mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-22 20:26:30 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

20250209 pre release (#3409)

Browse source 
* fix: removing unused dependencies (assert_cmd, gethostname)
* chore: Release Notes
This commit is contained in:
James Hodgkinson 2025-02-09 21:06:01 +11:00 committed by GitHub
parent b15ff89b39
commit c89f0c011e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 406 additions and 348 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

382
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

9
Cargo.toml
View file

@ -4,7 +4,7 @@ authors = [
"William Brown <william@blackhats.net.au>",
"James Hodgkinson <james@terminaloutcomes.com>",
]
rust-version = "1.79"
rust-version = "1.80"
edition = "2021"
license = "MPL-2.0"
homepage = "https://github.com/kanidm/kanidm/"
@ -165,15 +165,15 @@ clap_complete = "^4.5.42"
chrono = "^0.4.39"
compact_jwt = { version = "^0.4.2", default-features = false }
concread = "^0.5.3"
cron = "0.12.1"
cron = "0.15.0"
crossbeam = "0.8.4"
csv = "1.3.1"
dialoguer = "0.10.4"
dialoguer = "0.11.0"
dhat = "0.3.3"
dyn-clone = "^1.0.17"
fernet = "^0.2.1"
filetime = "^0.2.24"
fs4 = "^0.8.3"
fs4 = "^0.12.0"
futures = "^0.3.31"
futures-util = { version = "^0.3.30", features = ["sink"] }
gix = { version = "0.64.0", default-features = false }
@ -225,7 +225,6 @@ opentelemetry-semantic-conventions = "0.27.0"
tracing-opentelemetry = "0.28.0"
tracing-core = "0.1.33"
paste = "^1.0.14"
peg = "0.8"
pkg-config = "^0.3.31"
prctl = "1.0.0"

4
README.md
View file

@ -1,8 +1,6 @@
# Kanidm - Simple and Secure Identity Management
<p align="center">
<img src="https://raw.githubusercontent.com/kanidm/kanidm/master/artwork/logo-small.png" width="20%" height="auto" />
</p>
![Kanidm Logo](artwork/logo-small.png)
## About

