mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

20250102 freebsd client (#3333)

Browse source 
Support freebsd as a unix client
This commit is contained in:
Firstyear 2025-01-04 09:22:44 +10:00 committed by GitHub
parent 5eb9a4430f
commit 226274da23
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
22 changed files with 2182 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Cargo.lock generated
View file

@ -725,9 +725,9 @@ checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
[[package]] [[package]]
name = "cc" name = "cc"
version = "1.2.5" version = "1.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e" checksum = "8d6dbb628b8f8555f86d0323c2eb39e3ec81901f4b83e091db8a6a76d316a333"
dependencies = [ dependencies = [
"shlex", "shlex",
] ]
@ -3789,6 +3789,7 @@ dependencies = [
name = "nss_kanidm" name = "nss_kanidm"
version = "1.5.0-dev" version = "1.5.0-dev"
dependencies = [ dependencies = [
"cc",
"kanidm_unix_common", "kanidm_unix_common",
"lazy_static", "lazy_static",
"libc", "libc",

9
libs/profiles/container_generic.toml
View file

@ -1,6 +1,7 @@
htmx_ui_pkg_path = "/hpkg"
# Don't set the cpu_flags to autodetect for this platform # Don't set the cpu_flags to autodetect for this platform
# cpu_flags = "none" # cpu_flags = "none"
admin_bind_path = "/data/kanidmd.sock" server_admin_bind_path = "/data/kanidmd.sock"
default_config_path = "/data/server.toml" server_ui_pkg_path = "/hpkg"
default_unix_shell_path = "/bin/false" server_config_path = "/data/server.toml"
resolver_config_path = "/data/unixd"
resolver_unix_shell_path = "/bin/false"

9
libs/profiles/developer.toml
View file

@ -1,6 +1,7 @@
htmx_ui_pkg_path = "../core/static"
# Set to native for developer machines. # Set to native for developer machines.
cpu_flags = "native" cpu_flags = "native"
admin_bind_path = "/tmp/kanidmd.sock" server_admin_bind_path = "/tmp/kanidmd.sock"
default_config_path = "../../examples/insecure_server.toml" server_ui_pkg_path = "../core/static"
default_unix_shell_path = "/bin/bash" server_config_path = "../../examples/insecure_server.toml"
resolver_config_path = "/tmp/unixd"
resolver_unix_shell_path = "/bin/bash"

7
libs/profiles/release_freebsd.toml Normal file
View file

@ -0,0 +1,7 @@
# Don't set the value for autodetect
# cpu_flags = "none"
server_admin_bind_path = "/var/run/kanidmd/sock"
server_ui_pkg_path = "/usr/local/share/kanidm/ui/hpkg"
server_config_path = "/usr/local/etc/kanidm/server.toml"
resolver_config_path = "/usr/local/etc/kanidm/unixd"
resolver_unix_shell_path = "/bin/sh"

9
libs/profiles/release_linux.toml
View file

@ -1,6 +1,7 @@
htmx_ui_pkg_path = "/usr/share/kanidm/ui/hpkg"
# Don't set the value for autodetect # Don't set the value for autodetect
# cpu_flags = "none" # cpu_flags = "none"
admin_bind_path = "/var/run/kanidmd/sock" server_admin_bind_path = "/var/run/kanidmd/sock"
default_config_path = "/etc/kanidm/server.toml" server_ui_pkg_path = "/usr/share/kanidm/ui/hpkg"
default_unix_shell_path = "/bin/bash" server_config_path = "/etc/kanidm/server.toml"
resolver_config_path = "/etc/kanidm/unixd"
resolver_unix_shell_path = "/bin/bash"

29
libs/profiles/src/lib.rs
View file

@ -54,12 +54,13 @@ impl std::fmt::Display for CpuOptLevel {
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
struct ProfileConfig { struct ProfileConfig {
htmx_ui_pkg_path: String,
#[serde(default)] #[serde(default)]
cpu_flags: CpuOptLevel, cpu_flags: CpuOptLevel,
admin_bind_path: String, server_admin_bind_path: String,
default_config_path: String, server_config_path: String,
default_unix_shell_path: String, server_ui_pkg_path: String,
resolver_config_path: String,
resolver_unix_shell_path: String,
} }
pub fn apply_profile() { pub fn apply_profile() {
@ -127,19 +128,23 @@ pub fn apply_profile() {
println!("cargo:rustc-env=KANIDM_PROFILE_NAME={}", profile); println!("cargo:rustc-env=KANIDM_PROFILE_NAME={}", profile);
println!("cargo:rustc-env=KANIDM_CPU_FLAGS={}", profile_cfg.cpu_flags); println!("cargo:rustc-env=KANIDM_CPU_FLAGS={}", profile_cfg.cpu_flags);
println!( println!(
"cargo:rustc-env=KANIDM_HTMX_UI_PKG_PATH={}", "cargo:rustc-env=KANIDM_SERVER_UI_PKG_PATH={}",
profile_cfg.htmx_ui_pkg_path profile_cfg.server_ui_pkg_path
); );
println!( println!(
"cargo:rustc-env=KANIDM_ADMIN_BIND_PATH={}", "cargo:rustc-env=KANIDM_SERVER_ADMIN_BIND_PATH={}",
profile_cfg.admin_bind_path profile_cfg.server_admin_bind_path
); );
println!( println!(
"cargo:rustc-env=KANIDM_DEFAULT_CONFIG_PATH={}", "cargo:rustc-env=KANIDM_SERVER_CONFIG_PATH={}",
profile_cfg.default_config_path profile_cfg.server_config_path
); );
println!( println!(
"cargo:rustc-env=KANIDM_DEFAULT_UNIX_SHELL_PATH={}", "cargo:rustc-env=KANIDM_RESOLVER_CONFIG_PATH={}",
profile_cfg.default_unix_shell_path profile_cfg.resolver_config_path
);
println!(
"cargo:rustc-env=KANIDM_RESOLVER_UNIX_SHELL_PATH={}",
profile_cfg.resolver_unix_shell_path
); );
} }

4
platform/freebsd/README.md Normal file
View file

@ -0,0 +1,4 @@
These are the FreeBSD port Makefiles and other supporting files. In the future we will submit
these to FreeBSD ports rather than maintaining them here.

