lawn_fs/
auth.rs

1use crate::backend::Metadata;
2use lawn_constants::Error;
3
4/// A set of tools to implement authentication and location finding.
5///
6/// Each authenticator is responsible for determining whether and what access is to be granted,
7/// performing authentication, and, if the user is authenticated, providing the location of the
8/// root of the mount.
9///
10/// This is done by creating an instance of the `Authenticator` trait, which can create handles,
11/// and then
12
13type Result<T> = std::result::Result<T, Error>;
14
15/// Information about a successful authentication.
16pub struct AuthenticationInfo<'a> {
17    id: Option<u32>,
18    user: &'a [u8],
19    dir: &'a [u8],
20    location: &'a [u8],
21}
22
23impl<'a> AuthenticationInfo<'a> {
24    /// Create a new instance.
25    ///
26    /// `id` is the user ID, if any.  `user` is the username.  `dir` is a directory associated with
27    /// this user (usually their home directory), and `location` is the location of the mount
28    /// point.  Note that usually `dir` is the same as `location`.
29    pub fn new(
30        id: Option<u32>,
31        user: &'a [u8],
32        dir: &'a [u8],
33        location: &'a [u8],
34    ) -> AuthenticationInfo<'a> {
35        AuthenticationInfo {
36            id,
37            user,
38            dir,
39            location,
40        }
41    }
42
43    /// The user ID of the authenticated user, if any.
44    pub fn id(&self) -> Option<u32> {
45        self.id
46    }
47
48    /// The username of this user, if any.
49    pub fn user(&self) -> &[u8] {
50        self.user
51    }
52
53    /// The user's home directory, which may be the same as `location`.
54    pub fn dir(&self) -> &[u8] {
55        self.dir
56    }
57
58    /// The location of the mount point.
59    pub fn location(&self) -> &[u8] {
60        self.location
61    }
62}
63
64/// An authenticator handle.
65pub trait AuthenticatorHandle {
66    /// Read data from this authenticator.
67    ///
68    /// This reads data from the authenticator in an authenticator-specific protocol.
69    fn read(&self, data: &mut [u8]) -> Result<u32>;
70    /// Write data to this authenticator.
71    ///
72    /// This writes data to the authenticator in an authenticator-specific protocol.
73    fn write(&self, data: &[u8]) -> Result<u32>;
74    /// Determine if the user is authenticated and return information if so.
75    ///
76    /// This method is called once reads and writes from this handle are completed.  If the return
77    /// value is `Some`, the user is authenticated, and the return value contains information about
78    /// the access granted.  If the user is not authenticated, this returns `None`.
79    fn info(&self) -> Option<AuthenticationInfo<'_>>;
80}
81
82/// A trait to authenticate and locate the root of a mount.
83///
84/// Each authenticator is responsible for determining whether and what access is to be granted,
85/// performing authentication, and, if the user is authenticated, providing the location of the
86pub trait Authenticator {
87    /// Create a new authenticator handle.
88    ///
89    /// `uname` is the user name of the party wanting access, and `nuname` is the user ID, if any.
90    /// `aname` indicates the resource for which access is requested.
91    fn create(
92        &self,
93        meta: &Metadata,
94        uname: &[u8],
95        aname: &[u8],
96        nuname: Option<u32>,
97    ) -> Box<dyn AuthenticatorHandle + Send + Sync>;
98}