Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

403WebShell
403Webshell
Server IP : 66.29.132.124  /  Your IP : 3.138.35.228
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/thread-self/root/proc/self/root/opt/alt/cyrus-sasl/include/sasl/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/thread-self/root/proc/self/root/opt/alt/cyrus-sasl/include/sasl/sasl.h
/* This is a proposed C API for support of SASL
 *
 *********************************IMPORTANT*******************************
 * send email to chris.newman@innosoft.com and cyrus-bugs@andrew.cmu.edu *
 * if you need to add new error codes, callback types, property values,  *
 * etc.   It is important to keep the multiple implementations of this   *
 * API from diverging.                                                   *
 *********************************IMPORTANT*******************************
 *
 * Basic Type Summary:
 *  sasl_conn_t       Context for a SASL connection negotiation
 *  sasl_ssf_t        Security layer Strength Factor
 *  sasl_callback_t   A typed client/server callback function and context
 *  sasl_interact_t   A client interaction descriptor
 *  sasl_secret_t     A client password
 *  sasl_rand_t       Random data context structure
 *  sasl_security_properties_t  An application's required security level
 *
 * Callbacks:
 *  sasl_getopt_t     client/server: Get an option value
 *  sasl_logmsg_t     client/server: Log message handler
 *  sasl_getsimple_t  client: Get user/language list
 *  sasl_getsecret_t  client: Get authentication secret
 *  sasl_chalprompt_t client: Display challenge and prompt for response
 *
 * Server only Callbacks:
 *  sasl_authorize_t             user authorization policy callback
 *  sasl_getconfpath_t           get path to search for config file
 *  sasl_server_userdb_checkpass check password and auxprops in userdb
 *  sasl_server_userdb_setpass   set password in userdb
 *  sasl_server_canon_user       canonicalize username routine
 *
 * Client/Server Function Summary:
 *  sasl_done         Release all SASL global state
 *  sasl_dispose      Connection done: Dispose of sasl_conn_t
 *  sasl_getprop      Get property (e.g., user name, security layer info)
 *  sasl_setprop      Set property (e.g., external ssf)
 *  sasl_errdetail    Generate string from last error on connection
 *  sasl_errstring    Translate sasl error code to a string
 *  sasl_encode       Encode data to send using security layer
 *  sasl_decode       Decode data received using security layer
 *  
 * Utility functions:
 *  sasl_encode64     Encode data to send using MIME base64 encoding
 *  sasl_decode64     Decode data received using MIME base64 encoding
 *  sasl_erasebuffer  Erase a buffer
 *
 * Client Function Summary:
 *  sasl_client_init  Load and initialize client plug-ins (call once)
 *  sasl_client_new   Initialize client connection context: sasl_conn_t
 *  sasl_client_start Select mechanism for connection
 *  sasl_client_step  Perform one authentication step
 *
 * Server Function Summary
 *  sasl_server_init  Load and initialize server plug-ins (call once)
 *  sasl_server_new   Initialize server connection context: sasl_conn_t
 *  sasl_listmech     Create list of available mechanisms
 *  sasl_server_start Begin an authentication exchange
 *  sasl_server_step  Perform one authentication exchange step
 *  sasl_checkpass    Check a plaintext passphrase
 *  sasl_checkapop    Check an APOP challenge/response (uses pseudo "APOP"
 *                    mechanism similar to CRAM-MD5 mechanism; optional)
 *  sasl_user_exists  Check if user exists
 *  sasl_setpass      Change a password or add a user entry
 *  sasl_auxprop_request  Request auxiliary properties
 *  sasl_auxprop_getctx   Get auxiliary property context for connection
 *  sasl_auxprop_store    Store a set of auxiliary properties
 *
 * Basic client model:
 *  1. client calls sasl_client_init() at startup to load plug-ins
 *  2. when connection formed, call sasl_client_new()
 *  3. once list of supported mechanisms received from server, client
 *     calls sasl_client_start().  goto 4a
 *  4. client calls sasl_client_step()
 * [4a. If SASL_INTERACT, fill in prompts and goto 4
 *      -- doesn't happen if callbacks provided]
 *  4b. If SASL error, goto 7 or 3
 *  4c. If SASL_OK, continue or goto 6 if last server response was success
 *  5. send message to server, wait for response
 *  5a. On data or success with server response, goto 4
 *  5b. On failure goto 7 or 3
 *  5c. On success with no server response continue
 *  6. continue with application protocol until connection closes
 *     call sasl_getprop/sasl_encode/sasl_decode() if using security layer
 *  7. call sasl_dispose(), may return to step 2
 *  8. call sasl_done() when program terminates
 *
 * Basic Server model:
 *  1. call sasl_server_init() at startup to load plug-ins
 *  2. On connection, call sasl_server_new()
 *  3. call sasl_listmech() and send list to client]
 *  4. after client AUTH command, call sasl_server_start(), goto 5a
 *  5. call sasl_server_step()
 *  5a. If SASL_CONTINUE, output to client, wait response, repeat 5
 *  5b. If SASL error, then goto 7
 *  5c. If SASL_OK, move on
 *  6. continue with application protocol until connection closes
 *     call sasl_getprop to get username
 *     call sasl_getprop/sasl_encode/sasl_decode() if using security layer
 *  7. call sasl_dispose(), may return to step 2
 *  8. call sasl_done() when program terminates
 *
 *************************************************
 * IMPORTANT NOTE: server realms / username syntax
 *
 * If a user name contains a "@", then the rightmost "@" in the user name
 * separates the account name from the realm in which this account is
 * located.  A single server may support multiple realms.  If the
 * server knows the realm at connection creation time (e.g., a server
 * with multiple IP addresses tightly binds one address to a specific
 * realm) then that realm must be passed in the user_realm field of
 * the sasl_server_new call.  If user_realm is non-empty and an
 * unqualified user name is supplied, then the canon_user facility is
 * expected to append "@" and user_realm to the user name.  The canon_user
 * facility may treat other characters such as "%" as equivalent to "@".
 *
 * If the server forbids the use of "@" in user names for other
 * purposes, this simplifies security validation.
 */

#ifndef SASL_H
#define SASL_H 1

#include <stddef.h>  /* For size_t */

/* Keep in sync with win32/common.mak */
#define SASL_VERSION_MAJOR 2
#define SASL_VERSION_MINOR 1
#define SASL_VERSION_STEP 27

/* A convenience macro: same as was defined in the OpenLDAP LDAPDB */
#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
      (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)

#include "prop.h"

