Next: , Previous: Protocol Clarifications, Up: Top


Appendix B Old Functions

As GNU SASL is still under heavy development, some API functions have been found to be less useful. Those old API functions will be supported during a transition period. Refer to the NEWS file to find out since when a function has been deprecated.

gsasl_client_listmech

— Function: int gsasl_client_listmech (Gsasl * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output character array.

outlen: input maximum size of output character array, on output contains actual length of output array.

Write SASL names, separated by space, of mechanisms supported by the libgsasl client to the output array. To find out how large the output array must be, call this function with out=NULL.

Return value: Returns GSASL_OK if successful, or error code.

Deprecated: Use gsasl_client_mechlist() instead.

gsasl_server_listmech

— Function: int gsasl_server_listmech (Gsasl * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output character array.

outlen: input maximum size of output character array, on output contains actual length of output array.

Write SASL names, separated by space, of mechanisms supported by the libgsasl server to the output array. To find out how large the output array must be, call this function with out=NULL.

Return value: Returns GSASL_OK if successful, or error code.

Deprecated: Use gsasl_server_mechlist() instead.

gsasl_client_step

— Function: int gsasl_client_step (Gsasl_session * sctx, const char * input, size_t input_len, char * output, size_t * output_len)

sctx: libgsasl client handle.

input: input byte array.

input_len: size of input byte array.

output: output byte array.

output_len: size of output byte array.

Perform one step of SASL authentication in client. This reads data from server (specified with input and input_len), processes it (potentially invoking callbacks to the application), and writes data to server (into variables output and output_len).

The contents of the output buffer is unspecified if this functions returns anything other than GSASL_NEEDS_MORE.

Return value: Returns GSASL_OK if authenticated terminated successfully, GSASL_NEEDS_MORE if more data is needed, or error code.

Deprecated: Use gsasl_step() instead.

gsasl_server_step

— Function: int gsasl_server_step (Gsasl_session * sctx, const char * input, size_t input_len, char * output, size_t * output_len)

sctx: libgsasl server handle.

input: input byte array.

input_len: size of input byte array.

output: output byte array.

output_len: size of output byte array.

Perform one step of SASL authentication in server. This reads data from client (specified with input and input_len), processes it (potentially invoking callbacks to the application), and writes data to client (into variables output and output_len).

The contents of the output buffer is unspecified if this functions returns anything other than GSASL_NEEDS_MORE.

Return value: Returns GSASL_OK if authenticated terminated successfully, GSASL_NEEDS_MORE if more data is needed, or error code.

Deprecated: Use gsasl_step() instead.

gsasl_client_step_base64

— Function: int gsasl_client_step_base64 (Gsasl_session * sctx, const char * b64input, char * b64output, size_t b64output_len)

sctx: libgsasl client handle.

b64input: input base64 encoded byte array.

b64output: output base64 encoded byte array.

b64output_len: size of output base64 encoded byte array.

This is a simple wrapper around gsasl_client_step() that base64 decodes the input and base64 encodes the output.

Return value: See gsasl_client_step().

Deprecated: Use gsasl_step64() instead.

gsasl_server_step_base64

— Function: int gsasl_server_step_base64 (Gsasl_session * sctx, const char * b64input, char * b64output, size_t b64output_len)

sctx: libgsasl server handle.

b64input: input base64 encoded byte array.

b64output: output base64 encoded byte array.

b64output_len: size of output base64 encoded byte array.

This is a simple wrapper around gsasl_server_step() that base64 decodes the input and base64 encodes the output.

Return value: See gsasl_server_step().

Deprecated: Use gsasl_step64() instead.

gsasl_client_finish

— Function: void gsasl_client_finish (Gsasl_session * sctx)

sctx: libgsasl client handle.

Destroy a libgsasl client handle. The handle must not be used with other libgsasl functions after this call.

Deprecated: Use gsasl_finish() instead.

gsasl_server_finish

— Function: void gsasl_server_finish (Gsasl_session * sctx)

sctx: libgsasl server handle.

Destroy a libgsasl server handle. The handle must not be used with other libgsasl functions after this call.

