mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/kanidmd/daemon/src/main.rs

465 lines
19 KiB
Rust
Raw Normal View History

Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#![deny(warnings)]
V large cleanup
2020-08-04 04:58:11 +02:00
#![warn(unused_extern_crates)]
20220219 webui updates + source refactor + clippy go clip clip (#642)
2022-02-20 03:43:38 +01:00
#![deny(clippy::todo)]
#![deny(clippy::unimplemented)]
V large cleanup
2020-08-04 04:58:11 +02:00
#![deny(clippy::unwrap_used)]
#![deny(clippy::expect_used)]
#![deny(clippy::panic)]
#![deny(clippy::unreachable)]
#![deny(clippy::await_holding_lock)]
#![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)]
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
Windows automagical buildingtons (#798) * windows build automation * making fmt happy, fixing windows-related bug * disabled cargo_incremental when using `sccache`, added build options ARG to Dockerfile, limit docker build to one job
2022-05-31 06:13:21 +02:00
#[cfg(not(target_family = "windows"))]
Move jemalloc to runtime only
2021-02-13 07:17:58 +01:00
#[global_allocator]
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server.
2022-05-24 02:49:34 +02:00
static ALLOC: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
Move jemalloc to runtime only
2021-02-13 07:17:58 +01:00
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(not(target_family = "windows"))] // not needed for windows builds
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(target_family = "windows")] // for windows builds
use whoami;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
Pre-release update and cleanup (#631)
2021-12-31 00:11:20 +01:00
use serde::Deserialize;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::fs::{metadata, File, Metadata};
Fix readonly check (#496)
2021-06-27 03:30:40 +02:00
#[cfg(target_family = "unix")]
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::os::unix::fs::MetadataExt;
Fix readonly check (#496)
2021-06-27 03:30:40 +02:00
use std::io::Read;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::path::Path;
Remove "extern crate" from binary crates
2020-01-08 11:49:26 +01:00
use std::path::PathBuf;
Version argument for kanidm and kanidmd (#991)
2022-08-18 02:36:45 +02:00
use std::process::exit;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::str::FromStr;
Implement memberof with direct/indirect tracking and testcases. (#48) * Implement memberof with direct/indirect tracking and testcases.
2019-05-08 02:39:46 +02:00
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
use sketching::tracing_forest::{self, traits::*, util::*};
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use kanidm::audit::LogLevel;
bleep bloop what was I doing again (#870) * human-facing message generator thingie * doctests for new code
2022-06-28 01:22:31 +02:00
use kanidm::config::{Configuration, OnlineBackup, ServerRole};
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(not(target_family = "windows"))]
20220219 webui updates + source refactor + clippy go clip clip (#642)
2022-02-20 03:43:38 +01:00
use kanidm::utils::file_permissions_readonly;
use score::{
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
backup_server_core, create_server_core, dbscan_get_id2entry_core, dbscan_list_id2entry_core,
dbscan_list_index_analysis_core, dbscan_list_index_core, dbscan_list_indexes_core,
domain_rename_core, recover_account_core, reindex_server_core, restore_server_core,
vacuum_server_core, verify_server_core,
cargo fmt
2019-07-29 09:09:18 +02:00
};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
use clap::{Args, Parser, Subcommand};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
include!("./opt.rs");
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
#[derive(Debug, Deserialize)]
struct ServerConfig {
pub bindaddress: Option<String>,
pub ldapbindaddress: Option<String>,
// pub threads: Option<usize>,
pub db_path: String,
Support zfs page size
2020-08-04 08:52:57 +02:00
pub db_fs_type: Option<String>,
Idlset2, query cache, acp resolve cache (#409)
2021-04-14 01:56:40 +02:00
pub db_arc_size: Option<usize>,
356 Use tls chain file (#358) Fixes #356 - this changes from a split ca_chain/cert configuration to a single chain file. This allows rustls in tide-rustls to present the chain correctly, and allows openssl for ldaps to present the chain correctly too. it also simplifies integration to lets encrypt which provides a chain and key file by default.