49
platform/freebsd/client/Makefile Normal file
View file

@ -0,0 +1,49 @@
PORTNAME= kanidm
# DISTVERSION= 1.5.0-dev
# DISTVERSIONPREFIX= v
DISTVERSION= g20250102
GH_TAGNAME= edb8cccc84e9dacd2ac31ea1162dd24c0c454c55
GH_ACCOUNT= Firstyear
CATEGORIES= security net databases
LICENSE= MPL20
LICENSE_FILE= ${WRKSRC}/LICENSE.md
MAINTAINER= william@blackhats.net.au
COMMENT= Simple and secure identity management platform
WWW= https://github.com/kanidm/kanidm/
USES= cargo ssl
USE_GITHUB= yes
ONLY_FOR_ARCHS= aarch64 amd64
CARGO_ENV= KANIDM_BUILD_PROFILE=release_freebsd
CARGO_BUILD_ARGS = -p kanidm_tools -p kanidm_unix_int -p nss_kanidm -p pam_kanidm
CARGO_INSTALL= no
USE_RC_SUBR= kanidm_unixd kanidm_unixd_tasks
USERS= _kanidm_unixd
GROUPS= _kanidm_unixd
do-install:
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm-unix ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_ssh_authorizedkeys ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_ssh_authorizedkeys_direct ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_unixd ${STAGEDIR}${PREFIX}/libexec
${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_unixd_tasks ${STAGEDIR}${PREFIX}/libexec
${INSTALL_LIB} ${WRKDIR}/target/release/libnss_kanidm.so ${STAGEDIR}${PREFIX}/lib/nss_kanidm.so.1
${INSTALL_LIB} ${WRKDIR}/target/release/libpam_kanidm.so ${STAGEDIR}${PREFIX}/lib
${MKDIR} ${STAGEDIR}${PREFIX}/etc
${MKDIR} ${STAGEDIR}${PREFIX}/etc/kanidm
${MKDIR} ${STAGEDIR}/var/run/kanidm-unixd
${MKDIR} ${STAGEDIR}/var/lib/kanidm-unixd
${MKDIR} ${STAGEDIR}/var/cache/kanidm-unixd
.include <bsd.port.mk>

