From d2f5e13c97d6632fcf6a2ff43c8228b540ff1080 Mon Sep 17 00:00:00 2001 From: Firstyear Date: Fri, 22 Nov 2024 12:02:04 +1000 Subject: [PATCH] Warn when v2 options are used in v1 unixd config (#3228) Options like map_group would fail silently when version=2 wasn't set in our unix config. this detects that case and warns that it is occuring. To prevent this in the future, we deny unknown keys in v2 so that if (when?) we add v3, new keys will cause an error. --- unix_integration/resolver/src/unix_config.rs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/unix_integration/resolver/src/unix_config.rs b/unix_integration/resolver/src/unix_config.rs index 1990bd633..306f38298 100644 --- a/unix_integration/resolver/src/unix_config.rs +++ b/unix_integration/resolver/src/unix_config.rs @@ -14,8 +14,9 @@ use serde::Deserialize; use kanidm_unix_common::constants::*; +// Allowed as the large enum is only short lived at startup to the true config +#[allow(clippy::large_enum_variant)] // This bit of magic lets us deserialise the old config and the new versions. - #[derive(Debug, Deserialize)] #[serde(untagged)] enum ConfigUntagged { @@ -34,6 +35,7 @@ enum ConfigVersion { } #[derive(Debug, Deserialize)] +#[serde(deny_unknown_fields)] struct ConfigV2 { cache_db_path: Option, sock_path: Option, @@ -96,6 +98,12 @@ struct ConfigInt { hsm_pin_path: Option, hsm_type: Option, tpm_tcti_name: Option, + + // Detect and warn on values in these places. + #[serde(default)] + cache_db_path: Option, + #[serde(default)] + kanidm: Option, } #[derive(Debug, Clone, Default)] @@ -287,6 +295,11 @@ impl UnixdConfig { } fn apply_from_config_legacy(self, config: ConfigInt) -> Result { + if config.kanidm.is_some() || config.cache_db_path.is_some() { + error!("You are using version=\"2\" options in a legacy config. THESE WILL NOT WORK."); + return Err(UnixIntegrationError); + } + let map_group = config .allow_local_account_override .iter()