2021-02-16 02:40:25 +01:00
pub tls_chain: Option<String>,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
pub tls_key: Option<String>,
pub log_level: Option<String>,
Implement Online Backups (#25) (#536)
2021-07-31 09:13:46 +02:00
pub online_backup: Option<OnlineBackup>,
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
pub domain: String,
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
pub origin: String,
Add ability to pick a server role (#432)
2021-05-06 12:58:22 +02:00
#[serde(default)]
pub role: ServerRole,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
}
impl ServerConfig {
pub fn new<P: AsRef<Path>>(config_path: P) -> Result<Self, ()> {
let mut f = File::open(config_path).map_err(|e| {
eprintln!("Unable to open config file [{:?}] 🥺", e);
})?;
let mut contents = String::new();
f.read_to_string(&mut contents)
.map_err(|e| eprintln!("unable to read contents {:?}", e))?;
toml::from_str(contents.as_str()).map_err(|e| eprintln!("unable to parse config {:?}", e))
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
impl KanidmdOpt {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
fn commonopt(&self) -> &CommonOpt {
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
match self {
vacuum (#365) Fixes #362 moves vacuum to a dedicated task. This is needed as previous vacuuming on startup on large databases could cause the server to fail to start. By making this a task it avoids this error case, and makes the vacuum more predictable, and only run when required.
2021-02-21 06:04:58 +01:00
KanidmdOpt::Server(sopt)
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
| KanidmdOpt::ConfigTest(sopt)
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexes(sopt),
}
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListId2Entry(sopt),
}
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexAnalysis(sopt),
} => &sopt,
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Backup(bopt),
} => &bopt.commonopts,
KanidmdOpt::Database {
commands: DbCommands::Restore(ropt),
} => &ropt.commonopts,
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::RecoverAccount(ropt) => &ropt.commonopts,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndex(dopt),
} => &dopt.commonopts,
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
// KanidmdOpt::DbScan(DbScanOpt::GetIndex(dopt)) => &dopt.commonopts,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::GetId2Entry(dopt),
} => &dopt.commonopts,
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::DomainSettings {
commands: DomainSettingsCmds::DomainChange(sopt),
} => &sopt,
KanidmdOpt::Database {
commands: DbCommands::Verify(sopt),
}
| KanidmdOpt::Database {
commands: DbCommands::Reindex(sopt),
} => &sopt,
KanidmdOpt::Database {
commands: DbCommands::Vacuum(copt),
} => &copt,
Version argument for kanidm and kanidmd (#991)
2022-08-18 02:36:45 +02:00
KanidmdOpt::Version(copt) => &copt,
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
}
}
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
fn read_file_metadata(path: &PathBuf) -> Metadata {
match metadata(path) {
Ok(m) => m,
Err(e) => {
eprintln!(
"Unable to read metadata for {} - {:?}",
V large cleanup
2020-08-04 04:58:11 +02:00
path.to_str().unwrap_or("invalid file path"),
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
e
);
std::process::exit(1);
}
}
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
/// Gets the user details if we're running in unix-land
#[cfg(not(target_family = "windows"))]
fn get_user_details_unix() -> (u32, u32) {
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
let cuid = get_current_uid();
let ceuid = get_effective_uid();
let cgid = get_current_gid();
let cegid = get_effective_gid();
if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
Change root user check to warning due to container run times (#328) Fixes #327 - In container run times, the default is to run as root. This may be user with virtualised containers or even to just smooth the "first run" process rather than requiring a user for the process and volumes.
2020-10-30 02:12:06 +01:00
eprintln!("WARNING: This is running as uid == 0 (root) which may be a security risk.");
// eprintln!("ERROR: Refusing to run - this process must not operate as root.");
// std::process::exit(1);
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
if cuid != ceuid || cgid != cegid {
eprintln!("{} != {} || {} != {}", cuid, ceuid, cgid, cegid);
eprintln!("ERROR: Refusing to run - uid and euid OR gid and egid must be consistent.");
std::process::exit(1);
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
(cuid, ceuid)
}
/// Get information on the windows username
#[cfg(target_family = "windows")]
fn get_user_details_windows() {
eprintln!(
"Running on windows, current username is: {:?}",
whoami::username()
);
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
#[tokio::main(flavor = "multi_thread")]
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
async fn main() {
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
tracing_forest::worker_task()
.set_global(true)
.set_tag(sketching::event_tagger)
// Fall back to stderr
.map_sender(|sender| sender.or_stderr())
.build_on(|subscriber| subscriber
.with(EnvFilter::try_from_default_env()
.or_else(|_| EnvFilter::try_new("info"))
.expect("Failed to init envfilter")
)
)
.on(async {
// Get information on the windows username
#[cfg(target_family = "windows")]
get_user_details_windows();
// Get info about who we are.