Deprecated: Use gsasl_finish() instead.

gsasl_client_ctx_get

— Function: Gsasl * gsasl_client_ctx_get (Gsasl_session * sctx)

sctx: libgsasl client handle

Return value: Returns the libgsasl handle given a libgsasl client handle.

Deprecated: This function is not useful with the new 0.2.0 API.

gsasl_client_application_data_set

— Function: void gsasl_client_application_data_set (Gsasl_session * sctx, void * application_data)

sctx: libgsasl client handle.

application_data: opaque pointer to application specific data.

Store application specific data in the libgsasl client handle. The application data can be later (for instance, inside a callback) be retrieved by calling gsasl_client_application_data_get(). It is normally used by the application to maintain state between the main program and the callback.

Deprecated: Use gsasl_callback_hook_set() or gsasl_session_hook_set() instead.

gsasl_client_application_data_get

— Function: void * gsasl_client_application_data_get (Gsasl_session * sctx)

sctx: libgsasl client handle.

Retrieve application specific data from libgsasl client handle. The application data is set using gsasl_client_application_data_set(). It is normally used by the application to maintain state between the main program and the callback.

Return value: Returns the application specific data, or NULL.

Deprecated: Use gsasl_callback_hook_get() or gsasl_session_hook_get() instead.

gsasl_server_ctx_get

— Function: Gsasl * gsasl_server_ctx_get (Gsasl_session * sctx)

sctx: libgsasl server handle

Return value: Returns the libgsasl handle given a libgsasl server handle.

Deprecated: This function is not useful with the new 0.2.0 API.

gsasl_server_application_data_set

— Function: void gsasl_server_application_data_set (Gsasl_session * sctx, void * application_data)

sctx: libgsasl server handle.

application_data: opaque pointer to application specific data.

Store application specific data in the libgsasl server handle. The application data can be later (for instance, inside a callback) be retrieved by calling gsasl_server_application_data_get(). It is normally used by the application to maintain state between the main program and the callback.

Deprecated: Use gsasl_callback_hook_set() or gsasl_session_hook_set() instead.

gsasl_server_application_data_get

— Function: void * gsasl_server_application_data_get (Gsasl_session * sctx)

sctx: libgsasl server handle.

Retrieve application specific data from libgsasl server handle. The application data is set using gsasl_server_application_data_set(). It is normally used by the application to maintain state between the main program and the callback.

Return value: Returns the application specific data, or NULL.

Deprecated: Use gsasl_callback_hook_get() or gsasl_session_hook_get() instead.

gsasl_randomize

— Function: int gsasl_randomize (int strong, char * data, size_t datalen)

strong: 0 iff operation should not block, non-0 for very strong randomness.

data: output array to be filled with random data.

datalen: size of output array.

Store cryptographically random data of given size in the provided buffer.

Return value: Returns GSASL_OK iff successful.

Deprecated: Use gsasl_random() or gsasl_nonce() instead.

gsasl_ctx_get

— Function: Gsasl * gsasl_ctx_get (Gsasl_session * sctx)

sctx: libgsasl session handle

Return value: Returns the libgsasl handle given a libgsasl session handle.

Deprecated: This function is not useful with the new 0.2.0 API.

gsasl_encode_inline

— Function: int gsasl_encode_inline (Gsasl_session * sctx, const char * input, size_t input_len, char * output, size_t * output_len)

sctx: libgsasl session handle.

input: input byte array.

input_len: size of input byte array.

output: output byte array.

output_len: size of output byte array.

Encode data according to negotiated SASL mechanism. This might mean that data is integrity or privacy protected.

Return value: Returns GSASL_OK if encoding was successful, otherwise an error code.

Deprecated: Use gsasl_encode() instead.

Since: 0.2.0

gsasl_decode_inline

— Function: int gsasl_decode_inline (Gsasl_session * sctx, const char * input, size_t input_len, char * output, size_t * output_len)

sctx: libgsasl session handle.

input: input byte array.

input_len: size of input byte array.

output: output byte array.

output_len: size of output byte array.

Decode data according to negotiated SASL mechanism. This might mean that data is integrity or privacy protected.

Return value: Returns GSASL_OK if encoding was successful, otherwise an error code.

Deprecated: Use gsasl_decode() instead.