/*************
 * Basic API *
 *************/

/* SASL result codes: */
#define SASL_CONTINUE    1   /* another step is needed in authentication */
#define SASL_OK          0   /* successful result */
#define SASL_FAIL       -1   /* generic failure */
#define SASL_NOMEM      -2   /* memory shortage failure */
#define SASL_BUFOVER    -3   /* overflowed buffer */
#define SASL_NOMECH     -4   /* mechanism not supported */
#define SASL_BADPROT    -5   /* bad protocol / cancel */
#define SASL_NOTDONE    -6   /* can't request info until later in exchange */
#define SASL_BADPARAM   -7   /* invalid parameter supplied */
#define SASL_TRYAGAIN   -8   /* transient failure (e.g., weak key) */
#define SASL_BADMAC	-9   /* integrity check failed */
#define SASL_NOTINIT    -12  /* SASL library not initialized */
                             /* -- client only codes -- */
#define SASL_INTERACT    2   /* needs user interaction */
#define SASL_BADSERV    -10  /* server failed mutual authentication step */
#define SASL_WRONGMECH  -11  /* mechanism doesn't support requested feature */
                             /* -- server only codes -- */
#define SASL_BADAUTH    -13  /* authentication failure */
#define SASL_NOAUTHZ    -14  /* authorization failure */
#define SASL_TOOWEAK    -15  /* mechanism too weak for this user */
#define SASL_ENCRYPT    -16  /* encryption needed to use mechanism */
#define SASL_TRANS      -17  /* One time use of a plaintext password will
				enable requested mechanism for user */
#define SASL_EXPIRED    -18  /* passphrase expired, has to be reset */
#define SASL_DISABLED   -19  /* account disabled */
#define SASL_NOUSER     -20  /* user not found */
#define SASL_BADVERS    -23  /* version mismatch with plug-in */
#define SASL_UNAVAIL    -24  /* remote authentication server unavailable */
#define SASL_NOVERIFY   -26  /* user exists, but no verifier for user */
			     /* -- codes for password setting -- */
#define SASL_PWLOCK     -21  /* passphrase locked */
#define SASL_NOCHANGE   -22  /* requested change was not needed */
#define SASL_WEAKPASS   -27  /* passphrase is too weak for security policy */
#define SASL_NOUSERPASS -28  /* user supplied passwords not permitted */
#define SASL_NEED_OLD_PASSWD -29 /* sasl_setpass needs old password in order
				    to perform password change */
#define SASL_CONSTRAINT_VIOLAT	-30 /* a property can't be stored,
				       because of some constrains/policy violation */

#define SASL_BADBINDING -32  /* channel binding failure */
#define SASL_CONFIGERR  -100 /* error when parsing configuration file */

/* max size of a sasl mechanism name */
#define SASL_MECHNAMEMAX 20

#ifdef _WIN32
/* Define to have the same layout as a WSABUF */
#ifndef STRUCT_IOVEC_DEFINED
#define STRUCT_IOVEC_DEFINED 1
struct iovec {
    long iov_len;
    char *iov_base;
};
#endif
#else
struct iovec;				     /* Defined in OS headers */
#endif


/* per-connection SASL negotiation state for client or server
 */
typedef struct sasl_conn sasl_conn_t;

/* Plain text password structure.
 *  len is the length of the password, data is the text.
 */
typedef struct sasl_secret {
    unsigned long len;
    unsigned char data[1];		/* variable sized */
} sasl_secret_t;

/* random data context structure
 */
typedef struct sasl_rand_s sasl_rand_t;

#ifdef __cplusplus
extern "C" {
#endif

/****************************
 * Configure Basic Services *
 ****************************/

/* the following functions are used to adjust how allocation and mutexes work
 * they must be called before all other SASL functions:
 */

#include <sys/types.h>

/* memory allocation functions which may optionally be replaced:
 */
typedef void *sasl_malloc_t(size_t);
typedef void *sasl_calloc_t(size_t, size_t);
typedef void *sasl_realloc_t(void *, size_t);
typedef void sasl_free_t(void *);

LIBSASL_API void sasl_set_alloc(sasl_malloc_t *,
				sasl_calloc_t *,
				sasl_realloc_t *,
				sasl_free_t *);

/* mutex functions which may optionally be replaced:
 *  sasl_mutex_alloc allocates a mutex structure
 *  sasl_mutex_lock blocks until mutex locked
 *   returns -1 on deadlock or parameter error
 *   returns 0 on success
 *  sasl_mutex_unlock unlocks mutex if it's locked
 *   returns -1 if not locked or parameter error
 *   returns 0 on success
 *  sasl_mutex_free frees a mutex structure
 */
typedef void *sasl_mutex_alloc_t(void);
typedef int sasl_mutex_lock_t(void *mutex);
typedef int sasl_mutex_unlock_t(void *mutex);
typedef void sasl_mutex_free_t(void *mutex);
LIBSASL_API void sasl_set_mutex(sasl_mutex_alloc_t *, sasl_mutex_lock_t *,
				sasl_mutex_unlock_t *, sasl_mutex_free_t *);

/*****************************
 * Security preference types *
 *****************************/

/* security layer strength factor -- an unsigned integer usable by the caller
 *  to specify approximate security layer strength desired.  Roughly
 *  correlated to effective key length for encryption.
 * 0   = no protection
 * 1   = integrity protection only
 * 40  = 40-bit DES or 40-bit RC2/RC4
 * 56  = DES
 * 112 = triple-DES
 * 128 = 128-bit RC2/RC4/BLOWFISH
 * 256 = baseline AES
 */
typedef unsigned sasl_ssf_t;

/* usage flags provided to sasl_server_new and sasl_client_new:
 */
#define SASL_SUCCESS_DATA    0x0004 /* server supports data on success */
#define SASL_NEED_PROXY      0x0008 /* require a mech that allows proxying */
#define SASL_NEED_HTTP       0x0010 /* require a mech that can do HTTP auth */

/***************************
 * Security Property Types *
 ***************************/

/* Structure specifying the client or server's security policy
 * and optional additional properties.
 */

