QCA::SASL

Search for usage in LXR

#include <QtCrypto>

Inheritance diagram for QCA::SASL:

Classes

class  Params
 

Public Types

enum  AuthCondition {
  AuthFail , NoMechanism , BadProtocol , BadServer ,
  BadAuth , NoAuthzid , TooWeak , NeedEncrypt ,
  Expired , Disabled , NoUser , RemoteUnavailable
}
 
enum  AuthFlags {
  AuthFlagsNone = 0x00 , AllowPlain = 0x01 , AllowAnonymous = 0x02 , RequireForwardSecrecy = 0x04 ,
  RequirePassCredentials = 0x08 , RequireMutualAuth = 0x10 , RequireAuthzidSupport = 0x20
}
 
enum  ClientSendMode { AllowClientSendFirst , DisableClientSendFirst }
 
enum  Error { ErrorInit , ErrorHandshake , ErrorCrypt }
 
enum  ServerSendMode { AllowServerSendLast , DisableServerSendLast }
 
- Public Types inherited from QObject
typedef  QObjectList
 

Signals

void authCheck (const QString &user, const QString &authzid)
 
void authenticated ()
 
void clientStarted (bool clientInit, const QByteArray &clientInitData)
 
void needParams (const QCA::SASL::Params &params)
 
void nextStep (const QByteArray &stepData)
 
void serverStarted ()
 
- Signals inherited from QCA::SecureLayer
void closed ()
 
void error ()
 
void readyRead ()
 
void readyReadOutgoing ()
 

Public Member Functions

 SASL (QObject *parent=nullptr, const QString &provider=QString())
 
AuthCondition authCondition () const
 
int bytesAvailable () const override
 
int bytesOutgoingAvailable () const override
 
void continueAfterAuthCheck ()
 
void continueAfterParams ()
 
int convertBytesWritten (qint64 encryptedBytes) override
 
Error errorCode () const
 
QString mechanism () const
 
QStringList mechanismList () const
 
void putServerFirstStep (const QString &mech)
 
void putServerFirstStep (const QString &mech, const QByteArray &clientInit)
 
void putStep (const QByteArray &stepData)
 
QByteArray read () override
 
QByteArray readOutgoing (int *plainBytes=nullptr) override
 
QStringList realmList () const
 
void reset ()
 
void setAuthzid (const QString &auth)
 
void setConstraints (AuthFlags f, int minSSF, int maxSSF)
 
void setConstraints (AuthFlags f, SecurityLevel s=SL_None)
 
void setExternalAuthId (const QString &authid)
 
void setExternalSSF (int strength)
 
void setLocalAddress (const QString &addr, quint16 port)
 
void setPassword (const SecureArray &pass)
 
void setRealm (const QString &realm)
 
void setRemoteAddress (const QString &addr, quint16 port)
 
void setUsername (const QString &user)
 
int ssf () const
 
void startClient (const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode=AllowClientSendFirst)
 
void startServer (const QString &service, const QString &host, const QString &realm, ServerSendMode mode=DisableServerSendLast)
 
void write (const QByteArray &a) override
 
void writeIncoming (const QByteArray &a) override
 
- Public Member Functions inherited from QCA::SecureLayer
 SecureLayer (QObject *parent=nullptr)
 
virtual void close ()
 
virtual bool isClosable () const
 
virtual QByteArray readUnprocessed ()
 
- Public Member Functions inherited from QObject
 QObject (QObject *parent)
 
QBindable< QStringbindableObjectName ()
 
bool blockSignals (bool block)
 
const QObjectListchildren () const const
 
QMetaObject::Connection connect (const QObject *sender, const char *signal, const char *method, Qt::ConnectionType type) const const
 
void deleteLater ()
 
void destroyed (QObject *obj)
 
bool disconnect (const char *signal, const QObject *receiver, const char *method) const const
 
bool disconnect (const QObject *receiver, const char *method) const const
 
void dumpObjectInfo () const const
 
void dumpObjectTree () const const
 
QList< QByteArraydynamicPropertyNames () const const
 
virtual bool event (QEvent *e)
 
virtual bool eventFilter (QObject *watched, QEvent *event)
 
findChild (const QString &name, Qt::FindChildOptions options) const const
 
QList< T > findChildren (const QRegularExpression &re, Qt::FindChildOptions options) const const
 