Since: 0.2.0

gsasl_application_data_set

— Function: void gsasl_application_data_set (Gsasl * ctx, void * appdata)

ctx: libgsasl handle.

appdata: opaque pointer to application specific data.

Store application specific data in the libgsasl handle. The application data can be later (for instance, inside a callback) be retrieved by calling gsasl_application_data_get(). It is normally used by the application to maintain state between the main program and the callback.

Deprecated: Use gsasl_callback_hook_set() instead.

gsasl_application_data_get

— Function: void * gsasl_application_data_get (Gsasl * ctx)

ctx: libgsasl handle.

Retrieve application specific data from libgsasl handle. The application data is set using gsasl_application_data_set(). It is normally used by the application to maintain state between the main program and the callback.

Return value: Returns the application specific data, or NULL.

Deprecated: Use gsasl_callback_hook_get() instead.

gsasl_appinfo_set

— Function: void gsasl_appinfo_set (Gsasl_session * sctx, void * appdata)

sctx: libgsasl session handle.

appdata: opaque pointer to application specific data.

Store application specific data in the libgsasl session handle. The application data can be later (for instance, inside a callback) be retrieved by calling gsasl_appinfo_get(). It is normally used by the application to maintain state between the main program and the callback.

Deprecated: Use gsasl_callback_hook_set() instead.

gsasl_appinfo_get

— Function: void * gsasl_appinfo_get (Gsasl_session * sctx)

sctx: libgsasl session handle.

Retrieve application specific data from libgsasl session handle. The application data is set using gsasl_appinfo_set(). It is normally used by the application to maintain state between the main program and the callback.

Return value: Returns the application specific data, or NULL.

Deprecated: Use gsasl_callback_hook_get() instead.

gsasl_server_suggest_mechanism

— Function: const char * gsasl_server_suggest_mechanism (Gsasl * ctx, const char * mechlist)

ctx: libgsasl handle.

mechlist: input character array with SASL mechanism names, separated by invalid characters (e.g. SPC).

Return value: Returns name of "best" SASL mechanism supported by the libgsasl server which is present in the input string.

Deprecated: This function was never useful, since it is the client that chose which mechanism to use.

gsasl_client_callback_authentication_id_set

— Function: void gsasl_client_callback_authentication_id_set (Gsasl * ctx, Gsasl_client_callback_authentication_id cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the authentication identity. The function can be later retrieved using gsasl_client_callback_authentication_id_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_authentication_id_get

— Function: Gsasl_client_callback_authentication_id gsasl_client_callback_authentication_id_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_authentication_id_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_authorization_id_set

— Function: void gsasl_client_callback_authorization_id_set (Gsasl * ctx, Gsasl_client_callback_authorization_id cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the authorization identity. The function can be later retrieved using gsasl_client_callback_authorization_id_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_authorization_id_get

— Function: Gsasl_client_callback_authorization_id gsasl_client_callback_authorization_id_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_authorization_id_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_password_set

— Function: void gsasl_client_callback_password_set (Gsasl * ctx, Gsasl_client_callback_password cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the password. The function can be later retrieved using gsasl_client_callback_password_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_password_get

— Function: Gsasl_client_callback_password gsasl_client_callback_password_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_password_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_passcode_set

— Function: void gsasl_client_callback_passcode_set (Gsasl * ctx, Gsasl_client_callback_passcode cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the passcode. The function can be later retrieved using gsasl_client_callback_passcode_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_passcode_get

— Function: Gsasl_client_callback_passcode gsasl_client_callback_passcode_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_passcode_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_pin_set

— Function: void gsasl_client_callback_pin_set (Gsasl * ctx, Gsasl_client_callback_pin cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to chose a new pin, possibly suggested by the server, for the SECURID mechanism. This is not normally invoked, but only when the server requests it. The function can be later retrieved using gsasl_client_callback_pin_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_pin_get

— Function: Gsasl_client_callback_pin gsasl_client_callback_pin_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_pin_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_service_set

— Function: void gsasl_client_callback_service_set (Gsasl * ctx, Gsasl_client_callback_service cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the name of the service. The service buffer should be a registered GSSAPI host-based service name, hostname the name of the server. Servicename is used by DIGEST-MD5 and should be the name of generic server in case of a replicated service. The function can be later retrieved using gsasl_client_callback_service_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_service_get

