An implementation of the Simple Authentication and Security Layer (SASL).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

61 lines
1.7 KiB

// Copyright 2016 The Mellium Contributors.
// Use of this source code is governed by the BSD 2-clause
// license that can be found in the LICENSE file.
package sasl
import (
// An Option represents an input to a SASL state machine.
type Option func(*Negotiator)
func getOpts(n *Negotiator, o ...Option) {
n.credentials = func() (username, password, identity []byte) {
n.permissions = func(_ *Negotiator) bool {
return false
for _, f := range o {
// TLSState lets the state machine negotiate channel binding with a TLS session
// if supported by the underlying mechanism.
func TLSState(cs tls.ConnectionState) Option {
return func(n *Negotiator) {
n.tlsState = &cs
// nonce overrides the nonce used for authentication attempts.
// This defaults to a random value and should not be changed.
func setNonce(v []byte) Option {
return func(n *Negotiator) {
n.nonce = v
// RemoteMechanisms sets a list of mechanisms supported by the remote client or
// server with which the state machine will be negotiating.
// It is used to determine if the server supports channel binding.
func RemoteMechanisms(m ...string) Option {
return func(n *Negotiator) {
n.remoteMechanisms = m
// Credentials provides the negotiator with a username and password to
// authenticate with and (optionally) an authorization identity.
// Identity will normally be left empty to act as the username.
// The Credentials function is called lazily and may be called multiple times by
// the mechanism.
// It is not memoized by the negotiator.
func Credentials(f func() (Username, Password, Identity []byte)) Option {
return func(n *Negotiator) {
n.credentials = f