rusmes-auth 0.1.2

Pluggable authentication backends for RusMES — File, LDAP, SQL, OAuth2/OIDC, System, and SASL (PLAIN/LOGIN/CRAM-MD5/SCRAM-SHA-256/XOAUTH2) with brute-force protection
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

//! # rusmes-auth
//!
//! Pluggable authentication backends for the RusMES mail server.
//!
//! ## Overview
//!
//! `rusmes-auth` provides a unified [`AuthBackend`] trait that abstracts over multiple
//! authentication strategies. All backends implement the same async interface, allowing
//! them to be composed, swapped, or wrapped by middleware such as the brute-force
//! protector found in the [`security`] module.
//!
//! ## Backends
//!
//! | Backend | Module | Notes |
//! |---------|--------|-------|
//! | File (htpasswd-style) | [`mod@file`] | bcrypt hashes, atomic writes |
//! | LDAP / Active Directory | [`backends::ldap`] | connection pooling, group filtering |
//! | SQL (SQLite / Postgres / MySQL) | [`backends::sql`] | bcrypt + Argon2 + SCRAM-SHA-256 |
//! | OAuth2 / OIDC | [`backends::oauth2`] | JWT validation, XOAUTH2 SASL |
//! | System (Unix) | [`backends::system`] | Pure Rust `/etc/shadow` auth |
//!
//! ## SASL Mechanisms
//!
//! The [`sasl`] module implements RFC-compliant SASL mechanisms on top of any `AuthBackend`:
//!
//! - `PLAIN` (RFC 4616)
//! - `LOGIN` (obsolete but widely supported)
//! - `CRAM-MD5` (RFC 2195)
//! - `SCRAM-SHA-256` (RFC 5802 / RFC 7677)
//! - `XOAUTH2` (RFC 7628)
//!
//! ## Security
//!
//! The [`security`] module provides:
//!
//! - Brute-force / account-lockout protection (progressive lockout)
//! - Per-IP rate limiting
//! - Password strength validation (entropy, character class, banned list)
//! - In-memory audit logging
//!
//! ## Example
//!
//! ```rust,no_run
//! use rusmes_auth::file::FileAuthBackend;
//! use rusmes_auth::AuthBackend;
//! use rusmes_proto::Username;
//!
//! # async fn example() -> anyhow::Result<()> {
//! let backend = FileAuthBackend::new("/etc/rusmes/passwd").await?;
//! let user = Username::new("alice".to_string())?;
//! let ok = backend.authenticate(&user, "s3cr3t").await?;
//! println!("authenticated: {ok}");
//! # Ok(())
//! # }
//! ```

use async_trait::async_trait;
use rusmes_proto::Username;
use std::sync::Arc;

pub mod backends;
pub mod file;
pub mod sasl;
pub mod security;

// ============================================================================
// ScramCredentials — RFC 5802 credential bundle
// ============================================================================

/// SCRAM-SHA-256 credential bundle as defined by RFC 5802.
///
/// These values are derived from a user's password via PBKDF2-SHA-256 and stored
/// so that the server never needs to see the raw password for SCRAM authentication.
///
/// Derivation (per RFC 5802 §3):
/// ```text
/// SaltedPassword = PBKDF2-SHA-256(password, salt, i)
/// ClientKey      = HMAC-SHA-256(SaltedPassword, "Client Key")
/// StoredKey      = SHA-256(ClientKey)        // stored here
/// ServerKey      = HMAC-SHA-256(SaltedPassword, "Server Key")  // stored here
/// ```
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ScramCredentials {
    /// Random salt bytes used in the PBKDF2 derivation.
    pub salt: Vec<u8>,
    /// Number of PBKDF2 iterations (≥ 4096 recommended by RFC 7677).
    pub iteration_count: u32,
    /// `SHA-256(ClientKey)` — used to verify the client proof without storing the key.
    pub stored_key: Vec<u8>,
    /// `HMAC-SHA-256(SaltedPassword, "Server Key")` — used to produce the server signature.
    pub server_key: Vec<u8>,
}

// ============================================================================
// AuthBackendKind — config-driven factory enum
// ============================================================================

