From 1f449dc7e97db34c4aa4cf08eb7cc6269905709f Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 22 Jan 2024 13:59:58 +0100 Subject: [PATCH 01/12] Rework some details (env var, cargo desc) --- Cargo.toml | 2 +- src/main.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 06eef6f..a865170 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,7 +4,7 @@ version = "0.2.0" authors = ["Alex Auvolat ", "Quentin Dufour "] edition = "2021" license = "EUPL-1.2" -description = "Encrypted mail storage over Garage" +description = "A robust email server" [dependencies] # async runtime diff --git a/src/main.rs b/src/main.rs index 3baa8e2..a7462bc 100644 --- a/src/main.rs +++ b/src/main.rs @@ -33,7 +33,7 @@ struct Args { #[clap(long)] dev: bool, - #[clap(short, long, env = "CONFIG_FILE", default_value = "aerogramme.toml")] + #[clap(short, long, env = "AEROGRAMME_CONFIG", default_value = "aerogramme.toml")] /// Path to the main Aerogramme configuration file config_file: PathBuf, } -- 2.43.4 From f67f04129afaacc4cdeb69aa79e5c102ec7331bd Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 23 Jan 2024 16:14:58 +0100 Subject: [PATCH 02/12] Add TLS support --- Cargo.lock | 59 +++++++++++++++++++++++++++++++++++++++++++++++-- Cargo.toml | 3 +++ src/config.rs | 14 +++++++++--- src/imap/mod.rs | 40 ++++++++++++++++++++++++++++++--- src/main.rs | 9 ++++---- src/server.rs | 18 +++++++++++---- 6 files changed, 127 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f5b2602..de5bce9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -56,12 +56,15 @@ dependencies = [ "rand", "rmp-serde", "rpassword", + "rustls 0.22.2", + "rustls-pemfile 2.0.0", "serde", "smtp-message", "smtp-server", "sodiumoxide", "thiserror", "tokio", + "tokio-rustls 0.25.0", "tokio-util", "toml", "tracing", @@ -2662,10 +2665,24 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring 0.17.7", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring 0.17.7", + "rustls-pki-types", + "rustls-webpki 0.102.1", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -2673,7 +2690,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "schannel", "security-framework", ] @@ -2687,6 +2704,22 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" +dependencies = [ + "base64 0.21.7", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" + [[package]] name = "rustls-webpki" version = "0.101.7" @@ -2697,6 +2730,17 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "rustls-webpki" +version = "0.102.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" +dependencies = [ + "ring 0.17.7", + "rustls-pki-types", + "untrusted 0.9.0", +] + [[package]] name = "ryu" version = "1.0.16" @@ -3186,6 +3230,17 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.2", + "rustls-pki-types", + "tokio", +] + [[package]] name = "tokio-stream" version = "0.1.14" diff --git a/Cargo.toml b/Cargo.toml index a865170..2f2ce91 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -43,6 +43,9 @@ zstd = { version = "0.9", default-features = false } sodiumoxide = "0.2" argon2 = "0.5" rand = "0.8.5" +rustls = "0.22" +rustls-pemfile = "2.0" +tokio-rustls = "0.25" hyper-rustls = { version = "0.24", features = ["http2"] } rpassword = "7.0" diff --git a/src/config.rs b/src/config.rs index b9c1f09..0269773 100644 --- a/src/config.rs +++ b/src/config.rs @@ -9,7 +9,7 @@ use serde::{Deserialize, Serialize}; #[derive(Serialize, Deserialize, Debug, Clone)] pub struct CompanionConfig { pub pid: Option, - pub imap: ImapConfig, + pub imap: ImapUnsecureConfig, #[serde(flatten)] pub users: LoginStaticConfig, @@ -18,8 +18,9 @@ pub struct CompanionConfig { #[derive(Serialize, Deserialize, Debug, Clone)] pub struct ProviderConfig { pub pid: Option, - pub imap: ImapConfig, - pub lmtp: LmtpConfig, + pub imap: Option, + pub imap_unsecure: Option, + pub lmtp: Option, pub users: UserManagement, } @@ -40,6 +41,13 @@ pub struct LmtpConfig { #[derive(Serialize, Deserialize, Debug, Clone)] pub struct ImapConfig { pub bind_addr: SocketAddr, + pub certs: PathBuf, + pub key: PathBuf, +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +pub struct ImapUnsecureConfig { + pub bind_addr: SocketAddr, } #[derive(Serialize, Deserialize, Debug, Clone)] diff --git a/src/imap/mod.rs b/src/imap/mod.rs index 3f685e6..b08a4ff 100644 --- a/src/imap/mod.rs +++ b/src/imap/mod.rs @@ -26,8 +26,10 @@ use imap_codec::imap_types::response::{Code, CommandContinuationRequest, Respons use imap_codec::imap_types::{core::Text, response::Greeting}; use imap_flow::server::{ServerFlow, ServerFlowEvent, ServerFlowOptions}; use imap_flow::stream::AnyStream; +use tokio_rustls::TlsAcceptor; +use rustls_pemfile::{certs, private_key}; -use crate::config::ImapConfig; +use crate::config::{ImapConfig, ImapUnsecureConfig}; use crate::imap::capability::ServerCapability; use crate::imap::request::Request; use crate::imap::response::{Body, ResponseOrIdle}; @@ -39,6 +41,7 @@ pub struct Server { bind_addr: SocketAddr, login_provider: ArcLoginProvider, capabilities: ServerCapability, + tls: Option, } #[derive(Clone)] @@ -49,11 +52,29 @@ struct ClientContext { server_capabilities: ServerCapability, } -pub fn new(config: ImapConfig, login: ArcLoginProvider) -> Server { +pub fn new(config: ImapConfig, login: ArcLoginProvider) -> Result { + let loaded_certs = certs(&mut std::io::BufReader::new(std::fs::File::open(config.certs)?)).collect::, _>>()?; + let loaded_key = private_key(&mut std::io::BufReader::new(std::fs::File::open(config.key)?))?.unwrap(); + + let tls_config = rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(loaded_certs, loaded_key)?; + let acceptor = TlsAcceptor::from(Arc::new(tls_config)); + + Ok(Server { + bind_addr: config.bind_addr, + login_provider: login, + capabilities: ServerCapability::default(), + tls: Some(acceptor), + }) +} + +pub fn new_unsecure(config: ImapUnsecureConfig, login: ArcLoginProvider) -> Server { Server { bind_addr: config.bind_addr, login_provider: login, capabilities: ServerCapability::default(), + tls: None, } } @@ -78,6 +99,19 @@ impl Server { _ = must_exit.changed() => continue, }; tracing::info!("IMAP: accepted connection from {}", remote_addr); + let stream = match self.tls.clone() { + Some(acceptor) => { + let stream = match acceptor.accept(socket).await { + Ok(v) => v, + Err(e) => { + tracing::error!(err=?e, "TLS negociation failed"); + continue; + } + }; + AnyStream::new(stream) + }, + None => AnyStream::new(socket), + }; let client = ClientContext { addr: remote_addr.clone(), @@ -85,7 +119,7 @@ impl Server { must_exit: must_exit.clone(), server_capabilities: self.capabilities.clone(), }; - let conn = tokio::spawn(NetLoop::handler(client, AnyStream::new(socket))); + let conn = tokio::spawn(NetLoop::handler(client, stream)); connections.push(conn); } drop(tcp); diff --git a/src/main.rs b/src/main.rs index a7462bc..3e3674c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -167,13 +167,14 @@ async fn main() -> Result<()> { use std::net::*; AnyConfig::Provider(ProviderConfig { pid: None, - imap: ImapConfig { + imap: None, + imap_unsecure: Some(ImapUnsecureConfig { bind_addr: SocketAddr::new(IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)), 1143), - }, - lmtp: LmtpConfig { + }), + lmtp: Some(LmtpConfig { bind_addr: SocketAddr::new(IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)), 1025), hostname: "example.tld".to_string(), - }, + }), users: UserManagement::Demo, }) } else { diff --git a/src/server.rs b/src/server.rs index bd2fd5d..0df1caf 100644 --- a/src/server.rs +++ b/src/server.rs @@ -15,6 +15,7 @@ use crate::login::{demo_provider::*, ldap_provider::*, static_provider::*}; pub struct Server { lmtp_server: Option>, + imap_unsecure_server: Option, imap_server: Option, pid_file: Option, } @@ -25,10 +26,11 @@ impl Server { let login = Arc::new(StaticLoginProvider::new(config.users).await?); let lmtp_server = None; - let imap_server = Some(imap::new(config.imap, login.clone())); + let imap_unsecure_server = Some(imap::new_unsecure(config.imap, login.clone())); Ok(Self { lmtp_server, - imap_server, + imap_unsecure_server, + imap_server: None, pid_file: config.pid, }) } @@ -41,11 +43,13 @@ impl Server { UserManagement::Ldap(x) => Arc::new(LdapLoginProvider::new(x)?), }; - let lmtp_server = Some(LmtpServer::new(config.lmtp, login.clone())); - let imap_server = Some(imap::new(config.imap, login.clone())); + let lmtp_server = config.lmtp.map(|lmtp| LmtpServer::new(lmtp, login.clone())); + let imap_unsecure_server = config.imap_unsecure.map(|imap| imap::new_unsecure(imap, login.clone())); + let imap_server = config.imap.map(|imap| imap::new(imap, login.clone())).transpose()?; Ok(Self { lmtp_server, + imap_unsecure_server, imap_server, pid_file: config.pid, }) @@ -79,6 +83,12 @@ impl Server { Some(s) => s.run(exit_signal.clone()).await, } }, + async { + match self.imap_unsecure_server { + None => Ok(()), + Some(s) => s.run(exit_signal.clone()).await, + } + }, async { match self.imap_server { None => Ok(()), -- 2.43.4 From 9a265a09e24f6bebf6a6e327da5dd9dfd4dfa866 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 23 Jan 2024 21:09:57 +0100 Subject: [PATCH 03/12] WIP Dovecot Authentication Protocol Server --- src/auth.rs | 32 ++++++++++++++++++++++++++++++++ src/config.rs | 6 ++++++ src/main.rs | 4 ++++ src/server.rs | 4 ++++ 4 files changed, 46 insertions(+) create mode 100644 src/auth.rs diff --git a/src/auth.rs b/src/auth.rs new file mode 100644 index 0000000..27ff1e6 --- /dev/null +++ b/src/auth.rs @@ -0,0 +1,32 @@ +use std::net::SocketAddr; + +/// Seek compatibility with the Dovecot Authentication Protocol +/// +/// ## Trace +/// +/// ```text +/// S: VERSION 1 2 +/// S: MECH PLAIN plaintext +/// S: MECH LOGIN plaintext +/// S: SPID 15 +/// S: CUID 17654 +/// S: COOKIE f56692bee41f471ed01bd83520025305 +/// S: DONE +/// C: VERSION 1 2 +/// C: CPID 1 +/// C: AUTH 2 PLAIN service=smtp +/// S: CONT 2 +/// C: CONT 2 base64string== +/// S: OK 2 user=alice@example.tld +/// ``` +/// +/// ## Dovecot References +/// +/// https://doc.dovecot.org/developer_manual/design/auth_protocol/ +/// https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/#authentication-authentication-mechanisms +/// https://doc.dovecot.org/configuration_manual/howto/simple_virtual_install/#simple-virtual-install-smtp-auth +/// https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/#howto-postfix-and-dovecot-sasl + +pub struct AuthServer { + bind_addr: SocketAddr, +} diff --git a/src/config.rs b/src/config.rs index 0269773..faaa1ba 100644 --- a/src/config.rs +++ b/src/config.rs @@ -21,6 +21,7 @@ pub struct ProviderConfig { pub imap: Option, pub imap_unsecure: Option, pub lmtp: Option, + pub auth: Option, pub users: UserManagement, } @@ -32,6 +33,11 @@ pub enum UserManagement { Ldap(LoginLdapConfig), } +#[derive(Serialize, Deserialize, Debug, Clone)] +pub struct AuthConfig { + pub bind_addr: SocketAddr, +} + #[derive(Serialize, Deserialize, Debug, Clone)] pub struct LmtpConfig { pub bind_addr: SocketAddr, diff --git a/src/main.rs b/src/main.rs index 3e3674c..34d5a11 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,6 @@ #![feature(async_fn_in_trait)] +mod auth; mod bayou; mod config; mod cryptoblob; @@ -175,6 +176,9 @@ async fn main() -> Result<()> { bind_addr: SocketAddr::new(IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)), 1025), hostname: "example.tld".to_string(), }), + auth: Some(AuthConfig { + bind_addr: SocketAddr::new(IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)), 12345), + }), users: UserManagement::Demo, }) } else { diff --git a/src/server.rs b/src/server.rs index 0df1caf..6210059 100644 --- a/src/server.rs +++ b/src/server.rs @@ -9,6 +9,7 @@ use tokio::sync::watch; use crate::config::*; use crate::imap; +use crate::auth; use crate::lmtp::*; use crate::login::ArcLoginProvider; use crate::login::{demo_provider::*, ldap_provider::*, static_provider::*}; @@ -17,6 +18,7 @@ pub struct Server { lmtp_server: Option>, imap_unsecure_server: Option, imap_server: Option, + auth_server: Option, pid_file: Option, } @@ -31,6 +33,7 @@ impl Server { lmtp_server, imap_unsecure_server, imap_server: None, + auth_server: None, pid_file: config.pid, }) } @@ -51,6 +54,7 @@ impl Server { lmtp_server, imap_unsecure_server, imap_server, + auth_server: None, pid_file: config.pid, }) } -- 2.43.4 From 9afd2ea337953ae25517c7bf65406dd8cd0fd375 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 15:21:55 +0100 Subject: [PATCH 04/12] Dovecot auth types --- Cargo.lock | 288 +++++++++++++++++++++++++++++++ Cargo.nix | 481 +++++++++++++++++++++++++++++++++++++++++++++++++++- Cargo.toml | 1 + README.md | 16 +- flake.nix | 2 + src/auth.rs | 247 ++++++++++++++++++++++++++- src/main.rs | 12 +- 7 files changed, 1039 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index de5bce9..a1daf3b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -39,6 +39,7 @@ dependencies = [ "base64 0.21.7", "chrono", "clap", + "console-subscriber", "duplexify", "eml-codec", "futures", @@ -355,6 +356,28 @@ dependencies = [ "wasm-bindgen-futures", ] +[[package]] +name = "async-stream" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd56dd203fef61ac097dd65721a419ddccb106b2d2b70ba60a6b529f03961a51" +dependencies = [ + "async-stream-impl", + "futures-core", + "pin-project-lite 0.2.13", +] + +[[package]] +name = "async-stream-impl" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "async-task" version = "4.7.0" @@ -861,6 +884,51 @@ dependencies = [ "tracing", ] +[[package]] +name = "axum" +version = "0.6.