diff --git a/.hgignore b/.hgignore new file mode 100644 index 0000000..909167f --- /dev/null +++ b/.hgignore @@ -0,0 +1,8 @@ +syntax: glob +build +OpenSourceProjects/libetpan-0.49 +OpenSourceProjects/include/libetpan +.DS_Store +*.pyc +*.mode1v3 +*.pbxuser \ No newline at end of file diff --git a/MailCore.xcodeproj/project.pbxproj b/MailCore.xcodeproj/project.pbxproj index c89f82b..5e93e62 100644 --- a/MailCore.xcodeproj/project.pbxproj +++ b/MailCore.xcodeproj/project.pbxproj @@ -169,6 +169,8 @@ F88CA0CF0BF7A7B00055AC29 /* CTSMTP.m in Sources */ = {isa = PBXBuildFile; fileRef = F88CA0CD0BF7A7B00055AC29 /* CTSMTP.m */; }; F88CA0D40BF7AC0B0055AC29 /* CTESMTP.h in Headers */ = {isa = PBXBuildFile; fileRef = F88CA0D20BF7AC0B0055AC29 /* CTESMTP.h */; settings = {ATTRIBUTES = (Public, ); }; }; F88CA0D50BF7AC0B0055AC29 /* CTESMTP.m in Sources */ = {isa = PBXBuildFile; fileRef = F88CA0D30BF7AC0B0055AC29 /* CTESMTP.m */; }; + F8A70EEF0C4059E100D1D694 /* JRLog.h in Headers */ = {isa = PBXBuildFile; fileRef = F8A70EED0C4059E100D1D694 /* JRLog.h */; }; + F8A70EF00C4059E100D1D694 /* JRLog.m in Sources */ = {isa = PBXBuildFile; fileRef = F8A70EEE0C4059E100D1D694 /* JRLog.m */; }; F8D31A3209C524EA00468234 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = F8D31A3109C524EA00468234 /* main.m */; }; F8D31A8609C52A9400468234 /* MailCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8DC2EF5B0486A6940098B216 /* MailCore.framework */; }; F8DCD3990C13E18100B10F94 /* acl_types.h in Headers */ = {isa = PBXBuildFile; fileRef = F8DCD3970C13E18100B10F94 /* acl_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -379,6 +381,8 @@ F88CA0CD0BF7A7B00055AC29 /* CTSMTP.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CTSMTP.m; path = Source/CTSMTP.m; sourceTree = ""; }; F88CA0D20BF7AC0B0055AC29 /* CTESMTP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CTESMTP.h; path = Source/CTESMTP.h; sourceTree = ""; }; F88CA0D30BF7AC0B0055AC29 /* CTESMTP.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CTESMTP.m; path = Source/CTESMTP.m; sourceTree = ""; }; + F8A70EED0C4059E100D1D694 /* JRLog.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = JRLog.h; path = Source/JRLog.h; sourceTree = ""; }; + F8A70EEE0C4059E100D1D694 /* JRLog.m */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.objc; name = JRLog.m; path = Source/JRLog.m; sourceTree = ""; }; F8D31A2909C5247100468234 /* TestShell */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = TestShell; sourceTree = BUILT_PRODUCTS_DIR; }; F8D31A3109C524EA00468234 /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; F8DCD3970C13E18100B10F94 /* acl_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = acl_types.h; path = OpenSourceProjects/include/libetpan/acl_types.h; sourceTree = SOURCE_ROOT; }; @@ -533,6 +537,8 @@ 32C88DFF0371C24200C91783 /* Other Sources */ = { isa = PBXGroup; children = ( + F8A70EED0C4059E100D1D694 /* JRLog.h */, + F8A70EEE0C4059E100D1D694 /* JRLog.m */, F80BDF490A774369003B344E /* libetpan */, F81B88710A74AAD800143DF6 /* MailCore_Prefix.pch */, F8D31A3109C524EA00468234 /* main.m */, @@ -840,6 +846,7 @@ F81A8AE20C03FC3B002F780A /* CTMIME_TextPart.h in Headers */, F81A8AE40C03FC3B002F780A /* CTMIME.h in Headers */, F8245A6D0C041C8C005E08A8 /* CTMIMEFactory.h in Headers */, + F8A70EEF0C4059E100D1D694 /* JRLog.h in Headers */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1003,6 +1010,7 @@ F81A8AE30C03FC3B002F780A /* CTMIME_TextPart.m in Sources */, F81A8AE50C03FC3B002F780A /* CTMIME.m in Sources */, F8245A700C041C91005E08A8 /* CTMIMEFactory.m in Sources */, + F8A70EF00C4059E100D1D694 /* JRLog.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1113,7 +1121,7 @@ HEADER_SEARCH_PATHS = ""; LIBRARY_SEARCH_PATHS = ""; PREBINDING = NO; - SDKROOT = ""; + SDKROOT = /Developer/SDKs/MacOSX10.5.sdk; }; name = Debug; }; @@ -1132,7 +1140,7 @@ HEADER_SEARCH_PATHS = ""; LIBRARY_SEARCH_PATHS = ""; PREBINDING = NO; - SDKROOT = /Developer/SDKs/MacOSX10.4u.sdk; + SDKROOT = /Developer/SDKs/MacOSX10.5.sdk; }; name = Release; }; diff --git a/OpenSourceProjects/include/sasl/hmac-md5.h b/OpenSourceProjects/include/sasl/hmac-md5.h deleted file mode 100644 index babe003..0000000 --- a/OpenSourceProjects/include/sasl/hmac-md5.h +++ /dev/null @@ -1,59 +0,0 @@ -/* hmac-md5.h -- HMAC_MD5 functions - */ - -#ifndef HMAC_MD5_H -#define HMAC_MD5_H 1 - -#define HMAC_MD5_SIZE 16 - -/* intermediate MD5 context */ -typedef struct HMAC_MD5_CTX_s { - MD5_CTX ictx, octx; -} HMAC_MD5_CTX; - -/* intermediate HMAC state - * values stored in network byte order (Big Endian) - */ -typedef struct HMAC_MD5_STATE_s { - UINT4 istate[4]; - UINT4 ostate[4]; -} HMAC_MD5_STATE; - -#ifdef __cplusplus -extern "C" { -#endif - -/* One step hmac computation - * - * digest may be same as text or key - */ -void _sasl_hmac_md5(const unsigned char *text, int text_len, - const unsigned char *key, int key_len, - unsigned char digest[HMAC_MD5_SIZE]); - -/* create context from key - */ -void _sasl_hmac_md5_init(HMAC_MD5_CTX *hmac, - const unsigned char *key, int key_len); - -/* precalculate intermediate state from key - */ -void _sasl_hmac_md5_precalc(HMAC_MD5_STATE *hmac, - const unsigned char *key, int key_len); - -/* initialize context from intermediate state - */ -void _sasl_hmac_md5_import(HMAC_MD5_CTX *hmac, HMAC_MD5_STATE *state); - -#define _sasl_hmac_md5_update(hmac, text, text_len) _sasl_MD5Update(&(hmac)->ictx, (text), (text_len)) - -/* finish hmac from intermediate result. Intermediate result is zeroed. - */ -void _sasl_hmac_md5_final(unsigned char digest[HMAC_MD5_SIZE], - HMAC_MD5_CTX *hmac); - -#ifdef __cplusplus -} -#endif - -#endif /* HMAC_MD5_H */ diff --git a/OpenSourceProjects/include/sasl/md5.h b/OpenSourceProjects/include/sasl/md5.h deleted file mode 100644 index 15b46ea..0000000 --- a/OpenSourceProjects/include/sasl/md5.h +++ /dev/null @@ -1,43 +0,0 @@ -/* MD5.H - header file for MD5C.C - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -#ifdef __cplusplus -extern "C" { -#endif - -void _sasl_MD5Init PROTO_LIST ((MD5_CTX *)); -void _sasl_MD5Update PROTO_LIST - ((MD5_CTX *, const unsigned char *, unsigned int)); -void _sasl_MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); - -#ifdef __cplusplus -} -#endif diff --git a/OpenSourceProjects/include/sasl/md5global.h b/OpenSourceProjects/include/sasl/md5global.h deleted file mode 100644 index fbd7455..0000000 --- a/OpenSourceProjects/include/sasl/md5global.h +++ /dev/null @@ -1,38 +0,0 @@ -/* GLOBAL.H - RSAREF types and constants - */ -#ifndef MD5GLOBAL_H -#define MD5GLOBAL_H - -/* PROTOTYPES should be set to one if and only if the compiler supports - function argument prototyping. -The following makes PROTOTYPES default to 0 if it has not already - been defined with C compiler flags. - */ -#ifndef PROTOTYPES -#define PROTOTYPES 0 -#endif - -/* POINTER defines a generic pointer type */ -typedef unsigned char *POINTER; - -typedef signed char INT1; /* 8 bits */ -typedef short INT2; /* 16 bits */ -typedef int INT4; /* 32 bits */ -/* There is no 64 bit type */ -typedef unsigned char UINT1; /* 8 bits */ -typedef unsigned short UINT2; /* 16 bits */ -typedef unsigned int UINT4; /* 32 bits */ -/* There is no 64 bit type */ - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. -If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it -returns an empty list. -*/ -#if PROTOTYPES -#define PROTO_LIST(list) list -#else -#define PROTO_LIST(list) () -#endif - -#endif /* MD5GLOBAL_H */ - diff --git a/OpenSourceProjects/include/sasl/prop.h b/OpenSourceProjects/include/sasl/prop.h deleted file mode 100644 index 7a65c85..0000000 --- a/OpenSourceProjects/include/sasl/prop.h +++ /dev/null @@ -1,187 +0,0 @@ -/* prop.h -- property request/response management routines - * - * Author: Chris Newman - * Removal of implementation-specific details by: Rob Siemborski - * - * This is intended to be used to create a list of properties to request, - * and _then_ request values for all properties. Any change to the request - * list will discard any existing values. This assumption allows a very - * efficient and simple memory model. This was designed for SASL API auxiliary - * property support, but would be fine for other contexts where this property - * model is appropriate. - * - * The "struct propctx" is allocated by prop_new and is a fixed size structure. - * If a prop_init() call were added, it would be reasonable to embed a "struct - * propctx" in another structure. prop_new also allocates a pool of memory - * (in the vbase field) which will be used for an array of "struct propval" - * to list all the requested properties. - * - * Properties may be multi-valued. - */ - -#ifndef PROP_H -#define PROP_H 1 - -/* The following ifdef block is the standard way of creating macros - * which make exporting from a DLL simpler. All files within this DLL - * are compiled with the LIBSASL_EXPORTS symbol defined on the command - * line. this symbol should not be defined on any project that uses - * this DLL. This way any other project whose source files include - * this file see LIBSASL_API functions as being imported from a DLL, - * wheras this DLL sees symbols defined with this macro as being - * exported. */ -/* Under Unix, life is simpler: we just need to mark library functions - * as extern. (Technically, we don't even have to do that.) */ -#ifdef WIN32 -# ifdef LIBSASL_EXPORTS -# define LIBSASL_API __declspec(dllexport) -# else /* LIBSASL_EXPORTS */ -# define LIBSASL_API __declspec(dllimport) -# endif /* LIBSASL_EXPORTS */ -#else /* WIN32 */ -# define LIBSASL_API extern -#endif /* WIN32 */ - -/* Same as above, but used during a variable declaration. Only Unix definition - * is different, as we can't assign an initial value to an extern variable */ -#ifdef WIN32 -# ifdef LIBSASL_EXPORTS -# define LIBSASL_VAR __declspec(dllexport) -# else /* LIBSASL_EXPORTS */ -# define LIBSASL_VAR __declspec(dllimport) -# endif /* LIBSASL_EXPORTS */ -#else /* WIN32 */ -# define LIBSASL_VAR -#endif /* WIN32 */ - -/* the resulting structure for property values - */ -struct propval { - const char *name; /* name of property; NULL = end of list */ - /* same pointer used in request will be used here */ - const char **values; /* list of strings, values == NULL if property not - * found, *values == NULL if property found with - * no values */ - unsigned nvalues; /* total number of value strings */ - unsigned valsize; /* total size in characters of all value strings */ -}; - -/* - * private internal structure - */ -#define PROP_DEFAULT 4 /* default number of propvals to assume */ -struct propctx; - -#ifdef __cplusplus -extern "C" { -#endif - -/* create a property context - * estimate -- an estimate of the storage needed for requests & responses - * 0 will use module default - * returns a new property context on success and NULL on any error - */ -LIBSASL_API struct propctx *prop_new(unsigned estimate); - -/* create new propctx which duplicates the contents of an existing propctx - * returns SASL_OK on success - * possible other return values include: SASL_NOMEM, SASL_BADPARAM - */ -LIBSASL_API int prop_dup(struct propctx *src_ctx, struct propctx **dst_ctx); - -/* Add property names to request - * ctx -- context from prop_new() - * names -- list of property names; must persist until context freed - * or requests cleared (This extends to other contexts that - * are dup'ed from this one, and their children, etc) - * - * NOTE: may clear values from context as side-effect - * returns SASL_OK on success - * possible other return values include: SASL_NOMEM, SASL_BADPARAM - */ -LIBSASL_API int prop_request(struct propctx *ctx, const char **names); - -/* return array of struct propval from the context - * return value persists until next call to - * prop_request, prop_clear or prop_dispose on context - * - * returns NULL on error - */ -LIBSASL_API const struct propval *prop_get(struct propctx *ctx); - -/* Fill in an array of struct propval based on a list of property names - * return value persists until next call to - * prop_request, prop_clear or prop_dispose on context - * returns number of matching