| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| #include <stdint.h> |
| #include <string> |
| |
| namespace saslwrapper { |
| |
| /** |
| * The following type is used for output arguments (that are strings). The fact that it has |
| * a unique name is used in a SWIG typemap to indicate output arguments. For scripting languages |
| * such as Python and Ruby (which do not support output arguments), the outputs are placed in and |
| * array that is returned by the function. For example, a function that looks like: |
| * |
| * bool function(const string& input, output_string& out1, output_string& out2); |
| * |
| * would be called (in Python) like this: |
| * |
| * boolResult, out1, out2 = function(input) |
| */ |
| typedef std::string output_string; |
| class ClientImpl; |
| |
| class Client { |
| public: |
| |
| Client(); |
| ~Client(); |
| |
| /** |
| * Set attributes to be used in authenticating the session. All attributes should be set |
| * before init() is called. |
| * |
| * @param key Name of attribute being set |
| * @param value Value of attribute being set |
| * @return true iff success. If false is returned, call getError() for error details. |
| * |
| * Available attribute keys: |
| * |
| * service - Name of the service being accessed |
| * username - User identity for authentication |
| * authname - User identity for authorization (if different from username) |
| * password - Password associated with username |
| * host - Fully qualified domain name of the server host |
| * maxbufsize - Maximum receive buffer size for the security layer |
| * minssf - Minimum acceptable security strength factor (integer) |
| * maxssf - Maximum acceptable security strength factor (integer) |
| * externalssf - Security strength factor supplied by external mechanism (i.e. SSL/TLS) |
| * externaluser - Authentication ID (of client) as established by external mechanism |
| */ |
| bool setAttr(const std::string& key, const std::string& value); |
| bool setAttr(const std::string& key, uint32_t value); |
| |
| /** |
| * Initialize the client object. This should be called after all of the properties have been set. |
| * |
| * @return true iff success. If false is returned, call getError() for error details. |
| */ |
| bool init(); |
| |
| /** |
| * Start the SASL exchange with the server. |
| * |
| * @param mechList List of mechanisms provided by the server |
| * @param chosen The mechanism chosen by the client |
| * @param initialResponse Initial block of data to send to the server |
| * |
| * @return true iff success. If false is returned, call getError() for error details. |
| */ |
| bool start(const std::string& mechList, output_string& chosen, output_string& initialResponse); |
| |
| /** |
| * Step the SASL handshake. |
| * |
| * @param challenge The challenge supplied by the server |
| * @param response (output) The response to be sent back to the server |
| * |
| * @return true iff success. If false is returned, call getError() for error details. |
| */ |
| bool step(const std::string& challenge, output_string& response); |
| |
| /** |
| * Encode data for secure transmission to the server. |
| * |
| * @param clearText Clear text data to be encrypted |
| * @param cipherText (output) Encrypted data to be transmitted |
| * |
| * @return true iff success. If false is returned, call getError() for error details. |
| */ |
| bool encode(const std::string& clearText, output_string& cipherText); |
| |
| /** |
| * Decode data received from the server. |
| * |
| * @param cipherText Encrypted data received from the server |
| * @param clearText (output) Decrypted clear text data |
| * |
| * @return true iff success. If false is returned, call getError() for error details. |
| */ |
| bool decode(const std::string& cipherText, output_string& clearText); |
| |
| /** |
| * Get the user identity (used for authentication) associated with this session. |
| * Note that this is particularly useful for single-sign-on mechanisms in which the |
| * username is not supplied by the application. |
| * |
| * @param userId (output) Authenticated user ID for this session. |
| */ |
| bool getUserId(output_string& userId); |
| |
| /** |
| * Get error message for last error. |
| * This function will return the last error message then clear the error state. |
| * If there was no error or the error state has been cleared, this function will output |
| * an empty string. |
| * |
| * @param error Error message string |
| */ |
| void getError(output_string& error); |
| |
| private: |
| ClientImpl* impl; |
| |
| // Declare private copy constructor and assignment operator. Ensure that this |
| // class is non-copyable. |
| Client(const Client&); |
| const Client& operator=(const Client&); |
| }; |
| |
| } |
