diff --git a/Cargo.lock b/Cargo.lock index 519238c7a..ca34fd99f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -904,9 +904,9 @@ dependencies = [ [[package]] name = "concread" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4539869aeea73afd414cc1750eceada0d042764f2d28873d74fbbd81610bffe" +checksum = "23bef63c371d1b3da7e61e7b72e5757f070131a399f2eb60edc2d8bb8102249a" dependencies = [ "ahash 0.8.11", "arc-swap", @@ -1181,8 +1181,6 @@ dependencies = [ "kanidm_utils_users", "kanidmd_core", "mimalloc", - "opentelemetry", - "opentelemetry_api", "prctl", "reqwest 0.12.4", "sd-notify", @@ -2832,9 +2830,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idlset" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "340756d15be4b22d5e501bad90a9f68fcdc6b9b7d2f6d6afe350645e9839dac6" +checksum = "ef858150272c6cce9db3710a171edf5d3e8844d38680d7657e9b1698efe8d97b" dependencies = [ "serde", "serde_derive", @@ -3319,6 +3317,7 @@ dependencies = [ "ldap3_proto", "libc", "openssl", + "opentelemetry", "rand", "regex", "serde", @@ -3371,6 +3370,7 @@ dependencies = [ "libc", "libsqlite3-sys", "lodepng", + "mimalloc", "nonempty", "num_enum", "openssl", diff --git a/Cargo.toml b/Cargo.toml index 5f6f0d1c1..a232fdf3a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -109,7 +109,7 @@ clap_complete = "^4.5.1" # Forced by saffron/cron chrono = "^0.4.35" compact_jwt = { version = "^0.4.1", default-features = false } -concread = "^0.5.0" +concread = "^0.5.1" cron = "0.12.1" crossbeam = "0.8.4" criterion = "^0.5.1" @@ -131,7 +131,7 @@ http = "1.1.0" hyper = { version = "1.3.1", features = ["server", "client"] } hyper-util = { version = "0.1.5", features = ["server", "tokio"] } hyper-tls = "0.6.0" -idlset = "^0.2.4" +idlset = "^0.2.5" image = { version = "0.24.9", default-features = false, features = [ "gif", "jpeg", diff --git a/libs/crypto/build.rs b/libs/crypto/build.rs index 173ee7e97..a00da843c 100644 --- a/libs/crypto/build.rs +++ b/libs/crypto/build.rs @@ -1,8 +1,11 @@ use std::env; fn main() { + // Allows openssl3 as a cfg flag + println!("cargo::rustc-check-cfg=cfg(openssl3)"); println!("cargo:rerun-if-changed=build.rs"); println!("cargo:rerun-if-env-changed=DEP_OPENSSL_VERSION_NUMBER"); + if let Ok(v) = env::var("DEP_OPENSSL_VERSION_NUMBER") { let version = u64::from_str_radix(&v, 16).unwrap(); diff --git a/libs/crypto/src/lib.rs b/libs/crypto/src/lib.rs index 7ad2108f1..ae1ef38cb 100644 --- a/libs/crypto/src/lib.rs +++ b/libs/crypto/src/lib.rs @@ -346,14 +346,8 @@ impl CryptoPolicy { .checked_sub(ARGON2_TCOST_RAM_ITER_KIB) .unwrap_or(ARGON2_MIN_RAM_KIB); - // Floor and Ceil - m_cost = if m_adjust > ARGON2_MAX_RAM_KIB { - ARGON2_MAX_RAM_KIB - } else if m_adjust < ARGON2_MIN_RAM_KIB { - ARGON2_MIN_RAM_KIB - } else { - m_adjust - }; + // Clamp the value + m_cost = m_adjust.clamp(ARGON2_MIN_RAM_KIB, ARGON2_MAX_RAM_KIB); continue; } else { // Unable to proceed, parameters are maxed out. diff --git a/libs/users/src/unix.rs b/libs/users/src/unix.rs index b2cea646f..e1af6b31c 100644 --- a/libs/users/src/unix.rs +++ b/libs/users/src/unix.rs @@ -25,9 +25,6 @@ pub fn get_user_name_by_uid(uid: uid_t) -> Option { let mut buf = vec![0; 2048]; let mut result = ptr::null_mut::(); - #[cfg(feature = "logging")] - trace!("Running getpwuid_r for user #{}", uid); - loop { let r = unsafe { libc::getpwuid_r(uid, &mut passwd, buf.as_mut_ptr(), buf.len(), &mut result) }; diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml index a0821e414..9cd60f25d 100644 --- a/server/core/Cargo.toml +++ b/server/core/Cargo.toml @@ -41,6 +41,8 @@ kanidm_lib_file_permissions = { workspace = true } ldap3_proto = { workspace = true } libc = { workspace = true } openssl = { workspace = true } +opentelemetry = { workspace = true, features = ["logs"] } +# opentelemetry_api = { workspace = true, features = ["logs"] } rand = { workspace = true } regex = { workspace = true } serde = { workspace = true, features = ["derive"] } diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs index bbde07dae..37dac381d 100644 --- a/server/core/src/https/mod.rs +++ b/server/core/src/https/mod.rs @@ -388,8 +388,9 @@ pub async fn create_https_server( }; - #[cfg(feature = "otel")] + opentelemetry::global::shutdown_tracer_provider(); + info!