E-MailRelay
|
An interface for implementing the server-side SASL challenge/response concept. More...
#include <gsaslserver.h>
Public Member Functions | |
virtual | ~SaslServer ()=default |
Destructor. | |
virtual bool | requiresEncryption () const =0 |
Returns true if the implementation requires that the challenge/response dialog should only take place over an encrypted transport. | |
virtual bool | active () const =0 |
Returns true if the constructor's "secrets" object was valid. More... | |
virtual std::string | mechanisms (char space_separator) const =0 |
Returns a list of supported, standard mechanisms that can be advertised to the client. More... | |
virtual bool | init (const std::string &mechanism)=0 |
Initialiser. More... | |
virtual std::string | mechanism () const =0 |
Returns the mechanism, as passed to the last init() call to return true. | |
virtual bool | mustChallenge () const =0 |
Returns true if authentication using the current mechanism must always start with a non-empty server challenge, ie. More... | |
virtual std::string | initialChallenge () const =0 |
Returns the possibly-empty initial server challenge. | |
virtual std::string | apply (const std::string &response, bool &done)=0 |
Applies the client response and returns the next challenge and a 'done' flag by reference. More... | |
virtual bool | authenticated () const =0 |
Returns true if authenticated sucessfully. More... | |
virtual std::string | id () const =0 |
Returns the authenticated or trusted identity. More... | |
virtual bool | trusted (const GNet::Address &) const =0 |
Returns true if a trusted client that does not need to authenticate. | |
An interface for implementing the server-side SASL challenge/response concept.
In practice there is one derived class for basic authentication mechanisms using a secrets file, and another for PAM.
Usage:
Definition at line 66 of file gsaslserver.h.
|
pure virtual |
Returns true if the constructor's "secrets" object was valid.
See also Secrets::valid().
|
pure virtual |
Applies the client response and returns the next challenge and a 'done' flag by reference.
Note that some mechanisms generate an extra round-trip even after the authentication status has been settled. In this case the 'done' flag will be set true only when the final empty response from the client is apply()d.
|
pure virtual |
Returns true if authenticated sucessfully.
Precondition: apply() 'done'
|
pure virtual |
Returns the authenticated or trusted identity.
Returns the empty string if not authenticated and not trusted.
|
pure virtual |
Initialiser.
Returns true if the mechanism is in the mechanisms() list, or if it is some other supported mechanism (like "APOP") that the derived-class object allows implicitly. May be used more than once. The initialChallenge() is re-initialised on each successful init().
|
pure virtual |
Returns a list of supported, standard mechanisms that can be advertised to the client.
Some mechanisms (like "APOP") may be accepted by init() even though they are not advertised.
|
pure virtual |
Returns true if authentication using the current mechanism must always start with a non-empty server challenge, ie.
it is a "server-first" mechanism as per RFC-4422.
Returns false for the "LOGIN" mechanism since the initial challenge ("Username:") is not essential, ie. it is a "variable" mechanism.
The server should call initialChallenge() to decide whether to send an initial challenge; this method is only to stop a client providing an initial response before an initial challenge has been sent.