mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-06-09 09:37:46 +02:00
Code Issues Actions10 Packages Projects Releases Wiki Activity
1934 commits 17 branches 66 tags 262 MiB
Commit graph

18 commits

Author SHA1 Message Date
Firstyear 0ce333ff5a
Allow providers to be box dyn () 
* Allow providers to be box dyn in kanidm_unixd
* Massive refactor
 2024-06-16 22:21:25 +00:00
dependabot[bot] a3f66225de
Bump the all group with 7 updates () 
* Bump the all group with 7 updates

Bumps the all group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [kanidm-hsm-crypto](https://github.com/kanidm/hsm-crypto) | `0.1.6` | `0.2.0` |
| [base64](https://github.com/marshallpierce/rust-base64) | `0.21.7` | `0.22.1` |
| [lru](https://github.com/jeromefroe/lru-rs) | `0.8.1` | `0.12.3` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.84` | `1.0.85` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.37.0` | `1.38.0` |
| [axum-auth](https://github.com/owez/axum-auth) | `0.4.1` | `0.7.0` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.17.1` | `0.18.0` |


Updates `kanidm-hsm-crypto` from 0.1.6 to 0.2.0
- [Commits](https://github.com/kanidm/hsm-crypto/commits)

Updates `base64` from 0.21.7 to 0.22.1
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.21.7...v0.22.1)

Updates `lru` from 0.8.1 to 0.12.3
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jeromefroe/lru-rs/compare/0.8.1...0.12.3)

Updates `proc-macro2` from 1.0.84 to 1.0.85
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.84...1.0.85)

Updates `tokio` from 1.37.0 to 1.38.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.37.0...tokio-1.38.0)

Updates `axum-auth` from 0.4.1 to 0.7.0
- [Commits](https://github.com/owez/axum-auth/commits)

Updates `jsonschema` from 0.17.1 to 0.18.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.17.1...rust-v0.18.0)

---
updated-dependencies:
- dependency-name: kanidm-hsm-crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: base64
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: lru
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* updating for kanidm-hsm change

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-06-08 11:25:09 +00:00
David Mulder bec8c9058c
Windows Hello Authentication requirements () 
* Add keystore to unix_user_online_auth_init

Himmelblau needs this to check whether the device
is enrolled in the domain (via the presence of
TPM keys), to know whether to attempt Windows
Hello PIN auth, or to enroll first in the domain.

Signed-off-by: David Mulder <dmulder@samba.org>

* Implement PIN setup

After enrolling in a domain, Himmelblau will
prompt the user to choose a pin, which will be
the auth value for an associated Windows Hello
TPM key. We loop here until the values match.
Otherwise no validation is performed. Validation
can be done by the id provider, and can send an
additional request to PAM if the PIN is invalid.

Signed-off-by: David Mulder <dmulder@samba.org>

* Add Pin authentication

After setting up a Windows Hello pin, users can
authentication using this pin.

Signed-off-by: David Mulder <dmulder@samba.org>
 2024-04-05 08:50:37 +10:00
Firstyear c09daa4643
kanidm unixd mfa capabilities () 
Improve the support for the resolver to support MFA options with pam. This enables async task spawning and cancelation via the resolver backend as well. 

Co-authored-by: David Mulder <dmulder@samba.org>
 2024-03-28 01:17:21 +00:00
Firstyear fbc021f487
20240221 2489 cleanup api v1 () 2024-02-27 09:25:02 +00:00
David Mulder a315d8d440
Himmelblau requires the machine key for unix_user_get () 
I need access to the machine key here in order to
send a new request to Azure for user details.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-02-13 01:11:30 +00:00
David Mulder 53ef2552e1
idprovider: Provide the keystore during auth () 
Himmelblau requires access to the keystore at
auth time in order to store the id key modified
during a device join.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2023-12-22 17:06:25 +00:00
Firstyear 85022e5e8a
Fix handling of TPM in some trait contexts () 2023-12-03 05:33:25 +00:00
Firstyear 4b097d8fdc
Expose machine key in auth phase () 2023-11-29 14:59:16 +10:00
Firstyear 060cb729a7
Expose TPM in more interface places () 2023-11-27 14:35:59 +10:00
Firstyear bb8914c70d
20231120 2320 sssd compat () 2023-11-22 10:18:03 +10:00
Firstyear 6dc8f1db3a
Resolve future send issue with keystore () 2023-11-20 12:46:52 +10:00
David Mulder 8401c3e1c8
Implement DeviceAuthorizationGrant for MFA () 
Himmelblau will use the DeviceAuthorizationGrant
(defined in RFC8628) to perform MFA. This commit
adds the bits to Kanidm to make that possible,
using the new pam state machine code.

Signed-off-by: David Mulder <dmulder@samba.org>
 2023-09-13 07:33:46 +10:00
Firstyear da56738dea
pam multistep auth state machine () 
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
 2023-08-28 09:27:29 +10:00
Firstyear 87866c568b
1982 service account access () 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
David Mulder 498be4f08a
resolver: Himmelblau needs old token for refresh () 
Himmelblau needs access to the old token during
a refresh otherwise the GECOS is lost (AAD
responds with everything we need except GECOS).

Signed-off-by: David Mulder <dmulder@samba.org>
 2023-08-10 07:36:36 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown () 2023-07-31 12:20:52 +10:00
Firstyear 99b761c966
20230727 unix int modularity () 2023-07-28 10:48:56 +10:00