Draft: Support for GSSApi Authentication for SOCKS5

Cargo.toml

@@ -8,7 +8,7 @@ readme = "README.md"
 categories = ["asynchronous", "network-programming"]
 keywords = ["tokio", "async", "proxy", "socks", "socks5"]
 license = "MIT"
-version = "0.5.2"
+version = "0.5.1"
 authors = ["Yilin Chen <[email protected]>"]
 edition = "2018"
 
@@ -31,9 +31,11 @@ futures-util = { version = "0.3", default-features = false }
 tokio = { version = "1.0", features = ["io-util", "net"] }
 either = "1"
 thiserror = "1.0"
+async-trait = "0.1.81"
 
 [dev-dependencies]
 futures-executor = "0.3"
 tokio = { version = "1.0", features = ["io-util", "rt-multi-thread", "net"] }
 once_cell = "1.2.0"
 hyper = "0.14"
+async-trait = "0.1.81"

src/error.rs

@@ -71,6 +71,9 @@ pub enum Error {
 
     #[error("Request rejected because the client program and identd report different user-ids")]
     InvalidUserIdAuthFailure,
+
+    #[error("Gssapi auth failure, code: {0}")]
+    GssapiAuthFailure(u8),
 }
 
 ///// Result type of `tokio-socks`

src/lib.rs

@@ -1,15 +1,11 @@
+use async_trait::async_trait;
 use either::Either;
 use futures_util::{
     future,
     stream::{self, Once, Stream},
 };
 use std::{
-    borrow::Cow,
-    io,
-    net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs},
-    pin::Pin,
-    task::{Context, Poll},
-    vec,
+    borrow::Cow, fmt::Debug, io, net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs}, pin::Pin, task::{Context, Poll}, vec
 };
 
 pub use error::Error;
@@ -47,6 +43,7 @@ trivial_impl_to_proxy_addrs!((Ipv6Addr, u16));
 trivial_impl_to_proxy_addrs!(SocketAddrV4);
 trivial_impl_to_proxy_addrs!(SocketAddrV6);
 
+#[allow(clippy::unnecessary_to_owned)]
 impl<'a> ToProxyAddrs for &'a [SocketAddr] {
     type Output = ProxyAddrsStream;
 
@@ -235,8 +232,7 @@ impl IntoTargetAddr<'static> for (String, u16) {
 }
 
 impl<'a, T> IntoTargetAddr<'a> for &'a T
-where
-    T: IntoTargetAddr<'a> + Copy,
+where T: IntoTargetAddr<'a> + Copy
 {
     fn into_target_addr(self) -> Result<TargetAddr<'a>> {
         (*self).into_target_addr()
@@ -247,18 +243,54 @@ where
 #[derive(Debug)]
 enum Authentication<'a> {
     Password { username: &'a str, password: &'a str },
+    Gssapi { gssapi_authenticator: GssapiAuthenticator<'a>},
     None,
 }
 
+pub struct GssapiAuthenticator<'a> {
+    gssapi_authenticator: &'a dyn GssapiAuthentication,
+    renegotiate_sec_token: bool
+}
+
+impl<'a> GssapiAuthenticator<'a> {
+    pub fn new(gssapi_authenticator: &'a dyn GssapiAuthentication, renegotiate_sec_token: bool) -> Self {
+        GssapiAuthenticator{gssapi_authenticator, renegotiate_sec_token }
+    }
+}
+
+impl <'a>Debug for GssapiAuthenticator<'a> {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "GssapiAuthenticator")
+    }
+}
+
 impl<'a> Authentication<'a> {
     fn id(&self) -> u8 {
         match self {
             Authentication::Password { .. } => 0x02,
+            Authentication::Gssapi { .. } => 0x01,
             Authentication::None => 0x00,
         }
     }
 }
 
+#[async_trait]
+pub trait GssapiAuthentication: Send + Sync {
+    // This method retrieves the security context token, 
+    // server_challenge as None:    means return the first init_sec token
+    // server_challenge as Some(x): means return the resp for the servers challenge
+    async fn get_security_context(&self, server_challenge: Option<&[u8]>) -> std::result::Result<String, Error>;
+
+    // This method performs the subnegotiation step
+    async fn get_protection_level(&self) -> std::result::Result<String, Error>;
+}
+
+impl Debug for dyn GssapiAuthentication {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "GssapiAuthentication Trait")
+    }
+}
+
 mod error;
 pub mod tcp;
 
@@ -300,9 +332,7 @@ mod tests {
     }
 
     fn into_target_addr<'a, T>(t: T) -> Result<TargetAddr<'a>>
-    where
-        T: IntoTargetAddr<'a>,
-    {
+    where T: IntoTargetAddr<'a> {
         t.into_target_addr()
     }