mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1845 commits 17 branches 59 tags 246 MiB
Commit graph

79 commits

Author SHA1 Message Date
Firstyear fbc021f487
20240221 2489 cleanup api v1 (#2573) 2024-02-27 09:25:02 +00:00
James Hodgkinson 4efdb7208f
of course I started looking at clippy things and now I can't stop (#2560) 2024-02-21 00:52:10 +00:00
James Hodgkinson 097db70c3d
prctl compile-time fixes, also chasing lints (#2558) 
* fixing up error handling for prctl calls
* minor clippy lintypoos
* making clippy happier
* clippizing a test
* more clippy-calming
* adding tpm-udev to ubuntu flows for testing
* rebuilt wasm
* moving from rg to grep because someone doesn't like nice things
* such clippy like wow
* clippy config to the rescue
 2024-02-20 18:21:33 +10:00
James Hodgkinson 84b2c4956d
Removing unused constant and updating docstring for LDAP bind address (#2556) 2024-02-20 11:10:02 +10:00
Firstyear cc28fb2c4b
Re-enable HW tpm support (#2531) 2024-02-17 01:30:08 +00:00
Firstyear 62dff7565e
Add further hardening for system services (#2542) 2024-02-17 00:11:32 +00:00
David Mulder a315d8d440
Himmelblau requires the machine key for unix_user_get (#2523) 
I need access to the machine key here in order to
send a new request to Azure for user details.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-02-13 01:11:30 +00:00
Firstyear 7567514044
Release 1.1.0-rc.16 (#2483) 2024-02-07 04:39:02 +00:00
James Hodgkinson cf87993a1c
Debian build fixes (also the book) (#2400) 
* betterer errors on things
* Adding tpm-udev as a dependency of kanidm-unixd
* fixing makefile arch error
* adding jq to deb build deps
* adding kanidm deb to autobuild
* making the debian build script more resilient
 2024-01-16 01:30:52 +00:00
David Mulder 53ef2552e1
idprovider: Provide the keystore during auth (#2385) 
Himmelblau requires access to the keystore at
auth time in order to store the id key modified
during a device join.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2023-12-22 17:06:25 +00:00
David Mulder dfc4bb5b25
db: Fix insert_tagged_hsm_key doesn't cache the hsm key (#2389) 
Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2023-12-21 23:14:03 +00:00
David Mulder bb6709d88a
daemon: Fix inverted logic on cache dir check (#2388) 
Signed-off-by: David Mulder <dmulder@samba.org>
 2023-12-22 08:43:32 +10:00
Firstyear d09c2448ff
1481 2024 access control rework (#2366) 
Rework default access controls to better separate roles and access profiles.
 2023-12-17 23:10:13 +00:00
James Hodgkinson cbadf0af9b
Unixd build/debugging updates (#2350) 
* noisy for no reason message
* updating build script to include unix modules
* adding restart config for kanidm systemd services
 2023-12-03 06:34:02 +00:00
Firstyear 85022e5e8a
Fix handling of TPM in some trait contexts (#2347) 2023-12-03 05:33:25 +00:00
Firstyear 4b097d8fdc
Expose machine key in auth phase (#2340) 2023-11-29 14:59:16 +10:00
James Hodgkinson bca2fbcf4e
Unix crossbuild scripts and docs (#2326) 
* can build now with cargo cross
 2023-11-27 06:30:21 +00:00
Firstyear 060cb729a7
Expose TPM in more interface places (#2334) 2023-11-27 14:35:59 +10:00
James Hodgkinson c1f1720ee2
Adding kanidm client config docs and notes ref #2248 (#2333) 2023-11-25 09:55:54 +10:00
James Hodgkinson 24c4f15b5e
Better errors when TPM PIN file not found (#2330) 2023-11-23 23:16:20 +00:00
Firstyear bb8914c70d
20231120 2320 sssd compat (#2328) 2023-11-22 10:18:03 +10:00
Firstyear 6dc8f1db3a
Resolve future send issue with keystore (#2311) 2023-11-20 12:46:52 +10:00
Firstyear 3bd2cc8a9f
20231101 add id cert to unixint (#2284) 2023-11-09 13:11:23 +10:00
Allan dbf476fe5e
Remove unused imports and clippy lint (#2276) 
* Fix unused import errors
* Apply clippy get_first lint
* Add contributor

