WIP

src/config.rs

@@ -4,7 +4,7 @@ use std::net::SocketAddr;
 use std::path::PathBuf;
 
 use anyhow::Result;
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Serialize, Serializer, Deserializer};
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct CompanionConfig {
@@ -79,6 +79,7 @@ pub struct LoginLdapConfig {
     pub username_attr: String,
     #[serde(default = "default_mail_attr")]
     pub mail_attr: String,
+    pub crypto_root_attr: String,
 
     // Storage related thing
     #[serde(flatten)]
@@ -110,9 +111,11 @@ pub type UserList = HashMap<String, UserEntry>;
 #[derive(Serialize, Deserialize, Debug, Clone)]
 #[serde(tag = "crypto_root")]
 pub enum CryptographyRoot {
-    PasswordProtected,
+    PasswordProtected {
+        root_blob: String,
+    },
     Keyring,
-    InPlace {
+    ClearText {
         master_key: String,
         secret_key: String,
     }
@@ -175,3 +178,19 @@ pub fn write_config<T: Serialize>(config_file: PathBuf, config: &T) -> Result<()
 fn default_mail_attr() -> String {
     "mail".into()
 }
+
+fn as_base64<T, S>(val: &T, serializer: &mut S) -> Result<(), S::Error>
+    where T: AsRef<[u8]>,
+          S: Serializer<Ok = ()>
+{
+    serializer.serialize_str(&base64::encode(val.as_ref()))
+}
+
+fn from_base64<D>(deserializer: &mut D) -> Result<Vec<u8>, D::Error>
+    where D: Deserializer
+{
+    use serde::de::Error;
+    String::deserialize(deserializer)
+        .and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string())))
+}
+

src/login/mod.rs

@@ -169,9 +169,20 @@ impl CryptoKeys {
     }
 
     pub async fn open(
-        storage: &Builders,
         password: &str,
+        root_blob: &str,
     ) -> Result<Self> {
+        let kdf_salt = &password_blob[..32];
+        let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?;
+
+        let keys = Self::deserialize(&password_openned)?;
+        if keys.public != expected_public {
+            bail!("Password public key doesn't match stored public key");
+        }
+
+        Ok(keys)
+       
+        /*
         let k2v = storage.row_store()?;
         let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?;
 
@@ -208,6 +219,7 @@ impl CryptoKeys {
         }
 
         Ok(keys)
+        */
     }
 
     pub async fn open_without_password(

src/login/static_provider.rs

@@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider {
         };
 
         let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/
-            CryptographyRoot::InPlace { master_key: m, secret_key: s } => {
+            CryptographyRoot::ClearText { master_key: m, secret_key: s } => {
                 let master_key =
                     Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?;
                 let secret_key = SecretKey::from_slice(&base64::decode(s)?)
                     .ok_or(anyhow!("Invalid secret key"))?;
                 CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
             }
-            CryptographyRoot::PasswordProtected => {
-                CryptoKeys::open(&storage, password).await?
+            CryptographyRoot::PasswordProtected { root_blob } => {
+                CryptoKeys::open(password, root_blob).await?
             }
             CryptographyRoot::Keyring => unimplemented!(),
         };

src/main.rs

@@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -
             write_config(users.clone(), &ulist)?;
         },
         AccountManagement::Delete { login } => {
-            unimplemented!();
+            tracing::debug!(user=login, "will-delete");
+            ulist.remove(&login);
+            write_config(users.clone(), &ulist)?;
         },
         AccountManagement::ChangePassword { login } => {
             unimplemented!();