624
platform/freebsd/client/Makefile.crates Normal file
View file

@ -0,0 +1,624 @@
CARGO_CRATES= addr2line-0.24.2 \
adler2-2.0.0 \
ahash-0.8.11 \
aho-corasick-1.1.3 \
allocator-api2-0.2.21 \
android-tzdata-0.1.1 \
android_system_properties-0.1.5 \
anstream-0.6.18 \
anstyle-1.0.10 \
anstyle-parse-0.2.6 \
anstyle-query-1.1.2 \
anstyle-wincon-3.0.6 \
anyhow-1.0.95 \
arc-swap-1.7.1 \
argon2-0.5.3 \
askama-0.12.1 \
askama_axum-0.4.0 \
askama_derive-0.12.5 \
askama_escape-0.10.3 \
askama_parser-0.2.1 \
asn1-rs-0.6.2 \
asn1-rs-derive-0.5.1 \
asn1-rs-impl-0.2.0 \
assert_cmd-2.0.16 \
async-compression-0.4.18 \
async-stream-0.3.6 \
async-stream-impl-0.3.6 \
async-trait-0.1.83 \
atomic-waker-1.1.2 \
authenticator-0.4.1 \
autocfg-1.4.0 \
axum-0.6.20 \
axum-0.7.9 \
axum-core-0.3.4 \
axum-core-0.4.5 \
axum-extra-0.9.6 \
axum-htmx-0.5.0 \
axum-macros-0.4.2 \
axum-server-0.7.1 \
backtrace-0.3.74 \
base32-0.5.1 \
base64-0.13.1 \
base64-0.21.7 \
base64-0.22.1 \
base64ct-1.6.0 \
base64urlsafedata-0.5.1 \
basic-toml-0.1.9 \
bindgen-0.66.1 \
bindgen-0.70.1 \
bit-set-0.5.3 \
bit-set-0.8.0 \
bit-vec-0.6.3 \
bit-vec-0.8.0 \
bitfield-0.13.2 \
bitflags-1.3.2 \
bitflags-2.6.0 \
blake2-0.10.6 \
block-buffer-0.10.4 \
borrow-or-share-0.2.2 \
bstr-1.11.1 \
bumpalo-3.16.0 \
bytecount-0.6.8 \
bytemuck-1.21.0 \
byteorder-1.5.0 \
bytes-1.9.0 \
cc-1.2.5 \
cexpr-0.6.0 \
cfg-if-1.0.0 \
cfg_aliases-0.2.1 \
checked_int_cast-1.0.0 \
chrono-0.4.39 \
clang-sys-1.8.1 \
clap-4.5.23 \
clap_builder-4.5.23 \
clap_complete-4.5.40 \
clap_derive-4.5.18 \
clap_lex-0.7.4 \
clru-0.6.2 \
color_quant-1.1.0 \
colorchoice-1.0.3 \
compact_jwt-0.4.3 \
concread-0.5.3 \
console-0.15.10 \
const-oid-0.9.6 \
cookie-0.16.2 \
cookie-0.18.1 \
cookie_store-0.21.1 \
core-foundation-0.9.4 \
core-foundation-0.10.0 \
core-foundation-sys-0.8.7 \
cpufeatures-0.2.16 \
crc32fast-1.4.2 \
cron-0.12.1 \
crossbeam-0.8.4 \
crossbeam-channel-0.5.14 \
crossbeam-deque-0.8.6 \
crossbeam-epoch-0.9.18 \
crossbeam-queue-0.3.12 \
crossbeam-utils-0.8.21 \
crypto-common-0.1.6 \
csv-1.3.1 \
csv-core-0.1.11 \
darling-0.14.4 \
darling-0.20.10 \
darling_core-0.14.4 \
darling_core-0.20.10 \
darling_macro-0.14.4 \
darling_macro-0.20.10 \
data-encoding-2.6.0 \
der-0.7.9 \
der-parser-9.0.0 \
der_derive-0.7.3 \
deranged-0.3.11 \
derive_builder-0.12.0 \
derive_builder_core-0.12.0 \
derive_builder_macro-0.12.0 \
devd-rs-0.3.6 \
dhat-0.3.3 \
dialoguer-0.10.4 \
difflib-0.4.0 \
digest-0.10.7 \
dirs-4.0.0 \
dirs-sys-0.3.7 \
displaydoc-0.2.5 \
doc-comment-0.3.3 \
document-features-0.2.10 \
dunce-1.0.5 \
dyn-clone-1.0.17 \
either-1.13.0 \
email_address-0.2.9 \
encode_unicode-1.0.0 \
encoding_rs-0.8.35 \
enum-iterator-2.1.0 \
enum-iterator-derive-1.4.0 \
enumflags2-0.7.10 \
enumflags2_derive-0.7.10 \
equivalent-1.0.1 \
errno-0.3.10 \
escargot-0.5.13 \
fallible-iterator-0.2.0 \
fallible-streaming-iterator-0.1.9 \
fancy-regex-0.11.0 \
fancy-regex-0.14.0 \
fantoccini-0.21.3 \
faster-hex-0.9.0 \
fastrand-2.3.0 \
fernet-0.2.2 \
file-id-0.1.0 \
filetime-0.2.25 \
fixedbitset-0.4.2 \
flagset-0.4.6 \
flate2-1.0.35 \
fluent-uri-0.3.2 \
fnv-1.0.7 \
foldhash-0.1.4 \
foreign-types-0.3.2 \
foreign-types-shared-0.1.1 \
form_urlencoded-1.2.1 \
fraction-0.15.3 \
fs4-0.8.4 \
fsevent-sys-4.1.0 \
futures-0.3.31 \
futures-channel-0.3.31 \
futures-core-0.3.31 \
futures-executor-0.3.31 \
futures-io-0.3.31 \
futures-macro-0.3.31 \
futures-sink-0.3.31 \
futures-task-0.3.31 \
futures-util-0.3.31 \
generic-array-0.14.7 \
gethostname-0.5.0 \
getrandom-0.2.15 \
gif-0.13.1 \
gimli-0.31.1 \
gix-0.64.0 \
gix-actor-0.31.5 \
gix-chunk-0.4.10 \
gix-commitgraph-0.24.3 \
gix-config-0.38.0 \
gix-config-value-0.14.10 \
gix-date-0.8.7 \
gix-diff-0.44.1 \
gix-discover-0.33.0 \
gix-features-0.38.2 \
gix-fs-0.11.3 \
gix-glob-0.16.5 \
gix-hash-0.14.2 \
gix-hashtable-0.5.2 \
gix-lock-14.0.0 \
gix-macros-0.1.5 \
gix-object-0.42.3 \
gix-odb-0.61.1 \
gix-pack-0.51.1 \
gix-path-0.10.13 \
gix-quote-0.4.14 \
gix-ref-0.45.0 \
gix-refspec-0.23.1 \
gix-revision-0.27.2 \
gix-revwalk-0.13.2 \
gix-sec-0.10.10 \
gix-tempfile-14.0.2 \
gix-trace-0.1.11 \
gix-traverse-0.39.2 \
gix-url-0.27.5 \
gix-utils-0.1.13 \
gix-validate-0.8.5 \
glob-0.3.1 \
h2-0.3.26 \
h2-0.4.7 \
half-1.8.3 \
hashbrown-0.12.3 \
hashbrown-0.14.5 \