157
RELEASE_NOTES.md
View file

@ -1,42 +1,93 @@
<p align="center">
<img src="https://raw.githubusercontent.com/kanidm/kanidm/master/artwork/logo-small.png" width="20%" height="auto" />
</p>
# Kanidm Release Notes
# Getting Started
![Kanidm Logo](artwork/logo-small.png)
## Getting Started
To get started, see the [kanidm book]
# Feedback
## Feedback
We value your feedback! First, please see our [code of conduct]. If you have questions please join
our [gitter community channel] so that we can help. If you find a bug or issue, we'd love you to
report it to our [issue tracker].
# Release Notes
## Release Notes
## 2024-11-01 - Kanidm 1.4.0
### 2025-02-09 - Kanidm 1.5.0
This is the latest stable release of the Kanidm Identity Management project. Every release is the
combined effort of our community and we appreciate their invaluable contributions, comments,
questions, feedback and support.
You should review our
[support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md) as this
[support documentation] as this
may have important effects on your distribution or upgrades in future.
Before upgrading you should review
[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes)
[our upgrade documentation]
### 1.4.0 Important Changes
#### 1.5.0 Important Changes
- There has been a lot of tweaks to how cookies are handled in this release, if you're having issues with the login flow please clear all cookies as an initial troubleshooting step.
#### 1.5.0 Release Highlights
- Many updates to the UI!
- SSH Keys in Credentials Update (#3027)
- Improved error message when PassKey is missing PIN (mainly for Firefox) (#3403)
- Fix the password reset form and possible resolver issue (#3398)
- Fixed unrecoverable error page doesn't include logo or domain name (#3352)
- Add support for prefers-color-scheme using Bootstrap classes. Dark mode! (#3327)
- Automatically trigger passkeys on login view (#3307)
- Two new operating systems!
- Initial OpenBSD support (#3381)
- FreeBSD client (#3333)
- Many SCIM-related improvements
- SCIM access control (#3359)
- SCIM put (#3151)
- OAuth2 Things
- Allow OAuth2 with empty `state` parameter (#3396)
- Allow POST on oauth userinfo (#3395)
- Add OAuth2 `response_mode=fragment` (#3335)
- Add CORS headers to jwks and userinfo (#3283)
- Allowing SPN query with non-SPN structured data in LDAP (#3400)
- Correctly return that uuid2spn changed on domain rename (#3402)
- RADIUS startup fixing (#3388)
- Repaired systemd reload notifications (#3355)
- Add `ssh_publickeys` as a claim for OAuth2 (#3346)
- Allow modification of password minimum length (#3345)
- PAM on Debian, enable use_first_pass by default (#3326)
- Allow opt-in of easter eggs (#3308)
- Allow reseting account policy values to defaults (#3306)
- Ignore system users for UPG synthesiseation (#3297)
- Allow group managers to modify entry-managed-by (#3272)
And many more!
### 2024-11-01 - Kanidm 1.4.0
This is the latest stable release of the Kanidm Identity Management project. Every release is the
combined effort of our community and we appreciate their invaluable contributions, comments,
questions, feedback and support.
You should review our
[support documentation] as this
may have important effects on your distribution or upgrades in future.
Before upgrading you should review
[our upgrade documentation]
#### 1.4.0 Important Changes
- The web user interface has been rewritten and now supports theming. You will notice that your
domain displayname is included in a number of locations on upgrade, and that you can set
your own domain and OAuth2 client icons.
- OAuth2 strict redirect uri is now required. Ensure you have read
[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes).
[our upgrade documentation].
and taken the needed steps before upgrading.
### 1.4.0 Release Highlights
#### 1.4.0 Release Highlights
- Improve handling of client timeouts when the server is under high load
- Resolve a minor issue preventing some credential updates from saving
@ -65,20 +116,20 @@ and taken the needed steps before upgrading.
- Rewrite the entire web frontend to be simpler and faster, allowing more features to be added
in the future. Greatly improves user experience as the pages are now very fast to load!
## 2024-08-07 - Kanidm 1.3.0
### 2024-08-07 - Kanidm 1.3.0
This is the latest stable release of the Kanidm Identity Management project. Every release is the
combined effort of our community and we appreciate their invaluable contributions, comments,
questions, feedback and support.
You should review our
[support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md) as this
[support documentation] as this
may have important effects on your distribution or upgrades in future.
Before upgrading you should review
[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes)
[our upgrade documentation]
### 1.3.0 Important Changes
#### 1.3.0 Important Changes
- New GID number constraints are now enforced in this version. To upgrade from 1.2.0 all accounts
and groups must adhere to these rules. See [our upgrade documentation]. about tools to help you
@ -89,7 +140,7 @@ Before upgrading you should review
by PassKeys which give a better user experience.
- Kanidm now supports FreeBSD and Illumos in addition to Linux
### 1.3.0 Release Highlights
#### 1.3.0 Release Highlights
- TOTP update user interface improvements
- Improved error messages when a load balancer is failing
@ -112,24 +163,24 @@ Before upgrading you should review
- Strict redirect URI enforcement in OAuth2
- Substring indexing for improved search performance
## 2024-05-01 - Kanidm 1.2.0
### 2024-05-01 - Kanidm 1.2.0
This is the first stable release of the Kanidm Identity Management project. We want to thank every
