tokio_xmpp/client/
login.rs1use alloc::borrow::Cow;
2use core::str::FromStr;
3use futures::{SinkExt, StreamExt};
4use sasl::client::mechanisms::{Anonymous, Plain, Scram};
5use sasl::client::Mechanism;
6use sasl::common::scram::{Sha1, Sha256};
7use sasl::common::Credentials;
8use std::collections::BTreeSet;
9use std::io;
10use tokio::io::{AsyncBufRead, AsyncWrite};
11use xmpp_parsers::{
12 jid::Jid,
13 ns,
14 sasl::{Auth, Mechanism as XMPPMechanism, Nonza, Response},
15 stream_features::StreamFeatures,
16};
17
18use crate::{
19 connect::ServerConnector,
20 error::{AuthError, Error, ProtocolError},
21 xmlstream::{
22 xmpp::XmppStreamElement, InitiatingStream, ReadError, StreamHeader, Timeouts, XmppStream,
23 },
24};
25
26pub async fn auth<S: AsyncBufRead + AsyncWrite + Unpin>(
32 mut stream: XmppStream<S>,
33 sasl_mechanisms: BTreeSet<String>,
34 creds: Credentials,
35) -> Result<InitiatingStream<S>, Error> {
36 let local_mechs: Vec<Box<dyn Fn() -> Box<dyn Mechanism + Send + Sync> + Send>> = vec![
37 Box::new(|| Box::new(Scram::<Sha256>::from_credentials(creds.clone()).unwrap())),
38 Box::new(|| Box::new(Scram::<Sha1>::from_credentials(creds.clone()).unwrap())),
39 Box::new(|| Box::new(Plain::from_credentials(creds.clone()).unwrap())),
40 Box::new(|| Box::new(Anonymous::new())),
41 ];
42
43 for local_mech in local_mechs {
44 let mut mechanism = local_mech();
45 if sasl_mechanisms.contains(mechanism.name()) {
46 let initial = mechanism.initial();
47 let mechanism_name =
48 XMPPMechanism::from_str(mechanism.name()).map_err(ProtocolError::Parsers)?;
49
50 stream
51 .send(&XmppStreamElement::Sasl(Nonza::Auth(Auth {
52 mechanism: mechanism_name,
53 data: initial,
54 })))
55 .await?;
56
57 loop {
58 match stream
59 .next()
60 .await
61 .map(|v| v.map(|v| v.into_read_error()).flatten())
62 {
63 Some(Ok(XmppStreamElement::Sasl(sasl))) => match sasl {
64 Nonza::Challenge(challenge) => {
65 let response = mechanism
66 .response(&challenge.data)
67 .map_err(AuthError::Sasl)?;
68
69 stream
71 .send(&XmppStreamElement::Sasl(Nonza::Response(Response {
72 data: response,
73 })))
74 .await?;
75 }
76 Nonza::Success(_) => return Ok(stream.initiate_reset()),
77 Nonza::Failure(failure) => {
78 return Err(Error::Auth(AuthError::Fail(failure.defined_condition)));
79 }
80 _ => {
81 }
83 },
84 Some(Ok(el)) => {
85 return Err(io::Error::new(
86 io::ErrorKind::InvalidData,
87 format!(
88 "unexpected stream element during SASL negotiation: {:?}",
89 el
90 ),
91 )
92 .into())
93 }
94 Some(Err(ReadError::HardError(e))) => return Err(e.into()),
95 Some(Err(ReadError::ParseError(e))) => {
96 return Err(io::Error::new(io::ErrorKind::InvalidData, e).into())
97 }
98 Some(Err(ReadError::SoftTimeout)) => {
99 }
101 Some(Err(ReadError::StreamFooterReceived)) | None => {
102 return Err(Error::Disconnected)
103 }
104 }
105 }
106 }
107 }
108
109 Err(AuthError::NoMechanism.into())
110}
111
112pub async fn client_auth<C: ServerConnector>(
114 server: C,
115 jid: Jid,
116 password: String,
117 timeouts: Timeouts,
118) -> Result<(StreamFeatures, XmppStream<C::Stream>), Error> {
119 let username = jid.node().unwrap().as_str();
120
121 let (xmpp_stream, channel_binding) = server.connect(&jid, ns::JABBER_CLIENT, timeouts).await?;
122 let (features, xmpp_stream) = xmpp_stream.recv_features().await?;
123
124 let creds = Credentials::default()
125 .with_username(username)
126 .with_password(password)
127 .with_channel_binding(channel_binding);
128 let stream = auth(xmpp_stream, features.sasl_mechanisms, creds).await?;
130 let stream = stream
131 .send_header(StreamHeader {
132 to: Some(Cow::Borrowed(jid.domain().as_str())),
133 from: None,
134 id: None,
135 })
136 .await?;
137 Ok(stream.recv_features().await?)
138}