hashbrown-0.15.2 \
hashlink-0.8.4 \
heck-0.5.0 \
hex-0.4.3 \
home-0.5.11 \
hostname-validator-1.1.1 \
http-0.2.12 \
http-1.2.0 \
http-body-0.4.6 \
http-body-1.0.1 \
http-body-util-0.1.2 \
http-range-header-0.4.2 \
httparse-1.9.5 \
httpdate-1.0.3 \
humansize-2.1.3 \
hyper-0.14.32 \
hyper-1.5.2 \
hyper-rustls-0.24.2 \
hyper-rustls-0.27.5 \
hyper-timeout-0.4.1 \
hyper-tls-0.6.0 \
hyper-util-0.1.10 \
iana-time-zone-0.1.61 \
iana-time-zone-haiku-0.1.2 \
icu_collections-1.5.0 \
icu_locid-1.5.0 \
icu_locid_transform-1.5.0 \
icu_locid_transform_data-1.5.0 \
icu_normalizer-1.5.0 \
icu_normalizer_data-1.5.0 \
icu_properties-1.5.1 \
icu_properties_data-1.5.0 \
icu_provider-1.5.0 \
icu_provider_macros-1.5.0 \
ident_case-1.0.1 \
idlset-0.2.5 \
idna-1.0.3 \
idna_adapter-1.2.0 \
image-0.23.14 \
image-0.24.9 \
indexmap-1.9.3 \
indexmap-2.7.0 \
inotify-0.9.6 \
inotify-sys-0.1.5 \
ipnet-2.10.1 \
is_terminal_polyfill-1.70.1 \
itertools-0.10.5 \
itertools-0.13.0 \
itoa-1.0.14 \
jpeg-decoder-0.3.1 \
js-sys-0.3.76 \
jsonschema-0.28.0 \
kanidm-hsm-crypto-0.2.0 \
kqueue-1.0.8 \
kqueue-sys-1.0.4 \
lazy_static-1.5.0 \
lazycell-1.3.0 \
lber-0.4.2 \
ldap3_client-0.5.2 \
ldap3_proto-0.5.2 \
libc-0.2.169 \
libloading-0.8.6 \
libm-0.2.11 \
libmimalloc-sys-0.1.39 \
libnss-0.8.0 \
libredox-0.1.3 \
libsqlite3-sys-0.25.2 \
libudev-0.2.0 \
libudev-sys-0.1.4 \
linux-raw-sys-0.4.14 \
litemap-0.7.4 \
litrs-0.4.1 \
lock_api-0.4.12 \
lodepng-3.10.7 \
log-0.4.22 \
lru-0.12.5 \
malloced-1.3.1 \
matchers-0.1.0 \
matchit-0.7.3 \
mathru-0.13.0 \
memchr-2.7.4 \
memmap2-0.9.5 \
memoffset-0.8.0 \
mimalloc-0.1.43 \
mime-0.3.17 \
mime_guess-2.0.5 \
minimal-lexical-0.2.1 \
miniz_oxide-0.8.2 \
mintex-0.1.3 \
mio-0.8.11 \
mio-1.0.3 \
multer-3.1.0 \
native-tls-0.2.12 \
nix-0.29.0 \
nom-7.1.3 \
nonempty-0.8.1 \
notify-6.1.1 \
notify-debouncer-full-0.1.0 \
nu-ansi-term-0.46.0 \
num-0.4.3 \
num-bigint-0.4.6 \
num-cmp-0.1.0 \
num-complex-0.4.6 \
num-conv-0.1.0 \
num-derive-0.3.3 \
num-integer-0.1.46 \
num-iter-0.1.45 \
num-rational-0.3.2 \
num-rational-0.4.2 \
num-traits-0.2.19 \
num_enum-0.5.11 \
num_enum_derive-0.5.11 \
num_threads-0.1.7 \
oauth2-4.4.2 \
object-0.36.5 \
oid-0.2.1 \
oid-registry-0.7.1 \
once_cell-1.20.2 \
openssl-0.10.68 \
openssl-macros-0.1.1 \
openssl-probe-0.1.5 \
openssl-sys-0.9.104 \
opentelemetry-0.20.0 \
opentelemetry-http-0.9.0 \
opentelemetry-otlp-0.13.0 \
opentelemetry-proto-0.3.0 \
opentelemetry-semantic-conventions-0.12.0 \
opentelemetry_api-0.20.0 \
opentelemetry_sdk-0.20.0 \
ordered-float-3.9.2 \
outref-0.5.1 \
overload-0.1.1 \
parking_lot-0.12.3 \
parking_lot_core-0.9.10 \
password-hash-0.5.0 \
paste-1.0.15 \
peeking_take_while-0.1.2 \
peg-0.8.4 \
peg-macros-0.8.4 \
peg-runtime-0.8.3 \
pem-rfc7468-0.7.0 \
percent-encoding-2.3.1 \
petgraph-0.6.5 \
picky-asn1-0.8.0 \
picky-asn1-der-0.4.1 \
picky-asn1-x509-0.12.0 \
pin-project-1.1.7 \
pin-project-internal-1.1.7 \
pin-project-lite-0.2.15 \
pin-utils-0.1.0 \
pkg-config-0.3.31 \
powerfmt-0.2.0 \
ppv-lite86-0.2.20 \
prctl-1.0.0 \
predicates-3.1.3 \
predicates-core-1.0.9 \
predicates-tree-1.0.12 \
prettyplease-0.2.25 \
proc-macro-crate-1.3.1 \
proc-macro-error-1.0.4 \
proc-macro-error-attr-1.0.4 \
proc-macro2-1.0.92 \
prodash-28.0.0 \
prost-0.11.9 \
prost-derive-0.11.9 \
psl-types-2.0.11 \
publicsuffix-2.3.0 \
qrcode-0.12.0 \
quick-error-2.0.1 \
quinn-0.11.6 \
quinn-proto-0.11.9 \
quinn-udp-0.5.9 \
quote-1.0.38 \
rand-0.8.5 \
rand_chacha-0.3.1 \
rand_core-0.6.4 \
redox_syscall-0.5.8 \
redox_users-0.4.6 \
ref-cast-1.0.23 \
ref-cast-impl-1.0.23 \
reference-counted-singleton-0.1.5 \
referencing-0.28.0 \
regex-1.11.1 \
regex-automata-0.1.10 \
regex-automata-0.4.9 \
regex-syntax-0.6.29 \
regex-syntax-0.8.5 \
reqwest-0.11.27 \
reqwest-0.12.11 \
rgb-0.8.50 \
ring-0.17.8 \
rpassword-5.0.1 \
runloop-0.1.0 \
rusqlite-0.28.0 \
rust-embed-8.5.0 \
rust-embed-impl-8.5.0 \
rust-embed-utils-8.5.0 \
rustc-demangle-0.1.24 \
rustc-hash-1.1.0 \
rustc-hash-2.1.0 \
rusticata-macros-4.1.0 \
rustix-0.38.42 \
rustls-0.21.12 \
rustls-0.23.20 \
rustls-native-certs-0.8.1 \
rustls-pemfile-1.0.4 \
rustls-pemfile-2.2.0 \
rustls-pki-types-1.10.1 \
rustls-webpki-0.101.7 \
rustls-webpki-0.102.8 \
rustversion-1.0.18 \
ryu-1.0.18 \
same-file-1.0.6 \
schannel-0.1.27 \
