Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/libsaslc Changes from Anon Ymous:
details: https://anonhg.NetBSD.org/src/rev/fb0a758112b5
branches: trunk
changeset: 761946:fb0a758112b5
user: christos <christos%NetBSD.org@localhost>
date: Fri Feb 11 23:44:42 2011 +0000
description:
Changes from Anon Ymous:
Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage
The API changes have been heavily influenced by hooking this up to
postfix(1).
The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)
The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.
The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.
The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.
Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.
Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.
BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
diffstat:
crypto/external/bsd/libsaslc/dist/doc/library.txt | 2 +-
crypto/external/bsd/libsaslc/dist/include/saslc.h | 34 +-
crypto/external/bsd/libsaslc/dist/index.html | 2 +-
crypto/external/bsd/libsaslc/dist/man/libsaslc.3 | 772 ++-
crypto/external/bsd/libsaslc/dist/ref/index.txt | 17 +
crypto/external/bsd/libsaslc/dist/ref/rfc4422.txt | 1851 +++++++
crypto/external/bsd/libsaslc/dist/ref/rfc4505.txt | 507 ++
crypto/external/bsd/libsaslc/dist/ref/rfc4616.txt | 619 ++
crypto/external/bsd/libsaslc/dist/ref/rfc4752.txt | 563 ++
crypto/external/bsd/libsaslc/dist/soc.html | 2 +-
crypto/external/bsd/libsaslc/dist/src/Makefile | 30 +-
crypto/external/bsd/libsaslc/dist/src/Makefile.bsd | 33 +-
crypto/external/bsd/libsaslc/dist/src/buffer.c | 301 +
crypto/external/bsd/libsaslc/dist/src/buffer.h | 51 +
crypto/external/bsd/libsaslc/dist/src/crypto.c | 332 +-
crypto/external/bsd/libsaslc/dist/src/crypto.h | 18 +-
crypto/external/bsd/libsaslc/dist/src/dict.c | 198 +-
crypto/external/bsd/libsaslc/dist/src/dict.h | 11 +-
crypto/external/bsd/libsaslc/dist/src/error.c | 9 +-
crypto/external/bsd/libsaslc/dist/src/error.h | 10 +-
crypto/external/bsd/libsaslc/dist/src/list.c | 289 +
crypto/external/bsd/libsaslc/dist/src/list.h | 54 +
crypto/external/bsd/libsaslc/dist/src/mech.c | 181 +-
crypto/external/bsd/libsaslc/dist/src/mech.h | 120 +-
crypto/external/bsd/libsaslc/dist/src/mech_anonymous.c | 34 +-
crypto/external/bsd/libsaslc/dist/src/mech_crammd5.c | 105 +-
crypto/external/bsd/libsaslc/dist/src/mech_digestmd5.c | 2316 ++++++++-
crypto/external/bsd/libsaslc/dist/src/mech_external.c | 29 +-
crypto/external/bsd/libsaslc/dist/src/mech_gssapi.c | 1033 +++-
crypto/external/bsd/libsaslc/dist/src/mech_login.c | 44 +-
crypto/external/bsd/libsaslc/dist/src/mech_plain.c | 63 +-
crypto/external/bsd/libsaslc/dist/src/msg.c | 80 +
crypto/external/bsd/libsaslc/dist/src/msg.h | 49 +
crypto/external/bsd/libsaslc/dist/src/parser.c | 398 +-
crypto/external/bsd/libsaslc/dist/src/parser.h | 10 +-
crypto/external/bsd/libsaslc/dist/src/saslc.c | 175 +-
crypto/external/bsd/libsaslc/dist/src/saslc_private.h | 37 +-
crypto/external/bsd/libsaslc/dist/src/xsess.c | 590 +-
crypto/external/bsd/libsaslc/dist/style.css | 2 +-
crypto/external/bsd/libsaslc/dist/test/Makefile | 55 +-
crypto/external/bsd/libsaslc/dist/test/example_client.c | 25 +-
