mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-04-18 16:25:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document the various structs

Browse source
This commit is contained in:
William Brown 2025-04-05 13:52:03 +10:00
parent debaf002bf
commit f9ca11aca1
1 changed files with 44 additions and 26 deletions

70
unix_integration/common/src/unix_config.rs
View file

@ -1,3 +1,12 @@
//! This is configuration definitions and parser for the various unix integration
//! tools and services. This needs to support a number of use cases like pam/nss
//! modules parsing the config quickly and the unix daemon which has to connect to
//! various backend sources.
//!
//! To achieve this the configuration has two main sections - the configuration
//! specification which will be parsed by the tools, then the configuration as
//! relevant to that tool.
use std::env; use std::env;
use std::fmt::{Display, Formatter}; use std::fmt::{Display, Formatter};
use std::fs::File; use std::fs::File;
@ -51,6 +60,25 @@ impl Display for UidAttr {
} }
} }
#[derive(Debug, Clone, Default)]
pub enum HsmType {
#[cfg_attr(not(feature = "tpm"), default)]
Soft,
#[cfg_attr(feature = "tpm", default)]
TpmIfPossible,
Tpm,
}
impl Display for HsmType {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self {
HsmType::Soft => write!(f, "Soft"),
HsmType::TpmIfPossible => write!(f, "Tpm if possible"),
HsmType::Tpm => write!(f, "Tpm"),
}
}
}
// Allowed as the large enum is only short lived at startup to the true config // Allowed as the large enum is only short lived at startup to the true config
#[allow(clippy::large_enum_variant)] #[allow(clippy::large_enum_variant)]
// This bit of magic lets us deserialise the old config and the new versions. // This bit of magic lets us deserialise the old config and the new versions.
@ -73,6 +101,7 @@ enum ConfigVersion {
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
/// This is the version 2 of the JSON configuration specification for the unixd suite.
struct ConfigV2 { struct ConfigV2 {
cache_db_path: Option<String>, cache_db_path: Option<String>,
sock_path: Option<String>, sock_path: Option<String>,
@ -113,6 +142,7 @@ struct KanidmConfigV2 {
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
/// This is the version 1 of the JSON configuration specification for the unixd suite.
struct ConfigInt { struct ConfigInt {
db_path: Option<String>, db_path: Option<String>,
sock_path: Option<String>, sock_path: Option<String>,
@ -137,33 +167,28 @@ struct ConfigInt {
hsm_type: Option<String>, hsm_type: Option<String>,
tpm_tcti_name: Option<String>, tpm_tcti_name: Option<String>,
// Detect and warn on values in these places. // Detect and warn on values in these places - this is to catch
// when someone is using a v2 value on a v1 config.
#[serde(default)] #[serde(default)]
cache_db_path: Option<toml::value::Value>, cache_db_path: Option<toml::value::Value>,
#[serde(default)] #[serde(default)]
kanidm: Option<toml::value::Value>, kanidm: Option<toml::value::Value>,
} }
#[derive(Debug, Clone, Default)] // ========================================================================
pub enum HsmType {
#[cfg_attr(not(feature = "tpm"), default)]
Soft,
#[cfg_attr(feature = "tpm", default)]
TpmIfPossible,
Tpm,
}
impl Display for HsmType { #[derive(Debug)]
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { /// This is the parsed Kanidm provider configuration that the Unixd resolver
match self { /// will use to connect to Kanidm.
HsmType::Soft => write!(f, "Soft"), pub struct KanidmConfig {
HsmType::TpmIfPossible => write!(f, "Tpm if possible"), pub conn_timeout: u64,
HsmType::Tpm => write!(f, "Tpm"), pub request_timeout: u64,
} pub pam_allowed_login_groups: Vec<String>,
} pub map_group: Vec<GroupMap>,
} }
#[derive(Debug)] #[derive(Debug)]
/// This is the parsed configuration for the Unixd resolver.
pub struct UnixdConfig { pub struct UnixdConfig {
pub cache_db_path: String, pub cache_db_path: String,
pub sock_path: String, pub sock_path: String,
@ -182,18 +207,9 @@ pub struct UnixdConfig {
pub hsm_type: HsmType, pub hsm_type: HsmType,
pub hsm_pin_path: String, pub hsm_pin_path: String,
pub tpm_tcti_name: String, pub tpm_tcti_name: String,
pub kanidm_config: Option<KanidmConfig>, pub kanidm_config: Option<KanidmConfig>,
} }
#[derive(Debug)]
pub struct KanidmConfig {
pub conn_timeout: u64,
pub request_timeout: u64,
pub pam_allowed_login_groups: Vec<String>,
pub map_group: Vec<GroupMap>,
}
impl Default for UnixdConfig { impl Default for UnixdConfig {
fn default() -> Self { fn default() -> Self {
UnixdConfig::new() UnixdConfig::new()
@ -540,6 +556,8 @@ impl UnixdConfig {
} }
#[derive(Debug)] #[derive(Debug)]
/// This is the parsed configuration that will be used by pam/nss tools that need fast access to
/// only the socket and timeout information related to the resolver.
pub struct KanidmUnixdConfig { pub struct KanidmUnixdConfig {
pub sock_path: String, pub sock_path: String,
// pub conn_timeout: u64, // pub conn_timeout: u64,