/* These are the various security flags apps can specify. */
/* NOPLAINTEXT          -- don't permit mechanisms susceptible to simple
 *                         passive attack (e.g., PLAIN, LOGIN)
 * NOACTIVE             -- protection from active (non-dictionary) attacks
 *                         during authentication exchange.
 *                         Authenticates server.
 * NODICTIONARY         -- don't permit mechanisms susceptible to passive
 *                         dictionary attack
 * FORWARD_SECRECY      -- require forward secrecy between sessions
 *                         (breaking one won't help break next)
 * NOANONYMOUS          -- don't permit mechanisms that allow anonymous login
 * PASS_CREDENTIALS     -- require mechanisms which pass client
 *			   credentials, and allow mechanisms which can pass
 *			   credentials to do so
 * MUTUAL_AUTH          -- require mechanisms which provide mutual
 *			   authentication
 */
#define SASL_SEC_NOPLAINTEXT      0x0001
#define SASL_SEC_NOACTIVE         0x0002
#define SASL_SEC_NODICTIONARY     0x0004
#define SASL_SEC_FORWARD_SECRECY  0x0008
#define SASL_SEC_NOANONYMOUS      0x0010
#define SASL_SEC_PASS_CREDENTIALS 0x0020
#define SASL_SEC_MUTUAL_AUTH      0x0040
#define SASL_SEC_MAXIMUM          0x00FF

typedef struct sasl_security_properties 
{ 
    /* security strength factor
     *  min_ssf      = minimum acceptable final level
     *  max_ssf      = maximum acceptable final level
     */ 
    sasl_ssf_t min_ssf;
    sasl_ssf_t max_ssf;

    /* Maximum security layer receive buffer size.
     *  0=security layer not supported
     */
    unsigned maxbufsize; 
    
    /* bitfield for attacks to protect against */
    unsigned security_flags;

    /* NULL terminated array of additional property names, values */ 
    const char **property_names;
    const char **property_values;
} sasl_security_properties_t; 

/******************
 * Callback types *
 ******************/

/*
 * Extensible type for a client/server callbacks
 *  id      -- identifies callback type
 *  proc    -- procedure call arguments vary based on id
 *  context -- context passed to procedure
 */
/* Note that any memory that is allocated by the callback needs to be
 * freed by the application, be it via function call or interaction.
 *
 * It may be freed after sasl_*_step returns SASL_OK.  if the mechanism
 * requires this information to persist (for a security layer, for example)
 * it must maintain a private copy.
 */
typedef struct sasl_callback {
    /* Identifies the type of the callback function.
     * Mechanisms must ignore callbacks with id's they don't recognize.
     */
    unsigned long id;
    int (*proc)(void);   /* Callback function.  Types of arguments vary by 'id' */
    void *context;
} sasl_callback_t;

/* callback ids & functions:
 */
#define SASL_CB_LIST_END   0  /* end of list */

/* option reading callback -- this allows a SASL configuration to be
 *  encapsulated in the caller's configuration system.  Some implementations
 *  may use default config file(s) if this is omitted.  Configuration items
 *  may be plugin-specific and are arbitrary strings.
 *
 * inputs:
 *  context     -- option context from callback record
 *  plugin_name -- name of plugin (NULL = general SASL option)
 *  option      -- name of option
 * output:
 *  result      -- set to result which persists until next getopt in
 *                 same thread, unchanged if option not found
 *  len         -- length of result (may be NULL)
 * returns:
 *  SASL_OK     -- no error
 *  SASL_FAIL   -- error
 */
typedef int sasl_getopt_t(void *context, const char *plugin_name,
			  const char *option,
			  const char **result, unsigned *len);
#define SASL_CB_GETOPT       1

/* Logging levels for use with the logging callback function. */
#define SASL_LOG_NONE  0	/* don't log anything */
#define SASL_LOG_ERR   1	/* log unusual errors (default) */
#define SASL_LOG_FAIL  2	/* log all authentication failures */
#define SASL_LOG_WARN  3	/* log non-fatal warnings */
#define SASL_LOG_NOTE  4	/* more verbose than LOG_WARN */
#define SASL_LOG_DEBUG 5	/* more verbose than LOG_NOTE */
#define SASL_LOG_TRACE 6	/* traces of internal protocols */
#define SASL_LOG_PASS  7	/* traces of internal protocols, including
				 * passwords */

/* logging callback -- this allows plugins and the middleware to
 *  log operations they perform.
 * inputs:
 *  context     -- logging context from the callback record
 *  level       -- logging level; see above
 *  message     -- message to log
 * returns:
 *  SASL_OK     -- no error
 *  SASL_FAIL   -- error
 */
typedef int sasl_log_t(void *context,
		       int level,
		       const char *message);
#define SASL_CB_LOG	    2

/* getpath callback -- this allows applications to specify the
 * colon-separated path to search for plugins (by default,
 * taken from an implementation-specific location).
 * inputs:
 *  context     -- getpath context from the callback record
 * outputs:
 *  path	-- colon seperated path
 * returns:
 *  SASL_OK     -- no error
 *  SASL_FAIL   -- error
 */
typedef int sasl_getpath_t(void *context,
			   const char **path);

#define SASL_CB_GETPATH	    3

/* verify file callback -- this allows applications to check if they
 * want SASL to use files, file by file.  This is intended to allow
 * applications to sanity check the environment to make sure plugins
 * or the configuration file can't be written to, etc.
 * inputs: 
 *  context     -- verifypath context from the callback record
 *  file        -- full path to file to verify
 *  type        -- type of file to verify (see below)

 * returns:
 *  SASL_OK        -- no error (file can safely be used)
 *  SASL_CONTINUE  -- continue WITHOUT using this file
 *  SASL_FAIL      -- error 
 */

/* these are the types of files libsasl will ask about */
typedef enum {
    SASL_VRFY_PLUGIN=0,		/* a DLL/shared library plug-in */
    SASL_VRFY_CONF=1,		/* a configuration file */
    SASL_VRFY_PASSWD=2,		/* a password storage file/db */
    SASL_VRFY_OTHER=3		/* some other file */
} sasl_verify_type_t;

typedef int sasl_verifyfile_t(void *context,
                              const char *file, sasl_verify_type_t type);
#define SASL_CB_VERIFYFILE  4

/* getconfpath callback -- this allows applications to specify the
 * colon-separated path to search for config files (by default,
 * taken from the SASL_CONF_PATH environment variable).
 * inputs:
 *  context     -- getconfpath context from the callback record
 * outputs:
 *  path        -- colon seperated path (allocated on the heap; the
 *                 library will free it using the sasl_free_t *
 *                 passed to sasl_set_callback, or the standard free()
 *                 library call).
 * returns:
 *  SASL_OK     -- no error
 *  SASL_FAIL   -- error
 */
typedef int sasl_getconfpath_t(void *context,
                               char **path);