— Function: Gsasl_client_callback_service gsasl_client_callback_service_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_service_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_anonymous_set

— Function: void gsasl_client_callback_anonymous_set (Gsasl * ctx, Gsasl_client_callback_anonymous cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to set the anonymous token, which usually is the users email address. The function can be later retrieved using gsasl_client_callback_anonymous_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_anonymous_get

— Function: Gsasl_client_callback_anonymous gsasl_client_callback_anonymous_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_anonymous_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_qop_set

— Function: void gsasl_client_callback_qop_set (Gsasl * ctx, Gsasl_client_callback_qop cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to determine the qop to use after looking at what the server offered. The function can be later retrieved using gsasl_client_callback_qop_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_qop_get

— Function: Gsasl_client_callback_qop gsasl_client_callback_qop_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_qop_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_maxbuf_set

— Function: void gsasl_client_callback_maxbuf_set (Gsasl * ctx, Gsasl_client_callback_maxbuf cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to inform the server of the largest buffer the client is able to receive when using the DIGEST-MD5 "auth-int" or "auth-conf" Quality of Protection (qop). If this directive is missing, the default value 65536 will be assumed. The function can be later retrieved using gsasl_client_callback_maxbuf_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_maxbuf_get

— Function: Gsasl_client_callback_maxbuf gsasl_client_callback_maxbuf_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_maxbuf_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_realm_set

— Function: void gsasl_client_callback_realm_set (Gsasl * ctx, Gsasl_client_callback_realm cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the client to know which realm it belongs to. The realm is used by the server to determine which username and password to use. The function can be later retrieved using gsasl_client_callback_realm_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_client_callback_realm_get

— Function: Gsasl_client_callback_realm gsasl_client_callback_realm_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_client_callback_realm_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_validate_set

— Function: void gsasl_server_callback_validate_set (Gsasl * ctx, Gsasl_server_callback_validate cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for deciding if user is authenticated using authentication identity, authorization identity and password. The function can be later retrieved using gsasl_server_callback_validate_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_validate_get

— Function: Gsasl_server_callback_validate gsasl_server_callback_validate_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_validate_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_retrieve_set

— Function: void gsasl_server_callback_retrieve_set (Gsasl * ctx, Gsasl_server_callback_retrieve cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for deciding if user is authenticated using authentication identity, authorization identity and password. The function can be later retrieved using gsasl_server_callback_retrieve_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_retrieve_get

— Function: Gsasl_server_callback_retrieve gsasl_server_callback_retrieve_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_retrieve_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_cram_md5_set

— Function: void gsasl_server_callback_cram_md5_set (Gsasl * ctx, Gsasl_server_callback_cram_md5 cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for deciding if user is authenticated using CRAM-MD5 challenge and response. The function can be later retrieved using gsasl_server_callback_cram_md5_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_cram_md5_get

— Function: Gsasl_server_callback_cram_md5 gsasl_server_callback_cram_md5_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_cram_md5_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_digest_md5_set

— Function: void gsasl_server_callback_digest_md5_set (Gsasl * ctx, Gsasl_server_callback_digest_md5 cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for retrieving the secret hash of the username, realm and password for use in the DIGEST-MD5 mechanism. The function can be later retrieved using gsasl_server_callback_digest_md5_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_digest_md5_get

— Function: Gsasl_server_callback_digest_md5 gsasl_server_callback_digest_md5_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Return the callback earlier set by calling gsasl_server_callback_digest_md5_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_external_set

— Function: void gsasl_server_callback_external_set (Gsasl * ctx, Gsasl_server_callback_external cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for deciding if user is authenticated out of band. The function can be later retrieved using gsasl_server_callback_external_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_external_get

— Function: Gsasl_server_callback_external gsasl_server_callback_external_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_external_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_anonymous_set

— Function: void gsasl_server_callback_anonymous_set (Gsasl * ctx, Gsasl_server_callback_anonymous cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for deciding if user is permitted anonymous access. The function can be later retrieved using gsasl_server_callback_anonymous_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_anonymous_get