scopeguard-1.2.0 \
sct-0.7.1 \
sd-notify-0.4.3 \
security-framework-2.11.1 \
security-framework-3.1.0 \
security-framework-sys-2.13.0 \
selinux-0.4.6 \
selinux-sys-0.6.13 \
semver-1.0.24 \
serde-1.0.217 \
serde_bytes-0.11.15 \
serde_cbor-0.11.2 \
serde_cbor_2-0.12.0-dev \
serde_derive-1.0.217 \
serde_json-1.0.134 \
serde_path_to_error-0.1.16 \
serde_urlencoded-0.7.1 \
serde_with-3.12.0 \
serde_with_macros-3.12.0 \
sha-crypt-0.5.0 \
sha1_smol-1.0.1 \
sha2-0.10.8 \
sharded-slab-0.1.7 \
shell-words-1.1.0 \
shellexpand-2.1.2 \
shlex-1.3.0 \
signal-hook-registry-1.4.2 \
slab-0.4.9 \
smallvec-1.13.2 \
smartstring-1.0.1 \
smolset-1.3.1 \
socket2-0.5.8 \
spin-0.9.8 \
spki-0.7.3 \
sptr-0.3.2 \
sshkey-attest-0.5.0 \
sshkeys-0.3.3 \
stable_deref_trait-1.2.0 \
static_assertions-1.1.0 \
strsim-0.10.0 \
strsim-0.11.1 \
subtle-2.6.1 \
svg-0.13.1 \
syn-1.0.109 \
syn-2.0.93 \
sync_wrapper-0.1.2 \
sync_wrapper-1.0.2 \
synstructure-0.13.1 \
system-configuration-0.5.1 \
system-configuration-sys-0.5.0 \
target-lexicon-0.12.16 \
tempfile-3.14.0 \
termtree-0.5.1 \
thiserror-1.0.69 \
thiserror-2.0.8 \
thiserror-impl-1.0.69 \
thiserror-impl-2.0.8 \
thousands-0.2.0 \
thread_local-1.1.8 \
time-0.3.37 \
time-core-0.1.2 \
time-macros-0.2.19 \
tinystr-0.7.6 \
tinyvec-1.8.1 \
tinyvec_macros-0.1.1 \
tls_codec-0.4.1 \
tls_codec_derive-0.4.1 \
tokio-1.42.0 \
tokio-io-timeout-1.2.0 \
tokio-macros-2.4.0 \
tokio-native-tls-0.3.1 \
tokio-openssl-0.6.5 \
tokio-rustls-0.24.1 \
tokio-rustls-0.26.1 \
tokio-stream-0.1.17 \
tokio-util-0.7.13 \
toml-0.5.11 \
toml_datetime-0.6.8 \
toml_edit-0.19.15 \
tonic-0.9.2 \
tower-0.4.13 \
tower-0.5.2 \
tower-http-0.6.2 \
tower-layer-0.3.3 \
tower-service-0.3.3 \
tracing-0.1.41 \
tracing-attributes-0.1.28 \
tracing-core-0.1.33 \
tracing-forest-0.1.6 \
tracing-log-0.1.4 \
tracing-log-0.2.0 \
tracing-opentelemetry-0.21.0 \
tracing-subscriber-0.3.19 \
try-lock-0.2.5 \
tss-esapi-8.0.0-alpha \
tss-esapi-sys-0.5.0 \
typenum-1.17.0 \
unicase-2.8.0 \
unicode-bom-2.0.3 \
unicode-ident-1.0.14 \
unicode-normalization-0.1.24 \
unicode-segmentation-1.12.0 \
unicode-width-0.2.0 \
untrusted-0.9.0 \
url-2.5.4 \
urlencoding-2.1.3 \
utf16_iter-1.0.5 \
utf8_iter-1.0.4 \
utf8parse-0.2.2 \
utoipa-4.2.3 \
utoipa-gen-4.3.1 \
utoipa-swagger-ui-6.0.0 \
uuid-1.11.0 \
uuid-simd-0.8.0 \
valuable-0.1.0 \
vcpkg-0.2.15 \
version_check-0.9.5 \
vsimd-0.8.0 \
wait-timeout-0.2.0 \
walkdir-2.5.0 \
want-0.3.1 \
wasi-0.11.0+wasi-snapshot-preview1 \
wasite-0.1.0 \
wasm-bindgen-0.2.99 \
wasm-bindgen-backend-0.2.99 \
wasm-bindgen-futures-0.4.49 \
wasm-bindgen-macro-0.2.99 \
wasm-bindgen-macro-support-0.2.99 \
wasm-bindgen-shared-0.2.99 \
web-sys-0.3.76 \
web-time-1.1.0 \
webauthn-attestation-ca-0.5.1 \
webauthn-authenticator-rs-0.5.1 \
webauthn-rs-0.5.1 \
webauthn-rs-core-0.5.1 \
webauthn-rs-proto-0.5.1 \
webdriver-0.50.0 \
webpki-roots-0.25.4 \
webpki-roots-0.26.7 \
weezl-0.1.8 \
which-4.4.2 \
whoami-1.5.2 \
winapi-0.3.9 \
winapi-i686-pc-windows-gnu-0.4.0 \
winapi-util-0.1.9 \
winapi-x86_64-pc-windows-gnu-0.4.0 \
windows-0.41.0 \
windows-core-0.52.0 \
windows-registry-0.2.0 \
windows-result-0.2.0 \
windows-strings-0.1.0 \
windows-sys-0.48.0 \
windows-sys-0.52.0 \
windows-sys-0.59.0 \
windows-targets-0.48.5 \
windows-targets-0.52.6 \
windows_aarch64_gnullvm-0.41.0 \
windows_aarch64_gnullvm-0.48.5 \
windows_aarch64_gnullvm-0.52.6 \
windows_aarch64_msvc-0.41.0 \
windows_aarch64_msvc-0.48.5 \
windows_aarch64_msvc-0.52.6 \
windows_i686_gnu-0.41.0 \
windows_i686_gnu-0.48.5 \
windows_i686_gnu-0.52.6 \
windows_i686_gnullvm-0.52.6 \
windows_i686_msvc-0.41.0 \
windows_i686_msvc-0.48.5 \
windows_i686_msvc-0.52.6 \
windows_x86_64_gnu-0.41.0 \
windows_x86_64_gnu-0.48.5 \
windows_x86_64_gnu-0.52.6 \
windows_x86_64_gnullvm-0.41.0 \
windows_x86_64_gnullvm-0.48.5 \
windows_x86_64_gnullvm-0.52.6 \
windows_x86_64_msvc-0.41.0 \
windows_x86_64_msvc-0.48.5 \
windows_x86_64_msvc-0.52.6 \
winnow-0.5.40 \
winnow-0.6.20 \
winreg-0.50.0 \
write16-1.0.0 \
writeable-0.5.5 \
x509-cert-0.2.5 \
x509-parser-0.16.0 \
yoke-0.7.5 \
yoke-derive-0.7.5 \
zerocopy-0.7.35 \
zerocopy-derive-0.7.35 \
zerofrom-0.1.5 \
zerofrom-derive-0.1.5 \
zeroize-1.8.1 \
zeroize_derive-1.4.2 \
zerovec-0.10.4 \
zerovec-derive-0.10.3 \
zip-0.6.6 \
zxcvbn-2.2.2

