mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

deploy: ea8801f23d

Browse source
This commit is contained in:
Firstyear 2021-09-05 21:53:07 +00:00
parent 940d1ee1c1
commit 428cd1b076
11 changed files with 118 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
docs/pam_and_nsswitch.html
View file

@ -356,6 +356,22 @@ session required pam_unix.so
session optional pam_kanidm.so debug
</code></pre>
<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
<h3 id="check-posix-status-of-group-and-config"><a class="header" href="#check-posix-status-of-group-and-config">Check POSIX-status of group and config</a></h3>
<p>If authentication is failing via PAM, make sure that a list of groups is configured in <code>/etc/kanidm/unixd</code>:</p>
<pre><code>pam_allowed_login_groups = [&quot;example_group&quot;]
</code></pre>
<p>Check the status of the group with <code>kanidm group posix show example_group</code>. If you get something similar to the below:</p>
<pre><code class="language-shell">&gt; kanidm group posix show example_group
Using cached token for name idm_admin
Error -&gt; Http(500, Some(InvalidAccountState(&quot;Missing class: account &amp;&amp; posixaccount OR group &amp;&amp; posixgroup&quot;)), &quot;b71f137e-39f3-4368-9e58-21d26671ae24&quot;)
</code></pre>
<p>POSIX-enable the group with <code>kanidm group posix set example_group</code>. You should get a result similar to this when you search for your group name:</p>
<pre><code class="language-shell">&gt; kanidm group posix show example_group
[ spn: example_group@kanidm.example.com, gidnumber: 3443347205 name: example_group, uuid: b71f137e-39f3-4368-9e58-21d26671ae24 ]
</code></pre>
<p>Also, ensure the target user is in the group by running:</p>
<pre><code>&gt; kanidm group list_members example_group
</code></pre>
<h3 id="increase-logging"><a class="header" href="#increase-logging">Increase logging</a></h3>
<p>For the unixd daemon, you can increase the logging with:</p>
<pre><code>systemctl edit kanidm-unixd.service
@ -370,9 +386,9 @@ Environment=&quot;RUST_LOG=kanidm=debug&quot;
<pre><code>auth sufficient pam_kanidm.so debug
</code></pre>
<h3 id="check-the-socket-permissions"><a class="header" href="#check-the-socket-permissions">Check the socket permissions</a></h3>
<p>Check that the /var/run/kanidm-unixd/sock is 777, and that non-root readers can see it with
<p>Check that the <code>/var/run/kanidm-unixd/sock</code> is 777, and that non-root readers can see it with
ls or other tools.</p>
<p>Ensure that /var/run/kanidm-unixd/task_sock is 700, and that it is owned by the kanidm unixd
<p>Ensure that <code>/var/run/kanidm-unixd/task_sock</code> is 700, and that it is owned by the kanidm unixd
process user.</p>
<h3 id="check-you-can-access-the-kanidm-server"><a class="header" href="#check-you-can-access-the-kanidm-server">Check you can access the kanidm server</a></h3>
<p>You can check this with the client tools:</p>
@ -381,7 +397,12 @@ process user.</p>
<h3 id="ensure-the-libraries-are-correct"><a class="header" href="#ensure-the-libraries-are-correct">Ensure the libraries are correct.</a></h3>
<p>You should have:</p>
<pre><code>/usr/lib64/libnss_kanidm.so.2
/usr/lib64/security/pam_kanidm.so
</code></pre>
<p>The exact path <em>may</em> change depending on your distribution, <code>pam_unixd.so</code> should be co-located with pam_kanidm.so so looking for it findable with:</p>
<pre><code>find /usr/ -name 'pam_unix.so'
</code></pre>
<p>For example, on a Debian machine, it's located in <code>/usr/lib/x86_64-linux-gnu/security/</code>.</p>
<h3 id="increase-connection-timeout"><a class="header" href="#increase-connection-timeout">Increase connection timeout</a></h3>
<p>In some high latency environments, you may need to increase the connection timeout. We set
this low to improve response on LANs, but over the internet this may need to be increased.

