1 | .\" -*- nroff -*- |
---|
2 | .\" |
---|
3 | .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. |
---|
4 | .\" |
---|
5 | .\" Redistribution and use in source and binary forms, with or without |
---|
6 | .\" modification, are permitted provided that the following conditions |
---|
7 | .\" are met: |
---|
8 | .\" |
---|
9 | .\" 1. Redistributions of source code must retain the above copyright |
---|
10 | .\" notice, this list of conditions and the following disclaimer. |
---|
11 | .\" |
---|
12 | .\" 2. Redistributions in binary form must reproduce the above copyright |
---|
13 | .\" notice, this list of conditions and the following disclaimer in |
---|
14 | .\" the documentation and/or other materials provided with the |
---|
15 | .\" distribution. |
---|
16 | .\" |
---|
17 | .\" 3. The name "Carnegie Mellon University" must not be used to |
---|
18 | .\" endorse or promote products derived from this software without |
---|
19 | .\" prior written permission. For permission or any other legal |
---|
20 | .\" details, please contact |
---|
21 | .\" Office of Technology Transfer |
---|
22 | .\" Carnegie Mellon University |
---|
23 | .\" 5000 Forbes Avenue |
---|
24 | .\" Pittsburgh, PA 15213-3890 |
---|
25 | .\" (412) 268-4387, fax: (412) 268-7395 |
---|
26 | .\" tech-transfer@andrew.cmu.edu |
---|
27 | .\" |
---|
28 | .\" 4. Redistributions of any form whatsoever must retain the following |
---|
29 | .\" acknowledgment: |
---|
30 | .\" "This product includes software developed by Computing Services |
---|
31 | .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." |
---|
32 | .\" |
---|
33 | .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO |
---|
34 | .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY |
---|
35 | .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE |
---|
36 | .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
---|
37 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN |
---|
38 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
---|
39 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
---|
40 | .\" |
---|
41 | .TH sasl_client_new "21 June 2001" SASL "SASL man pages" |
---|
42 | .SH NAME |
---|
43 | sasl_client_new \- Create a new client authentication object |
---|
44 | |
---|
45 | |
---|
46 | .SH SYNOPSIS |
---|
47 | .nf |
---|
48 | .B #include <sasl/sasl.h> |
---|
49 | .sp |
---|
50 | .BI "int sasl_client_new(const char " *service ", " |
---|
51 | .BI " const char " *serverFQDN ", " |
---|
52 | .BI " const char " *iplocalport ", " |
---|
53 | .BI " const char " *ipremoteport ", " |
---|
54 | .BI " const sasl_callback_t " *prompt_supp, |
---|
55 | .BI " unsigned " secflags ", " |
---|
56 | .BI " sasl_conn_t ** " pconn ");" |
---|
57 | |
---|
58 | .fi |
---|
59 | .SH DESCRIPTION |
---|
60 | |
---|
61 | .B sasl_client_new() |
---|
62 | creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentication and integrity/encyption layers after authentication. |
---|
63 | .PP |
---|
64 | .I service |
---|
65 | is the registered name of the service (usually the protocol name) using SASL (e.g. "imap"). |
---|
66 | .PP |
---|
67 | .I serverFQDN |
---|
68 | is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu"). |
---|
69 | .PP |
---|
70 | .I iplocalport |
---|
71 | is the IP and port of the local side of the connection, or NULL. If |
---|
72 | iplocalport is NULL it will disable mechanisms that require IP address |
---|
73 | information. This strings must be in one of the following formats: |
---|
74 | "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6), |
---|
75 | or "e:f:g:h:i:j:a.b.c.d;port" (IPv6) |
---|
76 | .PP |
---|
77 | .I ipremoteport |
---|
78 | is the IP and port of the remote side of the connection, or NULL (see |
---|
79 | iplocalport) |
---|
80 | .PP |
---|
81 | .I prompt_supp |
---|
82 | is a list of client interactions supported that is unique to this connection. If this parameter is NULL the global callbacks (specified in sasl_client_init) will be used. See sasl_callback for more information. |
---|
83 | .PP |
---|
84 | .I secflags |
---|
85 | are security flags (see below) |
---|
86 | .PP |
---|
87 | .I pconn |
---|
88 | is the conection context allocated by the library. This structure will be used for all future SASL calls for this connection. |
---|
89 | .PP |
---|
90 | .B Security Flags |
---|
91 | .PP |
---|
92 | Security flags that may be passed to |
---|
93 | .B sasl_server_new() |
---|
94 | include |
---|
95 | .TP 0.8i |
---|
96 | .B SASL_SEC_NOPLAINTEXT |
---|
97 | Don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN) |
---|
98 | .TP 0.8i |
---|
99 | .B SASL_SEC_NOACTIVE |
---|
100 | Protection from active (non-dictionary) attacks during authentication exchange. Authenticates server. |
---|
101 | .TP 0.8i |
---|
102 | .B SASL_SEC_NODICTIONARY |
---|
103 | Don't permit mechanisms susceptible to passive dictionary attack |
---|
104 | .TP 0.8i |
---|
105 | .B SASL_SEC_FORWARD_SECURITY |
---|
106 | Require forward secrecy between sessions. (breaking one won't help break next) |
---|
107 | .TP 0.8i |
---|
108 | .B SASL_SEC_NOANONYMOUS |
---|
109 | Don't permit mechanisms that allow anonymous login |
---|
110 | .TP 0.8i |
---|
111 | .B SASL_SEC_PASS_CREDENTIALS |
---|
112 | Require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so. |
---|
113 | .TP 0.8i |
---|
114 | .B SASL_SEC_MAXIMUM |
---|
115 | All of the above. |
---|
116 | |
---|
117 | .SH "RETURN VALUE" |
---|
118 | |
---|
119 | sasl_client_new returns an integer which corresponds to one of the |
---|
120 | following codes. SASL_OK is the only one that indicates success. All |
---|
121 | others indicate errors and should either be handled or the |
---|
122 | authentication session should be quit. |
---|
123 | |
---|
124 | .SH ERRORS |
---|
125 | .TP 0.8i |
---|
126 | .B SASL_OK |
---|
127 | Success |
---|
128 | .TP 0.8i |
---|
129 | .B SASL_BADPARAM |
---|
130 | Error in config file or passed parameters |
---|
131 | .TP 0.8i |
---|
132 | .B SASL_NOMECH |
---|
133 | No mechanism meets requested properties |
---|
134 | .TP 0.8i |
---|
135 | .B SASL_NOMEM |
---|
136 | Not enough memory to complete operation |
---|
137 | |
---|
138 | .SH "CONFORMING TO" |
---|
139 | RFC 2222 |
---|
140 | .SH "SEE ALSO" |
---|
141 | sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3) |
---|