("Stopped {}", super::TaskName::HttpsServer); })) } diff --git a/server/core/src/lib.rs b/server/core/src/lib.rs index 80faa43c9..ea49bfe6d 100644 --- a/server/core/src/lib.rs +++ b/server/core/src/lib.rs @@ -10,6 +10,7 @@ #![deny(warnings)] #![warn(unused_extern_crates)] +#![warn(unused_imports)] #![deny(clippy::todo)] #![deny(clippy::unimplemented)] #![deny(clippy::unwrap_used)] diff --git a/server/daemon/Cargo.toml b/server/daemon/Cargo.toml index d956d67b9..d58e4c39d 100644 --- a/server/daemon/Cargo.toml +++ b/server/daemon/Cargo.toml @@ -34,8 +34,6 @@ serde = { workspace = true, features = ["derive"] } tokio = { workspace = true, features = ["rt-multi-thread", "macros", "signal"] } tokio-util = { workspace = true, features = ["codec"] } toml = { workspace = true } -opentelemetry = { workspace = true, features = ["logs"] } -opentelemetry_api = { workspace = true, features = ["logs"] } tempfile = { workspace = true } tracing = { workspace = true, features = [ "max_level_trace", diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs index 908b70595..fbabdb457 100644 --- a/server/daemon/src/main.rs +++ b/server/daemon/src/main.rs @@ -10,7 +10,6 @@ #![deny(clippy::needless_pass_by_value)] #![deny(clippy::trivially_copy_pass_by_ref)] -#[cfg(not(target_family = "windows"))] #[global_allocator] static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc; diff --git a/server/daemon/src/opt.rs b/server/daemon/src/opt.rs index bb9a238ec..f1b45a5b3 100644 --- a/server/daemon/src/opt.rs +++ b/server/daemon/src/opt.rs @@ -57,7 +57,7 @@ enum DomainSettingsCmds { }, /// ⚠️ Do not use this command unless directed by a project member. ⚠️ /// - Rerun migrations of this domains database, optionally nominating the level - /// to start from. + /// to start from. #[clap(name = "remigrate")] Remigrate { #[clap(flatten)] diff --git a/server/lib/Cargo.toml b/server/lib/Cargo.toml index 3959c74e5..26ae5b3af 100644 --- a/server/lib/Cargo.toml +++ b/server/lib/Cargo.toml @@ -102,13 +102,12 @@ whoami = { workspace = true } # default = [ "libsqlite3-sys/bundled", "openssl/vendored" ] [dev-dependencies] +compact_jwt = { workspace = true, features = ["openssl", "hsm-crypto", "unsafe_release_without_verify"] } criterion = { workspace = true, features = ["html_reports"] } -webauthn-authenticator-rs = { workspace = true } - futures = { workspace = true } kanidmd_lib_macros = { workspace = true } - -compact_jwt = { workspace = true, features = ["openssl", "hsm-crypto", "unsafe_release_without_verify"] } +mimalloc = { workspace = true } +webauthn-authenticator-rs = { workspace = true } [build-dependencies] hashbrown = { workspace = true } diff --git a/server/lib/src/be/idl_arc_sqlite.rs b/server/lib/src/be/idl_arc_sqlite.rs index c3f439822..46a0ef878 100644 --- a/server/lib/src/be/idl_arc_sqlite.rs +++ b/server/lib/src/be/idl_arc_sqlite.rs @@ -86,7 +86,7 @@ macro_rules! get_identry { $idl:expr, $is_read_op:expr ) => {{ - let mut result: Vec> = Vec::new(); + let mut result: Vec> = Vec::with_capacity(0); match $idl { IdList::Partial(idli) | IdList::PartialThreshold(idli) | IdList::Indexed(idli) => { let mut nidl = IDLBitRange::new(); diff --git a/server/lib/src/be/idl_sqlite.rs b/server/lib/src/be/idl_sqlite.rs index 3d0aac3bf..ab14a37ba 100644 --- a/server/lib/src/be/idl_sqlite.rs +++ b/server/lib/src/be/idl_sqlite.rs @@ -631,7 +631,7 @@ pub(crate) trait IdlSqliteTransaction { Ok(Some(v)) => { let r: Result = v.get(0); match r { - Ok(t) if t == "ok" => Vec::new(), + Ok(t) if t == "ok" => Vec::with_capacity(0), _ => vec![Err(ConsistencyError::SqliteIntegrityFailure)], } } diff --git a/server/lib/src/be/mod.rs b/server/lib/src/be/mod.rs index 97a068338..a6d48740e 100644 --- a/server/lib/src/be/mod.rs +++ b/server/lib/src/be/mod.rs @@ -290,7 +290,7 @@ pub trait BackendTransaction { FilterResolved::Or(l, _) => { // Importantly if this has no inner elements, this returns // an empty list. - let mut plan = Vec::new(); + let mut plan = Vec::with_capacity(0); let mut result = IDLBitRange::new(); let mut partial = false; let mut threshold = false; @@ -535,7 +535,7 @@ pub trait BackendTransaction { // for fully indexed existence queries, such as from refint. // This has a lot in common with an And and Or but not really quite either. - let mut plan = Vec::new(); + let mut plan = Vec::with_capacity(0); let mut result = IDLBitRange::new(); // For each filter in l for f in l.iter() { @@ -632,7 +632,7 @@ pub trait BackendTransaction { e })?; - let entries_filtered = match idl { + let mut entries_filtered = match idl { IdList::AllIds => trace_span!("be::search").in_scope(|| { entries .into_iter() @@ -666,6 +666,9 @@ pub trait BackendTransaction { return Err(OperationError::ResourceLimit); } + // Trim any excess capacity if needed + entries_filtered.shrink_to_fit(); + Ok(entries_filtered) } @@ -851,7 +854,7 @@ pub trait BackendTransaction { if r.is_err() { vec![r] } else { - Vec::new() + Vec::with_capacity(0) } } @@ -2258,7 +2261,7 @@ mod tests { run_test!(|be: &mut BackendWriteTransaction| { trace!("Simple Create"); - let empty_result = be.create(&CID_ZERO, Vec::new()); + let empty_result = be.create(&CID_ZERO, Vec::with_capacity(0)); trace!("{:?}", empty_result); assert_eq!