25
docs/print.html
View file

@ -1433,6 +1433,22 @@ session required pam_unix.so
session optional pam_kanidm.so debug
</code></pre>
<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
<h3 id="check-posix-status-of-group-and-config"><a class="header" href="#check-posix-status-of-group-and-config">Check POSIX-status of group and config</a></h3>
<p>If authentication is failing via PAM, make sure that a list of groups is configured in <code>/etc/kanidm/unixd</code>:</p>
<pre><code>pam_allowed_login_groups = [&quot;example_group&quot;]
</code></pre>
<p>Check the status of the group with <code>kanidm group posix show example_group</code>. If you get something similar to the below:</p>
<pre><code class="language-shell">&gt; kanidm group posix show example_group
Using cached token for name idm_admin
Error -&gt; Http(500, Some(InvalidAccountState(&quot;Missing class: account &amp;&amp; posixaccount OR group &amp;&amp; posixgroup&quot;)), &quot;b71f137e-39f3-4368-9e58-21d26671ae24&quot;)
</code></pre>
<p>POSIX-enable the group with <code>kanidm group posix set example_group</code>. You should get a result similar to this when you search for your group name:</p>
<pre><code class="language-shell">&gt; kanidm group posix show example_group
[ spn: example_group@kanidm.example.com, gidnumber: 3443347205 name: example_group, uuid: b71f137e-39f3-4368-9e58-21d26671ae24 ]
</code></pre>
<p>Also, ensure the target user is in the group by running:</p>
<pre><code>&gt; kanidm group list_members example_group
</code></pre>
<h3 id="increase-logging"><a class="header" href="#increase-logging">Increase logging</a></h3>
<p>For the unixd daemon, you can increase the logging with:</p>
<pre><code>systemctl edit kanidm-unixd.service
@ -1447,9 +1463,9 @@ Environment=&quot;RUST_LOG=kanidm=debug&quot;
<pre><code>auth sufficient pam_kanidm.so debug
</code></pre>
<h3 id="check-the-socket-permissions"><a class="header" href="#check-the-socket-permissions">Check the socket permissions</a></h3>
<p>Check that the /var/run/kanidm-unixd/sock is 777, and that non-root readers can see it with
<p>Check that the <code>/var/run/kanidm-unixd/sock</code> is 777, and that non-root readers can see it with
ls or other tools.</p>
<p>Ensure that /var/run/kanidm-unixd/task_sock is 700, and that it is owned by the kanidm unixd
<p>Ensure that <code>/var/run/kanidm-unixd/task_sock</code> is 700, and that it is owned by the kanidm unixd
process user.</p>
<h3 id="check-you-can-access-the-kanidm-server"><a class="header" href="#check-you-can-access-the-kanidm-server">Check you can access the kanidm server</a></h3>
<p>You can check this with the client tools:</p>
@ -1458,7 +1474,12 @@ process user.</p>
<h3 id="ensure-the-libraries-are-correct"><a class="header" href="#ensure-the-libraries-are-correct">Ensure the libraries are correct.</a></h3>
<p>You should have:</p>
<pre><code>/usr/lib64/libnss_kanidm.so.2
/usr/lib64/security/pam_kanidm.so
</code></pre>
<p>The exact path <em>may</em> change depending on your distribution, <code>pam_unixd.so</code> should be co-located with pam_kanidm.so so looking for it findable with:</p>
<pre><code>find /usr/ -name 'pam_unix.so'
</code></pre>
<p>For example, on a Debian machine, it's located in <code>/usr/lib/x86_64-linux-gnu/security/</code>.</p>
<h3 id="increase-connection-timeout"><a class="header" href="#increase-connection-timeout">Increase connection timeout</a></h3>
<p>In some high latency environments, you may need to increase the connection timeout. We set
this low to improve response on LANs, but over the internet this may need to be increased.