crypto/external/bsd/libsaslc/dist/test/hash_tests/Makefile | 12 +
crypto/external/bsd/libsaslc/dist/test/hash_tests/test_hash.c | 185 +
crypto/external/bsd/libsaslc/dist/test/parser_tests/test2/saslc.conf | 7 +-
crypto/external/bsd/libsaslc/dist/test/parser_tests/test4/saslc.conf | 2 +
crypto/external/bsd/libsaslc/dist/test/t_crypto.c | 263 +-
crypto/external/bsd/libsaslc/dist/test/t_dict.c | 182 +-
crypto/external/bsd/libsaslc/dist/test/t_error.c | 12 +-
crypto/external/bsd/libsaslc/dist/test/t_parser.c | 45 +-
crypto/external/bsd/libsaslc/dist/test/t_saslc.c | 20 +-
crypto/external/bsd/libsaslc/dist/test/t_session.c | 28 +-
crypto/external/bsd/libsaslc/lib/Makefile | 24 +-
52 files changed, 9854 insertions(+), 1977 deletions(-)
diffs (truncated from 13947 to 300 lines):
diff -r 4468cd7f0f31 -r fb0a758112b5 crypto/external/bsd/libsaslc/dist/doc/library.txt
--- a/crypto/external/bsd/libsaslc/dist/doc/library.txt Fri Feb 11 23:08:38 2011 +0000
+++ b/crypto/external/bsd/libsaslc/dist/doc/library.txt Fri Feb 11 23:44:42 2011 +0000
@@ -1,7 +1,7 @@
SASL client library - draft
---------------------------
-Version: $Id: library.txt,v 1.2 2011/01/29 23:35:30 agc Exp $
+Version: $NetBSD: library.txt,v 1.3 2011/02/11 23:44:42 christos Exp $
1. Typedefs
diff -r 4468cd7f0f31 -r fb0a758112b5 crypto/external/bsd/libsaslc/dist/include/saslc.h
--- a/crypto/external/bsd/libsaslc/dist/include/saslc.h Fri Feb 11 23:08:38 2011 +0000
+++ b/crypto/external/bsd/libsaslc/dist/include/saslc.h Fri Feb 11 23:44:42 2011 +0000
@@ -1,4 +1,4 @@
-/* $Id: saslc.h,v 1.2 2011/01/29 23:35:30 agc Exp $ */
+/* $NetBSD: saslc.h,v 1.3 2011/02/11 23:44:42 christos Exp $ */
/* Copyright (c) 2010 The NetBSD Foundation, Inc.
* All rights reserved.
@@ -41,32 +41,52 @@
#include <stdbool.h>
#include <stdlib.h>
+/* properties */
+#define SASLC_PROP_AUTHCID "AUTHCID"
+#define SASLC_PROP_AUTHZID "AUTHZID"
+#define SASLC_PROP_BASE64IO "BASE64IO"
+#define SASLC_PROP_CIPHERMASK "CIPHERMASK"
+#define SASLC_PROP_DEBUG "DEBUG"
+#define SASLC_PROP_HOSTNAME "HOSTNAME"
+#define SASLC_PROP_MAXBUF "MAXBUF"
+#define SASLC_PROP_PASSWD "PASSWD"
+#define SASLC_PROP_QOPMASK "QOPMASK"
+#define SASLC_PROP_REALM "REALM"
+#define SASLC_PROP_SECURITY "SECURITY"
+#define SASLC_PROP_SERVICE "SERVICE"
+#define SASLC_PROP_SERVICENAME "SERVICENAME"
+
+/* environment variables */
+#define SASLC_ENV_CONFIG "SASLC_CONFIG"
+#define SASLC_ENV_DEBUG "SASLC_DEBUG"
+
+/* opaque types */
typedef struct saslc_t saslc_t;
typedef struct saslc_sess_t saslc_sess_t;
/* begin and end */
saslc_t *saslc_alloc(void);
-int saslc_init(saslc_t *, const char *);
-int saslc_end(saslc_t *, bool);
+int saslc_init(saslc_t *, const char *, const char *);
+int saslc_end(saslc_t *);
/* error */
const char *saslc_strerror(saslc_t *);
const char *saslc_sess_strerror(saslc_sess_t *);
/* session begin and end */
-saslc_sess_t *saslc_sess_init(saslc_t *, const char *);
+saslc_sess_t *saslc_sess_init(saslc_t *, const char *, const char *);
void saslc_sess_end(saslc_sess_t *);
/* session properties */
int saslc_sess_setprop(saslc_sess_t *, const char *, const char *);
const char *saslc_sess_getprop(saslc_sess_t *, const char *);
