The code below shows how to create a SASL client.
The code below shows how to create a SASL client.
#include <QCoreApplication>
#include <QTcpServer>
#include <QTcpSocket>
#include <QTimer>
#include <cstdio>
#include <QtCrypto>
#ifdef QT_STATICPLUGIN
#include "import_plugins.h"
#endif
static QString prompt(const QString &s)
{
printf("* %s ", qPrintable(s));
fflush(stdout);
char line[256];
fgets(line, 255, stdin);
QString result = QString::fromLatin1(line);
if (result[result.length() - 1] == QLatin1Char('\n'))
result.truncate(result.length() - 1);
return result;
}
static QString socketErrorToString(QAbstractSocket::SocketError x)
{
QString s;
switch (x) {
case QAbstractSocket::ConnectionRefusedError:
s = QStringLiteral("connection refused or timed out");
break;
case QAbstractSocket::RemoteHostClosedError:
s = QStringLiteral("remote host closed the connection");
break;
case QAbstractSocket::HostNotFoundError:
s = QStringLiteral("host not found");
break;
case QAbstractSocket::SocketAccessError:
s = QStringLiteral("access error");
break;
case QAbstractSocket::SocketResourceError:
s = QStringLiteral("too many sockets");
break;
case QAbstractSocket::SocketTimeoutError:
s = QStringLiteral("operation timed out");
break;
case QAbstractSocket::DatagramTooLargeError:
s = QStringLiteral("datagram was larger than system limit");
break;
case QAbstractSocket::NetworkError:
s = QStringLiteral("network error");
break;
case QAbstractSocket::AddressInUseError:
s = QStringLiteral("address is already in use");
break;
case QAbstractSocket::SocketAddressNotAvailableError:
s = QStringLiteral("address does not belong to the host");
break;
case QAbstractSocket::UnsupportedSocketOperationError:
s = QStringLiteral("operation is not supported by the local operating system");
break;
default:
s = QStringLiteral("unknown socket error");
break;
}
return s;
}
{
QString s;
switch (x) {
s = QStringLiteral("no appropriate mechanism could be negotiated");
break;
s = QStringLiteral("bad SASL protocol");
break;
s = QStringLiteral("server failed mutual authentication");
break;
default:
s = QStringLiteral("generic authentication failure");
break;
};
return s;
}
{
Q_OBJECT
private:
QString host, proto, authzid, realm, user, pass;
int port;
bool no_authzid, no_realm;
int mode;
QTcpSocket *sock;
QByteArray inbuf;
bool sock_done;
int waitCycles;
public:
ClientTest(const QString &_host,
int _port,
const QString &_proto,
const QString &_authzid,
const QString &_realm,
const QString &_user,
const QString &_pass,
bool _no_authzid,
bool _no_realm)
: host(_host)
, proto(_proto)
, authzid(_authzid)
, realm(_realm)
, user(_user)
, pass(_pass)
, port(_port)
, no_authzid(_no_authzid)
, no_realm(_no_realm)
, sock_done(false)
, waitCycles(0)
{
sock = new QTcpSocket(this);
connect(sock, &QTcpSocket::connected, this, &ClientTest::sock_connected);
connect(sock, &QTcpSocket::readyRead, this, &ClientTest::sock_readyRead);
#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
connect(sock, &QTcpSocket::errorOccurred, this, &ClientTest::sock_error);
#else
connect(sock, QOverload<QAbstractSocket::SocketError>::of(&QTcpSocket::error), this, &ClientTest::sock_error);
#endif
}
public Q_SLOTS:
void start()
{
mode = 0;
int flags = 0;
flags |= QCA::SASL::AllowPlain;
flags |= QCA::SASL::AllowAnonymous;
if (!user.isEmpty())
if (!authzid.isEmpty())
if (!pass.isEmpty())
if (!realm.isEmpty())
printf("Connecting to %s:%d, for protocol %s\n", qPrintable(host), port, qPrintable(proto));
sock->connectToHost(host, port);
}
Q_SIGNALS:
void quit();
private Q_SLOTS:
void sock_connected()
{
printf("Connected to server. Awaiting mechanism list...\n");
}
void sock_error(QAbstractSocket::SocketError x)
{
if (x == QAbstractSocket::RemoteHostClosedError) {
if (mode == 2)
{
sock_done = true;
tryFinished();
return;
} else
{
printf("Error: server closed connection unexpectedly.\n");
emit quit();
return;
}
}
printf("Error: socket: %s\n", qPrintable(socketErrorToString(x)));
emit quit();
}
void sock_readyRead()
{
if (mode == 2)
{
QByteArray a = sock->readAll();
printf("Read %d bytes\n", int(a.size()));
if (waitCycles == 0) {
waitCycles = 3;
QMetaObject::invokeMethod(this, "waitWriteIncoming", Qt::QueuedConnection);
}
} else
{
if (sock->canReadLine()) {
QString line = QString::fromLatin1(sock->readLine());
line.truncate(line.length() - 1);
handleLine(line);
}
}
}
void sasl_clientFirstStep(bool clientInit, const QByteArray &clientInitData)
{
printf(
"Choosing mech: %s\n", qPrintable(sasl->
mechanism()));
if (clientInit) {
line += QLatin1Char(' ');
line += arrayToString(clientInitData);
}
sendLine(line);
}
void sasl_nextStep(const QByteArray &stepData)
{
QString line = QStringLiteral("C");
if (!stepData.isEmpty()) {
line += QLatin1Char(',');
line += arrayToString(stepData);
}
sendLine(line);
}
{
user = prompt(QStringLiteral("Username:"));
}
authzid = prompt(QStringLiteral("Authorize As (enter to skip):"));
if (!authzid.isEmpty())
}
prompt.
