mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

62 idm qs cleanup (#419)

Browse source
This commit is contained in:
Firstyear 2021-04-25 11:35:02 +10:00 committed by GitHub
parent 8da89613e3
commit 6f222f6408
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 390 additions and 515 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
kanidmd/src/lib/access.rs
View file

@ -26,17 +26,15 @@ use std::cell::Cell;
use std::ops::DerefMut; use std::ops::DerefMut;
use uuid::Uuid; use uuid::Uuid;
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced, EntrySealed};
use crate::filter::{Filter, FilterValid, FilterValidResolved}; use crate::filter::{Filter, FilterValid, FilterValidResolved};
use crate::modify::Modify; use crate::modify::Modify;
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use crate::value::PartialValue; use crate::value::PartialValue;
use crate::event::{ use crate::event::{
CreateEvent, DeleteEvent, Event, EventOrigin, EventOriginId, ModifyEvent, SearchEvent, CreateEvent, DeleteEvent, Event, EventOrigin, EventOriginId, ModifyEvent, SearchEvent,
}; };
use smartstring::alias::String as AttrString;
// const ACP_RELATED_SEARCH_CACHE_MAX: usize = 2048; // const ACP_RELATED_SEARCH_CACHE_MAX: usize = 2048;
// const ACP_RELATED_SEARCH_CACHE_LOCAL: usize = 16; // const ACP_RELATED_SEARCH_CACHE_LOCAL: usize = 16;
@ -1456,16 +1454,8 @@ mod tests {
AccessControlCreate, AccessControlDelete, AccessControlModify, AccessControlProfile, AccessControlCreate, AccessControlDelete, AccessControlModify, AccessControlProfile,
AccessControlSearch, AccessControls, AccessControlsTransaction, AccessControlSearch, AccessControls, AccessControlsTransaction,
}; };
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced};
// use crate::server::QueryServerWriteTransaction;
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent, SearchEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent, SearchEvent};
// use crate::filter::Filter; use crate::prelude::*;
// use crate::proto_v1::Filter as ProtoFilter;
use crate::constants::{JSON_ADMIN_V1, JSON_ANONYMOUS_V1, JSON_TESTPERSON1, JSON_TESTPERSON2};
use crate::value::{PartialValue, Value};
use smartstring::alias::String as AttrString;
macro_rules! acp_from_entry_err { macro_rules! acp_from_entry_err {
( (

165
kanidmd/src/lib/actors/v1_read.rs
View file

@ -2,7 +2,7 @@ use tokio::sync::mpsc::UnboundedSender as Sender;
use std::sync::Arc; use std::sync::Arc;
use crate::audit::AuditScope; use crate::prelude::*;
use crate::event::{AuthEvent, AuthResult, SearchEvent, SearchResult, WhoamiResult}; use crate::event::{AuthEvent, AuthResult, SearchEvent, SearchResult, WhoamiResult};
use crate::idm::event::{ use crate::idm::event::{
@ -15,7 +15,6 @@ use kanidm_proto::v1::{OperationError, RadiusAuthToken};
use crate::filter::{Filter, FilterInvalid}; use crate::filter::{Filter, FilterInvalid};
use crate::idm::server::IdmServer; use crate::idm::server::IdmServer;
use crate::ldap::{LdapBoundToken, LdapResponseState, LdapServer}; use crate::ldap::{LdapBoundToken, LdapResponseState, LdapServer};
use crate::server::{QueryServer, QueryServerTransaction};
use kanidm_proto::v1::Entry as ProtoEntry; use kanidm_proto::v1::Entry as ProtoEntry;
use kanidm_proto::v1::{ use kanidm_proto::v1::{
@ -145,7 +144,6 @@ pub struct LdapRequestMessage {
pub struct QueryServerReadV1 { pub struct QueryServerReadV1 {
log: Sender<AuditScope>, log: Sender<AuditScope>,
log_level: Option<u32>, log_level: Option<u32>,
qs: QueryServer,
idms: Arc<IdmServer>, idms: Arc<IdmServer>,
ldap: Arc<LdapServer>, ldap: Arc<LdapServer>,
} }
@ -154,7 +152,6 @@ impl QueryServerReadV1 {
pub fn new( pub fn new(
log: Sender<AuditScope>, log: Sender<AuditScope>,
log_level: Option<u32>, log_level: Option<u32>,
qs: QueryServer,
idms: Arc<IdmServer>, idms: Arc<IdmServer>,
ldap: Arc<LdapServer>, ldap: Arc<LdapServer>,
) -> Self { ) -> Self {
@ -162,7 +159,6 @@ impl QueryServerReadV1 {
QueryServerReadV1 { QueryServerReadV1 {
log, log,
log_level, log_level,
qs,
idms, idms,
ldap, ldap,
} }
@ -171,17 +167,10 @@ impl QueryServerReadV1 {
pub fn start_static( pub fn start_static(
log: Sender<AuditScope>, log: Sender<AuditScope>,
log_level: Option<u32>, log_level: Option<u32>,
query_server: QueryServer,
idms: Arc<IdmServer>, idms: Arc<IdmServer>,
ldap: Arc<LdapServer>, ldap: Arc<LdapServer>,
) -> &'static Self { ) -> &'static Self {
let x = Box::new(QueryServerReadV1::new( let x = Box::new(QueryServerReadV1::new(log, log_level, idms, ldap));
log,
log_level,
query_server,
idms,
ldap,
));
let x_ref = Box::leak(x); let x_ref = Box::leak(x);
&(*x_ref) &(*x_ref)
@ -198,10 +187,10 @@ impl QueryServerReadV1 {
) -> Result<SearchResponse, OperationError> { ) -> Result<SearchResponse, OperationError> {
let mut audit = AuditScope::new("search", msg.eventid, self.log_level); let mut audit = AuditScope::new("search", msg.eventid, self.log_level);
// Begin a read // Begin a read
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<SearchMessage>", || { let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<SearchMessage>", || {
// Make an event from the request // Make an event from the request
let srch = match SearchEvent::from_message(&mut audit, &msg, &qs_read) { let srch = match SearchEvent::from_message(&mut audit, &msg, &idms_prox_read.qs_read) {
Ok(s) => s, Ok(s) => s,
Err(e) => { Err(e) => {
ladmin_error!(audit, "Failed to begin search: {:?}", e); ladmin_error!(audit, "Failed to begin search: {:?}", e);
@ -211,10 +200,9 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(entries) => { Ok(entries) => SearchResult::new(&mut audit, &idms_prox_read.qs_read, &entries)
SearchResult::new(&mut audit, &qs_read, &entries).map(|ok_sr| ok_sr.response()) .map(|ok_sr| ok_sr.response()),
}
Err(e) => Err(e), Err(e) => Err(e),
} }
}); });
@ -232,7 +220,7 @@ impl QueryServerReadV1 {
// the credentials provided is sufficient to say if someone is // the credentials provided is sufficient to say if someone is
// "authenticated" or not. // "authenticated" or not.
let mut audit = AuditScope::new("auth", msg.eventid, self.log_level); let mut audit = AuditScope::new("auth", msg.eventid, self.log_level);
let mut idm_write = self.idms.write_async().await; let mut idm_auth = self.idms.auth_async().await;
// let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<AuthMessage>", || { // let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<AuthMessage>", || {
lsecurity!(audit, "Begin auth event {:?}", msg); lsecurity!(audit, "Begin auth event {:?}", msg);
@ -254,14 +242,14 @@ impl QueryServerReadV1 {
// Trigger a session clean *before* we take any auth steps. // Trigger a session clean *before* we take any auth steps.
// It's important to do this before to ensure that timeouts on // It's important to do this before to ensure that timeouts on
// the session are enforced. // the session are enforced.
idm_write.expire_auth_sessions(ct).await; idm_auth.expire_auth_sessions(ct).await;
// Generally things like auth denied are in Ok() msgs // Generally things like auth denied are in Ok() msgs
// so true errors should always trigger a rollback. // so true errors should always trigger a rollback.
let res = idm_write let res = idm_auth
.auth(&mut audit, &ae, ct) .auth(&mut audit, &ae, ct)
.await .await
.and_then(|r| idm_write.commit(&mut audit).map(|_| r)); .and_then(|r| idm_auth.commit(&mut audit).map(|_| r));
lsecurity!(audit, "Sending auth result -> {:?}", res); lsecurity!(audit, "Sending auth result -> {:?}", res);
// Build the result. // Build the result.
@ -283,7 +271,7 @@ impl QueryServerReadV1 {
let mut audit = AuditScope::new("whoami", msg.eventid, self.log_level); let mut audit = AuditScope::new("whoami", msg.eventid, self.log_level);
// TODO #62: Move this to IdmServer!!! // TODO #62: Move this to IdmServer!!!
// Begin a read // Begin a read
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<WhoamiMessage>", || { let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<WhoamiMessage>", || {
// Make an event from the whoami request. This will process the event and // Make an event from the whoami request. This will process the event and
// generate a selfuuid search. // generate a selfuuid search.
@ -294,18 +282,21 @@ impl QueryServerReadV1 {
// this far. // this far.
let uat = msg.uat.clone().ok_or(OperationError::NotAuthenticated)?; let uat = msg.uat.clone().ok_or(OperationError::NotAuthenticated)?;
let srch = let srch = match SearchEvent::from_whoami_request(
match SearchEvent::from_whoami_request(&mut audit, msg.uat.as_ref(), &qs_read) { &mut audit,
Ok(s) => s, msg.uat.as_ref(),
Err(e) => { &idms_prox_read.qs_read,
ladmin_error!(audit, "Failed to begin whoami: {:?}", e); ) {
return Err(e); Ok(s) => s,
} Err(e) => {
}; ladmin_error!(audit, "Failed to begin whoami: {:?}", e);
return Err(e);
}
};
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(mut entries) => { Ok(mut entries) => {
// assert there is only one ... // assert there is only one ...
match entries.len() { match entries.len() {
@ -314,7 +305,7 @@ impl QueryServerReadV1 {
#[allow(clippy::expect_used)] #[allow(clippy::expect_used)]
let e = entries.pop().expect("Entry length mismatch!!!"); let e = entries.pop().expect("Entry length mismatch!!!");
// Now convert to a response, and return // Now convert to a response, and return
WhoamiResult::new(&mut audit, &qs_read, &e, uat) WhoamiResult::new(&mut audit, &idms_prox_read.qs_read, &e, uat)
.map(|ok_wr| ok_wr.response()) .map(|ok_wr| ok_wr.response())
} }
// Somehow we matched multiple, which should be impossible. // Somehow we matched multiple, which should be impossible.
@ -339,13 +330,17 @@ impl QueryServerReadV1 {
msg: InternalSearchMessage, msg: InternalSearchMessage,
) -> Result<Vec<ProtoEntry>, OperationError> { ) -> Result<Vec<ProtoEntry>, OperationError> {
let mut audit = AuditScope::new("internal_search_message", msg.eventid, self.log_level); let mut audit = AuditScope::new("internal_search_message", msg.eventid, self.log_level);
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalSearchMessage>", "actors::v1_read::handle<InternalSearchMessage>",
|| { || {
// Make an event from the request // Make an event from the request
let srch = match SearchEvent::from_internal_message(&mut audit, msg, &qs_read) { let srch = match SearchEvent::from_internal_message(
&mut audit,
msg,
&idms_prox_read.qs_read,
) {
Ok(s) => s, Ok(s) => s,
Err(e) => { Err(e) => {
ladmin_error!(audit, "Failed to begin internal api search: {:?}", e); ladmin_error!(audit, "Failed to begin internal api search: {:?}", e);
@ -355,8 +350,8 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(entries) => SearchResult::new(&mut audit, &qs_read, &entries) Ok(entries) => SearchResult::new(&mut audit, &idms_prox_read.qs_read, &entries)
.map(|ok_sr| ok_sr.into_proto_array()), .map(|ok_sr| ok_sr.into_proto_array()),
Err(e) => Err(e), Err(e) => Err(e),
} }
@ -378,26 +373,29 @@ impl QueryServerReadV1 {
msg.eventid, msg.eventid,
self.log_level, self.log_level,
); );
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalSearchRecycledMessage>", "actors::v1_read::handle<InternalSearchRecycledMessage>",
|| { || {
// Make an event from the request // Make an event from the request
let srch = let srch = match SearchEvent::from_internal_recycle_message(
match SearchEvent::from_internal_recycle_message(&mut audit, msg, &qs_read) { &mut audit,
Ok(s) => s, msg,
Err(e) => { &idms_prox_read.qs_read,
ladmin_error!(audit, "Failed to begin recycled search: {:?}", e); ) {
return Err(e); Ok(s) => s,
} Err(e) => {
}; ladmin_error!(audit, "Failed to begin recycled search: {:?}", e);
return Err(e);
}
};
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(entries) => SearchResult::new(&mut audit, &qs_read, &entries) Ok(entries) => SearchResult::new(&mut audit, &idms_prox_read.qs_read, &entries)
.map(|ok_sr| ok_sr.into_proto_array()), .map(|ok_sr| ok_sr.into_proto_array()),
Err(e) => Err(e), Err(e) => Err(e),
} }
@ -416,12 +414,13 @@ impl QueryServerReadV1 {
) -> Result<Option<String>, OperationError> { ) -> Result<Option<String>, OperationError> {
let mut audit = let mut audit =
AuditScope::new("internal_radius_read_message", msg.eventid, self.log_level); AuditScope::new("internal_radius_read_message", msg.eventid, self.log_level);
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalRadiusReadMessage>", "actors::v1_read::handle<InternalRadiusReadMessage>",
|| { || {
let target_uuid = qs_read let target_uuid = idms_prox_read
.qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
ladmin_error!(&mut audit, "Error resolving id to target"); ladmin_error!(&mut audit, "Error resolving id to target");
@ -433,7 +432,7 @@ impl QueryServerReadV1 {
&mut audit, &mut audit,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
&qs_read, &idms_prox_read.qs_read,
) { ) {
Ok(s) => s, Ok(s) => s,
Err(e) => { Err(e) => {
@ -445,7 +444,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
// We have to use search_ext to guarantee acs was applied. // We have to use search_ext to guarantee acs was applied.
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(mut entries) => { Ok(mut entries) => {
let r = entries let r = entries
.pop() .pop()
@ -476,13 +475,13 @@ impl QueryServerReadV1 {
msg.eventid, msg.eventid,
self.log_level, self.log_level,
); );
let mut idm_read = self.idms.proxy_read_async().await; let mut idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalRadiusTokenReadMessage>", "actors::v1_read::handle<InternalRadiusTokenReadMessage>",
|| { || {
let target_uuid = idm_read let target_uuid = idms_prox_read
.qs_read .qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
@ -493,7 +492,7 @@ impl QueryServerReadV1 {
// Make an event from the request // Make an event from the request
let rate = match RadiusAuthTokenEvent::from_parts( let rate = match RadiusAuthTokenEvent::from_parts(
&mut audit, &mut audit,
&idm_read.qs_read, &idms_prox_read.qs_read,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
) { ) {
@ -513,7 +512,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", rate); ltrace!(audit, "Begin event {:?}", rate);
idm_read.get_radiusauthtoken(&mut audit, &rate, ct) idms_prox_read.get_radiusauthtoken(&mut audit, &rate, ct)
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -532,13 +531,13 @@ impl QueryServerReadV1 {
msg.eventid, msg.eventid,
self.log_level, self.log_level,
); );
let mut idm_read = self.idms.proxy_read_async().await; let mut idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalUnixUserTokenReadMessage>", "actors::v1_read::handle<InternalUnixUserTokenReadMessage>",
|| { || {
let target_uuid = idm_read let target_uuid = idms_prox_read
.qs_read .qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
@ -554,7 +553,7 @@ impl QueryServerReadV1 {
// Make an event from the request // Make an event from the request
let rate = match UnixUserTokenEvent::from_parts( let rate = match UnixUserTokenEvent::from_parts(
&mut audit, &mut audit,
&idm_read.qs_read, &idms_prox_read.qs_read,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
) { ) {
@ -574,7 +573,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", rate); ltrace!(audit, "Begin event {:?}", rate);
idm_read.get_unixusertoken(&mut audit, &rate, ct) idms_prox_read.get_unixusertoken(&mut audit, &rate, ct)
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -593,12 +592,12 @@ impl QueryServerReadV1 {
msg.eventid, msg.eventid,
self.log_level, self.log_level,
); );
let mut idm_read = self.idms.proxy_read_async().await; let mut idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalUnixGroupTokenReadMessage>", "actors::v1_read::handle<InternalUnixGroupTokenReadMessage>",
|| { || {
let target_uuid = idm_read let target_uuid = idms_prox_read
.qs_read .qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
@ -609,7 +608,7 @@ impl QueryServerReadV1 {
// Make an event from the request // Make an event from the request
let rate = match UnixGroupTokenEvent::from_parts( let rate = match UnixGroupTokenEvent::from_parts(
&mut audit, &mut audit,
&idm_read.qs_read, &idms_prox_read.qs_read,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
) { ) {
@ -622,7 +621,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", rate); ltrace!(audit, "Begin event {:?}", rate);
idm_read.get_unixgrouptoken(&mut audit, &rate) idms_prox_read.get_unixgrouptoken(&mut audit, &rate)
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -638,12 +637,13 @@ impl QueryServerReadV1 {
) -> Result<Vec<String>, OperationError> { ) -> Result<Vec<String>, OperationError> {
let mut audit = let mut audit =
AuditScope::new("internal_sshkey_read_message", msg.eventid, self.log_level); AuditScope::new("internal_sshkey_read_message", msg.eventid, self.log_level);
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalSshKeyReadMessage>", "actors::v1_read::handle<InternalSshKeyReadMessage>",
|| { || {
let target_uuid = qs_read let target_uuid = idms_prox_read
.qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
ladmin_error!(&mut audit, "Error resolving id to target"); ladmin_error!(&mut audit, "Error resolving id to target");
@ -655,7 +655,7 @@ impl QueryServerReadV1 {
&mut audit, &mut audit,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
&qs_read, &idms_prox_read.qs_read,
) { ) {
Ok(s) => s, Ok(s) => s,
Err(e) => { Err(e) => {
@ -666,7 +666,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(mut entries) => { Ok(mut entries) => {
let r = entries let r = entries
.pop() .pop()
@ -705,12 +705,13 @@ impl QueryServerReadV1 {
} = msg; } = msg;
let mut audit = let mut audit =
AuditScope::new("internal_sshkey_tag_read_message", eventid, self.log_level); AuditScope::new("internal_sshkey_tag_read_message", eventid, self.log_level);
let qs_read = self.qs.read_async().await; let idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<InternalSshKeyTagReadMessage>", "actors::v1_read::handle<InternalSshKeyTagReadMessage>",
|| { || {
let target_uuid = qs_read let target_uuid = idms_prox_read
.qs_read
.name_to_uuid(&mut audit, uuid_or_name.as_str()) .name_to_uuid(&mut audit, uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
ladmin_info!(&mut audit, "Error resolving id to target"); ladmin_info!(&mut audit, "Error resolving id to target");
@ -722,7 +723,7 @@ impl QueryServerReadV1 {
&mut audit, &mut audit,
uat.as_ref(), uat.as_ref(),
target_uuid, target_uuid,
&qs_read, &idms_prox_read.qs_read,
) { ) {
Ok(s) => s, Ok(s) => s,
Err(e) => { Err(e) => {
@ -733,7 +734,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", srch); ltrace!(audit, "Begin event {:?}", srch);
match qs_read.search_ext(&mut audit, &srch) { match idms_prox_read.qs_read.search_ext(&mut audit, &srch) {
Ok(mut entries) => { Ok(mut entries) => {
let r = entries let r = entries
.pop() .pop()
@ -771,10 +772,10 @@ impl QueryServerReadV1 {
msg: IdmAccountUnixAuthMessage, msg: IdmAccountUnixAuthMessage,
) -> Result<Option<UnixUserToken>, OperationError> { ) -> Result<Option<UnixUserToken>, OperationError> {
let mut audit = AuditScope::new("idm_account_unix_auth", msg.eventid, self.log_level); let mut audit = AuditScope::new("idm_account_unix_auth", msg.eventid, self.log_level);
let mut idm_write = self.idms.write_async().await; let mut idm_auth = self.idms.auth_async().await;
// let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<IdmAccountUnixAuthMessage>", || { // let res = lperf_op_segment!(&mut audit, "actors::v1_read::handle<IdmAccountUnixAuthMessage>", || {
// resolve the id // resolve the id
let target_uuid = idm_write let target_uuid = idm_auth
.qs_read .qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
@ -784,7 +785,7 @@ impl QueryServerReadV1 {
// Make an event from the request // Make an event from the request
let uuae = match UnixUserAuthEvent::from_parts( let uuae = match UnixUserAuthEvent::from_parts(
&mut audit, &mut audit,
&idm_write.qs_read, &idm_auth.qs_read,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
msg.cred, msg.cred,
@ -805,10 +806,10 @@ impl QueryServerReadV1 {
OperationError::InvalidState OperationError::InvalidState
})?; })?;
let res = idm_write let res = idm_auth
.auth_unix(&mut audit, &uuae, ct) .auth_unix(&mut audit, &uuae, ct)
.await .await
.and_then(|r| idm_write.commit(&mut audit).map(|_| r)); .and_then(|r| idm_auth.commit(&mut audit).map(|_| r));
lsecurity!(audit, "Sending result -> {:?}", res); lsecurity!(audit, "Sending result -> {:?}", res);
// res // res
@ -826,13 +827,13 @@ impl QueryServerReadV1 {
) -> Result<CredentialStatus, OperationError> { ) -> Result<CredentialStatus, OperationError> {
let mut audit = let mut audit =
AuditScope::new("idm_credential_status_message", msg.eventid, self.log_level); AuditScope::new("idm_credential_status_message", msg.eventid, self.log_level);
let mut idm_read = self.idms.proxy_read_async().await; let mut idms_prox_read = self.idms.proxy_read_async().await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_read::handle<IdmCredentialStatusMessage>", "actors::v1_read::handle<IdmCredentialStatusMessage>",
|| { || {
let target_uuid = idm_read let target_uuid = idms_prox_read
.qs_read .qs_read
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
@ -843,7 +844,7 @@ impl QueryServerReadV1 {
// Make an event from the request // Make an event from the request
let cse = match CredentialStatusEvent::from_parts( let cse = match CredentialStatusEvent::from_parts(
&mut audit, &mut audit,
&idm_read.qs_read, &idms_prox_read.qs_read,
msg.uat.as_ref(), msg.uat.as_ref(),
target_uuid, target_uuid,
) { ) {
@ -856,7 +857,7 @@ impl QueryServerReadV1 {
ltrace!(audit, "Begin event {:?}", cse); ltrace!(audit, "Begin event {:?}", cse);
idm_read.get_credentialstatus(&mut audit, &cse) idms_prox_read.get_credentialstatus(&mut audit, &cse)
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {

190
kanidmd/src/lib/actors/v1_write.rs
View file

@ -1,8 +1,9 @@
use crate::audit::AuditScope;
use std::iter; use std::iter;
use std::sync::Arc; use std::sync::Arc;
use tokio::sync::mpsc::UnboundedSender as Sender; use tokio::sync::mpsc::UnboundedSender as Sender;
use crate::prelude::*;
use crate::event::{ use crate::event::{
CreateEvent, DeleteEvent, ModifyEvent, PurgeRecycledEvent, PurgeTombstoneEvent, CreateEvent, DeleteEvent, ModifyEvent, PurgeRecycledEvent, PurgeTombstoneEvent,
ReviveRecycledEvent, ReviveRecycledEvent,
@ -19,7 +20,6 @@ use kanidm_proto::v1::OperationError;
use crate::filter::{Filter, FilterInvalid}; use crate::filter::{Filter, FilterInvalid};
use crate::idm::delayed::DelayedAction; use crate::idm::delayed::DelayedAction;
use crate::idm::server::IdmServer; use crate::idm::server::IdmServer;
use crate::server::{QueryServer, QueryServerTransaction};
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
use kanidm_proto::v1::Entry as ProtoEntry; use kanidm_proto::v1::Entry as ProtoEntry;
@ -242,22 +242,15 @@ pub struct SetAttributeMessage {
pub struct QueryServerWriteV1 { pub struct QueryServerWriteV1 {
log: Sender<AuditScope>, log: Sender<AuditScope>,
log_level: Option<u32>, log_level: Option<u32>,
qs: QueryServer,
idms: Arc<IdmServer>, idms: Arc<IdmServer>,
} }
impl QueryServerWriteV1 { impl QueryServerWriteV1 {
pub fn new( pub fn new(log: Sender<AuditScope>, log_level: Option<u32>, idms: Arc<IdmServer>) -> Self {
log: Sender<AuditScope>,
log_level: Option<u32>,
qs: QueryServer,
idms: Arc<IdmServer>,
) -> Self {
info!("Starting query server v1 worker ..."); info!("Starting query server v1 worker ...");
QueryServerWriteV1 { QueryServerWriteV1 {
log, log,
log_level, log_level,
qs,
idms, idms,
} }
} }
@ -265,10 +258,9 @@ impl QueryServerWriteV1 {
pub fn start_static( pub fn start_static(
log: Sender<AuditScope>, log: Sender<AuditScope>,
log_level: Option<u32>, log_level: Option<u32>,
query_server: QueryServer,
idms: Arc<IdmServer>, idms: Arc<IdmServer>,
) -> &'static QueryServerWriteV1 { ) -> &'static QueryServerWriteV1 {
let x = Box::new(QueryServerWriteV1::new(log, log_level, query_server, idms)); let x = Box::new(QueryServerWriteV1::new(log, log_level, idms));
let x_ptr = Box::leak(x); let x_ptr = Box::leak(x);
&(*x_ptr) &(*x_ptr)
@ -283,12 +275,15 @@ impl QueryServerWriteV1 {
proto_ml: &ProtoModifyList, proto_ml: &ProtoModifyList,
filter: Filter<FilterInvalid>, filter: Filter<FilterInvalid>,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
lperf_op_segment!(audit, audit_tag, || { lperf_op_segment!(audit, audit_tag, || {
let target_uuid = qs_write.name_to_uuid(audit, uuid_or_name).map_err(|e| { let target_uuid = idms_prox_write
ladmin_error!(audit, "Error resolving id to target"); .qs_write
e .name_to_uuid(audit, uuid_or_name)
})?; .map_err(|e| {
ladmin_error!(audit, "Error resolving id to target");
e
})?;
let mdf = match ModifyEvent::from_parts( let mdf = match ModifyEvent::from_parts(
audit, audit,
@ -296,7 +291,7 @@ impl QueryServerWriteV1 {
target_uuid, target_uuid,
proto_ml, proto_ml,
filter, filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(m) => m, Ok(m) => m,
Err(e) => { Err(e) => {
@ -307,9 +302,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin modify event {:?}", mdf); ltrace!(audit, "Begin modify event {:?}", mdf);
qs_write idms_prox_write
.qs_write
.modify(audit, &mdf) .modify(audit, &mdf)
.and_then(|_| qs_write.commit(audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(audit).map(|_| ()))
}) })
} }
@ -322,12 +318,15 @@ impl QueryServerWriteV1 {
ml: &ModifyList<ModifyInvalid>, ml: &ModifyList<ModifyInvalid>,
filter: Filter<FilterInvalid>, filter: Filter<FilterInvalid>,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
lperf_op_segment!(audit, audit_tag, || { lperf_op_segment!(audit, audit_tag, || {
let target_uuid = qs_write.name_to_uuid(audit, uuid_or_name).map_err(|e| { let target_uuid = idms_prox_write
ladmin_error!(audit, "Error resolving id to target"); .qs_write
e .name_to_uuid(audit, uuid_or_name)
})?; .map_err(|e| {
ladmin_error!(audit, "Error resolving id to target");
e
})?;
let mdf = match ModifyEvent::from_internal_parts( let mdf = match ModifyEvent::from_internal_parts(
audit, audit,
@ -335,7 +334,7 @@ impl QueryServerWriteV1 {
target_uuid, target_uuid,
ml, ml,
filter, filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(m) => m, Ok(m) => m,
Err(e) => { Err(e) => {
@ -346,9 +345,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin modify event {:?}", mdf); ltrace!(audit, "Begin modify event {:?}", mdf);
qs_write idms_prox_write
.qs_write
.modify(audit, &mdf) .modify(audit, &mdf)
.and_then(|_| qs_write.commit(audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(audit).map(|_| ()))
}) })
} }
@ -357,24 +357,30 @@ impl QueryServerWriteV1 {
msg: CreateMessage, msg: CreateMessage,
) -> Result<OperationResponse, OperationError> { ) -> Result<OperationResponse, OperationError> {
let mut audit = AuditScope::new("create", msg.eventid, self.log_level); let mut audit = AuditScope::new("create", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<CreateMessage>", "actors::v1_write::handle<CreateMessage>",
|| { || {
let crt = match CreateEvent::from_message(&mut audit, &msg, &qs_write) { let crt =
Ok(c) => c, match CreateEvent::from_message(&mut audit, &msg, &idms_prox_write.qs_write) {
Err(e) => { Ok(c) => c,
ladmin_warning!(audit, "Failed to begin create: {:?}", e); Err(e) => {
return Err(e); ladmin_warning!(audit, "Failed to begin create: {:?}", e);
} return Err(e);
}; }
};
ltrace!(audit, "Begin create event {:?}", crt); ltrace!(audit, "Begin create event {:?}", crt);
qs_write idms_prox_write
.qs_write
.create(&mut audit, &crt) .create(&mut audit, &crt)
.and_then(|_| qs_write.commit(&mut audit).map(|_| OperationResponse {})) .and_then(|_| {
idms_prox_write
.commit(&mut audit)
.map(|_| OperationResponse {})
})
} }
); );
// At the end of the event we send it for logging. // At the end of the event we send it for logging.
@ -390,24 +396,30 @@ impl QueryServerWriteV1 {
msg: ModifyMessage, msg: ModifyMessage,
) -> Result<OperationResponse, OperationError> { ) -> Result<OperationResponse, OperationError> {
let mut audit = AuditScope::new("modify", msg.eventid, self.log_level); let mut audit = AuditScope::new("modify", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_segment!( let res = lperf_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<ModifyMessage>", "actors::v1_write::handle<ModifyMessage>",
|| { || {
let mdf = match ModifyEvent::from_message(&mut audit, &msg, &qs_write) { let mdf =
Ok(m) => m, match ModifyEvent::from_message(&mut audit, &msg, &idms_prox_write.qs_write) {
Err(e) => { Ok(m) => m,
ladmin_error!(audit, "Failed to begin modify: {:?}", e); Err(e) => {
return Err(e); ladmin_error!(audit, "Failed to begin modify: {:?}", e);
} return Err(e);
}; }
};
ltrace!(audit, "Begin modify event {:?}", mdf); ltrace!(audit, "Begin modify event {:?}", mdf);
qs_write idms_prox_write
.qs_write
.modify(&mut audit, &mdf) .modify(&mut audit, &mdf)
.and_then(|_| qs_write.commit(&mut audit).map(|_| OperationResponse {})) .and_then(|_| {
idms_prox_write
.commit(&mut audit)
.map(|_| OperationResponse {})
})
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -422,24 +434,30 @@ impl QueryServerWriteV1 {
msg: DeleteMessage, msg: DeleteMessage,
) -> Result<OperationResponse, OperationError> { ) -> Result<OperationResponse, OperationError> {
let mut audit = AuditScope::new("delete", msg.eventid, self.log_level); let mut audit = AuditScope::new("delete", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<DeleteMessage>", "actors::v1_write::handle<DeleteMessage>",
|| { || {
let del = match DeleteEvent::from_message(&mut audit, &msg, &qs_write) { let del =
Ok(d) => d, match DeleteEvent::from_message(&mut audit, &msg, &idms_prox_write.qs_write) {
Err(e) => { Ok(d) => d,
ladmin_error!(audit, "Failed to begin delete: {:?}", e); Err(e) => {
return Err(e); ladmin_error!(audit, "Failed to begin delete: {:?}", e);
} return Err(e);
}; }
};
ltrace!(audit, "Begin delete event {:?}", del); ltrace!(audit, "Begin delete event {:?}", del);
qs_write idms_prox_write
.qs_write
.delete(&mut audit, &del) .delete(&mut audit, &del)
.and_then(|_| qs_write.commit(&mut audit).map(|_| OperationResponse {})) .and_then(|_| {
idms_prox_write
.commit(&mut audit)
.map(|_| OperationResponse {})
})
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -454,7 +472,7 @@ impl QueryServerWriteV1 {
msg: InternalDeleteMessage, msg: InternalDeleteMessage,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let mut audit = AuditScope::new("internal_delete", msg.eventid, self.log_level); let mut audit = AuditScope::new("internal_delete", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<InternalDeleteMessage>", "actors::v1_write::handle<InternalDeleteMessage>",
@ -463,7 +481,7 @@ impl QueryServerWriteV1 {
&mut audit, &mut audit,
msg.uat.as_ref(), msg.uat.as_ref(),
&msg.filter, &msg.filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(d) => d, Ok(d) => d,
Err(e) => { Err(e) => {
@ -474,9 +492,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin delete event {:?}", del); ltrace!(audit, "Begin delete event {:?}", del);
qs_write idms_prox_write
.qs_write
.delete(&mut audit, &del) .delete(&mut audit, &del)
.and_then(|_| qs_write.commit(&mut audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(&mut audit).map(|_| ()))
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -491,7 +510,7 @@ impl QueryServerWriteV1 {
msg: ReviveRecycledMessage, msg: ReviveRecycledMessage,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let mut audit = AuditScope::new("revive", msg.eventid, self.log_level); let mut audit = AuditScope::new("revive", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<ReviveRecycledMessage>", "actors::v1_write::handle<ReviveRecycledMessage>",
@ -500,7 +519,7 @@ impl QueryServerWriteV1 {
&mut audit, &mut audit,
msg.uat.as_ref(), msg.uat.as_ref(),
&msg.filter, &msg.filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
@ -511,9 +530,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin revive event {:?}", rev); ltrace!(audit, "Begin revive event {:?}", rev);
qs_write idms_prox_write
.qs_write
.revive_recycled(&mut audit, &rev) .revive_recycled(&mut audit, &rev)
.and_then(|_| qs_write.commit(&mut audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(&mut audit).map(|_| ()))
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -823,12 +843,13 @@ impl QueryServerWriteV1 {
msg: PurgeAttributeMessage, msg: PurgeAttributeMessage,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let mut audit = AuditScope::new("purge_attribute", msg.eventid, self.log_level); let mut audit = AuditScope::new("purge_attribute", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<PurgeAttributeMessage>", "actors::v1_write::handle<PurgeAttributeMessage>",
|| { || {
let target_uuid = qs_write let target_uuid = idms_prox_write
.qs_write
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
ladmin_error!(audit, "Error resolving id to target"); ladmin_error!(audit, "Error resolving id to target");
@ -841,7 +862,7 @@ impl QueryServerWriteV1 {
target_uuid, target_uuid,
&msg.attr, &msg.attr,
msg.filter, msg.filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(m) => m, Ok(m) => m,
Err(e) => { Err(e) => {
@ -852,9 +873,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin modify event {:?}", mdf); ltrace!(audit, "Begin modify event {:?}", mdf);
qs_write idms_prox_write
.qs_write
.modify(&mut audit, &mdf) .modify(&mut audit, &mdf)
.and_then(|_| qs_write.commit(&mut audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(&mut audit).map(|_| ()))
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -869,12 +891,13 @@ impl QueryServerWriteV1 {
msg: RemoveAttributeValueMessage, msg: RemoveAttributeValueMessage,
) -> Result<(), OperationError> { ) -> Result<(), OperationError> {
let mut audit = AuditScope::new("remove_attribute_value", msg.eventid, self.log_level); let mut audit = AuditScope::new("remove_attribute_value", msg.eventid, self.log_level);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
let res = lperf_op_segment!( let res = lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<RemoveAttributeValueMessage>", "actors::v1_write::handle<RemoveAttributeValueMessage>",
|| { || {
let target_uuid = qs_write let target_uuid = idms_prox_write
.qs_write
.name_to_uuid(&mut audit, msg.uuid_or_name.as_str()) .name_to_uuid(&mut audit, msg.uuid_or_name.as_str())
.map_err(|e| { .map_err(|e| {
ladmin_error!(audit, "Error resolving id to target"); ladmin_error!(audit, "Error resolving id to target");
@ -890,7 +913,7 @@ impl QueryServerWriteV1 {
target_uuid, target_uuid,
&proto_ml, &proto_ml,
msg.filter, msg.filter,
&qs_write, &idms_prox_write.qs_write,
) { ) {
Ok(m) => m, Ok(m) => m,
Err(e) => { Err(e) => {
@ -901,9 +924,10 @@ impl QueryServerWriteV1 {
ltrace!(audit, "Begin modify event {:?}", mdf); ltrace!(audit, "Begin modify event {:?}", mdf);
qs_write idms_prox_write
.qs_write
.modify(&mut audit, &mdf) .modify(&mut audit, &mdf)
.and_then(|_| qs_write.commit(&mut audit).map(|_| ())) .and_then(|_| idms_prox_write.commit(&mut audit).map(|_| ()))
} }
); );
self.log.send(audit).map_err(|_| { self.log.send(audit).map_err(|_| {
@ -1219,15 +1243,16 @@ impl QueryServerWriteV1 {
let mut audit = AuditScope::new("purge tombstones", msg.eventid, self.log_level); let mut audit = AuditScope::new("purge tombstones", msg.eventid, self.log_level);
ltrace!(audit, "Begin purge tombstone event {:?}", msg); ltrace!(audit, "Begin purge tombstone event {:?}", msg);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
lperf_op_segment!( lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<PurgeTombstoneEvent>", "actors::v1_write::handle<PurgeTombstoneEvent>",
|| { || {
let res = qs_write let res = idms_prox_write
.qs_write
.purge_tombstones(&mut audit) .purge_tombstones(&mut audit)
.and_then(|_| qs_write.commit(&mut audit)); .and_then(|_| idms_prox_write.commit(&mut audit));
ladmin_info!(audit, "Purge tombstones result: {:?}", res); ladmin_info!(audit, "Purge tombstones result: {:?}", res);
#[allow(clippy::expect_used)] #[allow(clippy::expect_used)]
res.expect("Invalid Server State"); res.expect("Invalid Server State");
@ -1242,14 +1267,15 @@ impl QueryServerWriteV1 {
pub(crate) async fn handle_purgerecycledevent(&self, msg: PurgeRecycledEvent) { pub(crate) async fn handle_purgerecycledevent(&self, msg: PurgeRecycledEvent) {
let mut audit = AuditScope::new("purge recycled", msg.eventid, self.log_level); let mut audit = AuditScope::new("purge recycled", msg.eventid, self.log_level);
ltrace!(audit, "Begin purge recycled event {:?}", msg); ltrace!(audit, "Begin purge recycled event {:?}", msg);
let qs_write = self.qs.write_async(duration_from_epoch_now()).await; let idms_prox_write = self.idms.proxy_write_async(duration_from_epoch_now()).await;
lperf_op_segment!( lperf_op_segment!(
&mut audit, &mut audit,
"actors::v1_write::handle<PurgeRecycledEvent>", "actors::v1_write::handle<PurgeRecycledEvent>",
|| { || {
let res = qs_write let res = idms_prox_write
.qs_write
.purge_recycled(&mut audit) .purge_recycled(&mut audit)
.and_then(|_| qs_write.commit(&mut audit)); .and_then(|_| idms_prox_write.commit(&mut audit));
ladmin_info!(audit, "Purge recycled result: {:?}", res); ladmin_info!(audit, "Purge recycled result: {:?}", res);
#[allow(clippy::expect_used)] #[allow(clippy::expect_used)]
res.expect("Invalid Server State"); res.expect("Invalid Server State");