— Function: Gsasl_server_callback_anonymous gsasl_server_callback_anonymous_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_anonymous_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_realm_set

— Function: void gsasl_server_callback_realm_set (Gsasl * ctx, Gsasl_server_callback_realm cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server to know which realm it serves. The realm is used by the user to determine which username and password to use. The function can be later retrieved using gsasl_server_callback_realm_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_realm_get

— Function: Gsasl_server_callback_realm gsasl_server_callback_realm_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_realm_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_qop_set

— Function: void gsasl_server_callback_qop_set (Gsasl * ctx, Gsasl_server_callback_qop cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server to know which quality of protection it accepts. The quality of protection eventually used is selected by the client though. It is currently used by the DIGEST-MD5 mechanism. The function can be later retrieved using gsasl_server_callback_qop_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_qop_get

— Function: Gsasl_server_callback_qop gsasl_server_callback_qop_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_qop_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_maxbuf_set

— Function: void gsasl_server_callback_maxbuf_set (Gsasl * ctx, Gsasl_server_callback_maxbuf cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server to inform the client of the largest buffer the server is able to receive when using the DIGEST-MD5 "auth-int" or "auth-conf" Quality of Protection (qop). If this directive is missing, the default value 65536 will be assumed. The function can be later retrieved using gsasl_server_callback_maxbuf_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_maxbuf_get

— Function: Gsasl_server_callback_maxbuf gsasl_server_callback_maxbuf_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_maxbuf_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_cipher_set

— Function: void gsasl_server_callback_cipher_set (Gsasl * ctx, Gsasl_server_callback_cipher cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server to inform the client of the cipher suites supported. The DES and 3DES ciphers must be supported for interoperability. It is currently used by the DIGEST-MD5 mechanism. The function can be later retrieved using gsasl_server_callback_cipher_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_cipher_get

— Function: Gsasl_server_callback_cipher gsasl_server_callback_cipher_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_cipher_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_securid_set

— Function: void gsasl_server_callback_securid_set (Gsasl * ctx, Gsasl_server_callback_securid cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for validating a user via the SECURID mechanism. The function should return GSASL_OK if user authenticated successfully, GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE if it wants another passcode, GSASL_SECURID_SERVER_NEED_NEW_PIN if it wants a PIN change, or an error. When (and only when) GSASL_SECURID_SERVER_NEED_NEW_PIN is returned, suggestpin can be populated with a PIN code the server suggests, and suggestpinlen set to the length of the PIN. The function can be later retrieved using gsasl_server_callback_securid_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_securid_get

— Function: Gsasl_server_callback_securid gsasl_server_callback_securid_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_securid_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_gssapi_set

— Function: void gsasl_server_callback_gssapi_set (Gsasl * ctx, Gsasl_server_callback_gssapi cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server for checking if a GSSAPI user is authorized for username (by, e.g., calling krb5_userok()). The function should return GSASL_OK if the user should be permitted access, or an error code such as GSASL_AUTHENTICATION_ERROR on failure. The function can be later retrieved using gsasl_server_callback_gssapi_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_gssapi_get

— Function: Gsasl_server_callback_gssapi gsasl_server_callback_gssapi_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_gssapi_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_service_set

— Function: void gsasl_server_callback_service_set (Gsasl * ctx, Gsasl_server_callback_service cb)

ctx: libgsasl handle.

cb: callback function

Specify the callback function to use in the server to set the name of the service. The service buffer should be a registered GSSAPI host-based service name, hostname the name of the server. The function can be later retrieved using gsasl_server_callback_service_get().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_server_callback_service_get

— Function: Gsasl_server_callback_service gsasl_server_callback_service_get (Gsasl * ctx)

ctx: libgsasl handle.

Return value: Returns the callback earlier set by calling gsasl_server_callback_service_set().

Deprecated: This function is part of the old callback interface. The new interface uses gsasl_callback_set() to set the application callback, and uses gsasl_callback() or gsasl_property_get() to invoke the callback for certain properties.

gsasl_stringprep_nfkc

— Function: char * gsasl_stringprep_nfkc (const char * in, ssize_t len)

in: a UTF-8 encoded string.

len: length of str, in bytes, or -1 if str is nul-terminated.

