sasl

package
v0.0.0-...-a24e94d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 14, 2023 License: MIT, MIT Imports: 6 Imported by: 0

README

go-sasl

godocs.io Build Status

A SASL library written in Go.

Implemented mechanisms:

License

MIT

Documentation

Overview

Library for Simple Authentication and Security Layer (SASL) defined in RFC 4422.

Index

Constants

View Source
const Anonymous = "ANONYMOUS"

The ANONYMOUS mechanism name.

View Source
const External = "EXTERNAL"

The EXTERNAL mechanism name.

View Source
const Login = "LOGIN"

The LOGIN mechanism name.

View Source
const OAuthBearer = "OAUTHBEARER"

The OAUTHBEARER mechanism name.

View Source
const Plain = "PLAIN"

The PLAIN mechanism name.

Variables

View Source
var (
	ErrUnexpectedClientResponse  = errors.New("sasl: unexpected client response")
	ErrUnexpectedServerChallenge = errors.New("sasl: unexpected server challenge")
)

Common SASL errors.

Functions

This section is empty.

Types

type AnonymousAuthenticator

type AnonymousAuthenticator func(trace string) error

Get trace information from clients logging in anonymously.

type Client

type Client interface {
	// Begins SASL authentication with the server. It returns the
	// authentication mechanism name and "initial response" data (if required by
	// the selected mechanism). A non-nil error causes the client to abort the
	// authentication attempt.
	//
	// A nil ir value is different from a zero-length value. The nil value
	// indicates that the selected mechanism does not use an initial response,
	// while a zero-length value indicates an empty initial response, which must
	// be sent to the server.
	Start() (mech string, ir []byte, err error)

	// Continues challenge-response authentication. A non-nil error causes
	// the client to abort the authentication attempt.
	Next(challenge []byte) (response []byte, err error)
}

Client interface to perform challenge-response authentication.

func NewAnonymousClient

func NewAnonymousClient(trace string) Client

A client implementation of the ANONYMOUS authentication mechanism, as described in RFC 4505.

func NewExternalClient

func NewExternalClient(identity string) Client

An implementation of the EXTERNAL authentication mechanism, as described in RFC 4422. Authorization identity may be left blank to indicate that the client is requesting to act as the identity associated with the authentication credentials.

func NewLoginClient

func NewLoginClient(username, password string) Client

A client implementation of the LOGIN authentication mechanism for SMTP, as described in http://www.iana.org/go/draft-murchison-sasl-login

It is considered obsolete, and should not be used when other mechanisms are available. For plaintext password authentication use PLAIN mechanism.

func NewOAuthBearerClient

func NewOAuthBearerClient(opt *OAuthBearerOptions) Client

An implementation of the OAUTHBEARER authentication mechanism, as described in RFC 7628.

func NewPlainClient

func NewPlainClient(identity, username, password string) Client

A client implementation of the PLAIN authentication mechanism, as described in RFC 4616. Authorization identity may be left blank to indicate that it is the same as the username.

type ExternalAuthenticator

type ExternalAuthenticator func(identity string) error

ExternalAuthenticator authenticates users with the EXTERNAL mechanism. If the identity is left blank, it indicates that it is the same as the one used in the external credentials. If identity is not empty and the server doesn't support it, an error must be returned.

type LoginAuthenticator

type LoginAuthenticator func(username, password string) error

Authenticates users with an username and a password.

type OAuthBearerAuthenticator

type OAuthBearerAuthenticator func(opts OAuthBearerOptions) *OAuthBearerError

type OAuthBearerError

type OAuthBearerError struct {
	Status  string `json:"status"`
	Schemes string `json:"schemes"`
	Scope   string `json:"scope"`
}

func (*OAuthBearerError) Error

func (err *OAuthBearerError) Error() string

Implements error

type OAuthBearerOptions

type OAuthBearerOptions struct {
	Username string
	Token    string
	Host     string
	Port     int
}

type PlainAuthenticator

type PlainAuthenticator func(identity, username, password string) error

Authenticates users with an identity, a username and a password. If the identity is left blank, it indicates that it is the same as the username. If identity is not empty and the server doesn't support it, an error must be returned.

type Server

type Server interface {
	// Begins or continues challenge-response authentication. If the client
	// supplies an initial response, response is non-nil.
	//
	// If the authentication is finished, done is set to true. If the
	// authentication has failed, an error is returned.
	Next(response []byte) (challenge []byte, done bool, err error)
}

Server interface to perform challenge-response authentication.

func NewAnonymousServer

func NewAnonymousServer(authenticator AnonymousAuthenticator) Server

A server implementation of the ANONYMOUS authentication mechanism, as described in RFC 4505.

func NewExternalServer

func NewExternalServer(authenticator ExternalAuthenticator) Server

NewExternalServer creates a server implementation of the EXTERNAL authentication mechanism, as described in RFC 4422.

func NewLoginServer

func NewLoginServer(authenticator LoginAuthenticator) Server

A server implementation of the LOGIN authentication mechanism, as described in https://tools.ietf.org/html/draft-murchison-sasl-login-00.

LOGIN is obsolete and should only be enabled for legacy clients that cannot be updated to use PLAIN.

func NewOAuthBearerServer

func NewOAuthBearerServer(auth OAuthBearerAuthenticator) Server

func NewPlainServer

func NewPlainServer(authenticator PlainAuthenticator) Server

A server implementation of the PLAIN authentication mechanism, as described in RFC 4616.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL