├── .github └── dco.yml ├── .gitignore ├── .indent.pro ├── .travis.yml ├── AUTHORS ├── CONTRIBUTING.md ├── COPYING ├── ChangeLog ├── INSTALL.TXT ├── Makefile.am ├── NTMakefile ├── README ├── README.GS2 ├── README.ldapdb ├── README.md ├── README.release ├── appveyor.yml ├── autogen.sh ├── common ├── Makefile.am ├── crypto-compat.c ├── crypto-compat.h ├── plugin_common.c └── plugin_common.h ├── config ├── .gitignore ├── Info.plist └── sasl.spec ├── configure.ac ├── contrib ├── README ├── change-sasldb2-realm.py ├── cyrus-sasl-1.5.24-ltdl.patches ├── cyrus-sasl-2.1-upgrade.h ├── cyrus-sasl-libltdl ├── pwcheck-pam.patch ├── saslauthd-unix.pl ├── securid.patches ├── stripplus_canonuser.patch └── tclsasl │ ├── README │ ├── doc │ ├── tclsasl.html │ └── tclsasl.xml │ ├── tcl │ ├── Makefile.am │ ├── tclsasl.c │ └── test.tcl │ └── tclsasl.patch ├── dlcompat-20010505 ├── APPLE_LICENSE ├── ChangeLog ├── Makefile ├── README ├── dlfcn.h └── dlopen.c ├── doc └── legacy │ ├── Makefile.am │ ├── NTMakefile │ ├── TODO │ ├── advanced.html │ ├── appconvert.html │ ├── components.html │ ├── gssapi.html │ ├── index.html │ ├── install.html │ ├── macosx.html │ ├── mechanisms.html │ ├── options.html │ ├── os390.html │ ├── plugprog.html │ ├── programming.html │ ├── readme.html │ ├── server-plugin-flow.fig │ ├── sysadmin.html │ ├── testing.txt │ ├── upgrading.html │ └── windows.html ├── docsrc ├── Makefile ├── _static │ ├── cyrus.css │ ├── event_notifications │ │ ├── AclChange.json │ │ ├── ApplePushService.json │ │ ├── CalendarAlarm.json │ │ ├── FlagsClear.json │ │ ├── FlagsSet.json │ │ ├── Login.json │ │ ├── Logout.json │ │ ├── MailboxCreate.json │ │ ├── MailboxDelete.json │ │ ├── MailboxRename.json │ │ ├── MailboxSubscribe.json │ │ ├── MailboxUnSubscribe.json │ │ ├── MessageAppend.json │ │ ├── MessageCopy.json │ │ ├── MessageExpunge.json │ │ ├── MessageMove.json │ │ ├── MessageNew.json │ │ ├── MessageRead.json │ │ ├── MessageTrash.json │ │ ├── QuotaChange.json │ │ ├── QuotaExceed.json │ │ └── QuotaWithin.json │ └── headimg.gif ├── _templates │ └── layout.html ├── conf.py ├── developer.rst ├── download.rst ├── exts │ └── sphinxlocal │ │ ├── __init__.py │ │ └── roles │ │ ├── __init__.py │ │ └── saslman.py ├── getsasl.rst ├── index.rst ├── operations.rst ├── packager.rst ├── sasl │ ├── advanced.rst │ ├── appconvert.rst │ ├── authentication_mechanisms.rst │ ├── auxiliary_properties.rst │ ├── components.rst │ ├── concepts.rst │ ├── developer │ │ ├── installation.rst │ │ ├── plugprog.rst │ │ ├── programming.rst │ │ └── testing.rst │ ├── faq.rst │ ├── faqs │ │ ├── authorize-vs-authenticate.rst │ │ ├── openldap-sasl-gssapi.rst │ │ ├── plaintextpasswords.rst │ │ ├── rfcs.rst │ │ └── scram.rst │ ├── gssapi.rst │ ├── installation.rst │ ├── macosx.rst │ ├── manpages.rst │ ├── options.rst │ ├── os390.rst │ ├── pwcheck.rst │ ├── quickstart.rst │ ├── reference │ │ └── manpages │ │ │ ├── library │ │ │ ├── sasl.rst │ │ │ ├── sasl_authorize_t.rst │ │ │ ├── sasl_auxprop.rst │ │ │ ├── sasl_auxprop_add_plugin.rst │ │ │ ├── sasl_auxprop_getctx.rst │ │ │ ├── sasl_auxprop_request.rst │ │ │ ├── sasl_callbacks.rst │ │ │ ├── sasl_canon_user_t.rst │ │ │ ├── sasl_canonuser_add_plugin.rst │ │ │ ├── sasl_chalprompt_t.rst │ │ │ ├── sasl_checkapop.rst │ │ │ ├── sasl_checkpass.rst │ │ │ ├── sasl_client_add_plugin.rst │ │ │ ├── sasl_client_done.rst │ │ │ ├── sasl_client_init.rst │ │ │ ├── sasl_client_new.rst │ │ │ ├── sasl_client_plug_init_t.rst │ │ │ ├── sasl_client_start.rst │ │ │ ├── sasl_client_step.rst │ │ │ ├── sasl_decode.rst │ │ │ ├── sasl_decode64.rst │ │ │ ├── sasl_dispose.rst │ │ │ ├── sasl_done.rst │ │ │ ├── sasl_encode.rst │ │ │ ├── sasl_encode64.rst │ │ │ ├── sasl_encodev.rst │ │ │ ├── sasl_erasebuffer.rst │ │ │ ├── sasl_errdetail.rst │ │ │ ├── sasl_errors.rst │ │ │ ├── sasl_errstring.rst │ │ │ ├── sasl_getcallback_t.rst │ │ │ ├── sasl_getconfpath_t.rst │ │ │ ├── sasl_getopt_t.rst │ │ │ ├── sasl_getpath_t.rst │ │ │ ├── sasl_getprop.rst │ │ │ ├── sasl_getrealm_t.rst │ │ │ ├── sasl_getsecret_t.rst │ │ │ ├── sasl_getsimple_t.rst │ │ │ ├── sasl_global_listmech.rst │ │ │ ├── sasl_idle.rst │ │ │ ├── sasl_listmech.rst │ │ │ ├── sasl_log_t.rst │ │ │ ├── sasl_server_add_plugin.rst │ │ │ ├── sasl_server_done.rst │ │ │ ├── sasl_server_init.rst │ │ │ ├── sasl_server_new.rst │ │ │ ├── sasl_server_plug_init_t.rst │ │ │ ├── sasl_server_start.rst │ │ │ ├── sasl_server_step.rst │ │ │ ├── sasl_server_userdb_checkpass_t.rst │ │ │ ├── sasl_server_userdb_setpass_t.rst │ │ │ ├── sasl_set_alloc.rst │ │ │ ├── sasl_set_mutex.rst │ │ │ ├── sasl_seterror.rst │ │ │ ├── sasl_setpass.rst │ │ │ ├── sasl_setprop.rst │ │ │ ├── sasl_user_exists.rst │ │ │ ├── sasl_usererr.rst │ │ │ ├── sasl_utf8verify.rst │ │ │ └── sasl_verifyfile_t.rst │ │ │ └── template.rst │ ├── release-notes │ │ ├── 1 │ │ │ └── index.rst │ │ ├── 2.0 │ │ │ └── index.rst │ │ ├── 2.1 │ │ │ └── index.rst │ │ └── index.rst │ ├── resources.rst │ ├── sysadmin.rst │ ├── upgrading.rst │ └── windows.rst ├── setup.rst └── support.rst ├── include ├── .gitignore ├── Makefile.am ├── NTMakefile ├── exits.h ├── gai.h ├── prop.h ├── sasl.h ├── saslplug.h └── saslutil.h ├── lib ├── .gitignore ├── Makefile.am ├── NTMakefile ├── auxprop.c ├── canonusr.c ├── checkpw.c ├── client.c ├── common.c ├── config.c ├── dlopen.c ├── external.c ├── getaddrinfo.c ├── getnameinfo.c ├── getsubopt.c ├── libsasl2.map ├── saslint.h ├── saslutil.c ├── server.c ├── seterror.c ├── snprintf.c ├── staticopen.h └── windlopen.c ├── libsasl2.pc.in ├── m4 ├── ax_prog_cc_for_build.m4 ├── ax_prog_perl_modules.m4 ├── ax_pthread.m4 ├── bsd_sockets.m4 ├── common.m4 ├── cyrus.m4 ├── ipv6.m4 ├── ld-version-script.m4 ├── openldap.m4 ├── openssl.m4 ├── plain.m4 ├── sasl2.m4 └── sasldb.m4 ├── mac ├── CommonKClient │ ├── KClientPublic.h │ ├── mac_kclient │ │ ├── KClient.c │ │ ├── KClient.h │ │ ├── KrbDriver.h │ │ ├── kcglue_des.c │ │ ├── kcglue_des.h │ │ ├── kcglue_krb.c │ │ ├── kcglue_krb.h │ │ ├── macKClientPublic.h │ │ └── mac_krb_lib1.c │ └── mac_kclient3 │ │ ├── Headers │ │ ├── CredentialsCache │ │ │ ├── CredentialsCache.h │ │ │ └── CredentialsCache2.h │ │ ├── GSS │ │ │ ├── GSS.h │ │ │ ├── gssapi.h │ │ │ └── gssapi_krb5.h │ │ ├── KClient │ │ │ ├── KClient.h │ │ │ └── KClientTypes.h │ │ ├── KClientCompat │ │ │ └── KClientCompat.h │ │ ├── KClientDeprecated │ │ │ └── KClientDeprecated.h │ │ ├── Kerberos │ │ │ └── Kerberos.h │ │ ├── Kerberos4 │ │ │ ├── Kerberos4.h │ │ │ └── krb.h │ │ ├── Kerberos5 │ │ │ ├── Kerberos5.h │ │ │ ├── krb5.h │ │ │ └── win-mac.h │ │ ├── KerberosComErr │ │ │ ├── KerberosComErr.h │ │ │ └── com_err.h │ │ ├── KerberosDES │ │ │ ├── KerberosDES.h │ │ │ └── des.h │ │ ├── KerberosLogin │ │ │ ├── KLLoginLogoutNotification.h │ │ │ ├── KLPrincipalTranslation.h │ │ │ └── KerberosLogin.h │ │ ├── KerberosManager │ │ │ └── KerberosManagerLib.h │ │ ├── KerberosPreferences │ │ │ └── KerberosPreferences.h │ │ ├── KerberosProfile │ │ │ ├── KerberosProfile.h │ │ │ └── profile.h │ │ ├── KerberosSupport │ │ │ ├── ErrorLib.h │ │ │ ├── ErrorList.r │ │ │ ├── Idle.h │ │ │ ├── KerberosConditionalMacros.h │ │ │ ├── KerberosSupport.h │ │ │ ├── ShlibDriver.h │ │ │ ├── SocketErrors.h │ │ │ ├── Sockets.h │ │ │ ├── Utilities.h │ │ │ ├── hesiod.h │ │ │ ├── netdb.h │ │ │ └── pwd.h │ │ └── TicketKeeper │ │ │ ├── TicketKeeper.h │ │ │ └── TicketKeeperMenuStateProtocol.h │ │ ├── kcglue_des.c │ │ ├── kcglue_des.h │ │ ├── kcglue_krb.c │ │ ├── kcglue_krb.h │ │ ├── mac_krb_lib1.c │ │ └── saslk4.h ├── README.filetypes ├── build_plugins │ ├── build_plugins │ └── build_plugins.Carbon ├── include │ ├── config.h │ ├── extra_krb.h │ ├── netinet │ │ └── in.h │ ├── parse_cmd_line.h │ ├── sasl_anonymous_plugin_decl.h │ ├── sasl_kerberos4_plugin_decl.h │ ├── sasl_mac_krb_locl.h │ ├── sasl_plain_plugin_decl.h │ └── sasl_plugin_decl.h ├── kerberos_includes │ ├── conf-svsparc.h │ ├── conf.h │ ├── error_table.h │ ├── kerberos │ │ ├── des.h │ │ ├── des.h.unix │ │ └── mit-copyright.h │ ├── klog.h │ ├── kparse.h │ ├── krb-protos.h │ ├── krb.h │ ├── krb_conf.h │ ├── ktypes.h │ ├── lsb_addr_comp.h │ ├── mit-sipb-copyright.h │ ├── old_krb.h │ ├── osconf.h │ └── prot.h ├── krb4_sources │ ├── krb-archaeology.h │ ├── krb-protos.h │ ├── krb.h │ ├── lsb_addr_comp.c │ ├── mk_auth.c │ ├── mk_priv.c │ ├── mk_req.c │ ├── mk_safe.c │ ├── rd_priv.c │ ├── rd_safe.c │ └── rw.c ├── libsasl │ ├── libsasl │ ├── libsasl.Carbon │ ├── libsasl.Carbon.exp │ ├── libsasl.exp │ ├── libsasl_prefix.h │ └── libsasl_prefix_carbon.h ├── mac_lib │ ├── getopt.c │ ├── mac_dyn_dlopen.c │ ├── mac_monolithic_dlopen.c │ ├── parse_cmd_line.c │ ├── xxx_client_mac_lib.c │ ├── xxx_mac_lib.c │ └── yyy_mac_lib.c ├── osx_cfm_glue │ ├── cfmglue.c │ ├── cfmglue.h │ ├── cfmglue.proj │ └── cfmglue.proj.exp ├── readme │ └── mac_testing_notes.c └── sc_shlb │ ├── sc_shlb │ ├── sc_shlb.Carbon │ ├── sc_shlb.mono │ ├── sc_shlb.rsrc.sit.hqx │ └── sc_shlb_carbon.h ├── man └── legacy │ ├── Makefile.am │ ├── sasl.3 │ ├── sasl_authorize_t.3 │ ├── sasl_auxprop.3 │ ├── sasl_auxprop_getctx.3 │ ├── sasl_auxprop_request.3 │ ├── sasl_callbacks.3 │ ├── sasl_canon_user_t.3 │ ├── sasl_chalprompt_t.3 │ ├── sasl_checkapop.3 │ ├── sasl_checkpass.3 │ ├── sasl_client_init.3 │ ├── sasl_client_new.3 │ ├── sasl_client_start.3 │ ├── sasl_client_step.3 │ ├── sasl_decode.3 │ ├── sasl_dispose.3 │ ├── sasl_done.3 │ ├── sasl_encode.3 │ ├── sasl_encodev.3 │ ├── sasl_errdetail.3 │ ├── sasl_errors.3 │ ├── sasl_errstring.3 │ ├── sasl_getconfpath_t.3 │ ├── sasl_getopt_t.3 │ ├── sasl_getpath_t.3 │ ├── sasl_getprop.3 │ ├── sasl_getrealm_t.3 │ ├── sasl_getsecret_t.3 │ ├── sasl_getsimple_t.3 │ ├── sasl_global_listmech.3 │ ├── sasl_idle.3 │ ├── sasl_listmech.3 │ ├── sasl_log_t.3 │ ├── sasl_server_init.3 │ ├── sasl_server_new.3 │ ├── sasl_server_start.3 │ ├── sasl_server_step.3 │ ├── sasl_server_userdb_checkpass_t.3 │ ├── sasl_server_userdb_setpass_t.3 │ ├── sasl_setpass.3 │ ├── sasl_setprop.3 │ ├── sasl_user_exists.3 │ └── sasl_verifyfile_t.3 ├── plugins ├── .gitignore ├── Makefile.am ├── NTMakefile ├── anonymous.c ├── crypto_kdf_hkdf_sha512.h ├── gs2.c ├── gs2_token.c ├── gs2_token.h ├── gssapi.c ├── kdf_hkdf_sha512.c ├── ldapdb.c ├── makeinit.sh ├── opaque.c ├── opaque.h ├── opaque_impl.c ├── otp.c ├── otp.h ├── passdss.c ├── plain.c ├── sasldb.c ├── scram.c ├── securid.c ├── sql.c └── srp.c ├── pwcheck ├── Makefile.am ├── README ├── pwcheck.c ├── pwcheck_getpwnam.c └── pwcheck_getspnam.c ├── sample ├── Makefile.am ├── NTMakefile ├── client.c ├── common.c ├── common.h ├── sample-client.c ├── sample-server.c └── server.c ├── saslauthd ├── .gitignore ├── COPYING ├── ChangeLog ├── LDAP_SASLAUTHD ├── Makefile.am ├── README.cache ├── README.ipc ├── auth_dce.c ├── auth_dce.h ├── auth_getpwent.c ├── auth_getpwent.h ├── auth_httpform.c ├── auth_httpform.h ├── auth_krb5.c ├── auth_krb5.h ├── auth_ldap.c ├── auth_ldap.h ├── auth_pam.c ├── auth_pam.h ├── auth_rimap.c ├── auth_rimap.h ├── auth_sasldb.c ├── auth_sasldb.h ├── auth_shadow.c ├── auth_shadow.h ├── auth_sia.c ├── auth_sia.h ├── cache.c ├── cache.h ├── cfile.c ├── cfile.h ├── globals.h ├── ipc_doors.c ├── ipc_unix.c ├── lak.c ├── lak.h ├── mechanisms.c ├── mechanisms.h ├── saslauthd-main.c ├── saslauthd-main.h ├── saslauthd.mdoc ├── saslcache.c ├── testsaslauthd.8 ├── testsaslauthd.c ├── utils.c └── utils.h ├── sasldb ├── .gitignore ├── Makefile.am ├── NTMakefile ├── allockey.c ├── db_gdbm.c ├── db_lmdb.c ├── db_ndbm.c ├── db_none.c └── sasldb.h ├── tests ├── Makefile.am ├── runtests.py ├── t_common.c ├── t_common.h ├── t_gssapi_cli.c └── t_gssapi_srv.c ├── utils ├── .gitignore ├── Makefile.am ├── NTMakefile ├── pluginviewer.8 ├── pluginviewer.c ├── sasldblistusers.c ├── sasldblistusers2.8 ├── saslpasswd.c ├── saslpasswd2.8 ├── sasltestsuite.8 ├── sfsasl.c ├── sfsasl.h ├── smtptest.c └── testsuite.c └── win32 ├── .cvswrappers ├── .gitignore ├── README.md ├── common.mak ├── common.vcxproj ├── conan-build.py ├── conan ├── build.py ├── common │ └── conanfile.py ├── gssapiv2 │ └── conanfile.py ├── sasl2 │ └── conanfile.py └── sasldb │ └── conanfile.py ├── cyrus-sasl-all-in-one.sln ├── cyrus-sasl-common.sln ├── cyrus-sasl-core.sln ├── cyrus-sasl-gssapiv2.sln ├── cyrus-sasl-sasldb.sln ├── cyrus-sasl.props ├── generate_conan.cmd ├── include ├── NTMakefile └── config.h ├── init_auxprop.c ├── init_mechanism.c ├── install.vcxproj ├── makeinit.ps1 ├── openssl.props ├── plugin_anonymous.vcxproj ├── plugin_gssapiv2.vcxproj ├── plugin_plain.vcxproj ├── plugin_sasldb.vcxproj ├── plugin_scram.vcxproj ├── plugins.props ├── sasl2.vcxproj ├── sasldb.props ├── sasldb.vcxproj └── vsinstall.cmd /.github/dco.yml: -------------------------------------------------------------------------------- 1 | require: 2 | members: false 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | autom4te*.cache 2 | stamp-h.in 3 | config.h.in* 4 | Makefile.in 5 | aclocal.m4 6 | configure 7 | config.log 8 | config.h 9 | config.cache 10 | libtool 11 | config.status 12 | stamp-h1 13 | Makefile 14 | *.pyc 15 | docsrc/.doctrees/ 16 | docsrc/build/ 17 | .deps 18 | .dirstamp 19 | doc/html/ 20 | INSTALL 21 | libsasl2.pc 22 | man/ 23 | m4/libtool.m4 24 | m4/ltoptions.m4 25 | m4/ltsugar.m4 26 | m4/ltversion.m4 27 | m4/lt~obsolete.m4 28 | .sphinx-build.stamp 29 | .tests 30 | *.o 31 | *.lo 32 | .libs/ 33 | -------------------------------------------------------------------------------- /.indent.pro: -------------------------------------------------------------------------------- 1 | -i2 -cli0 -bl -nce 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: c 2 | group: edge 3 | 4 | os: 5 | - linux 6 | - osx 7 | 8 | dist: focal 9 | osx_image: xcode12.5 10 | compiler: gcc 11 | 12 | addons: 13 | apt: 14 | packages: 15 | - krb5-kdc 16 | - krb5-admin-server 17 | - libsocket-wrapper 18 | - libnss-wrapper 19 | 20 | # For OS X, but shouldn't cause any problems on Linux 21 | cache: 22 | directories: 23 | - $HOME/Library/Caches/Homebrew 24 | 25 | before_script: 26 | - if [ $TRAVIS_OS_NAME = osx ]; then brew install ccache; fi 27 | - ccache --version 28 | - ccache --zero-stats 29 | - ./autogen.sh 30 | - make 31 | script: 32 | - make check 33 | branches: 34 | only: 35 | - master 36 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | The Cyrus-SASL project isn't using the Github workflows at the moment. 2 | 3 | It's okay (and helpful!) to open Issues and Pull Requests here, but please 4 | also contact the 5 | [Cyrus-SASL mailing list](https://cyrus.topicbox.com/groups/sasl) 6 | or they may not be noticed by anyone who can action them. 7 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | /* CMU libsasl 2 | * Tim Martin 3 | * Rob Earhart 4 | * Rob Siemborski 5 | */ 6 | /* 7 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 21 | * 3. The name "Carnegie Mellon University" must not be used to 22 | * endorse or promote products derived from this software without 23 | * prior written permission. For permission or any other legal 24 | * details, please contact 25 | * Office of Technology Transfer 26 | * Carnegie Mellon University 27 | * 5000 Forbes Avenue 28 | * Pittsburgh, PA 15213-3890 29 | * (412) 268-4387, fax: (412) 268-7395 30 | * tech-transfer@andrew.cmu.edu 31 | * 32 | * 4. Redistributions of any form whatsoever must retain the following 33 | * acknowledgment: 34 | * "This product includes software developed by Computing Services 35 | * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 36 | * 37 | * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 38 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 39 | * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 40 | * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 41 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 42 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 43 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 44 | */ 45 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/ChangeLog -------------------------------------------------------------------------------- /INSTALL.TXT: -------------------------------------------------------------------------------- 1 | For installation instructions, see doc/legacy/install.html. 2 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | Look at README.md 2 | -------------------------------------------------------------------------------- /README.GS2: -------------------------------------------------------------------------------- 1 | To build the GS2 SASL mechanism, you need MIT Kerberos 1.9. 2 | 3 | Please e-mail lukeh@padl.com with any bug reports. 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build Status:master](https://api.travis-ci.org/cyrusimap/cyrus-sasl.svg?branch=master)](https://travis-ci.org/cyrusimap/cyrus-sasl) 2 | 3 | 4 | ## Cyrus SASL 5 | This is the Cyrus SASL API implementation. It can be used on the client 6 | or server side to provide authentication and authorization services. 7 | See RFC 4422 for more information. 8 | 9 | The latest version is available at: 10 | https://github.com/cyrusimap/cyrus-sasl/releases 11 | 12 | There are mailing lists for Cyrus SASL. The lists are now hosted at 13 | https://cyrus.topicbox.com/groups/. Subscriptions and archives from the 14 | old lists.andrew.cmu.edu list manager have all been migrated over to 15 | topicbox. 16 | 17 | If you are looking to port SASLv1 applications to SASLv2, please see 18 | doc/appconvert.html 19 | 20 | Bugs can be searched/reported [on GitHub](https://github.com/cyrusimap/cyrus-sasl/issues), 21 | but please also notify the mailing list. 22 | 23 | ## DOCUMENTATION 24 | 25 | Please see doc/legacy/index.html for detailed documentation. 26 | 27 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | build: false 2 | 3 | environment: 4 | PYTHON: "C:\\Python27" 5 | PYTHON_VERSION: "2.7.8" 6 | PYTHON_ARCH: "32" 7 | 8 | CONAN_REFERENCE: "cyrus-sasl/2.1.26" 9 | CONAN_USERNAME: "rion" 10 | CONAN_LOGIN_USERNAME: "rion" 11 | CONAN_CHANNEL: "stable" 12 | CONAN_UPLOAD: "https://api.bintray.com/conan/rion/common" 13 | 14 | matrix: 15 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 16 | CONAN_VISUAL_VERSIONS: 14 17 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017 18 | CONAN_VISUAL_VERSIONS: 15 19 | 20 | 21 | install: 22 | - set PATH=%PATH%;%PYTHON%/Scripts/ 23 | - pip.exe install conan --upgrade 24 | - pip.exe install conan_package_tools 25 | - conan user # It creates the conan data directory 26 | 27 | test_script: 28 | - python win32\conan\build.py 29 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Run this to generate all the initial makefiles, etc. 3 | test -n "$srcdir" || srcdir=`dirname "$0"` 4 | test -n "$srcdir" || srcdir=. 5 | 6 | olddir=`pwd` 7 | 8 | cd $srcdir 9 | 10 | (test -f configure.ac) || { 11 | echo "*** ERROR: Directory "\`$srcdir\'" does not look like the top-level project directory ***" 12 | exit 1 13 | } 14 | 15 | PKG_NAME=`autoconf --trace 'AC_INIT:$1' configure.ac` 16 | 17 | if [ "$#" = 0 -a "x$NOCONFIGURE" = "x" ]; then 18 | echo "*** WARNING: I am going to run \`configure' with no arguments." >&2 19 | echo "*** If you wish to pass any to it, please specify them on the" >&2 20 | echo "*** \`$0\' command line." >&2 21 | echo "" >&2 22 | fi 23 | 24 | aclocal --install || exit 1 25 | autoreconf --verbose --force --install -Wno-portability || exit 1 26 | 27 | cd $olddir 28 | if [ "$NOCONFIGURE" = "" ]; then 29 | $srcdir/configure "$@" || exit 1 30 | 31 | if [ "$1" = "--help" ]; then exit 0 else 32 | echo "Now type \`make\' to compile $PKG_NAME" || exit 1 33 | fi 34 | else 35 | echo "Skipping configure process." 36 | fi 37 | 38 | -------------------------------------------------------------------------------- /config/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /config/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | CFBundleDevelopmentRegion 7 | English 8 | CFBundleExecutable 9 | SASL2 10 | CFBundleGetInfoString 11 | Cyrus SASL v2 Library 12 | CFBundleIdentifier 13 | edu.cmu.andrew.SASL2framework 14 | CFBundleInfoDictionaryVersion 15 | 1.1.0 16 | CFBundleName 17 | SASL v2 Framework 18 | CFBundlePackageType 19 | FMWK 20 | CFBundleShortVersionString 21 | 1.1.0 22 | CFBundleSignature 23 | ???? 24 | CFBundleVersion 25 | 9 26 | 27 | 28 | -------------------------------------------------------------------------------- /contrib/README: -------------------------------------------------------------------------------- 1 | The contents of this directory are unsupported patches to the 2 | Cyrus SASL library that may or may not be useful to the end user. 3 | 4 | They are completely unsupported, and any questions should be directed 5 | to the authors. 6 | -------------------------------------------------------------------------------- /contrib/saslauthd-unix.pl: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/perl 2 | 3 | # $Id: saslauthd-unix.pl,v 1.2 2003/04/28 20:15:10 rjs3 Exp $ 4 | 5 | # This is a sample perl script for communicating with saslauthd running 6 | # on a unix socket. Simply call the function with 4 parameters and you're 7 | # set (userid, password, service, realm or undef) 8 | 9 | use Socket; 10 | use strict; 11 | 12 | sub saslauthd_verify_password { 13 | my $SASLAUTHD_PATH = "/var/run/saslauthd/mux"; 14 | 15 | my $userid = shift || die "no userid"; 16 | my $passwd = shift || die "no password"; 17 | my $service = shift || die "no service"; 18 | my $realm = shift; 19 | 20 | my $u_len = length $userid; 21 | my $p_len = length $passwd; 22 | my $s_len = length $service; 23 | my $r_len = (defined($realm) ? length $realm : 0); 24 | 25 | if($u_len + $p_len + $s_len + $r_len + 30 > 8192) { 26 | warn "request too long in saslauthd_verify_password"; 27 | return undef; 28 | } 29 | 30 | my $request = pack "na".$u_len."na".$p_len."na".$s_len."na".$r_len, 31 | $u_len, $userid, $p_len, $passwd, $s_len, $service, 32 | $r_len, (defined($realm) ? $realm : ""); 33 | 34 | socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!"; 35 | connect(SOCK, sockaddr_un($SASLAUTHD_PATH)) || die "connect: $!"; 36 | 37 | my $len = length $request; 38 | my $offset = 0; 39 | while($len) { 40 | my $written = syswrite SOCK, $request, $len, $offset; 41 | die "System write error: $!\n" unless defined $written; 42 | $len -= $written; 43 | $offset += $written; 44 | } 45 | 46 | # Read back reply 47 | my $buf; 48 | $len = sysread SOCK, $buf, 8192; 49 | die "System read error: $!\n" unless defined $len; 50 | 51 | my $response; 52 | my $size = unpack("n", $buf); 53 | 54 | die "Bad saslauthd response" unless defined $size; 55 | ($size, $response) = unpack("na".$size, $buf); 56 | 57 | if($response =~ /^OK/) { 58 | return 1; 59 | } else { 60 | return 0; 61 | } 62 | } 63 | 64 | -------------------------------------------------------------------------------- /contrib/tclsasl/README: -------------------------------------------------------------------------------- 1 | This is the TCL SASL extentions, contributed by Marshall Rose 2 | 3 | 4 | For the most up to date version please see: 5 | 6 | http://beepcore-tcl.sourceforge.net/tclsasl.html 7 | 8 | -------------------------------------------------------------------------------- /dlcompat-20010505/ChangeLog: -------------------------------------------------------------------------------- 1 | 2001-05-05 Christoph Pfisterer 2 | 3 | * dlfcn.h: Added wrapper for C++. 4 | 5 | 2001-01-23 Christoph Pfisterer 6 | 7 | * dlopen.c: Added optional debugging output. Modules are now 8 | searched for in various directories when no absolute path is 9 | specified and the module is not found in the current directory. A 10 | new function, _dl_search_paths, was added to accomplish the 11 | search. Added an include for , because PATH_MAX is 12 | defined there. 13 | * Makefile: Some rearragements for the optional debugging 14 | output. (Use "make DEBUG=1" to enable it.) 15 | 16 | 2001-01-16 Christoph Pfisterer 17 | 18 | * dlopen.c: Removed #include for ofi.h - it doesn't seem to be 19 | needed. 20 | 21 | -------------------------------------------------------------------------------- /dlcompat-20010505/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Makefile for dlcompat 3 | # 4 | # 5 | # Copyright (c) 2001 Christoph Pfisterer. 6 | # 7 | # Portions Copyright (c) 1999-2001 Apple Computer, Inc. All Rights 8 | # Reserved. 9 | # 10 | # This file contains Original Code and/or Modifications of Original 11 | # Code as defined in and that are subject to the Apple Public Source 12 | # License Version 1.2 (the "License"). You may not use this file 13 | # except in compliance with the License. Please obtain a copy of the 14 | # License at http://www.apple.com/publicsource and read it before 15 | # using this file. 16 | # 17 | # The Original Code and all software distributed under the License are 18 | # distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 19 | # EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 20 | # INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 21 | # FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR 22 | # NON-INFRINGEMENT. Please see the License for the specific language 23 | # governing rights and limitations under the License. 24 | # 25 | 26 | 27 | prefix=/usr/local 28 | DEBUG=0 29 | 30 | CC=cc 31 | CFLAGS=-Wall -O2 -DDEBUG=$(DEBUG) 32 | AR=ar cru 33 | RANLIB=ranlib 34 | INSTALL=install 35 | 36 | OBJS = dlopen.o 37 | 38 | 39 | all: libdl.a libdl.dylib 40 | 41 | install: all 42 | if test ! -d $(prefix)/lib ; then mkdir $(prefix)/lib ; fi 43 | $(INSTALL) -m 644 libdl.a $(prefix)/lib 44 | $(RANLIB) $(prefix)/lib/libdl.a 45 | chmod 644 $(prefix)/lib/libdl.a 46 | $(INSTALL) -m 755 libdl.dylib $(prefix)/lib 47 | if test ! -d $(prefix)/include ; then mkdir $(prefix)/include ; fi 48 | $(INSTALL) -c -m 644 dlfcn.h $(prefix)/include 49 | 50 | .c.o: 51 | $(CC) $(CFLAGS) -fno-common -o $@ -c $< 52 | 53 | libdl.a: $(OBJS) 54 | $(AR) libdl.a $(OBJS) 55 | $(RANLIB) libdl.a 56 | 57 | libdl.dylib: $(OBJS) 58 | $(CC) -dynamiclib -undefined error -o libdl.dylib $(OBJS) -install_name $(prefix)/lib/libdl.dylib 59 | 60 | clean: 61 | rm -f $(OBJS) libdl.