mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Calming clippy's nerves, Friday edition (#448)

Browse source 
* whoa clippy you are very helpful
This commit is contained in:
James Hodgkinson 2021-05-21 16:35:09 +10:00 committed by GitHub
parent 1f98018513
commit 35c1de4c45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 456 additions and 445 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
examples/unixd
View file

@ -1,4 +1,9 @@
# this should be at /etc/kanidm/unixd, and configures kanidm-unixd
uri = "https://idm.example.com"
verify_ca = true
verify_hostnames = true
# some documentation is here: https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md
# pam_allowed_login_groups = ["posix_group"]
# default_shell = "/bin/bash"
# home_prefix = "/home/"
# home_attr = "uuid"
# home_alias = "spn"
# uid_attr_map = "spn"
# gid_attr_map = "spn"

3
kanidm_client/src/asynchronous.rs
View file

@ -733,14 +733,13 @@ impl KanidmAsyncClient {
) -> Result<bool, ClientError> {
debug!(
"{}",
[
&[
"Asked to remove members ",
&members.join(","),
" from ",
group
]
.concat()
.to_string()
);
self.perform_delete_request_with_body(
["/v1/group/", group, "/_attr/member"].concat().as_str(),

26
kanidmd/src/lib/be/idl_arc_sqlite.rs
View file

@ -3,7 +3,7 @@ use crate::be::idl_sqlite::{
IdlSqlite, IdlSqliteReadTransaction, IdlSqliteTransaction, IdlSqliteWriteTransaction,
};
use crate::be::idxkey::{IdlCacheKey, IdlCacheKeyRef, IdlCacheKeyToRef};
use crate::be::{BackendConfig, IdRawEntry, IDL};
use crate::be::{BackendConfig, IdList, IdRawEntry};
use crate::entry::{Entry, EntryCommitted, EntrySealed};
use crate::value::IndexType;
use crate::value::Value;
@ -77,7 +77,7 @@ macro_rules! get_identry {
lperf_trace_segment!($au, "be::idl_arc_sqlite::get_identry", || {
let mut result: Vec<Entry<_, _>> = Vec::new();
match $idl {
IDL::Partial(idli) | IDL::PartialThreshold(idli) | IDL::Indexed(idli) => {
IdList::Partial(idli) | IdList::PartialThreshold(idli) | IdList::Indexed(idli) => {
let mut nidl = IDLBitRange::new();
idli.into_iter().for_each(|i| {
@ -91,7 +91,7 @@ macro_rules! get_identry {
if !nidl.is_empty() {
// Now, get anything from nidl that is needed.
let mut db_result = $self.db.get_identry($au, &IDL::Partial(nidl))?;
let mut db_result = $self.db.get_identry($au, &IdList::Partial(nidl))?;
// Clone everything from db_result into the cache.
if $is_read_op {
db_result.iter().for_each(|e| {
@ -102,7 +102,7 @@ macro_rules! get_identry {
result.append(&mut db_result);
}
}
IDL::ALLIDS => {
IdList::AllIds => {
// VERY similar to above, but we skip adding the entries to the cache
// on miss to prevent scan/invalidation attacks.
let idli = (*$self.allids).clone();
@ -117,7 +117,7 @@ macro_rules! get_identry {
if !nidl.is_empty() {
// Now, get anything from nidl that is needed.
let mut db_result = $self.db.get_identry($au, &IDL::Partial(nidl))?;
let mut db_result = $self.db.get_identry($au, &IdList::Partial(nidl))?;
// Merge the two vecs
result.append(&mut db_result);
}
@ -309,13 +309,13 @@ pub trait IdlArcSqliteTransaction {
fn get_identry(
&mut self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<Entry<EntrySealed, EntryCommitted>>, OperationError>;
fn get_identry_raw(
&self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<IdRawEntry>, OperationError>;
fn exists_idx(
@ -364,7 +364,7 @@ impl<'a> IdlArcSqliteTransaction for IdlArcSqliteReadTransaction<'a> {
fn get_identry(
&mut self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<Entry<EntrySealed, EntryCommitted>>, OperationError> {
get_identry!(self, au, idl, true)
}
@ -372,7 +372,7 @@ impl<'a> IdlArcSqliteTransaction for IdlArcSqliteReadTransaction<'a> {
fn get_identry_raw(
&self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<IdRawEntry>, OperationError> {
get_identry_raw!(self, au, idl)
}
@ -441,7 +441,7 @@ impl<'a> IdlArcSqliteTransaction for IdlArcSqliteWriteTransaction<'a> {
fn get_identry(
&mut self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<Entry<EntrySealed, EntryCommitted>>, OperationError> {
get_identry!(self, au, idl, false)
}
@ -449,7 +449,7 @@ impl<'a> IdlArcSqliteTransaction for IdlArcSqliteWriteTransaction<'a> {
fn get_identry_raw(
&self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<IdRawEntry>, OperationError> {
get_identry_raw!(self, au, idl)
}
@ -685,8 +685,8 @@ impl<'a> IdlArcSqliteWriteTransaction<'a> {
i: itype.clone(),
k: idx_key.into(),
};
// On idl == 0 the db will remove this, and synthesise an empty IDL on a miss
// but we can cache this as a new empty IDL instead, so that we can avoid the
// On idl == 0 the db will remove this, and synthesise an empty IdList on a miss
// but we can cache this as a new empty IdList instead, so that we can avoid the
// db lookup on this idl.
if idl.is_empty() {
self.idl_cache

14
kanidmd/src/lib/be/idl_sqlite.rs
View file

@ -1,5 +1,5 @@
use crate::audit::AuditScope;
use crate::be::{BackendConfig, IdRawEntry, IDL};
use crate::be::{BackendConfig, IdList, IdRawEntry};
use crate::entry::{Entry, EntryCommitted, EntrySealed};
use crate::value::{IndexType, Value};
use idlset::v2::IDLBitRange;
@ -22,7 +22,7 @@ const DBV_INDEXV: &str = "indexv";
#[derive(Debug, Copy, Clone)]
pub enum FsType {
Generic = 4096,
ZFS = 65536,
Zfs = 65536,
}
#[derive(Debug)]
@ -86,7 +86,7 @@ pub trait IdlSqliteTransaction {
fn get_identry(
&self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<Entry<EntrySealed, EntryCommitted>>, OperationError> {
lperf_trace_segment!(au, "be::idl_sqlite::get_identry", || {
self.get_identry_raw(au, idl)?
@ -99,11 +99,11 @@ pub trait IdlSqliteTransaction {
fn get_identry_raw(
&self,
au: &mut AuditScope,
idl: &IDL,
idl: &IdList,
) -> Result<Vec<IdRawEntry>, OperationError> {
// is the idl allids?
match idl {
IDL::ALLIDS => {
IdList::AllIds => {
let mut stmt = self
.get_conn()
.prepare("SELECT id, data FROM id2entry")
@ -135,7 +135,7 @@ pub trait IdlSqliteTransaction {
})
.collect()
}
IDL::Partial(idli) | IDL::PartialThreshold(idli) | IDL::Indexed(idli) => {
IdList::Partial(idli) | IdList::PartialThreshold(idli) | IdList::Indexed(idli) => {
let mut stmt = self
.get_conn()
.prepare("SELECT id, data FROM id2entry WHERE id = :idl")
@ -756,7 +756,7 @@ impl IdlSqliteWriteTransaction {
})
} else {
ltrace!(audit, "writing idl -> {}", idl);
// Serialise the IDL to Vec<u8>
// Serialise the IdList to Vec<u8>
let idl_raw = serde_cbor::to_vec(idl).map_err(|e| {
ladmin_error!(audit, "Serde CBOR Error -> {:?}", e);
OperationError::SerdeCborError

