#
0598bb6f |
| 11-Feb-2011 |
christos <christos@NetBSD.org> |
Changes from Anon Ymous:
Make this library work. - several API changes (see the manpage) - take care to match the spec (hopefully) - deal with comma delimited lists more systematically - addition of
Changes from Anon Ymous:
Make this library work. - several API changes (see the manpage) - take care to match the spec (hopefully) - deal with comma delimited lists more systematically - addition of the DIGEST-MD5 security layer - syslog messages including debugging messages - many coding simplifications, changes, rewrites, and additions (i.e., stuff I can't recall at the moment) - rewrite the manpage
The API changes have been heavily influenced by hooking this up to postfix(1).
The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI authentication mechanisms have been tested and shown to work for authentication with a postfix(1) server using the cyrus-sasl library. (A postfix(1) libsaslc(3) client wrapper was used for the testing and will be committed separately.)
The EXTERNAL authentication mechanism should work (it is pretty simple), but it has not been tested with any servers.
The security layers of DIGEST-MD5 and GSSAPI have also not been tested with any servers. Do any SMTP servers really support these security layers? Postfix with cyrus-sasl does not, either as a client or server, even though the cyrus-sasl library has support for the layers.
The new DIGEST-MD5 security layer encode/decode routines have been tested against themselves (not terribly useful), but nothing else. As they use the openssl EVP_* routines (which aren't well documented) to do the cryptography, the "auth-conf" layer may or may not actually match the rfc2831 standard. The "auth-int" layer is much more likely to be in compliance.
Note: I have left support for a version of AES in the DIGEST-MD5 code even though it is not part of rfc2831 (May 2000). This flavor of AES was in a later draft (June 2003) that was included in the cyrus-sasl distribution, but changed to a different flavor of AES in subsequent drafts (and DES disappeared). AFAIKT, none of those drafts have been accepted; the last I could find expired in Sept 2007. rfc2831 is still listed as standards track. The AES support is very minor (some table entries and a few lines of code to construct the IV) and I was asked to leave it for now.
Hopefully there are not too many bugs, memory leaks, or spelling/grammar errors. My apologies in advance.
BTW, if you would prefer to use cyrus-sasl, install it (e.g., from pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
show more ...
|
#
fedeb094 |
| 29-Jan-2011 |
agc <agc@NetBSD.org> |
sync sources with sourceforge repository, prompted by Mateusz Kocielski.
+ minor changes to free resources in error cases + update return values from some functions + wrap some long lines + more tes
sync sources with sourceforge repository, prompted by Mateusz Kocielski.
+ minor changes to free resources in error cases + update return values from some functions + wrap some long lines + more tests + add length argument to digest functions
an additional minor fix to make this build, and to libsaslc.3 man page, by myself.
show more ...
|
#
231558cb |
| 27-Nov-2010 |
agc <agc@NetBSD.org> |
Initial import of Mateusz Kociels SASL client library Summer of Code project into the repository. The project was mentored by Christos Zoulas, and written up here:
http://netbsd-soc.sourceforge.net
Initial import of Mateusz Kociels SASL client library Summer of Code project into the repository. The project was mentored by Christos Zoulas, and written up here:
http://netbsd-soc.sourceforge.net/projects/sasl_client_lib/
As discussed with Christos Zoulas.
show more ...
|