[bpt/emacs.git] / doc / misc / sasl.texi

\input texinfo                  @c -*-texinfo-*-
@setfilename ../../info/sasl

@set VERSION 0.2
@settitle Emacs SASL Library @value{VERSION}

@copying
This file describes the Emacs SASL library, version @value{VERSION}.

Copyright @copyright{} 2000, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
Free Software Foundation, Inc.

@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with the Front-Cover texts being ``A GNU Manual,''
and with the Back-Cover Texts as in (a) below.  A copy of the license
is included in the section entitled ``GNU Free Documentation License''
in the Emacs manual.

(a) The FSF's Back-Cover Text is: ``You have the freedom to copy and
modify this GNU manual.  Buying copies from the FSF supports it in
developing GNU and promoting software freedom.''

This document is part of a collection distributed under the GNU Free
Documentation License.  If you want to distribute this document
separately from the collection, you can do so by adding a copy of the
license to the document, as described in section 6 of the license.
@end quotation
@end copying

@dircategory Emacs network features
@direntry
* SASL: (sasl).                 The Emacs SASL library.
@end direntry


@titlepage
@title Emacs SASL Library @value{VERSION}

@author by Daiki Ueno
@page

@vskip 0pt plus 1filll
@insertcopying
@end titlepage


@node Top
@top Emacs SASL

SASL is a common interface to share several authentication mechanisms between
applications using different protocols.

@ifnottex
@insertcopying 
@end ifnottex

@menu
* Overview::                    What Emacs SASL library is.
* How to use::                  Adding authentication support to your applications.
* Data types::                  
* Back end drivers::             Writing your own drivers.
* Index::                       
* Function Index::              
* Variable Index::              
@end menu

@node Overview
@chapter Overview

@sc{sasl} is short for @dfn{Simple Authentication and Security Layer}.
This standard is documented in RFC2222.  It provides a simple method for
adding authentication support to various application protocols.

The toplevel interface of this library is inspired by Java @sc{sasl}
Application Program Interface.  It defines an abstraction over a series
of authentication mechanism drivers (@ref{Back end drivers}).

Back end drivers are designed to be close as possible to the
authentication mechanism.  You can access the additional configuration
information anywhere from the implementation.

@node How to use
@chapter How to use

(Not yet written).

To use Emacs SASL library, please evaluate following expression at the
beginning of your application program.

@lisp
(require 'sasl)
@end lisp

If you want to check existence of sasl.el at runtime, instead you
can list autoload settings for functions you want.

@node Data types
@chapter Data types

There are three data types to be used for carrying a negotiated
security layer---a mechanism, a client parameter and an authentication
step.

@menu
* Mechanisms::                  
* Clients::                     
* Steps::                       
@end menu

@node Mechanisms
@section Mechanisms

A mechanism (@code{sasl-mechanism} object) is a schema of the @sc{sasl}
authentication mechanism driver.

@defvar sasl-mechanisms
A list of mechanism names.
@end defvar

@defun sasl-find-mechanism mechanisms

Retrieve an appropriate mechanism.
This function compares @var{mechanisms} and @code{sasl-mechanisms} then
returns appropriate @code{sasl-mechanism} object.

@example
(let ((sasl-mechanisms '("CRAM-MD5" "DIGEST-MD5")))
  (setq mechanism (sasl-find-mechanism server-supported-mechanisms)))
@end example

@end defun

@defun sasl-mechanism-name mechanism
Return name of mechanism, a string.
@end defun

If you want to write an authentication mechanism driver (@ref{Back end
drivers}), use @code{sasl-make-mechanism} and modify
@code{sasl-mechanisms} and @code{sasl-mechanism-alist} correctly.

@defun sasl-make-mechanism name steps
Allocate a @code{sasl-mechanism} object.
This function takes two parameters---name of the mechanism, and a list
of authentication functions.