346
kanidmd/src/lib/be/mod.rs
View file

@ -40,8 +40,8 @@ const FILTER_SEARCH_TEST_THRESHOLD: usize = 2;
const FILTER_EXISTS_TEST_THRESHOLD: usize = 0;
#[derive(Debug, Clone)]
pub enum IDL {
ALLIDS,
pub enum IdList {
AllIds,
PartialThreshold(IDLBitRange),
Partial(IDLBitRange),
Indexed(IDLBitRange),
@ -134,7 +134,7 @@ pub trait BackendTransaction {
fn get_idxmeta_ref(&self) -> &IdxMeta;
/// Recursively apply a filter, transforming into IDL's on the way. This builds a query
/// Recursively apply a filter, transforming into IdList's on the way. This builds a query
/// execution log, so that it can be examined how an operation proceeded.
#[allow(clippy::cognitive_complexity)]
fn filter2idl(
@ -142,7 +142,7 @@ pub trait BackendTransaction {
au: &mut AuditScope,
filt: &FilterResolved,
thres: usize,
) -> Result<(IDL, FilterPlan), OperationError> {
) -> Result<(IdList, FilterPlan), OperationError> {
Ok(match filt {
FilterResolved::Eq(attr, value, idx) => {
if *idx {
@ -151,17 +151,17 @@ pub trait BackendTransaction {
// Get the idl for this
match self
.get_idlayer()
.get_idl(au, attr, &IndexType::EQUALITY, &idx_key)?
.get_idl(au, attr, &IndexType::Equality, &idx_key)?
{
Some(idl) => (
IDL::Indexed(idl),
IdList::Indexed(idl),
FilterPlan::EqIndexed(attr.clone(), idx_key),
),
None => (IDL::ALLIDS, FilterPlan::EqCorrupt(attr.clone())),
None => (IdList::AllIds, FilterPlan::EqCorrupt(attr.clone())),
}
} else {
// Schema believes this is not indexed
(IDL::ALLIDS, FilterPlan::EqUnindexed(attr.clone()))
(IdList::AllIds, FilterPlan::EqUnindexed(attr.clone()))
}
}
FilterResolved::Sub(attr, subvalue, idx) => {
@ -171,17 +171,17 @@ pub trait BackendTransaction {
// Get the idl for this
match self
.get_idlayer()
.get_idl(au, attr, &IndexType::SUBSTRING, &idx_key)?
.get_idl(au, attr, &IndexType::SubString, &idx_key)?
{
Some(idl) => (
IDL::Indexed(idl),
IdList::Indexed(idl),
FilterPlan::SubIndexed(attr.clone(), idx_key),
),
None => (IDL::ALLIDS, FilterPlan::SubCorrupt(attr.clone())),
None => (IdList::AllIds, FilterPlan::SubCorrupt(attr.clone())),
}
} else {
// Schema believes this is not indexed
(IDL::ALLIDS, FilterPlan::SubUnindexed(attr.clone()))
(IdList::AllIds, FilterPlan::SubUnindexed(attr.clone()))
}
}
FilterResolved::Pres(attr, idx) => {
@ -190,20 +190,20 @@ pub trait BackendTransaction {
match self.get_idlayer().get_idl(
au,
attr,
&IndexType::PRESENCE,
&IndexType::Presence,
&"_".to_string(),
)? {
Some(idl) => (IDL::Indexed(idl), FilterPlan::PresIndexed(attr.clone())),
None => (IDL::ALLIDS, FilterPlan::PresCorrupt(attr.clone())),
Some(idl) => (IdList::Indexed(idl), FilterPlan::PresIndexed(attr.clone())),
None => (IdList::AllIds, FilterPlan::PresCorrupt(attr.clone())),
}
} else {
// Schema believes this is not indexed
(IDL::ALLIDS, FilterPlan::PresUnindexed(attr.clone()))
(IdList::AllIds, FilterPlan::PresUnindexed(attr.clone()))
}
}
FilterResolved::LessThan(attr, _subvalue, _idx) => {
// We have no process for indexing this right now.
(IDL::ALLIDS, FilterPlan::LessThanUnindexed(attr.clone()))
(IdList::AllIds, FilterPlan::LessThanUnindexed(attr.clone()))
}
FilterResolved::Or(l) => {
// Importantly if this has no inner elements, this returns
@ -216,30 +216,30 @@ pub trait BackendTransaction {
for f in l.iter() {
// get their idls
match self.filter2idl(au, f, thres)? {
(IDL::Indexed(idl), fp) => {
(IdList::Indexed(idl), fp) => {
plan.push(fp);
// now union them (if possible)
result = result | idl;
}
(IDL::Partial(idl), fp) => {
(IdList::Partial(idl), fp) => {
plan.push(fp);
// now union them (if possible)
result = result | idl;
partial = true;
}
(IDL::PartialThreshold(idl), fp) => {
(IdList::PartialThreshold(idl), fp) => {
plan.push(fp);
// now union them (if possible)
result = result | idl;
partial = true;
threshold = true;
}
(IDL::ALLIDS, fp) => {
(IdList::AllIds, fp) => {
plan.push(fp);
// If we find anything unindexed, the whole term is unindexed.
lfilter!(au, "Term {:?} is ALLIDS, shortcut return", f);
lfilter!(au, "Term {:?} is AllIds, shortcut return", f);
let setplan = FilterPlan::OrUnindexed(plan);
return Ok((IDL::ALLIDS, setplan));
return Ok((IdList::AllIds, setplan));
}
}
} // end or.iter()
@ -247,14 +247,14 @@ pub trait BackendTransaction {
if partial {
if threshold {
let setplan = FilterPlan::OrPartialThreshold(plan);
(IDL::PartialThreshold(result), setplan)
(IdList::PartialThreshold(result), setplan)
} else {
let setplan = FilterPlan::OrPartial(plan);
(IDL::Partial(result), setplan)
(IdList::Partial(result), setplan)
}
} else {
let setplan = FilterPlan::OrIndexed(plan);
(IDL::Indexed(result), setplan)
(IdList::Indexed(result), setplan)
}
}
FilterResolved::And(l) => {
@ -274,7 +274,7 @@ pub trait BackendTransaction {
Some(f) => self.filter2idl(au, f, thres)?,
None => {
lfilter_error!(au, "WARNING: And filter was empty, or contains only AndNot, can not evaluate.");
return Ok((IDL::Indexed(IDLBitRange::new()), FilterPlan::Invalid));
return Ok((IdList::Indexed(IDLBitRange::new()), FilterPlan::Invalid));
}
};
@ -288,21 +288,21 @@ pub trait BackendTransaction {
plan.push(fp);
match &cand_idl {
IDL::Indexed(idl) | IDL::Partial(idl) | IDL::PartialThreshold(idl) => {
IdList::Indexed(idl) | IdList::Partial(idl) | IdList::PartialThreshold(idl) => {
// When below thres, we have to return partials to trigger the entry_no_match_filter check.
// But we only do this when there are actually multiple elements in the and,
// because an and with 1 element now is FULLY resolved.
if idl.below_threshold(thres) && f_rem_count > 0 {
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(idl.clone()), setplan));
return Ok((IdList::PartialThreshold(idl.clone()), setplan));
} else if idl.is_empty() {
// Regardless of the input state, if it's empty, this can never
// be satisfied, so return we are indexed and complete.
let setplan = FilterPlan::AndEmptyCand(plan);
return Ok((IDL::Indexed(IDLBitRange::new()), setplan));
return Ok((IdList::Indexed(IDLBitRange::new()), setplan));
}
}
IDL::ALLIDS => {}
IdList::AllIds => {}
}
// Now, for all remaining,
@ -311,54 +311,56 @@ pub trait BackendTransaction {
let (inter, fp) = self.filter2idl(au, f, thres)?;
plan.push(fp);
cand_idl = match (cand_idl, inter) {
(IDL::Indexed(ia), IDL::Indexed(ib)) => {
(IdList::Indexed(ia), IdList::Indexed(ib)) => {
let r = ia & ib;
if r.below_threshold(thres) && f_rem_count > 0 {
// When below thres, we have to return partials to trigger the entry_no_match_filter check.
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(r), setplan));
return Ok((IdList::PartialThreshold(r), setplan));
} else if r.is_empty() {
// Regardless of the input state, if it's empty, this can never
// be satisfied, so return we are indexed and complete.
let setplan = FilterPlan::AndEmptyCand(plan);
return Ok((IDL::Indexed(IDLBitRange::new()), setplan));
return Ok((IdList::Indexed(IDLBitRange::new()), setplan));
} else {
IDL::Indexed(r)
IdList::Indexed(r)
}
}
(IDL::Indexed(ia), IDL::Partial(ib))
| (IDL::Partial(ia), IDL::Indexed(ib))
| (IDL::Partial(ia), IDL::Partial(ib)) => {
(IdList::Indexed(ia), IdList::Partial(ib))
| (IdList::Partial(ia), IdList::Indexed(ib))
| (IdList::Partial(ia), IdList::Partial(ib)) => {
let r = ia & ib;
if r.below_threshold(thres) && f_rem_count > 0 {
// When below thres, we have to return partials to trigger the entry_no_match_filter check.
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(r), setplan));
return Ok((IdList::PartialThreshold(r), setplan));
} else {
IDL::Partial(r)
IdList::Partial(r)
}
}
(IDL::Indexed(ia), IDL::PartialThreshold(ib))
| (IDL::PartialThreshold(ia), IDL::Indexed(ib))
| (IDL::PartialThreshold(ia), IDL::PartialThreshold(ib))
| (IDL::PartialThreshold(ia), IDL::Partial(ib))
| (IDL::Partial(ia), IDL::PartialThreshold(ib)) => {
(IdList::Indexed(ia), IdList::PartialThreshold(ib))
| (IdList::PartialThreshold(ia), IdList::Indexed(ib))
| (IdList::PartialThreshold(ia), IdList::PartialThreshold(ib))
| (IdList::PartialThreshold(ia), IdList::Partial(ib))
| (IdList::Partial(ia), IdList::PartialThreshold(ib)) => {
let r = ia & ib;
if r.below_threshold(thres) && f_rem_count > 0 {
// When below thres, we have to return partials to trigger the entry_no_match_filter check.
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(r), setplan));
return Ok((IdList::PartialThreshold(r), setplan));
} else {
IDL::PartialThreshold(r)
IdList::PartialThreshold(r)
}
}
(IDL::Indexed(i), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::Indexed(i))
| (IDL::Partial(i), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::Partial(i)) => IDL::Partial(i),
(IDL::PartialThreshold(i), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::PartialThreshold(i)) => IDL::PartialThreshold(i),
(IDL::ALLIDS, IDL::ALLIDS) => IDL::ALLIDS,
(IdList::Indexed(i), IdList::AllIds)
| (IdList::AllIds, IdList::Indexed(i))
| (IdList::Partial(i), IdList::AllIds)
| (IdList::AllIds, IdList::Partial(i)) => IdList::Partial(i),
(IdList::PartialThreshold(i), IdList::AllIds)
| (IdList::AllIds, IdList::PartialThreshold(i)) => {
IdList::PartialThreshold(i)
}
(IdList::AllIds, IdList::AllIds) => IdList::AllIds,
};
}
@ -380,68 +382,70 @@ pub trait BackendTransaction {
// It's an and not, so we need to wrap the plan accordingly.
plan.push(FilterPlan::AndNot(Box::new(fp)));
cand_idl = match (cand_idl, inter) {
(IDL::Indexed(ia), IDL::Indexed(ib)) => {
(IdList::Indexed(ia), IdList::Indexed(ib)) => {
let r = ia.andnot(ib);
/*
// Don't trigger threshold on and nots if fully indexed.
if r.below_threshold(thres) {
// When below thres, we have to return partials to trigger the entry_no_match_filter check.
return Ok(IDL::PartialThreshold(r));
return Ok(IdList::PartialThreshold(r));
} else {
IDL::Indexed(r)
IdList::Indexed(r)
}
*/
IDL::Indexed(r)
IdList::Indexed(r)
}
(IDL::Indexed(ia), IDL::Partial(ib))
| (IDL::Partial(ia), IDL::Indexed(ib))
| (IDL::Partial(ia), IDL::Partial(ib)) => {
(IdList::Indexed(ia), IdList::Partial(ib))
| (IdList::Partial(ia), IdList::Indexed(ib))
| (IdList::Partial(ia), IdList::Partial(ib)) => {
let r = ia.andnot(ib);
// DO trigger threshold on partials, because we have to apply the filter
// test anyway, so we may as well shortcut at this point.
if r.below_threshold(thres) && f_rem_count > 0 {
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(r), setplan));
return Ok((IdList::PartialThreshold(r), setplan));
} else {
IDL::Partial(r)
IdList::Partial(r)
}
}
(IDL::Indexed(ia), IDL::PartialThreshold(ib))
| (IDL::PartialThreshold(ia), IDL::Indexed(ib))
| (IDL::PartialThreshold(ia), IDL::PartialThreshold(ib))
| (IDL::PartialThreshold(ia), IDL::Partial(ib))
| (IDL::Partial(ia), IDL::PartialThreshold(ib)) => {
(IdList::Indexed(ia), IdList::PartialThreshold(ib))
| (IdList::PartialThreshold(ia), IdList::Indexed(ib))
| (IdList::PartialThreshold(ia), IdList::PartialThreshold(ib))
| (IdList::PartialThreshold(ia), IdList::Partial(ib))
| (IdList::Partial(ia), IdList::PartialThreshold(ib)) => {
let r = ia.andnot(ib);
// DO trigger threshold on partials, because we have to apply the filter
// test anyway, so we may as well shortcut at this point.
if r.below_threshold(thres) && f_rem_count > 0 {
let setplan = FilterPlan::AndPartialThreshold(plan);
return Ok((IDL::PartialThreshold(r), setplan));
return Ok((IdList::PartialThreshold(r), setplan));
} else {
IDL::PartialThreshold(r)
IdList::PartialThreshold(r)
}
}
(IDL::Indexed(_), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::Indexed(_))
| (IDL::Partial(_), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::Partial(_))
| (IDL::PartialThreshold(_), IDL::ALLIDS)
| (IDL::ALLIDS, IDL::PartialThreshold(_)) => {
(IdList::Indexed(_), IdList::AllIds)
| (IdList::AllIds, IdList::Indexed(_))
| (IdList::Partial(_), IdList::AllIds)
| (IdList::AllIds, IdList::Partial(_))
| (IdList::PartialThreshold(_), IdList::AllIds)
| (IdList::AllIds, IdList::PartialThreshold(_)) => {
// We could actually generate allids here
// and then try to reduce the and-not set, but
// for now we just return all ids.
IDL::ALLIDS
IdList::AllIds
}
(IDL::ALLIDS, IDL::ALLIDS) => IDL::ALLIDS,
(IdList::AllIds, IdList::AllIds) => IdList::AllIds,
};
}
// What state is the final cand idl in?
let setplan = match cand_idl {
IDL::Indexed(_) => FilterPlan::AndIndexed(plan),
IDL::Partial(_) | IDL::PartialThreshold(_) => FilterPlan::AndPartial(plan),
IDL::ALLIDS => FilterPlan::AndUnindexed(plan),
IdList::Indexed(_) => FilterPlan::AndIndexed(plan),
IdList::Partial(_) | IdList::PartialThreshold(_) => {
FilterPlan::AndPartial(plan)
}
IdList::AllIds => FilterPlan::AndUnindexed(plan),
};
// Finally, return the result.
@ -460,13 +464,13 @@ pub trait BackendTransaction {
for f in l.iter() {
// get their idls
match self.filter2idl(au, f, thres)? {
(IDL::Indexed(idl), fp) => {
(IdList::Indexed(idl), fp) => {
plan.push(fp);
if idl.is_empty() {
// It's empty, so something is missing. Bail fast.
lfilter!(au, "Inclusion is unable to proceed - an empty (missing) item was found!");
let setplan = FilterPlan::InclusionIndexed(plan);
return Ok((IDL::Indexed(IDLBitRange::new()), setplan));
return Ok((IdList::Indexed(IDLBitRange::new()), setplan));
} else {
result = result | idl;
}
@ -478,13 +482,13 @@ pub trait BackendTransaction {
"Inclusion is unable to proceed - all terms must be fully indexed!"
);
let setplan = FilterPlan::InclusionInvalid(plan);
return Ok((IDL::Partial(IDLBitRange::new()), setplan));
return Ok((IdList::Partial(IDLBitRange::new()), setplan));
}
}
} // end or.iter()
// If we got here, every term must have been indexed
let setplan = FilterPlan::InclusionIndexed(plan);
(IDL::Indexed(result), setplan)
(IdList::Indexed(result), setplan)
}
// So why does this return empty? Normally we actually process an AndNot in the context
// of an "AND" query, but if it's used anywhere else IE the root filter, then there is
@ -497,7 +501,7 @@ pub trait BackendTransaction {
au,
"ERROR: Requested a top level or isolated AndNot, returning empty"
);
(IDL::Indexed(IDLBitRange::new()), FilterPlan::Invalid)
