1399 cleanup reorg (#1412)

.gitignore

@@ -1,5 +1,4 @@
 altnames.cnf
-
 .DS_Store
 .backup*_test.json
 .backup_test.db
@@ -9,15 +8,13 @@ altnames.cnf
 test.db
 cargo_vendor_config
 /vendor
-kanidm_rlm_python/test_data/certs/
-vendor.tar.gz
-kanidm_rlm_python/test_data/ca.pem
-loc.sh
+rlm_python/test_data/certs/
+rlm_python/test_data/ca.pem
+scripts/loc.sh
 vendor.tar.*
 *.patch
-orca/example_profiles/small/orca-edited.toml
+tools/orca/example_profiles/small/orca-edited.toml
 /docs/
-kanidm_unix_int/pam_tester/Cargo.lock
 .vscode/
 
 # kanidm simple packaging

Cargo.lock

@@ -1152,9 +1152,9 @@ version = "1.1.0-alpha.12-dev"
 dependencies = [
  "clap",
  "clap_complete",
+ "kanidm_lib_file_permissions",
  "kanidm_proto",
  "kanidmd_core",
- "kanidmd_lib",
  "profiles",
  "reqwest",
  "serde",
@@ -2270,6 +2270,30 @@ dependencies = [
  "webauthn-rs-proto",
 ]
 
+[[package]]
+name = "kanidm_lib_crypto"
+version = "0.1.0"
+dependencies = [
+ "base64 0.13.1",
+ "base64urlsafedata",
+ "hex",
+ "kanidm_proto",
+ "openssl",
+ "openssl-sys",
+ "rand 0.8.5",
+ "serde",
+ "sketching",
+ "tracing",
+]
+
+[[package]]
+name = "kanidm_lib_file_permissions"
+version = "0.1.0"
+dependencies = [
+ "users",
+ "whoami",
+]
+
 [[package]]
 name = "kanidm_proto"
 version = "1.1.0-alpha.12-dev"
@@ -2325,9 +2349,10 @@ dependencies = [
  "clap_complete",
  "futures",
  "kanidm_client",
+ "kanidm_lib_crypto",
+ "kanidm_lib_file_permissions",
  "kanidm_proto",
  "kanidmd_core",
- "kanidmd_lib",
  "libc",
  "libsqlite3-sys",
  "lru 0.8.1",
@@ -2398,8 +2423,8 @@ dependencies = [
  "futures",
  "futures-util",
  "hashbrown",
- "hex",
  "idlset",
+ "kanidm_lib_crypto",
  "kanidm_proto",
  "kanidmd_lib_macros",
  "lazy_static",

Cargo.toml

@@ -4,23 +4,25 @@ lto = "thin"
 
 [workspace]
 members = [
-    "iam_migrations/freeipa",
-    "kanidm_client",
-    "kanidm_proto",
-    "kanidm_tools",
-    "kanidm_unix_int",
-    "kanidm_unix_int/nss_kanidm",
-    "kanidm_unix_int/pam_kanidm",
-    "kanidmd_web_ui",
-    "kanidmd/daemon",
-    "kanidmd/lib",
-    "kanidmd/lib-macros",
-    "kanidmd/core",
-    "kanidmd/testkit",
-    "kanidmd/testkit-macros",
-    "orca",
-    "profiles",
-    "sketching"
+    "proto",
+    "tools/cli",
+    "tools/iam_migrations/freeipa",
+    "tools/orca",
+    "unix_integration",
+    "unix_integration/nss_kanidm",
+    "unix_integration/pam_kanidm",
+    "server/web_ui",
+    "server/daemon",
+    "server/lib",
+    "server/lib-macros",
+    "server/core",
+    "server/testkit",
+    "server/testkit-macros",
+    "libs/client",
+    "libs/crypto",
+    "libs/file_permissions",
+    "libs/profiles",
+    "libs/sketching"
 ]
 