#define SASL_CB_GETCONFPATH  5

/* client/user interaction callbacks:
 */
/* Simple prompt -- result must persist until next call to getsimple on
 *  same connection or until connection context is disposed
 * inputs:
 *  context       -- context from callback structure
 *  id            -- callback id
 * outputs:
 *  result        -- set to NUL terminated string
 *                   NULL = user cancel
 *  len           -- length of result
 * returns SASL_OK
 */
typedef int sasl_getsimple_t(void *context, int id,
			     const char **result, unsigned *len);
#define SASL_CB_USER         0x4001  /* client user identity to login as */
#define SASL_CB_AUTHNAME     0x4002  /* client authentication name */
#define SASL_CB_LANGUAGE     0x4003  /* comma separated list of RFC 1766
			              * language codes in order of preference
				      * to be used to localize client prompts
				      * or server error codes */
#define SASL_CB_CNONCE       0x4007  /* caller supplies client-nonce
				      * primarily for testing purposes */

/* get a sasl_secret_t (plaintext password with length)
 * inputs:
 *  conn          -- connection context
 *  context       -- context from callback structure
 *  id            -- callback id
 * outputs:
 *  psecret       -- set to NULL to cancel
 *                   set to password structure which must persist until
 *                   next call to getsecret in same connection, but middleware
 *                   will erase password data when it's done with it.
 * returns SASL_OK
 */
typedef int sasl_getsecret_t(sasl_conn_t *conn, void *context, int id,
			     sasl_secret_t **psecret);
#define SASL_CB_PASS         0x4004  /* client passphrase-based secret */


/* prompt for input in response to a challenge.
 * input:
 *  context   -- context from callback structure
 *  id        -- callback id
 *  challenge -- server challenge
 * output:
 *  result    -- NUL terminated result, NULL = user cancel
 *  len       -- length of result
 * returns SASL_OK
 */
typedef int sasl_chalprompt_t(void *context, int id,
			      const char *challenge,
			      const char *prompt, const char *defresult,
			      const char **result, unsigned *len);
#define SASL_CB_ECHOPROMPT   0x4005 /* challenge and client enterred result */
#define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */

/* prompt (or autoselect) the realm to do authentication in.
 *  may get a list of valid realms.
 * input:
 *  context     -- context from callback structure
 *  id          -- callback id
 *  availrealms -- available realms; string list; NULL terminated
 *                 list may be empty.
 * output:
 *  result      -- NUL terminated realm; NULL is equivalent to ""
 * returns SASL_OK
 * result must persist until the next callback
 */
typedef int sasl_getrealm_t(void *context, int id,
			    const char **availrealms,
			    const char **result);
#define SASL_CB_GETREALM (0x4008) /* realm to attempt authentication in */

/* server callbacks:
 */

/* improved callback to verify authorization;
 *     canonicalization now handled elsewhere
 *  conn           -- connection context
 *  requested_user -- the identity/username to authorize (NUL terminated)
 *  rlen           -- length of requested_user
 *  auth_identity  -- the identity associated with the secret (NUL terminated)
 *  alen           -- length of auth_identity
 *  default_realm  -- default user realm, as passed to sasl_server_new if
 *  urlen          -- length of default realm
 *  propctx        -- auxiliary properties
 * returns SASL_OK on success,
 *         SASL_NOAUTHZ or other SASL response on failure
 */
typedef int sasl_authorize_t(sasl_conn_t *conn,
			     void *context,
			     const char *requested_user, unsigned rlen,
			     const char *auth_identity, unsigned alen,
			     const char *def_realm, unsigned urlen,
			     struct propctx *propctx);
#define SASL_CB_PROXY_POLICY 0x8001

/* functions for "userdb" based plugins to call to get/set passwords.
 * the location for the passwords is determined by the caller or middleware.
 * plug-ins may get passwords from other locations.
 */

/* callback to verify a plaintext password against the caller-supplied
 * user database.  This is necessary to allow additional <method>s for
 * encoding of the userPassword property.
 *  user          -- NUL terminated user name with user@realm syntax
 *  pass          -- password to check (may not be NUL terminated)
 *  passlen       -- length of password to check
 *  propctx       -- auxiliary properties for user
 */
typedef int sasl_server_userdb_checkpass_t(sasl_conn_t *conn,
					   void *context,
					   const char *user,
					   const char *pass,
					   unsigned passlen,
					   struct propctx *propctx);
#define SASL_CB_SERVER_USERDB_CHECKPASS (0x8005)

/* callback to store/change a plaintext password in the user database
 *  user          -- NUL terminated user name with user@realm syntax
 *  pass          -- password to store (may not be NUL terminated)
 *  passlen       -- length of password to store
 *  propctx       -- auxiliary properties (not stored)
 *  flags         -- see SASL_SET_* flags below (SASL_SET_CREATE optional)
 */
typedef int sasl_server_userdb_setpass_t(sasl_conn_t *conn,
					 void *context,
					 const char *user,
					 const char *pass,
					 unsigned passlen,
					 struct propctx *propctx,
					 unsigned flags);
#define SASL_CB_SERVER_USERDB_SETPASS (0x8006)

/* callback for a server-supplied user canonicalization function.
 *
 * This function is called directly after the mechanism has the
 * authentication and authorization IDs.  It is called before any
 * User Canonicalization plugin is called.  It has the responsibility
 * of copying its output into the provided output buffers.
 * 
 *  in, inlen     -- user name to canonicalize, may not be NUL terminated
 *                   may be same buffer as out
 *  flags         -- not currently used, supplied by auth mechanism
 *  user_realm    -- the user realm (may be NULL in case of client)
 *  out           -- buffer to copy user name
 *  out_max       -- max length of user name
 *  out_len       -- set to length of user name
 *
 * returns
 *  SASL_OK         on success
 *  SASL_BADPROT    username contains invalid character
 */

/* User Canonicalization Function Flags */

#define SASL_CU_NONE    0x00 /* Not a valid flag to pass */
/* One of the following two is required */
#define SASL_CU_AUTHID  0x01
#define SASL_CU_AUTHZID 0x02

/* Combine the following with SASL_CU_AUTHID, if you don't want
   to fail if auxprop returned SASL_NOUSER/SASL_NOMECH. */
#define SASL_CU_EXTERNALLY_VERIFIED 0x04

