mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 13:07:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/kanidmd/daemon/src/main.rs

441 lines
16 KiB
Rust
Raw Normal View History

Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#![deny(warnings)]
V large cleanup
2020-08-04 04:58:11 +02:00
#![warn(unused_extern_crates)]
20220219 webui updates + source refactor + clippy go clip clip (#642)
2022-02-20 03:43:38 +01:00
#![deny(clippy::todo)]
#![deny(clippy::unimplemented)]
V large cleanup
2020-08-04 04:58:11 +02:00
#![deny(clippy::unwrap_used)]
#![deny(clippy::expect_used)]
#![deny(clippy::panic)]
#![deny(clippy::unreachable)]
#![deny(clippy::await_holding_lock)]
#![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)]
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
Windows automagical buildingtons (#798) * windows build automation * making fmt happy, fixing windows-related bug * disabled cargo_incremental when using `sccache`, added build options ARG to Dockerfile, limit docker build to one job
2022-05-31 06:13:21 +02:00
#[cfg(not(target_family = "windows"))]
Move jemalloc to runtime only
2021-02-13 07:17:58 +01:00
#[global_allocator]
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server.
2022-05-24 02:49:34 +02:00
static ALLOC: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
Move jemalloc to runtime only
2021-02-13 07:17:58 +01:00
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(not(target_family = "windows"))] // not needed for windows builds
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(target_family = "windows")] // for windows builds
use whoami;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
Pre-release update and cleanup (#631)
2021-12-31 00:11:20 +01:00
use serde::Deserialize;
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::fs::{metadata, File, Metadata};
Fix readonly check (#496)
2021-06-27 03:30:40 +02:00
#[cfg(target_family = "unix")]
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
use std::os::unix::fs::MetadataExt;
Fix readonly check (#496)
2021-06-27 03:30:40 +02:00
use std::io::Read;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::path::Path;
Remove "extern crate" from binary crates
2020-01-08 11:49:26 +01:00
use std::path::PathBuf;
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use std::str::FromStr;
Implement memberof with direct/indirect tracking and testcases. (#48) * Implement memberof with direct/indirect tracking and testcases.
2019-05-08 02:39:46 +02:00
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
use kanidm::audit::LogLevel;
bleep bloop what was I doing again (#870) * human-facing message generator thingie * doctests for new code
2022-06-28 01:22:31 +02:00
use kanidm::config::{Configuration, OnlineBackup, ServerRole};
20220219 webui updates + source refactor + clippy go clip clip (#642)
2022-02-20 03:43:38 +01:00
use kanidm::tracing_tree;
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(not(target_family = "windows"))]
20220219 webui updates + source refactor + clippy go clip clip (#642)
2022-02-20 03:43:38 +01:00
use kanidm::utils::file_permissions_readonly;
use score::{
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
backup_server_core, create_server_core, dbscan_get_id2entry_core, dbscan_list_id2entry_core,
dbscan_list_index_analysis_core, dbscan_list_index_core, dbscan_list_indexes_core,
domain_rename_core, recover_account_core, reindex_server_core, restore_server_core,
vacuum_server_core, verify_server_core,
cargo fmt
2019-07-29 09:09:18 +02:00
};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
use clap::{Args, Parser, Subcommand};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
include!("./opt.rs");
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
#[derive(Debug, Deserialize)]
struct ServerConfig {
pub bindaddress: Option<String>,
pub ldapbindaddress: Option<String>,
// pub threads: Option<usize>,
pub db_path: String,
Support zfs page size
2020-08-04 08:52:57 +02:00
pub db_fs_type: Option<String>,
Idlset2, query cache, acp resolve cache (#409)
2021-04-14 01:56:40 +02:00
pub db_arc_size: Option<usize>,
356 Use tls chain file (#358) Fixes #356 - this changes from a split ca_chain/cert configuration to a single chain file. This allows rustls in tide-rustls to present the chain correctly, and allows openssl for ldaps to present the chain correctly too. it also simplifies integration to lets encrypt which provides a chain and key file by default.
