James Hodgkinson
4fd56f9b0a
maint: rewrite crypto Password::try_from ( #3637 )
...
* maint: rewrite crypto Password::try_from
* the shed is pink
2025-05-27 09:12:38 +10:00
James Hodgkinson
1bb5b4994e
TODO trimming ( #3641 )
...
* fix: use Url for origin instead of string
* fix: rename inputs to some oauth client functions to make naming clearer
* fix: removing HTTPOauth2Error internally
* fix: response type was wrong
* fix: clean up schema
* chore: cleaning up old TODOs
2025-05-21 12:49:24 +00:00
Firstyear
6a85e2a21b
Accept SSHA with different salt lengths ( #3629 )
2025-05-13 03:19:12 +00:00
William Brown
8189bc0bc4
Fix toml issues with strings
...
During the toml library upgrade, strings were not parsing
correctly in the x509 replication handler.
This fixes both the string parse, but also improves our
error handling to clearly show the mistake in the config
if one exists.
2025-05-09 13:10:09 +10:00
Firstyear
235e4d053a
Avoid openssl for md4 ( #3594 )
2025-05-04 07:16:40 +10:00
Firstyear
b27fd2f3de
Do not require instances to exist during optional config load ( #3591 )
...
* Do not require instances to exist during optional config load
We were incorrectly requiring every config file to have the named
instance be present during configuration loading. This led to a
situation where if /etc/kanidm/config didn't have a user configured
instance from their ~/.config/kanidm, that the cli would fail to
load.
* CLIPS FOR THE CLIP GODS
2025-05-02 04:40:23 +00:00
Firstyear
aaf43c7b06
Drop fernet in favour of JWE ( #3577 )
...
This drops the use of fernet from OAuth2 in favour of JWE. To achieve
this cleanly, we swap OAuth2 to using our internel key object handler
so that in future we can consider the use of pkcs11 devices. This also
makes it easier in general to handle any future cryptographic changes.
2025-04-30 16:42:22 +10:00
James Hodgkinson
be4818e121
Update dependencies, fix a bunch of clippy lints ( #3576 )
2025-04-24 11:25:25 +10:00
Firstyear
94b6287e27
Unify unix config parser ( #3533 )
...
* Unify unix config parser
* Document the various structs
* Compiler Update
2025-04-08 14:21:26 +10:00
Firstyear
b13951a79b
Add set-description to group tooling ( #3511 )
2025-03-18 21:54:20 +10:00
Jinna Kiisuo
1e91f244a2
packaging: Add kanidmd deb package, update documentation ( #3506 )
...
* packaging: Use cargo-deb multiarch support
This allows building all platforms from one definition,
assuming the --multiarch=foreign flag is used.
* packaging: Use correct path naming for unixd service files
While cargo-deb works around the mistake, better to name them as per the
rules: https://github.com/kornelski/cargo-deb/blob/main/systemd.md#systemd-unit-file-naming
* docs: Update book chapter on Debian packaging
* packaging: Shift Debian builds to a separate build profile
* packaging: Add deb for kanidmd
2025-03-18 12:10:42 +10:00
Firstyear
63deda350c
20250225 improve test performance ( #3459 )
...
* Ignore tests that are no longer used.
Each time a library or binary is added, that requires compilation to create
the *empty* test harness, which then is executed and takes multiple seconds
to start up, do nothing, and return success.
This removes test's for libraries that aren't actually using or running
any tests.
Additionally, each time a new test binary is added, that adds a ton of
compilation time, but also test execution time as the binary for each
test runner must start up, execute, and shutdown. So this merges all
the testkit integration tests to a single running which significantly
speeds up test execution.
* Improve IDL exists behaviour, improve memberof verification
Again to improve test performance. This improves the validation of idx
existance to be a faster SQLite call, caches the results as needed.
Memberof was taking up a large amount of time in verify phases of test
finalisation, and so a better in memory version has been added.
* Disable TLS native roots when not needed
* Cleanup tests that are hitting native certs, or do nothing at all
2025-03-04 10:36:53 +10:00
Ludea
145ffed7c6
Android support ( #3475 )
2025-02-27 11:45:33 +00:00
Firstyear
0e0e8ff844
Add crypt formats for password import ( #3458 )
...
