mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
Firstyear
GitHub
parent
c670069db1
commit
33f0034b80
|
|
@ -7,19 +7,14 @@ use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
/// This is used in user-facing CLIs to set the formatting for output,
|
/// This is used in user-facing CLIs to set the formatting for output,
|
||||||
/// and defaults to text.
|
/// and defaults to text.
|
||||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq)]
|
#[derive(Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Default)]
|
||||||
#[serde(rename_all = "lowercase")]
|
#[serde(rename_all = "lowercase")]
|
||||||
pub enum ConsoleOutputMode {
|
pub enum ConsoleOutputMode {
|
||||||
|
#[default]
|
||||||
Text,
|
Text,
|
||||||
JSON,
|
JSON,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for ConsoleOutputMode {
|
|
||||||
fn default() -> Self {
|
|
||||||
ConsoleOutputMode::Text
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl FromStr for ConsoleOutputMode {
|
impl FromStr for ConsoleOutputMode {
|
||||||
type Err = &'static str;
|
type Err = &'static str;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,19 +75,14 @@ impl ServerConfig {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy)]
|
#[derive(Debug, Serialize, Deserialize, Clone, Copy, Default)]
|
||||||
pub enum ServerRole {
|
pub enum ServerRole {
|
||||||
|
#[default]
|
||||||
WriteReplica,
|
WriteReplica,
|
||||||
WriteReplicaNoUI,
|
WriteReplicaNoUI,
|
||||||
ReadOnlyReplica,
|
ReadOnlyReplica,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for ServerRole {
|
|
||||||
fn default() -> Self {
|
|
||||||
ServerRole::WriteReplica
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl ToString for ServerRole {
|
impl ToString for ServerRole {
|
||||||
fn to_string(&self) -> String {
|
fn to_string(&self) -> String {
|
||||||
match self {
|
match self {
|
||||||
|
|
|
||||||
|
|
@ -294,12 +294,10 @@ async fn index_view(req: tide::Request<AppState>) -> tide::Result {
|
||||||
pub fn generate_integrity_hash(filename: String) -> Result<String, String> {
|
pub fn generate_integrity_hash(filename: String) -> Result<String, String> {
|
||||||
let wasm_filepath = PathBuf::from(filename);
|
let wasm_filepath = PathBuf::from(filename);
|
||||||
match wasm_filepath.exists() {
|
match wasm_filepath.exists() {
|
||||||
false => {
|
false => Err(format!(
|
||||||
return Err(format!(
|
"Can't find {:?} to generate file hash",
|
||||||
"Can't find {:?} to generate file hash",
|
&wasm_filepath
|
||||||
&wasm_filepath
|
)),
|
||||||
));
|
|
||||||
}
|
|
||||||
true => {
|
true => {
|
||||||
let filecontents = match std::fs::read(&wasm_filepath) {
|
let filecontents = match std::fs::read(&wasm_filepath) {
|
||||||
Ok(value) => value,
|
Ok(value) => value,
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,6 @@ pub fn scaling_user_create_batched(c: &mut Criterion) {
|
||||||
println!("iters, size -> {iters:?}, {size:?}");
|
println!("iters, size -> {iters:?}, {size:?}");
|
||||||
|
|
||||||
let data: Vec<_> = (0..size)
|
let data: Vec<_> = (0..size)
|
||||||
.into_iter()
|
|
||||||
.map(|i| {
|
.map(|i| {
|
||||||
let name = format!("testperson_{i}");
|
let name = format!("testperson_{i}");
|
||||||
entry_init!(
|
entry_init!(
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
#![allow(clippy::expect_used)]
|
||||||
|
|
||||||
use crate::constants::uuids::*;
|
use crate::constants::uuids::*;
|
||||||
///! Constant Entries for the IDM
|
///! Constant Entries for the IDM
|
||||||
use crate::constants::values::*;
|
use crate::constants::values::*;
|
||||||
|
|
@ -18,7 +20,8 @@ lazy_static! {
|
||||||
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
||||||
(
|
(
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s("{\"eq\": [\"class\", \"recycled\"]}").unwrap()
|
Value::new_json_filter_s("{\"eq\": [\"class\", \"recycled\"]}")
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
|
|
@ -41,7 +44,8 @@ lazy_static! {
|
||||||
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
||||||
(
|
(
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s("{\"eq\":[\"class\",\"recycled\"]}").unwrap()
|
Value::new_json_filter_s("{\"eq\":[\"class\",\"recycled\"]}")
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("class")),
|
("acp_modify_removedattr", Value::new_iutf8("class")),
|
||||||
("acp_modify_class", Value::new_iutf8("recycled"))
|
("acp_modify_class", Value::new_iutf8("recycled"))
|
||||||
|
|
@ -64,7 +68,7 @@ lazy_static! {
|
||||||
("acp_receiver_group", Value::Refer(UUID_IDM_ALL_ACCOUNTS)),
|
("acp_receiver_group", Value::Refer(UUID_IDM_ALL_ACCOUNTS)),
|
||||||
(
|
(
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s("\"self\"").unwrap()
|
Value::new_json_filter_s("\"self\"").expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("spn")),
|
("acp_search_attr", Value::new_iutf8("spn")),
|
||||||
|
|
@ -108,7 +112,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -152,7 +157,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("mail")),
|
("acp_modify_removedattr", Value::new_iutf8("mail")),
|
||||||
("acp_modify_presentattr", Value::new_iutf8("mail"))
|
("acp_modify_presentattr", Value::new_iutf8("mail"))
|
||||||
|
|
@ -178,7 +184,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("spn")),
|
("acp_search_attr", Value::new_iutf8("spn")),
|
||||||
|
|
