2019-07-29 09:09:09 +02:00
#![ deny(warnings) ]
2020-08-04 04:58:11 +02:00
#![ warn(unused_extern_crates) ]
2022-02-20 03:43:38 +01:00
#![ deny(clippy::todo) ]
#![ deny(clippy::unimplemented) ]
2020-08-04 04:58:11 +02:00
#![ deny(clippy::unwrap_used) ]
#![ deny(clippy::expect_used) ]
#![ deny(clippy::panic) ]
#![ deny(clippy::unreachable) ]
#![ deny(clippy::await_holding_lock) ]
#![ deny(clippy::needless_pass_by_value) ]
#![ deny(clippy::trivially_copy_pass_by_ref) ]
2019-07-29 09:09:09 +02:00
2022-05-31 06:13:21 +02:00
#[ cfg(not(target_family = " windows " )) ]
2021-02-13 07:17:58 +01:00
#[ global_allocator ]
2022-05-24 02:49:34 +02:00
static ALLOC : tikv_jemallocator ::Jemalloc = tikv_jemallocator ::Jemalloc ;
2021-02-13 07:17:58 +01:00
2023-04-26 13:09:18 +02:00
use std ::fs ::{ metadata , File } ;
// This works on both unix and windows.
use fs2 ::FileExt ;
2021-06-27 03:30:40 +02:00
#[ cfg(target_family = " unix " ) ]
2020-07-28 08:55:58 +02:00
use std ::os ::unix ::fs ::MetadataExt ;
2023-01-23 10:58:13 +01:00
use std ::path ::PathBuf ;
2023-03-23 05:35:42 +01:00
use std ::process ::ExitCode ;
2019-05-08 02:39:46 +02:00
2022-10-01 08:08:51 +02:00
use clap ::{ Args , Parser , Subcommand } ;
2023-01-23 10:58:13 +01:00
use kanidmd_core ::config ::{ Configuration , ServerConfig } ;
2022-10-05 01:48:48 +02:00
use kanidmd_core ::{
2023-06-19 12:51:44 +02:00
backup_server_core , cert_generate_core , create_server_core , dbscan_get_id2entry_core ,
dbscan_list_id2entry_core , dbscan_list_index_analysis_core , dbscan_list_index_core ,
dbscan_list_indexes_core , domain_rename_core , recover_account_core , reindex_server_core ,
restore_server_core , vacuum_server_core , verify_server_core ,
2019-07-29 09:09:18 +02:00
} ;
2022-10-01 08:08:51 +02:00
use sketching ::tracing_forest ::traits ::* ;
use sketching ::tracing_forest ::util ::* ;
use sketching ::tracing_forest ::{ self } ;
#[ cfg(not(target_family = " windows " )) ] // not needed for windows builds
use users ::{ get_current_gid , get_current_uid , get_effective_gid , get_effective_uid } ;
#[ cfg(target_family = " windows " ) ] // for windows builds
use whoami ;
2019-07-15 01:15:25 +02:00
2021-02-13 04:46:22 +01:00
include! ( " ./opt.rs " ) ;
impl KanidmdOpt {
2020-06-18 02:30:42 +02:00
fn commonopt ( & self ) -> & CommonOpt {
2019-09-06 05:05:27 +02:00
match self {
2021-02-21 06:04:58 +01:00
KanidmdOpt ::Server ( sopt )
2023-06-19 12:51:44 +02:00
| KanidmdOpt ::CertGenerate ( sopt )
2022-02-15 07:17:43 +01:00
| KanidmdOpt ::ConfigTest ( sopt )
2022-06-11 07:24:29 +02:00
| KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndexes ( sopt ) ,
}
| KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListId2Entry ( sopt ) ,
}
| KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndexAnalysis ( sopt ) ,
2023-01-28 04:52:44 +01:00
} = > sopt ,
2022-07-07 05:03:08 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Backup ( bopt ) ,
} = > & bopt . commonopts ,
KanidmdOpt ::Database {
commands : DbCommands ::Restore ( ropt ) ,
} = > & ropt . commonopts ,
2021-02-13 04:46:22 +01:00
KanidmdOpt ::RecoverAccount ( ropt ) = > & ropt . commonopts ,
