; + + /* MD5 hash and HMAC functions */ + void (*MD5Init)(MD5_CTX *); + void (*MD5Update)(MD5_CTX *, const unsigned char *text, unsigned int len); + void (*MD5Final)(unsigned char [16], MD5_CTX *); + void (*hmac_md5)(const unsigned char *text, int text_len, + const unsigned char *key, int key_len, + unsigned char [16]); + void (*hmac_md5_init)(HMAC_MD5_CTX *, const unsigned char *key, int len); + /* hmac_md5_update() is just a call to MD5Update on inner context */ + void (*hmac_md5_final)(unsigned char [16], HMAC_MD5_CTX *); + void (*hmac_md5_precalc)(HMAC_MD5_STATE *, + const unsigned char *key, int len); + void (*hmac_md5_import)(HMAC_MD5_CTX *, HMAC_MD5_STATE *); + + /* mechanism utility functions (same as above): */ + int (*mkchal)(sasl_conn_t *conn, char *buf, unsigned maxlen, + unsigned hostflag); + int (*utf8verify)(const char *str, unsigned len); + void (*rand)(sasl_rand_t *rpool, char *buf, unsigned len); + void (*churn)(sasl_rand_t *rpool, const char *data, unsigned len); + + /* + * This allows recursive calls to the sasl_checkpass() routine from + * within a SASL plug-in. This MUST NOT be used in the PLAIN mechanism + * as sasl_checkpass MAY be a front-end for the PLAIN mechanism. + * This is intended for use by the non-standard LOGIN mechanism and + * potentially by a future mechanism which uses public-key technology + * to set up a lightweight encryption layer just for sending a + * password. + */ + int (*checkpass)(sasl_conn_t *conn, + const char *user, unsigned userlen, + const char *pass, unsigned passlen); + + /* Access to base64 encode/decode routines */ + int (*decode64)(const char *in, unsigned inlen, + char *out, unsigned outmax, unsigned *outlen); + int (*encode64)(const char *in, unsigned inlen, + char *out, unsigned outmax, unsigned *outlen); + + /* erase a buffer */ + void (*erasebuffer)(char *buf, unsigned len); + + /* callback to sasl_getprop() and sasl_setprop() */ + int (*getprop)(sasl_conn_t *conn, int propnum, const void **pvalue); + int (*setprop)(sasl_conn_t *conn, int propnum, const void *value); + + /* callback function */ + sasl_getcallback_t *getcallback; + + /* + * format a message and then pass it to the SASL_CB_LOG callback + * + * use syslog()-style formatting (printf with %m as most recent errno + * error). The implementation may use a fixed size buffer not smaller + * than 512 octets if it securely truncates the message. + * + * level is a SASL_LOG_* level (see sasl.h) + */ + void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...); + + /* callback to sasl_seterror() */ + void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, ...); + + /* spare function pointer */ + int *(*spare_fptr)(); + + /* auxiliary property utilities */ + struct propctx *(*prop_new)(unsigned estimate); + int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx); + int (*prop_request)(struct propctx *ctx, const char **names); + const struct propval *(*prop_get)(struct propctx *ctx); + int (*prop_getnames)(struct propctx *ctx, const char **names, + struct propval *vals); + void (*prop_clear)(struct propctx *ctx, int requests); + void (*prop_dispose)(struct propctx **ctx); + int (*prop_format)(struct propctx *ctx, const char *sep, int seplen, + char *outbuf, unsigned outmax, unsigned *outlen); + int (*prop_set)(struct propctx *ctx, const char *name, + const char *value, int vallen); + int (*prop_setvals)(struct propctx *ctx, const char *name, + const char **values); + void (*prop_erase)(struct propctx *ctx, const char *name); + + /* for additions which don't require a version upgrade; set to 0 */ + int (*spare_fptr1)(); + int (*spare_fptr2)(); + int (*spare_fptr3)(); +} sasl_utils_t; + +/* + * output parameters from SASL API + * + * created / destroyed by the glue code, though probably filled in + * by a combination of the plugin, the glue code, and the canon_user callback. + * + */ +typedef struct sasl_out_params { + unsigned doneflag; /* exchange complete */ + + const char *user; /* canonicalized user name */ + const char *authid; /* canonicalized authentication id */ + + unsigned ulen; /* length of canonicalized user name */ + unsigned alen; /* length of canonicalized authid */ + + /* security layer information */ + unsigned maxoutbuf; + sasl_ssf_t mech_ssf; /* Should be set non-zero if negotiation of a */ + /* security layer was *attempted*, even if */ + /* the negotiation failed */ + void *encode_context; + int (*encode)(void *context, const struct iovec *invec, unsigned numiov, + const char **output, unsigned *outputlen); + void *decode_context; + int (*decode)(void *context, const char *input, unsigned inputlen, + const char **output, unsigned *outputlen); + + /* for additions which don't require a version upgrade; set to 0 */ + void *spare_ptr1; + void *spare_ptr2; + void *spare_ptr3; + void *spare_ptr4; + int (*spare_fptr1)(); + int (*spare_fptr2)(); + int spare_int1; + int spare_int2; + int spare_int3; + int spare_int4; + + /* + * set to 0 initially, this allows a plugin with extended parameters + * to work with an older framework by updating version as parameters + * are added. + */ + int param_version; +} sasl_out_params_t; + +/* + * Client Mechanism Functions + */ + +/* + * input parameters to client SASL plugin + * + * created / destroyed by the glue code + * + */ +typedef struct sasl_client_params { + const char *service; /* service name */ + const char *serverFQDN; /* server fully qualified domain name */ + const char *clientFQDN; /* client's fully qualified domain name */ + const sasl_utils_t *utils; /* SASL API utility routines -- */ + /* for a particular sasl_conn_t, */ + /* MUST remain valid until mech_free is */ + /* called */ + const sasl_callback_t *prompt_supp; /* client callback list */ + const char *iplocalport; /* server IP domain literal & port */ + const char *ipremoteport; /* client IP domain literal & port */ + + unsigned servicelen; /* length of service */ + unsigned slen; /* length of serverFQDN */ + unsigned clen; /* length of clientFQDN */ + unsigned iploclen; /* length of iplocalport */ + unsigned ipremlen; /* length of ipremoteport */ + + /* application's security requirements & info */ + sasl_security_properties_t props; + sasl_ssf_t external_ssf; /* external SSF active */ + + /* for additions which don't require a version upgrade; set to 0 */ + void *spare_ptr1; + void *spare_ptr2; + void *spare_ptr3; + void *spare_ptr4; + + /* + * Canonicalize a user name from on-wire to internal format + * added rjs3 2001-05-23 + * Must be called once user name aquired if canon_user is non-NULL. + * conn connection context + * in user name from wire protocol (need not be NUL terminated) + * len length of user name from wire protocol (0 = strlen(user)) + * flags for SASL_CU_* flags + * oparams the user, authid, ulen, alen, fields are + * set appropriately after canonicalization/copying and + * authorization of arguments + * + * responsible for setting user, ulen, authid, and alen in the oparams + * structure + * + * default behavior is to strip leading and trailing whitespace, as + * well as allocating space for and copying the parameters. + * + * results: + * SASL_OK -- success + * SASL_NOMEM -- out of memory + * SASL_BADPARAM -- invalid conn + * SASL_BADPROT -- invalid user/authid + */ + int (*canon_user)(sasl_conn_t *conn, + const char *in, unsigned len, + unsigned flags, + sasl_out_params_t *oparams); + + int (*spare_fptr1)(); + + int spare_int1; + int spare_int2; + int spare_int3; + + /* flags field as passed to sasl_client_new */ + unsigned flags; + + /* + * set to 0 initially, this allows a plugin with extended parameters + * to work with an older framework by updating version as parameters + * are added. + */ + int param_version; +} sasl_client_params_t; + +/* features shared between client and server */ +/* These allow the glue code to handle client-first and server-last issues */ + +/* + * This indicates that the mechanism prefers to do client-send-first + * if the protocol allows it. + */ +#define SASL_FEAT_WANT_CLIENT_FIRST 0x0002 + +/* + * This feature is deprecated, instead, plugins should set *serverout to + * non-NULL and return SASL_OK intelligently to allow flexible use of + * server-last semantics + */ +/* #define SASL_FEAT_WANT_SERVER_LAST 0x0004 */ + +/* + * This feature is deprecated, instead plugins should correctly set + * SASL_FEAT_SERVER_FIRST as needed + */ +/* #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ + +/* + * This indicates that the plugin is server-first only. + * Not defining either of SASL_FEAT_SERVER_FIRST or + * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism will take care + * of the client-first situation internally. + */ +#define SASL_FEAT_SERVER_FIRST 0x0010 + +/* This plugin allows proxying */ +#define SASL_FEAT_ALLOWS_PROXY 0x0020 + +/* client plug-in features */ +#define SASL_FEAT_NEEDSERVERFQDN 0x0001 + +/* a C object for a client mechanism */ +typedef struct sasl_client_plug { + /* mechanism name */ + const char *mech_name; + + /* best mech additional security layer strength factor */ + sasl_ssf_t max_ssf; + + /* best security flags, as defined in sasl_security_properties_t */ + unsigned security_flags; + + /* features of plugin */ + unsigned features; + + /* required prompt ids, NULL = user/pass only */ + const unsigned long *required_prompts; + + /* global state for mechanism */ + void *glob_context; + + /* + * create context for mechanism, using params supplied + * glob_context -- from above + * params -- params from sasl_client_new + * conn_context -- context for one connection + * returns: + * SASL_OK -- success + * SASL_NOMEM -- not enough memory + * SASL_WRONGMECH -- mech doesn't support security params + */ + int (*mech_new)(void *glob_context, + sasl_client_params_t *cparams, + void **conn_context); + + /* + * perform one step of exchange. NULL is passed for serverin on + * first step. + * returns: + * SASL_OK -- success + * SASL_INTERACT -- user interaction needed to fill in prompts + * SASL_BADPROT -- server protocol incorrect/cancelled + * SASL_BADSERV -- server failed mutual auth + */ + int (*mech_step)(void *conn_context, + sasl_client_params_t *cparams, + const char *serverin, + unsigned serverinlen, + sasl_interact_t **prompt_need, + const char **clientout, + unsigned *clientoutlen, + sasl_out_params_t *oparams); + + /* dispose of connection context from mech_new */ + void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); + + /* + * free all global space used by mechanism + * mech_dispose must be called on all mechanisms first + */ + void (*mech_free)(void *glob_context, const sasl_utils_t *utils); + + /* + * perform precalculations during a network round-trip + * or idle period. conn_context may be NULL + * returns 1 if action taken, 0 if no action taken + */ + int (*idle)(void *glob_context, + void *conn_context, + sasl_client_params_t *cparams); + + /* for additions which don't require a version upgrade; set to 0 */ + int (*spare_fptr1)(); + int (*spare_fptr2)(); +} sasl_client_plug_t; + +#define SASL_CLIENT_PLUG_VERSION 4 + +/* + * plug-in entry point: + * utils -- utility callback functions + * max_version -- highest client plug version supported + * returns: + * out_version -- client plug version of result + * pluglist -- list of mechanism plug-ins + * plugcount -- number of mechanism plug-ins + * results: + * SASL_OK -- success + * SASL_NOMEM -- failure + * SASL_BADVERS -- max_version too small + * SASL_BADPARAM -- bad config string + * ... + */ +typedef int sasl_client_plug_init_t(const sasl_utils_t *utils, + int max_version, + int *out_version, + sasl_client_plug_t **pluglist, + int *plugcount); + +/* add a client plug-in */ +LIBSASL_API int sasl_client_add_plugin(const char *plugname, + sasl_client_plug_init_t *cplugfunc); + +/* + * Server Functions + */ + +/* + * input parameters to server SASL plugin + * + * created / destroyed by the glue code + * + */ +typedef struct sasl_server_params { + const char *service; /* NULL = default service for user_exists */ + /* and setpass */ + const char *appname; /* name of calling application */ + const char *serverFQDN; /* server default fully qualified domain name */ + /* (e.g., gethostname) */ + const char *user_realm; /* realm for user (NULL = client supplied) */ + const char *iplocalport; /* server IP domain literal & port */ + const char *ipremoteport; /* client IP domain literal & port */ + + unsigned servicelen; /* length of service */ + unsigned applen; /* length of appname */ + unsigned slen; /* length of serverFQDN */ + unsigned urlen; /* length of user_realm */ + unsigned iploclen; /* length of iplocalport */ + unsigned ipremlen; /* length of ipremoteport */ + + /* + * This indicates the level of logging desired. See SASL_LOG_* + * in sasl.h + * + * Plug-ins can ignore this and just pass their desired level to + * the log callback. This is primarily used to eliminate logging which + * might be a performance problem (e.g., full protocol trace) and + * to select between SASL_LOG_TRACE and SASL_LOG_PASS alternatives + */ + int log_level; + + const sasl_utils_t *utils; /* SASL API utility routines -- */ + /* for a particular sasl_conn_t, */ + /* MUST remain valid until mech_free is */ + /* called */ + + const sasl_callback_t *callbacks; /* Callbacks from application */ + + /* application's security requirements */ + sasl_security_properties_t props; + sasl_ssf_t external_ssf; /* external SSF active */ + + /* + * server plug-in calls this when it first has access to the plaintext + * passphrase. This is used to transition users via setpass calls. + * If passlen is 0, it defaults to strlen(pass). + * returns 0 if no entry added, 1 if entry added + */ + int (*transition)(sasl_conn_t *conn, const char *pass, unsigned passlen); + + /* + * Canonicalize a user name from on-wire to internal format + * added cjn 1999-09-21 + * Must be called once user name aquired if canon_user is non-NULL. + * conn connection context + * user user name from wire protocol (need not be NUL terminated) + * ulen length of user name from wire protocol (0 = strlen(user)) + * flags for SASL_CU_* flags + * oparams the user, authid, ulen, alen, fields are + * set appropriately after canonicalization/copying and + * authorization of arguments + * + * responsible for setting user, ulen, authid, and alen in the oparams + * structure + * + * default behavior is to strip leading and trailing whitespace, as + * well as allocating space for and copying the parameters. + * + * results: + * SASL_OK -- success + * SASL_NOMEM -- out of memory + * SASL_BADPARAM -- invalid conn + * SASL_BADPROT -- invalid user/authid + */ + int (*canon_user)(sasl_conn_t *conn, + const char *user, unsigned ulen, + unsigned flags, + sasl_out_params_t *oparams); + + /* + * auxiliary property context (see definitions in prop.h) + * added cjn 2000-01-30 + * + * NOTE: these properties are the ones associated with the + * canonicalized "user" (user to login as / authorization id), not + * the "authid" (user whose credentials are used / authentication id) + * Prefix the property name with a "*" if a property associated with + * the "authid" is interesting. + */ + struct propctx *propctx; + + /* for additions which don't require a version upgrade; set to 0 */ + void *spare_ptr1; + void *spare_ptr2; + void *spare_ptr3; + void *spare_ptr4; + int (*spare_fptr1)(); + int (*spare_fptr2)(); + int spare_int1; + int spare_int2; + int spare_int3; + + /* flags field as passed to sasl_server_new */ + unsigned flags; + + /* + * set to 0 initially, this allows a plugin with extended parameters + * to work with an older framework by updating version as parameters + * are added. + */ + int param_version; +} sasl_server_params_t; + +/* features for server plug-in */ +#define SASL_FEAT_SERVICE 0x0200 /* service-specific passwords supported */ +#define SASL_FEAT_GETSECRET 0x0400 /* sasl_server_{get,put}secret_t */ + /* callbacks required by plug-in */ + +/* a C object for a server mechanism */ +typedef struct sasl_server_plug { + /* mechanism name */ + const char *mech_name; + + /* best mech additional security layer strength factor */ + sasl_ssf_t max_ssf; + + /* best security flags, as defined in sasl_security_properties_t */ + unsigned security_flags; + + /* features of plugin */ + unsigned features; + + /* global state for mechanism */ + void *glob_context; + + /* + * create a new mechanism handler + * glob_context -- global context + * sparams -- server config params + * challenge -- server challenge from previous instance or NULL + * challen -- length of challenge from previous instance or 0 + * out: + * conn_context -- connection context + * errinfo -- error information + * + * returns: + * SASL_OK -- successfully created mech instance + * SASL_* -- any other server error code + */ + int (*mech_new)(void *glob_context, + sasl_server_params_t *sparams, + const char *challenge, + unsigned challen, + void **conn_context); + + /* + * perform one step in exchange + * + * returns: + * SASL_OK -- success, all done + * SASL_CONTINUE -- success, one more round trip + * SASL_* -- any other server error code + */ + int (*mech_step)(void *conn_context, + sasl_server_params_t *sparams, + const char *clientin, + unsigned clientinlen, + const char **serverout, + unsigned *serveroutlen, + sasl_out_params_t *oparams); + + /* dispose of a connection state */ + void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); + + /* + * free global state for mechanism + * mech_dispose must be called on all mechanisms first + */ + void (*mech_free)(void *glob_context, const sasl_utils_t *utils); + + /* + * set a password (optional) + * glob_context -- global context + * sparams -- service, middleware utilities, etc. props ignored + * user -- user name + * pass -- password/passphrase (NULL = disable/remove/delete) + * passlen -- length of password/passphrase + * oldpass -- old password/passphrase (NULL = transition) + * oldpasslen -- length of password/passphrase + * flags -- see above + * + * returns: + * SASL_NOCHANGE -- no change was needed + * SASL_NOUSER -- no entry for user + * SASL_NOVERIFY -- no mechanism compatible entry for user + * SASL_PWLOCK -- password locked + * SASL_DIABLED -- account disabled + * etc. + */ + int (*setpass)(void *glob_context, + sasl_server_params_t *sparams, + const char *user, + const char *pass, unsigned passlen, + const char *oldpass, unsigned oldpasslen, + unsigned flags); + + /* + * query which mechanisms are available for user + * glob_context -- context + * sparams -- service, middleware utilities, etc. props ignored + * user -- NUL terminated user name + * maxmech -- max number of strings in mechlist (0 = no output) + * output: + * mechlist -- an array of C string pointers, filled in with + * mechanism names available to the user + * + * returns: + * SASL_OK -- success + * SASL_NOMEM -- not enough memory + * SASL_FAIL -- lower level failure + * SASL_DISABLED -- account disabled + * SASL_NOUSER -- user not found + * SASL_BUFOVER -- maxmech is too small + * SASL_NOVERIFY -- user found, but no mechanisms available + */ + int (*user_query)(void *glob_context, + sasl_server_params_t *sparams, + const char *user, + int maxmech, + const char **mechlist); + + /* + * perform precalculations during a network round-trip + * or idle period. conn_context may be NULL (optional) + * returns 1 if action taken, 0 if no action taken + */ + int (*idle)(void *glob_context, + void *conn_context, + sasl_server_params_t *sparams); + + /* + * check if mechanism is available + * TODO - Is this correct? + * optional--if NULL, mechanism is available based on ENABLE= + * in config + * + * If this routine sets conn_context to a non-NULL value, then the call + * to mech_new will be skipped. This should not be done unless + * there's a significant performance benefit, since it can cause + * additional memory allocation in SASL core code to keep track of + * contexts potentially for multiple mechanisms. + * + * This is called by the first call to sasl_listmech() for a + * given connection context, thus for a given protocol it may + * never be called. Note that if mech_avail returns SASL_NOMECH, + * then that mechanism is considered disabled for the remainder + * of the session. + * + * returns SASL_OK on success, + * SASL_NOMECH if mech disabled + */ + int (*mech_avail)(void *glob_context, + sasl_server_params_t *sparams, + void **conn_context); + + /* for additions which don't require a version upgrade; set to 0 */ + int (*spare_fptr2)(); +} sasl_server_plug_t; + +#define SASL_SERVER_PLUG_VERSION 4 + +/* + * plug-in entry point: + * utils -- utility callback functions + * plugname -- name of plug-in (may be NULL) + * max_version -- highest server plug version supported + * returns: + * out_version -- server plug-in version of result + * pluglist -- list of mechanism plug-ins + * plugcount -- number of mechanism plug-ins + * results: + * SASL_OK -- success + * SASL_NOMEM -- failure + * SASL_BADVERS -- max_version too small + * SASL_BADPARAM -- bad config string + * ... + */ +typedef int sasl_server_plug_init_t(const sasl_utils_t *utils, + int max_version, + int *out_version, + sasl_server_plug_t **pluglist, + int *plugcount); + +/* + * add a server plug-in + */ +LIBSASL_API int sasl_server_add_plugin(const char *plugname, + sasl_server_plug_init_t *splugfunc); + +/* + * user canonicalization plug-in -- added cjn 1999-09-29 + */ + +typedef struct sasl_canonuser { + /* optional features of plugin (set to 0) */ + int features; + + /* spare integer (set to 0) */ + int spare_int1; + + /* global state for plugin */ + void *glob_context; + + /* name of plugin */ + char *name; + + /* free global state for plugin */ + void (*canon_user_free)(void *glob_context, const sasl_utils_t *utils); + + /* + * canonicalize a username + * glob_context -- global context from this structure + * sparams -- server params, note user_realm&propctx elements + * user -- user to login as (may not be NUL terminated) + * len -- length of user name (0 = strlen(user)) + * flags -- for SASL_CU_* flags + * out -- buffer to copy user name + * out_max -- max length of user name + * out_len -- set to length of user name + * + * note that the output buffers MAY be the same as the input buffers. + * + * returns + * SASL_OK on success + * SASL_BADPROT username contains invalid character + */ + int (*canon_user_server)(void *glob_context, + sasl_server_params_t *sparams, + const char *user, unsigned len, + unsigned flags, + char *out, + unsigned out_umax, unsigned *out_ulen); + + int (*canon_user_client)(void *glob_context, + sasl_client_params_t *cparams, + const char *user, unsigned len, + unsigned flags, + char *out, + unsigned out_max, unsigned *out_len); + + /* for additions which don't require a version upgrade; set to 0 */ + int (*spare_fptr1)(); + int (*spare_fptr2)(); + int (*spare_fptr3)(); +} sasl_canonuser_plug_t; + +#define SASL_CANONUSER_PLUG_VERSION 5 + +/* + * default name for canonuser plug-in entry point is "sasl_canonuser_init" + * similar to sasl_server_plug_init model, except only returns one + * sasl_canonuser_plug_t structure; + */ +typedef int sasl_canonuser_init_t(const sasl_utils_t *utils, + int max_version, + int *out_version, + sasl_canonuser_plug_t **plug, + const char *plugname); + +/* add a canonuser plugin */ +LIBSASL_API int sasl_canonuser_add_plugin(const char *plugname, + sasl_canonuser_init_t *canonuserfunc); + +/* + * auxiliary property plug-in -- added cjn 1999-09-29 + */ + +typedef struct sasl_auxprop_plug { + /* optional features of plugin (none defined yet, set to 0) */ + int features; + + /* spare integer, must be set to 0 */ + int spare_int1; + + /* global state for plugin */ + void *glob_context; + + /* free global state for plugin (OPTIONAL) */ + void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils); + + /* + * fill in fields of an auxiliary property context + * last element in array has id of SASL_AUX_END + * elements with non-0 len should be ignored. + */ + void (*auxprop_lookup)(void *glob_context, + sasl_server_params_t *sparams, + unsigned flags, + const char *user, unsigned ulen); + + /* name of the auxprop plugin */ + char *name; + + /* for additions which don't require a version upgrade; set to 0 */ + void (*spare_fptr1)(); +} sasl_auxprop_plug_t; + +/* auxprop lookup flags */ +#define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties */ + /* with non-zero len field. If set, */ + /* override value of those properties */ +#define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the */ + /* authid flags (prefixed with *), */ + /* otherwise we are looking up the */ + /* authzid flags (no prefix) */ + +#define SASL_AUXPROP_PLUG_VERSION 4 + +/* + * default name for auxprop plug-in entry point is "sasl_auxprop_init" + * similar to sasl_server_plug_init model, except only returns one + * sasl_auxprop_plug_t structure; + */ +typedef int sasl_auxprop_init_t(const sasl_utils_t *utils, + int max_version, + int *out_version, + sasl_auxprop_plug_t **plug, + const char *plugname); + +/* add an auxiliary property plug-in */ +LIBSASL_API int sasl_auxprop_add_plugin(const char *plugname, + sasl_auxprop_init_t *auxpropfunc); + +#ifdef __cplusplus +} +#endif + +#endif /* _SASL_SASLPLUG_H */ |