mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
495 commits 17 branches 59 tags 246 MiB
Commit graph

80 commits

Author SHA1 Message Date
Firstyear 22682279aa
20211216 tracing cleanup (#627) 2021-12-17 13:54:13 +10:00
Firstyear 42df4bf1a3
Refactor of value and addition of base types for business attributes (#626) 2021-12-16 10:13:03 +10:00
Firstyear a09c1bc169
fixes (#589) 2021-10-10 08:44:58 +10:00
William Brown c9f4b1dc2e (cargo-release) version 1.1.0-alpha.6 2021-10-01 11:44:25 +10:00
James Hodgkinson ea8801f23d
Improving logging and docs around unixd/PAM/NSS (#577) 2021-09-06 07:48:37 +10:00
Quinn a3c0b8ccfe
Customized tracing for tide::Middleware logging (#544) 2021-08-19 11:04:24 +10:00
James Hodgkinson eb4b25719b
fixes #557, adds a check for the kanidm_unixd socket file and bails if not (#560) 2021-08-08 09:54:21 +10:00
Firstyear 87c6b45fbd
add tokio feature to async-std (#555) 2021-08-04 14:51:09 +10:00
James Hodgkinson 8737a7ad78
making 📎 slightly happier (#551) 2021-08-02 10:54:55 +10:00
James Hodgkinson 6ff74c976e
Auto-publishing the book and rustdoc. (#534) 2021-07-24 11:12:35 +10:00
William Brown 4be329e946 (cargo-release) version 1.1.0-alpha.5 2021-07-07 12:04:12 +10:00
Firstyear 1b146bd00d
Fix readonly check (#496) 2021-06-27 11:30:40 +10:00
cuberoot74088 675146e6c0
check user shell (#392) (#490) 2021-06-23 19:42:39 +10:00
cuberoot74088 f3554d80cf
Set default shell to bin/sh (#488) 2021-06-19 15:35:11 +10:00
James Hodgkinson 6b696b1923
unixd will now bail if startup tests fail (#476) 2021-06-15 11:54:04 +10:00
Firstyear d978c9db77
Fix for unixd issue (#460) 2021-05-27 21:17:37 +10:00
James Hodgkinson 1f98018513
444 - client's config URI missing and more file open handling (#446) 2021-05-21 15:19:36 +10:00
Firstyear 78f780910e
Fix proxy usage in tests (#443) 2021-05-20 07:58:11 +10:00
Firstyear e88ac01aca
20210509 cleanup clippy and audit name (#437) 2021-05-09 22:06:04 +10:00
Firstyear 6901a5a545
Orca - a load testing framework for Kanidm (#431) 2021-05-06 21:15:12 +10:00
James Hodgkinson de431451f4
Making clippy happy (#420) 2021-04-25 11:35:56 +10:00
James Hodgkinson 1f991c84da
More debug messages (#413) 2021-04-16 10:49:24 +10:00
James Hodgkinson 495113e607
merging upstream (#411) 2021-04-15 08:54:28 +10:00
Firstyear d4f852837b
Improve error message when socket not found (#412) 2021-04-14 10:28:00 +10:00
Firstyear 72dfe1b035
Idlset2, query cache, acp resolve cache (#409) 2021-04-14 09:56:40 +10:00
Firstyear 19ce30a5ef
Add lto thin (#410) 2021-04-13 12:04:27 +10:00
James Hodgkinson f466e2a521
Docs update (#400) 
* I couldn't help it - minor spelling fixes
 2021-04-06 10:08:36 +10:00
William Brown 0ac5da855f (cargo-release) version 1.1.0-alpha.4 2021-04-01 10:29:22 +10:00
William Brown c95ce71fcb (cargo-release) version 1.1.0-alpha.4 2021-04-01 10:29:22 +10:00
William Brown ce0f10cd95 (cargo-release) version 1.1.0-alpha.4 2021-04-01 10:29:22 +10:00
William Brown 9bf4b0f052 Release Prep 2021-04-01 10:29:09 +10:00
Firstyear 988944a085
Add auth session header type (#398) 2021-04-01 07:14:15 +10:00
Firstyear 6bc719cdb2
Base web UI (#391) 
Initial web ui (not-functional yet)
 2021-03-26 11:22:00 +10:00
Firstyear 254a5e060c
Fix (#384) 2021-03-25 10:34:50 +10:00
Firstyear adb3f819ba
Add the unixd tasks daemon (#349) 
Fixes #180 - this adds an oddjobd style tasks daemon to the unix tools. This supports creation of home directories and the maintenance of alias symlinks to these allowing user renames. The tasks daemon is written to require root, but is seperate from the unixd daemon. Communication is via a root-only unix socket that the task daemon connects into to reduce the possibility of exploit.

Fixes #369 due to the changes to call_daemon_blocking
 2021-03-13 12:33:15 +10:00
Firstyear 6c79914395
306 command complete (#354) 
Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
 2021-02-13 13:46:22 +10:00
Firstyear 3844aadf60
Tokio1.0 (#340) 
Upgrade dependencies, with the major highlight as the upgrade to tokio 1.0
 2021-01-10 13:41:56 +10:00
William Brown b34c8935ea (cargo-release) version 1.1.0-alpha.3 2020-12-28 09:51:17 +10:00
William Brown 3582199e70 (cargo-release) version 1.1.0-alpha.3 2020-12-28 09:51:16 +10:00
William Brown eaff53bf40 (cargo-release) version 1.1.0-alpha.3 2020-12-28 09:51:16 +10:00
Firstyear 9dbb5ccb59
Unixd - NXCache of unknown items (#338) 
Previously we would only cache "hits" - items that kanidm is aware
of and did know about. However, this mean querying a raw uid/gid
number that was not known to files or kanidm would result in kanidm
doing an online check each request.

This adds a NXcache to cache misses, so they can be served as misses,
faster, and to reduce load on the main kanidm servers.

Fixes #336
 2020-12-28 09:41:16 +10:00
William Brown a008ca3cf1 Follow up on ci fixes 2020-12-08 17:33:27 +10:00
Firstyear ec48edac82
13 135 webauthn support (#332) 
Fixes #13 and Fixes #135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
 2020-12-02 11:12:07 +10:00
Firstyear 1a57aa9ea0
Fixes #324 account softlocking and rate limiting (#326) 
This provides bruteforce protection and ratelimiting to stop
classes of attacks. This impacts all areas where a password or
authentication is performed (unix, ldap, auth).
 2020-10-22 14:40:31 +10:00
Firstyear 018039b0b2
Account valid-from and expiry (#322) 
Fixes #59 account policy and lockout. This is achived with a valid_from and expire attribute that are timestamps. Cli tools are added to manage these.
 2020-10-10 10:31:51 +10:00
William Brown ca71b12b46 Fix for unixd 2020-10-01 15:31:39 +10:00
William Brown 229fe1b61c (cargo-release) version 1.1.0-alpha.2 2020-10-01 10:04:27 +10:00
William Brown 746af9c18f (cargo-release) version 1.1.0-alpha.2 2020-10-01 10:04:26 +10:00
William Brown ea0be21f4f (cargo-release) version 1.1.0-alpha.2 2020-10-01 10:04:26 +10:00
Firstyear 4bf8ef72d5
250 cookie to auth bearer (#321) 
Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar.
 2020-09-18 13:19:57 +10:00