@ -212,7 +219,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("displayname")),
|
("acp_search_attr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -240,7 +248,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -274,7 +283,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_create_attr", Value::new_iutf8("class")),
|
("acp_create_attr", Value::new_iutf8("class")),
|
||||||
("acp_create_attr", Value::new_iutf8("name")),
|
("acp_create_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -316,7 +326,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("password_import")),
|
("acp_modify_removedattr", Value::new_iutf8("password_import")),
|
||||||
("acp_modify_presentattr", Value::new_iutf8("password_import"))
|
("acp_modify_presentattr", Value::new_iutf8("password_import"))
|
||||||
|
|
@ -342,7 +353,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -376,7 +388,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("displayname")),
|
("acp_search_attr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -410,8 +423,8 @@ lazy_static! {
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
#[allow(clippy::expect_used)]
|
Value::new_json_filter_s("{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}")
|
||||||
Value::new_json_filter_s("{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}").expect("filter")
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("mail"))
|
("acp_search_attr", Value::new_iutf8("mail"))
|
||||||
);
|
);
|
||||||
|
|
@ -436,7 +449,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -468,7 +482,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -505,7 +520,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||||
|
|
@ -541,7 +557,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -581,7 +598,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -628,7 +646,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_create_attr", Value::new_iutf8("class")),
|
("acp_create_attr", Value::new_iutf8("class")),
|
||||||
("acp_create_attr", Value::new_iutf8("name")),
|
("acp_create_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -670,7 +689,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("radius_secret"))
|
("acp_search_attr", Value::new_iutf8("radius_secret"))
|
||||||
);
|
);
|
||||||
|
|
@ -695,7 +715,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("radius_secret")),
|
("acp_modify_removedattr", Value::new_iutf8("radius_secret")),
|
||||||
("acp_modify_presentattr", Value::new_iutf8("radius_secret"))
|
("acp_modify_presentattr", Value::new_iutf8("radius_secret"))
|
||||||
|
|
@ -722,7 +743,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("spn")),
|
("acp_search_attr", Value::new_iutf8("spn")),
|
||||||
|
|
@ -750,7 +772,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -788,7 +811,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||||
|
|
@ -833,7 +857,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||||
|
|
@ -871,7 +896,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"attributetype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"attributetype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("description")),
|
("acp_search_attr", Value::new_iutf8("description")),
|
||||||
|
|
@ -930,7 +956,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"access_control_profile\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"access_control_profile\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1020,7 +1047,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"classtype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"classtype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("classname")),
|
("acp_search_attr", Value::new_iutf8("classname")),
|
||||||
|
|
@ -1071,7 +1099,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_create_attr", Value::new_iutf8("class")),
|
("acp_create_attr", Value::new_iutf8("class")),
|
||||||
("acp_create_attr", Value::new_iutf8("name")),
|
("acp_create_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1102,7 +1131,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_create_attr", Value::new_iutf8("class")),
|
("acp_create_attr", Value::new_iutf8("class")),
|
||||||
("acp_create_attr", Value::new_iutf8("name")),
|
("acp_create_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1140,7 +1170,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_create_attr", Value::new_iutf8("class")),
|
("acp_create_attr", Value::new_iutf8("class")),
|
||||||
("acp_create_attr", Value::new_iutf8("name")),
|
("acp_create_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1171,7 +1202,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000025\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000025\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||||
|
|
@ -1215,7 +1247,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000027\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000027\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||||
|
|
@ -1246,7 +1279,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1287,7 +1321,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1323,7 +1358,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1364,7 +1400,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1402,7 +1439,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"oauth2_resource_server\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"oauth2_resource_server\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("description")),