15
kanidmd/src/lib/core/mod.rs
View file

@ -6,6 +6,8 @@ use libc::umask;
use std::sync::Arc; use std::sync::Arc;
use tokio::sync::mpsc::unbounded_channel as unbounded; use tokio::sync::mpsc::unbounded_channel as unbounded;
use crate::prelude::*;
use crate::config::Configuration; use crate::config::Configuration;
// SearchResult // SearchResult
@ -13,14 +15,12 @@ use crate::config::Configuration;
use crate::actors::v1_read::QueryServerReadV1; use crate::actors::v1_read::QueryServerReadV1;
use crate::actors::v1_write::QueryServerWriteV1; use crate::actors::v1_write::QueryServerWriteV1;
use crate::async_log; use crate::async_log;
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig, BackendTransaction, FsType}; use crate::be::{Backend, BackendConfig, BackendTransaction, FsType};
use crate::crypto::setup_tls; use crate::crypto::setup_tls;
use crate::idm::server::{IdmServer, IdmServerDelayed}; use crate::idm::server::{IdmServer, IdmServerDelayed};
use crate::interval::IntervalActor; use crate::interval::IntervalActor;
use crate::ldap::LdapServer; use crate::ldap::LdapServer;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
use crate::status::StatusActor; use crate::status::StatusActor;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
@ -491,7 +491,7 @@ pub async fn create_server_core(config: Configuration) -> Result<(), ()> {
} }
}; };
// Start the IDM server. // Start the IDM server.
let (qs, idms, mut idms_delayed) = match setup_qs_idms(&mut audit, be, schema, &config) { let (_qs, idms, mut idms_delayed) = match setup_qs_idms(&mut audit, be, schema, &config) {
Ok(t) => t, Ok(t) => t,
Err(e) => { Err(e) => {
audit.write_log(); audit.write_log();
@ -550,18 +550,13 @@ pub async fn create_server_core(config: Configuration) -> Result<(), ()> {
let server_read_ref = QueryServerReadV1::start_static( let server_read_ref = QueryServerReadV1::start_static(
log_tx.clone(), log_tx.clone(),
config.log_level, config.log_level,
qs.clone(),
idms_arc.clone(), idms_arc.clone(),
ldap_arc.clone(), ldap_arc.clone(),
); );
// Create the server async write entry point. // Create the server async write entry point.
let server_write_ref = QueryServerWriteV1::start_static( let server_write_ref =
log_tx.clone(), QueryServerWriteV1::start_static(log_tx.clone(), config.log_level, idms_arc.clone());
config.log_level,
qs.clone(),
idms_arc.clone(),
);
tokio::spawn(async move { tokio::spawn(async move {
idms_delayed.process_all(server_write_ref).await; idms_delayed.process_all(server_write_ref).await;

9
kanidmd/src/lib/entry.rs
View file

@ -26,16 +26,13 @@
//! [`filter`]: ../filter/index.html //! [`filter`]: ../filter/index.html
//! [`schema`]: ../schema/index.html //! [`schema`]: ../schema/index.html
use crate::audit::AuditScope;
use crate::credential::Credential; use crate::credential::Credential;
use crate::filter::{Filter, FilterInvalid, FilterResolved, FilterValidResolved}; use crate::filter::{Filter, FilterInvalid, FilterResolved, FilterValidResolved};
use crate::ldap::ldap_attr_entry_map; use crate::ldap::ldap_attr_entry_map;
use crate::modify::{Modify, ModifyInvalid, ModifyList, ModifyValid}; use crate::modify::{Modify, ModifyInvalid, ModifyList, ModifyValid};
use crate::prelude::*;
use crate::repl::cid::Cid; use crate::repl::cid::Cid;
use crate::schema::{SchemaAttribute, SchemaClass, SchemaTransaction}; use crate::schema::{SchemaAttribute, SchemaClass, SchemaTransaction};
use crate::server::{
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::{IndexType, SyntaxType}; use crate::value::{IndexType, SyntaxType};
use crate::value::{PartialValue, Value}; use crate::value::{PartialValue, Value};
use kanidm_proto::v1::Entry as ProtoEntry; use kanidm_proto::v1::Entry as ProtoEntry;
@ -91,6 +88,10 @@ lazy_static! {
static ref PVCLASS_RECYCLED: PartialValue = PartialValue::new_class("recycled"); static ref PVCLASS_RECYCLED: PartialValue = PartialValue::new_class("recycled");
} }
pub type EntrySealedCommitted = Entry<EntrySealed, EntryCommitted>;
pub type EntryInvalidCommitted = Entry<EntryInvalid, EntryCommitted>;
pub type EntryTuple = (EntrySealedCommitted, EntryInvalidCommitted);
// Entry should have a lifecycle of types. This is Raw (modifiable) and Entry (verified). // Entry should have a lifecycle of types. This is Raw (modifiable) and Entry (verified).
// This way, we can move between them, but only certain actions are possible on either // This way, we can move between them, but only certain actions are possible on either
// This means modifications happen on Raw, but to move to Entry, you schema normalise. // This means modifications happen on Raw, but to move to Entry, you schema normalise.

5
kanidmd/src/lib/event.rs
View file

@ -1,7 +1,7 @@
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced, EntrySealed};
use crate::filter::{Filter, FilterInvalid, FilterValid}; use crate::filter::{Filter, FilterInvalid, FilterValid};
use crate::idm::AuthState; use crate::idm::AuthState;
use crate::prelude::*;
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::value::PartialValue; use crate::value::PartialValue;
use kanidm_proto::v1::Entry as ProtoEntry; use kanidm_proto::v1::Entry as ProtoEntry;
@ -11,9 +11,6 @@ use kanidm_proto::v1::{
}; };
// use error::OperationError; // use error::OperationError;
use crate::modify::{ModifyInvalid, ModifyList, ModifyValid}; use crate::modify::{ModifyInvalid, ModifyList, ModifyValid};
use crate::server::{
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
use crate::actors::v1_read::{ use crate::actors::v1_read::{

10
kanidmd/src/lib/filter.rs
View file

@ -8,14 +8,11 @@
//! [`Filter`]: struct.Filter.html //! [`Filter`]: struct.Filter.html
//! [`Entry`]: ../entry/struct.Entry.html //! [`Entry`]: ../entry/struct.Entry.html
use crate::audit::AuditScope;
use crate::be::{IdxKey, IdxKeyRef, IdxKeyToRef, IdxMeta}; use crate::be::{IdxKey, IdxKeyRef, IdxKeyToRef, IdxMeta};
use crate::event::{Event, EventOriginId}; use crate::event::{Event, EventOriginId};
use crate::ldap::ldap_attr_filter_map; use crate::ldap::ldap_attr_filter_map;
use crate::prelude::*;
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::server::{
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::{IndexType, PartialValue}; use crate::value::{IndexType, PartialValue};
use hashbrown::HashSet; use hashbrown::HashSet;
use kanidm_proto::v1::Filter as ProtoFilter; use kanidm_proto::v1::Filter as ProtoFilter;
@ -1276,16 +1273,13 @@ impl FilterResolved {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::entry::{Entry, EntryInit, EntryNew, EntrySealed};
use crate::event::{CreateEvent, Event}; use crate::event::{CreateEvent, Event};
use crate::filter::{Filter, FilterInvalid, FILTER_DEPTH_MAX}; use crate::filter::{Filter, FilterInvalid, FILTER_DEPTH_MAX};
use crate::server::QueryServerTransaction; use crate::prelude::*;
use crate::value::{PartialValue, Value};
use std::cmp::{Ordering, PartialOrd}; use std::cmp::{Ordering, PartialOrd};
use std::collections::BTreeSet; use std::collections::BTreeSet;
use kanidm_proto::v1::Filter as ProtoFilter; use kanidm_proto::v1::Filter as ProtoFilter;
use kanidm_proto::v1::OperationError;
use ldap3_server::simple::LdapFilter; use ldap3_server::simple::LdapFilter;
#[test] #[test]

5
kanidmd/src/lib/idm/account.rs
View file

@ -1,10 +1,10 @@
use crate::entry::{Entry, EntryCommitted, EntryReduced, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryReduced, EntrySealed};
use kanidm_proto::v1::OperationError; use crate::prelude::*;
use kanidm_proto::v1::CredentialStatus; use kanidm_proto::v1::CredentialStatus;
use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::UserAuthToken; use kanidm_proto::v1::UserAuthToken;
use crate::audit::AuditScope;
use crate::constants::UUID_ANONYMOUS; use crate::constants::UUID_ANONYMOUS;
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::totp::TOTP; use crate::credential::totp::TOTP;
@ -12,7 +12,6 @@ use crate::credential::{softlock::CredSoftLockPolicy, Credential};
use crate::idm::claim::Claim; use crate::idm::claim::Claim;
use crate::idm::group::Group; use crate::idm::group::Group;
use crate::modify::{ModifyInvalid, ModifyList}; use crate::modify::{ModifyInvalid, ModifyList};
use crate::server::{QueryServerReadTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value}; use crate::value::{PartialValue, Value};
use std::time::Duration; use std::time::Duration;

6
kanidmd/src/lib/idm/authsession.rs
View file

@ -1,7 +1,7 @@
use crate::idm::account::Account; use crate::idm::account::Account;
use crate::idm::claim::Claim; use crate::idm::claim::Claim;
use crate::idm::AuthState; use crate::idm::AuthState;
use crate::{audit::AuditScope, value::Value}; use crate::prelude::*;
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::{AuthAllowed, AuthCredential, AuthMech}; use kanidm_proto::v1::{AuthAllowed, AuthCredential, AuthMech};
@ -726,8 +726,6 @@ impl AuthSession {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::audit::AuditScope;
use crate::constants::{JSON_ADMIN_V1, JSON_ANONYMOUS_V1};
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::totp::{TOTP, TOTP_DEFAULT_STEP}; use crate::credential::totp::{TOTP, TOTP_DEFAULT_STEP};
use crate::credential::webauthn::WebauthnDomainConfig; use crate::credential::webauthn::WebauthnDomainConfig;
@ -738,7 +736,7 @@ mod tests {
}; };
use crate::idm::delayed::DelayedAction; use crate::idm::delayed::DelayedAction;
use crate::idm::AuthState; use crate::idm::AuthState;
use crate::value::Value; use crate::prelude::*;
pub use std::collections::BTreeSet as Set; pub use std::collections::BTreeSet as Set;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;

3
kanidmd/src/lib/idm/event.rs
View file

@ -1,7 +1,6 @@
use crate::actors::v1_write::IdmAccountSetPasswordMessage; use crate::actors::v1_write::IdmAccountSetPasswordMessage;
use crate::audit::AuditScope;
use crate::event::Event; use crate::event::Event;
use crate::server::{QueryServerReadTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use uuid::Uuid; use uuid::Uuid;

5
kanidmd/src/lib/idm/group.rs
View file

@ -1,8 +1,5 @@
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryReduced, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryReduced, EntrySealed};
use crate::server::{ use crate::prelude::*;
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::PartialValue; use crate::value::PartialValue;
use kanidm_proto::v1::Group as ProtoGroup; use kanidm_proto::v1::Group as ProtoGroup;
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;

4
kanidmd/src/lib/idm/radius.rs
View file

@ -1,9 +1,9 @@
use crate::idm::group::Group; use crate::idm::group::Group;
use uuid::Uuid; use uuid::Uuid;
use crate::audit::AuditScope; use crate::prelude::*;
use crate::entry::{Entry, EntryCommitted, EntryReduced}; use crate::entry::{Entry, EntryCommitted, EntryReduced};
use crate::server::QueryServerReadTransaction;
use crate::value::PartialValue; use crate::value::PartialValue;
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::RadiusAuthToken; use kanidm_proto::v1::RadiusAuthToken;