(IdList::Indexed(IDLBitRange::new()), FilterPlan::Invalid)
}
})
}
@ -520,7 +524,7 @@ pub trait BackendTransaction {
*/
lfilter!(au, "filter optimised --> {:?}", filt);
// Using the indexes, resolve the IDL here, or ALLIDS.
// Using the indexes, resolve the IdList here, or AllIds.
// Also get if the filter was 100% resolved or not.
let (idl, fplan) = lperf_trace_segment!(au, "be::search -> filter2idl", || {
self.filter2idl(au, filt.to_inner(), FILTER_SEARCH_TEST_THRESHOLD)
@ -528,26 +532,26 @@ pub trait BackendTransaction {
lfilter_info!(au, "filter executed plan -> {:?}", fplan);
// Based on the IDL we determine if limits are required at this point.
// Based on the IdList we determine if limits are required at this point.
match &idl {
IDL::ALLIDS => {
IdList::AllIds => {
if !erl.unindexed_allow {
ladmin_error!(au, "filter (search) is fully unindexed, and not allowed by resource limits");
return Err(OperationError::ResourceLimit);
}
}
IDL::Partial(idl_br) => {
IdList::Partial(idl_br) => {
// if idl_br.len() > erl.search_max_filter_test {
if !idl_br.below_threshold(erl.search_max_filter_test) {
ladmin_error!(au, "filter (search) is partial indexed and greater than search_max_filter_test allowed by resource limits");
return Err(OperationError::ResourceLimit);
}
}
IDL::PartialThreshold(_) => {
IdList::PartialThreshold(_) => {
// Since we opted for this, this is not the fault
// of the user and we should not penalise them by limiting on partial.
}
IDL::Indexed(idl_br) => {
IdList::Indexed(idl_br) => {
// We know this is resolved here, so we can attempt the limit
// check. This has to fold the whole index, but you know, class=pres is
// indexed ...
@ -565,19 +569,21 @@ pub trait BackendTransaction {
})?;
let entries_filtered = match idl {
IDL::ALLIDS => lperf_segment!(au, "be::search<entry::ftest::allids>", || {
IdList::AllIds => lperf_segment!(au, "be::search<entry::ftest::allids>", || {
entries
.into_iter()
.filter(|e| e.entry_match_no_index(&filt))
.collect()
}),
IDL::Partial(_) => lperf_segment!(au, "be::search<entry::ftest::partial>", || {
entries
.into_iter()
.filter(|e| e.entry_match_no_index(&filt))
.collect()
}),
IDL::PartialThreshold(_) => {
IdList::Partial(_) => {
lperf_segment!(au, "be::search<entry::ftest::partial>", || {
entries
.into_iter()
.filter(|e| e.entry_match_no_index(&filt))
.collect()
})
}
IdList::PartialThreshold(_) => {
lperf_trace_segment!(au, "be::search<entry::ftest::thresh>", || {
entries
.into_iter()
@ -586,7 +592,7 @@ pub trait BackendTransaction {
})
}
// Since the index fully resolved, we can shortcut the filter test step here!
IDL::Indexed(_) => {
IdList::Indexed(_) => {
lfilter!(au, "filter (search) was fully indexed 👏");
entries
}
@ -622,7 +628,7 @@ pub trait BackendTransaction {
*/
lfilter!(au, "filter optimised --> {:?}", filt);
// Using the indexes, resolve the IDL here, or ALLIDS.
// Using the indexes, resolve the IdList here, or AllIds.
// Also get if the filter was 100% resolved or not.
let (idl, fplan) = lperf_trace_segment!(au, "be::exists -> filter2idl", || {
self.filter2idl(au, filt.to_inner(), FILTER_EXISTS_TEST_THRESHOLD)
@ -630,31 +636,31 @@ pub trait BackendTransaction {
lfilter_info!(au, "filter executed plan -> {:?}", fplan);
// Apply limits to the IDL.
// Apply limits to the IdList.
match &idl {
IDL::ALLIDS => {
IdList::AllIds => {
if !erl.unindexed_allow {
ladmin_error!(au, "filter (exists) is fully unindexed, and not allowed by resource limits");
return Err(OperationError::ResourceLimit);
}
}
IDL::Partial(idl_br) => {
IdList::Partial(idl_br) => {
if !idl_br.below_threshold(erl.search_max_filter_test) {
ladmin_error!(au, "filter (exists) is partial indexed and greater than search_max_filter_test allowed by resource limits");
return Err(OperationError::ResourceLimit);
}
}
IDL::PartialThreshold(_) => {
IdList::PartialThreshold(_) => {
// Since we opted for this, this is not the fault
// of the user and we should not penalise them.
}
IDL::Indexed(_) => {}
IdList::Indexed(_) => {}
}
// Now, check the idl -- if it's fully resolved, we can skip this because the query
// was fully indexed.
match &idl {
IDL::Indexed(idl) => Ok(!idl.is_empty()),
IdList::Indexed(idl) => Ok(!idl.is_empty()),
_ => {
let entries = self.get_idlayer().get_identry(au, &idl).map_err(|e| {
ladmin_error!(au, "get_identry failed {:?}", e);
@ -759,7 +765,7 @@ pub trait BackendTransaction {
}
fn verify_indexes(&self, audit: &mut AuditScope) -> Vec<Result<(), ConsistencyError>> {
let idl = IDL::ALLIDS;
let idl = IdList::AllIds;
let entries = match self.get_idlayer().get_identry(audit, &idl) {
Ok(s) => s,
Err(e) => {
@ -782,7 +788,7 @@ pub trait BackendTransaction {
fn backup(&self, audit: &mut AuditScope, dst_path: &str) -> Result<(), OperationError> {
// load all entries into RAM, may need to change this later
// if the size of the database compared to RAM is an issue
let idl = IDL::ALLIDS;
let idl = IdList::AllIds;
let raw_entries: Vec<IdRawEntry> = self.get_idlayer().get_identry_raw(audit, &idl)?;
let entries: Result<Vec<DbEntry>, _> = raw_entries
@ -1252,7 +1258,7 @@ impl<'a> BackendWriteTransaction<'a> {
// Now, we need to iterate over everything in id2entry and index them
// Future idea: Do this in batches of X amount to limit memory
// consumption.
let idl = IDL::ALLIDS;
let idl = IdList::AllIds;
let entries = idlayer.get_identry(audit, &idl).map_err(|e| {
ladmin_error!(audit, "get_identry failure {:?}", e);
e
@ -1365,7 +1371,7 @@ impl<'a> BackendWriteTransaction<'a> {
// for debug
/*
self.idlayer.get_identry(audit, &IDL::ALLIDS)
self.idlayer.get_identry(audit, &IdList::AllIds)
.unwrap()
.iter()
.for_each(|dbe| {
@ -1559,7 +1565,7 @@ mod tests {
use super::super::entry::{Entry, EntryInit, EntryNew};
use super::IdxKey;
use super::{
Backend, BackendConfig, BackendTransaction, BackendWriteTransaction, OperationError, IDL,
Backend, BackendConfig, BackendTransaction, BackendWriteTransaction, IdList, OperationError,
};
use crate::event::EventLimits;
use crate::value::{IndexType, PartialValue, Value};
@ -1581,31 +1587,31 @@ mod tests {
let mut idxmeta = Set::with_capacity(16);
idxmeta.insert(IdxKey {
attr: AttrString::from("name"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("name"),
itype: IndexType::PRESENCE,
itype: IndexType::Presence,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("name"),
itype: IndexType::SUBSTRING,
itype: IndexType::SubString,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("uuid"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("uuid"),
itype: IndexType::PRESENCE,
itype: IndexType::Presence,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("ta"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("tb"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
let be = Backend::new(&mut audit, BackendConfig::new_test(), idxmeta, false)
@ -1656,7 +1662,7 @@ mod tests {
($audit:expr, $be:expr, $attr:expr, $itype:expr, $idx_key:expr, $expect:expr) => {{
let t_idl = $be
.load_test_idl($audit, &$attr.to_string(), &$itype, &$idx_key.to_string())
.expect("IDL Load failed");
.expect("IdList Load failed");
let t = $expect.map(|v: Vec<u64>| IDLBitRange::from_iter(v));
assert_eq!(t_idl, t);
}};
@ -1967,7 +1973,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"william",
Some(vec![1])
);
@ -1976,7 +1982,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"claire",
Some(vec![2])
);
@ -1985,7 +1991,7 @@ mod tests {
audit,
be,
"name",
IndexType::PRESENCE,
IndexType::Presence,
"_",
Some(vec![1, 2])
);
@ -1994,7 +2000,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(vec![1])
);
@ -2003,7 +2009,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"bd651620-00dd-426b-aaa0-4494f7b7906f",
Some(vec![2])
);
@ -2012,7 +2018,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::PRESENCE,
IndexType::Presence,
"_",
Some(vec![1, 2])
);
@ -2023,7 +2029,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"not-exist",
Some(Vec::new())
);
@ -2032,7 +2038,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"fake-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
);
@ -2041,7 +2047,7 @@ mod tests {
.load_test_idl(
audit,
&"not_indexed".to_string(),
&IndexType::PRESENCE,
&IndexType::Presence,
&"_".to_string(),
)
.unwrap(); // unwrap the result
@ -2081,23 +2087,23 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"william",
Some(vec![1])
);
idl_state!(audit, be, "name", IndexType::PRESENCE, "_", Some(vec![1]));
idl_state!(audit, be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(vec![1])
);
idl_state!(audit, be, "uuid", IndexType::PRESENCE, "_", Some(vec![1]));
idl_state!(audit, be, "uuid", IndexType::Presence, "_", Some(vec![1]));
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
assert!(be.name2uuid(audit, "william") == Ok(Some(william_uuid)));
@ -2111,7 +2117,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"william",
Some(Vec::new())
);
@ -2120,7 +2126,7 @@ mod tests {
audit,
be,
"name",
IndexType::PRESENCE,
IndexType::Presence,
"_",
Some(Vec::new())
);
@ -2129,7 +2135,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
);
@ -2138,7 +2144,7 @@ mod tests {
audit,
be,
"uuid",
IndexType::PRESENCE,
IndexType::Presence,
"_",
Some(Vec::new())
);
@ -2184,23 +2190,23 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"claire",
Some(vec![2])
);
idl_state!(audit, be, "name", IndexType::PRESENCE, "_", Some(vec![2]));
idl_state!(audit, be, "name", IndexType::Presence, "_", Some(vec![2]));
idl_state!(
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"bd651620-00dd-426b-aaa0-4494f7b7906f",
Some(vec![2])
);
idl_state!(audit, be, "uuid", IndexType::PRESENCE, "_", Some(vec![2]));
idl_state!(audit, be, "uuid", IndexType::Presence, "_", Some(vec![2]));
let claire_uuid = Uuid::parse_str("bd651620-00dd-426b-aaa0-4494f7b7906f").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
@ -2253,16 +2259,16 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"claire",
Some(vec![1])
);
idl_state!(audit, be, "name", IndexType::PRESENCE, "_", Some(vec![1]));
idl_state!(audit, be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(audit, be, "tb", IndexType::EQUALITY, "test", Some(vec![1]));
idl_state!(audit, be, "tb", IndexType::Equality, "test", Some(vec![1]));
idl_state!(audit, be, "ta", IndexType::EQUALITY, "test", Some(vec![]));
idl_state!(audit, be, "ta", IndexType::Equality, "test", Some(vec![]));
// let claire_uuid = Uuid::parse_str("bd651620-00dd-426b-aaa0-4494f7b7906f").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
@ -2300,7 +2306,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"claire",
Some(vec![1])
);
@ -2309,19 +2315,19 @@ mod tests {
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"04091a7a-6ce4-42d2-abf5-c2ce244ac9e8",
Some(vec![1])
);
idl_state!(audit, be, "name", IndexType::PRESENCE, "_", Some(vec![1]));
idl_state!(audit, be, "uuid", IndexType::PRESENCE, "_", Some(vec![1]));
idl_state!(audit, be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(audit, be, "uuid", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
audit,
be,
"uuid",
IndexType::EQUALITY,
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
);
@ -2329,7 +2335,7 @@ mod tests {
audit,
be,
"name",
IndexType::EQUALITY,
IndexType::Equality,
"william",
Some(Vec::new())
);
@ -2370,7 +2376,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_un.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}
@ -2382,7 +2388,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_eq.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2404,7 +2410,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_in_and.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2429,7 +2435,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_p1.to_inner(), 0).unwrap();
match r {
IDL::Partial(idl) => {
IdList::Partial(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2439,7 +2445,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_p2.to_inner(), 0).unwrap();
match r {
IDL::Partial(idl) => {
IdList::Partial(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2457,7 +2463,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_no_and.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}
@ -2470,7 +2476,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_in_or.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2487,7 +2493,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_un_or.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}
@ -2500,7 +2506,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_r_andnot.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
}
_ => {
@ -2518,7 +2524,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_and_andnot.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
}
_ => {
@ -2535,7 +2541,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_or_andnot.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
}
_ => {
@ -2553,7 +2559,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_and_andnot.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
debug!("{:?}", idl);
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
@ -2571,7 +2577,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_and_andnot.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![1]));
}
_ => {
@ -2588,7 +2594,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_and_andnot.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}
@ -2603,7 +2609,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_and_andnot.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}
@ -2614,7 +2620,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_e_or.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![]));
}
_ => {
@ -2626,7 +2632,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_e_and.to_inner(), 0).unwrap();
match r {
IDL::Indexed(idl) => {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(vec![]));
}
_ => {
@ -2648,7 +2654,7 @@ mod tests {
let (r, _plan) = be.filter2idl(audit, f_eq.to_inner(), 0).unwrap();
match r {
IDL::ALLIDS => {}
IdList::AllIds => {}
_ => {
panic!("");
}