QList< T > findChildren (const QString &name, Qt::FindChildOptions options) const const
 
QList< T > findChildren (Qt::FindChildOptions options) const const
 
bool inherits (const char *className) const const
 
void installEventFilter (QObject *filterObj)
 
bool isQuickItemType () const const
 
bool isWidgetType () const const
 
bool isWindowType () const const
 
void killTimer (int id)
 
virtual const QMetaObjectmetaObject () const const
 
void moveToThread (QThread *targetThread)
 
QString objectName () const const
 
void objectNameChanged (const QString &objectName)
 
QObjectparent () const const
 
QVariant property (const char *name) const const
 
 Q_CLASSINFO (Name, Value)
 
 Q_EMIT Q_EMIT
 
 Q_ENUM (...)
 
 Q_ENUM_NS (...)
 
 Q_ENUMS (...)
 
 Q_FLAG (...)
 
 Q_FLAG_NS (...)
 
 Q_FLAGS (...)
 
 Q_GADGET Q_GADGET
 
 Q_GADGET_EXPORT (EXPORT_MACRO)
 
 Q_INTERFACES (...)
 
 Q_INVOKABLE Q_INVOKABLE
 
 Q_MOC_INCLUDE Q_MOC_INCLUDE
 
 Q_NAMESPACE Q_NAMESPACE
 
 Q_NAMESPACE_EXPORT (EXPORT_MACRO)
 
 Q_OBJECT Q_OBJECT
 
 Q_PROPERTY (...)
 
 Q_REVISION Q_REVISION
 
 Q_SET_OBJECT_NAME (Object)
 
 Q_SIGNAL Q_SIGNAL
 
 Q_SIGNALS Q_SIGNALS
 
 Q_SLOT Q_SLOT
 
 Q_SLOTS Q_SLOTS
 
qobject_cast (const QObject *object)
 
qobject_cast (QObject *object)
 
 QT_NO_NARROWING_CONVERSIONS_IN_CONNECT QT_NO_NARROWING_CONVERSIONS_IN_CONNECT
 
void removeEventFilter (QObject *obj)
 
void setObjectName (const QString &name)
 
void setObjectName (QAnyStringView name)
 
void setParent (QObject *parent)
 
bool setProperty (const char *name, const QVariant &value)
 
bool setProperty (const char *name, QVariant &&value)
 
bool signalsBlocked () const const
 
int startTimer (int interval, Qt::TimerType timerType)
 
int startTimer (std::chrono::milliseconds interval, Qt::TimerType timerType)
 
QThreadthread () const const
 
- Public Member Functions inherited from QCA::Algorithm
 Algorithm (const Algorithm &from)
 
void change (const QString &type, const QString &provider)
 
void change (Provider::Context *c)
 
Provider::Contextcontext ()
 
const Provider::Contextcontext () const
 
Algorithmoperator= (const Algorithm &from)
 
Providerprovider () const
 
Provider::ContexttakeContext ()
 
QString type () const
 

Additional Inherited Members

- Properties inherited from QObject
 objectName
 
- Static Public Member Functions inherited from QObject
QMetaObject::Connection connect (const QObject *sender, const char *signal, const QObject *receiver, const char *method, Qt::ConnectionType type)
 
QMetaObject::Connection connect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method, Qt::ConnectionType type)
 
QMetaObject::Connection connect (const QObject *sender, PointerToMemberFunction signal, const QObject *context, Functor functor, Qt::ConnectionType type)
 
QMetaObject::Connection connect (const QObject *sender, PointerToMemberFunction signal, const QObject *receiver, PointerToMemberFunction method, Qt::ConnectionType type)
 
QMetaObject::Connection connect (const QObject *sender, PointerToMemberFunction signal, Functor functor)
 
bool disconnect (const QMetaObject::Connection &connection)
 
bool disconnect (const QObject *sender, const char *signal, const QObject *receiver, const char *method)
 
bool disconnect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method)
 
bool disconnect (const QObject *sender, PointerToMemberFunction signal, const QObject *receiver, PointerToMemberFunction method)
 
QString tr (const char *sourceText, const char *disambiguation, int n)
 
- Protected Member Functions inherited from QObject
virtual void childEvent (QChildEvent *event)
 
virtual void connectNotify (const QMetaMethod &signal)
 
virtual void customEvent (QEvent *event)
 
virtual void disconnectNotify (const QMetaMethod &signal)
 
bool isSignalConnected (const QMetaMethod &signal) const const
 
int receivers (const char *signal) const const
 
QObjectsender () const const
 
int senderSignalIndex () const const
 
virtual void timerEvent (QTimerEvent *event)
 
- Protected Member Functions inherited from QCA::Algorithm
 Algorithm ()
 
 Algorithm (const QString &type, const QString &provider)
 

Detailed Description

Simple Authentication and Security Layer protocol implementation.

