From 0ce333ff5a05fdface9c8c90434469046002f22c Mon Sep 17 00:00:00 2001 From: Firstyear Date: Mon, 17 Jun 2024 08:21:25 +1000 Subject: [PATCH] Allow providers to be box dyn (#2794) * Allow providers to be box dyn in kanidm_unixd * Massive refactor --- Cargo.lock | 24 ++- Cargo.toml | 5 +- unix_integration/common/Cargo.toml | 36 +++++ unix_integration/common/build.rs | 6 + unix_integration/{ => common}/src/client.rs | 0 .../{ => common}/src/client_sync.rs | 0 .../{ => common}/src/constants.rs | 0 unix_integration/common/src/lib.rs | 28 ++++ unix_integration/common/src/unix_config.rs | 143 +++++++++++++++++ .../{ => common}/src/unix_passwd.rs | 0 .../{ => common}/src/unix_proto.rs | 0 unix_integration/nss_kanidm/Cargo.toml | 2 +- unix_integration/pam_kanidm/Cargo.toml | 2 +- unix_integration/{ => resolver}/Cargo.toml | 18 +-- unix_integration/{ => resolver}/build.rs | 0 .../src/bin/kanidm-unix.rs} | 2 +- .../src/bin/kanidm_ssh_authorizedkeys.rs} | 2 +- .../src/bin/kanidm_unixd.rs} | 17 +- .../src/bin/kanidm_unixd_tasks.rs} | 4 +- unix_integration/{ => resolver}/src/db.rs | 146 +++++++----------- .../src/idprovider/interface.rs | 30 ++-- .../{ => resolver}/src/idprovider/kanidm.rs | 22 +-- .../{ => resolver}/src/idprovider/mod.rs | 0 unix_integration/{ => resolver}/src/lib.rs | 12 -- .../src/opt/ssh_authorizedkeys.rs | 0 .../{ => resolver}/src/opt/tool.rs | 0 .../{ => resolver}/src/resolver.rs | 38 +++-- .../{ => resolver}/src/selinux_util.rs | 0 .../{ => resolver}/src/unix_config.rs | 46 +----- .../{ => resolver}/tests/cache_layer_test.rs | 12 +- unix_integration/src/pam_data.rs | 7 - 31 files changed, 366 insertions(+), 236 deletions(-) create mode 100644 unix_integration/common/Cargo.toml create mode 100644 unix_integration/common/build.rs rename unix_integration/{ => common}/src/client.rs (100%) rename unix_integration/{ => common}/src/client_sync.rs (100%) rename unix_integration/{ => common}/src/constants.rs (100%) create mode 100644 unix_integration/common/src/lib.rs create mode 100644 unix_integration/common/src/unix_config.rs rename unix_integration/{ => common}/src/unix_passwd.rs (100%) rename unix_integration/{ => common}/src/unix_proto.rs (100%) rename unix_integration/{ => resolver}/Cargo.toml (88%) rename unix_integration/{ => resolver}/build.rs (100%) rename unix_integration/{src/tool.rs => resolver/src/bin/kanidm-unix.rs} (99%) rename unix_integration/{src/ssh_authorizedkeys.rs => resolver/src/bin/kanidm_ssh_authorizedkeys.rs} (98%) rename unix_integration/{src/daemon.rs => resolver/src/bin/kanidm_unixd.rs} (98%) rename unix_integration/{src/tasks_daemon.rs => resolver/src/bin/kanidm_unixd_tasks.rs} (99%) rename unix_integration/{ => resolver}/src/db.rs (93%) rename unix_integration/{ => resolver}/src/idprovider/interface.rs (91%) rename unix_integration/{ => resolver}/src/idprovider/kanidm.rs (96%) rename unix_integration/{ => resolver}/src/idprovider/mod.rs (100%) rename unix_integration/{ => resolver}/src/lib.rs (71%) rename unix_integration/{ => resolver}/src/opt/ssh_authorizedkeys.rs (100%) rename unix_integration/{ => resolver}/src/opt/tool.rs (100%) rename unix_integration/{ => resolver}/src/resolver.rs (98%) rename unix_integration/{ => resolver}/src/selinux_util.rs (100%) rename unix_integration/{ => resolver}/src/unix_config.rs (92%) rename unix_integration/{ => resolver}/tests/cache_layer_test.rs (98%) delete mode 100644 unix_integration/src/pam_data.rs diff --git a/Cargo.lock b/Cargo.lock index 0fb5156ce..caa20414a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3396,16 +3396,30 @@ dependencies = [ "zxcvbn", ] +[[package]] +name = "kanidm_unix_common" +version = "1.3.0-dev" +dependencies = [ + "bytes", + "csv", + "futures", + "kanidm_build_profiles", + "serde", + "serde_json", + "tokio", + "tokio-util", + "toml", + "tracing", +] + [[package]] name = "kanidm_unix_int" version = "1.3.0-dev" dependencies = [ "async-trait", - "base64urlsafedata 0.5.0", "bytes", "clap", "clap_complete", - "csv", "futures", "hashbrown 0.14.5", "kanidm-hsm-crypto", @@ -3414,11 +3428,11 @@ dependencies = [ "kanidm_lib_crypto", "kanidm_lib_file_permissions", "kanidm_proto", + "kanidm_unix_common", "kanidm_utils_users", "kanidmd_core", "kanidmd_testkit", "libc", - "libsqlite3-sys", "lru", "mimalloc", "notify-debouncer-full", @@ -4118,7 +4132,7 @@ dependencies = [ name = "nss_kanidm" version = "1.3.0-dev" dependencies = [ - "kanidm_unix_int", + "kanidm_unix_common", "lazy_static", "libc", "libnss", @@ -4533,7 +4547,7 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" name = "pam_kanidm" version = "1.3.0-dev" dependencies = [ - "kanidm_unix_int", + "kanidm_unix_common", "libc", "pkg-config", "tracing", diff --git a/Cargo.toml b/Cargo.toml index 5d6f8b01b..f247007f9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,9 +18,10 @@ members = [ "tools/iam_migrations/freeipa", "tools/iam_migrations/ldap", "tools/orca", - "unix_integration", + "unix_integration/common", "unix_integration/nss_kanidm", "unix_integration/pam_kanidm", + "unix_integration/resolver", "server/web_ui/admin", "server/web_ui/login_flows", "server/web_ui/user", @@ -135,7 +136,7 @@ kanidm-hsm-crypto = "^0.2.0" kanidm_lib_crypto = { path = "./libs/crypto", version = "=1.3.0-dev" } kanidm_lib_file_permissions = { path = "./libs/file_permissions", version = "=1.3.0-dev" } kanidm_proto = { path = "./proto", version = "=1.3.0-dev" } -kanidm_unix_int = { path = "./unix_integration", version = "=1.3.0-dev" } +kanidm_unix_common = { path = "./unix_integration/common", version = "=1.3.0-dev" } kanidm_utils_users = { path = "./libs/users", version = "=1.3.0-dev" } sketching = { path = "./libs/sketching", version = "=1.3.0-dev" } diff --git a/unix_integration/common/Cargo.toml b/unix_integration/common/Cargo.toml new file mode 100644 index 000000000..cb408e2af --- /dev/null +++ b/unix_integration/common/Cargo.toml @@ -0,0 +1,36 @@ +[package] +name = "kanidm_unix_common" +description = "Kanidm Unix Resolver - Common Libraries" +documentation = "https://docs.rs/kanidm/latest/kanidm/" + +version = { workspace = true } +authors = { workspace = true } +rust-version = { workspace = true } +edition = { workspace = true } +license = { workspace = true } +homepage = { workspace = true } +repository = { workspace = true } + +[features] +default = ["unix"] +unix = [] + +[lib] +name = "kanidm_unix_common" +path = "src/lib.rs" +test = true +doctest = false + +[dependencies] +bytes = { workspace = true } +csv = { workspace = true } +futures = { workspace = true } +serde = { workspace = true, features = ["derive"] } +serde_json = { workspace = true } +toml = { workspace = true } +tokio = { workspace = true, features = ["time","net","macros"] } +tokio-util = { workspace = true, features = ["codec"] } +tracing = { workspace = true } + +[build-dependencies] +kanidm_build_profiles = { workspace = true } diff --git a/unix_integration/common/build.rs b/unix_integration/common/build.rs new file mode 100644 index 000000000..f003aff33 --- /dev/null +++ b/unix_integration/common/build.rs @@ -0,0 +1,6 @@ +fn main() { + profiles::apply_profile(); + + println!("cargo:rerun-if-changed=build.rs"); + println!("cargo:rerun-if-env-changed=OUT_DIR"); +} diff --git a/unix_integration/src/client.rs b/unix_integration/common/src/client.rs similarity index 100% rename from unix_integration/src/client.rs rename to unix_integration/common/src/client.rs diff --git a/unix_integration/src/client_sync.rs b/unix_integration/common/src/client_sync.rs similarity index 100% rename from unix_integration/src/client_sync.rs rename to unix_integration/common/src/client_sync.rs diff --git a/unix_integration/src/constants.rs b/unix_integration/common/src/constants.rs similarity index 100% rename from unix_integration/src/constants.rs rename to unix_integration/common/src/constants.rs diff --git a/unix_integration/common/src/lib.rs b/unix_integration/common/src/lib.rs new file mode 100644 index 000000000..ee8f849de --- /dev/null +++ b/unix_integration/common/src/lib.rs @@ -0,0 +1,28 @@ +#![deny(warnings)] +#![warn(unused_extern_crates)] +#![deny(clippy::todo)] +#![deny(clippy::unimplemented)] +#![deny(clippy::unwrap_used)] +#![deny(clippy::expect_used)] +#![deny(clippy::panic)] +#![deny(clippy::unreachable)] +#![deny(clippy::await_holding_lock)] +#![deny(clippy::needless_pass_by_value)] +#![deny(clippy::trivially_copy_pass_by_ref)] + +#[cfg(target_family = "unix")] +#[macro_use] +extern crate tracing; + +#[cfg(target_family = "unix")] +pub mod client; +#[cfg(target_family = "unix")] +pub mod client_sync; +#[cfg(target_family = "unix")] +pub mod constants; +#[cfg(target_family = "unix")] +pub mod unix_config; +#[cfg(target_family = "unix")] +pub mod unix_passwd; +#[cfg(target_family = "unix")] +pub mod unix_proto; diff --git a/unix_integration/common/src/unix_config.rs b/unix_integration/common/src/unix_config.rs new file mode 100644 index 000000000..931b6d735 --- /dev/null +++ b/unix_integration/common/src/unix_config.rs @@ -0,0 +1,143 @@ +use std::fmt::{Display, Formatter}; +use std::fs::File; +use std::io::{ErrorKind, Read}; +use std::path::Path; + +use crate::unix_passwd::UnixIntegrationError; + +use serde::Deserialize; + +use crate::constants::*; + +#[derive(Debug, Copy, Clone)] +pub enum HomeAttr { + Uuid, + Spn, + Name, +} + +impl Display for HomeAttr { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!( + f, + "{}", + match self { + HomeAttr::Uuid => "UUID", + HomeAttr::Spn => "SPN", + HomeAttr::Name => "Name", + } + ) + } +} + +#[derive(Debug, Copy, Clone)] +pub enum UidAttr { + Name, + Spn, +} + +impl Display for UidAttr { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!( + f, + "{}", + match self { + UidAttr::Name => "Name", + UidAttr::Spn => "SPN", + } + ) + } +} + +#[derive(Debug, Deserialize)] +struct ConfigInt { + sock_path: Option, + conn_timeout: Option, +} + +#[derive(Debug)] +pub struct KanidmUnixdConfig { + pub sock_path: String, + // pub conn_timeout: u64, + pub unix_sock_timeout: u64, +} + +impl Default for KanidmUnixdConfig { + fn default() -> Self { + KanidmUnixdConfig::new() + } +} + +impl Display for KanidmUnixdConfig { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + writeln!(f, "sock_path: {}", self.sock_path)?; + writeln!(f, "unix_sock_timeout: {}", self.unix_sock_timeout) + } +} + +impl KanidmUnixdConfig { + pub fn new() -> Self { + KanidmUnixdConfig { + sock_path: DEFAULT_SOCK_PATH.to_string(), + unix_sock_timeout: DEFAULT_CONN_TIMEOUT * 2, + } + } + + pub fn read_options_from_optional_config + std::fmt::Debug>( + self, + config_path: P, + ) -> Result { + debug!("Attempting to load configuration from {:#?