199
kanidmd/src/lib/idm/server.rs
View file

@ -1,6 +1,3 @@
use crate::audit::AuditScope;
use crate::constants::{AUTH_SESSION_TIMEOUT, MFAREG_SESSION_TIMEOUT, PW_MIN_LENGTH};
use crate::constants::{UUID_ANONYMOUS, UUID_SYSTEM_CONFIG};
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::softlock::CredSoftLock; use crate::credential::softlock::CredSoftLock;
use crate::credential::webauthn::WebauthnDomainConfig; use crate::credential::webauthn::WebauthnDomainConfig;
@ -18,10 +15,8 @@ use crate::idm::radius::RadiusAccount;
use crate::idm::unix::{UnixGroup, UnixUserAccount}; use crate::idm::unix::{UnixGroup, UnixUserAccount};
use crate::idm::AuthState; use crate::idm::AuthState;
use crate::ldap::LdapBoundToken; use crate::ldap::LdapBoundToken;
use crate::server::QueryServerReadTransaction; use crate::prelude::*;
use crate::server::{QueryServer, QueryServerTransaction, QueryServerWriteTransaction};
use crate::utils::{password_from_random, readable_password_from_random, uuid_from_duration, SID}; use crate::utils::{password_from_random, readable_password_from_random, uuid_from_duration, SID};
use crate::value::PartialValue;
use crate::actors::v1_write::QueryServerWriteV1; use crate::actors::v1_write::QueryServerWriteV1;
use crate::idm::delayed::{ use crate::idm::delayed::{
@ -29,7 +24,6 @@ use crate::idm::delayed::{
}; };
use kanidm_proto::v1::CredentialStatus; use kanidm_proto::v1::CredentialStatus;
use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::RadiusAuthToken; use kanidm_proto::v1::RadiusAuthToken;
use kanidm_proto::v1::SetCredentialResponse; use kanidm_proto::v1::SetCredentialResponse;
use kanidm_proto::v1::UnixGroupToken; use kanidm_proto::v1::UnixGroupToken;
@ -50,7 +44,6 @@ use concread::hashmap::HashMap;
use rand::prelude::*; use rand::prelude::*;
use std::time::Duration; use std::time::Duration;
use url::Url; use url::Url;
use uuid::Uuid;
use webauthn_rs::Webauthn; use webauthn_rs::Webauthn;
@ -76,12 +69,10 @@ pub struct IdmServer {
webauthn: Webauthn<WebauthnDomainConfig>, webauthn: Webauthn<WebauthnDomainConfig>,
} }
pub struct IdmServerWriteTransaction<'a> { pub struct IdmServerAuthTransaction<'a> {
// Contains methods that require writes, but in the context of writing to // Contains methods that require writes, but in the context of writing to
// the idm in memory structures (maybe the query server too). This is // the idm in memory structures (maybe the query server too). This is
// things like authentication // things like authentication
// _session_ticket: SemaphorePermit<'a>,
// sessions: BptreeMapWriteTxn<'a, Uuid, AuthSession>,
session_ticket: &'a Semaphore, session_ticket: &'a Semaphore,
sessions: &'a BptreeMap<Uuid, AuthSession>, sessions: &'a BptreeMap<Uuid, AuthSession>,
@ -117,7 +108,7 @@ pub struct IdmServerDelayed {
} }
impl IdmServer { impl IdmServer {
// TODO #59: Make number of authsessions configurable!!! // TODO: Make number of authsessions configurable!!!
pub fn new( pub fn new(
au: &mut AuditScope, au: &mut AuditScope,
qs: QueryServer, qs: QueryServer,
@ -185,11 +176,11 @@ impl IdmServer {
} }
#[cfg(test)] #[cfg(test)]
pub fn write(&self) -> IdmServerWriteTransaction { pub fn auth(&self) -> IdmServerAuthTransaction {
task::block_on(self.write_async()) task::block_on(self.auth_async())
} }
pub async fn write_async(&self) -> IdmServerWriteTransaction<'_> { pub async fn auth_async(&self) -> IdmServerAuthTransaction<'_> {
let mut sid = [0; 4]; let mut sid = [0; 4];
let mut rng = StdRng::from_entropy(); let mut rng = StdRng::from_entropy();
rng.fill(&mut sid); rng.fill(&mut sid);
@ -197,7 +188,7 @@ impl IdmServer {
// let session_ticket = self.session_ticket.acquire().await; // let session_ticket = self.session_ticket.acquire().await;
let qs_read = self.qs.read_async().await; let qs_read = self.qs.read_async().await;
IdmServerWriteTransaction { IdmServerAuthTransaction {
// _session_ticket: session_ticket, // _session_ticket: session_ticket,
// sessions: self.sessions.write(), // sessions: self.sessions.write(),
session_ticket: &self.session_ticket, session_ticket: &self.session_ticket,
@ -289,7 +280,7 @@ impl IdmServerDelayed {
} }
} }
impl<'a> IdmServerWriteTransaction<'a> { impl<'a> IdmServerAuthTransaction<'a> {
#[cfg(test)] #[cfg(test)]
pub fn is_sessionid_present(&self, sessionid: &Uuid) -> bool { pub fn is_sessionid_present(&self, sessionid: &Uuid) -> bool {
let session_read = self.sessions.read(); let session_read = self.sessions.read();
@ -766,7 +757,7 @@ impl<'a> IdmServerWriteTransaction<'a> {
pub fn commit(self, _au: &mut AuditScope) -> Result<(), OperationError> { pub fn commit(self, _au: &mut AuditScope) -> Result<(), OperationError> {
/* /*
lperf_trace_segment!(au, "idm::server::IdmServerWriteTransaction::commit", || { lperf_trace_segment!(au, "idm::server::IdmServerAuthTransaction::commit", || {
self.sessions.commit(); self.sessions.commit();
Ok(()) Ok(())
})*/ })*/
@ -1527,10 +1518,14 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
} }
pub fn commit(self, au: &mut AuditScope) -> Result<(), OperationError> { pub fn commit(self, au: &mut AuditScope) -> Result<(), OperationError> {
lperf_trace_segment!(au, "idm::server::IdmServerWriteTransaction::commit", || { lperf_trace_segment!(
self.mfareg_sessions.commit(); au,
self.qs_write.commit(au) "idm::server::IdmServerProxyWriteTransaction::commit",
}) || {
self.mfareg_sessions.commit();
self.qs_write.commit(au)
}
)
} }
} }
@ -1538,13 +1533,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::constants::{
AUTH_SESSION_TIMEOUT, MFAREG_SESSION_TIMEOUT, UUID_ADMIN, UUID_ANONYMOUS,
};
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::totp::TOTP; use crate::credential::totp::TOTP;
use crate::credential::{Credential, Password}; use crate::credential::{Credential, Password};
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::event::{AuthEvent, AuthResult, CreateEvent, ModifyEvent}; use crate::event::{AuthEvent, AuthResult, CreateEvent, ModifyEvent};
use crate::idm::delayed::{DelayedAction, WebauthnCounterIncrement}; use crate::idm::delayed::{DelayedAction, WebauthnCounterIncrement};
use crate::idm::event::{ use crate::idm::event::{
@ -1555,15 +1546,13 @@ mod tests {
}; };
use crate::idm::AuthState; use crate::idm::AuthState;
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::value::{PartialValue, Value}; use crate::prelude::*;
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::SetCredentialResponse; use kanidm_proto::v1::SetCredentialResponse;
use kanidm_proto::v1::{AuthAllowed, AuthMech}; use kanidm_proto::v1::{AuthAllowed, AuthMech};
use crate::audit::AuditScope;
use crate::idm::server::IdmServer; use crate::idm::server::IdmServer;
// , IdmServerDelayed; // , IdmServerDelayed;
use crate::server::QueryServer;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
use async_std::task; use async_std::task;
use smartstring::alias::String as AttrString; use smartstring::alias::String as AttrString;
@ -1585,11 +1574,11 @@ mod tests {
au: &mut AuditScope| { au: &mut AuditScope| {
let sid = { let sid = {
// Start and test anonymous auth. // Start and test anonymous auth.
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
// Send the initial auth event for initialising the session // Send the initial auth event for initialising the session
let anon_init = AuthEvent::anonymous_init(); let anon_init = AuthEvent::anonymous_init();
// Expect success // Expect success
let r1 = task::block_on(idms_write.auth( let r1 = task::block_on(idms_auth.auth(
au, au,
&anon_init, &anon_init,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1631,15 +1620,15 @@ mod tests {
debug!("sessionid is ==> {:?}", sid); debug!("sessionid is ==> {:?}", sid);
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
sid sid
}; };
{ {
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_begin = AuthEvent::begin_mech(sid, AuthMech::Anonymous); let anon_begin = AuthEvent::begin_mech(sid, AuthMech::Anonymous);
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_begin, &anon_begin,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1676,15 +1665,15 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
}; };
{ {
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
// Now send the anonymous request, given the session id. // Now send the anonymous request, given the session id.
let anon_step = AuthEvent::cred_step_anonymous(sid); let anon_step = AuthEvent::cred_step_anonymous(sid);
// Expect success // Expect success
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1719,7 +1708,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
} }
}); });
} }
@ -1732,12 +1721,12 @@ mod tests {
_idms_delayed: &IdmServerDelayed, _idms_delayed: &IdmServerDelayed,
au: &mut AuditScope| { au: &mut AuditScope| {
{ {
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let sid = Uuid::new_v4(); let sid = Uuid::new_v4();
let anon_step = AuthEvent::cred_step_anonymous(sid); let anon_step = AuthEvent::cred_step_anonymous(sid);
// Expect failure // Expect failure
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1790,10 +1779,10 @@ mod tests {
ct: Duration, ct: Duration,
name: &str, name: &str,
) -> Uuid { ) -> Uuid {
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let admin_init = AuthEvent::named_init(name); let admin_init = AuthEvent::named_init(name);
let r1 = task::block_on(idms_write.auth(au, &admin_init, ct)); let r1 = task::block_on(idms_auth.auth(au, &admin_init, ct));
let ar = r1.unwrap(); let ar = r1.unwrap();
let AuthResult { let AuthResult {
sessionid, sessionid,
@ -1813,7 +1802,7 @@ mod tests {
// Now push that we want the Password Mech. // Now push that we want the Password Mech.
let admin_begin = AuthEvent::begin_mech(sessionid, AuthMech::Password); let admin_begin = AuthEvent::begin_mech(sessionid, AuthMech::Password);
let r2 = task::block_on(idms_write.auth(au, &admin_begin, ct)); let r2 = task::block_on(idms_auth.auth(au, &admin_begin, ct));
let ar = r2.unwrap(); let ar = r2.unwrap();
let AuthResult { let AuthResult {
sessionid, sessionid,
@ -1831,7 +1820,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
sessionid sessionid
} }
@ -1840,12 +1829,12 @@ mod tests {
let sid = let sid =
init_admin_authsession_sid(idms, au, Duration::from_secs(TEST_CURRENT_TIME), "admin"); init_admin_authsession_sid(idms, au, Duration::from_secs(TEST_CURRENT_TIME), "admin");
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid, pw); let anon_step = AuthEvent::cred_step_password(sid, pw);
// Expect success // Expect success
let r2 = let r2 =
task::block_on(idms_write.auth(au, &anon_step, Duration::from_secs(TEST_CURRENT_TIME))); task::block_on(idms_auth.auth(au, &anon_step, Duration::from_secs(TEST_CURRENT_TIME)));
debug!("r2 ==> {:?}", r2); debug!("r2 ==> {:?}", r2);
match r2 { match r2 {
@ -1875,7 +1864,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
} }
#[test] #[test]
@ -1904,11 +1893,11 @@ mod tests {
"admin@example.com", "admin@example.com",
); );
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD); let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD);
// Expect success // Expect success
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1940,7 +1929,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
}) })
} }
@ -1957,11 +1946,11 @@ mod tests {
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
"admin", "admin",
); );
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC); let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC);
// Expect success // Expect success
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -1993,7 +1982,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
}) })
} }
@ -2039,19 +2028,19 @@ mod tests {
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
"admin", "admin",
); );
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
assert!(idms_write.is_sessionid_present(&sid)); assert!(idms_auth.is_sessionid_present(&sid));