#define SASL_CU_OVERRIDE	    0x08    /* mapped to SASL_AUXPROP_OVERRIDE */

/* The following CU flags are passed "as is" down to auxprop lookup */
#define SASL_CU_ASIS_MASK	    0xFFF0
/* NOTE: Keep in sync with SASL_AUXPROP_<XXX> flags */
#define SASL_CU_VERIFY_AGAINST_HASH 0x10


typedef int sasl_canon_user_t(sasl_conn_t *conn,
			      void *context,
			      const char *in, unsigned inlen,
			      unsigned flags,
			      const char *user_realm,
			      char *out,
			      unsigned out_max, unsigned *out_len);

#define SASL_CB_CANON_USER (0x8007)

/**********************************
 * Common Client/server functions *
 **********************************/

/* Types of paths to set (see sasl_set_path below). */
#define SASL_PATH_TYPE_PLUGIN	0
#define SASL_PATH_TYPE_CONFIG	1

/* a simpler way to set plugin path or configuration file path
 * without the need to set sasl_getpath_t callback.
 *
 * This function can be called before sasl_server_init/sasl_client_init.
 */  
LIBSASL_API int sasl_set_path (int path_type, char * path);

/* get sasl library version information
 * implementation is a vendor-defined string
 * version is a vender-defined representation of the version #.
 *
 * This function is being deprecated in favor of sasl_version_info. */
LIBSASL_API void sasl_version(const char **implementation,
			      int *version);

/* Extended version of sasl_version().
 *
 * This function is to be used
 *  for library version display and logging
 *  for bug workarounds in old library versions
 *
 * The sasl_version_info is not to be used for API feature detection.
 *
 * All parameters are optional. If NULL is specified, the value is not returned.
 */
LIBSASL_API void sasl_version_info (const char **implementation,
				const char **version_string,
				int *version_major,
				int *version_minor,
				int *version_step,
				int *version_patch);

/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 *
 * This function is DEPRECATED in favour of sasl_server_done/
 * sasl_client_done.
 */
LIBSASL_API void sasl_done(void);

/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 * This function should be called instead of sasl_done(),
   whenever possible.
 */
LIBSASL_API int sasl_server_done(void);

/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 * This function should be called instead of sasl_done(),
   whenever possible.
 */
LIBSASL_API int sasl_client_done(void);

/* dispose connection state, sets it to NULL
 *  checks for pointer to NULL
 */
LIBSASL_API void sasl_dispose(sasl_conn_t **pconn);

/* translate an error number into a string
 * input:
 *  saslerr  -- the error number
 *  langlist -- comma separated list of RFC 1766 languages (may be NULL)
 * results:
 *  outlang  -- the language actually used (may be NULL if don't care)
 * returns:
 *  the error message in UTF-8 (only the US-ASCII subset if langlist is NULL)
 */
LIBSASL_API const char *sasl_errstring(int saslerr,
				       const char *langlist,
				       const char **outlang);

/* get detail about the last error that occurred on a connection
 * text is sanitized so it's suitable to send over the wire
 * (e.g., no distinction between SASL_BADAUTH and SASL_NOUSER)
 * input:
 *  conn          -- mandatory connection context
 * returns:
 *  the error message in UTF-8 (only the US-ASCII subset permitted if no
 *  SASL_CB_LANGUAGE callback is present)
 */
LIBSASL_API const char *sasl_errdetail(sasl_conn_t *conn);

/* set the error string which will be returned by sasl_errdetail() using
 *  syslog()-style formatting (e.g. printf-style with %m as most recent
 *  errno error)
 *
 *  primarily for use by server callbacks such as the sasl_authorize_t
 *  callback and internally to plug-ins
 *
 * This will also trigger a call to the SASL logging callback (if any)
 * with a level of SASL_LOG_FAIL unless the SASL_NOLOG flag is set.
 *
 * Messages should be sensitive to the current language setting.  If there
 * is no SASL_CB_LANGUAGE callback messages MUST be US-ASCII otherwise UTF-8
 * is used and use of RFC 2482 for mixed-language text is encouraged.
 *
 * if conn is NULL, function does nothing
 */
LIBSASL_API void sasl_seterror(sasl_conn_t *conn, unsigned flags,
			       const char *fmt, ...);
#define SASL_NOLOG       0x01
			   
/* get property from SASL connection state
 *  propnum       -- property number
 *  pvalue        -- pointer to value
 * returns:
 *  SASL_OK       -- no error
 *  SASL_NOTDONE  -- property not available yet
 *  SASL_BADPARAM -- bad property number
 */
LIBSASL_API int sasl_getprop(sasl_conn_t *conn, int propnum,
			     const void **pvalue);
#define SASL_USERNAME     0	/* pointer to NUL terminated user name */
#define SASL_SSF          1	/* security layer security strength factor,
                                 * if 0, call to sasl_encode, sasl_decode
                                 * unnecessary */
#define SASL_MAXOUTBUF    2     /* security layer max output buf unsigned */  
#define SASL_DEFUSERREALM 3	/* default realm passed to server_new */
				/* or set with setprop */
#define SASL_GETOPTCTX    4	/* context for getopt callback */
#define SASL_CALLBACK     7	/* current callback function list */
#define SASL_IPLOCALPORT  8	/* iplocalport string passed to server_new */
#define SASL_IPREMOTEPORT 9	/* ipremoteport string passed to server_new */

/* This returns a string which is either empty or has an error message
 * from sasl_seterror (e.g., from a plug-in or callback).  It differs
 * from the result of sasl_errdetail() which also takes into account the
 * last return status code.
 */
#define SASL_PLUGERR     10

/* a handle to any delegated credentials or NULL if none is present 
 * is returned by the mechanism. The user will probably need to know
 * which mechanism was used to actually known how to make use of them
 * currently only implemented for the gssapi mechanism */
#define SASL_DELEGATEDCREDS 11

#define SASL_SERVICE      12	/* service passed to sasl_*_new */
#define SASL_SERVERFQDN   13	/* serverFQDN passed to sasl_*_new */
#define SASL_AUTHSOURCE   14	/* name of auth source last used, useful
				 * for failed authentication tracking */
#define SASL_MECHNAME     15    /* active mechanism name, if any */
#define SASL_AUTHUSER     16    /* authentication/admin user */
#define SASL_APPNAME	  17	/* application name (used for logging/
				   configuration), same as appname parameter
				   to sasl_server_init */

/* GSS-API credential handle for sasl_client_step() or sasl_server_step().
 * The application is responsible for releasing this credential handle. */
#define	SASL_GSS_CREDS	  18

/* GSS name (gss_name_t) of the peer, as output by gss_inquire_context()
 * or gss_accept_sec_context().
 * On server end this is similar to SASL_USERNAME, but the gss_name_t
 * structure can contain additional attributes associated with the peer.
 */
#define	SASL_GSS_PEER_NAME	19