}", &config_path); + let mut f = match File::open(&config_path) { + Ok(f) => { + debug!("Successfully opened configuration file {:#?}", &config_path); + f + } + Err(e) => { + match e.kind() { + ErrorKind::NotFound => { + debug!( + "Configuration file {:#?} not found, skipping.", + &config_path + ); + } + ErrorKind::PermissionDenied => { + warn!( + "Permission denied loading configuration file {:#?}, skipping.", + &config_path + ); + } + _ => { + debug!( + "Unable to open config file {:#?} [{:?}], skipping ...", + &config_path, e + ); + } + }; + return Ok(self); + } + }; + + let mut contents = String::new(); + f.read_to_string(&mut contents).map_err(|e| { + error!("{:?}", e); + UnixIntegrationError + })?; + + let config: ConfigInt = toml::from_str(contents.as_str()).map_err(|e| { + error!("{:?}", e); + UnixIntegrationError + })?; + + let unix_sock_timeout = config + .conn_timeout + .map(|v| v * 2) + .unwrap_or(self.unix_sock_timeout); + + // Now map the values into our config. + Ok(KanidmUnixdConfig { + sock_path: config.sock_path.unwrap_or(self.sock_path), + unix_sock_timeout, + }) + } +} diff --git a/unix_integration/src/unix_passwd.rs b/unix_integration/common/src/unix_passwd.rs similarity index 100% rename from unix_integration/src/unix_passwd.rs rename to unix_integration/common/src/unix_passwd.rs diff --git a/unix_integration/src/unix_proto.rs b/unix_integration/common/src/unix_proto.rs similarity index 100% rename from unix_integration/src/unix_proto.rs rename to unix_integration/common/src/unix_proto.rs diff --git a/unix_integration/nss_kanidm/Cargo.toml b/unix_integration/nss_kanidm/Cargo.toml index f15d39642..a452b3236 100644 --- a/unix_integration/nss_kanidm/Cargo.toml +++ b/unix_integration/nss_kanidm/Cargo.toml @@ -15,7 +15,7 @@ crate-type = [ "cdylib" ] path = "src/lib.rs" [dependencies] -kanidm_unix_int = { workspace = true } +kanidm_unix_common = { workspace = true } [target.'cfg(not(target_family = "windows"))'.dependencies] libnss = { workspace = true } diff --git a/unix_integration/pam_kanidm/Cargo.toml b/unix_integration/pam_kanidm/Cargo.toml index 7d8d18d35..bd0b6d6a2 100644 --- a/unix_integration/pam_kanidm/Cargo.toml +++ b/unix_integration/pam_kanidm/Cargo.toml @@ -16,7 +16,7 @@ crate-type = [ "cdylib" ] path = "src/lib.rs" [dependencies] -kanidm_unix_int = { workspace = true } +kanidm_unix_common = { workspace = true } libc = { workspace = true } tracing-subscriber = { workspace = true } tracing = { workspace = true } diff --git a/unix_integration/Cargo.toml b/unix_integration/resolver/Cargo.toml similarity index 88% rename from unix_integration/Cargo.toml rename to unix_integration/resolver/Cargo.toml index 701e8e7dd..3c02db2d5 100644 --- a/unix_integration/Cargo.toml +++ b/unix_integration/resolver/Cargo.toml @@ -19,54 +19,55 @@ tpm = ["kanidm-hsm-crypto/tpm"] [[bin]] name = "kanidm_unixd" -path = "src/daemon.rs" +path = "src/bin/kanidm_unixd.rs" required-features = ["unix"] test = true doctest = false [[bin]] name = "kanidm_unixd_tasks" -path = "src/tasks_daemon.rs" +path = "src/bin/kanidm_unixd_tasks.rs" required-features = ["unix"] test = true doctest = false [[bin]] name = "kanidm_ssh_authorizedkeys" -path = "src/ssh_authorizedkeys.rs" +path = "src/bin/kanidm_ssh_authorizedkeys.rs" required-features = ["unix"] test = true doctest = false [[bin]] name = "kanidm-unix" -path = "src/tool.rs" +path = "src/bin/kanidm-unix.rs" required-features = ["unix"] test = true doctest = false [lib] -name = "kanidm_unix_common" +name = "kanidm_unix_resolver" path = "src/lib.rs" test = true doctest = false [dependencies] async-trait.workspace = true -base64urlsafedata = { workspace = true } +# base64urlsafedata = { workspace = true } bytes = { workspace = true } clap = { workspace = true, features = ["derive", "env"] } -csv = { workspace = true } +# csv = { workspace = true } futures = { workspace = true } hashbrown = { workspace = true } libc = { workspace = true } -libsqlite3-sys = { workspace = true } +# libsqlite3-sys = { workspace = true } lru = { workspace = true } kanidm_client = { workspace = true } kanidm_proto = { workspace = true } kanidm-hsm-crypto = { workspace = true } kanidm_lib_crypto = { workspace = true } kanidm_lib_file_permissions = { workspace = true } +kanidm_unix_common = { workspace = true } notify-debouncer-full = { workspace = true } rpassword = { workspace = true } rusqlite = { workspace = true } @@ -74,7 +75,6 @@ selinux = { workspace = true, optional = true } serde = { workspace = true, features = ["derive"] } serde_json = { workspace = true } sketching = { workspace = true } - toml = { workspace = true } tokio = { workspace = true, features = [ "rt", diff --git a/unix_integration/build.rs b/unix_integration/resolver/build.rs similarity index 100% rename from unix_integration/build.rs rename to unix_integration/resolver/build.rs diff --git a/unix_integration/src/tool.rs b/unix_integration/resolver/src/bin/kanidm-unix.rs similarity index 99% rename from unix_integration/src/tool.rs rename to unix_integration/resolver/src/bin/kanidm-unix.rs index 65fb3a4ec..d4905b618 100644 --- a/unix_integration/src/tool.rs +++ b/unix_integration/resolver/src/bin/kanidm-unix.rs @@ -25,7 +25,7 @@ use kanidm_unix_common::unix_proto::{ // use std::io; use std::path::PathBuf; -include!("./opt/tool.rs"); +include!