2017-03-16 19:04:22 +00:00
|
|
|
//#![deny(missing_docs)]
|
2017-02-28 12:05:17 +00:00
|
|
|
|
|
|
|
//! This crate provides a framework for SASL authentication and a few authentication mechanisms.
|
|
|
|
//!
|
|
|
|
//! # Examples
|
|
|
|
//!
|
2017-03-16 19:04:22 +00:00
|
|
|
//! ## Simple client-sided usage
|
|
|
|
//!
|
2017-02-28 12:05:17 +00:00
|
|
|
//! ```rust
|
2017-03-16 19:04:22 +00:00
|
|
|
//! use sasl::client::Mechanism;
|
|
|
|
//! use sasl::common::Credentials;
|
|
|
|
//! use sasl::client::mechanisms::Plain;
|
2017-02-28 12:05:17 +00:00
|
|
|
//!
|
2017-03-07 16:02:57 +00:00
|
|
|
//! let creds = Credentials::default()
|
|
|
|
//! .with_username("user")
|
|
|
|
//! .with_password("pencil");
|
2017-02-28 12:05:17 +00:00
|
|
|
//!
|
|
|
|
//! let mut mechanism = Plain::from_credentials(creds).unwrap();
|
|
|
|
//!
|
2020-05-15 11:48:27 +00:00
|
|
|
//! let initial_data = mechanism.initial();
|
2017-02-28 12:05:17 +00:00
|
|
|
//!
|
|
|
|
//! assert_eq!(initial_data, b"\0user\0pencil");
|
|
|
|
//! ```
|
|
|
|
//!
|
2017-03-16 19:04:22 +00:00
|
|
|
//! ## More complex usage
|
|
|
|
//!
|
|
|
|
//! ```rust
|
2017-03-25 22:15:34 +00:00
|
|
|
//! #[macro_use] extern crate sasl;
|
|
|
|
//!
|
|
|
|
//! use sasl::server::{Validator, Provider, Mechanism as ServerMechanism, Response};
|
2020-05-15 11:48:27 +00:00
|
|
|
//! use sasl::server::{ValidatorError, ProviderError, MechanismError as ServerMechanismError};
|
2017-03-16 19:04:22 +00:00
|
|
|
//! use sasl::server::mechanisms::{Plain as ServerPlain, Scram as ServerScram};
|
2020-05-15 11:48:27 +00:00
|
|
|
//! use sasl::client::{Mechanism as ClientMechanism, MechanismError as ClientMechanismError};
|
2017-03-16 19:04:22 +00:00
|
|
|
//! use sasl::client::mechanisms::{Plain as ClientPlain, Scram as ClientScram};
|
2017-03-25 22:15:34 +00:00
|
|
|
//! use sasl::common::{Identity, Credentials, Password, ChannelBinding};
|
2017-03-16 19:04:22 +00:00
|
|
|
//! use sasl::common::scram::{ScramProvider, Sha1, Sha256};
|
2017-03-25 22:15:34 +00:00
|
|
|
//! use sasl::secret;
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
|
|
|
//! const USERNAME: &'static str = "user";
|
|
|
|
//! const PASSWORD: &'static str = "pencil";
|
|
|
|
//! const SALT: [u8; 8] = [35, 71, 92, 105, 212, 219, 114, 93];
|
2020-06-21 23:19:24 +00:00
|
|
|
//! const ITERATIONS: u32 = 4096;
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
|
|
|
//! struct MyValidator;
|
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! impl Validator<secret::Plain> for MyValidator {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! fn validate(&self, identity: &Identity, value: &secret::Plain) -> Result<(), ValidatorError> {
|
2017-03-25 22:45:30 +00:00
|
|
|
//! let &secret::Plain(ref password) = value;
|
2017-03-25 22:15:34 +00:00
|
|
|
//! if identity != &Identity::Username(USERNAME.to_owned()) {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! Err(ValidatorError::AuthenticationFailed)
|
2017-03-16 19:04:22 +00:00
|
|
|
//! }
|
2017-03-25 22:15:34 +00:00
|
|
|
//! else if password != PASSWORD {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! Err(ValidatorError::AuthenticationFailed)
|
2017-03-16 19:04:22 +00:00
|
|
|
//! }
|
|
|
|
//! else {
|
2017-03-25 22:15:34 +00:00
|
|
|
//! Ok(())
|
2017-03-16 19:04:22 +00:00
|
|
|
//! }
|
|
|
|
//! }
|
2017-03-25 22:15:34 +00:00
|
|
|
//! }
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! impl Provider<secret::Pbkdf2Sha1> for MyValidator {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha1, ProviderError> {
|
2017-03-25 22:15:34 +00:00
|
|
|
//! if identity != &Identity::Username(USERNAME.to_owned()) {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! Err(ProviderError::AuthenticationFailed)
|
2017-03-25 22:15:34 +00:00
|
|
|
//! }
|
|
|
|
//! else {
|
|
|
|
//! let digest = sasl::common::scram::Sha1::derive
|
|
|
|
//! ( &Password::Plain((PASSWORD.to_owned()))
|
|
|
|
//! , &SALT[..]
