mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Add unixd exit code (#1453)

Browse source
This commit is contained in:
MinhPhan8803 2023-03-19 22:15:44 -05:00 committed by GitHub
parent adff3fb31a
commit 1ec8b29b26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Cargo.lock generated
View file

@ -99,9 +99,9 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
[[package]]
name = "anyhow"
version = "1.0.68"
version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61"
checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800"
[[package]]
name = "anymap2"
@ -4709,8 +4709,8 @@ dependencies = [
[[package]]
name = "tracing-forest"
version = "0.1.4"
source = "git+https://github.com/QnnOkabayashi/tracing-forest.git?rev=48d78f7294ceee47a22eee5c80964143c4fb3fe1#48d78f7294ceee47a22eee5c80964143c4fb3fe1"
version = "0.1.5"
source = "git+https://github.com/QnnOkabayashi/tracing-forest.git?rev=77daf8c8abf010b87d45ece2bf656983c6f8cecb#77daf8c8abf010b87d45ece2bf656983c6f8cecb"
dependencies = [
"smallvec",
"thiserror",

2
Cargo.toml
View file

@ -150,7 +150,7 @@ tracing = { version = "^0.1.37" }
tracing-subscriber = { version = "^0.3.16", features = ["env-filter"] }
# tracing-forest = { path = "/Users/william/development/tracing-forest/tracing-forest" }
tracing-forest = { git = "https://github.com/QnnOkabayashi/tracing-forest.git", rev = "48d78f7294ceee47a22eee5c80964143c4fb3fe1" }
tracing-forest = { git = "https://github.com/QnnOkabayashi/tracing-forest.git", rev = "77daf8c8abf010b87d45ece2bf656983c6f8cecb" }
url = "^2.3.1"
urlencoding = "2.1.2"

44
unix_integration/src/daemon.rs
View file

@ -16,6 +16,7 @@ use std::io;
use std::io::{Error as IoError, ErrorKind};
use std::os::unix::fs::MetadataExt;
use std::path::{Path, PathBuf};
use std::process::ExitCode;
use std::sync::Arc;
use std::time::Duration;
@ -364,7 +365,7 @@ async fn handle_client(
}
#[tokio::main(flavor = "current_thread")]
async fn main() {
async fn main() -> ExitCode {
let cuid = get_current_uid();
let ceuid = get_effective_uid();
let cgid = get_current_gid();
@ -436,7 +437,7 @@ async fn main() {
// TODO: this wording is not great m'kay.
} else if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
error!("Refusing to run - this process must not operate as root.");
return
return ExitCode::FAILURE
};
debug!("Profile -> {}", env!("KANIDM_PROFILE_NAME"));
@ -444,7 +445,7 @@ async fn main() {
let Some(cfg_path_str) = clap_args.get_one::<String>("client-config") else {
error!("Failed to pull the client config path");
return
return ExitCode::FAILURE
};
let cfg_path: PathBuf = PathBuf::from(cfg_path_str);
@ -454,13 +455,13 @@ async fn main() {
"Client config missing from {} - cannot start up. Quitting.",
cfg_path_str
);
return
return ExitCode::FAILURE
} else {
let cfg_meta = match metadata(&cfg_path) {
Ok(v) => v,
Err(e) => {
error!("Unable to read metadata for {} - {:?}", cfg_path_str, e);
return
return ExitCode::FAILURE
}
};
if !kanidm_lib_file_permissions::readonly(&cfg_meta) {
@ -478,7 +479,7 @@ async fn main() {
let Some(unixd_path_str) = clap_args.get_one::<String>("unixd-config") else {
error!("Failed to pull the unixd config path");
return
return ExitCode::FAILURE
};
let unixd_path = PathBuf::from(unixd_path_str);
@ -488,13 +489,13 @@ async fn main() {
"unixd config missing from {} - cannot start up. Quitting.",
unixd_path_str
);
return
return ExitCode::FAILURE
} else {
let unixd_meta = match metadata(&unixd_path) {
Ok(v) => v,
Err(e) => {
error!("Unable to read metadata for {} - {:?}", unixd_path_str, e);
return
return ExitCode::FAILURE
}
};
if !kanidm_lib_file_permissions::readonly(&unixd_meta) {
@ -514,7 +515,7 @@ async fn main() {
Ok(v) => v,
Err(_) => {
error!("Failed to parse {}", cfg_path_str);
return
return ExitCode::FAILURE
}
};
@ -522,7 +523,7 @@ async fn main() {
Ok(v) => v,
Err(_) => {
error!("Failed to parse {}", unixd_path_str);
return
return ExitCode::FAILURE
}
};
@ -534,7 +535,7 @@ async fn main() {
eprintln!("###################################");
eprintln!("Client config (from {:#?})", &cfg_path);
eprintln!("{}", cb);
return;
return ExitCode::SUCCESS;
}
debug!("🧹 Cleaning up sockets from previous invocations");
@ -555,7 +556,7 @@ async fn main() {
.to_str()
.unwrap_or("<db_parent_path invalid>")
);
return
return ExitCode::FAILURE
}
let db_par_path_buf = db_parent_path.to_path_buf();
@ -570,7 +571,7 @@ async fn main() {
.unwrap_or("<db_par_path_buf invalid>"),
e
);
return
return ExitCode::FAILURE
}
};
@ -581,7 +582,7 @@ async fn main() {
.to_str()
.unwrap_or("<db_par_path_buf invalid>")
);
return
return ExitCode::FAILURE
}
if !kanidm_lib_file_permissions::readonly(&i_meta) {
warn!("WARNING: DB folder permissions on {} indicate it may not be RW. This could cause the server start up to fail!", db_par_path_buf.to_str()
@ -603,7 +604,7 @@ async fn main() {
"Refusing to run - DB path {} already exists and is not a file.",
db_path.to_str().unwrap_or("<db_path invalid>")
);
return
return ExitCode::FAILURE
};
match metadata(&db_path) {
@ -614,7 +615,7 @@ async fn main() {
db_path.to_str().unwrap_or("<db_path invalid>"),
e
);
return
return ExitCode::FAILURE
}
};
// TODO: permissions dance to enumerate the user's ability to write to the file? ref #456 - r2d2 will happily keep trying to do things without bailing.
@ -627,7 +628,7 @@ async fn main() {
Ok(rsc) => rsc,
Err(_e) => {
error!("Failed to build async client");
return
return ExitCode::FAILURE
}
};
@ -649,7 +650,7 @@ async fn main() {
Ok(c) => c,
Err(_e) => {
error!("Failed to build cache layer.");
return
return ExitCode::FAILURE
}
};
@ -661,7 +662,7 @@ async fn main() {
Ok(l) => l,
Err(_e) => {
error!("Failed to bind UNIX socket at {}", cfg.sock_path.as_str());
return
return ExitCode::FAILURE
}
};
// Setup the root-only socket. Take away all others.
@ -670,7 +671,7 @@ async fn main() {
Ok(l) => l,
Err(_e) => {
error!("Failed to bind UNIX socket {}", cfg.sock_path.as_str());
return
return ExitCode::FAILURE
}
};
@ -743,7 +744,8 @@ async fn main() {
info!("Server started ...");
server.await;
ExitCode::SUCCESS
})
.await;
.await
// TODO: can we catch signals to clean up sockets etc, especially handy when running as root
}