* 62 | 63 | # EOF 64 | -------------------------------------------------------------------------------- /dlcompat-20010505/dlfcn.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file was modified by Christoph Pfisterer 3 | * on Sat, May 5 2001. See the file "ChangeLog" for details of what 4 | * was changed. 5 | * 6 | * 7 | * Copyright (c) 1999 Apple Computer, Inc. All rights reserved. 8 | * 9 | * @APPLE_LICENSE_HEADER_START@ 10 | * 11 | * Portions Copyright (c) 1999 Apple Computer, Inc. All Rights 12 | * Reserved. This file contains Original Code and/or Modifications of 13 | * Original Code as defined in and that are subject to the Apple Public 14 | * Source License Version 1.1 (the "License"). You may not use this file 15 | * except in compliance with the License. Please obtain a copy of the 16 | * License at http://www.apple.com/publicsource and read it before using 17 | * this file. 18 | * 19 | * The Original Code and all software distributed under the License are 20 | * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 21 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 22 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 23 | * FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT. Please see the 24 | * License for the specific language governing rights and limitations 25 | * under the License. 26 | * 27 | * @APPLE_LICENSE_HEADER_END@ 28 | */ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | extern void * dlopen( 35 | const char *path, 36 | int mode); 37 | extern void * dlsym( 38 | void * handle, 39 | const char *symbol); 40 | extern const char * dlerror( 41 | void); 42 | extern int dlclose( 43 | void * handle); 44 | 45 | #define RTLD_LAZY 0x1 46 | #define RTLD_NOW 0x2 47 | #define RTLD_LOCAL 0x4 48 | #define RTLD_GLOBAL 0x8 49 | #define RTLD_NOLOAD 0x10 50 | #define RTLD_SHARED 0x20 /* not used, the default */ 51 | #define RTLD_UNSHARED 0x40 52 | #define RTLD_NODELETE 0x80 53 | #define RTLD_LAZY_UNDEF 0x100 54 | 55 | #ifdef __cplusplus 56 | } 57 | #endif 58 | -------------------------------------------------------------------------------- /doc/legacy/NTMakefile: -------------------------------------------------------------------------------- 1 | # Prevent all diagnostic messages 2 | VERBOSE=0 3 | 4 | !INCLUDE ..\win32\common.mak 5 | 6 | docdir = $(prefix)\doc 7 | 8 | all: all-recursive 9 | 10 | # 11 | # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels 12 | # 13 | # In order to force xcopy not to confirm if the second parameter is file or directory, 14 | # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, 15 | # instead of libsasl.lib. Ugly, but works! 16 | # 17 | install: 18 | @xcopy *.txt "$(docdir)" /I /F /Y 19 | @xcopy *.fig "$(docdir)" /I /F /Y 20 | @xcopy *.html "$(docdir)" /I /F /Y 21 | @xcopy TODO "$(docdir)" /I /F /Y 22 | @xcopy ONEWS "$(docdir)" /I /F /Y 23 | 24 | all-recursive: 25 | @echo Nothing to build for target all 26 | 27 | clean: 28 | @echo Nothing to do for target clean 29 | -------------------------------------------------------------------------------- /doc/legacy/TODO: -------------------------------------------------------------------------------- 1 | Library 2 | ~~~~~~~ 3 | ) Better/FASTER random numbers (init time is pretty miserable) 4 | ) Test suite [still] needs work 5 | ) better support for including missing routines 6 | ) check return settings (ssf, etc.) on auth failure 7 | 8 | Documentation 9 | ~~~~~~~~~~~~~ 10 | ) so much to do here 11 | ) man pages (check spelling) 12 | ) programmers/sysadmin guide updates and clarifications 13 | ) update INSTALL to have clearer step-by-step instructions 14 | 15 | Mechs to write 16 | ~~~~~~~~~~~~~~ 17 | 18 | SCRAM 19 | ~~~~~ 20 | 21 | SRP 22 | ~~~ 23 | ) Testing 24 | 25 | OTP 26 | ~~~ 27 | ) Checking edge cases 28 | ) Testing 29 | 30 | Kerberos_V4 31 | ~~~~~~~~~~~ 32 | ) client-side should set realm 33 | ) is prompt_need callback set default value 34 | 35 | GSSAPI 36 | ~~~~~~ 37 | ) Allow specification of alternate keytab file 38 | 39 | Plain 40 | ~~~~~ 41 | 42 | Cram-MD5 43 | ~~~~~~~~ 44 | ) needs snprintf support 45 | 46 | Database stuff 47 | ~~~~~~~~~~~~~~ 48 | ) transactions? 49 | ) version the database? 50 | ) atomic updates of passwords (we can crash and leave the user with 51 | different passwords for different mechanisms) [through failure to 52 | make setpass calls] 53 | ) locks (to help fortify protection against OTP race attack)? 54 | 55 | ABI 56 | ~~~ 57 | ) Consider IRIX ABI issues for plugins 58 | - /usr/lib32/sasl? 59 | - /usr/lib/sasl/{ABI}? 60 | ) Standardize the plugin ABI 61 | -------------------------------------------------------------------------------- /doc/legacy/advanced.html: -------------------------------------------------------------------------------- 1 | 2 | Cyrus SASL Library -- Advanced Usage 3 | 4 | 5 |

Cyrus SASL library, version 2.0

6 |

Notes for Advanced Usage of libsasl

7 | 8 |

Using Cyrus SASL as a static library

9 | As of v2.0.2-ALPHA, Cyrus SASL supports the option to compile all of the 10 | supported mechanisms and glue code into a single static library that may 11 | be linked into any application. In practice, this saves memory by avoiding 12 | the need to have a jump table for each process's reference into the shared 13 | library, and ensures that all the mechanisms are loaded when the application 14 | loads (thus reducing the overhead of loading the DSOs).

15 | 16 | However, this is not a recommended procedure to use in general. It loses 17 | the flexibility of the DSOs that allow one to simply drop in a new mechanism 18 | that even currently-running applications will see for each new connection. 19 | That is, if you choose to use the static version of the library, not only 20 | will you need to recompile the library each time you add a mechanism (provided 21 | the mechanisms even support being compiled staticly), but you will need to 22 | recompile every application that uses Cyrus SASL as well.

23 | 24 | However, if you are sure you wish to use a static version of Cyrus SASL, 25 | compile it by giving configure the --enable-static option. 26 | This will compile both a dynamic and a static version. Then, whenever 27 | an application links to libsasl, it will also need to explicitly pull in 28 | any dynamic libraries that may be needed by Cyrus SASL. Most notably, these 29 | might include the GSSAPI, Kerberos, and Database libraries. To avoid compiling 30 | the dynamic version, pass --disable-shared.

31 | 32 |

33 | Back to the index 34 | 35 | 36 | -------------------------------------------------------------------------------- /docsrc/_static/cyrus.css: -------------------------------------------------------------------------------- 1 | /* This file is empty, but maybe someday it will not be empty. */ 2 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/AclChange.json: -------------------------------------------------------------------------------- 1 | { 2 | "aclRights": "lrs", 3 | "aclSubject": "jane@example.org", 4 | "event": "AclChange", 5 | "mailboxID": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 6 | "pid": 8048, 7 | "service": "imap", 8 | "timestamp": "2015-02-23T14:57:59.736+01:00", 9 | "uri": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 10 | "user": "john@example.org", 11 | "vnd.cmu.sessionId": "imap.example.org-8048-1424699879-1-8051832424702584527" 12 | } 13 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/ApplePushService.json: -------------------------------------------------------------------------------- 1 | { 2 | "event":"ApplePushService", 3 | "user": "john@example.org", 4 | "apsVersion": "", 5 | "apsAccountId": "", 6 | "apsDeviceToken": "", 7 | "apsSubtopic": "", 8 | "mailboxes": "[array of mailboxIDs]" 9 | } 10 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/CalendarAlarm.json: -------------------------------------------------------------------------------- 1 | { 2 | "event":"CalendarAlarm", 3 | "pid":3164225, 4 | "serverFQDN":"sloti30t15", 5 | "alarmTime":"20151119T063000Z", 6 | "alarmRecipients":["mailto:mary@example.org"], 7 | "userId":"mary@example.org", 8 | "calendarName":"Calendar", 9 | "uid":"49ba20f5-cb44-4863-aea7-255f37ffc2e7", 10 | "action":"email", 11 | "summary":"Here's a lovely event. Remind me", 12 | "description":"", 13 | "location":"", 14 | "timezone":"Australia/Melbourne", 15 | "start":"20151119T073000Z", 16 | "end":"20151119T083000Z", 17 | "allDay":0, 18 | "attendeeNames":[], 19 | "attendeeEmails":[], 20 | "attendeeStatus":[], 21 | "organizer":"" 22 | } -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/FlagsClear.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "FlagsClear", 3 | "flagNames": "\\Flagged", 4 | "messages": 1, 5 | "modseq": 43, 6 | "pid": 7721, 7 | "service": "imap", 8 | "timestamp": "2015-02-23T14:50:43.640+01:00", 9 | "uidnext": 4, 10 | "uidset": "3", 11 | "uri": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 12 | "user": "john@example.org", 13 | "vnd.cmu.midset": [ 14 | "<4d9618acd0aea6b33683766358351459@example.org>" 15 | ], 16 | "vnd.cmu.sessionId": "imap.example.org-7721-1424699443-1-8479002111695998134", 17 | "vnd.cmu.unseenMessages": 0 18 | } 19 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/FlagsSet.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "FlagsSet", 3 | "flagNames": "\\Flagged", 4 | "messages": 1, 5 | "modseq": 42, 6 | "pid": 7649, 7 | "service": "imap", 8 | "timestamp": "2015-02-23T14:50:21.858+01:00", 9 | "uidnext": 4, 10 | "uidset": "3", 11 | "uri": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 12 | "user": "john@example.org", 13 | "vnd.cmu.midset": [ 14 | "<4d9618acd0aea6b33683766358351459@example.org>" 15 | ], 16 | "vnd.cmu.sessionId": "imap.example.org-7649-1424699421-1-11813528620713894618", 17 | "vnd.cmu.unseenMessages": 0 18 | } 19 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/Login.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientIP": "::1", 3 | "clientPort": 46461, 4 | "event": "Login", 5 | "pid": 7629, 6 | "serverDomain": "::1", 7 | "serverPort": 143, 8 | "service": "imap", 9 | "timestamp": "2015-02-23T14:47:36.097+01:00", 10 | "uri": "imap://imap.example.org", 11 | "user": "john@example.org", 12 | "vnd.cmu.sessionId": "imap.example.org-7629-1424699256-1-3981462903180119079" 13 | } 14 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/Logout.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientIP": "::1", 3 | "clientPort": 46461, 4 | "event": "Logout", 5 | "pid": 7629, 6 | "serverDomain": "::1", 7 | "serverPort": 143, 8 | "service": "imap", 9 | "timestamp": "2015-02-23T14:47:36.183+01:00", 10 | "uri": "imap://imap.example.org", 11 | "user": "john@example.org", 12 | "vnd.cmu.sessionId": "imap.example.org-7629-1424699256-1-3981462903180119079" 13 | } 14 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MailboxCreate.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MailboxCreate", 3 | "mailboxID": "imap://john@example.org@imap.example.org/Testfolder;UIDVALIDITY=1424690388", 4 | "pid": 7721, 5 | "service": "imap", 6 | "timestamp": "2015-02-23T14:55:57.621+01:00", 7 | "uri": "imap://john@example.org@imap.example.org/Testfolder;UIDVALIDITY=1424690388", 8 | "user": "john@example.org", 9 | "vnd.cmu.sessionId": "imap.example.org-7721-1424699757-1-18345110432907898457" 10 | } 11 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MailboxDelete.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MailboxDelete", 3 | "mailboxID": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 4 | "pid": 8070, 5 | "service": "imap", 6 | "timestamp": "2015-02-23T14:58:37.145+01:00", 7 | "uri": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 8 | "user": "john@example.org", 9 | "vnd.cmu.sessionId": "imap.example.org-8070-1424699917-1-11277155374959916506" 10 | } 11 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MailboxRename.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MailboxRename", 3 | "mailboxID": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 4 | "oldMailboxID": "imap://john@example.org@imap.example.org/Testfolder;UIDVALIDITY=1424690388", 5 | "pid": 8026, 6 | "service": "imap", 7 | "timestamp": "2015-02-23T14:56:47.466+01:00", 8 | "uri": "imap://john@example.org@imap.example.org/Testfolder_renamed;UIDVALIDITY=1424699807", 9 | "user": "john@example.org", 10 | "vnd.cmu.sessionId": "imap.example.org-8026-1424699807-1-3097981731339369225" 11 | } 12 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MailboxSubscribe.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MailboxSubscribe", 3 | "pid": 3004, 4 | "service": "imap", 5 | "timestamp": "2015-02-23T18:37:02.344+01:00", 6 | "uri": "imap://john@example.org@imap.example.org/Archive", 7 | "user": "john@example.org", 8 | "vnd.cmu.sessionId": "imap.example.org-3004-1424713022-1-7149274646509524617" 9 | } 10 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MailboxUnSubscribe.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MailboxUnSubscribe", 3 | "pid": 3003, 4 | "service": "imap", 5 | "timestamp": "2015-02-23T18:37:19.482+01:00", 6 | "uri": "imap://john@example.org@imap.example.org/Testfolder_renamed", 7 | "user": "john@example.org", 8 | "vnd.cmu.sessionId": "imap.example.org-3003-1424713039-1-2806700531460584176" 9 | } 10 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageAppend.json: -------------------------------------------------------------------------------- 1 | { 2 | "bodyStructure": "((\"TEXT\" \"PLAIN\" (\"CHARSET\" \"ISO-8859-1\") NIL NIL \"QUOTED-PRINTABLE\" 206 4 NIL NIL NIL NIL)(\"APPLICATION\" \"CALENDAR+XML\" (\"CHARSET\" \"UTF-8\" \"NAME\" \"kolab.xml\") NIL NIL \"8BIT\" 2030 NIL (\"ATTACHMENT\" (\"FILENAME\" \"kolab.xml\" \"SIZE\" \"2030\")) NIL NIL) \"MIXED\" (\"BOUNDARY\" \"=_d9aa3c2dd73a9166113254d4ebe07bc8\") NIL NIL NIL)", 3 | "event": "MessageAppend", 4 | "messageSize": 2992, 5 | "messages": 3, 6 | "modseq": 12, 7 | "pid": 7721, 8 | "service": "imap", 9 | "timestamp": "2015-02-23T14:51:29.008+01:00", 10 | "uidnext": 6, 11 | "uri": "imap://john@example.org@imap.example.org/Calendar;UIDVALIDITY=1424683684/;UID=5", 12 | "user": "john@example.org", 13 | "vnd.cmu.envelope": "(\"Mon, 23 Feb 2015 13:51:28 +0000\" \"BBA47B13E4839F49AB1C8047EE7B4FDB-A4BF5BBB9FEAA271\" ((NIL NIL \"john\" \"example.org\")) ((NIL NIL \"john\" \"example.org\")) ((NIL NIL \"john\" \"example.org\")) ((NIL NIL \"john\" \"example.org\")) NIL NIL NIL NIL)", 14 | "vnd.cmu.midset": [ 15 | "NIL" 16 | ], 17 | "vnd.cmu.sessionId": "imap.example.org-7721-1424699488-1-10167054345787041319", 18 | "vnd.cmu.unseenMessages": 3 19 | } 20 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageCopy.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "vnd.cmu.MessageCopy", 3 | "messages": 1, 4 | "modseq": 9, 5 | "oldMailboxID": "imap://john@example.org@imap.example.org/Sent;UIDVALIDITY=1424683683", 6 | "pid": 8107, 7 | "service": "imap", 8 | "timestamp": "2015-02-23T14:59:49.717+01:00", 9 | "uidnext": 5, 10 | "uidset": "4", 11 | "uri": "imap://john@example.org@imap.example.org/Archive;UIDVALIDITY=1424683684", 12 | "user": "john@example.org", 13 | "vnd.cmu.midset": [ 14 | "<4d9618acd0aea6b33683766358351459@example.org>" 15 | ], 16 | "vnd.cmu.oldUidset": "2", 17 | "vnd.cmu.sessionId": "imap.example.org-8107-1424699989-1-8439907626481649843", 18 | "vnd.cmu.unseenMessages": 0 19 | } 20 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageExpunge.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MessageExpunge", 3 | "messages": 0, 4 | "modseq": 53, 5 | "pid": 7813, 6 | "service": "imap", 7 | "timestamp": "2015-02-23T14:55:20.562+01:00", 8 | "uidnext": 5, 9 | "uidset": "4", 10 | "uri": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 11 | "user": "john@example.org", 12 | "vnd.cmu.midset": [ 13 | "<4d9618acd0aea6b33683766358351459@example.org>" 14 | ], 15 | "vnd.cmu.sessionId": "imap.example.org-7813-1424699720-1-13590468293654033744", 16 | "vnd.cmu.unseenMessages": 0 17 | } 18 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageMove.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "vnd.cmu.MessageMove", 3 | "messages": 2, 4 | "modseq": 5, 5 | "oldMailboxID": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 6 | "pid": 7685, 7 | "service": "imap", 8 | "timestamp": "2015-02-23T14:52:41.676+01:00", 9 | "uidnext": 4, 10 | "uidset": "3", 11 | "uri": "imap://john@example.org@imap.example.org/Archive;UIDVALIDITY=1424683684", 12 | "user": "john@example.org", 13 | "vnd.cmu.midset": [ 14 | "<4d9618acd0aea6b33683766358351459@example.org>" 15 | ], 16 | "vnd.cmu.oldUidset": "3", 17 | "vnd.cmu.sessionId": "imap.example.org-7685-1424699561-1-7444588115769591371", 18 | "vnd.cmu.unseenMessages": 0 19 | } 20 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageRead.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MessageRead", 3 | "messages": 1, 4 | "modseq": 47, 5 | "pid": 7685, 6 | "service": "imap", 7 | "timestamp": "2015-02-23T14:53:44.476+01:00", 8 | "uidnext": 5, 9 | "uidset": "4", 10 | "uri": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 11 | "user": "john@example.org", 12 | "vnd.cmu.midset": [ 13 | "<4d9618acd0aea6b33683766358351459@example.org>" 14 | ], 15 | "vnd.cmu.sessionId": "imap.example.org-7685-1424699624-1-9701853636551497828", 16 | "vnd.cmu.unseenMessages": 0 17 | } 18 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/MessageTrash.json: -------------------------------------------------------------------------------- 1 | { 2 | "event": "MessageTrash", 3 | "messages": 1, 4 | "modseq": 48, 5 | "pid": 7809, 6 | "service": "imap", 7 | "timestamp": "2015-02-23T14:54:02.616+01:00", 8 | "uidnext": 5, 9 | "uidset": "4", 10 | "uri": "imap://john@example.org@imap.example.org/INBOX;UIDVALIDITY=1424683682", 11 | "user": "john@example.org", 12 | "vnd.cmu.midset": [ 13 | "<4d9618acd0aea6b33683766358351459@example.org>" 14 | ], 15 | "vnd.cmu.sessionId": "imap.example.org-7809-1424699642-1-2896189896878960640", 16 | "vnd.cmu.unseenMessages": 0 17 | } 18 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/QuotaChange.json: -------------------------------------------------------------------------------- 1 | { 2 | "diskQuota": 123456789, 3 | "diskUsed": 2, 4 | "event": "QuotaChange", 5 | "maxMessages": -1, 6 | "messages": 3, 7 | "pid": 8140, 8 | "service": "imaps", 9 | "timestamp": "2015-03-10T16:16:19.255+01:00", 10 | "uri": "imap://john.doe@example.org@kolab.example.org/INBOX", 11 | "user": "john.doe@example.org", 12 | "vnd.cmu.sessionId": "kolab.example.org-8140-1426000578-1-14068443041501787710" 13 | } 14 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/QuotaExceed.json: -------------------------------------------------------------------------------- 1 | { 2 | "diskQuota": 2, 3 | "diskUsed": 2, 4 | "event": "QuotaExceed", 5 | "maxMessages": -1, 6 | "messages": 3, 7 | "pid": 8210, 8 | "service": "lmtpunix", 9 | "timestamp": "2015-03-10T16:13:40.218+01:00", 10 | "uri": "imap://john.doe@example.org@kolab.example.org/INBOX", 11 | "user": "john.doe@example.org", 12 | "vnd.cmu.sessionId": "kolab.example.org-8210-1426000420-4-9494635035963533515" 13 | } 14 | -------------------------------------------------------------------------------- /docsrc/_static/event_notifications/QuotaWithin.json: -------------------------------------------------------------------------------- 1 | { 2 | "diskQuota": 123456789, 3 | "diskUsed": 2, 4 | "event": "QuotaWithin", 5 | "maxMessages": -1, 6 | "messages": 3, 7 | "pid": 8140, 8 | "service": "imaps", 9 | "timestamp": "2015-03-10T16:16:19.255+01:00", 10 | "uri": "imap://john.doe@example.org@kolab.example.org/INBOX", 11 | "user": "john.doe@example.org", 12 | "vnd.cmu.sessionId": "kolab.example.org-8140-1426000578-1-14068443041501787710" 13 | } 14 | -------------------------------------------------------------------------------- /docsrc/_static/headimg.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/docsrc/_static/headimg.gif -------------------------------------------------------------------------------- /docsrc/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "!layout.html" %} 2 | {% set css_files = css_files + [ '_static/cyrus.css' ] %} 3 | 4 | 5 | {% block header %} 6 |
7 | 13 | 19 |
20 |
21 | {% endblock %} 22 | 23 | 24 | {% block footer %} 25 | {{ super() }} 26 | 27 | {% endblock %} 28 | -------------------------------------------------------------------------------- /docsrc/developer.rst: -------------------------------------------------------------------------------- 1 | ========== 2 | Developers 3 | ========== 4 | 5 | 6 | .. toctree:: 7 | :maxdepth: 3 8 | 9 | sasl/appconvert 10 | sasl/developer/programming 11 | sasl/developer/plugprog 12 | sasl/developer/testing 13 | -------------------------------------------------------------------------------- /docsrc/download.rst: -------------------------------------------------------------------------------- 1 | ======== 2 | Download 3 | ======== 4 | 5 | 6 | .. toctree:: 7 | 8 | getsasl 9 | sasl/release-notes/index 10 | packager 11 | -------------------------------------------------------------------------------- /docsrc/exts/sphinxlocal/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | sphinxlocal 4 | ~~~~~~~~~~~ 5 | 6 | Custom docutils components. 7 | 8 | :copyright: Copywrite 2015 by Nic Bernstein 9 | :license: BSD, see LICENSE for details. 10 | """ 11 | -------------------------------------------------------------------------------- /docsrc/exts/sphinxlocal/roles/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | sphinxlocal 4 | ~~~~~~~~~~~ 5 | 6 | Custom docutils components. 7 | 8 | :copyright: Copywrite 2015 by Nic Bernstein 9 | :license: BSD, see LICENSE for details. 10 | """ 11 | -------------------------------------------------------------------------------- /docsrc/exts/sphinxlocal/roles/saslman.py: -------------------------------------------------------------------------------- 1 | """ 2 | sphinxlocal.roles.saslman 3 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4 | 5 | Turn :saslman: links into manpage references to the cyrus sasl doc tree 6 | 7 | :version: 0.1 8 | :author: Nicola Nye 9 | 10 | :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS. 11 | :license: BSD, see LICENSE for details. 12 | """ 13 | 14 | from sphinx.errors import SphinxError 15 | from docutils import nodes, utils 16 | from docutils.parsers.rst.roles import set_classes 17 | from string import Template 18 | import re 19 | 20 | def setup(app): 21 | app.add_crossref_type('saslman', 'saslman', '%s', nodes.generated) 22 | return 23 | 24 | class CyrusManExtension(SphinxError): 25 | category = ':saslman: error' 26 | -------------------------------------------------------------------------------- /docsrc/getsasl.rst: -------------------------------------------------------------------------------- 1 | ======== 2 | Get SASL 3 | ======== 4 | 5 | 6 | .. toctree:: 7 | 8 | sasl/installation 9 | -------------------------------------------------------------------------------- /docsrc/operations.rst: -------------------------------------------------------------------------------- 1 | ========== 2 | Operations 3 | ========== 4 | 5 | 6 | .. toctree:: 7 | :maxdepth: 3 8 | 9 | sasl/sysadmin 10 | sasl/manpages 11 | sasl/auxiliary_properties 12 | sasl/authentication_mechanisms 13 | sasl/pwcheck 14 | sasl/faq 15 | sasl/resources 16 | -------------------------------------------------------------------------------- /docsrc/packager.rst: -------------------------------------------------------------------------------- 1 | ================== 2 | Note for Packagers 3 | ================== 4 | 5 | People considering doing binary distributions that include saslauthd 6 | should be aware that the code is covered by several slightly different 7 | (but compatible) licenses, due to how it was contributed. Details can 8 | be found within the source code. 9 | -------------------------------------------------------------------------------- /docsrc/sasl/advanced.rst: -------------------------------------------------------------------------------- 1 | .. _advanced: 2 | 3 | ============== 4 | Advanced Usage 5 | ============== 6 | 7 | Notes for Advanced Usage of libsasl 8 | =================================== 9 | 10 | Using Cyrus SASL as a static library 11 | ------------------------------------ 12 | 13 | As of v2.0.2-ALPHA, Cyrus SASL supports the option to compile all of the 14 | supported mechanisms and glue code into a single static library that may 15 | be linked into any application. In practice, this saves memory by avoiding 16 | the need to have a jump table for each process's reference into the shared 17 | library, and ensures that all the mechanisms are loaded when the application 18 | loads (thus reducing the overhead of loading the DSOs). 19 | 20 | However, this is not a recommended procedure to use in general. It loses 21 | the flexibility of the DSOs that allow one to simply drop in a new mechanism 22 | that even currently-running applications will see for each new connection. 