123456789_123456789_123456789_123456789_123456789_

Module: EventMachine::Protocols::SASLauth

Relationships & Source Files
Defined in: lib/em/protocols/saslauth.rb

Overview

Implements SASL authd. This is a very, very simple protocol that mimics the one used by saslauthd and pwcheck, two outboard daemons included in the standard SASL library distro. The only thing this is really suitable for is SASL PLAIN (user+password) authentication, but the SASL libs that are linked into standard servers (like imapd and sendmail) implement the other ones.

SASL-auth is intended for reasonably fast operation inside a single machine, so it has no transport-security (although there have been multi-machine extensions incorporating transport-layer encryption).

The standard saslauthd module generally runs privileged and does its work by referring to the system-account files.

This feature was added to ::EventMachine to enable the development of custom authentication/authorization engines for standard servers.

To use SASLauth, include it in a class that subclasses EM::Connection, and reimplement the validate method.

The typical way to incorporate this module into an authentication daemon would be to set it as the handler for a UNIX-domain socket. The code might look like this:

EM.start_unix_domain_server( "/var/run/saslauthd/mux", MyHandler ) File.chmod( 0777, "/var/run/saslauthd/mux")

The chmod is probably needed to ensure that unprivileged clients can access the UNIX-domain socket.

It's also a very good idea to drop superuser privileges (if any), after the UNIX-domain socket has been opened.

Constant Summary

Instance Method Summary

Instance Method Details

#post_init

[ GitHub ] 

  


# File 'lib/em/protocols/saslauth.rb', line 85



def post_init
  super
  @sasl_data = ""
  @sasl_values = []
end


  








  

    #receive_data(data)  
  

  [ GitHub ]


  

  


# File 'lib/em/protocols/saslauth.rb', line 91



def receive_data data
  @sasl_data << data
  while @sasl_data.length >= 2
    len = (@sasl_data[0,2].unpack("n")).first
    raise "SASL Max Field Length exceeded" if len > MaxFieldSize
    if @sasl_data.length >= (len + 2)
      @sasl_values << @sasl_data[2,len]
      @sasl_data.slice!(0...(2+len))
      if @sasl_values.length == 4
        send_data( validate(*@sasl_values) ? "\0\002OK" : "\0\002NO" )
        @sasl_values.clear
      end
    else
      break
    end
  end
end


  








  

    #validate(username, psw, sysname, realm)  
  

  [ GitHub ]


  

  


# File 'lib/em/protocols/saslauth.rb', line 109



def validate username, psw, sysname, realm
  p username
  p psw
  p sysname
  p realm
  true
end