1251
platform/freebsd/client/distinfo Normal file
View file

File diff suppressed because it is too large Load diff

27
platform/freebsd/client/files/kanidm_unixd.in Normal file
View file

@ -0,0 +1,27 @@
#!/bin/sh
# PROVIDE: kanidm_unixd
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# kanidm_unixd_enable (bool): Set to NO by default.
# Set it to YES to enable kanidm_unixd.
. /etc/rc.subr
name=kanidm_unixd
rcvar=kanidm_unixd_enable
load_rc_config $name
: ${kanidm_unixd_enable:="NO"}
pidfile="/var/run/kanidm-unixd.pid"
command=/usr/sbin/daemon
command_args="-u _kanidm_unixd -p /var/run/kanidm-unixd.pid -T kanidm_unixd /usr/local/libexec/${name}"
procname=/usr/local/libexec/${name}
run_rc_command "$1"

27
platform/freebsd/client/files/kanidm_unixd_tasks.in Normal file
View file

@ -0,0 +1,27 @@
#!/bin/sh
# PROVIDE: kanidm_unixd_tasks
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# kanidm_unixd_tasks_enable (bool): Set to NO by default.
# Set it to YES to enable kanidm_unixd_tasks.
. /etc/rc.subr
name=kanidm_unixd_tasks
rcvar=kanidm_unixd_tasks_enable
load_rc_config $name
: ${kanidm_unixd_tasks_enable:="NO"}
pidfile="/var/run/kanidm-unixd-tasks.pid"
command=/usr/sbin/daemon
command_args="-u _kanidm_unixd -p /var/run/kanidm-unixd-tasks.pid -T kanidm_unixd_tasks /usr/local/libexec/${name}"
procname=/usr/local/libexec/${name}
run_rc_command "$1"

1
platform/freebsd/client/pkg-descr Normal file
View file

@ -0,0 +1 @@
Kanidm is a simple and secure identity provider and client for UNIX systems

13
platform/freebsd/client/pkg-plist Normal file
View file

@ -0,0 +1,13 @@
bin/kanidm
bin/kanidm-unix
bin/kanidm_ssh_authorizedkeys
bin/kanidm_ssh_authorizedkeys_direct
lib/nss_kanidm.so.1
lib/libpam_kanidm.so
libexec/kanidm_unixd
libexec/kanidm_unixd_tasks
@dir %%ETCDIR%%
@dir /var/lib
@dir(_kanidm_unixd,_kanidm_unixd,750) /var/cache/kanidm-unixd
@dir(_kanidm_unixd,_kanidm_unixd,750) /var/lib/kanidm-unixd
@dir(_kanidm_unixd,_kanidm_unixd,750) /var/run/kanidm-unixd