(empty_result, Err(OperationError::EmptyRequest)); @@ -2759,7 +2762,7 @@ mod tests { Attribute::Name.as_ref(), IndexType::Equality, "not-exist", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); idl_state!( @@ -2767,7 +2770,7 @@ mod tests { Attribute::Uuid.as_ref(), IndexType::Equality, "fake-0079-4b8c-8a56-593b22aa44d1", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); let uuid_p_idl = be @@ -2861,7 +2864,7 @@ mod tests { Attribute::Name.as_ref(), IndexType::Equality, "william", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); idl_state!( @@ -2869,7 +2872,7 @@ mod tests { Attribute::Name.as_ref(), IndexType::Presence, "_", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); idl_state!( @@ -2877,7 +2880,7 @@ mod tests { Attribute::Uuid.as_ref(), IndexType::Equality, "db237e8a-0079-4b8c-8a56-593b22aa44d1", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); idl_state!( @@ -2885,7 +2888,7 @@ mod tests { Attribute::Uuid.as_ref(), IndexType::Presence, "_", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); assert!(be.name2uuid("william") == Ok(None)); @@ -3129,14 +3132,14 @@ mod tests { Attribute::Uuid.as_ref(), IndexType::Equality, "db237e8a-0079-4b8c-8a56-593b22aa44d1", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); idl_state!( be, Attribute::Name.as_ref(), IndexType::Equality, "william", - Some(Vec::new()) + Some(Vec::with_capacity(0)) ); let claire_uuid = uuid!("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8"); @@ -3303,7 +3306,7 @@ mod tests { let (r, _plan) = be.filter2idl(f_r_andnot.to_inner(), 0).unwrap(); match r { IdList::Indexed(idl) => { - assert!(idl == IDLBitRange::from_iter(Vec::new())); + assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0))); } _ => { panic!(""); @@ -3319,7 +3322,7 @@ mod tests { let (r, _plan) = be.filter2idl(f_and_andnot.to_inner(), 0).unwrap(); match r { IdList::Indexed(idl) => { - assert!(idl == IDLBitRange::from_iter(Vec::new())); + assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0))); } _ => { panic!(""); @@ -3334,7 +3337,7 @@ mod tests { let (r, _plan) = be.filter2idl(f_or_andnot.to_inner(), 0).unwrap(); match r { IdList::Indexed(idl) => { - assert!(idl == IDLBitRange::from_iter(Vec::new())); + assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0))); } _ => { panic!(""); diff --git a/server/lib/src/constants/entries.rs b/server/lib/src/constants/entries.rs index 6af2a6182..1c2c52650 100644 --- a/server/lib/src/constants/entries.rs +++ b/server/lib/src/constants/entries.rs @@ -858,7 +858,7 @@ impl From for Account { displayname: value.displayname.to_string(), spn: format!("{}@example.com", value.name), mail_primary: None, - mail: Vec::new(), + mail: Vec::with_capacity(0), ..Default::default() } } diff --git a/server/lib/src/constants/groups.rs b/server/lib/src/constants/groups.rs index c33274665..9761cdc65 100644 --- a/server/lib/src/constants/groups.rs +++ b/server/lib/src/constants/groups.rs @@ -263,7 +263,7 @@ lazy_static! { name: "idm_people_self_write_mail", description: "Builtin IDM Group for people accounts to update their own mail.", uuid: UUID_IDM_PEOPLE_SELF_MAIL_WRITE, - members: Vec::new(), + members: Vec::with_capacity(0), ..Default::default() }; @@ -272,7 +272,7 @@ lazy_static! { name: "idm_people_self_mail_write", description: "Builtin IDM Group for people accounts to update their own mail.", uuid: UUID_IDM_PEOPLE_SELF_MAIL_WRITE, - members: Vec::new(), + members: Vec::with_capacity(0), ..Default::default() }; } @@ -283,7 +283,7 @@ lazy_static! { name: "idm_all_persons", description: "Builtin IDM dynamic group containing all persons.", uuid: UUID_IDM_ALL_PERSONS, - members: Vec::new(), + members: Vec::with_capacity(0), dyngroup: true, dyngroup_filter: Some( Filter::And(vec![ @@ -304,7 +304,7 @@ lazy_static! { name: "idm_all_accounts", description: "Builtin IDM dynamic group containing all entries that can authenticate.", uuid: UUID_IDM_ALL_ACCOUNTS, - members: Vec::new(), + members: Vec::with_capacity(0), dyngroup: true, dyngroup_filter: Some( Filter::Eq(Attribute::Class.to_string(), EntryClass::Account.to_string()), diff --git a/server/lib/src/entry.rs b/server/lib/src/entry.rs index a9db8425e..4c3965953 100644 --- a/server/lib/src/entry.rs +++ b/server/lib/src/entry.rs @@ -891,6 +891,7 @@ impl Entry { // To shortcut this we dedup the attr set and then iterate. let mut attr_set: Vec<_> = changes_left.keys().chain(changes_right.keys()).collect(); + attr_set.shrink_to_fit(); attr_set.sort_unstable(); attr_set.dedup(); @@ -1604,7 +1605,7 @@ impl Entry { match (pre, post) { (None, None) => { // if both are none, yield empty list. - Vec::new() + Vec::with_capacity(0) } (Some(pre_e), None) => { // If we are none (?), yield our pre-state as removals. @@ -1619,11 +1620,11 @@ impl Entry { ikey.attr, err ); - return Vec::new(); + return Vec::with_capacity(0); } }; match pre_e.get_ava_set(attr) { - None => Vec::new(), + None => Vec::with_capacity(0), Some(vs) => { let changes: Vec> = match ikey.itype { IndexType::Equality => { @@ -1636,7 +1637,7 @@ impl Entry { IndexType::Presence => { vec![Err((&ikey.attr, ikey.itype, "_".to_string()))] } - IndexType::SubString => Vec::new(), + IndexType::SubString => Vec::with_capacity(0), }; changes } @@ -1657,11 +1658,11 @@ impl Entry { ikey.attr, err ); - return Vec::new(); + return Vec::with_capacity(0); } }; match post_e.get_ava_set(attr) { - None => Vec::new(), + None => Vec::with_capacity(0), Some(vs) => { let changes: Vec> = match ikey.itype { IndexType::Equality => vs @@ -1672,7 +1673,7 @@ impl Entry { IndexType::Presence => { vec![Ok((&ikey.attr, ikey.itype, "_".to_string()))] } - IndexType::SubString => Vec::new(), + IndexType::SubString => Vec::with_capacity(0), }; // For each value // @@ -1695,13 +1696,13 @@ impl Entry { ikey.attr, err ); - return Vec::new(); + return Vec::with_capacity(0); } }; match (pre_e.get_ava_set(attr), post_e.get_ava_set(attr)) { (None, None) => { // Neither have it, do nothing. - Vec::new() + Vec::with_capacity(0) } (Some(pre_vs), None) => { // It existed before, but not anymore @@ -1718,7 +1719,7 @@ impl Entry { IndexType::Presence => { vec![Err((&ikey.attr, ikey.itype, "_".to_string()))] } - IndexType::SubString => Vec::new(), + IndexType::SubString => Vec::with_capacity(0), }; changes } @@ -1737,7 +1738,7 @@ impl Entry { IndexType::Presence => { vec![Ok((&ikey.attr, ikey.itype, "_".to_string()))] } - IndexType::SubString => Vec::new(), + IndexType::SubString => Vec::with_capacity(0), }; changes } @@ -3050,7 +3051,7 @@ impl Entry { // Take name: (a, b), name: (c, d) -> (name, a), (name, b), (name, c), (name, d) - let mut pairs: Vec<(&str, PartialValue)> = Vec::new(); + let mut pairs: Vec<(&str, PartialValue)> = Vec::with_capacity(0); for attr in attrs { match self.attrs.get(attr) { @@ -3689,7 +3690,7 @@ mod tests { // When we do None, None, we get nothing back. let r1 = Entry::idx_diff(&idxmeta, None, None); eprintln!("{r1:?}"); - assert!(r1 == Vec::new()); + assert!(r1 == Vec::with_capacity(0)); // Check generating a delete diff let mut del_r = Entry::idx_diff(&idxmeta, Some(&e1), None); diff --git a/server/lib/src/filter.rs b/server/lib/src/filter.rs index cbfbca214..10a2df9e0 100644 --- a/server/lib/src/filter.rs +++ b/server/lib/src/filter.rs @@ -356,8 +356,8 @@ pub enum FilterPlan { /// * `Or`. Contains multiple filters and asserts at least one is true. /// * `And`. Contains multiple filters and asserts all of them are true. /// * `AndNot`. This is different to a "logical not" operation. This asserts that a condition is not -/// true in the current candidate set. A search of `AndNot` alone will yield not results, but an -/// `AndNot` in an `And` query will assert that a condition can not hold. +/// true in the current candidate set. A search of `AndNot` alone will yield not results, but an +/// `AndNot` in an `And` query will assert that a condition can not hold. /// /// `Filter`s for security reasons are validated by the schema to assert all requested attributes /// are valid and exist in the schema so that they can have their indexes correctly used. This avoids diff --git a/server/lib/src/idm/account.rs b/server/lib/src/idm/account.rs index 81335f2eb..2fcbc163a 100644 --- a/server/lib/src/idm/account.rs +++ b/server/lib/src/idm/account.rs @@ -912,7 +912,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> { }) .unwrap_or_else(|| { // No matching entry? Return none. - Ok(Vec::new()) + Ok(Vec::with_capacity(0)) }) } Err(e) => Err(e), diff --git a/server/lib/src/idm/authsession.rs b/server/lib/src/idm/authsession.rs index a8a146bad..6bfb4a8e4 100644 --- a/server/lib/src/idm/authsession.rs +++ b/server/lib/src/idm/authsession.rs @@ -12,7 +12,7 @@ use compact_jwt::Jws; use hashbrown::HashSet; use kanidm_proto::internal::UserAuthToken; use kanidm_proto::v1::{AuthAllowed, AuthCredential, AuthIssueSession, AuthMech}; -use nonempty::{nonempty, NonEmpty}; +use nonempty::NonEmpty; use tokio::sync::mpsc::UnboundedSender as Sender; use uuid::Uuid; use webauthn_rs::prelude::{ @@ -88,7 +88,7 @@ enum AuthIntent { /// A response type to indicate the progress and potential result of an authentication attempt. enum CredState { Success { auth_type: AuthType, cred_id: Uuid }, - Continue(NonEmpty), + Continue(Box>), Denied(&'static str), } @@ -496,7 +496,10 @@ impl CredHandler { admin_warn!("unable to queue delayed webauthn property update, continuing ... "); }; }; - CredState::Continue(nonempty![AuthAllowed::Password]) + CredState::Continue(Box::new(NonEmpty { + head: AuthAllowed::Password, + tail: Vec::with_capacity(0), + })) } Err(e) => { pw_mfa.mfa_state = CredVerifyState::Fail; @@ -523,7 +526,10 @@ impl CredHandler { security_info!