("../opt/tool.rs"); #[tokio::main(flavor = "current_thread")] async fn main() -> ExitCode { diff --git a/unix_integration/src/ssh_authorizedkeys.rs b/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs similarity index 98% rename from unix_integration/src/ssh_authorizedkeys.rs rename to unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs index cd11da89d..6adea63ce 100644 --- a/unix_integration/src/ssh_authorizedkeys.rs +++ b/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs @@ -22,7 +22,7 @@ use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH; use kanidm_unix_common::unix_config::KanidmUnixdConfig; use kanidm_unix_common::unix_proto::{ClientRequest, ClientResponse}; -include!("./opt/ssh_authorizedkeys.rs"); +include!("../opt/ssh_authorizedkeys.rs"); #[tokio::main(flavor = "current_thread")] async fn main() -> ExitCode { diff --git a/unix_integration/src/daemon.rs b/unix_integration/resolver/src/bin/kanidm_unixd.rs similarity index 98% rename from unix_integration/src/daemon.rs rename to unix_integration/resolver/src/bin/kanidm_unixd.rs index 19f085d45..dbe775bb8 100644 --- a/unix_integration/src/daemon.rs +++ b/unix_integration/resolver/src/bin/kanidm_unixd.rs @@ -27,13 +27,12 @@ use futures::{SinkExt, StreamExt}; use kanidm_client::KanidmClientBuilder; use kanidm_proto::constants::DEFAULT_CLIENT_CONFIG_PATH; use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH; -use kanidm_unix_common::db::{Cache, CacheTxn, Db}; -use kanidm_unix_common::idprovider::kanidm::KanidmProvider; -// use kanidm_unix_common::idprovider::interface::AuthSession; -use kanidm_unix_common::resolver::Resolver; -use kanidm_unix_common::unix_config::{HsmType, KanidmUnixdConfig}; use kanidm_unix_common::unix_passwd::{parse_etc_group, parse_etc_passwd}; use kanidm_unix_common::unix_proto::{ClientRequest, ClientResponse, TaskRequest, TaskResponse}; +use kanidm_unix_resolver::db::{Cache, Db}; +use kanidm_unix_resolver::idprovider::kanidm::KanidmProvider; +use kanidm_unix_resolver::resolver::Resolver; +use kanidm_unix_resolver::unix_config::{HsmType, KanidmUnixdConfig}; use kanidm_utils_users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid}; use libc::umask; @@ -191,7 +190,7 @@ async fn handle_task_client( async fn handle_client( sock: UnixStream, - cachelayer: Arc>, + cachelayer: Arc, task_channel_tx: &Sender, ) -> Result<(), Box> { debug!("Accepted connection"); @@ -431,9 +430,7 @@ async fn handle_client( Ok(()) } -async fn process_etc_passwd_group( - cachelayer: &Resolver, -) -> Result<(), Box> { +async fn process_etc_passwd_group(cachelayer: &Resolver) -> Result<(), Box> { let mut file = File::open("/etc/passwd").await?; let mut contents = vec![]; file.read_to_end(&mut contents).await?; @@ -925,7 +922,7 @@ async fn main() -> ExitCode { let cl_inner = match Resolver::new( db, - idprovider, + Box::new(idprovider), hsm, machine_key, cfg.cache_timeout, diff --git a/unix_integration/src/tasks_daemon.rs b/unix_integration/resolver/src/bin/kanidm_unixd_tasks.rs similarity index 99% rename from unix_integration/src/tasks_daemon.rs rename to unix_integration/resolver/src/bin/kanidm_unixd_tasks.rs index 3ca3a521a..375862f0f 100644 --- a/unix_integration/src/tasks_daemon.rs +++ b/unix_integration/resolver/src/bin/kanidm_unixd_tasks.rs @@ -21,8 +21,8 @@ use std::{fs, io}; use bytes::{BufMut, BytesMut}; use futures::{SinkExt, StreamExt}; use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH; -use kanidm_unix_common::unix_config::KanidmUnixdConfig; use kanidm_unix_common::unix_proto::{HomeDirectoryInfo, TaskRequest, TaskResponse}; +use kanidm_unix_resolver::unix_config::KanidmUnixdConfig; use kanidm_utils_users::{get_effective_gid, get_effective_uid}; use libc::{lchown, umask}; use sketching::tracing_forest::traits::*; @@ -35,7 +35,7 @@ use tokio_util::codec::{Decoder, Encoder, Framed}; use walkdir::WalkDir; #[cfg(all(target_family = "unix", feature = "selinux"))] -use kanidm_unix_common::selinux_util; +use crate::selinux_util; struct TaskCodec; diff --git a/unix_integration/src/db.rs b/unix_integration/resolver/src/db.rs similarity index 93% rename from unix_integration/src/db.rs rename to unix_integration/resolver/src/db.rs index bfad4251e..108130032 100644 --- a/unix_integration/src/db.rs +++ b/unix_integration/resolver/src/db.rs @@ -47,75 +47,6 @@ pub enum CacheError { Tpm, } -pub trait CacheTxn { - fn migrate(&mut self) -> Result<(), CacheError>; - - fn commit(self) -> Result<(), CacheError>; - - fn invalidate(&mut self) -> Result<(), CacheError>; - - fn clear(&mut self) -> Result<(), CacheError>; - - fn clear_hsm(&mut self) -> Result<(), CacheError>; - - fn get_hsm_machine_key(&mut self) -> Result, CacheError>; - - fn insert_hsm_machine_key( - &mut self, - machine_key: &LoadableMachineKey, - ) -> Result<(), CacheError>; - - fn get_hsm_hmac_key(&mut self) -> Result, CacheError>; - - fn insert_hsm_hmac_key(&mut self, hmac_key: &LoadableHmacKey) -> Result<(), CacheError>; - - fn get_account(&mut self, account_id: &Id) -> Result, CacheError>; - - fn get_accounts(&mut self) -> Result, CacheError>; - - fn update_account(&mut self, account: &UserToken, expire: u64) -> Result<(), CacheError>; - - fn delete_account(&mut self, a_uuid: Uuid) -> Result<(), CacheError>; - - fn update_account_password( - &mut self, - a_uuid: Uuid, - cred: &str, - hsm: &mut dyn Tpm, - hmac_key: &HmacKey, - ) -> Result<(), CacheError>; - - fn check_account_password( - &mut self, - a_uuid: Uuid, - cred: &str, - hsm: &mut dyn Tpm, - hmac_key: &HmacKey, - ) -> Result; - - fn get_group(&mut self, grp_id: &Id) -> Result, CacheError>; - - fn get_group_members(&mut self, g_uuid: Uuid) -> Result, CacheError>; - - fn get_groups(&mut self) -> Result, CacheError>; - - fn update_group(&mut self, grp: &GroupToken, expire: u64) -> Result<(), CacheError>; - - fn delete_group(&mut self, g_uuid: Uuid) -> Result<(), CacheError>; -} - -pub trait KeyStoreTxn { - fn get_tagged_hsm_key( - &mut self, - tag: &str, - ) -> Result, CacheError>; - - fn insert_tagged_hsm_key(&mut self, tag: &str, key: &K) - -> Result<(), CacheError>; - - fn delete_tagged_hsm_key(&mut self, tag: &str) -> Result<(), CacheError>; -} - pub struct Db { conn: Mutex, crypto_policy: CryptoPolicy, @@ -127,6 +58,16 @@ pub struct DbTxn<'a> { crypto_policy: &'a CryptoPolicy, } +pub struct KeyStoreTxn<'a, 'b> { + db: &'b mut DbTxn<'a>, +} + +impl<'a, 'b> From<&'b mut DbTxn<'a>> for KeyStoreTxn<'a, 'b> { + fn from(db: &'b mut DbTxn<'a>) -> Self { + Self { db } + } +} + #[derive(Debug)] /// Errors coming back from the `Db` struct pub enum DbError { @@ -312,7 +253,28 @@ impl<'a> DbTxn<'a> { } } -impl<'a> KeyStoreTxn for DbTxn<'a> { +impl<'a, 'b> KeyStoreTxn<'a, 'b> { + pub fn get_tagged_hsm_key( + &mut self, + tag: &str, + ) -> Result, CacheError> { + self.db.get_tagged_hsm_key(tag) + } + + pub fn insert_tagged_hsm_key( + &mut self, + tag: &str, + key: &K, + ) -> Result<(), CacheError> { + self.db.insert_tagged_hsm_key(tag, key) + } + + pub fn delete_tagged_hsm_key(&mut self, tag: &str) -> Result<(), CacheError> { + self.db.delete_tagged_hsm_key(tag) + } +} + +impl<'a> DbTxn<'a> { fn get_tagged_hsm_key( &mut self, tag: &str, @@ -380,8 +342,8 @@ impl<'a> KeyStoreTxn for DbTxn<'a> { } } -impl<'a> CacheTxn for DbTxn<'a> { - fn migrate(&mut self) -> Result<(), CacheError> { +impl<'a> DbTxn<'a> { + pub fn migrate(&mut self) -> Result<(), CacheError> { self.conn.set_prepared_statement_cache_capacity(16); self.conn .prepare("PRAGMA journal_mode=WAL;") @@ -488,7 +450,7 @@ impl<'a> CacheTxn for DbTxn<'a> { Ok(()) } - fn commit(mut self) -> Result<(), CacheError> { + pub fn commit(mut self) -> Result<(), CacheError> { // debug!("Committing BE txn"); if self.committed { error!("Invalid state, SQL transaction was already committed!"); @@ -502,7 +464,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map_err(|e| self.sqlite_error("commit", &e)) } - fn invalidate(&mut self) -> Result<(), CacheError> { + pub fn invalidate(&mut self) -> Result<(), CacheError> { self.conn .execute("UPDATE group_t SET expiry = 0", []) .map_err(|e| self.sqlite_error("update group_t", &e))?; @@ -514,7 +476,7 @@ impl<'a> CacheTxn for DbTxn<'a> { Ok(()) } - fn clear(&mut self) -> Result<(), CacheError> { + pub fn clear(&mut self) -> Result<(), CacheError> { self.conn .execute("DELETE FROM memberof_t", []) .map_err(|e| self.sqlite_error("delete memberof_t", &e))?; @@ -530,7 +492,7 @@ impl<'a> CacheTxn for DbTxn<'a> { Ok(()) } - fn clear_hsm(&mut self) -> Result<(), CacheError> { + pub fn clear_hsm(&mut self) -> Result<(), CacheError> { self.clear()?; self.conn @@ -544,7 +506,7 @@ impl<'a> CacheTxn for DbTxn<'a> { Ok(()) } - fn get_hsm_machine_key(&mut self) -> Result, CacheError> { + pub fn get_hsm_machine_key(&mut self) -> Result, CacheError> { let mut stmt = self .conn .prepare("SELECT value FROM hsm_int_t WHERE key = 'mk'") @@ -565,7 +527,7 @@ impl<'a> CacheTxn for DbTxn<'a> { } } - fn insert_hsm_machine_key( + pub fn insert_hsm_machine_key( &mut self, machine_key: &LoadableMachineKey, ) -> Result<(), CacheError> { @@ -589,7 +551,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map_err(|e| self.sqlite_error("execute", &e)) } - fn get_hsm_hmac_key(&mut self) -> Result, CacheError> { + pub fn get_hsm_hmac_key(&mut self) -> Result, CacheError> { let mut stmt = self .conn .prepare("SELECT value FROM hsm_int_t WHERE key = 'hmac'") @@ -610,7 +572,7 @@ impl<'a> CacheTxn for DbTxn<'a> { } } - fn insert_hsm_hmac_key(&mut self, hmac_key: &LoadableHmacKey) -> Result<(), CacheError> { + pub fn insert_hsm_hmac_key(&mut self, hmac_key: &LoadableHmacKey) -> Result<(), CacheError> { let data = serde_json::to_vec(hmac_key).map_err(|e| { error!("insert_hsm_hmac_key json error -> {:?}", e); CacheError::SerdeJson @@ -631,7 +593,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map_err(|e| self.sqlite_error("execute", &e)) } - fn get_account(&mut self, account_id: &Id) -> Result, CacheError> { + pub fn get_account(&mut self, account_id: &Id) -> Result, CacheError> { let data = match account_id { Id::Name(n) => self.get_account_data_name(n.as_str()), Id::Gid(g) => self.get_account_data_gid(*g), @@ -665,7 +627,7 @@ impl<'a> CacheTxn for DbTxn<'a> { } } - fn get_accounts(&mut self) -> Result, CacheError> { + pub fn get_accounts(&mut self) -> Result, CacheError> { let mut stmt = self .conn .prepare("SELECT token FROM account_t") @@ -694,7 +656,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .collect()) } - fn update_account(&mut self, account: &UserToken, expire: u64) -> Result<(), CacheError> { + pub fn update_account(&mut self, account: &UserToken, expire: u64) -> Result<(), CacheError> { let data = serde_json::to_vec(account).map_err(|e| { error!