|
|
|
|
//! , ITERATIONS )?;
|
2017-03-25 22:45:30 +00:00
|
|
|
//! Ok(secret::Pbkdf2Sha1 {
|
2017-03-25 22:15:34 +00:00
|
|
|
//! salt: SALT.to_vec(),
|
|
|
|
//! iterations: ITERATIONS,
|
|
|
|
//! digest: digest,
|
|
|
|
//! })
|
|
|
|
//! }
|
2017-03-16 19:04:22 +00:00
|
|
|
//! }
|
|
|
|
//! }
|
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha1);
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! impl Provider<secret::Pbkdf2Sha256> for MyValidator {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha256, ProviderError> {
|
2017-03-25 22:15:34 +00:00
|
|
|
//! if identity != &Identity::Username(USERNAME.to_owned()) {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! Err(ProviderError::AuthenticationFailed)
|
2017-03-25 22:15:34 +00:00
|
|
|
//! }
|
|
|
|
//! else {
|
|
|
|
//! let digest = sasl::common::scram::Sha256::derive
|
|
|
|
//! ( &Password::Plain((PASSWORD.to_owned()))
|
|
|
|
//! , &SALT[..]
|
|
|
|
//! , ITERATIONS )?;
|
2017-03-25 22:45:30 +00:00
|
|
|
//! Ok(secret::Pbkdf2Sha256 {
|
2017-03-25 22:15:34 +00:00
|
|
|
//! salt: SALT.to_vec(),
|
|
|
|
//! iterations: ITERATIONS,
|
|
|
|
//! digest: digest,
|
|
|
|
//! })
|
|
|
|
//! }
|
|
|
|
//! }
|
|
|
|
//! }
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha256);
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2020-05-15 11:48:27 +00:00
|
|
|
//! #[derive(Debug, PartialEq)]
|
|
|
|
//! enum MechanismError {
|
|
|
|
//! Client(ClientMechanismError),
|
|
|
|
//! Server(ServerMechanismError),
|
|
|
|
//! }
|
|
|
|
//!
|
|
|
|
//! impl From<ClientMechanismError> for MechanismError {
|
|
|
|
//! fn from(err: ClientMechanismError) -> MechanismError {
|
|
|
|
//! MechanismError::Client(err)
|
|
|
|
//! }
|
|
|
|
//! }
|
|
|
|
//!
|
|
|
|
//! impl From<ServerMechanismError> for MechanismError {
|
|
|
|
//! fn from(err: ServerMechanismError) -> MechanismError {
|
|
|
|
//! MechanismError::Server(err)
|
|
|
|
//! }
|
|
|
|
//! }
|
|
|
|
//!