one in our community who has supported to the project to this point with their invaluable
contributions, comments, questions, feedback and support.
Importantly this release makes a number of changes to our project's support processes. You should
review our [support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md)
review our [support documentation]
as this may have important effects on your distribution or upgrades in future.
### 1.2.0 Important Changes
#### 1.2.0 Important Changes
- On upgrade all OAuth2 sessions and user sessions will be reset due to changes in cryptographic key
handling. This does not affect api tokens.
- There is a maximum limit of 48 interactive sessions for persons where older sessions are
automatically removed.
### 1.2.0 Release Highlights
#### 1.2.0 Release Highlights
- The book now contains a list of supported RFCs and standards
- Add code challenge methods to OIDC discovery
@ -154,7 +205,7 @@ as this may have important effects on your distribution or upgrades in future.
- Migrate cryptographic key handling to an object model with future HSM support
- Limit maximum active sessions on an account to 48
## 2024-02-07 - Kanidm 1.1.0-rc.16
### 2024-02-07 - Kanidm 1.1.0-rc.16
This is the sixteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
help get feedback and ideas from the community on how we can continue to make this project better.
@ -163,7 +214,7 @@ This is the final release candidate before we publish a release version. We beli
server interfaces are stable and reliable enough for people to depend on, and to develop external
tools to interact with Kanidm.
### 1.1.0-rc.16 Release Highlights
#### 1.1.0-rc.16 Release Highlights
- Replication for two node environments is now supported
- Account policy supports password minimum length
@ -182,7 +233,7 @@ tools to interact with Kanidm.
- Support RFC6749 Client Credentials Grant
- Support custom claim maps in OIDC
## 2023-10-31 - Kanidm 1.1.0-beta14
### 2023-10-31 - Kanidm 1.1.0-beta14
This is the fourteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
help get feedback and ideas from the community on how we can continue to make this project better.
@ -191,7 +242,7 @@ At this point we believe we are on the final stretch to making something we cons
ready". After this we will start to ship release candidates as our focus will now be changing to
finish our production components and the stability of the API's for longer term support.
### 1.1.0-beta14 Release Highlights
#### 1.1.0-beta14 Release Highlights
- Replication is in Beta! Please test carefully!
- Web UI WASM has been split up, significantly improving the responsiveness.
@ -205,7 +256,7 @@ finish our production components and the stability of the API's for longer term
- Removed a lot of uses of `unwrap` and `expect` to improve reliability.
- Account policy framework is now in place.
## 2023-05-01 - Kanidm 1.1.0-beta13
### 2023-05-01 - Kanidm 1.1.0-beta13
This is the thirteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
help get feedback and ideas from the community on how we can continue to make this project better.
@ -214,7 +265,7 @@ At this point we believe we are on the final stretch to making something we cons
ready". After this we will start to ship release candidates as our focus will now be changing to
finish our production components and the stability of the API's for longer term support.
### 1.1.0-beta13 Release Highlights
#### 1.1.0-beta13 Release Highlights
- Replication foundations
- Full implementation of replication refresh
@ -255,7 +306,7 @@ finish our production components and the stability of the API's for longer term
- Improve create-reset-token user experience
- Improve self-healing for some reference issues
## 2023-05-01 - Kanidm 1.1.0-alpha12
### 2023-05-01 - Kanidm 1.1.0-alpha12
This is the twelfth alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
@ -266,7 +317,7 @@ done so yet is we haven't decided if we want to commit to the current API layout
There are still things we want to change there. Otherwise the server is stable and reliable for
production usage.
### Release Highlights
#### 1.1.0-alpha12 Release Highlights
- Allow full server content replication in testing (yes we're finally working on replication!)
- Improve OAuth2 to allow scoped members to see RS they can access for UI flows
@ -286,7 +337,7 @@ production usage.
- Add exclusive process lock to daemon
- Allow dns/rdns in ldap search contexts
## 2023-02-01 - Kanidm 1.1.0-alpha11
### 2023-02-01 - Kanidm 1.1.0-alpha11
This is the eleventh alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
@ -296,7 +347,7 @@ The project is shaping up very nicely, and a beta will be coming soon! The main
done so yet is we haven't decided if we want to commit to the current API layout and freeze it yet.
There are still things we want to change there. Otherwise the server is stable and reliable.
### Release Highlights
#### 1.1.0-alpha11 Release Highlights
- Support /etc/skel home dir templates in kanidm-unixd
- Improve warning messages for openssl when a cryptographic routine is not supported
@ -317,7 +368,7 @@ There are still things we want to change there. Otherwise the server is stable a
- Improve the access control module to evaluate access in a clearer way
- Allow synced users to correct modify their local sessions
## 2022-11-01 - Kanidm 1.1.0-alpha10
### 2022-11-01 - Kanidm 1.1.0-alpha10
This is the tenth alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
@ -325,12 +376,12 @@ for a future supported release.
The project is shaping up very nicely, and a beta will be coming soon!
### Upgrade Note
#### 1.1.0-alpha10 Upgrade Note
This version will _require_ TLS on all servers, even if behind a load balancer or TLS terminating
proxy. You should be ready for this change when you upgrade to the latest version.
