tokio_xmpp/client/
login.rs1use alloc::borrow::Cow;
2use core::str::FromStr;
3use futures::{SinkExt, StreamExt};
4use sasl::client::mechanisms::{Anonymous, Plain, Scram};
5use sasl::client::Mechanism;
6use sasl::common::scram::{Sha1, Sha256};
7use sasl::common::Credentials;
8use std::collections::BTreeSet;
9use std::io;
10use tokio::io::{AsyncBufRead, AsyncWrite};
11use xmpp_parsers::{
12 jid::Jid,
13 ns,
14 sasl::{Auth, Mechanism as XMPPMechanism, Nonza, Response},
15 stream_features::StreamFeatures,
16};
17
18use crate::{
19 connect::ServerConnector,
20 error::{AuthError, Error, ProtocolError},
21 xmlstream::{
22 xmpp::XmppStreamElement, InitiatingStream, ReadError, StreamHeader, Timeouts, XmppStream,
23 },
24};
25
26pub async fn auth<S: AsyncBufRead + AsyncWrite + Unpin>(
27 mut stream: XmppStream<S>,
28 sasl_mechanisms: BTreeSet<String>,
29 creds: Credentials,
30) -> Result<InitiatingStream<S>, Error> {
31 let local_mechs: Vec<Box<dyn Fn() -> Box<dyn Mechanism + Send + Sync> + Send>> = vec![
32 Box::new(|| Box::new(Scram::<Sha256>::from_credentials(creds.clone()).unwrap())),
33 Box::new(|| Box::new(Scram::<Sha1>::from_credentials(creds.clone()).unwrap())),
34 Box::new(|| Box::new(Plain::from_credentials(creds.clone()).unwrap())),
35 Box::new(|| Box::new(Anonymous::new())),
36 ];
37
38 for local_mech in local_mechs {
39 let mut mechanism = local_mech();
40 if sasl_mechanisms.contains(mechanism.name()) {
41 let initial = mechanism.initial();
42 let mechanism_name =
43 XMPPMechanism::from_str(mechanism.name()).map_err(ProtocolError::Parsers)?;
44
45 stream
46 .send(&XmppStreamElement::Sasl(Nonza::Auth(Auth {
47 mechanism: mechanism_name,
48 data: initial,
49 })))
50 .await?;
51
52 loop {
53 match stream.next().await {
54 Some(Ok(XmppStreamElement::Sasl(sasl))) => match sasl {
55 Nonza::Challenge(challenge) => {
56 let response = mechanism
57 .response(&challenge.data)
58 .map_err(AuthError::Sasl)?;
59
60 stream
62 .send(&XmppStreamElement::Sasl(Nonza::Response(Response {
63 data: response,
64 })))
65 .await?;
66 }
67 Nonza::Success(_) => return Ok(stream.initiate_reset()),
68 Nonza::Failure(failure) => {
69 return Err(Error::Auth(AuthError::Fail(failure.defined_condition)));
70 }
71 _ => {
72 }
74 },
75 Some(Ok(el)) => {
76 return Err(io::Error::new(
77 io::ErrorKind::InvalidData,
78 format!(
79 "unexpected stream element during SASL negotiation: {:?}",
80 el
81 ),
82 )
83 .into())
84 }
85 Some(Err(ReadError::HardError(e))) => return Err(e.into()),
86 Some(Err(ReadError::ParseError(e))) => {
87 return Err(io::Error::new(io::ErrorKind::InvalidData, e).into())
88 }
89 Some(Err(ReadError::SoftTimeout)) => {
90 }
92 Some(Err(ReadError::StreamFooterReceived)) | None => {
93 return Err(Error::Disconnected)
94 }
95 }
96 }
97 }
98 }
99
100 Err(AuthError::NoMechanism.into())
101}
102
103pub async fn client_auth<C: ServerConnector>(
105 server: C,
106 jid: Jid,
107 password: String,
108 timeouts: Timeouts,
109) -> Result<(StreamFeatures, XmppStream<C::Stream>), Error> {
110 let username = jid.node().unwrap().as_str();
111
112 let (xmpp_stream, channel_binding) = server.connect(&jid, ns::JABBER_CLIENT, timeouts).await?;
113 let (features, xmpp_stream) = xmpp_stream.recv_features().await?;
114
115 let creds = Credentials::default()
116 .with_username(username)
117 .with_password(password)
118 .with_channel_binding(channel_binding);
119 let stream = auth(xmpp_stream, features.sasl_mechanisms, creds).await?;
121 let stream = stream
122 .send_header(StreamHeader {
123 to: Some(Cow::Borrowed(jid.domain().as_str())),
124 from: None,
125 id: None,
126 })
127 .await?;
128 Ok(stream.recv_features().await?)
129}