23 | That is, if you choose to use the static version of the library, not only 24 | will you need to recompile the library each time you add a mechanism (provided 25 | the mechanisms even support being compiled staticly), but you will need to 26 | recompile every application that uses Cyrus SASL as well. 27 | 28 | However, if you are sure you wish to use a static version of Cyrus SASL, 29 | compile it by giving ``configure`` the ``--enable-static`` option. 30 | This will compile **both** a dynamic and a static version. Then, whenever 31 | an application links to libsasl, it will also need to explicitly pull in 32 | any dynamic libraries that may be needed by Cyrus SASL. Most notably, these 33 | might include the GSSAPI, Kerberos, and Database libraries. To avoid compiling 34 | the dynamic version, pass ``--disable-shared``. 35 | -------------------------------------------------------------------------------- /docsrc/sasl/auxiliary_properties.rst: -------------------------------------------------------------------------------- 1 | Auxiliary Properties 2 | ==================== 3 | 4 | Auxiliary Properties and the Glue Layer 5 | --------------------------------------- 6 | 7 | .. todo:: 8 | Content needed here 9 | 10 | Passwords and other Data 11 | ------------------------ 12 | 13 | .. todo:: 14 | Content needed here 15 | 16 | sasldb 17 | ------ 18 | 19 | .. todo:: 20 | Content needed here 21 | 22 | ldapdb 23 | ------ 24 | 25 | .. todo:: 26 | Content needed here 27 | 28 | sql 29 | --- 30 | 31 | .. todo:: 32 | Content needed here 33 | 34 | User Canonicalization 35 | --------------------- 36 | 37 | .. todo:: 38 | Content needed here 39 | 40 | 41 | -------------------------------------------------------------------------------- /docsrc/sasl/faq.rst: -------------------------------------------------------------------------------- 1 | .. _sasl-faq: 2 | 3 | Frequently Asked Questions 4 | ========================== 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | :glob: 9 | 10 | faqs/* 11 | 12 | Looking for the :ref:`Cyrus IMAP FAQ `? -------------------------------------------------------------------------------- /docsrc/sasl/faqs/authorize-vs-authenticate.rst: -------------------------------------------------------------------------------- 1 | What is the difference between an Authorization ID and a Authentication ID? 2 | --------------------------------------------------------------------------- 3 | 4 | **Authentication** is the act of proving who you are. "Hello, I'm Dave. To 5 | prove it, here's my password: Foo." 6 | 7 | **Authorization** is the act of deciding 8 | whether to grant access to resources. 9 | 10 | :: 11 | 12 | "I'd like to read Kellie's mail for her." 13 | 14 | In the example, I'm trying to read my wife's mail. I supply my own 15 | username as the "authentication identifier", my own password (Or 16 | biometric scan, or whatever else is required to prove I'm really me, 17 | with whichever mechanism is in use), and my wife's username as the 18 | "authorization identifier". 19 | 20 | At no point need I know my wife's password - instead, either Kellie or 21 | an administrator needs to explicitly state that I am allowed in "as 22 | Kellie". Once I've logged in, all the access checks are done against 23 | Kellie, not against Dave, because I'm acting for her. To all intents and 24 | purposes, after the authentication exchange itself, the server can 25 | simply forget about who authenticated - it's not important any more - 26 | and concentrate on who needs to be authorized. 27 | 28 | Another, more common example of the use of differing authentication 29 | identifiers and authorization identifiers is in the design of many proxy 30 | systems. You authenticate perfectly normally to the proxy, authorizing 31 | as yourself. The proxy then authenticates to the master as itself, but 32 | supplies you as the authorization identifier, thus getting all the right 33 | access checks done at source, but not having to have access to your 34 | authentication credentials. Finally, some mechanisms don't support 35 | passing a distinct authorization identifier, and for most its optional, 36 | and defaults to the case that most people are familiar with, where 37 | authorization and authentication identifiers are the same. 38 | 39 | -------------------------------------------------------------------------------- /docsrc/sasl/faqs/plaintextpasswords.rst: -------------------------------------------------------------------------------- 1 | Why does CyrusSasl store plaintext passwords in its databases? 2 | -------------------------------------------------------------- 3 | 4 | To operate with the SCRAM mechanism, Cyrus SASL 5 | stores plaintext versions of the passwords in its secret database (an 6 | AuxpropPlugin). 7 | 8 | This is typically regarded as insecure practice, however the alternative 9 | is not much better. For SCRAM to function, it must 10 | have a plaintext equivalent locally in order to confirm the hash that 11 | actually goes across a wire. This, if these equivalents were 12 | compromised, it is trivially easy for an attacker to have access to any 13 | account on the system. 14 | -------------------------------------------------------------------------------- /docsrc/sasl/faqs/rfcs.rst: -------------------------------------------------------------------------------- 1 | .. _faq-rfcs: 2 | 3 | =============== 4 | RFCs and drafts 5 | =============== 6 | 7 | * :rfc:`1939#page-15` - Post Office Protocol - Version 3 (APOP/sasl_checkapop) 8 | * :rfc:`2444` - The One-Time-Password SASL Mechanism (OTP) 9 | * :rfc:`2808` - The SecurID(r) SASL Mechanism 10 | * :rfc:`4120` - The Kerberos Network Authentication Service (V5) 11 | * :rfc:`4178` - The Simple and Protected GSS-API Negotiation (SPNEGO) mechanism 12 | * :rfc:`4422` - Simple Authentication and Security Layer (SASL) 13 | * :rfc:`4505` - Anonymous Simple Authentication and Security Layer (SASL) Mechanism 14 | * :rfc:`4616` - The PLAIN Simple Authentication and Security Layer (SASL) Mechanism 15 | * :rfc:`4752` - The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism 16 | * :rfc:`4846#section-4` - Base64 Data Encoding 17 | * :rfc:`5801` - Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in SASL: The GS2 Mechanism Family 18 | * :rfc:`5802` - Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms 19 | * :rfc:`5803` - Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets 20 | * :rfc:`5929` - Channel Bindings for TLS 21 | * :rfc:`7613` - Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords 22 | * :rfc:`7677` - SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication and Security Layer (SASL) Mechanisms 23 | * :rfc:`7804` - Salted Challenge Response HTTP Authentication Mechanism 24 | * `draft-burdis-cat-srp-sasl `_ - Secure Remote Password SASL Mechanism (SRP) 25 | * `draft-newman-sasl-c-api `_ - The SASL C API 26 | * `draft-newman-sasl-passdss `_ - DSS Secured Password Authentication Mechanism (PASSDSS) 27 | -------------------------------------------------------------------------------- /docsrc/sasl/faqs/scram.rst: -------------------------------------------------------------------------------- 1 | Why does SCRAM not work with CyrusSaslauthd? 2 | ------------------------------------------------------- 3 | 4 | Saslauthd is only capable of verifying plaintext passwords (it takes a 5 | plaintext password and a username and responds with "yes" or "no", 6 | essentially). Therefore, since the plaintext password isn't passed from 7 | client to server in SCRAM, Saslauthd can't verify the password. 8 | 9 | Authentication in a CyrusSaslauthd-only environment will not only fail 10 | with this mechanism, it doesn't really make a lot of sense. You'll 11 | want to use an AuxpropPlugin instead (for example, sasldb). 12 | 13 | -------------------------------------------------------------------------------- /docsrc/sasl/manpages.rst: -------------------------------------------------------------------------------- 1 | ========= 2 | Man pages 3 | ========= 4 | 5 | (3) Library Files 6 | ======================= 7 | 8 | .. toctree:: 9 | :maxdepth: 1 10 | :glob: 11 | 12 | reference/manpages/library/* 13 | 14 | 15 | .. template.rst: this is just the template for new manpages so it obeys man and html formatting. 16 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_authorize_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_authorize_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_authorize_t: 4 | 5 | ====================================================== 6 | **sasl_authorize_t** - The SASL authorization callback 7 | ====================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. parsed-literal:: 13 | 14 | #include 15 | 16 | 17 | int sasl_authorize_t(void \*context, 18 | const char \*requested_user, unsigned alen, 19 | const char \*auth_identity, unsigned alen, 20 | const char \*def_realm, unsigned urlen, 21 | struct propctx \*propctx) 22 | 23 | Description 24 | =========== 25 | 26 | **sasl_authorize_t** is used to check whether the authorized 27 | user auth_identity may act as the user requested_user. 28 | For example the user root may wish to authenticate with 29 | his credentials but act as the user mmercer (with all of 30 | mmercer's rights not roots). A server application should 31 | be very careful, and probably err on the side of caution, 32 | when determining which users may proxy as whom. 33 | 34 | 35 | Return Value 36 | ============ 37 | 38 | SASL callback functions should return SASL return codes. 39 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 40 | 41 | See Also 42 | ======== 43 | 44 | :saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 45 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_auxprop_add_plugin.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_auxprop_add_plugin(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_auxprop_add_plugin: 4 | 5 | ================================================================== 6 | **sasl_auxprop_add_plugin** - add a SASL auxiliary property plugin 7 | ================================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_auxprop_add_plugin(const char *plugname, 17 | sasl_auxprop_plug_init_t *cplugfunc); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_auxprop_add_plugin(const char *plugname, sasl_auxprop_plug_init_t *cplugfunc); 23 | 24 | **sasl_auxprop_add_plugin** adds an auxiliary property plugin to the 25 | current list of auxiliary property plugins in the SASL library. 26 | 27 | :param plugname: is the name of the auxiliary property plugin. 28 | 29 | :param cplugfunc: is filled in by the sasl_auxprop_plug_init_t structure. 30 | 31 | :returns: Returns :c:macro:`SASL_OK` on success. See :saslman:`sasl_errors(3)` for meanings of other return codes. 32 | 33 | Return Value 34 | ============ 35 | 36 | SASL functions should return SASL return codes. 37 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 38 | 39 | The following return codes indicate errors and should be handled: 40 | 41 | * :c:macro:`SASL_BADVERS`: Version mismatch with plugin. 42 | * :c:macro:`SASL_NOMEM`: Not enough memory to complete operation 43 | 44 | Conforming to 45 | ============= 46 | 47 | :rfc:`4422` 48 | 49 | See Also 50 | ======== 51 | 52 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)`, :saslman:`sasl_auxprop(3)`, 53 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_auxprop_getctx.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_auxprop_getctx(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_auxprop_getctx: 4 | 5 | =============================================================== 6 | **sasl_auxprop_getctx** - Acquire an auxiliary property context 7 | =============================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_auxprop_getctx(sasl_conn_t *conn) 17 | 18 | Description 19 | =========== 20 | 21 | .. c:function:: int sasl_auxprop_getctx(sasl_conn_t *conn) 22 | 23 | Fetches an auxiliary property context for the connection on which the functions 24 | described in :saslman:`sasl_auxprop(3)` can operate. 25 | 26 | :parameter conn: pointer to the :c:type:`sasl_conn_t` for which the request is being made. 27 | :return: A pointer to the context on success. Returns NULL on failure. 28 | 29 | .. c:type:: sasl_conn_t 30 | 31 | Context for a SASL connection negotiation 32 | 33 | Conforming to 34 | ============= 35 | 36 | :rfc:`4422` 37 | 38 | See Also 39 | ======== 40 | 41 | :saslman:`sasl(3)`, :saslman:`sasl_auxprop(3)`, :saslman:`sasl_auxprop_request(3)` 42 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_auxprop_request.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_auxprop_request(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_auxprop_request: 4 | 5 | ================================================================= 6 | **sasl_auxprop_request** - Request auxiliary properties from SASL 7 | ================================================================= 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_auxprop_request(sasl_conn_t *conn, const char ** propnames) 17 | 18 | Description 19 | =========== 20 | 21 | .. c:function:: int sasl_auxprop_request(sasl_conn_t *conn, const char ** propnames) 22 | 23 | **sasl_auxprop_request** will request that the SASL library 24 | obtain properties from any auxiliary property plugins that 25 | might be installed (such as the user's home directory from 26 | an LDAP server for example). Such lookup occurs just 27 | after username canonicalization is complete. Therefore, 28 | the request should be made before the call to 29 | :saslman:`sasl_server_start(3)`, but after the call to 30 | :saslman:`sasl_server_new(3)`. 31 | 32 | :param conn: the :c:type:`sasl_conn_t` for which the request is being made. 33 | 34 | :param propnames: a NULL-terminated array of property names to 35 | request. Note that this array must persist until a call to 36 | :saslman:`sasl_dispose(3)` on the :c:type:`sasl_conn_t`. 37 | 38 | :returns: Returns :c:macro:`SASL_OK` on success. See :saslman:`sasl_errors(3)` for meanings of other return codes. 39 | 40 | Conforming to 41 | ============= 42 | 43 | :rfc:`4422` 44 | 45 | See Also 46 | ======== 47 | 48 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)`, :saslman:`sasl_auxprop(3)`, :saslman:`sasl_auxprop_getctx(3)`, 49 | :saslman:`sasl_server_new(3)`, :saslman:`sasl_server_start(3)` 50 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_canonuser_add_plugin.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_canonuser_add_plugin(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_canonuser_add_plugin: 4 | 5 | ======================================================================= 6 | **sasl_canonuser_add_plugin** - add a SASL user canonicalization plugin 7 | ======================================================================= 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_canonuser_add_plugin(const char *plugname, 17 | sasl_canonuser_plug_init_t *cplugfunc); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_canonuser_add_plugin(const char *plugname, sasl_canonuser_plug_init_t *cplugfunc); 23 | 24 | **sasl_canonuser_add_plugin** adds a user canonicalization plugin to the 25 | current list of user canonicalization plugins in the SASL library. 26 | 27 | :param plugname: is the name of the user canonicalization plugin. 28 | 29 | :param cplugfunc: is filled in by the sasl_canonuser_plug_init_t structure. 30 | 31 | :returns: Returns :c:macro:`SASL_OK` on success. See 32 | :saslman:`sasl_errors(3)` for meanings of other return codes. 33 | 34 | Return Value 35 | ============ 36 | 37 | SASL functions should return SASL return codes. 38 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 39 | 40 | The following return codes indicate errors and should be handled: 41 | 42 | * :c:macro:`SASL_BADVERS`: Version mismatch with plugin. 43 | * :c:macro:`SASL_NOMEM`: Not enough memory to complete operation 44 | 45 | Conforming to 46 | ============= 47 | 48 | :rfc:`4422` 49 | 50 | See Also 51 | ======== 52 | 53 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_chalprompt_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_chalprompt_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_chalprompt_t: 4 | 5 | ================================================== 6 | **sasl_chalprompt_t** - Realm acquisition callback 7 | ================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_chalprompt_t(void *context, int id, 17 | const char *challenge, 18 | const char *prompt, const char *defresult, 19 | const char **result, unsigned *len) 20 | 21 | Description 22 | =========== 23 | 24 | .. c:function:: int sasl_chalprompt_t(void *context, int id, const char *challenge, const char *prompt, const char *defresult, const char **result, unsigned *len) 25 | 26 | **sasl_chalprompt_t** is used to prompt for input in response to a server challenge. 27 | 28 | :param context: is the context from the callback record 29 | :param id: is the callback id (either SASL_CB_ECHOPROMPT or SASL_CB_NOECHOPROMPT) 30 | :param challenge: the server's challenge 31 | :param prompt: A prompt for the user 32 | :param defresult: Default result (may be NULL) 33 | :result: The user's response (a NUL terminated string) or SASL error code. 34 | :param len: Length of the user's response. 35 | 36 | Return Value 37 | ============ 38 | 39 | The user's response (NUL terminated), or a SASL error code. See :saslman:`sasl_errors(3)`. 40 | 41 | See Also 42 | ======== 43 | 44 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)`, :saslman:`sasl_callbacks(3)` 45 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_checkapop.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_checkapop(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_checkapop: 4 | 5 | ===================================================== 6 | **sasl_checkapop** - Check an APOP challenge/response 7 | ===================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_checkapop(sasl_conn_t *conn, 17 | const char *challenge, 18 | unsigned challen, 19 | const char *response, 20 | unsigned resplen) 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_checkapop(sasl_conn_t *conn, const char *challenge, unsigned challen, const char *response, unsigned resplen) 26 | 27 | **sasl_checkapop** will check an APOP challenge/response. 28 | APOP is an optional POP3 (:rfc:`1939`) authentication command 29 | which uses a shared secret (password). The password is 30 | stored in the SASL secrets database. For information on 31 | the SASL shared secrets database see the :ref:`System Administrators Guide `. 32 | 33 | If called with a NULL challenge, sasl_checkapop() will 34 | check to see if the APOP mechanism is enabled. 35 | 36 | Return value 37 | ============ 38 | 39 | sasl_checkapop returns an integer which corresponds to one 40 | of the following codes. :c:macro:`SASL_OK` indicates that the authentication is complete. All other return codes indicate 41 | errors and should either be handled or the authentication 42 | session should be quit. See :saslman:`sasl_errors(3)` for meanings 43 | of return codes. 44 | 45 | Conforming to 46 | ============= 47 | 48 | :rfc:`4422`, :rfc:`1939` 49 | 50 | See Also 51 | ======== 52 | 53 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_checkpass.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_checkpass(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_checkpass: 4 | 5 | =============================================== 6 | **sasl_checkpass** - Check a plaintext password 7 | =============================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_checkpass(sasl_conn_t *conn, 17 | const char *user, 18 | unsigned userlen, 19 | const char *pass, 20 | unsigned passlen); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen) 26 | 27 | **sasl_checkpass** will check a plaintext password. This is 28 | needed for protocols that had a login method before SASL 29 | (for example the LOGIN command in IMAP). The password is 30 | checked with the pwcheck_method. See :saslman:`sasl_callbacks(3)` for 31 | information on how this parameter is set. 32 | 33 | 34 | Return value 35 | ============ 36 | 37 | sasl_checkpass returns an integer which corresponds to one 38 | of the following codes. :c:macro:`SASL_OK` indicates that the authentication is complete. All other return codes indicate 39 | errors and should either be handled or the authentication 40 | session should be quit. See :saslman:`sasl_errors(3)` for meanings 41 | of return codes. 42 | 43 | Conforming to 44 | ============= 45 | 46 | :rfc:`4422` 47 | 48 | See Also 49 | ======== 50 | 51 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)`, :saslman:`sasl_callbacks(3)`, 52 | :saslman:`sasl_setpass(3)` 53 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_client_add_plugin.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_client_add_plugin(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_client_add_plugin: 4 | 5 | ===================================================== 6 | **sasl_client_add_plugin** - add a SASL client plugin 7 | ===================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_client_add_plugin(const char *plugname, 17 | sasl_client_plug_init_t *cplugfunc); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_client_add_plugin(const char *plugname, sasl_client_plug_init_t *cplugfunc); 23 | 24 | **sasl_client_add_plugin** adds a client plugin to the 25 | current in-memory list of client plugins in the SASL library. 26 | 27 | :param plugname: is the name of the client plugin. 28 | 29 | :param cplugfunc: is filled in by the sasl_client_plug_init_t structure. 30 | 31 | :returns: Returns :c:macro:`SASL_OK` on success. See 32 | :saslman:`sasl_errors(3)` for meanings of other return codes. 33 | 34 | Return Value 35 | ============ 36 | 37 | SASL functions should return SASL return codes. 38 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 39 | 40 | The following return codes indicate errors and should be handled: 41 | 42 | * :c:macro:`SASL_BADVERS`: Version mismatch with plugin. 43 | * :c:macro:`SASL_NOMEM`: Not enough memory to complete operation 44 | 45 | Conforming to 46 | ============= 47 | 48 | :rfc:`4422` 49 | 50 | See Also 51 | ======== 52 | 53 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_client_done.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_client_done(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_client_done: 4 | 5 | 6 | ======================================= 7 | **sasl_client_done** - Cleanup function 8 | ======================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_client_done(); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_client_done(); 23 | 24 | **sasl_client_done()** is a cleanup function, used to free all memory 25 | used by the library. Invoke when processing is complete. 26 | 27 | 28 | 29 | Return Value 30 | ============ 31 | 32 | Returns :c:macro:`SASL_OK` if the whole cleanup is successful and 33 | :c:macro:`SASL_CONTINUE` if this step is ok but at least one more step is needed. 34 | 35 | See Also 36 | ======== 37 | 38 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_done(3)`, 39 | :saslman:`sasl_client_init(3)`, :saslman:`sasl_client_new(3)`, 40 | :saslman:`sasl_client_start(3)`, :saslman:`sasl_errors(3)` 41 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_client_init.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_client_init(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_client_init: 4 | 5 | 6 | ================================================================ 7 | **sasl_client_init** - SASL client authentication initialization 8 | ================================================================ 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_client_init(const sasl_callback_t *callbacks ) 18 | 19 | Description 20 | =========== 21 | 22 | **sasl_client_init** initializes SASL. 23 | 24 | It must be called before any calls to 25 | :saslman:`sasl_client_start(3)`. This call initializes all SASL client drivers 26 | (e.g. authentication mechanisms). These are usually found in the 27 | `/usr/lib/sasl2` directory but the directory may be overridden with 28 | the `SASL_PATH` environment variable. 29 | 30 | Return Value 31 | ============ 32 | 33 | SASL callback functions should return SASL return codes. 34 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 35 | 36 | The following return codes indicate errors and should either be handled or the authentication 37 | session should be quit: 38 | 39 | * :c:macro:`SASL_BADVERS`: Mechanism version mismatch 40 | * :c:macro:`SASL_BADPARAM`: Error in config file 41 | * :c:macro:`SASL_NOMEM`: Not enough memory to complete operation 42 | 43 | See Also 44 | ======== 45 | 46 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)`, 47 | :saslman:`sasl_client_new(3)`, :saslman:`sasl_client_start(3)`, 48 | :saslman:`sasl_client_step(3)` 49 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_client_plug_init_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_client_plug_init_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_client_plug_init_t: 4 | 5 | ======================================================== 6 | **sasl_client_plug_init_t** - client plug‐in entry point 7 | ======================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_client_plug_init_t(const sasl_utils_t *utils, 17 | int max_version, 18 | int *out_version, 19 | sasl_client_plug_t **pluglist, 20 | int *plugcount); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_client_plug_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_client_plug_t **pluglist, int *plugcount); 26 | 27 | The **sasl_client_plug_init_t** callback function is the client 28 | plugin entry point. 