("update_account json error -> {:?}", e); CacheError::SerdeJson @@ -790,7 +752,7 @@ impl<'a> CacheTxn for DbTxn<'a> { }) } - fn delete_account(&mut self, a_uuid: Uuid) -> Result<(), CacheError> { + pub fn delete_account(&mut self, a_uuid: Uuid) -> Result<(), CacheError> { let account_uuid = a_uuid.as_hyphenated().to_string(); self.conn @@ -810,7 +772,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map_err(|e| self.sqlite_error("account_t delete", &e)) } - fn update_account_password( + pub fn update_account_password( &mut self, a_uuid: Uuid, cred: &str, @@ -841,7 +803,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map(|_| ()) } - fn check_account_password( + pub fn check_account_password( &mut self, a_uuid: Uuid, cred: &str, @@ -892,7 +854,7 @@ impl<'a> CacheTxn for DbTxn<'a> { }) } - fn get_group(&mut self, grp_id: &Id) -> Result, CacheError> { + pub fn get_group(&mut self, grp_id: &Id) -> Result, CacheError> { let data = match grp_id { Id::Name(n) => self.get_group_data_name(n.as_str()), Id::Gid(g) => self.get_group_data_gid(*g), @@ -926,7 +888,7 @@ impl<'a> CacheTxn for DbTxn<'a> { } } - fn get_group_members(&mut self, g_uuid: Uuid) -> Result, CacheError> { + pub fn get_group_members(&mut self, g_uuid: Uuid) -> Result, CacheError> { let mut stmt = self .conn .prepare("SELECT account_t.token FROM (account_t, memberof_t) WHERE account_t.uuid = memberof_t.a_uuid AND memberof_t.g_uuid = :g_uuid") @@ -955,7 +917,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .collect() } - fn get_groups(&mut self) -> Result, CacheError> { + pub fn get_groups(&mut self) -> Result, CacheError> { let mut stmt = self .conn .prepare("SELECT token FROM group_t") @@ -984,7 +946,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .collect()) } - fn update_group(&mut self, grp: &GroupToken, expire: u64) -> Result<(), CacheError> { + pub fn update_group(&mut self, grp: &GroupToken, expire: u64) -> Result<(), CacheError> { let data = serde_json::to_vec(grp).map_err(|e| { error!("json error -> {:?}", e); CacheError::SerdeJson @@ -1015,7 +977,7 @@ impl<'a> CacheTxn for DbTxn<'a> { .map_err(|e| self.sqlite_error("execute", &e)) } - fn delete_group(&mut self, g_uuid: Uuid) -> Result<(), CacheError> { + pub fn delete_group(&mut self, g_uuid: Uuid) -> Result<(), CacheError> { let group_uuid = g_uuid.as_hyphenated().to_string(); self.conn .execute( @@ -1053,7 +1015,7 @@ impl<'a> Drop for DbTxn<'a> { #[cfg(test)] mod tests { - use super::{Cache, CacheTxn, Db}; + use super::{Cache, Db}; use crate::idprovider::interface::{GroupToken, Id, UserToken}; use kanidm_hsm_crypto::{AuthValue, Tpm}; diff --git a/unix_integration/src/idprovider/interface.rs b/unix_integration/resolver/src/idprovider/interface.rs similarity index 91% rename from unix_integration/src/idprovider/interface.rs rename to unix_integration/resolver/src/idprovider/interface.rs index 030de4234..d10b601e0 100644 --- a/unix_integration/src/idprovider/interface.rs +++ b/unix_integration/resolver/src/idprovider/interface.rs @@ -1,6 +1,8 @@ use crate::db::KeyStoreTxn; -use crate::unix_proto::{DeviceAuthorizationResponse, PamAuthRequest, PamAuthResponse}; use async_trait::async_trait; +use kanidm_unix_common::unix_proto::{ + DeviceAuthorizationResponse, PamAuthRequest, PamAuthResponse, +}; use serde::{Deserialize, Serialize}; use tokio::sync::broadcast; use uuid::Uuid; @@ -138,9 +140,9 @@ pub enum AuthCacheAction { #[async_trait] pub trait IdProvider { - async fn configure_hsm_keys( + async fn configure_hsm_keys( &self, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, ) -> Result<(), IdpError> { @@ -150,10 +152,10 @@ pub trait IdProvider { /// This is similar to a "domain join" process. What do we actually need to pass here /// for this to work for kanidm or himmelblau? Should we make it take a generic? /* - async fn configure_machine_identity( + async fn configure_machine_identity( &self, - _keystore: &mut D, - _tpm: &mut (dyn tpm::Tpm + Send), + _keystore: &mut KeyStoreTxn, + _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, ) -> Result<(), IdpError> { Ok(()) @@ -170,32 +172,32 @@ pub trait IdProvider { _machine_key: &tpm::MachineKey, ) -> Result; - async fn unix_user_online_auth_init( + async fn unix_user_online_auth_init( &self, _account_id: &str, _token: Option<&UserToken>, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _shutdown_rx: &broadcast::Receiver<()>, ) -> Result<(AuthRequest, AuthCredHandler), IdpError>; - async fn unix_user_online_auth_step( + async fn unix_user_online_auth_step( &self, _account_id: &str, _cred_handler: &mut AuthCredHandler, _pam_next_req: PamAuthRequest, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _shutdown_rx: &broadcast::Receiver<()>, ) -> Result<(AuthResult, AuthCacheAction), IdpError>; - async fn unix_user_offline_auth_init( + async fn unix_user_offline_auth_init( &self, _account_id: &str, _token: Option<&UserToken>, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, ) -> Result<(AuthRequest, AuthCredHandler), IdpError>; // I thought about this part of the interface a lot. we could have the @@ -217,13 +219,13 @@ pub trait IdProvider { // unlock the associated TPM key. While we can't perform a full request // for an auth token, we can verify that the PIN successfully unlocks