sasl.cpp

   1 #include "Base64.hpp"
   2 #include "SockBuffer.hpp"
   3
   4 #include <boost/iostreams/concepts.hpp>
   5 #include <boost/iostreams/device/file_descriptor.hpp>
   6 #include <boost/iostreams/stream.hpp>
   7
   8 #include <iostream>
   9 #include <string>
  10 #include <unordered_map>
  11
  12 #include <fmt/format.h>
  13
  14 #include <netdb.h>
  15 #include <sys/socket.h>
  16 #include <sys/un.h>
  17
  18 #include <sys/types.h>
  19
  20 #include <glog/logging.h>
  21
  22 #include <tao/pegtl.hpp>
  23 #include <tao/pegtl/contrib/abnf.hpp>
  24
  25 #include "test-credentials.ipp"
  26
  27 using namespace std::string_literals;
  28
  29 using namespace tao::pegtl;
  30 using namespace tao::pegtl::abnf;
  31
  32 namespace dovecot {
  33 // clang-format off
  34
  35 using HYPHEN = one<'-'>;
  36 using UNDERSCORE = one<'_'>;
  37
  38 struct id : plus<DIGIT> {};
  39 struct pid : plus<DIGIT> {};
  40 struct cookie : rep<32, HEXDIG> {};
  41
  42 struct base64_char : sor<ALPHA, DIGIT, one<'+'>, one<'/'>> {};
  43 struct base64_data : seq<plus<base64_char>, rep_min_max<0, 2, one<'='>>> {};
  44
  45 struct param_char : sor<ALPHA, DIGIT, HYPHEN, UNDERSCORE> {};
  46 struct param_name : rep_min_max<1, 20, param_char> {};
  47
  48 struct param_vchar : not_one<'\t'> {};
  49 struct param_val : rep_min_max<1, 200, param_vchar> {};
  50
  51 struct parameter : sor<param_name, seq<param_name, one<'='>, param_val>> {};
  52
  53 struct UPPER_ALPHA : range<'A', 'Z'> {};
  54
  55 struct mech_char : sor<UPPER_ALPHA, DIGIT, HYPHEN, UNDERSCORE> {};
  56 struct sasl_mech : rep_min_max<1, 20, mech_char> {};
  57
  58 struct vers : seq<TAO_PEGTL_STRING("VERSION"), HTAB, one<'1'>, HTAB, DIGIT, LF> {};
  59 struct mech : seq<TAO_PEGTL_STRING("MECH"), HTAB, sasl_mech, star<seq<HTAB, parameter>>, LF> {};
  60 struct spid : seq<TAO_PEGTL_STRING("SPID"), HTAB, pid, LF> {};
  61 struct cuid : seq<TAO_PEGTL_STRING("CUID"), HTAB, pid, LF> {};
  62 struct cook : seq<TAO_PEGTL_STRING("COOKIE"), HTAB, cookie, LF> {};
  63 struct done : seq<TAO_PEGTL_STRING("DONE"), LF> {};
  64
  65 struct resp : seq<vers, star<mech>, spid, cuid, cook, done, discard> {};
  66
  67 struct auth_ok : seq<TAO_PEGTL_STRING("OK"), HTAB, id, star<seq<HTAB, parameter>>> {};
  68 struct auth_cont : seq<TAO_PEGTL_STRING("CONT"), HTAB, id, HTAB, base64_data> {};
  69 struct auth_fail : seq<TAO_PEGTL_STRING("FAIL"), HTAB, id, star<seq<HTAB, parameter>>> {};
  70
  71 struct auth_resp : seq<sor<auth_ok, auth_cont, auth_fail>, discard> {};
  72
  73 // clang-format on
  74
  75 struct Context {
  76   using parameters_t = std::vector<std::string>;
  77   using mechs_t      = std::unordered_map<std::string, parameters_t>;
  78
  79   uint32_t    id;
  80   std::string cookie;
  81   std::string sasl_mech;
  82
  83   parameters_t parameters;
  84   mechs_t      mechs;
  85
  86   enum class auth_response { none, ok, cont, fail };
  87
  88   // clang-format off
  89   static constexpr auto none = auth_response::none;
  90   static constexpr auto ok   = auth_response::ok;
  91   static constexpr auto cont = auth_response::cont;
  92   static constexpr auto fail = auth_response::fail;
  93
  94   static constexpr char const* c_str(auth_response rsp)
  95   {
  96     switch (rsp) {
  97     case none: return "none";
  98     case ok:   return "ok";
  99     case cont: return "cont";
 100     case fail: return "fail";
 101     }
 102     return "** unknown **";
 103   }
 104   // clang-format on
 105
 106   auth_response auth_resp{none};
 107 };
 108
 109 std::ostream& operator<<(std::ostream& os, Context::auth_response rsp)