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf" +dependencies = [ + "async-trait", + "axum-core", + "bitflags 1.3.2", + "bytes", + "futures-util", + "http", + "http-body", + "hyper", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite 0.2.13", + "rustversion", + "serde", + "sync_wrapper", + "tower", + "tower-layer", + "tower-service", +] + +[[package]] +name = "axum-core" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http", + "http-body", + "mime", + "rustversion", + "tower-layer", + "tower-service", +] + [[package]] name = "backtrace" version = "0.3.69" @@ -1103,6 +1171,43 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "console-api" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd326812b3fd01da5bb1af7d340d0d555fd3d4b641e7f1dfcf5962a902952787" +dependencies = [ + "futures-core", + "prost", + "prost-types", + "tonic", + "tracing-core", +] + +[[package]] +name = "console-subscriber" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7481d4c57092cd1c19dd541b92bdce883de840df30aa5d03fd48a3935c01842e" +dependencies = [ + "console-api", + "crossbeam-channel", + "crossbeam-utils", + "futures-task", + "hdrhistogram", + "humantime", + "prost-types", + "serde", + "serde_json", + "thread_local", + "tokio", + "tokio-stream", + "tonic", + "tracing", + "tracing-core", + "tracing-subscriber", +] + [[package]] name = "const-oid" version = "0.9.6" @@ -1152,6 +1257,15 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "crossbeam-channel" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "176dc175b78f56c0f321911d9c8eb2b77a78a4860b9c19db83835fea1a46649b" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "crossbeam-utils" version = "0.8.19" @@ -1418,6 +1532,16 @@ dependencies = [ "subtle", ] +[[package]] +name = "flate2" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +dependencies = [ + "crc32fast", + "miniz_oxide", +] + [[package]] name = "fnv" version = "1.0.7" @@ -1637,6 +1761,19 @@ version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +[[package]] +name = "hdrhistogram" +version = "7.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "765c9198f173dd59ce26ff9f95ef0aafd0a0fe01fb9d72841bc5066a4c06511d" +dependencies = [ + "base64 0.21.7", + "byteorder", + "flate2", + "nom 7.1.3", + "num-traits", +] + [[package]] name = "heck" version = "0.4.1" @@ -1707,6 +1844,12 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + [[package]] name = "hyper" version = "0.14.28" @@ -1747,6 +1890,18 @@ dependencies = [ "tokio-rustls 0.24.1", ] +[[package]] +name = "hyper-timeout" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" +dependencies = [ + "hyper", + "pin-project-lite 0.2.13", + "tokio", + "tokio-io-timeout", +] + [[package]] name = "iana-time-zone" version = "0.1.59" @@ -2041,12 +2196,27 @@ dependencies = [ "value-bag", ] +[[package]] +name = "matchers" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" +dependencies = [ + "regex-automata 0.1.10", +] + [[package]] name = "matches" version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" +[[package]] +name = "matchit" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94" + [[package]] name = "md-5" version = "0.10.6" @@ -2063,6 +2233,12 @@ version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -2407,6 +2583,38 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "prost" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "146c289cda302b98a28d40c8b3b90498d6e526dd24ac2ecea73e4e491685b94a" +dependencies = [ + "bytes", + "prost-derive", +] + +[[package]] +name = "prost-derive" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efb6c9a1dd1def8e2124d17e83a20af56f1570d6c2d2bd9e266ccb768df3840e" +dependencies = [ + "anyhow", + "itertools", + "proc-macro2", + "quote", + "syn 2.0.48", +] + +[[package]] +name = "prost-types" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "193898f59edcf43c26227dcd4c8427f00d99d61e95dcde58dabd49fa291d470e" +dependencies = [ + "prost", +] + [[package]] name = "quote" version = "1.0.35" @@ -2741,6 +2949,12 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "rustversion" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" + [[package]] name = "ryu" version = "1.0.16" @@ -3073,6 +3287,12 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + [[package]] name = "synstructure" version = "0.12.6" @@ -3195,9 +3415,20 @@ dependencies = [ "signal-hook-registry", "socket2 0.5.5", "tokio-macros", + "tracing", "windows-sys 0.48.0", ] +[[package]] +name = "tokio-io-timeout" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf" +dependencies = [ + "pin-project-lite 0.2.13", + "tokio", +] + [[package]] name = "tokio-macros" version = "2.2.0" @@ -3276,6 +3507,59 @@ dependencies = [ "serde", ] +[[package]] +name = "tonic" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d560933a0de61cf715926b9cac824d4c883c2c43142f787595e48280c40a1d0e" +dependencies = [ + "async-stream", + "async-trait", + "axum", + "base64 0.21.7", + "bytes", + "h2", + "http", + "http-body", + "hyper", + "hyper-timeout", + "percent-encoding", + "pin-project", + "prost", + "tokio", + "tokio-stream", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" +dependencies = [ + "futures-core", + "futures-util", + "indexmap 1.9.3", + "pin-project", + "pin-project-lite 0.2.13", + "rand", + "slab", + "tokio", + "tokio-util", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-layer" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" + [[package]] name = "tower-service" version = "0.3.2" @@ -3331,10 +3615,14 @@ version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b" dependencies = [ + "matchers", "nu-ansi-term", + "once_cell", + "regex", "sharded-slab", "smallvec", "thread_local", + "tracing", "tracing-core", "tracing-log", ] diff --git a/Cargo.nix b/Cargo.nix index d3ea651..d2b4bae 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -23,7 +23,7 @@ args@{ ignoreLockHash, }: let - nixifiedLockHash = "e05e62b2a1b15079bde73600fbe862e317526af1fa0506af5349f95aaae3d6ff"; + nixifiedLockHash = "2cc6b4b74605fe09c8fd1435baf31fa0a2c72127e31853f55a98e550e22aa6b6"; workspaceSrc = if args.workspaceSrc == null then ./. else args.workspaceSrc; currentLockHash = builtins.hashFile "sha256" (workspaceSrc + /Cargo.lock); lockHashIgnored = if ignoreLockHash @@ -89,6 +89,7 @@ in base64 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".base64."0.21.7" { inherit profileName; }).out; chrono = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".chrono."0.4.31" { inherit profileName; }).out; clap = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".clap."3.2.25" { inherit profileName; }).out; + console_subscriber = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".console-subscriber."0.2.0" { inherit profileName; }).out; duplexify = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".duplexify."1.2.2" { inherit profileName; }).out; eml_codec = (rustPackages."git+https://git.deuxfleurs.fr/Deuxfleurs/eml-codec.git".eml-codec."0.1.2" { inherit profileName; }).out; futures = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures."0.3.30" { inherit profileName; }).out; @@ -106,12 +107,15 @@ in rand = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rand."0.8.5" { inherit profileName; }).out; rmp_serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rmp-serde."0.15.5" { inherit profileName; }).out; rpassword = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rpassword."7.3.1" { inherit profileName; }).out; + rustls = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls."0.22.2" { inherit profileName; }).out; + rustls_pemfile = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-pemfile."2.0.0" { inherit profileName; }).out; serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde."1.0.195" { inherit profileName; }).out; smtp_message = (rustPackages."git+http://github.com/Alexis211/kannader".smtp-message."0.1.0" { inherit profileName; }).out; smtp_server = (rustPackages."git+http://github.com/Alexis211/kannader".smtp-server."0.1.0" { inherit profileName; }).out; sodiumoxide = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sodiumoxide."0.2.7" { inherit profileName; }).out; thiserror = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".thiserror."1.0.56" { inherit profileName; }).out; tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + tokio_rustls = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-rustls."0.25.0" { inherit profileName; }).out; tokio_util = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-util."0.7.10" { inherit profileName; }).out; toml = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".toml."0.5.11" { inherit profileName; }).out; tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; @@ -488,6 +492,30 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".async-stream."0.3.5" = overridableMkRustCrate (profileName: rec { + name = "async-stream"; + version = "0.3.5"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "cd56dd203fef61ac097dd65721a419ddccb106b2d2b70ba60a6b529f03961a51"; }; + dependencies = { + async_stream_impl = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".async-stream-impl."0.3.5" { profileName = "__noProfile"; }).out; + futures_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-core."0.3.30" { inherit profileName; }).out; + pin_project_lite = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project-lite."0.2.13" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".async-stream-impl."0.3.5" = overridableMkRustCrate (profileName: rec { + name = "async-stream-impl"; + version = "0.3.5"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"; }; + dependencies = { + proc_macro2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".proc-macro2."1.0.76" { inherit profileName; }).out; + quote = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".quote."1.0.35" { inherit profileName; }).out; + syn = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".syn."2.0.48" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".async-task."4.7.0" = overridableMkRustCrate (profileName: rec { name = "async-task"; version = "4.7.0"; @@ -1100,6 +1128,57 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".axum."0.6.20" = overridableMkRustCrate (profileName: rec { + name = "axum"; + version = "0.6.20"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf"; }; + dependencies = { + async_trait = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".async-trait."0.1.77" { profileName = "__noProfile"; }).out; + axum_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".axum-core."0.3.4" { inherit profileName; }).out; + bitflags = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bitflags."1.3.2" { inherit profileName; }).out; + bytes = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bytes."1.5.0" { inherit profileName; }).out; + futures_util = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-util."0.3.30" { inherit profileName; }).out; + http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.11" { inherit profileName; }).out; + http_body = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http-body."0.4.6" { inherit profileName; }).out; + hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.28" { inherit