20230731 release (#1921)

* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci

Cargo.toml

@@ -23,7 +23,8 @@ members = [
     "libs/crypto",
     "libs/file_permissions",
     "libs/profiles",
-    "libs/sketching"
+    "libs/sketching",
+    "libs/users"
 ]
 
 [workspace.package]
@@ -58,7 +59,7 @@ concread = "^0.4.1"
 # concread = { path = "../concread" }
 cron = "0.12.0"
 crossbeam = "0.8.1"
-criterion = "^0.4.0"
+criterion = "^0.5.1"
 csv = "1.2.2"
 dialoguer = "0.10.4"
 dyn-clone = "^1.0.12"
@@ -68,10 +69,10 @@ fs2 = "^0.4.3"
 futures = "^0.3.28"
 futures-concurrency = "^3.1.0"
 futures-util = { version = "^0.3.21", features = ["sink"] }
+git2 = "0.17.2"
 gloo = "^0.8.1"
 hashbrown = { version = "0.14.0", features = ["serde", "inline-more", "ahash"] }
 hex = "^0.4.3"
-http-types = "^2.12.0"
 hyper = { version = "0.14.27", features = ["full"] }
 hyper-tls = "0.5.0"
 idlset = "^0.2.4"
@@ -85,7 +86,7 @@ kanidm_lib_file_permissions = { path = "./libs/file_permissions" }
 kanidm_client = { path = "./libs/client", version = "1.1.0-alpha.11" }
 kanidm_proto = { path = "./proto", version = "1.1.0-alpha.11" }
 kanidm_unix_int = { path = "./unix_integration" }
-last-git-commit = "0.2.0"
+kanidm_utils_users = { path = "./libs/users" }
 # REMOVE this
 lazy_static = "^1.4.0"
 ldap3_client = "^0.3.5"
@@ -156,7 +157,6 @@ tss-esapi = "^7.2.0"
 
 url = "^2.4.0"
 urlencoding = "2.1.3"
-users = "^0.11.0"
 uuid = "^1.4.1"
 
 wasm-bindgen = "^0.2.86"

libs/file_permissions/Cargo.toml

@@ -11,4 +11,4 @@ edition = "2021"
 whoami = {workspace = true}
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
-users = {workspace = true}
+kanidm_utils_users = { workspace = true }

libs/file_permissions/src/lib.rs

@@ -9,7 +9,7 @@ use std::os::macos::fs::MetadataExt;
 // #[cfg(target_os = "windows")]
 // use std::os::windows::fs::MetadataExt;
 #[cfg(target_family = "unix")]
-use users::{get_current_gid, get_current_uid};
+use kanidm_utils_users::{get_current_gid, get_current_uid};
 
 #[cfg(target_family = "unix")]
 /// Check a given file's metadata is read-only for the current user (true = read-only)

libs/profiles/Cargo.toml

@@ -24,3 +24,4 @@ base64 = { workspace = true }
 
 [build-dependencies]
 base64 = { workspace = true }
+git2 = { workspace = true }

libs/profiles/build.rs

@@ -3,6 +3,18 @@ use std::{env, fs};
 
 use base64::{engine::general_purpose, Engine as _};
 
+// We do this here so it's only actually run and checked once.
+fn determine_git_rev() -> Option<String> {
+    let path = PathBuf::from("../../");
+    let repo = git2::Repository::open(&path).ok()?;
+    let head = repo.head().ok()?;
+    let commit = head.peel_to_commit().ok()?;
+    let mut commit_id = commit.id().to_string();
+    // Now we actually want to trim this to only 10 chars?
+    commit_id.truncate(10);
+    Some(commit_id)
+}
+
 fn main() {
     println!("cargo:rerun-if-env-changed=KANIDM_BUILD_PROFILE");
 
@@ -17,6 +29,10 @@ fn main() {
 
     let contents = general_purpose::STANDARD.encode(data);
 
