mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 13:07:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/kanidmd/src/server/main.rs

211 lines
6 KiB
Rust
Raw Normal View History

Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#![deny(warnings)]
Remove "extern crate" from binary crates
2020-01-08 11:49:26 +01:00
use std::path::PathBuf;
Implement memberof with direct/indirect tracking and testcases. (#48) * Implement memberof with direct/indirect tracking and testcases.
2019-05-08 02:39:46 +02:00
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
use kanidm::config::Configuration;
use kanidm::core::{
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
backup_server_core, create_server_core, domain_rename_core, recover_account_core,
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
reindex_server_core, restore_server_core, verify_server_core,
cargo fmt
2019-07-29 09:09:18 +02:00
};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
Remove "extern crate" from binary crates
2020-01-08 11:49:26 +01:00
use log::{error, info};
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
use structopt::StructOpt;
#[derive(Debug, StructOpt)]
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
struct CommonOpt {
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
#[structopt(short = "d", long = "debug")]
debug: bool,
#[structopt(parse(from_os_str), short = "D", long = "db_path")]
db_path: PathBuf,
}
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
#[derive(Debug, StructOpt)]
struct ServerOpt {
#[structopt(parse(from_os_str), short = "C", long = "ca")]
ca_path: Option<PathBuf>,
#[structopt(parse(from_os_str), short = "c", long = "cert")]
cert_path: Option<PathBuf>,
#[structopt(parse(from_os_str), short = "k", long = "key")]
key_path: Option<PathBuf>,
#[structopt(short = "b", long = "bindaddr")]
bind: Option<String>,
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
2020-06-10 04:07:43 +02:00
#[structopt(short = "l", long = "ldapbindaddr")]
ldapbind: Option<String>,
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
#[structopt(flatten)]
commonopts: CommonOpt,
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
#[derive(Debug, StructOpt)]
struct BackupOpt {
#[structopt(parse(from_os_str))]
path: PathBuf,
#[structopt(flatten)]
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
commonopts: CommonOpt,
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
#[derive(Debug, StructOpt)]
struct RestoreOpt {
#[structopt(parse(from_os_str))]
path: PathBuf,
#[structopt(flatten)]
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
commonopts: CommonOpt,
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
#[derive(Debug, StructOpt)]
struct RecoverAccountOpt {
#[structopt(short)]
name: String,
#[structopt(flatten)]
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
commonopts: CommonOpt,
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
}
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
#[derive(Debug, StructOpt)]
struct DomainOpt {
#[structopt(short)]
new_domain_name: String,
#[structopt(flatten)]
commonopts: CommonOpt,
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
#[derive(Debug, StructOpt)]
enum Opt {
#[structopt(name = "server")]
Server(ServerOpt),
#[structopt(name = "backup")]
Backup(BackupOpt),
#[structopt(name = "restore")]
Restore(RestoreOpt),
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#[structopt(name = "verify")]
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
Verify(CommonOpt),
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
#[structopt(name = "recover_account")]
RecoverAccount(RecoverAccountOpt),
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
// #[structopt(name = "reset_server_id")]
// ResetServerId(CommonOpt),
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
#[structopt(name = "reindex")]
Reindex(CommonOpt),
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
#[structopt(name = "domain_name_change")]
DomainChange(DomainOpt),
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
Rework of auditing
2018-11-11 22:59:09 +01:00
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
impl Opt {
fn debug(&self) -> bool {
match self {
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
Opt::Server(sopt) => sopt.commonopts.debug,
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
Opt::Verify(sopt) | Opt::Reindex(sopt) => sopt.debug,
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
Opt::Backup(bopt) => bopt.commonopts.debug,
Opt::Restore(ropt) => ropt.commonopts.debug,
Opt::RecoverAccount(ropt) => ropt.commonopts.debug,
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
Opt::DomainChange(dopt) => dopt.commonopts.debug,
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
}
}
}
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
#[actix_rt::main]
async fn main() {
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
// Read cli args, determine if we should backup/restore
let opt = Opt::from_args();
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Read our config (if any)
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let mut config = Configuration::new();
// Apply any cli overrides?
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Configure the server logger. This could be adjusted based on what config
// says.
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
if opt.debug() {
6 idm api design (#109) Draft of the idm server rest api layout. This is no means a final representation of what this API will look like, but it's important that the ideas and direction, as well as capabilities were documented and discussed.