/// Discriminated-union config type for all supported authentication backends.
///
/// Call [`AuthBackendKind::build`] to construct an `Arc<dyn AuthBackend>` from
/// whichever variant was selected in the server configuration.
pub enum AuthBackendKind {
    /// File-based backend (bcrypt htpasswd format with optional SCRAM extension).
    File(FileBackendConfig),
    /// SQL database backend (PostgreSQL / MySQL / SQLite via sqlx).
    Sql(backends::sql::SqlConfig),
    /// LDAP / Active Directory backend.
    Ldap(backends::ldap::LdapConfig),
    /// OAuth2 / OIDC backend (JWT introspection, XOAUTH2 SASL).
    OAuth2(backends::oauth2::OAuth2Config),
}

/// Configuration for the file-based authentication backend.
#[derive(Debug, Clone, Default)]
pub struct FileBackendConfig {
    /// Path to the passwd file.
    pub path: String,
    /// Password-hashing algorithm used for *new* password writes.
    ///
    /// Existing hashes (whichever algorithm produced them) continue to verify
    /// regardless of this setting. Defaults to bcrypt for backwards compatibility
    /// with deployments that pre-date argon2 support.
    pub hash_algorithm: file::HashAlgorithm,
}

impl AuthBackendKind {
    /// Construct an `Arc<dyn AuthBackend>` from this configuration variant.
    ///
    /// The returned backend is immediately ready for use; SQL backends have their
    /// connection pool opened, LDAP backends hold a lazily-allocated pool, and the
    /// file backend has already read its passwd file into memory.
    pub async fn build(self) -> anyhow::Result<Arc<dyn AuthBackend>> {
        match self {
            AuthBackendKind::File(cfg) => {
                let backend =
                    file::FileAuthBackend::with_algorithm(&cfg.path, cfg.hash_algorithm).await?;
                Ok(Arc::new(backend))
            }
            AuthBackendKind::Sql(cfg) => {
                let backend = backends::sql::SqlBackend::new(cfg).await?;
                Ok(Arc::new(backend))
            }
            AuthBackendKind::Ldap(cfg) => {
                let backend = backends::ldap::LdapBackend::new(cfg);
                Ok(Arc::new(backend))
            }
            AuthBackendKind::OAuth2(cfg) => {
                let backend = backends::oauth2::OAuth2Backend::new(cfg);
                Ok(Arc::new(backend))
            }
        }
    }
}

#[async_trait]
pub trait AuthBackend: Send + Sync {
    /// Authenticate a user with username and password
    async fn authenticate(&self, username: &Username, password: &str) -> anyhow::Result<bool>;

    /// Verify if a username maps to a valid identity
    async fn verify_identity(&self, username: &Username) -> anyhow::Result<bool>;

    /// List all users (for admin CLI)
    async fn list_users(&self) -> anyhow::Result<Vec<Username>>;

    /// Create a new user with the given password
    async fn create_user(&self, username: &Username, password: &str) -> anyhow::Result<()>;

    /// Delete a user
    async fn delete_user(&self, username: &Username) -> anyhow::Result<()>;

    /// Change a user's password
    async fn change_password(&self, username: &Username, new_password: &str) -> anyhow::Result<()>;

    // ========================================================================
    // SCRAM-SHA-256 Support (Optional)
    // ========================================================================
    // IMPORTANT: SCRAM-SHA-256 requires different credential storage than
    // bcrypt. The following methods provide SCRAM-specific credential access.
    // Default implementations return errors to maintain backward compatibility.

    /// Fetch the full RFC 5802 SCRAM-SHA-256 credential bundle for a user.
    ///
    /// Returns `Ok(Some(creds))` when pre-computed SCRAM credentials exist,
    /// `Ok(None)` when this backend does not store SCRAM credentials for the
    /// user (SCRAM-SHA-256 should then be declined; PLAIN / LOGIN remain available),
    /// and `Err(...)` only on I/O or parse failures.
    ///
    /// The default implementation returns `Ok(None)`, meaning SQL / LDAP / OAuth2
    /// backends gracefully degrade without requiring any code changes in those backends.
    /// Only the file backend overrides this with a real implementation.
    async fn fetch_scram_credentials(
        &self,
        _user: &str,
    ) -> anyhow::Result<Option<ScramCredentials>> {
        Ok(None)
    }

