clean up naming, add advertising that the client thinks channel binding is unsupported
This commit is contained in:
lumi
parent
62be423594
commit
2d8fffdbfc
5 changed files with 50 additions and 46 deletions
|
|
@ -1,8 +1,8 @@
|
|||
[package]
|
||||
name = "sasl"
|
||||
version = "0.2.0"
|
||||
version = "0.3.0"
|
||||
authors = ["lumi <lumi@pew.im>"]
|
||||
description = "A crate for SASL authentication."
|
||||
description = "A crate for SASL authentication. Currently only does the client side."
|
||||
homepage = "https://gitlab.com/lumi/sasl-rs"
|
||||
repository = "https://gitlab.com/lumi/sasl-rs"
|
||||
documentation = "https://docs.rs/sasl"
|
||||
|
|
|
|||
|
|
@ -5,12 +5,12 @@
|
|||
//! # Examples
|
||||
//!
|
||||
//! ```rust
|
||||
//! use sasl::{SaslCredentials, SaslMechanism, Error};
|
||||
//! use sasl::{Credentials, Mechanism, Error};
|
||||
//! use sasl::mechanisms::Plain;
|
||||
//!
|
||||
//! let creds = SaslCredentials::default()
|
||||
//! .with_username("user")
|
||||
//! .with_password("pencil");
|
||||
//! let creds = Credentials::default()
|
||||
//! .with_username("user")
|
||||
//! .with_password("pencil");
|
||||
//!
|
||||
//! let mut mechanism = Plain::from_credentials(creds).unwrap();
|
||||
//!
|
||||
|
|
@ -38,40 +38,40 @@ pub use error::Error;
|
|||
|
||||
/// A struct containing SASL credentials.
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct SaslCredentials {
|
||||
pub struct Credentials {
|
||||
/// The requested username.
|
||||
pub username: Option<String>,
|
||||
/// The secret used to authenticate.
|
||||
pub secret: SaslSecret,
|
||||
pub secret: Secret,
|
||||
/// Channel binding data, for *-PLUS mechanisms.
|
||||
pub channel_binding: ChannelBinding,
|
||||
}
|
||||
|
||||
impl Default for SaslCredentials {
|
||||
fn default() -> SaslCredentials {
|
||||
SaslCredentials {
|
||||
impl Default for Credentials {
|
||||
fn default() -> Credentials {
|
||||
Credentials {
|
||||
username: None,
|
||||
secret: SaslSecret::None,
|
||||
secret: Secret::None,
|
||||
channel_binding: ChannelBinding::None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl SaslCredentials {
|
||||
/// Creates a new SaslCredentials with the specified username.
|
||||
pub fn with_username<N: Into<String>>(mut self, username: N) -> SaslCredentials {
|
||||
impl Credentials {
|
||||
/// Creates a new Credentials with the specified username.
|
||||
pub fn with_username<N: Into<String>>(mut self, username: N) -> Credentials {
|
||||
self.username = Some(username.into());
|
||||
self
|
||||
}
|
||||
|
||||
/// Creates a new SaslCredentials with the specified password.
|
||||
pub fn with_password<P: Into<String>>(mut self, password: P) -> SaslCredentials {
|
||||
self.secret = SaslSecret::Password(password.into());
|
||||
/// Creates a new Credentials with the specified password.
|
||||
pub fn with_password<P: Into<String>>(mut self, password: P) -> Credentials {
|
||||
self.secret = Secret::Password(password.into());
|
||||
self
|
||||
}
|
||||
|
||||
/// Creates a new SaslCredentials with the specified chanel binding.
|
||||
pub fn with_channel_binding(mut self, channel_binding: ChannelBinding) -> SaslCredentials {
|
||||
/// Creates a new Credentials with the specified chanel binding.
|
||||
pub fn with_channel_binding(mut self, channel_binding: ChannelBinding) -> Credentials {
|
||||
self.channel_binding = channel_binding;
|
||||
self
|
||||
}
|
||||
|
|
@ -82,6 +82,8 @@ impl SaslCredentials {
|
|||
pub enum ChannelBinding {
|
||||
/// No channel binding data.