2022-06-11 07:24:29 +02:00
KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndex ( dopt ) ,
} = > & dopt . commonopts ,
2021-07-01 06:51:25 +02:00
// KanidmdOpt::DbScan(DbScanOpt::GetIndex(dopt)) => &dopt.commonopts,
2022-06-11 07:24:29 +02:00
KanidmdOpt ::DbScan {
commands : DbScanOpt ::GetId2Entry ( dopt ) ,
} = > & dopt . commonopts ,
2022-07-07 05:03:08 +02:00
KanidmdOpt ::DomainSettings {
commands : DomainSettingsCmds ::DomainChange ( sopt ) ,
2023-01-28 04:52:44 +01:00
} = > sopt ,
2022-07-07 05:03:08 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Verify ( sopt ) ,
}
| KanidmdOpt ::Database {
commands : DbCommands ::Reindex ( sopt ) ,
2023-01-28 04:52:44 +01:00
} = > sopt ,
2022-07-07 05:03:08 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Vacuum ( copt ) ,
2023-01-28 04:52:44 +01:00
} = > copt ,
2023-01-23 10:58:13 +01:00
KanidmdOpt ::HealthCheck ( hcopt ) = > & hcopt . commonopts ,
2023-01-28 04:52:44 +01:00
KanidmdOpt ::Version ( copt ) = > copt ,
2019-09-06 05:05:27 +02:00
}
}
}
2022-07-06 02:53:43 +02:00
/// Get information on the windows username
#[ cfg(target_family = " windows " ) ]
fn get_user_details_windows ( ) {
2023-03-23 05:35:42 +01:00
debug! (
2022-07-06 02:53:43 +02:00
" Running on windows, current username is: {:?} " ,
whoami ::username ( )
) ;
}
2022-08-09 05:07:06 +02:00
#[ tokio::main(flavor = " multi_thread " ) ]
2023-03-23 05:35:42 +01:00
async fn main ( ) -> ExitCode {
2022-08-09 05:07:06 +02:00
tracing_forest ::worker_task ( )
. set_global ( true )
. set_tag ( sketching ::event_tagger )
// Fall back to stderr
. map_sender ( | sender | sender . or_stderr ( ) )
. build_on ( | subscriber | subscriber
. with ( EnvFilter ::try_from_default_env ( )
. or_else ( | _ | EnvFilter ::try_new ( " info " ) )
. expect ( " Failed to init envfilter " )
)
)
. on ( async {
// Get information on the windows username
#[ cfg(target_family = " windows " ) ]
get_user_details_windows ( ) ;
// Get info about who we are.
#[ cfg(target_family = " unix " ) ]
2023-03-23 05:35:42 +01:00
let ( cuid , ceuid ) = {
let cuid = get_current_uid ( ) ;
let ceuid = get_effective_uid ( ) ;
let cgid = get_current_gid ( ) ;
let cegid = get_effective_gid ( ) ;
if cuid = = 0 | | ceuid = = 0 | | cgid = = 0 | | cegid = = 0 {
warn! ( " This is running as uid == 0 (root) which may be a security risk. " ) ;
// eprintln!("ERROR: Refusing to run - this process must not operate as root.");
// std::process::exit(1);
}
if cuid ! = ceuid | | cgid ! = cegid {
error! ( " {} != {} || {} != {} " , cuid , ceuid , cgid , cegid ) ;
error! ( " Refusing to run - uid and euid OR gid and egid must be consistent. " ) ;
return ExitCode ::FAILURE
}
( cuid , ceuid )
} ;
2022-08-09 05:07:06 +02:00
// Read cli args, determine if we should backup/restore
let opt = KanidmdParser ::parse ( ) ;
2022-08-18 02:36:45 +02:00
// print the app version and bail
if let KanidmdOpt ::Version ( _ ) = & opt . commands {
kanidm_proto ::utils ::show_version ( " kanidmd " ) ;
2023-03-23 05:35:42 +01:00
return ExitCode ::SUCCESS
2022-08-18 02:36:45 +02:00
} ;
2022-08-09 05:07:06 +02:00
let mut config = Configuration ::new ( ) ;
// Check the permissions are OK.