( "Handler::PasswordMfa -> Result::Continue - TOTP ({}) OK, password -", label ); - CredState::Continue(nonempty![AuthAllowed::Password]) + CredState::Continue(Box::new(NonEmpty { + head: AuthAllowed::Password, + tail: Vec::with_capacity(0), + })) } else { pw_mfa.mfa_state = CredVerifyState::Fail; security_error!( @@ -546,7 +552,10 @@ impl CredHandler { }; pw_mfa.mfa_state = CredVerifyState::Success; security_info!("Handler::PasswordMfa -> Result::Continue - BackupCode OK, password -"); - CredState::Continue(nonempty![AuthAllowed::Password]) + CredState::Continue(Box::new(NonEmpty { + head: AuthAllowed::Password, + tail: Vec::with_capacity(0), + })) } else { pw_mfa.mfa_state = CredVerifyState::Fail; security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -"); @@ -940,12 +949,15 @@ impl AuthSession { // based on the anonymous ... in theory this could be cleaner // and interact with the account more? if asd.account.is_anonymous() { - AuthSessionState::Init(nonempty![CredHandler::Anonymous { - cred_id: asd.account.uuid, - }]) + AuthSessionState::Init(NonEmpty { + head: CredHandler::Anonymous { + cred_id: asd.account.uuid, + }, + tail: Vec::with_capacity(0), + }) } else { // What's valid to use in this context? - let mut handlers = Vec::new(); + let mut handlers = Vec::with_capacity(0); // TODO: We can't yet fully enforce account policy on auth, there is a bit of work // to do to be able to check for pw / mfa etc. @@ -1469,7 +1481,7 @@ impl AuthSession { match &self.state { AuthSessionState::Success | AuthSessionState::Denied(_) - | AuthSessionState::InProgress(_) => Vec::new(), + | AuthSessionState::InProgress(_) => Vec::with_capacity(0), AuthSessionState::Init(handlers) => { // Iterate over the handlers into what mechs they are // and filter to unique? diff --git a/server/lib/src/idm/scim.rs b/server/lib/src/idm/scim.rs index 5f3ef4bb8..c382a44f3 100644 --- a/server/lib/src/idm/scim.rs +++ b/server/lib/src/idm/scim.rs @@ -1177,7 +1177,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> { // Get all the classes. debug!("Schemas valid - Proceeding with entry {}", scim_ent.id); - let mut mods = Vec::new(); + let mut mods = Vec::with_capacity(0); mods.push(Modify::Assert( Attribute::SyncParentUuid, @@ -1912,7 +1912,7 @@ mod tests { cookie: vec![1, 2, 3, 4].into(), }, to_state: ScimSyncState::Refresh, - entries: Vec::default(), + entries: Vec::with_capacity(0), retain: ScimSyncRetentionMode::Ignore, }; @@ -2319,7 +2319,7 @@ mod tests { cookie: vec![1, 2, 3, 4].into(), }, // Doesn't exist. If it does, then bless rng. - entries: Vec::default(), + entries: Vec::with_capacity(0), retain: ScimSyncRetentionMode::Delete(vec![Uuid::new_v4()]), }; @@ -2358,7 +2358,7 @@ mod tests { cookie: vec![1, 2, 3, 4].into(), }, // Doesn't exist. If it does, then bless rng. - entries: Vec::default(), + entries: Vec::with_capacity(0), retain: ScimSyncRetentionMode::Delete(vec![user_sync_uuid]), }; @@ -2400,7 +2400,7 @@ mod tests { cookie: vec![1, 2, 3, 4].into(), }, // Doesn't exist. If it does, then bless rng. - entries: Vec::default(), + entries: Vec::with_capacity(0), retain: ScimSyncRetentionMode::Delete(vec![user_sync_uuid]), }; @@ -2678,7 +2678,7 @@ mod tests { to_state: ScimSyncState::Active { cookie: vec![1, 2, 3, 4].into(), }, - entries: Vec::default(), + entries: Vec::with_capacity(0), retain: ScimSyncRetentionMode::Ignore, }; diff --git a/server/lib/src/idm/serviceaccount.rs b/server/lib/src/idm/serviceaccount.rs index 655011b7e..78afc7e4e 100644 --- a/server/lib/src/idm/serviceaccount.rs +++ b/server/lib/src/idm/serviceaccount.rs @@ -411,7 +411,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> { }) .unwrap_or_else(|| { // No matching entry? Return none. - Ok(Vec::new()) + Ok(Vec::with_capacity(0)) }) } Err(e) => Err(e), diff --git a/server/lib/src/lib.rs b/server/lib/src/lib.rs index 665ecf400..ba44e4d10 100644 --- a/server/lib/src/lib.rs +++ b/server/lib/src/lib.rs @@ -21,9 +21,9 @@ #![deny(clippy::manual_let_else)] #![allow(clippy::unreachable)] -#[cfg(all(jemallocator, test, not(target_family = "windows")))] +#[cfg(test)] #[global_allocator] -static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc; +static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc; #[macro_use] extern crate rusqlite; diff --git a/server/lib/src/modify.rs b/server/lib/src/modify.rs index 0ef0f738a..92de534cd 100644 --- a/server/lib/src/modify.rs +++ b/server/lib/src/modify.rs @@ -87,7 +87,7 @@ impl ModifyList { pub fn new() -> Self { ModifyList { valid: ModifyInvalid, - mods: Vec::new(), + mods: Vec::with_capacity(0), } } @@ -137,7 +137,7 @@ impl ModifyList { pe: &ProtoEntry, qs: &mut QueryServerWriteTransaction, ) -> Result { - let mut mods = Vec::new(); + let mut mods = Vec::with_capacity(0); pe.attrs.iter().try_for_each(|(attr, vals)| { // Issue a purge to the attr. diff --git a/server/lib/src/plugins/attrunique.rs b/server/lib/src/plugins/attrunique.rs index 0fb90dbf5..0a7fb4615 100644 --- a/server/lib/src/plugins/attrunique.rs +++ b/server/lib/src/plugins/attrunique.rs @@ -115,7 +115,7 @@ fn enforce_unique( } // Now do an internal search on name and !uuid for each - let mut cand_filters = Vec::new(); + let mut cand_filters = Vec::with_capacity(0); for ((attr, v), uuid) in cand_attr.iter() { // and[ attr eq k, andnot [ uuid eq v ]] // Basically this says where name but also not self. @@ -476,7 +476,7 @@ impl Plugin for AttrUnique { schema.get_attributes_unique() }; - let mut res: Vec> = Vec::new(); + let mut res: Vec> = Vec::with_capacity(0); if get_cand_attr_set(&all_cand, uniqueattrs).is_err() { res.push(Err(ConsistencyError::DuplicateUniqueAttribute)) @@ -529,7 +529,7 @@ mod tests { ); let create = vec![e.clone(), e]; - let preload = Vec::new(); + let preload = Vec::with_capacity(0); run_create_test!( Err(OperationError::Plugin(PluginError::AttrUnique( diff --git a/server/lib/src/plugins/base.rs b/server/lib/src/plugins/base.rs index 85ea60e17..080b70c35 100644 --- a/server/lib/src/plugins/base.rs +++ b/server/lib/src/plugins/base.rs @@ -330,7 +330,7 @@ mod tests { // check create where no uuid #[test] fn test_pre_create_no_uuid() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -366,7 +366,7 @@ mod tests { // check unparsable uuid #[test] fn test_pre_create_uuid_invalid() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -396,7 +396,7 @@ mod tests { // check entry where uuid is empty list #[test] fn test_pre_create_uuid_empty() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let mut e: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -429,7 +429,7 @@ mod tests { // check create where provided uuid is valid. It should be unchanged. #[test] fn test_pre_create_uuid_valid() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -468,7 +468,7 @@ mod tests { #[test] fn test_pre_create_uuid_valid_multi() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -534,7 +534,7 @@ mod tests { #[test] fn test_pre_create_double_uuid() { // Test adding two entries with the same uuid - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let ea: Entry = Entry::unsafe_from_entry_str( r#"{ @@ -737,7 +737,7 @@ mod tests { #[test] fn test_protected_uuid_does_not_exist() { // Test that internal create of "does not exist" will fail. - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ diff --git a/server/lib/src/plugins/cred_import.rs b/server/lib/src/plugins/cred_import.rs index 6c0746039..354891602 100644 --- a/server/lib/src/plugins/cred_import.rs +++ b/server/lib/src/plugins/cred_import.rs @@ -176,7 +176,7 @@ mod tests { #[test] fn test_pre_create_password_import_1() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e = entry_init!( (Attribute::Class, EntryClass::Account.to_value()), diff --git a/server/lib/src/plugins/eckeygen.rs b/server/lib/src/plugins/eckeygen.rs index 99644f09d..b79672eec 100644 --- a/server/lib/src/plugins/eckeygen.rs +++ b/server/lib/src/plugins/eckeygen.rs @@ -104,7 +104,7 @@ mod tests { (Attribute::Description, Value::new_utf8s("testperson")), (Attribute::DisplayName, Value::new_utf8s("Test Person")) ); - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let create = vec![ea]; run_create_test!( diff --git a/server/lib/src/plugins/jwskeygen.rs b/server/lib/src/plugins/jwskeygen.rs index 716c7ebb5..f678a2e18 100644 --- a/server/lib/src/plugins/jwskeygen.rs +++ b/server/lib/src/plugins/jwskeygen.rs @@ -113,7 +113,7 @@ mod tests { #[test] fn test_pre_create_oauth2_secrets() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let uuid = Uuid::new_v4(); let e: Entry = entry_init!( diff --git a/server/lib/src/plugins/keyobject.rs b/server/lib/src/plugins/keyobject.rs index e920a7b17..cdf8c2675 100644 --- a/server/lib/src/plugins/keyobject.rs +++ b/server/lib/src/plugins/keyobject.rs @@ -216,9 +216,12 @@ impl KeyObjectManagement { // Turn that object into it's entry template to create. I think we need to make this // some kind of merge_vs? - key_object.into_valuesets()?.into_iter().try_for_each( - |(attribute, valueset)| entry.merge_ava_set(attribute, valueset), - )?; + key_object + .as_valuesets()? + .into_iter() + .try_for_each(|(attribute, valueset)| { + entry.merge_ava_set(attribute, valueset) + })?; Ok(()) }) diff --git a/server/lib/src/plugins/memberof.rs b/server/lib/src/plugins/memberof.rs index 66cd52f40..396440ebc 100644 --- a/server/lib/src/plugins/memberof.rs +++ b/server/lib/src/plugins/memberof.rs @@ -337,7 +337,7 @@ impl Plugin for MemberOf { #[instrument(level = "debug", name = "memberof::verify", skip_all)] fn verify(qs: &mut QueryServerReadTransaction) -> Vec> { - let mut r = Vec::new(); + let mut r = Vec::with_capacity(0); let filt_in = filter!