2
kanidmd/src/lib/core/mod.rs
View file

@ -52,7 +52,7 @@ fn setup_backend_vacuum(
.map(|s| s == "zfs")
.unwrap_or(false)
{
FsType::ZFS
FsType::Zfs
} else {
FsType::Generic
};

26
kanidmd/src/lib/credential/mod.rs
View file

@ -45,7 +45,7 @@ pub enum Policy {
// I don't really feel like adding in so many restrictions, so I'll use
// pbkdf2 in openssl because it doesn't have the same limits.
#[derive(Clone, Debug)]
enum KDF {
enum Kdf {
// cost, salt, hash
PBKDF2(usize, Vec<u8>, Vec<u8>),
// salt hash
@ -54,7 +54,7 @@ enum KDF {
#[derive(Clone, Debug)]
pub struct Password {
material: KDF,
material: Kdf,
}
impl TryFrom<DbPasswordV1> for Password {
@ -63,10 +63,10 @@ impl TryFrom<DbPasswordV1> for Password {
fn try_from(value: DbPasswordV1) -> Result<Self, Self::Error> {
match value {
DbPasswordV1::PBKDF2(c, s, h) => Ok(Password {
material: KDF::PBKDF2(c, s, h),
material: Kdf::PBKDF2(c, s, h),
}),
DbPasswordV1::SSHA512(s, h) => Ok(Password {
material: KDF::SSHA512(s, h),
material: Kdf::SSHA512(s, h),
}),
}
}
@ -96,7 +96,7 @@ impl TryFrom<&str> for Password {
return Err(());
}
return Ok(Password {
material: KDF::PBKDF2(c, s, h),
material: Kdf::PBKDF2(c, s, h),
});
}
_ => {}
@ -111,7 +111,7 @@ impl TryFrom<&str> for Password {
return Err(());
}
return Ok(Password {
material: KDF::SSHA512(s.to_vec(), h.to_vec()),
material: Kdf::SSHA512(s.to_vec(), h.to_vec()),
});
}
@ -142,7 +142,7 @@ impl Password {
end.checked_duration_since(start)
}
fn new_pbkdf2(pbkdf2_cost: usize, cleartext: &str) -> Result<KDF, OperationError> {
fn new_pbkdf2(pbkdf2_cost: usize, cleartext: &str) -> Result<Kdf, OperationError> {
let mut rng = rand::thread_rng();
let salt: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.gen()).collect();
// This is 512 bits of output
@ -157,7 +157,7 @@ impl Password {
)
.map(|()| {
// Turn key to a vec.
KDF::PBKDF2(pbkdf2_cost, salt, key)
Kdf::PBKDF2(pbkdf2_cost, salt, key)
})
.map_err(|_| OperationError::CryptographyError)
}
@ -168,7 +168,7 @@ impl Password {
pub fn verify(&self, cleartext: &str) -> Result<bool, OperationError> {
match &self.material {
KDF::PBKDF2(cost, salt, key) => {
Kdf::PBKDF2(cost, salt, key) => {
// We have to get the number of bits to derive from our stored hash
// as some imported hash types may have variable lengths
let key_len = key.len();
@ -187,7 +187,7 @@ impl Password {
&chal_key == key
})
}
KDF::SSHA512(salt, key) => {
Kdf::SSHA512(salt, key) => {
let mut hasher = Sha512::new();
hasher.update(cleartext.as_bytes());
hasher.update(&salt);
@ -199,15 +199,15 @@ impl Password {
pub fn to_dbpasswordv1(&self) -> DbPasswordV1 {
match &self.material {
KDF::PBKDF2(cost, salt, hash) => {
Kdf::PBKDF2(cost, salt, hash) => {
DbPasswordV1::PBKDF2(*cost, salt.clone(), hash.clone())
}
KDF::SSHA512(salt, hash) => DbPasswordV1::SSHA512(salt.clone(), hash.clone()),
Kdf::SSHA512(salt, hash) => DbPasswordV1::SSHA512(salt.clone(), hash.clone()),
}
}
pub fn requires_upgrade(&self) -> bool {
!matches!(&self.material, KDF::PBKDF2(_, _, _))
!matches!(&self.material, Kdf::PBKDF2(_, _, _))
}
}