 110 {
 111   return os << Context::c_str(rsp);
 112 }
 113
 114 template <typename Rule>
 115 struct action : nothing<Rule> {
 116 };
 117
 118 template <>
 119 struct action<id> {
 120   template <typename Input>
 121   static void apply(Input const& in, Context& ctx)
 122   {
 123     ctx.id = strtoul(in.string().c_str(), nullptr, 10);
 124   }
 125 };
 126
 127 template <>
 128 struct action<cookie> {
 129   template <typename Input>
 130   static void apply(Input const& in, Context& ctx)
 131   {
 132     ctx.cookie = in.string();
 133   }
 134 };
 135
 136 template <>
 137 struct action<parameter> {
 138   template <typename Input>
 139   static void apply(Input const& in, Context& ctx)
 140   {
 141     ctx.parameters.push_back(in.string());
 142   }
 143 };
 144
 145 template <>
 146 struct action<sasl_mech> {
 147   template <typename Input>
 148   static void apply(Input const& in, Context& ctx)
 149   {
 150     ctx.sasl_mech = in.string();
 151   }
 152 };
 153
 154 template <>
 155 struct action<mech> {
 156   template <typename Input>
 157   static void apply(Input const& in, Context& ctx)
 158   {
 159     ctx.mechs.emplace(std::move(ctx.sasl_mech), std::move(ctx.parameters));
 160   }
 161 };
 162
 163 template <>
 164 struct action<auth_ok> {
 165   static void apply0(Context& ctx)
 166   {
 167     ctx.auth_resp = Context::auth_response::ok;
 168   }
 169 };
 170
 171 template <>
 172 struct action<auth_cont> {
 173   static void apply0(Context& ctx)
 174   {
 175     ctx.auth_resp = Context::auth_response::cont;
 176   }
 177 };
 178
 179 template <>
 180 struct action<auth_fail> {
 181   static void apply0(Context& ctx)
 182   {
 183     ctx.auth_resp = Context::auth_response::fail;
 184   }
 185 };
 186 } // namespace dovecot
 187
 188 // clang-format off
 189 constexpr char const* defined_params[]{
 190     "anonymous",
 191     "plaintext",
 192     "dictionary",
 193     "active",
 194     "forward-secrecy",
 195     "mutual-auth",
 196     "private",
 197 };
 198 // clang-format on
 199
 200 int main()
 201 {
 202   auto const fd{socket(AF_UNIX, SOCK_STREAM, 0)};
 203   PCHECK(fd >= 0) << "socket failed";
 204
 205   sockaddr_un addr = {.sun_family = AF_UNIX,
 206                       .sun_path = "/var/spool/postfix/private/auth" };
 207
 208   PCHECK(connect(fd, reinterpret_cast<sockaddr*>(&addr), sizeof(addr)) == 0)
 209       << "[sun_path == \"" << addr.sun_path << "\"] failed";
 210
 211   auto ios{boost::iostreams::stream<SockBuffer>{fd, fd}};
 212
 213   ios << "VERSION\t1\t1\n"
 214       << "CPID\t" << getpid() << "\n"
 215       << std::flush;
 216
 217   auto ctx = dovecot::Context{};
 218   auto in  = istream_input<eol::lf, 1>{ios, 8 * 1024, "sasl"};
 219   if (!parse<dovecot::resp, dovecot::action>(in, ctx)) {
 220     LOG(WARNING) << "handshake response parse failed";
 221   }
 222
 223   for (auto const& m : ctx.mechs) {
 224     LOG(INFO) << m.first;
 225   }
 226
 227   auto const tok{fmt::format(std::string_view("\0{}\0{}", 6), test::username, test::password)};
 228   auto const init{Base64::enc(tok)};
 229
 230   if (ctx.mechs.find("PLAIN") != end(ctx.mechs)) {
 231     auto id{uint32_t{0x12345678}};
 232
 233     ios << "AUTH\t" << id << "\tPLAIN"
 234         << "\tservice=SMTP"
 235         << "\tresp=" << init << '\n'
 236         << std::flush;
 237
 238     if (!parse<dovecot::auth_resp, dovecot::action>(in, ctx)) {
 239       LOG(WARNING) << "auth response parse failed";
 240     }
 241
 242     CHECK_EQ(ctx.id, id);
 243     LOG(INFO) << "AUTH: " << ctx.auth_resp;
 244   }
 245 }