(f_pres(Attribute::Class)); @@ -620,7 +620,7 @@ mod tests { ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap()); - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let create = vec![ea, eb]; run_create_test!( Ok(()), @@ -651,7 +651,7 @@ mod tests { ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap()); eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap()); - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let create = vec![ea, eb, ec]; run_create_test!( Ok(()), @@ -703,7 +703,7 @@ mod tests { eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap()); ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap()); - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let create = vec![ea, eb, ec]; run_create_test!( Ok(()), @@ -761,7 +761,7 @@ mod tests { ed.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap()); - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let create = vec![ea, eb, ec, ed]; run_create_test!( Ok(()), diff --git a/server/lib/src/plugins/namehistory.rs b/server/lib/src/plugins/namehistory.rs index e7d545eb4..a50a58a4f 100644 --- a/server/lib/src/plugins/namehistory.rs +++ b/server/lib/src/plugins/namehistory.rs @@ -200,7 +200,7 @@ mod tests { (Attribute::Description, Value::new_utf8s("testperson")), (Attribute::DisplayName, Value::new_utf8s("old name person")) ); - let preload = Vec::new(); + let preload = Vec::with_capacity(0); let create = vec![ea]; run_create_test!( Ok(()), @@ -223,7 +223,7 @@ mod tests { #[test] fn name_purge_and_set_with_filled_history() { - let mut cids: Vec = Vec::new(); + let mut cids: Vec = Vec::with_capacity(0); for i in 1..AUDIT_LOG_STRING_CAPACITY { cids.push(Cid::new( uuid!("d2b496bd-8493-47b7-8142-f568b5cf47e1"), diff --git a/server/lib/src/plugins/refint.rs b/server/lib/src/plugins/refint.rs index a2fb32252..9160b35cb 100644 --- a/server/lib/src/plugins/refint.rs +++ b/server/lib/src/plugins/refint.rs @@ -317,7 +317,7 @@ impl Plugin for ReferentialIntegrity { let schema = qs.get_schema(); let ref_types = schema.get_reference_types(); - let mut res = Vec::new(); + let mut res = Vec::with_capacity(0); // For all cands for c in &all_cand { // For all reference in each cand. @@ -473,7 +473,7 @@ mod tests { ); let create = vec![e]; - let preload = Vec::new(); + let preload = Vec::with_capacity(0); run_create_test!( Err(OperationError::Plugin(PluginError::ReferentialIntegrity( "Uuid referenced not found in database".to_string() @@ -530,7 +530,7 @@ mod tests { // The create references itself - allow #[test] fn test_create_uuid_reference_self() { - let preload: Vec> = Vec::new(); + let preload: Vec> = Vec::with_capacity(0); let e: Entry = Entry::unsafe_from_entry_str( r#"{ diff --git a/server/lib/src/plugins/spn.rs b/server/lib/src/plugins/spn.rs index 2eae129d6..8ae7daba1 100644 --- a/server/lib/src/plugins/spn.rs +++ b/server/lib/src/plugins/spn.rs @@ -103,7 +103,7 @@ impl Plugin for Spn { Err(e) => return vec![e], }; - let mut r = Vec::new(); + let mut r = Vec::with_capacity(0); for e in all_cand { let Some(g_spn) = e.generate_spn(&domain_name) else { @@ -233,7 +233,7 @@ mod tests { ); let create = vec![e]; - let preload = Vec::new(); + let preload = Vec::with_capacity(0); run_create_test!( Ok(()), @@ -286,7 +286,7 @@ mod tests { ); let create = vec![e]; - let preload = Vec::new(); + let preload = Vec::with_capacity(0); run_create_test!( Ok(()), diff --git a/server/lib/src/plugins/valuedeny.rs b/server/lib/src/plugins/valuedeny.rs index 7bf9f596d..824093b61 100644 --- a/server/lib/src/plugins/valuedeny.rs +++ b/server/lib/src/plugins/valuedeny.rs @@ -61,7 +61,7 @@ impl Plugin for ValueDeny { fn verify(qs: &mut QueryServerReadTransaction) -> Vec> { let denied_names = qs.denied_names().clone(); - let mut results = Vec::new(); + let mut results = Vec::with_capacity(0); for denied_name in denied_names { let filt = filter!(f_eq(Attribute::Name, PartialValue::new_iname(&denied_name))); diff --git a/server/lib/src/repl/ruv.rs b/server/lib/src/repl/ruv.rs index 21b71f388..6df87efb6 100644 --- a/server/lib/src/repl/ruv.rs +++ b/server/lib/src/repl/ruv.rs @@ -907,7 +907,7 @@ impl<'a> ReplicationUpdateVectorWriteTransaction<'a> { pub fn trim_up_to(&mut self, cid: &Cid) -> Result { trace!