58
kanidmd/src/lib/entry.rs
View file

@ -1090,7 +1090,7 @@ impl Entry<EntrySealed, EntryCommitted> {
None => Vec::new(),
Some(vs) => {
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
vs.flat_map(|v| {
// Turn each idx_key to the tuple of
// changes.
@ -1100,10 +1100,10 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
vec![Err((&ikey.attr, &ikey.itype, "_".to_string()))]
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
};
changes
}
@ -1120,7 +1120,7 @@ impl Entry<EntrySealed, EntryCommitted> {
None => Vec::new(),
Some(vs) => {
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
vs.flat_map(|v| {
// Turn each idx_key to the tuple of
// changes.
@ -1130,10 +1130,10 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
vec![Ok((&ikey.attr, &ikey.itype, "_".to_string()))]
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
};
// For each value
//
@ -1159,7 +1159,7 @@ impl Entry<EntrySealed, EntryCommitted> {
(Some(pre_vs), None) => {
// It existed before, but not anymore
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
pre_vs
.iter()
.flat_map(|v| {
@ -1173,17 +1173,17 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
vec![Err((&ikey.attr, &ikey.itype, "_".to_string()))]
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
};
changes
}
(None, Some(post_vs)) => {
// It was added now.
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
post_vs
.iter()
.flat_map(|v| {
@ -1197,10 +1197,10 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
vec![Ok((&ikey.attr, &ikey.itype, "_".to_string()))]
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
};
changes
}
@ -1211,7 +1211,7 @@ impl Entry<EntrySealed, EntryCommitted> {
.map(|pre_v| {
// Was in pre, now not in post
match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
// Remove the v
pre_v
.generate_idx_eq_keys()
@ -1221,17 +1221,17 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
// No action - we still are "present", so nothing to do!
Vec::new()
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
}
})
.chain(post_vs.difference(&pre_vs).map(|post_v| {
// is in post, but not in pre (add)
match ikey.itype {
IndexType::EQUALITY => {
IndexType::Equality => {
// Remove the v
post_v
.generate_idx_eq_keys()
@ -1241,11 +1241,11 @@ impl Entry<EntrySealed, EntryCommitted> {
})
.collect()
}
IndexType::PRESENCE => {
IndexType::Presence => {
// No action - we still are "present", so nothing to do!
Vec::new()
}
IndexType::SUBSTRING => Vec::new(),
IndexType::SubString => Vec::new(),
}
}))
.flatten() // flatten all the inner vecs
@ -2168,15 +2168,15 @@ mod tests {
let mut idxmeta = HashSet::with_capacity(8);
idxmeta.insert(IdxKey {
attr: AttrString::from("userid"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("userid"),
itype: IndexType::PRESENCE,
itype: IndexType::Presence,
});
idxmeta.insert(IdxKey {
attr: AttrString::from("extra"),
itype: IndexType::EQUALITY,
itype: IndexType::Equality,
});
// When we do None, None, we get nothing back.
@ -2192,7 +2192,7 @@ mod tests {
del_r[0]
== Err((
&AttrString::from("userid"),
&IndexType::EQUALITY,
&IndexType::Equality,
"william".to_string()
))
);
@ -2200,7 +2200,7 @@ mod tests {
del_r[1]
== Err((
&AttrString::from("userid"),
&IndexType::PRESENCE,
&IndexType::Presence,
"_".to_string()
))
);
@ -2213,7 +2213,7 @@ mod tests {
add_r[0]
== Ok((
&AttrString::from("userid"),
&IndexType::EQUALITY,
&IndexType::Equality,
"william".to_string()
))
);
@ -2221,7 +2221,7 @@ mod tests {
add_r[1]
== Ok((
&AttrString::from("userid"),
&IndexType::PRESENCE,
&IndexType::Presence,
"_".to_string()
))
);
@ -2238,7 +2238,7 @@ mod tests {
add_a_r[0]
== Ok((
&AttrString::from("extra"),
&IndexType::EQUALITY,
&IndexType::Equality,
"test".to_string()
))
);
@ -2249,7 +2249,7 @@ mod tests {
del_a_r[0]
== Err((
&AttrString::from("extra"),
&IndexType::EQUALITY,
&IndexType::Equality,
"test".to_string()
))
);
@ -2262,7 +2262,7 @@ mod tests {
chg_r[1]
== Err((
&AttrString::from("userid"),
&IndexType::EQUALITY,
&IndexType::Equality,
"william".to_string()
))
);
@ -2271,7 +2271,7 @@ mod tests {
chg_r[0]
== Ok((
&AttrString::from("userid"),
&IndexType::EQUALITY,
&IndexType::Equality,
"claire".to_string()
))
);

42
kanidmd/src/lib/filter.rs
View file

@ -418,19 +418,19 @@ impl Filter<FilterInvalid> {
// some core test idxs faster. This is never used in production, it's JUST for
// test case speedups.
let idxmeta = vec![
(AttrString::from("uuid"), IndexType::EQUALITY),
(AttrString::from("uuid"), IndexType::PRESENCE),
(AttrString::from("name"), IndexType::EQUALITY),
(AttrString::from("name"), IndexType::SUBSTRING),
(AttrString::from("name"), IndexType::PRESENCE),
(AttrString::from("class"), IndexType::EQUALITY),
(AttrString::from("class"), IndexType::PRESENCE),
(AttrString::from("member"), IndexType::EQUALITY),
(AttrString::from("member"), IndexType::PRESENCE),
(AttrString::from("memberof"), IndexType::EQUALITY),
(AttrString::from("memberof"), IndexType::PRESENCE),
(AttrString::from("directmemberof"), IndexType::EQUALITY),
(AttrString::from("directmemberof"), IndexType::PRESENCE),
(AttrString::from("uuid"), IndexType::Equality),
(AttrString::from("uuid"), IndexType::Presence),
(AttrString::from("name"), IndexType::Equality),
(AttrString::from("name"), IndexType::SubString),
(AttrString::from("name"), IndexType::Presence),
(AttrString::from("class"), IndexType::Equality),
(AttrString::from("class"), IndexType::Presence),
(AttrString::from("member"), IndexType::Equality),
(AttrString::from("member"), IndexType::Presence),
(AttrString::from("memberof"), IndexType::Equality),
(AttrString::from("memberof"), IndexType::Presence),
(AttrString::from("directmemberof"), IndexType::Equality),
(AttrString::from("directmemberof"), IndexType::Presence),
];
let idxmeta_ref = idxmeta.iter().map(|(attr, itype)| (attr, itype)).collect();
@ -991,17 +991,17 @@ impl FilterResolved {
unsafe fn from_invalid(fc: FilterComp, idxmeta: &HashSet<(&AttrString, &IndexType)>) -> Self {
match fc {
FilterComp::Eq(a, v) => {
let idx = idxmeta.contains(&(&a, &IndexType::EQUALITY));
let idx = idxmeta.contains(&(&a, &IndexType::Equality));
FilterResolved::Eq(a, v, idx)
}
FilterComp::Sub(a, v) => {
// let idx = idxmeta.contains(&(&a, &IndexType::SUBSTRING));
// let idx = idxmeta.contains(&(&a, &IndexType::SubString));
// TODO: For now, don't emit substring indexes.
let idx = false;
FilterResolved::Sub(a, v, idx)
}
FilterComp::Pres(a) => {
let idx = idxmeta.contains(&(&a, &IndexType::PRESENCE));
let idx = idxmeta.contains(&(&a, &IndexType::Presence));
FilterResolved::Pres(a, idx)
}
FilterComp::LessThan(a, v) => {
@ -1043,22 +1043,22 @@ impl FilterResolved {
fn resolve_idx(fc: FilterComp, ev: &Event, idxmeta: &HashSet<IdxKey>) -> Option<Self> {
match fc {
FilterComp::Eq(a, v) => {
let idxkref = IdxKeyRef::new(&a, &IndexType::EQUALITY);
let idxkref = IdxKeyRef::new(&a, &IndexType::Equality);
let idx = idxmeta.contains(&idxkref as &dyn IdxKeyToRef);
Some(FilterResolved::Eq(a, v, idx))
}
FilterComp::Sub(a, v) => {
let idxkref = IdxKeyRef::new(&a, &IndexType::SUBSTRING);
let idxkref = IdxKeyRef::new(&a, &IndexType::SubString);
let idx = idxmeta.contains(&idxkref as &dyn IdxKeyToRef);
Some(FilterResolved::Sub(a, v, idx))
}
FilterComp::Pres(a) => {
let idxkref = IdxKeyRef::new(&a, &IndexType::PRESENCE);
let idxkref = IdxKeyRef::new(&a, &IndexType::Presence);
let idx = idxmeta.contains(&idxkref as &dyn IdxKeyToRef);
Some(FilterResolved::Pres(a, idx))
}
FilterComp::LessThan(a, v) => {
// let idx = idxmeta.contains(&(&a, &IndexType::SUBSTRING));
// let idx = idxmeta.contains(&(&a, &IndexType::SubString));
let idx = false;
Some(FilterResolved::LessThan(a, v, idx))
}
@ -1094,7 +1094,7 @@ impl FilterResolved {
}
FilterComp::SelfUuid => ev.get_uuid().map(|uuid| {
let uuid_s = AttrString::from("uuid");
let idxkref = IdxKeyRef::new(&uuid_s, &IndexType::EQUALITY);
let idxkref = IdxKeyRef::new(&uuid_s, &IndexType::Equality);
let idx = idxmeta.contains(&idxkref as &dyn IdxKeyToRef);
FilterResolved::Eq(uuid_s, PartialValue::new_uuid(uuid), idx)
}),