2021-02-16 02:40:25 +01:00
pub tls_chain: Option<String>,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
pub tls_key: Option<String>,
pub log_level: Option<String>,
Implement Online Backups (#25) (#536)
2021-07-31 09:13:46 +02:00
pub online_backup: Option<OnlineBackup>,
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
pub domain: String,
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
pub origin: String,
Add ability to pick a server role (#432)
2021-05-06 12:58:22 +02:00
#[serde(default)]
pub role: ServerRole,
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
}
impl ServerConfig {
pub fn new<P: AsRef<Path>>(config_path: P) -> Result<Self, ()> {
let mut f = File::open(config_path).map_err(|e| {
eprintln!("Unable to open config file [{:?}] 🥺", e);
})?;
let mut contents = String::new();
f.read_to_string(&mut contents)
.map_err(|e| eprintln!("unable to read contents {:?}", e))?;
toml::from_str(contents.as_str()).map_err(|e| eprintln!("unable to parse config {:?}", e))
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
impl KanidmdOpt {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
fn commonopt(&self) -> &CommonOpt {
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
match self {
vacuum (#365) Fixes #362 moves vacuum to a dedicated task. This is needed as previous vacuuming on startup on large databases could cause the server to fail to start. By making this a task it avoids this error case, and makes the vacuum more predictable, and only run when required.
2021-02-21 06:04:58 +01:00
KanidmdOpt::Server(sopt)
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
| KanidmdOpt::ConfigTest(sopt)
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexes(sopt),
}
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListId2Entry(sopt),
}
| KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexAnalysis(sopt),
} => &sopt,
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Backup(bopt),
} => &bopt.commonopts,
KanidmdOpt::Database {
commands: DbCommands::Restore(ropt),
} => &ropt.commonopts,
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::RecoverAccount(ropt) => &ropt.commonopts,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndex(dopt),
} => &dopt.commonopts,
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
// KanidmdOpt::DbScan(DbScanOpt::GetIndex(dopt)) => &dopt.commonopts,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::GetId2Entry(dopt),
} => &dopt.commonopts,
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::DomainSettings {
commands: DomainSettingsCmds::DomainChange(sopt),
} => &sopt,
KanidmdOpt::Database {
commands: DbCommands::Verify(sopt),
}
| KanidmdOpt::Database {
commands: DbCommands::Reindex(sopt),
} => &sopt,
KanidmdOpt::Database {
commands: DbCommands::Vacuum(copt),
} => &copt,
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
}
}
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
fn read_file_metadata(path: &PathBuf) -> Metadata {
match metadata(path) {
Ok(m) => m,
Err(e) => {
eprintln!(
"Unable to read metadata for {} - {:?}",
V large cleanup
2020-08-04 04:58:11 +02:00
path.to_str().unwrap_or("invalid file path"),
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
e
);
std::process::exit(1);
}
}
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
/// Gets the user details if we're running in unix-land
#[cfg(not(target_family = "windows"))]
fn get_user_details_unix() -> (u32, u32) {
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
let cuid = get_current_uid();
let ceuid = get_effective_uid();
let cgid = get_current_gid();
let cegid = get_effective_gid();
if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
Change root user check to warning due to container run times (#328) Fixes #327 - In container run times, the default is to run as root. This may be user with virtualised containers or even to just smooth the "first run" process rather than requiring a user for the process and volumes.
2020-10-30 02:12:06 +01:00
eprintln!("WARNING: This is running as uid == 0 (root) which may be a security risk.");
// eprintln!("ERROR: Refusing to run - this process must not operate as root.");
// std::process::exit(1);
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
if cuid != ceuid || cgid != cegid {
eprintln!("{} != {} || {} != {}", cuid, ceuid, cgid, cegid);
eprintln!("ERROR: Refusing to run - uid and euid OR gid and egid must be consistent.");
std::process::exit(1);
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
(cuid, ceuid)
}
/// Get information on the windows username
#[cfg(target_family = "windows")]
fn get_user_details_windows() {
eprintln!(
"Running on windows, current username is: {:?}",
whoami::username()
);
}
#[tokio::main]
async fn main() {
tracing_tree::main_init();
// Get information on the windows username
#[cfg(target_family = "windows")]
get_user_details_windows();
// Get info about who we are.
#[cfg(target_family = "unix")]
let (cuid, ceuid) = get_user_details_unix();
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
// Read cli args, determine if we should backup/restore
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
let opt = KanidmdParser::parse();
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let mut config = Configuration::new();
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
// Check the permissions are OK.