getHidden(QStringLiteral(
"* Password"));
}
printf("Available realms:\n");
if (realms.isEmpty())
printf(" (none specified)\n");
foreach (const QString &s, realms)
printf(" %s\n", qPrintable(s));
realm = prompt(QStringLiteral("Realm (enter to skip):"));
if (!realm.isEmpty())
}
}
void sasl_authenticated()
{
printf("SASL success!\n");
printf(
"SSF: %d\n", sasl->
ssf());
}
void sasl_readyRead()
{
QByteArray a = sasl->
read();
inbuf += a;
processInbuf();
}
void sasl_readyReadOutgoing()
{
sock->write(a);
}
void sasl_error()
{
printf("Error: sasl: initialization failed.\n");
printf(
"Error: sasl: %s.\n", qPrintable(saslAuthConditionToString(sasl->
authCondition())));
printf("Error: sasl: broken security layer.\n");
else
printf("Error: sasl: unknown error.\n");
emit quit();
}
void waitWriteIncoming()
{
--waitCycles;
if (waitCycles > 0) {
QMetaObject::invokeMethod(this, "waitWriteIncoming", Qt::QueuedConnection);
return;
}
tryFinished();
}
private:
void tryFinished()
{
if (sock_done && waitCycles == 0) {
printf("Finished, server closed connection.\n");
sasl->disconnect(this);
emit quit();
}
}
QString arrayToString(const QByteArray &ba)
{
}
QByteArray stringToArray(const QString &s)
{
}
void sendLine(const QString &line)
{
printf("Writing: {%s}\n", qPrintable(line));
QString s = line + QLatin1Char('\n');
QByteArray a = s.toUtf8();
if (mode == 2)
else
sock->write(a);
}
void processInbuf()
{
QStringList list;
int at;
while ((at = inbuf.indexOf('\n')) != -1) {
list += QString::fromUtf8(inbuf.mid(0, at));
inbuf = inbuf.mid(at + 1);
}
foreach (const QString &line, list)
handleLine(line);
}
void handleLine(const QString &line)
{
printf("Reading: [%s]\n", qPrintable(line));
if (mode == 0) {
const QStringList mechlist = line.split(QLatin1Char(' '));
mode = 1;
} else if (mode == 1) {
QString type, rest;
int n = line.indexOf(QLatin1Char(','));
if (n != -1) {
type = line.mid(0, n);
rest = line.mid(n + 1);
} else
type = line;
if (type == QLatin1String("C")) {
sasl->
putStep(stringToArray(rest));
} else if (type == QLatin1String("E")) {
if (!rest.isEmpty())
printf("Error: server says: %s.\n", qPrintable(rest));
else
printf("Error: server error, unspecified.\n");
emit quit();
return;
} else if (type == QLatin1String("A")) {
printf("Authentication success.\n");
mode = 2;
sock_readyRead();
return;
} else {
printf("Error: Bad format from peer, closing.\n");
emit quit();
return;
}
}
}
};
void usage()
{
printf("usage: saslclient (options) host(:port) (user) (pass)\n");
printf("options: --proto=x, --authzid=x, --realm=x\n");
}
int main(int argc, char **argv)
{
QCoreApplication qapp(argc, argv);
QStringList args = qapp.arguments();
args.removeFirst();
QString proto = QStringLiteral("qcatest");
QString authzid, realm;
bool no_authzid = false;
bool no_realm = false;
for (int n = 0; n < args.count(); ++n) {
if (!args[n].startsWith(QLatin1String("--")))
continue;
QString opt = args[n].mid(2);
QString var, val;
int at = opt.indexOf(QLatin1Char('='));
if (at != -1) {
var = opt.mid(0, at);
val = opt.mid(at + 1);
} else
var = opt;
if (var == QLatin1String("proto")) {
proto = val;
} else if (var == QLatin1String("authzid")) {
if (val.isEmpty())
no_authzid = true;
else
authzid = val;
} else if (var == QLatin1String("realm")) {
if (val.isEmpty())
no_realm = true;
else
realm = val;
}
args.removeAt(n);
--n;
}
if (args.count() < 1) {
usage();
return 0;
}
QString host, user, pass;
int port = 8001;
QString hostinput = args[0];
if (args.count() >= 2)
user = args[1];
if (args.count() >= 3)
pass = args[2];
int at = hostinput.indexOf(QLatin1Char(':'));
if (at != -1) {
host = hostinput.mid(0, at);
#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 2)
port = QStringView(hostinput).mid(at + 1).toInt();
#else
port = hostinput.midRef(at + 1).toInt();
#endif
} else
host = hostinput;
printf("Error: SASL support not found.\n");
return 1;
}
ClientTest client(host, port, proto, authzid, realm, user, pass, no_authzid, no_realm);
QObject::connect(&client, &ClientTest::quit, &qapp, &QCoreApplication::quit);
QTimer::singleShot(0, &client, &ClientTest::start);
qapp.exec();
return 0;
}
#include "saslclient.moc"
Base64 encoding / decoding
Definition qca_textfilter.h:233
Console prompt handler.