2
server/core/src/config.rs
View file

@ -574,7 +574,7 @@ impl Configuration {
Configuration { Configuration {
address: DEFAULT_SERVER_ADDRESS.to_string(), address: DEFAULT_SERVER_ADDRESS.to_string(),
ldapaddress: None, ldapaddress: None,
adminbindpath: env!("KANIDM_ADMIN_BIND_PATH").to_string(), adminbindpath: env!("KANIDM_SERVER_ADMIN_BIND_PATH").to_string(),
threads: std::thread::available_parallelism() threads: std::thread::available_parallelism()
.map(|t| t.get()) .map(|t| t.get())
.unwrap_or_else(|_e| { .unwrap_or_else(|_e| {

6
server/core/src/https/mod.rs
View file

@ -131,7 +131,7 @@ pub(crate) fn get_js_files(role: ServerRole) -> Result<Vec<JavaScriptFile>, ()>
if !matches!(role, ServerRole::WriteReplicaNoUI) { if !matches!(role, ServerRole::WriteReplicaNoUI) {
// let's set up the list of js module hashes // let's set up the list of js module hashes
let pkg_path = env!("KANIDM_HTMX_UI_PKG_PATH").to_owned(); let pkg_path = env!("KANIDM_SERVER_UI_PKG_PATH").to_owned();
let filelist = [ let filelist = [
"external/bootstrap.bundle.min.js", "external/bootstrap.bundle.min.js",
@ -254,11 +254,11 @@ pub async fn create_https_server(
let app = match config.role { let app = match config.role {
ServerRole::WriteReplicaNoUI => app, ServerRole::WriteReplicaNoUI => app,
ServerRole::WriteReplica | ServerRole::ReadOnlyReplica => { ServerRole::WriteReplica | ServerRole::ReadOnlyReplica => {
let pkg_path = PathBuf::from(env!("KANIDM_HTMX_UI_PKG_PATH")); let pkg_path = PathBuf::from(env!("KANIDM_SERVER_UI_PKG_PATH"));
if !pkg_path.exists() { if !pkg_path.exists() {
eprintln!( eprintln!(
"Couldn't find htmx UI package path: ({}), quitting.", "Couldn't find htmx UI package path: ({}), quitting.",
env!("KANIDM_HTMX_UI_PKG_PATH") env!("KANIDM_SERVER_UI_PKG_PATH")
); );
std::process::exit(1); std::process::exit(1);
} }

6
server/daemon/src/main.rs
View file

@ -560,12 +560,12 @@ fn main() -> ExitCode {
let mut config_error: Vec<String> = Vec::new(); let mut config_error: Vec<String> = Vec::new();
let mut config = Configuration::new(); let mut config = Configuration::new();
if env!("KANIDM_DEFAULT_CONFIG_PATH").is_empty() { if env!("KANIDM_SERVER_CONFIG_PATH").is_empty() {
println!("CRITICAL: Kanidmd was not built correctly and is missing a valid KANIDM_DEFAULT_CONFIG_PATH value"); println!("CRITICAL: Kanidmd was not built correctly and is missing a valid KANIDM_SERVER_CONFIG_PATH value");
return ExitCode::FAILURE; return ExitCode::FAILURE;
} }
let default_config_path = PathBuf::from(env!("KANIDM_DEFAULT_CONFIG_PATH")); let default_config_path = PathBuf::from(env!("KANIDM_SERVER_CONFIG_PATH"));
let maybe_config_path = if let Some(p) = opt.config_path() { let maybe_config_path = if let Some(p) = opt.config_path() {
Some(p) Some(p)

4
unix_integration/common/src/constants.rs
View file

@ -1,13 +1,13 @@
use crate::unix_config::{HomeAttr, UidAttr}; use crate::unix_config::{HomeAttr, UidAttr};
pub const DEFAULT_CONFIG_PATH: &str = "/etc/kanidm/unixd"; pub const DEFAULT_CONFIG_PATH: &str = env!("KANIDM_RESOLVER_CONFIG_PATH");
pub const DEFAULT_SOCK_PATH: &str = "/var/run/kanidm-unixd/sock"; pub const DEFAULT_SOCK_PATH: &str = "/var/run/kanidm-unixd/sock";
pub const DEFAULT_TASK_SOCK_PATH: &str = "/var/run/kanidm-unixd/task_sock"; pub const DEFAULT_TASK_SOCK_PATH: &str = "/var/run/kanidm-unixd/task_sock";
pub const DEFAULT_PERSISTENT_DB_PATH: &str = "/var/lib/kanidm-unixd/kanidm.db"; pub const DEFAULT_PERSISTENT_DB_PATH: &str = "/var/lib/kanidm-unixd/kanidm.db";
pub const DEFAULT_CACHE_DB_PATH: &str = "/var/cache/kanidm-unixd/kanidm.cache.db"; pub const DEFAULT_CACHE_DB_PATH: &str = "/var/cache/kanidm-unixd/kanidm.cache.db";
pub const DEFAULT_CONN_TIMEOUT: u64 = 2; pub const DEFAULT_CONN_TIMEOUT: u64 = 2;
pub const DEFAULT_CACHE_TIMEOUT: u64 = 15; pub const DEFAULT_CACHE_TIMEOUT: u64 = 15;
pub const DEFAULT_SHELL: &str = env!("KANIDM_DEFAULT_UNIX_SHELL_PATH"); pub const DEFAULT_SHELL: &str = env!("KANIDM_RESOLVER_UNIX_SHELL_PATH");
pub const DEFAULT_HOME_PREFIX: &str = "/home/"; pub const DEFAULT_HOME_PREFIX: &str = "/home/";
pub const DEFAULT_HOME_ATTR: HomeAttr = HomeAttr::Uuid; pub const DEFAULT_HOME_ATTR: HomeAttr = HomeAttr::Uuid;
pub const DEFAULT_HOME_ALIAS: Option<HomeAttr> = Some(HomeAttr::Spn); pub const DEFAULT_HOME_ALIAS: Option<HomeAttr> = Some(HomeAttr::Spn);