/* Local GSS name (gss_name_t) as output by gss_inquire_context(). This
 * is particularly useful for servers that respond to multiple names. */
#define	SASL_GSS_LOCAL_NAME	20

/* Channel binding information. Memory is managed by the caller. */
typedef struct sasl_channel_binding {
    const char *name;
    int critical;
    unsigned long len;
    const unsigned char *data;
} sasl_channel_binding_t;

#define SASL_CHANNEL_BINDING    21

/* HTTP Request (RFC 2616) - ONLY used for HTTP Digest Auth (RFC 2617) */
typedef struct sasl_http_request {
    const char *method;			/* HTTP Method */
    const char *uri;			/* request-URI */
    const unsigned char *entity;	/* entity-body */
    unsigned long elen;			/* entity-body length */
    unsigned non_persist;		/* Is it a non-persistent connection? */
} sasl_http_request_t;

#define SASL_HTTP_REQUEST	22

/* set property in SASL connection state
 * returns:
 *  SASL_OK       -- value set
 *  SASL_BADPARAM -- invalid property or value
 */
LIBSASL_API int sasl_setprop(sasl_conn_t *conn,
			     int propnum,
			     const void *value);
#define SASL_SSF_EXTERNAL  100	/* external SSF active (sasl_ssf_t *) */
#define SASL_SEC_PROPS     101	/* sasl_security_properties_t */
#define SASL_AUTH_EXTERNAL 102	/* external authentication ID (const char *) */

/* If the SASL_AUTH_EXTERNAL value is non-NULL, then a special version of the
 * EXTERNAL mechanism is enabled (one for server-embedded EXTERNAL mechanisms).
 * Otherwise, the EXTERNAL mechanism will be absent unless a plug-in
 * including EXTERNAL is present.
 */

/* do precalculations during an idle period or network round trip
 *  may pass NULL to precompute for some mechanisms prior to connect
 *  returns 1 if action taken, 0 if no action taken
 */
LIBSASL_API int sasl_idle(sasl_conn_t *conn);

/**************
 * Client API *
 **************/

/* list of client interactions with user for caller to fill in
 */
typedef struct sasl_interact {
    unsigned long id;		/* same as client/user callback ID */
    const char *challenge;	/* presented to user (e.g. OTP challenge) */
    const char *prompt;		/* presented to user (e.g. "Username: ") */
    const char *defresult;	/* default result string */
    const void *result;		/* set to point to result */
    unsigned len;		/* set to length of result */
} sasl_interact_t;

/* initialize the SASL client drivers
 *  callbacks      -- base callbacks for all client connections;
 *                    must include getopt callback
 * returns:
 *  SASL_OK        -- Success
 *  SASL_NOMEM     -- Not enough memory
 *  SASL_BADVERS   -- Mechanism version mismatch
 *  SASL_BADPARAM  -- missing getopt callback or error in config file
 *  SASL_NOMECH    -- No mechanisms available
 *  ...
 */
LIBSASL_API int sasl_client_init(const sasl_callback_t *callbacks);

/* initialize a client exchange based on the specified mechanism
 *  service       -- registered name of the service using SASL (e.g. "imap")
 *  serverFQDN    -- the fully qualified domain name of the server
 *  iplocalport   -- client IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  ipremoteport  -- server IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  prompt_supp   -- list of client interactions supported
 *                   may also include sasl_getopt_t context & call
 *                   NULL prompt_supp = user/pass via SASL_INTERACT only
 *                   NULL proc = interaction supported via SASL_INTERACT
 *  flags         -- server usage flags (see above)
 * in/out:
 *  pconn         -- connection negotiation structure
 *                   pointer to NULL => allocate new
 *
 * Returns:
 *  SASL_OK       -- success
 *  SASL_NOMECH   -- no mechanism meets requested properties
 *  SASL_NOMEM    -- not enough memory
 */
LIBSASL_API int sasl_client_new(const char *service,
				const char *serverFQDN,
				const char *iplocalport,
				const char *ipremoteport,
				const sasl_callback_t *prompt_supp,
				unsigned flags,
				sasl_conn_t **pconn);

/* select a mechanism for a connection
 *  mechlist      -- mechanisms server has available (punctuation ignored)
 *                   if NULL, then discard cached info and retry last mech
 * output:
 *  prompt_need   -- on SASL_INTERACT, list of prompts needed to continue
 *                   may be NULL if callbacks provided
 *  clientout     -- the initial client response to send to the server
 *                   will be valid until next call to client_start/client_step
 *                   NULL if mech doesn't include initial client challenge
 *  mech          -- set to mechansm name of selected mechanism (may be NULL)
 *
 * Returns:
 *  SASL_OK       -- success
 *  SASL_NOMEM    -- not enough memory
 *  SASL_NOMECH   -- no mechanism meets requested properties
 *  SASL_INTERACT -- user interaction needed to fill in prompt_need list
 */
LIBSASL_API int sasl_client_start(sasl_conn_t *conn,
				  const char *mechlist,
				  sasl_interact_t **prompt_need,
				  const char **clientout,
				  unsigned *clientoutlen,
				  const char **mech);

/* do a single authentication step.
 *  serverin    -- the server message received by the client, MUST have a NUL
 *                 sentinel, not counted by serverinlen
 * output:
 *  prompt_need -- on SASL_INTERACT, list of prompts needed to continue
 *  clientout   -- the client response to send to the server
 *                 will be valid until next call to client_start/client_step
 *
 * returns:
 *  SASL_OK        -- success
 *  SASL_INTERACT  -- user interaction needed to fill in prompt_need list
 *  SASL_BADPROT   -- server protocol incorrect/cancelled
 *  SASL_BADSERV   -- server failed mutual auth
 */
LIBSASL_API int sasl_client_step(sasl_conn_t *conn,
				 const char *serverin,
				 unsigned serverinlen,
				 sasl_interact_t **prompt_need,
				 const char **clientout,
				 unsigned *clientoutlen);

/**************
 * Server API *
 **************/

/* initialize server drivers, done once per process
 *  callbacks      -- callbacks for all server connections; must include
 *                    getopt callback
 *  appname        -- name of calling application (for lower level logging)
 * results:
 *  state          -- server state
 * returns:
 *  SASL_OK        -- success
 *  SASL_BADPARAM  -- error in config file
 *  SASL_NOMEM     -- memory failure
 *  SASL_BADVERS   -- Mechanism version mismatch
 */
LIBSASL_API int sasl_server_init(const sasl_callback_t *callbacks,
				 const char *appname);