+    if let Some(commit_rev) = determine_git_rev() {
+        println!("cargo:rustc-env=KANIDM_PKG_COMMIT_REV={}", commit_rev);
+    }
+
     println!("cargo:rerun-if-changed={}", profile_path.to_str().unwrap());
 
     println!("cargo:rustc-env=KANIDM_BUILD_PROFILE={}", profile);

libs/profiles/src/lib.rs

@@ -1,7 +1,6 @@
-use std::env;
-
 use base64::{engine::general_purpose, Engine as _};
 use serde::Deserialize;
+use std::env;
 
 #[derive(Debug, Deserialize)]
 #[allow(non_camel_case_types)]
@@ -74,6 +73,19 @@ pub fn apply_profile() {
     let profile_cfg: ProfileConfig = toml::from_slice(&data)
         .unwrap_or_else(|_| panic!("Failed to parse profile - {} - {}", profile, contents));
 
+    // We have to setup for our pkg version to be passed into things correctly
+    // now. This relies on the profile build.rs to get the commit rev if present, but
+    // we combine it with the local package version
+    let version = env!("CARGO_PKG_VERSION");
+    if let Some(commit_rev) = option_env!("KANIDM_PKG_COMMIT_REV") {
+        println!(
+            "cargo:rustc-env=KANIDM_PKG_VERSION={} {}",
+            version, commit_rev
+        );
+    } else {
+        println!("cargo:rustc-env=KANIDM_PKG_VERSION={}", version);
+    };
+
     match profile_cfg.cpu_flags {
         CpuOptLevel::apple_m1 => println!("cargo:rustc-env=RUSTFLAGS=-Ctarget-cpu=apple_m1"),
         CpuOptLevel::none => {}

libs/sketching/Cargo.toml

@@ -12,7 +12,6 @@ homepage = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-async-trait = { workspace = true }
 num_enum = { workspace = true }
 tracing = { workspace = true, features = ["attributes"] }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }

libs/users/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "kanidm_utils_users"
+version.workspace = true
+authors.workspace = true
+rust-version.workspace = true
+edition.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+
+[dependencies]
+libc = { workspace = true }

libs/users/src/lib.rs

@@ -0,0 +1,17 @@
+use libc::{gid_t, uid_t};
+
+pub fn get_current_uid() -> uid_t {
+    unsafe { libc::getuid() }
+}
+
+pub fn get_effective_uid() -> uid_t {
+    unsafe { libc::geteuid() }
+}
+
+pub fn get_current_gid() -> gid_t {
+    unsafe { libc::getgid() }
+}
+
+pub fn get_effective_gid() -> gid_t {
+    unsafe { libc::getegid() }
+}

project_docs/RELEASE_CHECKLIST.md

@@ -3,6 +3,7 @@
 ```bash
 cargo install cargo-audit
 cargo install cargo-outdated
+cargo install cargo-udeps
 ```
 
 ## Check List
@@ -13,6 +14,7 @@ cargo install cargo-outdated
 
 ### Cargo Tasks
 
+- [ ] cargo udeps
 - [ ] cargo outdated -R
 - [ ] cargo audit
 - [ ] cargo test

proto/Cargo.toml

@@ -29,5 +29,3 @@ urlencoding = { workspace = true }
 uuid = { workspace = true, features = ["serde"] }
 webauthn-rs-proto = { workspace = true }
 
-[target.'cfg(not(target_family = "wasm"))'.dependencies]
-last-git-commit = { workspace = true }

proto/src/lib.rs

@@ -13,7 +13,6 @@ pub mod internal;
 pub mod messages;
 pub mod oauth2;
 pub mod scim_v1;
-pub mod utils;
 pub mod v1;
 
 pub use webauthn_rs_proto as webauthn;

proto/src/utils.rs

@@ -1,15 +0,0 @@
-/// Shows the version string and current git commit status at build
-pub fn show_version(name: &str) {
-    println!("{}", get_version(name));
-}
-
-pub fn get_version(name: &str) -> String {
-    let version = env!("CARGO_PKG_VERSION");
-    #[cfg(not(target_family = "wasm"))]
-    match last_git_commit::LastGitCommit::new().build() {
-        Ok(value) => format!("{} {} {}", name, version, value.id().short()),
-        Err(_) => format!("{} {}", name, version),
-    }
-    #[cfg(target_family = "wasm")]
-    format!("{} {}", name, version)
-}