#[ cfg(target_family = " unix " ) ]
{
2023-06-19 12:51:44 +02:00
let cfg_path = & opt . commands . commonopt ( ) . config_path ; // TODO: this needs to be pulling from the default or something?
if format! ( " {} " , cfg_path . display ( ) ) = = " " . to_string ( ) {
error! ( " Refusing to run - config file path is empty " ) ;
return ExitCode ::FAILURE
}
if ! cfg_path . exists ( ) {
error! (
" Refusing to run - config file {} does not exist " ,
cfg_path . to_str ( ) . unwrap_or ( " invalid file path " )
) ;
return ExitCode ::FAILURE
}
2023-03-23 05:35:42 +01:00
let cfg_meta = match metadata ( cfg_path ) {
Ok ( m ) = > m ,
Err ( e ) = > {
error! (
" Unable to read metadata for '{}' - {:?} " ,
cfg_path . to_str ( ) . unwrap_or ( " invalid file path " ) ,
e
) ;
return ExitCode ::FAILURE
}
} ;
2020-07-28 08:55:58 +02:00
2023-03-01 04:10:52 +01:00
if ! kanidm_lib_file_permissions ::readonly ( & cfg_meta ) {
2023-03-23 05:35:42 +01:00
warn! ( " permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ... " ,
2022-08-09 05:07:06 +02:00
opt . commands . commonopt ( ) . config_path . to_str ( ) . unwrap_or ( " invalid file path " ) ) ;
}
2020-07-28 08:55:58 +02:00
2022-08-09 05:07:06 +02:00
if cfg_meta . mode ( ) & 0o007 ! = 0 {
2023-03-23 05:35:42 +01:00
warn! ( " WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ... " ,
2022-08-09 05:07:06 +02:00
opt . commands . commonopt ( ) . config_path . to_str ( ) . unwrap_or ( " invalid file path " )
) ;
}
2020-07-28 08:55:58 +02:00
2022-08-09 05:07:06 +02:00
if cfg_meta . uid ( ) = = cuid | | cfg_meta . uid ( ) = = ceuid {
2023-03-23 05:35:42 +01:00
warn! ( " WARNING: {} owned by the current uid, which may allow file permission changes. This could be a security risk ... " ,
2022-08-09 05:07:06 +02:00
opt . commands . commonopt ( ) . config_path . to_str ( ) . unwrap_or ( " invalid file path " )
) ;
}
2022-07-06 02:53:43 +02:00
}
2020-06-21 13:57:48 +02:00
2022-08-09 05:07:06 +02:00
// Read our config
let sconfig = match ServerConfig ::new ( & ( opt . commands . commonopt ( ) . config_path ) ) {
Ok ( c ) = > c ,
Err ( e ) = > {
2023-03-23 05:35:42 +01:00
error! ( " Config Parse failure {:?} " , e ) ;
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
2022-02-15 07:17:43 +01:00
} ;
2022-08-09 05:07:06 +02:00
// Check the permissions of the files from the configuration.
let db_path = PathBuf ::from ( sconfig . db_path . as_str ( ) ) ;
// We can't check the db_path permissions because it may not exist yet!