3
unix_integration/nss_kanidm/Cargo.toml
View file

@ -24,6 +24,9 @@ libc = { workspace = true }
paste = { workspace = true } paste = { workspace = true }
lazy_static = { workspace = true } lazy_static = { workspace = true }
[target."cfg(target_os = \"freebsd\")".build-dependencies]
cc = "^1.2.6"
## Debian packaging ## Debian packaging
# The base metadata does **not** work to build a functioning package! # The base metadata does **not** work to build a functioning package!
# A target specific variant must be used to get the right multiarch path. # A target specific variant must be used to get the right multiarch path.

12
unix_integration/nss_kanidm/build.rs Normal file
View file

@ -0,0 +1,12 @@
fn main() {
#[cfg(target_os = "freebsd")]
{
println!("cargo::rerun-if-changed=src/freebsd_nss.c");
cc::Build::new()
.file("src/freebsd_nss.c")
.static_flag(true)
.link_lib_modifier("+whole-archive")
.compile("freebsd_nss");
}
}

94
unix_integration/nss_kanidm/src/freebsd_nss.c Normal file
View file

@ -0,0 +1,94 @@
#include <errno.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <pwd.h>
#include <grp.h>
#include <nss.h>
#include <netdb.h>
extern enum nss_status _nss_kanidm_getgrent_r(struct group *, char *, size_t,
int *);
extern enum nss_status _nss_kanidm_getgrnam_r(const char *, struct group *,
char *, size_t, int *);
extern enum nss_status _nss_kanidm_getgrgid_r(gid_t gid, struct group *, char *,
size_t, int *);
extern enum nss_status _nss_kanidm_setgrent(void);
extern enum nss_status _nss_kanidm_endgrent(void);
extern enum nss_status _nss_kanidm_getpwent_r(struct passwd *, char *, size_t,
int *);
extern enum nss_status _nss_kanidm_getpwnam_r(const char *, struct passwd *,
char *, size_t, int *);
extern enum nss_status _nss_kanidm_getpwuid_r(gid_t gid, struct passwd *, char *,
size_t, int *);
extern enum nss_status _nss_kanidm_setpwent(void);
extern enum nss_status _nss_kanidm_endpwent(void);
extern enum nss_status _nss_kanidm_gethostbyname_r(const char *name,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_kanidm_gethostbyname2_r(const char *name, int af,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_kanidm_gethostbyaddr_r(struct in_addr * addr, int len,
int type,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop, int *h_errnop);
extern enum nss_status _nss_kanidm_getgroupmembership(const char *uname,
gid_t agroup, gid_t *groups,
int maxgrp, int *grpcnt);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
static ns_mtab methods[] = {
{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_kanidm_getgrnam_r },
{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_kanidm_getgrgid_r },
{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_kanidm_getgrent_r },
{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_kanidm_setgrent },
{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_kanidm_endgrent },
{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_kanidm_getpwnam_r },
{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_kanidm_getpwuid_r },
{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_kanidm_getpwent_r },
{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_kanidm_setpwent },
{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_kanidm_endpwent },
{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_kanidm_getgrnam_r },
{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_kanidm_getgrgid_r },
{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_kanidm_getgrent_r },
{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_kanidm_setgrent },
{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_kanidm_endgrent },
{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_kanidm_getpwnam_r },
{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_kanidm_getpwuid_r },
{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_kanidm_getpwent_r },
{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_kanidm_setpwent },
{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_kanidm_endpwent },
};
ns_mtab *
_nss_module_register(__attribute__((unused)) const char *source, unsigned int *mtabsize,
nss_module_unregister_fn *unreg)
{
*mtabsize = sizeof(methods)/sizeof(methods[0]);
*unreg = NULL;
return (methods);
}

26
unix_integration/nss_kanidm/src/lib.rs
View file

@ -10,6 +10,32 @@
#![deny(clippy::needless_pass_by_value)] #![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)] #![deny(clippy::trivially_copy_pass_by_ref)]
#[cfg(target_os = "freebsd")]
/// BSD nss is quite different to that of linux (rather, glibc). As a result of this
/// FreeBSD kindly offers us wrappers to allow compatability of the two. But to
/// do this we need a .c file to include the macros and export tables, as well as
/// handling the variadic args (which rust doesn't).
///
/// The issue is that even though we link our static archive, rust won't export any
/// of the symbols from it *unless* a rust source file actually consumes at least
/// one of them. This means we can't just link to our .a and have it do the work,
/// we need to wrap and expose this shim function to convince rust to actually
/// link to the archive
///
/// https://github.com/rust-lang/rust/issues/78827
mod bsd_nss_compat {
use std::ffi::c_void;
extern "C" {
pub fn _nss_module_register(a: *mut c_void, b: *mut c_void, c: *mut c_void);
}
#[no_mangle]
pub extern "C" fn nss_module_register(a: *mut c_void, b: *mut c_void, c: *mut c_void) {
unsafe { _nss_module_register(a, b, c) }
}
}
#[cfg(target_family = "unix")] #[cfg(target_family = "unix")]
#[macro_use] #[macro_use]
extern crate libnss; extern crate libnss;