This class implements the Simple Authenication and Security Layer protocol, which is described in RFC2222 - see http://www.ietf.org/rfc/rfc2222.txt.

As the name suggests, SASL provides authentication (eg, a "login" of some form), for a connection oriented protocol, and can also provide protection for the subsequent connection.

The SASL protocol is designed to be extensible, through a range of "mechanisms", where a mechanism is the actual authentication method. Example mechanisms include Anonymous, LOGIN, Kerberos V4, and GSSAPI. Mechanisms can be added (potentially without restarting the server application) by the system administrator.

It is important to understand that SASL is neither "network aware" nor "protocol aware". That means that SASL does not understand how the client connects to the server, and SASL does not understand the actual application protocol.

Examples
saslclient.cpp, and saslserver.cpp.

Definition at line 831 of file qca_securelayer.h.

Member Enumeration Documentation

◆ AuthCondition

Possible authentication error states.

Enumerator
AuthFail 

Generic authentication failure.

NoMechanism 

No compatible/appropriate authentication mechanism.

BadProtocol 

Bad protocol or cancelled.

BadServer 

Server failed mutual authentication (client side only)

BadAuth 

Authentication failure (server side only)

NoAuthzid 

Authorization failure (server side only)

TooWeak 

Mechanism too weak for this user (server side only)

NeedEncrypt 

Encryption is needed in order to use mechanism (server side only)

Expired 

Passphrase expired, has to be reset (server side only)

Disabled 

Account is disabled (server side only)

NoUser 

User not found (server side only)

RemoteUnavailable 

Remote service needed for auth is gone (server side only)

Definition at line 848 of file qca_securelayer.h.

◆ AuthFlags

Authentication requirement flag values.

Definition at line 867 of file qca_securelayer.h.

◆ ClientSendMode

Mode options for client side sending.

Definition at line 881 of file qca_securelayer.h.

◆ Error

Possible errors that may occur when using SASL.

Enumerator
ErrorInit 

problem starting up SASL

ErrorHandshake 

problem during the authentication process

ErrorCrypt 

problem at anytime after

Definition at line 838 of file qca_securelayer.h.

◆ ServerSendMode

Mode options for server side sending.

Definition at line 890 of file qca_securelayer.h.

Constructor & Destructor Documentation

◆ SASL()

QCA::SASL::SASL ( QObject * parent = nullptr,
const QString & provider = QString() )
explicit

Standard constructor.

Parameters
parentthe parent object for this SASL connection
providerif specified, the provider to use. If not specified, or specified as empty, then any provider is acceptable.

Member Function Documentation

◆ authCheck

void QCA::SASL::authCheck ( const QString & user,
const QString & authzid )
signal

This signal is emitted when the server needs to perform the authentication check.

If the user and authzid are valid, call continueAfterAuthCheck().

Parameters
userthe user identification name
authzidthe user authorization name
Examples
saslserver.cpp.

◆ authCondition()

AuthCondition QCA::SASL::authCondition ( ) const

Return the reason for authentication failure.

Examples
saslclient.cpp, and saslserver.cpp.

◆ authenticated

void QCA::SASL::authenticated ( )
signal

This signal is emitted when authentication is complete.

Examples
saslclient.cpp, and saslserver.cpp.

◆ bytesAvailable()

int QCA::SASL::bytesAvailable ( ) const
overridevirtual

Returns the number of bytes available to be read() on the application side.

Implements QCA::SecureLayer.

◆ bytesOutgoingAvailable()

int QCA::SASL::bytesOutgoingAvailable ( ) const
overridevirtual

Returns the number of bytes available to be readOutgoing() on the network side.

Implements QCA::SecureLayer.

◆ clientStarted

void QCA::SASL::clientStarted ( bool clientInit,
const QByteArray & clientInitData )
signal

This signal is emitted when the client has been successfully started.