Converts a string into canonical form, standardizing such issues as whether a character with an accent is represented as a base character and combining accent or as a single precomposed character.

The normalization mode is NFKC (ALL COMPOSE). It standardizes differences that do not affect the text content, such as the above-mentioned accent representation. It standardizes the "compatibility" characters in Unicode, such as SUPERSCRIPT THREE to the standard forms (in this case DIGIT THREE). Formatting information may be lost but for most text operations such characters should be considered the same. It returns a result with composed forms rather than a maximally decomposed form.

Return value: Return a newly allocated string, that is the NFKC normalized form of str, o NULL on error.

Deprecated: No replacement functionality in GNU SASL, use GNU Libidn instead. Note that in SASL, you most likely want to use SASLprep and not bare NFKC, see gsasl_saslprep().

gsasl_stringprep_saslprep

— Function: char * gsasl_stringprep_saslprep (const char * in, int * stringprep_rc)

in: input ASCII or UTF-8 string with data to prepare according to SASLprep.

stringprep_rc: pointer to output variable with stringprep error code, or NULL to indicate that you don't care about it.

Process a Unicode string for comparison, according to the "SASLprep" stringprep profile. This function is intended to be used by Simple Authentication and Security Layer (SASL) mechanisms (such as PLAIN, CRAM-MD5, and DIGEST-MD5) as well as other protocols exchanging user names and/or passwords.

Return value: Return a newly allocated string that is the "SASLprep" processed form of the input string, or NULL on error, in which case stringprep_rc contain the stringprep library error code.

Deprecated: Use gsasl_saslprep() instead.

gsasl_stringprep_trace

— Function: char * gsasl_stringprep_trace (const char * in, int * stringprep_rc)

in: input ASCII or UTF-8 string with data to prepare according to "trace".

stringprep_rc: pointer to output variable with stringprep error code, or NULL to indicate that you don't care about it.

Process a Unicode string for use as trace information, according to the "trace" stringprep profile. The profile is designed for use with the SASL ANONYMOUS Mechanism.

Return value: Return a newly allocated string that is the "trace" processed form of the input string, or NULL on error, in which case stringprep_rc contain the stringprep library error code.

Deprecated: No replacement functionality in GNU SASL, use GNU Libidn instead.

gsasl_md5pwd_get_password

— Function: int gsasl_md5pwd_get_password (const char * filename, const char * username, char * key, size_t * keylen)

filename: filename of file containing passwords.

username: username string.

key: output character array.

keylen: input maximum size of output character array, on output contains actual length of output array.

Retrieve password for user from specified file. To find out how large the output array must be, call this function with out=NULL.

The file should be on the UoW "MD5 Based Authentication" format, which means it is in text format with comments denoted by # first on the line, with user entries looking as "usernameTABpassword". This function removes CR and LF at the end of lines before processing. TAB, CR, and LF denote ASCII values 9, 13, and 10, respectively.

Return value: Return GSASL_OK if output buffer contains the password, GSASL_AUTHENTICATION_ERROR if the user could not be found, or other error code.

Deprecated: Use gsasl_simple_getpass() instead.

gsasl_base64_encode

— Function: int gsasl_base64_encode (char const * src, size_t srclength, char * target, size_t targsize)

src: input byte array

srclength: size of input byte array

target: output byte array

targsize: size of output byte array

Encode data as base64. Converts characters, three at a time, starting at src into four base64 characters in the target area until the entire input buffer is encoded.

Return value: Returns the number of data bytes stored at the target, or -1 on error.

Deprecated: Use gsasl_base64_to() instead.

gsasl_base64_decode

— Function: int gsasl_base64_decode (char const * src, char * target, size_t targsize)

src: input byte array

target: output byte array

targsize: size of output byte array

Decode Base64 data. Skips all whitespace anywhere. Converts characters, four at a time, starting at (or after) src from Base64 numbers into three 8 bit bytes in the target area.

Return value: Returns the number of data bytes stored at the target, or -1 on error.

Deprecated: Use gsasl_base64_from() instead.

B.1 Obsolete callback function prototypes

— Prototype: int (*Gsasl_client_callback_anonymous) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output array with client token.

outlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should populate the output array with some input from the user and set the output array length, and return GSASL_OK, or fail with an error code.