6
kanidmd/src/lib/idm/server.rs
View file

@ -16,7 +16,7 @@ use crate::idm::unix::{UnixGroup, UnixUserAccount};
use crate::idm::AuthState;
use crate::ldap::LdapBoundToken;
use crate::prelude::*;
use crate::utils::{password_from_random, readable_password_from_random, uuid_from_duration, SID};
use crate::utils::{password_from_random, readable_password_from_random, uuid_from_duration, Sid};
use crate::actors::v1_write::QueryServerWriteV1;
use crate::idm::delayed::{
@ -88,7 +88,7 @@ pub struct IdmServerAuthTransaction<'a> {
softlocks: &'a HashMap<Uuid, CredSoftLock>,
pub qs_read: QueryServerReadTransaction<'a>,
// thread/server id
sid: SID,
sid: Sid,
// For flagging eventual actions.
async_tx: Sender<DelayedAction>,
webauthn: &'a Webauthn<WebauthnDomainConfig>,
@ -107,7 +107,7 @@ pub struct IdmServerProxyWriteTransaction<'a> {
pub qs_write: QueryServerWriteTransaction<'a>,
// Associate to an event origin ID, which has a TS and a UUID instead
mfareg_sessions: BptreeMapWriteTxn<'a, Uuid, MfaRegSession>,
sid: SID,
sid: Sid,
crypto_policy: &'a CryptoPolicy,
webauthn: &'a Webauthn<WebauthnDomainConfig>,
pw_badlist_cache: CowCellWriteTxn<'a, HashSet<String>>,

150
kanidmd/src/lib/schema.rs
View file

@ -182,23 +182,23 @@ impl SchemaAttribute {
// on that may only use a single tagged attribute for example.
pub fn validate_partialvalue(&self, a: &str, v: &PartialValue) -> Result<(), SchemaError> {
let r = match self.syntax {
SyntaxType::BOOLEAN => v.is_bool(),
SyntaxType::Boolean => v.is_bool(),
SyntaxType::SYNTAX_ID => v.is_syntax(),
SyntaxType::INDEX_ID => v.is_index(),
SyntaxType::UUID => v.is_uuid(),
SyntaxType::Uuid => v.is_uuid(),
SyntaxType::REFERENCE_UUID => v.is_refer(),
SyntaxType::UTF8STRING_INSENSITIVE => v.is_iutf8(),
SyntaxType::UTF8STRING_INAME => v.is_iname(),
SyntaxType::Utf8StringInsensitive => v.is_iutf8(),
SyntaxType::Utf8StringIname => v.is_iname(),
SyntaxType::UTF8STRING => v.is_utf8(),
SyntaxType::JSON_FILTER => v.is_json_filter(),
SyntaxType::CREDENTIAL => v.is_credential(),
SyntaxType::RADIUS_UTF8STRING => v.is_radius_string(),
SyntaxType::SSHKEY => v.is_sshkey(),
SyntaxType::SERVICE_PRINCIPLE_NAME => v.is_spn(),
SyntaxType::Credential => v.is_credential(),
SyntaxType::RadiusUtf8String => v.is_radius_string(),
SyntaxType::SshKey => v.is_sshkey(),
SyntaxType::ServicePrincipalName => v.is_spn(),
SyntaxType::UINT32 => v.is_uint32(),
SyntaxType::CID => v.is_cid(),
SyntaxType::NSUNIQUEID => v.is_nsuniqueid(),
SyntaxType::DATETIME => v.is_datetime(),
SyntaxType::Cid => v.is_cid(),
SyntaxType::NsUniqueId => v.is_nsuniqueid(),
SyntaxType::DateTime => v.is_datetime(),
};
if r {
Ok(())
@ -229,7 +229,7 @@ impl SchemaAttribute {
};
// If syntax, check the type is correct
match self.syntax {
SyntaxType::BOOLEAN => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Boolean => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_bool() {
Ok(())
@ -247,7 +247,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::UUID => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Uuid => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_uuid() {
Ok(())
@ -275,7 +275,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::UTF8STRING_INSENSITIVE => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Utf8StringInsensitive => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_insensitive_utf8() {
Ok(())
@ -284,7 +284,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::UTF8STRING_INAME => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Utf8StringIname => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_iname() {
Ok(())
@ -311,7 +311,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::CREDENTIAL => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Credential => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_credential() {
Ok(())
@ -320,7 +320,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::RADIUS_UTF8STRING => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::RadiusUtf8String => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_radius_string() {
Ok(())
@ -329,7 +329,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::SSHKEY => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::SshKey => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_sshkey() {
Ok(())
@ -338,7 +338,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::SERVICE_PRINCIPLE_NAME => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::ServicePrincipalName => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_spn() {
Ok(())
@ -356,7 +356,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::CID => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::Cid => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_cid() {
Ok(())
@ -365,7 +365,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::NSUNIQUEID => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::NsUniqueId => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_nsuniqueid() {
Ok(())
@ -374,7 +374,7 @@ impl SchemaAttribute {
}
})
}),
SyntaxType::DATETIME => ava.iter().fold(Ok(()), |acc, v| {
SyntaxType::DateTime => ava.iter().fold(Ok(()), |acc, v| {
acc.and_then(|_| {
if v.is_datetime() {
Ok(())
@ -655,8 +655,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY, IndexType::PRESENCE],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality, IndexType::Presence],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -670,8 +670,8 @@ impl<'a> SchemaWriteTransaction<'a> {
// needing to check recycled objects too.
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY, IndexType::PRESENCE],
syntax: SyntaxType::UUID,
index: vec![IndexType::Equality, IndexType::Presence],
syntax: SyntaxType::Uuid,
},
);
self.attributes.insert(
@ -686,7 +686,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::CID,
syntax: SyntaxType::Cid,
},
);
self.attributes.insert(
@ -698,8 +698,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: true,
phantom: false,
index: vec![IndexType::EQUALITY, IndexType::PRESENCE],
syntax: SyntaxType::UTF8STRING_INAME,
index: vec![IndexType::Equality, IndexType::Presence],
syntax: SyntaxType::Utf8StringIname,
},
);
self.attributes.insert(
@ -713,8 +713,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: true,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::SERVICE_PRINCIPLE_NAME,
index: vec![IndexType::Equality],
syntax: SyntaxType::ServicePrincipalName,
},
);
self.attributes.insert(
@ -726,8 +726,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: true,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -739,8 +739,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: true,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -764,7 +764,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::BOOLEAN,
syntax: SyntaxType::Boolean,
});
self.attributes.insert(AttrString::from("phantom"), SchemaAttribute {
name: AttrString::from("phantom"),
@ -774,7 +774,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::BOOLEAN,
syntax: SyntaxType::Boolean,
});
self.attributes.insert(AttrString::from("unique"), SchemaAttribute {
name: AttrString::from("unique"),
@ -784,7 +784,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::BOOLEAN,
syntax: SyntaxType::Boolean,
});
self.attributes.insert(
AttrString::from("index"),
@ -812,7 +812,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::SYNTAX_ID,
},
);
@ -828,7 +828,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -843,7 +843,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -858,7 +858,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -873,7 +873,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: false,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
// SYSINFO attrs
@ -887,8 +887,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::BOOLEAN,
index: vec![IndexType::Equality],
syntax: SyntaxType::Boolean,
},
);
@ -903,7 +903,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY, IndexType::SUBSTRING],
index: vec![IndexType::Equality, IndexType::SubString],
syntax: SyntaxType::JSON_FILTER,
},
);
@ -918,7 +918,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY, IndexType::SUBSTRING],
index: vec![IndexType::Equality, IndexType::SubString],
syntax: SyntaxType::JSON_FILTER,
},
);
@ -931,8 +931,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -946,8 +946,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -961,8 +961,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
@ -975,8 +975,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -988,8 +988,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -1001,8 +1001,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
},
);
// MO/Member
@ -1015,7 +1015,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::REFERENCE_UUID,
},
);
@ -1028,7 +1028,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::REFERENCE_UUID,
},
);
@ -1041,7 +1041,7 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::REFERENCE_UUID,
},
);
@ -1071,8 +1071,8 @@ impl<'a> SchemaWriteTransaction<'a> {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INAME,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringIname,
},
);
self.attributes.insert(
@ -1085,7 +1085,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: true,
index: vec![],
syntax: SyntaxType::SERVICE_PRINCIPLE_NAME,
syntax: SyntaxType::ServicePrincipalName,
},
);
self.attributes.insert(
@ -1113,7 +1113,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: true,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
self.attributes.insert(
@ -1126,7 +1126,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: true,
index: vec![],
syntax: SyntaxType::UUID,
syntax: SyntaxType::Uuid,
},
);
self.attributes.insert(
@ -1139,7 +1139,7 @@ impl<'a> SchemaWriteTransaction<'a> {
unique: false,
phantom: true,
index: vec![],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
syntax: SyntaxType::Utf8StringInsensitive,
},
);
// end LDAP masking phantoms
@ -1754,8 +1754,8 @@ mod tests {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::UTF8STRING_INSENSITIVE,
index: vec![IndexType::Equality],
syntax: SyntaxType::Utf8StringInsensitive,
};
let r1 =
@ -1783,7 +1783,7 @@ mod tests {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::UTF8STRING,
};
@ -1801,8 +1801,8 @@ mod tests {
multivalue: true,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
syntax: SyntaxType::BOOLEAN,
index: vec![IndexType::Equality],
syntax: SyntaxType::Boolean,
};
let r3 = multi_value_boolean.validate_ava(
@ -1833,7 +1833,7 @@ mod tests {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::SYNTAX_ID,
};
@ -1858,7 +1858,7 @@ mod tests {
multivalue: false,
unique: false,
phantom: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::INDEX_ID,
};
//

