mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-21 22:47:55 +01:00
parent
c35d3bc6b1
commit
cfaf4d509e
@ -14,10 +14,12 @@ mod fabfire;
|
|||||||
|
|
||||||
struct Callback {
|
struct Callback {
|
||||||
users: Users,
|
users: Users,
|
||||||
|
span: tracing::Span,
|
||||||
}
|
}
|
||||||
impl Callback {
|
impl Callback {
|
||||||
pub fn new(users: Users) -> Self {
|
pub fn new(users: Users) -> Self {
|
||||||
Self { users }
|
let span = tracing::info_span!("SASL callback");
|
||||||
|
Self { users, span }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
impl rsasl::callback::Callback for Callback {
|
impl rsasl::callback::Callback for Callback {
|
||||||
@ -49,29 +51,40 @@ impl rsasl::callback::Callback for Callback {
|
|||||||
validation: Validation,
|
validation: Validation,
|
||||||
_mechanism: &Mechname,
|
_mechanism: &Mechname,
|
||||||
) -> Result<(), SessionError> {
|
) -> Result<(), SessionError> {
|
||||||
|
let span = tracing::info_span!(parent: &self.span, "validate");
|
||||||
|
let _guard = span.enter();
|
||||||
match validation {
|
match validation {
|
||||||
validations::SIMPLE => {
|
validations::SIMPLE => {
|
||||||
let authnid = session
|
let authnid = session
|
||||||
.get_property::<AuthId>()
|
.get_property::<AuthId>()
|
||||||
.ok_or(SessionError::no_property::<AuthId>())?;
|
.ok_or(SessionError::no_property::<AuthId>())?;
|
||||||
let user = self
|
tracing::debug!(authid=%authnid, "SIMPLE validation requested");
|
||||||
.users
|
|
||||||
.get_user(authnid.as_str())
|
|
||||||
.ok_or(SessionError::AuthenticationFailure)?;
|
|
||||||
let passwd = session
|
|
||||||
.get_property::<Password>()
|
|
||||||
.ok_or(SessionError::no_property::<Password>())?;
|
|
||||||
|
|
||||||
if user
|
if let Some(user) = self
|
||||||
.check_password(passwd.as_bytes())
|
.users
|
||||||
.map_err(|_e| SessionError::AuthenticationFailure)?
|
.get_user(authnid.as_str()) {
|
||||||
{
|
let passwd = session
|
||||||
Ok(())
|
.get_property::<Password>()
|
||||||
|
.ok_or(SessionError::no_property::<Password>())?;
|
||||||
|
|
||||||
|
if user
|
||||||
|
.check_password(passwd.as_bytes())
|
||||||
|
.map_err(|_e| SessionError::AuthenticationFailure)?
|
||||||
|
{
|
||||||
|
return Ok(());
|
||||||
|
} else {
|
||||||
|
tracing::warn!(authid=%authnid, "AUTH FAILED: bad password");
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
Err(SessionError::AuthenticationFailure)
|
tracing::warn!(authid=%authnid, "AUTH FAILED: no such user '{}'", authnid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Err(SessionError::AuthenticationFailure)
|
||||||
}
|
}
|
||||||
_ => Err(SessionError::no_validate(validation)),
|
_ => {
|
||||||
|
tracing::error!(?validation, "Unimplemented validation requested");
|
||||||
|
Err(SessionError::no_validate(validation))
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user