Alessandro Vesely writes:
On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: >>>> while reviewing my Courier installation, I stumbled upon how my authProg.c is >> compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and>> -lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106. On a >> stock Debian jessie (0.66.1) I have to add two more libraries. The main >> difficulty is to get the sources for the include files: >>>> I include courierauth.h and courierauthsasl.h from authlib-devel. But I also>> need: >> >> #include "libs/libhmac/hmac.h" // for struct hmac_hashinfo >> #include "cramlib.h" // for auth_cram_callback >> >> In addition, I also need auth.h, because cramlib.h includes it (it would>> suffice to declare "struct authinfo;" to avoid the inclusion). All file names >> in include_HEADER start with "courier", so some renaming would be in order if>> this issue is ever addressed. >>>> I don't think I'm going to switch to binary versions of Courier any time soon, >> so I don't really need a cleaner compiling environment for authpipe. However, >> since a courier-authlib-dev package exists, I wonder why it doesn't support >> SASL. I use authsasl_frombase64, auth_cram_callback, and hmac_list. What do>> everybody else do? > > It should be possible for you to support SASL authentication by using> authsasl_list, that's declared in courierauthsasl.h. You shouldn't need to look> at the lower-level functions.Ehm, I may be dumb but I don't get it. That struct is something like: struct authsasl_info authsasl_list[] = { {"EXTERNAL", 0}, {"PLAIN", authsasl_plain}, {"LOGIN", authsasl_login}, {"CRAM-MD5", authsasl_cram}, {"CRAM-SHA1", authsasl_cram}, {"CRAM-SHA256", authsasl_cram}, { 0, 0}};Yes, I can find which cram types are available. However, auth_cram_callback()wants a struct hmac_hashinfo *h in its cci parameter. The authsasl_cram function declared in courierauthsasl.h seems to be designed to be called /during/ the dialog. In authProg, instead, I read stuff more or less like: AUTH 30\nesmtp\nlogin\njoe@spam\npassword/after/ the dialog is already terminated. If it was SASL instead of login, thelast two lines read would contain challenge and response, which I decode with authsasl_frombase64(); then I pass cleartext password, challenge and response to auth_cram_callback(), and based on its return code either authenticate the user or fail. Can I do that with some of the exported functions?
Yeah, ok.These exported functions are meant to be used for developing authentication clients, not servers.
Looks like all you need are the functions in cramlib.h Specifically, auth_get_cram() is going to decode the challenge and response into a struct cram_callback_info.Then, auth_cram_callback() takes a pointer to authinfo, where it only really looks at clearpasswd. The second argument is the pointer to the decoded cram_callback_info, which also contains a pointer to callback_func, that's
going to get invoked if the challenge was successful.
pgpw3FJ5DAhLZ.pgp
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