Adds crypt md5, sha256 and sha512 allowing import of legacy credentials
from external ldap servers.
2025-02-25 11:09:34 +00:00
Sebastiano Tocci
9611a7f976
Fixes #3406 : add configurable maximum queryable attributes for LDAP ( #3431 )
2025-02-21 12:14:47 +10:00
sinavir
f40679cd52
Accept invalid certs and fix token_cache_path ( #3439 )
...
* Add accept-invalid-certs option for cli
* Fix token_cache_path behavior
---------
Co-authored-by: sinavir <sinavir@sinavir.fr>
2025-02-20 08:07:48 +00:00
Firstyear
52824b58f1
Accept lowercase ldap pwd hashes ( #3444 )
2025-02-20 04:34:27 +00:00
James Hodgkinson
c89f0c011e
20250209 pre release ( #3409 )
...
* fix: removing unused dependencies (assert_cmd, gethostname)
* chore: Release Notes
2025-02-09 10:06:01 +00:00
Firstyear
b15ff89b39
20250206 freebsd ports ( #3404 )
...
* Remove unneeded files
* Ensure we config client config for freebsd
* Improve shell handling
* Use freebsd compat nss
2025-02-09 08:57:15 +00:00
Andris Raugulis
d4c5a6f4a9
OpenBSD support ( #3381 )
...
* Implement OpenBSD support.
2025-02-03 22:39:50 +00:00
dependabot[bot]
ed76bdbfb1
Bump the all group with 22 updates ( #3376 )
...
* Bump the all group with 22 updates
Bumps the all group with 22 updates:
| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait ) | `0.1.83` | `0.1.85` |
| [bitflags](https://github.com/bitflags/bitflags ) | `2.6.0` | `2.8.0` |
| [clap](https://github.com/clap-rs/clap ) | `4.5.23` | `4.5.27` |
| [clap_complete](https://github.com/clap-rs/clap ) | `4.5.40` | `4.5.42` |
| [lodepng](https://github.com/kornelski/lodepng-rust ) | `3.10.7` | `3.11.0` |
| [openssl](https://github.com/sfackler/rust-openssl ) | `0.10.68` | `0.10.69` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2 ) | `1.0.92` | `1.0.93` |
| [reqwest](https://github.com/seanmonstar/reqwest ) | `0.12.11` | `0.12.12` |
| [rustls](https://github.com/rustls/rustls ) | `0.23.20` | `0.23.21` |
| [sd-notify](https://github.com/lnicola/sd-notify ) | `0.4.4` | `0.4.5` |
| [serde_json](https://github.com/serde-rs/json ) | `1.0.134` | `1.0.137` |
| [syn](https://github.com/dtolnay/syn ) | `2.0.93` | `2.0.96` |
| [tempfile](https://github.com/Stebalien/tempfile ) | `3.14.0` | `3.15.0` |
| [tokio](https://github.com/tokio-rs/tokio ) | `1.42.0` | `1.43.0` |
| [uuid](https://github.com/uuid-rs/uuid ) | `1.11.0` | `1.12.1` |
| [oauth2](https://github.com/ramosbugs/oauth2-rs ) | `4.4.2` | `5.0.0` |
| [cc](https://github.com/rust-lang/cc-rs ) | `1.2.6` | `1.2.10` |
| [axum-extra](https://github.com/tokio-rs/axum ) | `0.9.6` | `0.10.0` |
| [axum-macros](https://github.com/tokio-rs/axum ) | `0.4.2` | `0.5.0` |
| [fantoccini](https://github.com/jonhoo/fantoccini ) | `0.21.3` | `0.21.4` |
| [petgraph](https://github.com/petgraph/petgraph ) | `0.6.5` | `0.7.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema ) | `0.28.0` | `0.28.3` |
Updates `async-trait` from 0.1.83 to 0.1.85
- [Release notes](https://github.com/dtolnay/async-trait/releases )
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85 )
Updates `bitflags` from 2.6.0 to 2.8.0
- [Release notes](https://github.com/bitflags/bitflags/releases )
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md )
- [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0 )
Updates `clap` from 4.5.23 to 4.5.27
- [Release notes](https://github.com/clap-rs/clap/releases )
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27 )
Updates `clap_complete` from 4.5.40 to 4.5.42
- [Release notes](https://github.com/clap-rs/clap/releases )
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42 )
Updates `lodepng` from 3.10.7 to 3.11.0
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0 )
Updates `openssl` from 0.10.68 to 0.10.69
- [Release notes](https://github.com/sfackler/rust-openssl/releases )
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69 )
Updates `proc-macro2` from 1.0.92 to 1.0.93
- [Release notes](https://github.com/dtolnay/proc-macro2/releases )
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93 )
Updates `reqwest` from 0.12.11 to 0.12.12
- [Release notes](https://github.com/seanmonstar/reqwest/releases )
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md )
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12 )
Updates `rustls` from 0.23.20 to 0.23.21
- [Release notes](https://github.com/rustls/rustls/releases )
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21 )
Updates `sd-notify` from 0.4.4 to 0.4.5
- [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md )