(trim_up_to_cid = ?cid); let mut idl = IDLBitRange::new(); - let mut remove_suuid = Vec::default(); + let mut remove_suuid = Vec::with_capacity(0); // Here we can use the for_each here to be trimming the // range set since that is not ordered by time, we need diff --git a/server/lib/src/schema.rs b/server/lib/src/schema.rs index 8f895fbcd..dcfbf6ff4 100644 --- a/server/lib/src/schema.rs +++ b/server/lib/src/schema.rs @@ -593,7 +593,7 @@ pub trait SchemaTransaction { fn get_reference_types(&self) -> &HashMap; fn validate(&self) -> Vec> { - let mut res = Vec::new(); + let mut res = Vec::with_capacity(0); let class_snapshot = self.get_classes(); let attribute_snapshot = self.get_attributes(); @@ -2227,7 +2227,7 @@ impl Schema { let s = Schema { classes: CowCell::new(HashMap::with_capacity(128)), attributes: CowCell::new(HashMap::with_capacity(128)), - unique_cache: CowCell::new(Vec::new()), + unique_cache: CowCell::new(Vec::with_capacity(0)), ref_cache: CowCell::new(HashMap::with_capacity(64)), }; // let mut sw = task::block_on(s.write()); diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs index 738f065a4..046e4ebdd 100644 --- a/server/lib/src/server/access/mod.rs +++ b/server/lib/src/server/access/mod.rs @@ -1029,10 +1029,10 @@ impl Default for AccessControls { fn default() -> Self { AccessControls { inner: CowCell::new(AccessControlsInner { - acps_search: Vec::new(), - acps_create: Vec::new(), - acps_modify: Vec::new(), - acps_delete: Vec::new(), + acps_search: Vec::with_capacity(0), + acps_create: Vec::with_capacity(0), + acps_modify: Vec::with_capacity(0), + acps_delete: Vec::with_capacity(0), sync_agreements: HashMap::default(), }), // Allow the expect, if this fails it represents a programming/development diff --git a/server/lib/src/server/keys/internal.rs b/server/lib/src/server/keys/internal.rs index f7ac786fe..1627cc47f 100644 --- a/server/lib/src/server/keys/internal.rs +++ b/server/lib/src/server/keys/internal.rs @@ -924,7 +924,7 @@ impl KeyObjectT for KeyObjectInternal { Ok(None) } - fn into_valuesets(&self) -> Result, OperationError> { + fn as_valuesets(&self) -> Result, OperationError> { let key_iter = self .jws_es256 .iter() diff --git a/server/lib/src/server/keys/object.rs b/server/lib/src/server/keys/object.rs index 8c2d9cf60..7640a5cec 100644 --- a/server/lib/src/server/keys/object.rs +++ b/server/lib/src/server/keys/object.rs @@ -44,7 +44,7 @@ pub trait KeyObjectT { fn jwe_decrypt(&self, jwec: &JweCompact) -> Result; - fn into_valuesets(&self) -> Result, OperationError>; + fn as_valuesets(&self) -> Result, OperationError>; fn duplicate(&self) -> KeyObject; diff --git a/server/lib/src/server/mod.rs b/server/lib/src/server/mod.rs index 5b349b9ee..8282b7e01 100644 --- a/server/lib/src/server/mod.rs +++ b/server/lib/src/server/mod.rs @@ -824,7 +824,7 @@ pub trait QueryServerTransaction<'a> { .collect(); v } else if let Some(r_map) = value.as_oauthclaim_map() { - let mut v = Vec::new(); + let mut v = Vec::with_capacity(0); for (claim_name, mapping) in r_map.iter() { for (group_ref, claims) in mapping.values() { let join_char = mapping.join().to_str(); @@ -1133,7 +1133,7 @@ impl<'a> QueryServerReadTransaction<'a> { // If anything error to this point we can't trust the verifications below. From // here we can just amass results. - let mut results = Vec::new(); + let mut results = Vec::with_capacity(0); // Verify all our entries. Weird flex I know, but it's needed for verifying // the entry changelogs are consistent to their entries. diff --git a/server/lib/src/valueset/key_internal.rs b/server/lib/src/valueset/key_internal.rs index df1d44f87..e56b19dfb 100644 --- a/server/lib/src/valueset/key_internal.rs +++ b/server/lib/src/valueset/key_internal.rs @@ -395,7 +395,7 @@ mod tests { let valid_from = 0; let status = KeyStatus::Valid; let status_cid = Cid::new_zero(); - let der = Vec::default(); + let der = Vec::with_capacity(0); let mut vs_a: ValueSet = ValueSetKeyInternal::new(kid.clone(), usage, valid_from, status, status_cid, der); @@ -430,7 +430,7 @@ mod tests { let valid_from = 0; let status = KeyStatus::Valid; let status_cid = Cid::new_zero(); - let der = Vec::default(); + let der = Vec::with_capacity(0); let mut vs_a: ValueSet = ValueSetKeyInternal::new( kid.clone(), @@ -464,7 +464,7 @@ mod tests { let valid_from = 0; let status = KeyStatus::Valid; let status_cid = Cid::new_zero(); - let der = Vec::default(); + let der = Vec::with_capacity(0); let vs_a: ValueSet = ValueSetKeyInternal::new( kid.clone(), @@ -501,7 +501,7 @@ mod tests { let zero_cid = Cid::new_zero(); let one_cid = Cid::new_count(1); let two_cid = Cid::new_count(2); - let der = Vec::default(); + let der = Vec::with_capacity(0); let kid_2 = "key_2".to_string(); @@ -564,7 +564,7 @@ mod tests { let zero_cid = Cid::new_zero(); let one_cid = Cid::new_count(1); let two_cid = Cid::new_count(2); - let der = Vec::default(); + let der = Vec::with_capacity(0); let kid_2 = "key_2".to_string(); diff --git a/tools/orca/src/main.rs b/tools/orca/src/main.rs index fe26896be..9dd3dc1b1 100644 --- a/tools/orca/src/main.rs +++ b/tools/orca/src/main.rs @@ -1,4 +1,4 @@ -#![deny(warnings)] +// #![deny(warnings)] #![warn(unused_extern_crates)] #![allow(clippy::panic)] #![deny(clippy::unreachable)]