    /// Get SCRAM-SHA-256 parameters (salt, iteration count) for a user
    ///
    /// Returns (salt, iterations) if SCRAM credentials are stored.
    /// Default implementation returns an error indicating SCRAM is not supported.
    async fn get_scram_params(&self, _username: &str) -> anyhow::Result<(Vec<u8>, u32)> {
        Err(anyhow::anyhow!(
            "SCRAM-SHA-256 credential storage not implemented in this AuthBackend"
        ))
    }

    /// Get SCRAM-SHA-256 StoredKey for a user
    ///
    /// StoredKey = SHA256(ClientKey) where ClientKey = HMAC(SaltedPassword, "Client Key")
    /// Default implementation returns an error indicating SCRAM is not supported.
    async fn get_scram_stored_key(&self, _username: &str) -> anyhow::Result<Vec<u8>> {
        Err(anyhow::anyhow!(
            "SCRAM-SHA-256 credential storage not implemented in this AuthBackend"
        ))
    }

    /// Get SCRAM-SHA-256 ServerKey for a user
    ///
    /// ServerKey = HMAC(SaltedPassword, "Server Key")
    /// Default implementation returns an error indicating SCRAM is not supported.
    async fn get_scram_server_key(&self, _username: &str) -> anyhow::Result<Vec<u8>> {
        Err(anyhow::anyhow!(
            "SCRAM-SHA-256 credential storage not implemented in this AuthBackend"
        ))
    }

    /// Store SCRAM-SHA-256 credentials for a user
    ///
    /// This should store: salt, iterations, StoredKey, and ServerKey
    /// Default implementation returns an error indicating SCRAM is not supported.
    async fn store_scram_credentials(
        &self,
        _username: &Username,
        _salt: Vec<u8>,
        _iterations: u32,
        _stored_key: Vec<u8>,
        _server_key: Vec<u8>,
    ) -> anyhow::Result<()> {
        Err(anyhow::anyhow!(
            "SCRAM-SHA-256 credential storage not implemented in this AuthBackend"
        ))
    }

    // ========================================================================
    // APOP (MD5 Digest) Support (Optional)
    // ========================================================================
    // APOP requires access to plaintext password to compute MD5 digest.
    // This is incompatible with bcrypt and most secure password storage.
    // Backends can optionally support APOP by storing plaintext passwords
    // separately (not recommended for production).

    /// Get plaintext password for APOP authentication
    ///
    /// Returns the plaintext password if available.
    /// Default implementation returns an error indicating APOP is not supported.
    ///
    /// WARNING: This method exposes plaintext passwords and should only be used
    /// for APOP authentication. Consider disabling APOP in production environments.
    async fn get_apop_secret(&self, _username: &Username) -> anyhow::Result<String> {
        Err(anyhow::anyhow!(
            "APOP authentication not supported by this AuthBackend"
        ))
    }

    // ========================================================================
    // Bearer Token / OAuth2 Support (Optional)
    // ========================================================================

    /// Verify a Bearer token and return the authenticated username.
    ///
    /// This is the entry point for HTTP Bearer authentication (e.g. in JMAP).
    /// The default implementation rejects all tokens unconditionally so that
    /// backends without OAuth2 support never silently accept Bearer credentials.
    ///
    /// Backends that support Bearer / JWT verification (e.g. [`backends::oauth2`])
    /// override this method to perform real token introspection or JWT validation.
    ///
    /// # Errors
    /// Returns an `anyhow::Error` wrapping a rejected-token message if the
    /// token is invalid, expired, or this backend does not support Bearer auth.
    /// Callers that want a typed rejection should map the error to their own
    /// error type (e.g. `AuthError::Unauthorized`).
    async fn verify_bearer_token(&self, token: &str) -> anyhow::Result<Username> {
        // Suppress unused-variable lint without doing anything with the token.
        let _ = token;
        Err(anyhow::anyhow!(
            "Bearer token authentication is not supported by this AuthBackend"
        ))
    }
}