X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/0756eb3cb50d73a77b486e47528f7cb1bffdb299..master:/src/src/auths/README diff --git a/src/src/auths/README b/src/src/auths/README index 190505f25..66bdcdcf8 100644 --- a/src/src/auths/README +++ b/src/src/auths/README @@ -1,5 +1,3 @@ -$Cambridge: exim/src/src/auths/README,v 1.1 2004/10/07 13:10:00 ph10 Exp $ - AUTHS The modules in this directory are in support of various authentication @@ -23,7 +21,7 @@ The API for each of these functions is documented with the function's code. INTERFACE TO SMTP AUTHENTICATION MECHANISMS -These are general SSL mechanisms, adapted for use with SMTP. Each +These are general SASL mechanisms, adapted for use with SMTP. Each authentication mechanism has three functions, for initialization, server authentication, and client authentication. @@ -36,7 +34,7 @@ instance block for this configured mechanism. It must set the flags called the server and/or client functions are available for this authenticator. Typically this depends on whether server or client configuration options have been set, but it is also possible to have an authenticator that has only one of -the server or client functions. +the server or client functions. The function may not touch big_buffer. SERVER AUTHENTICATION @@ -44,9 +42,10 @@ The second function performs authentication as a server. It receives a pointer to the instance block, and its second argument is the remainder of the data from the AUTH command. The numeric variable maximum setting (expand_nmax) is set to zero, with $0 initialized as unset. The authenticator may set up numeric -variables according to its specification; it should leave expand_nmax set at -the end so that they can be used for the expansion of the generic server_set_id -option, which happens centrally. +variables according to its (old) specification and $auth variables the +preferred ones nowadays; it should leave them set at the end so that they can +be used for the expansion of the generic server_set_id option, which happens +centrally. This function has access to the SMTP input and output so that it can write intermediate responses and read more data if necessary. There is a packaged @@ -57,7 +56,8 @@ The yield of a server authentication check must be one of: OK success DEFER couldn't complete the check FAIL authentication failed - CANCELLED authentication forced to fail by "*" response to challenge + CANCELLED authentication forced to fail by "*" response to challenge, + or by certain forced string expansion failures BAD64 bad base64 data received UNEXPECTED unexpected data received @@ -68,7 +68,7 @@ CLIENT AUTHENTICATION The third function performs authentication as a client. It receives a pointer to the instance block, and four further arguments: - The smtp_inblock item for the connection to the remote host. + The smtp_context item for the connection to the remote host. The normal command-reading timeout value. @@ -85,7 +85,8 @@ The yield of a client authentication check must be one of: FAIL failed after reading a response; either errno is set (for timeouts, I/O failures) or the buffer contains the SMTP response line - FORCEFAIL failed without reading a response (often "fail" in expansion) + CANCELLED the client cancelled authentication (often "fail" in expansion) + the buffer may contain a message; if not, *buffer = 0 ERROR local problem (typically expansion error); message in buffer To communicate with the remote host the client should call