// Expire like we are currently "now". Should not affect our session. // Expire like we are currently "now". Should not affect our session.
task::block_on(idms_write.expire_auth_sessions(Duration::from_secs(TEST_CURRENT_TIME))); task::block_on(idms_auth.expire_auth_sessions(Duration::from_secs(TEST_CURRENT_TIME)));
assert!(idms_write.is_sessionid_present(&sid)); assert!(idms_auth.is_sessionid_present(&sid));
// Expire as though we are in the future. // Expire as though we are in the future.
task::block_on( task::block_on(
idms_write.expire_auth_sessions(Duration::from_secs(TEST_CURRENT_EXPIRE)), idms_auth.expire_auth_sessions(Duration::from_secs(TEST_CURRENT_EXPIRE)),
); );
assert!(!idms_write.is_sessionid_present(&sid)); assert!(!idms_auth.is_sessionid_present(&sid));
assert!(idms_write.commit(au).is_ok()); assert!(idms_auth.commit(au).is_ok());
let idms_write = idms.write(); let idms_auth = idms.auth();
assert!(!idms_write.is_sessionid_present(&sid)); assert!(!idms_auth.is_sessionid_present(&sid));
}) })
} }
@ -2259,11 +2248,11 @@ mod tests {
assert!(idms_prox_write.set_unix_account_password(au, &pce).is_ok()); assert!(idms_prox_write.set_unix_account_password(au, &pce).is_ok());
assert!(idms_prox_write.commit(au).is_ok()); assert!(idms_prox_write.commit(au).is_ok());
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
// Check auth verification of the password // Check auth verification of the password
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD); let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let a1 = task::block_on(idms_write.auth_unix( let a1 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_good, &uuae_good,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2274,7 +2263,7 @@ mod tests {
}; };
// Check bad password // Check bad password
let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC); let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC);
let a2 = task::block_on(idms_write.auth_unix( let a2 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_bad, &uuae_bad,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2283,7 +2272,7 @@ mod tests {
Ok(None) => {} Ok(None) => {}
_ => assert!(false), _ => assert!(false),
}; };
assert!(idms_write.commit(au).is_ok()); assert!(idms_auth.commit(au).is_ok());
// Check deleting the password // Check deleting the password
let idms_prox_write = idms.proxy_write(duration_from_epoch_now()); let idms_prox_write = idms.proxy_write(duration_from_epoch_now());
@ -2298,8 +2287,8 @@ mod tests {
// And auth should now fail due to the lack of PW material (note that // And auth should now fail due to the lack of PW material (note that
// softlocking WONT kick in because the cred_uuid is gone!) // softlocking WONT kick in because the cred_uuid is gone!)
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let a3 = task::block_on(idms_write.auth_unix( let a3 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_good, &uuae_good,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2308,7 +2297,7 @@ mod tests {
Ok(None) => {} Ok(None) => {}
_ => assert!(false), _ => assert!(false),
}; };
assert!(idms_write.commit(au).is_ok()); assert!(idms_auth.commit(au).is_ok());
}) })
} }
@ -2526,8 +2515,8 @@ mod tests {
idms_delayed.is_empty_or_panic(); idms_delayed.is_empty_or_panic();
// Get the auth ready. // Get the auth ready.
let uuae = UnixUserAuthEvent::new_internal(&UUID_ADMIN, "password"); let uuae = UnixUserAuthEvent::new_internal(&UUID_ADMIN, "password");
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let a1 = task::block_on(idms_write.auth_unix( let a1 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae, &uuae,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2536,14 +2525,14 @@ mod tests {
Ok(Some(_tok)) => {} Ok(Some(_tok)) => {}
_ => assert!(false), _ => assert!(false),
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// The upgrade was queued // The upgrade was queued
// Process it. // Process it.
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
let _r = task::block_on(idms.delayed_action(au, duration_from_epoch_now(), da)); let _r = task::block_on(idms.delayed_action(au, duration_from_epoch_now(), da));
// Go again // Go again
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let a2 = task::block_on(idms_write.auth_unix( let a2 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae, &uuae,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2552,7 +2541,7 @@ mod tests {
Ok(Some(_tok)) => {} Ok(Some(_tok)) => {}
_ => assert!(false), _ => assert!(false),
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// No delayed action was queued. // No delayed action was queued.
idms_delayed.is_empty_or_panic(); idms_delayed.is_empty_or_panic();
}) })
@ -2604,9 +2593,9 @@ mod tests {
let time_low = Duration::from_secs(TEST_NOT_YET_VALID_TIME); let time_low = Duration::from_secs(TEST_NOT_YET_VALID_TIME);
let time_high = Duration::from_secs(TEST_AFTER_EXPIRY); let time_high = Duration::from_secs(TEST_AFTER_EXPIRY);
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let admin_init = AuthEvent::named_init("admin"); let admin_init = AuthEvent::named_init("admin");
let r1 = task::block_on(idms_write.auth(au, &admin_init, time_low)); let r1 = task::block_on(idms_auth.auth(au, &admin_init, time_low));
let ar = r1.unwrap(); let ar = r1.unwrap();
let AuthResult { let AuthResult {
@ -2623,12 +2612,12 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// And here! // And here!
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let admin_init = AuthEvent::named_init("admin"); let admin_init = AuthEvent::named_init("admin");
let r1 = task::block_on(idms_write.auth(au, &admin_init, time_high)); let r1 = task::block_on(idms_auth.auth(au, &admin_init, time_high));
let ar = r1.unwrap(); let ar = r1.unwrap();
let AuthResult { let AuthResult {
@ -2645,7 +2634,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
}) })
} }
@ -2684,10 +2673,10 @@ mod tests {
assert!(idms_prox_write.commit(au).is_ok()); assert!(idms_prox_write.commit(au).is_ok());
// Now check auth when the time is too high or too low. // Now check auth when the time is too high or too low.
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD); let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let a1 = task::block_on(idms_write.auth_unix(au, &uuae_good, time_low)); let a1 = task::block_on(idms_auth.auth_unix(au, &uuae_good, time_low));
// Should this actually send an error with the details? Or just silently act as // Should this actually send an error with the details? Or just silently act as
// badpw? // badpw?
match a1 { match a1 {
@ -2695,13 +2684,13 @@ mod tests {
_ => assert!(false), _ => assert!(false),
}; };
let a2 = task::block_on(idms_write.auth_unix(au, &uuae_good, time_high)); let a2 = task::block_on(idms_auth.auth_unix(au, &uuae_good, time_high));
match a2 { match a2 {
Ok(None) => {} Ok(None) => {}
_ => assert!(false), _ => assert!(false),
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// Also check the generated unix tokens are invalid. // Also check the generated unix tokens are invalid.
let mut idms_prox_read = idms.proxy_read(); let mut idms_prox_read = idms.proxy_read();
let uute = UnixUserTokenEvent::new_internal(UUID_ADMIN.clone()); let uute = UnixUserTokenEvent::new_internal(UUID_ADMIN.clone());
@ -2778,10 +2767,10 @@ mod tests {
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
"admin", "admin",
); );
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC); let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC);
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2811,15 +2800,15 @@ mod tests {
panic!(); panic!();
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// Auth init, softlock present, count == 1, same time (so before unlock_at) // Auth init, softlock present, count == 1, same time (so before unlock_at)
// aka Auth valid immediate, (ct < exp), autofail // aka Auth valid immediate, (ct < exp), autofail
// aka Auth invalid immediate, (ct < exp), autofail // aka Auth invalid immediate, (ct < exp), autofail
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let admin_init = AuthEvent::named_init("admin"); let admin_init = AuthEvent::named_init("admin");
let r1 = task::block_on(idms_write.auth( let r1 = task::block_on(idms_auth.auth(
au, au,
&admin_init, &admin_init,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2842,7 +2831,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// Auth invalid once softlock pass (count == 2, exp_at grows) // Auth invalid once softlock pass (count == 2, exp_at grows)
// Tested in the softlock state machine. // Tested in the softlock state machine.
@ -2855,11 +2844,11 @@ mod tests {
"admin", "admin",
); );
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD); let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD);
// Expect success // Expect success
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME + 2), Duration::from_secs(TEST_CURRENT_TIME + 2),
@ -2891,7 +2880,7 @@ mod tests {
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// Auth valid after reset at, count == 0. // Auth valid after reset at, count == 0.
// Tested in the softlock state machine. // Tested in the softlock state machine.
@ -2925,10 +2914,10 @@ mod tests {
"admin", "admin",
); );
// Get the detail wrong in sid_later. // Get the detail wrong in sid_later.
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid_later, TEST_PASSWORD_INC); let anon_step = AuthEvent::cred_step_password(sid_later, TEST_PASSWORD_INC);
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2958,14 +2947,14 @@ mod tests {
panic!(); panic!();
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
// Now check that sid_early is denied due to softlock. // Now check that sid_early is denied due to softlock.
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let anon_step = AuthEvent::cred_step_password(sid_early, TEST_PASSWORD); let anon_step = AuthEvent::cred_step_password(sid_early, TEST_PASSWORD);
// Expect success // Expect success
let r2 = task::block_on(idms_write.auth( let r2 = task::block_on(idms_auth.auth(
au, au,
&anon_step, &anon_step,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -2994,7 +2983,7 @@ mod tests {
panic!(); panic!();
} }
}; };
idms_write.commit(au).expect("Must not fail"); idms_auth.commit(au).expect("Must not fail");
}) })
} }
@ -3025,11 +3014,11 @@ mod tests {
assert!(idms_prox_write.set_unix_account_password(au, &pce).is_ok()); assert!(idms_prox_write.set_unix_account_password(au, &pce).is_ok());
assert!(idms_prox_write.commit(au).is_ok()); assert!(idms_prox_write.commit(au).is_ok());
let mut idms_write = idms.write(); let mut idms_auth = idms.auth();
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD); let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC); let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC);
let a2 = task::block_on(idms_write.auth_unix( let a2 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_bad, &uuae_bad,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -3040,7 +3029,7 @@ mod tests {
}; };
// Now if we immediately auth again, should fail at same time due to SL // Now if we immediately auth again, should fail at same time due to SL
let a1 = task::block_on(idms_write.auth_unix( let a1 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_good, &uuae_good,
Duration::from_secs(TEST_CURRENT_TIME), Duration::from_secs(TEST_CURRENT_TIME),
@ -3051,7 +3040,7 @@ mod tests {
}; };
// And then later, works because of SL lifting. // And then later, works because of SL lifting.
let a1 = task::block_on(idms_write.auth_unix( let a1 = task::block_on(idms_auth.auth_unix(
au, au,
&uuae_good, &uuae_good,
Duration::from_secs(TEST_CURRENT_TIME + 2), Duration::from_secs(TEST_CURRENT_TIME + 2),
@ -3061,7 +3050,7 @@ mod tests {
_ => assert!(false), _ => assert!(false),
}; };
assert!(idms_write.commit(au).is_ok()); assert!(idms_auth.commit(au).is_ok());
}) })
} }

