Update

2025-04-23 18:55:38 +02:00 · 2025-04-09 11:53:49 +10:00 · 2025-04-09 11:53:49 +10:00 · 04690e3732
parent ab740eba60
commit 04690e3732
3 changed files with 9 additions and 9 deletions
--- a/unix_integration/resolver/src/idprovider/interface.rs
+++ b/unix_integration/resolver/src/idprovider/interface.rs
@ -195,7 +195,7 @@ impl Into<PamAuthResponse> for AuthRequest {

 pub enum AuthResult {
    Success,
-    SuccessUpdate { token: UserToken },
+    SuccessUpdate { new_token: UserToken },
    Denied,
    Next(AuthRequest),
 }
--- a/unix_integration/resolver/src/idprovider/kanidm.rs
+++ b/unix_integration/resolver/src/idprovider/kanidm.rs
@ -460,23 +460,23 @@ impl IdProvider for KanidmProvider {

                match auth_result {
                    Ok(Some(n_tok)) => {
-                        let mut token = UserToken::from(n_tok);
+                        let mut new_token = UserToken::from(n_tok);

                        // Update any keys that may have been in the db in the current
                        // token.
                        if let Some(previous_token) = current_token {
-                            token.extra_keys = previous_token.extra_keys.clone();
+                            new_token.extra_keys = previous_token.extra_keys.clone();
                        }

                        // Set any new keys that are relevant from this authentication
-                        token.kanidm_update_cached_password(
+                        new_token.kanidm_update_cached_password(
                            &inner.crypto_policy,
                            cred.as_str(),
                            tpm,
                            &inner.hmac_key,
                        );

-                        Ok(AuthResult::SuccessUpdate { token })
+                        Ok(AuthResult::SuccessUpdate { new_token })
                    }
                    Ok(None) => {
                        // TODO: i'm not a huge fan of this rn, but currently the way we handle
@ -583,11 +583,11 @@ impl IdProvider for KanidmProvider {

                if session_token.kanidm_check_cached_password(cred.as_str(), tpm, &inner.hmac_key) {
                    // Ensure we have either the latest token, or if none, at least the session token.
-                    let token = current_token.unwrap_or(session_token).clone();
+                    let new_token = current_token.unwrap_or(session_token).clone();

                    // TODO: We can update the token here and then do lockouts.

-                    Ok(AuthResult::SuccessUpdate { token })
+                    Ok(AuthResult::SuccessUpdate { new_token })
                } else {
                    Ok(AuthResult::Denied)
                }
--- a/unix_integration/resolver/src/resolver.rs
+++ b/unix_integration/resolver/src/resolver.rs
@ -1202,8 +1202,8 @@ impl Resolver {
                *auth_session = AuthSession::Success;
                Ok(PamAuthResponse::Success)
            }
-            Ok(AuthResult::SuccessUpdate { mut token }) => {
-                self.set_cache_usertoken(&mut token, hsm_lock.deref_mut())
+            Ok(AuthResult::SuccessUpdate { mut new_token }) => {
+                self.set_cache_usertoken(&mut new_token, hsm_lock.deref_mut())
                    .await?;
                *auth_session = AuthSession::Success;