if let Some ( db_parent_path ) = db_path . parent ( ) {
if ! db_parent_path . exists ( ) {
2023-03-23 05:35:42 +01:00
warn! (
2022-08-09 05:07:06 +02:00
" DB folder {} may not exist, server startup may FAIL! " ,
db_parent_path . to_str ( ) . unwrap_or ( " invalid file path " )
) ;
2021-07-09 01:49:26 +02:00
}
2022-08-09 05:07:06 +02:00
let db_par_path_buf = db_parent_path . to_path_buf ( ) ;
2023-03-23 05:35:42 +01:00
let i_meta = match metadata ( & db_par_path_buf ) {
Ok ( m ) = > m ,
Err ( e ) = > {
error! (
" Unable to read metadata for '{}' - {:?} " ,
& db_par_path_buf . to_str ( ) . unwrap_or ( " invalid file path " ) ,
e
) ;
return ExitCode ::FAILURE
}
} ;
2022-08-09 05:07:06 +02:00
if ! i_meta . is_dir ( ) {
2023-03-23 05:35:42 +01:00
error! (
2022-08-09 05:07:06 +02:00
" ERROR: Refusing to run - DB folder {} may not be a directory " ,
db_par_path_buf . to_str ( ) . unwrap_or ( " invalid file path " )
) ;
2023-03-23 05:35:42 +01:00
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
2022-07-06 02:53:43 +02:00
2023-03-01 04:10:52 +01:00
if kanidm_lib_file_permissions ::readonly ( & i_meta ) {
2023-03-23 05:35:42 +01:00
warn! ( " WARNING: DB folder permissions on {} indicate it may not be RW. This could cause the server start up to fail! " , db_par_path_buf . to_str ( ) . unwrap_or ( " invalid file path " ) ) ;
2023-03-01 04:10:52 +01:00
}
2023-03-02 03:47:23 +01:00
#[ cfg(not(target_os= " windows " )) ]
2023-03-01 04:10:52 +01:00
if i_meta . mode ( ) & 0o007 ! = 0 {
2023-03-23 05:35:42 +01:00
warn! ( " WARNING: DB folder {} has 'everyone' permission bits in the mode. This could be a security risk ... " , db_par_path_buf . to_str ( ) . unwrap_or ( " invalid file path " ) ) ;
2021-07-09 01:49:26 +02:00
}
}
2023-01-28 04:52:44 +01:00
config . update_db_path ( sconfig . db_path . as_str ( ) ) ;
2022-08-09 05:07:06 +02:00
config . update_db_fs_type ( & sconfig . db_fs_type ) ;
2023-01-28 04:52:44 +01:00
config . update_origin ( sconfig . origin . as_str ( ) ) ;
config . update_domain ( sconfig . domain . as_str ( ) ) ;
2022-08-09 05:07:06 +02:00
config . update_db_arc_size ( sconfig . db_arc_size ) ;
config . update_role ( sconfig . role ) ;
config . update_output_mode ( opt . commands . commonopt ( ) . output_mode . to_owned ( ) . into ( ) ) ;
2022-10-10 13:18:57 +02:00
config . update_trust_x_forward_for ( sconfig . trust_x_forward_for ) ;
2022-08-09 05:07:06 +02:00
2023-04-26 13:09:18 +02:00
// Okay - Lets now create our lock and go.
let klock_path = format! ( " {} .klock " , sconfig . db_path . as_str ( ) ) ;
let flock = match File ::create ( & klock_path ) {
Ok ( flock ) = > flock ,
Err ( e ) = > {
error! ( " ERROR: Refusing to start - unable to create kanidm exclusive lock at {} - {:?} " , klock_path , e ) ;
return ExitCode ::FAILURE
}
} ;
match flock . try_lock_exclusive ( ) {
Ok ( ( ) ) = > debug! ( " Acquired kanidm exclusive lock " ) ,
Err ( e ) = > {
error! ( " ERROR: Refusing to start - unable to lock kanidm exclusive lock at {} - {:?} " , klock_path , e ) ;
error! ( " Is another kanidm process running? " ) ;
return ExitCode ::FAILURE
}
} ;
2022-10-05 01:48:48 +02:00
/*
2022-08-09 05:07:06 +02:00
// Apply any cli overrides, normally debug level.
