SASL - Implementation of SASL mechanisms for Tcl

package require Tcl 8.2
package require SASL ?1.3.3?

::SASL::new option value ?...?
::SASL::configure option value ?...?
::SASL::step context challenge ?...?
::SASL::response context
::SASL::reset context
::SASL::cleanup context
::SASL::mechanisms ?type? ?minimum?
::SASL::register mechanism preference clientproc ?serverproc?


The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and authorization to comunications protocols. The SASL framework is structured to permit negotiation among a number of authentication mechanisms. SASL may be used in SMTP, IMAP and HTTP authentication. It is also in use in XMPP, LDAP and BEEP. See MECHANISMS for the set of available SASL mechanisms provided with tcllib.

The SASL framework operates using a simple multi-step challenge response mechanism. All the mechanisms work the same way although the number of steps may vary. In this implementation a callback procedure must be provided from which the SASL framework will obtain users details. See CALLBACK PROCEDURE for details of this procedure.




When the SASL framework requires any user details it will call the procedure provided when the context was created with an argument that specfies the item of information required.

In all cases a single response string should be returned.



See the examples subdirectory for more complete samples using SASL with network protocols. The following should give an idea how the SASL commands are to be used. In reality this should be event driven. Each time the step command is called, the last server response should be provided as the command argument so that the SASL mechanism can take appropriate action.

proc ClientCallback {context command args} {
    switch -exact -- $command {
        login    { return "" }
        username { return $::tcl_platform(user) }
        password { return "SecRet" }
        realm    { return "" }
        hostname { return [info host] }
        default  { return -code error unxpected }

proc Demo {{mech PLAIN}} {
    set ctx [SASL::new -mechanism $mech -callback ClientCallback]
    set challenge ""
    while {1} {
        set more_steps [SASL::step $ctx challenge]
        puts "Send '[SASL::response $ctx]'"
        puts "Read server response into challenge var"
        if {!$more_steps} {break}
    SASL::cleanup $ctx