#[cfg(target_family = "unix")]
let (cuid, ceuid) = get_user_details_unix();
// Read cli args, determine if we should backup/restore
let opt = KanidmdParser::parse();
Version argument for kanidm and kanidmd (#991)
2022-08-18 02:36:45 +02:00
// print the app version and bail
if let KanidmdOpt::Version(_) = &opt.commands {
kanidm_proto::utils::show_version("kanidmd");
exit(0);
};
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
let mut config = Configuration::new();
// Check the permissions are OK.
#[cfg(target_family = "unix")]
{
let cfg_meta = read_file_metadata(&(opt.commands.commonopt().config_path));
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
#[cfg(target_family = "unix")]
if !file_permissions_readonly(&cfg_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path"));
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
#[cfg(target_family = "unix")]
if cfg_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path")
);
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
#[cfg(target_family = "unix")]
if cfg_meta.uid() == cuid || cfg_meta.uid() == ceuid {
eprintln!("WARNING: {} owned by the current uid, which may allow file permission changes. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path")
);
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
}
181 pam nsswitch name spn (#270) This allows configuration of which attribute is presented during gid/uid resolution, adds home directory prefixing, and home directory name attribute selection.
2020-06-21 13:57:48 +02:00
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
// Read our config
let sconfig = match ServerConfig::new(&(opt.commands.commonopt().config_path)) {
Ok(c) => c,
Err(e) => {
eprintln!("Config Parse failure {:?}", e);
std::process::exit(1);
}
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
};
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
// Apply the file requirements
let ll = sconfig
.log_level
.map(|ll| match LogLevel::from_str(ll.as_str()) {
Ok(v) => v as u32,
Err(e) => {
eprintln!("{:?}", e);
std::process::exit(1);
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
});
// Check the permissions of the files from the configuration.
let db_path = PathBuf::from(sconfig.db_path.as_str());
// We can't check the db_path permissions because it may not exist yet!
if let Some(db_parent_path) = db_path.parent() {
if !db_parent_path.exists() {
eprintln!(
"DB folder {} may not exist, server startup may FAIL!",
db_parent_path.to_str().unwrap_or("invalid file path")
);
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
let db_par_path_buf = db_parent_path.to_path_buf();
let i_meta = read_file_metadata(&db_par_path_buf);
if !i_meta.is_dir() {
eprintln!(
"ERROR: Refusing to run - DB folder {} may not be a directory",
db_par_path_buf.to_str().unwrap_or("invalid file path")
);
std::process::exit(1);
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
// TODO: windows support for DB folder permissions checks
#[cfg(target_family = "unix")]
{
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
if file_permissions_readonly(&i_meta) {
eprintln!("WARNING: DB folder permissions on {} indicate it may not be RW. This could cause the server start up to fail!", db_par_path_buf.to_str().unwrap_or("invalid file path"));
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
}
if i_meta.mode() & 0o007 != 0 {
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
eprintln!("WARNING: DB folder {} has 'everyone' permission bits in the mode. This could be a security risk ...", db_par_path_buf.to_str().unwrap_or("invalid file path"));
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
}
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
}
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
config.update_log_level(ll);
config.update_db_path(&sconfig.db_path.as_str());
config.update_db_fs_type(&sconfig.db_fs_type);
config.update_origin(&sconfig.origin.as_str());
config.update_domain(&sconfig.domain.as_str());
config.update_db_arc_size(sconfig.db_arc_size);
config.update_role(sconfig.role);
config.update_output_mode(opt.commands.commonopt().output_mode.to_owned().into());
// Apply any cli overrides, normally debug level.