Parameters
clientInittrue if the client should send an initial response to the server
clientInitDatathe initial response to send to the server. Do note that there is a difference in SASL between an empty initial response and no initial response, and so even if clientInitData is an empty array, you still need to send an initial response if clientInit is true.
Examples
saslclient.cpp.

◆ continueAfterAuthCheck()

void QCA::SASL::continueAfterAuthCheck ( )

Continue negotiation after auth ids have been checked (server)

Examples
saslserver.cpp.

◆ continueAfterParams()

void QCA::SASL::continueAfterParams ( )

Continue negotiation after parameters have been set (client)

Examples
saslclient.cpp.

◆ convertBytesWritten()

int QCA::SASL::convertBytesWritten ( qint64 encryptedBytes)
overridevirtual

Convert encrypted bytes written to plain text bytes written.

Parameters
encryptedBytesthe number of bytes to convert

Implements QCA::SecureLayer.

Examples
saslserver.cpp.

◆ errorCode()

Error QCA::SASL::errorCode ( ) const

Return the error code.

Examples
saslclient.cpp, and saslserver.cpp.

◆ mechanism()

QString QCA::SASL::mechanism ( ) const

Return the mechanism selected (client)

Examples
saslclient.cpp.

◆ mechanismList()

QStringList QCA::SASL::mechanismList ( ) const

Return the mechanism list (server)

Examples
saslserver.cpp.

◆ needParams

void QCA::SASL::needParams ( const QCA::SASL::Params & params)
signal

This signal is emitted when the client needs additional parameters.

After receiving this signal, the application should set the required parameter values appropriately and then call continueAfterParams().

Parameters
paramsthe parameters that are required by the client
Examples
saslclient.cpp.

◆ nextStep

void QCA::SASL::nextStep ( const QByteArray & stepData)
signal

This signal is emitted when there is data required to be sent over the network to complete the next step in the authentication process.

Parameters
stepDatathe data to send over the network
Examples
saslclient.cpp, and saslserver.cpp.

◆ putServerFirstStep() [1/2]

void QCA::SASL::putServerFirstStep ( const QString & mech)

Process the first step in server mode (server)

Call this with the mechanism selected by the client. If there is initial client data, call the other version of this function instead.

Parameters
mechthe mechanism to be used.
Examples
saslserver.cpp.

◆ putServerFirstStep() [2/2]

void QCA::SASL::putServerFirstStep ( const QString & mech,
const QByteArray & clientInit )

Process the first step in server mode (server)

Call this with the mechanism selected by the client, and initial client data. If there is no initial client data, call the other version of this function instead.

Parameters
mechthe mechanism to be used
clientInitthe initial data provided by the client side

◆ putStep()

void QCA::SASL::putStep ( const QByteArray & stepData)

Process an authentication step.

Call this with authentication data received from the network. The only exception is the first step in server mode, in which case putServerFirstStep must be called.

Parameters
stepDatathe authentication data from the network
Examples
saslclient.cpp, and saslserver.cpp.

◆ read()

QByteArray QCA::SASL::read ( )
overridevirtual

This method reads decrypted (plain) data from the SecureLayer implementation.

You normally call this function on the application side after receiving the readyRead() signal.

Implements QCA::SecureLayer.

Examples
saslclient.cpp, and saslserver.cpp.

◆ readOutgoing()

QByteArray QCA::SASL::readOutgoing ( int * plainBytes = nullptr)
overridevirtual

This method provides encoded (typically encrypted) data.

You normally call this function to get data to write out to the network socket (e.g. using QTcpSocket::write()) after receiving the readyReadOutgoing() signal.

Parameters
plainBytesthe number of bytes that were read.

Implements QCA::SecureLayer.

Examples
saslclient.cpp, and saslserver.cpp.

◆ realmList()

QStringList QCA::SASL::realmList ( ) const

Return the realm list, if available (client)

Examples
saslclient.cpp.

◆ reset()

void QCA::SASL::reset ( )

Reset the SASL mechanism.

◆ serverStarted

void QCA::SASL::serverStarted ( )
signal

This signal is emitted after the server has been successfully started.

Examples
saslserver.cpp.

◆ setAuthzid()

void QCA::SASL::setAuthzid ( const QString & auth)

Specify the authorization identity to use in authentication.

Parameters
auththe authorization identity to use
Examples
saslclient.cpp.

