[SCM] GNU gsasl branch, master, updated. gsasl-1-5-1-16-g281dd7b

[Simon Josefsson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=281dd7b59b2d418077216b17eee5ff7e4545e75e

The branch, master has been updated
       via  281dd7b59b2d418077216b17eee5ff7e4545e75e (commit)
      from  e1b9b4a135337b68cee6208664b3749bcb53aea3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 281dd7b59b2d418077216b17eee5ff7e4545e75e
Author: Simon Josefsson <address@hidden>
Date:   Thu May 20 10:26:05 2010 +0200

    Improve READMEs.

-----------------------------------------------------------------------

Summary of changes:
 README     |   33 +++++++++++++++++----------------
 lib/README |   36 ++++++------------------------------
 2 files changed, 23 insertions(+), 46 deletions(-)

diff --git a/README b/README
index 80878ff..4279d2e 100644
--- a/README
+++ b/README
@@ -1,12 +1,13 @@
 GNU SASL README -- Important introductory notes.
-Copyright (C) 2002, 2003, 2004, 2005, 2005, 2007, 2008, 2009 Simon Josefsson
+Copyright (C) 2002, 2003, 2004, 2005, 2005, 2007, 2008, 2009, 2010 Simon 
Josefsson
 See the end for copying conditions.
 
-This directory holds GNU SASL which is an implementation of the Simple
-Authentication and Security Layer (SASL).  See doc/gsasl.{info,ps,pdf}
-for the manual.
+GNU SASL an implementation of the Simple Authentication and Security
+Layer (SASL) framework, consisting of a library (lib/) with several
+plugins, command-line application (src/), test-suite (tests/),
+documentation (doc/) and source code usage examples (examples/).
 
-The GNU SASL library (lib/) is licensed under the GNU Lesser General
+The GNU SASL Library (lib/) is licensed under the GNU Lesser General
 Public License (LGPL) version 2.1 (or later).  See the file
 lib/COPYING.LIB.  The GNU project typically uses the GNU General
 Public License (GPL) for libraries, and not the LGPL, but for this
@@ -37,6 +38,8 @@ Currently there is some support for the following mechanisms:
   - LOGIN (non-standard)
   - NTLM (non-standard, client only, requires Libntlm)
   - KERBEROS_V5 (experimental, requires Shishi)
+  - SCRAM (no channel bindings)
+  - GS2-KRB5 (no channel bindings, requires GSS, Heimdal or MIT Kerberos)
 
 The library should be portable to all C89 platforms.  The command-line
 application currently requires POSIX for network communication.
@@ -44,23 +47,21 @@ application currently requires POSIX for network 
communication.
 Things left to do below.  If you like to start working on anything,
 please let me know so work duplication can be avoided.
 
-  * Implement SCRAM and GS2.
-  * Security layer improvements (e.g., DES and AES in DIGEST-MD5).
-  * Bug: If gsasl_decode is handed a string longer than one SASL token,
-    the remaining data will be discarded.  This means if the sender
-    packed two SASL tokens in one network packet, only the first will be
-    seen.  To fix this the best way, and the same time also improve
-    string handling (security), the entire SASL step API probably
-    should change.  Later: It occured to me that the en/de-code functions
-    can simply buffer the left over data until the next invocation.
-    Still, it would be nice to change the API to one that encapsulates
-    string operations inte a separate package (my safestring.*).
+  * Support channel bindings in SCRAM/GS2.
   + Authentication infrastructure implementing the callbacks for
     PAM, Kerberos, SQL, etc.  Separate project?  GNU Mailutils has
     some starting points for this, but the API is inflexible.
   + Provide standard callbacks for tty, GTK, gpg-agent etc.  Probably
     should be a separate library.
   + Port applications to use libgsasl
+  - Bug: If gsasl_decode is handed a string longer than one SASL
+    token, the remaining data will be discarded.  This means if the
+    sender packed two SASL tokens in one network packet, only the
+    first will be seen.  The en/de-code functions should buffer the
+    left over data until the next invocation.  Later: it isn't clear
+    that people actually need the security layer feature, and it seems
+    better to punt to TLS.
+  - Security layer improvements (e.g., DES and AES in DIGEST-MD5).
   - Cleanup code, possibly by using some string abstraction library.
   - Privacy separation (authenticate in one process, pass state to another).
   - Improve documentation
diff --git a/lib/README b/lib/README
index cae82ee..419b5b9 100644
--- a/lib/README
+++ b/lib/README
@@ -1,11 +1,11 @@
 GNU SASL LIBRARY README -- Important introductory notes.
-Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson
+Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Simon 
Josefsson
 See the end for copying conditions.
 
-This directory holds the GNU SASL library which is an implementation
-of the Simple Authentication and Security Layer (SASL).
+The GNU SASL Library is a library that implements the Simple
+Authentication and Security Layer (SASL) framework and some plugins.
 
-The GNU SASL library is licensed under the GNU Lesser General Public
+The GNU SASL Library is licensed under the GNU Lesser General Public
 License (LGPL) version 2.1 (or later).  See the file COPYING.LIB.  The
 GNU project typically uses the GNU General Public License (GPL) for
 libraries, and not the LGPL, but for this project we decided that we
@@ -32,35 +32,11 @@ Currently there is some support for the following 
mechanisms:
   - LOGIN (non-standard)
   - NTLM (non-standard, client only, requires Libntlm)
   - KERBEROS_V5 (experimental, requires Shishi)
+  - SCRAM (no channel bindings)
+  - GS2-KRB5 (no channel bindings, requires GSS, Heimdal or MIT Kerberos)
 
 The library should be portable to all C89 platforms.
 
-Things left to do below.  If you like to start working on anything,
-please let me know so work duplication can be avoided.
-
-  * Security layer improvements (e.g., DES and AES in DIGEST-MD5).
-  * Bug: If gsasl_decode is handed a string longer than one SASL token,
-    the remaining data will be discarded.  This means if the sender
-    packed two SASL tokens in one network packet, only the first will be
-    seen.  To fix this the best way, and the same time also improve
-    string handling (security), the entire SASL step API probably
-    should change.  Later: It occured to me that the en/de-code functions
-    can simply buffer the left over data until the next invocation.
-    Still, it would be nice to change the API to one that encapsulates
-    string operations inte a separate package (my safestring.*).
-  + Authentication infrastructure implementing the callbacks for
-    PAM, Kerberos, SQL, etc.  Separate project?  GNU Mailutils has
-    some starting points for this, but the API is inflexible.
-  + Provide standard callbacks for tty, GTK, gpg-agent etc.  Probably
-    should be a separate library.
-  + Port applications to use libgsasl
-  + More SASL mechanisms
-  + Cleanup code, possibly by using some string abstraction library.
-    (lib/digest-md5.c most problematic)
-  - Privacy separation (authenticate in one process, pass state to another).
-  - Improve documentation
-  - Port to Cyclone? CCured?
-
 For updates to the project, see <http://www.gnu.org/software/gsasl/>.
 
 ----------------------------------------------------------------------


hooks/post-receive
-- 
GNU gsasl