|
("acp_search_attr", Value::new_iutf8("description")),
|
||||||
|
|
@ -1486,7 +1524,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
@ -1520,7 +1559,8 @@ lazy_static! {
|
||||||
"acp_targetscope",
|
"acp_targetscope",
|
||||||
Value::new_json_filter_s(
|
Value::new_json_filter_s(
|
||||||
"{\"and\": [{\"eq\": [\"class\",\"sync_account\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
"{\"and\": [{\"eq\": [\"class\",\"sync_account\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||||
).unwrap()
|
)
|
||||||
|
.expect("Invalid JSON filter")
|
||||||
),
|
),
|
||||||
("acp_search_attr", Value::new_iutf8("class")),
|
("acp_search_attr", Value::new_iutf8("class")),
|
||||||
("acp_search_attr", Value::new_iutf8("name")),
|
("acp_search_attr", Value::new_iutf8("name")),
|
||||||
|
|
|
||||||
|
|
@ -369,7 +369,7 @@ impl TryFrom<DbCred> for Credential {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Credential {
|
impl Credential {
|
||||||
pub fn try_from_repl_v1(rc: &ReplCredV1) -> Result<(String, Self), ()> {
|
pub fn try_from_repl_v1(rc: &ReplCredV1) -> Result<(String, Self), OperationError> {
|
||||||
match rc {
|
match rc {
|
||||||
ReplCredV1::TmpWn { tag, set } => {
|
ReplCredV1::TmpWn { tag, set } => {
|
||||||
let m_uuid: Option<Uuid> = set.get(0).map(|v| v.uuid);
|
let m_uuid: Option<Uuid> = set.get(0).map(|v| v.uuid);
|
||||||
|
|
@ -382,7 +382,7 @@ impl Credential {
|
||||||
|
|
||||||
match (m_uuid, type_.is_valid()) {
|
match (m_uuid, type_.is_valid()) {
|
||||||
(Some(uuid), true) => Ok((tag.clone(), Credential { type_, uuid })),
|
(Some(uuid), true) => Ok((tag.clone(), Credential { type_, uuid })),
|
||||||
_ => Err(()),
|
_ => Err(OperationError::InvalidValueState),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ReplCredV1::Password {
|
ReplCredV1::Password {
|
||||||
|
|
@ -390,12 +390,13 @@ impl Credential {
|
||||||
password,
|
password,
|
||||||
uuid,
|
uuid,
|
||||||
} => {
|
} => {
|
||||||
let v_password = Password::try_from(password)?;
|
let v_password =
|
||||||
|
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||||
let type_ = CredentialType::Password(v_password);
|
let type_ = CredentialType::Password(v_password);
|
||||||
if type_.is_valid() {
|
if type_.is_valid() {
|
||||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||||
} else {
|
} else {
|
||||||
Err(())
|
Err(OperationError::InvalidValueState)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ReplCredV1::GenPassword {
|
ReplCredV1::GenPassword {
|
||||||
|
|
@ -403,12 +404,13 @@ impl Credential {
|
||||||
password,
|
password,
|
||||||
uuid,
|
uuid,
|
||||||
} => {
|
} => {
|
||||||
let v_password = Password::try_from(password)?;
|
let v_password =
|
||||||
|
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||||
let type_ = CredentialType::GeneratedPassword(v_password);
|
let type_ = CredentialType::GeneratedPassword(v_password);
|
||||||
if type_.is_valid() {
|
if type_.is_valid() {
|
||||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||||
} else {
|
} else {
|
||||||
Err(())
|
Err(OperationError::InvalidValueState)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ReplCredV1::PasswordMfa {
|
ReplCredV1::PasswordMfa {
|
||||||
|
|
@ -419,15 +421,20 @@ impl Credential {
|
||||||
webauthn,
|
webauthn,
|
||||||
uuid,
|
uuid,
|
||||||
} => {
|
} => {
|
||||||
let v_password = Password::try_from(password)?;
|
let v_password =
|
||||||
|
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||||
|
|
||||||
let v_totp = totp
|
let v_totp = totp
|
||||||
.iter()
|
.iter()
|
||||||
.map(|(l, dbt)| Totp::try_from(dbt).map(|t| (l.clone(), t)))
|
.map(|(l, dbt)| Totp::try_from(dbt).map(|t| (l.clone(), t)))
|
||||||
.collect::<Result<Map<_, _>, _>>()?;
|
.collect::<Result<Map<_, _>, _>>()
|
||||||
|
.map_err(|()| OperationError::InvalidValueState)?;
|
||||||
|
|
||||||
let v_backup_code = match backup_code {
|
let v_backup_code = match backup_code {
|
||||||
Some(rbc) => Some(BackupCodes::try_from(rbc)?),
|
Some(rbc) => Some(
|
||||||
|
BackupCodes::try_from(rbc)
|
||||||
|
.map_err(|()| OperationError::InvalidValueState)?,
|
||||||
|
),
|
||||||
None => None,
|
None => None,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -442,7 +449,7 @@ impl Credential {
|
||||||
if type_.is_valid() {
|
if type_.is_valid() {
|
||||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||||
} else {
|
} else {
|
||||||
Err(())
|
Err(OperationError::InvalidValueState)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -279,13 +279,13 @@ impl Filter<FilterValid> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn resolve<'a>(
|
pub fn resolve(
|
||||||
&self,
|
&self,
|
||||||
ev: &Identity,
|
ev: &Identity,
|
||||||
idxmeta: Option<&IdxMeta>,
|
idxmeta: Option<&IdxMeta>,
|
||||||
mut rsv_cache: Option<
|
mut rsv_cache: Option<
|
||||||
&mut ARCacheReadTxn<
|
&mut ARCacheReadTxn<
|
||||||
'a,
|
'_,
|
||||||
(IdentityId, Filter<FilterValid>),
|
(IdentityId, Filter<FilterValid>),
|
||||||
Filter<FilterValidResolved>,
|
Filter<FilterValidResolved>,
|
||||||
(),
|
(),
|
||||||
|
|
@ -1493,19 +1493,19 @@ mod tests {
|
||||||
let f_t1b = filter!(f_pres("userid"));
|
let f_t1b = filter!(f_pres("userid"));
|
||||||
let f_t1c = filter!(f_pres("zzzz"));
|