### Release Highlights
#### 1.1.0-alpha10 Release Highlights
- Management and tracking of authenticated sessions
- Make upgrade migrations more robust when upgrading over multiple versions
@ -352,7 +403,7 @@ proxy. You should be ready for this change when you upgrade to the latest versio
- Cleanup of expired authentication sessions
- Improved administration of password badlists
## 2022-08-02 - Kanidm 1.1.0-alpha9
### 2022-08-02 - Kanidm 1.1.0-alpha9
This is the ninth alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
@ -360,7 +411,7 @@ for a future supported release.
The project is shaping up very nicely, and a beta will be coming soon!
### Release Highlights
#### 1.1.0-alpha9 Release Highlights
- Inclusion of a Python3 API library
- Improve orca usability
@ -376,13 +427,13 @@ The project is shaping up very nicely, and a beta will be coming soon!
- CTAP2+ support in Webauthn via CLI
- Radius supports EAP TLS identities in addition to EAP PEAP
## 2022-05-01 - Kanidm 1.1.0-alpha8
### 2022-05-01 - Kanidm 1.1.0-alpha8
This is the eighth alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
better for a future supported release.
### Release Highlights
#### 1.1.0-alpha8 Release Highlights
- Foundations for cryptographic trusted device authentication
- Foundations for new user onboarding and credential reset
@ -398,13 +449,13 @@ better for a future supported release.
- Highlight that the WebUI is in alpha to prevent confusion
- Remove sync only client paths
## 2022-01-01 - Kanidm 1.1.0-alpha7
### 2022-01-01 - Kanidm 1.1.0-alpha7
This is the seventh alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
better for a future supported release.
### Release Highlights
#### 1.1.0-alpha7 Release Highlights
- OAuth2 scope to group mappings
- Webauthn subdomain support
@ -415,7 +466,7 @@ better for a future supported release.
- Addition of email address attributes
- Web UI improvements for OAuth2
## 2021-10-01 - Kanidm 1.1.0-alpha6
### 2021-10-01 - Kanidm 1.1.0-alpha6
This is the sixth alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
@ -424,7 +475,7 @@ for a future supported release.
It's also a special release as Kanidm has just turned 3 years old! Thank you all for helping to
bring the project this far! 🎉 🦀
### Release Highlights
#### 1.1.0-alpha6 Release Highlights
- Support backup codes as MFA in case of lost TOTP/Webauthn
- Dynamic menus on CLI for usernames when multiple sessions exist
@ -444,13 +495,13 @@ bring the project this far! 🎉 🦀
- Improvements to performance with high cache sizes
- Session tokens persist over a session restart
## 2021-07-07 - Kanidm 1.1.0-alpha5
### 2021-07-07 - Kanidm 1.1.0-alpha5
This is the fifth alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
for a future supported release.
### Release Highlights
#### 1.1.0-alpha5 Release Highlights
- Fix a major defect in how backup/restore worked
- Improve query performance by caching partial queries
@ -465,13 +516,13 @@ for a future supported release.
- Statistical analysis of indexes to improve query optimisation
- Handle broken TOTP authenticator apps
## 2021-04-01 - Kanidm 1.1.0-alpha4
### 2021-04-01 - Kanidm 1.1.0-alpha4
This is the fourth alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
better for a future supported release.
### Release Highlights
#### 1.1.0-alpha4 Release Highlights
- Performance Improvements
- TOTP CLI enrollment
@ -485,13 +536,13 @@ better for a future supported release.
- Badlist checked at login to determine account compromise
- Minor Fixes for attribute display
## 2021-01-01 - Kanidm 1.1.0-alpha3
### 2021-01-01 - Kanidm 1.1.0-alpha3
This is the third alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
for a future supported release.
### Release Highlights
#### 1.1.0-alpha3 Release Highlights
- Account "valid from" and "expiry" times.
- Rate limiting and softlocking of account credentials to prevent bruteforcing.
@ -499,13 +550,13 @@ for a future supported release.
- Rewrite of json authentication protocol components.
- Unixd will cache "non-existent" items to improve nss/pam latency.
## 2020-10-01 - Kanidm 1.1.0-alpha2
### 2020-10-01 - Kanidm 1.1.0-alpha2
This is the second alpha series release of the Kanidm Identity Management project. Alpha releases
are to help get feedback and ideas from the community on how we can continue to make this project
better for a future supported release.
### Release Highlights
#### 1.1.0-alpha2 Release Highlights
- SIMD key lookups in container builds for datastructures
- Server and Client hardening warnings for running users and file permissions
@ -517,7 +568,7 @@ better for a future supported release.
- Reduction in memory footprint during searches
- Change authentication from cookies to auth-bearer tokens
## 2020-07-01 - Kanidm 1.1.0-alpha1
### 2020-07-01 - Kanidm 1.1.0-alpha1
This is the first alpha series release of the Kanidm Identity Management project. Alpha releases are
to help get feedback and ideas from the community on how we can continue to make this project better
@ -536,7 +587,7 @@ people. I would especially like to thank:
- Samuel Cabrero (scabrero)
- Jim McDonough
### Release Highlights
#### 1.1.0-alpha1 Release Highlights
- A working identity management server, including database
- RADIUS authentication and docker images
@ -552,3 +603,5 @@ people. I would especially like to thank:
[gitter community channel]: https://gitter.im/kanidm/community
[code of conduct]: https://github.com/kanidm/kanidm/blob/master/CODE_OF_CONDUCT.md
[kanidm book]: https://kanidm.github.io/kanidm/stable/
[our upgrade documentation]: https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes
[support documentation]: https://github.com/kanidm/kanidm/blob/master/book/src/support.md