server/core/Cargo.toml

@@ -26,9 +26,7 @@ cron = { workspace = true }
 futures = { workspace = true }
 futures-util = { workspace = true }
 http = "0.2.9"
-http-types = { workspace = true }
 hyper = { workspace = true }
-hyper-tls = { workspace = true }
 kanidm_proto = { workspace = true }
 kanidmd_lib = { workspace = true }
 ldap3_proto = { workspace = true }
@@ -36,7 +34,6 @@ libc = { workspace = true }
 openssl = { workspace = true }
 rand = { workspace = true }
 regex = { workspace = true }
-reqwest = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 sketching = { workspace = true }
@@ -50,7 +47,7 @@ tower-http = { version = "0.4.3", features = ["tokio", "tracing", "uuid", "compr
 tracing = { workspace = true, features = ["attributes"] }
 tracing-subscriber = { workspace = true, features = ["time", "json"] }
 urlencoding = { workspace = true }
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v4" ] }
 
 [build-dependencies]

server/core/src/admin.rs

@@ -2,6 +2,7 @@ use crate::actors::v1_write::QueryServerWriteV1;
 use crate::CoreAction;
 use bytes::{BufMut, BytesMut};
 use futures::{SinkExt, StreamExt};
+use kanidm_utils_users::get_current_uid;
 use serde::{Deserialize, Serialize};
 use std::error::Error;
 use std::io;
@@ -10,7 +11,6 @@ use tokio::net::{UnixListener, UnixStream};
 use tokio::sync::broadcast;
 use tokio_util::codec::{Decoder, Encoder, Framed};
 use tracing::{span, Level};
-use users::get_current_uid;
 use uuid::Uuid;
 
 #[derive(Serialize, Deserialize, Debug)]

server/daemon/Cargo.toml

@@ -40,7 +40,7 @@ sd-notify.workspace = true
 whoami = { workspace = true }
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 tikv-jemallocator = { workspace = true }
 
 [build-dependencies]

server/daemon/src/main.rs

@@ -26,6 +26,8 @@ use std::process::ExitCode;
 
 use clap::{Args, Parser, Subcommand};
 use futures::{SinkExt, StreamExt};
+#[cfg(not(target_family = "windows"))] // not needed for windows builds
+use kanidm_utils_users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 use kanidmd_core::admin::{AdminTaskRequest, AdminTaskResponse, ClientCodec};
 use kanidmd_core::config::{Configuration, LogLevel, ServerConfig};
 use kanidmd_core::{
@@ -39,8 +41,6 @@ use sketching::tracing_forest::util::*;
 use sketching::tracing_forest::{self};
 use tokio::net::UnixStream;
 use tokio_util::codec::Framed;
-#[cfg(not(target_family = "windows"))] // not needed for windows builds
-use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 #[cfg(target_family = "windows")] // for windows builds
 use whoami;
 
@@ -236,7 +236,7 @@ async fn main() -> ExitCode {
 
             // print the app version and bail
             if let KanidmdOpt::Version(_) = &opt.commands {
-                kanidm_proto::utils::show_version("kanidmd");
+                println!("kanidmd {}",  env!("KANIDM_PKG_VERSION"));
                 return ExitCode::SUCCESS
             };
 

server/lib/Cargo.toml

@@ -20,7 +20,6 @@ name = "scaling_10k"
 harness = false
 
 [dependencies]
-async-trait = { workspace = true }
 base64 = { workspace = true }
 base64urlsafedata = { workspace = true }
 compact_jwt = { workspace = true, features = ["openssl"] }
@@ -28,7 +27,7 @@ concread = { workspace = true }
 dyn-clone = { workspace = true }
 fernet = { workspace = true, features = ["fernet_danger_timestamps"] }
 filetime = { workspace = true }
-futures-util = { workspace = true }
+# futures-util = { workspace = true }
 hashbrown = { workspace = true }
 idlset = { workspace = true }
 kanidm_proto = { workspace = true }
@@ -74,7 +73,7 @@ whoami = { workspace = true }
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
 rusqlite = { workspace = true }
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 
 [features]
 # default = [ "libsqlite3-sys/bundled", "openssl/vendored" ]

server/lib/src/utils.rs

@@ -16,7 +16,7 @@ use touch::file as touch_file;
 // use std::os::windows::fs::MetadataExt;
 use crate::prelude::*;
 #[cfg(target_family = "unix")]
-use users::{get_current_gid, get_current_uid};
+use kanidm_utils_users::{get_current_gid, get_current_uid};
 