8
kanidmd/src/lib/idm/unix.rs
View file

@ -1,15 +1,9 @@
use uuid::Uuid; use uuid::Uuid;
use crate::audit::AuditScope;
use crate::constants::UUID_ANONYMOUS;
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::{softlock::CredSoftLockPolicy, Credential}; use crate::credential::{softlock::CredSoftLockPolicy, Credential};
use crate::entry::{Entry, EntryCommitted, EntryReduced, EntrySealed};
use crate::modify::{ModifyInvalid, ModifyList}; use crate::modify::{ModifyInvalid, ModifyList};
use crate::server::{ use crate::prelude::*;
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
use kanidm_proto::v1::{UnixGroupToken, UnixUserToken}; use kanidm_proto::v1::{UnixGroupToken, UnixUserToken};

25
kanidmd/src/lib/ldap.rs
View file

@ -1,14 +1,11 @@
use crate::audit::AuditScope;
use crate::constants::{STR_UUID_DOMAIN_INFO, UUID_ANONYMOUS, UUID_DOMAIN_INFO};
use crate::event::SearchEvent; use crate::event::SearchEvent;
use crate::idm::event::LdapAuthEvent; use crate::idm::event::LdapAuthEvent;
use crate::idm::server::IdmServer; use crate::idm::server::IdmServer;
use crate::server::QueryServerTransaction; use crate::prelude::*;
use async_std::task; use async_std::task;
use kanidm_proto::v1::{OperationError, UserAuthToken}; use kanidm_proto::v1::{OperationError, UserAuthToken};
use ldap3_server::simple::*; use ldap3_server::simple::*;
use regex::Regex; use regex::Regex;
use smartstring::alias::String as AttrString;
use std::collections::BTreeSet; use std::collections::BTreeSet;
use std::iter; use std::iter;
use std::time::SystemTime; use std::time::SystemTime;
@ -301,7 +298,7 @@ impl LdapServer {
"Attempt LDAP Bind for {}", "Attempt LDAP Bind for {}",
if dn == "" { "anonymous" } else { dn } if dn == "" { "anonymous" } else { dn }
); );
let mut idm_write = idms.write_async().await; let mut idm_auth = idms.auth_async().await;
let target_uuid: Uuid = if dn == "" { let target_uuid: Uuid = if dn == "" {
if pw == "" { if pw == "" {
@ -329,7 +326,7 @@ impl LdapServer {
return Err(OperationError::NoMatchingEntries); return Err(OperationError::NoMatchingEntries);
} }
idm_write idm_auth
.qs_read .qs_read
.name_to_uuid(au, rdn.as_str()) .name_to_uuid(au, rdn.as_str())
.map_err(|e| { .map_err(|e| {
@ -346,8 +343,8 @@ impl LdapServer {
})?; })?;
let lae = LdapAuthEvent::from_parts(au, target_uuid, pw.to_string())?; let lae = LdapAuthEvent::from_parts(au, target_uuid, pw.to_string())?;
idm_write.auth_ldap(au, &lae, ct).await.and_then(|r| { idm_auth.auth_ldap(au, &lae, ct).await.and_then(|r| {
idm_write.commit(au).map(|_| { idm_auth.commit(au).map(|_| {
if r.is_some() { if r.is_some() {
lsecurity!(au, "✅ LDAP Bind success {}", dn); lsecurity!(au, "✅ LDAP Bind success {}", dn);
} else { } else {
@ -476,20 +473,12 @@ pub(crate) fn ldap_attr_entry_map(attr: &str) -> String {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::constants::{STR_UUID_ADMIN, UUID_ADMIN, UUID_ANONYMOUS}; // use crate::prelude::*;
use crate::event::ModifyEvent; use crate::event::ModifyEvent;
use crate::idm::event::UnixPasswordChangeEvent; use crate::idm::event::UnixPasswordChangeEvent;
use crate::modify::{Modify, ModifyList};
use crate::value::{PartialValue, Value};
// use kanidm_proto::v1::OperationError;
// use crate::audit::AuditScope;
// use crate::idm::server::IdmServer;
// use crate::server::QueryServer;
// use crate::utils::duration_from_epoch_now;
// use uuid::Uuid;
use crate::ldap::LdapServer; use crate::ldap::LdapServer;
use crate::modify::{Modify, ModifyList};
use async_std::task; use async_std::task;
use smartstring::alias::String as AttrString;
const TEST_PASSWORD: &'static str = "ntaoeuntnaoeuhraohuercahu😍"; const TEST_PASSWORD: &'static str = "ntaoeuntnaoeuhraohuercahu😍";