-const char *saslc_sess_strmech(saslc_sess_t *);
+const char *saslc_sess_getmech(saslc_sess_t *);
/* session management */
int saslc_sess_cont(saslc_sess_t *, const void *, size_t, void **, size_t *);
-int saslc_sess_encode(saslc_sess_t *, const void *, size_t, void **,
+ssize_t saslc_sess_encode(saslc_sess_t *, const void *, size_t, void **,
size_t *);
-int saslc_sess_decode(saslc_sess_t *, const void *, size_t, void **,
+ssize_t saslc_sess_decode(saslc_sess_t *, const void *, size_t, void **,
size_t *);
#endif /* ! _SASLC_H_ */
diff -r 4468cd7f0f31 -r fb0a758112b5 crypto/external/bsd/libsaslc/dist/index.html
--- a/crypto/external/bsd/libsaslc/dist/index.html Fri Feb 11 23:08:38 2011 +0000
+++ b/crypto/external/bsd/libsaslc/dist/index.html Fri Feb 11 23:44:42 2011 +0000
@@ -107,7 +107,7 @@
<td>
<table>
<tr> <td> Mateusz Kocielski <<tt>m.kocielski%gmail.com@localhost</tt>> </td> </tr>
- <tr> <td> $Id: index.html,v 1.2 2011/01/29 23:35:30 agc Exp $ </td> </tr>
+ <tr> <td> $NetBSD: index.html,v 1.3 2011/02/11 23:44:42 christos Exp $ </td> </tr>
</table>
</td>
</tr>
diff -r 4468cd7f0f31 -r fb0a758112b5 crypto/external/bsd/libsaslc/dist/man/libsaslc.3
--- a/crypto/external/bsd/libsaslc/dist/man/libsaslc.3 Fri Feb 11 23:08:38 2011 +0000
+++ b/crypto/external/bsd/libsaslc/dist/man/libsaslc.3 Fri Feb 11 23:44:42 2011 +0000
@@ -1,175 +1,737 @@
-.\" $NetBSD: libsaslc.3,v 1.3 2011/01/29 23:38:34 wiz Exp $
-.\" Draft of the SASL Client library API.
-.Dd August 10, 2010
+.\" $NetBSD: libsaslc.3,v 1.4 2011/02/11 23:44:42 christos Exp $
+.\"
+.\" Copyright (c) 2010 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Mateusz Kocielski.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the NetBSD
+.\" Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\" contributors may be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd December 31, 2010
.Dt LIBSASLC 3
.Os
.Sh NAME
-.Nm libsaslc
+.Nm saslc_alloc ,
+.Nm saslc_end ,
+.Nm saslc_init ,
+.Nm saslc_sess_cont ,
+.Nm saslc_sess_decode ,
+.Nm saslc_sess_encode ,
+.Nm saslc_sess_end ,
+.Nm saslc_sess_getmech ,
+.Nm saslc_sess_getprop ,
+.Nm saslc_sess_init ,
+.Nm saslc_sess_setprop ,
+.Nm saslc_sess_strerror ,
+.Nm saslc_strerror
.Nd Simple Authentication and Security Layer client library
.Sh LIBRARY
.Lb libsaslc
.Sh SYNOPSIS
.In saslc.h
.Ft saslc_t *
-.Fo saslc_alloc
-.Fa "void"
-.Fc
+.Fn saslc_alloc "void"
.Ft int
-.Fo saslc_end
-.Fa "saslc_t *ctx"
-.Fc
+.Fn saslc_end "saslc_t *ctx"
.Ft int
-.Fo saslc_init
-.Fa "saslc_t *ctx" "const char *appname"
-.Fc
+.Fn saslc_init "saslc_t *ctx" "const char *appname" "const char *cfgpath"
.Ft int
-.Fo saslc_sess_cont
-.Fa "saslc_sess_t *sess" "const void *in" "size_t inlen" "void* *out" "size_t *outlen"
-.Fc
-.Ft int
-.Fo saslc_sess_decode
-.Fa "saslc_sess_t *sess" "const void *in" "size_t inlen" "void* *out" "size_t *outlen"
-.Fc
-.Ft int
-.Fo saslc_sess_encode
-.Fa "saslc_sess_t *sess" "const void *in" "size_t inlen" "void* *out" "size_t *outlen"
-.Fc
+.Fn saslc_sess_cont "saslc_sess_t *sess" "const void *in" "size_t inlen" \
+"void* *out" "size_t *outlen"
+.Ft ssize_t
+.Fn saslc_sess_decode "saslc_sess_t *sess" "const void *in" "size_t inlen" \
