mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-04-30 22:25:06 +02:00
Code Issues Actions10 Packages Projects Releases Wiki Activity

Update

Browse source
This commit is contained in:
William Brown 2025-04-09 11:53:49 +10:00
parent ab740eba60
commit 04690e3732
3 changed files with 9 additions and 9 deletions
unix_integration/resolver/src
idprovider
interface.rskanidm.rs
resolver.rs

2
unix_integration/resolver/src/idprovider/interface.rs
View file

@ -195,7 +195,7 @@ impl Into<PamAuthResponse> for AuthRequest {
pub enum AuthResult { pub enum AuthResult {
Success, Success,
SuccessUpdate { token: UserToken }, SuccessUpdate { new_token: UserToken },
Denied, Denied,
Next(AuthRequest), Next(AuthRequest),
} }

12
unix_integration/resolver/src/idprovider/kanidm.rs
View file

@ -460,23 +460,23 @@ impl IdProvider for KanidmProvider {
match auth_result { match auth_result {
Ok(Some(n_tok)) => { Ok(Some(n_tok)) => {
let mut token = UserToken::from(n_tok); let mut new_token = UserToken::from(n_tok);
// Update any keys that may have been in the db in the current // Update any keys that may have been in the db in the current
// token. // token.
if let Some(previous_token) = current_token { if let Some(previous_token) = current_token {
token.extra_keys = previous_token.extra_keys.clone(); new_token.extra_keys = previous_token.extra_keys.clone();
} }
// Set any new keys that are relevant from this authentication // Set any new keys that are relevant from this authentication
token.kanidm_update_cached_password( new_token.kanidm_update_cached_password(
&inner.crypto_policy, &inner.crypto_policy,
cred.as_str(), cred.as_str(),
tpm, tpm,
&inner.hmac_key, &inner.hmac_key,
); );
Ok(AuthResult::SuccessUpdate { token }) Ok(AuthResult::SuccessUpdate { new_token })
} }
Ok(None) => { Ok(None) => {
// TODO: i'm not a huge fan of this rn, but currently the way we handle // TODO: i'm not a huge fan of this rn, but currently the way we handle
@ -583,11 +583,11 @@ impl IdProvider for KanidmProvider {
if session_token.kanidm_check_cached_password(cred.as_str(), tpm, &inner.hmac_key) { if session_token.kanidm_check_cached_password(cred.as_str(), tpm, &inner.hmac_key) {
// Ensure we have either the latest token, or if none, at least the session token. // Ensure we have either the latest token, or if none, at least the session token.
let token = current_token.unwrap_or(session_token).clone(); let new_token = current_token.unwrap_or(session_token).clone();
// TODO: We can update the token here and then do lockouts. // TODO: We can update the token here and then do lockouts.
Ok(AuthResult::SuccessUpdate { token }) Ok(AuthResult::SuccessUpdate { new_token })
} else { } else {
Ok(AuthResult::Denied) Ok(AuthResult::Denied)
} }

4
unix_integration/resolver/src/resolver.rs
View file

@ -1202,8 +1202,8 @@ impl Resolver {
*auth_session = AuthSession::Success; *auth_session = AuthSession::Success;
Ok(PamAuthResponse::Success) Ok(PamAuthResponse::Success)
} }
Ok(AuthResult::SuccessUpdate { mut token }) => { Ok(AuthResult::SuccessUpdate { mut new_token }) => {
self.set_cache_usertoken(&mut token, hsm_lock.deref_mut()) self.set_cache_usertoken(&mut new_token, hsm_lock.deref_mut())
.await?; .await?;
*auth_session = AuthSession::Success; *auth_session = AuthSession::Success;