profileName; }).out; + itoa = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".itoa."1.0.10" { inherit profileName; }).out; + matchit = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".matchit."0.7.3" { inherit profileName; }).out; + memchr = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".memchr."2.7.1" { inherit profileName; }).out; + mime = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".mime."0.3.17" { inherit profileName; }).out; + percent_encoding = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".percent-encoding."2.3.1" { inherit profileName; }).out; + pin_project_lite = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project-lite."0.2.13" { inherit profileName; }).out; + serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde."1.0.195" { inherit profileName; }).out; + sync_wrapper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sync_wrapper."0.1.2" { inherit profileName; }).out; + tower = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower."0.4.13" { inherit profileName; }).out; + tower_layer = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-layer."0.3.2" { inherit profileName; }).out; + tower_service = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-service."0.3.2" { inherit profileName; }).out; + }; + buildDependencies = { + rustversion = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".rustversion."1.0.14" { profileName = "__noProfile"; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".axum-core."0.3.4" = overridableMkRustCrate (profileName: rec { + name = "axum-core"; + version = "0.3.4"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c"; }; + dependencies = { + async_trait = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".async-trait."0.1.77" { profileName = "__noProfile"; }).out; + bytes = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bytes."1.5.0" { inherit profileName; }).out; + futures_util = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-util."0.3.30" { inherit profileName; }).out; + http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.11" { inherit profileName; }).out; + http_body = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http-body."0.4.6" { inherit profileName; }).out; + mime = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".mime."0.3.17" { inherit profileName; }).out; + tower_layer = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-layer."0.3.2" { inherit profileName; }).out; + tower_service = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-service."0.3.2" { inherit profileName; }).out; + }; + buildDependencies = { + rustversion = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".rustversion."1.0.14" { profileName = "__noProfile"; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".backtrace."0.3.69" = overridableMkRustCrate (profileName: rec { name = "backtrace"; version = "0.3.69"; @@ -1470,6 +1549,52 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".console-api."0.6.0" = overridableMkRustCrate (profileName: rec { + name = "console-api"; + version = "0.6.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "fd326812b3fd01da5bb1af7d340d0d555fd3d4b641e7f1dfcf5962a902952787"; }; + features = builtins.concatLists [ + [ "transport" ] + ]; + dependencies = { + futures_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-core."0.3.30" { inherit profileName; }).out; + prost = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".prost."0.12.3" { inherit profileName; }).out; + prost_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".prost-types."0.12.3" { inherit profileName; }).out; + tonic = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tonic."0.10.2" { inherit profileName; }).out; + tracing_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing-core."0.1.32" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".console-subscriber."0.2.0" = overridableMkRustCrate (profileName: rec { + name = "console-subscriber"; + version = "0.2.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "7481d4c57092cd1c19dd541b92bdce883de840df30aa5d03fd48a3935c01842e"; }; + features = builtins.concatLists [ + [ "default" ] + [ "env-filter" ] + ]; + dependencies = { + console_api = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".console-api."0.6.0" { inherit profileName; }).out; + crossbeam_channel = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".crossbeam-channel."0.5.11" { inherit profileName; }).out; + crossbeam_utils = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".crossbeam-utils."0.8.19" { inherit profileName; }).out; + futures_task = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-task."0.3.30" { inherit profileName; }).out; + hdrhistogram = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hdrhistogram."7.5.4" { inherit profileName; }).out; + humantime = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".humantime."2.1.0" { inherit profileName; }).out; + prost_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".prost-types."0.12.3" { inherit profileName; }).out; + serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde."1.0.195" { inherit profileName; }).out; + serde_json = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde_json."1.0.111" { inherit profileName; }).out; + thread_local = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".thread_local."1.1.7" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + tokio_stream = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-stream."0.1.14" { inherit profileName; }).out; + tonic = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tonic."0.10.2" { inherit profileName; }).out; + tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; + tracing_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing-core."0.1.32" { inherit profileName; }).out; + tracing_subscriber = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing-subscriber."0.3.18" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".const-oid."0.9.6" = overridableMkRustCrate (profileName: rec { name = "const-oid"; version = "0.9.6"; @@ -1537,6 +1662,20 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".crossbeam-channel."0.5.11" = overridableMkRustCrate (profileName: rec { + name = "crossbeam-channel"; + version = "0.5.11"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "176dc175b78f56c0f321911d9c8eb2b77a78a4860b9c19db83835fea1a46649b"; }; + features = builtins.concatLists [ + [ "default" ] + [ "std" ] + ]; + dependencies = { + crossbeam_utils = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".crossbeam-utils."0.8.19" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".crossbeam-utils."0.8.19" = overridableMkRustCrate (profileName: rec { name = "crossbeam-utils"; version = "0.8.19"; @@ -1938,6 +2077,23 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".flate2."1.0.28" = overridableMkRustCrate (profileName: rec { + name = "flate2"; + version = "1.0.28"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"; }; + features = builtins.concatLists [ + [ "any_impl" ] + [ "default" ] + [ "miniz_oxide" ] + [ "rust_backend" ] + ]; + dependencies = { + crc32fast = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".crc32fast."1.3.2" { inherit profileName; }).out; + miniz_oxide = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".miniz_oxide."0.7.1" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".fnv."1.0.7" = overridableMkRustCrate (profileName: rec { name = "fnv"; version = "1.0.7"; @@ -2285,6 +2441,26 @@ in ]; }); + "registry+https://github.com/rust-lang/crates.io-index".hdrhistogram."7.5.4" = overridableMkRustCrate (profileName: rec { + name = "hdrhistogram"; + version = "7.5.4"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "765c9198f173dd59ce26ff9f95ef0aafd0a0fe01fb9d72841bc5066a4c06511d"; }; + features = builtins.concatLists [ + [ "base64" ] + [ "flate2" ] + [ "nom" ] + [ "serialization" ] + ]; + dependencies = { + base64 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".base64."0.21.7" { inherit profileName; }).out; + byteorder = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".byteorder."1.5.0" { inherit profileName; }).out; + flate2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".flate2."1.0.28" { inherit profileName; }).out; + nom = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".nom."7.1.3" { inherit profileName; }).out; + num_traits = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".num-traits."0.2.17" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".heck."0.4.1" = overridableMkRustCrate (profileName: rec { name = "heck"; version = "0.4.1"; @@ -2385,6 +2561,13 @@ in src = fetchCratesIo { inherit name version; sha256 = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"; }; }); + "registry+https://github.com/rust-lang/crates.io-index".humantime."2.1.0" = overridableMkRustCrate (profileName: rec { + name = "humantime"; + version = "2.1.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"; }; + }); + "registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.28" = overridableMkRustCrate (profileName: rec { name = "hyper"; version = "0.14.28"; @@ -2393,6 +2576,7 @@ in features = builtins.concatLists [ [ "client" ] [ "default" ] + [ "full" ] [ "h2" ] [ "http1" ] [ "http2" ] @@ -2451,6 +2635,19 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".hyper-timeout."0.4.1" = overridableMkRustCrate (profileName: rec { + name = "hyper-timeout"; + version = "0.4.1"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1"; }; + dependencies = { + hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.28" { inherit profileName; }).out; + pin_project_lite = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project-lite."0.2.13" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + tokio_io_timeout = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-io-timeout."1.2.0" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".iana-time-zone."0.1.59" = overridableMkRustCrate (profileName: rec { name = "iana-time-zone"; version = "0.1.59"; @@ -2886,6 +3083,16 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".matchers."0.1.0" = overridableMkRustCrate (profileName: rec { + name = "matchers"; + version = "0.1.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"; }; + dependencies = { + regex_automata = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".regex-automata."0.1.10" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".matches."0.1.10" = overridableMkRustCrate (profileName: rec { name = "matches"; version = "0.1.10"; @@ -2893,6 +3100,16 @@ in src = fetchCratesIo { inherit name version; sha256 = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5"; }; }); + "registry+https://github.com/rust-lang/crates.io-index".matchit."0.7.3" = overridableMkRustCrate (profileName: rec { + name = "matchit"; + version = "0.7.3"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"; }; + features = builtins.concatLists [ + [ "default" ] + ]; + }); + "registry+https://github.com/rust-lang/crates.io-index".md-5."0.10.6" = overridableMkRustCrate (profileName: rec { name = "md-5"; version = "0.10.6"; @@ -2921,6 +3138,13 @@ in ]; }); + "registry+https://github.com/rust-lang/crates.io-index".mime."0.3.17" = overridableMkRustCrate (profileName: rec { + name = "mime"; + version = "0.3.17"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"; }; + }); + "registry+https://github.com/rust-lang/crates.io-index".minimal-lexical."0.2.1" = overridableMkRustCrate (profileName: rec { name = "minimal-lexical"; version = "0.2.1"; @@ -2936,6 +3160,9 @@ in version = "0.7.1"; registry = "registry+https://github.com/rust-lang/crates.io-index"; src = fetchCratesIo { inherit name version; sha256 = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"; }; + features = builtins.concatLists [ + [ "with-alloc" ] + ]; dependencies = { adler = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".adler."1.0.2" { inherit profileName; }).out; }; @@ -3438,6 +3665,50 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".prost."0.12.3" = overridableMkRustCrate (profileName: rec { + name = "prost"; + version = "0.12.3"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "146c289cda302b98a28d40c8b3b90498d6e526dd24ac2ecea73e4e491685b94a"; }; + features = builtins.concatLists [ + [ "default" ] + [ "prost-derive" ] + [ "std" ] + ]; + dependencies = { + bytes = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bytes."1.5.0" { inherit profileName; }).out; + prost_derive = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".prost-derive."0.12.3" { profileName = "__noProfile"; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".prost-derive."0.12.3" = overridableMkRustCrate (profileName: rec { + name = "prost-derive"; + version = "0.12.3"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "efb6c9a1dd1def8e2124d17e83a20af56f1570d6c2d2bd9e266ccb768df3840e"; }; + dependencies = { + anyhow = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".anyhow."1.0.79" { inherit profileName; }).out; + itertools = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".itertools."0.10.5" { inherit profileName; }).out; + proc_macro2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".proc-macro2."1.0.76" { inherit profileName; }).out; + quote = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".quote."1.0.35" { inherit profileName; }).out; + syn = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".syn."2.0.48" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".prost-types."0.12.3" = overridableMkRustCrate (profileName: rec { + name = "prost-types"; + version = "0.12.3"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "193898f59edcf43c26227dcd4c8427f00d99d61e95dcde58dabd49fa291d470e"; }; + features = builtins.concatLists [ + [ "default" ] + [ "std" ] + ]; + dependencies = { + prost = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".prost."0.12.3" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".quote."1.0.35" = overridableMkRustCrate (profileName: rec { name = "quote"; version = "1.0.35"; @@ -3470,6 +3741,7 @@ in [ "getrandom" ] [ "libc" ] [ "rand_chacha" ] + [ "small_rng" ] [ "std" ] [ "std_rng" ] ]; @@ -3870,6 +4142,28 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".rustls."0.22.2" = overridableMkRustCrate (profileName: rec { + name = "rustls"; + version = "0.22.2"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41"; }; + features = builtins.concatLists [ + [ "default" ] + [ "log" ] + [ "logging" ] + [ "ring" ] + [ "tls12" ] + ]; + dependencies = { + log = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".log."0.4.20" { inherit profileName; }).out; + ring = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".ring."0.17.7" { inherit profileName; }).out; + pki_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-pki-types."1.1.0" { inherit profileName; }).out; + webpki = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-webpki."0.102.1" { inherit profileName; }).out; + subtle = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".subtle."2.5.0" { inherit profileName; }).out; + zeroize = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".zeroize."1.7.0" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".rustls-native-certs."0.6.3" = overridableMkRustCrate (profileName: rec { name = "rustls-native-certs"; version = "0.6.3"; @@ -3893,6 +4187,33 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".rustls-pemfile."2.0.0" = overridableMkRustCrate (profileName: rec { + name = "rustls-pemfile"; + version = "2.0.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"; }; + features = builtins.concatLists [ + [ "default" ] + [ "std" ] + ]; + dependencies = { + base64 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".base64."0.21.7" { inherit profileName; }).out; + pki_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-pki-types."1.1.0" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".rustls-pki-types."1.1.0" = overridableMkRustCrate (profileName: rec { + name = "rustls-pki-types"; + version = "1.1.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a"; }; + features = builtins.concatLists [ + [ "alloc" ] + [ "default" ] + [ "std" ] + ]; + }); + "registry+https://github.com/rust-lang/crates.io-index".rustls-webpki."0.101.7" = overridableMkRustCrate (profileName: rec { name = "rustls-webpki"; version = "0.101.7"; @@ -3909,6 +4230,30 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".rustls-webpki."0.102.1" = overridableMkRustCrate (profileName: rec { + name = "rustls-webpki"; + version = "0.102.1"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b"; }; + features = builtins.concatLists [ + [ "alloc" ] + [ "ring" ] + [ "std" ] + ]; + dependencies = { + ring = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".ring."0.17.7" { inherit profileName; }).out; + pki_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-pki-types."1.1.0" { inherit profileName; }).out; + untrusted = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".untrusted."0.9.0" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".rustversion."1.0.14" = overridableMkRustCrate (profileName: rec { + name = "rustversion"; + version = "1.0.14"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4"; }; + }); + "registry+https://github.com/rust-lang/crates.io-index".ryu."1.0.16" = overridableMkRustCrate (profileName: rec { name = "ryu"; version = "1.0.16"; @@ -4405,6 +4750,13 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".sync_wrapper."0.1.2" = overridableMkRustCrate (profileName: rec { + name = "sync_wrapper"; + version = "0.1.2"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160"; }; + }); + "registry+https://github.com/rust-lang/crates.io-index".synstructure."0.12.6" = overridableMkRustCrate (profileName: rec { name = "synstructure"; version = "0.12.6"; @@ -4554,6 +4906,7 @@ in [ "bytes" ] [ "default" ] [ "fs" ] + [ "io-std" ] [ "io-util" ] [ "libc" ] [ "macros" ] @@ -4569,6 +4922,7 @@ in [ "sync" ] [ "time" ] [ "tokio-macros" ] + [ "tracing" ] [ "windows-sys" ] ]; dependencies = { @@ -4581,10 +4935,22 @@ in ${ if hostPlatform.isUnix then "signal_hook_registry" else null } = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".signal-hook-registry."1.4.1" { inherit profileName; }).out; socket2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".socket2."0.5.5" { inherit profileName; }).out; tokio_macros = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-macros."2.2.0" { profileName = "__noProfile"; }).out; + ${ if true then "tracing" else null } = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; ${ if hostPlatform.isWindows then "windows_sys" else null } = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".windows-sys."0.48.0" { inherit profileName; }).out; }; }); + "registry+https://github.com/rust-lang/crates.io-index".tokio-io-timeout."1.2.0" = overridableMkRustCrate (profileName: rec { + name = "tokio-io-timeout"; + version = "1.2.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf"; }; + dependencies = { + pin_project_lite = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project-lite."0.2.13" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".tokio-macros."2.2.0" = overridableMkRustCrate (profileName: rec { name = "tokio-macros"; version = "2.2.0"; @@ -4630,6 +4996,24 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".tokio-rustls."0.25.0" = overridableMkRustCrate (profileName: rec { + name = "tokio-rustls"; + version = "0.25.0"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"; }; + features = builtins.concatLists [ + [ "default" ] + [ "logging" ] + [ "ring" ] + [ "tls12" ] + ]; + dependencies = { + rustls = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls."0.22.2" { inherit profileName; }).out; + pki_types = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rustls-pki-types."1.1.0" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + }; + }); + "registry+https://github.com/rust-lang/crates.io-index".tokio-stream."0.1.14" = overridableMkRustCrate (profileName: rec { name = "tokio-stream"; version = "0.1.14"; @@ -4637,6 +5021,7 @@ in src = fetchCratesIo { inherit name version; sha256 = "397c988d37662c7dda6d2208364a706264bf3d6138b11d436cbac0ad38832842"; }; features = builtins.concatLists [ [ "default" ] + [ "net" ] [ "time" ] ]; dependencies = { @@ -4683,6 +5068,91 @@ in }; }); + "registry+https://github.com/rust-lang/crates.io-index".tonic."0.10.2" = overridableMkRustCrate (profileName: rec { + name = "tonic"; + version = "0.10.2"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "d560933a0de61cf715926b9cac824d4c883c2c43142f787595e48280c40a1d0e"; }; + features = builtins.concatLists [ + [ "channel" ] + [ "codegen" ] + [ "default" ] + [ "prost" ] + [ "transport" ] + ]; + dependencies = { + async_stream = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".async-stream."0.3.5" { inherit profileName; }).out; + async_trait = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".async-trait."0.1.77" { profileName = "__noProfile"; }).out; + axum = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".axum."0.6.20" { inherit profileName; }).out; + base64 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".base64."0.21.7" { inherit profileName; }).out; + bytes = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bytes."1.5.0" { inherit profileName; }).out; + h2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".h2."0.3.24" { inherit profileName; }).out; + http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.11" { inherit profileName; }).out; + http_body = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http-body."0.4.6" { inherit profileName; }).out; + hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.28" { inherit profileName; }).out; + hyper_timeout = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper-timeout."0.4.1" { inherit profileName; }).out; + percent_encoding = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".percent-encoding."2.3.1" { inherit profileName; }).out; + pin_project = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project."1.1.3" { inherit profileName; }).out; + prost = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".prost."0.12.3" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + tokio_stream = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-stream."0.1.14" { inherit profileName; }).out; + tower = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower."0.4.13" { inherit profileName; }).out; + tower_layer = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-layer."0.3.2" { inherit profileName; }).out; + tower_service = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-service."0.3.2" { inherit profileName; }).out; + tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".tower."0.4.13" = overridableMkRustCrate (profileName: rec { + name = "tower"; + version = "0.4.13"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c"; }; + features = builtins.concatLists [ + [ "__common" ] + [ "balance" ] + [ "buffer" ] + [ "discover" ] + [ "futures-core" ] + [ "futures-util" ] + [ "indexmap" ] + [ "limit" ] + [ "load" ] + [ "make" ] + [ "pin-project" ] + [ "pin-project-lite" ] + [ "rand" ] + [ "ready-cache" ] + [ "slab" ] + [ "timeout" ] + [ "tokio" ] + [ "tokio-util" ] + [ "tracing" ] + [ "util" ] + ]; + dependencies = { + futures_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-core."0.3.30" { inherit profileName; }).out; + futures_util = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures-util."0.3.30" { inherit profileName; }).out; + indexmap = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".indexmap."1.9.3" { inherit profileName; }).out; + pin_project = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project."1.1.3" { inherit profileName; }).out; + pin_project_lite = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".pin-project-lite."0.2.13" { inherit profileName; }).out; + rand = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".rand."0.8.5" { inherit profileName; }).out; + slab = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".slab."0.4.9" { inherit profileName; }).out; + tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.35.1" { inherit profileName; }).out; + tokio_util = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio-util."0.7.10" { inherit profileName; }).out; + tower_layer = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-layer."0.3.2" { inherit profileName; }).out; + tower_service = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tower-service."0.3.2" { inherit profileName; }).out; + tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; + }; + }); + + "registry+https://github.com/rust-lang/crates.io-index".tower-layer."0.3.2" = overridableMkRustCrate (profileName: rec { + name = "tower-layer"; + version = "0.3.2"; + registry = "registry+https://github.com/rust-lang/crates.io-index"; + src = fetchCratesIo { inherit name version; sha256 = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0"; }; + }); + "registry+https://github.com/rust-lang/crates.io-index".tower-service."0.3.2" = overridableMkRustCrate (profileName: rec { name = "tower-service"; version = "0.3.2"; @@ -4762,20 +5232,29 @@ in [ "alloc" ] [ "ansi" ] [ "default" ] + [ "env-filter" ] [ "fmt" ] + [ "matchers" ] [ "nu-ansi-term" ] + [ "once_cell" ] + [ "regex" ] [ "registry" ] [ "sharded-slab" ] [ "smallvec" ] [ "std" ] [ "thread_local" ] + [ "tracing" ] [ "tracing-log" ] ]; dependencies = { + matchers = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".matchers."0.1.0" { inherit profileName; }).out; nu_ansi_term = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".nu-ansi-term."0.46.0" { inherit profileName; }).out; + once_cell = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".once_cell."1.19.0" { inherit profileName; }).out; + regex = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".regex."1.10.2" { inherit profileName; }).out; sharded_slab = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sharded-slab."0.1.7" { inherit profileName; }).out; smallvec = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".smallvec."1.13.1" { inherit profileName; }).out; thread_local = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".thread_local."1.1.7" { inherit profileName; }).out; + tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.40" { inherit profileName; }).out; tracing_core = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing-core."0.1.32" { inherit profileName; }).out; tracing_log = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing-log."0.2.0" { inherit profileName; }).out; }; diff --git a/Cargo.toml b/Cargo.toml index 2f2ce91..fd60496 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,6 +15,7 @@ futures = "0.3" # debug log = "0.4" backtrace = "0.3" +console-subscriber = "0.2" tracing-subscriber = "0.3" tracing = "0.1" diff --git a/README.md b/README.md index df468be..b15330d 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,18 @@ A resilient & standards-compliant open-source IMAP server with built-in encrypti ## Roadmap - ✅ 0.1 Better emails parsing (july '23, see [eml-codec](https://git.deuxfleurs.fr/Deuxfleurs/eml-codec)). - - ⌛0.2 Support of IMAP4rev1. (~september '23). - - ⌛0.3 Subset of IMAP4rev2. (~december '23). - - ⌛0.4 CalDAV support. (~february '24). - - ⌛0.5 CardDAV support. + - ✅ 0.2 Support of IMAP4. (~january '24). + - ⌛0.3 CalDAV support. (~february '24). + - ⌛0.4 CardDAV support. + - ⌛0.5 Public beta. + +## A note about cargo2nix + +Currently, you must edit Cargo.nix by hand after running `cargo2nix`. +Find the `tokio` dependency declaration. +Look at tokio's dependencies, the `tracing` is disable through a `if false` logic. +Activate it by replacing the condition with `if true`. + ## Sponsors and funding diff --git a/flake.nix b/flake.nix index 4bea061..7811c97 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,8 @@ packageFun = import ./Cargo.nix; target = rustTarget; release = true; + rustcLinkFlags = [ "--cfg" "tokio_unstable" ]; + rustcBuildFlags = [ "--cfg" "tokio_unstable" ]; rustToolchain = with fenix.packages.x86_64-linux; combine [ minimal.cargo minimal.rustc diff --git a/src/auth.rs b/src/auth.rs index 27ff1e6..a85330b 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,4 +1,15 @@ use std::net::SocketAddr; +use std::sync::Arc; + +use anyhow::Result; +use futures::stream::{FuturesUnordered, StreamExt}; +use tokio::io::BufStream; +use tokio::io::AsyncBufReadExt; +use tokio::net::{TcpListener, TcpStream}; +use tokio::sync::watch; + +use crate::config::AuthConfig; +use crate::login::ArcLoginProvider; /// Seek compatibility with the Dovecot Authentication Protocol /// @@ -16,17 +27,249 @@ use std::net::SocketAddr; /// C: CPID 1 /// C: AUTH 2 PLAIN service=smtp /// S: CONT 2 -/// C: CONT 2 base64string== +/// C: CONT 2 base64stringFollowingRFC4616== /// S: OK 2 user=alice@example.tld /// ``` /// +/// ## RFC References +/// +/// PLAIN SASL - https://datatracker.ietf.org/doc/html/rfc4616 +/// +/// /// ## Dovecot References /// /// https://doc.dovecot.org/developer_manual/design/auth_protocol/ /// https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/#authentication-authentication-mechanisms /// https://doc.dovecot.org/configuration_manual/howto/simple_virtual_install/#simple-virtual-install-smtp-auth /// https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/#howto-postfix-and-dovecot-sasl - pub struct AuthServer { + login_provider: ArcLoginProvider, bind_addr: SocketAddr, } + + +impl AuthServer { + pub fn new( + config: AuthConfig, + login_provider: ArcLoginProvider, + ) -> Self { + Self { + bind_addr: config.bind_addr, + login_provider, + } + } + + + pub async fn run(self: &Arc, mut must_exit: watch::Receiver) -> Result<()> { + let tcp = TcpListener::bind(self.bind_addr).await?; + tracing::info!("SASL Authentication Protocol listening on {:#}", self.bind_addr); + + let mut connections = FuturesUnordered::new(); + + while !*must_exit.borrow() { + let wait_conn_finished = async { + if connections.is_empty() { + futures::future::pending().await + } else { + connections.next().await + } + }; + + let (socket, remote_addr) = tokio::select! { + a = tcp.accept() => a?, + _ = wait_conn_finished => continue, + _ = must_exit.changed() => continue, + }; + + tracing::info!("AUTH: accepted connection from {}", remote_addr); + let conn = tokio::spawn(NetLoop::new(socket).run()); + + + connections.push(conn); + } + drop(tcp); + + tracing::info!("AUTH server shutting down, draining remaining connections..."); + while connections.next().await.is_some() {} + + Ok(()) + } +} + +struct NetLoop { + stream: BufStream, +} + +impl NetLoop { + fn new(stream: TcpStream) -> Self{ + Self { + stream: BufStream::new(stream), + } + } + + async fn run(self) -> Result<()> { + let mut lines = self.stream.lines(); + while let Some(line) = lines.next_line().await? { + } + + Ok(()) + } +} + +#[derive(Debug)] +enum Mechanism { + Plain, + Login, +} + + +#[derive(Debug)] +enum AuthOptions { + /// Unique session ID. Mainly used for logging. + Session(u64), + /// Local IP connected to by the client. In standard string format, e.g. 127.0.0.1 or ::1. + LocalIp(String), + /// Remote client IP + RemoteIp(String), + /// Local port connected to by the client. + LocalPort(u16), + /// Remote client port + RemotePort(u16), + /// When Dovecot proxy is used, the real_rip/real_port are the proxy’s IP/port and real_lip/real_lport are the backend’s IP/port where the proxy was connected to. + RealRemoteIp(String), + RealLocalIp(String), + RealLocalPort(u16), + RealRemotePort(u16), + /// TLS SNI name + LocalName(String), + /// Enable debugging for this lookup. + Debug, + /// List of fields that will become available via %{forward_*} variables. The list is double-tab-escaped, like: tab_escaped[tab_escaped(key=value)[...] + /// Note: we do not unescape the tabulation, and thus we don't parse the data + ForwardViews(Vec), + /// Remote user has secured transport to auth client (e.g. localhost, SSL, TLS). + Secured(String), + /// The value can be “insecure”, “trusted” or “TLS”. + Transport(String), + /// TLS cipher being used. + TlsCipher(String), + /// The number of bits in the TLS cipher. + /// @FIXME: I don't know how if it's a string or an integer + TlsCipherBits(String), + /// TLS perfect forward secrecy algorithm (e.g. DH, ECDH) + TlsPfs(String), + /// TLS protocol name (e.g. SSLv3, TLSv1.2) + TlsProtocol(String), + /// Remote user has presented a valid SSL certificate. + ValidClientCert(String), + /// Ignore auth penalty tracking for this request + NoPenalty, + /// Username taken from client’s SSL certificate. + CertUsername, + /// IMAP ID string + ClientId, + /// Initial response for authentication mechanism. + /// NOTE: This must be the last parameter. Everything after it is ignored. + /// This is to avoid accidental security holes if user-given data is directly put to base64 string without filtering out tabs. + /// @FIXME: I don't understand this parameter + Resp(Vec), +} + +#[derive(Debug)] +enum ClientCommands { + /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. + Version { + major: u64, + minor: u64, + }, + /// CPID finishes the handshake from client. + Cpid(u64), + Auth { + /// ID is a connection-specific unique request identifier. It must be a 32bit number, so typically you’d just increment it by one. + id: u64, + /// A SASL mechanism (eg. LOGIN, PLAIN, etc.) + /// See: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/#authentication-authentication-mechanisms + mechanism: Mechanism, + /// Service is the service requesting authentication, eg. pop3, imap, smtp. + service: String, + /// All the optional parameters + options: Vec, + + }, + Cont { + /// The must match the of the AUTH command. + id: u64, + /// Data that will be serialized to / deserialized from base64 + data: Vec, + } +} + +#[derive(Debug)] +enum MechanismParameters { + /// Anonymous authentication + Anonymous, + /// Transfers plaintext passwords + PlainText, + /// Subject to passive (dictionary) attack + Dictionary, + /// Subject to active (non-dictionary) attack + Active, + /// Provides forward secrecy between sessions + ForwardSecrecy, + /// Provides mutual authentication + MutualAuth, + /// Don’t advertise this as available SASL mechanism (eg. APOP) + Private, +} + +#[derive(Debug)] +enum FailCode { + /// This is a temporary internal failure, e.g. connection was lost to SQL database. + TempFail, + /// Authentication succeeded, but authorization failed (master user’s password was ok, but destination user was not ok). + AuthzFail, + /// User is disabled (password may or may not have been correct) + UserDisabled, + /// User’s password has expired. + PassExpired, +} + +#[derive(Debug)] +enum ServerCommands { + /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. + Version { + major: u64, + minor: u64, + }, + /// CPID and SPID specify client and server Process Identifiers (PIDs). They should be unique identifiers for the specific process. UNIX process IDs are good choices. + /// SPID can be used by authentication client to tell master which server process handled the authentication. + Spid(u64), + /// CUID is a server process-specific unique connection identifier. It’s different each time a connection is established for the server. + /// CUID is currently useful only for APOP authentication. + Cuid(u64), + Mech { + kind: Mechanism, + parameters: Vec, + }, + /// COOKIE returns connection-specific 128 bit cookie in hex. It must be given to REQUEST command. (Protocol v1.1+ / Dovecot v2.0+) + Cookie([u8;16]), + /// DONE finishes the handshake from server. + Done, + + Fail { + id: u64, + user_id: Option, + code: FailCode, + }, + Cont { + id: u64, + data: Vec, + }, + /// FAIL and OK may contain multiple unspecified parameters which authentication client may handle specially. + /// The only one specified here is user= parameter, which should always be sent if the userid is known. + Ok { + id: u64, + user_id: Option, + parameters: Vec, + }, +} diff --git a/src/main.rs b/src/main.rs index 34d5a11..72bce83 100644 --- a/src/main.rs +++ b/src/main.rs @@ -148,6 +148,16 @@ enum AccountManagement { }, } +#[cfg(tokio_unstable)] +fn tracer() { + console_subscriber::init(); +} + +#[cfg(not(tokio_unstable))] +fn tracer() { + tracing_subscriber::fmt::init(); +} + #[tokio::main] async fn main() -> Result<()> { if std::env::var("RUST_LOG").is_err() { @@ -161,7 +171,7 @@ async fn main() -> Result<()> { std::process::abort(); })); - tracing_subscriber::fmt::init(); + tracer(); let args = Args::parse(); let any_config = if args.dev { -- 2.43.4 From f9d6c1c92769d0104acc4db6f236d48b97e1dbe0 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 17:32:47 +0100 Subject: [PATCH 05/12] Basic parsing of Dovecot Client Commands --- Cargo.lock | 1 + Cargo.toml | 3 +- src/auth.rs | 189 ++++++++++++++++++++++++++++++++++++++++++++++---- src/server.rs | 9 ++- 4 files changed, 186 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a1daf3b..7fccea7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -54,6 +54,7 @@ dependencies = [ "ldap3", "log", "nix", + "nom 7.1.3", "rand", "rmp-serde", "rpassword", diff --git a/Cargo.toml b/Cargo.toml index fd60496..a02d1a3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,12 +32,13 @@ chrono = { version = "0.4", default-features = false, features = ["alloc"] } nix = { version = "0.27", features = ["signal"] } clap = { version = "3.1.18", features = ["derive", "env"] } -# serialization +# serialization & parsing serde = "1.0.137" rmp-serde = "0.15" toml = "0.5" base64 = "0.21" hex = "0.4" +nom = "7.1" zstd = { version = "0.9", default-features = false } # cryptography & security diff --git a/src/auth.rs b/src/auth.rs index a85330b..42b3362 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,7 +1,7 @@ use std::net::SocketAddr; use std::sync::Arc; -use anyhow::Result; +use anyhow::{Result, anyhow}; use futures::stream::{FuturesUnordered, StreamExt}; use tokio::io::BufStream; use tokio::io::AsyncBufReadExt; @@ -60,7 +60,7 @@ impl AuthServer { } - pub async fn run(self: &Arc, mut must_exit: watch::Receiver) -> Result<()> { + pub async fn run(self: Self, mut must_exit: watch::Receiver) -> Result<()> { let tcp = TcpListener::bind(self.bind_addr).await?; tracing::info!