Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
SCRAM-SHA-1 support via libgsasl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Simon Josefsson via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 24 Dec 2020 20:14:06 +0100
Hi,
I am looking for feedback and review of a patch that implement support
for SCRAM-SHA-1 in curl via libgsasl:
https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram
Is it okay to pass strings allocated by libgsasl back for later free()
by libcurl? Some platforms used to have separate heap managers for
different context, but I don't know if this is still a concern for
libcurl. If so, the newly allocated strings received from libgsasl
could be re-allocated and the libgsasl strings deallocated immediately.
I don't know how to add self-tests -- can anyone explain how the
existing CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work?
Sample output from a successful SCRAM-SHA-1 authentication against a
Dovecot server:
jas_at_latte:~/src/curl-jas$ src/curl -v imap://jas:sesam_at_xxx.xxx.xxx.xxx
* Trying xxx.xxx.xxx.xxx:143...
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 143 (#0)
< * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2] Dovecot (Debian) ready.
> A001 CAPABILITY
< * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2
< A001 OK Pre-login capabilities listed, post-login capabilities have more.
> A002 AUTHENTICATE SCRAM-SHA-1 biwsbj1qYXMscj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWU=
< + cj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWV8SmVbT0tBI3M1WU5mT0A0NTI8YzZiJEAqfi1oXG0iaUxuRC0tXjlHZGAyZEtTV3NpJH5aXi5JJT1zPG9TUmE0LHM9MGhrNDUrNU5Qd1plakxqMGNWOWdRQT09LGk9NDA5Ng==
> Yz1iaXdzLHI9bFNORy9sb1lCTEtJb2YyNHZYZ2ZJbjllfEplW09LQSNzNVlOZk9ANDUyPGM2YiRAKn4taFxtImlMbkQtLV45R2RgMmRLU1dzaSR+Wl4uSSU9czxvU1JhNCxwPTJ0Z3pTZ29xY3Q3dHk3Q3Vac2tPckJ4bEFNcz0=
< + dj1xbmZoY3hPMXV3YWI0UHgwYlJPNHg1OHlVSm89
>
< * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE
< A002 OK Logged in
> A003 LIST "" *
< * LIST (\HasNoChildren) "/" INBOX
* LIST (\HasNoChildren) "/" INBOX
< A003 OK List completed (0.001 + 0.000 secs).
* Connection #0 to host xxx.xxx.xxx.xxx left intact
jas_at_latte:~/src/curl-jas$
/Simon
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2020-12-24
Date: Thu, 24 Dec 2020 20:14:06 +0100
Hi,
I am looking for feedback and review of a patch that implement support
for SCRAM-SHA-1 in curl via libgsasl:
https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram
Is it okay to pass strings allocated by libgsasl back for later free()
by libcurl? Some platforms used to have separate heap managers for
different context, but I don't know if this is still a concern for
libcurl. If so, the newly allocated strings received from libgsasl
could be re-allocated and the libgsasl strings deallocated immediately.
I don't know how to add self-tests -- can anyone explain how the
existing CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work?
Sample output from a successful SCRAM-SHA-1 authentication against a
Dovecot server:
jas_at_latte:~/src/curl-jas$ src/curl -v imap://jas:sesam_at_xxx.xxx.xxx.xxx
* Trying xxx.xxx.xxx.xxx:143...
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 143 (#0)
< * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2] Dovecot (Debian) ready.
> A001 CAPABILITY
< * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2
< A001 OK Pre-login capabilities listed, post-login capabilities have more.
> A002 AUTHENTICATE SCRAM-SHA-1 biwsbj1qYXMscj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWU=
< + cj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWV8SmVbT0tBI3M1WU5mT0A0NTI8YzZiJEAqfi1oXG0iaUxuRC0tXjlHZGAyZEtTV3NpJH5aXi5JJT1zPG9TUmE0LHM9MGhrNDUrNU5Qd1plakxqMGNWOWdRQT09LGk9NDA5Ng==
> Yz1iaXdzLHI9bFNORy9sb1lCTEtJb2YyNHZYZ2ZJbjllfEplW09LQSNzNVlOZk9ANDUyPGM2YiRAKn4taFxtImlMbkQtLV45R2RgMmRLU1dzaSR+Wl4uSSU9czxvU1JhNCxwPTJ0Z3pTZ29xY3Q3dHk3Q3Vac2tPckJ4bEFNcz0=
< + dj1xbmZoY3hPMXV3YWI0UHgwYlJPNHg1OHlVSm89
>
< * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE
< A002 OK Logged in
> A003 LIST "" *
< * LIST (\HasNoChildren) "/" INBOX
* LIST (\HasNoChildren) "/" INBOX
< A003 OK List completed (0.001 + 0.000 secs).
* Connection #0 to host xxx.xxx.xxx.xxx left intact
jas_at_latte:~/src/curl-jas$
/Simon
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
- application/pgp-signature attachment: signature.asc