2
docs/rustdoc/kanidm_unix_common/cache/index.html vendored
View file

@ -1,5 +1,5 @@
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `cache` mod in crate `kanidm_unix_common`."><meta name="keywords" content="rust, rustlang, rust-lang, cache"><title>kanidm_unix_common::cache - Rust</title><link rel="stylesheet" type="text/css" href="../../normalize.css"><link rel="stylesheet" type="text/css" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../light.css" id="themeStyle"><link rel="stylesheet" type="text/css" href="../../dark.css" disabled ><link rel="stylesheet" type="text/css" href="../../ayu.css" disabled ><script id="default-settings"></script><script src="../../storage.js"></script><script src="../../crates.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="icon" type="image/svg+xml" href="../../favicon.svg">
<link rel="alternate icon" type="image/png" href="../../favicon-16x16.png">
<link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("../../down-arrow.svg");}</style></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='../../kanidm_unix_common/index.html'><div class='logo-container rust-logo'><img src='../../rust-logo.png' alt='logo'></div></a><h2 class="location">Module cache</h2><div class="sidebar-elems"><div class="block items"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li></ul></div><div id="sidebar-vars" data-name="cache" data-ty="mod" data-relpath="./"></div><script defer src="./sidebar-items.js"></script></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="../../brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../../settings.html" title="settings"><img src="../../wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Module <a href="../index.html">kanidm_unix_common</a>::<wbr><a class="mod" href="#">cache</a><button id="copy-path" onclick="copy_path(this)" title="copy path"><img src="../../clipboard.svg" width="19" height="18" alt="Copy item import" title="Copy item import to clipboard"></button></span><span class="out-of-band"><span id="render-detail"><a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span><a class="srclink" href="../../src/kanidm_unix_common/cache.rs.html#1-955" title="goto source code">[src]</a></span></h1><h2 id="structs" class="section-header"><a href="#structs">Structs</a></h2>
<link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("../../down-arrow.svg");}</style></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='../../kanidm_unix_common/index.html'><div class='logo-container rust-logo'><img src='../../rust-logo.png' alt='logo'></div></a><h2 class="location">Module cache</h2><div class="sidebar-elems"><div class="block items"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li></ul></div><div id="sidebar-vars" data-name="cache" data-ty="mod" data-relpath="./"></div><script defer src="./sidebar-items.js"></script></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="../../brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../../settings.html" title="settings"><img src="../../wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Module <a href="../index.html">kanidm_unix_common</a>::<wbr><a class="mod" href="#">cache</a><button id="copy-path" onclick="copy_path(this)" title="copy path"><img src="../../clipboard.svg" width="19" height="18" alt="Copy item import" title="Copy item import to clipboard"></button></span><span class="out-of-band"><span id="render-detail"><a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span><a class="srclink" href="../../src/kanidm_unix_common/cache.rs.html#1-968" title="goto source code">[src]</a></span></h1><h2 id="structs" class="section-header"><a href="#structs">Structs</a></h2>
<table><tr class="module-item"><td><a class="struct" href="struct.CacheLayer.html" title="kanidm_unix_common::cache::CacheLayer struct">CacheLayer</a></td><td class="docblock-short"></td></tr></table><h2 id="enums" class="section-header"><a href="#enums">Enums</a></h2>
<table><tr class="module-item"><td><a class="enum" href="enum.Id.html" title="kanidm_unix_common::cache::Id enum">Id</a></td><td class="docblock-short"></td></tr></table></section><section id="search" class="content hidden"></section><div id="rustdoc-vars" data-root-path="../../" data-current-crate="kanidm_unix_common" data-search-index-js="../../search-index.js" data-search-js="../../search.js"></div><script src="../../main.js"></script></body></html>

2
docs/rustdoc/kanidm_unix_common/cache/struct.CacheLayer.html vendored
View file