 #[derive(Debug)]
 pub struct DistinctAlpha;

server/web_ui/Cargo.toml

@@ -18,7 +18,6 @@ repository = "https://github.com/kanidm/kanidm/"
 crate-type = ["cdylib", "rlib"]
 
 [dependencies]
-compact_jwt = { workspace = true }
 gloo = { workspace = true }
 js-sys = { workspace = true }
 kanidm_proto = { workspace = true, features = ["wasm"] }
@@ -28,7 +27,6 @@ serde_json = { workspace = true }
 serde-wasm-bindgen = { workspace = true }
 wasm-bindgen = { workspace = true }
 wasm-bindgen-futures = { workspace = true }
-wasm-bindgen-test = { workspace = true }
 url = { workspace = true }
 uuid = { workspace = true }
 yew = { workspace = true, features = ["csr"] }
@@ -65,3 +63,6 @@ features = [
     "Response",
     "Window",
 ]
+
+[dev-dependencies]
+wasm-bindgen-test = { workspace = true }

server/web_ui/src/lib.rs

@@ -34,11 +34,11 @@ mod views;
 
 mod components;
 
+/// This is the entry point of the web front end. This triggers the manager app to load and begin
+/// it's event loop.
 #[cfg_attr(target_arch = "wasm32", wasm_bindgen)]
 pub fn run_app() -> Result<(), JsValue> {
     yew::Renderer::<manager::ManagerApp>::new().render();
-    #[cfg(debug_assertions)]
-    gloo::console::debug!(kanidm_proto::utils::get_version("kanidmd_web_ui"));
     Ok(())
 }
 

tools/cli/Cargo.toml

@@ -54,6 +54,7 @@ zxcvbn = { workspace=true }
 [build-dependencies]
 clap = { workspace = true, features = ["derive"] }
 clap_complete = { workspace=true }
+profiles = { workspace = true }
 uuid = { workspace=true }
 url = { workspace = true }
 

tools/cli/build.rs

@@ -12,6 +12,8 @@ include!("src/opt/ssh_authorizedkeys.rs");
 include!("src/opt/kanidm.rs");
 
 fn main() {
+    profiles::apply_profile();
+
     let outdir = match env::var_os("OUT_DIR") {
         None => return,
         Some(outdir) => outdir,

tools/cli/src/cli/lib.rs

@@ -100,7 +100,7 @@ impl KanidmClientOpt {
             KanidmClientOpt::System { commands } => commands.debug(),
             KanidmClientOpt::Recycle { commands } => commands.debug(),
             KanidmClientOpt::Version {} => {
-                kanidm_proto::utils::show_version("kanidm");
+                println!("kanidm {}", env!("KANIDM_PKG_VERSION"));
                 true
             }
         }

tools/iam_migrations/freeipa/Cargo.toml

@@ -34,7 +34,7 @@ uuid = { workspace = true, features = ["serde"] }
 kanidmd_lib = { workspace = true }
 
 [target.'cfg(target_family = "unix")'.dependencies]
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 
 [build-dependencies]
 clap = { workspace = true, features = ["derive"] }

tools/iam_migrations/freeipa/src/main.rs

@@ -55,7 +55,7 @@ use kanidm_proto::scim_v1::{
 use kanidmd_lib::utils::file_permissions_readonly;
 
 #[cfg(target_family = "unix")]
-use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
+use kanidm_utils_users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 
 use ldap3_client::{
     proto, proto::LdapFilter, LdapClient, LdapClientBuilder, LdapSyncRepl, LdapSyncReplEntry,

tools/iam_migrations/ldap/Cargo.toml

@@ -34,7 +34,7 @@ uuid = { workspace = true, features = ["serde"] }
 kanidmd_lib = { workspace = true }
 