let f_t1c = filter!(f_pres("zzzz"));
|
||||||
|
|
||||||
assert_eq!(f_t1a == f_t1b, true);
|
assert!(f_t1a == f_t1b);
|
||||||
assert_eq!(f_t1a == f_t1c, false);
|
assert!(f_t1a != f_t1c);
|
||||||
assert_eq!(f_t1b == f_t1c, false);
|
assert!(f_t1b != f_t1c);
|
||||||
|
|
||||||
let f_t2a = filter!(f_and!([f_pres("userid")]));
|
let f_t2a = filter!(f_and!([f_pres("userid")]));
|
||||||
let f_t2b = filter!(f_and!([f_pres("userid")]));
|
let f_t2b = filter!(f_and!([f_pres("userid")]));
|
||||||
let f_t2c = filter!(f_and!([f_pres("zzzz")]));
|
let f_t2c = filter!(f_and!([f_pres("zzzz")]));
|
||||||
assert_eq!(f_t2a == f_t2b, true);
|
assert!(f_t2a == f_t2b);
|
||||||
assert_eq!(f_t2a == f_t2c, false);
|
assert!(f_t2a != f_t2c);
|
||||||
assert_eq!(f_t2b == f_t2c, false);
|
assert!(f_t2b != f_t2c);
|
||||||
|
|
||||||
assert_eq!(f_t2c == f_t1a, false);
|
assert!(f_t2c != f_t1a);
|
||||||
assert_eq!(f_t2c == f_t1c, false);
|
assert!(f_t2c != f_t1c);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
@ -1547,15 +1547,15 @@ mod tests {
|
||||||
let f_t1b = f_t1a.clone();
|
let f_t1b = f_t1a.clone();
|
||||||
let f_t1c = unsafe { filter_resolved!(f_pres("zzzz")) };
|
let f_t1c = unsafe { filter_resolved!(f_pres("zzzz")) };
|
||||||
|
|
||||||
assert_eq!(f_t1a == f_t1b, true);
|
assert!(f_t1a == f_t1b);
|
||||||
assert_eq!(f_t1a == f_t1c, false);
|
assert!(f_t1a != f_t1c);
|
||||||
|
|
||||||
let f_t2a = unsafe { filter_resolved!(f_and!([f_pres("userid")])) };
|
let f_t2a = unsafe { filter_resolved!(f_and!([f_pres("userid")])) };
|
||||||
let f_t2b = f_t2a.clone();
|
let f_t2b = f_t2a.clone();
|
||||||
let f_t2c = unsafe { filter_resolved!(f_and!([f_pres("zzzz")])) };
|
let f_t2c = unsafe { filter_resolved!(f_and!([f_pres("zzzz")])) };
|
||||||
|
|
||||||
assert_eq!(f_t2a == f_t2b, true);
|
assert!(f_t2a == f_t2b);
|
||||||
assert_eq!(f_t2a == f_t2c, false);
|
assert!(f_t2a != f_t2c);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
|
||||||
|
|
@ -891,7 +891,7 @@ impl AuthSession {
|
||||||
issue,
|
issue,
|
||||||
intent: AuthIntent::Reauth {
|
intent: AuthIntent::Reauth {
|
||||||
session_id,
|
session_id,
|
||||||
session_expiry: session.expiry.clone(),
|
session_expiry: session.expiry,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -1016,7 +1016,7 @@ impl AuthSession {
|
||||||
) {
|
) {
|
||||||
CredState::Success { auth_type, cred_id } => {
|
CredState::Success { auth_type, cred_id } => {
|
||||||
// Issue the uat based on a set of factors.
|
// Issue the uat based on a set of factors.
|
||||||
let uat = self.issue_uat(auth_type, time, async_tx, cred_id)?;
|
let uat = self.issue_uat(&auth_type, time, async_tx, cred_id)?;
|
||||||
let jwt = Jws::new(uat);
|
let jwt = Jws::new(uat);
|
||||||
|
|
||||||
// Now encrypt and prepare the token for return to the client.
|
// Now encrypt and prepare the token for return to the client.
|
||||||
|
|
@ -1072,7 +1072,7 @@ impl AuthSession {
|
||||||
|
|
||||||
fn issue_uat(
|
fn issue_uat(
|
||||||
&mut self,
|
&mut self,
|
||||||
auth_type: AuthType,
|
auth_type: &AuthType,
|
||||||
time: Duration,
|
time: Duration,
|
||||||
async_tx: &Sender<DelayedAction>,
|
async_tx: &Sender<DelayedAction>,
|
||||||
cred_id: Uuid,
|
cred_id: Uuid,
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ impl LdapServer {
|
||||||
.or_else(|| {
|
.or_else(|| {
|
||||||
domain_entry
|
domain_entry
|
||||||
.get_ava_single_iname("domain_name")
|
.get_ava_single_iname("domain_name")
|
||||||
.map(|domain_name| ldap_domain_to_dc(domain_name))
|
.map(ldap_domain_to_dc)
|
||||||
})
|
})
|
||||||
.ok_or(OperationError::InvalidEntryState)?;
|
.ok_or(OperationError::InvalidEntryState)?;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -596,15 +596,15 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} => self.check_oauth2_token_exchange_authorization_code(
|
} => self.check_oauth2_token_exchange_authorization_code(
|
||||||
o2rs,
|
o2rs,
|
||||||
&code,
|
code,
|
||||||
&redirect_uri,
|
redirect_uri,
|
||||||
code_verifier.as_deref(),
|
code_verifier.as_deref(),
|
||||||
ct,
|
ct,
|
||||||
),
|
),
|
||||||
GrantTypeReq::RefreshToken {
|
GrantTypeReq::RefreshToken {
|
||||||
refresh_token,
|
refresh_token,
|
||||||
scope,
|
scope,
|
||||||
} => self.check_oauth2_token_refresh(o2rs, &refresh_token, scope.as_ref(), ct),
|
} => self.check_oauth2_token_refresh(o2rs, refresh_token, scope.as_ref(), ct),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -730,7 +730,6 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
||||||
if let Some(code_challenge) = code_xchg.code_challenge {
|
if let Some(code_challenge) = code_xchg.code_challenge {
|
||||||
// Validate the code_verifier
|
// Validate the code_verifier
|
||||||
let code_verifier = token_req_code_verifier
|
let code_verifier = token_req_code_verifier
|
||||||
.as_deref()
|
|
||||||
.ok_or_else(|| {
|
.ok_or_else(|| {
|
||||||
security_info!("PKCE code verification failed - code challenge is present, but no verifier was provided");
|
security_info!("PKCE code verification failed - code challenge is present, but no verifier was provided");
|
||||||
Oauth2Error::InvalidRequest
|
Oauth2Error::InvalidRequest
|
||||||
|
|
@ -804,7 +803,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
||||||
// Validate the refresh token decrypts and it's expiry is within the valid window.