18
kanidmd/src/lib/lib.rs
View file

@ -54,3 +54,21 @@ mod status;
pub mod config; pub mod config;
pub mod core; pub mod core;
pub mod prelude {
pub use kanidm_proto::v1::OperationError;
pub use smartstring::alias::String as AttrString;
pub use uuid::Uuid;
pub use crate::audit::AuditScope;
pub use crate::constants::*;
pub use crate::entry::{
Entry, EntryCommitted, EntryInit, EntryInvalid, EntryInvalidCommitted, EntryNew,
EntryReduced, EntrySealed, EntrySealedCommitted, EntryTuple, EntryValid,
};
pub use crate::server::{
QueryServer, QueryServerReadTransaction, QueryServerTransaction,
QueryServerWriteTransaction,
};
pub use crate::value::{IndexType, PartialValue, SyntaxType, Value};
}

19
kanidmd/src/lib/macros.rs
View file

@ -68,10 +68,9 @@ macro_rules! setup_test {
#[cfg(test)] #[cfg(test)]
macro_rules! run_test_no_init { macro_rules! run_test_no_init {
($test_fn:expr) => {{ ($test_fn:expr) => {{
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
use crate::prelude::*;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
use env_logger; use env_logger;
@ -112,10 +111,9 @@ macro_rules! run_test_no_init {
#[cfg(test)] #[cfg(test)]
macro_rules! run_test { macro_rules! run_test {
($test_fn:expr) => {{ ($test_fn:expr) => {{
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
use crate::prelude::*;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
#[allow(unused_imports)] #[allow(unused_imports)]
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
@ -165,16 +163,14 @@ macro_rules! entry_str_to_account {
macro_rules! run_idm_test_inner { macro_rules! run_idm_test_inner {
($test_fn:expr) => {{ ($test_fn:expr) => {{
use crate::audit::AuditScope;
#[allow(unused_imports)] #[allow(unused_imports)]
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
#[allow(unused_imports)] #[allow(unused_imports)]
use crate::idm::server::{IdmServer, IdmServerDelayed}; use crate::idm::server::{IdmServer, IdmServerDelayed};
use crate::prelude::*;
#[allow(unused_imports)] #[allow(unused_imports)]
use crate::schema::Schema; use crate::schema::Schema;
#[allow(unused_imports)] #[allow(unused_imports)]
use crate::server::QueryServer;
#[allow(unused_imports)]
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
use env_logger; use env_logger;
@ -241,11 +237,10 @@ macro_rules! run_create_test {
$internal:expr, $internal:expr,
$check:expr $check:expr
) => {{ ) => {{
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
use crate::event::CreateEvent; use crate::event::CreateEvent;
use crate::prelude::*;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
let mut au = AuditScope::new("run_create_test", uuid::Uuid::new_v4(), None); let mut au = AuditScope::new("run_create_test", uuid::Uuid::new_v4(), None);
@ -296,11 +291,10 @@ macro_rules! run_modify_test {
$internal:expr, $internal:expr,
$check:expr $check:expr
) => {{ ) => {{
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
use crate::event::ModifyEvent; use crate::event::ModifyEvent;
use crate::prelude::*;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
let mut au = AuditScope::new("run_modify_test", uuid::Uuid::new_v4(), None); let mut au = AuditScope::new("run_modify_test", uuid::Uuid::new_v4(), None);
@ -358,11 +352,10 @@ macro_rules! run_delete_test {
$internal:expr, $internal:expr,
$check:expr $check:expr
) => {{ ) => {{
use crate::audit::AuditScope;
use crate::be::{Backend, BackendConfig}; use crate::be::{Backend, BackendConfig};
use crate::event::DeleteEvent; use crate::event::DeleteEvent;
use crate::prelude::*;
use crate::schema::Schema; use crate::schema::Schema;
use crate::server::QueryServer;
use crate::utils::duration_from_epoch_now; use crate::utils::duration_from_epoch_now;
let mut au = AuditScope::new("run_delete_test", uuid::Uuid::new_v4(), None); let mut au = AuditScope::new("run_delete_test", uuid::Uuid::new_v4(), None);

3
kanidmd/src/lib/modify.rs
View file

@ -1,9 +1,8 @@
use crate::audit::AuditScope; use crate::prelude::*;
use kanidm_proto::v1::Modify as ProtoModify; use kanidm_proto::v1::Modify as ProtoModify;
use kanidm_proto::v1::ModifyList as ProtoModifyList; use kanidm_proto::v1::ModifyList as ProtoModifyList;
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value}; use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{OperationError, SchemaError}; use kanidm_proto::v1::{OperationError, SchemaError};

16
kanidmd/src/lib/plugins/attrunique.rs
View file

@ -4,16 +4,11 @@
// both change approaches. // both change approaches.
// //
// //
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew};
use crate::event::{CreateEvent, ModifyEvent}; use crate::event::{CreateEvent, ModifyEvent};
use crate::plugins::Plugin; use crate::plugins::Plugin;
use crate::prelude::*;
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::server::{ use kanidm_proto::v1::{ConsistencyError, PluginError};
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::PartialValue;
use kanidm_proto::v1::{ConsistencyError, OperationError, PluginError};
use std::collections::BTreeMap; use std::collections::BTreeMap;
@ -196,11 +191,10 @@ impl Plugin for AttrUnique {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::value::{PartialValue, Value}; use crate::prelude::*;
use kanidm_proto::v1::{OperationError, PluginError}; use kanidm_proto::v1::PluginError;
use smartstring::alias::String as AttrString;
// Test entry in db, and same name, reject. // Test entry in db, and same name, reject.
#[test] #[test]
fn test_pre_create_name_unique() { fn test_pre_create_name_unique() {

24
kanidmd/src/lib/plugins/base.rs
View file

@ -1,20 +1,11 @@
use crate::plugins::Plugin; use crate::plugins::Plugin;
use hashbrown::HashSet; use hashbrown::HashSet;
use std::collections::BTreeSet; use std::collections::BTreeSet;
use uuid::Uuid;
use crate::audit::AuditScope;
// use crate::constants::{STR_UUID_ADMIN, STR_UUID_ANONYMOUS, STR_UUID_DOES_NOT_EXIST};
use crate::constants::{UUID_ADMIN, UUID_ANONYMOUS, UUID_DOES_NOT_EXIST};
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew};
use crate::event::{CreateEvent, ModifyEvent}; use crate::event::{CreateEvent, ModifyEvent};
use crate::modify::Modify; use crate::modify::Modify;
use crate::server::{ use crate::prelude::*;
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction, use kanidm_proto::v1::{ConsistencyError, PluginError};
};
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{ConsistencyError, OperationError, PluginError};
// use utils::uuid_from_now;
lazy_static! { lazy_static! {
static ref CLASS_OBJECT: Value = Value::new_class("object"); static ref CLASS_OBJECT: Value = Value::new_class("object");
@ -244,16 +235,9 @@ impl Plugin for Base {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
// #[macro_use]
// use crate::plugins::Plugin;
use crate::constants::JSON_ADMIN_V1;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::server::QueryServerTransaction; use crate::prelude::*;
use crate::server::QueryServerWriteTransaction; use kanidm_proto::v1::PluginError;
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{OperationError, PluginError};
use smartstring::alias::String as AttrString;
const JSON_ADMIN_ALLOW_ALL: &'static str = r#"{ const JSON_ADMIN_ALLOW_ALL: &'static str = r#"{
"attrs": { "attrs": {

12
kanidmd/src/lib/plugins/domain.rs
View file

@ -6,12 +6,8 @@
// relationships. // relationships.
use crate::plugins::Plugin; use crate::plugins::Plugin;
use crate::audit::AuditScope;
use crate::constants::UUID_DOMAIN_INFO;
use crate::entry::{Entry, EntryInvalid, EntryNew};
use crate::event::CreateEvent; use crate::event::CreateEvent;
use crate::server::QueryServerWriteTransaction; use crate::prelude::*;
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::OperationError; use kanidm_proto::v1::OperationError;
lazy_static! { lazy_static! {
@ -57,10 +53,8 @@ impl Plugin for Domain {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::constants::UUID_DOMAIN_INFO; // use crate::prelude::*;
use crate::server::QueryServerTransaction;
use crate::value::PartialValue;
// use uuid::Uuid;
// test we can create and generate the id // test we can create and generate the id
#[test] #[test]
fn test_domain_generate_uuid() { fn test_domain_generate_uuid() {

18
kanidmd/src/lib/plugins/gidnumber.rs
View file

@ -1,17 +1,10 @@
// A plugin that generates gid numbers on types that require them for posix // A plugin that generates gid numbers on types that require them for posix
// support. // support.
use crate::plugins::Plugin;
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew};
use crate::event::{CreateEvent, ModifyEvent}; use crate::event::{CreateEvent, ModifyEvent};
// use crate::server::QueryServerTransaction; use crate::plugins::Plugin;
use crate::server::QueryServerWriteTransaction; use crate::prelude::*;
use crate::utils::uuid_to_gid_u32; use crate::utils::uuid_to_gid_u32;
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::OperationError;
/// Systemd dynamic units allocate between 6118465519, most distros allocate /// Systemd dynamic units allocate between 6118465519, most distros allocate
/// system uids from 0 - 1000, and many others give user ids between 1000 to /// system uids from 0 - 1000, and many others give user ids between 1000 to
@ -106,12 +99,7 @@ impl Plugin for GidNumber {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::audit::AuditScope; use crate::prelude::*;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::OperationError;
use uuid::Uuid;
fn check_gid( fn check_gid(
au: &mut AuditScope, au: &mut AuditScope,

12
kanidmd/src/lib/plugins/memberof.rs
View file

@ -10,13 +10,11 @@
// As a result, we first need to run refint to clean up all dangling references, then memberof // As a result, we first need to run refint to clean up all dangling references, then memberof
// fixes the graph of memberships // fixes the graph of memberships
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntrySealed};
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent};
use crate::prelude::*;
// use crate::modify::{Modify, ModifyList}; // use crate::modify::{Modify, ModifyList};
use crate::plugins::Plugin; use crate::plugins::Plugin;
use crate::server::QueryServerTransaction;
use crate::server::{QueryServerReadTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value}; use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{ConsistencyError, OperationError}; use kanidm_proto::v1::{ConsistencyError, OperationError};
@ -417,14 +415,8 @@ impl Plugin for MemberOf {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
// #[macro_use]
// use crate::plugins::Plugin;
use crate::entry::{Entry, EntryInit, EntryNew};
// use crate::error::OperationError;
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use crate::value::{PartialValue, Value};
use smartstring::alias::String as AttrString;
const UUID_A: &'static str = "aaaaaaaa-f82e-4484-a407-181aa03bda5c"; const UUID_A: &'static str = "aaaaaaaa-f82e-4484-a407-181aa03bda5c";
const UUID_B: &'static str = "bbbbbbbb-2438-4384-9891-48f4c8172e9b"; const UUID_B: &'static str = "bbbbbbbb-2438-4384-9891-48f4c8172e9b";

3
kanidmd/src/lib/plugins/mod.rs
View file

@ -1,7 +1,6 @@
use crate::audit::AuditScope;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew, EntrySealed};
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent};
use crate::server::{QueryServerReadTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use kanidm_proto::v1::{ConsistencyError, OperationError}; use kanidm_proto::v1::{ConsistencyError, OperationError};
mod attrunique; mod attrunique;

13
kanidmd/src/lib/plugins/password_import.rs
View file

@ -1,12 +1,9 @@
// Transform password import requests into proper kanidm credentials. // Transform password import requests into proper kanidm credentials.
use crate::audit::AuditScope;
use crate::credential::{Credential, Password}; use crate::credential::{Credential, Password};
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew};
use crate::event::{CreateEvent, ModifyEvent}; use crate::event::{CreateEvent, ModifyEvent};
use crate::plugins::Plugin; use crate::plugins::Plugin;
use crate::server::QueryServerWriteTransaction; use crate::prelude::*;
use crate::value::Value; use kanidm_proto::v1::PluginError;
use kanidm_proto::v1::{OperationError, PluginError};
use std::convert::TryFrom; use std::convert::TryFrom;
pub struct PasswordImport {} pub struct PasswordImport {}
@ -129,12 +126,8 @@ mod tests {
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::totp::{TOTP, TOTP_DEFAULT_STEP}; use crate::credential::totp::{TOTP, TOTP_DEFAULT_STEP};
use crate::credential::{Credential, CredentialType}; use crate::credential::{Credential, CredentialType};
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use crate::value::{PartialValue, Value};
use smartstring::alias::String as AttrString;
use uuid::Uuid;
const IMPORT_HASH: &'static str = const IMPORT_HASH: &'static str =
"pbkdf2_sha256$36000$xIEozuZVAoYm$uW1b35DUKyhvQAf1mBqMvoBDcqSD06juzyO/nmyV0+w="; "pbkdf2_sha256$36000$xIEozuZVAoYm$uW1b35DUKyhvQAf1mBqMvoBDcqSD06juzyO/nmyV0+w=";

