diff options
Diffstat (limited to 'tdeio/misc/tdesasl/tdesasl.h')
-rw-r--r-- | tdeio/misc/tdesasl/tdesasl.h | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/tdeio/misc/tdesasl/tdesasl.h b/tdeio/misc/tdesasl/tdesasl.h new file mode 100644 index 000000000..0c57096a8 --- /dev/null +++ b/tdeio/misc/tdesasl/tdesasl.h @@ -0,0 +1,169 @@ +/* This file is part of the KDE libraries + Copyright (C) 2001-2002 Michael H�ckel <[email protected]> + $Id$ + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License version 2 as published by the Free Software Foundation. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with this library; see the file COPYING.LIB. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifndef TDESASL_H +#define TDESASL_H + +#include <tqstring.h> + +#include <tdelibs_export.h> + +class KURL; +class TQStrIList; + +/** + * This library can create responses for SASL authentication for a given + * challenge and a given secret. This way of authentication is common for + * SMTP, POP3, IMAP and LDAP. + * + * SASL is one way strong encryption and therefore useful for authentication, + * but not for secret information transfer. + * It is possibly to prove with SASL to know a shared secret like a password. + * It is not possible with SASL to transfer any other information in an + * encrypted way. For that purpose OpenPGP or SSL are useful. + * + * Currently PLAIN (RFC 2595), LOGIN (not really a SASL mechanism, but + * used like that in IMAP and SMTP), CRAM-MD5 (RFC 2195) and + * DIGEST-MD5 (RFC 2831) authentication are supported. PLAIN and + * LOGIN transmit the credentials in the clear (apart from a possible + * base64 encoding). + * + * For KDE 3.2, the API has been extended to allow transparent use of + * all currently supported SASL mechanisms. Example: + * \code + * KDESasl sasl( myUser, myPass, myProtocol ); + * if ( !sasl.chooseMethod( myMechanismsSupportedByServer ) ) + * return false; // couldn't agree on a method + * + * int numResponses = 0; + * if ( sasl.clientStarts() ) { // check whether we're supposed to start the dialog + * ++numResponses; + * mySendAuthCommand( sasl.method(), sasl.getResponse() ); + * } else { + * mySendAuthCommand( sasl.method() ); + * } + * for ( ; !sasl.dialogComplete( numResponses ) ; ++numResponses ) { + * TQByteArray challenge = myRecvChallenge(); + * mySendResponse( sasl.getResponse( challenge ) ); + * } + * return myCheckSuccess(); + * \endcode + * + * @author Michael H�ckel <[email protected]> + * @version $Id$ + */ + +class TDEIO_EXPORT KDESasl +{ + +public: + /** + * Construct a sasl object and initialize it with the username and password + * passed via the url. + */ + KDESasl(const KURL &aUrl); + /** + * This is a conveniece function and differs from the above function only by + * what arguments it accepts. + */ + KDESasl(const TQString &aUser, const TQString &aPass, const TQString &aProtocol); + /* + * You need to have a virtual destructor! + */ + virtual ~KDESasl(); + /** + * @returns the most secure method from the given methods and use it for + * further operations. + */ + virtual TQCString chooseMethod(const TQStrIList aMethods); + /** + * Explicitely set the SASL method used. + */ + virtual void setMethod(const TQCString &aMethod); + /** + * @return the SASL method used. + * @since 3.2 + */ + TQCString method() const; + /** + * @param numCalls number of times getResponse() has been called. + * @return whether the challenge/response dialog has completed + * + * @since 3.2 + */ + bool dialogComplete( int numCalls ) const; + /** + * @return whether the currently selected mechanism results in + * cleartext passwords being sent over the network and thus should + * be used only under TLS/SSL cover or for legacy servers. + * + * @since 3.2 + */ + bool isClearTextMethod() const; + /** + * Creates a response using the formerly chosen SASL method. + * For LOGIN authentication you have to call this function twice. KDESasl + * realizes on its own, if you are calling it for the first or for the + * second time. + * @param aChallenge is the challenge sent to create a response for + * @param aBase64 specifies, whether the authentication protocol uses base64 + * encoding. The challenge is decoded from base64 and the response is + * encoded base64 if set to true. + */ + TQCString getResponse(const TQByteArray &aChallenge=TQByteArray(), bool aBase64 = true); + /** + * Create a response as above but place it in a QByteArray + */ + TQByteArray getBinaryResponse(const TQByteArray &aChallenge=TQByteArray(), bool aBase64=true); + /** + * Returns true if the client is supposed to initiate the + * challenge-respinse dialog with an initial response (which most + * protocols can transfer alongside the authentication command as an + * optional second parameter). This method relieves the sasl user + * from knowing details about the mechanism. If true, use + * #getResponse() with a null challenge. + * + * @since 3.2 + */ + bool clientStarts() const; +protected: + /** + * PLAIN authentication as described in RFC 2595 + */ + virtual TQByteArray getPlainResponse(); + /** + * LOGIN authentication + */ + virtual TQByteArray getLoginResponse(); + /** + * CRAM-MD5 authentication as described in RFC 2195 + */ + virtual TQByteArray getCramMd5Response(const TQByteArray &aChallenge); + /** + * DIGEST-MD5 authentication as described in RFC 2831 + */ + virtual TQByteArray getDigestMd5Response(const TQByteArray &aChallenge); + +private: + TQString mProtocol, mUser, mPass; + TQCString mMethod; + bool mFirst; +}; + +#endif |