If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_server_callback_anonymous) (Gsasl_session_ctx * ctx, const char * token)

ctx: libgsasl handle.

ctx: output array with client token.

ctx: on input the maximum size of the output array, on output contains the actual size of the output array. If OUT is

Type of callback function the application implements. It should return GSASL_OK if user should be permitted anonymous access, otherwise GSASL_AUTHENTICATION_ERROR.

— Prototype: int (*Gsasl_client_callback_authentication_id) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output array with authentication identity.

outlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should populate the output array with authentiction identity of user and set the output array length, and return GSASL_OK, or fail with an error code. The authentication identity must be encoded in UTF-8, but need not be normalized in any way.

If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_client_callback_authorization_id) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output array with authorization identity.

outlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should populate the output array with authorization identity of user and set the output array length, and return GSASL_OK, or fail with an error code. The authorization identity must be encoded in UTF-8, but need not be normalized in any way.

If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_client_callback_service) (Gsasl_session_ctx * ctx, char * service, size_t * servicelen, char * hostname, size_t * hostnamelen, char * servicename, size_t * servicenamelen)

ctx: libgsasl handle.

service: output array with name of service.

servicelen: on input the maximum size of the service output array, on output contains the actual size of the service output array.

hostname: output array with hostname of server.

hostnamelen: on input the maximum size of the hostname output array, on output contains the actual size of the hostname output array.

servicename: output array with generic name of server in case of replication (DIGEST-MD5 only).

servicenamelen: on input the maximum size of the servicename output array, on output contains the actual size of the servicename output array.

Type of callback function the application implements. It should retrieve the service (which should be a registered GSSAPI host based service name, such as “imap”) on the server, hostname of server (usually canoncial DNS hostname) and optionally generic service name of server in case of replication (e.g. “mail.example.org” when the hostname is “mx42.example.org”, see the RFC 2831 for more information). It should return GSASL_OK, or an error such as GSASL_AUTHENTICATION_ERROR if it fails.

If SERVICE, HOSTNAME or SERVICENAME is NULL, the function should only populate SERVICELEN, HOSTNAMELEN or SERVICENAMELEN with the output length of the respective field, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size. Furthermore, SERVICENAMELEN may also be NULL, indicating that the mechanism is not interested in this field.

— Prototype: int (*Gsasl_server_callback_cram_md5) (Gsasl_session_ctx * ctx, char * username, char * challenge, char * response)

ctx: libgsasl handle.

username: input array with username.

challenge: input array with CRAM-MD5 challenge.

response: input array with CRAM-MD5 response.

Type of callback function the application implements. It should return GSASL_OK if and only if the validation of the provided credential was succesful. GSASL_AUTHENTICATION_ERROR is a good failure if authentication failed, but any available return code may be used.

— Prototype: int (*Gsasl_server_callback_digest_md5) (Gsasl_session_ctx * ctx, char * username, char * realm, char * secrethash)

ctx: libgsasl handle.

username: input array with authentication identity of user.

realm: input array with realm of user.

secrethash: output array that should contain hash of username, realm and password as described for the DIGEST-MD5 mechanism.

Type of callback function the application implements. It should retrieve the secret hash for the given user in given realm and return GSASL_OK, or an error such as GSASL_AUTHENTICATION_ERROR if it fails. The secrethash buffer is guaranteed to have size for the fixed length MD5 hash.

— Prototype: int (*Gsasl_server_callback_external) (Gsasl_session_ctx * ctx)

ctx: libgsasl handle.

Type of callback function the application implements. It should return GSASL_OK if user is authenticated by out of band means, otherwise GSASL_AUTHENTICATION_ERROR.

— Prototype: int (*Gsasl_server_callback_gssapi) (Gsasl_session_ctx * ctx, char * clientname, char * authentication_id)

ctx: libgsasl handle.

clientname: input array with GSSAPI client name.

authentication_id: input array with authentication identity.