29 | 30 | :param utils: The utility callback functions. 31 | 32 | :param max_version: The highest client plugin version supported. 33 | 34 | :param out_version: The client plugin version of the result. 35 | 36 | :param pluglist: The list of client mechanism plugins. 37 | 38 | :param plugcount: The number of client mechanism plugins. 39 | 40 | :returns: Returns :c:macro:`SASL_OK` on success. See 41 | :saslman:`sasl_errors(3)` for meanings of other return codes. 42 | 43 | Return Value 44 | ============ 45 | 46 | SASL functions should return SASL return codes. 47 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 48 | 49 | 50 | Conforming to 51 | ============= 52 | 53 | :rfc:`4422` 54 | 55 | See Also 56 | ======== 57 | 58 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 59 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_decode.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_decode(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_decode: 4 | 5 | 6 | ====================================== 7 | **sasl_decode** - Decode data received 8 | ====================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_decode(sasl_conn_t *conn, 18 | const char * input, 19 | unsigned inputlen, 20 | const char ** output, 21 | unsigned * outputlen); 22 | 23 | 24 | Description 25 | =========== 26 | 27 | .. c:function:: int sasl_decode(sasl_conn_t *conn, const char * input, unsigned inputlen, const char ** output, unsigned * outputlen); 28 | 29 | 30 | **sasl_decode** decodes data received. After successful authentication 31 | this function should be called on all data received. It decodes the 32 | data from encrypted or signed form to plain data. If there was no security 33 | layer negotiated the `output` is identical to the `input`. 34 | 35 | :param conn: is the SASL connection context 36 | 37 | :param output: contains the decoded data and is allocated/freed by 38 | the library. 39 | 40 | :param outputlen: length of `output`. 41 | 42 | One should not give sasl_decode more data than the 43 | negotiated `maxbufsize` (see :saslman:`sasl_getprop(3)`). 44 | 45 | Note that sasl_decode can succeed and outputlen can be 46 | zero. If this is the case simply wait for more data and 47 | call sasl_decode again. 48 | 49 | Return Value 50 | ============ 51 | 52 | SASL callback functions should return SASL return codes. 53 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 54 | 55 | Other return codes indicate errors and should be handled. 56 | 57 | See Also 58 | ======== 59 | 60 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_encode(3)`, 61 | :saslman:`sasl_errors(3)` 62 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_decode64.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_decode64(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_decode64: 4 | 5 | 6 | ======================================== 7 | **sasl_decode64** - Decode base64 string 8 | ======================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_decode64(const char * input, 18 | unsigned inputlen, 19 | char * output, 20 | unsigned outmax, 21 | unsigned * outputlen); 22 | 23 | 24 | Description 25 | =========== 26 | 27 | .. c:function:: int sasl_decode64(const char * input, unsigned inputlen, const char ** output, unsigned outmax, unsigned * outputlen); 28 | 29 | 30 | **sasl_decode64** decodes a base64 encoded buffer. 31 | 32 | :param input: Input data. 33 | 34 | :param inputlen: The length of the input data. 35 | 36 | :param output: contains the decoded data. The value of output can be the 37 | same as in. However, there must be enough space. 38 | 39 | :param outmax: The maximum size of the output buffer. 40 | 41 | :param outputlen: length of `output`. 42 | 43 | Return Value 44 | ============ 45 | 46 | SASL callback functions should return SASL return codes. 47 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 48 | 49 | Other return codes indicate errors and should be handled. 50 | 51 | See Also 52 | ======== 53 | 54 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_decode(3)`, 55 | :saslman:`sasl_errors(3)` 56 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_dispose.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_dispose(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_dispose: 4 | 5 | ====================================================== 6 | **sasl_dispose** - Dispose of a SASL connection object 7 | ====================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | void sasl_dispose(sasl_conn_t **pconn ); 17 | 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_dispose(sasl_conn_t *conn) 23 | 24 | **sasl_dispose** is called when a SASL connection object is no longer needed. 25 | 26 | Note that this is usually when the protocol session is done NOT when the 27 | authentication is done since a security layer may have been negotiated. 28 | 29 | :param conn: is the SASL connection context 30 | 31 | 32 | Return value 33 | ============ 34 | 35 | No return values 36 | 37 | Conforming to 38 | ============= 39 | 40 | :rfc:`4422` 41 | 42 | See Also 43 | ======== 44 | 45 | :saslman:`sasl(3)`, :saslman:`sasl_server_new(3)`, :saslman:`sasl_client_new(3)`, 46 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_done.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_done(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_done: 4 | 5 | 6 | =================================================== 7 | **sasl_done** - Dispose of a SASL connection object 8 | =================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | void sasl_done( void ); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: void sasl_done( void ); 23 | 24 | **sasl_done()** is called when the application is completely 25 | done with the SASL library. 26 | 27 | Return Value 28 | ============ 29 | 30 | No return values. 31 | 32 | See Also 33 | ======== 34 | 35 | :rfc:`4422`,:saslman:`sasl(3)`, 36 | :saslman:`sasl_server_init(3)`, :saslman:`sasl_client_init(3)` 37 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_encode.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_encode(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_encode: 4 | 5 | 6 | ================================================================= 7 | **sasl_encode** - Encode data for transport to authenticated host 8 | ================================================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_encode(sasl_conn_t *conn, 18 | const char * input, 19 | unsigned inputlen, 20 | const char ** output, 21 | unsigned * outputlen); 22 | 23 | 24 | Description 25 | =========== 26 | 27 | **sasl_encode** encodes data to be sent to be sent to a remote host who we’ve 28 | had a successful authentication session with. If there is a negotiated 29 | security the data in signed/encrypted and the output should be sent 30 | without modification to the remote host. If there is no security layer the 31 | output is identical to the input. 32 | 33 | **sasl_encodev** does the same, but for a `struct iovec` instead 34 | of a character buffer. 35 | 36 | .. c:function:: int sasl_encode(sasl_conn_t *conn, const char * input, unsigned inputlen, const char ** output, unsigned * outputlen); 37 | 38 | :param conn: is the SASL connection context 39 | 40 | :param output: contains the decoded data and is allocated/freed by 41 | the library. 42 | 43 | :param outputlen: length of `output`. 44 | 45 | 46 | Return Value 47 | ============ 48 | 49 | SASL callback functions should return SASL return codes. 50 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 51 | 52 | Other return codes indicate errors and should be handled. 53 | 54 | See Also 55 | ======== 56 | 57 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_decode(3)`, 58 | :saslman:`sasl_errors(3)` 59 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_encode64.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_encode64(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_encode64: 4 | 5 | 6 | ======================================== 7 | **sasl_encode64** - Encode base64 string 8 | ======================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_encode64(const char * input, 18 | unsigned inputlen, 19 | char * output, 20 | unsigned outmax, 21 | unsigned * outputlen); 22 | 23 | Description 24 | =========== 25 | 26 | Use the **sasl_encode64()** interface to convert an octet string into a base64 27 | string. This routine is useful for SASL profiles that use base64, such as the 28 | IMAP (IMAP4) and POP (POP_AUTH) profiles. The output is null‐terminated. If 29 | outlen is non‐NULL, the length is placed in the outlen. 30 | 31 | .. c:function:: int sasl_encode64(const char * input, unsigned inputlen, const char ** output, unsigned outmax, unsigned * outputlen); 32 | 33 | :param input: input data. 34 | 35 | :param inputlen: length of the input data. 36 | 37 | :param output: contains the decoded data. The value of out can be the 38 | same as in. However, there must be enough space. 39 | 40 | :param outputlen: length of `output`. 41 | 42 | :param outmax: The maximum size of the output buffer. 43 | 44 | Return Value 45 | ============ 46 | 47 | SASL functions should return SASL return codes. 48 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 49 | 50 | Other return codes indicate errors and should be handled. 51 | 52 | See Also 53 | ======== 54 | 55 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_decode64(3)`, 56 | :saslman:`sasl_errors(3)`, :saslman:`sasl_encode(3)` 57 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_encodev.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_encodev(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_encodev: 4 | 5 | 6 | ================================================================== 7 | **sasl_encodev** - Encode data for transport to authenticated host 8 | ================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_encodev(sasl_conn_t *conn, 18 | const struct iovec * invec, 19 | unsigned numiov, 20 | const char ** output, 21 | unsigned * outputlen); 22 | 23 | 24 | Description 25 | =========== 26 | 27 | **sasl_encodev** encodes data to be sent to be sent to a remote host who we’ve 28 | had a successful authentication session with. If there is a negotiated 29 | security the data in signed/encrypted and the output should be sent 30 | without modification to the remote host. If there is no security layer the 31 | output is identical to the input. 32 | 33 | **sasl_encode** does the same, but for a character buffer instead 34 | of a `struct iovec`. 35 | 36 | .. c:function:: int sasl_encodev(sasl_conn_t *conn, const struct iovec * invec, unsigned numiov, const char ** output, unsigned * outputlen); 37 | 38 | :param conn: is the SASL connection context 39 | 40 | :param output: contains the decoded data and is allocated/freed by 41 | the library. 42 | 43 | :param outputlen: length of `output`. 44 | 45 | 46 | Return Value 47 | ============ 48 | 49 | SASL callback functions should return SASL return codes. 50 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 51 | 52 | Other return codes indicate errors and should be handled. 53 | 54 | See Also 55 | ======== 56 | 57 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_decode(3)`, 58 | :saslman:`sasl_errors(3)` 59 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_erasebuffer.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_erasebuffer(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_erasebuffer: 4 | 5 | =================================== 6 | **sasl_erasebuffer** - erase buffer 7 | =================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | void sasl_erasebuffer(char *pass, unsigned len); 17 | 18 | Description 19 | =========== 20 | 21 | .. c:function:: void sasl_erasebuffer(char *pass, unsigned len); 22 | 23 | **sasl_erasebuffer** erases a security sensitive buffer or 24 | password. The implementation may use recovery‐resistant 25 | erase logic. 26 | 27 | :param pass: a password 28 | 29 | :param len: length of the password 30 | 31 | Return Value 32 | ============ 33 | 34 | The sasl_erasebuffer() interface returns no return values. 35 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_errdetail.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_errdetail(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_errdetail: 4 | 5 | 6 | ================================================================== 7 | **sasl_errdetail** - Retrieve detailed information about an error 8 | ================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | const char *sasl_errdetail( sasl_conn_t *conn ); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: const char *sasl_errdetail( sasl_conn_t *conn ); 23 | 24 | **sasl_errdetail** provides more detailed information about 25 | the most recent error to occur, beyond the information 26 | contained in the SASL result code. 27 | 28 | :param conn: the SASL connection context to inquire about. 29 | 30 | 31 | Return Value 32 | ============ 33 | 34 | Returns the string describing the error that occurred, or NULL if no error 35 | has occurred, or there was an error retrieving it. 36 | 37 | See Also 38 | ======== 39 | 40 | :rfc:`4422`,:saslman:`sasl(3)` 41 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_errstring.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_errstring(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_errstring: 4 | 5 | 6 | ========================================================================== 7 | **sasl_errstring** - Translate a SASL return code to a human-readable form 8 | ========================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | const char * sasl_errstring(int saslerr, 18 | const char * langlist, 19 | const char ** outlang); 20 | 21 | Description 22 | =========== 23 | 24 | .. c:function:: const char * sasl_errstring(int saslerr, const char * langlist, const char ** outlang); 25 | 26 | **sasl_errstring** is called to convert a SASL return code (an 27 | integer) into a human readable string. At this time the 28 | only language available is American English. Note that if the string is 29 | going to be sent to the client, a server should 30 | call :saslman:`sasl_usererr(3)` on a return code first. 31 | 32 | :param saslerr: specifies the error number to convert. 33 | 34 | :param langlist: is currently unused; Use NULL. 35 | 36 | :param outlang: specifies the desired :rfc:`1766` language for 37 | output. NULL defaults to "en‐us"; currently the only supported 38 | language. 39 | 40 | This function is not the recommended means of extracting error code 41 | information from SASL, instead application should use 42 | :saslman:`sasl_errdetail(3)`, which contains this information (and more). 43 | 44 | Return Value 45 | ============ 46 | 47 | Returns the string. If langlist is NULL, US‐ASCII is used. 48 | 49 | See Also 50 | ======== 51 | 52 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_errdetail(3)`, 53 | :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getcallback_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getcallback_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getcallback_t: 4 | 5 | ======================================================================================= 6 | **sasl_getcallback_t** - callback function to lookup a sasl_callback_t for a connection 7 | ======================================================================================= 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_getcallback_t(sasl_conn_t *conn, 17 | unsigned long callbacknum, 18 | int (**proc)( ), 19 | void **pcontext); 20 | 21 | Description 22 | =========== 23 | .. c:function:: int sasl_getcallback_t(sasl_conn_t *conn, unsigned long callbacknum, int (**proc)( ), void **pcontext); 24 | 25 | The **sasl_getcallback_t()** function is a callback to lookup 26 | a sasl_callback_t for a connection. 27 | 28 | :param conn: The connection to lookup a callback for. 29 | :param callbacknum: The number of the callback. 30 | :param proc: Pointer to the callback function. The value of proc is 31 | set to NULL upon failure. 32 | :param pcontext: Pointer to the callback context. The value of pcontext 33 | is set to NULL upon failure. 34 | 35 | Return value 36 | ============ 37 | 38 | SASL callback functions should return SASL return codes. 39 | See :saslman:`sasl_errors(3)` for a complete list. :c:macro:`SASL_OK` typically indicates success. 40 | 41 | * :c:macro:`SASL_FAIL`: Unable to find a callback of the requested type. 42 | * :c:macro:`SASL_INTERACT`: The caller must use interaction to get data. 43 | 44 | Conforming to 45 | ============= 46 | 47 | :rfc:`4422` 48 | 49 | See Also 50 | ======== 51 | 52 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)`, :saslman:`sasl_callbacks(3)` 53 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getconfpath_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getconfpath_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getconfpath_t: 4 | 5 | 6 | =================================================================================== 7 | **sasl_getconfpath_t** - The SASL callback to indicate location of the config files 8 | =================================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_getconfpath_t(void *context, char ** path); 18 | 19 | 20 | Description 21 | =========== 22 | 23 | .. c:function:: int sasl_getconfpath_t(void *context, char ** path); 24 | 25 | **sasl_getconfpath_t()** is used if the application wishes to 26 | use a different location for the SASL configuration files. 27 | If this callback is not used SASL will either use the 28 | location in the environment variable SASL_CONF_PATH (provided 29 | we are not SUID or SGID) or `/etc/sasl2` by default. 30 | 31 | Return Value 32 | ============ 33 | 34 | SASL callback functions should return SASL return codes. 35 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 36 | 37 | Other return codes indicate errors and should be handled. 38 | 39 | See Also 40 | ======== 41 | 42 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 43 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getpath_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getpath_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getpath_t: 4 | 5 | 6 | ==================================================================================== 7 | **sasl_getpath_t** - The SASL callback to indicate location of the mechanism drivers 8 | ==================================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_getpath_t(void *context, 18 | char ** path); 19 | 20 | Description 21 | =========== 22 | 23 | .. c:function:: int sasl_getpath_t(void *context, char ** path); 24 | 25 | **sasl_getpath_t()** is used if the application wishes to use a 26 | different location for the SASL mechanism drivers (the 27 | shared library files). If this callback is not used SASL 28 | will either use the location in the environment variable 29 | SASL_PATH or `/usr/lib/sasl2` by default. 30 | 31 | 32 | Return Value 33 | ============ 34 | 35 | SASL callback functions should return SASL return codes. 36 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 37 | 38 | Other return codes indicate errors and should be handled. 39 | 40 | See Also 41 | ======== 42 | 43 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 44 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getrealm_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getrealm_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getrealm_t: 4 | 5 | 6 | ================================================ 7 | **sasl_getrealm_t** - Realm Acquisition Callback 8 | ================================================ 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_getrealm_t(void *context, 18 | int id, 19 | const char **availrealms, 20 | const char **result) 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_getrealm_t(void *context, int id, const char **availrealms, const char **result) 26 | 27 | **sasl_getrealm_t()** is used when there is an interaction with 28 | SASL_CB_GETREALM as the type. 29 | 30 | If a mechanism would use this callback, but it is not 31 | present, then the first realm listed is automatically 32 | selected. (Note that a mechanism may still force the 33 | existence of a getrealm callback by SASL_CB_GETREALM to 34 | its required_prompts list). 35 | 36 | :param context: context from the callback record 37 | 38 | :param id: callback ID (SASL_CB_GETREALM) 39 | 40 | :param availrealms: A string list of the available realms. NULL 41 | terminated, may be empty. 42 | 43 | :param result: The chosen realm. (a NUL terminated string) 44 | 45 | 46 | Return Value 47 | ============ 48 | 49 | SASL callback functions should return SASL return codes. 50 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 51 | 52 | Other return codes indicate errors and should be handled. 53 | 54 | See Also 55 | ======== 56 | 57 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 58 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getsecret_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getsecret_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getsecret_t: 4 | 5 | 6 | ================================================================ 7 | **sasl_getsecret_t** - The SASL callback for secrets (passwords) 8 | ================================================================ 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_getsecret_t(sasl_conn_t *conn, 18 | void *context, 19 | int id, 20 | sasl_secret_t ** psecret); 21 | 22 | 23 | Description 24 | =========== 25 | 26 | .. c:function:: int sasl_getsecret_t(sasl_conn_t *conn, void *context, int id, sasl_secret_t ** psecret); 27 | 28 | 29 | **sasl_getsecret_t()** is used to retrieve the secret from the 30 | application. A sasl_secret_t should be allocated to length 31 | `sizeof(sasl_secret_t) + `. It has two 32 | fields: `len` which is the length of the secret in bytes and 33 | `data` which contains the secret itself (does not need to be 34 | null terminated). 35 | 36 | :param conn: is the SASL connection context 37 | 38 | Return Value 39 | ============ 40 | 41 | SASL callback functions should return SASL return codes. 42 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 43 | 44 | Other return codes indicate errors and should be handled. 45 | 46 | See Also 47 | ======== 48 | 49 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 50 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_getsimple_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_getsimple_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_getsimple_t: 4 | 5 | 6 | ==================================================================== 7 | **sasl_getsimple_t** - The SASL callback for username/authname/realm 8 | ==================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_getsimple_t(void *context, 18 | int id, 19 | const char ** result, 20 | unsigned * len); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_getsimple_t(void *context, int id, const char ** result, unsigned * len); 26 | 27 | **sasl_getsimple_t** is used to retrieve simple things from 28 | the application. In practice this is authentication name, 29 | authorization name, and realm. 30 | 31 | :param context: SASL connection context 32 | :param id: indicates which value is being requested. Possible values 33 | include: 34 | 35 | * SASL_CB_USER ‐ Client user identity to login as 36 | * SASL_CB_AUTHNAME ‐ Client authentication name 37 | * SASL_CB_LANGUAGE ‐ Comma‐separated list of :rfc:`1766` languages 38 | * SASL_CB_CNONCE ‐ Client‐nonce (for testing mostly) 39 | :param result: value of the item requested 40 | :param len: length of the result 41 | 42 | Return Value 43 | ============ 44 | 45 | SASL callback functions should return SASL return codes. 46 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 47 | 48 | See Also 49 | ======== 50 | 51 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)`, 52 | :saslman:`sasl_errors(3)` 53 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_global_listmech.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_global_listmech(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_global_listmech: 4 | 5 | 6 | =========================================================================== 7 | **sasl_global_listmech** - Retrieve a list of the supported SASL mechanisms 8 | =========================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | const char ** sasl_global_listmech(); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: const char ** sasl_global_listmech(); 23 | 24 | 25 | **sasl_global_listmech** returns a null‐terminated array of 26 | strings that lists all mechanisms that are loaded by 27 | either the client or server side of the library. 28 | 29 | Return Value 30 | ============ 31 | 32 | Returns a pointer to the array on success. NULL on failure 33 | (sasl library uninitialized). 34 | 35 | See Also 36 | ======== 37 | 38 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_server_init(3)`, 39 | :saslman:`sasl_listmech(3)`, :saslman:`sasl_client_init(3)` 40 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_idle.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_idle(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_idle: 4 | 5 | 6 | ============================================================= 7 | **sasl_idle** - Perform precalculations during an idle period 8 | ============================================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_idle( sasl_conn_t *conn) 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_idle( sasl_conn_t *conn) 23 | 24 | **sasl_idle()** may be called during an idle period to allow the 25 | SASL library or any mechanisms to perform any necessary 26 | precalculation. 