Add and implement basic NssGroupsByMember call

2025-02-23 20:47:01 +01:00 · 2024-12-29 21:29:28 -08:00 · 2024-12-29 21:29:28 -08:00 · 685746796e
parent 227853f8cd
commit 685746796e
3 changed files with 28 additions and 0 deletions
--- a/unix_integration/common/src/unix_proto.rs
+++ b/unix_integration/common/src/unix_proto.rs
@ -121,6 +121,7 @@ pub enum ClientRequest {
    NssGroups,
    NssGroupByGid(u32),
    NssGroupByName(String),
+    NssGroupsByMember(String),
    PamAuthenticateInit {
        account_id: String,
        info: PamServiceInfo,
@ -144,6 +145,7 @@ impl ClientRequest {
            ClientRequest::NssGroups => "NssGroups".to_string(),
            ClientRequest::NssGroupByGid(id) => format!("NssGroupByGid({})", id),
            ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id),
+            ClientRequest::NssGroupsByMember(id) => format!("NssGroupsByMember({})", id),
            ClientRequest::PamAuthenticateInit { account_id, info } => format!(
                "PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}",
                account_id,
--- a/unix_integration/resolver/src/bin/kanidm_unixd.rs
+++ b/unix_integration/resolver/src/bin/kanidm_unixd.rs
@ -275,6 +275,14 @@ async fn handle_client(
                    error!("unable to load group, returning empty.");
                    ClientResponse::NssGroup(None)
                }),
+            ClientRequest::NssGroupsByMember(account_id) => cachelayer
+                .get_nssgroups_member_name(account_id.as_str())
+                .await
+                .map(ClientResponse::NssGroups)
+                .unwrap_or_else(|_| {
+                    error!("unable to enum groups");
+                    ClientResponse::NssGroups(Vec::new())
+                }),
            ClientRequest::PamAuthenticateInit { account_id, info } => {
                match &pam_auth_session_state {
                    Some(_auth_session) => {
--- a/unix_integration/resolver/src/resolver.rs
+++ b/unix_integration/resolver/src/resolver.rs
@ -736,6 +736,24 @@ impl Resolver {
        Ok(r)
    }

+    pub async fn get_nssgroups_member(&self, account_id: Id) -> Result<Vec<NssGroup>, ()> {
+        let account = self.get_nssaccount(account_id).await?;
+        if let Some(account) = account {
+            Ok(self.get_nssgroups().await.
+                unwrap_or_else(|_| Vec::new())
+                .into_iter()
+                .filter(|g| g.members.contains(&account.name))
+                .collect())
+        } else {
+            Ok(Vec::new())
+        }
+    }
+
+    #[instrument(level = "debug", skip(self))]
+    pub async fn get_nssgroups_member_name(&self, account_id: &str) -> Result<Vec<NssGroup>, ()> {
+        self.get_nssgroups_member(Id::Name(account_id.to_string())).await
+    }
+
    async fn get_nssgroup(&self, grp_id: Id) -> Result<Option<NssGroup>, ()> {
        if let Some(mut nss_group) = self.system_provider.get_nssgroup(&grp_id).await {
            debug!("system provider satisfied request");