mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 13:07:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/kanidmd/src/server/main.rs

327 lines
11 KiB
Rust
Raw Normal View History

Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#![deny(warnings)]
V large cleanup
2020-08-04 04:58:11 +02:00
#![warn(unused_extern_crates)]
#![deny(clippy::unwrap_used)]
#![deny(clippy::expect_used)]
#![deny(clippy::panic)]
#![deny(clippy::unreachable)]
#![deny(clippy::await_holding_lock)]
#![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)]
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use serde_derive::Deserialize;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::fs::{metadata, File, Metadata};
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::io::Read;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::os::unix::fs::MetadataExt;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::path::Path;
Remove "extern crate" from binary crates
2020-01-08 11:49:26 +01:00
use std::path::PathBuf;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::str::FromStr;
Implement memberof with direct/indirect tracking and testcases. (#48) * Implement memberof with direct/indirect tracking and testcases.
2019-05-08 02:39:46 +02:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use kanidm::audit::LogLevel;
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
use kanidm::config::Configuration;
use kanidm::core::{
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
backup_server_core, create_server_core, domain_rename_core, recover_account_core,
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
reindex_server_core, restore_server_core, verify_server_core,
cargo fmt
2019-07-29 09:09:18 +02:00
};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
use structopt::StructOpt;
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
include!("./opt.rs");
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
#[derive(Debug, Deserialize)]
struct ServerConfig {
pub bindaddress: Option<String>,
pub ldapbindaddress: Option<String>,
// pub threads: Option<usize>,
pub db_path: String,
Support zfs page size
2020-08-04 08:52:57 +02:00
pub db_fs_type: Option<String>,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
pub tls_ca: Option<String>,
pub tls_cert: Option<String>,
pub tls_key: Option<String>,
pub log_level: Option<String>,
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
pub origin: String,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
}
impl ServerConfig {
pub fn new<P: AsRef<Path>>(config_path: P) -> Result<Self, ()> {
let mut f = File::open(config_path).map_err(|e| {
eprintln!("Unable to open config file [{:?}] 🥺", e);
})?;
let mut contents = String::new();
f.read_to_string(&mut contents)
.map_err(|e| eprintln!("unable to read contents {:?}", e))?;
toml::from_str(contents.as_str()).map_err(|e| eprintln!("unable to parse config {:?}", e))
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
impl KanidmdOpt {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
fn commonopt(&self) -> &CommonOpt {
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
match self {
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Server(sopt) | KanidmdOpt::Verify(sopt) | KanidmdOpt::Reindex(sopt) => {
&sopt
}
KanidmdOpt::Backup(bopt) => &bopt.commonopts,
KanidmdOpt::Restore(ropt) => &ropt.commonopts,
KanidmdOpt::RecoverAccount(ropt) => &ropt.commonopts,
KanidmdOpt::DomainChange(dopt) => &dopt.commonopts,
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
}
}
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
fn read_file_metadata(path: &PathBuf) -> Metadata {
match metadata(path) {
Ok(m) => m,
Err(e) => {
eprintln!(
"Unable to read metadata for {} - {:?}",
V large cleanup
2020-08-04 04:58:11 +02:00
path.to_str().unwrap_or("invalid file path"),
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
e
);
std::process::exit(1);
}
}
}
314 improve async (#316) this completely removes actix and actix-web from the codebase, replacing it with tokio and http-rs/tide. Due to a current temporary limit in tokio parts with openssl/libressl, rustls is used for the webserver, but I'll change this back once that issue is resolved. For now there are likely some other clippy issues, but the next step now is that I can finally run cargo outdated and update this and the other kanidm/* deps to be up to date due to no longer being held back on versions by actix. So following this, I need to finish clippy warnings, and run cargo outdated and cargo audit.
2020-09-06 00:44:35 +02:00
#[tokio::main]
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
async fn main() {
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
// Get info about who we are.
let cuid = get_current_uid();
let ceuid = get_effective_uid();
let cgid = get_current_gid();
let cegid = get_effective_gid();
if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
Change root user check to warning due to container run times (#328) Fixes #327 - In container run times, the default is to run as root. This may be user with virtualised containers or even to just smooth the "first run" process rather than requiring a user for the process and volumes.
