On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>>
>> while reviewing my Courier installation, I stumbled upon how my authProg.c is
>> compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and
>> -lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106. On a
>> stock Debian jessie (0.66.1) I have to add two more libraries. The main
>> difficulty is to get the sources for the include files:
>>
>> I include courierauth.h and courierauthsasl.h from authlib-devel. But I also
>> need:
>>
>> #include "libs/libhmac/hmac.h" // for struct hmac_hashinfo
>> #include "cramlib.h" // for auth_cram_callback
>>
>> In addition, I also need auth.h, because cramlib.h includes it (it would
>> suffice to declare "struct authinfo;" to avoid the inclusion). All file
>> names
>> in include_HEADER start with "courier", so some renaming would be in order if
>> this issue is ever addressed.
>>
>> I don't think I'm going to switch to binary versions of Courier any time
>> soon,
>> so I don't really need a cleaner compiling environment for authpipe.
>> However,
>> since a courier-authlib-dev package exists, I wonder why it doesn't support
>> SASL. I use authsasl_frombase64, auth_cram_callback, and hmac_list. What do
>> everybody else do?
>
> It should be possible for you to support SASL authentication by using
> authsasl_list, that's declared in courierauthsasl.h. You shouldn't need to
> look
> at the lower-level functions.
Ehm, I may be dumb but I don't get it. That struct is something like:
struct authsasl_info authsasl_list[] = {
{"EXTERNAL", 0},
{"PLAIN", authsasl_plain},
{"LOGIN", authsasl_login},
{"CRAM-MD5", authsasl_cram},
{"CRAM-SHA1", authsasl_cram},
{"CRAM-SHA256", authsasl_cram},
{ 0, 0}};
Yes, I can find which cram types are available. However, auth_cram_callback()
wants a struct hmac_hashinfo *h in its cci parameter. The authsasl_cram
function declared in courierauthsasl.h seems to be designed to be called
/during/ the dialog. In authProg, instead, I read stuff more or less like:
AUTH 30\nesmtp\nlogin\njoe@spam\npassword
/after/ the dialog is already terminated. If it was SASL instead of login, the
last two lines read would contain challenge and response, which I decode with
authsasl_frombase64(); then I pass cleartext password, challenge and response
to auth_cram_callback(), and based on its return code either authenticate the
user or fail. Can I do that with some of the exported functions?
Calling auth_sasl_extract_userid() I nearly get the job done, but still haven't
verified the password. I didn't find a function which calls
auth_verify_cram(), except auth_cram_callback(). The latter is also called by
auth_custom(), but that's a different thing, isn't it?
Ale
--
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