Type of callback function the application implements. It should return GSASL_OK if and only if the GSSAPI user is authorized to log on as the given authentication_id. GSASL_AUTHENTICATION_ERROR is a good failure if authentication failed, but any available return code may be used. This callback is usually implemented in the application as a call to krb5_kuserok(), such as:

          int
          callback_gssapi (Gsasl_session_ctx *ctx,
          		 char *clientname,
          		 char *authentication_id)
          {
            int rc = GSASL_AUTHENTICATION_ERROR;
          
            krb5_principal p;
            krb5_context kcontext;
          
            krb5_init_context (&kcontext);
          
            if (krb5_parse_name (kcontext, clientname, &p) != 0)
              return -1;
            if (krb5_kuserok (kcontext, p, authentication_id))
              rc = GSASL_OK;
            krb5_free_principal (kcontext, p);
          
            return rc;
          }
     
— Prototype: int (*Gsasl_client_callback_passcode) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output array with passcode.

outlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should populate the output array with passcode of user and set the output array length, and return GSASL_OK, or fail with an error code.

If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_client_callback_password) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)

ctx: libgsasl handle.

out: output array with password.

outlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should populate the output array with password of user and set the output array length, and return GSASL_OK, or fail with an error code. The password must be encoded in UTF-8, but need not be normalized in any way.

If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_server_callback_retrieve) (Gsasl_session_ctx * ctx, char * authentication_id, char * authorization_id, char * realm, char * key, size_t * keylen)

ctx: libgsasl handle.

authentication_id: input array with authentication identity.

authorization_id: input array with authorization identity, or NULL.

realm: input array with realm of user, or NULL.

key: output array with key for authentication identity.

keylen: on input the maximum size of the key output array, on output contains the actual size of the key output array.

Type of callback function the application implements. It should retrieve the password for the indicated user and return GSASL_OK, or an error code such as GSASL_AUTHENTICATION_ERROR. The key must be encoded in UTF-8, but need not be normalized in any way.

If KEY is NULL, the function should only populate the KEYLEN output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_server_callback_validate) (Gsasl_session_ctx * ctx, char * authentication_id, char * authorization_id, char * passcode, char * pin, char * suggestpin, size_t * suggestpinlen)

ctx: libgsasl handle.

authorization_id: input array with authorization identity.

authentication_id: input array with authentication identity.

passcode: input array with passcode.

pin: input array with new pin (this may be NULL).

suggestpin: output array with new suggested PIN.

suggestpinlen: on input the maximum size of the output array, on output contains the actual size of the output array.

Type of callback function the application implements. It should return GSASL_OK if and only if the validation of the provided credential was succesful. GSASL_AUTHENTICATION_ERROR is a good failure if authentication failed, but any available return code may be used.

Two SECURID specific error codes also exists. The function can return GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE to request that the client generate a new passcode. It can also return GSASL_SECURID_SERVER_NEED_NEW_PIN to request that the client generate a new PIN. If the server wishes to suggest a new PIN it can populate the SUGGESTPIN field.

If SUGGESTPIN is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_server_callback_service) (Gsasl_session_ctx * ctx, char * service, size_t * servicelen, char * hostname, size_t * hostnamelen)

ctx: libgsasl handle.

service: output array with name of service.

servicelen: on input the maximum size of the service output array, on output contains the actual size of the service output array.

hostname: output array with hostname of server.

hostnamelen: on input the maximum size of the hostname output array, on output contains the actual size of the hostname output array.

Type of callback function the application implements. It should retrieve the service (which should be a registered GSSAPI host based service name, such as “imap”) the server provides and hostname of server (usually canoncial DNS hostname). It should return GSASL_OK, or an error such as GSASL_AUTHENTICATION_ERROR if it fails.

If SERVICE or HOSTNAME is NULL, the function should only populate SERVICELEN or HOSTNAMELEN with the output length of the respective field, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.

— Prototype: int (*Gsasl_server_callback_validate) (Gsasl_session_ctx * ctx, char * authorization_id, char * authentication_id, char * password)

ctx: libgsasl handle.

authorization_id: input array with authorization identity.

authentication_id: input array with authentication identity.

password: input array with password.

Type of callback function the application implements. It should return GSASL_OK if and only if the validation of the provided credential was succesful. GSASL_AUTHENTICATION_ERROR is a good failure if authentication failed, but any available return code may be used.