27 | 28 | :param conn: may be NULL to do precalculation prior to a 29 | connection taking place. 30 | 31 | Return Value 32 | ============ 33 | 34 | Returns 1 if action was taken, 0 if no action was taken. 35 | 36 | See Also 37 | ======== 38 | 39 | :rfc:`4422`,:saslman:`sasl(3)` 40 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_log_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_log_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_log_t: 4 | 5 | 6 | ========================================== 7 | **sasl_log_t** - The SASL logging callback 8 | ========================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_log_t(void *context, 18 | int level, 19 | const char * message); 20 | 21 | Description 22 | =========== 23 | 24 | .. c:function:: int sasl_log_t(void *context, int level, const char * message); 25 | 26 | **sasl_log_t** is used to log warning/error messages from the 27 | SASL library. If not specified :manpage:`syslog` will be used. 28 | 29 | 30 | Return Value 31 | ============ 32 | 33 | SASL callback functions should return SASL return codes. 34 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 35 | 36 | See Also 37 | ======== 38 | 39 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)`, 40 | :saslman:`sasl_errors(3)` 41 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_server_add_plugin.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_server_add_plugin(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_server_add_plugin: 4 | 5 | ===================================================== 6 | **sasl_server_add_plugin** - add a SASL server plugin 7 | ===================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_server_add_plugin(const char *plugname, 17 | sasl_server_plug_init_t *cplugfunc); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_server_add_plugin(const char *plugname, sasl_server_plug_init_t *cplugfunc); 23 | 24 | **sasl_server_add_plugin** adds a server plugin to the 25 | current list of server plugins in the SASL library. 26 | 27 | :param plugname: is the name of the server plugin. 28 | 29 | :param cplugfunc: is filled in by the sasl_server_plug_init_t structure. 30 | 31 | :returns: Returns :c:macro:`SASL_OK` on success. See 32 | :saslman:`sasl_errors(3)` for meanings of other return codes. 33 | 34 | Return Value 35 | ============ 36 | 37 | SASL functions should return SASL return codes. 38 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 39 | 40 | The following return codes indicate errors and should be handled: 41 | 42 | * :c:macro:`SASL_BADVERS`: Version mismatch with plugin. 43 | * :c:macro:`SASL_NOMEM`: Not enough memory to complete operation 44 | 45 | Conforming to 46 | ============= 47 | 48 | :rfc:`4422` 49 | 50 | See Also 51 | ======== 52 | 53 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_server_done.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_server_done(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_server_done: 4 | 5 | 6 | ======================================= 7 | **sasl_server_done** - Cleanup function 8 | ======================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_server_done(); 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_server_done(); 23 | 24 | **sasl_server_done()** is a cleanup function, used to free all memory 25 | used by the library. Invoke when processing is complete. 26 | 27 | 28 | 29 | Return Value 30 | ============ 31 | 32 | Returns :c:macro:`SASL_OK` if the whole cleanup is successful and 33 | :c:macro:`SASL_CONTINUE` if this step is ok but at least one more step is needed. 34 | 35 | See Also 36 | ======== 37 | 38 | :rfc:`4422`,:saslman:`sasl(3)`, 39 | :saslman:`sasl_server_init(3)`, :saslman:`sasl_server_new(3)`, 40 | :saslman:`sasl_server_start(3)`, :saslman:`sasl_errors(3)`, 41 | :saslman:`sasl_done(3)` 42 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_server_init.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_server_init(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_server_init: 4 | 5 | 6 | ================================================================ 7 | **sasl_server_init** - SASL server authentication initialization 8 | ================================================================ 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_server_init(const sasl_callback_t *callbacks, 18 | const char *appname); 19 | 20 | Description 21 | =========== 22 | 23 | .. c:function:: int sasl_server_init(const sasl_callback_t *callbacks, const char *appname); 24 | 25 | **sasl_server_init()** initializes SASL. It must be called 26 | before any calls to sasl_server_start, and only once per 27 | process. This call initializes all SASL mechanism drivers 28 | (e.g. authentication mechanisms). These are usually found 29 | in the /usr/lib/sasl2 directory but the directory may be 30 | overridden with the SASL_PATH environment variable (or at 31 | compile time). 32 | 33 | :param callbacks: specifies the base callbacks for all client connections. 34 | See the :saslman:`sasl_callbacks(3)` man page for more information. 35 | 36 | :param appname: is the name of the application. It is used to find the 37 | default configuration file. 38 | 39 | Return Value 40 | ============ 41 | 42 | SASL callback functions should return SASL return codes. 43 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 44 | 45 | Other return codes indicate errors and should either be handled or the authentication 46 | session should be quit. 47 | 48 | See Also 49 | ======== 50 | 51 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)`, 52 | :saslman:`sasl_server_new(3)`, :saslman:`sasl_server_start(3)`, 53 | :saslman:`sasl_server_step(3)`, :saslman:`sasl_errors(3)` 54 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_server_plug_init_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_server_plug_init_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_server_plug_init_t: 4 | 5 | ======================================================== 6 | **sasl_server_plug_init_t** - server plug‐in entry point 7 | ======================================================== 8 | 9 | Synopsis 10 | ======== 11 | 12 | .. code-block:: C 13 | 14 | #include 15 | 16 | int sasl_server_plug_init_t(const sasl_utils_t *utils, 17 | int max_version, 18 | int *out_version, 19 | sasl_server_plug_t **pluglist, 20 | int *plugcount); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: int sasl_server_plug_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_server_plug_t **pluglist, int *plugcount); 26 | 27 | The **sasl_server_plug_init_t** callback function is the server 28 | plugin entry point. 29 | 30 | :param utils: The utility callback functions. 31 | 32 | :param max_version: The highest server plugin version supported. 33 | 34 | :param out_version: The server plugin version of the result. 35 | 36 | :param pluglist: The list of server mechanism plugins. 37 | 38 | :param plugcount: The number of server mechanism plugins. 39 | 40 | :returns: Returns :c:macro:`SASL_OK` on success. See 41 | :saslman:`sasl_errors(3)` for meanings of other return codes. 42 | 43 | Return Value 44 | ============ 45 | 46 | SASL functions should return SASL return codes. 47 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 48 | 49 | 50 | Conforming to 51 | ============= 52 | 53 | :rfc:`4422` 54 | 55 | See Also 56 | ======== 57 | 58 | :saslman:`sasl(3)`, :saslman:`sasl_errors(3)` 59 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_server_userdb_checkpass_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_server_userdb_checkpass_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_server_userdb_checkpass_t: 4 | 5 | 6 | ============================================================================= 7 | **sasl_server_userdb_checkpass_t** - Plaintext Password Verification Callback 8 | ============================================================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_server_userdb_checkpass_t(sasl_conn_t *conn, 18 | void *context, 19 | const char *user, 20 | const char *pass, 21 | unsigned passlen, 22 | struct propctx *propctx) 23 | 24 | 25 | Description 26 | =========== 27 | 28 | .. c:function:: int sasl_server_userdb_checkpass_t(sasl_conn_t *conn, void *context, const char *user, const char *pass, unsigned passlen, struct propctx *propctx) 29 | 30 | **sasl_server_userdb_checkpass_t()** is used to verify a plaintext 31 | password against the callback supplier’s user database. This is to 32 | allow additional ways to encode the userPassword property. 33 | 34 | :param conn: is the SASL connection context 35 | 36 | :param context: context from the callback record 37 | 38 | :param user: NUL terminated user name with `user@realm` syntax 39 | 40 | :param pass: password to check (may not be NUL terminated) 41 | :param passlen: length of the password 42 | 43 | :param propctx: property context to fill in with userPassword 44 | 45 | Return Value 46 | ============ 47 | 48 | SASL callback functions should return SASL return codes. 49 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 50 | 51 | Other return codes indicate errors and should be handled. 52 | 53 | See Also 54 | ======== 55 | 56 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 57 | :saslman:`sasl_errors(3)`, :saslman:`sasl_server_userdb_setpass_t(3)` 58 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_set_alloc.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_set_alloc(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_set_alloc: 4 | 5 | 6 | ================================================================================= 7 | **sasl_set_alloc** - set the memory allocation functions used by the SASL library 8 | ================================================================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | void sasl_set_alloc(sasl_malloc_t *m, 18 | sasl_calloc_t *c, 19 | sasl_realloc_t *r, 20 | sasl_free_t *f); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: void sasl_set_alloc(sasl_malloc_t *m, sasl_calloc_t *c, sasl_realloc_t *r, sasl_free_t *f); 26 | 27 | Use the **sasl_set_alloc()** interface to set the memory allocation 28 | routines that the SASL library and plug‐ins will use. 29 | 30 | :param m: A pointer to a malloc() function. 31 | :param c: A pointer to a calloc() function. 32 | :param r: A pointer to a realloc() function. 33 | :param f: A pointer to a free() function. 34 | 35 | Return Value 36 | ============ 37 | 38 | No return values. 39 | 40 | See Also 41 | ======== 42 | 43 | :manpage:`malloc(3)`, :manpage:`calloc(3)`, :manpage:`realloc(3)`, 44 | :manpage:`free(3)`. 45 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_set_mutex.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_set_mutex(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_set_mutex: 4 | 5 | 6 | ========================================================================== 7 | **sasl_set_mutex** - set the mutex lock functions used by the SASL library 8 | ========================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | void sasl_set_mutex(sasl_mutex_alloc_t *a, 18 | sasl_mutex_lock_t *l, 19 | sasl_mutex_unlock_t *u, 20 | sasl_mutex_free_t *f); 21 | 22 | Description 23 | =========== 24 | 25 | .. c:function:: void sasl_set_mutex(sasl_mutex_alloc_t *a, sasl_mutex_lock_t *l, sasl_mutex_unlock_t *u, sasl_mutex_free_t *f); 26 | 27 | Use the **sasl_set_mutex()** interface to set the mutex lock 28 | routines that the SASL library and plug‐ins will use. 29 | 30 | :param a: A pointer to the mutex lock allocation function. 31 | :param l: A pointer to the mutex lock function. 32 | :param u: A pointer to the mutex unlock function. 33 | :param f: A pointer to the mutex free or destroy function. 34 | 35 | Return Value 36 | ============ 37 | 38 | No return values. 39 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_user_exists.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_user_exists(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_user_exists: 4 | 5 | 6 | ======================================================= 7 | **sasl_user_exists** - Check if a user exists on server 8 | ======================================================= 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_user_exists( sasl_conn_t *conn, 18 | const char *service, 19 | const char *user_realm, 20 | const char *user) 21 | 22 | 23 | Description 24 | =========== 25 | 26 | .. c:function:: int sasl_user_exists( sasl_conn_t *conn, const char *service, const char *user_realm, const char *user) 27 | 28 | 29 | **sasl_user_exists** will check if a user exists on the server. 30 | 31 | :param conn: the SASL context for this connection 32 | 33 | :param service: Service name or NULL (for service name of 34 | connection context) 35 | 36 | :param user_realm: Realm to check in or NULL (for default realm) 37 | 38 | :param user: User name to check for existence. 39 | 40 | 41 | Return Value 42 | ============ 43 | 44 | SASL functions should return SASL return codes. 45 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 46 | 47 | See Also 48 | ======== 49 | 50 | :rfc:`4422`,:saslman:`sasl(3)`,:saslman:`sasl_errors(3)` 51 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_usererr.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_usererr(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_usererr: 4 | 5 | 6 | =============================================================================== 7 | **sasl_usererr** - Remove information leak about accounts from sasl error codes 8 | =============================================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | static int sasl_usererr(int saslerr) 18 | 19 | Description 20 | =========== 21 | 22 | .. c:function:: int sasl_usererr(int saslerr) 23 | 24 | **sasl_usererr** is called to hide any potential data leaks to a client, 25 | by preventing a client from discovering if a username exists or if 26 | a user exists but the password is wrong. 27 | 28 | :param saslerr: specifies the error number to convert. 29 | 30 | This function should be called before calling :saslman:`sasl_errstring(3)` 31 | or :saslman:`sasl_errdetail(3)` if information is being passed to a client. 32 | 33 | Return Value 34 | ============ 35 | 36 | Returns a client-safe error code. 37 | 38 | See Also 39 | ======== 40 | 41 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_errdetail(3)`, 42 | :saslman:`sasl_errors(3)`, :saslman:`sasl_errstring(3)` 43 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_utf8verify.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_utf8verify(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_utf8verify: 4 | 5 | 6 | =================================================== 7 | **sasl_utf8verify** - Verify a string is valid utf8 8 | =================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | int sasl_utf8verify(const char *str, 18 | unsigned len); 19 | 20 | Description 21 | =========== 22 | 23 | .. c:function:: int sasl_utf8verify(const char *str, unsigned len); 24 | 25 | Use the **sasl_utf8verify** interface to verify that a string is 26 | valid UTF‐8 and does not contain NULL, a carriage return, or a linefeed. 27 | If len == 0, strlen(str) will be used. 28 | 29 | :param str: A string. 30 | 31 | :param len: The length of the string. If len == 0, strlen(str) will be used. 32 | 33 | Return Value 34 | ============ 35 | 36 | SASL functions should return SASL return codes. 37 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 38 | 39 | Other return codes indicate errors and should be handled. 40 | 41 | * :c:macro:`SASL_BADPROT`: There was invalid UTF8, or an error was found. 42 | 43 | See Also 44 | ======== 45 | 46 | :saslman:`sasl_errors(3)` 47 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/library/sasl_verifyfile_t.rst: -------------------------------------------------------------------------------- 1 | .. saslman:: sasl_verifyfile_t(3) 2 | 3 | .. _sasl-reference-manpages-library-sasl_verifyfile_t: 4 | 5 | 6 | ================================================== 7 | **sasl_verifyfile_t** - The SASL file verification 8 | ================================================== 9 | 10 | Synopsis 11 | ======== 12 | 13 | .. code-block:: C 14 | 15 | #include 16 | 17 | typedef enum { 18 | SASL_VRFY_PLUGIN, /* a DLL/shared library plugin */ 19 | SASL_VRFY_CONF, /* a configuration file */ 20 | SASL_VRFY_PASSWD, /* a password storage file */ 21 | SASL_VRFY_OTHER /* some other file type */ 22 | } sasl_verify_type_t 23 | 24 | int sasl_verifyfile_t(void *context, 25 | const char *file, 26 | sasl_verify_type_t type) 27 | 28 | 29 | Description 30 | =========== 31 | 32 | .. c:function:: int sasl_verifyfile_t(void *context, const char *file, sasl_verify_type_t type) 33 | 34 | **sasl_verifyfile_t()** is used to check whether a given file is 35 | okay for use by the SASL library. This is intended to 36 | allow applications to sanity check the environment. For example, to 37 | ensure that plugins or the config file cannot be written 38 | to. 39 | 40 | :param context: context from the callback record 41 | 42 | :param context: context from the callback record 43 | 44 | :param file: full path of the file to verify 45 | 46 | :param type: type of the file. 47 | 48 | 49 | Return Value 50 | ============ 51 | 52 | SASL callback functions should return SASL return codes. 53 | See sasl.h for a complete list. :c:macro:`SASL_OK` indicates success. 54 | 55 | Other return codes indicate errors and should be handled. 56 | 57 | See Also 58 | ======== 59 | 60 | :rfc:`4422`,:saslman:`sasl(3)`, :saslman:`sasl_callbacks(3)` 61 | :saslman:`sasl_errors(3)` 62 | -------------------------------------------------------------------------------- /docsrc/sasl/reference/manpages/template.rst: -------------------------------------------------------------------------------- 1 | :orphan: 2 | 3 | .. saslman:: CMDNAME(3) 4 | 5 | .. _sasl-reference-manpages-library-CMD: 6 | 7 | ========== 8 | **CMD** 9 | ========== 10 | 11 | intro... 12 | 13 | Synopsis 14 | ======== 15 | 16 | .. parsed-literal:: 17 | 18 | **CMD** [ **-C** *config-file* ] [OPTIONS] 19 | 20 | Description 21 | =========== 22 | 23 | **CMD** description... 24 | 25 | 26 | Options 27 | ======= 28 | 29 | .. program:: CMD 30 | 31 | .. option:: -C config-file 32 | 33 | Examples 34 | ======== 35 | 36 | History 37 | ======= 38 | 39 | Files 40 | ===== 41 | 42 | See Also 43 | ======== 44 | -------------------------------------------------------------------------------- /docsrc/sasl/release-notes/index.rst: -------------------------------------------------------------------------------- 1 | ============= 2 | Release Notes 3 | ============= 4 | 5 | Latest version is |sasl_current_stable_version|. 6 | 7 | Supported Product Series 8 | ======================== 9 | 10 | Series 2.1 11 | ---------- 12 | 13 | .. toctree:: 14 | :maxdepth: 1 15 | :glob: 16 | 17 | 2.1/index 18 | 19 | Older Versions 20 | ============== 21 | 22 | Series 2: 2.0 23 | ------------- 24 | 25 | .. toctree:: 26 | :maxdepth: 1 27 | :glob: 28 | 29 | 2.0/index 30 | 31 | Series 1 32 | -------- 33 | 34 | .. toctree:: 35 | :maxdepth: 1 36 | :glob: 37 | 38 | 1/index 39 | -------------------------------------------------------------------------------- /docsrc/sasl/resources.rst: -------------------------------------------------------------------------------- 1 | .. _resources: 2 | 3 | =============================== 4 | Other Documentation & Resources 5 | =============================== 6 | 7 | 8 | * `Using SASL: Pluggable Security `_ 9 | * `Using SASL: CMU's Cyrus SASL Library `_ 10 | * `Information on SASL mechanisms, profiles, servers and clients implementing SASL `_ 11 | * `FAQ from Sendmail `_ 12 | * `The Secure Remote Password Protocol `_ paper by Thomas Wu 13 | * `TCL extensions for SASL `_ 14 | * `Common Internet File System (CIFS) Technical Reference `_ (SMB/NTLM) 15 | -------------------------------------------------------------------------------- /docsrc/setup.rst: -------------------------------------------------------------------------------- 1 | ===== 2 | Setup 3 | ===== 4 | 5 | 6 | .. toctree:: 7 | :maxdepth: 3 8 | 9 | sasl/installation 10 | sasl/upgrading 11 | sasl/components 12 | sasl/options 13 | sasl/advanced 14 | -------------------------------------------------------------------------------- /docsrc/support.rst: -------------------------------------------------------------------------------- 1 | ================= 2 | Support/Community 3 | ================= 4 | 5 | Please read our support and bug reporting guidelines in the :ref:`Cyrus IMAP project `. 6 | -------------------------------------------------------------------------------- /include/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | *.o 7 | -------------------------------------------------------------------------------- /lib/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | plugin_common.[ch] 7 | -------------------------------------------------------------------------------- /lib/libsasl2.map: -------------------------------------------------------------------------------- 1 | SASL2_4.0 { 2 | global: 3 | auxprop_plugin_info; 4 | prop_clear; 5 | prop_dispose; 6 | prop_dup; 7 | prop_erase; 8 | prop_format; 9 | prop_get; 10 | prop_getnames; 11 | prop_new; 12 | prop_request; 13 | prop_set; 14 | prop_setvals; 15 | sasl_auxprop_add_plugin; 16 | sasl_auxprop_getctx; 17 | sasl_auxprop_request; 18 | sasl_auxprop_store; 19 | sasl_canonuser_add_plugin; 20 | sasl_checkapop; 21 | sasl_checkpass; 22 | sasl_churn; 23 | sasl_client_add_plugin; 24 | sasl_client_done; 25 | sasl_client_init; 26 | sasl_client_new; 27 | sasl_client_plugin_info; 28 | sasl_client_start; 29 | sasl_client_step; 30 | sasl_config_done; 31 | sasl_config_init; 32 | sasl_decode; 33 | sasl_decode64; 34 | sasl_dispose; 35 | sasl_done; 36 | sasl_encode; 37 | sasl_encode64; 38 | sasl_encodev; 39 | sasl_erasebuffer; 40 | sasl_errdetail; 41 | sasl_errstring; 42 | sasl_getprop; 43 | sasl_global_listmech; 44 | sasl_global_utils; 45 | sasl_idle; 46 | sasl_listmech; 47 | sasl_mkchal; 48 | sasl_rand; 49 | sasl_randcreate; 50 | sasl_randfree; 51 | sasl_randseed; 52 | sasl_server_add_plugin; 53 | sasl_server_done; 54 | sasl_server_init; 55 | sasl_server_new; 56 | sasl_server_plugin_info; 57 | sasl_server_start; 58 | sasl_server_step; 59 | sasl_set_alloc; 60 | sasl_seterror; 61 | sasl_set_mutex; 62 | sasl_setpass; 63 | sasl_set_path; 64 | sasl_setprop; 65 | sasl_strlower; 66 | sasl_user_exists; 67 | sasl_utf8verify; 68 | sasl_version; 69 | sasl_version_info; 70 | local: 71 | *; 72 | }; 73 | -------------------------------------------------------------------------------- /libsasl2.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: Cyrus SASL 7 | Description: Cyrus SASL implementation 8 | URL: http://www.cyrussasl.org/ 9 | Version: @VERSION@ 10 | Cflags: -I${includedir} 11 | Libs: -L${libdir} -lsasl2 12 | Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@ @SASL_STATIC_LIBS@ 13 | -------------------------------------------------------------------------------- /m4/bsd_sockets.m4: -------------------------------------------------------------------------------- 1 | dnl bsd_sockets.m4--which socket libraries do we need? 2 | dnl Derrick Brashear 3 | dnl from Zephyr 4 | 5 | dnl Hacked on by Rob Earhart to not just toss stuff in LIBS 6 | dnl It now puts everything required for sockets into LIB_SOCKET 7 | 8 | AC_DEFUN([CMU_SOCKETS], [ 9 | save_LIBS="$LIBS" 10 | AC_CHECK_HEADERS([sys/socket.h ws2tcpip.h]) 11 | AC_CHECK_FUNC(socket, , [ 12 | AC_CHECK_LIB(socket, socket, [LIB_SOCKET=-lsocket], [ 13 | LIBS="$LIBS -lws2_32" 14 | AC_LINK_IFELSE([ 15 | AC_LANG_PROGRAM([[ 16 | #ifdef HAVE_SYS_SOCKET_H 17 | # include 18 | #endif 19 | #ifdef HAVE_WS2TCPIP_H 20 | # include 21 | #endif 22 | ]], [[return socket(0, 0, 0);]]) 23 | ], 24 | [LIB_SOCKET=-lws2_32 25 | AC_MSG_RESULT(yes)], 26 | [AC_MSG_ERROR([socket not found])]) 27 | ]) 28 | ]) 29 | LIBS="$save_LIBS" 30 | AC_CHECK_FUNC(connect, :, 31 | [AC_CHECK_LIB(nsl, gethostbyname, 32 | LIB_SOCKET="-lnsl $LIB_SOCKET") 33 | AC_CHECK_LIB(socket, connect, 34 | LIB_SOCKET="-lsocket $LIB_SOCKET")] 35 | ) 36 | LIBS="$LIB_SOCKET $save_LIBS" 37 | AC_CHECK_FUNC(res_search, :, 38 | [LIBS="-lresolv $LIB_SOCKET $save_LIBS" 39 | AC_TRY_LINK([[ 40 | #include 41 | #include 42 | #include 43 | #ifdef HAVE_ARPA_NAMESER_COMPAT_H 44 | #include 45 | #endif 46 | #include ]],[[ 47 | const char host[12]="openafs.org"; 48 | u_char ans[1024]; 49 | res_search( host, C_IN, T_MX, (u_char *)&ans, sizeof(ans)); 50 | return 0; 51 | ]], LIB_SOCKET="-lresolv $LIB_SOCKET") 52 | ]) 53 | LIBS="$LIB_SOCKET $save_LIBS" 54 | AC_CHECK_FUNCS(dn_expand dns_lookup) 55 | LIBS="$save_LIBS" 56 | AC_SUBST(LIB_SOCKET) 57 | ]) 58 | -------------------------------------------------------------------------------- /m4/cyrus.m4: -------------------------------------------------------------------------------- 1 | dnl 2 | dnl Additional macros for configure.in packaged up for easier theft. 3 | dnl tjs@andrew.cmu.edu 6-may-1998 4 | dnl 5 | 6 | dnl It would be good if ANDREW_ADD_LIBPATH could detect if something was 7 | dnl already there and not redundantly add it if it is. 8 | 9 | dnl add -L(arg), and possibly (runpath switch)(arg), to LDFLAGS 10 | dnl (so the runpath for shared libraries is set). 