identity_dbus_broker

identity_dbus_broker is a Rust crate that provides traits for implementing D-Bus services used in Azure Entra ID authentication. It is part of the larger Himmelblau project, aimed at building an identity broker compatible with Microsoft's proprietary Linux Intune Portal. This crate offers two main traits, SessionBroker and DeviceBroker, which represent the session D-Bus service com.microsoft.identity.broker1 and system service com.microsoft.identity.DeviceBroker1, respectively. These services allow for the handling of authentication requests, similar to what Microsoft's proprietary Intune binaries provide.

Features

• SessionBroker: Handles D-Bus requests related to session authentication.
• DeviceBroker: Manages device-related authentication.
• HimmelblauBroker: Includes a session service implementation that forwards SessionBroker requests to the HimmelblauBroker system D-Bus service, located at org.samba.himmelblau.

The traits provided by this crate simplify the implementation of these D-Bus services.

Example Usage

Himmelblau Session Broker Example

The following is an example of how to use the identity_dbus_broker crate to start a session broker service that forwards requests to the HimmelblauBroker system service.

use identity_dbus_broker::himmelblau_session_broker_serve;

#[tokio::main]
async fn main() -> Result<(), dbus::MethodErr> {
    himmelblau_session_broker_serve().await
}

Himmelblau System Broker Example

This example demonstrates how to implement the HimmelblauBroker trait to handle system-level authentication requests.

use identity_dbus_broker::{HimmelblauBroker, himmelblau_broker_serve};
use libc::uid_t;

struct Broker;

impl HimmelblauBroker for Broker {
    fn acquire_token_silently(
        &mut self,
        protocol_version: String,
        correlation_id: String,
        request_json: String,
        uid: uid_t,
    ) -> Result<String, dbus::MethodErr> {
        eprintln!("The peer uid is {}", uid);
        Ok("{
            \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9.eyJhdWQiOiJlZjFkYTlkNC1mZjc3LTRjM2UtYTAwNS04NDBjM2Y4MzA3NDUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mYTE1ZDY5Mi1lOWM3LTQ0NjAtYTc0My0yOWYyOTUyMjIyOS8iLCJpYXQiOjE1MzcyMzMxMDYsIm5iZiI6MTUzNzIzMzEwNiwiZXhwIjoxNTM3MjM3MDA2LCJhY3IiOiIxIiwiYWlvIjoiQVhRQWkvOElBQUFBRm0rRS9RVEcrZ0ZuVnhMaldkdzhLKzYxQUdyU091TU1GNmViYU1qN1hPM0libUQzZkdtck95RCtOdlp5R24yVmFUL2tES1h3NE1JaHJnR1ZxNkJuOHdMWG9UMUxrSVorRnpRVmtKUFBMUU9WNEtjWHFTbENWUERTL0RpQ0RnRTIyMlRJbU12V05hRU1hVU9Uc0lHdlRRPT0iLCJhbXIiOlsid2lhIl0sImFwcGlkIjoiNzVkYmU3N2YtMTBhMy00ZTU5LTg1ZmQtOGMxMjc1NDRmMTdjIiwiYXBwaWRhY3IiOiIwIiwiZW1haWwiOiJBYmVMaUBtaWNyb3NvZnQuY29tIiwiZmFtaWx5X25hbWUiOiJMaW5jb2xuIiwiZ2l2ZW5fbmFtZSI6IkFiZSAoTVNGVCkiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMjIyNDcvIiwiaXBhZGRyIjoiMjIyLjIyMi4yMjIuMjIiLCJuYW1lIjoiYWJlbGkiLCJvaWQiOiIwMjIyM2I2Yi1hYTFkLTQyZDQtOWVjMC0xYjJiYjkxOTQ0MzgiLCJyaCI6IkkiLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJzdWIiOiJsM19yb0lTUVUyMjJiVUxTOXlpMmswWHBxcE9pTXo1SDNaQUNvMUdlWEEiLCJ0aWQiOiJmYTE1ZDY5Mi1lOWM3LTQ0NjAtYTc0My0yOWYyOTU2ZmQ0MjkiLCJ1bmlxdWVfbmFtZSI6ImFiZWxpQG1pY3Jvc29mdC5jb20iLCJ1dGkiOiJGVnNHeFlYSTMwLVR1aWt1dVVvRkFBIiwidmVyIjoiMS4wIn0.D3H6pMUtQnoJAGq6AHd\",
            \"token_type\": \"Bearer\",
            \"expires_in\": 5368
        }"
        .to_string())
    }

    fn get_accounts(
        &mut self,
        protocol_version: String,
        correlation_id: String,
        request_json: String,
        uid: uid_t,
    ) -> Result<String, dbus::MethodErr> {
        eprintln!("The peer uid is {}", uid);
        Ok("{
            \"accounts\": [
                {
                    \"username\": \"tux@test.onmicrosoft.com\",
                    \"realm\": \"29a02212-775d-43b2-a073-a265002c7d11\"
                }
            ]
        }"
        .to_string())
    }

    // Other methods omitted for brevity
}

#[tokio::main]
async fn main() -> Result<(), dbus::MethodErr> {
    himmelblau_broker_serve::<Broker>(Broker {}).await
}

Getting Started

To use this crate, add the following to your Cargo.toml:

[dependencies]
identity_dbus_broker = "0.1.0"

Then, implement the required traits (SessionBroker and/or DeviceBroker) for your project. You can start the respective D-Bus service using the provided functions:

• session_broker_serve()
• device_broker_serve()

Licensing

identity_dbus_broker is licensed under the LGPL-3.0 license, making it suitable for use in both open source and proprietary projects.

Contributions

Contributions are welcome! If you'd like to collaborate or propose improvements, feel free to open an issue or a pull request.

For more information, check out the Himmelblau project.