File diff suppressed because one or more lines are too long

2
docs/rustdoc/pam_kanidm/index.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `pam_kanidm` crate."><meta name="keywords" content="rust, rustlang, rust-lang, pam_kanidm"><title>pam_kanidm - Rust</title><link rel="stylesheet" type="text/css" href="../normalize.css"><link rel="stylesheet" type="text/css" href="../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../light.css" id="themeStyle"><link rel="stylesheet" type="text/css" href="../dark.css" disabled ><link rel="stylesheet" type="text/css" href="../ayu.css" disabled ><script id="default-settings"></script><script src="../storage.js"></script><script src="../crates.js"></script><noscript><link rel="stylesheet" href="../noscript.css"></noscript><link rel="icon" type="image/svg+xml" href="../favicon.svg">
<link rel="alternate icon" type="image/png" href="../favicon-16x16.png">
<link rel="alternate icon" type="image/png" href="../favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("../down-arrow.svg");}</style></head><body class="rustdoc mod crate"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='../pam_kanidm/index.html'><div class='logo-container rust-logo'><img src='../rust-logo.png' alt='logo'></div></a><h2 class="location">Crate pam_kanidm</h2><div class="block version"><p>Version 1.1.0-alpha.5</p></div><div class="sidebar-elems"><a id="all-types" href="all.html"><p>See all pam_kanidm's items</p></a><div class="block items"><ul><li><a href="#macros">Macros</a></li><li><a href="#functions">Functions</a></li></ul></div><div id="sidebar-vars" data-name="pam_kanidm" data-ty="mod" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="../brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img src="../wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Crate <a class="mod" href="#">pam_kanidm</a><button id="copy-path" onclick="copy_path(this)" title="copy path"><img src="../clipboard.svg" width="19" height="18" alt="Copy item import" title="Copy item import to clipboard"></button></span><span class="out-of-band"><span id="render-detail"><a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span><a class="srclink" href="../src/pam_kanidm/lib.rs.html#1-321" title="goto source code">[src]</a></span></h1><h2 id="macros" class="section-header"><a href="#macros">Macros</a></h2>
<link rel="alternate icon" type="image/png" href="../favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("../down-arrow.svg");}</style></head><body class="rustdoc mod crate"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='../pam_kanidm/index.html'><div class='logo-container rust-logo'><img src='../rust-logo.png' alt='logo'></div></a><h2 class="location">Crate pam_kanidm</h2><div class="block version"><p>Version 1.1.0-alpha.5</p></div><div class="sidebar-elems"><a id="all-types" href="all.html"><p>See all pam_kanidm's items</p></a><div class="block items"><ul><li><a href="#macros">Macros</a></li><li><a href="#functions">Functions</a></li></ul></div><div id="sidebar-vars" data-name="pam_kanidm" data-ty="mod" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="../brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img src="../wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Crate <a class="mod" href="#">pam_kanidm</a><button id="copy-path" onclick="copy_path(this)" title="copy path"><img src="../clipboard.svg" width="19" height="18" alt="Copy item import" title="Copy item import to clipboard"></button></span><span class="out-of-band"><span id="render-detail"><a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span><a class="srclink" href="../src/pam_kanidm/lib.rs.html#1-332" title="goto source code">[src]</a></span></h1><h2 id="macros" class="section-header"><a href="#macros">Macros</a></h2>
<table><tr class="module-item"><td><a class="macro" href="macro.pam_hooks.html" title="pam_kanidm::pam_hooks macro">pam_hooks</a></td><td class="docblock-short"><p>Macro to generate the <code>extern &quot;C&quot;</code> entrypoint bindings needed by PAM</p>
</td></tr></table><h2 id="functions" class="section-header"><a href="#functions">Functions</a></h2>
<table><tr class="module-item"><td><a class="fn" href="fn.pam_sm_acct_mgmt.html" title="pam_kanidm::pam_sm_acct_mgmt fn">pam_sm_acct_mgmt</a></td><td class="docblock-short"></td></tr><tr class="module-item"><td><a class="fn" href="fn.pam_sm_authenticate.html" title="pam_kanidm::pam_sm_authenticate fn">pam_sm_authenticate</a></td><td class="docblock-short"></td></tr><tr class="module-item"><td><a class="fn" href="fn.pam_sm_chauthtok.html" title="pam_kanidm::pam_sm_chauthtok fn">pam_sm_chauthtok</a></td><td class="docblock-short"></td></tr><tr class="module-item"><td><a class="fn" href="fn.pam_sm_close_session.html" title="pam_kanidm::pam_sm_close_session fn">pam_sm_close_session</a></td><td class="docblock-short"></td></tr><tr class="module-item"><td><a class="fn" href="fn.pam_sm_open_session.html" title="pam_kanidm::pam_sm_open_session fn">pam_sm_open_session</a></td><td class="docblock-short"></td></tr><tr class="module-item"><td><a class="fn" href="fn.pam_sm_setcred.html" title="pam_kanidm::pam_sm_setcred fn">pam_sm_setcred</a></td><td class="docblock-short"></td></tr></table></section><section id="search" class="content hidden"></section><div id="rustdoc-vars" data-root-path="../" data-current-crate="pam_kanidm" data-search-index-js="../search-index.js" data-search-js="../search.js"></div><script src="../main.js"></script></body></html>

