mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Add and implement basic NssGroupsByMember call

Browse source
This commit is contained in:
Doridian 2024-12-29 21:29:28 -08:00
parent 227853f8cd
commit 685746796e
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
unix_integration/common/src/unix_proto.rs
View file

@ -121,6 +121,7 @@ pub enum ClientRequest {
NssGroups, NssGroups,
NssGroupByGid(u32), NssGroupByGid(u32),
NssGroupByName(String), NssGroupByName(String),
NssGroupsByMember(String),
PamAuthenticateInit { PamAuthenticateInit {
account_id: String, account_id: String,
info: PamServiceInfo, info: PamServiceInfo,
@ -144,6 +145,7 @@ impl ClientRequest {
ClientRequest::NssGroups => "NssGroups".to_string(), ClientRequest::NssGroups => "NssGroups".to_string(),
ClientRequest::NssGroupByGid(id) => format!("NssGroupByGid({})", id), ClientRequest::NssGroupByGid(id) => format!("NssGroupByGid({})", id),
ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id), ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id),
ClientRequest::NssGroupsByMember(id) => format!("NssGroupsByMember({})", id),
ClientRequest::PamAuthenticateInit { account_id, info } => format!( ClientRequest::PamAuthenticateInit { account_id, info } => format!(
"PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}", "PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}",
account_id, account_id,

8
unix_integration/resolver/src/bin/kanidm_unixd.rs
View file

@ -275,6 +275,14 @@ async fn handle_client(
error!("unable to load group, returning empty."); error!("unable to load group, returning empty.");
ClientResponse::NssGroup(None) ClientResponse::NssGroup(None)
}), }),
ClientRequest::NssGroupsByMember(account_id) => cachelayer
.get_nssgroups_member_name(account_id.as_str())
.await
.map(ClientResponse::NssGroups)
.unwrap_or_else(|_| {
error!("unable to enum groups");
ClientResponse::NssGroups(Vec::new())
}),
ClientRequest::PamAuthenticateInit { account_id, info } => { ClientRequest::PamAuthenticateInit { account_id, info } => {
match &pam_auth_session_state { match &pam_auth_session_state {
Some(_auth_session) => { Some(_auth_session) => {

18
unix_integration/resolver/src/resolver.rs
View file

@ -736,6 +736,24 @@ impl Resolver {
Ok(r) Ok(r)
} }
pub async fn get_nssgroups_member(&self, account_id: Id) -> Result<Vec<NssGroup>, ()> {
let account = self.get_nssaccount(account_id).await?;
if let Some(account) = account {
Ok(self.get_nssgroups().await.
unwrap_or_else(|_| Vec::new())
.into_iter()
.filter(|g| g.members.contains(&account.name))
.collect())
} else {
Ok(Vec::new())
}
}
#[instrument(level = "debug", skip(self))]
pub async fn get_nssgroups_member_name(&self, account_id: &str) -> Result<Vec<NssGroup>, ()> {
self.get_nssgroups_member(Id::Name(account_id.to_string())).await
}
async fn get_nssgroup(&self, grp_id: Id) -> Result<Option<NssGroup>, ()> { async fn get_nssgroup(&self, grp_id: Id) -> Result<Option<NssGroup>, ()> {
if let Some(mut nss_group) = self.system_provider.get_nssgroup(&grp_id).await { if let Some(mut nss_group) = self.system_provider.get_nssgroup(&grp_id).await {
debug!("system provider satisfied request"); debug!("system provider satisfied request");