properties which were found (values != NULL) - * if a name requested here was never requested by a prop_request, then - * the name field of the associated vals entry will be set to NULL - * - * The vals array MUST be atleast as long as the names array. - * - * returns # of matching properties on success - * possible other return values include: SASL_BADPARAM - */ -LIBSASL_API int prop_getnames(struct propctx *ctx, const char **names, - struct propval *vals); - -/* clear values and optionally requests from property context - * ctx -- property context - * requests -- 0 = don't clear requests, 1 = clear requests - */ -LIBSASL_API void prop_clear(struct propctx *ctx, int requests); - -/* erase the value of a property - */ -LIBSASL_API void prop_erase(struct propctx *ctx, const char *name); - -/* dispose of property context - * ctx -- is disposed and set to NULL; noop if ctx or *ctx is NULL - */ -LIBSASL_API void prop_dispose(struct propctx **ctx); - - -/****fetcher interfaces****/ - -/* format the requested property names into a string - * ctx -- context from prop_new()/prop_request() - * sep -- separator between property names (unused if none requested) - * seplen -- length of separator, if < 0 then strlen(sep) will be used - * outbuf -- output buffer - * outmax -- maximum length of output buffer including NUL terminator - * outlen -- set to length of output string excluding NUL terminator - * returns SASL_OK on success - * returns SASL_BADPARAM or amount of additional space needed on failure - */ -LIBSASL_API int prop_format(struct propctx *ctx, const char *sep, int seplen, - char *outbuf, unsigned outmax, unsigned *outlen); - -/* add a property value to the context - * ctx -- context from prop_new()/prop_request() - * name -- name of property to which value will be added - * if NULL, add to the same name as previous prop_set/setvals call - * value -- a value for the property; will be copied into context - * if NULL, remove existing values - * vallen -- length of value, if <= 0 then strlen(value) will be used - * returns SASL_OK on success - * possible error return values include: SASL_BADPARAM, SASL_NOMEM - */ -LIBSASL_API int prop_set(struct propctx *ctx, const char *name, - const char *value, int vallen); - -/* set the values for a property - * ctx -- context from prop_new()/prop_request() - * name -- name of property to which value will be added - * if NULL, add to the same name as previous prop_set/setvals call - * values -- array of values, ending in NULL. Each value is a NUL terminated - * string - * returns SASL_OK on success - * possible error return values include: SASL_BADPARAM, SASL_NOMEM - */ -LIBSASL_API int prop_setvals(struct propctx *ctx, const char *name, - const char **values); - -#ifdef __cplusplus -} -#endif - -#endif /* PROP_H */ diff --git a/OpenSourceProjects/include/sasl/sasl.h b/OpenSourceProjects/include/sasl/sasl.h deleted file mode 100644 index 775e842..0000000 --- a/OpenSourceProjects/include/sasl/sasl.h +++ /dev/null @@ -1,1261 +0,0 @@ -/* This is a proposed C API for support of SASL - * - *********************************IMPORTANT******************************* - * send email to chris.newman@innosoft.com and cyrus-bugs@andrew.cmu.edu * - * if you need to add new error codes, callback types, property values, * - * etc. It is important to keep the multiple implementations of this * - * API from diverging. * - *********************************IMPORTANT******************************* - * - * Basic Type Summary: - * sasl_conn_t Context for a SASL connection negotiation - * sasl_ssf_t Security layer Strength Factor - * sasl_callback_t A typed client/server callback function and context - * sasl_interact_t A client interaction descriptor - * sasl_secret_t A client password - * sasl_rand_t Random data context structure - * sasl_security_properties_t An application's required security level - * - * Callbacks: - * sasl_getopt_t client/server: Get an option value - * sasl_logmsg_t client/server: Log message handler - * sasl_getsimple_t client: Get user/language list - * sasl_getsecret_t client: Get authentication secret - * sasl_chalprompt_t client: Display challenge and prompt for response - * - * Server only Callbacks: - * sasl_authorize_t user authorization policy callback - * sasl_getconfpath_t get path to search for config file - * sasl_server_userdb_checkpass check password and auxprops in userdb - * sasl_server_userdb_setpass set password in userdb - * sasl_server_canon_user canonicalize username routine - * - * Client/Server Function Summary: - * sasl_done Release all SASL global state - * sasl_dispose Connection done: Dispose of sasl_conn_t - * sasl_getprop Get property (e.g., user name, security layer info) - * sasl_setprop Set property (e.g., external ssf) - * sasl_errdetail Generate string from last error on connection - * sasl_errstring Translate sasl error code to a string - * sasl_encode Encode data to send using security layer - * sasl_decode Decode data received using security layer - * - * Utility functions: - * sasl_encode64 Encode data to send using MIME base64 encoding - * sasl_decode64 Decode data received using MIME base64 encoding - * sasl_erasebuffer Erase a buffer - * - * Client Function Summary: - * sasl_client_init Load and initialize client plug-ins (call once) - * sasl_client_new Initialize client connection context: sasl_conn_t - * sasl_client_start Select mechanism for connection - * sasl_client_step Perform one authentication step - * - * Server Function Summary - * sasl_server_init Load and initialize server plug-ins (call once) - * sasl_server_new Initialize server connection context: sasl_conn_t - * sasl_listmech Create list of available mechanisms - * sasl_server_start Begin an authentication exchange - * sasl_server_step Perform one authentication exchange step - * sasl_checkpass Check a plaintext passphrase - * sasl_checkapop Check an APOP challenge/response (uses pseudo "APOP" - * mechanism similar to CRAM-MD5 mechanism; optional) - * sasl_user_exists Check if user exists - * sasl_setpass Change a password or add a user entry - * sasl_auxprop_request Request auxiliary properties - * sasl_auxprop_getctx Get auxiliary property context for connection - * sasl_auxprop_store Store a set of auxiliary properties - * - * Basic client model: - * 1. client calls sasl_client_init() at startup to load plug-ins - * 2. when connection formed, call sasl_client_new() - * 3. once list of supported mechanisms received from server, client - * calls sasl_client_start(). goto 4a - * 4. client calls sasl_client_step() - * [4a. If SASL_INTERACT, fill in prompts and goto 4 - * -- doesn't happen if callbacks provided] - * 4b. If SASL error, goto 7 or 3 - * 4c. If SASL_OK, continue or goto 6 if last server response was success - * 5. send message to server, wait for response - * 5a. On data or success with server response, goto 4 - * 5b. On failure goto 7 or 3 - * 5c. On success with no server response continue - * 6. continue with application protocol until connection closes - * call sasl_getprop/sasl_encode/sasl_decode() if using security layer - * 7. call sasl_dispose(), may return to step 2 - * 8. call sasl_done() when program terminates - * - * Basic Server model: - * 1. call sasl_server_init() at startup to load plug-ins - * 2. On connection, call sasl_server_new() - * 3. call sasl_listmech() and send list to client] - * 4. after client AUTH command, call sasl_server_start(), goto 5a - * 5. call sasl_server_step() - * 5a. If SASL_CONTINUE, output to client, wait response, repeat 5 - * 5b. If SASL error, then goto 7 - * 5c. If SASL_OK, move on - * 6. continue with application protocol until connection closes - * call sasl_getprop to get username - * call sasl_getprop/sasl_encode/sasl_decode() if using security layer - * 7. call sasl_dispose(), may return to step 2 - * 8. call sasl_done() when program terminates - * - ************************************************* - * IMPORTANT NOTE: server realms / username syntax - * - * If a user name contains a "@", then the rightmost "@" in the user name - * separates the account name from the realm in which this account is - * located. A single server may support multiple realms. If the - * server knows the realm at connection creation time (e.g., a server - * with multiple IP addresses tightly binds one address to a specific - * realm) then that realm must be passed in the user_realm field of - * the sasl_server_new call. If user_realm is non-empty and an - * unqualified user name is supplied, then the canon_user facility is - * expected to append "@" and user_realm to the user name. The canon_user - * facility may treat other characters such as "%" as equivalent to "@". - * - * If the server forbids the use of "@" in user names for other - * purposes, this simplifies security validation. - */ - -#ifndef SASL_H -#define SASL_H 1 - -/* Keep in sync with win32/common.mak */ -#define SASL_VERSION_MAJOR 2 -#define SASL_VERSION_MINOR 1 -#define SASL_VERSION_STEP 22 - -/* A convenience macro: same as was defined in the OpenLDAP LDAPDB */ -#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\ - (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP) - -#include "prop.h" - -/************* - * Basic API * - *************/ - -/* SASL result codes: */ -#define SASL_CONTINUE 1 /* another step is needed in authentication */ -#define SASL_OK 0 /* successful result */ -#define SASL_FAIL -1 /* generic failure */ -#define SASL_NOMEM -2 /* memory shortage failure */ -#define SASL_BUFOVER -3 /* overflowed buffer */ -#define SASL_NOMECH -4 /* mechanism not supported */ -#define SASL_BADPROT -5 /* bad protocol / cancel */ -#define SASL_NOTDONE -6 /* can't request info until later in exchange */ -#define SASL_BADPARAM -7 /* invalid parameter supplied */ -#define SASL_TRYAGAIN -8 /* transient failure (e.g., weak key) */ -#define SASL_BADMAC -9 /* integrity check failed */ -#define SASL_NOTINIT -12 /* SASL library not initialized */ - /* -- client only codes -- */ -#define SASL_INTERACT 2 /* needs user interaction */ -#define SASL_BADSERV -10 /* server failed mutual authentication step */ -#define SASL_WRONGMECH -11 /* mechanism doesn't support requested feature */ - /* -- server only codes -- */ -#define SASL_BADAUTH -13 /* authentication failure */ -#define SASL_NOAUTHZ -14 /* authorization failure */ -#define SASL_TOOWEAK -15 /* mechanism too weak for this user */ -#define SASL_ENCRYPT -16 /* encryption needed to use mechanism */ -#define SASL_TRANS -17 /* One time use of a plaintext password will - enable requested mechanism for user */ -#define SASL_EXPIRED -18 /* passphrase expired, has to be reset */ -#define SASL_DISABLED -19 /* account disabled */ -#define SASL_NOUSER -20 /* user not found */ -#define SASL_BADVERS -23 /* version mismatch with plug-in */ -#define SASL_UNAVAIL -24 /* remote authentication server unavailable */ -#define SASL_NOVERIFY -26 /* user exists, but no verifier for user */ - /* -- codes for password setting -- */ -#define SASL_PWLOCK -21 /* passphrase locked */ -#define SASL_NOCHANGE -22 /* requested change was not needed */ -#define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */ -#define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */ - -/* max size of a sasl mechanism name */ -#define SASL_MECHNAMEMAX 20 - -#ifdef _WIN32 -/* Define to have the same layout as a WSABUF */ -#ifndef STRUCT_IOVEC_DEFINED -#define STRUCT_IOVEC_DEFINED 1 -struct iovec { - long iov_len; - char *iov_base; -}; -#endif -#else -struct iovec; /* Defined in OS headers */ -#endif - - -/* per-connection SASL negotiation state for client or server - */ -typedef struct sasl_conn sasl_conn_t; - -/* Plain text password structure. - * len is the length of the password, data is the text. - */ -typedef struct sasl_secret { - unsigned long len; - unsigned char data[1]; /* variable sized */ -} sasl_secret_t; - -/* random data context structure - */ -typedef struct sasl_rand_s sasl_rand_t; - -#ifdef __cplusplus -extern "C" { -#endif - -/**************************** - * Configure Basic Services * - ****************************/ - -/* the