|
||||
None,
|
||||
/// Advertise that the client does not think the server supports channel binding.
|
||||
Unsupported,
|
||||
/// p=tls-unique channel binding data.
|
||||
TlsUnique(Vec<u8>),
|
||||
}
|
||||
|
|
@ -91,6 +93,7 @@ impl ChannelBinding {
|
|||
pub fn header(&self) -> &[u8] {
|
||||
match *self {
|
||||
ChannelBinding::None => b"n,,",
|
||||
ChannelBinding::Unsupported => b"y,,",
|
||||
ChannelBinding::TlsUnique(_) => b"p=tls-unique,,",
|
||||
}
|
||||
}
|
||||
|
|
@ -99,6 +102,7 @@ impl ChannelBinding {
|
|||
pub fn data(&self) -> &[u8] {
|
||||
match *self {
|
||||
ChannelBinding::None => &[],
|
||||
ChannelBinding::Unsupported => &[],
|
||||
ChannelBinding::TlsUnique(ref data) => data,
|
||||
}
|
||||
}
|
||||
|
|
@ -106,7 +110,7 @@ impl ChannelBinding {
|
|||
|
||||
/// Represents a SASL secret, like a password.
|
||||
#[derive(Clone, Debug, PartialEq, Eq)]
|
||||
pub enum SaslSecret {
|
||||
pub enum Secret {
|
||||
/// No extra data needed.
|
||||
None,
|
||||
/// Password required.
|
||||
|
|
@ -114,12 +118,12 @@ pub enum SaslSecret {
|
|||
}
|
||||
|
||||
/// A trait which defines SASL mechanisms.
|
||||
pub trait SaslMechanism {
|
||||
pub trait Mechanism {
|
||||
/// The name of the mechanism.
|
||||
fn name(&self) -> &str;
|
||||
|
||||
/// Creates this mechanism from `SaslCredentials`.
|
||||
fn from_credentials(credentials: SaslCredentials) -> Result<Self, String>
|
||||
/// Creates this mechanism from `Credentials`.
|
||||
fn from_credentials(credentials: Credentials) -> Result<Self, String>
|
||||
where
|
||||
Self: Sized;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
//! Provides the SASL "ANONYMOUS" mechanism.
|
||||
|
||||
use SaslCredentials;
|
||||
use SaslMechanism;
|
||||
use SaslSecret;
|
||||
use Credentials;
|
||||
use Mechanism;
|
||||
use Secret;
|
||||
|
||||
/// A struct for the SASL ANONYMOUS mechanism.
|
||||
pub struct Anonymous;
|
||||
|
|
@ -10,20 +10,20 @@ pub struct Anonymous;
|
|||
impl Anonymous {
|
||||
/// Constructs a new struct for authenticating using the SASL ANONYMOUS mechanism.
|
||||
///
|
||||
/// It is recommended that instead you use a `SaslCredentials` struct and turn it into the
|
||||
/// It is recommended that instead you use a `Credentials` struct and turn it into the
|
||||
/// requested mechanism using `from_credentials`.
|
||||
pub fn new() -> Anonymous {
|
||||
Anonymous
|
||||
}
|
||||
}
|
||||
|
||||
impl SaslMechanism for Anonymous {
|
||||
impl Mechanism for Anonymous {
|
||||
fn name(&self) -> &str {
|
||||
"ANONYMOUS"
|
||||
}
|
||||
|
||||
fn from_credentials(credentials: SaslCredentials) -> Result<Anonymous, String> {
|
||||
if let SaslSecret::None = credentials.secret {
|
||||
fn from_credentials(credentials: Credentials) -> Result<Anonymous, String> {
|
||||
if let Secret::None = credentials.secret {
|
||||
Ok(Anonymous)
|
||||
} else {
|
||||
Err("the anonymous sasl mechanism requires no credentials".to_owned())
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
//! Provides the SASL "PLAIN" mechanism.
