Summary: Isode provides a number of APIs which allow integrators and product developers to build components that allow client programs to connect to, query and modify data in the directory.

Functions

DS_Status DS_SASLProps_New (DS_SASLProps **props_p)
 Allocate a new DS_SASLProps structure. More...
 
void DS_SASLProps_Delete (DS_SASLProps *props)
 Delete a DS_SASLProps structure. More...
 
DS_Status DS_SASLProps_Copy (const DS_SASLProps *in, DS_SASLProps **copy_p)
 Copy a DS_SASLProps structure. More...
 
DS_Status DS_SASLProps_SetSSF (DS_SASLProps *props, int min_ssf, int max_ssf)
 Set or clear the security strength factor (SSF) associated with this SASLProps. More...
 
DS_Status DS_SASLProps_GetSSF (const DS_SASLProps *props, int *min_ssf_p, int *max_ssf_p)
 Determine the security strength factor (SSF) associated with this SASLProps. More...
 
DS_Status DS_SASLProps_SetMaxBufferSize (DS_SASLProps *props, int maxbufsize)
 Set the security layer maximum buffer size associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetNoPlaintext (DS_SASLProps *props, int noplain)
 Set the "NoPlaintext" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetNoActive (DS_SASLProps *props, int noactive)
 Set the "NoActive" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetNoDictionary (DS_SASLProps *props, int nodict)
 Set the "NoDictionary" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetForwardSecrecy (DS_SASLProps *props, int forwardsec)
 Set the "ForwardSecrecy" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetNoAnonymous (DS_SASLProps *props, int noanonymous)
 Set the "NoAnonymous" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetPassCredentials (DS_SASLProps *props, int passcred)
 Set the "PassCredentials" flag associated with with this SASLProps. More...
 
DS_Status DS_SASLProps_SetADcompat (DS_SASLProps *props, int enable)
 Set or clear the "Active Directory compatibility" flag associated with this SASLProps. More...
 

Detailed Description

Function Documentation

DS_Status DS_SASLProps_New ( DS_SASLProps **  props_p)

Allocate a new DS_SASLProps structure.

Parameters
[out]props_pReturn pointer. The caller should delete this using DS_SASLProps_Delete
Return values
DS_E_NOERRORa DS_SASLProps structure was returned
DS_E_MOMEMORYAn internal memory allocation failed
Since
DSAPI_VERSION 2041
void DS_SASLProps_Delete ( DS_SASLProps props)

Delete a DS_SASLProps structure.

Parameters
[in]propsstructure to delete (may be null)
Since
DSAPI_VERSION 2041
DS_Status DS_SASLProps_Copy ( const DS_SASLProps in,
DS_SASLProps **  copy_p 
)

Copy a DS_SASLProps structure.

The caller is responsible for freeing the copied structure using DS_SASLProps_Delete.

Parameters
[in]inthe DS_SASLProps to copy
[out]copy_pPointer to returned copy.
Return values
DS_E_BADPARAMin or copy_p was NULL
DS_E_MOMEMORYAn internal memory allocation failed
DS_E_NOERRORA valid handle was returned
Since
DSAPI_VERSION 2041
DS_Status DS_SASLProps_SetSSF ( DS_SASLProps props,
int  min_ssf,
int  max_ssf 
)

Set or clear the security strength factor (SSF) associated with this SASLProps.

The min_ssf and max_ssf options contain minimal and maximal SSF values. SSF is an integer that may be used to specify the desired approximate security layer strength. Values roughly correspond to the effective key length for encryption, where 0 = no protection 1 = integrity protection only >1 = key length of the cipher.

Note that for a system without a full HGE license, certain SSF values may disallowed.

The constant DS_SASL_BEST_SSF may be used to request the "best available" security strength factor.

Parameters
[in]propsSASLProps structure to be updated.
[in]min_ssfminimum SSF. Use -1 to indicate no minimum SSF be specified.
[in]max_ssfminimum SSF. Use -1 to indicate no maximum SSF be specified.
Return values
DS_E_BADPARAMprops was NULL, or either min_ssf or max_ssf specified an invalid value, or min_ssf is greater than max_ssf
DS_E_NOTIMPLEMENTEDif max_ssf specifies a value greater than that allowed by the current license.
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2041
DS_Status DS_SASLProps_GetSSF ( const DS_SASLProps props,
int *  min_ssf_p,
int *  max_ssf_p 
)

Determine the security strength factor (SSF) associated with this SASLProps.