|
|
|
|
//! fn finish<CM, SM>(cm: &mut CM, sm: &mut SM) -> Result<Identity, MechanismError>
|
2017-03-16 19:04:22 +00:00
|
|
|
//! where CM: ClientMechanism,
|
2017-03-25 22:15:34 +00:00
|
|
|
//! SM: ServerMechanism {
|
2020-05-15 11:48:27 +00:00
|
|
|
//! let init = cm.initial();
|
2017-03-16 19:04:22 +00:00
|
|
|
//! println!("C: {}", String::from_utf8_lossy(&init));
|
|
|
|
//! let mut resp = sm.respond(&init)?;
|
|
|
|
//! loop {
|
|
|
|
//! let msg;
|
|
|
|
//! match resp {
|
|
|
|
//! Response::Proceed(ref data) => {
|
|
|
|
//! println!("S: {}", String::from_utf8_lossy(&data));
|
|
|
|
//! msg = cm.response(data)?;
|
|
|
|
//! println!("C: {}", String::from_utf8_lossy(&msg));
|
|
|
|
//! },
|
|
|
|
//! _ => break,
|
|
|
|
//! }
|
|
|
|
//! resp = sm.respond(&msg)?;
|
|
|
|
//! }
|
|
|
|
//! if let Response::Success(ret, fin) = resp {
|
|
|
|
//! println!("S: {}", String::from_utf8_lossy(&fin));
|
|
|
|
//! cm.success(&fin)?;
|
|
|
|
//! Ok(ret)
|
|
|
|
//! }
|
|
|
|
//! else {
|
|
|
|
//! unreachable!();
|
|
|
|
//! }
|
|
|
|
//! }
|
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! fn main() {
|
|
|
|
//! let mut mech = ServerPlain::new(MyValidator);
|
|
|
|
//! let expected_response = Response::Success(Identity::Username("user".to_owned()), Vec::new());
|
|
|
|
//! assert_eq!(mech.respond(b"\0user\0pencil"), Ok(expected_response));
|
|
|
|
//!
|
|
|
|
//! let mut mech = ServerPlain::new(MyValidator);
|
2020-05-15 11:48:27 +00:00
|
|
|
//! assert_eq!(mech.respond(b"\0user\0marker"), Err(ServerMechanismError::ValidatorError(ValidatorError::AuthenticationFailed)));
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! let creds = Credentials::default()
|
|
|
|
//! .with_username(USERNAME)
|
|
|
|
//! .with_password(PASSWORD);
|
|
|
|
//! let mut client_mech = ClientPlain::from_credentials(creds.clone()).unwrap();
|
|
|
|
//! let mut server_mech = ServerPlain::new(MyValidator);
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! let mut client_mech = ClientScram::<Sha1>::from_credentials(creds.clone()).unwrap();
|
|
|
|
//! let mut server_mech = ServerScram::<Sha1, _>::new(MyValidator, ChannelBinding::Unsupported);
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
|
2017-03-16 19:04:22 +00:00
|
|
|
//!
|
2017-03-25 22:15:34 +00:00
|
|
|
//! let mut client_mech = ClientScram::<Sha256>::from_credentials(creds.clone()).unwrap();
|
|
|
|
//! let mut server_mech = ServerScram::<Sha256, _>::new(MyValidator, ChannelBinding::Unsupported);
|
|
|
|
//!
|
|
|
|
//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
|
|
|
|
//! }
|
2017-03-16 19:04:22 +00:00
|
|
|
//! ```
|
2017-02-28 12:05:17 +00:00
|
|
|
//!
|
|
|
|
//! # Usage
|
|
|
|
//!
|
|
|
|
//! You can use this in your crate by adding this under `dependencies` in your `Cargo.toml`:
|
|
|
|
//!
|
|
|
|
//! ```toml,ignore
|
|
|
|
//! sasl = "*"
|
|
|
|
//! ```
|
2017-02-27 15:08:09 +00:00
|
|
|
|
2017-02-28 12:05:17 +00:00
|
|
|
mod error;
|
|
|
|
|
2017-03-16 19:04:22 +00:00
|
|
|
pub mod client;
|
2017-03-25 22:15:34 +00:00
|
|
|
#[macro_use]
|
2017-03-16 19:04:22 +00:00
|
|
|
pub mod server;
|
2017-03-25 22:15:34 +00:00
|
|
|
pub mod common;
|
|
|
|
pub mod secret;
|
2017-03-07 14:02:38 +00:00
|
|
|
|
2019-01-17 21:54:32 +00:00
|
|
|
pub use crate::error::Error;
|