diff --git a/Dockerfile b/Dockerfile index cd8031dbb..d101b4b66 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,22 @@ FROM opensuse/tumbleweed:latest MAINTAINER william@blackhats.net.au +EXPOSE 8080 + COPY . /home/rsidm/ WORKDIR /home/rsidm/ -RUN zypper install -y timezone cargo rust rust-std gcc && \ +RUN zypper install -y timezone cargo rust gcc sqlite3-devel libopenssl-devel && \ RUSTC_BOOTSTRAP=1 cargo build --release && \ - zypper rm -u -y cargo rust rust-std gcc && \ + zypper rm -u -y cargo rust gcc && \ zypper clean RUN cd /etc && \ ln -sf ../usr/share/zoneinfo/Australia/Brisbane localtime -RUN useradd -m -r rsidm -USER rsidm +VOLUME /data ENV RUST_BACKTRACE 1 -CMD ["/home/rsidm/target/release/rsidm"] +CMD ["/home/rsidm/target/release/rsidmd", "server", "-D", "/data/kanidm.db"] diff --git a/designs/auth.rst b/designs/auth.rst index 7a6c2eaf1..a1faa50a9 100644 --- a/designs/auth.rst +++ b/designs/auth.rst @@ -345,7 +345,7 @@ With regard to forwarding tokens (no consideration is made to security of this system yet), method two probably is the best, but you need token constraint to make sure you can't replay to another host. - +https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984 Brain Dump Internal Details =========================== diff --git a/rsidmd/src/lib/async_log.rs b/rsidmd/src/lib/async_log.rs index 35a9a2a60..46577cc32 100644 --- a/rsidmd/src/lib/async_log.rs +++ b/rsidmd/src/lib/async_log.rs @@ -66,7 +66,7 @@ impl Handler for EventLog { type Result = (); fn handle(&mut self, event: AuditScope, _: &mut SyncContext) -> Self::Result { - info!("audit: {}", event); + debug!("audit: {}", event); } } diff --git a/rsidmd/src/lib/be/mod.rs b/rsidmd/src/lib/be/mod.rs index 91a5d3eb0..5784f6e3f 100644 --- a/rsidmd/src/lib/be/mod.rs +++ b/rsidmd/src/lib/be/mod.rs @@ -360,8 +360,8 @@ impl BackendWriteTransaction { try_audit!( au, stmt.execute_named(&[ - (":id", &ser_entry.id as &ToSql), - (":data", &ser_entry.data as &ToSql) + (":id", &ser_entry.id as &dyn ToSql), + (":data", &ser_entry.data as &dyn ToSql) ]), "rusqlite error {:?}", OperationError::SQLiteError diff --git a/rsidmd/src/lib/core.rs b/rsidmd/src/lib/core.rs index 6edab49d2..8a3550e72 100644 --- a/rsidmd/src/lib/core.rs +++ b/rsidmd/src/lib/core.rs @@ -71,7 +71,7 @@ macro_rules! json_event_post { // `Future::and_then` can be used to merge an asynchronous workflow with a // synchronous workflow .and_then( - move |body| -> Box> { + move |body| -> Box> { // body is loaded, now we can deserialize serde-json // let r_obj = serde_json::from_slice::(&body); let r_obj = serde_json::from_slice::<$message_type>(&body); @@ -180,7 +180,7 @@ fn auth( } }) .and_then( - move |body| -> Box> { + move |body| -> Box> { let r_obj = serde_json::from_slice::(&body); // Send to the db for action diff --git a/rsidmd/src/lib/entry.rs b/rsidmd/src/lib/entry.rs index fdd7c98ca..cafad882b 100644 --- a/rsidmd/src/lib/entry.rs +++ b/rsidmd/src/lib/entry.rs @@ -415,7 +415,7 @@ impl Entry { pub fn validate( self, - schema: &SchemaTransaction, + schema: &dyn SchemaTransaction, ) -> Result, SchemaError> { let schema_classes = schema.get_classes(); let schema_attributes = schema.get_attributes(); @@ -998,7 +998,7 @@ impl Entry { pub fn gen_modlist_assert( &self, - schema: &SchemaTransaction, + schema: &dyn SchemaTransaction, ) -> Result, SchemaError> { // Create a modlist from this entry. We make this assuming we want the entry // to have this one as a subset of values. This means if we have single diff --git a/rsidmd/src/lib/filter.rs b/rsidmd/src/lib/filter.rs index b523586a7..52ba4134e 100644 --- a/rsidmd/src/lib/filter.rs +++ b/rsidmd/src/lib/filter.rs @@ -268,7 +268,10 @@ impl Filter { } } - pub fn validate(&self, schema: &SchemaTransaction) -> Result, SchemaError> { + pub fn validate( + &self, + schema: &dyn SchemaTransaction, + ) -> Result, SchemaError> { Ok(Filter { state: FilterValid { inner: self.state.inner.validate(schema)?, @@ -354,7 +357,7 @@ impl FilterComp { } } - pub fn validate(&self, schema: &SchemaTransaction) -> Result { + pub fn validate(&self, schema: &dyn SchemaTransaction) -> Result { // Optimisation is done at another stage. // This probably needs some rework diff --git a/rsidmd/src/lib/modify.rs b/rsidmd/src/lib/modify.rs index af5c5c1c8..1c966f1b2 100644 --- a/rsidmd/src/lib/modify.rs +++ b/rsidmd/src/lib/modify.rs @@ -117,7 +117,7 @@ impl ModifyList { pub fn validate( &self, - schema: &SchemaTransaction, + schema: &dyn SchemaTransaction, ) -> Result, SchemaError> { let schema_attributes = schema.get_attributes(); /* @@ -138,7 +138,6 @@ impl ModifyList { None => Err(SchemaError::InvalidAttribute), } } - // TODO: Should this be a partial value type? Modify::Removed(attr, value) => { let attr_norm = schema.normalise_attr_name(attr); match schema_attributes.get(&attr_norm) { diff --git a/rsidmd/src/server/main.rs b/rsidmd/src/server/main.rs index 7a34f0302..2ae0df106 100644 --- a/rsidmd/src/server/main.rs +++ b/rsidmd/src/server/main.rs @@ -64,6 +64,17 @@ enum Opt { RecoverAccount(RecoverAccountOpt), } +impl Opt { + fn debug(&self) -> bool { + match self { + Opt::Server(sopt) | Opt::Verify(sopt) => sopt.debug, + Opt::Backup(bopt) => bopt.serveropts.debug, + Opt::Restore(ropt) => ropt.serveropts.debug, + Opt::RecoverAccount(ropt) => ropt.serveropts.debug, + } + } +} + fn main() { // Read cli args, determine if we should backup/restore let opt = Opt::from_args(); @@ -74,7 +85,11 @@ fn main() { // Configure the server logger. This could be adjusted based on what config // says. - // ::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=info"); + if opt.debug() { + ::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=debug"); + } else { + ::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=info"); + } env_logger::init(); match opt {