40
book/src/developers/release_checklist.md
View file

@ -3,57 +3,58 @@
## Pre-Reqs
```bash
cargo install cargo-audit
cargo install cargo-outdated
cargo install cargo-udeps
cargo install cargo-machete
cargo install --force \
cargo-audit \
cargo-outdated \
cargo-udeps \
cargo-machete
```
## Pre Release Check List
### Start a release
- [ ] git checkout -b YYYYMMDD-pre-release
- [ ] `git checkout -b "$(date +%Y%m%d)-pre-release"`
### Cargo Tasks
- [ ] Update MSRV if applicable
- [ ] cargo update
- [ ] `cargo update`
- [ ] `RUSTC_BOOTSTRAP=1 cargo udeps`
- [ ] `cargo machete`
- [ ] cargo outdated -R
- [ ] cargo audit
- [ ] cargo test
- [ ] `cargo machete --with-metadata`
- [ ] `cargo outdated -R`
- [ ] `cargo audit`
- [ ] `cargo test`
- [ ] setup a local instance and run orca (TBD)
- [ ] store a copy an an example db (TBD)
### Code Changes
- [ ] upgrade crypto policy values if required
- [ ] upgrade crypto policy values if required (see `libs/crypto/src/lib.rs` -> `CryptoPolicy`)
- [ ] check for breaking db entry changes.
### Administration
- [ ] Update `RELEASE_NOTES.md`
- [ ] Update `README.md`
- [ ] cargo test
- [ ] git commit -a -m "Release Notes"
- [ ] git push origin YYYYMMDD-pre-release
- [ ] `cargo test`
- [ ] `git commit -a -m 'chore: Release Notes'`
- [ ] `git push origin "$(date +%Y%m%d)-pre-release"`
- [ ] Merge PR
### Git Management
- [ ] git checkout master
- [ ] git pull
- [ ] `git checkout master`
- [ ] `git pull`
- [ ] git checkout -b 1.x.0 (Note no v to prevent ref conflict)
- [ ] update version to set pre tag in ./Cargo.toml
- [ ] git commit -m "Release 1.x.0-pre"
- [ ] git tag v1.x.0-pre
- [ ] `git commit -m "Release $(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')-pre"`
- [ ] `git tag v$(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')-pre`
- [ ] Final inspect of the branch
- [ ] git push origin 1.x.0 --tags
- [ ] `git push origin "$(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')" --tags`
- [ ] github -> Ensure release branch is protected
@ -106,4 +107,3 @@ cargo install cargo-machete
### Distro
- [ ] vendor and release to build.opensuse.org

4
libs/crypto/Cargo.toml
View file

@ -35,3 +35,7 @@ x509-cert = { workspace = true, features = ["pem"] }
[dev-dependencies]
sketching = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["openssl-sys"]

3
libs/file_permissions/Cargo.toml
View file

@ -16,8 +16,5 @@ doctest = false
[dependencies]
[target.'cfg(target_family = "windows")'.dependencies]
whoami = { workspace = true }
[target.'cfg(not(target_family = "windows"))'.dependencies]
kanidm_utils_users = { workspace = true }

