in-memory storage #32

Merged
quentin merged 65 commits from in-memory into main 2023-12-27 16:35:43 +00:00
4 changed files with 41 additions and 8 deletions
Showing only changes of commit 47e25cd7f7 - Show all commits

View file

@ -4,7 +4,7 @@ use std::net::SocketAddr;
use std::path::PathBuf;
use anyhow::Result;
use serde::{Deserialize, Serialize};
use serde::{Deserialize, Serialize, Serializer, Deserializer};
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct CompanionConfig {
@ -79,6 +79,7 @@ pub struct LoginLdapConfig {
pub username_attr: String,
#[serde(default = "default_mail_attr")]
pub mail_attr: String,
pub crypto_root_attr: String,
// Storage related thing
#[serde(flatten)]
@ -110,9 +111,11 @@ pub type UserList = HashMap<String, UserEntry>;
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(tag = "crypto_root")]
pub enum CryptographyRoot {
PasswordProtected,
PasswordProtected {
root_blob: String,
},
Keyring,
InPlace {
ClearText {
master_key: String,
secret_key: String,
}
@ -175,3 +178,19 @@ pub fn write_config<T: Serialize>(config_file: PathBuf, config: &T) -> Result<()
fn default_mail_attr() -> String {
"mail".into()
}
fn as_base64<T, S>(val: &T, serializer: &mut S) -> Result<(), S::Error>
where T: AsRef<[u8]>,
S: Serializer<Ok = ()>
{
serializer.serialize_str(&base64::encode(val.as_ref()))
}
fn from_base64<D>(deserializer: &mut D) -> Result<Vec<u8>, D::Error>
where D: Deserializer
{
use serde::de::Error;
String::deserialize(deserializer)
.and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string())))
}

View file

@ -169,9 +169,20 @@ impl CryptoKeys {
}
pub async fn open(
storage: &Builders,
password: &str,
root_blob: &str,
) -> Result<Self> {
let kdf_salt = &password_blob[..32];
let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?;
let keys = Self::deserialize(&password_openned)?;
if keys.public != expected_public {
bail!("Password public key doesn't match stored public key");
}
Ok(keys)
/*
let k2v = storage.row_store()?;
let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?;
@ -208,6 +219,7 @@ impl CryptoKeys {
}
Ok(keys)
*/
}
pub async fn open_without_password(

View file

@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider {
};
let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/
CryptographyRoot::InPlace { master_key: m, secret_key: s } => {
CryptographyRoot::ClearText { master_key: m, secret_key: s } => {
let master_key =
Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?;
let secret_key = SecretKey::from_slice(&base64::decode(s)?)
.ok_or(anyhow!("Invalid secret key"))?;
CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
}
CryptographyRoot::PasswordProtected => {
CryptoKeys::open(&storage, password).await?
CryptographyRoot::PasswordProtected { root_blob } => {
CryptoKeys::open(password, root_blob).await?
}
CryptographyRoot::Keyring => unimplemented!(),
};

View file

@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -
write_config(users.clone(), &ulist)?;
},
AccountManagement::Delete { login } => {
unimplemented!();
tracing::debug!(user=login, "will-delete");
ulist.remove(&login);
write_config(users.clone(), &ulist)?;
},
AccountManagement::ChangePassword { login } => {
unimplemented!();