fabaccess-bffh/bffhd/authentication/mod.rs


use crate::users::Users;
use rsasl::error::{SessionError};
use rsasl::mechname::Mechname;
use rsasl::property::{AuthId, Password};
use rsasl::session::{Session, SessionData};
use rsasl::validate::{validations, Validation};
use rsasl::{Property, SASL};
use std::sync::Arc;

use crate::authentication::fabfire::FabFireCardKey;

mod fabfire;

struct Callback {
    users: Users,
}
impl Callback {
    pub fn new(users: Users) -> Self {
        Self { users }
    }
}
impl rsasl::callback::Callback for Callback {
    fn provide_prop(
        &self,
        session: &mut rsasl::session::SessionData,
        property: Property,
    ) -> Result<(), SessionError> {
        match property {
            fabfire::FABFIRECARDKEY => {
                let authcid = session.get_property_or_callback::<AuthId>()?;
                let user = self.users.get_user(authcid.unwrap().as_ref())
                    .ok_or(SessionError::AuthenticationFailure)?;
                let kv = user.userdata.kv.get("cardkey")
                    .ok_or(SessionError::AuthenticationFailure)?;
                let card_key = <[u8; 16]>::try_from(hex::decode(kv)
                    .map_err(|_| SessionError::AuthenticationFailure)?)
                    .map_err(|_| SessionError::AuthenticationFailure)?;
                session.set_property::<FabFireCardKey>(Arc::new(card_key));
                Ok(())
            }
            _ => Err(SessionError::NoProperty { property }),
        }
    }

    fn validate(
        &self,
        session: &mut SessionData,
        validation: Validation,
        _mechanism: &Mechname,
    ) -> Result<(), SessionError> {
        match validation {
            validations::SIMPLE => {
                let authnid = session
                    .get_property::<AuthId>()
                    .ok_or(SessionError::no_property::<AuthId>())?;
                let user = self
                    .users
                    .get_user(authnid.as_str())
                    .ok_or(SessionError::AuthenticationFailure)?;
                let passwd = session
                    .get_property::<Password>()
                    .ok_or(SessionError::no_property::<Password>())?;

                if user
                    .check_password(passwd.as_bytes())
                    .map_err(|_e| SessionError::AuthenticationFailure)?
                {
                    Ok(())
                } else {
                    Err(SessionError::AuthenticationFailure)
                }
            }
            _ => Err(SessionError::no_validate(validation)),
        }
    }
}

struct Inner {
    rsasl: SASL,
}
impl Inner {
    pub fn new(rsasl: SASL) -> Self {
        Self { rsasl }
    }
}

#[derive(Clone)]
pub struct AuthenticationHandle {
    inner: Arc<Inner>,
}

impl AuthenticationHandle {
    pub fn new(userdb: Users) -> Self {
        let span = tracing::debug_span!("authentication");
        let _guard = span.enter();

        let mut rsasl = SASL::new();
        rsasl.install_callback(Arc::new(Callback::new(userdb)));

        let mechs: Vec<&'static str> = rsasl.server_mech_list().into_iter()
            .map(|m| m.mechanism.as_str())
            .collect();
        tracing::info!(available_mechs=mechs.len(), "initialized sasl backend");
        tracing::debug!(?mechs, "available mechs");

        Self {
            inner: Arc::new(Inner::new(rsasl)),
        }
    }

    pub fn start(&self, mechanism: &Mechname) -> anyhow::Result<Session> {
        Ok(self.inner.rsasl.server_start(mechanism)?)
    }

    pub fn list_available_mechs(&self) -> impl IntoIterator<Item = &Mechname> {
        self.inner
            .rsasl
            .server_mech_list()
            .into_iter()
            .map(|m| m.mechanism)
    }
}
Cargo fix 2022-03-15 20:00:43 +01:00
Session initialization 2022-03-15 17:52:47 +01:00			`use crate::users::Users;`
Cargo fix 2022-03-15 20:00:43 +01:00			`use rsasl::error::{SessionError};`
Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`use rsasl::mechname::Mechname;`
Session initialization 2022-03-15 17:52:47 +01:00			`use rsasl::property::{AuthId, Password};`
User db & loading 2022-03-13 22:50:37 +01:00			`use rsasl::session::{Session, SessionData};`
Session initialization 2022-03-15 17:52:47 +01:00			`use rsasl::validate::{validations, Validation};`
fix fabfire mechanism integration and improve logging 2022-03-19 06:00:21 +01:00			`use rsasl::{Property, SASL};`
Session initialization 2022-03-15 17:52:47 +01:00			`use std::sync::Arc;`
ran cargo fix 2022-04-26 23:21:43 +02:00
fix fabfire mechanism integration and improve logging 2022-03-19 06:00:21 +01:00			`use crate::authentication::fabfire::FabFireCardKey;`
Importing X-FABFIRE auth mechanism 2022-03-16 19:29:36 +01:00
			`mod fabfire;`
Module refactor part 2 2022-03-08 18:52:49 +01:00
User db & loading 2022-03-13 22:50:37 +01:00			`struct Callback {`
			`users: Users,`
			`}`
			`impl Callback {`
			`pub fn new(users: Users) -> Self {`
Session initialization 2022-03-15 17:52:47 +01:00			`Self { users }`
User db & loading 2022-03-13 22:50:37 +01:00			`}`
			`}`
			`impl rsasl::callback::Callback for Callback {`
fix fabfire mechanism integration and improve logging 2022-03-19 06:00:21 +01:00			`fn provide_prop(`
			`&self,`
			`session: &mut rsasl::session::SessionData,`
			`property: Property,`
			`) -> Result<(), SessionError> {`
			`match property {`
			`fabfire::FABFIRECARDKEY => {`
			`let authcid = session.get_property_or_callback::<AuthId>()?;`
			`let user = self.users.get_user(authcid.unwrap().as_ref())`
			`.ok_or(SessionError::AuthenticationFailure)?;`
			`let kv = user.userdata.kv.get("cardkey")`
			`.ok_or(SessionError::AuthenticationFailure)?;`
			`let card_key = <[u8; 16]>::try_from(hex::decode(kv)`
			`.map_err(\|_\| SessionError::AuthenticationFailure)?)`
			`.map_err(\|_\| SessionError::AuthenticationFailure)?;`
			`session.set_property::<FabFireCardKey>(Arc::new(card_key));`
			`Ok(())`
			`}`
			`_ => Err(SessionError::NoProperty { property }),`
			`}`
			`}`