4
libs/profiles/Cargo.toml
View file

@ -28,3 +28,7 @@ toml = { workspace = true }
[build-dependencies]
base64 = { workspace = true }
gix = { workspace = true, default-features = false }
[package.metadata.cargo-machete]
ignored = ["gix"]

1
libs/sketching/Cargo.toml
View file

@ -17,7 +17,6 @@ test = false
doctest = false
[dependencies]
gethostname = "0.5.0"
num_enum = { workspace = true }
opentelemetry = { workspace = true, features = ["metrics"] }
opentelemetry-otlp = { workspace = true, default-features = false, features = [

14
libs/users/Cargo.toml
View file

@ -1,13 +1,13 @@
[package]
name = "kanidm_utils_users"
description = "Kanidm utility crate"
version.workspace = true
authors.workspace = true
rust-version.workspace = true
edition.workspace = true
license.workspace = true
homepage.workspace = true
repository.workspace = true
version = { workspace = true }
authors = { workspace = true }
rust-version = { workspace = true }
edition = { workspace = true }
license = { workspace = true }
homepage = { workspace = true }
repository = { workspace = true }
[lib]
test = true

8
server/core/Cargo.toml
View file

@ -45,7 +45,6 @@ ldap3_proto = { workspace = true }
libc = { workspace = true }
openssl = { workspace = true }
opentelemetry = { workspace = true, features = ["logs"] }
# opentelemetry_api = { workspace = true, features = ["logs"] }
qrcode = { workspace = true, features = ["svg"] }
regex = { workspace = true }
serde = { workspace = true, features = ["derive"] }
@ -94,3 +93,10 @@ kanidmd_lib = { workspace = true, features = ["test"] }
[build-dependencies]
kanidm_build_profiles = { workspace = true }
[package.metadata.cargo-machete]
ignored = [
"opentelemetry", # feature gated
"kanidm_build_profiles",
]

11
server/daemon/Cargo.toml
View file

@ -37,11 +37,11 @@ reqwest = { workspace = true }
tokio = { workspace = true, features = ["rt-multi-thread", "macros", "signal"] }
tokio-util = { workspace = true, features = ["codec"] }
tracing = { workspace = true }
serde_json.workspace = true
serde_json = { workspace = true }
[target.'cfg(target_os = "linux")'.dependencies]
sd-notify.workspace = true
prctl.workspace = true
sd-notify = { workspace = true }
prctl = { workspace = true }
[target.'cfg(target_family = "windows")'.dependencies]
whoami = { workspace = true }
@ -53,7 +53,10 @@ kanidm_utils_users = { workspace = true }
mimalloc = { workspace = true }
[build-dependencies]
serde = { workspace = true, features = ["derive"] }
clap = { workspace = true, features = ["derive"] }
clap_complete = { workspace = true }
kanidm_build_profiles = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["clap_complete", "kanidm_build_profiles"]

2
server/daemon/src/main.rs
View file

@ -20,7 +20,7 @@ static ALLOC: dhat::Alloc = dhat::Alloc;
use std::fs::{metadata, File};
// This works on both unix and windows.
use fs4::FileExt;
use fs4::fs_std::FileExt;
use kanidm_proto::messages::ConsoleOutputMode;
use sketching::otel::TracingPipelineGuard;
use std::io::Read;

8
server/lib/Cargo.toml
View file

@ -79,7 +79,7 @@ webauthn-rs = { workspace = true, features = [
webauthn-rs-core = { workspace = true }
zxcvbn = { workspace = true }
serde_with = { workspace = true, features = ["time_0_3", "base64"] }
hex.workspace = true
hex = { workspace = true }
lodepng = { workspace = true }
image = { workspace = true, default-features = false, features = [
"gif",
@ -113,3 +113,9 @@ mimalloc = { workspace = true }
hashbrown = { workspace = true }
kanidm_build_profiles = { workspace = true }
regex = { workspace = true }
[package.metadata.cargo-machete]
ignored = [
"openssl-sys", # see note above
"whoami", # used in windows
]

