Functions | |
| DS_Status | DS_SASLProps_New (DS_SASLProps **props_p) |
| Allocate a new DS_SASLProps structure. More... | |
| void | DS_SASLProps_Delete (DS_SASLProps *props) |
| Delete a DS_SASLProps structure. More... | |
| DS_Status | DS_SASLProps_Copy (const DS_SASLProps *in, DS_SASLProps **copy_p) |
| Copy a DS_SASLProps structure. More... | |
| DS_Status | DS_SASLProps_SetSSF (DS_SASLProps *props, int min_ssf, int max_ssf) |
| Set or clear the security strength factor (SSF) associated with this SASLProps. More... | |
| DS_Status | DS_SASLProps_GetSSF (const DS_SASLProps *props, int *min_ssf_p, int *max_ssf_p) |
| Determine the security strength factor (SSF) associated with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetMaxBufferSize (DS_SASLProps *props, int maxbufsize) |
| Set the security layer maximum buffer size associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetNoPlaintext (DS_SASLProps *props, int noplain) |
| Set the "NoPlaintext" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetNoActive (DS_SASLProps *props, int noactive) |
| Set the "NoActive" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetNoDictionary (DS_SASLProps *props, int nodict) |
| Set the "NoDictionary" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetForwardSecrecy (DS_SASLProps *props, int forwardsec) |
| Set the "ForwardSecrecy" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetNoAnonymous (DS_SASLProps *props, int noanonymous) |
| Set the "NoAnonymous" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetPassCredentials (DS_SASLProps *props, int passcred) |
| Set the "PassCredentials" flag associated with with this SASLProps. More... | |
| DS_Status | DS_SASLProps_SetADcompat (DS_SASLProps *props, int enable) |
| Set or clear the "Active Directory compatibility" flag associated with this SASLProps. More... | |
Detailed Description
Function Documentation
◆ DS_SASLProps_New()
| DS_Status DS_SASLProps_New | ( | DS_SASLProps ** | props_p | ) |
Allocate a new DS_SASLProps structure.
- Parameters
-
[out] props_p Return pointer. The caller should delete this using DS_SASLProps_Delete
- Return values
-
DS_E_NOERROR a DS_SASLProps structure was returned DS_E_MOMEMORY An internal memory allocation failed
- Since
- DSAPI_VERSION 2041
◆ DS_SASLProps_Delete()
| void DS_SASLProps_Delete | ( | DS_SASLProps * | props | ) |
Delete a DS_SASLProps structure.
- Parameters
-
[in] props structure to delete (may be null)
- Since
- DSAPI_VERSION 2041
◆ DS_SASLProps_Copy()
| DS_Status DS_SASLProps_Copy | ( | const DS_SASLProps * | in, |
| DS_SASLProps ** | copy_p | ||
| ) |
Copy a DS_SASLProps structure.
The caller is responsible for freeing the copied structure using DS_SASLProps_Delete.
- Parameters
-
[in] in the DS_SASLProps to copy [out] copy_p Pointer to returned copy.
- Return values
-
DS_E_BADPARAM in or copy_p was NULL DS_E_MOMEMORY An internal memory allocation failed DS_E_NOERROR A valid handle was returned
- Since
- DSAPI_VERSION 2041
◆ DS_SASLProps_SetSSF()
| DS_Status DS_SASLProps_SetSSF | ( | DS_SASLProps * | props, |
| int | min_ssf, | ||
| int | max_ssf | ||
| ) |
Set or clear the security strength factor (SSF) associated with this SASLProps.
The min_ssf and max_ssf options contain minimal and maximal SSF values. SSF is an integer that may be used to specify the desired approximate security layer strength. Values roughly correspond to the effective key length for encryption, where 0 = no protection 1 = integrity protection only >1 = key length of the cipher.
Note that for a system without a full HGE license, certain SSF values may disallowed.
The constant DS_SASL_BEST_SSF may be used to request the "best available" security strength factor.
- Parameters
-
[in] props SASLProps structure to be updated. [in] min_ssf minimum SSF. Use -1 to indicate no minimum SSF be specified. [in] max_ssf minimum SSF. Use -1 to indicate no maximum SSF be specified.
- Return values
-
DS_E_BADPARAM props was NULL, or either min_ssf or max_ssf specified an invalid value, or min_ssf is greater than max_ssf DS_E_NOTIMPLEMENTED if max_ssf specifies a value greater than that allowed by the current license. DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2041
◆ DS_SASLProps_GetSSF()
| DS_Status DS_SASLProps_GetSSF | ( | const DS_SASLProps * | props, |
| int * | min_ssf_p, | ||
| int * | max_ssf_p | ||
| ) |
Determine the security strength factor (SSF) associated with this SASLProps.
- Parameters
-
[in] props SASLProps structure [out] min_ssf_p pointer to receive value of minimum SSF. A value of -1 means that no minimum SSF is specified. [out] max_ssf_p pointer to receive value of maximum SSF. A value of -1 means that no maximum SSF is specified.