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-11-01 05:54:29 +00:00
Firstyear afe9d28754
20231019 1122 account policy basics (#2245) 
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-10-22 11:16:42 +00:00
Firstyear bab268288a
Remove unused crate users (#2240) 2023-10-18 00:36:15 +00:00
Firstyear 88da55260a
Add file diagnosis (#2210) 2023-10-12 12:09:54 +10:00
James Hodgkinson 19f9fde012
Thread naming and display (#2190) 
* sometimes handlers fail
* enums are better than strings
* clippyisms
 2023-10-08 13:08:46 +10:00
Firstyear 3e345174b6
68 20230919 replication configuration (#2131) 2023-09-29 12:02:13 +10:00
James Hodgkinson a239fbdd94
Yaleman/issue989 (#2111) 
* adding version command to ssh_authorizedkys
* adding version and help to kanidm_unixd_tasks
 2023-09-16 14:22:03 +10:00
James Hodgkinson d5ed335b52
Cinco de yakko (#2108) 
* there are always more yaks
* see? ldap yaks.
* fixing stupid radius container build thing
 2023-09-16 12:11:06 +10:00
David Mulder 8401c3e1c8
Implement DeviceAuthorizationGrant for MFA (#2079) 
Himmelblau will use the DeviceAuthorizationGrant
(defined in RFC8628) to perform MFA. This commit
adds the bits to Kanidm to make that possible,
using the new pam state machine code.

Signed-off-by: David Mulder <dmulder@samba.org>
 2023-09-13 07:33:46 +10:00
Kenton Groombridge 0fb1cadbc7
Check in missing users crate for SELinux integration (#2050) 
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
 2023-09-02 15:54:22 +08:00
Firstyear da56738dea
pam multistep auth state machine (#2022) 
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
 2023-08-28 09:27:29 +10:00
Firstyear cb2136cf26
Resolve incorrect time units on timeout (#2014) 2023-08-21 14:14:32 +10:00
Firstyear 0183ae6c71
Revert "sqlite where IN for id entry (#1988)" (#1991) 
This reverts commit 46f9a36a1c.
 2023-08-17 13:47:11 +10:00
James Hodgkinson 46f9a36a1c
sqlite where IN for id entry (#1988) 
Fixes #258
 2023-08-17 13:32:41 +10:00
Firstyear 87866c568b
1982 service account access (#1985) 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
James Hodgkinson 9a6168b67d
Fixing test release (#1983) 
* Fixing cargo test --release

* more tracing less dbg
 2023-08-15 15:42:15 +10:00
James Hodgkinson 83f189fed3
error handling and web server logging fixes (#1960) 
* Fixing the setup_dev_environment script
* clippy calming
* handle_internalunixusertokenread throwing 500's without context
Fixes #1958
 2023-08-14 20:47:49 +10:00
James Hodgkinson cc79f7eba1
Are we JSON yet? Kinda. But we're closer. (#1967) 2023-08-14 08:51:44 +10:00
David Mulder 498be4f08a
resolver: Himmelblau needs old token for refresh (#1962) 
Himmelblau needs access to the old token during
a refresh otherwise the GECOS is lost (AAD
responds with everything we need except GECOS).

Signed-off-by: David Mulder <dmulder@samba.org>
 2023-08-10 07:36:36 +10:00
Firstyear 270b9f8ef2
Resolve build failiures when selinux is enabled (#1927) 2023-08-01 19:08:21 +10:00
Firstyear bf3e16cbd3
Resolve issue with publishing (#1925) 
* Resolve issue with publishing

* Fix version
 2023-08-01 17:25:32 +10:00
Firstyear cccc20ea42
20230731 release (#1921) 
* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci
 2023-07-31 22:27:21 +10:00
Firstyear 62ce42f8c1
Improve default shells for distros (#1920) 2023-07-31 14:58:27 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown (#1909) 2023-07-31 12:20:52 +10:00
Firstyear 99b761c966
20230727 unix int modularity (#1907) 2023-07-28 10:48:56 +10:00
Firstyear 9bcd8d4737
Resolve compilation issue with tpm enabled on linux (#1902) 2023-07-25 13:12:57 +10:00
Firstyear 046a6fb298
20230720 unix int modular (#1881) 
* Progress
* Db traits mostly sorted, need to get dyn working next
* updoot
 2023-07-24 00:10:37 -07:00