2020-10-30 02:12:06 +01:00
eprintln!("WARNING: This is running as uid == 0 (root) which may be a security risk.");
// eprintln!("ERROR: Refusing to run - this process must not operate as root.");
// std::process::exit(1);
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
if cuid != ceuid || cgid != cegid {
eprintln!("{} != {} || {} != {}", cuid, ceuid, cgid, cegid);
eprintln!("ERROR: Refusing to run - uid and euid OR gid and egid must be consistent.");
std::process::exit(1);
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
// Read cli args, determine if we should backup/restore
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
let opt = KanidmdOpt::from_args();
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let mut config = Configuration::new();
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
// Check the permissions are sane.
let cfg_meta = read_file_metadata(&(opt.commonopt().config_path));
if !cfg_meta.permissions().readonly() {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...",
V large cleanup
2020-08-04 04:58:11 +02:00
opt.commonopt().config_path.to_str().unwrap_or("invalid file path"));
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
if cfg_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...",
V large cleanup
2020-08-04 04:58:11 +02:00
opt.commonopt().config_path.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
}
if cfg_meta.uid() == cuid || cfg_meta.uid() == ceuid {
eprintln!("WARNING: {} owned by the current uid, which may allow file permission changes. This could be a security risk ...",
V large cleanup
2020-08-04 04:58:11 +02:00
opt.commonopt().config_path.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
}
// Read our config
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
let sconfig = match ServerConfig::new(&(opt.commonopt().config_path)) {
Ok(c) => c,
Err(e) => {
eprintln!("Config Parse failure {:?}", e);
std::process::exit(1);
}
};
// Apply the file requirements
let ll = sconfig
.log_level
.map(|ll| match LogLevel::from_str(ll.as_str()) {
Ok(v) => v as u32,
Err(e) => {
eprintln!("{:?}", e);
std::process::exit(1);
}
});
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
// Check the permissions of the files from the configuration.
if let Some(i_str) = &(sconfig.tls_ca) {
let i_path = PathBuf::from(i_str.as_str());
let i_meta = read_file_metadata(&i_path);
if !i_meta.permissions().readonly() {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
}
if let Some(i_str) = &(sconfig.tls_cert) {
let i_path = PathBuf::from(i_str.as_str());
let i_meta = read_file_metadata(&i_path);
if !i_meta.permissions().readonly() {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
}
if let Some(i_str) = &(sconfig.tls_key) {
let i_path = PathBuf::from(i_str.as_str());
let i_meta = read_file_metadata(&i_path);
if !i_meta.permissions().readonly() {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
if i_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...", i_str);
}
}
let db_path = PathBuf::from(sconfig.db_path.as_str());
// We can't check the db_path permissions because it may note exist yet!
if let Some(db_parent_path) = db_path.parent() {
if !db_parent_path.exists() {
eprintln!(
"DB folder {} may not exist, server startup may FAIL!",
V large cleanup
2020-08-04 04:58:11 +02:00
db_parent_path.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
}
let db_par_path_buf = db_parent_path.to_path_buf();
let i_meta = read_file_metadata(&db_par_path_buf);
if !i_meta.is_dir() {
eprintln!(
"ERROR: Refusing to run - DB folder {} may not be a directory",
V large cleanup
2020-08-04 04:58:11 +02:00
db_par_path_buf.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
std::process::exit(1);
}
if i_meta.permissions().readonly() {
V large cleanup
2020-08-04 04:58:11 +02:00
eprintln!("WARNING: DB folder permissions on {} indicate it may not be RW. This could cause the server start up to fail!", db_par_path_buf.to_str().unwrap_or("invalid file path"));
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
if i_meta.mode() & 0o007 != 0 {
V large cleanup
2020-08-04 04:58:11 +02:00
eprintln!("WARNING: DB folder {} has 'everyone' permission bits in the mode. This could be a security risk ...", db_par_path_buf.to_str().unwrap_or("invalid file path"));
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
}
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
config.update_log_level(ll);
config.update_db_path(&sconfig.db_path.as_str());
Support zfs page size
2020-08-04 08:52:57 +02:00
config.update_db_fs_type(&sconfig.db_fs_type);
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
config.update_tls(&sconfig.tls_ca, &sconfig.tls_cert, &sconfig.tls_key);
config.update_bind(&sconfig.bindaddress);
config.update_ldapbind(&sconfig.ldapbindaddress);
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
config.update_origin(&sconfig.origin.as_str());
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// Apply any cli overrides, normally debug level.
181 pam nsswitch name spn (#270) This allows configuration of which attribute is presented during gid/uid resolution, adds home directory prefixing, and home directory name attribute selection.
2020-06-21 13:57:48 +02:00
if let Some(dll) = opt.commonopt().debug.as_ref() {
config.update_log_level(Some(dll.clone() as u32));
}
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
::std::env::set_var("RUST_LOG", "tide=info,kanidm=info,webauthn=debug");
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
env_logger::builder()
.format_timestamp(None)
.format_level(false)
.init();
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
match opt {
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Server(_sopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in server mode ...");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
314 improve async (#316) this completely removes actix and actix-web from the codebase, replacing it with tokio and http-rs/tide. Due to a current temporary limit in tokio parts with openssl/libressl, rustls is used for the webserver, but I'll change this back once that issue is resolved. For now there are likely some other clippy issues, but the next step now is that I can finally run cargo outdated and update this and the other kanidm/* deps to be up to date due to no longer being held back on versions by actix. So following this, I need to finish clippy warnings, and run cargo outdated and cargo audit.