("SASL Authentication Protocol listening on {:#}", self.bind_addr); @@ -82,7 +82,7 @@ impl AuthServer { }; tracing::info!("AUTH: accepted connection from {}", remote_addr); - let conn = tokio::spawn(NetLoop::new(socket).run()); + let conn = tokio::spawn(NetLoop::new(socket).run_error()); connections.push(conn); @@ -107,24 +107,39 @@ impl NetLoop { } } - async fn run(self) -> Result<()> { - let mut lines = self.stream.lines(); - while let Some(line) = lines.next_line().await? { + async fn run_error(self) { + match self.run().await { + Ok(()) => tracing::info!("Auth session succeeded"), + Err(e) => tracing::error!(err=?e, "Auth session failed"), } + } - Ok(()) + async fn run(mut self) -> Result<()> { + let mut buff: Vec = Vec::new(); + loop { + buff.clear(); + self.stream.read_until(b'\n', &mut buff).await?; + let (input, cmd) = client_command(&buff).map_err(|_| anyhow!("Unable to parse command"))?; + println!("input: {:?}, cmd: {:?}", input, cmd); + } } } -#[derive(Debug)] +// ----------------------------------------------------------------- +// +// DOVECOT AUTH TYPES +// +// ------------------------------------------------------------------ + +#[derive(Debug, Clone)] enum Mechanism { Plain, Login, } -#[derive(Debug)] -enum AuthOptions { +#[derive(Clone, Debug)] +enum AuthOption { /// Unique session ID. Mainly used for logging. Session(u64), /// Local IP connected to by the client. In standard string format, e.g. 127.0.0.1 or ::1. @@ -176,7 +191,7 @@ enum AuthOptions { } #[derive(Debug)] -enum ClientCommands { +enum ClientCommand { /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. Version { major: u64, @@ -189,11 +204,11 @@ enum ClientCommands { id: u64, /// A SASL mechanism (eg. LOGIN, PLAIN, etc.) /// See: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/#authentication-authentication-mechanisms - mechanism: Mechanism, + mech: Mechanism, /// Service is the service requesting authentication, eg. pop3, imap, smtp. service: String, /// All the optional parameters - options: Vec, + options: Vec, }, Cont { @@ -235,7 +250,7 @@ enum FailCode { } #[derive(Debug)] -enum ServerCommands { +enum ServerCommand { /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. Version { major: u64, @@ -273,3 +288,149 @@ enum ServerCommands { parameters: Vec, }, } + +// ----------------------------------------------------------------- +// +// DOVECOT AUTH DECODING +// +// ------------------------------------------------------------------ + +use nom::{ + IResult, + branch::alt, + error::{ErrorKind, Error}, + character::complete::{tab, u64}, + bytes::complete::{tag, tag_no_case, take, take_while, take_while1}, + multi::{many1, separated_list0}, + combinator::{map, opt, recognize, value,}, + sequence::{pair, preceded, tuple}, +}; +use base64::Engine; + +fn version_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { + let mut parser = tuple(( + tag_no_case(b"VERSION"), + tab, + u64, + tab, + u64 + )); + + let (input, (_, _, major, _, minor)) = parser(input)?; + Ok((input, ClientCommand::Version { major, minor })) +} + +fn cpid_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { + preceded( + pair(tag_no_case(b"CPID"), tab), + map(u64, |v| ClientCommand::Cpid(v)) + )(input) +} + +fn mechanism<'a>(input: &'a [u8]) -> IResult<&'a [u8], Mechanism> { + alt(( + value(Mechanism::Plain, tag_no_case(b"PLAIN")), + value(Mechanism::Login, tag_no_case(b"LOGIN")), + ))(input) +} + +fn is_not_tab_or_esc_or_lf(c: u8) -> bool { + c != 0x09 && c != 0x01 && c != 0x0a // TAB or 0x01 or LF +} + +fn is_esc<'a>(input: &'a [u8]) -> IResult<&'a [u8], &[u8]> { + preceded(tag(&[0x01]), take(1usize))(input) +} + +fn parameter<'a>(input: &'a [u8]) -> IResult<&'a [u8], &[u8]> { + recognize(many1(alt(( + take_while1(is_not_tab_or_esc_or_lf), + is_esc + ))))(input) +} + +fn service<'a>(input: &'a [u8]) -> IResult<&'a [u8], String> { + let (input, buf) = preceded( + tag_no_case("service="), + parameter + )(input)?; + + std::str::from_utf8(buf) + .map(|v| (input, v.to_string())) + .map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1))) +} + +fn auth_option<'a>(input: &'a [u8]) -> IResult<&'a [u8], AuthOption> { + alt(( + value(AuthOption::Debug, tag_no_case(b"debug")), + value(AuthOption::NoPenalty, tag_no_case(b"no-penalty")), + value(AuthOption::CertUsername, tag_no_case(b"cert_username")), + ))(input) +} + +fn auth_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { + let mut parser = tuple(( + tag_no_case(b"AUTH"), + tab, + u64, + tab, + mechanism, + tab, + service, + map( + opt(preceded(tab, separated_list0(tab, auth_option))), + |o| o.unwrap_or(vec![]) + ), + )); + let (input, (_, _, id, _, mech, _, service, options)) = parser(input)?; + Ok((input, ClientCommand::Auth { id, mech, service, options })) +} + +fn is_base64_core(c: u8) -> bool { + c >= 0x30 && c <= 0x39 // 0-9 + || c >= 0x41 && c <= 0x5a // A-Z + || c >= 0x61 && c <= 0x7a // a-z + || c == 0x2b // + + || c == 0x2f // / +} + +fn is_base64_pad(c: u8) -> bool { + c == 0x3d +} + +/// @FIXME Dovecot does not say if base64 content must be padded or not +fn cont_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { + let mut parser = tuple(( + tag_no_case(b"CONT"), + tab, + u64, + tab, + take_while1(is_base64_core), + take_while(is_base64_pad), + )); + + let (input, (_, _, id, _, b64, _)) = parser(input)?; + let data = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64).map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1)))?; + Ok((input, ClientCommand::Cont { id, data })) +} + +fn client_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { + alt(( + version_command, + cpid_command, + auth_command, + cont_command, + ))(input) +} + +/* +fn server_command(buf: &u8) -> IResult<&u8, ServerCommand> { + unimplemented!(); +} +*/ + +// ----------------------------------------------------------------- +// +// DOVECOT AUTH ENCODING +// +// ------------------------------------------------------------------ diff --git a/src/server.rs b/src/server.rs index 6210059..cf9930a 100644 --- a/src/server.rs +++ b/src/server.rs @@ -49,12 +49,13 @@ impl Server { let lmtp_server = config.lmtp.map(|lmtp| LmtpServer::new(lmtp, login.clone())); let imap_unsecure_server = config.imap_unsecure.map(|imap| imap::new_unsecure(imap, login.clone())); let imap_server = config.imap.map(|imap| imap::new(imap, login.clone())).transpose()?; + let auth_server = config.auth.map(|auth| auth::AuthServer::new(auth, login.clone())); Ok(Self { lmtp_server, imap_unsecure_server, imap_server, - auth_server: None, + auth_server, pid_file: config.pid, }) } @@ -98,6 +99,12 @@ impl Server { None => Ok(()), Some(s) => s.run(exit_signal.clone()).await, } + }, + async { + match self.auth_server { + None => Ok(()), + Some(a) => a.run(exit_signal.clone()).await, + } } )?; -- 2.43.4 From c1bab5808b993d33bc505196f58b215d368c8e27 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 17:50:03 +0100 Subject: [PATCH 06/12] QoL connection management --- src/auth.rs | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 42b3362..52b6fab 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -82,7 +82,7 @@ impl AuthServer { }; tracing::info!("AUTH: accepted connection from {}", remote_addr); - let conn = tokio::spawn(NetLoop::new(socket).run_error()); + let conn = tokio::spawn(NetLoop::new(socket, must_exit.clone()).run_error()); connections.push(conn); @@ -98,12 +98,14 @@ impl AuthServer { struct NetLoop { stream: BufStream, + stop: watch::Receiver, } impl NetLoop { - fn new(stream: TcpStream) -> Self{ + fn new(stream: TcpStream, stop: watch::Receiver) -> Self { Self { stream: BufStream::new(stream), + stop, } } @@ -118,9 +120,21 @@ impl NetLoop { let mut buff: Vec = Vec::new(); loop { buff.clear(); - self.stream.read_until(b'\n', &mut buff).await?; - let (input, cmd) = client_command(&buff).map_err(|_| anyhow!("Unable to parse command"))?; - println!("input: {:?}, cmd: {:?}", input, cmd); + tokio::select! { + read_res = self.stream.read_until(b'\n', &mut buff) => { + let bread = read_res?; + if bread == 0 { + tracing::info!("Reading buffer empty, connection has been closed. Exiting AUTH session."); + return Ok(()) + } + let (input, cmd) = client_command(&buff).map_err(|_| anyhow!("Unable to parse command"))?; + println!("input: {:?}, cmd: {:?}", input, cmd); + }, + _ = self.stop.changed() => { + tracing::debug!("Server is stopping, quitting this runner"); + return Ok(()) + } + } } } } -- 2.43.4 From 0adb92e8ff34c1f1671e7afccd27874372d68bbd Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 18:30:28 +0100 Subject: [PATCH 07/12] AuthOptions parsing --- src/auth.rs | 90 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 75 insertions(+), 15 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 52b6fab..b2d0fae 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -177,7 +177,7 @@ enum AuthOption { /// Note: we do not unescape the tabulation, and thus we don't parse the data ForwardViews(Vec), /// Remote user has secured transport to auth client (e.g. localhost, SSL, TLS). - Secured(String), + Secured(Option), /// The value can be “insecure”, “trusted” or “TLS”. Transport(String), /// TLS cipher being used. @@ -197,6 +197,9 @@ enum AuthOption { CertUsername, /// IMAP ID string ClientId, + /// An unknown key + UnknownPair(String, Vec), + UnknownBool(Vec), /// Initial response for authentication mechanism. /// NOTE: This must be the last parameter. Everything after it is ignored. /// This is to avoid accidental security holes if user-given data is directly put to base64 string without filtering out tabs. @@ -313,7 +316,7 @@ use nom::{ IResult, branch::alt, error::{ErrorKind, Error}, - character::complete::{tab, u64}, + character::complete::{tab, u64, u16}, bytes::complete::{tag, tag_no_case, take, take_while, take_while1}, multi::{many1, separated_list0}, combinator::{map, opt, recognize, value,}, @@ -363,22 +366,68 @@ fn parameter<'a>(input: &'a [u8]) -> IResult<&'a [u8], &[u8]> { ))))(input) } -fn service<'a>(input: &'a [u8]) -> IResult<&'a [u8], String> { - let (input, buf) = preceded( - tag_no_case("service="), - parameter - )(input)?; +fn parameter_str(input: &[u8]) -> IResult<&[u8], String> { + let (input, buf) = parameter(input)?; std::str::from_utf8(buf) .map(|v| (input, v.to_string())) .map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1))) } +fn is_param_name_char(c: u8) -> bool { + is_not_tab_or_esc_or_lf(c) && c != 0x3d // = +} + +fn parameter_name(input: &[u8]) -> IResult<&[u8], String> { + let (input, buf) = take_while1(is_param_name_char)(input)?; + + std::str::from_utf8(buf) + .map(|v| (input, v.to_string())) + .map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1))) +} + +fn service<'a>(input: &'a [u8]) -> IResult<&'a [u8], String> { + preceded( + tag_no_case("service="), + parameter_str + )(input) +} + fn auth_option<'a>(input: &'a [u8]) -> IResult<&'a [u8], AuthOption> { + use