11 | AC_DEFUN([CMU_ADD_LIBPATH], [ 12 | # this is CMU ADD LIBPATH 13 | if test "$andrew_cv_runpath_switch" = "none" ; then 14 | LDFLAGS="-L$1 ${LDFLAGS}" 15 | else 16 | LDFLAGS="-L$1 $andrew_cv_runpath_switch$1 ${LDFLAGS}" 17 | fi 18 | ]) 19 | 20 | dnl add -L(1st arg), and possibly (runpath switch)(1st arg), to (2nd arg) 21 | dnl (so the runpath for shared libraries is set). 22 | AC_DEFUN([CMU_ADD_LIBPATH_TO], [ 23 | # this is CMU ADD LIBPATH TO 24 | if test "$andrew_cv_runpath_switch" = "none" ; then 25 | $2="-L$1 ${$2}" 26 | else 27 | $2="-L$1 ${$2} $andrew_cv_runpath_switch$1" 28 | fi 29 | ]) 30 | 31 | dnl runpath initialization 32 | AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ 33 | # CMU GUESS RUNPATH SWITCH 34 | AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ 35 | # first, try -R 36 | SAVE_LDFLAGS="${LDFLAGS}" 37 | LDFLAGS="-R /usr/lib" 38 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ 39 | LDFLAGS="-Wl,-rpath,/usr/lib" 40 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], 41 | [andrew_cv_runpath_switch="none"]) 42 | ]) 43 | LDFLAGS="${SAVE_LDFLAGS}" 44 | ])]) 45 | -------------------------------------------------------------------------------- /m4/ld-version-script.m4: -------------------------------------------------------------------------------- 1 | # ld-version-script.m4 serial 6 2 | dnl Copyright (C) 2008-2023 Free Software Foundation, Inc. 3 | dnl This file is free software; the Free Software Foundation 4 | dnl gives unlimited permission to copy and/or distribute it, 5 | dnl with or without modifications, as long as this notice is preserved. 6 | 7 | dnl From Simon Josefsson 8 | 9 | # FIXME: The test below returns a false positive for mingw 10 | # cross-compiles, 'local:' statements does not reduce number of 11 | # exported symbols in a DLL. Use --disable-ld-version-script to work 12 | # around the problem. 13 | 14 | # gl_LD_VERSION_SCRIPT 15 | # -------------------- 16 | # Check if LD supports linker scripts, and define automake conditional 17 | # HAVE_LD_VERSION_SCRIPT if so. 18 | AC_DEFUN([gl_LD_VERSION_SCRIPT], 19 | [ 20 | AC_ARG_ENABLE([ld-version-script], 21 | [AS_HELP_STRING([[--enable-ld-version-script]], 22 | [enable linker version script (default is enabled when possible)])], 23 | [have_ld_version_script=$enableval], 24 | [AC_CACHE_CHECK([if LD -Wl,--version-script works], 25 | [gl_cv_sys_ld_version_script], 26 | [gl_cv_sys_ld_version_script=no 27 | save_LDFLAGS=$LDFLAGS 28 | LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" 29 | echo foo >conftest.map 30 | AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 31 | [], 32 | [cat > conftest.map < 11 | 12 | #ifdef LDAP_API_FEATURE_X_OPENLDAP 13 | char *__openldap_api = LDAP_API_FEATURE_X_OPENLDAP; 14 | #endif 15 | ], [cmu_cv_openldap_api=yes], [cmu_cv_openldap_api=no])]) 16 | ]) 17 | 18 | dnl 19 | dnl Check for OpenLDAP version compatility 20 | AC_DEFUN([CMU_OPENLDAP_COMPAT], 21 | [AC_CACHE_CHECK([OpenLDAP version], [cmu_cv_openldap_compat],[ 22 | AC_EGREP_CPP(__openldap_compat,[ 23 | #include 24 | 25 | /* Require 2.1.27+ and 2.2.6+ */ 26 | #if LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 1 && LDAP_VENDOR_VERSION_PATCH > 26 27 | char *__openldap_compat = "2.1.27 or better okay"; 28 | #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 && LDAP_VENDOR_VERSION_PATCH > 5 29 | char *__openldap_compat = "2.2.6 or better okay"; 30 | #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR > 2 31 | char *__openldap_compat = "2.3 or better okay" 32 | #endif 33 | ], [cmu_cv_openldap_compat=yes], [cmu_cv_openldap_compat=no])]) 34 | ]) 35 | 36 | -------------------------------------------------------------------------------- /m4/openssl.m4: -------------------------------------------------------------------------------- 1 | dnl 2 | dnl macros for configure.in to detect openssl 3 | dnl 4 | 5 | AC_DEFUN([CMU_HAVE_OPENSSL], [ 6 | AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) 7 | AC_ARG_WITH(openssl, 8 | [AS_HELP_STRING([--with-openssl=DIR], [use OpenSSL from DIR])], 9 | with_openssl=$withval, with_openssl="yes") 10 | 11 | if test -d $with_openssl; then 12 | CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" 13 | CMU_ADD_LIBPATH(${with_openssl}/$CMU_LIB_SUBDIR) 14 | fi 15 | 16 | with_openssl="yes" 17 | dnl if openssl has been compiled with the rsaref2 libraries, 18 | dnl we need to include the rsaref libraries in the crypto check 19 | LIB_RSAREF="" 20 | AC_CHECK_LIB(rsaref, RSAPublicEncrypt, 21 | cmu_have_rsaref=yes; 22 | [AC_CHECK_LIB(RSAglue, RSAPublicEncrypt, 23 | LIB_RSAREF="-lRSAglue -lrsaref", 24 | LIB_RSAREF="-lrsaref")], 25 | cmu_have_rsaref=no) 26 | 27 | AC_CHECK_HEADER(openssl/evp.h, [ 28 | AC_CHECK_LIB(crypto, EVP_DigestInit, 29 | [AC_CHECK_LIB(crypto, SHA512, 30 | AC_DEFINE(HAVE_SHA512,[], 31 | [Do we have SHA512?]))], 32 | with_openssl="no", $LIB_RSAREF)], 33 | with_openssl="no") 34 | ]) 35 | -------------------------------------------------------------------------------- /m4/plain.m4: -------------------------------------------------------------------------------- 1 | dnl Check for PLAIN (and therefore crypt) 2 | 3 | AC_DEFUN([SASL_PLAIN_CHK],[ 4 | 5 | dnl PLAIN 6 | AC_ARG_ENABLE(plain, [ --enable-plain enable PLAIN authentication [yes] ], 7 | plain=$enableval, 8 | plain=yes) 9 | 10 | AC_MSG_CHECKING(PLAIN) 11 | if test "$plain" != no; then 12 | AC_MSG_RESULT(enabled) 13 | SASL_MECHS="$SASL_MECHS libplain.la" 14 | if test "$enable_static" = yes; then 15 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" 16 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" 17 | AC_DEFINE(STATIC_PLAIN,[],[Link PLAIN Staticly]) 18 | fi 19 | else 20 | AC_MSG_RESULT(disabled) 21 | fi 22 | ]) 23 | -------------------------------------------------------------------------------- /mac/CommonKClient/KClientPublic.h: -------------------------------------------------------------------------------- 1 | // include file for portable interface to KClient 2 | #if __dest_os == __mac_os 3 | #include "macKClientPublic.h" 4 | #else if __dest_os == __win32_os 5 | #define PC 6 | #if defined(__cplusplus) 7 | extern "C" 8 | { 9 | #endif 10 | #include "win32KClientPublic.h" 11 | #include "KClientKrbPC.h" 12 | #if defined(__cplusplus) 13 | } 14 | #endif 15 | #endif 16 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/KClient.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/CommonKClient/mac_kclient/KClient.c -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/KClient.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/CommonKClient/mac_kclient/KClient.h -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/KrbDriver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/CommonKClient/mac_kclient/KrbDriver.h -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/kcglue_des.c: -------------------------------------------------------------------------------- 1 | #include "des.h" 2 | #include "kcglue_des.h" 3 | 4 | /* $Id: kcglue_des.c,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ 5 | * kclient and des have different definitions for key schedules 6 | * this file is to include in the kclient code without dragging in the des definitions 7 | */ 8 | int kcglue_des_key_sched(void *akey,void *asched) 9 | { 10 | return des_key_sched(akey,asched); 11 | } 12 | 13 | void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction) 14 | { 15 | des_ecb_encrypt(asrc,adest,asched,direction); 16 | } 17 | 18 | void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction) 19 | { 20 | des_pcbc_encrypt(asrc,adest,length,asched,akey,direction); 21 | } 22 | 23 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/kcglue_des.h: -------------------------------------------------------------------------------- 1 | 2 | /* $Id: kcglue_des.h,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ 3 | * kclient and des have different definitions for key schedules 4 | * this file is to include in the kclient code without dragging in the des definitions 5 | */ 6 | int kcglue_des_key_sched(void *akey,void *asched); 7 | void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction); 8 | void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction); 9 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/kcglue_krb.h: -------------------------------------------------------------------------------- 1 | /* $Id: kcglue_krb.h,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ 2 | * mit kerberos and kclient include files are not compatable 3 | * the define things with the same name but different implementations 4 | * this is an interface that can be included with either kclient.h 5 | * or krb.h. It bridges between the two of them 6 | */ 7 | 8 | #define KCGLUE_ITEM_SIZE (40) /* name instance or realm size*/ 9 | #define KCGLUE_MAX_K_STR_LEN (KCGLUE_ITEM_SIZE*3+2) /* id.instance@realm */ 10 | #define KCGLUE_MAX_KTXT_LEN 1250 11 | 12 | int kcglue_krb_mk_req( 13 | void *dat, 14 | int *len, 15 | const char *service, 16 | char *instance, 17 | char *realm, 18 | long checksum, 19 | void *des_key, 20 | char *pname, 21 | char *pinst 22 | ); 23 | 24 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient/macKClientPublic.h: -------------------------------------------------------------------------------- 1 | #include "KClient.h" -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/GSS/GSS.h: -------------------------------------------------------------------------------- 1 | #include #include -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KClient/KClientTypes.h: -------------------------------------------------------------------------------- 1 | #ifndef KClientTypes_h #define KClientTypes_h #include #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS" #endif #ifdef __cplusplus extern "C" { #endif /* Constants */ /* Different kerberos name formats */ enum { KClientLocalName, /* Don't specify realm */ KClientCommonName, /* Only specify realm if it isn't local */ KClientFullName /* Always specify realm */ }; /* Opaque types */ struct KClientSessionOpaque; typedef struct KClientSessionOpaque* KClientSession; struct KClientPrincipalOpaque; typedef struct KClientPrincipalOpaque* KClientPrincipal; /* Visible types */ typedef FSSpec KClientFile; struct KClientAddress { UInt32 address; UInt16 port; }; typedef struct KClientAddress KClientAddress; struct KClientKey { des_cblock key; }; typedef struct KClientKey KClientKey; struct KClientKeySchedule { des_key_schedule keySchedule; }; typedef struct KClientKeySchedule KClientKeySchedule; #ifdef __cplusplus } #endif #endif /* KClientTypes_h */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/Kerberos/Kerberos.h: -------------------------------------------------------------------------------- 1 | /* * Kerberos Framework Header File * * $Header: /cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/Kerberos/Kerberos.h,v 1.2 2001/12/04 02:05:45 rjs3 Exp $ */ #ifndef __KERBEROS__ #define __KERBEROS__ #ifndef __KERBEROSSUPPORT__ #include #endif /* __KERBEROSSUPPORT__ */ #ifndef __KERBEROSPREFERENCES__ #include #endif /* __KERBEROSPREFERENCES__ */ #ifndef __KERBEROSDES__ #include #endif /* __KERBEROSDES__ */ #ifndef __CREDENTIALSCACHE__ #include #endif /* __CREDENTIALSCACHE__ */ #ifndef __KERBEROSLOGIN__ #include #endif /* __KERBEROSLOGIN__ */ #ifndef __KERBEROSCOMERR__ #include #endif /* __KERBEROSCOMERR__ */ #ifndef __KERBEROSPROFILE__ #include #endif /* __KERBEROSPROFILE__ */ #ifndef __KERBEROS5__ #include #endif /* __KERBEROS5__ */ #ifndef __GSS__ #include #endif /* __GSS__ */ #ifndef __KERBEROS4__ #include #endif /* __KERBEROS4__ */ /* This is private for Macdev #ifndef __KERBEROSWRAPPERS__ #include #endif /* __KERBEROSWRAPPERS__ */ #ifndef __KCLIENT__ #include #endif /* __KCLIENT__ */ #ifndef __KCLIENTCOMPAT__ #include #endif /* __KCLIENTCOMPAT__ */ #ifndef __KCLIENTDEPRECATED__ #include #endif /* __KCLIENTDEPRECATED__ */ #endif /* __KERBEROS__ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/Kerberos4/Kerberos4.h: -------------------------------------------------------------------------------- 1 | /* * Kerberos4.h * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * External defintions for the Kerberos library. Internal definitions * (visible to Kerberos library source files) are in kerberos.h. */ /* Only one time, please */ #ifndef __KERBEROS4__ #define __KERBEROS4__ #include #endif /* __KERBEROS4__ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/Kerberos5/Kerberos5.h: -------------------------------------------------------------------------------- 1 | #include -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosComErr/KerberosComErr.h: -------------------------------------------------------------------------------- 1 | #include -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosDES/KerberosDES.h: -------------------------------------------------------------------------------- 1 | /* * KerberosDES.h * * Copyright (C) 1987, 1988, 1989 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * Include file for the Data Encryption Standard library. */ #ifndef __KERBEROSDES__ #define __KERBEROSDES__ #include #endif /* __KERBEROSDES__ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KLLoginLogoutNotification.h: -------------------------------------------------------------------------------- 1 | /* * API for Kerberos Login and Logout Notification plugins */ #ifndef KLLoginLogoutNotification_h_ #define KLLoginLogoutNotification_h_ #include /* API Versions */ enum { kKLN_APIVersion_1 = 1, kKLN_APIVersion_Current = kKLN_APIVersion_1 }; /* File types */ const OSType kKLN_PluginFileType = FOUR_CHAR_CODE ('LNot'); /* Login types */ enum { kKLN_DialogLogin = 1, kKLN_PasswordLogin = 2 }; /* Types */ typedef UInt32 KLN_APIVersion; typedef UInt32 KLN_LoginType; /* Function prototypes */ #ifdef __cplusplus extern "C" { #endif #pragma export on KLStatus KerberosLoginNotification_InitializePlugin ( KLN_APIVersion inAPIVersion); KLStatus KerberosLoginNotification_Login ( KLN_LoginType inLoginType, const char* inCredentialsCache); void KerberosLoginNotification_Logout ( const char* inCredentialsCache); #ifdef __cplusplus } #endif #endif /* KLLoginLogoutNotification_h_ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KLPrincipalTranslation.h: -------------------------------------------------------------------------------- 1 | /* * API for Kerberos Login Principal Translation plugins */ #include #ifndef KLPrincipalTranslation_h_ #define KLPrincipalTranslation_h_ /* API Versions */ enum { kKLPT_APIVersion_1 = 1, kKLPT_APIVersion_Current = kKLPT_APIVersion_1 }; /* File types */ const OSType kKLPT_PluginFileType = FOUR_CHAR_CODE ('PTrn'); /* Types */ typedef UInt32 KLPT_APIVersion; /* Function prototypes */ #ifdef __cplusplus extern "C" { #endif #pragma export on KLStatus KerberosLoginPrincipalTranslation_InitializePlugin ( KLPT_APIVersion inAPIVersion); KLStatus KerberosLoginPrincipalTranslation_TranslatePrincipal ( const char* inName, const char* inInstance, const char* inRealm, const char** outName, const char** outInstance, const char** outRealm, KLBoolean* outChanged); void KerberosLoginPrincipalTranslation_ReleasePrincipal ( char* inName, char* inInstance, char* inRealm); #ifdef __cplusplus } #endif #endif /* KLPrincipalTranslation_h_ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosPreferences/KerberosPreferences.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/CommonKClient/mac_kclient3/Headers/KerberosPreferences/KerberosPreferences.h -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosProfile/KerberosProfile.h: -------------------------------------------------------------------------------- 1 | #include -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/KerberosConditionalMacros.h: -------------------------------------------------------------------------------- 1 | /* * Shim header file to get the functionality of ConditionalMacros.h * in all environments */ #ifndef KERBEROSCONDITIONALMACROS_H #define KERBEROSCONDITIONALMACROS_H #if defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__)) /* Mac OS 8 and 9 */ #include #elif defined(__GNUC__) && ( defined(__APPLE_CPP__) || defined(__APPLE_CC__) || defined(__MACOS_CLASSIC__)) /* Mac OS X compilers we support */ #include /* Darwin macros: TARGET_OS_*, TARGET_CPU_*, TARGET_RT_* */ /* Things we use which are not defined by Darwin's conditional macros */ #define TARGET_API_MAC_CARBON 1 /* Currently we require Carbon */ #define TARGET_API_MAC_OSX 1 /* This is a Mac OS X box */ #define BAGEL_STAPLING 1 /* We love Mac OS X */ #define ALL_YOUR_KERBEROS_ARE_BELONG_TO_US 1 /* We love Kerberos */ #else #error "Unsupported environment" #endif #endif /* KERBEROSCONDITIONALMACROS_H */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/KerberosSupport.h: -------------------------------------------------------------------------------- 1 | #ifndef __KERBEROSSUPPORT__ #define __KERBEROSSUPPORT__ #include /* * I don't want to export any of these to the general public * If you need them, you should be including them directly, * using the paths as below: #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include */ #endif /* __KERBEROSSUPPORT__ */ -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ShlibDriver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ShlibDriver.h -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/kcglue_des.c: -------------------------------------------------------------------------------- 1 | #include "des.h" 2 | #include "kcglue_des.h" 3 | 4 | /* $Id: kcglue_des.c,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ 5 | * kclient and des have different definitions for key schedules 6 | * this file is to include in the kclient code without dragging in the des definitions 7 | */ 8 | int kcglue_des_key_sched(void *akey,void *asched) 9 | { 10 | return des_key_sched(akey,asched); 11 | } 12 | 13 | void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction) 14 | { 15 | des_ecb_encrypt(asrc,adest,asched,direction); 16 | } 17 | 18 | void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction) 19 | { 20 | des_pcbc_encrypt(asrc,adest,length,asched,akey,direction); 21 | } 22 | 23 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/kcglue_des.h: -------------------------------------------------------------------------------- 1 | 2 | /* $Id: kcglue_des.h,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ 3 | * kclient and des have different definitions for key schedules 4 | * this file is to include in the kclient code without dragging in the des definitions 5 | */ 6 | int kcglue_des_key_sched(void *akey,void *asched); 7 | void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction); 8 | void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction); 9 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/kcglue_krb.h: -------------------------------------------------------------------------------- 1 | /* $Id: kcglue_krb.h,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ 2 | * mit kerberos and kclient include files are not compatable 3 | * the define things with the same name but different implementations 4 | * this is an interface that can be included with either kclient.h 5 | * or krb.h. It bridges between the two of them 6 | */ 7 | 8 | #define KCGLUE_ITEM_SIZE (40) /* name instance or realm size*/ 9 | #define KCGLUE_MAX_K_STR_LEN (KCGLUE_ITEM_SIZE*3+2) /* id.instance@realm */ 10 | #define KCGLUE_MAX_KTXT_LEN 1250 11 | 12 | int kcglue_krb_mk_req( 13 | void *dat, 14 | int *len, 15 | const char *service, 16 | char *instance, 17 | char *realm, 18 | long checksum, 19 | void *des_key, 20 | char *pname, 21 | char *pinst 22 | ); 23 | 24 | -------------------------------------------------------------------------------- /mac/CommonKClient/mac_kclient3/saslk4.h: -------------------------------------------------------------------------------- 1 | #define TARGET_API_MAC_OS8 1 2 | #define TARGET_API_MAC_CARBON 1 3 | -------------------------------------------------------------------------------- /mac/README.filetypes: -------------------------------------------------------------------------------- 1 | CodeWarrior will not recognize files with type other than 'TEXT' 2 | as valid source code or headers, and there appears to be no workaround. 3 | Please read the file doc/macosx.html for more information. 4 | -------------------------------------------------------------------------------- /mac/build_plugins/build_plugins: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/build_plugins/build_plugins -------------------------------------------------------------------------------- /mac/build_plugins/build_plugins.Carbon: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/build_plugins/build_plugins.Carbon -------------------------------------------------------------------------------- /mac/include/extra_krb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * declarations missing from unix krb.h 3 | */ 4 | 5 | 6 | int xxx_krb_mk_priv(void *inp, 7 | void *outp, 8 | unsigned inplen, 9 | des_key_schedule init_keysched, 10 | des_cblock *session, 11 | struct sockaddr_in *iplocal, 12 | struct sockaddr_in *ipremote); 13 | 14 | 15 | int xxx_krb_rd_priv(char *buf, 16 | int inplen, 17 | des_key_schedule init_keysched, 18 | des_cblock *session, 19 | struct sockaddr_in *iplocal, 20 | struct sockaddr_in *ipremote, 21 | MSG_DAT *data); 22 | 23 | #ifdef RUBBISH 24 | #include 25 | 26 | #define des_key_sched kcglue_des_key_sched 27 | #define des_ecb_encrypt kcglue_des_ecb_encrypt 28 | #define des_pcbc_encrypt kcglue_des_pcbc_encrypt 29 | 30 | #ifndef DES_ENCRYPT 31 | #define DES_ENCRYPT 0 32 | #endif 33 | #ifndef DES_DECRYPT 34 | #define DES_DECRYPT 1 35 | #endif 36 | #endif -------------------------------------------------------------------------------- /mac/include/netinet/in.h: -------------------------------------------------------------------------------- 1 | #ifndef _SASL_NETINET_IN_H 2 | #define _SASL_NETINET_IN_H 3 | 4 | struct hostent { 5 | char *h_name; /* official name of host */ 6 | char **h_aliases; /* alias list */ 7 | int h_addrtype; /* host address type */ 8 | int h_length; /* length of address */ 9 | char **h_addr_list; /* list of addresses from name server */ 10 | #define h_addr h_addr_list[0] /* address, for backward compatiblity */ 11 | }; 12 | 13 | struct hostent *gethostbyname(const char *hnam); 14 | 15 | #define IPPROTO_UDP 17 16 | #define IPPROTO_TCP 6 17 | #endif 18 | -------------------------------------------------------------------------------- /mac/include/parse_cmd_line.h: -------------------------------------------------------------------------------- 1 | /* 2 | * mac doesnt have a command line to read 3 | * prompt for one 4 | */ 5 | 6 | int parse_cmd_line(int max_argc,char **argv,int line_size,char *line); 7 | -------------------------------------------------------------------------------- /mac/include/sasl_anonymous_plugin_decl.h: -------------------------------------------------------------------------------- 1 | #ifdef SASL_MONOLITHIC 2 | #define sasl_server_plug_init anonymous_sasl_server_plug_init 3 | #define sasl_client_plug_init anonymous_sasl_client_plug_init 4 | #endif 5 | #include 6 | -------------------------------------------------------------------------------- /mac/include/sasl_kerberos4_plugin_decl.h: -------------------------------------------------------------------------------- 1 | #ifdef SASL_MONOLITHIC 2 | #define sasl_server_plug_init kerberos4_sasl_server_plug_init 3 | #define sasl_client_plug_init kerberos4_sasl_client_plug_init 4 | #endif 5 | #include 6 | -------------------------------------------------------------------------------- /mac/include/sasl_mac_krb_locl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * mac replacement for mit krb_locl.h 3 | */ 4 | 5 | #define RCSID(xxx) static char *xxrcs=xxx 6 | #define xxu_int32_t unsigned long 7 | #define xxint32_t long 8 | #define xxint16_t short 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | struct timeval { 15 | time_t tv_sec; 16 | long tv_usec; 17 | }; 18 | #define gettimeofday yyy_gettimeofday 19 | int gettimeofday(struct timeval *tp, void *); 20 | 21 | #define swab yyy_swab 22 | void swab(char *a, char *b,int len); 23 | 24 | /* 25 | * printf a warning 26 | */ 27 | void krb_warning(const char *fmt,...); 28 | 29 | #define inet_ntoa yyy_inet_netoa 30 | char *inet_ntoa(unsigned long); 31 | 32 | void encrypt_ktext(KTEXT cip,des_cblock *key,int encrypt); 33 | 34 | #define DES_QUAD_GUESS 0 35 | #define DES_QUAD_NEW 1 36 | #define DES_QUAD_OLD 2 37 | #define DES_QUAD_DEFAULT DES_QUAD_GUESS 38 | 39 | void 40 | fixup_quad_cksum(void *start, size_t len, des_cblock *key, 41 | void *new_checksum, void *old_checksum, int little); 42 | 43 | #define abs yyy_abs 44 | int abs(int x); 45 | 46 | #ifdef RUBBISH 47 | #include 48 | #endif 49 | 50 | #include 51 | -------------------------------------------------------------------------------- /mac/include/sasl_plain_plugin_decl.h: -------------------------------------------------------------------------------- 1 | #ifdef SASL_MONOLITHIC 2 | #define sasl_server_plug_init plain_sasl_server_plug_init 3 | #define sasl_client_plug_init plain_sasl_client_plug_init 4 | #endif 5 | #include 6 | -------------------------------------------------------------------------------- /mac/include/sasl_plugin_decl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * i guess the unix computer isnt picky about undeclared functions 3 | * should build with gcc with warn all 4 | */ 5 | #if defined(macintosh) && (!defined(SASL_MONOLITHIC)) 6 | #pragma export on 7 | #define SASL_TURN_OFF_PLUGIN_EXPORT 8 | #endif 9 | sasl_server_plug_init_t sasl_server_plug_init; 10 | sasl_client_plug_init_t sasl_client_plug_init; 11 | #ifdef SASL_TURN_OFF_PLUGIN_EXPORT 12 | #pragma export reset 13 | #undef SASL_TURN_OFF_PLUGIN_EXPORT 14 | #endif 15 | 16 | #ifdef rubbish 17 | int sasl_server_plug_init(sasl_utils_t *utils __attribute__((unused)), 18 | int maxversion, 19 | int *out_version, 20 | const sasl_server_plug_t **pluglist, 21 | int *plugcount); 22 | 23 | int sasl_client_plug_init(sasl_utils_t *utils __attribute__((unused)), 24 | int maxversion, 25 | int *out_version, 26 | const sasl_client_plug_t **pluglist, 27 | int *plugcount); 28 | #endif -------------------------------------------------------------------------------- /mac/kerberos_includes/conf-svsparc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1991, by Sun Microsystems, Inc. 3 | */ 4 | 5 | #ifndef _KERBEROS_CONF_SVSPARC_H 6 | #define _KERBEROS_CONF_SVSPARC_H 7 | 8 | #pragma ident "@(#)conf-svsparc.h 1.5 92/07/14 SMI" 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | /* 15 | * Machine-type definitions: SPARC with SYSV Unix, e.g. SUN-4 16 | */ 17 | 18 | #define BITS32 19 | #define BIG 20 | #define MSBFIRST 21 | /* #define BSDUNIX */ 22 | #define MUSTALIGN 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | 28 | #endif /* _KERBEROS_CONF_SVSPARC_H */ 29 | -------------------------------------------------------------------------------- /mac/kerberos_includes/error_table.