Categorygithub.com/cspengl/saslconn
modulepackage
1.0.0
Repository: https://github.com/cspengl/saslconn.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
13
Dependents
0
Files
576 SLOC

# README

saslconn

A connection based SASL protocol definition + implementation according to RFC-4422

Go Reference

This repository serves two purposes:

  • Proposing a SASL connection protocol described via protobuf files
  • Containing a implementation of the proposed protocol in Golang based on the go-sasl library

Since the protocol is described through protobuf messages it should be relatively easy to implement the protocol in other programming languages.

Usage

The implementation of the protocol is inspired by golang's TLS implementation. Hence establishing connections hopefully feels very familiar.

Note: The following example transfers credentials in plain-text via the network. To ensure confidentiality and integrity you should consider combining the SASL connection with other protective mechanisms like TLS (see next section).

Client

import (
    "github.com/cspengl/saslconn"
    "github.com/emersion/go-sasl"
)

func main() {
    config := &saslconn.Config{
        Mechanisms: []*saslconn.Mechanism{
            {
                Name: sasl.Plain,
                Client: sasl.NewPlainClient("userident", "username", "secret"),
            },
        },
    }

    conn, err := saslconn.Dial("tcp", ":9000", config)
    defer func() {
        if err := conn.Close(); err != nil {
            panic(err)
        }
    }()
    if err != nil {
        panic(err)
    }
    if _, err := conn.Write([]byte("Hello World!")); err != nil {
        panic(err)
    }
}

Server

import (
    "fmt"

    "github.com/cspengl/saslconn"
    "github.com/emersion/go-sasl"
)

func main() {
    config := &saslconn.Config{
        Mechanisms: []*saslconn.Mechanism{
            {
                Name: sasl.Plain,
                Server: sasl.NewPlainServer(
					func(identity, username, password string) error {
                        // always successful
						return nil
					},
				),
            },
            
        },
    }

    listener, err := saslconn.Listen("tcp", ":9000", config)
    defer func() {
        if err := listener.Close(); err != nil {
            panic(err)
        }
    }()
    conn, err := listener.Accept()
    if err != nil {
        panic(err)
    }
    helloWorldFromClient := make([]byte, 12)
    if _, err := conn.Read(helloWorldFromClient); err != nil {
        panic(err)
    }
    fmt.Println(string(helloWorldFromClient))
}

Combination with TLS

Neither SASL mechanisms nor the proposed connection protocol itself provide adequate integrity and/or confidentialty protection of the authentication exchange it is highly recommended to combine it with other protective mechanisms like TLS.

Example

import (
    "fmt"
    "crypto/tls"

    "github.com/cspengl/saslconn"
    "github.com/emersion/go-sasl"
)

func main() {
    config := &saslconn.Config{
        Mechanisms: []*saslconn.Mechanism{
            {
                Name: sasl.Plain,
                Server: sasl.NewPlainServer(
					func(identity, username, password string) error {
                        // always successful
						return nil
					},
				),
            },
            
        },
    }

    cert, err := tls.LoadX509KeyPair("example-cert.pem", "example-key.pem")
	if err != nil {
		log.Fatal(err)
	}
	tlsConfig := &tls.Config{Certificates: []tls.Certificate{cert}}

    listener, err := saslconn.ListenTLS("tcp", ":9000", tlsConfig, config)
    defer func() {
        if err := listener.Close(); err != nil {
            panic(err)
        }
    }()
    //...
}

License

MIT

# Packages

No description provided by the author
No description provided by the author

# Functions

Client returns a new SASL connection using the given net.Conn as the underlying transport.
Dial connects to the given network address using net.Dial and initiates a handshake returning the resulting SASL connection.
DialWithDialer connects to a given network address using net.Dial and initiates a handshake returning the resulting SASL connection.
Listen creates a SASL listener by calling NewListener after using net.Listen to create the inner listener.
ListenTLS creates a tls listener before creating a SASL listener.
NewListener creates a listener accepting connections from an inner listener.
Server returns a new SASL connection using the given net.Conn as the underlying transport.

# Variables

ErrHandshakeAborted gets returned from handshake if the client or server aborted the ongoing handshake.

# Structs

Config describes the the configuration used for establishing a SASL connection.
Conn describes a SASL authenticated connection.
ConnectionState describes the state of a SASL connection.
Mechanism describes a SASL mechanism as describes in RFC4422.

# Type aliases

No description provided by the author
No description provided by the author