2
docs/rustdoc/search-index.js
View file

File diff suppressed because one or more lines are too long

4
docs/rustdoc/settings.html
View file

@ -1,4 +1,4 @@
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Settings of Rustdoc"><meta name="keywords" content="rust, rustlang, rust-lang"><title>Rustdoc settings</title><link rel="stylesheet" type="text/css" href="./normalize.css"><link rel="stylesheet" type="text/css" href="./rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="./light.css" id="themeStyle"><link rel="stylesheet" type="text/css" href="./dark.css" disabled ><link rel="stylesheet" type="text/css" href="./ayu.css" disabled ><link rel="stylesheet" type="text/css" href="./settings.css" ><script id="default-settings"></script><script src="./storage.js"></script><script src="./crates.js"></script><noscript><link rel="stylesheet" href="./noscript.css"></noscript><link rel="icon" type="image/svg+xml" href="./favicon.svg">
<link rel="alternate icon" type="image/png" href="./favicon-16x16.png">
<link rel="alternate icon" type="image/png" href="./favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("./down-arrow.svg");}</style></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='./kanidm_unixd/index.html'><div class='logo-container rust-logo'><img src='./rust-logo.png' alt='logo'></div></a><h2 class="location">Settings</h2><div class="sidebar-elems"></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="./brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="./settings.html" title="settings"><img src="./wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Rustdoc settings</span></h1><div class="settings"><div class="setting-line"><div class="title">Theme preferences</div><div class="sub-settings"><div class="setting-line"><label class="toggle"><input type="checkbox" id="use-system-theme" checked><span class="slider"></span></label><div>Use system theme</div></div><div class="setting-line"><div>Preferred dark theme</div><label class="select-wrapper"><select id="preferred-dark-theme" autocomplete="off"><option value="light" >light</option><option value="dark" selected>dark</option><option value="ayu" >ayu</option></select><img src="./down-arrow.svg" alt="Select item"></label></div><div class="setting-line"><div>Preferred light theme</div><label class="select-wrapper"><select id="preferred-light-theme" autocomplete="off"><option value="light" selected>light</option><option value="dark" >dark</option><option value="ayu" >ayu</option></select><img src="./down-arrow.svg" alt="Select item"></label></div></div>
</div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-large-items" checked><span class="slider"></span></label><div>Auto-hide item contents for large items.</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-method-docs" ><span class="slider"></span></label><div>Auto-hide item methods' documentation</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-trait-implementations" checked><span class="slider"></span></label><div>Auto-hide trait implementation documentation</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-collapse-implementors" checked><span class="slider"></span></label><div>Auto-hide implementors of a trait</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="go-to-only-result" ><span class="slider"></span></label><div>Directly go to item in search if there is only one result</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="line-numbers" ><span class="slider"></span></label><div>Show line numbers on code examples</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="disable-shortcuts" ><span class="slider"></span></label><div>Disable keyboard shortcuts</div></div></div><script src="./settings.js"></script></section><section id="search" class="content hidden"></section><div id="rustdoc-vars" data-root-path="./" data-current-crate="kanidm_unixd" data-search-index-js="./search-index.js" data-search-js="./search.js"></div><script src="./main.js"></script></body></html>
<link rel="alternate icon" type="image/png" href="./favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("./down-arrow.svg");}</style></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu" role="button">&#9776;</div><a href='./pam_kanidm/index.html'><div class='logo-container rust-logo'><img src='./rust-logo.png' alt='logo'></div></a><h2 class="location">Settings</h2><div class="sidebar-elems"></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img src="./brush.svg" width="18" height="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"></div><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="./settings.html" title="settings"><img src="./wheel.svg" width="18" height="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Rustdoc settings</span></h1><div class="settings"><div class="setting-line"><div class="title">Theme preferences</div><div class="sub-settings"><div class="setting-line"><label class="toggle"><input type="checkbox" id="use-system-theme" checked><span class="slider"></span></label><div>Use system theme</div></div><div class="setting-line"><div>Preferred dark theme</div><label class="select-wrapper"><select id="preferred-dark-theme" autocomplete="off"><option value="light" >light</option><option value="dark" selected>dark</option><option value="ayu" >ayu</option></select><img src="./down-arrow.svg" alt="Select item"></label></div><div class="setting-line"><div>Preferred light theme</div><label class="select-wrapper"><select id="preferred-light-theme" autocomplete="off"><option value="light" selected>light</option><option value="dark" >dark</option><option value="ayu" >ayu</option></select><img src="./down-arrow.svg" alt="Select item"></label></div></div>
</div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-large-items" checked><span class="slider"></span></label><div>Auto-hide item contents for large items.</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-method-docs" ><span class="slider"></span></label><div>Auto-hide item methods' documentation</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-hide-trait-implementations" checked><span class="slider"></span></label><div>Auto-hide trait implementation documentation</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="auto-collapse-implementors" checked><span class="slider"></span></label><div>Auto-hide implementors of a trait</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="go-to-only-result" ><span class="slider"></span></label><div>Directly go to item in search if there is only one result</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="line-numbers" ><span class="slider"></span></label><div>Show line numbers on code examples</div></div><div class="setting-line"><label class="toggle"><input type="checkbox" id="disable-shortcuts" ><span class="slider"></span></label><div>Disable keyboard shortcuts</div></div></div><script src="./settings.js"></script></section><section id="search" class="content hidden"></section><div id="rustdoc-vars" data-root-path="./" data-current-crate="pam_kanidm" data-search-index-js="./search-index.js" data-search-js="./search.js"></div><script src="./main.js"></script></body></html>