following functions are used to adjust how allocation and mutexes work - * they must be called before all other SASL functions: - */ - -/* memory allocation functions which may optionally be replaced: - */ -typedef void *sasl_malloc_t(unsigned long); -typedef void *sasl_calloc_t(unsigned long, unsigned long); -typedef void *sasl_realloc_t(void *, unsigned long); -typedef void sasl_free_t(void *); - -LIBSASL_API void sasl_set_alloc(sasl_malloc_t *, - sasl_calloc_t *, - sasl_realloc_t *, - sasl_free_t *); - -/* mutex functions which may optionally be replaced: - * sasl_mutex_alloc allocates a mutex structure - * sasl_mutex_lock blocks until mutex locked - * returns -1 on deadlock or parameter error - * returns 0 on success - * sasl_mutex_unlock unlocks mutex if it's locked - * returns -1 if not locked or parameter error - * returns 0 on success - * sasl_mutex_free frees a mutex structure - */ -typedef void *sasl_mutex_alloc_t(void); -typedef int sasl_mutex_lock_t(void *mutex); -typedef int sasl_mutex_unlock_t(void *mutex); -typedef void sasl_mutex_free_t(void *mutex); -LIBSASL_API void sasl_set_mutex(sasl_mutex_alloc_t *, sasl_mutex_lock_t *, - sasl_mutex_unlock_t *, sasl_mutex_free_t *); - -/***************************** - * Security preference types * - *****************************/ - -/* security layer strength factor -- an unsigned integer usable by the caller - * to specify approximate security layer strength desired. Roughly - * correlated to effective key length for encryption. - * 0 = no protection - * 1 = integrity protection only - * 40 = 40-bit DES or 40-bit RC2/RC4 - * 56 = DES - * 112 = triple-DES - * 128 = 128-bit RC2/RC4/BLOWFISH - * 256 = baseline AES - */ -typedef unsigned sasl_ssf_t; - -/* usage flags provided to sasl_server_new and sasl_client_new: - */ -#define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */ -#define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */ - -/*************************** - * Security Property Types * - ***************************/ - -/* Structure specifying the client or server's security policy - * and optional additional properties. - */ - -/* These are the various security flags apps can specify. */ -/* NOPLAINTEXT -- don't permit mechanisms susceptible to simple - * passive attack (e.g., PLAIN, LOGIN) - * NOACTIVE -- protection from active (non-dictionary) attacks - * during authentication exchange. - * Authenticates server. - * NODICTIONARY -- don't permit mechanisms susceptible to passive - * dictionary attack - * FORWARD_SECRECY -- require forward secrecy between sessions - * (breaking one won't help break next) - * NOANONYMOUS -- don't permit mechanisms that allow anonymous login - * PASS_CREDENTIALS -- require mechanisms which pass client - * credentials, and allow mechanisms which can pass - * credentials to do so - * MUTUAL_AUTH -- require mechanisms which provide mutual - * authentication - */ -#define SASL_SEC_NOPLAINTEXT 0x0001 -#define SASL_SEC_NOACTIVE 0x0002 -#define SASL_SEC_NODICTIONARY 0x0004 -#define SASL_SEC_FORWARD_SECRECY 0x0008 -#define SASL_SEC_NOANONYMOUS 0x0010 -#define SASL_SEC_PASS_CREDENTIALS 0x0020 -#define SASL_SEC_MUTUAL_AUTH 0x0040 -#define SASL_SEC_MAXIMUM 0x00FF - -typedef struct sasl_security_properties -{ - /* security strength factor - * min_ssf = minimum acceptable final level - * max_ssf = maximum acceptable final level - */ - sasl_ssf_t min_ssf; - sasl_ssf_t max_ssf; - - /* Maximum security layer receive buffer size. - * 0=security layer not supported - */ - unsigned maxbufsize; - - /* bitfield for attacks to protect against */ - unsigned security_flags; - - /* NULL terminated array of additional property names, values */ - const char **property_names; - const char **property_values; -} sasl_security_properties_t; - -/****************** - * Callback types * - ******************/ - -/* - * Extensible type for a client/server callbacks - * id -- identifies callback type - * proc -- procedure call arguments vary based on id - * context -- context passed to procedure - */ -/* Note that any memory that is allocated by the callback needs to be - * freed by the application, be it via function call or interaction. - * - * It may be freed after sasl_*_step returns SASL_OK. if the mechanism - * requires this information to persist (for a security layer, for example) - * it must maintain a private copy. - */ -typedef struct sasl_callback { - /* Identifies the type of the callback function. - * Mechanisms must ignore callbacks with id's they don't recognize. - */ - unsigned long id; - int (*proc)(); /* Callback function. Types of arguments vary by 'id' */ - void *context; -} sasl_callback_t; - -/* callback ids & functions: - */ -#define SASL_CB_LIST_END 0 /* end of list */ - -/* option reading callback -- this allows a SASL configuration to be - * encapsulated in the caller's configuration system. Some implementations - * may use default config file(s) if this is omitted. Configuration items - * may be plugin-specific and are arbitrary strings. - * - * inputs: - * context -- option context from callback record - * plugin_name -- name of plugin (NULL = general SASL option) - * option -- name of option - * output: - * result -- set to result which persists until next getopt in - * same thread, unchanged if option not found - * len -- length of result (may be NULL) - * returns: - * SASL_OK -- no error - * SASL_FAIL -- error - */ -typedef int sasl_getopt_t(void *context, const char *plugin_name, - const char *option, - const char **result, unsigned *len); -#define SASL_CB_GETOPT 1 - -/* Logging levels for use with the logging callback function. */ -#define SASL_LOG_NONE 0 /* don't log anything */ -#define SASL_LOG_ERR 1 /* log unusual errors (default) */ -#define SASL_LOG_FAIL 2 /* log all authentication failures */ -#define SASL_LOG_WARN 3 /* log non-fatal warnings */ -#define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */ -#define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */ -#define SASL_LOG_TRACE 6 /* traces of internal protocols */ -#define SASL_LOG_PASS 7 /* traces of internal protocols, including - * passwords */ - -/* logging callback -- this allows plugins and the middleware to - * log operations they perform. - * inputs: - * context -- logging context from the callback record - * level -- logging level; see above - * message -- message to log - * returns: - * SASL_OK -- no error - * SASL_FAIL -- error - */ -typedef int sasl_log_t(void *context, - int level, - const char *message); -#define SASL_CB_LOG 2 - -/* getpath callback -- this allows applications to specify the - * colon-separated path to search for plugins (by default, - * taken from an implementation-specific location). - * inputs: - * context -- getpath context from the callback record - * outputs: - * path -- colon seperated path - * returns: - * SASL_OK -- no error - * SASL_FAIL -- error - */ -typedef int sasl_getpath_t(void *context, - const char **path); - -#define SASL_CB_GETPATH 3 - -/* verify file callback -- this allows applications to check if they - * want SASL to use files, file by file. This is intended to allow - * applications to sanity check the environment to make sure plugins - * or the configuration file can't be written to, etc. - * inputs: - * context -- verifypath context from the callback record - * file -- full path to file to verify - * type -- type of file to verify (see below) - - * returns: - * SASL_OK -- no error (file can safely be used) - * SASL_CONTINUE -- continue WITHOUT using this file - * SASL_FAIL -- error - */ - -/* these are the types of files libsasl will ask about */ -typedef enum { - SASL_VRFY_PLUGIN=0, /* a DLL/shared library plug-in */ - SASL_VRFY_CONF=1, /* a configuration file */ - SASL_VRFY_PASSWD=2, /* a password storage file/db */ - SASL_VRFY_OTHER=3 /* some other file */ -} sasl_verify_type_t; - -typedef int sasl_verifyfile_t(void *context, - const char *file, sasl_verify_type_t type); -#define SASL_CB_VERIFYFILE 4 - -/* getconfpath callback -- this allows applications to specify the - * colon-separated path to search for config files (by default, - * taken from the SASL_CONF_PATH environment variable). - * inputs: - * context -- getconfpath context from the callback record - * outputs: - * path -- colon seperated path (allocated on the heap; the - * library will free it using the sasl_free_t * - * passed to sasl_set_callback, or the standard free() - * library call). - * returns: - * SASL_OK -- no error - * SASL_FAIL -- error - */ -typedef int sasl_getconfpath_t(void *context, - char **path); - -#define SASL_CB_GETCONFPATH 5 - -/* client/user interaction callbacks: - */ -/* Simple prompt -- result must persist until next call to getsimple on - * same connection or until connection context is disposed - * inputs: - * context -- context from callback structure - * id -- callback id - * outputs: - * result -- set to NUL terminated string - * NULL = user cancel - * len -- length of result - * returns SASL_OK - */ -typedef int sasl_getsimple_t(void *context, int id, - const char **result, unsigned *len); -#define SASL_CB_USER 0x4001 /* client user identity to login as */ -#define SASL_CB_AUTHNAME 0x4002 /* client authentication name */ -#define SASL_CB_LANGUAGE 0x4003 /* comma separated list of RFC 1766 - * language codes in order of preference - * to be used to localize client prompts - * or server error codes */ -#define SASL_CB_CNONCE 0x4007 /* caller supplies client-nonce - * primarily for testing purposes */ - -/* get a sasl_secret_t (plaintext password with length) - * inputs: - * conn -- connection context - * context -- context from callback structure - * id -- callback id - * outputs: - * psecret -- set to NULL to cancel - * set to password structure which must persist until - * next call to getsecret in same connection, but middleware - * will erase password data when it's done with it. - * returns SASL_OK - */ -typedef int sasl_getsecret_t(sasl_conn_t *conn, void *context, int id, - sasl_secret_t **psecret); -#define SASL_CB_PASS 0x4004 /* client passphrase-based secret */ - - -/* prompt for input in response to a challenge. - * input: - * context -- context from callback structure - * id -- callback id - * challenge -- server challenge - * output: - * result -- NUL terminated result, NULL = user cancel - * len -- length of result - * returns SASL_OK - */ -typedef int sasl_chalprompt_t(void *context, int id, - const char *challenge, - const char *prompt, const char *defresult, - const char **result, unsigned *len); -#define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */ -#define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */ - -/* prompt (or autoselect) the realm to do authentication in. - * may get a list of valid realms. - * input: - * context -- context from callback structure - * id -- callback id - * availrealms -- available realms; string list; NULL terminated - * list may be empty. - * output: - * result -- NUL terminated realm; NULL is equivalent to "" - * returns SASL_OK - * result must persist until the next callback - */ -typedef int sasl_getrealm_t(void *context, int id, - const char **availrealms, - const char **result); -#define SASL_CB_GETREALM (0x4008) /* realm to attempt authentication in */ - -/* server callbacks: - */ - -/* improved callback to verify authorization; - * canonicalization now handled elsewhere - * conn -- connection context - * requested_user -- the identity/username to authorize (NUL terminated) - * rlen -- length of requested_user - * auth_identity -- the identity associated with the secret (NUL terminated) - * alen -- length of auth_identity - * default_realm -- default user realm, as passed to sasl_server_new if - * urlen -- length of default realm - * propctx -- auxiliary properties - * returns SASL_OK on success, - * SASL_NOAUTHZ or other SASL response on failure - */ -typedef int sasl_authorize_t(sasl_conn_t *conn, - void *context, - const char *requested_user, unsigned rlen, - const char *auth_identity, unsigned alen, - const char *def_realm, unsigned urlen, - struct propctx *propctx); -#define SASL_CB_PROXY_POLICY 0x8001 - -/* functions for "userdb" based plugins to call to get/set passwords. - * the location for the passwords is determined by the caller or middleware. - * plug-ins may get passwords from other locations. - */ - -/* callback to verify a plaintext password against the caller-supplied - * user database. This is necessary to allow additional s for - * encoding of the userPassword property. - * user -- NUL terminated user name with user@realm syntax - * pass -- password to check (may not be NUL terminated) - * passlen -- length of password to check - * propctx -- auxiliary properties for user - */ -typedef int sasl_server_userdb_checkpass_t(sasl_conn_t *conn, - void *context, - const char *user, - const char *pass, - unsigned passlen, - struct propctx *propctx); -#define SASL_CB_SERVER_USERDB_CHECKPASS (0x8005) - -/* callback to store/change a plaintext password in the user database - * user -- NUL terminated user name with user@realm syntax - * pass -- password to store (may not be NUL terminated) - * passlen -- length of password to store - * propctx -- auxiliary properties (not stored) - * flags -- see SASL_SET_* flags below (SASL_SET_CREATE optional) - */ -typedef int sasl_server_userdb_setpass_t(sasl_conn_t *conn, - void *context, - const char *user, - const char *pass, - unsigned passlen, - struct propctx *propctx, - unsigned flags); -#define SASL_CB_SERVER_USERDB_SETPASS (0x8006) - -/* callback for a server-supplied user canonicalization function. - * - * This function is called directly after the mechanism has the - * authentication and authorization IDs. It is called before any - * User Canonicalization plugin is called. It has the responsibility - * of copying its output into the provided output buffers. - * - * in, inlen -- user name to canonicalize, may not be NUL terminated - * may be same buffer as out - * flags -- not currently used, supplied by auth mechanism - * user_realm -- the user realm (may be NULL in case of client) - * out -- buffer to copy user name - * out_max -- max length of user name - * out_len -- set to length of user name - * - * returns - * SASL_OK on success - * SASL_BADPROT username contains invalid character - */ - -/* User Canonicalization Function Flags */ - -#define SASL_CU_NONE 0x00 /* Not a valid flag to pass */ -/* One of the following two is required */ -#define SASL_CU_AUTHID 0x01 -#define SASL_CU_AUTHZID 0x02 - -typedef int sasl_canon_user_t(sasl_conn_t *conn, - void *context, - const char *in, unsigned inlen, - unsigned flags, - const char *user_realm, - char *out, - unsigned out_max, unsigned *out_len); - -#define SASL_CB_CANON_USER (0x8007) - -/********************************** - * Common Client/server functions * - **********************************/ - -/* Types of paths to set (see sasl_set_path below). */ -#define SASL_PATH_TYPE_PLUGIN 0 -#define SASL_PATH_TYPE_CONFIG 1 - -/* a simpler way to set plugin path or configuration file path - * without the need to set sasl_getpath_t callback. - * - * This function can be called before sasl_server_init/sasl_client_init. - */ -LIBSASL_API int sasl_set_path (int path_type, char * path); - -/* get sasl library version information - * implementation is a vendor-defined string - * version is a vender-defined representation of the version #. - * - * This function is being deprecated in favor of sasl_version_info. */ -LIBSASL_API void sasl_version(const char **implementation, - int *version); - -/* Extended version of sasl_version(). - * - * This function is to be used - * for library version display and logging - * for bug workarounds in old library versions - * - * The sasl_version_info is not to be used for API feature detection. - * - * All parameters are optional. If NULL is specified, the value is not returned. - */ -LIBSASL_API void sasl_version_info (const char **implementation, - const char **version_string, - int *version_major, - int *version_minor, - int *version_step, - int *version_patch); - -/* dispose of all SASL plugins. Connection - * states have to be disposed of before calling this. - */ -LIBSASL_API void sasl_done(void); - -/* dispose connection state, sets it to NULL - * checks for pointer to NULL - */ -LIBSASL_API void sasl_dispose(sasl_conn_t **pconn); - -/* translate an error number into a string - * input: - * saslerr -- the error number - * langlist -- comma separated list of RFC 1766 languages (may be NULL) - * results: - * outlang -- the language actually used (may be NULL if don't care) - * returns: - * the error message in UTF-8 (only the US-ASCII subset if langlist is NULL) - */ -LIBSASL_API const char *sasl_errstring(int saslerr, - const char *langlist, - const char **outlang); - -/* get detail about the last error that occurred on a connection - * text is sanitized so it's suitable to send over the wire - * (e.g., no distinction between SASL_BADAUTH and SASL_NOUSER) - * input: - * conn -- mandatory connection context - * returns: - * the error message in UTF-8 (only the US-ASCII subset permitted if no - * SASL_CB_LANGUAGE callback is present) - */ -LIBSASL_API const char *sasl_errdetail(sasl_conn_t *conn); - -/* set the error string which will be returned by sasl_errdetail() using - * syslog()-style formatting (e.g. printf-style with %m as most recent - * errno error) - * - * primarily for use by server callbacks such as the sasl_authorize_t - * callback and internally to plug-ins - * - * This will also trigger a call to the SASL logging callback (if any) - * with a level of SASL_LOG_FAIL unless the SASL_NOLOG flag is set. - * - * Messages should be sensitive to the current language setting. If there - * is no SASL_CB_LANGUAGE callback messages MUST be US-ASCII otherwise UTF-8 - * is used and use of RFC 2482 for mixed-language text is encouraged. - * - * if conn is NULL, function does nothing - */ -LIBSASL_API void sasl_seterror(sasl_conn_t *conn, unsigned flags, - const char *fmt, ...); -#define SASL_NOLOG 0x01 - -/* get property from SASL connection state - * propnum -- property number - * pvalue -- pointer to value - * returns: - * SASL_OK -- no error - * SASL_NOTDONE -- property not available yet - * SASL_BADPARAM -- bad property number - */ -LIBSASL_API int sasl_getprop(sasl_conn_t *conn, int propnum, - const void **pvalue); -#define SASL_USERNAME 0 /* pointer to NUL terminated user name */ -#define SASL_SSF 1 /* security layer security strength factor, - * if 0, call to sasl_encode, sasl_decode - * unnecessary */ -#define SASL_MAXOUTBUF 2 /* security layer max output buf unsigned */ -#define SASL_DEFUSERREALM 3 /* default realm passed to server_new */ - /* or set with setprop */ -#define SASL_GETOPTCTX 4 /* context for getopt callback */ -#define SASL_CALLBACK 7 /* current callback function list */ -#define SASL_IPLOCALPORT 8 /* iplocalport string passed to server_new */ -#define SASL_IPREMOTEPORT 9 /* ipremoteport string passed to server_new */ - -/* This returns a string which is either empty or has an error message - * from sasl_seterror (e.g., from a plug-in or callback). It differs - * from the result of sasl_errdetail() which also takes into account the - * last return status code. - */ -#define SASL_PLUGERR 10 - -/* a handle to any delegated credentials or NULL if none is present - * is returned by the mechanism. The user will probably need to know - * which mechanism was used to actually known how to make use of them - * currently only implemented for the gssapi mechanism */ -#define SASL_DELEGATEDCREDS 11 - -#define SASL_SERVICE 12 /* service passed to sasl_*_new */ -#define SASL_SERVERFQDN 13 /* serverFQDN passed to sasl_*_new */ -#define SASL_AUTHSOURCE 14 /* name of auth source last used, useful - * for failed authentication tracking */ -#define SASL_MECHNAME 15 /* active mechanism name, if any */ -#define SASL_AUTHUSER 16 /* authentication/admin user */ -#define SASL_APPNAME 17 /* application name (used for logging/ - configuration), same as appname parameter - to sasl_server_init */ - -/* GSS-API credential handle for sasl_client_step() or sasl_server_step(). - * The application is responsible for releasing this credential handle. */ -#define SASL_GSS_CREDS 18 - -/* GSS name (gss_name_t) of the peer, as output by gss_inquire_context() - * or gss_accept_sec_context(). - * On server end this is similar to SASL_USERNAME, but the gss_name_t - * structure can contain additional attributes associated with the peer. - */ -#define SASL_GSS_PEER_NAME 19 - -/* Local GSS name (gss_name_t) as output by gss_inquire_context(). This - * is particularly useful for servers that respond to multiple names. */ -#define SASL_GSS_LOCAL_NAME 20 - - -/* set property in SASL connection state - * returns: - * SASL_OK -- value set - * SASL_BADPARAM -- invalid property or value - */ -LIBSASL_API int sasl_setprop(sasl_conn_t *conn, - int propnum, - const void *value); -#define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */ -#define SASL_SEC_PROPS 101 /* sasl_security_properties_t */ -#define SASL_AUTH_EXTERNAL 102 /* external authentication ID (const char *) */ - -/* If the SASL_AUTH_EXTERNAL value is non-NULL, then a special version of the - * EXTERNAL mechanism is enabled (one for server-embedded EXTERNAL mechanisms). - * Otherwise, the EXTERNAL mechanism will be absent unless a plug-in - * including EXTERNAL is present. - */ - -/* do precalculations during an idle period or network round trip - * may pass NULL to precompute for some mechanisms prior to connect - * returns 1 if action taken, 0 if no action taken - */ -LIBSASL_API int sasl_idle(sasl_conn_t *conn); - -/************** - * Client API * - **************/ - -/* list of client interactions with user for caller to fill in - */ -typedef struct sasl_interact { - unsigned long id; /* same as client/user callback ID */ - const char *challenge; /* presented to user (e.g. OTP challenge) */ - const char *prompt; /* presented to user (e.g. "Username: ") */ - const char *defresult; /* default result string */ - const void *result; /* set to point to result */ - unsigned len; /* set to length of result */ -} sasl_interact_t; - -/* initialize the SASL client drivers - * callbacks -- base callbacks for all client connections; - * must include getopt callback - * returns: - * SASL_OK -- Success - * SASL_NOMEM -- Not enough memory - * SASL_BADVERS -- Mechanism version mismatch - * SASL_BADPARAM -- missing getopt callback or error in config file - * SASL_NOMECH -- No mechanisms available - * ... - */ -LIBSASL_API int sasl_client_init(const sasl_callback_t *callbacks); - -/* initialize a client exchange based on the specified mechanism - * service -- registered name of the service using SASL (e.g. "imap") - * serverFQDN -- the fully qualified domain name of the server - * iplocalport -- client IPv4/IPv6 domain literal string with port - * (if NULL, then mechanisms requiring IPaddr are disabled) - * ipremoteport -- server IPv4/IPv6 domain literal string with port - * (if NULL, then mechanisms requiring IPaddr are disabled) - * prompt_supp -- list of client interactions supported - * may also include sasl_getopt_t context & call - * NULL prompt_supp = user/pass via SASL_INTERACT only - * NULL proc = interaction supported via SASL_INTERACT - * flags -- server usage flags (see above) - * in/out: - * pconn -- connection negotiation structure - * pointer to NULL => allocate new - * - * Returns: - * SASL_OK -- success - * SASL_NOMECH -- no mechanism meets requested properties - * SASL_NOMEM -- not enough memory - */ -LIBSASL_API int sasl_client_new(const char *service, - const char *serverFQDN, - const char *iplocalport, - const char *ipremoteport, - const sasl_callback_t *prompt_supp, - unsigned flags, - sasl_conn_t **pconn); - -/* select a mechanism for a connection - * mechlist -- mechanisms server has available (punctuation ignored) - * if NULL, then discard cached info and retry last mech - * output: - * prompt_need -- on SASL_INTERACT, list of prompts needed to continue - * may be NULL if callbacks provided - * clientout -- the initial client response to send to the server - * will be valid until next call to client_start/client_step - * NULL if mech doesn't include initial client challenge - * mech -- set to mechansm name of selected mechanism (may be NULL) - * - * Returns: - * SASL_OK -- success - * SASL_NOMEM -- not enough memory - * SASL_NOMECH -- no mechanism meets requested properties - * SASL_INTERACT -- user interaction needed to fill in prompt_need list - */ -LIBSASL_API int sasl_client_start(sasl_conn_t *conn, - const char *mechlist, - sasl_interact_t **prompt_need, - const char **clientout, - unsigned *clientoutlen, - const char **mech); - -/* do a single authentication step. - * serverin -- the server message received by the client, MUST have a NUL - * sentinel, not counted by serverinlen - * output: - * prompt_need -- on SASL_INTERACT, list of prompts needed to continue - * clientout -- the client response to send to the server - * will be valid until next call to client_start/client_step - * - * returns: - * SASL_OK -- success - * SASL_INTERACT -- user interaction needed to fill in prompt_need list - * SASL_BADPROT -- server protocol incorrect/cancelled - * SASL_BADSERV -- server failed mutual auth - */ -LIBSASL_API int sasl_client_step(sasl_conn_t *conn, - const char *serverin, - unsigned serverinlen, - sasl_interact_t **prompt_need, - const char **clientout, - unsigned *clientoutlen); - -/************** - * Server API * - **************/ - -/* initialize server drivers, done once per process - * callbacks -- callbacks for all server connections; must include - * getopt callback - * appname -- name of calling application (for lower level logging) - * results: - * state -- server state - * returns: - * SASL_OK -- success - * SASL_BADPARAM -- error in config file - * SASL_NOMEM -- memory failure - * SASL_BADVERS -- Mechanism version mismatch - */ -LIBSASL_API int sasl_server_init(const sasl_callback_t *callbacks, - const char *appname); - -/* IP/port syntax: - * a.b.c.d;p where a-d are 0-255 and p is 0-65535 port number. - * e:f:g:h:i:j:k:l;p where e-l are 0000-ffff lower-case hexidecimal - * e:f:g:h:i:j:a.b.c.d;p alternate syntax for previous - * - * Note that one or more "0" fields in f-k can be replaced with "::" - * Thus: e:f:0000:0000:0000:j:k:l;p - * can be abbreviated: e:f::j:k:l;p - * - * A buffer of size 52 is adequate for the longest format with NUL terminator. - */ - -/* create context for a single SASL connection - * service -- registered name of the service using SASL (e.g. "imap") - * serverFQDN -- Fully qualified domain name of server. NULL means use - * gethostname() or equivalent. - * Useful for multi-homed servers. - * user_realm -- permits multiple user realms on server, NULL = default - * iplocalport -- server IPv4/IPv6 domain literal string with port - * (if NULL, then mechanisms requiring IPaddr are disabled) - * ipremoteport -- client IPv4/IPv6 domain literal string with port - * (if NULL, then mechanisms requiring IPaddr are disabled) - * callbacks -- callbacks (e.g., authorization, lang, new getopt context) - * flags -- usage flags (see above) - * returns: - * pconn -- new connection context - * - * returns: - * SASL_OK -- success - * SASL_NOMEM -- not enough memory - */ -LIBSASL_API int sasl_server_new(const char *service, - const char *serverFQDN, - const char *user_realm, - const char *iplocalport, - const char *ipremoteport, - const sasl_callback_t *callbacks, - unsigned flags, - sasl_conn_t **pconn); - -/* Return an array of NUL-terminated strings, terminated by a NULL pointer, - * which lists all possible mechanisms that the library can supply - * - * Returns NULL on failure. */ -LIBSASL_API const char ** sasl_global_listmech(void); - -/* This returns a list of mechanisms in a NUL-terminated string - * conn -- the connection to list mechanisms for (either client - * or server) - * user -- restricts mechanisms to those available to that user - * (may be NULL, not used for client case) - * prefix -- appended to beginning of result - * sep -- appended between mechanisms - * suffix -- appended to end of result - * results: - * result -- NUL terminated result which persists until next - * call to sasl_listmech for this sasl_conn_t - * plen -- gets length of result (excluding NUL), may be NULL - * pcount -- gets number of mechanisms, may be NULL - * - * returns: - * SASL_OK -- success - * SASL_NOMEM -- not enough memory - * SASL_NOMECH -- no enabled mechanisms - */ -LIBSASL_API int sasl_listmech(sasl_conn_t *conn, - const char *user, - const char *prefix, - const char *sep, - const char *suffix, - const char **result, - unsigned *plen, - int *pcount); - -/* start a mechanism exchange within a connection context - * mech -- the mechanism name client requested - * clientin -- client initial response (NUL terminated), NULL if empty - * clientinlen -- length of initial response - * serverout -- initial server challenge, NULL if done - * (library handles freeing this string) - * serveroutlen -- length of initial server challenge - * output: - * pconn -- the connection negotiation state on success - * - * Same returns as sasl_server_step() or - * SASL_NOMECH if mechanism not available. - */ -LIBSASL_API int sasl_server_start(sasl_conn_t *conn, - const char *mech, - const char *clientin, - unsigned clientinlen, - const char **serverout, - unsigned *serveroutlen); - -/* perform one step of the SASL exchange - * inputlen & input -- client data - * NULL on first step if no optional client step - * outputlen & output -- set to the server data to transmit - * to the client in the next step - * (library handles freeing this) - * - * returns: - * SASL_OK -- exchange is complete. - * SASL_CONTINUE -- indicates another step is necessary. - * SASL_TRANS -- entry for user exists, but not for mechanism - * and transition is possible - * SASL_BADPARAM -- service name needed - * SASL_BADPROT -- invalid input from client - * ... - */ -LIBSASL_API int sasl_server_step(sasl_conn_t *conn, - const char *clientin, - unsigned clientinlen, - const char **serverout, - unsigned *serveroutlen); - -/* check if an apop exchange is valid - * (note this is an optional part of the SASL API) - * if challenge is NULL, just check if APOP is enabled - * inputs: - * challenge -- challenge which was sent to client - * challen -- length of challenge, 0 = strlen(challenge) - * response -- client response, " " (RFC 1939) - * resplen -- length of response, 0 = strlen(response) - * returns - * SASL_OK -- success - * SASL_BADAUTH -- authentication failed - * SASL_BADPARAM -- missing challenge - * SASL_BADPROT -- protocol error (e.g., response in wrong format) - * SASL_NOVERIFY -- user found, but no verifier - * SASL_NOMECH -- mechanism not supported - * SASL_NOUSER -- user not found - */ -LIBSASL_API int sasl_checkapop(sasl_conn_t *conn, - const char *challenge, unsigned challen, - const char *response, unsigned resplen); - -/* check if a plaintext password is valid - * if user is NULL, check if plaintext passwords are enabled - * inputs: - * user -- user to query in current user_domain - * userlen -- length of username, 0 = strlen(user) - * pass -- plaintext password to check - * passlen -- length of password, 0 = strlen(pass) - * returns - * SASL_OK -- success - * SASL_NOMECH -- mechanism not supported - * SASL_NOVERIFY -- user found, but no verifier - * SASL_NOUSER -- user not found - */ -LIBSASL_API int sasl_checkpass(sasl_conn_t *conn, - const char *user, unsigned userlen, - const char *pass, unsigned passlen); - -/* check if a user exists on server - * conn -- connection context - * service -- registered name of the service using SASL (e.g. "imap") - * user_realm -- permits multiple user realms on server, NULL = default - * user -- NUL terminated user name - * - * returns: - * SASL_OK -- success - * SASL_DISABLED -- account disabled - * SASL_NOUSER -- user not found - * SASL_NOVERIFY -- user found, but no usable mechanism - * SASL_NOMECH -- no mechanisms enabled - */ -LIBSASL_API int sasl_user_exists(sasl_conn_t *conn, - const char *service, - const char *user_realm, - const char *user); - -/* set the password for a user - * conn -- SASL connection - * user -- user name - * pass -- plaintext password, may be NULL to remove user - * passlen -- length of password, 0 = strlen(pass) - * oldpass -- NULL will sometimes work - * oldpasslen -- length of password, 0 = strlen(oldpass) - * flags -- see flags below - * - * returns: - * SASL_NOCHANGE -- proper entry already exists - * SASL_NOMECH -- no authdb supports password setting as configured - * SASL_NOVERIFY -- user exists, but no settable password present - * SASL_DISABLED -- account disabled - * SASL_PWLOCK -- password locked - * SASL_WEAKPASS -- password too weak for security policy - * SASL_NOUSERPASS -- user-supplied passwords not permitted - * SASL_FAIL -- OS error - * SASL_BADPARAM -- password too long - * SASL_OK -- successful - */ -LIBSASL_API int sasl_setpass(sasl_conn_t *conn, - const char *user, - const char *pass, unsigned passlen, - const char *oldpass, unsigned oldpasslen, - unsigned flags); -#define SASL_SET_CREATE 0x01 /* create a new entry for user */ -#define SASL_SET_DISABLE 0x02 /* disable user account */ -#define SASL_SET_NOPLAIN 0x04 /* do not store secret in plain text */ -#define SASL_SET_CURMECH_ONLY 0x08 /* set the mechanism specific password only. - fail if no current mechanism */ - -/********************************************************* - * Auxiliary Property Support -- added by cjn 1999-09-29 * - *********************************************************/ - -#define SASL_AUX_END NULL /* last auxiliary property */ - -/* traditional Posix items (should be implemented on Posix systems) */ -#define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */ -#define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of authid) */ -#define SASL_AUX_UIDNUM "uidNumber" /* UID number for the user */ -#define SASL_AUX_GIDNUM "gidNumber" /* GID for the user */ -#define SASL_AUX_FULLNAME "gecos" /* full name of the user, unix-style */ -#define SASL_AUX_HOMEDIR "homeDirectory" /* home directory for user */ -#define SASL_AUX_SHELL "loginShell" /* login shell for the user */ - -/* optional additional items (not necessarily implemented) */ -/* single preferred mail address for user canonically-quoted - * RFC821/822 syntax */ -#define SASL_AUX_MAILADDR "mail" -/* path to unix-style mailbox for user */ -#define SASL_AUX_UNIXMBX "mailMessageStore" -/* SMTP mail channel name to use if user authenticates successfully */ -#define SASL_AUX_MAILCHAN "mailSMTPSubmitChannel" - -/* Request a set of auxiliary properties - * conn connection context - * propnames list of auxiliary property names to request ending with - * NULL. - * - * Subsequent calls will add items to the request list. Call with NULL - * to clear the request list. - * - * errors - * SASL_OK -- success - * SASL_BADPARAM -- bad count/conn parameter - * SASL_NOMEM -- out of memory - */ -LIBSASL_API int sasl_auxprop_request(sasl_conn_t *conn, - const char **propnames); - -/* Returns current auxiliary property context. - * Use functions in prop.h to access content - * - * if authentication hasn't completed, property values may be empty/NULL - * - * properties not recognized by active plug-ins will be left empty/NULL - * - * returns NULL if conn is invalid. - */ -LIBSASL_API struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn); - -/* Store the set of auxiliary properties for the given user. - * Use functions in prop.h to set the content. - * - * conn connection context - * ctx property context from prop_new()/prop_request()/prop_set() - * user NUL terminated user - * - * Call with NULL 'ctx' to see if the backend allows storing properties. - * - * errors - * SASL_OK -- success - * SASL_NOMECH -- can not store some/all properties - * SASL_BADPARAM -- bad conn/ctx/user parameter - * SASL_NOMEM -- out of memory - * SASL_FAIL -- failed to store - */ -LIBSASL_API int sasl_auxprop_store(sasl_conn_t *conn, - struct propctx *ctx, const char *user); - -/********************** - * security layer API * - **********************/ - -/* encode a block of data for transmission using security layer, - * returning the input buffer if there is no security layer. - * output is only valid until next call to sasl_encode or sasl_encodev - * returns: - * SASL_OK -- success (returns input if no layer negotiated) - * SASL_NOTDONE -- security layer negotiation not finished - * SASL_BADPARAM -- inputlen is greater than the SASL_MAXOUTBUF - */ -LIBSASL_API int sasl_encode(sasl_conn_t *conn, - const char *input, unsigned inputlen, - const char **output, unsigned *outputlen); - -/* encode a block of data for transmission using security layer - * output is only valid until next call to sasl_encode or sasl_encodev - * returns: - * SASL_OK -- success (returns input if no layer negotiated) - * SASL_NOTDONE -- security layer negotiation not finished - * SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF - * or no security layer - */ -LIBSASL_API int sasl_encodev(sasl_conn_t *conn, - const struct iovec *invec, unsigned numiov, - const char **output, unsigned *outputlen); - -/* decode a block of data received using security layer - * returning the input buffer if there is no security layer. - * output is only valid until next call to sasl_decode - * - * if outputlen is 0 on return, than the value of output is undefined. - * - * returns: - * SASL_OK -- success (returns input if no layer negotiated) - * SASL_NOTDONE -- security layer negotiation not finished - * SASL_BADMAC -- bad message integrity check - */ -LIBSASL_API int sasl_decode(sasl_conn_t *conn, - const char *input, unsigned inputlen, - const char **output, unsigned *outputlen); - -#ifdef __cplusplus -} -#endif - -#endif /* SASL_H */ diff --git a/OpenSourceProjects/include/sasl/saslplug.h b/OpenSourceProjects/include/sasl/saslplug.h deleted file mode 100644 index 61d0a33..0000000 --- a/OpenSourceProjects/include/sasl/saslplug.h +++ /dev/null @@ -1,953 +0,0 @@ -/* saslplug.h -- API for SASL plug-ins - */ - -#ifndef SASLPLUG_H -#define SASLPLUG_H 1 - -#ifndef MD5GLOBAL_H -#include "md5global.h" -#endif -#ifndef MD5_H -#include "md5.h" -#endif -#ifndef HMAC_MD5_H -#include "hmac-md5.h" -#endif -#ifndef PROP_H -#include "prop.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* callback to lookup a sasl_callback_t for a connection - * input: - * conn -- the connection to lookup a callback for - * callbacknum -- the number of the callback - * output: - * pproc -- pointer to the callback function (set to NULL on failure) - * pcontext -- pointer to the callback context (set to NULL on failure) - * returns: - * SASL_OK -- no error - * SASL_FAIL -- unable to find a callback of the requested type - * SASL_INTERACT -- caller must use interaction to get data - */ -typedef int sasl_getcallback_t(sasl_conn_t *conn, - unsigned long callbackid, - int (**pproc)(), - void **pcontext); - -/* The sasl_utils structure will remain backwards compatible unless - * the SASL_*_PLUG_VERSION is changed incompatibly - * higher SASL_UTILS_VERSION numbers indicate more functions are available - */ -#define SASL_UTILS_VERSION 4 - -/* utility function set for plug-ins - */ -typedef struct sasl_utils { - int version; - - /* contexts */ - sasl_conn_t *conn; - sasl_rand_t *rpool; - void *getopt_context; - - /* option function */ - sasl_getopt_t *getopt; - - /* allocation functions: */ - sasl_malloc_t *malloc; - sasl_calloc_t *calloc; - sasl_realloc_t *realloc; - sasl_free_t *free; - - /* mutex functions: */ - sasl_mutex_alloc_t *mutex_alloc; - sasl_mutex_lock_t *mutex_lock; - sasl_mutex_unlock_t *mutex_unlock; - sasl_mutex_free_t *mutex_free; - - /* MD5 hash and HMAC functions */ - void (*MD5Init)(MD5_CTX *); - void (*MD5Update)(MD5_CTX *, const unsigned char *text, unsigned int len); - void (*MD5Final)(unsigned char [16], MD5_CTX *); - void (*hmac_md5)(const unsigned char *text, int text_len, - const unsigned char *key, int key_len, - unsigned char [16]); - void (*hmac_md5_init)(HMAC_MD5_CTX *, const unsigned char *key, int len); - /* hmac_md5_update() is just a call to MD5Update on inner context */ - void (*hmac_md5_final)(unsigned char [16], HMAC_MD5_CTX *); - void (*hmac_md5_precalc)(HMAC_MD5_STATE *, - const unsigned char *key, int len); - void (*hmac_md5_import)(HMAC_MD5_CTX *, HMAC_MD5_STATE *); - - /* mechanism utility functions (same as above): */ - int (*mkchal)(sasl_conn_t *conn, char *buf, unsigned maxlen, - unsigned hostflag); - int (*utf8verify)(const char *str, unsigned len); - void (*rand)(sasl_rand_t *rpool, char *buf, unsigned len); - void (*churn)(sasl_rand_t *rpool, const char *data, unsigned len); - - /* This allows recursive calls to the sasl_checkpass() routine from - * within a SASL plug-in. This MUST NOT be used in the PLAIN mechanism - * as sasl_checkpass MAY be a front-end for the PLAIN mechanism. - * This is intended for use by the non-standard LOGIN mechanism and - * potentially by a future mechanism which uses public-key technology to - * set up a lightweight encryption layer just for sending a password. - */ - int (*checkpass)(sasl_conn_t *conn, - const char *user, unsigned userlen, - const char *pass, unsigned passlen); - - /* Access to base64 encode/decode routines */ - int (*decode64)(const char *in, unsigned inlen, - char *out, unsigned outmax, unsigned *outlen); - int (*encode64)(const char *in, unsigned inlen, - char *out, unsigned outmax, unsigned *outlen); - - /* erase a buffer */ - void (*erasebuffer)(char *buf, unsigned len); - - /* callback to sasl_getprop() and sasl_setprop() */ - int (*getprop)(sasl_conn_t *conn, int propnum, const void **pvalue); - int (*setprop)(sasl_conn_t *conn, int propnum, const void *value); - - /* callback function */ - sasl_getcallback_t *getcallback; - - /* format a message and then pass it to the SASL_CB_LOG callback - * - * use syslog()-style formatting (printf with %m as a human readable text - * (strerror()) for the error specified as the parameter). - * The implementation may use a fixed size buffer not smaller - * than 512 octets if it securely truncates the message. - * - * level is a SASL_LOG_* level (see sasl.h) - */ - void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...); - - /* callback to sasl_seterror() */ - void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, ...); - - /* spare function pointer */ - int *(*spare_fptr)(); - - /* auxiliary property utilities */ - struct propctx *(*prop_new)(unsigned estimate); - int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx); - int (*prop_request)(struct propctx *ctx, const char **names); - const struct propval *(*prop_get)(struct propctx *ctx); - int (*prop_getnames)(struct propctx *ctx, const char **names, - struct propval *vals); - void (*prop_clear)(struct propctx *ctx, int requests); - void (*prop_dispose)(struct propctx **ctx); - int (*prop_format)(struct propctx *ctx, const char *sep, int seplen, - char *outbuf, unsigned outmax, unsigned *outlen); - int (*prop_set)(struct propctx *ctx, const char *name, - const char *value, int vallen); - int (*prop_setvals)(struct propctx *ctx, const char *name, - const char **values); - void (*prop_erase)(struct propctx *ctx, const char *name); - int (*auxprop_store)(sasl_conn_t *conn, - struct propctx *ctx, const char *user); - - /* for additions which don't require a version upgrade; set to 0 */ - int (*spare_fptr1)(); - int (*spare_fptr2)(); -} sasl_utils_t; - -/* - * output parameters from SASL API - * - * created / destroyed by the glue code, though probably filled in - * by a combination of the plugin, the glue code, and the canon_user callback. - * - */ -typedef struct sasl_out_params { - unsigned doneflag; /* exchange complete */ - - const char *user; /* canonicalized user name */ - const char *authid; /* canonicalized authentication id */ - - unsigned ulen; /* length of canonicalized user name */ - unsigned alen; /* length of canonicalized authid */ - - /* security layer information */ - unsigned maxoutbuf; /* Maximum buffer size, which will - produce buffer no bigger than the - negotiated SASL maximum buffer size */ - sasl_ssf_t mech_ssf; /* Should be set non-zero if negotiation of a - * security layer was *attempted*, even if - * the negotiation failed */ - void *encode_context; - int (*encode)(void *context, const struct iovec *invec, unsigned numiov, - const char **output, unsigned *outputlen); - void *decode_context; - int (*decode)(void *context, const char *input, unsigned inputlen, - const char **output, unsigned *outputlen); - - /* Pointer to delegated (client's) credentials, if supported by - the SASL mechanism */ - void *client_creds; - - /* for additions which don't require a version upgrade; set to 0 */ - void *spare_ptr2; - void *spare_ptr3; - void *spare_ptr4; - int (*spare_fptr1)(); - int (*spare_fptr2)(); - int spare_int1; - int spare_int2; - int spare_int3; - int spare_int4; - - /* set to 0 initially, this allows a plugin with extended parameters - * to work with an older framework by updating version as parameters - * are added. - */ - int param_version; -} sasl_out_params_t; - - - -/* Used by both client and server side plugins */ -typedef enum { - SASL_INFO_LIST_START = 0, - SASL_INFO_LIST_MECH, - SASL_INFO_LIST_END -} sasl_info_callback_stage_t; - - - -/****************************** - * Client Mechanism Functions * - ******************************/ - -/* - * input parameters to client SASL plugin - * - * created / destroyed by the glue code - * - */ -typedef struct sasl_client_params { - const char *service; /* service name */ - const char *serverFQDN; /* server fully qualified domain name */ - const char *clientFQDN; /* client's fully qualified domain name */ - const sasl_utils_t *utils; /* SASL API utility routines -- - * for a particular sasl_conn_t, - * MUST remain valid until mech_free is - * called */ - const sasl_callback_t *prompt_supp; /* client callback list */ - const char *iplocalport; /* server IP domain literal & port */ - const char *ipremoteport; /* client IP domain literal & port */ - - unsigned servicelen; /* length of service */ - unsigned slen; /* length of serverFQDN */ - unsigned clen; /* length of clientFQDN */ - unsigned iploclen; /* length of iplocalport */ - unsigned ipremlen; /* length of ipremoteport */ - - /* application's security requirements & info */ - sasl_security_properties_t props; - sasl_ssf_t external_ssf; /* external SSF active */ - - /* for additions which don't require a version upgrade; set to 0 */ - void *spare_ptr1; - void *spare_ptr2; - void *spare_ptr3; - void *spare_ptr4; - - /* Canonicalize a user name from on-wire to internal format - * added rjs3 2001-05-23 - * Must be called once user name aquired if canon_user is non-NULL. - * conn connection context - * in user name from wire protocol (need not be NUL terminated) - * len length of user name from wire protocol (0 = strlen(user)) - * flags for SASL_CU_* flags - * oparams the user, authid, ulen, alen, fields are - * set appropriately after canonicalization/copying and - * authorization of arguments - * - * responsible for setting user, ulen, authid, and alen in the oparams - * structure - * - * default behavior is to strip leading and trailing whitespace, as - * well as allocating space for and copying the parameters. - * - * results: - * SASL_OK -- success - * SASL_NOMEM -- out of memory - * SASL_BADPARAM -- invalid conn - * SASL_BADPROT -- invalid user/authid - */ - int (*canon_user)(sasl_conn_t *conn, - const char *in, unsigned len, - unsigned flags, - sasl_out_params_t *oparams); - - int (*spare_fptr1)(); - - int spare_int1; - int spare_int2; - int spare_int3; - - /* flags field as passed to sasl_client_new */ - unsigned flags; - - /* set to 0 initially, this allows a plugin with extended parameters - * to work with an older framework by updating version as parameters - * are added. - */ - int param_version; -} sasl_client_params_t; - -/* features shared between client and server */ -/* These allow the glue code to handle client-first and server-last issues */ - -/* This indicates that the mechanism prefers to do client-send-first - * if the protocol allows it. */ -#define SASL_FEAT_WANT_CLIENT_FIRST 0x0002 - -/* This feature is deprecated, instead, plugins should set *serverout to - * non-NULL and return