[WIP][NSS] Implement token acquisition for NSS

455ad071 · Nik | Klampfradler · 6450d545 · 455ad071
Verified Commit 455ad071 authored 3 years ago by Nik | Klampfradler
--- a/src/nss.rs
+++ b/src/nss.rs
@@ -13,13 +13,44 @@
 * limitations under the License.
 */
-use crate::config::get_config;
+use crate::config::{
+    get_config,
+    get_optional
+};
 use config::Config;
 use crate::logging::setup_log;
+use serde::de::Deserialize;
+use oauth2::{
+    AuthUrl,
+    ClientId,
+    ClientSecret,
+    RequestTokenError,
+    Scope,
+    TokenUrl
+};
+use oauth2::basic::BasicClient;
+use oauth2::reqwest;
+use oauth2::reqwest::http_client;
+use libnss::interop::Response;
 use libnss::passwd::{PasswdHooks, Passwd};
+fn get_or_nss_error<'de, T: Deserialize<'de>>(config: &Config, key: &str) -> Result<T, Response> {
+    match get_optional(config, key) {
+        Some(v) => {
+            debug!("Configuration key found: {}", key);
+            return Ok(v);
+        },
+        None => {
+            error!("Configuration key not found: {}", key);
+            return Err(Response::Unavail);
+        },
+    }
+}
 fn nss_hook_prepare() -> Config {
    let conf = get_config(None);
@@ -32,10 +63,85 @@ fn nss_hook_prepare() -> Config {
    return conf;
 }
+fn get_bearer_token(config: Config) -> Result<String, Response> {
+    let client_id = ClientId::new(get_or_nss_error(&config, "nss.client_id")?);
+    let client_secret = match get_optional(&config, "nss.client_secret") {
+        Some(v) => Some(ClientSecret::new(v)),
+        None => None,
+    };
+    let auth_url = match AuthUrl::new(get_or_nss_error(&config, "nss.auth_url")?) {
+        Ok(u) => u,
+        _ => {
+            error!("Could not parse authorization URL");
+            return Err(Response::Unavail);
+        },
+    };
+    let token_url = match get_optional(&config, "nss.token_url") {
+        Some(v) => match TokenUrl::new(v) {
+            Ok(u) => Some(u),
+            Err(_) => {
+                error!("Could not parse token URL");
+                return Err(Response::Unavail);
+            }
+        },
+        None => None,
+    };
+    let scopes: Vec<&str> = get_or_nss_error(&config, "nss.scopes")?;
+    let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
+    let mut request = client.exchange_client_credentials();
+    for scope in scopes {
+        request = request.add_scope(Scope::new(scope.to_string()));
+    }
+    let result = request.request(http_client);
+    match result {
+            Ok(t) => Ok(t),
+            Err(e) => match e {
+                RequestTokenError::Request(re) => match re {
+                    reqwest::Error::Reqwest(ree) => {
+                        error!("Request error requesting token: {}", ree);
+                        return Err(Response::Unavail);
+                    },
+                    reqwest::Error::Http(he) => {
+                        error!("HTTP error requesting token: {}", he);
+                        return Err(Response::Unavail);
+                    },
+                    reqwest::Error::Io(ioe) => {
+                        error!("IO error requesting token: {}", ioe);
+                        return Err(Response::Unavail);
+                    },
+                    _ => {
+                        error!("Unknown error: {}", re);
+                        return Err(Response::Unavail);
+                    },
+                },
+                RequestTokenError::ServerResponse(t) => {
+                    error!("Authorization server returned error: {}", t);
+                    return Err(Response::Unavail);
+                },
+                RequestTokenError::Parse(pe, _) => {
+                    error!("Error parsing response: {}", pe);
+                    return Err(Response::Unavail);
+                },
+                _ => {
+                    error!("Unknown error: {}", e);
+                    return Err(Response::Unavail);
+                },
+            },
+        }
+}
+fn do_json_request(config: Config, url: String) -> Result<String, Response> {
+    let token = get_bearer_token(config)?;
+}
 struct OidcPasswd;
 impl PasswdHooks for OidcPasswd {
    fn get_all_entries() -> Vec<Passwd> {
+        let config = nss_hook_prepare();
        vec![
            Passwd {
                name: "test".to_string(),