52
docs/rustdoc/src/kanidm_unix_common/cache.rs.html
View file

@ -955,6 +955,19 @@
<span id="953">953</span>
<span id="954">954</span>
<span id="955">955</span>
<span id="956">956</span>
<span id="957">957</span>
<span id="958">958</span>
<span id="959">959</span>
<span id="960">960</span>
<span id="961">961</span>
<span id="962">962</span>
<span id="963">963</span>
<span id="964">964</span>
<span id="965">965</span>
<span id="966">966</span>
<span id="967">967</span>
<span id="968">968</span>
</pre><pre class="rust">
<span class="kw">use</span> <span class="kw">crate</span><span class="ident">::db::Db</span>;
<span class="kw">use</span> <span class="kw">crate</span><span class="ident">::unix_config</span>::{<span class="ident">HomeAttr</span>, <span class="ident">UidAttr</span>};
@ -1038,6 +1051,10 @@
<span class="ident">dbtxn</span>.<span class="ident">commit</span>()<span class="question-mark">?</span>;
}
<span class="kw">if</span> <span class="ident">pam_allow_groups</span>.<span class="ident">len</span>() <span class="op">=</span><span class="op">=</span> <span class="number">0</span> {
<span class="macro">eprintln!</span>(<span class="string">&quot;Will not be able to authenticate users, pam_allow_groups config is not configured.&quot;</span>);
}
<span class="comment">// We assume we are offline at start up, and we mark the next &quot;online check&quot; as</span>
<span class="comment">// being valid from &quot;now&quot;.</span>
<span class="prelude-val">Ok</span>(<span class="ident">CacheLayer</span> {
@ -1816,21 +1833,30 @@
<span class="kw">pub</span> <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">pam_account_allowed</span>(<span class="kw-2">&amp;</span><span class="self">self</span>, <span class="ident">account_id</span>: <span class="kw-2">&amp;</span><span class="ident">str</span>) <span class="op">-</span><span class="op">&gt;</span> <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">bool</span><span class="op">&gt;</span>, ()<span class="op">&gt;</span> {
<span class="kw">let</span> <span class="ident">token</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">get_usertoken</span>(<span class="ident">Id::Name</span>(<span class="ident">account_id</span>.<span class="ident">to_string</span>())).<span class="kw">await</span><span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(<span class="ident">token</span>.<span class="ident">map</span>(<span class="op">|</span><span class="ident">tok</span><span class="op">|</span> {
<span class="kw">let</span> <span class="ident">user_set</span>: <span class="ident">BTreeSet</span><span class="op">&lt;</span><span class="kw">_</span><span class="op">&gt;</span> <span class="op">=</span> <span class="ident">tok</span>
.<span class="ident">groups</span>
.<span class="ident">iter</span>()
.<span class="ident">map</span>(<span class="op">|</span><span class="ident">g</span><span class="op">|</span> <span class="macro">vec!</span>[<span class="ident">g</span>.<span class="ident">name</span>.<span class="ident">clone</span>(), <span class="ident">g</span>.<span class="ident">spn</span>.<span class="ident">clone</span>(), <span class="ident">g</span>.<span class="ident">uuid</span>.<span class="ident">clone</span>()])
.<span class="ident">flatten</span>()
.<span class="ident">collect</span>();
