aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-12-12 09:17:59 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-12-12 09:17:59 +0100
commit47e25cd7f710fcd82356377cf48eccf9f65d31cc (patch)
treeb847e1b83b6608047d666acc4856113604fc0dbd
parent23f918fd0edb224668fb775c770075eb4f44ce4d (diff)
downloadaerogramme-47e25cd7f710fcd82356377cf48eccf9f65d31cc.tar.gz
aerogramme-47e25cd7f710fcd82356377cf48eccf9f65d31cc.zip
WIP
-rw-r--r--src/config.rs25
-rw-r--r--src/login/mod.rs14
-rw-r--r--src/login/static_provider.rs6
-rw-r--r--src/main.rs4
4 files changed, 41 insertions, 8 deletions
diff --git a/src/config.rs b/src/config.rs
index 506640f..cd3bff3 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -4,7 +4,7 @@ use std::net::SocketAddr;
use std::path::PathBuf;
use anyhow::Result;
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Serialize, Serializer, Deserializer};
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct CompanionConfig {
@@ -79,6 +79,7 @@ pub struct LoginLdapConfig {
pub username_attr: String,
#[serde(default = "default_mail_attr")]
pub mail_attr: String,
+ pub crypto_root_attr: String,
// Storage related thing
#[serde(flatten)]
@@ -110,9 +111,11 @@ pub type UserList = HashMap<String, UserEntry>;
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(tag = "crypto_root")]
pub enum CryptographyRoot {
- PasswordProtected,
+ PasswordProtected {
+ root_blob: String,
+ },
Keyring,
- InPlace {
+ ClearText {
master_key: String,
secret_key: String,
}
@@ -175,3 +178,19 @@ pub fn write_config<T: Serialize>(config_file: PathBuf, config: &T) -> Result<()
fn default_mail_attr() -> String {
"mail".into()
}
+
+fn as_base64<T, S>(val: &T, serializer: &mut S) -> Result<(), S::Error>
+ where T: AsRef<[u8]>,
+ S: Serializer<Ok = ()>
+{
+ serializer.serialize_str(&base64::encode(val.as_ref()))
+}
+
+fn from_base64<D>(deserializer: &mut D) -> Result<Vec<u8>, D::Error>
+ where D: Deserializer
+{
+ use serde::de::Error;
+ String::deserialize(deserializer)
+ .and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string())))
+}
+
diff --git a/src/login/mod.rs b/src/login/mod.rs
index a9b9efe..f7a81c2 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -169,9 +169,20 @@ impl CryptoKeys {
}
pub async fn open(
- storage: &Builders,
password: &str,
+ root_blob: &str,
) -> Result<Self> {
+ let kdf_salt = &password_blob[..32];
+ let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?;
+
+ let keys = Self::deserialize(&password_openned)?;
+ if keys.public != expected_public {
+ bail!("Password public key doesn't match stored public key");
+ }
+
+ Ok(keys)
+
+ /*
let k2v = storage.row_store()?;
let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?;
@@ -208,6 +219,7 @@ impl CryptoKeys {
}
Ok(keys)
+ */
}
pub async fn open_without_password(
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
index 0f6ab3a..7fadf2f 100644
--- a/src/login/static_provider.rs
+++ b/src/login/static_provider.rs
@@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider {
};
let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/
- CryptographyRoot::InPlace { master_key: m, secret_key: s } => {
+ CryptographyRoot::ClearText { master_key: m, secret_key: s } => {
let master_key =
Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?;
let secret_key = SecretKey::from_slice(&base64::decode(s)?)
.ok_or(anyhow!("Invalid secret key"))?;
CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
}
- CryptographyRoot::PasswordProtected => {
- CryptoKeys::open(&storage, password).await?
+ CryptographyRoot::PasswordProtected { root_blob } => {
+ CryptoKeys::open(password, root_blob).await?
}
CryptographyRoot::Keyring => unimplemented!(),
};
diff --git a/src/main.rs b/src/main.rs
index 679204d..c252623 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -
write_config(users.clone(), &ulist)?;
},
AccountManagement::Delete { login } => {
- unimplemented!();
+ tracing::debug!(user=login, "will-delete");
+ ulist.remove(&login);
+ write_config(users.clone(), &ulist)?;
},
AccountManagement::ChangePassword { login } => {
unimplemented!();