2022-10-05 01:48:48 +02:00
if opt . commands . commonopt ( ) . debug . as_ref ( ) {
// ::std::env::set_var("RUST_LOG", "tide=info,kanidm=info,webauthn=debug");
2022-08-09 05:07:06 +02:00
}
2022-10-05 01:48:48 +02:00
* /
2022-08-09 05:07:06 +02:00
match & opt . commands {
KanidmdOpt ::Server ( _sopt ) | KanidmdOpt ::ConfigTest ( _sopt ) = > {
let config_test = matches! ( & opt . commands , KanidmdOpt ::ConfigTest ( _ ) ) ;
if config_test {
2023-03-23 05:35:42 +01:00
info! ( " Running in server configuration test mode ... " ) ;
2022-08-09 05:07:06 +02:00
} else {
2023-03-23 05:35:42 +01:00
info! ( " Running in server mode ... " ) ;
2022-08-09 05:07:06 +02:00
} ;
// configuration options that only relate to server mode
2023-01-23 10:58:13 +01:00
config . update_config_for_server_mode ( & sconfig ) ;
2022-08-09 05:07:06 +02:00
if let Some ( i_str ) = & ( sconfig . tls_chain ) {
let i_path = PathBuf ::from ( i_str . as_str ( ) ) ;
2023-03-23 05:35:42 +01:00
let i_meta = match metadata ( & i_path ) {
Ok ( m ) = > m ,
Err ( e ) = > {
error! (
" Unable to read metadata for '{}' - {:?} " ,
& i_path . to_str ( ) . unwrap_or ( " invalid file path " ) ,
e
) ;
return ExitCode ::FAILURE
}
} ;
2023-03-01 04:10:52 +01:00
if ! kanidm_lib_file_permissions ::readonly ( & i_meta ) {
2023-03-23 05:35:42 +01:00
warn! ( " permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ... " , i_str ) ;
2022-02-15 07:17:43 +01:00
}
2022-08-09 05:07:06 +02:00
}
if let Some ( i_str ) = & ( sconfig . tls_key ) {
let i_path = PathBuf ::from ( i_str . as_str ( ) ) ;
2023-03-23 05:35:42 +01:00
let i_meta = match metadata ( & i_path ) {
Ok ( m ) = > m ,
Err ( e ) = > {
error! (
" Unable to read metadata for '{}' - {:?} " ,
& i_path . to_str ( ) . unwrap_or ( " invalid file path " ) ,
e
) ;
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
2023-03-23 05:35:42 +01:00
} ;
if ! kanidm_lib_file_permissions ::readonly ( & i_meta ) {
warn! ( " permissions on {} may not be secure. Should be readonly to running uid. This could be a security risk ... " , i_str ) ;
}
#[ cfg(not(target_os= " windows " )) ]
if i_meta . mode ( ) & 0o007 ! = 0 {
warn! ( " WARNING: {} has 'everyone' permission bits in the mode. This could be a security risk ... " , i_str ) ;
}
2022-08-09 05:07:06 +02:00
}
let sctx = create_server_core ( config , config_test ) . await ;
if ! config_test {
match sctx {
2022-11-23 11:10:43 +01:00
Ok ( mut sctx ) = > {
loop {
2023-01-25 00:43:24 +01:00
#[ cfg(target_family = " unix " ) ]
{
tokio ::select! {
Ok ( ( ) ) = tokio ::signal ::ctrl_c ( ) = > {
break
}
Some ( ( ) ) = async move {
let sigterm = tokio ::signal ::unix ::SignalKind ::terminate ( ) ;
tokio ::signal ::unix ::signal ( sigterm ) . unwrap ( ) . recv ( ) . await
} = > {
break
}
Some ( ( ) ) = async move {
let sigterm = tokio ::signal ::unix ::SignalKind ::alarm ( ) ;
tokio ::signal ::unix ::signal ( sigterm ) . unwrap ( ) . recv ( ) . await
} = > {
// Ignore
}
Some ( ( ) ) = async move {
let sigterm = tokio ::signal ::unix ::SignalKind ::hangup ( ) ;
tokio ::signal ::unix ::signal ( sigterm ) . unwrap ( ) . recv ( ) . await
} = > {
// Ignore
}
Some ( ( ) ) = async move {
let sigterm = tokio ::signal ::unix ::SignalKind ::user_defined1 ( ) ;
tokio ::signal ::unix ::signal ( sigterm ) . unwrap ( ) . recv ( ) . await
} = > {
// Ignore
}
Some ( ( ) ) = async move {
let sigterm = tokio ::signal ::unix ::SignalKind ::user_defined2 ( ) ;
tokio ::signal ::unix ::signal ( sigterm ) . unwrap ( ) . recv ( ) . await
} = > {
// Ignore
}
}
}
#[ cfg(target_family = " windows " ) ]
{
2022-11-23 11:10:43 +01:00
tokio ::select! {
Ok ( ( ) ) = tokio ::signal ::ctrl_c ( ) = > {
break
}
2023-01-25 00:43:24 +01:00
}
2022-11-23 11:10:43 +01:00
}
2022-08-09 05:07:06 +02:00
}
2023-03-23 05:35:42 +01:00
info! ( " Signal received, shutting down " ) ;
2022-11-23 11:10:43 +01:00
// Send a broadcast that we are done.