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1991, by Sun Microsystems, Inc. 3 | */ 4 | 5 | #ifndef _KERBEROS_ERROR_TABLE_H 6 | #define _KERBEROS_ERROR_TABLE_H 7 | 8 | #pragma ident "@(#)error_table.h 1.4 93/08/30 SMI" 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | typedef struct { 15 | char **msgs; 16 | int base; 17 | int n_msgs; 18 | } error_table; 19 | extern error_table **_et_list; 20 | 21 | #define ERROR_CODE "int" /* type used for error codes */ 22 | 23 | #define ERRCODE_RANGE 8 /* # of bits to shift table number */ 24 | #define BITS_PER_CHAR 6 /* # bits to shift per character in name */ 25 | 26 | extern char *error_table_name(); 27 | 28 | #ifdef __cplusplus 29 | } 30 | #endif 31 | 32 | #endif /* _KERBEROS_ERROR_TABLE_H */ 33 | -------------------------------------------------------------------------------- /mac/kerberos_includes/kerberos/des.h.unix: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvs/src/sasl/mac/kerberos_includes/kerberos/des.h.unix,v $ 3 | * $Author: rjs3 $ 4 | * $Header: /cvs/src/sasl/mac/kerberos_includes/kerberos/des.h.unix,v 1.2 2001/12/04 02:06:07 rjs3 Exp $ 5 | * 6 | * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 7 | * 8 | * For copying and distribution information, please see the file 9 | * . 10 | * 11 | * Include file for the Data Encryption Standard library. 12 | */ 13 | 14 | #ifndef _KERBEROS_DES_H 15 | #define _KERBEROS_DES_H 16 | 17 | /* #pragma ident "@(#)des.h 1.5 93/05/27 SMI" */ 18 | 19 | #include 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | typedef unsigned char des_cblock[8]; /* crypto-block size */ 26 | /* Key schedule */ 27 | typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; 28 | 29 | #define DES_KEY_SZ (sizeof (des_cblock)) 30 | #define KRBDES_ENCRYPT 1 31 | #define KRBDES_DECRYPT 0 32 | 33 | #ifndef NCOMPAT 34 | #define C_Block des_cblock 35 | #define Key_schedule des_key_schedule 36 | #define ENCRYPT KRBDES_ENCRYPT 37 | #define DECRYPT KRBDES_DECRYPT 38 | #define KEY_SZ DES_KEY_SZ 39 | #define string_to_key des_string_to_key 40 | #define read_pw_string des_read_pw_string 41 | #define random_key des_random_key 42 | #define pcbc_encrypt des_pcbc_encrypt 43 | #define key_sched des_key_sched 44 | #define cbc_encrypt des_cbc_encrypt 45 | #define cbc_cksum des_cbc_cksum 46 | #define C_Block_print des_cblock_print 47 | #define quad_cksum des_quad_cksum 48 | typedef struct des_ks_struct bit_64; 49 | #endif 50 | 51 | #define des_cblock_print(x) des_cblock_print_file(x, stdout) 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif /* _KERBEROS_DES_H */ 58 | -------------------------------------------------------------------------------- /mac/kerberos_includes/kerberos/mit-copyright.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 1989 by the Massachusetts Institute of Technology 3 | * 4 | * Export of this software from the United States of America is assumed 5 | * to require a specific license from the United States Government. 6 | * It is the responsibility of any person or organization contemplating 7 | * export to obtain such a license before exporting. 8 | * 9 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 10 | * distribute this software and its documentation for any purpose and 11 | * without fee is hereby granted, provided that the above copyright 12 | * notice appear in all copies and that both that copyright notice and 13 | * this permission notice appear in supporting documentation, and that 14 | * the name of M.I.T. not be used in advertising or publicity pertaining 15 | * to distribution of the software without specific, written prior 16 | * permission. M.I.T. makes no representations about the suitability of 17 | * this software for any purpose. It is provided "as is" without express 18 | * or implied warranty. 19 | * 20 | */ 21 | 22 | #ifndef _KERBEROS_MIT_COPYRIGHT_H 23 | #define _KERBEROS_MIT_COPYRIGHT_H 24 | 25 | /* #pragma ident "@(#)mit-copyright.h 1.4 93/02/04 SMI" */ 26 | 27 | #endif /* _KERBEROS_MIT_COPYRIGHT_H */ 28 | -------------------------------------------------------------------------------- /mac/kerberos_includes/klog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvs/src/sasl/mac/kerberos_includes/klog.h,v $ 3 | * $Author: rjs3 $ 4 | * $Header: /cvs/src/sasl/mac/kerberos_includes/klog.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ 5 | * 6 | * Copyright 1988 by the Massachusetts Institute of Technology. 7 | * 8 | * For copying and distribution information, please see the file 9 | * . 10 | * 11 | * This file defines the types of log messages logged by klog. Each 12 | * type of message may be selectively turned on or off. 13 | */ 14 | 15 | #ifndef _KERBEROS_KLOG_H 16 | #define _KERBEROS_KLOG_H 17 | 18 | #pragma ident "@(#)klog.h 1.3 92/07/14 SMI" 19 | 20 | #include 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | #define KRBLOG "/kerberos/kerberos.log" /* master server */ 27 | #define KRBSLAVELOG "/kerberos/kerberos_slave.log" /* master server */ 28 | #define NLOGTYPE 100 /* Maximum number of log msg types */ 29 | 30 | #define L_NET_ERR 1 /* Error in network code */ 31 | #define L_NET_INFO 2 /* Info on network activity */ 32 | #define L_KRB_PERR 3 /* Kerberos protocol errors */ 33 | #define L_KRB_PINFO 4 /* Kerberos protocol info */ 34 | #define L_INI_REQ 5 /* Request for initial ticket */ 35 | #define L_NTGT_INTK 6 /* Initial request not for TGT */ 36 | #define L_DEATH_REQ 7 /* Request for server death */ 37 | #define L_TKT_REQ 8 /* All ticket requests using a tgt */ 38 | #define L_ERR_SEXP 9 /* Service expired */ 39 | #define L_ERR_MKV 10 /* Master key version incorrect */ 40 | #define L_ERR_NKY 11 /* User's key is null */ 41 | #define L_ERR_NUN 12 /* Principal not unique */ 42 | #define L_ERR_UNK 13 /* Principal Unknown */ 43 | #define L_ALL_REQ 14 /* All requests */ 44 | #define L_APPL_REQ 15 /* Application requests (using tgt) */ 45 | #define L_KRB_PWARN 16 /* Protocol warning messages */ 46 | 47 | char *klog(); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif /* _KERBEROS_KLOG_H */ 54 | -------------------------------------------------------------------------------- /mac/kerberos_includes/krb-protos.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/kerberos_includes/krb-protos.h -------------------------------------------------------------------------------- /mac/kerberos_includes/krb_conf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvs/src/sasl/mac/kerberos_includes/krb_conf.h,v $ 3 | * $Author: rjs3 $ 4 | * $Header: /cvs/src/sasl/mac/kerberos_includes/krb_conf.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ 5 | * 6 | * Copyright 1988 by the Massachusetts Institute of Technology. 7 | * 8 | * For copying and distribution information, please see the file 9 | * . 10 | * 11 | * This file contains configuration information for the Kerberos library 12 | * which is machine specific; currently, this file contains 13 | * configuration information for the vax, the "ibm032" (RT), and the 14 | * "PC8086" (IBM PC). 15 | * 16 | * Note: cross-compiled targets must appear BEFORE their corresponding 17 | * cross-compiler host. Otherwise, both will be defined when running 18 | * the native compiler on the programs that construct cross-compiled 19 | * sources. 20 | */ 21 | 22 | #ifndef _KERBEROS_KRB_CONF_H 23 | #define _KERBEROS_KRB_CONF_H 24 | 25 | #pragma ident "@(#)krb_conf.h 1.3 92/07/14 SMI" 26 | 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | /* Byte ordering */ 34 | extern int krbONE; 35 | #define HOST_BYTE_ORDER (* (char *) &krbONE) 36 | #define MSB_FIRST 0 /* 68000, IBM RT/PC */ 37 | #define LSB_FIRST 1 /* Vax, PC8086 */ 38 | 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | 43 | #endif /* _KERBEROS_KRB_CONF_H */ 44 | -------------------------------------------------------------------------------- /mac/kerberos_includes/ktypes.h: -------------------------------------------------------------------------------- 1 | #ifndef __KTYPES_H__ 2 | #define __KTYPES_H__ 3 | 4 | typedef unsigned char u_char; 5 | typedef signed char int8_t; 6 | typedef unsigned char u_int8_t; 7 | typedef short int16_t; 8 | typedef unsigned short u_int16_t; 9 | #if TARGET_API_MAC_CARBON 10 | typedef long int32_t; 11 | typedef unsigned long u_int32_t; 12 | #else 13 | typedef int int32_t; 14 | typedef unsigned int u_int32_t; 15 | #endif 16 | #endif /* __KTYPES_H__ */ 17 | -------------------------------------------------------------------------------- /mac/kerberos_includes/lsb_addr_comp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvs/src/sasl/mac/kerberos_includes/lsb_addr_comp.h,v $ 3 | * $Author: rjs3 $ 4 | * $Header: /cvs/src/sasl/mac/kerberos_includes/lsb_addr_comp.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ 5 | * 6 | * Copyright 1988 by the Massachusetts Institute of Technology. 7 | * 8 | * For copying and distribution information, please see the file 9 | * . 10 | * 11 | * Comparison macros to emulate LSBFIRST comparison results of network 12 | * byte-order quantities 13 | */ 14 | 15 | #ifndef _KERBEROS_LSB_ADDR_COMP_H 16 | #define _KERBEROS_LSB_ADDR_COMP_H 17 | 18 | #pragma ident "@(#)lsb_addr_comp.h 1.4 93/02/04 SMI" 19 | 20 | #include 21 | #include 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | #ifdef LSBFIRST 28 | #define lsb_net_ulong_less(x, y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) 29 | #define lsb_net_ushort_less(x, y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) 30 | #else 31 | /* MSBFIRST */ 32 | #define u_char_comp(x, y) \ 33 | (((x) > (y)) ? (1) : (((x) == (y)) ? (0) : (-1))) 34 | /* This is gross, but... */ 35 | #define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y) 36 | #define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y) 37 | 38 | #define long_less_than(x, y) \ 39 | (u_char_comp((x)[3], (y)[3]) ? u_char_comp((x)[3], (y)[3]) : \ 40 | (u_char_comp((x)[2], (y)[2]) ? u_char_comp((x)[2], (y)[2]) : \ 41 | (u_char_comp((x)[1], (y)[1]) ? u_char_comp((x)[1], (y)[1]) : \ 42 | (u_char_comp((x)[0], (y)[0]))))) 43 | #define short_less_than(x, y) \ 44 | (u_char_comp((x)[1], (y)[1]) ? u_char_comp((x)[1], (y)[1]) : \ 45 | (u_char_comp((x)[0], (y)[0]))) 46 | 47 | #endif /* LSBFIRST */ 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif /* _KERBEROS_LSB_ADDR_COMP_H */ 54 | -------------------------------------------------------------------------------- /mac/kerberos_includes/mit-sipb-copyright.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1987 by the Student Information Processing Board 3 | * of the Massachusetts Institute of Technology 4 | * 5 | * Permission to use, copy, modify, and distribute this software 6 | * and its documentation for any purpose and without fee is 7 | * hereby granted, provided that the above copyright notice 8 | * appear in all copies and that both that copyright notice and 9 | * this permission notice appear in supporting documentation, 10 | * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be 11 | * used in advertising or publicity pertaining to distribution 12 | * of the software without specific, written prior permission. 13 | * M.I.T. and the M.I.T. S.I.P.B. make no representations about 14 | * the suitability of this software for any purpose. It is 15 | * provided "as is" without express or implied warranty. 16 | * 17 | */ 18 | 19 | #ifndef _KERBEROS_MIT_COPYRIGHT_H 20 | #define _KERBEROS_MIT_COPYRIGHT_H 21 | 22 | #pragma ident "@(#)mit-sipb-copyright.h 1.5 93/02/04 SMI" 23 | 24 | #endif /* _KERBEROS_MIT_COPYRIGHT_H */ 25 | -------------------------------------------------------------------------------- /mac/kerberos_includes/osconf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/osconf.h 3 | * $Author: rjs3 $ 4 | * $Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/osconf.h 5 | * 4.4 89/12/19 13:26:27 jtkohl Exp $ 6 | * 7 | * Copyright 1988 by the Massachusetts Institute of Technology. 8 | * 9 | * For copying and distribution information, please see the file 10 | * . 11 | * 12 | * Athena configuration. 13 | */ 14 | 15 | #ifndef _KERBEROS_OSCONF_H 16 | #define _KERBEROS_OSCONF_H 17 | 18 | #pragma ident "@(#)osconf.h 1.7 94/07/29 SMI" 19 | 20 | #include 21 | 22 | #ifdef tahoe 23 | #include 24 | #else /* !tahoe */ 25 | #ifdef vax 26 | #include 27 | #else /* !vax */ 28 | #if defined(mips) && defined(ultrix) 29 | #include 30 | #else /* !Ultrix MIPS-2 */ 31 | #ifdef ibm032 32 | #include 33 | #else /* !ibm032 */ 34 | #ifdef apollo 35 | #include 36 | #else /* !apollo */ 37 | #ifdef sun 38 | #ifdef sparc 39 | #if defined(SunOS) && SunOS >= 50 40 | #include 41 | #else 42 | #include 43 | #endif 44 | #else /* sun but not sparc */ 45 | #ifdef i386 46 | #include 47 | #else /* sun but not sparc or i386 */ 48 | #ifdef __ppc 49 | #include 50 | #else /* sun but not (sparc, i386, or ppc) */ 51 | #include 52 | #endif /* ppc */ 53 | #endif /* i386 */ 54 | #endif /* sparc */ 55 | #else /* !sun */ 56 | #ifdef pyr 57 | #include 58 | #endif /* pyr */ 59 | #endif /* sun */ 60 | #endif /* apollo */ 61 | #endif /* ibm032 */ 62 | #endif /* mips */ 63 | #endif /* vax */ 64 | #endif /* tahoe */ 65 | 66 | #endif /* _KERBEROS_OSCONF_H */ 67 | -------------------------------------------------------------------------------- /mac/krb4_sources/krb-protos.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/krb-protos.h -------------------------------------------------------------------------------- /mac/krb4_sources/lsb_addr_comp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/lsb_addr_comp.c -------------------------------------------------------------------------------- /mac/krb4_sources/mk_auth.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/mk_auth.c -------------------------------------------------------------------------------- /mac/krb4_sources/mk_priv.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/mk_priv.c -------------------------------------------------------------------------------- /mac/krb4_sources/mk_req.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/mk_req.c -------------------------------------------------------------------------------- /mac/krb4_sources/mk_safe.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/mk_safe.c -------------------------------------------------------------------------------- /mac/krb4_sources/rd_priv.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/rd_priv.c -------------------------------------------------------------------------------- /mac/krb4_sources/rd_safe.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/rd_safe.c -------------------------------------------------------------------------------- /mac/krb4_sources/rw.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/krb4_sources/rw.c -------------------------------------------------------------------------------- /mac/libsasl/libsasl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/libsasl/libsasl -------------------------------------------------------------------------------- /mac/libsasl/libsasl.Carbon: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/libsasl/libsasl.Carbon -------------------------------------------------------------------------------- /mac/libsasl/libsasl.Carbon.exp: -------------------------------------------------------------------------------- 1 | #xxx_sasl_gethostname 2 | #xxx_sasl_strdup 3 | #sasl_free_secret 4 | #sasl_client_auth 5 | sasl_client_step 6 | sasl_client_start 7 | sasl_client_new 8 | sasl_client_init 9 | sasl_churn 10 | sasl_rand 11 | sasl_randseed 12 | sasl_randfree 13 | sasl_randcreate 14 | sasl_utf8verify 15 | sasl_mkchal 16 | sasl_decode64 17 | sasl_encode64 18 | sasl_idle 19 | sasl_errstring 20 | #sasl_usererr 21 | sasl_errdetail 22 | sasl_setprop 23 | sasl_getprop 24 | sasl_dispose 25 | sasl_done 26 | sasl_set_alloc 27 | sasl_decode 28 | sasl_encode 29 | sasl_set_mutex 30 | #sasl_config_getswitch 31 | #sasl_config_getint 32 | #sasl_config_getstring 33 | #sasl_config_init 34 | #_sasl_allocation_utils 35 | #_sasl_mutex_utils 36 | #_sasl_server_putsecret_hook 37 | #_sasl_server_getsecret_hook 38 | #_sasl_server_idle_hook 39 | #_sasl_client_idle_hook 40 | #_sasl_server_cleanup_hook 41 | #_sasl_client_cleanup_hook 42 | #_sasl_find_verifyfile_callback 43 | #_sasl_find_getpath_callback 44 | #_sasl_free_utils 45 | #_sasl_alloc_utils 46 | #_sasl_log 47 | #_sasl_getcallback 48 | #_sasl_conn_dispose 49 | #_sasl_conn_init 50 | #_sasl_strdup 51 | #_sasl_done_with_plugin 52 | #_sasl_get_mech_list 53 | sasl_encodev 54 | sasl_erasebuffer 55 | sasl_seterror -------------------------------------------------------------------------------- /mac/libsasl/libsasl.exp: -------------------------------------------------------------------------------- 1 | #xxx_sasl_gethostname 2 | xxx_sasl_strdup 3 | #sasl_free_secret 4 | #sasl_client_auth 5 | sasl_client_step 6 | sasl_client_start 7 | sasl_client_new 8 | sasl_client_init 9 | sasl_churn 10 | sasl_rand 11 | sasl_randseed 12 | sasl_randfree 13 | sasl_randcreate 14 | sasl_utf8verify 15 | sasl_mkchal 16 | sasl_decode64 17 | sasl_encode64 18 | sasl_idle 19 | sasl_errstring 20 | #sasl_usererr 21 | sasl_errdetail 22 | sasl_setprop 23 | sasl_getprop 24 | sasl_dispose 25 | sasl_done 26 | sasl_set_alloc 27 | sasl_decode 28 | sasl_encode 29 | sasl_set_mutex 30 | #sasl_config_getswitch 31 | #sasl_config_getint 32 | #sasl_config_getstring 33 | #sasl_config_init 34 | #_sasl_allocation_utils 35 | #_sasl_mutex_utils 36 | #_sasl_server_putsecret_hook 37 | #_sasl_server_getsecret_hook 38 | #_sasl_server_idle_hook 39 | #_sasl_client_idle_hook 40 | #_sasl_server_cleanup_hook 41 | #_sasl_client_cleanup_hook 42 | #_sasl_find_verifyfile_callback 43 | #_sasl_find_getpath_callback 44 | #_sasl_free_utils 45 | #_sasl_alloc_utils 46 | #_sasl_log 47 | #_sasl_getcallback 48 | #_sasl_conn_dispose 49 | #_sasl_conn_init 50 | #_sasl_strdup 51 | #_sasl_done_with_plugin 52 | #_sasl_get_mech_list 53 | -------------------------------------------------------------------------------- /mac/libsasl/libsasl_prefix.h: -------------------------------------------------------------------------------- 1 | /* 2 | * compile the plugins into the library for nice debugging 3 | */ 4 | 5 | #define NO_SASL_MONOLITHIC 6 | 7 | /* 8 | * compiler doesnt allow an empty file 9 | */ 10 | typedef int xxx_sc_foo; 11 | -------------------------------------------------------------------------------- /mac/libsasl/libsasl_prefix_carbon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * compile the plugins into the library for nice debugging 3 | */ 4 | 5 | #define NO_SASL_MONOLITHIC 6 | 7 | /* 8 | * compiler doesnt allow an empty file 9 | */ 10 | typedef int xxx_sc_foo; 11 | 12 | #define TARGET_API_MAC_CARBON 1 13 | -------------------------------------------------------------------------------- /mac/osx_cfm_glue/cfmglue.h: -------------------------------------------------------------------------------- 1 | #define TARGET_API_MAC_CARBON 1 2 | #define SASL_OSX_CFMGLUE 1 3 | 4 | #include -------------------------------------------------------------------------------- /mac/osx_cfm_glue/cfmglue.proj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/osx_cfm_glue/cfmglue.proj -------------------------------------------------------------------------------- /mac/osx_cfm_glue/cfmglue.proj.exp: -------------------------------------------------------------------------------- 1 | sasl_decode 2 | sasl_encode 3 | sasl_idle 4 | sasl_setprop 5 | sasl_getprop 6 | sasl_errstring 7 | sasl_client_step 8 | sasl_client_start 9 | sasl_dispose 10 | sasl_client_new 11 | sasl_done 12 | sasl_client_init 13 | sasl_encode64 14 | sasl_decode64 15 | sasl_set_alloc 16 | sasl_mkchal 17 | sasl_utf8verify 18 | sasl_churn 19 | sasl_rand 20 | sasl_randseed 21 | sasl_randfree 22 | sasl_randcreate 23 | sasl_set_mutex 24 | sasl_server_init 25 | sasl_server_new 26 | sasl_listmech 27 | sasl_server_start 28 | sasl_server_step 29 | sasl_checkpass 30 | sasl_user_exists 31 | sasl_setpass 32 | sasl_errdetail 33 | sasl_checkapop 34 | sasl_auxprop_request 35 | sasl_auxprop_getctx 36 | sasl_erasebuffer 37 | sasl_encodev 38 | prop_new 39 | prop_dup 40 | prop_get 41 | prop_getnames 42 | prop_clear 43 | prop_erase 44 | prop_dispose 45 | prop_format 46 | prop_set 47 | prop_setvals 48 | sasl_seterror -------------------------------------------------------------------------------- /mac/readme/mac_testing_notes.c: -------------------------------------------------------------------------------- 1 | #ifdef RUBBISH 2 | 3 | *** how to run the server on unix 4 | ./sample-server -s rcmd -i local=0.0.0.0:23,remote=0.0.0.0:23 -m KERBEROS_V4 5 | 6 | *** arguements to the client on the mac 7 | 8 | Use this to test privacy: 9 | -b min=56,max=20000 -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw 10 | 11 | Use this to test authenticity: 12 | -b min=1,max=1 -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw 13 | 14 | Use this to test authentication only (no privacy no authenticity): 15 | -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw 16 | 17 | 18 | C: BAYAQU5EUkVXLkNNVS5FRFUAOCBx+Dj9fo8RD0Wegm7Qr2iSopuKxKGTq6cA6ux+lEPfB4GFO9BxF9jWOKLa5Hw/sIqkSfcqwah+hLFCUakVHcviUo7UOTHX0CFWy8QsnCuz6qco9FzlS23r 19 | 20 | - check lifetimes of data returned by kerberos glue functions 21 | like realm of host and gethostbyname 22 | C: AAAAbAQGAEFORFJFVy5DTVUuRURVADggcfg4/X6PEQ9FnoJu0K9okqKbisShk6unYXiKjun/vccUEytAAMdTj1pLaQjd3hkDltVId4q9la64zfZG+haHMETI+kDpHzLAtABnUTl4NHvzjbuwfwdvSA== 23 | 24 | -e ssf=-57 -i local=128.2.121.100:23,remote=128.2.121.2:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw 25 | 26 | #endif 27 | 28 | static int bletch_the_compiler_wants_something_non_empty; 29 | -------------------------------------------------------------------------------- /mac/sc_shlb/sc_shlb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/sc_shlb/sc_shlb -------------------------------------------------------------------------------- /mac/sc_shlb/sc_shlb.Carbon: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/sc_shlb/sc_shlb.Carbon -------------------------------------------------------------------------------- /mac/sc_shlb/sc_shlb.mono: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/ac0c278817a082c625c496ec812318c019e0b96f/mac/sc_shlb/sc_shlb.mono -------------------------------------------------------------------------------- /mac/sc_shlb/sc_shlb.rsrc.sit.hqx: -------------------------------------------------------------------------------- 1 | (This file must be converted with BinHex 4.0) :%(0MAh0SE')ZFR0bBbjcDA3!8dP8090*9#%!N!3"%`#3"*!!G90dG@CQ5A3J+'- T-6Nj0bda16Ni)%&XB@4ND@iJ8hPcG'9YFb`J5@jM,L`JD(4dF$S[,hH3!bjKE'& NC'PZFhPc,Q0[E5p6G(9QCNPd,`d+'J!&%!!!!4-!N!0b!!%!N!0bX'30TD95CA0 PFRCPC+@P!+@3"!%!!$`!!,H$@B1hJeQ6!*!0$*bL!*!1Ff0IFfKXBLjbFh*M!!( ZbR*cFQ058d9%!*!3J!#3#3%f!*!$-`#3"!m!3X(8q2@S2N23-B('m2KI(pa#6DA +L,R'QSirQM+#,h*hGLHl$"kFM'&fKK1,Gciq4Tk!er-!!!: -------------------------------------------------------------------------------- /mac/sc_shlb/sc_shlb_carbon.h: -------------------------------------------------------------------------------- 1 | #define TARGET_API_MAC_CARBON 1 2 | -------------------------------------------------------------------------------- /plugins/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | *_init.c 7 | -------------------------------------------------------------------------------- /plugins/crypto_kdf_hkdf_sha512.