#[cfg(target_family = "unix")]
{
let cfg_meta = read_file_metadata(&(opt.commands.commonopt().config_path));
#[cfg(target_family = "unix")]
if !file_permissions_readonly(&cfg_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path"));
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(target_family = "unix")]
if cfg_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path")
);
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
#[cfg(target_family = "unix")]
if cfg_meta.uid() == cuid || cfg_meta.uid() == ceuid {
eprintln!("WARNING: {} owned by the current uid, which may allow file permission changes. This could be a security risk ...",
opt.commands.commonopt().config_path.to_str().unwrap_or("invalid file path")
);
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
// Read our config
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
let sconfig = match ServerConfig::new(&(opt.commands.commonopt().config_path)) {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
Ok(c) => c,
Err(e) => {
eprintln!("Config Parse failure {:?}", e);
std::process::exit(1);
}
};
// Apply the file requirements
let ll = sconfig
.log_level
.map(|ll| match LogLevel::from_str(ll.as_str()) {
Ok(v) => v as u32,
Err(e) => {
eprintln!("{:?}", e);
std::process::exit(1);
}
});
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
// Check the permissions of the files from the configuration.
let db_path = PathBuf::from(sconfig.db_path.as_str());
fixing restores on #456 (#519)
2021-07-08 02:09:15 +02:00
// We can't check the db_path permissions because it may not exist yet!
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
if let Some(db_parent_path) = db_path.parent() {
if !db_parent_path.exists() {
eprintln!(
"DB folder {} may not exist, server startup may FAIL!",
V large cleanup
2020-08-04 04:58:11 +02:00
db_parent_path.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
}
let db_par_path_buf = db_parent_path.to_path_buf();
let i_meta = read_file_metadata(&db_par_path_buf);
if !i_meta.is_dir() {
eprintln!(
"ERROR: Refusing to run - DB folder {} may not be a directory",
V large cleanup
2020-08-04 04:58:11 +02:00
db_par_path_buf.to_str().unwrap_or("invalid file path")
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
);
std::process::exit(1);
}
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
// TODO: windows support for DB folder permissions checks
#[cfg(target_family = "unix")]
{
if !file_permissions_readonly(&i_meta) {
eprintln!("WARNING: DB folder permissions on {} indicate it may not be RW. This could cause the server start up to fail!", db_par_path_buf.to_str().unwrap_or("invalid file path"));
}
if i_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: DB folder {} has 'everyone' permission bits in the mode. This could be a security risk ...", db_par_path_buf.to_str().unwrap_or("invalid file path"));
}
Improve server hardening This adds a number of warnings to the server to help administrators make better informed decisions about the security of their environment.
2020-07-28 08:55:58 +02:00
}
}
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
config.update_log_level(ll);
config.update_db_path(&sconfig.db_path.as_str());
Support zfs page size
2020-08-04 08:52:57 +02:00
config.update_db_fs_type(&sconfig.db_fs_type);
13 135 webauthn support (#332) Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
2020-12-02 02:12:07 +01:00
config.update_origin(&sconfig.origin.as_str());
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
config.update_domain(&sconfig.domain.as_str());
Idlset2, query cache, acp resolve cache (#409)
2021-04-14 01:56:40 +02:00
config.update_db_arc_size(sconfig.db_arc_size);
Add ability to pick a server role (#432)
2021-05-06 12:58:22 +02:00
config.update_role(sconfig.role);
bleep bloop what was I doing again (#870) * human-facing message generator thingie * doctests for new code
2022-06-28 01:22:31 +02:00
config.update_output_mode(opt.commands.commonopt().output_mode.to_owned().into());
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
// Apply any cli overrides, normally debug level.
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
if let Some(dll) = opt.commands.commonopt().debug.as_ref() {
181 pam nsswitch name spn (#270) This allows configuration of which attribute is presented during gid/uid resolution, adds home directory prefixing, and home directory name attribute selection.
2020-06-21 13:57:48 +02:00
config.update_log_level(Some(dll.clone() as u32));
}
Base web UI (#391) Initial web ui (not-functional yet)
2021-03-26 02:22:00 +01:00
// ::std::env::set_var("RUST_LOG", "tide=info,kanidm=info,webauthn=debug");
20211216 tracing cleanup (#627)
2021-12-17 04:54:13 +01:00
// env_logger::builder()
// .format_timestamp(None)
// .format_level(false)
// .init();
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
match &opt.commands {
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
KanidmdOpt::Server(_sopt) | KanidmdOpt::ConfigTest(_sopt) => {
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
let config_test = matches!(&opt.commands, KanidmdOpt::ConfigTest(_));
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
if config_test {
eprintln!("Running in server configuration test mode ...");
} else {
eprintln!("Running in server mode ...");
};
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
// configuration options that only relate to server mode
config.update_tls(&sconfig.tls_chain, &sconfig.tls_key);
config.update_bind(&sconfig.bindaddress);
config.update_ldapbind(&sconfig.ldapbindaddress);
Implement Online Backups (#25) (#536)
2021-07-31 09:13:46 +02:00
config.update_online_backup(&sconfig.online_backup);
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
if let Some(i_str) = &(sconfig.tls_chain) {
let i_path = PathBuf::from(i_str.as_str());
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
// TODO: windows support for DB folder permissions checks
#[cfg(not(target_family = "unix"))]
eprintln!("WARNING: permissions checks on windows aren't implemented, cannot check TLS Key at {:?}", i_path);
#[cfg(target_family = "unix")]
{
let i_meta = read_file_metadata(&i_path);
if !file_permissions_readonly(&i_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
}
}
if let Some(i_str) = &(sconfig.tls_key) {
let i_path = PathBuf::from(i_str.as_str());
Windows build support (#903) `kanidmd` builds and runs in Windows now. Currently skipping file permissions checks on startup, but it's tested OK on a Windows 10 box.