- [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5 )
Updates `serde_json` from 1.0.134 to 1.0.137
- [Release notes](https://github.com/serde-rs/json/releases )
- [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137 )
Updates `syn` from 2.0.93 to 2.0.96
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96 )
Updates `tempfile` from 3.14.0 to 3.15.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0 )
Updates `tokio` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0 )
Updates `uuid` from 1.11.0 to 1.12.1
- [Release notes](https://github.com/uuid-rs/uuid/releases )
- [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1 )
Updates `oauth2` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/ramosbugs/oauth2-rs/releases )
- [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md )
- [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0 )
Updates `cc` from 1.2.6 to 1.2.10
- [Release notes](https://github.com/rust-lang/cc-rs/releases )
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10 )
Updates `axum-extra` from 0.9.6 to 0.10.0
- [Release notes](https://github.com/tokio-rs/axum/releases )
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0 )
Updates `axum-macros` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/tokio-rs/axum/releases )
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0 )
Updates `fantoccini` from 0.21.3 to 0.21.4
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4 )
Updates `petgraph` from 0.6.5 to 0.7.1
- [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst )
- [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1 )
Updates `jsonschema` from 0.28.0 to 0.28.3
- [Release notes](https://github.com/Stranger6667/jsonschema/releases )
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3 )
---
updated-dependencies:
- dependency-name: async-trait
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: bitflags
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: clap
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: clap_complete
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: lodepng
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: openssl
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: proc-macro2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: rustls
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: sd-notify
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: serde_json
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: syn
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: tempfile
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: tokio
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: uuid
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: oauth2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: all
- dependency-name: cc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: axum-extra
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: axum-macros
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: fantoccini
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: petgraph
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all
- dependency-name: jsonschema
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
...
Signed-off-by: dependabot[bot] <support@github.com>
* ok the otel stuff works now
* linting fixes
* fix: less parse more from_str, adding a todo
* fix: removing a TODO
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-01-29 13:57:38 +10:00
Firstyear
226274da23
20250102 freebsd client ( #3333 )
...
Support freebsd as a unix client
2025-01-04 09:22:44 +10:00
Firstyear
50a7d9d700
Allow opt-in of easter eggs ( #3308 )
...
So that we can start to add some more easter eggs to the server,
we also need to respect user preferences that may not want them.
This adds a configuration setting to the domain allowing a release
build to opt-in to easter eggs, and development builds to opt-out
of them.
2024-12-19 03:30:35 +00:00
Firstyear
1fbbf323fa
Allow reseting account policy values to defaults ( #3306 )
...
* Allow reseting account policy values to defaults
This allows the admin cli to reset account policy values to
defaults by clearing them. Due to how account policy resolves
a lack of value implies the default.
2024-12-18 17:43:56 +10:00
Firstyear
db101e6d26
Clippy Lints ( #3255 )
2024-11-30 06:13:26 +00:00
James Hodgkinson
c1ed939c28
Allow OAuth2 loopback redirects if the path matches ( #3252 )
2024-11-30 05:40:05 +00:00
Firstyear
2e6d940691
Remove WASM ( #3148 )
...