SASL_OK intelligently to allow flexible use of - * server-last semantics */ -/* #define SASL_FEAT_WANT_SERVER_LAST 0x0004 */ - -/* This feature is deprecated, instead plugins should correctly set - * SASL_FEAT_SERVER_FIRST as needed */ -/* #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ - -/* This indicates that the plugin is server-first only. - * Not defining either of SASL_FEAT_SERVER_FIRST or - * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism will take care - * of the client-first situation internally. - */ -#define SASL_FEAT_SERVER_FIRST 0x0010 - -/* This plugin allows proxying */ -#define SASL_FEAT_ALLOWS_PROXY 0x0020 - -/* client plug-in features */ -#define SASL_FEAT_NEEDSERVERFQDN 0x0001 - -/* a C object for a client mechanism - */ -typedef struct sasl_client_plug { - /* mechanism name */ - const char *mech_name; - - /* best mech additional security layer strength factor */ - sasl_ssf_t max_ssf; - - /* best security flags, as defined in sasl_security_properties_t */ - unsigned security_flags; - - /* features of plugin */ - unsigned features; - - /* required prompt ids, NULL = user/pass only */ - const unsigned long *required_prompts; - - /* global state for mechanism */ - void *glob_context; - - /* create context for mechanism, using params supplied - * glob_context -- from above - * params -- params from sasl_client_new - * conn_context -- context for one connection - * returns: - * SASL_OK -- success - * SASL_NOMEM -- not enough memory - * SASL_WRONGMECH -- mech doesn't support security params - */ - int (*mech_new)(void *glob_context, - sasl_client_params_t *cparams, - void **conn_context); - - /* perform one step of exchange. NULL is passed for serverin on - * first step. - * returns: - * SASL_OK -- success - * SASL_INTERACT -- user interaction needed to fill in prompts - * SASL_BADPROT -- server protocol incorrect/cancelled - * SASL_BADSERV -- server failed mutual auth - */ - int (*mech_step)(void *conn_context, - sasl_client_params_t *cparams, - const char *serverin, - unsigned serverinlen, - sasl_interact_t **prompt_need, - const char **clientout, - unsigned *clientoutlen, - sasl_out_params_t *oparams); - - /* dispose of connection context from mech_new - */ - void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); - - /* free all global space used by mechanism - * mech_dispose must be called on all mechanisms first - */ - void (*mech_free)(void *glob_context, const sasl_utils_t *utils); - - /* perform precalculations during a network round-trip - * or idle period. conn_context may be NULL - * returns 1 if action taken, 0 if no action taken - */ - int (*idle)(void *glob_context, - void *conn_context, - sasl_client_params_t *cparams); - - /* for additions which don't require a version upgrade; set to 0 */ - int (*spare_fptr1)(); - int (*spare_fptr2)(); -} sasl_client_plug_t; - -#define SASL_CLIENT_PLUG_VERSION 4 - -/* plug-in entry point: - * utils -- utility callback functions - * max_version -- highest client plug version supported - * returns: - * out_version -- client plug version of result - * pluglist -- list of mechanism plug-ins - * plugcount -- number of mechanism plug-ins - * results: - * SASL_OK -- success - * SASL_NOMEM -- failure - * SASL_BADVERS -- max_version too small - * SASL_BADPARAM -- bad config string - * ... - */ -typedef int sasl_client_plug_init_t(const sasl_utils_t *utils, - int max_version, - int *out_version, - sasl_client_plug_t **pluglist, - int *plugcount); - - -/* add a client plug-in - */ -LIBSASL_API int sasl_client_add_plugin(const char *plugname, - sasl_client_plug_init_t *cplugfunc); - -typedef struct client_sasl_mechanism -{ - int version; - - char *plugname; - const sasl_client_plug_t *plug; -} client_sasl_mechanism_t; - -typedef void sasl_client_info_callback_t (client_sasl_mechanism_t *m, - sasl_info_callback_stage_t stage, - void *rock); - -/* Dump information about available client plugins */ -LIBSASL_API int sasl_client_plugin_info (const char *mech_list, - sasl_client_info_callback_t *info_cb, - void *info_cb_rock); - - -/******************** - * Server Functions * - ********************/ - -/* log message formatting routine */ -typedef void sasl_logmsg_p(sasl_conn_t *conn, const char *fmt, ...); - -/* - * input parameters to server SASL plugin - * - * created / destroyed by the glue code - * - */ -typedef struct sasl_server_params { - const char *service; /* NULL = default service for user_exists - and setpass */ - const char *appname; /* name of calling application */ - const char *serverFQDN; /* server default fully qualified domain name - * (e.g., gethostname) */ - const char *user_realm; /* realm for user (NULL = client supplied) */ - const char *iplocalport; /* server IP domain literal & port */ - const char *ipremoteport; /* client IP domain literal & port */ - - unsigned servicelen; /* length of service */ - unsigned applen; /* length of appname */ - unsigned slen; /* length of serverFQDN */ - unsigned urlen; /* length of user_realm */ - unsigned iploclen; /* length of iplocalport */ - unsigned ipremlen; /* length of ipremoteport */ - - /* This indicates the level of logging desired. See SASL_LOG_* - * in sasl.h - * - * Plug-ins can ignore this and just pass their desired level to - * the log callback. This is primarily used to eliminate logging which - * might be a performance problem (e.g., full protocol trace) and - * to select between SASL_LOG_TRACE and SASL_LOG_PASS alternatives - */ - int log_level; - - const sasl_utils_t *utils; /* SASL API utility routines -- - * for a particular sasl_conn_t, - * MUST remain valid until mech_free is - * called */ - const sasl_callback_t *callbacks; /* Callbacks from application */ - - /* application's security requirements */ - sasl_security_properties_t props; - sasl_ssf_t external_ssf; /* external SSF active */ - - /* Pointer to the function which takes the plaintext passphrase and - * transitions a user to non-plaintext mechanisms via setpass calls. - * (NULL = auto transition not enabled/supported) - * - * If passlen is 0, it defaults to strlen(pass). - * returns 0 if no entry added, 1 if entry added - */ - int (*transition)(sasl_conn_t *conn, const char *pass, unsigned passlen); - - /* Canonicalize a user name from on-wire to internal format - * added cjn 1999-09-21 - * Must be called once user name acquired if canon_user is non-NULL. - * conn connection context - * user user name from wire protocol (need not be NUL terminated) - * ulen length of user name from wire protocol (0 = strlen(user)) - * flags for SASL_CU_* flags - * oparams the user, authid, ulen, alen, fields are - * set appropriately after canonicalization/copying and - * authorization of arguments - * - * responsible for setting user, ulen, authid, and alen in the oparams - * structure - * - * default behavior is to strip leading and trailing whitespace, as - * well as allocating space for and copying the parameters. - * - * results: - * SASL_OK -- success - * SASL_NOMEM -- out of memory - * SASL_BADPARAM -- invalid conn - * SASL_BADPROT -- invalid user/authid - */ - int (*canon_user)(sasl_conn_t *conn, - const char *user, unsigned ulen, - unsigned flags, - sasl_out_params_t *oparams); - - /* auxiliary property context (see definitions in prop.h) - * added cjn 2000-01-30 - * - * NOTE: these properties are the ones associated with the - * canonicalized "user" (user to login as / authorization id), not - * the "authid" (user whose credentials are used / authentication id) - * Prefix the property name with a "*" if a property associated with - * the "authid" is interesting. - */ - struct propctx *propctx; - - /* for additions which don't require a version upgrade; set to 0 */ - void *spare_ptr1; - void *spare_ptr2; - void *spare_ptr3; - void *spare_ptr4; - int (*spare_fptr1)(); - int (*spare_fptr2)(); - int spare_int1; - int spare_int2; - int spare_int3; - - /* flags field as passed to sasl_server_new */ - unsigned flags; - - /* set to 0 initially, this allows a plugin with extended parameters - * to work with an older framework by updating version as parameters - * are added. - */ - int param_version; -} sasl_server_params_t; - -/* logging levels (more levels may be added later, if necessary): - */ -#define SASL_LOG_NONE 0 /* don't log anything */ -#define SASL_LOG_ERR 1 /* log unusual errors (default) */ -#define SASL_LOG_FAIL 2 /* log all authentication failures */ -#define SASL_LOG_WARN 3 /* log non-fatal warnings */ -#define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */ -#define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */ -#define SASL_LOG_TRACE 6 /* traces of internal protocols */ -#define SASL_LOG_PASS 7 /* traces of internal protocols, including - * passwords */ - -/* additional flags for setpass() function below: - */ -/* SASL_SET_CREATE create user if pass non-NULL */ -/* SASL_SET_DISABLE disable user */ -#define SASL_SET_REMOVE SASL_SET_CREATE /* remove user if pass is NULL */ - -/* features for server plug-in - */ -#define SASL_FEAT_SERVICE 0x0200 /* service-specific passwords supported */ -#define SASL_FEAT_GETSECRET 0x0400 /* sasl_server_{get,put}secret_t callbacks - * required by plug-in */ - -/* a C object for a server mechanism - */ -typedef struct sasl_server_plug { - /* mechanism name */ - const char *mech_name; - - /* best mech additional security layer strength factor */ - sasl_ssf_t max_ssf; - - /* best security flags, as defined in sasl_security_properties_t */ - unsigned security_flags; - - /* features of plugin */ - unsigned features; - - /* global state for mechanism */ - void *glob_context; - - /* create a new mechanism handler - * glob_context -- global context - * sparams -- server config params - * challenge -- server challenge from previous instance or NULL - * challen -- length of challenge from previous instance or 0 - * out: - * conn_context -- connection context - * errinfo -- error information - * - * returns: - * SASL_OK -- successfully created mech instance - * SASL_* -- any other server error code - */ - int (*mech_new)(void *glob_context, - sasl_server_params_t *sparams, - const char *challenge, - unsigned challen, - void **conn_context); - - /* perform one step in exchange - * - * returns: - * SASL_OK -- success, all done - * SASL_CONTINUE -- success, one more round trip - * SASL_* -- any other server error code - */ - int (*mech_step)(void *conn_context, - sasl_server_params_t *sparams, - const char *clientin, - unsigned clientinlen, - const char **serverout, - unsigned *serveroutlen, - sasl_out_params_t *oparams); - - /* dispose of a connection state - */ - void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); - - /* free global state for mechanism - * mech_dispose must be called on all mechanisms first - */ - void (*mech_free)(void *glob_context, const sasl_utils_t *utils); - - /* set a password (optional) - * glob_context -- global context - * sparams -- service, middleware utilities, etc. props ignored - * user -- user name - * pass -- password/passphrase (NULL = disable/remove/delete) - * passlen -- length of password/passphrase - * oldpass -- old password/passphrase (NULL = transition) - * oldpasslen -- length of password/passphrase - * flags -- see above - * - * returns: - * SASL_NOCHANGE -- no change was needed - * SASL_NOUSER -- no entry for user - * SASL_NOVERIFY -- no mechanism compatible entry for user - * SASL_PWLOCK -- password locked - * SASL_DIABLED -- account disabled - * etc. - */ - int (*setpass)(void *glob_context, - sasl_server_params_t *sparams, - const char *user, - const char *pass, unsigned passlen, - const char *oldpass, unsigned oldpasslen, - unsigned flags); - - /* query which mechanisms are available for user - * glob_context -- context - * sparams -- service, middleware utilities, etc. props ignored - * user -- NUL terminated user name - * maxmech -- max number of strings in mechlist (0 = no output) - * output: - * mechlist -- an array of C string pointers, filled in with - * mechanism names available to the user - * - * returns: - * SASL_OK -- success - * SASL_NOMEM -- not enough memory - * SASL_FAIL -- lower