|
// Validate the refresh token decrypts and it's expiry is within the valid window.
|
||||||
let token: Oauth2TokenType = o2rs
|
let token: Oauth2TokenType = o2rs
|
||||||
.token_fernet
|
.token_fernet
|
||||||
.decrypt(&refresh_token)
|
.decrypt(refresh_token)
|
||||||
.map_err(|_| {
|
.map_err(|_| {
|
||||||
admin_error!("Failed to decrypt refresh token request");
|
admin_error!("Failed to decrypt refresh token request");
|
||||||
Oauth2Error::InvalidRequest
|
Oauth2Error::InvalidRequest
|
||||||
|
|
@ -951,7 +950,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
||||||
|
|
||||||
let expiry = odt_ct + Duration::from_secs(OAUTH2_ACCESS_TOKEN_EXPIRY as u64);
|
let expiry = odt_ct + Duration::from_secs(OAUTH2_ACCESS_TOKEN_EXPIRY as u64);
|
||||||
let expires_in = OAUTH2_ACCESS_TOKEN_EXPIRY;
|
let expires_in = OAUTH2_ACCESS_TOKEN_EXPIRY;
|
||||||
let refresh_expiry = odt_ct + Duration::from_secs(OAUTH_REFRESH_TOKEN_EXPIRY as u64);
|
let refresh_expiry = odt_ct + Duration::from_secs(OAUTH_REFRESH_TOKEN_EXPIRY);
|
||||||
|
|
||||||
let scope = if scopes.is_empty() {
|
let scope = if scopes.is_empty() {
|
||||||
None
|
None
|
||||||
|
|
@ -1053,7 +1052,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
||||||
.encrypt_at_time(&access_token_data, ct.as_secs());
|
.encrypt_at_time(&access_token_data, ct.as_secs());
|
||||||
|
|
||||||
let refresh_token_raw = Oauth2TokenType::Refresh {
|
let refresh_token_raw = Oauth2TokenType::Refresh {
|
||||||
scopes: scopes,
|
scopes,
|
||||||
parent_session_id,
|
parent_session_id,
|
||||||
session_id,
|
session_id,
|
||||||
expiry: refresh_expiry,
|
expiry: refresh_expiry,
|
||||||
|
|
@ -1877,7 +1876,7 @@ fn str_join(set: &BTreeSet<String>) -> String {
|
||||||
let alloc_len = set.iter().fold(0, |acc, s| acc + s.len() + 1);
|
let alloc_len = set.iter().fold(0, |acc, s| acc + s.len() + 1);
|
||||||
let mut buf = String::with_capacity(alloc_len);
|
let mut buf = String::with_capacity(alloc_len);
|
||||||
set.iter().for_each(|s| {
|
set.iter().for_each(|s| {
|
||||||
buf.push_str(&s);
|
buf.push_str(s);
|
||||||
buf.push(' ');
|
buf.push(' ');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -3250,7 +3249,7 @@ mod tests {
|
||||||
assert!(oidc.nonce == Some("abcdef".to_string()));
|
assert!(oidc.nonce == Some("abcdef".to_string()));
|
||||||
assert!(oidc.at_hash.is_none());
|
assert!(oidc.at_hash.is_none());
|
||||||
assert!(oidc.acr.is_none());
|
assert!(oidc.acr.is_none());
|
||||||
assert!(oidc.amr == None);
|
assert!(oidc.amr.is_none());
|
||||||
assert!(oidc.azp == Some("test_resource_server".to_string()));
|
assert!(oidc.azp == Some("test_resource_server".to_string()));
|
||||||
assert!(oidc.jti.is_none());
|
assert!(oidc.jti.is_none());
|
||||||
assert!(oidc.s_claims.name == Some("System Administrator".to_string()));
|
assert!(oidc.s_claims.name == Some("System Administrator".to_string()));
|
||||||
|
|
@ -4286,7 +4285,9 @@ mod tests {
|
||||||
let (access_token_response_1, mut client_authz) =
|
let (access_token_response_1, mut client_authz) =
|
||||||
setup_refresh_token(idms, idms_delayed, ct).await;
|
setup_refresh_token(idms, idms_delayed, ct).await;
|
||||||
|
|
||||||
client_authz.as_mut().map(|s| s.push_str("invalid"));
|
if let Some(s) = client_authz.as_mut() {
|
||||||
|
s.push_str("invalid")
|
||||||
|
}
|
||||||
|
|
||||||
// ============================================
|
// ============================================
|
||||||
// Refresh with invalid client authz
|
// Refresh with invalid client authz
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@ impl EntryChangeState {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
State::Tombstone { .. } => {
|
State::Tombstone { .. } => {
|
||||||
assert!(false)
|
unreachable!();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -499,7 +499,8 @@ pub trait SchemaTransaction {
|
||||||
match self.get_attributes().get(attr) {
|
match self.get_attributes().get(attr) {
|
||||||
Some(a_schema) => {
|
Some(a_schema) => {
|
||||||
// We'll likely add more conditions here later.