AuthOption::*; alt(( - value(AuthOption::Debug, tag_no_case(b"debug")), - value(AuthOption::NoPenalty, tag_no_case(b"no-penalty")), - value(AuthOption::CertUsername, tag_no_case(b"cert_username")), + alt(( + value(Debug, tag_no_case(b"debug")), + value(NoPenalty, tag_no_case(b"no-penalty")), + value(ClientId, tag_no_case(b"client_id")), + map(preceded(tag_no_case(b"session="), u64), |id| Session(id)), + map(preceded(tag_no_case(b"lip="), parameter_str), |ip| LocalIp(ip)), + map(preceded(tag_no_case(b"rip="), parameter_str), |ip| RemoteIp(ip)), + map(preceded(tag_no_case(b"lport="), u16), |port| LocalPort(port)), + map(preceded(tag_no_case(b"rport="), u16), |port| RemotePort(port)), + map(preceded(tag_no_case(b"real_rip="), parameter_str), |ip| RealRemoteIp(ip)), + map(preceded(tag_no_case(b"real_lip="), parameter_str), |ip| RealLocalIp(ip)), + map(preceded(tag_no_case(b"real_lport="), u16), |port| RealLocalPort(port)), + map(preceded(tag_no_case(b"real_rport="), u16), |port| RealRemotePort(port)), + )), + alt(( + map(preceded(tag_no_case(b"local_name="), parameter_str), |name| LocalName(name)), + map(preceded(tag_no_case(b"forward_views="), parameter), |views| ForwardViews(views.into())), + map(preceded(tag_no_case(b"secured="), parameter_str), |info| Secured(Some(info))), + value(Secured(None), tag_no_case(b"secured")), + value(CertUsername, tag_no_case(b"cert_username")), + map(preceded(tag_no_case(b"transport="), parameter_str), |ts| Transport(ts)), + map(preceded(tag_no_case(b"tls_cipher="), parameter_str), |cipher| TlsCipher(cipher)), + map(preceded(tag_no_case(b"tls_cipher_bits="), parameter_str), |bits| TlsCipherBits(bits)), + map(preceded(tag_no_case(b"tls_pfs="), parameter_str), |pfs| TlsPfs(pfs)), + map(preceded(tag_no_case(b"tls_protocol="), parameter_str), |proto| TlsProtocol(proto)), + map(preceded(tag_no_case(b"valid-client-cert="), parameter_str), |cert| ValidClientCert(cert)), + )), + alt(( + map(preceded(tag_no_case(b"resp="), base64), |data| Resp(data)), + map(tuple((parameter_name, tag(b"="), parameter)), |(n, _, v)| UnknownPair(n, v.into())), + map(parameter, |v| UnknownBool(v.into())), + )), ))(input) } @@ -409,7 +458,20 @@ fn is_base64_core(c: u8) -> bool { } fn is_base64_pad(c: u8) -> bool { - c == 0x3d + c == 0x3d // = +} + +fn base64(input: &[u8]) -> IResult<&[u8], Vec> { + let (input, (b64, _)) = tuple(( + take_while1(is_base64_core), + take_while(is_base64_pad), + ))(input)?; + + let data = base64::engine::general_purpose::STANDARD_NO_PAD + .decode(b64) + .map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1)))?; + + Ok((input, data)) } /// @FIXME Dovecot does not say if base64 content must be padded or not @@ -419,12 +481,10 @@ fn cont_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { tab, u64, tab, - take_while1(is_base64_core), - take_while(is_base64_pad), + base64 )); - let (input, (_, _, id, _, b64, _)) = parser(input)?; - let data = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64).map_err(|_| nom::Err::Failure(Error::new(input, ErrorKind::TakeWhile1)))?; + let (input, (_, _, id, _, data)) = parser(input)?; Ok((input, ClientCommand::Cont { id, data })) } -- 2.43.4 From bbb050e3990125e51ae434654ae6fdea4f621650 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 18:57:50 +0100 Subject: [PATCH 08/12] Basic response encoding --- src/auth.rs | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/src/auth.rs b/src/auth.rs index b2d0fae..05c88ce 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -4,7 +4,7 @@ use std::sync::Arc; use anyhow::{Result, anyhow}; use futures::stream::{FuturesUnordered, StreamExt}; use tokio::io::BufStream; -use tokio::io::AsyncBufReadExt; +use tokio::io::{AsyncBufReadExt, AsyncWriteExt}; use tokio::net::{TcpListener, TcpStream}; use tokio::sync::watch; @@ -117,6 +117,7 @@ impl NetLoop { } async fn run(mut self) -> Result<()> { + let mut resp_buff = BytesMut::new(); let mut buff: Vec = Vec::new(); loop { buff.clear(); @@ -129,6 +130,12 @@ impl NetLoop { } let (input, cmd) = client_command(&buff).map_err(|_| anyhow!("Unable to parse command"))?; println!("input: {:?}, cmd: {:?}", input, cmd); + ServerCommand::Version { + major: 1, + minor: 2, + }.encode(&mut resp_buff)?; + self.stream.write_all(&resp_buff).await?; + self.stream.flush().await?; }, _ = self.stop.changed() => { tracing::debug!("Server is stopping, quitting this runner"); @@ -508,3 +515,39 @@ fn server_command(buf: &u8) -> IResult<&u8, ServerCommand> { // DOVECOT AUTH ENCODING // // ------------------------------------------------------------------ +use tokio_util::bytes::{BufMut, BytesMut}; +trait Encode { + fn encode(&self, out: &mut BytesMut) -> Result<()>; +} + +fn tab_enc(out: &mut BytesMut) { + out.put(&[0x09][..]) +} + +fn lf_enc(out: &mut BytesMut) { + out.put(&[0x0A][..]) +} + +impl Encode for ServerCommand { + fn encode(&self, out: &mut BytesMut) -> Result<()> { + match self { + Self::Version { major, minor } => { + out.put(&b"VERSION"[..]); + tab_enc(out); + out.put(major.to_string().as_bytes()); + tab_enc(out); + out.put(minor.to_string().as_bytes()); + lf_enc(out); + }, + Self::Spid(v) => unimplemented!(), + Self::Cuid(v) => unimplemented!(), + Self::Mech { kind, parameters } => unimplemented!(), + Self::Cookie(v) => unimplemented!(), + Self::Done => unimplemented!(), + Self::Fail {id, user_id, code } => unimplemented!(), + Self::Cont { id, data } => unimplemented!(), + Self::Ok { id, user_id, parameters } => unimplemented!(), + } + Ok(()) + } +} -- 2.43.4 From b86acd5ed06adbc59518cde78e5b6f31d4865197 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 21:36:46 +0100 Subject: [PATCH 09/12] implemented business logic --- src/auth.rs | 242 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 206 insertions(+), 36 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 05c88ce..697eff3 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,7 +1,6 @@ use std::net::SocketAddr; -use std::sync::Arc; -use anyhow::{Result, anyhow}; +use anyhow::{Result, anyhow, bail}; use futures::stream::{FuturesUnordered, StreamExt}; use tokio::io::BufStream; use tokio::io::{AsyncBufReadExt, AsyncWriteExt}; @@ -82,7 +81,7 @@ impl AuthServer { }; tracing::info!("AUTH: accepted connection from {}", remote_addr); - let conn = tokio::spawn(NetLoop::new(socket, must_exit.clone()).run_error()); + let conn = tokio::spawn(NetLoop::new(socket, self.login_provider.clone(), must_exit.clone()).run_error()); connections.push(conn); @@ -97,15 +96,23 @@ impl AuthServer { } struct NetLoop { + login: ArcLoginProvider, stream: BufStream, stop: watch::Receiver, + state: State, + read_buf: Vec, + write_buf: BytesMut, } impl NetLoop { - fn new(stream: TcpStream, stop: watch::Receiver) -> Self { + fn new(stream: TcpStream, login: ArcLoginProvider, stop: watch::Receiver) -> Self { Self { + login, stream: BufStream::new(stream), + state: State::Init, stop, + read_buf: Vec::new(), + write_buf: BytesMut::new(), } } @@ -117,25 +124,39 @@ impl NetLoop { } async fn run(mut self) -> Result<()> { - let mut resp_buff = BytesMut::new(); - let mut buff: Vec = Vec::new(); loop { - buff.clear(); tokio::select! { - read_res = self.stream.read_until(b'\n', &mut buff) => { + read_res = self.stream.read_until(b'\n', &mut self.read_buf) => { + // Detect EOF / socket close let bread = read_res?; if bread == 0 { tracing::info!("Reading buffer empty, connection has been closed. Exiting AUTH session."); return Ok(()) } - let (input, cmd) = client_command(&buff).map_err(|_| anyhow!("Unable to parse command"))?; - println!("input: {:?}, cmd: {:?}", input, cmd); - ServerCommand::Version { - major: 1, - minor: 2, - }.encode(&mut resp_buff)?; - self.stream.write_all(&resp_buff).await?; - self.stream.flush().await?; + + // Parse command + let (_, cmd) = client_command(&self.read_buf).map_err(|_| anyhow!("Unable to parse command"))?; + tracing::debug!(cmd=?cmd, "Received command"); + + // Make some progress in our local state + self.state.progress(cmd, &self.login).await; + if matches!(self.state, State::Error) { + bail!("Internal state is in error, previous logs explain what went wrong"); + } + + // Build response + let srv_cmds = self.state.response(); + srv_cmds.iter().try_for_each(|r| r.encode(&mut self.write_buf))?; + + // Send responses if at least one command response has been generated + if !srv_cmds.is_empty() { + self.stream.write_all(&self.write_buf).await?; + self.stream.flush().await?; + } + + // Reset buffers + self.read_buf.clear(); + self.write_buf.clear(); }, _ = self.stop.changed() => { tracing::debug!("Server is stopping, quitting this runner"); @@ -146,13 +167,150 @@ impl NetLoop { } } +// ----------------------------------------------------------------- +// +// BUSINESS LOGIC +// +// ----------------------------------------------------------------- +use rand::prelude::*; + +#[derive(Debug)] +enum AuthRes { + Success(String), + Failed(Option, Option), +} + +#[derive(Debug)] +enum State { + Error, + Init, + HandshakePart(Version), + HandshakeDone, + AuthPlainProgress { + id: u64, + }, + AuthDone { + id: u64, + res: AuthRes + }, +} + +const SERVER_MAJOR: u64 = 1; +const SERVER_MINOR: u64 = 2; +impl State { + async fn progress(&mut self, cmd: ClientCommand, login: &ArcLoginProvider) { + + let new_state = 'state: { + match (std::mem::replace(self, State::Error), cmd) { + (Self::Init, ClientCommand::Version(v)) => Self::HandshakePart(v), + (Self::HandshakePart(version), ClientCommand::Cpid(_cpid)) => { + if version.major != SERVER_MAJOR { + tracing::error!(client_major=version.major, server_major=SERVER_MAJOR, "Unsupported client major version"); + break 'state Self::Error + } + + Self::HandshakeDone + }, + (Self::HandshakeDone { .. }, ClientCommand::Auth { id, mech, .. }) | + (Self::AuthDone { .. }, ClientCommand::Auth { id, mech, ..}) => { + if mech != Mechanism::Plain { + tracing::error!(mechanism=?mech, "Unsupported Authentication Mechanism"); + break 'state Self::AuthDone { id, res: AuthRes::Failed(None, None) } + } + + Self::AuthPlainProgress { id } + }, + (Self::AuthPlainProgress { id }, ClientCommand::Cont { id: cid, data }) => { + // Check that ID matches + if cid != id { + tracing::error!(auth_id=id, cont_id=cid, "CONT id does not match AUTH id"); + break 'state Self::AuthDone { id, res: AuthRes::Failed(None, None) } + } + + // Check that we can extract user's login+pass + let (ubin, pbin) = match auth_plain(&data) { + Ok(([], ([], user, pass))) => (user, pass), + Ok(_) => { + tracing::error!("Impersonating user is not supported"); + break 'state Self::AuthDone { id, res: AuthRes::Failed(None, None) } + } + Err(e) => { + tracing::error!(err=?e, "Could not parse the SASL PLAIN data chunk"); + break 'state Self::AuthDone { id, res: AuthRes::Failed(None, None) } + }, + }; + + // Try to convert it to UTF-8 + let (user, password) = match (std::str::from_utf8(ubin), std::str::from_utf8(pbin)) { + (Ok(u), Ok(p)) => (u, p), + _ => { + tracing::error!("Username or password contain invalid UTF-8 characters"); + break 'state Self::AuthDone { id, res: AuthRes::Failed(None, None) } + } + }; + + // Try to connect user + match login.login(user, password).await { + Ok(_) => Self::AuthDone { id, res: AuthRes::Success(user.to_string())}, + Err(e) => { + tracing::warn!(err=?e, "login failed"); + Self::AuthDone { id, res: AuthRes::Failed(Some(user.to_string()), None) } + } + } + }, + _ => { + tracing::error!("This command is not valid in this context"); + Self::Error + }, + } + }; + tracing::debug!