diff --git a/Cargo.lock b/Cargo.lock index 74bd6ab..8b277d4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2547,6 +2547,7 @@ dependencies = [ "lldap_domain_handlers", "lldap_domain_model", "lldap_frontend_options", + "lldap_opaque_handler", "lldap_validation", "log", "mockall", @@ -2729,6 +2730,16 @@ dependencies = [ "smallvec", ] +[[package]] +name = "lldap_opaque_handler" +version = "0.1.0" +dependencies = [ + "async-trait", + "lldap_auth", + "lldap_domain", + "lldap_domain_model", +] + [[package]] name = "lldap_set_password" version = "0.1.0" diff --git a/crates/opaque-handler/Cargo.toml b/crates/opaque-handler/Cargo.toml new file mode 100644 index 0000000..256c703 --- /dev/null +++ b/crates/opaque-handler/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "lldap_opaque_handler" +version = "0.1.0" +description = "Opaque handler trait for LLDAP" +authors.workspace = true +edition.workspace = true +homepage.workspace = true +license.workspace = true +repository.workspace = true + +[features] +test = [] + +[dependencies] +async-trait = "0.1" + +[dependencies.lldap_auth] +path = "../auth" +features = ["opaque_server", "opaque_client", "sea_orm"] + +[dependencies.lldap_domain] +path = "../domain" + +[dependencies.lldap_domain_model] +path = "../domain-model" diff --git a/server/src/domain/opaque_handler.rs b/crates/opaque-handler/src/lib.rs similarity index 100% rename from server/src/domain/opaque_handler.rs rename to crates/opaque-handler/src/lib.rs diff --git a/server/Cargo.toml b/server/Cargo.toml index 4efd58c..dc00a13 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -102,6 +102,9 @@ path = "../crates/domain-handlers" [dependencies.lldap_frontend_options] path = "../crates/frontend-options" +[dependencies.lldap_opaque_handler] +path = "../crates/opaque-handler" + [dependencies.lldap_validation] path = "../crates/validation" @@ -182,6 +185,10 @@ features = ["sync", "tls-rustls"] path = "../crates/auth" features = ["test"] +[dev-dependencies.lldap_opaque_handler] +path = "../crates/opaque-handler" +features = ["test"] + [dev-dependencies.reqwest] version = "*" default-features = false diff --git a/server/src/domain/mod.rs b/server/src/domain/mod.rs index dd769c3..855c76b 100644 --- a/server/src/domain/mod.rs +++ b/server/src/domain/mod.rs @@ -1,6 +1,5 @@ pub mod deserialize; pub mod ldap; -pub mod opaque_handler; pub mod sql_backend_handler; pub mod sql_group_backend_handler; pub mod sql_migrations; diff --git a/server/src/domain/sql_backend_handler.rs b/server/src/domain/sql_backend_handler.rs index 2c815dd..f6271a9 100644 --- a/server/src/domain/sql_backend_handler.rs +++ b/server/src/domain/sql_backend_handler.rs @@ -54,7 +54,7 @@ pub mod tests { } pub async fn insert_user(handler: &SqlBackendHandler, name: &str, pass: &str) { - use crate::domain::opaque_handler::OpaqueHandler; + use lldap_opaque_handler::OpaqueHandler; insert_user_no_password(handler, name).await; let mut rng = rand::rngs::OsRng; let client_registration_start = diff --git a/server/src/domain/sql_group_backend_handler.rs b/server/src/domain/sql_group_backend_handler.rs index ec7a819..9110e4c 100644 --- a/server/src/domain/sql_group_backend_handler.rs +++ b/server/src/domain/sql_group_backend_handler.rs @@ -1,5 +1,5 @@ -use async_trait::async_trait; use crate::domain::sql_backend_handler::SqlBackendHandler; +use async_trait::async_trait; use lldap_access_control::UserReadableBackendHandler; use lldap_domain::{ requests::{CreateGroupRequest, UpdateGroupRequest}, diff --git a/server/src/domain/sql_opaque_handler.rs b/server/src/domain/sql_opaque_handler.rs index 143df7d..01e38b4 100644 --- a/server/src/domain/sql_opaque_handler.rs +++ b/server/src/domain/sql_opaque_handler.rs @@ -1,7 +1,4 @@ -use super::{ - opaque_handler::{OpaqueHandler, login, registration}, - sql_backend_handler::SqlBackendHandler, -}; +use crate::domain::sql_backend_handler::SqlBackendHandler; use async_trait::async_trait; use base64::Engine; use lldap_auth::opaque; @@ -11,6 +8,7 @@ use lldap_domain_model::{ error::{DomainError, Result}, model::{self, UserColumn}, }; +use lldap_opaque_handler::{OpaqueHandler, login, registration}; use sea_orm::{ActiveModelTrait, ActiveValue, EntityTrait, QuerySelect}; use secstr::SecUtf8; use tracing::{debug, info, instrument, warn}; diff --git a/server/src/infra/auth_service.rs b/server/src/infra/auth_service.rs index 2f7fc2b..836890a 100644 --- a/server/src/infra/auth_service.rs +++ b/server/src/infra/auth_service.rs @@ -1,9 +1,6 @@ -use crate::{ - domain::opaque_handler::OpaqueHandler, - infra::{ - tcp_backend_handler::*, - tcp_server::{AppState, TcpError, TcpResult, error_to_http_response}, - }, +use crate::infra::{ + tcp_backend_handler::*, + tcp_server::{AppState, TcpError, TcpResult, error_to_http_response}, }; use actix_web::{ HttpRequest, HttpResponse, @@ -28,6 +25,7 @@ use lldap_domain_handlers::handler::{ BackendHandler, BindRequest, LoginHandler, UserRequestFilter, }; use lldap_domain_model::{error::DomainError, model::UserColumn}; +use lldap_opaque_handler::OpaqueHandler; use sha2::Sha512; use std::{ collections::HashSet, diff --git a/server/src/infra/ldap/delete.rs b/server/src/infra/ldap/delete.rs index 39dddb7..f782ed8 100644 --- a/server/src/infra/ldap/delete.rs +++ b/server/src/infra/ldap/delete.rs @@ -1,11 +1,9 @@ -use crate::{ - domain::ldap::{ - error::{LdapError, LdapResult}, - utils::{LdapInfo, UserOrGroupName, get_user_or_group_id_from_distinguished_name}, - }, +use crate::domain::ldap::{ + error::{LdapError, LdapResult}, + utils::{LdapInfo, UserOrGroupName, get_user_or_group_id_from_distinguished_name}, }; - use lldap_access_control::AdminBackendHandler; use ldap3_proto::proto::{LdapOp, LdapResult as LdapResultOp, LdapResultCode}; +use lldap_access_control::AdminBackendHandler; use lldap_domain::types::{GroupName, UserId}; use lldap_domain_handlers::handler::GroupRequestFilter; use lldap_domain_model::error::DomainError; diff --git a/server/src/infra/ldap/handler.rs b/server/src/infra/ldap/handler.rs index ae7cba2..cee59d9 100644 --- a/server/src/infra/ldap/handler.rs +++ b/server/src/infra/ldap/handler.rs @@ -1,10 +1,7 @@ use crate::{ - domain::{ - ldap::{ - error::{LdapError, LdapResult}, - utils::{LdapInfo, parse_distinguished_name}, - }, - opaque_handler::OpaqueHandler, + domain::ldap::{ + error::{LdapError, LdapResult}, + utils::{LdapInfo, parse_distinguished_name}, }, infra::ldap::{ compare, create, delete, modify, @@ -24,6 +21,7 @@ use lldap_access_control::AccessControlledBackendHandler; use lldap_auth::access_control::ValidationResults; use lldap_domain::types::AttributeName; use lldap_domain_handlers::handler::{BackendHandler, LoginHandler}; +use lldap_opaque_handler::OpaqueHandler; use tracing::{debug, instrument}; use super::delete::make_del_response; diff --git a/server/src/infra/ldap/modify.rs b/server/src/infra/ldap/modify.rs index 6f83319..a763045 100644 --- a/server/src/infra/ldap/modify.rs +++ b/server/src/infra/ldap/modify.rs @@ -1,10 +1,7 @@ use crate::{ - domain::{ - ldap::{ - error::{LdapError, LdapResult}, - utils::{LdapInfo, get_user_id_from_distinguished_name}, - }, - opaque_handler::OpaqueHandler, + domain::ldap::{ + error::{LdapError, LdapResult}, + utils::{LdapInfo, get_user_id_from_distinguished_name}, }, infra::ldap::{ handler::make_modify_response, @@ -15,6 +12,7 @@ use ldap3_proto::proto::{LdapModify, LdapModifyRequest, LdapModifyType, LdapOp, use lldap_access_control::UserReadableBackendHandler; use lldap_auth::access_control::ValidationResults; use lldap_domain::types::UserId; +use lldap_opaque_handler::OpaqueHandler; async fn handle_modify_change( opaque_handler: &impl OpaqueHandler, diff --git a/server/src/infra/ldap/password.rs b/server/src/infra/ldap/password.rs index 2e48485..2bcd12a 100644 --- a/server/src/infra/ldap/password.rs +++ b/server/src/infra/ldap/password.rs @@ -1,23 +1,19 @@ use crate::{ - domain::{ - ldap::{ - error::{LdapError, LdapResult}, - utils::{LdapInfo, get_user_id_from_distinguished_name}, - }, - opaque_handler::OpaqueHandler, - }, - infra::{ - ldap::handler::make_extended_response, + domain::ldap::{ + error::{LdapError, LdapResult}, + utils::{LdapInfo, get_user_id_from_distinguished_name}, }, + infra::ldap::handler::make_extended_response, }; -use lldap_access_control::{AccessControlledBackendHandler, UserReadableBackendHandler}; use anyhow::Result; use ldap3_proto::proto::{ LdapBindCred, LdapBindRequest, LdapOp, LdapPasswordModifyRequest, LdapResultCode, }; +use lldap_access_control::{AccessControlledBackendHandler, UserReadableBackendHandler}; use lldap_auth::access_control::ValidationResults; use lldap_domain::types::UserId; use lldap_domain_handlers::handler::{BackendHandler, BindRequest, LoginHandler}; +use lldap_opaque_handler::OpaqueHandler; pub(crate) async fn do_bind( ldap_info: &LdapInfo, diff --git a/server/src/infra/ldap_server.rs b/server/src/infra/ldap_server.rs index 555c913..bd11f1a 100644 --- a/server/src/infra/ldap_server.rs +++ b/server/src/infra/ldap_server.rs @@ -1,18 +1,16 @@ -use crate::{ - domain::opaque_handler::OpaqueHandler, - infra::{ - configuration::{Configuration, LdapsOptions}, - ldap::handler::LdapHandler, - }, +use crate::infra::{ + configuration::{Configuration, LdapsOptions}, + ldap::handler::LdapHandler, }; -use lldap_access_control::AccessControlledBackendHandler; use actix_rt::net::TcpStream; use actix_server::ServerBuilder; use actix_service::{ServiceFactoryExt, fn_service}; use anyhow::{Context, Result, anyhow}; use ldap3_proto::{LdapCodec, control::LdapControl, proto::LdapMsg, proto::LdapOp}; +use lldap_access_control::AccessControlledBackendHandler; use lldap_domain::types::AttributeName; use lldap_domain_handlers::handler::{BackendHandler, LoginHandler}; +use lldap_opaque_handler::OpaqueHandler; use rustls::PrivateKey; use tokio_rustls::TlsAcceptor as RustlsTlsAcceptor; use tokio_util::codec::{FramedRead, FramedWrite}; diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs index 2220831..50db573 100644 --- a/server/src/infra/tcp_server.rs +++ b/server/src/infra/tcp_server.rs @@ -1,13 +1,9 @@ -use crate::{ - domain::opaque_handler::OpaqueHandler, - infra::{ - auth_service, - configuration::{Configuration, MailOptions}, - logging::CustomRootSpanBuilder, - tcp_backend_handler::*, - }, +use crate::infra::{ + auth_service, + configuration::{Configuration, MailOptions}, + logging::CustomRootSpanBuilder, + tcp_backend_handler::*, }; -use lldap_access_control::{AccessControlledBackendHandler, ReadonlyBackendHandler}; use actix_files::Files; use actix_http::{HttpServiceBuilder, header}; use actix_server::ServerBuilder; @@ -15,8 +11,10 @@ use actix_service::map_config; use actix_web::{App, HttpResponse, Responder, dev::AppConfig, guard, web}; use anyhow::{Context, Result}; use hmac::Hmac; +use lldap_access_control::{AccessControlledBackendHandler, ReadonlyBackendHandler}; use lldap_domain_handlers::handler::{BackendHandler, LoginHandler}; use lldap_domain_model::error::DomainError; +use lldap_opaque_handler::OpaqueHandler; use sha2::Sha512; use std::collections::HashSet; use std::path::PathBuf; diff --git a/server/src/infra/test_utils.rs b/server/src/infra/test_utils.rs index 2b9e680..bb7fa4b 100644 --- a/server/src/infra/test_utils.rs +++ b/server/src/infra/test_utils.rs @@ -1,14 +1,21 @@ -use crate::domain::opaque_handler::*; use lldap_domain::{ requests::{ CreateAttributeRequest, CreateGroupRequest, CreateUserRequest, UpdateGroupRequest, UpdateUserRequest, }, schema::{AttributeList, AttributeSchema, Schema}, - types::*, + types::{ + AttributeName, AttributeType, Group, GroupDetails, GroupId, LdapObjectClass, User, + UserAndGroups, UserId, + }, +}; +use lldap_domain_handlers::handler::{ + BackendHandler, BindRequest, GroupBackendHandler, GroupListerBackendHandler, + GroupRequestFilter, LoginHandler, ReadSchemaBackendHandler, SchemaBackendHandler, + UserBackendHandler, UserListerBackendHandler, UserRequestFilter, }; -use lldap_domain_handlers::handler::*; use lldap_domain_model::error::Result; +use lldap_opaque_handler::{OpaqueHandler, login, registration}; use async_trait::async_trait; use std::collections::HashSet;