tokio_xmpp/client/
login.rs1use alloc::borrow::Cow;
2use core::str::FromStr;
3use futures::{SinkExt, StreamExt};
4use sasl::client::mechanisms::{Anonymous, Plain, Scram};
5use sasl::client::Mechanism;
6use sasl::common::scram::{Sha1, Sha256};
7use sasl::common::Credentials;
8use std::collections::HashSet;
9use std::io;
10use tokio::io::{AsyncBufRead, AsyncWrite};
11use xmpp_parsers::{
12 jid::Jid,
13 ns,
14 sasl::{Auth, Mechanism as XMPPMechanism, Nonza, Response},
15 stream_features::{SaslMechanisms, StreamFeatures},
16};
17
18use crate::{
19 connect::ServerConnector,
20 error::{AuthError, Error, ProtocolError},
21 xmlstream::{
22 xmpp::XmppStreamElement, InitiatingStream, ReadError, StreamHeader, Timeouts, XmppStream,
23 },
24};
25
26pub async fn auth<S: AsyncBufRead + AsyncWrite + Unpin>(
27 mut stream: XmppStream<S>,
28 sasl_mechanisms: &SaslMechanisms,
29 creds: Credentials,
30) -> Result<InitiatingStream<S>, Error> {
31 let local_mechs: Vec<Box<dyn Fn() -> Box<dyn Mechanism + Send + Sync> + Send>> = vec![
32 Box::new(|| Box::new(Scram::<Sha256>::from_credentials(creds.clone()).unwrap())),
33 Box::new(|| Box::new(Scram::<Sha1>::from_credentials(creds.clone()).unwrap())),
34 Box::new(|| Box::new(Plain::from_credentials(creds.clone()).unwrap())),
35 Box::new(|| Box::new(Anonymous::new())),
36 ];
37
38 let remote_mechs: HashSet<String> = sasl_mechanisms.mechanisms.iter().cloned().collect();
39
40 for local_mech in local_mechs {
41 let mut mechanism = local_mech();
42 if remote_mechs.contains(mechanism.name()) {
43 let initial = mechanism.initial();
44 let mechanism_name =
45 XMPPMechanism::from_str(mechanism.name()).map_err(ProtocolError::Parsers)?;
46
47 stream
48 .send(&XmppStreamElement::Sasl(Nonza::Auth(Auth {
49 mechanism: mechanism_name,
50 data: initial,
51 })))
52 .await?;
53
54 loop {
55 match stream.next().await {
56 Some(Ok(XmppStreamElement::Sasl(sasl))) => match sasl {
57 Nonza::Challenge(challenge) => {
58 let response = mechanism
59 .response(&challenge.data)
60 .map_err(AuthError::Sasl)?;
61
62 stream
64 .send(&XmppStreamElement::Sasl(Nonza::Response(Response {
65 data: response,
66 })))
67 .await?;
68 }
69 Nonza::Success(_) => return Ok(stream.initiate_reset()),
70 Nonza::Failure(failure) => {
71 return Err(Error::Auth(AuthError::Fail(failure.defined_condition)));
72 }
73 _ => {
74 }
76 },
77 Some(Ok(el)) => {
78 return Err(io::Error::new(
79 io::ErrorKind::InvalidData,
80 format!(
81 "unexpected stream element during SASL negotiation: {:?}",
82 el
83 ),
84 )
85 .into())
86 }
87 Some(Err(ReadError::HardError(e))) => return Err(e.into()),
88 Some(Err(ReadError::ParseError(e))) => {
89 return Err(io::Error::new(io::ErrorKind::InvalidData, e).into())
90 }
91 Some(Err(ReadError::SoftTimeout)) => {
92 }
94 Some(Err(ReadError::StreamFooterReceived)) | None => {
95 return Err(Error::Disconnected)
96 }
97 }
98 }
99 }
100 }
101
102 Err(AuthError::NoMechanism.into())
103}
104
105pub async fn client_auth<C: ServerConnector>(
107 server: C,
108 jid: Jid,
109 password: String,
110 timeouts: Timeouts,
111) -> Result<(StreamFeatures, XmppStream<C::Stream>), Error> {
112 let username = jid.node().unwrap().as_str();
113
114 let (xmpp_stream, channel_binding) = server.connect(&jid, ns::JABBER_CLIENT, timeouts).await?;
115 let (features, xmpp_stream) = xmpp_stream.recv_features().await?;
116
117 let creds = Credentials::default()
118 .with_username(username)
119 .with_password(password)
120 .with_channel_binding(channel_binding);
121 let stream = auth(xmpp_stream, &features.sasl_mechanisms, creds).await?;
123 let stream = stream
124 .send_header(StreamHeader {
125 to: Some(Cow::Borrowed(jid.domain().as_str())),
126 from: None,
127 id: None,
128 })
129 .await?;
130 Ok(stream.recv_features().await?)
131}