Definition qca_support.h:864
void waitForFinished()
Block waiting for user input.
void getHidden(const QString &promptStr)
Allow the user to enter data without it being echo'd to the terminal.
SecureArray result() const
Obtain the result of the user input.
Convenience method for initialising and cleaning up QCA.
Definition qca_core.h:660
QByteArray toByteArray() const
Convert this memory region to a byte array.
Parameter flags for the SASL authentication.
Definition qca_securelayer.h:907
bool needPassword() const
Password is needed.
bool canSendAuthzid() const
An Authorization ID can be sent if desired.
bool needUsername() const
User is needed.
bool canSendRealm() const
A Realm can be sent if desired.
Simple Authentication and Security Layer protocol implementation.
Definition qca_securelayer.h:832
void setUsername(const QString &user)
Specify the username to use in authentication.
Error errorCode() const
Return the error code.
void continueAfterParams()
Continue negotiation after parameters have been set (client)
void write(const QByteArray &a) override
This method writes unencrypted (plain) data to the SecureLayer implementation.
void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode=AllowClientSendFirst)
Initialise the client side of the connection.
void setConstraints(AuthFlags f, SecurityLevel s=SL_None)
Specify connection constraints.
void setAuthzid(const QString &auth)
Specify the authorization identity to use in authentication.
void nextStep(const QByteArray &stepData)
This signal is emitted when there is data required to be sent over the network to complete the next s...
void writeIncoming(const QByteArray &a) override
This method accepts encoded (typically encrypted) data for processing.
AuthCondition
Possible authentication error states.
Definition qca_securelayer.h:849
@ BadProtocol
Bad protocol or cancelled.
Definition qca_securelayer.h:852
@ NoMechanism
No compatible/appropriate authentication mechanism.
Definition qca_securelayer.h:851
@ BadServer
Server failed mutual authentication (client side only)
Definition qca_securelayer.h:853
QString mechanism() const
Return the mechanism selected (client)
void setPassword(const SecureArray &pass)
Specify the password to use in authentication.
QStringList realmList() const
Return the realm list, if available (client)
void clientStarted(bool clientInit, const QByteArray &clientInitData)
This signal is emitted when the client has been successfully started.
QByteArray read() override
This method reads decrypted (plain) data from the SecureLayer implementation.
void needParams(const QCA::SASL::Params ¶ms)
This signal is emitted when the client needs additional parameters.
@ ErrorInit
problem starting up SASL
Definition qca_securelayer.h:840
@ ErrorCrypt
problem at anytime after
Definition qca_securelayer.h:842
@ ErrorHandshake
problem during the authentication process
Definition qca_securelayer.h:841
int ssf() const
Return the security strength factor of the connection.
void setRealm(const QString &realm)
Specify the realm to use in authentication.
AuthCondition authCondition() const
Return the reason for authentication failure.
void authenticated()
This signal is emitted when authentication is complete.
QByteArray readOutgoing(int *plainBytes=nullptr) override
This method provides encoded (typically encrypted) data.
void putStep(const QByteArray &stepData)
Process an authentication step.
AuthFlags
Authentication requirement flag values.
Definition qca_securelayer.h:868
Secure array of bytes.
Definition qca_tools.h:317
void error()
This signal is emitted when an error is detected.
void readyReadOutgoing()
This signal is emitted when SecureLayer has encrypted (network side) data ready to be read.
void readyRead()
This signal is emitted when SecureLayer has decrypted (application side) data ready to be read.
QString arrayToString(const MemoryRegion &a)
Process an array in the "forward" direction, returning a QString.
MemoryRegion stringToArray(const QString &s)
Process an string in the "reverse" direction, returning a byte array.
QCA_EXPORT void init()
Initialise QCA.
QCA_EXPORT bool isSupported(const char *features, const QString &provider=QString())
Test if a capability (algorithm) is available.