liberal party took over, more cuts
2024-10-26 17:19:13 +10:00
James Hodgkinson
151a9ad90f
ripping out some extra packages ( #3146 )
2024-10-26 02:27:56 +00:00
James Hodgkinson
5a709520dc
OAuth2 Device flow foundations ( #3098 )
2024-10-26 12:08:48 +10:00
Firstyear
5a3e5f1e07
20241017 3107 token ttl ( #3114 )
2024-10-18 03:28:52 +00:00
Firstyear
8c8f72381f
Add the strict flag on client creates for developers ( #3111 )
2024-10-16 13:58:57 +10:00
Firstyear
2075125439
Working scim entry get for person ( #3088 )
2024-10-15 04:29:45 +00:00
James Hodgkinson
c8b3b6214c
Cache buster buster ( #3091 )
2024-10-15 01:54:46 +00:00
James Hodgkinson
6b48054a2e
fix(http): status content type should be JSON ( #3096 )
2024-10-15 01:28:07 +00:00
Firstyear
131ff80b32
20240921 ssh keys and unix password in credential update session ( #3056 )
2024-10-03 05:57:18 +00:00
CEbbinghaus
dc4a438c31
Feat: Adding POSIX Password fallback ( #3067 )
...
* Added Schema for credential fallback
* Added account polcity management to ac migration
* Refactored Ldap & Unix auth to be common
* removed unused methods and renamed unused fields
* Fixed LDAP missing Anonymous logic
* Added CLI argument for configuring primary cred fallback
2024-10-02 19:28:36 +10:00
micolous
2e4d19f4f8
scim_proto: fix incorrect language tag ( #3064 )
...
Co-authored-by: Firstyear <william@blackhats.net.au>
2024-09-26 03:10:31 +00:00
Firstyear
fb3e7a01bc
Resolve incorrect SCIM Sync serialisation ( #3047 )
2024-09-17 06:27:41 +00:00
James Hodgkinson
004e263f90
CLI image error nicening ( #3037 )
...
* fix(scim_proto): fixing an issue with building due to dependencies
* feat(cli): more error message detail when things go wrong with images on the CLI
2024-09-17 04:07:43 +00:00
Chris Olstrom
3819d21593
implements additional traits for filter types ( #3036 )
...
* impl ToString for filter::AttrPath
* impl ToString for filter::ScimComplexFilter
* impl ToString for filter::ScimFilter
* impl FromStr for filter::{ScimFilter,ScimComplexFilter,AttrPath}
* derive(Serialize,Deserialize) for filter::{ScimFilter,ScimComplexFilter,AttrPath}
Signed-off-by: Chris Olstrom <chris@olstrom.com>
2024-09-12 04:17:35 +00:00
Firstyear
d3891e301f
20240810 SCIM entry basic ( #3032 )
2024-09-12 12:53:43 +10:00
Firstyear
95fc6fc5bf
20240828 Support Larger Images, Allow Custom Domain Icons ( #3016 )
...
Allow setting custom domain icons.
2024-09-05 04:19:27 +00:00
Firstyear
0fac1f301e
20240820 SCIM value ( #2992 )
...
Add the basics of scim value serialisation to entries.
2024-08-29 11:38:00 +10:00
Firstyear
2ea8a0ed88
Expose group rename ( #2999 )
...
* feat(cli): add group rename
2024-08-23 06:18:29 +00:00
James Hodgkinson
7c3deab2c4
enforcen den clippen ( #2990 )
...
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
2024-08-21 00:32:56 +00:00
Firstyear
239f4594dd
20240810 application passwords ( #2968 )
...
Add the server side components for application passwords. This adds the needed datatypes and handling via the ldap components.
Admin tools will be in a follow up PR.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Co-authored-by: Samuel Cabrero <scabrero@suse.de>
2024-08-20 06:44:37 +00:00
Firstyear
b1099dfa3b
Foundations of pam/nss multi resolver
...
This starts the support for multi-resolver operation as well as a system level nss resolver.
In future we'll add the remaining support to auth system users with pam too.
2024-08-15 23:54:35 +00:00
James Hodgkinson
9f7c8310eb
fixing println bug ( #2935 )
...
* fixing println bug
* fixing schema requirement for OpenAPI
* moar scim
* moar OpenAPI
* schema all the things
2024-07-27 10:01:21 +10:00
James Hodgkinson
5313c5ffdc
Reorganising the daemon startup so it doesn't fail with OTEL configured ( #2934 )
2024-07-26 07:28:35 +00:00
Firstyear
21d3f82aa1
Add scim proto to kanidm, refactor to improve serde performance. ( #2933 )
2024-07-26 15:54:28 +10:00