<span class="kw">if</span> <span class="self">self</span>.<span class="ident">pam_allow_groups</span>.<span class="ident">len</span>() <span class="op">=</span><span class="op">=</span> <span class="number">0</span> {
<span class="comment">// can&#39;t allow anything if the group list is zero...</span>
<span class="macro">eprintln!</span>(<span class="string">&quot;Cannot authenticate users, no allowed groups in configuration!&quot;</span>);
<span class="prelude-val">Ok</span>(<span class="prelude-val">Some</span>(<span class="bool-val">false</span>))
} <span class="kw">else</span> {
<span class="prelude-val">Ok</span>(<span class="ident">token</span>.<span class="ident">map</span>(<span class="op">|</span><span class="ident">tok</span><span class="op">|</span> {
<span class="kw">let</span> <span class="ident">user_set</span>: <span class="ident">BTreeSet</span><span class="op">&lt;</span><span class="kw">_</span><span class="op">&gt;</span> <span class="op">=</span> <span class="ident">tok</span>
.<span class="ident">groups</span>
.<span class="ident">iter</span>()
.<span class="ident">map</span>(<span class="op">|</span><span class="ident">g</span><span class="op">|</span> <span class="macro">vec!</span>[<span class="ident">g</span>.<span class="ident">name</span>.<span class="ident">clone</span>(), <span class="ident">g</span>.<span class="ident">spn</span>.<span class="ident">clone</span>(), <span class="ident">g</span>.<span class="ident">uuid</span>.<span class="ident">clone</span>()])
.<span class="ident">flatten</span>()
.<span class="ident">collect</span>();
<span class="macro">debug!</span>(
<span class="string">&quot;Checking if -&gt; {:?} &amp; {:?}&quot;</span>,
<span class="ident">user_set</span>, <span class="self">self</span>.<span class="ident">pam_allow_groups</span>
);
<span class="macro">debug!</span>(
<span class="string">&quot;Checking if user is in allowed groups ({:?}) -&gt; {:?}&quot;</span>,
<span class="self">self</span>.<span class="ident">pam_allow_groups</span>, <span class="ident">user_set</span>,
);
<span class="kw">let</span> <span class="ident">intersection_count</span> <span class="op">=</span> <span class="ident">user_set</span>.<span class="ident">intersection</span>(<span class="kw-2">&amp;</span><span class="self">self</span>.<span class="ident">pam_allow_groups</span>).<span class="ident">count</span>();
<span class="macro">debug!</span>(<span class="string">&quot;Number of intersecting groups: {}&quot;</span>, <span class="ident">intersection_count</span>);
<span class="macro">debug!</span>(<span class="string">&quot;User has valid token: {}&quot;</span>, <span class="ident">tok</span>.<span class="ident">valid</span>);
<span class="ident">user_set</span>.<span class="ident">intersection</span>(<span class="kw-2">&amp;</span><span class="self">self</span>.<span class="ident">pam_allow_groups</span>).<span class="ident">count</span>() <span class="op">&gt;</span> <span class="number">0</span> <span class="op">&amp;&amp;</span> <span class="ident">tok</span>.<span class="ident">valid</span>
}))
<span class="ident">intersection_count</span> <span class="op">&gt;</span> <span class="number">0</span> <span class="op">&amp;&amp;</span> <span class="ident">tok</span>.<span class="ident">valid</span>
}))
}
}
<span class="kw">pub</span> <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">pam_account_authenticate</span>(

