Lib.rs

身份验证
#客户端 #机制 #sasl-rs

sasl

一个用于SASL身份验证的crate。目前仅支持客户端。

lumi 编写。 共同所有者有 peplinkmauve

11个版本

0.5.2 2024年7月22日
0.5.1 2023年8月20日
0.5.0 2021年1月12日
0.4.3 2019年1月17日
0.4.0 2017年3月28日

#80 in 身份验证

Download history 62/week @ 2024-04-22 62/week @ 2024-04-29 36/week @ 2024-05-06 61/week @ 2024-05-13 79/week @ 2024-05-20 68/week @ 2024-05-27 48/week @ 2024-06-03 81/week @ 2024-06-10 77/week @ 2024-06-17 40/week @ 2024-06-24 21/week @ 2024-07-01 14/week @ 2024-07-08 41/week @ 2024-07-15 172/week @ 2024-07-22 342/week @ 2024-07-29 220/week @ 2024-08-05

776 每月下载量
用于 12 个crate (3 直接)

MPL-2.0 许可证

62KB
1.5K SLoC

sasl-rs

这是什么?

一个处理SASL身份验证的crate。直到1.0.0版本前仍不稳定。

我能看到一个示例吗?

查看这里的文档

它使用什么许可证?

MPL-2.0。见LICENSE

许可证条款。

版权所有 2017, sasl-rs 贡献者。

此源代码形式受Mozilla公共许可证第2.0版的条款约束。如果未随此文件一起分发MPL副本,您可以在https://mozilla.org/MPL/2.0/获取一个。

lib.rs:

此crate提供SASL身份验证的框架和一些身份验证机制。

示例

简单客户端使用

use sasl::client::Mechanism;
use sasl::common::Credentials;
use sasl::client::mechanisms::Plain;

let creds = Credentials::default()
                        .with_username("user")
                        .with_password("pencil");

let mut mechanism = Plain::from_credentials(creds).unwrap();

let initial_data = mechanism.initial();

assert_eq!(initial_data, b"\0user\0pencil");

更复杂的使用

#[macro_use] extern crate sasl;

use sasl::server::{Validator, Provider, Mechanism as ServerMechanism, Response}; use sasl::server::{ValidatorError, ProviderError, MechanismError as ServerMechanismError}; use sasl::server::mechanisms::{Plain as ServerPlain, Scram as ServerScram}; use sasl::client::{Mechanism as ClientMechanism, MechanismError as ClientMechanismError}; use sasl::client::mechanisms::{Plain as ClientPlain, Scram as ClientScram}; use sasl::common::{Identity, Credentials, Password, ChannelBinding}; use sasl::common::scram::{ScramProvider, Sha1, Sha256}; use sasl::secret;

const USERNAME: &'static str = "user"; const PASSWORD: &'static str = "pencil"; const SALT: [u8; 8] = [35, 71, 92, 105, 212, 219, 114, 93]; const ITERATIONS: u32 = 4096;

struct MyValidator;

impl Validatorsecret::Plain for MyValidator { fn validate(&self, identity: &Identity, value: &secret::Plain) -> Result<(), ValidatorError> { let &secret::Plain(ref password) = value; if identity != &Identity::Username(USERNAME.to_owned()) { Err(ValidatorError::AuthenticationFailed) } else if password != PASSWORD { Err(ValidatorError::AuthenticationFailed) } else { Ok(()) } } }

impl Providersecret::Pbkdf2Sha1 for MyValidator { fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha1, ProviderError> { if identity != &Identity::Username(USERNAME.to_owned()) { Err(ProviderError::AuthenticationFailed) } else { let digest = sasl::common::scram::Sha1::derive ( &Password::Plain((PASSWORD.to_owned())) , &SALT[..] , ITERATIONS )?; Ok(secret::Pbkdf2Sha1 { salt: SALT.to_vec(), iterations: ITERATIONS, digest: digest, }) } } }

impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha1);

实现Providersecret::Pbkdf2Sha256为MyValidator { fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha256, ProviderError> { if identity != &Identity::Username(USERNAME.to_owned()) { Err(ProviderError::AuthenticationFailed) } else { let digest = sasl::common::scram::Sha256::derive ( &Password::Plain((PASSWORD.to_owned())) , &SALT[..] , ITERATIONS )?; Ok(secret::Pbkdf2Sha256 { salt: SALT.to_vec(), iterations: ITERATIONS, digest: digest, }) } }}

impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha256);

#[derive(Debug, PartialEq)] enum MechanismError { Client(ClientMechanismError), Server(ServerMechanismError), }

impl From for MechanismError { fn from(err: ClientMechanismError) -> MechanismError { MechanismError::Client(err) } }

impl From for MechanismError { fn from(err: ServerMechanismError) -> MechanismError { MechanismError::Server(err) } }

fn finish<CM, SM>(cm: &mut CM, sm: &mut SM) -> Result<Identity, MechanismError> where CM: ClientMechanism, SM: ServerMechanism { let init = cm.initial(); println!("C: {}", String::from_utf8_lossy(&init)); let mut resp = sm.respond(&init)?; loop { let msg; match resp { Response::Proceed(ref data) => { println!("S: {}", String::from_utf8_lossy(&data)); msg = cm.response(data)?; println!("C: {}", String::from_utf8_lossy(&msg)); }, _ => break, } resp = sm.respond(&msg)?; } if let Response::Success(ret, fin) = resp { println!("S: {}", String::from_utf8_lossy(&fin)); cm.success(&fin)?; Ok(ret) } else { unreachable!(); } }

fn main() { let mut mech = ServerPlain::new(MyValidator); let expected_response = Response::Success(Identity::Username("user".to_owned()), Vec::new()); assert_eq!(mech.respond(b"\0user\0pencil"), Ok(expected_response));

 let mut mech = ServerPlain::new(MyValidator);
 assert_eq!(mech.respond(b"\0user\0marker"), Err(ServerMechanismError::ValidatorError(ValidatorError::AuthenticationFailed)));

 let creds = Credentials::default()
                         .with_username(USERNAME)
                         .with_password(PASSWORD);
 let mut client_mech = ClientPlain::from_credentials(creds.clone()).unwrap();
 let mut server_mech = ServerPlain::new(MyValidator);

 assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));

 let mut client_mech = ClientScram::<Sha1>::from_credentials(creds.clone()).unwrap();
 let mut server_mech = ServerScram::<Sha1, _>::new(MyValidator, ChannelBinding::Unsupported);

 assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));

 let mut client_mech = ClientScram::<Sha256>::from_credentials(creds.clone()).unwrap();
 let mut server_mech = ServerScram::<Sha256, _>::new(MyValidator, ChannelBinding::Unsupported);

 assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));

}



You can use this in your crate by adding this under `dependencies` in your `Cargo.toml`:

```toml
sasl = "*"

依赖

~0–285KB