|
// We'll likely add more conditions here later.
|
||||||
!(a_schema.phantom || !a_schema.replicated)
|
// Allow items that are replicated and not phantoms
|
||||||
|
a_schema.replicated && !a_schema.phantom
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
warn!(
|
warn!(
|
||||||
|
|
|
||||||
|
|
@ -143,7 +143,7 @@ fn create_filter_entry<'a>(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn protected_filter_entry<'a>(ident: &Identity, entry: &'a Entry<EntryInit, EntryNew>) -> IResult {
|
fn protected_filter_entry(ident: &Identity, entry: &Entry<EntryInit, EntryNew>) -> IResult {
|
||||||
match &ident.origin {
|
match &ident.origin {
|
||||||
IdentType::Internal => {
|
IdentType::Internal => {
|
||||||
trace!("Internal operation, protected rules do not apply.");
|
trace!("Internal operation, protected rules do not apply.");
|
||||||
|
|
|
||||||
|
|
@ -101,7 +101,7 @@ fn delete_filter_entry<'a>(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn protected_filter_entry<'a>(ident: &Identity, entry: &'a Arc<EntrySealedCommitted>) -> IResult {
|
fn protected_filter_entry(ident: &Identity, entry: &Arc<EntrySealedCommitted>) -> IResult {
|
||||||
match &ident.origin {
|
match &ident.origin {
|
||||||
IdentType::Internal => {
|
IdentType::Internal => {
|
||||||
trace!("Internal operation, protected rules do not apply.");
|
trace!("Internal operation, protected rules do not apply.");
|
||||||
|
|
|
||||||
|
|
@ -118,31 +118,30 @@ fn search_oauth2_filter_entry<'a>(
|
||||||
match &ident.origin {
|
match &ident.origin {
|
||||||
IdentType::Internal | IdentType::Synch(_) => AccessResult::Ignore,
|
IdentType::Internal | IdentType::Synch(_) => AccessResult::Ignore,
|
||||||
IdentType::User(iuser) => {
|
IdentType::User(iuser) => {
|
||||||
if entry
|
let contains_o2_rs = entry
|
||||||
.get_ava_as_iutf8("class")
|
.get_ava_as_iutf8("class")
|
||||||
.map(|set| {
|
.map(|set| {
|
||||||
trace!(?set);
|
trace!(?set);
|
||||||
set.contains("oauth2_resource_server")
|
set.contains("oauth2_resource_server")
|
||||||
})
|
})
|
||||||
.unwrap_or(false)
|
.unwrap_or(false);
|
||||||
{
|
let contains_o2_scope_member = entry
|
||||||
if entry
|
.get_ava_as_oauthscopemaps("oauth2_rs_scope_map")
|
||||||
.get_ava_as_oauthscopemaps("oauth2_rs_scope_map")
|
.and_then(|maps| ident.get_memberof().map(|mo| (maps, mo)))
|
||||||
.and_then(|maps| ident.get_memberof().map(|mo| (maps, mo)))
|
.map(|(maps, mo)| maps.keys().any(|k| mo.contains(k)))
|
||||||
.map(|(maps, mo)| maps.keys().any(|k| mo.contains(k)))
|
.unwrap_or(false);
|
||||||
.unwrap_or(false)
|
|
||||||
{
|
|
||||||
security_access!(entry = ?entry.get_uuid(), ident = ?iuser.entry.get_uuid2rdn(), "ident is a memberof a group granted an oauth2 scope by this entry");
|
|
||||||
|
|
||||||
return AccessResult::Allow(btreeset!(
|
if contains_o2_rs && contains_o2_scope_member {
|
||||||
"class",
|
security_access!(entry = ?entry.get_uuid(), ident = ?iuser.entry.get_uuid2rdn(), "ident is a memberof a group granted an oauth2 scope by this entry");
|
||||||
"displayname",
|
|
||||||
"uuid",
|
return AccessResult::Allow(btreeset!(
|
||||||
"oauth2_rs_name",
|
"class",
|
||||||
"oauth2_rs_origin",
|
"displayname",
|
||||||
"oauth2_rs_origin_landing"
|
"uuid",
|
||||||
));
|
"oauth2_rs_name",
|
||||||
}
|
"oauth2_rs_origin",
|
||||||
|
"oauth2_rs_origin_landing"
|
||||||
|
));
|
||||||
}
|
}
|
||||||
AccessResult::Ignore
|
AccessResult::Ignore
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,10 +52,7 @@ pub fn password_from_random() -> String {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn backup_code_from_random() -> HashSet<String> {