28
docs/rustdoc/src/pam_kanidm/lib.rs.html
View file

@ -321,6 +321,17 @@
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
</pre><pre class="rust">
<span class="attribute">#![<span class="ident">deny</span>(<span class="ident">warnings</span>)]</span>
<span class="attribute">#![<span class="ident">warn</span>(<span class="ident">unused_extern_crates</span>)]</span>
@ -418,31 +429,42 @@
<span class="kw">match</span> <span class="ident">call_daemon_blocking</span>(<span class="ident">cfg</span>.<span class="ident">sock_path</span>.<span class="ident">as_str</span>(), <span class="kw-2">&amp;</span><span class="ident">req</span>) {
<span class="prelude-val">Ok</span>(<span class="ident">r</span>) <span class="op">=</span><span class="op">&gt;</span> <span class="kw">match</span> <span class="ident">r</span> {
<span class="ident">ClientResponse::PamStatus</span>(<span class="prelude-val">Some</span>(<span class="bool-val">true</span>)) <span class="op">=</span><span class="op">&gt;</span> {
<span class="comment">// println!(&quot;PAM_SUCCESS&quot;);</span>
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_SUCCESS&quot;</span>);
}
<span class="ident">PamResultCode::PAM_SUCCESS</span>
}
<span class="ident">ClientResponse::PamStatus</span>(<span class="prelude-val">Some</span>(<span class="bool-val">false</span>)) <span class="op">=</span><span class="op">&gt;</span> {
<span class="comment">// println!(&quot;PAM_IGNORE&quot;);</span>
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_AUTH_ERR&quot;</span>);
}
<span class="ident">PamResultCode::PAM_AUTH_ERR</span>
}
<span class="ident">ClientResponse::PamStatus</span>(<span class="prelude-val">None</span>) <span class="op">=</span><span class="op">&gt;</span> {
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">ignore_unknown_user</span> {
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_IGNORE&quot;</span>);
}
<span class="ident">PamResultCode::PAM_IGNORE</span>
} <span class="kw">else</span> {
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_USER_UNKNOWN&quot;</span>);
}
<span class="ident">PamResultCode::PAM_USER_UNKNOWN</span>
}
}
<span class="kw">_</span> <span class="op">=</span><span class="op">&gt;</span> {
<span class="comment">// unexpected response.</span>
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PAM_IGNORE -&gt; {:?}&quot;</span>, <span class="ident">r</span>);
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_IGNORE -&gt; {:?}&quot;</span>, <span class="ident">r</span>);
}
<span class="ident">PamResultCode::PAM_IGNORE</span>
}
},
<span class="prelude-val">Err</span>(<span class="ident">e</span>) <span class="op">=</span><span class="op">&gt;</span> {
<span class="kw">if</span> <span class="ident">opts</span>.<span class="ident">debug</span> {
<span class="macro">println!</span>(<span class="string">&quot;PAM_IGNORE -&gt; {:?}&quot;</span>, <span class="ident">e</span>);
<span class="macro">println!</span>(<span class="string">&quot;PamResultCode::PAM_IGNORE -&gt; {:?}&quot;</span>, <span class="ident">e</span>);
}
<span class="ident">PamResultCode::PAM_IGNORE</span>
}

2
docs/searchindex.js
View file

File diff suppressed because one or more lines are too long

2
docs/searchindex.json
View file

File diff suppressed because one or more lines are too long