14
kanidmd/src/lib/plugins/protected.rs
View file

@ -1,15 +1,12 @@
// System protected objects. Items matching specific requirements // System protected objects. Items matching specific requirements
// may only have certain modifications performed. // may only have certain modifications performed.
use crate::plugins::Plugin;
use crate::audit::AuditScope; use crate::plugins::Plugin;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew, EntrySealed}; use crate::prelude::*;
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent};
use crate::modify::Modify; use crate::modify::Modify;
use crate::server::QueryServerWriteTransaction;
use crate::value::{PartialValue, Value};
use hashbrown::HashSet; use hashbrown::HashSet;
use kanidm_proto::v1::OperationError;
pub struct Protected {} pub struct Protected {}
@ -208,10 +205,7 @@ impl Plugin for Protected {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::constants::JSON_ADMIN_V1; use crate::prelude::*;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::OperationError;
const JSON_ADMIN_ALLOW_ALL: &'static str = r#"{ const JSON_ADMIN_ALLOW_ALL: &'static str = r#"{
"attrs": { "attrs": {

22
kanidmd/src/lib/plugins/refint.rs
View file

@ -12,18 +12,14 @@
use hashbrown::HashSet as Set; use hashbrown::HashSet as Set;
use std::collections::BTreeSet; use std::collections::BTreeSet;
use crate::audit::AuditScope; use crate::plugins::Plugin;
use crate::entry::{Entry, EntryCommitted, EntrySealed}; use crate::prelude::*;
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent};
use crate::filter::f_eq; use crate::filter::f_eq;
use crate::modify::Modify; use crate::modify::Modify;
use crate::plugins::Plugin;
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::server::QueryServerTransaction; use kanidm_proto::v1::{ConsistencyError, PluginError};
use crate::server::{QueryServerReadTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{ConsistencyError, OperationError, PluginError};
use uuid::Uuid;
// NOTE: This *must* be after base.rs!!! // NOTE: This *must* be after base.rs!!!
@ -256,15 +252,9 @@ impl Plugin for ReferentialIntegrity {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
// #[macro_use]
// use crate::plugins::Plugin;
use crate::constants::UUID_DOES_NOT_EXIST;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use crate::value::{PartialValue, Value}; use kanidm_proto::v1::PluginError;
use kanidm_proto::v1::{OperationError, PluginError};
use smartstring::alias::String as AttrString;
// The create references a uuid that doesn't exist - reject // The create references a uuid that doesn't exist - reject
#[test] #[test]

10
kanidmd/src/lib/plugins/spn.rs
View file

@ -1,14 +1,11 @@
// Generate and manage spn's for all entries in the domain. Also deals with // Generate and manage spn's for all entries in the domain. Also deals with
// the infrequent - but possible - case where a domain is renamed. // the infrequent - but possible - case where a domain is renamed.
use crate::plugins::Plugin; use crate::plugins::Plugin;
use crate::prelude::*;
use crate::audit::AuditScope;
use crate::constants::UUID_DOMAIN_INFO; use crate::constants::UUID_DOMAIN_INFO;
use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew, EntrySealed}; use crate::entry::{Entry, EntryCommitted, EntryInvalid, EntryNew, EntrySealed};
use crate::event::{CreateEvent, ModifyEvent}; use crate::event::{CreateEvent, ModifyEvent};
use crate::server::{
QueryServerReadTransaction, QueryServerTransaction, QueryServerWriteTransaction,
};
use crate::value::PartialValue; use crate::value::PartialValue;
// use crate::value::{PartialValue, Value}; // use crate::value::{PartialValue, Value};
use kanidm_proto::v1::{ConsistencyError, OperationError}; use kanidm_proto::v1::{ConsistencyError, OperationError};
@ -253,10 +250,7 @@ impl Plugin for Spn {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::constants::UUID_ADMIN; use crate::prelude::*;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction};
use crate::value::{PartialValue, Value};
#[test] #[test]
fn test_spn_generate_create() { fn test_spn_generate_create() {

14
kanidmd/src/lib/schema.rs
View file

@ -18,14 +18,11 @@
use crate::audit::AuditScope; use crate::audit::AuditScope;
use crate::be::IdxKey; use crate::be::IdxKey;
use crate::constants::*; use crate::prelude::*;
use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntrySealed};
use crate::value::{IndexType, PartialValue, SyntaxType, Value};
use kanidm_proto::v1::{ConsistencyError, OperationError, SchemaError}; use kanidm_proto::v1::{ConsistencyError, OperationError, SchemaError};
use hashbrown::HashMap; use hashbrown::HashMap;
use hashbrown::HashSet; use hashbrown::HashSet;
use smartstring::alias::String as AttrString;
use std::borrow::Borrow; use std::borrow::Borrow;
use std::collections::BTreeSet; use std::collections::BTreeSet;
use uuid::Uuid; use uuid::Uuid;
@ -1475,15 +1472,10 @@ impl Schema {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::audit::AuditScope; use crate::prelude::*;
// use crate::constants::*;
use crate::entry::{Entry, EntryInit, EntryInvalid, EntryNew, EntryValid};
use kanidm_proto::v1::{ConsistencyError, SchemaError};
// use crate::filter::{Filter, FilterValid};
use crate::schema::SchemaTransaction; use crate::schema::SchemaTransaction;
use crate::schema::{IndexType, Schema, SchemaAttribute, SchemaClass, SyntaxType}; use crate::schema::{IndexType, Schema, SchemaAttribute, SchemaClass, SyntaxType};
use crate::value::{PartialValue, Value}; use kanidm_proto::v1::{ConsistencyError, SchemaError};
use smartstring::alias::String as AttrString;
use uuid::Uuid; use uuid::Uuid;
// use crate::proto_v1::Filter as ProtoFilter; // use crate::proto_v1::Filter as ProtoFilter;

44
kanidmd/src/lib/server.rs
View file

@ -5,27 +5,21 @@
// that otherwise can't be cloned. Think Mutex. // that otherwise can't be cloned. Think Mutex.
use async_std::task; use async_std::task;
use concread::arcache::{ARCache, ARCacheReadTxn}; use concread::arcache::{ARCache, ARCacheReadTxn};
use hashbrown::HashMap; use hashbrown::{HashMap, HashSet};
use std::cell::Cell; use std::cell::Cell;
use std::collections::BTreeSet; use std::collections::BTreeSet;
use std::sync::Arc; use std::sync::Arc;
use std::time::Duration; use std::time::Duration;
use tokio::sync::{Semaphore, SemaphorePermit}; use tokio::sync::{Semaphore, SemaphorePermit};
use uuid::Uuid;
use crate::audit::AuditScope;
use crate::be::{Backend, BackendReadTransaction, BackendTransaction, BackendWriteTransaction};
use crate::access::{ use crate::access::{
AccessControlCreate, AccessControlDelete, AccessControlModify, AccessControlSearch, AccessControlCreate, AccessControlDelete, AccessControlModify, AccessControlSearch,
AccessControls, AccessControlsReadTransaction, AccessControlsTransaction, AccessControls, AccessControlsReadTransaction, AccessControlsTransaction,
AccessControlsWriteTransaction, AccessControlsWriteTransaction,
}; };
use crate::be::{Backend, BackendReadTransaction, BackendTransaction, BackendWriteTransaction};
use crate::prelude::*;
// We use so many, we just import them all ... // We use so many, we just import them all ...
use crate::constants::*;
use crate::entry::{
Entry, EntryCommitted, EntryInit, EntryInvalid, EntryNew, EntryReduced, EntrySealed,
};
use crate::event::{ use crate::event::{
CreateEvent, DeleteEvent, Event, EventOrigin, EventOriginId, ExistsEvent, ModifyEvent, CreateEvent, DeleteEvent, Event, EventOrigin, EventOriginId, ExistsEvent, ModifyEvent,
ReviveRecycledEvent, SearchEvent, ReviveRecycledEvent, SearchEvent,
@ -38,13 +32,7 @@ use crate::schema::{
Schema, SchemaAttribute, SchemaClass, SchemaReadTransaction, SchemaTransaction, Schema, SchemaAttribute, SchemaClass, SchemaReadTransaction, SchemaTransaction,
SchemaWriteTransaction, SchemaWriteTransaction,
}; };
use crate::value::{PartialValue, SyntaxType, Value}; use kanidm_proto::v1::{ConsistencyError, SchemaError};
use kanidm_proto::v1::{ConsistencyError, OperationError, SchemaError};
use smartstring::alias::String as AttrString;
type EntrySealedCommitted = Entry<EntrySealed, EntryCommitted>;
type EntryInvalidCommitted = Entry<EntryInvalid, EntryCommitted>;
type EntryTuple = (EntrySealedCommitted, EntryInvalidCommitted);
const RESOLVE_FILTER_CACHE_MAX: usize = 4096; const RESOLVE_FILTER_CACHE_MAX: usize = 4096;
const RESOLVE_FILTER_CACHE_LOCAL: usize = 0; const RESOLVE_FILTER_CACHE_LOCAL: usize = 0;
@ -99,7 +87,7 @@ pub struct QueryServerWriteTransaction<'a> {
changed_schema: Cell<bool>, changed_schema: Cell<bool>,
changed_acp: Cell<bool>, changed_acp: Cell<bool>,
// Store the list of changed uuids for other invalidation needs? // Store the list of changed uuids for other invalidation needs?
changed_uuid: Cell<Vec<Uuid>>, changed_uuid: Cell<HashSet<Uuid>>,
_db_ticket: SemaphorePermit<'a>, _db_ticket: SemaphorePermit<'a>,
_write_ticket: SemaphorePermit<'a>, _write_ticket: SemaphorePermit<'a>,
resolve_filter_cache: resolve_filter_cache:
@ -912,7 +900,7 @@ impl QueryServer {
accesscontrols: self.accesscontrols.write(), accesscontrols: self.accesscontrols.write(),
changed_schema: Cell::new(false), changed_schema: Cell::new(false),
changed_acp: Cell::new(false), changed_acp: Cell::new(false),
changed_uuid: Cell::new(Vec::new()), changed_uuid: Cell::new(HashSet::new()),
_db_ticket: db_ticket, _db_ticket: db_ticket,
_write_ticket: write_ticket, _write_ticket: write_ticket,
resolve_filter_cache: Cell::new(self.resolve_filter_cache.read()), resolve_filter_cache: Cell::new(self.resolve_filter_cache.read()),
@ -997,7 +985,7 @@ impl QueryServer {
.initialise_idm(audit) .initialise_idm(audit)
.and_then(|_| ts_write_3.commit(audit))?; .and_then(|_| ts_write_3.commit(audit))?;
ladmin_info!(audit, "ready to rock! 🤘"); ladmin_info!(audit, "ready to rock! 🪨 ");
Ok(()) Ok(())
} }
@ -2455,6 +2443,10 @@ impl<'a> QueryServerWriteTransaction<'a> {
self.be_txn.upgrade_reindex(audit, v) self.be_txn.upgrade_reindex(audit, v)
} }
pub fn get_changed_uuids(&self) -> &HashSet<Uuid> {
unsafe { &(*self.changed_uuid.as_ptr()) }
}
pub fn commit(mut self, audit: &mut AuditScope) -> Result<(), OperationError> { pub fn commit(mut self, audit: &mut AuditScope) -> Result<(), OperationError> {
// This could be faster if we cache the set of classes changed // This could be faster if we cache the set of classes changed
// in an operation so we can check if we need to do the reload or not // in an operation so we can check if we need to do the reload or not
@ -2510,23 +2502,13 @@ impl<'a> QueryServerWriteTransaction<'a> {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::audit::AuditScope;
use crate::constants::{
CHANGELOG_MAX_AGE, JSON_ADMIN_V1, JSON_DOMAIN_INFO_V1, JSON_SYSTEM_CONFIG_V1,
JSON_SYSTEM_INFO_V1, RECYCLEBIN_MAX_AGE, SYSTEM_INDEX_VERSION, UUID_ADMIN,
UUID_DOMAIN_INFO,
};
use crate::credential::policy::CryptoPolicy; use crate::credential::policy::CryptoPolicy;
use crate::credential::Credential; use crate::credential::Credential;
use crate::entry::{Entry, EntryInit, EntryNew};
use crate::event::{CreateEvent, DeleteEvent, ModifyEvent, ReviveRecycledEvent, SearchEvent}; use crate::event::{CreateEvent, DeleteEvent, ModifyEvent, ReviveRecycledEvent, SearchEvent};
use crate::modify::{Modify, ModifyList}; use crate::modify::{Modify, ModifyList};
use crate::server::{QueryServerTransaction, QueryServerWriteTransaction}; use crate::prelude::*;
use crate::value::{PartialValue, Value}; use kanidm_proto::v1::SchemaError;
use kanidm_proto::v1::{OperationError, SchemaError};
use smartstring::alias::String as AttrString;
use std::time::Duration; use std::time::Duration;
use uuid::Uuid;
#[test] #[test]
fn test_qs_create_user() { fn test_qs_create_user() {