Introduction
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.
GNU SASL consists of a library (‘libgsasl’), a command line utility (‘gsasl’) to access the library from the shell, and a manual. The library includes support for the framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms.
The library is easily ported because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilize a callback into the application to decide whether a user is authorized or not.
GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.
GNU SASL is written in pure ANSI C89 to be portable to embedded and otherwise limited platforms. The entire library, with full support for ANONYMOUS, EXTERNAL, PLAIN, LOGIN and CRAM-MD5, and the front-end that support client and server mode, and the IMAP and SMTP protocols, fits in under 60kb on an Intel x86 platform, without any modifications to the code. (This figure was accurate as of version 0.0.13.)
The library is licensed under the GNU Lesser General Public License, and the command-line interface, self-tests and examples are licensed under the GNU General Public License.
The project web page:
http://www.gnu.org/software/gsasl/
The software archive:
ftp://alpha.gnu.org/pub/gnu/gsasl/
Further information and paid contract development:
Simon Josefsson simon.nosp@m.@jos.nosp@m.efsso.nosp@m.n.or.nosp@m.g
Logical overview
Control flow in application using the library
Examples
#include <config.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static void
{
char buf[BUFSIZ] = "";
char *p;
do
{
{
printf ("Output:\n%s\n", p);
}
{
printf ("Input base64 encoded data from server:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return;
}
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
}
}
printf ("\n");
{
return;
}
printf ("If server accepted us, we're done.\n");
}
static void
{
const char *mech = "PLAIN";
{
return;
}
{
return;
}
{
return;
}
client_authenticate (session);
}
int
{
{
return 1;
}
client (ctx);
return 0;
}
void gsasl_done(Gsasl *ctx)
const char * gsasl_strerror(int err)
_GSASL_API int gsasl_init(Gsasl **ctx)
_GSASL_API int gsasl_property_set(Gsasl_session *sctx, Gsasl_property prop, const char *data)
_GSASL_API int gsasl_step64(Gsasl_session *sctx, const char *b64input, char **b64output)
_GSASL_API int gsasl_client_start(Gsasl *ctx, const char *mech, Gsasl_session **sctx)
_GSASL_API void gsasl_finish(Gsasl_session *sctx)
void gsasl_free(void *ptr)
#include <config.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static void
{
char buf[BUFSIZ] = "";
char *p;
do
{
printf ("Input base64 encoded data from server:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return;
}
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
{
printf ("Output:\n%s\n", p);
}
}
printf ("\n");
{
return;
}
printf ("If server accepted us, we're done.\n");
}
static void
{
const char *mech = "CRAM-MD5";
{
return;
}
{
return;
}
{
return;
}
client_authenticate (session);
}
int
{
{
return 1;
}
client (ctx);
return 0;
}
#include <config.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static void
{
char buf[BUFSIZ] = "";
char *p;
do
{
printf ("Input base64 encoded data from server:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return;
}
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
{
printf ("Output:\n%s\n", p);
}
}
printf ("\n");
{
return;
}
printf ("If server accepted us, we're done.\n");
}
static const char *
client_mechanism (
Gsasl *ctx)
{
char mechlist[BUFSIZ] = "";
const char *suggestion;
char *p;
printf ("Enter list of server supported mechanisms, separate by SPC:\n");
p = fgets (mechlist, sizeof (mechlist) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return NULL;
}
if (suggestion)
printf ("Library suggests use of `%s'.\n", suggestion);
printf ("Enter mechanism to use:\n");
p = fgets (mech, sizeof (mech) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return NULL;
}
mech[strlen (mech) - 1] = '\0';
return mech;
}
static void
{
const char *mech;
mech = client_mechanism (ctx);
{
return;
}
{
return;
}
{
return;
}
client_authenticate (session);
}
int
{
{
return 1;
}
client (ctx);
return 0;
}
_GSASL_API const char * gsasl_client_suggest_mechanism(Gsasl *ctx, const char *mechlist)
@ GSASL_MAX_MECHANISM_SIZE
#include <config.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static void
{
char buf[BUFSIZ] = "";
char *p;
do
{
printf ("Input base64 encoded data from server:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
return;
}
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
{
printf ("Output:\n%s\n", p);
}
}
printf ("\n");
{
return;
}
printf ("If server accepted us, we're done.\n");
}
static void
{
const char *mech = "SECURID";
{
return;
}
client_authenticate (session);
}
static int
{
char buf[BUFSIZ] = "";
char *p;
(void) ctx;
printf ("Callback invoked, for property %u.\n", prop);
switch (prop)
{
printf ("Enter passcode:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
break;
}
buf[strlen (buf) - 1] = '\0';
break;
printf ("Enter username:\n");
p = fgets (buf, sizeof (buf) - 1, stdin);
if (p == NULL)
{
perror ("fgets");
break;
}
buf[strlen (buf) - 1] = '\0';
break;
default:
printf ("Unknown property! Don't worry.\n");
break;
}
}
int
{
{
return 1;
}
client (ctx);
return 0;
}
void gsasl_callback_set(Gsasl *ctx, Gsasl_callback_function cb)