Parameters
[in]propsSASLProps structure
[out]min_ssf_ppointer to receive value of minimum SSF. A value of -1 means that no minimum SSF is specified.
[out]max_ssf_ppointer to receive value of maximum SSF. A value of -1 means that no maximum SSF is specified.
Return values
DS_E_BADPARAMprops or min_ssf_p or max_ssf_p was NULL
DS_E_NOERRORthe values were returned.
Since
DSAPI_VERSION 2041
DS_Status DS_SASLProps_SetMaxBufferSize ( DS_SASLProps props,
int  maxbufsize 
)

Set the security layer maximum buffer size associated with with this SASLProps.

Security layers require an additional layer of buffering in between the network and the PDUs.

Parameters
[in]propsSASLProps structure
[in]maxbufsizethe new value to set. Use -1 to indicate default buffers, 0 to indicate no buffers (and no security layers), other values indicate the size of the buffer.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetNoPlaintext ( DS_SASLProps props,
int  noplain 
)

Set the "NoPlaintext" flag associated with with this SASLProps.

Mechanisms like PLAIN and LOGIN are considered "plaintext".

Parameters
[in]propsSASLProps structure
[in]noplainthe new value to set. Non-zero means plaintext mechanisms are not allowed, zero means they are allowed.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetNoActive ( DS_SASLProps props,
int  noactive 
)

Set the "NoActive" flag associated with with this SASLProps.

Some mechanisms protect against active (non-dictionary) attacks during the authentication exchange.

Parameters
[in]propsSASLProps structure
[in]noactivethe new value to set. Non-zero means require mechanisms that protect against active attacks, zero means allow ones that don't.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetNoDictionary ( DS_SASLProps props,
int  nodict 
)

Set the "NoDictionary" flag associated with with this SASLProps.

Some mechanisms protect against passive (dictionary) attacks during the authentication exchange.

Parameters
[in]propsSASLProps structure
[in]nodictthe new value to set. Non-zero means require mechanisms that protect against passive attacks, zero means allow ones that don't.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetForwardSecrecy ( DS_SASLProps props,
int  forwardsec 
)

Set the "ForwardSecrecy" flag associated with with this SASLProps.

Some mechanisms ensure that secrecy is maintained in subsequent sessions even if the current one is broken.

Parameters
[in]propsSASLProps structure
[in]forwardsecthe new value to set. Non-zero means require mechanisms that provide forward secrecy, zero means allow ones that don't.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetNoAnonymous ( DS_SASLProps props,
int  noanonymous 
)

Set the "NoAnonymous" flag associated with with this SASLProps.

Some mechanisms allow effectively anonymous authentication.

Parameters
[in]propsSASLProps structure
[in]noanonymousthe new value to set. Non-zero means anonymous mechanisms are not allowed, zero means they are allowed.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetPassCredentials ( DS_SASLProps props,
int  passcred 
)

Set the "PassCredentials" flag associated with with this SASLProps.

Some mechanisms allow client credentials to be passed.

Parameters
[in]propsSASLProps structure
[in]passcredthe new value to set. Non-zero means mechanisms that pass client credentials are allowed, zero means they are not allowed.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2043
DS_Status DS_SASLProps_SetADcompat ( DS_SASLProps props,
int  enable 
)

Set or clear the "Active Directory compatibility" flag associated with this SASLProps.

RFC 4752 Section 3.3 defines three bits that determine the level of security used for GSSAPI binds:

1 No security layer 2 Integrity protection 4 Confidentiality protection

Since the GSS-API requires that integrity protection be provided when confidentiality is requested, the default behaviour for a DSAPI client when performing a SASL/GSSAPI that requires confidentiality is just to set the "confidentiality" bit.

However, Active Directory requires that when confidentiality is requested, the "integrity" option MUST be specified as well. Callers may therefore use the "Active Directory compatibility" setting which will set values which accord with Active Directory's requirements.

Note that some servers may reject a bind from a client which requires both integrity AND confidentiality in this way, which means that the "Active Directory compatibility" mode may cause connections to fail (i.e. it may not always be appropriate to enable this option).

This flag has no effect for SASL binds which are not using GSSAPI.

Parameters
[in]propsSASLProps structure to be updated.
[in]enableflag to set. Use zero to indicate that the flag be disabled, non-zero to enable the flag.
Return values
DS_E_BADPARAMprops was NULL
DS_E_NOERRORthe properties were updated
Since
DSAPI_VERSION 2042