This commit is contained in:
Quentin 2023-12-12 09:17:59 +01:00
parent 23f918fd0e
commit 47e25cd7f7
Signed by: quentin
GPG key ID: E9602264D639FF68
4 changed files with 41 additions and 8 deletions

View file

@ -4,7 +4,7 @@ use std::net::SocketAddr;
use std::path::PathBuf; use std::path::PathBuf;
use anyhow::Result; use anyhow::Result;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize, Serializer, Deserializer};
#[derive(Serialize, Deserialize, Debug, Clone)] #[derive(Serialize, Deserialize, Debug, Clone)]
pub struct CompanionConfig { pub struct CompanionConfig {
@ -79,6 +79,7 @@ pub struct LoginLdapConfig {
pub username_attr: String, pub username_attr: String,
#[serde(default = "default_mail_attr")] #[serde(default = "default_mail_attr")]
pub mail_attr: String, pub mail_attr: String,
pub crypto_root_attr: String,
// Storage related thing // Storage related thing
#[serde(flatten)] #[serde(flatten)]
@ -110,9 +111,11 @@ pub type UserList = HashMap<String, UserEntry>;
#[derive(Serialize, Deserialize, Debug, Clone)] #[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(tag = "crypto_root")] #[serde(tag = "crypto_root")]
pub enum CryptographyRoot { pub enum CryptographyRoot {
PasswordProtected, PasswordProtected {
root_blob: String,
},
Keyring, Keyring,
InPlace { ClearText {
master_key: String, master_key: String,
secret_key: String, secret_key: String,
} }
@ -175,3 +178,19 @@ pub fn write_config<T: Serialize>(config_file: PathBuf, config: &T) -> Result<()
fn default_mail_attr() -> String { fn default_mail_attr() -> String {
"mail".into() "mail".into()
} }
fn as_base64<T, S>(val: &T, serializer: &mut S) -> Result<(), S::Error>
where T: AsRef<[u8]>,
S: Serializer<Ok = ()>
{
serializer.serialize_str(&base64::encode(val.as_ref()))
}
fn from_base64<D>(deserializer: &mut D) -> Result<Vec<u8>, D::Error>
where D: Deserializer
{
use serde::de::Error;
String::deserialize(deserializer)
.and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string())))
}

View file

@ -169,9 +169,20 @@ impl CryptoKeys {
} }
pub async fn open( pub async fn open(
storage: &Builders,
password: &str, password: &str,
root_blob: &str,
) -> Result<Self> { ) -> Result<Self> {
let kdf_salt = &password_blob[..32];
let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?;
let keys = Self::deserialize(&password_openned)?;
if keys.public != expected_public {
bail!("Password public key doesn't match stored public key");
}
Ok(keys)
/*
let k2v = storage.row_store()?; let k2v = storage.row_store()?;
let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?; let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?;
@ -208,6 +219,7 @@ impl CryptoKeys {
} }
Ok(keys) Ok(keys)
*/
} }
pub async fn open_without_password( pub async fn open_without_password(

View file

@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider {
}; };
let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/ let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/
CryptographyRoot::InPlace { master_key: m, secret_key: s } => { CryptographyRoot::ClearText { master_key: m, secret_key: s } => {
let master_key = let master_key =
Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?; Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?;
let secret_key = SecretKey::from_slice(&base64::decode(s)?) let secret_key = SecretKey::from_slice(&base64::decode(s)?)
.ok_or(anyhow!("Invalid secret key"))?; .ok_or(anyhow!("Invalid secret key"))?;
CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await? CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
} }
CryptographyRoot::PasswordProtected => { CryptographyRoot::PasswordProtected { root_blob } => {
CryptoKeys::open(&storage, password).await? CryptoKeys::open(password, root_blob).await?
} }
CryptographyRoot::Keyring => unimplemented!(), CryptographyRoot::Keyring => unimplemented!(),
}; };

View file

@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -
write_config(users.clone(), &ulist)?; write_config(users.clone(), &ulist)?;
}, },
AccountManagement::Delete { login } => { AccountManagement::Delete { login } => {
unimplemented!(); tracing::debug!(user=login, "will-delete");
ulist.remove(&login);
write_config(users.clone(), &ulist)?;
}, },
AccountManagement::ChangePassword { login } => { AccountManagement::ChangePassword { login } => {
unimplemented!(); unimplemented!();