sctx . shutdown ( ) . await ;
}
2022-08-09 05:07:06 +02:00
Err ( _ ) = > {
2023-03-23 05:35:42 +01:00
error! ( " Failed to start server core! " ) ;
2022-08-09 05:07:06 +02:00
// We may need to return an exit code here, but that may take some re-architecting
// to ensure we drop everything cleanly.
2023-03-23 05:35:42 +01:00
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
2022-02-15 07:17:43 +01:00
}
2023-03-23 05:35:42 +01:00
info! ( " Stopped 🛑 " ) ;
2020-08-04 04:58:11 +02:00
}
2023-06-19 12:51:44 +02:00
}
KanidmdOpt ::CertGenerate ( _sopt ) = > {
info! ( " Running in certificate generate mode ... " ) ;
config . update_config_for_server_mode ( & sconfig ) ;
cert_generate_core ( & config ) ;
2020-06-05 06:01:20 +02:00
}
2022-08-09 05:07:06 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Backup ( bopt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in backup mode ... " ) ;
2022-08-09 05:07:06 +02:00
let p = match bopt . path . to_str ( ) {
Some ( p ) = > p ,
None = > {
2023-03-23 05:35:42 +01:00
error! ( " Invalid backup path " ) ;
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
} ;
backup_server_core ( & config , p ) ;
2019-07-15 01:15:25 +02:00
}
2022-08-09 05:07:06 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Restore ( ropt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in restore mode ... " ) ;
2022-08-09 05:07:06 +02:00
let p = match ropt . path . to_str ( ) {
Some ( p ) = > p ,
None = > {
2023-03-23 05:35:42 +01:00
error! ( " Invalid restore path " ) ;
return ExitCode ::FAILURE
2022-08-09 05:07:06 +02:00
}
} ;
2022-10-24 01:50:31 +02:00
restore_server_core ( & config , p ) . await ;
2019-07-15 01:15:25 +02:00
}
2022-08-09 05:07:06 +02:00
KanidmdOpt ::Database {
commands : DbCommands ::Verify ( _vopt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in db verification mode ... " ) ;
2022-10-24 01:50:31 +02:00
verify_server_core ( & config ) . await ;
2022-08-09 05:07:06 +02:00
}
KanidmdOpt ::RecoverAccount ( raopt ) = > {
2023-03-23 05:35:42 +01:00
info! ( " Running account recovery ... " ) ;
2022-10-24 01:50:31 +02:00
recover_account_core ( & config , & raopt . name ) . await ;
2022-08-09 05:07:06 +02:00
}
KanidmdOpt ::Database {
commands : DbCommands ::Reindex ( _copt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in reindex mode ... " ) ;
2022-10-24 01:50:31 +02:00
reindex_server_core ( & config ) . await ;
2022-08-09 05:07:06 +02:00
}
KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndexes ( _ ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " 👀 db scan - list indexes " ) ;
2022-08-09 05:07:06 +02:00
dbscan_list_indexes_core ( & config ) ;
}
KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListId2Entry ( _ ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " 👀 db scan - list id2entry " ) ;
2022-08-09 05:07:06 +02:00
dbscan_list_id2entry_core ( & config ) ;
}
KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndexAnalysis ( _ ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " 👀 db scan - list index analysis " ) ;
