restemplate/indy/Protocols/IdSASL.pas

203 lines
5.8 KiB
Plaintext
Raw Permalink Normal View History

{
$Project$
$Workfile$
$Revision$
$DateUTC$
$Id$
This file is part of the Indy (Internet Direct) project, and is offered
under the dual-licensing agreement described on the Indy website.
(http://www.indyproject.org/)
Copyright:
(c) 1993-2005, Chad Z. Hower and the Indy Pit Crew. All rights reserved.
}
{
$Log$
}
{
Rev 1.3 10/26/2004 10:55:32 PM JPMugaas
Updated refs.
Rev 1.2 2004.02.03 5:44:18 PM czhower
Name changes
Rev 1.1 1/21/2004 3:11:34 PM JPMugaas
InitComponent
Rev 1.0 11/13/2002 08:00:06 AM JPMugaas
2002 - 5-19 - J. Peter Mugaas
started this class definition for Indy 10.
2002 - 08 - J.M. Berg
reworked, restructured a bit, made work with Indy 9 (most changes
are in other units though)
}
{
SASL Base mechanism for Indy.
See RFC 2222
This class is not useful in and of itself. It is for deriving descendant classes
for implementing reusable SASL authentication mechanism classes for components
such as IdPOP3, IdSMTP, and IdIMAP4.
But since they tie into the SASLList, its not restricted to message clients.
Descendant classes will be responsible for implementing the SASL mechanism
completely and holding any data required for authentication, unless descend
from the UserPass mechanism and link to a UserPass provider.
}
{$BOOLEVAL OFF}
unit IdSASL;
interface
{$i IdCompilerDefines.inc}
uses
Classes,
IdGlobal,
IdBaseComponent,
IdTCPConnection,
IdException;
type
TIdSASLResult = (srSuccess, srFailure, srAborted);
TIdSASLServiceName = string;
TIdSASL = class(TIdBaseComponent)
protected
FSecurityLevel : UInt32;
function GetSecurityLevel : UInt32;
procedure InitComponent; override;
public
destructor Destroy; override;
{
The following 5 methods are called when SASL Authentication is
used. The challenge etc. is already Base64 decoded, if the protocol
uses Base64 encoding, the mechanism should only process the data
according to the mechanism, not for any transmission. The same holds
for return values.
TryStartAuthenticate() is for handling Initial Client Responses,
which can remove an unnecessary round-trip if both parties support it.
}
//SASL AProtocolName must be a name from "http://www.iana.org/assignments/gssapi-service-names"
function TryStartAuthenticate(const AHost, AProtocolName : string; var VInitialResponse: string): Boolean; virtual;
function StartAuthenticate(const AChallenge, AHost, AProtocolName : string): string; virtual; abstract;
function ContinueAuthenticate(const ALastResponse, AHost, AProtocolName : string): string; virtual;
{ For cleaning up after Authentication }
procedure FinishAuthenticate; virtual;
// for checking if Authentication is ready to start.
// useful with TIdSASLLogin so login is not performed if no username is specified.
function IsReadyToStart: Boolean; virtual;
{
For determining if the SASL Mechanism is supported from a list of SASL Mechanism.
(Those can be obtained with EHLO with SMTP.)
}
function IsAuthProtocolAvailable(AFeatStrings : TStrings) : Boolean; virtual;
{
Level of security offered by SASL mechanism
0 - no security, public - broadcast it on the even news, and post it to
every newsgroup for good measure
100 - well, at least there's a lock. Of course, any locksmith or crook
has a skeleton key
200 - well, maybe it would take a little fiddling but not much
$FFFFFFFF - Best security. So secret that users are screened
thouroughly, for example, the user has to account for
every second of their life under a polygraph and their
distant relatives are under 24 hour surveillance :-)
This value is advisory only, and programmers are free if they decide
to honour it or not. I suggest the mechanisms are tried in order,
higher security level first.
}
property SecurityLevel : UInt32 read GetSecurityLevel;
{
Returns the service name of the descendant class,
this is a string[20] in accordance with the SASL specification.
}
class function ServiceName: TIdSASLServiceName; virtual;
end;
var
GlobalSASLList: TThreadList;
// this is used at design time to get a list of all
// SASL mechanism components that are available
// because they add at runtime as well, it must be a threadlist
implementation
uses
{$IFDEF VCL_XE3_OR_ABOVE}
System.Types,
{$ENDIF}
SysUtils;
{ TIdSASL }
procedure TIdSASL.InitComponent;
begin
inherited InitComponent;
GlobalSASLList.Add(Self);
end;
destructor TIdSASL.Destroy;
begin
GlobalSASLList.Remove(Self);
inherited Destroy;
end;
function TIdSASL.TryStartAuthenticate(const AHost, AProtocolName : string; var VInitialResponse: string): Boolean;
begin
Result := False;
end;
function TIdSASL.ContinueAuthenticate(const ALastResponse, AHost, AProtocolName : string): string;
begin
// intentionally empty
end;
procedure TIdSASL.FinishAuthenticate;
begin
// do nothing, deliberately
end;
function TIdSASL.GetSecurityLevel: UInt32;
begin
Result := FSecurityLevel;
end;
function TIdSASL.IsAuthProtocolAvailable(AFeatStrings: TStrings): Boolean;
begin
Result := Assigned(AFeatStrings) and (AFeatStrings.IndexOf(String(ServiceName)) > -1);
end;
function TIdSASL.IsReadyToStart;
begin
Result := True;
end;
class function TIdSASL.ServiceName: TIdSASLServiceName;
begin
Result := ''; {do not localize}
// this class should never be instantiated or added to the list
// but BCB required class methods to not be abstract!!
end;
initialization
GlobalSASLList := TThreadList.Create;
finalization
FreeAndNil(GlobalSASLList);
end.