Hi all,
On my webserver, I have saslauthd running. It has a Unix domain socket under the path name /var/run/saslauthd/mux.
Here is a quick and dirty password authentication using Unix domain sockets. This requires the new TXR 134, of course.
Firstly, why would you want to do this? It lets you validate a password without having special privileges. Passwords hashes are in a shadow file that you can't read if you aren't root. But you can ask the SASL daemon to check a password even if you aren't root.
(defun put-binary-str (str stream)
(let ((len (length str)))
(put-byte (trunc len 256) stream)
(put-byte (mod len 256) stream)
(put-string str stream)))
(defun sasl-auth (user pass)
(let ((sock (open-socket af-unix sock-stream)))
(sock-connect sock (new sockaddr-un path "/var/run/saslauthd/mux"))
(put-binary-str user sock)
(put-binary-str pass sock)
(put-binary-str "" sock)
(put-binary-str "" sock)
(let ((response (get-string sock)))
(equal [response 2..4] "OK"))))
The sasl-auth function returns t or nil based on whether the authentication was successful.
The protocol consists of strings, which are encoded as a 16 bit length (big endian a.k.a. "network byte order") followed by the data. Obviously, the above code is broken for non-ASCII characters, since (length str) doesn't give us the UTF-8 encoded length.
(text/plain)