tokio_xmpp/client/
login.rs1use alloc::borrow::Cow;
2use core::str::FromStr;
3use futures::{SinkExt, StreamExt};
4use sasl::client::mechanisms::{Anonymous, Plain, Scram};
5use sasl::client::Mechanism;
6use sasl::common::scram::{Sha1, Sha256};
7use sasl::common::Credentials;
8use std::collections::BTreeSet;
9use std::io;
10use tokio::io::{AsyncBufRead, AsyncWrite};
11use xmpp_parsers::{
12 jid::Jid,
13 ns,
14 sasl::{Auth, Mechanism as XMPPMechanism, Nonza, Response},
15 stream_features::StreamFeatures,
16};
17
18use crate::{
19 connect::ServerConnector,
20 error::{AuthError, Error, ProtocolError},
21 xmlstream::{
22 xmpp::XmppStreamElement, InitiatingStream, ReadError, StreamHeader, Timeouts, XmppStream,
23 },
24};
25
26pub async fn auth<S: AsyncBufRead + AsyncWrite + Unpin>(
32 mut stream: XmppStream<S>,
33 sasl_mechanisms: BTreeSet<String>,
34 creds: Credentials,
35) -> Result<InitiatingStream<S>, Error> {
36 let local_mechs: Vec<Box<dyn Fn() -> Box<dyn Mechanism + Send + Sync> + Send>> = vec![
37 Box::new(|| Box::new(Scram::<Sha256>::from_credentials(creds.clone()).unwrap())),
38 Box::new(|| Box::new(Scram::<Sha1>::from_credentials(creds.clone()).unwrap())),
39 Box::new(|| Box::new(Plain::from_credentials(creds.clone()).unwrap())),
40 Box::new(|| Box::new(Anonymous::new())),
41 ];
42
43 for local_mech in local_mechs {
44 let mut mechanism = local_mech();
45 if sasl_mechanisms.contains(mechanism.name()) {
46 let initial = mechanism.initial();
47 let mechanism_name =
48 XMPPMechanism::from_str(mechanism.name()).map_err(ProtocolError::Parsers)?;
49
50 stream
51 .send(&XmppStreamElement::Sasl(Nonza::Auth(Auth {
52 mechanism: mechanism_name,
53 data: initial,
54 })))
55 .await?;
56
57 loop {
58 match stream.next().await {
59 Some(Ok(XmppStreamElement::Sasl(sasl))) => match sasl {
60 Nonza::Challenge(challenge) => {
61 let response = mechanism
62 .response(&challenge.data)
63 .map_err(AuthError::Sasl)?;
64
65 stream
67 .send(&XmppStreamElement::Sasl(Nonza::Response(Response {
68 data: response,
69 })))
70 .await?;
71 }
72 Nonza::Success(_) => return Ok(stream.initiate_reset()),
73 Nonza::Failure(failure) => {
74 return Err(Error::Auth(AuthError::Fail(failure.defined_condition)));
75 }
76 _ => {
77 }
79 },
80 Some(Ok(el)) => {
81 return Err(io::Error::new(
82 io::ErrorKind::InvalidData,
83 format!(
84 "unexpected stream element during SASL negotiation: {:?}",
85 el
86 ),
87 )
88 .into())
89 }
90 Some(Err(ReadError::HardError(e))) => return Err(e.into()),
91 Some(Err(ReadError::ParseError(e))) => {
92 return Err(io::Error::new(io::ErrorKind::InvalidData, e).into())
93 }
94 Some(Err(ReadError::SoftTimeout)) => {
95 }
97 Some(Err(ReadError::StreamFooterReceived)) | None => {
98 return Err(Error::Disconnected)
99 }
100 }
101 }
102 }
103 }
104
105 Err(AuthError::NoMechanism.into())
106}
107
108pub async fn client_auth<C: ServerConnector>(
110 server: C,
111 jid: Jid,
112 password: String,
113 timeouts: Timeouts,
114) -> Result<(StreamFeatures, XmppStream<C::Stream>), Error> {
115 let username = jid.node().unwrap().as_str();
116
117 let (xmpp_stream, channel_binding) = server.connect(&jid, ns::JABBER_CLIENT, timeouts).await?;
118 let (features, xmpp_stream) = xmpp_stream.recv_features().await?;
119
120 let creds = Credentials::default()
121 .with_username(username)
122 .with_password(password)
123 .with_channel_binding(channel_binding);
124 let stream = auth(xmpp_stream, features.sasl_mechanisms, creds).await?;
126 let stream = stream
127 .send_header(StreamHeader {
128 to: Some(Cow::Borrowed(jid.domain().as_str())),
129 from: None,
130 id: None,
131 })
132 .await?;
133 Ok(stream.recv_features().await?)
134}