2019-09-30 11:01:20 +02:00
::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug");
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
} else {
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
2020-06-10 04:07:43 +02:00
::std::env::set_var("RUST_LOG", "actix_web=info,kanidm=warn");
Docker improvements (#81) Update the dockerfile to work correctly with the newer server options and runtime.
2019-09-06 05:05:27 +02:00
}
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
env_logger::builder()
.format_timestamp(None)
.format_level(false)
.init();
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
match opt {
Opt::Server(sopt) => {
info!("Running in server mode ...");
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&sopt.commonopts.db_path);
config.update_tls(&sopt.ca_path, &sopt.cert_path, &sopt.key_path);
config.update_bind(&sopt.bind);
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
2020-06-10 04:07:43 +02:00
config.update_ldapbind(&sopt.ldapbind);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
2020-06-10 04:07:43 +02:00
let sctx = create_server_core(config).await;
Improve errors, tagging, logging and more across the codebase. (#243)
2020-06-05 06:01:20 +02:00
match sctx {
Ok(sctx) => {
tokio::signal::ctrl_c().await.unwrap();
println!("Ctrl-C received, shutting down");
sctx.stop()
}
Err(_) => {
error!("Failed to start server core!");
return;
}
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
Opt::Backup(bopt) => {
info!("Running in backup mode ...");
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&bopt.commonopts.db_path);
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match bopt.path.to_str() {
Some(p) => p,
None => {
error!("Invalid backup path");
std::process::exit(1);
}
};
backup_server_core(config, p);
}
Opt::Restore(ropt) => {
info!("Running in restore mode ...");
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&ropt.commonopts.db_path);
initial
2018-09-29 09:54:16 +02:00
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
let p = match ropt.path.to_str() {
Some(p) => p,
None => {
error!("Invalid restore path");
std::process::exit(1);
}
};
restore_server_core(config, p);
}
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
Opt::Verify(vopt) => {
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
info!("Running in db verification mode ...");
Clean all codebase warnings
2019-07-29 09:09:09 +02:00
config.update_db_path(&vopt.db_path);
verify_server_core(config);
}
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
Opt::RecoverAccount(raopt) => {
info!("Running account recovery ...");
let password = rpassword::prompt_password_stderr("new password: ").unwrap();
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&raopt.commonopts.db_path);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
recover_account_core(config, raopt.name, password);
}
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
/*
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
Opt::ResetServerId(vopt) => {
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
info!("Resetting server id. THIS WILL BREAK REPLICATION");
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries.
2019-09-14 10:21:41 +02:00
config.update_db_path(&vopt.db_path);
reset_sid_core(config);
}
184 151 183 name constraint and spn (#244) This adds support to do on-upgrade migrations of the previous iutf8 type to iname, iname contains a better checker of the content of the name values that will become spn's, this allows auth via spn as well as just name. This really just does a lot of clean up to make spns more viable. #181 is still outstanding, but you can currently already login via spn a posixid_to_uuid supports this, it's only the resolving of unixgroup/accounts that need to have name as Option to cause a fall back to spn when in a trust.
2020-06-07 01:53:10 +02:00
*/
Add docs for backup, restore, reindex and verify (#148) Implements #136 document backup and restore. This adds documentation into getting started on these actions, as well as reindex and verify .
2019-11-17 03:36:32 +01:00
Opt::Reindex(copt) => {
info!("Running in reindex mode ...");
config.update_db_path(&copt.db_path);
reindex_server_core(config);
}
127 domain info type (#150) Implements #127 and #125. This adds domain_info support, and spn types and generation. It also correctly handles domain renaming, and has tooling to support this. It "should" work on an upgrade, due to the correct bump of index version, but I plan to test this from a backup of my production instance soon.
2019-11-29 01:48:22 +01:00
Opt::DomainChange(dopt) => {
info!("Running in domain name change mode ... this may take a long time ...");
config.update_db_path(&dopt.commonopts.db_path);
domain_rename_core(config, dopt.new_domain_name);
}
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet. This also adds a few missing files from a previous commit mistake. Opps!
2019-07-15 01:15:25 +02:00
}
initial
2018-09-29 09:54:16 +02:00
}
Reference in a new issue Copy permalink