8
server/testkit/Cargo.toml
View file

@ -49,7 +49,6 @@ url = { workspace = true, features = ["serde"] }
kanidm_build_profiles = { workspace = true }
[dev-dependencies]
assert_cmd = "2.0.16"
compact_jwt = { workspace = true }
escargot = "0.5.13"
# used for webdriver testing
@ -59,11 +58,14 @@ oauth2_ext = { workspace = true, default-features = false, features = [
"reqwest",
] }
openssl = { workspace = true }
petgraph = { version = "0.7.1", features = ["serde", "serde-1"] }
petgraph = { version = "0.7.1", features = ["serde"] }
serde_json = { workspace = true }
time = { workspace = true }
tokio-openssl = { workspace = true }
kanidm_lib_crypto = { workspace = true }
uuid = { workspace = true }
webauthn-authenticator-rs = { workspace = true }
jsonschema = "0.28.3"
jsonschema = "0.29.0"
[package.metadata.cargo-machete]
ignored = ["escargot", "futures", "kanidm_build_profiles"]

3
server/testkit/examples/enumerating_access.rs
View file

@ -3,14 +3,13 @@
//! - @yaleman
//!
use std::collections::{BTreeMap, BTreeSet};
// use kanidm_client::KanidmClient;
use kanidmd_lib::constants::entries::Attribute;
use kanidmd_lib::constants::groups::{idm_builtin_admin_groups, idm_builtin_non_admin_groups};
use kanidmd_lib::prelude::{builtin_accounts, EntryInitNew};
use petgraph::graphmap::{AllEdges, GraphMap, NodeTrait};
use petgraph::Directed;
use serde::{Deserialize, Serialize};
use std::collections::{BTreeMap, BTreeSet};
use uuid::Uuid;
#[derive(Clone, Deserialize, Serialize)]

5
tools/cli/Cargo.toml
View file

@ -58,7 +58,7 @@ tokio = { workspace = true, features = ["rt", "macros", "fs", "signal"] }
url = { workspace = true, features = ["serde"] }
uuid = { workspace = true }
zxcvbn = { workspace = true }
lazy_static.workspace = true
lazy_static = { workspace = true }
regex = { workspace = true }
[dev-dependencies]
@ -119,3 +119,6 @@ assets = [
],
]
maintainer-scripts = "debian/"
[package.metadata.cargo-machete]
ignored = ["clap_complete", "kanidm_build_profiles"]

13
tools/device_flow/Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "kanidm_device_flow"
description = "Kanidm Device Flow Client"
description = "Kanidm Device Flow Example Client"
documentation = "https://kanidm.github.io/kanidm/stable/"
version = { workspace = true }
authors = { workspace = true }
@ -18,15 +18,12 @@ doctest = false
[features]
[dependencies]
kanidm_proto = { workspace = true }
anyhow = { workspace = true }
kanidm_proto = { workspace = true }
oauth2 = "5.0.0"
reqwest = { version = "0.12.12", default-features = false, features = [
reqwest = { workspace = true, default-features = false, features = [
"rustls-tls",
] }
tokio = { workspace = true, features = ["full"] }
url = { workspace = true }
tracing = { workspace = true }
sketching = { workspace = true }
base64.workspace = true
tokio = { workspace = true, features = ["full"] }
tracing = { workspace = true }

3
tools/iam_migrations/freeipa/Cargo.toml
View file

@ -39,3 +39,6 @@ kanidm_utils_users = { workspace = true }
[build-dependencies]
clap = { workspace = true, features = ["derive"] }
clap_complete = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["clap_complete"]

3
tools/iam_migrations/ldap/Cargo.toml
View file

@ -42,3 +42,6 @@ clap_complete = { workspace = true }
[dev-dependencies]
sketching = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["clap_complete"]

2
tools/orca/Cargo.toml
View file

@ -42,3 +42,5 @@ mimalloc = { workspace = true }
[build-dependencies]
kanidm_build_profiles = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["kanidm_build_profiles"]

3
unix_integration/common/Cargo.toml
View file

@ -37,3 +37,6 @@ tracing = { workspace = true }
[build-dependencies]
kanidm_build_profiles = { workspace = true }
[package.metadata.cargo-machete]
ignored = ["kanidm_build_profiles"]

