mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix missing entry managed by on anonymouns (#2623)

Browse source
This commit is contained in:
Firstyear 2024-03-05 13:43:19 +10:00 committed by GitHub
parent 0813099fad
commit 47fe9c78e6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
server/lib/src/constants/entries.rs
View file

@ -743,6 +743,7 @@ lazy_static! {
/// Builtin System Admin account. /// Builtin System Admin account.
pub static ref BUILTIN_ACCOUNT_IDM_ADMIN: BuiltinAccount = BuiltinAccount { pub static ref BUILTIN_ACCOUNT_IDM_ADMIN: BuiltinAccount = BuiltinAccount {
account_type: AccountType::ServiceAccount, account_type: AccountType::ServiceAccount,
entry_managed_by: None,
name: "idm_admin", name: "idm_admin",
uuid: UUID_IDM_ADMIN, uuid: UUID_IDM_ADMIN,
description: "Builtin IDM Admin account.", description: "Builtin IDM Admin account.",
@ -778,6 +779,7 @@ Attribute::Description,
/// Built in accounts such as anonymous, idm_admin and admin /// Built in accounts such as anonymous, idm_admin and admin
pub struct BuiltinAccount { pub struct BuiltinAccount {
pub account_type: kanidm_proto::v1::AccountType, pub account_type: kanidm_proto::v1::AccountType,
pub entry_managed_by: Option<uuid::Uuid>,
pub name: &'static str, pub name: &'static str,
pub uuid: Uuid, pub uuid: Uuid,
pub description: &'static str, pub description: &'static str,
@ -788,6 +790,7 @@ impl Default for BuiltinAccount {
fn default() -> Self { fn default() -> Self {
BuiltinAccount { BuiltinAccount {
account_type: AccountType::ServiceAccount, account_type: AccountType::ServiceAccount,
entry_managed_by: None,
name: "", name: "",
uuid: Uuid::new_v4(), uuid: Uuid::new_v4(),
description: "<set description>", description: "<set description>",
@ -818,6 +821,10 @@ impl From<BuiltinAccount> for EntryInitNew {
entry.add_ava(Attribute::Description, Value::new_utf8s(value.description)); entry.add_ava(Attribute::Description, Value::new_utf8s(value.description));
entry.add_ava(Attribute::DisplayName, Value::new_utf8s(value.displayname)); entry.add_ava(Attribute::DisplayName, Value::new_utf8s(value.displayname));
if let Some(entry_manager) = value.entry_managed_by {
entry.add_ava(Attribute::EntryManagedBy, Value::Refer(entry_manager));
}
entry.set_ava( entry.set_ava(
Attribute::Class, Attribute::Class,
vec![ vec![
@ -840,13 +847,29 @@ lazy_static! {
/// Builtin System Admin account. /// Builtin System Admin account.
pub static ref BUILTIN_ACCOUNT_ADMIN: BuiltinAccount = BuiltinAccount { pub static ref BUILTIN_ACCOUNT_ADMIN: BuiltinAccount = BuiltinAccount {
account_type: AccountType::ServiceAccount, account_type: AccountType::ServiceAccount,
entry_managed_by: None,
name: "admin", name: "admin",
uuid: UUID_ADMIN, uuid: UUID_ADMIN,
description: "Builtin System Admin account.", description: "Builtin System Admin account.",
displayname: "System Administrator", displayname: "System Administrator",
}; };
}
lazy_static! {
pub static ref BUILTIN_ACCOUNT_ANONYMOUS_V1: BuiltinAccount = BuiltinAccount { pub static ref BUILTIN_ACCOUNT_ANONYMOUS_V1: BuiltinAccount = BuiltinAccount {
account_type: AccountType::ServiceAccount, account_type: AccountType::ServiceAccount,
entry_managed_by: None,
name: "anonymous",
uuid: UUID_ANONYMOUS,
description: "Anonymous access account.",
displayname: "Anonymous",
};
}
lazy_static! {
pub static ref BUILTIN_ACCOUNT_ANONYMOUS_DL6: BuiltinAccount = BuiltinAccount {
account_type: AccountType::ServiceAccount,
entry_managed_by: Some(UUID_IDM_ADMINS),
name: "anonymous", name: "anonymous",
uuid: UUID_ANONYMOUS, uuid: UUID_ANONYMOUS,
description: "Anonymous access account.", description: "Anonymous access account.",

4
server/lib/src/server/migrations.rs
View file

@ -880,11 +880,13 @@ impl<'a> QueryServerWriteTransaction<'a> {
self.reload()?; self.reload()?;
// Update access controls.
let idm_access_controls = [ let idm_access_controls = [
// Update access controls.
IDM_ACP_GROUP_ACCOUNT_POLICY_MANAGE_DL6.clone().into(), IDM_ACP_GROUP_ACCOUNT_POLICY_MANAGE_DL6.clone().into(),
IDM_ACP_PEOPLE_CREATE_DL6.clone().into(), IDM_ACP_PEOPLE_CREATE_DL6.clone().into(),
IDM_ACP_GROUP_MANAGE_DL6.clone().into(), IDM_ACP_GROUP_MANAGE_DL6.clone().into(),
// Update anonymous with the correct entry manager,
BUILTIN_ACCOUNT_ANONYMOUS_DL6.clone().into(),
]; ];
idm_access_controls idm_access_controls