+"void* *out" "size_t *outlen"
+.Ft ssize_t
+.Fn saslc_sess_encode "saslc_sess_t *sess" "const void *in" "size_t inlen" \
+"void* *out" "size_t *outlen"
.Ft void
-.Fo saslc_sess_end
-.Fa "saslc_sess_t *sess"
-.Fc
+.Fn saslc_sess_end "saslc_sess_t *sess"
+.Ft const char *
+.Fn saslc_sess_getmech "saslc_sess_t *"
.Ft const char *
-.Fo saslc_sess_getprop
-.Fa "saslc_sess_t *sess" "const char *name"
-.Fc
+.Fn saslc_sess_getprop "saslc_sess_t *sess" "const char *key"
.Ft saslc_sess_t *
-.Fo saslc_sess_init
-.Fa "saslc_t *ctx" "const char *mechs"
-.Fc
+.Fn saslc_sess_init "saslc_t *ctx" "const char *mechs" "const char *secopts"
.Ft int
-.Fo saslc_sess_setprop
-.Fa "saslc_sess_t *sess" "const char *name" "const char *value"
-.Fc
-.Ft const char *
-.Fo saslc_sess_strerror
-.Fa "saslc_sess_t *sess"
-.Fc
+.Fn saslc_sess_setprop "saslc_sess_t *sess" "const char *key" \
+"const char *value"
.Ft const char *
-.Fo saslc_sess_strmech
-.Fa "saslc_sess_t *sess"
-.Fc
+.Fn saslc_sess_strerror "saslc_sess_t *sess"
.Ft const char *
-.Fo saslc_strerror
-.Fa "saslc_t *ctx"
-.Fc
+.Fn saslc_strerror "saslc_t *ctx"
.Sh DESCRIPTION
The
.Fn saslc_alloc
-function allocates new saslc context.
+function allocates and returns a new saslc context.
+The context is uninitialized: see
+.Fn saslc_init .
+Returns NULL on error.
+.Pp
+The
+.Fn saslc_end
+function destroys and deallocate resources used by the context
+.Ar ctx .
+The context shouldn't have any sessions assigned to it.
+Returns 0 on success and -1 if the context has active sessions and
+cannot be deallocated.
.Pp
The
.Fn saslc_init
-function initializes sasl context, basing on application name parses
-configuration files, sets up default properties and creates available
-mechanism list for the context.
-.Pp
-The
-.Fn saslc_end
-function destroys and deallocate resources used by the context.
-Context shouldn't have got any sessions assigned to it.
+function initializes the saslc context
+.Ar ctx .
+Based on the application name
+.Ar appname ,
+it also parses the configuration files as indicated by
+.Ar cfgpath ,
+sets up the context and mechanism dictionaries, and creates mechanism
+list for the context.
+If
+.Ar cfgpath
+is NULL, it checks the environment variable
+.Ev SASLC_CONFIG
+for a location and if that is not found it uses the default path
+.Pa /etc/saslc.d .
+Returns 0 on success and -1 on failure.
.Pp
The
.Fn saslc_sess_init
function creates new session assigned to the
.Ar ctx
context.
-Function chooses best mechanism which can be used for an authentication
-from the
+The function chooses the mechanism to use for authentication from the
+.Ar mechs
+list taking into account the requirements from the
+.Ar secopts
+list.
+Both lists may be space or comma delimited.
+The first matching mechanism from the
.Ar mechs
-list.
+list is used.
+See CONFIGURATION below for the supported mechanisms.
+The valid security options are
+.Bl -tag -width "nodictionaryxxx" -offset indent -compact
+.It Qo noanonymous Qc
+reject anonymous mechanisms
+.It Qo noplaintext Qc
+reject plaintext mechanisms
+.It Qo nodictionary Qc
+reject mechanisms prone to dictionary attack
+.It Qo noactive Qc
Home |
Main Index |
Thread Index |
Old Index