49
kanidmd/src/lib/server.rs
View file

@ -486,15 +486,15 @@ pub trait QueryServerTransaction<'a> {
Some(schema_a) => {
match schema_a.syntax {
SyntaxType::UTF8STRING => Ok(Value::new_utf8(value.to_string())),
SyntaxType::UTF8STRING_INSENSITIVE => Ok(Value::new_iutf8(value)),
SyntaxType::UTF8STRING_INAME => Ok(Value::new_iname(value)),
SyntaxType::BOOLEAN => Value::new_bools(value)
SyntaxType::Utf8StringInsensitive => Ok(Value::new_iutf8(value)),
SyntaxType::Utf8StringIname => Ok(Value::new_iname(value)),
SyntaxType::Boolean => Value::new_bools(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid boolean syntax".to_string())),
SyntaxType::SYNTAX_ID => Value::new_syntaxs(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Syntax syntax".to_string())),
SyntaxType::INDEX_ID => Value::new_indexs(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Index syntax".to_string())),
SyntaxType::UUID => {
SyntaxType::Uuid => {
// It's a uuid - we do NOT check for existance, because that
// could be revealing or disclosing - it is up to acp to assert
// if we can see the value or not, and it's not up to us to
@ -527,15 +527,15 @@ pub trait QueryServerTransaction<'a> {
}
SyntaxType::JSON_FILTER => Value::new_json_filter(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Filter syntax".to_string())),
SyntaxType::CREDENTIAL => Err(OperationError::InvalidAttribute("Credentials can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::RADIUS_UTF8STRING => Err(OperationError::InvalidAttribute("Radius secrets can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::SSHKEY => Err(OperationError::InvalidAttribute("SSH public keys can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::SERVICE_PRINCIPLE_NAME => Err(OperationError::InvalidAttribute("SPNs are generated and not able to be set.".to_string())),
SyntaxType::Credential => Err(OperationError::InvalidAttribute("Credentials can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::RadiusUtf8String => Err(OperationError::InvalidAttribute("Radius secrets can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::SshKey => Err(OperationError::InvalidAttribute("SSH public keys can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::ServicePrincipalName => Err(OperationError::InvalidAttribute("SPNs are generated and not able to be set.".to_string())),
SyntaxType::UINT32 => Value::new_uint32_str(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid uint32 syntax".to_string())),
SyntaxType::CID => Err(OperationError::InvalidAttribute("CIDs are generated and not able to be set.".to_string())),
SyntaxType::NSUNIQUEID => Ok(Value::new_nsuniqueid_s(value)),
SyntaxType::DATETIME => Value::new_datetime_s(value)
SyntaxType::Cid => Err(OperationError::InvalidAttribute("CIDs are generated and not able to be set.".to_string())),
SyntaxType::NsUniqueId => Ok(Value::new_nsuniqueid_s(value)),
SyntaxType::DateTime => Value::new_datetime_s(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid DateTime (rfc3339) syntax".to_string())),
}
}
@ -560,9 +560,9 @@ pub trait QueryServerTransaction<'a> {
Some(schema_a) => {
match schema_a.syntax {
SyntaxType::UTF8STRING => Ok(PartialValue::new_utf8(value.to_string())),
SyntaxType::UTF8STRING_INSENSITIVE => Ok(PartialValue::new_iutf8(value)),
SyntaxType::UTF8STRING_INAME => Ok(PartialValue::new_iname(value)),
SyntaxType::BOOLEAN => PartialValue::new_bools(value).ok_or_else(|| {
SyntaxType::Utf8StringInsensitive => Ok(PartialValue::new_iutf8(value)),
SyntaxType::Utf8StringIname => Ok(PartialValue::new_iname(value)),
SyntaxType::Boolean => PartialValue::new_bools(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid boolean syntax".to_string())
}),
SyntaxType::SYNTAX_ID => PartialValue::new_syntaxs(value).ok_or_else(|| {
@ -571,7 +571,7 @@ pub trait QueryServerTransaction<'a> {
SyntaxType::INDEX_ID => PartialValue::new_indexs(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid Index syntax".to_string())
}),
SyntaxType::UUID => {
SyntaxType::Uuid => {
PartialValue::new_uuids(value)
.or_else(|| {
// it's not a uuid, try to resolve it.
@ -609,21 +609,22 @@ pub trait QueryServerTransaction<'a> {
OperationError::InvalidAttribute("Invalid Filter syntax".to_string())
})
}
SyntaxType::CREDENTIAL => Ok(PartialValue::new_credential_tag(value)),
SyntaxType::RADIUS_UTF8STRING => Ok(PartialValue::new_radius_string()),
SyntaxType::SSHKEY => Ok(PartialValue::new_sshkey_tag_s(value)),
SyntaxType::SERVICE_PRINCIPLE_NAME => PartialValue::new_spn_s(value)
.ok_or_else(|| {
SyntaxType::Credential => Ok(PartialValue::new_credential_tag(value)),
SyntaxType::RadiusUtf8String => Ok(PartialValue::new_radius_string()),
SyntaxType::SshKey => Ok(PartialValue::new_sshkey_tag_s(value)),
SyntaxType::ServicePrincipalName => {
PartialValue::new_spn_s(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid spn syntax".to_string())
}),
})
}
SyntaxType::UINT32 => PartialValue::new_uint32_str(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid uint32 syntax".to_string())
}),
SyntaxType::CID => PartialValue::new_cid_s(value).ok_or_else(|| {
SyntaxType::Cid => PartialValue::new_cid_s(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid cid syntax".to_string())
}),
SyntaxType::NSUNIQUEID => Ok(PartialValue::new_nsuniqueid_s(value)),
SyntaxType::DATETIME => PartialValue::new_datetime_s(value).ok_or_else(|| {
SyntaxType::NsUniqueId => Ok(PartialValue::new_nsuniqueid_s(value)),
SyntaxType::DateTime => PartialValue::new_datetime_s(value).ok_or_else(|| {
OperationError::InvalidAttribute(
"Invalid DateTime (rfc3339) syntax".to_string(),
)

8
kanidmd/src/lib/utils.rs
View file

@ -7,7 +7,7 @@ use rand::{thread_rng, Rng};
#[derive(Debug)]
pub struct DistinctAlpha;
pub type SID = [u8; 4];
pub type Sid = [u8; 4];
pub fn uuid_to_gid_u32(u: &Uuid) -> u32 {
let b_ref = u.as_bytes();
@ -16,7 +16,7 @@ pub fn uuid_to_gid_u32(u: &Uuid) -> u32 {
u32::from_be_bytes(x)
}
fn uuid_from_u64_u32(a: u64, b: u32, sid: SID) -> Uuid {
fn uuid_from_u64_u32(a: u64, b: u32, sid: Sid) -> Uuid {
let mut v: Vec<u8> = Vec::with_capacity(16);
v.extend_from_slice(&a.to_be_bytes());
v.extend_from_slice(&b.to_be_bytes());
@ -28,7 +28,7 @@ fn uuid_from_u64_u32(a: u64, b: u32, sid: SID) -> Uuid {
.build()
}
pub fn uuid_from_duration(d: Duration, sid: SID) -> Uuid {
pub fn uuid_from_duration(d: Duration, sid: Sid) -> Uuid {
uuid_from_u64_u32(d.as_secs(), d.subsec_nanos(), sid)
}
@ -69,7 +69,7 @@ pub fn duration_from_epoch_now() -> Duration {
/*
#[allow(dead_code)]
pub fn uuid_from_now(sid: SID) -> Uuid {
pub fn uuid_from_now(sid: Sid) -> Uuid {
let d = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.unwrap();

160
kanidmd/src/lib/value.rs
View file

@ -40,9 +40,9 @@ lazy_static! {
#[allow(non_camel_case_types)]
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, Hash)]
pub enum IndexType {
EQUALITY,
PRESENCE,
SUBSTRING,
Equality,
Presence,
SubString,
}
impl TryFrom<&str> for IndexType {
@ -51,9 +51,9 @@ impl TryFrom<&str> for IndexType {
fn try_from(value: &str) -> Result<Self, Self::Error> {
let n_value = value.to_uppercase();
match n_value.as_str() {
"EQUALITY" => Ok(IndexType::EQUALITY),
"PRESENCE" => Ok(IndexType::PRESENCE),
"SUBSTRING" => Ok(IndexType::SUBSTRING),
"EQUALITY" => Ok(IndexType::Equality),
"PRESENCE" => Ok(IndexType::Presence),
"SUBSTRING" => Ok(IndexType::SubString),
// UUID map?
// UUID rev map?
_ => Err(()),
@ -66,9 +66,9 @@ impl TryFrom<usize> for IndexType {
fn try_from(value: usize) -> Result<Self, Self::Error> {
match value {
0 => Ok(IndexType::EQUALITY),
1 => Ok(IndexType::PRESENCE),
2 => Ok(IndexType::SUBSTRING),
0 => Ok(IndexType::Equality),
1 => Ok(IndexType::Presence),
2 => Ok(IndexType::SubString),
_ => Err(()),
}
}
@ -77,17 +77,17 @@ impl TryFrom<usize> for IndexType {
impl IndexType {
pub fn as_idx_str(&self) -> &str {
match self {
IndexType::EQUALITY => "eq",
IndexType::PRESENCE => "pres",
IndexType::SUBSTRING => "sub",
IndexType::Equality => "eq",
IndexType::Presence => "pres",
IndexType::SubString => "sub",
}
}
pub fn to_usize(&self) -> usize {
match self {
IndexType::EQUALITY => 0,
IndexType::PRESENCE => 1,
IndexType::SUBSTRING => 2,
IndexType::Equality => 0,
IndexType::Presence => 1,
IndexType::SubString => 2,
}
}
}
@ -98,9 +98,9 @@ impl fmt::Display for IndexType {
f,
"{}",
match self {
IndexType::EQUALITY => "EQUALITY",
IndexType::PRESENCE => "PRESENCE",
IndexType::SUBSTRING => "SUBSTRING",
IndexType::Equality => "EQUALITY",
IndexType::Presence => "PRESENCE",
IndexType::SubString => "SUBSTRING",
}
)
}
@ -112,22 +112,22 @@ pub enum SyntaxType {
// We need an insensitive string type too ...
// We also need to "self host" a syntax type, and index type
UTF8STRING,
UTF8STRING_INSENSITIVE,
UTF8STRING_INAME,
UUID,
BOOLEAN,
Utf8StringInsensitive,
Utf8StringIname,
Uuid,
Boolean,
SYNTAX_ID,
INDEX_ID,
REFERENCE_UUID,
JSON_FILTER,
CREDENTIAL,
RADIUS_UTF8STRING,
SSHKEY,
SERVICE_PRINCIPLE_NAME,
Credential,
RadiusUtf8String,
SshKey,
ServicePrincipalName,
UINT32,
CID,
NSUNIQUEID,
DATETIME,
Cid,
NsUniqueId,
DateTime,
}
impl TryFrom<&str> for SyntaxType {
@ -137,22 +137,22 @@ impl TryFrom<&str> for SyntaxType {
let n_value = value.to_uppercase();
match n_value.as_str() {
"UTF8STRING" => Ok(SyntaxType::UTF8STRING),
"UTF8STRING_INSENSITIVE" => Ok(SyntaxType::UTF8STRING_INSENSITIVE),
"UTF8STRING_INAME" => Ok(SyntaxType::UTF8STRING_INAME),
"UUID" => Ok(SyntaxType::UUID),
"BOOLEAN" => Ok(SyntaxType::BOOLEAN),
"UTF8STRING_INSENSITIVE" => Ok(SyntaxType::Utf8StringInsensitive),
"UTF8STRING_INAME" => Ok(SyntaxType::Utf8StringIname),
"UUID" => Ok(SyntaxType::Uuid),
"BOOLEAN" => Ok(SyntaxType::Boolean),
"SYNTAX_ID" => Ok(SyntaxType::SYNTAX_ID),
"INDEX_ID" => Ok(SyntaxType::INDEX_ID),
"REFERENCE_UUID" => Ok(SyntaxType::REFERENCE_UUID),
"JSON_FILTER" => Ok(SyntaxType::JSON_FILTER),
"CREDENTIAL" => Ok(SyntaxType::CREDENTIAL),
"RADIUS_UTF8STRING" => Ok(SyntaxType::RADIUS_UTF8STRING),
"SSHKEY" => Ok(SyntaxType::SSHKEY),
"SERVICE_PRINCIPLE_NAME" => Ok(SyntaxType::SERVICE_PRINCIPLE_NAME),
"CREDENTIAL" => Ok(SyntaxType::Credential),
"RADIUS_UTF8STRING" => Ok(SyntaxType::RadiusUtf8String),
"SSHKEY" => Ok(SyntaxType::SshKey),
"SERVICE_PRINCIPLE_NAME" => Ok(SyntaxType::ServicePrincipalName),
"UINT32" => Ok(SyntaxType::UINT32),
"CID" => Ok(SyntaxType::CID),
"NSUNIQUEID" => Ok(SyntaxType::NSUNIQUEID),
"DATETIME" => Ok(SyntaxType::DATETIME),
"CID" => Ok(SyntaxType::Cid),
"NSUNIQUEID" => Ok(SyntaxType::NsUniqueId),
"DATETIME" => Ok(SyntaxType::DateTime),
_ => Err(()),
}
}
@ -164,22 +164,22 @@ impl TryFrom<usize> for SyntaxType {
fn try_from(value: usize) -> Result<Self, Self::Error> {
match value {
0 => Ok(SyntaxType::UTF8STRING),
1 => Ok(SyntaxType::UTF8STRING_INSENSITIVE),
2 => Ok(SyntaxType::UUID),
3 => Ok(SyntaxType::BOOLEAN),
1 => Ok(SyntaxType::Utf8StringInsensitive),
2 => Ok(SyntaxType::Uuid),
3 => Ok(SyntaxType::Boolean),
4 => Ok(SyntaxType::SYNTAX_ID),
5 => Ok(SyntaxType::INDEX_ID),
6 => Ok(SyntaxType::REFERENCE_UUID),
7 => Ok(SyntaxType::JSON_FILTER),
8 => Ok(SyntaxType::CREDENTIAL),
9 => Ok(SyntaxType::RADIUS_UTF8STRING),
10 => Ok(SyntaxType::SSHKEY),
11 => Ok(SyntaxType::SERVICE_PRINCIPLE_NAME),
8 => Ok(SyntaxType::Credential),
9 => Ok(SyntaxType::RadiusUtf8String),
10 => Ok(SyntaxType::SshKey),
11 => Ok(SyntaxType::ServicePrincipalName),
12 => Ok(SyntaxType::UINT32),
13 => Ok(SyntaxType::CID),
14 => Ok(SyntaxType::UTF8STRING_INAME),
15 => Ok(SyntaxType::NSUNIQUEID),
16 => Ok(SyntaxType::DATETIME),
13 => Ok(SyntaxType::Cid),
14 => Ok(SyntaxType::Utf8StringIname),
15 => Ok(SyntaxType::NsUniqueId),
16 => Ok(SyntaxType::DateTime),
_ => Err(()),
}
}
@ -189,22 +189,22 @@ impl SyntaxType {
pub fn to_usize(&self) -> usize {
match self {
SyntaxType::UTF8STRING => 0,
SyntaxType::UTF8STRING_INSENSITIVE => 1,
SyntaxType::UUID => 2,
SyntaxType::BOOLEAN => 3,
SyntaxType::Utf8StringInsensitive => 1,
SyntaxType::Uuid => 2,
SyntaxType::Boolean => 3,
SyntaxType::SYNTAX_ID => 4,
SyntaxType::INDEX_ID => 5,
SyntaxType::REFERENCE_UUID => 6,
SyntaxType::JSON_FILTER => 7,
SyntaxType::CREDENTIAL => 8,
SyntaxType::RADIUS_UTF8STRING => 9,
SyntaxType::SSHKEY => 10,
SyntaxType::SERVICE_PRINCIPLE_NAME => 11,
SyntaxType::Credential => 8,
SyntaxType::RadiusUtf8String => 9,
SyntaxType::SshKey => 10,
SyntaxType::ServicePrincipalName => 11,
SyntaxType::UINT32 => 12,
SyntaxType::CID => 13,
SyntaxType::UTF8STRING_INAME => 14,
SyntaxType::NSUNIQUEID => 15,
SyntaxType::DATETIME => 16,
SyntaxType::Cid => 13,
SyntaxType::Utf8StringIname => 14,
SyntaxType::NsUniqueId => 15,
SyntaxType::DateTime => 16,
}
}
}
@ -216,22 +216,22 @@ impl fmt::Display for SyntaxType {
"{}",
match self {
SyntaxType::UTF8STRING => "UTF8STRING",
SyntaxType::UTF8STRING_INSENSITIVE => "UTF8STRING_INSENSITIVE",
SyntaxType::UTF8STRING_INAME => "UTF8STRING_INAME",
SyntaxType::UUID => "UUID",
SyntaxType::BOOLEAN => "BOOLEAN",
SyntaxType::Utf8StringInsensitive => "UTF8STRING_INSENSITIVE",
SyntaxType::Utf8StringIname => "UTF8STRING_INAME",
SyntaxType::Uuid => "UUID",
SyntaxType::Boolean => "BOOLEAN",
SyntaxType::SYNTAX_ID => "SYNTAX_ID",
SyntaxType::INDEX_ID => "INDEX_ID",
SyntaxType::REFERENCE_UUID => "REFERENCE_UUID",
SyntaxType::JSON_FILTER => "JSON_FILTER",
SyntaxType::CREDENTIAL => "CREDENTIAL",
SyntaxType::RADIUS_UTF8STRING => "RADIUS_UTF8STRING",
SyntaxType::SSHKEY => "SSHKEY",
SyntaxType::SERVICE_PRINCIPLE_NAME => "SERVICE_PRINCIPLE_NAME",
SyntaxType::Credential => "CREDENTIAL",
SyntaxType::RadiusUtf8String => "RADIUS_UTF8STRING",
SyntaxType::SshKey => "SSHKEY",
SyntaxType::ServicePrincipalName => "SERVICE_PRINCIPLE_NAME",
SyntaxType::UINT32 => "UINT32",
SyntaxType::CID => "CID",
SyntaxType::NSUNIQUEID => "NSUNIQUEID",
SyntaxType::DATETIME => "DATETIME",
SyntaxType::Cid => "CID",
SyntaxType::NsUniqueId => "NSUNIQUEID",
SyntaxType::DateTime => "DATETIME",
}
)
}
@ -1390,13 +1390,13 @@ mod tests {
#[test]
fn test_value_index_tryfrom() {
let r1 = IndexType::try_from("EQUALITY");
assert_eq!(r1, Ok(IndexType::EQUALITY));
assert_eq!(r1, Ok(IndexType::Equality));
let r2 = IndexType::try_from("PRESENCE");
assert_eq!(r2, Ok(IndexType::PRESENCE));
assert_eq!(r2, Ok(IndexType::Presence));
let r3 = IndexType::try_from("SUBSTRING");
assert_eq!(r3, Ok(IndexType::SUBSTRING));
assert_eq!(r3, Ok(IndexType::SubString));
let r4 = IndexType::try_from("thaoeusaneuh");
assert_eq!(r4, Err(()));
@ -1408,10 +1408,10 @@ mod tests {
assert_eq!(r1, Ok(SyntaxType::UTF8STRING));
let r2 = SyntaxType::try_from("UTF8STRING_INSENSITIVE");
assert_eq!(r2, Ok(SyntaxType::UTF8STRING_INSENSITIVE));
assert_eq!(r2, Ok(SyntaxType::Utf8StringInsensitive));
let r3 = SyntaxType::try_from("BOOLEAN");
assert_eq!(r3, Ok(SyntaxType::BOOLEAN));
assert_eq!(r3, Ok(SyntaxType::Boolean));
let r4 = SyntaxType::try_from("SYNTAX_ID");
assert_eq!(r4, Ok(SyntaxType::SYNTAX_ID));
@ -1596,7 +1596,7 @@ mod tests {
"Who the ACP applies to, constraining or allowing operations.",
),
multivalue: false,
index: vec![IndexType::EQUALITY, IndexType::SUBSTRING],
index: vec![IndexType::Equality, IndexType::SubString],
syntax: SyntaxType::JSON_FILTER,
};
@ -1629,7 +1629,7 @@ mod tests {
uuid: Uuid::parse_str(UUID_SCHEMA_ATTR_UUID).expect("unable to parse const uuid"),
description: String::from("The universal unique id of the object"),
multivalue: false,
index: vec![IndexType::EQUALITY],
index: vec![IndexType::Equality],
syntax: SyntaxType::UUID,
};
let u1 = String::from("936DA01F9ABD4d9d80C702AF85C822A8");