(state=?new_state, "Made progress"); + *self = new_state; + } + + fn response(&self) -> Vec { + let mut srv_cmd: Vec = Vec::new(); + + match self { + Self::HandshakeDone { .. } => { + srv_cmd.push(ServerCommand::Version(Version { major: SERVER_MAJOR, minor: SERVER_MINOR })); + srv_cmd.push(ServerCommand::Spid(1u64)); + srv_cmd.push(ServerCommand::Cuid(1u64)); + + let mut cookie = [0u8; 16]; + thread_rng().fill(&mut cookie); + srv_cmd.push(ServerCommand::Cookie(cookie)); + + srv_cmd.push(ServerCommand::Mech { + kind: Mechanism::Plain, + parameters: vec![MechanismParameters::PlainText], + }); + srv_cmd.push(ServerCommand::Done); + }, + Self::AuthPlainProgress { id } => { + srv_cmd.push(ServerCommand::Cont { id: *id, data: None }); + }, + Self::AuthDone { id, res: AuthRes::Success(user) } => { + srv_cmd.push(ServerCommand::Ok { id: *id, user_id: Some(user.to_string()), extra_parameters: vec![]}); + }, + Self::AuthDone { id, res: AuthRes::Failed(maybe_user, maybe_failcode) } => { + srv_cmd.push(ServerCommand::Fail { id: *id, user_id: maybe_user.clone(), code: maybe_failcode.clone(), extra_parameters: vec![]}); + }, + _ => (), + }; + + srv_cmd + } +} + + // ----------------------------------------------------------------- // // DOVECOT AUTH TYPES // -// ------------------------------------------------------------------ +// ----------------------------------------------------------------- -#[derive(Debug, Clone)] +#[derive(Debug, Clone, PartialEq)] enum Mechanism { Plain, Login, @@ -214,13 +372,16 @@ enum AuthOption { Resp(Vec), } +#[derive(Debug, Clone)] +struct Version { + major: u64, + minor: u64, +} + #[derive(Debug)] enum ClientCommand { /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. - Version { - major: u64, - minor: u64, - }, + Version(Version), /// CPID finishes the handshake from client. Cpid(u64), Auth { @@ -261,7 +422,7 @@ enum MechanismParameters { Private, } -#[derive(Debug)] +#[derive(Debug, Clone)] enum FailCode { /// This is a temporary internal failure, e.g. connection was lost to SQL database. TempFail, @@ -276,10 +437,7 @@ enum FailCode { #[derive(Debug)] enum ServerCommand { /// Both client and server should check that they support the same major version number. If they don’t, the other side isn’t expected to be talking the same protocol and should be disconnected. Minor version can be ignored. This document specifies the version number 1.2. - Version { - major: u64, - minor: u64, - }, + Version(Version), /// CPID and SPID specify client and server Process Identifiers (PIDs). They should be unique identifiers for the specific process. UNIX process IDs are good choices. /// SPID can be used by authentication client to tell master which server process handled the authentication. Spid(u64), @@ -298,18 +456,19 @@ enum ServerCommand { Fail { id: u64, user_id: Option, - code: FailCode, + code: Option, + extra_parameters: Vec>, }, Cont { id: u64, - data: Vec, + data: Option>, }, /// FAIL and OK may contain multiple unspecified parameters which authentication client may handle specially. /// The only one specified here is user= parameter, which should always be sent if the userid is known. Ok { id: u64, user_id: Option, - parameters: Vec, + extra_parameters: Vec>, }, } @@ -324,9 +483,9 @@ use nom::{ branch::alt, error::{ErrorKind, Error}, character::complete::{tab, u64, u16}, - bytes::complete::{tag, tag_no_case, take, take_while, take_while1}, + bytes::complete::{is_not, tag, tag_no_case, take, take_while, take_while1}, multi::{many1, separated_list0}, - combinator::{map, opt, recognize, value,}, + combinator::{map, opt, recognize, value, rest}, sequence::{pair, preceded, tuple}, }; use base64::Engine; @@ -341,7 +500,7 @@ fn version_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { )); let (input, (_, _, major, _, minor)) = parser(input)?; - Ok((input, ClientCommand::Version { major, minor })) + Ok((input, ClientCommand::Version(Version { major, minor }))) } fn cpid_command<'a>(input: &'a [u8]) -> IResult<&'a [u8], ClientCommand> { @@ -510,6 +669,17 @@ fn server_command(buf: &u8) -> IResult<&u8, ServerCommand> { } */ +// ----------------------------------------------------------------- +// +// SASL DECODING +// +// ----------------------------------------------------------------- + +// impersonated user, login, password +fn auth_plain<'a>(input: &'a [u8]) -> IResult<&'a [u8], (&'a [u8], &'a [u8], &'a [u8])> { + tuple((is_not([0x0]), is_not([0x0]), rest))(input) +} + // ----------------------------------------------------------------- // // DOVECOT AUTH ENCODING @@ -531,7 +701,7 @@ fn lf_enc(out: &mut BytesMut) { impl Encode for ServerCommand { fn encode(&self, out: &mut BytesMut) -> Result<()> { match self { - Self::Version { major, minor } => { + Self::Version (Version { major, minor }) => { out.put(&b"VERSION"[..]); tab_enc(out); out.put(major.to_string().as_bytes()); @@ -544,9 +714,9 @@ impl Encode for ServerCommand { Self::Mech { kind, parameters } => unimplemented!(), Self::Cookie(v) => unimplemented!(), Self::Done => unimplemented!(), - Self::Fail {id, user_id, code } => unimplemented!(), Self::Cont { id, data } => unimplemented!(), - Self::Ok { id, user_id, parameters } => unimplemented!(), + Self::Ok { id, user_id, extra_parameters } => unimplemented!(), + Self::Fail {id, user_id, code, extra_parameters } => unimplemented!(), } Ok(()) } -- 2.43.4 From 337b7bce6d46b61dd6ba1203e180ee35c820c578 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 22:06:22 +0100 Subject: [PATCH 10/12] Encoding of server commmands --- src/auth.rs | 133 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 125 insertions(+), 8 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 697eff3..31b8206 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -24,10 +24,18 @@ use crate::login::ArcLoginProvider; /// S: DONE /// C: VERSION 1 2 /// C: CPID 1 +/// /// C: AUTH 2 PLAIN service=smtp /// S: CONT 2 /// C: CONT 2 base64stringFollowingRFC4616== /// S: OK 2 user=alice@example.tld +/// +/// C: AUTH 42 LOGIN service=smtp +/// S: CONT 42 VXNlcm5hbWU6 +/// C: CONT 42 b64User +/// S: CONT 42 UGFzc3dvcmQ6 +/// C: CONT 42 b64Pass +/// S: FAIL 42 user=alice /// ``` /// /// ## RFC References @@ -698,6 +706,44 @@ fn lf_enc(out: &mut BytesMut) { out.put(&[0x0A][..]) } +impl Encode for Mechanism { + fn encode(&self, out: &mut BytesMut) -> Result<()> { + match self { + Self::Plain => out.put(&b"PLAIN"[..]), + Self::Login => out.put(&b"LOGIN"[..]), + } + Ok(()) + } +} + +impl Encode for MechanismParameters { + fn encode(&self, out: &mut BytesMut) -> Result<()> { + match self { + Self::Anonymous => out.put(&b"anonymous"[..]), + Self::PlainText => out.put(&b"plaintext"[..]), + Self::Dictionary => out.put(&b"dictionary"[..]), + Self::Active => out.put(&b"active"[..]), + Self::ForwardSecrecy => out.put(&b"forward-secrecy"[..]), + Self::MutualAuth => out.put(&b"mutual-auth"[..]), + Self::Private => out.put(&b"private"[..]), + } + Ok(()) + } +} + + +impl Encode for FailCode { + fn encode(&self, out: &mut BytesMut) -> Result<()> { + match self { + Self::TempFail => out.put(&b"temp_fail"[..]), + Self::AuthzFail => out.put(&b"authz_fail"[..]), + Self::UserDisabled => out.put(&b"user_disabled"[..]), + Self::PassExpired => out.put(&b"pass_expired"[..]), + }; + Ok(()) + } +} + impl Encode for ServerCommand { fn encode(&self, out: &mut BytesMut) -> Result<()> { match self { @@ -709,14 +755,85 @@ impl Encode for ServerCommand { out.put(minor.to_string().as_bytes()); lf_enc(out); }, - Self::Spid(v) => unimplemented!(), - Self::Cuid(v) => unimplemented!(), - Self::Mech { kind, parameters } => unimplemented!(), - Self::Cookie(v) => unimplemented!(), - Self::Done => unimplemented!(), - Self::Cont { id, data } => unimplemented!(), - Self::Ok { id, user_id, extra_parameters } => unimplemented!(), - Self::Fail {id, user_id, code, extra_parameters } => unimplemented!(), + Self::Spid(pid) => { + out.put(&b"SPID"[..]); + tab_enc(out); + out.put(pid.to_string().as_bytes()); + lf_enc(out); + }, + Self::Cuid(pid) => { + out.put(&b"CUID"[..]); + tab_enc(out); + out.put(pid.to_string().as_bytes()); + lf_enc(out); + }, + Self::Cookie(cval) => { + out.put(&b"COOKIE"[..]); + tab_enc(out); + out.put(hex::encode(cval).as_bytes()); + lf_enc(out); + + }, + Self::Mech { kind, parameters } => { + out.put(&b"MECH"[..]); + tab_enc(out); + kind.encode(out)?; + for p in parameters.iter() { + tab_enc(out); + p.encode(out)?; + } + lf_enc(out); + }, + Self::Done => { + out.put(&b"DONE"[..]); + lf_enc(out); + }, + Self::Cont { id, data } => { + out.put(&b"CONT"[..]); + tab_enc(out); + out.put(id.to_string().as_bytes()); + if let Some(rdata) = data { + tab_enc(out); + let b64 = base64::engine::general_purpose::STANDARD.encode(rdata); + out.put(b64.as_bytes()); + } + lf_enc(out); + }, + Self::Ok { id, user_id, extra_parameters } => { + out.put(&b"OK"[..]); + tab_enc(out); + out.put(id.to_string().as_bytes()); + if let Some(user) = user_id { + tab_enc(out); + out.put(&b"user="[..]); + out.put(user.as_bytes()); + } + for p in extra_parameters.iter() { + tab_enc(out); + out.put(&p[..]); + } + lf_enc(out); + }, + Self::Fail {id, user_id, code, extra_parameters } => { + out.put(&b"FAIL"[..]); + tab_enc(out); + out.put(id.to_string().as_bytes()); + if let Some(user) = user_id { + tab_enc(out); + out.put(&b"user="[..]); + out.put(user.as_bytes()); + } + if let Some(code_val) = code { + tab_enc(out); + out.put(&b"code="[..]); + code_val.encode(out)?; + } + for p in extra_parameters.iter() { + tab_enc(out); + out.put(&p[..]); + } + lf_enc(out); + }, } Ok(()) } -- 2.43.4 From 06d37d3399499c94fff408056155db76f43c4afa Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 22:15:33 +0100 Subject: [PATCH 11/12] correctly parse sasl --- src/auth.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/auth.rs b/src/auth.rs index 31b8206..4d2747f 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -683,9 +683,16 @@ fn server_command(buf: &u8) -> IResult<&u8, ServerCommand> { // // ----------------------------------------------------------------- +fn not_null(c: u8) -> bool { + c != 0x0 +} + // impersonated user, login, password fn auth_plain<'a>(input: &'a [u8]) -> IResult<&'a [u8], (&'a [u8], &'a [u8], &'a [u8])> { - tuple((is_not([0x0]), is_not([0x0]), rest))(input) + map( + tuple((take_while(not_null), take(1usize), take_while(not_null), take(1usize), rest)), + |(imp, _, user, _, pass)| (imp, user, pass), + )(input) } // ----------------------------------------------------------------- -- 2.43.4 From efd9ae5defd8647b709ad0e6cf17f3b28278c591 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 24 Jan 2024 23:09:29 +0100 Subject: [PATCH 12/12] Fix postfix bug --- src/auth.rs | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 4d2747f..a3edcbc 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -144,7 +144,7 @@ impl NetLoop { // Parse command let (_, cmd) = client_command(&self.read_buf).map_err(|_| anyhow!("Unable to parse command"))?; - tracing::debug!(cmd=?cmd, "Received command"); + tracing::trace!(cmd=?cmd, "Received command"); // Make some progress in our local state self.state.progress(cmd, &self.login).await; @@ -154,7 +154,10 @@ impl NetLoop { // Build response let srv_cmds = self.state.response(); - srv_cmds.iter().try_for_each(|r| r.encode(&mut self.write_buf))?; + srv_cmds.iter().try_for_each(|r| { + tracing::trace!(cmd=?r, "Sent command"); + r.encode(&mut self.write_buf) + })?; // Send responses if at least one command response has been generated if !srv_cmds.is_empty() { @@ -282,17 +285,19 @@ impl State { match self { Self::HandshakeDone { .. } => { srv_cmd.push(ServerCommand::Version(Version { major: SERVER_MAJOR, minor: SERVER_MINOR })); - srv_cmd.push(ServerCommand::Spid(1u64)); - srv_cmd.push(ServerCommand::Cuid(1u64)); - - let mut cookie = [0u8; 16]; - thread_rng().fill(&mut cookie); - srv_cmd.push(ServerCommand::Cookie(cookie)); srv_cmd.push(ServerCommand::Mech { kind: Mechanism::Plain, parameters: vec![MechanismParameters::PlainText], }); + + srv_cmd.push(ServerCommand::Spid(15u64)); + srv_cmd.push(ServerCommand::Cuid(19350u64)); + + let mut cookie = [0u8; 16]; + thread_rng().fill(&mut cookie); + srv_cmd.push(ServerCommand::Cookie(cookie)); + srv_cmd.push(ServerCommand::Done); }, Self::AuthPlainProgress { id } => { @@ -366,6 +371,8 @@ enum AuthOption { ValidClientCert(String), /// Ignore auth penalty tracking for this request NoPenalty, + /// Unknown option sent by Postfix + NoLogin, /// Username taken from client’s SSL certificate. CertUsername, /// IMAP ID string @@ -574,6 +581,7 @@ fn auth_option<'a>(input: &'a [u8]) -> IResult<&'a [u8], AuthOption> { value(Debug, tag_no_case(b"debug")), value(NoPenalty, tag_no_case(b"no-penalty")), value(ClientId, tag_no_case(b"client_id")), + value(NoLogin, tag_no_case(b"nologin")), map(preceded(tag_no_case(b"session="), u64), |id| Session(id)), map(preceded(tag_no_case(b"lip="), parameter_str), |ip| LocalIp(ip)), map(preceded(tag_no_case(b"rip="), parameter_str), |ip| RemoteIp(ip)), @@ -799,8 +807,8 @@ impl Encode for ServerCommand { out.put(&b"CONT"[..]); tab_enc(out); out.put(id.to_string().as_bytes()); + tab_enc(out); if let Some(rdata) = data { - tab_enc(out); let b64 = base64::engine::general_purpose::STANDARD.encode(rdata); out.put(b64.as_bytes()); } -- 2.43.4