- Return values
-
DS_E_BADPARAM props or min_ssf_p or max_ssf_p was NULL DS_E_NOERROR the values were returned.
- Since
- DSAPI_VERSION 2041
◆ DS_SASLProps_SetMaxBufferSize()
| DS_Status DS_SASLProps_SetMaxBufferSize | ( | DS_SASLProps * | props, |
| int | maxbufsize | ||
| ) |
Set the security layer maximum buffer size associated with with this SASLProps.
Security layers require an additional layer of buffering in between the network and the PDUs.
- Parameters
-
[in] props SASLProps structure [in] maxbufsize the new value to set. Use -1 to indicate default buffers, 0 to indicate no buffers (and no security layers), other values indicate the size of the buffer.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetNoPlaintext()
| DS_Status DS_SASLProps_SetNoPlaintext | ( | DS_SASLProps * | props, |
| int | noplain | ||
| ) |
Set the "NoPlaintext" flag associated with with this SASLProps.
Mechanisms like PLAIN and LOGIN are considered "plaintext".
- Parameters
-
[in] props SASLProps structure [in] noplain the new value to set. Non-zero means plaintext mechanisms are not allowed, zero means they are allowed.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetNoActive()
| DS_Status DS_SASLProps_SetNoActive | ( | DS_SASLProps * | props, |
| int | noactive | ||
| ) |
Set the "NoActive" flag associated with with this SASLProps.
Some mechanisms protect against active (non-dictionary) attacks during the authentication exchange.
- Parameters
-
[in] props SASLProps structure [in] noactive the new value to set. Non-zero means require mechanisms that protect against active attacks, zero means allow ones that don't.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetNoDictionary()
| DS_Status DS_SASLProps_SetNoDictionary | ( | DS_SASLProps * | props, |
| int | nodict | ||
| ) |
Set the "NoDictionary" flag associated with with this SASLProps.
Some mechanisms protect against passive (dictionary) attacks during the authentication exchange.
- Parameters
-
[in] props SASLProps structure [in] nodict the new value to set. Non-zero means require mechanisms that protect against passive attacks, zero means allow ones that don't.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetForwardSecrecy()
| DS_Status DS_SASLProps_SetForwardSecrecy | ( | DS_SASLProps * | props, |
| int | forwardsec | ||
| ) |
Set the "ForwardSecrecy" flag associated with with this SASLProps.
Some mechanisms ensure that secrecy is maintained in subsequent sessions even if the current one is broken.
- Parameters
-
[in] props SASLProps structure [in] forwardsec the new value to set. Non-zero means require mechanisms that provide forward secrecy, zero means allow ones that don't.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetNoAnonymous()
| DS_Status DS_SASLProps_SetNoAnonymous | ( | DS_SASLProps * | props, |
| int | noanonymous | ||
| ) |
Set the "NoAnonymous" flag associated with with this SASLProps.
Some mechanisms allow effectively anonymous authentication.
- Parameters
-
[in] props SASLProps structure [in] noanonymous the new value to set. Non-zero means anonymous mechanisms are not allowed, zero means they are allowed.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetPassCredentials()
| DS_Status DS_SASLProps_SetPassCredentials | ( | DS_SASLProps * | props, |
| int | passcred | ||
| ) |
Set the "PassCredentials" flag associated with with this SASLProps.
Some mechanisms allow client credentials to be passed.
- Parameters
-
[in] props SASLProps structure [in] passcred the new value to set. Non-zero means mechanisms that pass client credentials are allowed, zero means they are not allowed.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2043
◆ DS_SASLProps_SetADcompat()
| DS_Status DS_SASLProps_SetADcompat | ( | DS_SASLProps * | props, |
| int | enable | ||
| ) |
Set or clear the "Active Directory compatibility" flag associated with this SASLProps.
RFC 4752 Section 3.3 defines three bits that determine the level of security used for GSSAPI binds:
1 No security layer 2 Integrity protection 4 Confidentiality protection
Since the GSS-API requires that integrity protection be provided when confidentiality is requested, the default behaviour for a DSAPI client when performing a SASL/GSSAPI that requires confidentiality is just to set the "confidentiality" bit.
However, Active Directory requires that when confidentiality is requested, the "integrity" option MUST be specified as well. Callers may therefore use the "Active Directory compatibility" setting which will set values which accord with Active Directory's requirements.
Note that some servers may reject a bind from a client which requires both integrity AND confidentiality in this way, which means that the "Active Directory compatibility" mode may cause connections to fail (i.e. it may not always be appropriate to enable this option).
This flag has no effect for SASL binds which are not using GSSAPI.
- Parameters
-
[in] props SASLProps structure to be updated. [in] enable flag to set. Use zero to indicate that the flag be disabled, non-zero to enable the flag.
- Return values
-
DS_E_BADPARAM props was NULL DS_E_NOERROR the properties were updated
- Since
- DSAPI_VERSION 2042