 [target.'cfg(target_family = "unix")'.dependencies]
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 
 [build-dependencies]
 clap = { workspace = true, features = ["derive"] }

tools/iam_migrations/ldap/src/main.rs

@@ -49,7 +49,7 @@ use kanidm_proto::scim_v1::{
 use kanidmd_lib::utils::file_permissions_readonly;
 
 #[cfg(target_family = "unix")]
-use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
+use kanidm_utils_users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 
 use ldap3_client::{proto, LdapClientBuilder, LdapSyncRepl, LdapSyncReplEntry, LdapSyncStateValue};
 

tools/orca/src/main.rs

@@ -233,7 +233,7 @@ async fn main() {
     debug!("cli -> {:?}", opt);
     match opt {
         OrcaOpt::Version(_opt) => {
-            println!("{}", kanidm_proto::utils::get_version("orca"));
+            println!("orca {}", env!("KANIDM_PKG_VERSION"));
             std::process::exit(0);
         }
         OrcaOpt::TestConnection(opt) => {

unix_integration/Cargo.toml

@@ -73,7 +73,7 @@ uuid = { workspace = true }
 walkdir = { workspace = true }
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
-users = { workspace = true }
+kanidm_utils_users = { workspace = true }
 
 [dev-dependencies]
 kanidmd_core = { workspace = true }

unix_integration/src/daemon.rs

@@ -33,6 +33,7 @@ use kanidm_unix_common::unix_config::KanidmUnixdConfig;
 use kanidm_unix_common::unix_passwd::{parse_etc_group, parse_etc_passwd};
 use kanidm_unix_common::unix_proto::{ClientRequest, ClientResponse, TaskRequest, TaskResponse};
 
+use kanidm_utils_users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 use libc::umask;
 use sketching::tracing_forest::traits::*;
 use sketching::tracing_forest::util::*;
@@ -45,7 +46,6 @@ use tokio::sync::mpsc::{channel, Receiver, Sender};
 use tokio::sync::oneshot;
 use tokio::time;
 use tokio_util::codec::{Decoder, Encoder, Framed};
-use users::{get_current_gid, get_current_uid, get_effective_gid, get_effective_uid};
 
 use notify_debouncer_full::{new_debouncer, notify::RecursiveMode, notify::Watcher};
 

unix_integration/src/ssh_authorizedkeys.rs

@@ -31,10 +31,7 @@ async fn main() -> ExitCode {
         ::std::env::set_var("RUST_LOG", "kanidm=debug,kanidm_client=debug");
     }
     if opt.version {
-        println!(
+        println!("ssh_authorizedkeys {}", env!("KANIDM_PKG_VERSION"));
-            "{}",
-            kanidm_proto::utils::get_version("kanidm_ssh_authorizedkeys")
-        );
         return ExitCode::SUCCESS;
     }
     sketching::tracing_subscriber::fmt::init();

unix_integration/src/tasks_daemon.rs

@@ -23,6 +23,7 @@ use futures::{SinkExt, StreamExt};
 use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH;
 use kanidm_unix_common::unix_config::KanidmUnixdConfig;
 use kanidm_unix_common::unix_proto::{HomeDirectoryInfo, TaskRequest, TaskResponse};
+use kanidm_utils_users::{get_effective_gid, get_effective_uid};
 use libc::{lchown, umask};
 use sketching::tracing_forest::traits::*;
 use sketching::tracing_forest::util::*;
@@ -31,7 +32,6 @@ use tokio::net::UnixStream;
 use tokio::sync::broadcast;
 use tokio::time;
 use tokio_util::codec::{Decoder, Encoder, Framed};
-use users::{get_effective_gid, get_effective_uid};
 use walkdir::WalkDir;
 
 #[cfg(all(target_family = "unix", feature = "selinux"))]

unix_integration/src/tool.rs

@@ -212,7 +212,7 @@ async fn main() -> ExitCode {
             ExitCode::SUCCESS
         }
         KanidmUnixOpt::Version { debug: _ } => {
-            println!("{}", kanidm_proto::utils::get_version("kanidm-unix"));
+            println!("kanidm-unix {}", env!("KANIDM_PKG_VERSION"));
             ExitCode::SUCCESS
         }
     }