2020-09-06 00:44:35 +02:00
/*
let mut rt = tokio::runtime::Builder::new()
.threaded_scheduler()
.build()
.unwrap();
*/
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
2020-06-10 04:07:43 +02:00
let sctx = create_server_core(config).await;
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
match sctx {
314 improve async (#316) this completely removes actix and actix-web from the codebase, replacing it with tokio and http-rs/tide. Due to a current temporary limit in tokio parts with openssl/libressl, rustls is used for the webserver, but I'll change this back once that issue is resolved. For now there are likely some other clippy issues, but the next step now is that I can finally run cargo outdated and update this and the other kanidm/* deps to be up to date due to no longer being held back on versions by actix. So following this, I need to finish clippy warnings, and run cargo outdated and cargo audit.
2020-09-06 00:44:35 +02:00
Ok(_sctx) => match tokio::signal::ctrl_c().await {
V large cleanup
2020-08-04 04:58:11 +02:00
Ok(_) => {
eprintln!("Ctrl-C received, shutting down");
314 improve async (#316) this completely removes actix and actix-web from the codebase, replacing it with tokio and http-rs/tide. Due to a current temporary limit in tokio parts with openssl/libressl, rustls is used for the webserver, but I'll change this back once that issue is resolved. For now there are likely some other clippy issues, but the next step now is that I can finally run cargo outdated and update this and the other kanidm/* deps to be up to date due to no longer being held back on versions by actix. So following this, I need to finish clippy warnings, and run cargo outdated and cargo audit.
2020-09-06 00:44:35 +02:00
// sctx.stop(true).await;
V large cleanup
2020-08-04 04:58:11 +02:00
}
Err(_) => {
eprintln!("Invalid signal received, shutting down as a precaution ...");
314 improve async (#316) this completely removes actix and actix-web from the codebase, replacing it with tokio and http-rs/tide. Due to a current temporary limit in tokio parts with openssl/libressl, rustls is used for the webserver, but I'll change this back once that issue is resolved. For now there are likely some other clippy issues, but the next step now is that I can finally run cargo outdated and update this and the other kanidm/* deps to be up to date due to no longer being held back on versions by actix. So following this, I need to finish clippy warnings, and run cargo outdated and cargo audit.
2020-09-06 00:44:35 +02:00
// sctx.stop(true).await;
V large cleanup
2020-08-04 04:58:11 +02:00
}
},
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
Err(_) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Failed to start server core!");
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
return;
}
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Backup(bopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in backup mode ...");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&bopt.commonopts.db_path);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match bopt.path.to_str() {
Some(p) => p,
None => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Invalid backup path");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
std::process::exit(1);
}
};
V large cleanup
2020-08-04 04:58:11 +02:00
backup_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Restore(ropt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in restore mode ...");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&ropt.commonopts.db_path);
initial
2018-09-29 09:54:16 +02:00
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match ropt.path.to_str() {
Some(p) => p,
None => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Invalid restore path");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
std::process::exit(1);
}
};
V large cleanup
2020-08-04 04:58:11 +02:00
restore_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Verify(_vopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in db verification mode ...");
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&vopt.db_path);
V large cleanup
2020-08-04 04:58:11 +02:00
verify_server_core(&config);
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::RecoverAccount(raopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running account recovery ...");
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
V large cleanup
2020-08-04 04:58:11 +02:00
let password = match rpassword::prompt_password_stderr("new password: ") {
Ok(pw) => pw,
Err(e) => {
eprintln!("Failed to get password from prompt {:?}", e);
std::process::exit(1);
}
};
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&raopt.commonopts.db_path);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
V large cleanup
2020-08-04 04:58:11 +02:00
recover_account_core(&config, &raopt.name, &password);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
}
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
/*
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::ResetServerId(vopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Resetting server id. THIS WILL BREAK REPLICATION");
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&vopt.db_path);
reset_sid_core(config);
}
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
*/
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::Reindex(_copt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in reindex mode ...");
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&copt.db_path);
V large cleanup
2020-08-04 04:58:11 +02:00
reindex_server_core(&config);
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::DomainChange(dopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in domain name change mode ... this may take a long time ...");
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// config.update_db_path(&dopt.commonopts.db_path);
V large cleanup
2020-08-04 04:58:11 +02:00
domain_rename_core(&config, &dopt.new_domain_name);
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
initial
2018-09-29 09:54:16 +02:00
}
Reference in a new issue Copy permalink