2022-07-06 02:53:43 +02:00
// TODO: windows support for DB folder permissions checks
#[cfg(not(target_family = "unix"))]
eprintln!("WARNING: permissions checks on windows aren't implemented, cannot check TLS Key at {:?}", i_path);
// TODO: windows support for DB folder permissions checks
#[cfg(target_family = "unix")]
{
let i_meta = read_file_metadata(&i_path);
if !file_permissions_readonly(&i_meta) {
eprintln!("WARNING: permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ...", i_str);
}
if i_meta.mode() & 0o007 != 0 {
eprintln!("WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ...", i_str);
}
Fixing #520, moving cert loading into server mode (#522)
2021-07-09 01:49:26 +02:00
}
}
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
let sctx = create_server_core(config, config_test).await;
if !config_test {
match sctx {
Ok(_sctx) => match tokio::signal::ctrl_c().await {
Ok(_) => {
eprintln!("Ctrl-C received, shutting down");
}
Err(_) => {
eprintln!("Invalid signal received, shutting down as a precaution ...");
}
},
V large cleanup
2020-08-04 04:58:11 +02:00
Err(_) => {
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
eprintln!("Failed to start server core!");
// We may need to return an exit code here, but that may take some re-architecting
// to ensure we drop everything cleanly.
return;
V large cleanup
2020-08-04 04:58:11 +02:00
}
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
}
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
eprintln!("stopped 🛑 ");
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Backup(bopt),
} => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in backup mode ...");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match bopt.path.to_str() {
Some(p) => p,
None => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Invalid backup path");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
std::process::exit(1);
}
};
V large cleanup
2020-08-04 04:58:11 +02:00
backup_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Restore(ropt),
} => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in restore mode ...");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match ropt.path.to_str() {
Some(p) => p,
None => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Invalid restore path");
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
std::process::exit(1);
}
};
V large cleanup
2020-08-04 04:58:11 +02:00
restore_server_core(&config, p);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Verify(_vopt),
} => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in db verification mode ...");
V large cleanup
2020-08-04 04:58:11 +02:00
verify_server_core(&config);
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
}
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
KanidmdOpt::RecoverAccount(raopt) => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running account recovery ...");
64 120 session claims (#462)
2021-06-02 01:30:37 +02:00
recover_account_core(&config, &raopt.name);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::Database {
commands: DbCommands::Reindex(_copt),
} => {
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
2020-06-18 02:30:42 +02:00
eprintln!("Running in reindex mode ...");
V large cleanup
2020-08-04 04:58:11 +02:00
reindex_server_core(&config);
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexes(_),
} => {
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
eprintln!("👀 db scan - list indexes");
dbscan_list_indexes_core(&config);
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListId2Entry(_),
} => {
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
eprintln!("👀 db scan - list id2entry");
dbscan_list_id2entry_core(&config);
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndexAnalysis(_),
} => {
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
eprintln!("👀 db scan - list index analysis");
dbscan_list_index_analysis_core(&config);
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::ListIndex(dopt),
} => {
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
eprintln!("👀 db scan - list index content - {}", dopt.index_name);
dbscan_list_index_core(&config, dopt.index_name.as_str());
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
KanidmdOpt::DbScan {
commands: DbScanOpt::GetId2Entry(dopt),
} => {
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
eprintln!("👀 db scan - get id2 entry - {}", dopt.id);
dbscan_get_id2entry_core(&config, dopt.id);
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
KanidmdOpt::DomainSettings {
commands: DomainSettingsCmds::DomainChange(_dopt),
} => {
eprintln!("Running in domain name change mode ... this may take a long time ...");
domain_rename_core(&config);
}
KanidmdOpt::Database {
commands: DbCommands::Vacuum(_copt),
} => {
eprintln!("Running in vacuum mode ...");
vacuum_server_core(&config);
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
initial
2018-09-29 09:54:16 +02:00
}
Reference in a new issue Copy permalink