level failure - * SASL_DISABLED -- account disabled - * SASL_NOUSER -- user not found - * SASL_BUFOVER -- maxmech is too small - * SASL_NOVERIFY -- user found, but no mechanisms available - */ - int (*user_query)(void *glob_context, - sasl_server_params_t *sparams, - const char *user, - int maxmech, - const char **mechlist); - - /* perform precalculations during a network round-trip - * or idle period. conn_context may be NULL (optional) - * returns 1 if action taken, 0 if no action taken - */ - int (*idle)(void *glob_context, - void *conn_context, - sasl_server_params_t *sparams); - - /* check if mechanism is available - * optional--if NULL, mechanism is available based on ENABLE= in config - * - * If this routine sets conn_context to a non-NULL value, then the call - * to mech_new will be skipped. This should not be done unless - * there's a significant performance benefit, since it can cause - * additional memory allocation in SASL core code to keep track of - * contexts potentially for multiple mechanisms. - * - * This is called by the first call to sasl_listmech() for a - * given connection context, thus for a given protocol it may - * never be called. Note that if mech_avail returns SASL_NOMECH, - * then that mechanism is considered disabled for the remainder - * of the session. If mech_avail returns SASL_NOTDONE, then a - * future call to mech_avail may still return either SASL_OK - * or SASL_NOMECH. - * - * returns SASL_OK on success, - * SASL_NOTDONE if mech is not available now, but may be later - * (e.g. EXTERNAL w/o auth_id) - * SASL_NOMECH if mech disabled - */ - int (*mech_avail)(void *glob_context, - sasl_server_params_t *sparams, - void **conn_context); - - /* for additions which don't require a version upgrade; set to 0 */ - int (*spare_fptr2)(); -} sasl_server_plug_t; - -#define SASL_SERVER_PLUG_VERSION 4 - -/* plug-in entry point: - * utils -- utility callback functions - * plugname -- name of plug-in (may be NULL) - * max_version -- highest server plug version supported - * returns: - * out_version -- server plug-in version of result - * pluglist -- list of mechanism plug-ins - * plugcount -- number of mechanism plug-ins - * results: - * SASL_OK -- success - * SASL_NOMEM -- failure - * SASL_BADVERS -- max_version too small - * SASL_BADPARAM -- bad config string - * ... - */ -typedef int sasl_server_plug_init_t(const sasl_utils_t *utils, - int max_version, - int *out_version, - sasl_server_plug_t **pluglist, - int *plugcount); - -/* - * add a server plug-in - */ -LIBSASL_API int sasl_server_add_plugin(const char *plugname, - sasl_server_plug_init_t *splugfunc); - - -typedef struct server_sasl_mechanism -{ - int version; - int condition; /* set to SASL_NOUSER if no available users; - set to SASL_CONTINUE if delayed plugin loading */ - char *plugname; /* for AUTHSOURCE tracking */ - const sasl_server_plug_t *plug; - char *f; /* where should i load the mechanism from? */ -} server_sasl_mechanism_t; - -typedef void sasl_server_info_callback_t (server_sasl_mechanism_t *m, - sasl_info_callback_stage_t stage, - void *rock); - - -/* Dump information about available server plugins (separate functions are - used for canon and auxprop plugins) */ -LIBSASL_API int sasl_server_plugin_info (const char *mech_list, - sasl_server_info_callback_t *info_cb, - void *info_cb_rock); - - -/********************************************************* - * user canonicalization plug-in -- added cjn 1999-09-29 * - *********************************************************/ - -typedef struct sasl_canonuser { - /* optional features of plugin (set to 0) */ - int features; - - /* spare integer (set to 0) */ - int spare_int1; - - /* global state for plugin */ - void *glob_context; - - /* name of plugin */ - char *name; - - /* free global state for plugin */ - void (*canon_user_free)(void *glob_context, const sasl_utils_t *utils); - - /* canonicalize a username - * glob_context -- global context from this structure - * sparams -- server params, note user_realm&propctx elements - * user -- user to login as (may not be NUL terminated) - * len -- length of user name (0 = strlen(user)) - * flags -- for SASL_CU_* flags - * out -- buffer to copy user name - * out_max -- max length of user name - * out_len -- set to length of user name - * - * note that the output buffers MAY be the same as the input buffers. - * - * returns - * SASL_OK on success - * SASL_BADPROT username contains invalid character - */ - int (*canon_user_server)(void *glob_context, - sasl_server_params_t *sparams, - const char *user, unsigned len, - unsigned flags, - char *out, - unsigned out_umax, unsigned *out_ulen); - - int (*canon_user_client)(void *glob_context, - sasl_client_params_t *cparams, - const char *user, unsigned len, - unsigned flags, - char *out, - unsigned out_max, unsigned *out_len); - - /* for additions which don't require a version upgrade; set to 0 */ - int (*spare_fptr1)(); - int (*spare_fptr2)(); - int (*spare_fptr3)(); -} sasl_canonuser_plug_t; - -#define SASL_CANONUSER_PLUG_VERSION 5 - -/* default name for canonuser plug-in entry point is "sasl_canonuser_init" - * similar to sasl_server_plug_init model, except only returns one - * sasl_canonuser_plug_t structure; - */ -typedef int sasl_canonuser_init_t(const sasl_utils_t *utils, - int max_version, - int *out_version, - sasl_canonuser_plug_t **plug, - const char *plugname); - -/* add a canonuser plugin - */ -LIBSASL_API int sasl_canonuser_add_plugin(const char *plugname, - sasl_canonuser_init_t *canonuserfunc); - -/****************************************************** - * auxiliary property plug-in -- added cjn 1999-09-29 * - ******************************************************/ - -typedef struct sasl_auxprop_plug { - /* optional features of plugin (none defined yet, set to 0) */ - int features; - - /* spare integer, must be set to 0 */ - int spare_int1; - - /* global state for plugin */ - void *glob_context; - - /* free global state for plugin (OPTIONAL) */ - void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils); - - /* fill in fields of an auxiliary property context - * last element in array has id of SASL_AUX_END - * elements with non-0 len should be ignored. - */ - void (*auxprop_lookup)(void *glob_context, - sasl_server_params_t *sparams, - unsigned flags, - const char *user, unsigned ulen); - - /* name of the auxprop plugin */ - char *name; - - /* store the fields/values of an auxiliary property context (OPTIONAL) - * - * if ctx is NULL, just check if storing properties is enabled - * - * returns - * SASL_OK on success - * SASL_FAIL on failure - */ - int (*auxprop_store)(void *glob_context, - sasl_server_params_t *sparams, - struct propctx *ctx, - const char *user, unsigned ulen); -} sasl_auxprop_plug_t; - -/* auxprop lookup flags */ -#define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties - * with non-zero len field. If set, - * override value of those properties */ -#define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the - * authid flags (prefixed with *), otherwise - * we are looking up the authzid flags - * (no prefix) */ - -#define SASL_AUXPROP_PLUG_VERSION 4 - -/* default name for auxprop plug-in entry point is "sasl_auxprop_init" - * similar to sasl_server_plug_init model, except only returns one - * sasl_auxprop_plug_t structure; - */ -typedef int sasl_auxprop_init_t(const sasl_utils_t *utils, - int max_version, - int *out_version, - sasl_auxprop_plug_t **plug, - const char *plugname); - -/* add an auxiliary property plug-in - */ -LIBSASL_API int sasl_auxprop_add_plugin(const char *plugname, - sasl_auxprop_init_t *auxpropfunc); - -typedef void auxprop_info_callback_t (sasl_auxprop_plug_t *m, - sasl_info_callback_stage_t stage, - void *rock); - -/* Dump information about available auxprop plugins (separate functions are - used for canon and server authentication plugins) */ -LIBSASL_API int auxprop_plugin_info (const char *mech_list, - auxprop_info_callback_t *info_cb, - void *info_cb_rock); - -#ifdef __cplusplus -} -#endif - -#endif /* SASLPLUG_H */ diff --git a/OpenSourceProjects/include/sasl/saslutil.h b/OpenSourceProjects/include/sasl/saslutil.h deleted file mode 100644 index 4755bf5..0000000 --- a/OpenSourceProjects/include/sasl/saslutil.h +++ /dev/null @@ -1,92 +0,0 @@ -/* saslutil.h -- various utility functions in SASL library - */ - -#ifndef SASLUTIL_H -#define SASLUTIL_H 1 - -#ifndef SASL_H -#include "sasl.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* base64 decode - * in -- input data - * inlen -- length of input data - * out -- output data (may be same as in, must have enough space) - * outmax -- max size of output buffer - * result: - * outlen -- actual output length - * - * returns SASL_BADPROT on bad base64, - * SASL_BUFOVER if result won't fit - * SASL_OK on success - */ -LIBSASL_API int sasl_decode64(const char *in, unsigned inlen, - char *out, unsigned outmax, unsigned *outlen); - -/* base64 encode - * in -- input data - * inlen -- input data length - * out -- output buffer (will be NUL terminated) - * outmax -- max size of output buffer - * result: - * outlen -- gets actual length of output buffer (optional) - * - * Returns SASL_OK on success, SASL_BUFOVER if result won't fit - */ -LIBSASL_API int sasl_encode64(const char *in, unsigned inlen, - char *out, unsigned outmax, unsigned *outlen); - -/* make a challenge string (NUL terminated) - * buf -- buffer for result - * maxlen -- max length of result - * hostflag -- 0 = don't include hostname, 1 = include hostname - * returns final length or 0 if not enough space - */ -LIBSASL_API int sasl_mkchal(sasl_conn_t *conn, char *buf, - unsigned maxlen, unsigned hostflag); - -/* verify a string is valid UTF-8 - * if len == 0, strlen(str) will be used. - * returns SASL_BADPROT on error, SASL_OK on success - */ -LIBSASL_API int sasl_utf8verify(const char *str, unsigned len); - -/* create random pool seeded with OS-based params */ -LIBSASL_API int sasl_randcreate(sasl_rand_t **rpool); - -/* free random pool from randcreate */ -LIBSASL_API void sasl_randfree(sasl_rand_t **rpool); - -/* seed random number generator */ -LIBSASL_API void sasl_randseed(sasl_rand_t *rpool, const char *seed, - unsigned len); - -/* generate random octets */ -LIBSASL_API void sasl_rand(sasl_rand_t *rpool, char *buf, unsigned len); - -/* churn data into random number generator */ -LIBSASL_API void sasl_churn(sasl_rand_t *rpool, const char *data, - unsigned len); - -/* erase a security sensitive buffer or password. - * Implementation may use recovery-resistant erase logic. - */ -LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len); - -#ifdef WIN32 -/* Just in case a different DLL defines this as well */ -#if defined(NEED_GETOPT) -LIBSASL_API int getopt(int argc, char **argv, char *optstring); -#endif -LIBSASL_API char * getpass(const char *prompt); -#endif /* WIN32 */ - -#ifdef __cplusplus -} -#endif - -#endif /* SASLUTIL_H */ diff --git a/Scripts/BuildScripts/buildlibetpan.py b/Scripts/BuildScripts/buildlibetpan.py index bf78a9e..3280ebc 100644 --- a/Scripts/BuildScripts/buildlibetpan.py +++ b/Scripts/BuildScripts/buildlibetpan.py @@ -10,13 +10,13 @@ if __name__ == "__main__": projectpath = projectutils.expandArchive(os.path.abspath("OpenSourceProjects/"),"libetpan") os.chdir(projectpath) print "Building libetpan i386" - os.system('env CPPFLAGS="-isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -I`pwd`/../include/" ./configure --disable-dependency-tracking --host i386') + os.system('env CPPFLAGS="-isysroot /Developer/SDKs/MacOSX10.5.sdk -arch i386" ./configure --disable-dependency-tracking --host i386') os.system('make') os.system('mkdir i386') os.system('mv src/.libs/*.a i386') print "Building libetpan PPC" os.system('make clean') - os.system('env CPPFLAGS="-isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -I`pwd`/../include/" ./configure --disable-dependency-tracking --host ppc') + os.system('env CPPFLAGS="-isysroot /Developer/SDKs/MacOSX10.5.sdk -arch ppc" ./configure --disable-dependency-tracking --host ppc') os.system('make') os.system('mkdir ppc') os.system('mv src/.libs/*.a ppc')