23
unix_integration/nss_kanidm/Cargo.toml
View file

@ -12,8 +12,8 @@ repository = { workspace = true }
[lib]
name = "nss_kanidm"
crate-type = [ "cdylib" ]
path = "src/lib.rs"
crate-type = ["cdylib"]
path = "src/lib.rs"
[dependencies]
kanidm_unix_common = { workspace = true }
@ -21,7 +21,6 @@ kanidm_unix_common = { workspace = true }
[target.'cfg(not(target_family = "windows"))'.dependencies]
libnss = { workspace = true }
libc = { workspace = true }
paste = { workspace = true }
lazy_static = { workspace = true }
[target."cfg(target_os = \"freebsd\")".build-dependencies]
@ -37,15 +36,27 @@ depends = ""
section = "network"
priority = "optional"
assets = [
# Empty on purpose
# Empty on purpose
]
[package.metadata.deb.variants.aarch64-unknown-linux-gnu]
merge-assets.append = [
[ "target/release/libnss_kanidm.so", "usr/lib/aarch64-linux-gnu/libnss_kanidm.so.2", "644"],
[
"target/release/libnss_kanidm.so",
"usr/lib/aarch64-linux-gnu/libnss_kanidm.so.2",
"644",
],
]
[package.metadata.deb.variants.x86_64-unknown-linux-gnu]
merge-assets.append = [
[ "target/release/libnss_kanidm.so", "usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2", "644"],
[
"target/release/libnss_kanidm.so",
"usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2",
"644",
],
]
[package.metadata.cargo-machete]
ignored = ["cc", "lazy_static"]

33
unix_integration/pam_kanidm/Cargo.toml
View file

@ -13,8 +13,8 @@ repository = { workspace = true }
[lib]
name = "pam_kanidm"
crate-type = [ "cdylib" ]
path = "src/lib.rs"
crate-type = ["cdylib"]
path = "src/lib.rs"
[dependencies]
kanidm_unix_common = { workspace = true }
@ -37,17 +37,36 @@ section = "network"
priority = "optional"
maintainer-scripts = "debian/"
assets = [
# Empty on purpose
# Empty on purpose
]
[package.metadata.deb.variants.aarch64-unknown-linux-gnu]
merge-assets.append = [
[ "target/release/libpam_kanidm.so", "usr/lib/aarch64-linux-gnu/security/pam_kanidm.so", "644"],
[ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
[
"target/release/libpam_kanidm.so",
"usr/lib/aarch64-linux-gnu/security/pam_kanidm.so",
"644",
],
[
"debian/kanidm.pam",
"usr/share/pam-configs/kanidm",
"644",
],
]
[package.metadata.deb.variants.x86_64-unknown-linux-gnu]
merge-assets.append = [
[ "target/release/libpam_kanidm.so", "usr/lib/x86_64-linux-gnu/security/pam_kanidm.so", "644"],
[ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
[
"target/release/libpam_kanidm.so",
"usr/lib/x86_64-linux-gnu/security/pam_kanidm.so",
"644",
],
[
"debian/kanidm.pam",
"usr/share/pam-configs/kanidm",
"644",
],
]
[package.metadata.cargo-machete]
ignored = ["pkg-config"]

11
unix_integration/resolver/Cargo.toml
View file

@ -52,7 +52,7 @@ test = true
doctest = false
[dependencies]
async-trait.workspace = true
async-trait = { workspace = true }
bytes = { workspace = true }
clap = { workspace = true, features = ["derive", "env"] }
dialoguer = { workspace = true }
@ -89,8 +89,8 @@ uuid = { workspace = true }
walkdir = { workspace = true }
[target.'cfg(target_os = "linux")'.dependencies]
sd-notify.workspace = true
prctl.workspace = true
sd-notify = { workspace = true }
prctl = { workspace = true }
[target.'cfg(not(target_family = "windows"))'.dependencies]
kanidm_utils_users = { workspace = true }
@ -135,6 +135,9 @@ assets = [
]
maintainer-scripts = "debian/"
systemd-units = [
{ unit-name = "kanidm-unixd", enable = true},
{ unit-name = "kanidm-unixd", enable = true},
{ unit-name = "kanidm-unixd-tasks", enable = true},
]
[package.metadata.cargo-machete]
ignored = ["kanidm_build_profiles", "clap_complete"]