if let Some(dll) = opt.commands.commonopt().debug.as_ref() {
config.update_log_level(Some(dll.clone() as u32));
}
// ::std::env::set_var("RUST_LOG", "tide=info,kanidm=info,webauthn=debug");
// env_logger::builder()
// .format_timestamp(None)
// .format_level(false)
// .init();
match &opt.commands {
KanidmdOpt::Server(_sopt) | KanidmdOpt::ConfigTest(_sopt) => {
let config_test = matches!(&opt.commands, KanidmdOpt::ConfigTest(_));
if config_test {
eprintln!("Running in server configuration test mode ...");
} else {
eprintln!("Running in server mode ...");
};
// configuration options that only relate to server mode
config.update_tls(&sconfig.tls_chain, &sconfig.tls_key);
config.update_bind(&sconfig.bindaddress);
config.update_ldapbind(&sconfig.ldapbindaddress);
config.update_online_backup(&sconfig.online_backup);
if let Some(i_str) = &(sconfig.tls_chain) {
let i_path = PathBuf::from(i_str.as_str());
// TODO: windows support for DB folder permissions checks
#[cfg(not(target_family = "unix"))]
eprintln!("WARNING: permissions checks on windows aren't implemented, cannot check TLS Key at {:?}", i_path);
#[cfg(target_family = "unix")]
{
let i_meta = read_file_metadata(&i_path);
if !file_permissions_readonly(&i_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
}
if let Some(i_str) = &(sconfig.tls_key) {
let i_path = PathBuf::from(i_str.as_str());
// TODO: windows support for DB folder permissions checks
#[cfg(not(target_family = "unix"))]
eprintln!("WARNING: permissions checks on windows aren't implemented, cannot check TLS Key at {:?}", i_path);
// TODO: windows support for DB folder permissions checks
#[cfg(target_family = "unix")]
{
let i_meta = read_file_metadata(&i_path);
if !file_permissions_readonly(&i_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
if i_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...", i_str);
}
}
}
let sctx = create_server_core(config, config_test).await;
if !config_test {
match sctx {
Ok(_sctx) => match tokio::signal::ctrl_c().await {
Ok(_) => {
eprintln!("Ctrl-C received, shutting down");
}
Err(_) => {
eprintln!("Invalid signal received, shutting down as a precaution ...");
}
},
Err(_) => {
eprintln!("Failed to start server core!");
// We may need to return an exit code here, but that may take some re-architecting
// to ensure we drop everything cleanly.
return;
}
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
eprintln!("stopped 🛑 ");
V large cleanup
2020-08-04 04:58:11 +02:00
}
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
KanidmdOpt::Database {
commands: DbCommands::Backup(bopt),
} => {
eprintln!("Running in backup mode ...");
let p = match bopt.path.to_str() {
Some(p) => p,
None => {
eprintln!("Invalid backup path");
std::process::exit(1);
}
};
backup_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
KanidmdOpt::Database {
commands: DbCommands::Restore(ropt),
} => {
eprintln!("Running in restore mode ...");
let p = match ropt.path.to_str() {
Some(p) => p,
None => {
eprintln!("Invalid restore path");
std::process::exit(1);
}
};
restore_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
KanidmdOpt::Database {
commands: DbCommands::Verify(_vopt),
} => {
eprintln!("Running in db verification mode ...");
verify_server_core(&config);
}
KanidmdOpt::RecoverAccount(raopt) => {
eprintln!("Running account recovery ...");
recover_account_core(&config, &raopt.name);
}
KanidmdOpt::Database {
commands: DbCommands::Reindex(_copt),
} => {
eprintln!("Running in reindex mode ...");
reindex_server_core(&config);
}
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexes(_),
} => {
eprintln!("👀 db scan - list indexes");
dbscan_list_indexes_core(&config);
}
KanidmdOpt::DbScan {
commands: DbScanOpt::ListId2Entry(_),
} => {
eprintln!("👀 db scan - list id2entry");
dbscan_list_id2entry_core(&config);
}
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexAnalysis(_),
} => {
eprintln!("👀 db scan - list index analysis");
dbscan_list_index_analysis_core(&config);
}
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndex(dopt),
} => {
eprintln!("👀 db scan - list index content - {}", dopt.index_name);
dbscan_list_index_core(&config, dopt.index_name.as_str());
}
KanidmdOpt::DbScan {
commands: DbScanOpt::GetId2Entry(dopt),
} => {
eprintln!("👀 db scan - get id2 entry - {}", dopt.id);
dbscan_get_id2entry_core(&config, dopt.id);
}
KanidmdOpt::DomainSettings {
commands: DomainSettingsCmds::DomainChange(_dopt),
} => {
eprintln!("Running in domain name change mode ... this may take a long time ...");
domain_rename_core(&config);
}
KanidmdOpt::Database {
commands: DbCommands::Vacuum(_copt),
} => {
eprintln!("Running in vacuum mode ...");
vacuum_server_core(&config);
}
Version argument for kanidm and kanidmd (#991)
2022-08-18 02:36:45 +02:00
KanidmdOpt::Version(_) => {
return
}
969 improve errors 1 (#987)
2022-08-09 05:07:06 +02:00
}
})
.await;
initial
2018-09-29 09:54:16 +02:00
}
Reference in a new issue Copy permalink