1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

#[allow(unused_imports)]
use std::borrow::Cow;

#[cfg(feature = "sasl-gssapi")]
mod gssapi;
#[cfg(feature = "sasl-gssapi")]
pub use gssapi::*;

#[cfg(feature = "sasl-digest-md5")]
mod digest_md5;
#[cfg(feature = "sasl-digest-md5")]
pub use digest_md5::*;

#[cfg(feature = "sasl-digest-md5")]
mod mechanisms {
    mod digest_md5;
}

use rsasl::prelude::*;

use crate::error::Error;

pub(crate) type Result<T, E = crate::error::Error> = std::result::Result<T, E>;

pub(crate) trait SaslInitiator {
    fn new_session(&self, hostname: &str) -> Result<SaslSession>;
}

/// Client side SASL options.
#[derive(Clone, Debug)]
pub struct SaslOptions(SaslInnerOptions);

#[derive(Clone, Debug)]
enum SaslInnerOptions {
    #[cfg(feature = "sasl-gssapi")]
    Gssapi(GssapiSaslOptions),
    #[cfg(feature = "sasl-digest-md5")]
    DigestMd5(DigestMd5SaslOptions),
}

impl SaslOptions {
    /// Constructs a default [GssapiSaslOptions] for further customization.
    ///
    /// Make sure localhost is granted by Kerberos KDC, unlike Java counterpart this library
    /// provides no mean to grant ticket from KDC but simply utilizes whatever the ticket cache
    /// have.
    #[cfg(feature = "sasl-gssapi")]
    pub fn gssapi() -> GssapiSaslOptions {
        GssapiSaslOptions::new()
    }

    /// Construct a [DigestMd5SaslOptions] for further customization.
    #[cfg(feature = "sasl-digest-md5")]
    pub fn digest_md5(
        username: impl Into<Cow<'static, str>>,
        password: impl Into<Cow<'static, str>>,
    ) -> DigestMd5SaslOptions {
        DigestMd5SaslOptions::new(username, password)
    }
}

impl SaslInitiator for SaslOptions {
    fn new_session(&self, hostname: &str) -> Result<SaslSession> {
        match &self.0 {
            #[cfg(feature = "sasl-digest-md5")]
            SaslInnerOptions::DigestMd5(options) => options.new_session(hostname),
            #[cfg(feature = "sasl-gssapi")]
            SaslInnerOptions::Gssapi(options) => options.new_session(hostname),
        }
    }
}

pub struct SaslSession {
    output: Vec<u8>,
    session: Session,
    finished: bool,
}

impl SaslSession {
    fn new(session: Session) -> Result<Self> {
        let mut session = Self { session, output: Default::default(), finished: false };
        if session.session.are_we_first() {
            session.step(Default::default())?;
        }
        Ok(session)
    }

    pub fn name(&self) -> &str {
        self.session.get_mechname().as_str()
    }

    pub fn initial(&self) -> &[u8] {
        &self.output
    }

    pub fn step(&mut self, challenge: &[u8]) -> Result<Option<&[u8]>> {
        if self.finished {
            return Err(Error::UnexpectedError(format!("SASL {} session already finished", self.name())));
        }
        self.output.clear();
        match self.session.step(Some(challenge), &mut self.output).map_err(Error::other)? {
            State::Running => Ok(Some(&self.output)),
            State::Finished(MessageSent::Yes) => {
                self.finished = true;
                Ok(Some(&self.output))
            },
            State::Finished(MessageSent::No) => {
                self.finished = true;
                Ok(None)
            },
        }
    }
}