|
||||
|
||||
use SaslCredentials;
|
||||
use SaslMechanism;
|
||||
use SaslSecret;
|
||||
use Credentials;
|
||||
use Mechanism;
|
||||
use Secret;
|
||||
|
||||
/// A struct for the SASL PLAIN mechanism.
|
||||
pub struct Plain {
|
||||
|
|
@ -13,7 +13,7 @@ pub struct Plain {
|
|||
impl Plain {
|
||||
/// Constructs a new struct for authenticating using the SASL PLAIN mechanism.
|
||||
///
|
||||
/// It is recommended that instead you use a `SaslCredentials` struct and turn it into the
|
||||
/// It is recommended that instead you use a `Credentials` struct and turn it into the
|
||||
/// requested mechanism using `from_credentials`.
|
||||
pub fn new<N: Into<String>, P: Into<String>>(username: N, password: P) -> Plain {
|
||||
Plain {
|
||||
|
|
@ -23,13 +23,13 @@ impl Plain {
|
|||
}
|
||||
}
|
||||
|
||||
impl SaslMechanism for Plain {
|
||||
impl Mechanism for Plain {
|
||||
fn name(&self) -> &str {
|
||||
"PLAIN"
|
||||
}
|
||||
|
||||
fn from_credentials(credentials: SaslCredentials) -> Result<Plain, String> {
|
||||
if let SaslSecret::Password(password) = credentials.secret {
|
||||
fn from_credentials(credentials: Credentials) -> Result<Plain, String> {
|
||||
if let Secret::Password(password) = credentials.secret {
|
||||
if let Some(username) = credentials.username {
|
||||
Ok(Plain::new(username, password))
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
use base64;
|
||||
|
||||
use ChannelBinding;
|
||||
use SaslCredentials;
|
||||
use SaslMechanism;
|
||||
use SaslSecret;
|
||||
use Credentials;
|
||||
use Mechanism;
|
||||
use Secret;
|
||||
|
||||
use error::Error;
|
||||
|
||||
|
|
@ -162,7 +162,7 @@ impl<S: ScramProvider> Scram<S> {
|
|||
/// Constructs a new struct for authenticating using the SASL SCRAM-* and SCRAM-*-PLUS
|
||||
/// mechanisms, depending on the passed channel binding.
|
||||
///
|
||||
/// It is recommended that instead you use a `SaslCredentials` struct and turn it into the
|
||||
/// It is recommended that instead you use a `Credentials` struct and turn it into the
|
||||
/// requested mechanism using `from_credentials`.
|
||||
pub fn new<N: Into<String>, P: Into<String>>(
|
||||
username: N,
|
||||
|
|
@ -200,14 +200,14 @@ impl<S: ScramProvider> Scram<S> {
|
|||
}
|
||||
}
|
||||
|
||||
impl<S: ScramProvider> SaslMechanism for Scram<S> {
|
||||
impl<S: ScramProvider> Mechanism for Scram<S> {
|
||||
fn name(&self) -> &str {
|
||||
// TODO: this is quite the workaround…
|
||||
&self.name
|
||||
}
|
||||
|
||||
fn from_credentials(credentials: SaslCredentials) -> Result<Scram<S>, String> {
|
||||
if let SaslSecret::Password(password) = credentials.secret {
|
||||
fn from_credentials(credentials: Credentials) -> Result<Scram<S>, String> {
|
||||
if let Secret::Password(password) = credentials.secret {
|
||||
if let Some(username) = credentials.username {
|
||||
Scram::new(username, password, credentials.channel_binding)
|
||||
.map_err(|_| "can't generate nonce".to_owned())
|
||||
|
|
@ -315,7 +315,7 @@ impl<S: ScramProvider> SaslMechanism for Scram<S> {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use SaslMechanism;
|
||||
use Mechanism;
|
||||
|
||||
use super::*;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue