mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

20230125 pre rel cleanup (#1347)

Browse source
This commit is contained in:
Firstyear 2023-01-25 16:09:54 +10:00 committed by GitHub
parent 08ebcc7901
commit 3894dd43df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 362 additions and 412 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

501
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

18
Cargo.toml
View file

@ -49,7 +49,7 @@ clap_complete = "^3.2.5"
chrono = "^0.4.23"
compact_jwt = "^0.2.3"
# compact_jwt = { path = "../compact_jwt" }
concread = "^0.4.0"
concread = "^0.4.1"
# concread = { path = "../concread" }
cron = "0.12.0"
crossbeam = "0.8.1"
@ -81,16 +81,13 @@ kanidm_unix_int = { path = "./kanidm_unix_int" }
last-git-commit = "0.2.0"
# REMOVE this
lazy_static = "^1.4.0"
# ldap3_client = "^0.3.0"
# ldap3_proto = "^0.3.0"
ldap3_client = "^0.3.1"
ldap3_proto = "^0.3.1"
# ldap3_client = { path = "../ldap3/client", version = "0.3.0" }
# ldap3_proto = { path = "../ldap3/proto", version = "0.3.0" }
# scim_proto = { path = "../scim/proto", version = "0.1.0" }
ldap3_client = { git = "https://github.com/kanidm/ldap3.git", version = "0.3.0" }
ldap3_proto = { git = "https://github.com/kanidm/ldap3.git", version = "0.3.0" }
scim_proto = { git = "https://github.com/kanidm/scim.git", version = "0.1.0" }
# ldap3_client = { git = "https://github.com/kanidm/ldap3.git", version = "0.3.0" }
# ldap3_proto = { git = "https://github.com/kanidm/ldap3.git", version = "0.3.0" }
libc = "^0.2.139"
libnss = "^0.4.0"
@ -114,6 +111,11 @@ regex = "1.7.1"
reqwest = { version = "0.11.14", default-features = false, features=["cookies", "json", "gzip", "native-tls"] }
rpassword = "^7.2.0"
rusqlite = "^0.28.0"
scim_proto = "^0.1.1"
# scim_proto = { path = "../scim/proto", version = "0.1.1" }
# scim_proto = { git = "https://github.com/kanidm/scim.git", version = "0.1.1" }
serde = "^1.0.152"
serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
serde_json = "^1.0.91"

22
iam_migrations/freeipa/src/main.rs
View file

@ -222,10 +222,8 @@ async fn driver_main(opt: Opt) {
if let Some(sh) = status_handle {
let _ = sh.await;
}
} else {
if let Err(e) = run_sync(cb, &sync_config, &opt).await {
} else if let Err(e) = run_sync(cb, &sync_config, &opt).await {
error!(?e, "Sync completed with error");
};
}
}
@ -463,8 +461,7 @@ async fn run_sync(
info!("dry-run complete");
info!("Success!");
Ok(())
} else {
if let Err(e) = rsclient.scim_v1_sync_update(&scim_sync_request).await {
} else if let Err(e) = rsclient.scim_v1_sync_update(&scim_sync_request).await {
error!(
?e,
"Failed to submit scim sync update - see the kanidmd server log for more details."
@ -474,7 +471,6 @@ async fn run_sync(
info!("Success!");
Ok(())
}
}
// done!
}
@ -640,7 +636,7 @@ async fn process_ipa_sync_result(
let empty_slice = Vec::default();
// Future - make this par-map
let entries = entries
entries
.into_iter()
.filter_map(|(dn, e)| {
let e_config = entry_config_map
@ -656,9 +652,7 @@ async fn process_ipa_sync_result(
Err(()) => Some(Err(())),
}
})
.collect::<Result<Vec<_>, _>>();
entries
.collect::<Result<Vec<_>, _>>()
}
// TODO: Allow re-map of uuid -> uuid
@ -880,9 +874,9 @@ fn config_security_checks(cfg_path: &Path) -> bool {
"Config missing from {} - cannot start up. Quitting.",
cfg_path_str
);
return false;
false
} else {
let cfg_meta = match metadata(&cfg_path) {
let cfg_meta = match metadata(cfg_path) {
Ok(v) => v,
Err(e) => {
error!(
@ -945,11 +939,9 @@ fn main() {
if opt.skip_root_check {
warn!("Skipping root user check, if you're running this for testing, ensure you clean up temporary files.")
// TODO: this wording is not great m'kay.
} else {
if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
} else if cuid == 0 || ceuid == 0 || cgid == 0 || cegid == 0 {
error!("Refusing to run - this process must not operate as root.");
return;
}
};
if !config_security_checks(&opt.client_config) || !config_security_checks(&opt.ipa_sync_config)

11
kanidm_unix_int/src/cache.rs
View file

@ -82,7 +82,7 @@ impl CacheLayer {
dbtxn.commit()?;
}
if pam_allow_groups.len() == 0 {
if pam_allow_groups.is_empty() {
eprintln!("Will not be able to authenticate users, pam_allow_groups config is not configured.");
}
@ -170,7 +170,7 @@ impl CacheLayer {
// * uuid
// Attempt to search these in the db.
let dbtxn = self.db.write().await;
let r = dbtxn.get_account(&account_id)?;
let r = dbtxn.get_account(account_id)?;
match r {
Some((ut, ex)) => {
@ -222,7 +222,7 @@ impl CacheLayer {
// * uuid
// Attempt to search these in the db.
let dbtxn = self.db.write().await;
let r = dbtxn.get_group(&grp_id)?;
let r = dbtxn.get_group(grp_id)?;
match r {
Some((ut, ex)) => {
@ -864,7 +864,7 @@ impl CacheLayer {
pub async fn pam_account_allowed(&self, account_id: &str) -> Result<Option<bool>, ()> {
let token = self.get_usertoken(Id::Name(account_id.to_string())).await?;
if self.pam_allow_groups.len() == 0 {
if self.pam_allow_groups.is_empty() {
// can't allow anything if the group list is zero...
eprintln!("Cannot authenticate users, no allowed groups in configuration!");
Ok(Some(false))
@ -873,8 +873,7 @@ impl CacheLayer {
let user_set: BTreeSet<_> = tok
.groups
.iter()
.map(|g| vec![g.name.clone(), g.spn.clone(), g.uuid.clone()])
.flatten()
.flat_map(|g| [g.name.clone(), g.spn.clone(), g.uuid.clone()])
.collect();
debug!(

2
kanidm_unix_int/src/client.rs
View file

@ -17,7 +17,7 @@ impl Decoder for ClientCodec {
type Item = ClientResponse;
fn decode(&mut self, src: &mut BytesMut) -> Result<Option<Self::Item>, Self::Error> {
match serde_json::from_slice::<ClientResponse>(&src) {
match serde_json::from_slice::<ClientResponse>(src) {
Ok(msg) => {
// Clear the buffer for the next message.
src.clear();

118
kanidm_unix_int/src/db.rs
View file

@ -86,7 +86,7 @@ impl<'a> DbTxn<'a> {
}
/// This handles an error coming back from an sqlite event and dumps more information from it
fn sqlite_error(&self, msg: &str, error: rusqlite::Error) {
fn sqlite_error(&self, msg: &str, error: &rusqlite::Error) {
error!(
"sqlite {} error: {:?} db_path={:?}",
msg,
@ -96,7 +96,7 @@ impl<'a> DbTxn<'a> {
}
/// This handles an error coming back from an sqlite transaction and dumps a load of information from it
fn sqlite_transaction_error(&self, error: rusqlite::Error, _stmt: &rusqlite::Statement) {
fn sqlite_transaction_error(&self, error: &rusqlite::Error, _stmt: &rusqlite::Statement) {
error!(
"sqlite transaction error={:?} db_path={:?}",
error,
@ -111,7 +111,7 @@ impl<'a> DbTxn<'a> {
.prepare("PRAGMA journal_mode=WAL;")
.and_then(|mut wal_stmt| wal_stmt.query([]).map(|_| ()))
.map_err(|e| {
self.sqlite_error("account_t create", e);
self.sqlite_error("account_t create", &e);
})?;
// Setup two tables - one for accounts, one for groups.
@ -132,7 +132,7 @@ impl<'a> DbTxn<'a> {
[],
)
.map_err(|e| {
self.sqlite_error("account_t create", e);
self.sqlite_error("account_t create", &e);
})?;
self.conn
@ -149,7 +149,7 @@ impl<'a> DbTxn<'a> {
[],
)
.map_err(|e| {
self.sqlite_error("group_t create", e);
self.sqlite_error("group_t create", &e);
})?;
self.conn
@ -164,7 +164,7 @@ impl<'a> DbTxn<'a> {
[],
)
.map_err(|e| {
self.sqlite_error("memberof_t create error", e);
self.sqlite_error("memberof_t create error", &e);
})?;
Ok(())
@ -182,7 +182,7 @@ impl<'a> DbTxn<'a> {
.execute("COMMIT TRANSACTION", [])
.map(|_| ())
.map_err(|e| {
self.sqlite_error("commit", e);
self.sqlite_error("commit", &e);
})
}
@ -190,13 +190,13 @@ impl<'a> DbTxn<'a> {
self.conn
.execute("UPDATE group_t SET expiry = 0", [])
.map_err(|e| {
self.sqlite_error("update group_t", e);
self.sqlite_error("update group_t", &e);
})?;
self.conn
.execute("UPDATE account_t SET expiry = 0", [])
.map_err(|e| {
self.sqlite_error("update account_t", e);
self.sqlite_error("update account_t", &e);
})?;
Ok(())
@ -204,13 +204,13 @@ impl<'a> DbTxn<'a> {
pub fn clear_cache(&self) -> Result<(), ()> {
self.conn.execute("DELETE FROM group_t", []).map_err(|e| {
self.sqlite_error("delete group_t", e);
self.sqlite_error("delete group_t", &e);
})?;
self.conn
.execute("DELETE FROM account_t", [])
.map_err(|e| {
self.sqlite_error("delete group_t", e);
self.sqlite_error("delete group_t", &e);
})?;
Ok(())
@ -222,19 +222,19 @@ impl<'a> DbTxn<'a> {
"SELECT token, expiry FROM account_t WHERE uuid = :account_id OR name = :account_id OR spn = :account_id"
)
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
// Makes tuple (token, expiry)
let data_iter = stmt
.query_map(&[account_id], |row| Ok((row.get(0)?, row.get(1)?)))
.query_map([account_id], |row| Ok((row.get(0)?, row.get(1)?)))
.map_err(|e| {
self.sqlite_error("query_map failure", e);
self.sqlite_error("query_map failure", &e);
})?;
let data: Result<Vec<(Vec<u8>, i64)>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map failure", e);
self.sqlite_error("map failure", &e);
})
})
.collect();
@ -246,19 +246,19 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT token, expiry FROM account_t WHERE gidnumber = :gid")
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
// Makes tuple (token, expiry)
let data_iter = stmt
.query_map(params![gid], |row| Ok((row.get(0)?, row.get(1)?)))
.map_err(|e| {
self.sqlite_error("query_map", e);
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<(Vec<u8>, i64)>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -303,16 +303,16 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT token FROM account_t")
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
let data_iter = stmt.query_map([], |row| Ok(row.get(0)?)).map_err(|e| {
self.sqlite_error("query_map", e);
let data_iter = stmt.query_map([], |row| row.get(0)).map_err(|e| {
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<Vec<u8>>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -355,7 +355,7 @@ impl<'a> DbTxn<'a> {
}
)
.map_err(|e| {
self.sqlite_error("delete account_t duplicate", e);
self.sqlite_error("delete account_t duplicate", &e);
})
.map(|_| ())?;
@ -371,14 +371,14 @@ impl<'a> DbTxn<'a> {
}
)
.map_err(|e| {
self.sqlite_error("delete account_t duplicate",e);
self.sqlite_error("delete account_t duplicate", &e);
})?;
if updated == 0 {
let mut stmt = self.conn
.prepare("INSERT INTO account_t (uuid, name, spn, gidnumber, token, expiry) VALUES (:uuid, :name, :spn, :gidnumber, :token, :expiry) ON CONFLICT(uuid) DO UPDATE SET name=excluded.name, spn=excluded.name, gidnumber=excluded.gidnumber, token=excluded.token, expiry=excluded.expiry")
.map_err(|e| {
self.sqlite_error("prepare",e);
self.sqlite_error("prepare", &e);
})?;
stmt.execute(named_params! {
@ -393,7 +393,7 @@ impl<'a> DbTxn<'a> {
debug!("insert -> {:?}", r);
})
.map_err(|error| {
self.sqlite_transaction_error(error, &stmt);
self.sqlite_transaction_error(&error, &stmt);
})?;
}
@ -404,21 +404,21 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("DELETE FROM memberof_t WHERE a_uuid = :a_uuid")
.map_err(|e| {
self.sqlite_error("prepare", e);
self.sqlite_error("prepare", &e);
})?;
stmt.execute(&[&account.uuid])
stmt.execute([&account.uuid])
.map(|r| {
debug!("delete memberships -> {:?}", r);
})
.map_err(|error| {
self.sqlite_transaction_error(error, &stmt);
self.sqlite_transaction_error(&error, &stmt);
})?;
let mut stmt = self
.conn
.prepare("INSERT INTO memberof_t (a_uuid, g_uuid) VALUES (:a_uuid, :g_uuid)")
.map_err(|e| {
self.sqlite_error("prepare", e);
self.sqlite_error("prepare", &e);
})?;
// Now for each group, add the relation.
account.groups.iter().try_for_each(|g| {
@ -430,7 +430,7 @@ impl<'a> DbTxn<'a> {
debug!("insert membership -> {:?}", r);
})
.map_err(|error| {
self.sqlite_transaction_error(error, &stmt);
self.sqlite_transaction_error(&error, &stmt);
})
})
}
@ -443,12 +443,12 @@ impl<'a> DbTxn<'a> {
)
.map(|_| ())
.map_err(|e| {
self.sqlite_error("memberof_t create", e);
self.sqlite_error("memberof_t create", &e);
})
}
pub fn update_account_password(&self, a_uuid: &str, cred: &str) -> Result<(), ()> {
let pw = Password::new(&self.crypto_policy, cred).map_err(|e| {
let pw = Password::new(self.crypto_policy, cred).map_err(|e| {
error!("password error -> {:?}", e);
})?;
let dbpw = pw.to_dbpasswordv1();
@ -465,7 +465,7 @@ impl<'a> DbTxn<'a> {
},
)
.map_err(|e| {
self.sqlite_error("update account_t password", e);
self.sqlite_error("update account_t password", &e);
})
.map(|_| ())
}
@ -475,19 +475,17 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT password FROM account_t WHERE uuid = :a_uuid AND password IS NOT NULL")
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
// Makes tuple (token, expiry)
let data_iter = stmt
.query_map(&[a_uuid], |row| Ok(row.get(0)?))
.map_err(|e| {
self.sqlite_error("query_map", e);
let data_iter = stmt.query_map([a_uuid], |row| row.get(0)).map_err(|e| {
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<Vec<u8>>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -526,19 +524,19 @@ impl<'a> DbTxn<'a> {
"SELECT token, expiry FROM group_t WHERE uuid = :grp_id OR name = :grp_id OR spn = :grp_id"
)
.map_err(|e| {
self.sqlite_error("select prepare",e);
self.sqlite_error("select prepare", &e);
})?;
// Makes tuple (token, expiry)
let data_iter = stmt
.query_map(&[grp_id], |row| Ok((row.get(0)?, row.get(1)?)))
.query_map([grp_id], |row| Ok((row.get(0)?, row.get(1)?)))
.map_err(|e| {
self.sqlite_error("query_map", e);
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<(Vec<u8>, i64)>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -550,19 +548,19 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT token, expiry FROM group_t WHERE gidnumber = :gid")
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
// Makes tuple (token, expiry)
let data_iter = stmt
.query_map(params![gid], |row| Ok((row.get(0)?, row.get(1)?)))
.map_err(|e| {
self.sqlite_error("query_map", e);
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<(Vec<u8>, i64)>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -607,18 +605,16 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT account_t.token FROM (account_t, memberof_t) WHERE account_t.uuid = memberof_t.a_uuid AND memberof_t.g_uuid = :g_uuid")
.map_err(|e| {
self.sqlite_error("select prepare",e);
self.sqlite_error("select prepare", &e);
})?;
let data_iter = stmt
.query_map(&[g_uuid], |row| Ok(row.get(0)?))
.map_err(|e| {
self.sqlite_error("query_map", e);
let data_iter = stmt.query_map([g_uuid], |row| row.get(0)).map_err(|e| {
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<Vec<u8>>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -641,16 +637,16 @@ impl<'a> DbTxn<'a> {
.conn
.prepare("SELECT token FROM group_t")
.map_err(|e| {
self.sqlite_error("select prepare", e);
self.sqlite_error("select prepare", &e);
})?;
let data_iter = stmt.query_map([], |row| Ok(row.get(0)?)).map_err(|e| {
self.sqlite_error("query_map", e);
let data_iter = stmt.query_map([], |row| row.get(0)).map_err(|e| {
self.sqlite_error("query_map", &e);
})?;
let data: Result<Vec<Vec<u8>>, _> = data_iter
.map(|v| {
v.map_err(|e| {
self.sqlite_error("map", e);
self.sqlite_error("map", &e);
})
})
.collect();
@ -682,7 +678,7 @@ impl<'a> DbTxn<'a> {
let mut stmt = self.conn
.prepare("INSERT OR REPLACE INTO group_t (uuid, name, spn, gidnumber, token, expiry) VALUES (:uuid, :name, :spn, :gidnumber, :token, :expiry)")
.map_err(|e| {
self.sqlite_error("prepare",e);
self.sqlite_error("prepare", &e);
})?;
stmt.execute(named_params! {
@ -697,16 +693,16 @@ impl<'a> DbTxn<'a> {
debug!("insert -> {:?}", r);
})
.map_err(|e| {
self.sqlite_error("execute", e);
self.sqlite_error("execute", &e);
})
}
pub fn delete_group(&self, g_uuid: &str) -> Result<(), ()> {
self.conn
.execute("DELETE FROM group_t WHERE uuid = :g_uuid", &[g_uuid])
.execute("DELETE FROM group_t WHERE uuid = :g_uuid", [g_uuid])
.map(|_| ())
.map_err(|e| {
self.sqlite_error("memberof_t create", e);
self.sqlite_error("memberof_t create", &e);
})
}
}

2
kanidmd/core/src/https/middleware.rs
View file

@ -212,7 +212,7 @@ impl<State: Clone + Send + Sync + 'static> tide::Middleware<State>
}
}
const KANIDM_VERSION: &'static str = env!("CARGO_PKG_VERSION");
const KANIDM_VERSION: &str = env!("CARGO_PKG_VERSION");
#[derive(Default)]
pub struct VersionHeaderMiddleware;

2
kanidmd/core/src/https/mod.rs
View file

@ -392,7 +392,7 @@ pub fn create_https_server(
.with_session_ttl(None)
.with_cookie_name("kanidm-session")
// Without this, the cookies won't be used on subdomains of origin.
.with_cookie_domain(&domain)
.with_cookie_domain(domain)
// Im not sure if we need Lax here, I don't think we do because on the first get
// we don't need the cookie since wasm drives the fetches.
.with_same_site_policy(tide::http::cookies::SameSite::Strict),

2
kanidmd/core/src/ldaps.rs
View file

@ -59,7 +59,7 @@ async fn client_process<W: AsyncWrite + Unpin, R: AsyncRead + Unpin>(
while let Some(Ok(protomsg)) = r.next().await {
// Start the event
let uat = session.uat.clone();
let caddr = client_address.clone();
let caddr = client_address;
match client_process_msg(uat, caddr, protomsg, qe_r_ref).await {
// I'd really have liked to have put this near the [LdapResponseState::Bind] but due

8
kanidmd/core/src/lib.rs
View file

@ -432,7 +432,7 @@ pub async fn domain_rename_core(config: &Configuration) {
match qs.read().await.get_db_domain_name() {
Ok(old_domain_name) => {
admin_info!(?old_domain_name, ?new_domain_name);
if &old_domain_name == &new_domain_name {
if old_domain_name == new_domain_name {
admin_info!("Domain name not changing, stopping.");
return;
}
@ -568,14 +568,14 @@ pub struct CoreHandle {
impl CoreHandle {
pub async fn shutdown(&mut self) {
if let Err(_) = self.tx.send(CoreAction::Shutdown) {
if self.tx.send(CoreAction::Shutdown).is_err() {
eprintln!("No receivers acked shutdown request. Treating as unclean.");
return;
}
// Wait on the handles.
while let Some(handle) = self.handles.pop() {
if let Err(_) = handle.await {
if handle.await.is_err() {
eprintln!("A task failed to join");
}
}
@ -607,7 +607,7 @@ pub async fn create_server_core(
} else if config.tls_config.is_none() {
// TLS is great! We won't run without it.
error!("Running without TLS is not supported! Quitting!");
return Err({});
return Err(());
}
info!(

2
kanidmd/lib/src/constants/mod.rs
View file

@ -17,7 +17,7 @@ pub use crate::constants::values::*;
use std::time::Duration;
// Increment this as we add new schema types and values!!!
pub const SYSTEM_INDEX_VERSION: i64 = 27;
pub const SYSTEM_INDEX_VERSION: i64 = 28;
/*
* domain functional levels

16
kanidmd/lib/src/idm/scim.rs
View file

@ -300,22 +300,24 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// TODO: This could benefit from a search that only grabs uuids?
let existing_entries = self
.qs_write
.internal_search(f_all_sync.clone())
// .internal_search(f_all_sync.clone())
.internal_exists(f_all_sync.clone())
.map_err(|e| {
error!("Failed to determine existing entries set");
e
})?;
// This is the delete filter we need later.
/*
let filter_or: Vec<_> = existing_entries
.iter()
.map(|e| f_eq("uuid", PartialValue::Uuid(e.get_uuid())))
.collect();
*/
// We only need to delete the sync account itself.
let delete_filter = filter!(f_eq("uuid", PartialValue::Uuid(sync_uuid)));
if !filter_or.is_empty() {
if existing_entries {
// Now modify these to remove their sync related attributes.
let schema = self.qs_write.get_schema();
let sync_class = schema.get_classes().get("sync_object").ok_or_else(|| {
@ -429,16 +431,16 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
e
})?;
let delete_filter = if existing_entries.is_empty() {
// We only need to delete the sync account itself.
filter!(f_eq("uuid", PartialValue::Uuid(sync_uuid)))
} else {
// This is the delete filter we need later.
let filter_or: Vec<_> = existing_entries
.iter()
.map(|e| f_eq("uuid", PartialValue::Uuid(e.get_uuid())))
.collect();
let delete_filter = if filter_or.is_empty() {
// We only need to delete the sync account itself.
filter!(f_eq("uuid", PartialValue::Uuid(sync_uuid)))
} else {
// Now modify these to remove their sync related attributes.
let schema = self.qs_write.get_schema();
let sync_class = schema.get_classes().get("sync_object").ok_or_else(|| {

3
kanidmd/lib/src/repl/mod.rs
View file

@ -1,3 +1,6 @@
pub mod cid;
pub mod entry;
pub mod ruv;
#[cfg(test)]
mod tests;

3
kanidmd/lib/src/repl/tests.rs
View file

@ -1,7 +1,6 @@
use crate::prelude::*;
// use crate::prelude::*;
#[tokio::test]
async fn multiple_qs_setup() {
assert!(true);
}

14
kanidmd/lib/src/server/access/mod.rs
View file

@ -213,7 +213,7 @@ pub trait AccessControlsTransaction<'a> {
let allowed_entries: Vec<_> = entries
.into_iter()
.filter(|e| {
match apply_search_access(&se.ident, related_acp.as_slice(), &e) {
match apply_search_access(&se.ident, related_acp.as_slice(), e) {
SearchResult::Denied => false,
SearchResult::Grant => true,
SearchResult::Allow(allowed_attrs) => {
@ -449,7 +449,7 @@ pub trait AccessControlsTransaction<'a> {
security_access!(?requested_classes, "Requested class set");
let r = entries.iter().all(|e| {
match apply_modify_access(&me.ident, related_acp.as_slice(), &e) {
match apply_modify_access(&me.ident, related_acp.as_slice(), e) {
ModifyResult::Denied => false,
ModifyResult::Grant => true,
ModifyResult::Allow { pres, rem, cls } => {
@ -582,7 +582,7 @@ pub trait AccessControlsTransaction<'a> {
security_access!(?requested_rem, "Requested remove set");
security_access!(?requested_classes, "Requested class set");
match apply_modify_access(&me.ident, related_acp.as_slice(), &e) {
match apply_modify_access(&me.ident, related_acp.as_slice(), e) {
ModifyResult::Denied => false,
ModifyResult::Grant => true,
ModifyResult::Allow { pres, rem, cls } => {
@ -665,7 +665,7 @@ pub trait AccessControlsTransaction<'a> {
// For each entry
let r = entries.iter().all(|e| {
match apply_create_access(&ce.ident, related_acp.as_slice(), &e) {
match apply_create_access(&ce.ident, related_acp.as_slice(), e) {
CreateResult::Denied => false,
CreateResult::Grant => true,
}
@ -729,7 +729,7 @@ pub trait AccessControlsTransaction<'a> {
// For each entry
let r = entries.iter().all(|e| {
match apply_delete_access(&de.ident, related_acp.as_slice(), &e) {
match apply_delete_access(&de.ident, related_acp.as_slice(), e) {
DeleteResult::Denied => false,
DeleteResult::Grant => true,
}
@ -798,7 +798,7 @@ pub trait AccessControlsTransaction<'a> {
.map(|e| {
// == search ==
let search_effective =
match apply_search_access(ident, search_related_acp.as_slice(), &e) {
match apply_search_access(ident, search_related_acp.as_slice(), e) {
SearchResult::Denied => Access::Denied,
SearchResult::Grant => Access::Grant,
SearchResult::Allow(allowed_attrs) => {
@ -810,7 +810,7 @@ pub trait AccessControlsTransaction<'a> {
// == modify ==
let (modify_pres, modify_rem, modify_class) =
match apply_modify_access(ident, modify_related_acp.as_slice(), &e) {
match apply_modify_access(ident, modify_related_acp.as_slice(), e) {
ModifyResult::Denied => (Access::Denied, Access::Denied, Access::Denied),
ModifyResult::Grant => (Access::Grant, Access::Grant, Access::Grant),
ModifyResult::Allow { pres, rem, cls } => (

9
kanidmd/lib/src/server/mod.rs
View file

@ -45,6 +45,9 @@ pub mod recycle;
const RESOLVE_FILTER_CACHE_MAX: usize = 4096;
const RESOLVE_FILTER_CACHE_LOCAL: usize = 0;
pub type ResolveFilterCacheReadTxn<'a> =
ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>;
#[derive(Debug, Clone, PartialOrd, PartialEq, Eq)]
enum ServerPhase {
Bootstrap,
@ -140,9 +143,7 @@ pub trait QueryServerTransaction<'a> {
fn get_domain_display_name(&self) -> &str;
fn get_resolve_filter_cache(
&mut self,
) -> &mut ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>;
fn get_resolve_filter_cache(&mut self) -> &mut ResolveFilterCacheReadTxn<'a>;
// Because of how borrowck in rust works, if we need to get two inner types we have to get them
// in a single fn.
@ -151,7 +152,7 @@ pub trait QueryServerTransaction<'a> {
&mut self,
) -> (
&mut Self::BackendTransactionType,
&mut ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>,
&mut ResolveFilterCacheReadTxn<'a>,
);
/// Conduct a search and apply access controls to yield a set of entries that

4
kanidmd_web_ui/src/credential/totpremove.rs
View file

@ -133,9 +133,7 @@ impl TotpRemoveComp {
let status: CUStatus =
serde_wasm_bindgen::from_value(jsval).expect_throw("Invalid response type");
cb.emit(EventBusMsg::UpdateStatus {
status: status.clone(),
});
cb.emit(EventBusMsg::UpdateStatus { status });
Ok(Msg::Success)
} else {

2
kanidmd_web_ui/src/manager.rs
View file

@ -48,6 +48,8 @@ fn landing() -> Html {
html! { <main></main> }
}
// Needed for yew to pass by value
#[allow(clippy::needless_pass_by_value)]
fn switch(route: Route) -> Html {
#[cfg(debug_assertions)]
console::debug!("manager::switch");

5
orca/src/generate.rs
View file

@ -12,7 +12,7 @@ const N_GROUPS: usize = 1500;
const N_MEMBERSHIPS: usize = 10;
const N_NEST: usize = 4;
pub(crate) fn doit(output: &Path) -> () {
pub(crate) fn doit(output: &Path) {
info!(
"Performing data generation into {}",
output.to_str().unwrap(),
@ -68,7 +68,8 @@ pub(crate) fn doit(output: &Path) -> () {
let mut chunk_iter = groups.chunks_mut(chunk_size);
// Can't fail due to above checks.
let mut p_chunk = chunk_iter.next().unwrap();
while let Some(w_chunk) = chunk_iter.next() {
// while let Some(w_chunk) = chunk_iter.next() {
for w_chunk in chunk_iter {
// add items from work chunk to parent chunk
p_chunk
.iter_mut()