Posts Tagged ‘SASL’

Interesting. Strawberry Perl installed Authen::SASL::Perl without any problem. You’re right. That is not unexpected. Once you get away from POSIX signals and processes, most pure perl is pretty portable.

cd c:/strawberry/cpan/build/Authen-SASL-2.1401-V48Oe3/t
perl digest_md5.t
ok 1 - new
ok 2 - sasl mechanism
ok 3 - conn mechanism
ok 4 - client_start
ok 5 - we need extra steps

Which line is saying we need extra steps?

is($sasl->mechanism, 'DIGEST-MD5', 'sasl mechanism');

my $conn = $sasl->client_new("ldap","localhost", "noplaintext noanonymous");

is($conn->mechanism, 'DIGEST-MD5', 'conn mechanism');

is($conn->client_start, '', 'client_start');
ok  $conn->need_step, "we need extra steps";

Hang on a minute, wasn’t it need_step() that was failing in Arc? Maybe it is fixable after all if I just move from the XS authentication to the pure perl implementation.


Read Full Post »

I finally got around to trying out the Perl ArcV2 library that
I mentioned earlier. It didn’t go well.

There were some issues early on that were due to me not having the sasl libraries installed on my Ubuntu. After rectifying that it made it past the pre-requisites.

However, the Arc tests did not work.

Running make test
PERL_DL_NONLAZY=1 /u/jared/packages/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/arc1.t .. 1/17 shutdown() on closed socket GEN0 at /u/packages/lib/perl5/5.10.1/i686-linux-thread-multi/IO/Socket.pm line 295.
t/arc1.t .. 2/17
#   Failed test at t/arc1.t line 61.
#   Failed test at t/arc1.t line 63.

Test Summary Report
t/arc1.t (Wstat: 3328 Tests: 17 Failed: 13)
  Failed tests:  3-15
  Non-zero exit status: 13

I glanced at the tests to see what had managed to succeed. It doesn’t look good. Pretty much only ok(1) commands with no predicate passed.

Having said that, the test script looks interesting. It forks a process to fire up the server before running the tests. I’m reminded again how much I miss stuff like fork() when doing Windows development.

use Test::More tests => 17;
use strict;

# To work as a client/server we have to fork

my $pid = fork();

my $user = "mannfred";
my $pass = "klaus";

if ($pid == 0) { # Child
    use Arc::Server;
    use Arc::Connection::Server;
    my $server = new Arc::Server(...);
    exit 0;
} elsif ($pid) { # Parent
    use Arc::Connection::Client;
    ok(1); #1
    sleep(3); # Wait for the server to get ready
    my $client = new Arc::Connection::Client(...) or ok(0);
    ok(1); #2
    my $s;
    if ($client->StartSession()) { ok(1); } else { ok(0); }
    # ...

I then split out the client and server so I could run them individually.

$ perl -Mblib=../blib test-client.pl
[err]: (client) Evaluation of command _RAUTHTYPE failed
(Can't locate auto/Authen/SASL/Cyrus/need_step.al in @INC (@INC contains: ../blib/arch ../blib/lib
/u/packages/lib/perl5/5.10.1/i686-linux-thread-multi /u/packages/lib/perl5/5.10.1
/u/packages/lib/perl5/site_perl/5.10.1/i686-linux-thread-multi /u/packages/lib/perl5/site_perl/5.10.1 .)
at ../blib/lib/Arc/Connection/Client.pm line 157).

The server output looked like this.

$ perl -Mblib=../blib test-server.pl
[info]: (server) Arc v2.1 Session recognized.
[err]: (server) Connection closed by foreign host.

Okay, so it looks like the code has bit-rotted away (the last release was in 2005). This is the line in Arc::Connection::Client that is failing. need_step() is no longer mentioned in the SASL documentation.

if ($sasl->need_step || $sasl->code == 0) {

The question is, how much I would have to change to get this to work. Or to put another way, is what I have already with my AnyEvent based code closer to what I need than the currently broken Arc.

And if it doesn’t even work on Linux, what chance do I have on Windows.

Read Full Post »


So I’m perhaps 1% of the way to a poorly thought out middleware component like CORBA1. No, it’s more light-weight, maybe a messaging layer, sorry I mean wire-level protocol specification implementation such as AMQP.

And then I think (like hundreds have probably thought before me), you know, this would be more useful if it had authentication. After all, I don’t want just anyone to be able to send kill signals to any processes. That would be like everyone being root. Which terrifies me.

Don’t invent your own authentication mechanism

And the golden rule about authentication, as far as I can work out, is don’t invent your own authentication mechanism. You’ll get it wrong and leave gaping vulnerabilities for the bad guys to have their wicked way with you. That is, if anyone besides you ever uses your code. And besides, I don’t want to waste any of my 1500 lines on coming up with Yet Another Broken Authentication System.

A quick trip to CPAN

Then I’m looking through the Authen::XXX modules on CPAN and none of them behave in exactly the way I want. But somehow I find a perl server that includes authentication and perhaps does everything I want and I should definitely put it on my list of things to look into even though I’m having a lot of fun with AnyEvent right now.

But by the time I come to look again, I can’t find it. And I’ve complained about documentation before, but Emacs really does deserve it, and I know of no system or language that is better documented than Perl. But I guess the classification problem is a bit tricky to overcome.


Anyway, long story short, I found it.

authenticated perl server -http

An Authenticating Perl Server

The first link (warning PDF) is a paper about using Authen::SASL in client/servers and it mentions ARCv2 which sounds like what I’m looking for.

The first thing to do is find out if it does what I want. The second is to check if it works on Windows.

1. Ambiguity left in deliberately

Read Full Post »