◆ setConstraints() [1/2]

void QCA::SASL::setConstraints ( AuthFlags f,
int minSSF,
int maxSSF )

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Unless you have a specific reason for directly specifying a strength factor, you probably should use the method above.

Parameters
fthe authentication requirements, which you typically build using a binary OR function (eg AllowPlain | AllowAnonymous)
minSSFthe minimum security strength factor that is required
maxSSFthe maximum security strength factor that is required
Note
Security strength factors are a rough approximation to key length in the encryption function (eg if you are securing with plain DES, the security strength factor would be 56).

◆ setConstraints() [2/2]

void QCA::SASL::setConstraints ( AuthFlags f,
SecurityLevel s = SL_None )

Specify connection constraints.

SASL supports a range of authentication requirements, and a range of security levels. This method allows you to specify the requirements for your connection.

Parameters
fthe authentication requirements, which you typically build using a binary OR function (eg AllowPlain | AllowAnonymous)
sthe security level of the encryption, if used. See SecurityLevel for details of what each level provides.
Examples
saslclient.cpp, and saslserver.cpp.

◆ setExternalAuthId()

void QCA::SASL::setExternalAuthId ( const QString & authid)

Specify the id of the externally secured connection.

Parameters
authidthe id of the connection

◆ setExternalSSF()

void QCA::SASL::setExternalSSF ( int strength)

Specify a security strength factor for an externally secured connection.

Parameters
strengththe security strength factor of the connection

◆ setLocalAddress()

void QCA::SASL::setLocalAddress ( const QString & addr,
quint16 port )

Specify the local address.

Parameters
addrthe address of the local part of the connection
portthe port number of the local part of the connection

◆ setPassword()

void QCA::SASL::setPassword ( const SecureArray & pass)

Specify the password to use in authentication.

Parameters
passthe password to use
Examples
saslclient.cpp.

◆ setRealm()

void QCA::SASL::setRealm ( const QString & realm)

Specify the realm to use in authentication.

Parameters
realmthe realm to use
Examples
saslclient.cpp.

◆ setRemoteAddress()

void QCA::SASL::setRemoteAddress ( const QString & addr,
quint16 port )

Specify the peer address.

Parameters
addrthe address of the peer side of the connection
portthe port number of the peer side of the connection

◆ setUsername()

void QCA::SASL::setUsername ( const QString & user)

Specify the username to use in authentication.

Parameters
userthe username to use
Examples
saslclient.cpp.

◆ ssf()

int QCA::SASL::ssf ( ) const

Return the security strength factor of the connection.

Examples
saslclient.cpp, and saslserver.cpp.

◆ startClient()

void QCA::SASL::startClient ( const QString & service,
const QString & host,
const QStringList & mechlist,
ClientSendMode mode = AllowClientSendFirst )

Initialise the client side of the connection.

startClient must be called on the client side of the connection. clientStarted will be emitted when the operation is completed.

Parameters
servicethe name of the service
hostthe client side host name
mechlistthe list of mechanisms which can be used
modethe mode to use on the client side
Examples
saslclient.cpp.

◆ startServer()

void QCA::SASL::startServer ( const QString & service,
const QString & host,
const QString & realm,
ServerSendMode mode = DisableServerSendLast )

Initialise the server side of the connection.

startServer must be called on the server side of the connection. serverStarted will be emitted when the operation is completed.

Parameters
servicethe name of the service
hostthe server side host name
realmthe realm to use
modewhich mode to use on the server side
Examples
saslserver.cpp.

◆ write()

void QCA::SASL::write ( const QByteArray & a)
overridevirtual

This method writes unencrypted (plain) data to the SecureLayer implementation.

You normally call this function on the application side.

Parameters
athe source of the application-side data

Implements QCA::SecureLayer.

Examples
saslclient.cpp, and saslserver.cpp.

◆ writeIncoming()

void QCA::SASL::writeIncoming ( const QByteArray & a)
overridevirtual

This method accepts encoded (typically encrypted) data for processing.

You normally call this function using data read from the network socket (e.g. using QTcpSocket::readAll()) after receiving a signal that indicates that the socket has data to read.

Parameters
athe ByteArray to take network-side data from

Implements QCA::SecureLayer.

Examples
saslclient.cpp.

The documentation for this class was generated from the following file:
This file is part of the KDE documentation.
Documentation copyright © 1996-2024 The KDE developers.
Generated on Sat Dec 21 2024 17:03:55 by doxygen 1.12.0 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.