GNU SASL Library - Libgsasl - GNU Project

GNU SASL Library - Libgsasl

Introduction

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a library (`libgsasl'), a command line utility (`gsasl') to access the library from the shell, and a manual. The library includes support for the framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, LOGIN, and NTLM mechanisms.

The library is portable because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes callbacks into the application to decide whether an user is authorized or not.

GNU SASL is written in pure ANSI C89 to be portable to embedded and otherwise limited platforms. The entire library, with full support for ANONYMOUS, EXTERNAL, PLAIN, LOGIN and CRAM-MD5, and the front-end that supports client and server mode, and the IMAP and SMTP protocols, fits in under 80kb on an Intel x86 platform, without any modifications to the code. (This figure was accurate as of version 1.1.)

GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

The core GNU SASL library, and most mechanisms, are licensed under the GNU Lesser General Public version 2.1 (or later). It is distributed separately, as the "libgsasl" package. The GNU SASL command line application, self test suite and more are licensed under the GNU General Public License version 3 (or later). The "gsasl" package distribution includes the library part as well, so you do not need to install two packages.

Some of the goals with this project are:

Clean room implementation. This means the copyright and license conditions are clear.
Internationalization. It handles non-ASCII username and passwords by using SASLprep. User visible strings used in the library (error messages) can be translated into the users' language.
Thread safe library. This library uses no global state and multiple concurrent SASL sessions are possibly (e.g. in a multithreaded server).
Portable. It should work on all Unix like operating systems, including Windows. The library itself should be portable to any C89 system, not even POSIX is required.

Introduction
Documentation and Status
Support
News
Downloading
Development
Dependencies
Bugs

Documentation and Status

Refer to the GNU SASL Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

Support

A mailing list where GNU SASL users may help each other exists, and you can reach it by sending e-mail to [email protected]. Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at http://lists.gnu.org/mailman/listinfo/help-gsasl.

If you are interested in paid support of GNU SASL, or sponsor the development, please contact me. If you provide paid services for GNU SASL, and would like to be mentioned here, also contact me.

If you find GNU SASL useful, please consider making a donation. No amount is too small!

News

Note that new releases are only mentioned here if they introduce a major feature or is significant in some other way. Read the help-gsasl mailing list if you seek more frequent announcements.

Information on what is new in the library itself is found in the NEWS and lib/NEWS file (live version).

2010-12-14: New stable release 1.6.0 with SCRAM-SHA-1(-PLUS) and GS2-KRB5 support.
2010-11-14: SCRAM-SHA-1-PLUS is supported in experimental 1.5.3 release.
2010-03-31: GS2-KRB5 is supported in the experimental 1.5.0 release.
2009-11-07: SCRAM-SHA-1 is now intended for stable use with the version 1.4 release.
2009-10-08: As of version 1.3 the library experimentally supports SCRAM-SHA-1.
2008-08-19: The library can be built as a native Windows Visual Studio project.
2008-01-12: Instructions for building GNU SASL under uClinux have been published.
2007-10-08: Git repository moved to Savannah, you can browse it.
2007-07-09: The command line, self tests, examples etc of GNU SASL are now licensed under the GPL version 3. The library remains licensed under the LGPL version 2.1.
2007-06-01: GNU SASL is now developed in git instead of cvs.
2007-04-20: Version 0.2.16, released today, will likely be the last release on the 0.2.x. branch, next we'll focus on implementing GS2.
2006-06-14: Newly released version 0.2.13 works well under Windows.
2004-11-07: A new major release, version 0.2.0, has been released.
2004-04-16: The license for the core library, and most common mechanisms, is being changed to LGPL. A release candidate of 0.0.15 with this change is available.
2004-01-01: Savannah had problems last month, and still isn't operating fully. CVS has been moved to a private machine, a read-only mirror of it will hopefully be available via Savannah in the future.
2003-10-11 Version 0.0.8 includes API for SASLprep/trace string preparation, improved portability, and more.
2003-06-02 The GSSAPI mechanism now supports GSS and Heimdal, besides MIT Kerberos.
2003-03-17 Debian includes libgsasl, thanks to Ryan M. Golbeck.
2003-02-02 The KERBEROS_V5 document is updated with examples from our library used in GNU Mailutil's imap4d server.
2003-01-30 Implementation of our KERBEROS_V5 mechanism proposal started, using Shishi.
2002-12-16 gnu.org web pages opened and development moved to savannah.
2002-12-13 Version 0.0.4 renames the package from "libgsasl" to GNU SASL and the license is changed to the GPL.
2002-12-09 Official GNU project.
2002-10-07 Initial release of version 0.0.0.

Downloading

The releases are distributed from ftp://ftp.gnu.org/gnu/gsasl/.

All official releases are signed with an OpenPGP key with fingerprint 0xB565716F.

Unofficial Windows binaries are provided by Francis Brosnan Blazquez at Sourceforge's Vortex project.

Development

There is a Savannah GNU SASL project page. You can check out the sources by using git as follows:

$ git clone git://git.savannah.gnu.org/gsasl.git

The online git interface is available.

Notifications of each commit is sent to [email protected].

If you have trouble using git, you may download a daily snapshot. The snapshots are prepared similar to regular releases, i.e., you simply build them using ./configure && make.

Build logs from building the package, where you can also contribute a build system for your own platform, are available from the GNU SASL autobuild page.

See the file README-alpha on how to bootstrap and build the package from version controlled sources.

For every release, we publish cyclomatic code complexity charts for the package. There is also self-test code coverage charts available.

Dependencies

You need at least a shell, a C compiler and a Make tool to build GNU SASL.

GNU SASL will enable certain features if you have the following optional external libraries installed:

Non-ASCII support (e.g., username and passwords): GNU Libidn.
NTLM mechanism: libntlm 0.3.1 or later.
GSSAPI mechanism: GNU GSS, MIT Kerberos, Heimdal.

Bugs

Report all problems to [email protected], but please read the manual on how to report bugs first.