Session initialization 2022-03-15 17:52:47 +01:00			`fn validate(`
			`&self,`
			`session: &mut SessionData,`
			`validation: Validation,`
Cargo fix 2022-03-15 20:00:43 +01:00			`_mechanism: &Mechname,`
Session initialization 2022-03-15 17:52:47 +01:00			`) -> Result<(), SessionError> {`
			`match validation {`
			`validations::SIMPLE => {`
			`let authnid = session`
			`.get_property::<AuthId>()`
			`.ok_or(SessionError::no_property::<AuthId>())?;`
			`let user = self`
			`.users`
			`.get_user(authnid.as_str())`
			`.ok_or(SessionError::AuthenticationFailure)?;`
			`let passwd = session`
			`.get_property::<Password>()`
			`.ok_or(SessionError::no_property::<Password>())?;`

			`if user`
			`.check_password(passwd.as_bytes())`
Cargo fix 2022-03-15 20:00:43 +01:00			`.map_err(\|_e\| SessionError::AuthenticationFailure)?`
Session initialization 2022-03-15 17:52:47 +01:00			`{`
			`Ok(())`
			`} else {`
			`Err(SessionError::AuthenticationFailure)`
			`}`
			`}`
			`_ => Err(SessionError::no_validate(validation)),`
			`}`
User db & loading 2022-03-13 22:50:37 +01:00			`}`
			`}`

Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`struct Inner {`
			`rsasl: SASL,`
			`}`
			`impl Inner {`
			`pub fn new(rsasl: SASL) -> Self {`
			`Self { rsasl }`
			`}`
			`}`
Let's try to get this as the next v0.3 2022-03-10 20:52:34 +01:00
Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`#[derive(Clone)]`
Implement more API 2022-03-12 17:31:53 +01:00			`pub struct AuthenticationHandle {`
Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`inner: Arc<Inner>,`
Let's try to get this as the next v0.3 2022-03-10 20:52:34 +01:00			`}`

Implement more API 2022-03-12 17:31:53 +01:00			`impl AuthenticationHandle {`
User db & loading 2022-03-13 22:50:37 +01:00			`pub fn new(userdb: Users) -> Self {`
Importing X-FABFIRE auth mechanism 2022-03-16 19:29:36 +01:00			`let span = tracing::debug_span!("authentication");`
			`let _guard = span.enter();`

User db & loading 2022-03-13 22:50:37 +01:00			`let mut rsasl = SASL::new();`
			`rsasl.install_callback(Arc::new(Callback::new(userdb)));`
Importing X-FABFIRE auth mechanism 2022-03-16 19:29:36 +01:00
			`let mechs: Vec<&'static str> = rsasl.server_mech_list().into_iter()`
			`.map(\|m\| m.mechanism.as_str())`
			`.collect();`
			`tracing::info!(available_mechs=mechs.len(), "initialized sasl backend");`
			`tracing::debug!(?mechs, "available mechs");`

Session initialization 2022-03-15 17:52:47 +01:00			`Self {`
			`inner: Arc::new(Inner::new(rsasl)),`
			`}`
Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`}`
Let's try to get this as the next v0.3 2022-03-10 20:52:34 +01:00
Implement more API 2022-03-12 17:31:53 +01:00			`pub fn start(&self, mechanism: &Mechname) -> anyhow::Result<Session> {`
			`Ok(self.inner.rsasl.server_start(mechanism)?)`
			`}`

Session initialization 2022-03-15 17:52:47 +01:00			`pub fn list_available_mechs(&self) -> impl IntoIterator<Item = &Mechname> {`
			`self.inner`
			`.rsasl`
			`.server_mech_list()`
			`.into_iter()`
			`.map(\|m\| m.mechanism)`
Pull more things from 0.3.2 2022-03-12 01:27:58 +01:00			`}`
Session initialization 2022-03-15 17:52:47 +01:00			`}`