@example
(defconst sasl-anonymous-steps
  '(identity                            ;no initial response
    sasl-anonymous-response))

(put 'sasl-anonymous 'sasl-mechanism
     (sasl-make-mechanism "ANONYMOUS" sasl-anonymous-steps))
@end example

@end defun

@node Clients
@section Clients

A client (@code{sasl-client} object) initialized with four
parameters---a mechanism, a user name, name of the service and name of
the server.

@defun sasl-make-client mechanism name service server
Prepare a @code{sasl-client} object.
@end defun

@defun sasl-client-mechanism client
Return the mechanism (@code{sasl-mechanism} object) of client.
@end defun

@defun sasl-client-name client
Return the authorization name of client, a string.
@end defun

@defun sasl-client-service client
Return the service name of client, a string.
@end defun

@defun sasl-client-server client
Return the server name of client, a string.
@end defun

If you want to specify additional configuration properties, please use
@code{sasl-client-set-property}.

@defun sasl-client-set-property client property value
Add the given property/value to client.
@end defun

@defun sasl-client-property client property
Return the value of the property of client.
@end defun

@defun sasl-client-set-properties client plist
Destructively set the properties of client.
The second argument is the new property list.
@end defun

@defun sasl-client-properties client
Return the whole property list of client configuration.
@end defun

@node Steps
@section Steps

A step (@code{sasl-step} object) is an abstraction of authentication
``step'' which holds the response value and the next entry point for the
authentication process (the latter is not accessible).

@defun sasl-step-data step
Return the data which @var{step} holds, a string.
@end defun

@defun sasl-step-set-data step data
Store @var{data} string to @var{step}.
@end defun

To get the initial response, you should call the function
@code{sasl-next-step} with the second argument @code{nil}.

@example
(setq name (sasl-mechanism-name mechanism))
@end example

At this point we could send the command which starts a SASL
authentication protocol exchange.  For example,

@example
(process-send-string
 process
 (if (sasl-step-data step)              ;initial response
     (format "AUTH %s %s\r\n" name (base64-encode-string (sasl-step-data step) t))
   (format "AUTH %s\r\n" name)))
@end example

To go on with the authentication process, all you have to do is call
@code{sasl-next-step} consecutively.

@defun sasl-next-step client step
Perform the authentication step.
At the first time @var{step} should be set to @code{nil}.
@end defun

@node Back end drivers
@chapter Back end drivers

(Not yet written).

@node Index
@chapter Index
@printindex cp

@node Function Index
@chapter Function Index
@printindex fn

@node Variable Index
@chapter Variable Index
@printindex vr

@summarycontents
@contents
@bye

@c End:

@ignore
   arch-tag: dc9650be-a953-40bf-bc55-24fe5f19d875
@end ignore
Commit	Line	Data
01c52d31	1	\input texinfo @c --texinfo--
4e3ebde2	2	@setfilename ../../info/sasl
01c52d31 MB	3
01c52d31 MB	4	@set VERSION 0.2
01c52d31 MB	5	@settitle Emacs SASL Library @value{VERSION}
01c52d31 MB	6
4e3ebde2	7	@copying
5dc584b5	8	This file describes the Emacs SASL library, version @value{VERSION}.
01c52d31	9
5df4f04c	10	Copyright @copyright{} 2000, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
9c6b35b2	11	Free Software Foundation, Inc.
01c52d31	12
4e3ebde2	13	@quotation
01c52d31	14	Permission is granted to copy, distribute and/or modify this document
6a2c4aec	15	under the terms of the GNU Free Documentation License, Version 1.3 or
01c52d31	16	any later version published by the Free Software Foundation; with no
cd5c05d2 GM	17	Invariant Sections, with the Front-Cover texts being ``A GNU Manual,''
	18	and with the Back-Cover Texts as in (a) below. A copy of the license
	19	is included in the section entitled ``GNU Free Documentation License''
	20	in the Emacs manual.
	21
	22	(a) The FSF's Back-Cover Text is: ``You have the freedom to copy and
	23	modify this GNU manual. Buying copies from the FSF supports it in
	24	developing GNU and promoting software freedom.''
4e3ebde2 GM	25
	26	This document is part of a collection distributed under the GNU Free
	27	Documentation License. If you want to distribute this document
	28	separately from the collection, you can do so by adding a copy of the
	29	license to the document, as described in section 6 of the license.
	30	@end quotation
	31	@end copying
01c52d31	32
0c973505	33	@dircategory Emacs network features
5dc584b5	34	@direntry
62e034c2	35	* SASL: (sasl). The Emacs SASL library.
5dc584b5 KB	36	@end direntry
5dc584b5 KB	37
01c52d31 MB	38
01c52d31 MB	39	@titlepage
5dc584b5	40	@title Emacs SASL Library @value{VERSION}
01c52d31 MB	41
	42	@author by Daiki Ueno
	43	@page
	44
	45	@vskip 0pt plus 1filll
4e3ebde2	46	@insertcopying
01c52d31	47	@end titlepage
01c52d31	48
01c52d31 MB	49
	50	@node Top
	51	@top Emacs SASL
01c52d31	52
5dc584b5	53	SASL is a common interface to share several authentication mechanisms between
01c52d31 MB	54	applications using different protocols.
01c52d31 MB	55
5dc584b5 KB	56	@ifnottex
	57	@insertcopying
	58	@end ifnottex
	59
01c52d31 MB	60	@menu
	61	* Overview:: What Emacs SASL library is.
	62	* How to use:: Adding authentication support to your applications.
	63	* Data types::
	64	* Back end drivers:: Writing your own drivers.
	65	* Index::
	66	* Function Index::
	67	* Variable Index::
	68	@end menu
	69
	70	@node Overview
	71	@chapter Overview
	72
	73	@sc{sasl} is short for @dfn{Simple Authentication and Security Layer}.
	74	This standard is documented in RFC2222. It provides a simple method for
	75	adding authentication support to various application protocols.
	76
	77	The toplevel interface of this library is inspired by Java @sc{sasl}
	78	Application Program Interface. It defines an abstraction over a series
	79	of authentication mechanism drivers (@ref{Back end drivers}).
	80
	81	Back end drivers are designed to be close as possible to the
	82	authentication mechanism. You can access the additional configuration
	83	information anywhere from the implementation.
	84
	85	@node How to use
	86	@chapter How to use
	87
	88	(Not yet written).
	89
	90	To use Emacs SASL library, please evaluate following expression at the
	91	beginning of your application program.
	92
	93	@lisp
	94	(require 'sasl)
	95	@end lisp
	96
	97	If you want to check existence of sasl.el at runtime, instead you
	98	can list autoload settings for functions you want.
	99
	100	@node Data types
	101	@chapter Data types
	102
	103	There are three data types to be used for carrying a negotiated
	104	security layer---a mechanism, a client parameter and an authentication
	105	step.
	106
	107	@menu
	108	* Mechanisms::
	109	* Clients::
	110	* Steps::
	111	@end menu
	112
	113	@node Mechanisms
	114	@section Mechanisms
	115
	116	A mechanism (@code{sasl-mechanism} object) is a schema of the @sc{sasl}
	117	authentication mechanism driver.
	118
	119	@defvar sasl-mechanisms
	120	A list of mechanism names.
	121	@end defvar
	122
	123	@defun sasl-find-mechanism mechanisms
124
ea597303	125	Retrieve an appropriate mechanism.
01c52d31	126	This function compares @var{mechanisms} and @code{sasl-mechanisms} then
ea597303	127	returns appropriate @code{sasl-mechanism} object.
01c52d31 MB	128
	129	@example
	130	(let ((sasl-mechanisms '("CRAM-MD5" "DIGEST-MD5")))
	131	(setq mechanism (sasl-find-mechanism server-supported-mechanisms)))
	132	@end example
	133
	134	@end defun
	135
	136	@defun sasl-mechanism-name mechanism
	137	Return name of mechanism, a string.
	138	@end defun
	139
	140	If you want to write an authentication mechanism driver (@ref{Back end
	141	drivers}), use @code{sasl-make-mechanism} and modify
	142	@code{sasl-mechanisms} and @code{sasl-mechanism-alist} correctly.
	143
	144	@defun sasl-make-mechanism name steps
	145	Allocate a @code{sasl-mechanism} object.
	146	This function takes two parameters---name of the mechanism, and a list
	147	of authentication functions.
	148
	149	@example
	150	(defconst sasl-anonymous-steps
9360256a	151	'(identity ;no initial response
01c52d31 MB	152	sasl-anonymous-response))
	153
	154	(put 'sasl-anonymous 'sasl-mechanism
	155	(sasl-make-mechanism "ANONYMOUS" sasl-anonymous-steps))
	156	@end example
	157
	158	@end defun
	159
	160	@node Clients
	161	@section Clients
	162
	163	A client (@code{sasl-client} object) initialized with four
	164	parameters---a mechanism, a user name, name of the service and name of
	165	the server.
	166
	167	@defun sasl-make-client mechanism name service server
	168	Prepare a @code{sasl-client} object.
	169	@end defun
	170
	171	@defun sasl-client-mechanism client
	172	Return the mechanism (@code{sasl-mechanism} object) of client.
	173	@end defun
	174
	175	@defun sasl-client-name client
	176	Return the authorization name of client, a string.
	177	@end defun
	178
	179	@defun sasl-client-service client
	180	Return the service name of client, a string.
	181	@end defun
	182
	183	@defun sasl-client-server client
	184	Return the server name of client, a string.
	185	@end defun
	186
	187	If you want to specify additional configuration properties, please use
	188	@code{sasl-client-set-property}.
	189
	190	@defun sasl-client-set-property client property value
	191	Add the given property/value to client.
	192	@end defun
	193
	194	@defun sasl-client-property client property
	195	Return the value of the property of client.
	196	@end defun
	197
	198	@defun sasl-client-set-properties client plist
	199	Destructively set the properties of client.
	200	The second argument is the new property list.
	201	@end defun
	202
	203	@defun sasl-client-properties client
	204	Return the whole property list of client configuration.
	205	@end defun
	206
	207	@node Steps
	208	@section Steps
	209
	210	A step (@code{sasl-step} object) is an abstraction of authentication
	211	``step'' which holds the response value and the next entry point for the
	212	authentication process (the latter is not accessible).
	213
	214	@defun sasl-step-data step
	215	Return the data which @var{step} holds, a string.
216	@end defun
217
218	@defun sasl-step-set-data step data
219	Store @var{data} string to @var{step}.
220	@end defun
221
222	To get the initial response, you should call the function
223	@code{sasl-next-step} with the second argument @code{nil}.
224
225	@example
226	(setq name (sasl-mechanism-name mechanism))
227	@end example
228
229	At this point we could send the command which starts a SASL
230	authentication protocol exchange. For example,
231
232	@example
233	(process-send-string
234	process
9360256a	235	(if (sasl-step-data step) ;initial response
01c52d31 MB	236	(format "AUTH %s %s\r\n" name (base64-encode-string (sasl-step-data step) t))
	237	(format "AUTH %s\r\n" name)))
	238	@end example
	239
	240	To go on with the authentication process, all you have to do is call
	241	@code{sasl-next-step} consecutively.
	242
	243	@defun sasl-next-step client step
	244	Perform the authentication step.
	245	At the first time @var{step} should be set to @code{nil}.
	246	@end defun
	247
	248	@node Back end drivers
	249	@chapter Back end drivers
	250
	251	(Not yet written).
	252
	253	@node Index
	254	@chapter Index
	255	@printindex cp
	256
	257	@node Function Index
	258	@chapter Function Index
	259	@printindex fn
	260
	261	@node Variable Index
	262	@chapter Variable Index
	263	@printindex vr
	264
	265	@summarycontents
	266	@contents
	267	@bye
	268
	269	@c End:
	270
	271	@ignore
	272	arch-tag: dc9650be-a953-40bf-bc55-24fe5f19d875
	273	@end ignore