2022-03-08 16:41:38 +01:00
|
|
|
use capnp::capability::Promise;
|
|
|
|
use capnp::Error;
|
|
|
|
use capnp_rpc::pry;
|
2022-03-12 17:31:53 +01:00
|
|
|
use rsasl::property::AuthId;
|
2022-03-15 20:00:43 +01:00
|
|
|
use rsasl::session::{Session, Step};
|
2022-03-12 17:31:53 +01:00
|
|
|
use std::io::Cursor;
|
2022-03-08 16:41:38 +01:00
|
|
|
|
2022-03-12 17:31:53 +01:00
|
|
|
use crate::capnp::session::APISession;
|
|
|
|
use crate::session::SessionManager;
|
2022-03-12 02:00:55 +01:00
|
|
|
use api::authenticationsystem_capnp::authentication::{
|
2022-03-12 17:31:53 +01:00
|
|
|
AbortParams, AbortResults, Server as AuthenticationSystem, StepParams, StepResults,
|
2022-03-08 16:41:38 +01:00
|
|
|
};
|
2022-03-12 17:31:53 +01:00
|
|
|
use api::authenticationsystem_capnp::{response, response::Error as ErrorCode};
|
2022-03-08 16:41:38 +01:00
|
|
|
|
|
|
|
pub struct Authentication {
|
|
|
|
state: State,
|
|
|
|
}
|
|
|
|
|
2022-03-12 17:31:53 +01:00
|
|
|
impl Authentication {
|
|
|
|
pub fn new(session: Session, sessionmanager: SessionManager) -> Self {
|
|
|
|
Self {
|
|
|
|
state: State::Running(session, sessionmanager),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn invalid_mechanism() -> Self {
|
|
|
|
Self {
|
|
|
|
state: State::InvalidMechanism,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn build_error(&self, response: response::Builder) {
|
|
|
|
if let State::Running(_, _) = self.state {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut builder = response.init_failed();
|
|
|
|
match self.state {
|
|
|
|
State::InvalidMechanism => builder.set_code(ErrorCode::BadMechanism),
|
|
|
|
State::Finished => builder.set_code(ErrorCode::Aborted),
|
|
|
|
State::Aborted => builder.set_code(ErrorCode::Aborted),
|
|
|
|
_ => unreachable!(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-08 16:41:38 +01:00
|
|
|
enum State {
|
|
|
|
InvalidMechanism,
|
|
|
|
Finished,
|
|
|
|
Aborted,
|
2022-03-12 17:31:53 +01:00
|
|
|
Running(Session, SessionManager),
|
2022-03-08 16:41:38 +01:00
|
|
|
}
|
|
|
|
|
2022-03-11 22:13:54 +01:00
|
|
|
impl AuthenticationSystem for Authentication {
|
2022-03-08 16:41:38 +01:00
|
|
|
fn step(&mut self, params: StepParams, mut results: StepResults) -> Promise<(), Error> {
|
2022-03-15 19:56:41 +01:00
|
|
|
let span = tracing::trace_span!("step");
|
|
|
|
let _guard = span.enter();
|
2022-03-12 17:31:53 +01:00
|
|
|
let mut builder = results.get();
|
|
|
|
if let State::Running(mut session, manager) =
|
|
|
|
std::mem::replace(&mut self.state, State::Aborted)
|
|
|
|
{
|
|
|
|
let data: &[u8] = pry!(pry!(params.get()).get_data());
|
|
|
|
let mut out = Cursor::new(Vec::new());
|
|
|
|
match session.step(Some(data), &mut out) {
|
|
|
|
Ok(Step::Done(data)) => {
|
|
|
|
self.state = State::Finished;
|
|
|
|
|
|
|
|
let uid = pry!(session.get_property::<AuthId>().ok_or(capnp::Error::failed(
|
|
|
|
"Authentication didn't provide an authid as required".to_string()
|
|
|
|
)));
|
|
|
|
let session = pry!(manager.open(uid.as_ref()).ok_or(capnp::Error::failed(
|
|
|
|
"Failed to lookup the given user".to_string()
|
|
|
|
)));
|
|
|
|
|
|
|
|
let mut builder = builder.init_successful();
|
|
|
|
if data.is_some() {
|
|
|
|
builder.set_additional_data(out.into_inner().as_slice());
|
|
|
|
}
|
|
|
|
|
|
|
|
APISession::build(session, builder)
|
|
|
|
}
|
|
|
|
Ok(Step::NeedsMore(_)) => {
|
|
|
|
self.state = State::Running(session, manager);
|
|
|
|
builder.set_challenge(out.into_inner().as_slice());
|
|
|
|
}
|
|
|
|
Err(_) => {
|
|
|
|
self.state = State::Aborted;
|
|
|
|
self.build_error(builder);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
self.build_error(builder);
|
|
|
|
}
|
|
|
|
|
|
|
|
Promise::ok(())
|
2022-03-08 16:41:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
fn abort(&mut self, _: AbortParams, _: AbortResults) -> Promise<(), Error> {
|
2022-03-12 01:27:58 +01:00
|
|
|
self.state = State::Aborted;
|
2022-03-08 16:41:38 +01:00
|
|
|
Promise::ok(())
|
|
|
|
}
|
2022-03-12 17:31:53 +01:00
|
|
|
}
|