 [workspace.package]
@@ -69,14 +71,16 @@ http-types = "^2.12.0"
 idlset = "^0.2.4"
 # idlset = { path = "../idlset" }
 js-sys = "^0.3.58"
-kanidmd_core = { path = "./kanidmd/core" }
-kanidmd_idm = { path = "./kanidmd/idm" }
-kanidmd_lib = { path = "./kanidmd/lib" }
-kanidmd_lib_macros = { path = "./kanidmd/lib-macros" }
-kanidmd_testkit = { path = "./kanidmd/testkit" }
-kanidm_client = { path = "./kanidm_client", version = "1.1.0-alpha.11" }
-kanidm_proto = { path = "./kanidm_proto", version = "1.1.0-alpha.11" }
-kanidm_unix_int = { path = "./kanidm_unix_int" }
+kanidmd_core = { path = "./server/core" }
+kanidmd_idm = { path = "./server/idm" }
+kanidmd_lib = { path = "./server/lib" }
+kanidmd_lib_macros = { path = "./server/lib-macros" }
+kanidm_lib_crypto = { path = "./libs/crypto" }
+kanidm_lib_file_permissions = { path = "./libs/file_permissions" }
+kanidmd_testkit = { path = "./server/testkit" }
+kanidm_client = { path = "./libs/client", version = "1.1.0-alpha.11" }
+kanidm_proto = { path = "./proto", version = "1.1.0-alpha.11" }
+kanidm_unix_int = { path = "./unix_integration" }
 last-git-commit = "0.2.0"
 # REMOVE this
 lazy_static = "^1.4.0"
@@ -100,7 +104,7 @@ openssl = "^0.10.45"
 paste = "^1.0.11"
 pkg-config = "^0.3.26"
 proc-macro2 = "1.0.51"
-profiles = { path = "./profiles" }
+profiles = { path = "./libs/profiles" }
 qrcode = "^0.12.0"
 quote = "1"
 r2d2 = "^0.8.9"
@@ -120,12 +124,12 @@ serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
 serde_json = "^1.0.93"
 serde-wasm-bindgen = "0.4"
 shellexpand = "^2.1.2"
-sketching = { path = "./sketching" }
+sketching = { path = "./libs/sketching" }
 smartstring = "^1.0.1"
 smolset = "^1.3.1"
 sshkeys = "^0.3.1"
 syn = { version = "1.0.109", features = ["full"] }
-testkit-macros = { path = "./kanidmd/testkit-macros" }
+testkit-macros = { path = "./server/testkit-macros" }
 tide = "^0.16.0"
 # Including brotli *very* slow, so don't do that. Including the "default" feature pulls a mime-type list from the internet on build, which isn't used.
 tide-compress = { version="0.10.6", default-features = false, features = [ "gzip", "regex-check" ] }

README.md

@@ -52,7 +52,7 @@ See our [code of conduct]
 See our documentation on [rights and ethics]
 
 [code of conduct]: https://github.com/kanidm/kanidm/blob/master/CODE_OF_CONDUCT.md
-[rights and ethics]: https://github.com/kanidm/kanidm/blob/master/ethics/README.md
+[rights and ethics]: https://github.com/kanidm/kanidm/blob/master/project_docs/ethics/README.md
 
 ## Getting in Contact / Questions
 

book/src/SUMMARY.md

@@ -48,6 +48,7 @@
 # For Developers
 
 - [Developer Guide](DEVELOPER_README.md)
+- [FAQ](developers/faq.md)
 - [Design Documents]()
   - [Access Profiles 2022](developers/designs/access_profiles_rework_2022.md)
   - [Access Profiles Original](developers/designs/access_profiles_and_security.md)

kanidmd/lib/src/credential/policy.rs

@@ -1,46 +0,0 @@
-use std::time::Duration;
-
-use super::{Password, PBKDF2_MIN_NIST_COST};
-
-#[derive(Debug)]
-pub struct CryptoPolicy {
-    pub(crate) pbkdf2_cost: usize,
-}
-
-impl CryptoPolicy {
-    #[cfg(test)]
-    pub(crate) fn minimum() -> Self {
-        CryptoPolicy {
-            pbkdf2_cost: PBKDF2_MIN_NIST_COST,
-        }
-    }
-
-    pub fn time_target(t: Duration) -> Self {
-        let r = match Password::bench_pbkdf2(PBKDF2_MIN_NIST_COST * 10) {
-            Some(bt) => {
-                let ubt = bt.as_nanos() as usize;
-
-                // Get the cost per thousand rounds
-                let per_thou = (PBKDF2_MIN_NIST_COST * 10) / 1000;
-                let t_per_thou = ubt / per_thou;
-                // eprintln!("{} / {}", ubt, per_thou);
-
-                // Now we need the attacker work in nanos
-                let attack_time = t.as_nanos() as usize;
-                let r = (attack_time / t_per_thou) * 1000;
-
-                // eprintln!("({} / {} ) * 1000", attack_time, t_per_thou);
-                // eprintln!("Maybe rounds -> {}", r);
-
-                if r < PBKDF2_MIN_NIST_COST {
-                    PBKDF2_MIN_NIST_COST
-                } else {
-                    r
-                }
-            }
-            None => PBKDF2_MIN_NIST_COST,
-        };
-
-        CryptoPolicy { pbkdf2_cost: r }
-    }
-}