|
pub fn backup_code_from_random() -> HashSet<String> {
|
||||||
(0..8)
|
(0..8).map(|_| readable_password_from_random()).collect()
|
||||||
.into_iter()
|
|
||||||
.map(|_| readable_password_from_random())
|
|
||||||
.collect()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn readable_password_from_random() -> String {
|
pub fn readable_password_from_random() -> String {
|
||||||
|
|
|
||||||
|
|
@ -46,9 +46,7 @@ impl ValueSetCredential {
|
||||||
pub fn from_repl_v1(data: &[ReplCredV1]) -> Result<ValueSet, OperationError> {
|
pub fn from_repl_v1(data: &[ReplCredV1]) -> Result<ValueSet, OperationError> {
|
||||||
let map = data
|
let map = data
|
||||||
.iter()
|
.iter()
|
||||||
.map(|dc| {
|
.map(Credential::try_from_repl_v1)
|
||||||
Credential::try_from_repl_v1(dc).map_err(|()| OperationError::InvalidValueState)
|
|
||||||
})
|
|
||||||
.collect::<Result<_, _>>()?;
|
.collect::<Result<_, _>>()?;
|
||||||
Ok(Box::new(ValueSetCredential { map }))
|
Ok(Box::new(ValueSetCredential { map }))
|
||||||
}
|
}
|
||||||
|
|
@ -468,9 +466,7 @@ impl ValueSetPasskey {
|
||||||
let map = data
|
let map = data
|
||||||
.iter()
|
.iter()
|
||||||
.cloned()
|
.cloned()
|
||||||
.map(|k| match k {
|
.map(|ReplPasskeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key))))
|
||||||
ReplPasskeyV4V1 { uuid, tag, key } => Ok((uuid, (tag, key))),
|
|
||||||
})
|
|
||||||
.collect::<Result<_, _>>()?;
|
.collect::<Result<_, _>>()?;
|
||||||
Ok(Box::new(ValueSetPasskey { map }))
|
Ok(Box::new(ValueSetPasskey { map }))
|
||||||
}
|
}
|
||||||
|
|
@ -654,9 +650,7 @@ impl ValueSetDeviceKey {
|
||||||
let map = data
|
let map = data
|
||||||
.iter()
|
.iter()
|
||||||
.cloned()
|
.cloned()
|
||||||
.map(|k| match k {
|
.map(|ReplDeviceKeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key))))
|
||||||
ReplDeviceKeyV4V1 { uuid, tag, key } => Ok((uuid, (tag, key))),
|
|
||||||
})
|
|
||||||
.collect::<Result<_, _>>()?;
|
.collect::<Result<_, _>>()?;
|
||||||
Ok(Box::new(ValueSetDeviceKey { map }))
|
Ok(Box::new(ValueSetDeviceKey { map }))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -455,8 +455,7 @@ impl ValueSetT for ValueSetSession {
|
||||||
let map = self
|
let map = self
|
||||||
.as_session_map()
|
.as_session_map()
|
||||||
.iter()
|
.iter()
|
||||||
.map(|m| m.iter())
|
.flat_map(|m| m.iter())
|
||||||
.flatten()
|
|
||||||
.map(
|
.map(
|
||||||
|(
|
|(
|
||||||
u,
|
u,
|
||||||
|
|
@ -473,8 +472,8 @@ impl ValueSetT for ValueSetSession {
|
||||||
*u,
|
*u,
|
||||||
ApiToken {
|
ApiToken {
|
||||||
label: label.clone(),
|
label: label.clone(),
|
||||||
expiry: expiry.clone(),
|
expiry: *expiry,
|
||||||
issued_at: issued_at.clone(),
|
issued_at: *issued_at,
|
||||||
issued_by: issued_by.clone(),
|
issued_by: issued_by.clone(),
|
||||||
scope: match scope {
|
scope: match scope {
|
||||||
SessionScope::Synchronise => ApiTokenScope::Synchronise,
|
SessionScope::Synchronise => ApiTokenScope::Synchronise,
|
||||||
|
|
|
||||||
|
|
@ -1371,7 +1371,7 @@ async fn test_server_user_auth_reauthentication(rsclient: KanidmClient) {
|
||||||
.expect("Unable to open up token.");
|
.expect("Unable to open up token.");
|
||||||
|
|
||||||
let now = time::OffsetDateTime::now_utc();
|
let now = time::OffsetDateTime::now_utc();
|
||||||
assert!(uat.purpose_readwrite_active(now) == false);
|
assert!(!uat.purpose_readwrite_active(now));
|
||||||
|
|
||||||
// The auth is done, now we have to setup to re-auth for our session.
|
// The auth is done, now we have to setup to re-auth for our session.