/* IP/port syntax:
 *  a.b.c.d;p              where a-d are 0-255 and p is 0-65535 port number.
 *  e:f:g:h:i:j:k:l;p      where e-l are 0000-ffff lower-case hexidecimal
 *  e:f:g:h:i:j:a.b.c.d;p  alternate syntax for previous
 *
 *  Note that one or more "0" fields in f-k can be replaced with "::"
 *  Thus:                 e:f:0000:0000:0000:j:k:l;p
 *  can be abbreviated:   e:f::j:k:l;p
 *
 * A buffer of size 52 is adequate for the longest format with NUL terminator.
 */

/* create context for a single SASL connection
 *  service        -- registered name of the service using SASL (e.g. "imap")
 *  serverFQDN     -- Fully qualified domain name of server.  NULL means use
 *                    gethostname() or equivalent.
 *                    Useful for multi-homed servers.
 *  user_realm     -- permits multiple user realms on server, NULL = default
 *  iplocalport    -- server IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  ipremoteport   -- client IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  callbacks      -- callbacks (e.g., authorization, lang, new getopt context)
 *  flags          -- usage flags (see above)
 * returns:
 *  pconn          -- new connection context
 *
 * returns:
 *  SASL_OK        -- success
 *  SASL_NOMEM     -- not enough memory
 */
LIBSASL_API int sasl_server_new(const char *service,
				const char *serverFQDN,
				const char *user_realm,
				const char *iplocalport,
				const char *ipremoteport,
				const sasl_callback_t *callbacks,
				unsigned flags,
				sasl_conn_t **pconn);

/* Return an array of NUL-terminated strings, terminated by a NULL pointer,
 * which lists all possible mechanisms that the library can supply
 *
 * Returns NULL on failure. */
LIBSASL_API const char ** sasl_global_listmech(void);

/* This returns a list of mechanisms in a NUL-terminated string
 *  conn          -- the connection to list mechanisms for (either client
 *                   or server)
 *  user          -- restricts mechanisms to those available to that user
 *                   (may be NULL, not used for client case)
 *  prefix        -- appended to beginning of result
 *  sep           -- appended between mechanisms
 *  suffix        -- appended to end of result
 * results:
 *  result        -- NUL terminated result which persists until next
 *                   call to sasl_listmech for this sasl_conn_t
 *  plen          -- gets length of result (excluding NUL), may be NULL
 *  pcount        -- gets number of mechanisms, may be NULL
 *
 * returns:
 *  SASL_OK        -- success
 *  SASL_NOMEM     -- not enough memory
 *  SASL_NOMECH    -- no enabled mechanisms
 */
LIBSASL_API int sasl_listmech(sasl_conn_t *conn,
			      const char *user,
			      const char *prefix,
			      const char *sep,
			      const char *suffix,
			      const char **result,
			      unsigned *plen,
			      int *pcount);

/* start a mechanism exchange within a connection context
 *  mech           -- the mechanism name client requested
 *  clientin       -- client initial response (NUL terminated), NULL if empty
 *  clientinlen    -- length of initial response
 *  serverout      -- initial server challenge, NULL if done 
 *                    (library handles freeing this string)
 *  serveroutlen   -- length of initial server challenge
 * output:
 *  pconn          -- the connection negotiation state on success
 *
 * Same returns as sasl_server_step() or
 * SASL_NOMECH if mechanism not available.
 */
LIBSASL_API int sasl_server_start(sasl_conn_t *conn,
				  const char *mech,
				  const char *clientin,
				  unsigned clientinlen,
				  const char **serverout,
				  unsigned *serveroutlen);

/* perform one step of the SASL exchange
 *  inputlen & input -- client data
 *                      NULL on first step if no optional client step
 *  outputlen & output -- set to the server data to transmit
 *                        to the client in the next step
 *                        (library handles freeing this)
 *
 * returns:
 *  SASL_OK        -- exchange is complete.
 *  SASL_CONTINUE  -- indicates another step is necessary.
 *  SASL_TRANS     -- entry for user exists, but not for mechanism
 *                    and transition is possible
 *  SASL_BADPARAM  -- service name needed
 *  SASL_BADPROT   -- invalid input from client
 *  ...
 */
LIBSASL_API int sasl_server_step(sasl_conn_t *conn,
				 const char *clientin,
				 unsigned clientinlen,
				 const char **serverout,
				 unsigned *serveroutlen);

/* check if an apop exchange is valid
 *  (note this is an optional part of the SASL API)
 *  if challenge is NULL, just check if APOP is enabled
 * inputs:
 *  challenge     -- challenge which was sent to client
 *  challen       -- length of challenge, 0 = strlen(challenge)
 *  response      -- client response, "<user> <digest>" (RFC 1939)
 *  resplen       -- length of response, 0 = strlen(response)
 * returns 
 *  SASL_OK       -- success
 *  SASL_BADAUTH  -- authentication failed
 *  SASL_BADPARAM -- missing challenge
 *  SASL_BADPROT  -- protocol error (e.g., response in wrong format)
 *  SASL_NOVERIFY -- user found, but no verifier
 *  SASL_NOMECH   -- mechanism not supported
 *  SASL_NOUSER   -- user not found
 */
LIBSASL_API int sasl_checkapop(sasl_conn_t *conn,
			       const char *challenge, unsigned challen,
			       const char *response, unsigned resplen);

/* check if a plaintext password is valid
 *   if user is NULL, check if plaintext passwords are enabled
 * inputs:
 *  user          -- user to query in current user_domain
 *  userlen       -- length of username, 0 = strlen(user)
 *  pass          -- plaintext password to check
 *  passlen       -- length of password, 0 = strlen(pass)
 * returns 
 *  SASL_OK       -- success
 *  SASL_NOMECH   -- mechanism not supported
 *  SASL_NOVERIFY -- user found, but no verifier
 *  SASL_NOUSER   -- user not found
 */
LIBSASL_API int sasl_checkpass(sasl_conn_t *conn,
			       const char *user, unsigned userlen,
			       const char *pass, unsigned passlen);

