void *client_creds;
/* for additions which don't require a version upgrade; set to 0 */
- void *gss_peer_name;
- void *gss_local_name;
- void *spare_ptr4;
+ const void *gss_peer_name;
+ const void *gss_local_name;
+ const char *cbindingname; /* channel binding name from packet */
int (*spare_fptr1)();
int (*spare_fptr2)();
- int spare_int1;
+ unsigned int cbindingdisp; /* channel binding disposition from client */
int spare_int2;
int spare_int3;
int spare_int4;
SASL_INFO_LIST_END
} sasl_info_callback_stage_t;
+/******************************
+ * Channel binding macros **
+ ******************************/
+
+typedef enum {
+ SASL_CB_DISP_NONE = 0, /* client did not support CB */
+ SASL_CB_DISP_USED, /* client supports and used CB */
+ SASL_CB_DISP_WANT /* client supports CB, thinks server does not */
+} sasl_cbinding_disp_t;
+/* TRUE if channel binding is non-NULL */
+#define SASL_CB_PRESENT(params) ((params)->cbinding != NULL)
+/* TRUE if channel binding is marked critical */
+#define SASL_CB_CRITICAL(params) (SASL_CB_PRESENT(params) && \
+ (params)->cbinding->critical)
/******************************
* Client Mechanism Functions *
sasl_ssf_t external_ssf; /* external SSF active */
/* for additions which don't require a version upgrade; set to 0 */
- void *gss_creds;
- void *spare_ptr2;
+ const void *gss_creds; /* GSS credential handle */
+ const sasl_channel_binding_t *cbinding; /* client channel binding */
void *spare_ptr3;
void *spare_ptr4;
int (*spare_fptr1)();
- int spare_int1;
- int spare_int2;
+ unsigned int cbindingdisp;
+ unsigned int spare_int2;
int spare_int3;
/* flags field as passed to sasl_client_new */
/* This plugin allows proxying */
#define SASL_FEAT_ALLOWS_PROXY 0x0020
+/* server plugin needs old password in order to change password */
+#define SASL_FEAT_NEED_OLD_PASSWD 0x0040
+
+/* server plugin don't use cleartext userPassword attribute */
+#define SASL_FEAT_DONTUSE_USERPASSWD 0x0080
+
+/* Underlying mechanism uses GSS framing */
+#define SASL_FEAT_GSS_FRAMING 0x0100
+
+/* Underlying mechanism supports channel binding */
+#define SASL_FEAT_CHANNEL_BINDING 0x0200
+
/* client plug-in features */
#define SASL_FEAT_NEEDSERVERFQDN 0x0001
struct propctx *propctx;
/* for additions which don't require a version upgrade; set to 0 */
- void *gss_creds;
- void *spare_ptr2;
+ const void *gss_creds; /* GSS credential handle */
+ const sasl_channel_binding_t *cbinding; /* server channel binding */
void *spare_ptr3;
void *spare_ptr4;
int (*spare_fptr1)();