the // TPM key. - async fn unix_user_offline_auth_step( + async fn unix_user_offline_auth_step( &self, _account_id: &str, _token: &UserToken, _cred_handler: &mut AuthCredHandler, _pam_next_req: PamAuthRequest, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _online_at_init: bool, diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs similarity index 96% rename from unix_integration/src/idprovider/kanidm.rs rename to unix_integration/resolver/src/idprovider/kanidm.rs index 99c9e66a2..31c738b84 100644 --- a/unix_integration/src/idprovider/kanidm.rs +++ b/unix_integration/resolver/src/idprovider/kanidm.rs @@ -19,7 +19,7 @@ use super::interface::{ IdpError, UserToken, }; -use crate::unix_proto::PamAuthRequest; +use kanidm_unix_common::unix_proto::PamAuthRequest; const TAG_IDKEY: &str = "idkey"; @@ -85,9 +85,9 @@ impl From for GroupToken { #[async_trait] impl IdProvider for KanidmProvider { - async fn configure_hsm_keys( + async fn configure_hsm_keys( &self, - keystore: &mut D, + keystore: &mut KeyStoreTxn, tpm: &mut tpm::BoxedDynTpm, machine_key: &tpm::MachineKey, ) -> Result<(), IdpError> { @@ -191,11 +191,11 @@ impl IdProvider for KanidmProvider { } } - async fn unix_user_online_auth_init( + async fn unix_user_online_auth_init( &self, _account_id: &str, _token: Option<&UserToken>, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _shutdown_rx: &broadcast::Receiver<()>, @@ -204,12 +204,12 @@ impl IdProvider for KanidmProvider { Ok((AuthRequest::Password, AuthCredHandler::Password)) } - async fn unix_user_online_auth_step( + async fn unix_user_online_auth_step( &self, account_id: &str, cred_handler: &mut AuthCredHandler, pam_next_req: PamAuthRequest, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _shutdown_rx: &broadcast::Receiver<()>, @@ -293,23 +293,23 @@ impl IdProvider for KanidmProvider { } } - async fn unix_user_offline_auth_init( + async fn unix_user_offline_auth_init( &self, _account_id: &str, _token: Option<&UserToken>, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, ) -> Result<(AuthRequest, AuthCredHandler), IdpError> { // Not sure that I need to do much here? Ok((AuthRequest::Password, AuthCredHandler::Password)) } - async fn unix_user_offline_auth_step( + async fn unix_user_offline_auth_step( &self, _account_id: &str, _token: &UserToken, _cred_handler: &mut AuthCredHandler, _pam_next_req: PamAuthRequest, - _keystore: &mut D, + _keystore: &mut KeyStoreTxn, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, _online_at_init: bool, diff --git a/unix_integration/src/idprovider/mod.rs b/unix_integration/resolver/src/idprovider/mod.rs similarity index 100% rename from unix_integration/src/idprovider/mod.rs rename to unix_integration/resolver/src/idprovider/mod.rs diff --git a/unix_integration/src/lib.rs b/unix_integration/resolver/src/lib.rs similarity index 71% rename from unix_integration/src/lib.rs rename to unix_integration/resolver/src/lib.rs index 57639e324..96b49d026 100644 --- a/unix_integration/src/lib.rs +++ b/unix_integration/resolver/src/lib.rs @@ -17,25 +17,13 @@ extern crate tracing; #[macro_use] extern crate rusqlite; -#[cfg(target_family = "unix")] -pub mod client; -#[cfg(target_family = "unix")] -pub mod client_sync; -#[cfg(target_family = "unix")] -pub mod constants; #[cfg(target_family = "unix")] pub mod db; #[cfg(target_family = "unix")] pub mod idprovider; #[cfg(target_family = "unix")] -pub mod pam_data; -#[cfg(target_family = "unix")] pub mod resolver; #[cfg(all(target_family = "unix", feature = "selinux"))] pub mod selinux_util; #[cfg(target_family = "unix")] pub mod unix_config; -#[cfg(target_family = "unix")] -pub mod unix_passwd; -#[cfg(target_family = "unix")] -pub mod unix_proto; diff --git a/unix_integration/src/opt/ssh_authorizedkeys.rs b/unix_integration/resolver/src/opt/ssh_authorizedkeys.rs similarity index 100% rename from unix_integration/src/opt/ssh_authorizedkeys.rs rename to unix_integration/resolver/src/opt/ssh_authorizedkeys.rs diff --git a/unix_integration/src/opt/tool.rs b/unix_integration/resolver/src/opt/tool.rs similarity index 100% rename from unix_integration/src/opt/tool.rs rename to unix_integration/resolver/src/opt/tool.rs diff --git a/unix_integration/src/resolver.rs b/unix_integration/resolver/src/resolver.rs similarity index 98% rename from unix_integration/src/resolver.rs rename to unix_integration/resolver/src/resolver.rs index ce2923633..1e312a4bb 100644 --- a/unix_integration/src/resolver.rs +++ b/unix_integration/resolver/src/resolver.rs @@ -12,7 +12,7 @@ use lru::LruCache; use tokio::sync::Mutex; use uuid::Uuid; -use crate::db::{Cache, CacheTxn, Db}; +use crate::db::{Cache, Db}; use crate::idprovider::interface::{ AuthCacheAction, AuthCredHandler, @@ -25,7 +25,9 @@ use crate::idprovider::interface::{ UserToken, }; use crate::unix_config::{HomeAttr, UidAttr}; -use crate::unix_proto::{HomeDirectoryInfo, NssGroup, NssUser, PamAuthRequest, PamAuthResponse}; +use kanidm_unix_common::unix_proto::{ + HomeDirectoryInfo, NssGroup, NssUser, PamAuthRequest, PamAuthResponse, +}; use kanidm_hsm_crypto::{BoxedDynTpm, HmacKey, MachineKey, Tpm}; @@ -58,16 +60,18 @@ pub enum AuthSession { Denied, } -pub struct Resolver -where - I: IdProvider + Sync, -{ +pub struct Resolver { // Generic / modular types. db: Db, hsm: Mutex, machine_key: MachineKey, hmac_key: HmacKey, - client: I, + + // A local passwd/shadow resolver. + + // A set of remote resolvers + client: Box, + // Types to update still. state: Mutex, pam_allow_groups: BTreeSet, @@ -92,14 +96,11 @@ impl Display for Id { } } -impl Resolver -where - I: IdProvider + Sync, -{ +impl Resolver { #[allow(clippy::too_many_arguments)] pub async fn new( db: Db, - client: I, + client: Box, hsm: BoxedDynTpm, machine_key: MachineKey, // cache timeout @@ -148,14 +149,11 @@ where })?; // Ask the client what keys it wants the HSM to configure. - // make a key store - // let mut ks = KeyStore::new(&mut dbtxn); let result = client - .configure_hsm_keys(&mut dbtxn, hsm_lock.deref_mut(), &machine_key) + .configure_hsm_keys(&mut (&mut dbtxn).into(), hsm_lock.deref_mut(), &machine_key) .await; - // drop(ks); drop(hsm_lock); result.map_err(|err| { @@ -900,7 +898,7 @@ where .unix_user_online_auth_init( account_id, token.as_ref(), - &mut dbtxn, + &mut (&mut dbtxn).into(), hsm_lock.deref_mut(), &self.machine_key, &shutdown_rx, @@ -911,7 +909,7 @@ where // Can the auth proceed offline? self.client - .unix_user_offline_auth_init(account_id, token.as_ref(), &mut dbtxn) + .unix_user_offline_auth_init(account_id, token.as_ref(), &mut (&mut dbtxn).into()) .await }; @@ -972,7 +970,7 @@ where account_id, cred_handler, pam_next_req, - &mut dbtxn, + &mut (&mut dbtxn).into(), hsm_lock.deref_mut(), &self.machine_key, shutdown_rx, @@ -1077,7 +1075,7 @@ where token, cred_handler, pam_next_req, - &mut dbtxn, + &mut (&mut dbtxn).into(), hsm_lock.deref_mut(), &self.machine_key, online_at_init, diff --git a/unix_integration/src/selinux_util.rs b/unix_integration/resolver/src/selinux_util.rs similarity index 100% rename from unix_integration/src/selinux_util.rs rename to unix_integration/resolver/src/selinux_util.rs diff --git a/unix_integration/src/unix_config.rs b/unix_integration/resolver/src/unix_config.rs similarity index 92% rename from unix_integration/src/unix_config.rs rename to unix_integration/resolver/src/unix_config.rs index f6b156818..9e723e483 100644 --- a/unix_integration/src/unix_config.rs +++ b/unix_integration/resolver/src/unix_config.rs @@ -6,11 +6,13 @@ use std::path::Path; #[cfg(all(target_family = "unix", feature = "selinux"))] use crate::selinux_util; -use crate::unix_passwd::UnixIntegrationError; +use kanidm_unix_common::unix_passwd::UnixIntegrationError; + +pub(crate) use kanidm_unix_common::unix_config::{HomeAttr, UidAttr}; use serde::Deserialize; -use crate::constants::*; +use kanidm_unix_common::constants::*; #[derive(Debug, Deserialize)] struct ConfigInt { @@ -37,46 +39,6 @@ struct ConfigInt { tpm_tcti_name: Option, } -#[derive(Debug, Copy, Clone)] -pub enum HomeAttr { - Uuid, - Spn, - Name, -} - -impl Display for HomeAttr { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!( - f, - "{}", - match self { - HomeAttr::Uuid => "UUID", - HomeAttr::Spn => "SPN", - HomeAttr::Name => "Name", - } - ) - } -} - -#[derive(Debug, Copy, Clone)] -pub enum UidAttr { - Name, - Spn, -} - -impl Display for UidAttr { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!( - f, - "{}", - match self { - UidAttr::Name => "Name", - UidAttr::Spn => "SPN", - } - ) - } -} - #[derive(Debug, Clone, Default)] pub enum HsmType { #[cfg_attr(not(feature = "tpm"), default)] diff --git a/unix_integration/tests/cache_layer_test.rs b/unix_integration/resolver/tests/cache_layer_test.rs similarity index 98% rename from unix_integration/tests/cache_layer_test.rs rename to unix_integration/resolver/tests/cache_layer_test.rs index 7496ddde8..86d4ef657 100644 --- a/unix_integration/tests/cache_layer_test.rs +++ b/unix_integration/resolver/tests/cache_layer_test.rs @@ -10,10 +10,10 @@ use kanidm_unix_common::constants::{ DEFAULT_GID_ATTR_MAP, DEFAULT_HOME_ALIAS, DEFAULT_HOME_ATTR, DEFAULT_HOME_PREFIX, DEFAULT_SHELL, DEFAULT_UID_ATTR_MAP, }; -use kanidm_unix_common::db::{Cache, CacheTxn, Db}; -use kanidm_unix_common::idprovider::interface::Id; -use kanidm_unix_common::idprovider::kanidm::KanidmProvider; -use kanidm_unix_common::resolver::Resolver; +use kanidm_unix_resolver::db::{Cache, Db}; +use kanidm_unix_resolver::idprovider::interface::Id; +use kanidm_unix_resolver::idprovider::kanidm::KanidmProvider; +use kanidm_unix_resolver::resolver::Resolver; use kanidmd_core::config::{Configuration, IntegrationTestConfig, ServerRole}; use kanidmd_core::create_server_core; use kanidmd_testkit::{is_free_port, PORT_ALLOC}; @@ -40,7 +40,7 @@ where Box::new(move |n| Box::pin(f(n))) } -async fn setup_test(fix_fn: Fixture) -> (Resolver, KanidmClient) { +async fn setup_test(fix_fn: Fixture) -> (Resolver, KanidmClient) { sketching::test_init(); let mut counter = 0; @@ -125,7 +125,7 @@ async fn setup_test(fix_fn: Fixture) -> (Resolver, KanidmClient) let cachelayer = Resolver::new( db, - idprovider, + Box::new(idprovider), hsm, machine_key, 300, diff --git a/unix_integration/src/pam_data.rs b/unix_integration/src/pam_data.rs deleted file mode 100644 index 3ea660502..000000000 --- a/unix_integration/src/pam_data.rs +++ /dev/null @@ -1,7 +0,0 @@ -use serde::{Deserialize, Serialize}; - -/* This is the definition for extra data to be sent along with a pam_prompt - * request. It will be sent back to the idprovider to continue an auth attempt. - */ -#[derive(Serialize, Deserialize, Debug)] -pub struct PamData {}