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_kdf_hkdf_sha512_H 2 | #define crypto_kdf_hkdf_sha512_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include 9 | 10 | #ifdef __cplusplus 11 | # ifdef __GNUC__ 12 | # pragma GCC diagnostic ignored "-Wlong-long" 13 | # endif 14 | extern "C" { 15 | #endif 16 | 17 | #define crypto_kdf_hkdf_sha512_KEYBYTES crypto_auth_hmacsha512_BYTES 18 | SODIUM_EXPORT 19 | size_t crypto_kdf_hkdf_sha512_keybytes(void); 20 | 21 | #define crypto_kdf_hkdf_sha512_BYTES_MIN 0U 22 | SODIUM_EXPORT 23 | size_t crypto_kdf_hkdf_sha512_bytes_min(void); 24 | 25 | #define crypto_kdf_hkdf_sha512_BYTES_MAX (0xff * crypto_auth_hmacsha512_BYTES) 26 | SODIUM_EXPORT 27 | size_t crypto_kdf_hkdf_sha512_bytes_max(void); 28 | 29 | SODIUM_EXPORT 30 | int crypto_kdf_hkdf_sha512_extract(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES], 31 | const unsigned char *salt, size_t salt_len, 32 | const unsigned char *ikm, size_t ikm_len) 33 | __attribute__ ((nonnull(1))); 34 | 35 | SODIUM_EXPORT 36 | void crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) 37 | __attribute__ ((nonnull)); 38 | 39 | SODIUM_EXPORT 40 | int crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len, 41 | const char *ctx, size_t ctx_len, 42 | const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) 43 | __attribute__ ((nonnull(1))); 44 | 45 | #ifdef __cplusplus 46 | } 47 | #endif 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /pwcheck/Makefile.am: -------------------------------------------------------------------------------- 1 | # Makefile.am for the pwcheck daemon 2 | # Larry Greenfield 3 | # 4 | # Copyright 1999 by Carnegie Mellon University 5 | # 6 | # All Rights Reserved 7 | # 8 | # Permission to use, copy, modify, and distribute this software and its 9 | # documentation for any purpose and without fee is hereby granted, 10 | # provided that the above copyright notice appear in all copies and that 11 | # both that copyright notice and this permission notice appear in 12 | # supporting documentation, and that the name of CMU not be 13 | # used in advertising or publicity pertaining to distribution of the 14 | # software without specific, written prior permission. 15 | # 16 | # CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING 17 | # ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL 18 | # CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR 19 | # ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 20 | # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, 21 | # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 22 | # SOFTWARE. 23 | # 24 | 25 | sbin_PROGRAMS = pwcheck 26 | 27 | AM_CPPFLAGS = -I../include -I../lib 28 | 29 | pwcheck_SOURCES = pwcheck.c 30 | EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c 31 | pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo 32 | pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@ 33 | -------------------------------------------------------------------------------- /pwcheck/README: -------------------------------------------------------------------------------- 1 | Pwcheck is a daemon for permitting the SASL library to check passwords 2 | against the shadow password database. 3 | 4 | To use: 5 | 6 | * Configure the Cyrus SASL library with the "--with-pwcheck" switch. 7 | 8 | * Compile and install the Cyrus SASL library software 9 | 10 | * Create the directory "/var/pwcheck" and make it readable by only 11 | those users who need to be able to verify passwords. For instance, if 12 | you wish to use pwcheck with Cyrus imapd: 13 | 14 | mkdir /var/pwcheck 15 | chown cyrus /var/pwcheck 16 | chmod 700 /var/pwcheck 17 | 18 | * Configure your applications to use "pwcheck_method: pwcheck". For 19 | example, if you are using this with the Cyrus IMAP server, you can 20 | put in the imapd.conf the following line: 21 | 22 | sasl_pwcheck_method: pwcheck 23 | 24 | or for an application that doesn't overload its configuration file, 25 | you could put the following line in its configuration file located 26 | in /usr/lib/sasl (e.g. /usr/lib/.conf): 27 | 28 | pwcheck_method: pwcheck 29 | 30 | * Upon system startup, arrange for the daemon $prefix/sbin/pwcheck 31 | to be run as root in the background. 32 | 33 | How it works: 34 | 35 | The Cyrus servers connect to the unix-domain socket 36 | /var/pwcheck/pwcheck to send a potential user's userid and password to 37 | the pwcheck daemon. The pwcheck daemon uses its root privileges to 38 | verify the userid and password against the shadow password database. 39 | The pwcheck daemon then returns an error message or "OK" to the Cyrus 40 | server and closes the unix-domain connection. 41 | 42 | The permissions on the /var/pwcheck directory control who can connect 43 | to the pwcheck daemon. The pwcheck daemon is not designed to deal 44 | with denial-of-service attacks from its clients, so the directory 45 | should be restricted to trustworthy server processes. 46 | -------------------------------------------------------------------------------- /saslauthd/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | *.o 7 | saslauthd 8 | saslauthd.8 9 | saslauthd.h* 10 | stamp-h1 11 | testsaslauthd 12 | -------------------------------------------------------------------------------- /saslauthd/COPYING: -------------------------------------------------------------------------------- 1 | /* CMU libsasl 2 | * Tim Martin 3 | * Rob Earhart 4 | * Rob Siemborski 5 | */ 6 | /* 7 | * Copyright (c) 2001 Carnegie Mellon University. All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 21 | * 3. The name "Carnegie Mellon University" must not be used to 22 | * endorse or promote products derived from this software without 23 | * prior written permission. For permission or any other legal 24 | * details, please contact 25 | * Office of Technology Transfer 26 | * Carnegie Mellon University 27 | * 5000 Forbes Avenue 28 | * Pittsburgh, PA 15213-3890 29 | * (412) 268-4387, fax: (412) 268-7395 30 | * tech-transfer@andrew.cmu.edu 31 | * 32 | * 4. Redistributions of any form whatsoever must retain the following 33 | * acknowledgment: 34 | * "This product includes software developed by Computing Services 35 | * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 36 | * 37 | * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 38 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 39 | * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 40 | * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 41 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 42 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 43 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 44 | */ 45 | -------------------------------------------------------------------------------- /saslauthd/ChangeLog: -------------------------------------------------------------------------------- 1 | Currently saslauthd changes are tracked in the main SASL ChangeLog. 2 | -------------------------------------------------------------------------------- /saslauthd/auth_dce.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1997 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT 27 | */ 28 | 29 | char *auth_dce(const char *, const char *, const char *, const char *, const char *); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_getpwent.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1997 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_getpwent(const char *, const char *, const char *, const char *, const char *); 29 | -------------------------------------------------------------------------------- /saslauthd/auth_httpform.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 2005 Pyx Engineering AG 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY PYX ENGINEERING AG ''AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PYX ENGINEERING AG OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_httpform(const char *, const char *, const char *, const char *, const char *); 29 | int auth_httpform_init(void); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_krb5.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1997 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_krb5(const char *, const char *, const char *, const char *, const char *); 29 | int auth_krb5_init(void); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_ldap.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 2002-2002 Igor Brezac 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY IGOR BREZAC. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL IGOR BREZAC OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_ldap(const char *, const char *, const char *, const char *, const char *); 29 | int auth_ldap_init(void); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_pam.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 2000 Fabian Knittel. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in 13 | * the documentation and/or other materials provided with the 14 | * distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 24 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 25 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 26 | * DAMAGE. 27 | * END COPYRIGHT */ 28 | 29 | char *auth_pam(const char *, const char *, const char *, const char *, const char *); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_rimap.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1998 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_rimap(const char *, const char *, const char *, const char *, const char *); 29 | int auth_rimap_init(void); 30 | -------------------------------------------------------------------------------- /saslauthd/auth_sasldb.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1997 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_sasldb(const char *, const char *, const char *, const char *, const char *); 29 | -------------------------------------------------------------------------------- /saslauthd/auth_shadow.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1997 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_shadow(const char *, const char *, const char *, const char *, const char *); 29 | -------------------------------------------------------------------------------- /saslauthd/auth_sia.h: -------------------------------------------------------------------------------- 1 | /* COPYRIGHT 2 | * Copyright (c) 1998 Messaging Direct Ltd. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY 15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR 18 | * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 23 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 24 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 | * DAMAGE. 26 | * END COPYRIGHT */ 27 | 28 | char *auth_sia(const char *, const char *, const char *, const char *, const char *); 29 | -------------------------------------------------------------------------------- /saslauthd/testsaslauthd.8: -------------------------------------------------------------------------------- 1 | .\" testsaslauthd - SASL2 test tool 2 | .\" Dima Barsky 23/12/2002 3 | .\" 4 | 5 | .\" 6 | .TH TESTSASLAUTHD 8 "December 23, 2002" "CMU SASL" 7 | .SH NAME 8 | testsaslauthd \- a test tool for saslauthd 9 | .SH SYNOPSIS 10 | .B testsaslauthd -u username -p password 11 | [-r realm] [-s servicename] 12 | [-f socket path] [-R repeatnum] 13 | 14 | .SH DESCRIPTION 15 | This tool is for testing the saslauthd daemon. Do not use it unless you 16 | know what you are doing. Read the source code if you need more information. 17 | -------------------------------------------------------------------------------- /sasldb/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | *.o 7 | -------------------------------------------------------------------------------- /tests/t_common.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Simo Sorce 2 | * See COPYING file for License */ 3 | 4 | #include "config.h" 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include 12 | #include 13 | 14 | void s_error(const char *hdr, ssize_t ret, ssize_t len, int err); 15 | void send_string(int sd, const char *s, unsigned int l); 16 | void recv_string(int sd, char *buf, unsigned int *buflen, bool allow_eof); 17 | void saslerr(int why, const char *what); 18 | int getpath(void *context __attribute__((unused)), const char **path); 19 | void parse_cb(sasl_channel_binding_t *cb, char *buf, unsigned max, char *in); 20 | -------------------------------------------------------------------------------- /utils/.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | Makefile 3 | .deps 4 | .libs 5 | *.l[ao] 6 | *.o 7 | smtptest 8 | testsuite 9 | testsuitestatic 10 | sasldblistusers2 11 | dbconverter-2 12 | dbconverter-1.5.9 13 | saslpasswd2 14 | pluginviewer 15 | -------------------------------------------------------------------------------- /utils/sasltestsuite.8: -------------------------------------------------------------------------------- 1 | .\" sasltestsuite - SASL2 test tool 2 | .\" Dima Barsky 23/11/2002 3 | .\" 4 | 5 | .\" 6 | .TH SASLTESTSUITE 8 "December 23, 2002" "CMU SASL" 7 | .SH NAME 8 | sasltestsuite \- SASL2 test tool 9 | .SH SYNOPSIS 10 | .B sasltestsuite [-g name] [-s seed] [-r tests] -a -M 11 | g -- gssapi service name to use (default: host) 12 | r -- # of random tests to do (default: 25) 13 | a -- do all corruption tests (and ignores random ones unless -r specified) 14 | n -- skip the initial "do correctly" tests 15 | h -- show this screen 16 | s -- random seed to use 17 | M -- detailed memory debugging ON 18 | 19 | .SH DESCRIPTION 20 | This tool is for testing the SASL2 installation. Do not use it 21 | unless you know what you are doing. Read the source code if you need 22 | more information. 23 | -------------------------------------------------------------------------------- /win32/.cvswrappers: -------------------------------------------------------------------------------- 1 | # VC++ Files are BINARY 2 | 3 | *.dsp -k 'b' 4 | *.dsw -k 'b' 5 | *.reg -k 'b' 6 | -------------------------------------------------------------------------------- /win32/.gitignore: -------------------------------------------------------------------------------- 1 | *.user 2 | *.filters 3 | *.VC.opendb 4 | *.VC.db 5 | .vs 6 | 7 | # build directories 8 | ./common/ 9 | ./plugin_*/ 10 | ./plugins/ 11 | ./sasl2/ 12 | ./sasldb/ 13 | ./x64 14 | ./win32 -------------------------------------------------------------------------------- /win32/conan-build.py: -------------------------------------------------------------------------------- 1 | from conan.packager import ConanMultiPackager 2 | 3 | 4 | if __name__ == "__main__": 5 | builder = ConanMultiPackager() 6 | builder.add_common_builds(shared_option_name="cyrus-sasl:shared") 7 | builder.run() 8 | -------------------------------------------------------------------------------- /win32/conan/build.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | from conan.packager import ConanMultiPackager 4 | from conans import tools 5 | 6 | if __name__ == "__main__": 7 | runtimes = ["MD", "MDd"] 8 | for subdir in ["sasl2", "sasldb", "gssapiv2"]: 9 | ref = os.environ.get("CONAN_REFERENCE", "") 10 | if ref: 11 | name, ver = ref.split("/", 1) 12 | os.environ["CONAN_REFERENCE"] = "cyrus-sasl-" + subdir + "/" + ver 13 | with tools.chdir(os.path.join("win32", "conan", subdir)): 14 | builder = ConanMultiPackager(visual_runtimes=runtimes) 15 | builder.add_common_builds(shared_option_name=False, pure_c=True) 16 | builder.run() 17 | -------------------------------------------------------------------------------- /win32/conan/common/conanfile.py: -------------------------------------------------------------------------------- 1 | from conans import ConanFile, MSBuild 2 | 3 | # This is a common library used in every other subproject of cyrus-sasl 4 | # Even though cyrus-sasl-core.sln builds its own copy of this library 5 | # making it possible to build static cyrus-sasl while this one is 6 | # supposed to be used nly with dynamic runtimes (for dynamic plugins). 7 | class CyrusSaslCommonConan(ConanFile): 8 | version = "2.1.26" 9 | license = "BSD-with-attribution" 10 | url = "https://github.com/Ri0n/cyrus-sasl.git" 11 | settings = "os", "compiler", "build_type", "arch" 12 | exports_sources="../../../*" 13 | 14 | name = "cyrus-sasl-common" 15 | description = "Cyrus SASL internal common library" 16 | options = {"shared": [False]} 17 | default_options = "shared=False" 18 | requires = "OpenSSL/1.0.2o@conan/stable" 19 | 20 | def build(self): 21 | #replace_in_file("win32\\openssl.props", "libeay32.lib;", "") 22 | msbuild = MSBuild(self) 23 | msbuild.build_env.runtime = ["MD","MDd"][self.settings.get_safe("build_type") == "Debug"] 24 | msbuild.build("win32\\cyrus-sasl-common.sln") 25 | 26 | def package(self): 27 | self.copy("*common*.lib", dst="lib", keep_path=False) 28 | self.copy("*common*.a", dst="lib", keep_path=False) 29 | 30 | def package_info(self): 31 | self.cpp_info.libs = ["libcommon.lib"] 32 | 33 | -------------------------------------------------------------------------------- /win32/conan/gssapiv2/conanfile.py: -------------------------------------------------------------------------------- 1 | from conans import ConanFile, MSBuild 2 | 3 | class CyrusSaslGssapi2Conan(ConanFile): 4 | version = "2.1.26" 5 | license = "BSD-with-attribution" 6 | url = "https://github.com/Ri0n/cyrus-sasl.git" 7 | settings = "os", "compiler", "build_type", "arch" 8 | exports_sources="../../../*" 9 | 10 | name = "cyrus-sasl-gssapiv2" 11 | description = "Cyrus SASL GSSAPIv2 plugin" 12 | options = {"shared": [True]} 13 | default_options = "shared=True" 14 | build_requires = "OpenSSL/1.0.2o@conan/stable" 15 | requires = "krb5-gssapi/1.16.1@rion/stable" 16 | 17 | def build(self): 18 | msbuild = MSBuild(self) 19 | msbuild.build("win32\\cyrus-sasl-gssapiv2.sln") 20 | 21 | def package(self): 22 | self.copy("*.dll", dst="bin", keep_path=False) 23 | self.copy("*.so", dst="lib", keep_path=False) 24 | self.copy("*.dylib", dst="lib", keep_path=False) 25 | -------------------------------------------------------------------------------- /win32/conan/sasl2/conanfile.py: -------------------------------------------------------------------------------- 1 | from conans import ConanFile, MSBuild 2 | 3 | class CyrusSaslConan(ConanFile): 4 | version = "2.1.26" 5 | license = "BSD-with-attribution" 6 | url = "https://github.com/Ri0n/cyrus-sasl.git" 7 | settings = "os", "compiler", "build_type", "arch" 8 | exports_sources="../../../*" 9 | 10 | name = "cyrus-sasl-sasl2" 11 | description = "Simple Authentication and Security Layer (SASL)" 12 | options = {"shared": [True, False]} 13 | default_options = "shared=True" 14 | requires = "OpenSSL/1.0.2o@conan/stable" 15 | 16 | def build(self): 17 | msbuild = MSBuild(self) 18 | msbuild.build("win32\\cyrus-sasl-core.sln") 19 | 20 | def package(self): 21 | self.copy("*.h", dst="include\sasl", src="include") 22 | self.copy("*sasl2*.lib", dst="lib", keep_path=False) 23 | self.copy("*.dll", dst="bin", keep_path=False) 24 | self.copy("*.so", dst="lib", keep_path=False) 25 | self.copy("*.dylib", dst="lib", keep_path=False) 26 | self.copy("*.a", dst="lib", keep_path=False) 27 | 28 | def package_info(self): 29 | self.cpp_info.libs = ["sasl2.lib"] 30 | -------------------------------------------------------------------------------- /win32/conan/sasldb/conanfile.py: -------------------------------------------------------------------------------- 1 | from conans import ConanFile, MSBuild 2 | 3 | class CyrusSaslSasldbConan(ConanFile): 4 | version = "2.1.26" 5 | license = "BSD-with-attribution" 6 | url = "https://github.com/Ri0n/cyrus-sasl.git" 7 | settings = "os", "compiler", "build_type", "arch" 8 | exports_sources="../../../*" 9 | 10 | name = "cyrus-sasl-sasldb" 11 | description = "Cyrus SASL SASLDB plugin" 12 | options = {"shared": [True]} 13 | default_options = "shared=True" 14 | build_requires = "OpenSSL/1.0.2o@conan/stable" 15 | requires = "lmdb/0.9.22@rion/stable" 16 | 17 | def build(self): 18 | msbuild = MSBuild(self) 19 | msbuild.build("win32\\cyrus-sasl-sasldb.sln") 20 | 21 | def package(self): 22 | self.copy("*.dll", dst="bin", keep_path=False) 23 | self.copy("*.so", dst="lib", keep_path=False) 24 | self.copy("*.dylib", dst="lib", keep_path=False) 25 | 26 | -------------------------------------------------------------------------------- /win32/generate_conan.cmd: -------------------------------------------------------------------------------- 1 | set vsversion=%1 2 | set arch=%2 3 | set usedebug=%3 4 | set platform=%4 5 | set configuration=%5 6 | 7 | set build_type=Release 8 | if %usedebug%==true ( 9 | set build_type=Debug 10 | ) 11 | 12 | set conan_arch=%arch% 13 | if not %arch%==x86 ( 14 | set conan_arch=x86_64 15 | ) 16 | 17 | set vsversion=%vsversion:~0,2% 18 | 19 | mkdir conan\%platform%\%configuration% 20 | cd conan\%platform%\%configuration% 21 | conan install ..\..\.. -s compiler="Visual Studio" -s compiler.version=%vsversion% -s arch=%conan_arch% -s build_type=%build_type% -------------------------------------------------------------------------------- /win32/init_auxprop.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | #include 6 | #ifndef macintosh 7 | #include 8 | #endif 9 | #include 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #include "plugin_common.h" 17 | 18 | #ifdef WIN32 19 | BOOL APIENTRY DllMain( HANDLE hModule, 20 | DWORD ul_reason_for_call, 21 | LPVOID lpReserved 22 | ) 23 | { 24 | switch (ul_reason_for_call) 25 | { 26 | case DLL_PROCESS_ATTACH: 27 | case DLL_THREAD_ATTACH: 28 | case DLL_THREAD_DETACH: 29 | case DLL_PROCESS_DETACH: 30 | break; 31 | } 32 | return TRUE; 33 | } 34 | #endif 35 | 36 | SASL_AUXPROP_PLUG_INIT( AUXPROP_REPLACE ) -------------------------------------------------------------------------------- /win32/init_mechanism.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | #include 6 | #ifndef macintosh 7 | #include 8 | #endif 9 | #include 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #include "plugin_common.h" 17 | 18 | #ifdef macintosh 19 | #include 20 | #endif 21 | 22 | #ifdef WIN32 23 | BOOL APIENTRY DllMain( HANDLE hModule, 24 | DWORD ul_reason_for_call, 25 | LPVOID lpReserved 26 | ) 27 | { 28 | switch (ul_reason_for_call) 29 | { 30 | case DLL_PROCESS_ATTACH: 31 | case DLL_THREAD_ATTACH: 32 | case DLL_THREAD_DETACH: 33 | case DLL_PROCESS_DETACH: 34 | break; 35 | } 36 | return TRUE; 37 | } 38 | #endif 39 | 40 | SASL_CLIENT_PLUG_INIT( MECHANISM ) 41 | SASL_SERVER_PLUG_INIT( MECHANISM ) -------------------------------------------------------------------------------- /win32/makeinit.ps1: -------------------------------------------------------------------------------- 1 | $mechanism = @("anonymous", "scram", "gssapiv2", "otp", "passdss", "plain", "srp", "gs2") 2 | $pluginsDir = "..\plugins\" 3 | 4 | for ($i = 0; $i -le $mechanism.Count - 1; $i++) 5 | { 6 | $targetFilename = "$pluginsDir$($mechanism[$i])_init.c" 7 | if (-Not (Test-Path -Path $targetFilename) -Or (Get-ChildItem $targetFilename).CreationTime -lt (Get-ChildItem "init_mechanism.c").CreationTime) { 8 | (gc init_mechanism.c) -replace 'MECHANISM', $mechanism[$i] | Set-Content $targetFilename 9 | Write-Host " * Make init for '" $mechanism[$i] "'" 10 | } 11 | } 12 | 13 | $auxprop = @("sasldb", "sql", "ldapdb") 14 | for ($i = 0; $i -le $auxprop.Count - 1; $i++) 15 | { 16 | $targetFilename = "$pluginsDir$($auxprop[$i])_init.c" 17 | if (-Not (Test-Path -Path $targetFilename) -Or (Get-ChildItem $targetFilename).CreationTime -lt (Get-ChildItem "init_auxprop.c").CreationTime) { 18 | (gc init_auxprop.c) -replace 'AUXPROP_REPLACE', $auxprop[$i] | Set-Content $targetFilename 19 | Write-Host " * Make init for '" $auxprop[$i] "'" 20 | } 21 | } 22 | 23 | "SASL_CANONUSER_PLUG_INIT( ldapdb )" | Add-Content "$($pluginsDir)ldapdb_init.c" 24 | -------------------------------------------------------------------------------- /win32/openssl.props: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | %(AdditionalIncludeDirectories) 6 | 7 | 8 | %(AdditionalLibraryDirectories) 9 | libeay32.lib;%(AdditionalDependencies) 10 | 11 | 12 | -------------------------------------------------------------------------------- /win32/plugins.props: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | if $(TargetExt)==.dll ( 9 | mkdir "$(SolutionDir)plugins\$(Platform)" 10 | copy $(OutDir)$(TargetName)$(TargetExt) "$(SolutionDir)plugins\$(Platform)" 11 | if exist $(OutDir)$(TargetName).pdb ( 12 | copy $(OutDir)$(TargetName).pdb "$(SolutionDir)plugins\$(Platform)" 13 | ) 14 | ) 15 | 16 | 17 | ..\win32\include;..\include;..\lib;..\common;$(SaslDependencyRoot)\include 18 | 19 | 20 | powershell -executionpolicy bypass -nologo -File makeinit.ps1 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /win32/sasldb.props: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | %(AdditionalIncludeDirectories) 6 | 7 | 8 | %(AdditionalLibraryDirectories) 9 | lmdb.lib;%(AdditionalDependencies) 10 | 11 | 12 | -------------------------------------------------------------------------------- /win32/vsinstall.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal EnableDelayedExpansion 3 | 4 | set SaslIntermediateLibDir=%1 5 | set InstallRoot=%2 6 | set InstallLibDir=%3 7 | set InstallBinDir=%4 8 | 9 | echo Installing Cyrus SASL to %InstallRoot% 10 | echo BinDir: %InstallBinDir% 11 | echo LibDir: %InstallLibDir% 12 | echo IncludeDir: %InstallRoot%\include\sasl 13 | echo PluginsDir: %InstallRoot%\plugins\sasl 14 | echo --- 15 | 16 | if not exist %InstallLibDir% mkdir %InstallLibDir% 17 | if not exist %InstallBinDir% mkdir %InstallBinDir% 18 | if not exist %InstallRoot%\plugins\sasl mkdir %InstallRoot%\plugins\sasl 19 | if not exist %InstallRoot%\include\sasl mkdir %InstallRoot%\include\sasl 20 | 21 | for /f "usebackq delims=|" %%f in (`dir /b "%SaslIntermediateLibDir%\*.dll"`) do ( 22 | set libname=%%~nf 23 | set prefix=!libname:~0,6! 24 | if !prefix!==plugin set outdir=%InstallRoot%\plugins\sasl 25 | if not !prefix!==plugin set outdir=%InstallBinDir% 26 | 27 | xcopy /d /y %SaslIntermediateLibDir%\%%~nf.dll !outdir! 28 | xcopy /d /y /c %SaslIntermediateLibDir%\%%~nf.pdb !outdir! 29 | if not !prefix!==plugin xcopy /d /y %SaslIntermediateLibDir%\%%~nf.lib %InstallLibDir% 30 | ) 31 | 32 | xcopy /d /y ..\include\*.h %InstallRoot%\include\sasl\ 33 | --------------------------------------------------------------------------------