2022-08-09 05:07:06 +02:00
dbscan_list_index_analysis_core ( & config ) ;
}
KanidmdOpt ::DbScan {
commands : DbScanOpt ::ListIndex ( dopt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " 👀 db scan - list index content - {} " , dopt . index_name ) ;
2022-08-09 05:07:06 +02:00
dbscan_list_index_core ( & config , dopt . index_name . as_str ( ) ) ;
}
KanidmdOpt ::DbScan {
commands : DbScanOpt ::GetId2Entry ( dopt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " 👀 db scan - get id2 entry - {} " , dopt . id ) ;
2022-08-09 05:07:06 +02:00
dbscan_get_id2entry_core ( & config , dopt . id ) ;
}
KanidmdOpt ::DomainSettings {
commands : DomainSettingsCmds ::DomainChange ( _dopt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in domain name change mode ... this may take a long time ... " ) ;
2022-10-24 01:50:31 +02:00
domain_rename_core ( & config ) . await ;
2022-08-09 05:07:06 +02:00
}
KanidmdOpt ::Database {
commands : DbCommands ::Vacuum ( _copt ) ,
} = > {
2023-03-23 05:35:42 +01:00
info! ( " Running in vacuum mode ... " ) ;
2022-08-09 05:07:06 +02:00
vacuum_server_core ( & config ) ;
}
2023-01-23 10:58:13 +01:00
KanidmdOpt ::HealthCheck ( sopt ) = > {
config . update_config_for_server_mode ( & sconfig ) ;
debug! ( " {sopt:?} " ) ;
let healthcheck_url = format! ( " https:// {} /status " , config . address ) ;
debug! ( " Checking {healthcheck_url} " ) ;
let client = reqwest ::ClientBuilder ::new ( )
. danger_accept_invalid_certs ( sopt . no_verify_tls )
. danger_accept_invalid_hostnames ( sopt . no_verify_tls )
. https_only ( true ) ;
// TODO: work out how to pull the CA from the chain
// client = match config.tls_config {
// Some(tls_config) => {
// eprintln!("{:?}", tls_config);
// let mut buf = Vec::new();
// File::open(tls_config.chain)
// .unwrap()
// .read_to_end(&mut buf)
// .unwrap();
// eprintln!("buf: {:?}", buf);
// match reqwest::Certificate::from_pem(&buf){
// Ok(cert) => client.add_root_certificate(cert),
// Err(err) => {
// error!("Failed to read TLS chain: {err:?}");
// client
// }
// }
// },
// None => client,
// };
let client = client
. build ( )
. unwrap ( ) ;
let req = match client . get ( & healthcheck_url ) . send ( ) . await {
Ok ( val ) = > val ,
Err ( error ) = > {
let error_message = {
if error . is_timeout ( ) {
format! ( " Timeout connecting to url= {healthcheck_url} " )
} else if error . is_connect ( ) {
2023-01-28 04:52:44 +01:00
format! ( " Connection failed: {} " , error )
2023-01-23 10:58:13 +01:00
} else {
format! ( " Failed to complete healthcheck: {:?} " , error )
}
} ;
2023-03-23 05:35:42 +01:00
error! ( " CRITICAL: {error_message} " ) ;
return ExitCode ::FAILURE
2023-01-23 10:58:13 +01:00
}
} ;
debug! ( " Request: {req:?} " ) ;
2023-03-23 05:35:42 +01:00
info! ( " OK " )
2023-01-23 10:58:13 +01:00
}
2023-01-30 04:20:44 +01:00
KanidmdOpt ::Version ( _ ) = > { }
2022-08-09 05:07:06 +02:00
}
2023-03-23 05:35:42 +01:00
ExitCode ::SUCCESS
2022-08-09 05:07:06 +02:00
} )
2023-03-23 05:35:42 +01:00
. await
2018-09-29 09:54:16 +02:00
}
