Library sasl

Simple Authentication and Security Layer (SASL).

The library contains some low level functions and a high level class.

The DigestMD5 class contains all code necessary to calculate a DIGEST-MD5 response based on the servers challenge and the other necessary arguments. It can be called through the SASL helper or directly like this:

local dmd5 = DigestMD5:new(chall, user, pass, "AUTHENTICATE", nil, "imap")
local digest = dmd5:calcDigest()

The NTLM class contains all code necessary to calculate a NTLM response based on the servers challenge and the other necessary arguments. It can be called through the SASL helper or directly like this:

local ntlm = NTLM:new(chall, user, pass)
local response = ntlm:calcResponse()

The Helper class contains the high level methods:

  • new: This is the SASL object constructor.
  • set_mechanism: Sets the authentication mechanism to use.
  • set_callback: Sets the encoding function to use.
  • encode: Encodes the parameters according to the authentication mechanism.
  • reset_callback: Resets the authentication function.
  • reset: Resets the SASL object.

The script writers should use the Helper class to create SASL objects, and they can also use the low level functions to customize their encoding functions.

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/sasl.lua

Functions

calcDigest (self)

Calculates the digest

calcResponse (self)

Calculates the response

check_mechanism (mechanism)

Checks if the given mechanism is supported by this library.

cram_md5_enc (username, password, challenge)

Encodes the parameters using the CRAM-MD5 mechanism.

digest_md5_enc (username, password, challenge, service, uri)

Encodes the parameters using the DIGEST-MD5 mechanism.

encode (self, ...)

Encodes the parameters according to the specified mechanism.

get_mechanism (self)

Returns the current authentication mechanism.

new (self, mechanism, callback)

SASL object constructor.

new (self, mechanism, callback)

SASL object constructor.

new (self, mechanism, callback)

SASL object constructor.

parseChallenge (self)

Parses the NTLM challenge as received from the server

plain_enc (username, password)

Encodes the parameters using the PLAIN mechanism.

reset (self)

Resets all the data of the SASL object.

reset_callback (self)

Resets the encoding function to the default SASL callback function.

set_callback (self, callback)

Associates A custom encoding function with the authentication mechanism.

set_mechanism (self, mechanism, string)

Sets the SASL mechanism to use.

Functions

calcDigest (self)

Calculates the digest

Parameters

self
 
calcResponse (self)

Calculates the response

Parameters

self
 
check_mechanism (mechanism)

Checks if the given mechanism is supported by this library.

Parameters

mechanism
string to check.

Return values:

  1. mechanism if it is supported, otherwise nil.
  2. callback The mechanism encoding function on success.
cram_md5_enc (username, password, challenge)

Encodes the parameters using the CRAM-MD5 mechanism.

Parameters

username
string.
password
string.
challenge
The challenge as it is returned by the server.

Return value:

string The encoded string on success, or nil if Nmap was compiled without OpenSSL.
digest_md5_enc (username, password, challenge, service, uri)

Encodes the parameters using the DIGEST-MD5 mechanism.

Parameters

username
string.
password
string.
challenge
The challenge as it is returned by the server.
service
string containing the service that is requesting the encryption (eg. POP, IMAP, STMP)
uri
string containing the URI

Return value:

string The encoded string on success, or nil if Nmap was compiled without OpenSSL.
encode (self, ...)

Encodes the parameters according to the specified mechanism.

Parameters

self
 
...
The parameters to encode.

Usage:

local sasl_enc = sasl.Helper:new("CRAM-MD5")
local result = sasl_enc:encode(username, password, challenge)
local sasl_enc = sasl.Helper:new("PLAIN")
local result = sasl_enc:encode(username, password)

Return value:

string The encoded string on success, or nil on failures.
get_mechanism (self)

Returns the current authentication mechanism.

Parameters

self
 

Return value:

mechanism on success, or nil on failures.
new (self, mechanism, callback)

SASL object constructor.

Parameters

self
 
mechanism
The authentication mechanism to use (optional parameter).
callback
The encoding function associated with the mechanism (optional parameter).

Usage:

local sasl_enc = sasl.Helper:new()
local sasl_enc = sasl.Helper:new("CRAM-MD5")
local sasl_enc = sasl.Helper:new("CRAM-MD5", my_cram_md5_func)

Return value:

sasl object.
new (self, mechanism, callback)

SASL object constructor.

Parameters

self
 
mechanism
The authentication mechanism to use (optional parameter).
callback
The encoding function associated with the mechanism (optional parameter).

Usage:

local sasl_enc = sasl.Helper:new()
local sasl_enc = sasl.Helper:new("CRAM-MD5")
local sasl_enc = sasl.Helper:new("CRAM-MD5", my_cram_md5_func)

Return value:

sasl object.
new (self, mechanism, callback)

SASL object constructor.

Parameters

self
 
mechanism
The authentication mechanism to use (optional parameter).
callback
The encoding function associated with the mechanism (optional parameter).

Usage:

local sasl_enc = sasl.Helper:new()
local sasl_enc = sasl.Helper:new("CRAM-MD5")
local sasl_enc = sasl.Helper:new("CRAM-MD5", my_cram_md5_func)

Return value:

sasl object.
parseChallenge (self)

Parses the NTLM challenge as received from the server

Parameters

self
 
plain_enc (username, password)

Encodes the parameters using the PLAIN mechanism.

Parameters

username
string.
password
string.

Return value:

string The encoded string.
reset (self)

Resets all the data of the SASL object.

This method will clear the specified SASL mechanism.

Parameters

self
 
reset_callback (self)

Resets the encoding function to the default SASL callback function.

Parameters

self
 
set_callback (self, callback)

Associates A custom encoding function with the authentication mechanism.

Note that the SASL object by default will have its own callback functions.

Parameters

self
 
callback
The function associated with the authentication mechanism.

Usage:

-- My personal CRAM-MD5 encode function
function cram_md5_encode_func(username, password, challenge)
   ...
end
local sasl_enc = sasl.Helper:new("CRAM-MD5")
sasl_enc:set_callback(cram_md5_handle_func)
local result = sasl_enc:encode(username, password, challenge)
set_mechanism (self, mechanism, string)

Sets the SASL mechanism to use.

Parameters

self
 
mechanism
 
string
The authentication mechanism.

Usage:

local sasl_enc = sasl.Helper:new()
sasl_enc:set_mechanism("CRAM-MD5")
sasl_enc:set_mechanism("PLAIN")

Return value:

mechanism on success, or nil if the mechanism is not supported.