/* check if a user exists on server
 *  conn          -- connection context
 *  service       -- registered name of the service using SASL (e.g. "imap")
 *  user_realm    -- permits multiple user realms on server, NULL = default
 *  user          -- NUL terminated user name
 *
 * returns:
 *  SASL_OK       -- success
 *  SASL_DISABLED -- account disabled
 *  SASL_NOUSER   -- user not found
 *  SASL_NOVERIFY -- user found, but no usable mechanism
 *  SASL_NOMECH   -- no mechanisms enabled
 *  SASL_UNAVAIL  -- remote authentication server unavailable, try again later
 */
LIBSASL_API int sasl_user_exists(sasl_conn_t *conn,
				 const char *service,
				 const char *user_realm,
				 const char *user);

/* set the password for a user
 *  conn        -- SASL connection
 *  user        -- user name
 *  pass        -- plaintext password, may be NULL to remove user
 *  passlen     -- length of password, 0 = strlen(pass)
 *  oldpass     -- NULL will sometimes work
 *  oldpasslen  -- length of password, 0 = strlen(oldpass)
 *  flags       -- see flags below
 * 
 * returns:
 *  SASL_NOCHANGE  -- proper entry already exists
 *  SASL_NOMECH    -- no authdb supports password setting as configured
 *  SASL_NOVERIFY  -- user exists, but no settable password present
 *  SASL_DISABLED  -- account disabled
 *  SASL_PWLOCK    -- password locked
 *  SASL_WEAKPASS  -- password too weak for security policy
 *  SASL_NOUSERPASS -- user-supplied passwords not permitted
 *  SASL_FAIL      -- OS error
 *  SASL_BADPARAM  -- password too long
 *  SASL_OK        -- successful
 */
LIBSASL_API int sasl_setpass(sasl_conn_t *conn,
			     const char *user,
			     const char *pass, unsigned passlen,
			     const char *oldpass, unsigned oldpasslen,
			     unsigned flags);
#define SASL_SET_CREATE  0x01   /* create a new entry for user */
#define SASL_SET_DISABLE 0x02	/* disable user account */
#define SASL_SET_NOPLAIN 0x04	/* do not store secret in plain text */
#define SASL_SET_CURMECH_ONLY 0x08	/* set the mechanism specific password only.
					   fail if no current mechanism */

/*********************************************************
 * Auxiliary Property Support -- added by cjn 1999-09-29 *
 *********************************************************/

#define SASL_AUX_END      NULL	/* last auxiliary property */

#define SASL_AUX_ALL "*" /* A special flag to signal user deletion */

/* traditional Posix items (should be implemented on Posix systems) */
#define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */
#define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of authid) */
#define SASL_AUX_UIDNUM   "uidNumber"	/* UID number for the user */
#define SASL_AUX_GIDNUM   "gidNumber"	/* GID for the user */
#define SASL_AUX_FULLNAME "gecos"	/* full name of the user, unix-style */
#define SASL_AUX_HOMEDIR  "homeDirectory" /* home directory for user */
#define SASL_AUX_SHELL    "loginShell"	/* login shell for the user */

/* optional additional items (not necessarily implemented) */
/* single preferred mail address for user canonically-quoted
 * RFC821/822 syntax */
#define SASL_AUX_MAILADDR "mail"
/* path to unix-style mailbox for user */
#define SASL_AUX_UNIXMBX  "mailMessageStore"
/* SMTP mail channel name to use if user authenticates successfully */
#define SASL_AUX_MAILCHAN "mailSMTPSubmitChannel"

/* Request a set of auxiliary properties
 *  conn         connection context
 *  propnames    list of auxiliary property names to request ending with
 *               NULL.  
 *
 * Subsequent calls will add items to the request list.  Call with NULL
 * to clear the request list.
 *
 * errors
 *  SASL_OK       -- success
 *  SASL_BADPARAM -- bad count/conn parameter
 *  SASL_NOMEM    -- out of memory
 */
LIBSASL_API int sasl_auxprop_request(sasl_conn_t *conn,
				     const char **propnames);

/* Returns current auxiliary property context.
 * Use functions in prop.h to access content
 *
 *  if authentication hasn't completed, property values may be empty/NULL
 *
 *  properties not recognized by active plug-ins will be left empty/NULL
 *
 *  returns NULL if conn is invalid.
 */
LIBSASL_API struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn);

/* Store the set of auxiliary properties for the given user.
 * Use functions in prop.h to set the content.
 *
 *  conn         connection context
 *  ctx          property context from prop_new()/prop_request()/prop_set()
 *  user         NUL terminated user
 *
 * Call with NULL 'ctx' to see if the backend allows storing properties.
 *
 * errors
 *  SASL_OK       -- success
 *  SASL_NOMECH   -- can not store some/all properties
 *  SASL_BADPARAM -- bad conn/ctx/user parameter
 *  SASL_NOMEM    -- out of memory
 *  SASL_FAIL     -- failed to store
 */
LIBSASL_API int sasl_auxprop_store(sasl_conn_t *conn,
				   struct propctx *ctx, const char *user);

/**********************
 * security layer API *
 **********************/

/* encode a block of data for transmission using security layer,
 *  returning the input buffer if there is no security layer.
 *  output is only valid until next call to sasl_encode or sasl_encodev
 * returns:
 *  SASL_OK      -- success (returns input if no layer negotiated)
 *  SASL_NOTDONE -- security layer negotiation not finished
 *  SASL_BADPARAM -- inputlen is greater than the SASL_MAXOUTBUF
 */
LIBSASL_API int sasl_encode(sasl_conn_t *conn,
			    const char *input, unsigned inputlen,
			    const char **output, unsigned *outputlen);

/* encode a block of data for transmission using security layer
 *  output is only valid until next call to sasl_encode or sasl_encodev
 * returns:
 *  SASL_OK      -- success (returns input if no layer negotiated)
 *  SASL_NOTDONE -- security layer negotiation not finished
 *  SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF
 *		     or no security layer
 */
LIBSASL_API int sasl_encodev(sasl_conn_t *conn,
			     const struct iovec *invec, unsigned numiov,
			     const char **output, unsigned *outputlen);

/* decode a block of data received using security layer
 *  returning the input buffer if there is no security layer.
 *  output is only valid until next call to sasl_decode
 *
 *  if outputlen is 0 on return, than the value of output is undefined.
 *  
 * returns:
 *  SASL_OK      -- success (returns input if no layer negotiated)
 *  SASL_NOTDONE -- security layer negotiation not finished
 *  SASL_BADMAC  -- bad message integrity check
 */
LIBSASL_API int sasl_decode(sasl_conn_t *conn,
			    const char *input, unsigned inputlen,
			    const char **output, unsigned *outputlen);

#ifdef __cplusplus
}
#endif

#endif /* SASL_H */

Youez - 2016 - github.com/yon3zu
LinuXploit