|
||||||
// Should we bother looking at the internals of the token here to assert
|
// Should we bother looking at the internals of the token here to assert
|
||||||
|
|
@ -1407,5 +1407,5 @@ async fn test_server_user_auth_reauthentication(rsclient: KanidmClient) {
|
||||||
|
|
||||||
let now = time::OffsetDateTime::now_utc();
|
let now = time::OffsetDateTime::now_utc();
|
||||||
eprintln!("{:?} {:?}", now, uat.purpose);
|
eprintln!("{:?} {:?}", now, uat.purpose);
|
||||||
assert!(uat.purpose_readwrite_active(now) == true);
|
assert!(uat.purpose_readwrite_active(now));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -130,7 +130,7 @@ impl Component for SecurityApp {
|
||||||
let isotime: String = jsdate.to_iso_string().into();
|
let isotime: String = jsdate.to_iso_string().into();
|
||||||
// TODO: Actually check the time of expiry on the uat and have a timer set that
|
// TODO: Actually check the time of expiry on the uat and have a timer set that
|
||||||
// re-locks things nicely.
|
// re-locks things nicely.
|
||||||
let time = time::OffsetDateTime::parse(&isotime, time::Format::Rfc3339)
|
let time = time::OffsetDateTime::parse(isotime, time::Format::Rfc3339)
|
||||||
.map(|odt| odt + time::Duration::new(60, 0))
|
.map(|odt| odt + time::Duration::new(60, 0))
|
||||||
.expect_throw("Unable to process time stamp");
|
.expect_throw("Unable to process time stamp");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ impl DomainOpt {
|
||||||
new_basedn
|
new_basedn
|
||||||
);
|
);
|
||||||
let client = copt.to_client(OpType::Write).await;
|
let client = copt.to_client(OpType::Write).await;
|
||||||
match client.idm_domain_set_ldap_basedn(&new_basedn).await {
|
match client.idm_domain_set_ldap_basedn(new_basedn).await {
|
||||||
Ok(_) => println!("Success"),
|
Ok(_) => println!("Success"),
|
||||||
Err(e) => eprintln!("{:?}", e),
|
Err(e) => eprintln!("{:?}", e),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,11 @@ impl GroupOpt {
|
||||||
match client.idm_group_list().await {
|
match client.idm_group_list().await {
|
||||||
Ok(r) => r.iter().for_each(|ent| match copt.output_mode.as_str() {
|
Ok(r) => r.iter().for_each(|ent| match copt.output_mode.as_str() {
|
||||||
"json" => {
|
"json" => {
|
||||||
println!("{}", serde_json::to_string(&ent.attrs).unwrap());
|
println!(
|
||||||
|
"{}",
|
||||||
|
serde_json::to_string(&ent.attrs)
|
||||||
|
.expect("Failed to serialise json")
|
||||||
|
);
|
||||||
}
|
}
|
||||||
_ => println!("{}", ent),
|
_ => println!("{}", ent),
|
||||||
}),
|
}),
|
||||||
|
|
@ -40,7 +44,10 @@ impl GroupOpt {
|
||||||
match client.idm_group_get(gcopt.name.as_str()).await {
|
match client.idm_group_get(gcopt.name.as_str()).await {
|
||||||
Ok(Some(e)) => match gcopt.copt.output_mode.as_str() {
|
Ok(Some(e)) => match gcopt.copt.output_mode.as_str() {
|
||||||
"json" => {
|
"json" => {
|
||||||
println!("{}", serde_json::to_string(&e.attrs).unwrap());
|
println!(
|
||||||
|
"{}",
|
||||||
|
serde_json::to_string(&e.attrs).expect("Failed to serialise json")
|
||||||
|
);
|
||||||
}
|
}
|
||||||
_ => println!("{}", e),
|
_ => println!("{}", e),
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -148,7 +148,7 @@ impl ServiceAccountOpt {
|
||||||
src_user: copt.username.clone().unwrap(),
|
src_user: copt.username.clone().unwrap(),
|
||||||
dest_user: aopts.account_id.clone(),
|
dest_user: aopts.account_id.clone(),
|
||||||
};
|
};
|
||||||
println!("{}", message.to_string());
|
println!("{}", message);
|
||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
println!("Success: This token will only be displayed ONCE");
|
println!("Success: This token will only be displayed ONCE");
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ fn main() {
|
||||||
Shell::Bash,
|
Shell::Bash,
|
||||||
&mut KanidmUnixParser::command(),
|
&mut KanidmUnixParser::command(),
|
||||||
"kanidm_unix",
|
"kanidm_unix",
|
||||||
comp_dir.clone(),
|
comp_dir,
|
||||||
)
|
)
|
||||||
.ok();
|
.ok();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ use crate::db::Db;
|
||||||
use crate::unix_config::{HomeAttr, UidAttr};
|
use crate::unix_config::{HomeAttr, UidAttr};
|
||||||
use crate::unix_proto::{HomeDirectoryInfo, NssGroup, NssUser};
|
use crate::unix_proto::{HomeDirectoryInfo, NssGroup, NssUser};
|
||||||
|
|
||||||
const NXCACHE_SIZE: usize = 2048;
|
const NXCACHE_SIZE: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(2048) };
|
||||||
|
|
||||||
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
|
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
|
||||||
pub enum Id {
|
pub enum Id {
|
||||||
|
|
@ -100,7 +100,7 @@ impl CacheLayer {
|
||||||
home_alias,
|
home_alias,
|
||||||
uid_attr_map,
|
uid_attr_map,
|
||||||
gid_attr_map,
|
gid_attr_map,
|
||||||
nxcache: Mutex::new(LruCache::new(NonZeroUsize::new(NXCACHE_SIZE).unwrap())),
|
nxcache: Mutex::new(LruCache::new(NXCACHE_SIZE)),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue