1 #ifndef AUTH_CLIENT_INTERFACE_H 2 #define AUTH_CLIENT_INTERFACE_H 3 4 /* Major version changes are not backwards compatible, 5 minor version numbers can be ignored. */ 6 #define AUTH_CLIENT_PROTOCOL_MAJOR_VERSION 1 7 #define AUTH_CLIENT_PROTOCOL_MINOR_VERSION 2 8 9 /* GSSAPI can use quite large packets */ 10 #define AUTH_CLIENT_MAX_LINE_LENGTH 16384 11 12 enum mech_security_flags { 13 /* Don't advertise this as available SASL mechanism (eg. APOP) */ 14 MECH_SEC_PRIVATE = 0x0001, 15 /* Anonymous authentication */ 16 MECH_SEC_ANONYMOUS = 0x0002, 17 /* Transfers plaintext passwords */ 18 MECH_SEC_PLAINTEXT = 0x0004, 19 /* Subject to passive (dictionary) attack */ 20 MECH_SEC_DICTIONARY = 0x0008, 21 /* Subject to active (non-dictionary) attack */ 22 MECH_SEC_ACTIVE = 0x0010, 23 /* Provides forward secrecy between sessions */ 24 MECH_SEC_FORWARD_SECRECY = 0x0020, 25 /* Provides mutual authentication */ 26 MECH_SEC_MUTUAL_AUTH = 0x0040, 27 /* Allow NULs in input data */ 28 MECH_SEC_ALLOW_NULS = 0x0080, 29 }; 30 31 /* auth failure codes */ 32 #define AUTH_CLIENT_FAIL_CODE_AUTHZFAILED "authz_fail" 33 #define AUTH_CLIENT_FAIL_CODE_TEMPFAIL "temp_fail" 34 #define AUTH_CLIENT_FAIL_CODE_USER_DISABLED "user_disabled" 35 #define AUTH_CLIENT_FAIL_CODE_PASS_EXPIRED "pass_expired" 36 #define AUTH_CLIENT_FAIL_CODE_INVALID_BASE64 "invalid_base64" 37 38 /* not actually returned from auth service */ 39 #define AUTH_CLIENT_FAIL_CODE_MECH_INVALID "auth_mech_invalid" 40 #define AUTH_CLIENT_FAIL_CODE_MECH_SSL_REQUIRED "auth_mech_ssl_required" 41 #define AUTH_CLIENT_FAIL_CODE_ANONYMOUS_DENIED "anonymous_denied" 42 43 #endif 44