LCOV - code coverage report
Current view: top level - proxy/src - sasl.rs (source / functions) Coverage Total Hit
Test: a43a77853355b937a79c57b07a8f05607cf29e6c.info Lines: 0.0 % 16 0
Test Date: 2024-09-19 12:04:32 Functions: 0.0 % 6 0

            Line data    Source code
       1              : //! Simple Authentication and Security Layer.
       2              : //!
       3              : //! RFC: <https://datatracker.ietf.org/doc/html/rfc4422>.
       4              : //!
       5              : //! Reference implementation:
       6              : //! * <https://github.com/postgres/postgres/blob/94226d4506e66d6e7cbf4b391f1e7393c1962841/src/backend/libpq/auth-sasl.c>
       7              : //! * <https://github.com/postgres/postgres/blob/94226d4506e66d6e7cbf4b391f1e7393c1962841/src/interfaces/libpq/fe-auth.c>
       8              : 
       9              : mod channel_binding;
      10              : mod messages;
      11              : mod stream;
      12              : 
      13              : use crate::error::{ReportableError, UserFacingError};
      14              : use std::io;
      15              : use thiserror::Error;
      16              : 
      17              : pub(crate) use channel_binding::ChannelBinding;
      18              : pub(crate) use messages::FirstMessage;
      19              : pub(crate) use stream::{Outcome, SaslStream};
      20              : 
      21              : /// Fine-grained auth errors help in writing tests.
      22            0 : #[derive(Error, Debug)]
      23              : pub(crate) enum Error {
      24              :     #[error("Channel binding failed: {0}")]
      25              :     ChannelBindingFailed(&'static str),
      26              : 
      27              :     #[error("Unsupported channel binding method: {0}")]
      28              :     ChannelBindingBadMethod(Box<str>),
      29              : 
      30              :     #[error("Bad client message: {0}")]
      31              :     BadClientMessage(&'static str),
      32              : 
      33              :     #[error("Internal error: missing digest")]
      34              :     MissingBinding,
      35              : 
      36              :     #[error("could not decode salt: {0}")]
      37              :     Base64(#[from] base64::DecodeError),
      38              : 
      39              :     #[error(transparent)]
      40              :     Io(#[from] io::Error),
      41              : }
      42              : 
      43              : impl UserFacingError for Error {
      44            0 :     fn to_string_client(&self) -> String {
      45            0 :         match self {
      46            0 :             Self::ChannelBindingFailed(m) => (*m).to_string(),
      47            0 :             Self::ChannelBindingBadMethod(m) => format!("unsupported channel binding method {m}"),
      48            0 :             _ => "authentication protocol violation".to_string(),
      49              :         }
      50            0 :     }
      51              : }
      52              : 
      53              : impl ReportableError for Error {
      54            0 :     fn get_error_kind(&self) -> crate::error::ErrorKind {
      55            0 :         match self {
      56            0 :             Error::ChannelBindingFailed(_) => crate::error::ErrorKind::User,
      57            0 :             Error::ChannelBindingBadMethod(_) => crate::error::ErrorKind::User,
      58            0 :             Error::BadClientMessage(_) => crate::error::ErrorKind::User,
      59            0 :             Error::MissingBinding => crate::error::ErrorKind::Service,
      60            0 :             Error::Base64(_) => crate::error::ErrorKind::ControlPlane,
      61            0 :             Error::Io(_) => crate::error::ErrorKind::ClientDisconnect,
      62              :         }
      63            0 :     }
      64              : }
      65              : 
      66              : /// A convenient result type for SASL exchange.
      67              : pub(crate) type Result<T> = std::result::Result<T, Error>;
      68              : 
      69              : /// A result of one SASL exchange.
      70              : #[must_use]
      71              : pub(crate) enum Step<T, R> {
      72              :     /// We should continue exchanging messages.
      73              :     Continue(T, String),
      74              :     /// The client has been authenticated successfully.
      75              :     Success(R, String),
      76              :     /// Authentication failed (reason attached).
      77              :     Failure(&'static str),
      78              : }
      79              : 
      80              : /// Every SASL mechanism (e.g. [SCRAM](crate::scram)) is expected to implement this trait.
      81              : pub(crate) trait Mechanism: Sized {
      82              :     /// What's produced as a result of successful authentication.
      83              :     type Output;
      84              : 
      85              :     /// Produce a server challenge to be sent to the client.
      86              :     /// This is how this method is called in PostgreSQL (`libpq/sasl.h`).
      87              :     fn exchange(self, input: &str) -> Result<Step<Self, Self::Output>>;
      88              : }
        

Generated by: LCOV version 2.1-beta