gel_auth/
lib.rs

1pub mod handshake;
2pub mod md5;
3pub mod scram;
4
5#[cfg(feature = "postgres")]
6pub mod postgres;
7
8#[cfg(feature = "gel")]
9pub mod gel;
10
11/// Specifies the type of authentication or indicates the authentication method used for a connection.
12#[derive(Debug, Default, Copy, Clone, Eq, PartialEq)]
13pub enum AuthType {
14    /// Denies a login or indicates that a connection was denied.
15    ///
16    /// When used with the server, this will cause it to emulate the given
17    /// authentication type, but unconditionally return a failure.
18    ///
19    /// This is used for testing purposes, and to emulate timing when a user
20    /// does not exist.
21    #[default]
22    Deny,
23    /// Trusts a login without requiring authentication, or indicates
24    /// that a connection required no authentication.
25    ///
26    /// When used with the server side of the handshake, this will cause it to
27    /// emulate the given authentication type, but unconditionally succeed.
28    /// Not compatible with SCRAM-SHA-256 as that protocol requires server and client
29    /// to cryptographically agree on a password.
30    Trust,
31    /// Plain text authentication, or indicates that plain text authentication was required.
32    Plain,
33    /// MD5 password authentication, or indicates that MD5 password authentication was required.
34    Md5,
35    /// SCRAM-SHA-256 authentication, or indicates that SCRAM-SHA-256 authentication was required.
36    ScramSha256,
37}
38
39#[derive(derive_more::Debug, Clone)]
40pub enum CredentialData {
41    /// A credential that always succeeds, regardless of input password. Due to
42    /// the design of SCRAM-SHA-256, this cannot be used with that auth type.
43    Trust,
44    /// A credential that always fails, regardless of the input password.
45    Deny,
46    /// A plain-text password.
47    #[debug("Plain(...)")]
48    Plain(String),
49    /// A stored MD5 hash + salt.
50    #[debug("Md5(...)")]
51    Md5(md5::StoredHash),
52    /// A stored SCRAM-SHA-256 key.
53    #[debug("Scram(...)")]
54    Scram(scram::StoredKey),
55}
56
57impl CredentialData {
58    pub fn new(ty: AuthType, username: String, password: String) -> Self {
59        match ty {
60            AuthType::Deny => Self::Deny,
61            AuthType::Trust => Self::Trust,
62            AuthType::Plain => Self::Plain(password),
63            AuthType::Md5 => Self::Md5(md5::StoredHash::generate(password.as_bytes(), &username)),
64            AuthType::ScramSha256 => {
65                let salt: [u8; 32] = rand::random();
66                Self::Scram(scram::StoredKey::generate(password.as_bytes(), &salt, 4096))
67            }
68        }
69    }
70
71    pub fn auth_type(&self) -> AuthType {
72        match self {
73            CredentialData::Trust => AuthType::Trust,
74            CredentialData::Deny => AuthType::Deny,
75            CredentialData::Plain(..) => AuthType::Plain,
76            CredentialData::Md5(..) => AuthType::Md5,
77            CredentialData::Scram(..) => AuthType::ScramSha256,
78        }
79    }
80}