mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2028 commits 17 branches 59 tags 246 MiB
Commit graph

2028 commits

This branch
This branch
All branches
Author SHA1 Message Date
Firstyear afc130ab89
Support 1.1 attribute in LDAP (#2720) 2024-04-24 13:46:56 +10:00
Firstyear afd674d346
Add mail support to groups (#2718) 
* Add mail support to groups

* Update libs/client/src/group.rs

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-04-23 07:08:28 +00:00
Firstyear 604adccdae
Add session limit (#2714) 2024-04-23 16:02:42 +10:00
Sebastiano Tocci 9354c180af
added profile and memberof search to the basic model (#2712) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-04-23 10:30:38 +10:00
dependabot[bot] a0f743d8c8
chore(deps): bump the all group in /pykanidm with 4 updates (#2717) 
Bumps the all group in /pykanidm with 4 updates: [aiohttp](https://github.com/aio-libs/aiohttp), [mkdocs-material](https://github.com/squidfunk/mkdocs-material), [mkdocstrings-python](https://github.com/mkdocstrings/python) and [ruff](https://github.com/astral-sh/ruff).


Updates `aiohttp` from 3.9.4 to 3.9.5
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.4...v3.9.5)

Updates `mkdocs-material` from 9.5.17 to 9.5.18
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.17...9.5.18)

Updates `mkdocstrings-python` from 1.9.2 to 1.10.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.9.2...1.10.0)

Updates `ruff` from 0.3.7 to 0.4.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.7...v0.4.1)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-22 07:25:52 +10:00
Joost Rijneveld 5485483aba
Fix typo in oauth2 error message (#2715) 
Removes a duplicate 'again'
 2024-04-20 22:55:35 +00:00
Firstyear 62bbd7e3ea
20240409 rework orca markov (#2699) 
Improve the models and what can be performed in the orca benchmarks.

---------

Co-authored-by: Sebastiano Tocci <seba.tocci@gmail.com>
Co-authored-by: Sebastiano Tocci <sebastiano.tocci@proton.me>
 2024-04-16 23:35:16 +00:00
Firstyear d7834b52e6
Begin the basis of the key provider model (#2640) 
This completely reworks how we approach and handle cryptographic keys in Kanidm. This is needed as a foundation for replication coordination which will require handling and rotation of cryptographic keys in automated ways. 

This change influences many other parts of the code base in it's implementation.

The primary influences are:

* Modification of how domain user signing keys are revoked or rotated.
* Merging of all existing service-account token keys are retired (retained) keys into the domain to simplify token signing and validation
* Allowing multiple configurations of local command line tools to swap between instances using disparate signing keys.
* Modification of key retrieval to be key id based (KID), removing the need to embed the JWK into tokens

A side effect of this change is that most user authentication sessions and oauth2 sessions will have to be re-established after upgrade. However we feel that session renewal after upgrade is an expected side effect of an upgrade. 

In the future this lays the ground work to remove a large number of legacy key handling processes that have evolved, which will allow large parts of code to be removed.
 2024-04-15 23:44:37 +00:00
dependabot[bot] dfac06608a
chore(deps): bump the all group in /pykanidm with 4 updates (#2707) 
Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [aiohttp](https://github.com/aio-libs/aiohttp), [black](https://github.com/psf/black) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.6.4 to 2.7.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.4...v2.7.0)

Updates `aiohttp` from 3.9.3 to 3.9.4
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.3...v3.9.4)

Updates `black` from 24.3.0 to 24.4.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.3.0...24.4.0)

Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-14 22:50:07 +00:00
dependabot[bot] 5deab930aa
chore(deps): bump peaceiris/actions-mdbook from 1 to 2 in the all group (#2706) 
Bumps the all group with 1 update: [peaceiris/actions-mdbook](https://github.com/peaceiris/actions-mdbook).


Updates `peaceiris/actions-mdbook` from 1 to 2
- [Release notes](https://github.com/peaceiris/actions-mdbook/releases)
- [Changelog](https://github.com/peaceiris/actions-mdbook/blob/main/CHANGELOG.md)
- [Commits](https://github.com/peaceiris/actions-mdbook/compare/v1...v2)

---
updated-dependencies:
- dependency-name: peaceiris/actions-mdbook
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-15 08:25:44 +10:00
dependabot[bot] b65172a6aa
chore(deps): bump idna from 3.4 to 3.7 in /pykanidm (#2703) 
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-12 01:57:15 +00:00
Daniil Egortsev f252035254
fix(TotpDigits): fix typo in TryFrom impl (#2702) 2024-04-11 10:31:34 +10:00
dependabot[bot] 2ef84d8606
chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2696) 
Bumps the all group in /pykanidm with 4 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material), [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings), [mkdocstrings-python](https://github.com/mkdocstrings/python) and [ruff](https://github.com/astral-sh/ruff).


Updates `mkdocs-material` from 9.5.16 to 9.5.17
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.16...9.5.17)

Updates `mkdocstrings` from 0.24.1 to 0.24.3
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.24.1...0.24.3)

Updates `mkdocstrings-python` from 1.9.0 to 1.9.2
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.9.0...1.9.2)

Updates `ruff` from 0.3.4 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.4...v0.3.5)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-08 08:28:39 +10:00
dependabot[bot] 29b7c63b91
chore(deps): bump h2 from 0.3.25 to 0.3.26 (#2694) 
Bumps [h2](https://github.com/hyperium/h2) from 0.3.25 to 0.3.26.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.25...v0.3.26)

---
updated-dependencies:
- dependency-name: h2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-06 13:07:22 +10:00
David Mulder bec8c9058c
Windows Hello Authentication requirements (#2688) 
* Add keystore to unix_user_online_auth_init

Himmelblau needs this to check whether the device
is enrolled in the domain (via the presence of
TPM keys), to know whether to attempt Windows
Hello PIN auth, or to enroll first in the domain.

Signed-off-by: David Mulder <dmulder@samba.org>

* Implement PIN setup

After enrolling in a domain, Himmelblau will
prompt the user to choose a pin, which will be
the auth value for an associated Windows Hello
TPM key. We loop here until the values match.
Otherwise no validation is performed. Validation
can be done by the id provider, and can send an
additional request to PAM if the PIN is invalid.

Signed-off-by: David Mulder <dmulder@samba.org>

* Add Pin authentication

After setting up a Windows Hello pin, users can
authentication using this pin.

Signed-off-by: David Mulder <dmulder@samba.org>
 2024-04-05 08:50:37 +10:00
dependabot[bot] 30179e900c
chore(deps): bump the all group with 1 update (#2690) 
Bumps the all group with 1 update: [actions/configure-pages](https://github.com/actions/configure-pages).


Updates `actions/configure-pages` from 4 to 5
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](https://github.com/actions/configure-pages/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/configure-pages
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-02 07:49:02 +10:00
dependabot[bot] 898ab53035
chore(deps-dev): bump the all group in /pykanidm with 1 update (#2691) 
Bumps the all group in /pykanidm with 1 update: [mkdocs-material](https://github.com/squidfunk/mkdocs-material).


Updates `mkdocs-material` from 9.5.15 to 9.5.16
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.15...9.5.16)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 09:09:53 +10:00
Georg a61038f400
Require kanidm-unixd before kanidm-unixd-tasks (#2687) 
The kanidm-unixd-tasks service refuses to start before kanidm-unixd:

```
systemd[1]: Started Kanidm Local Tasks.
(xd_tasks)[29469]: kanidm-unixd-tasks.service: Failed to set up mount namespacing: /run/systemd/unit-root/run/kanidm-unixd: No such file or directory
(xd_tasks)[29469]: kanidm-unixd-tasks.service: Failed at step NAMESPACE spawning /usr/sbin/kanidm_unixd_tasks: No such file or directory
systemd[1]: kanidm-unixd-tasks.service: Main process exited, code=exited, status=226/NAMESPACE
systemd[1]: kanidm-unixd-tasks.service: Failed with result 'exit-code'.
```

Resolve this by ensuring kanidm-unixd gets activated as a dependency.
The ordering ("After") is already in place.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2024-03-29 05:23:13 +00:00
Firstyear c09daa4643
kanidm unixd mfa capabilities (#2672) 
Improve the support for the resolver to support MFA options with pam. This enables async task spawning and cancelation via the resolver backend as well. 

Co-authored-by: David Mulder <dmulder@samba.org>
 2024-03-28 01:17:21 +00:00
Pavel Dostál 03ce2a0c32
Add Grafana integration to OAuth2 documentation (#2685) 
Signed-off-by: Pavel Dostál <pdostal@pdostal.cz>
 2024-03-26 09:43:43 +00:00
Firstyear 10ad183732
[SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) 
When an admin configured oauth2 custom claims during the creation it
was not enforced that at least one value must be present. This led to
an incorrect logic flaw in str_concat! which didn't handle the 0 case.

This hardens str_concat! to prevent the thread crash by using itertools
for the join instead, and it enforces stricter validation on the valueset
to deny creation of empty claims.

This fix has a low security impact as only an administrator or high
level user can trigger this as a possible denial of service.

Fixes #2680 Fixes #2681
 2024-03-26 01:43:03 +00:00
Dustin Frisch e5702909d0
ldap-sync: allow to use attrs more than once (#2676) 2024-03-25 09:41:24 +00:00
dependabot[bot] acf05ca924
chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2683) 
Bumps the all group in /pykanidm with 4 updates: [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [pytest-mock](https://github.com/pytest-dev/pytest-mock), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `pytest-asyncio` from 0.23.5.post1 to 0.23.6
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.5.post1...v0.23.6)

Updates `pytest-mock` from 3.12.0 to 3.14.0
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.12.0...v3.14.0)

Updates `mkdocs-material` from 9.5.13 to 9.5.15
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.13...9.5.15)

Updates `ruff` from 0.3.3 to 0.3.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.4)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-mock
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-25 00:01:55 +00:00
dependabot[bot] 7439093269
chore(deps): bump the all group with 1 update (#2682) 
Bumps the all group with 1 update: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata).


Updates `dependabot/fetch-metadata` from 1 to 2
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1...v2)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-25 09:29:46 +10:00
alexvonme cc36fe7228
fix(docs): packaging section improved (#2677) 
* fix(docs): packaging section improved
* Update ppa_packages.md
 2024-03-23 22:54:52 +00:00
Matthew 1c124bdc20
Fix developer ethics link (#2674) 2024-03-21 23:29:40 +00:00
alexvonme 4849d9844b
fix(docs): filename, header and title mismatch fixes (#2660) 2024-03-20 12:43:33 +10:00
Firstyear fcc65e6fbe
20240312 concread upgrade (#2668) 
* Update concread
 2024-03-19 12:06:52 +07:00
alexvonme 9c40a18b01
fix(docs): capitalization fixes (#2659) 2024-03-19 01:01:13 +00:00
alexvonme ce526012da
fix(docs): links corrected (#2661) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-03-18 09:52:30 +00:00
Vladimir Dronnikov 3e0ec78a61
fix api typo (#2657) 2024-03-18 16:29:28 +07:00
dependabot[bot] e537cef5c3
chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2662) 
Bumps the all group in /pykanidm with 2 updates: [black](https://github.com/psf/black) and [ruff](https://github.com/astral-sh/ruff).


Updates `black` from 24.2.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.2.0...24.3.0)

Updates `ruff` from 0.3.2 to 0.3.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.2...v0.3.3)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-18 11:06:39 +07:00
dependabot[bot] e62f7113a6
chore(deps): bump the all group in /pykanidm with 9 updates (#2656) 
Bumps the all group in /pykanidm with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.6.3` | `2.6.4` |
| [mypy](https://github.com/python/mypy) | `1.8.0` | `1.9.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `8.1.1` |
| [types-toml](https://github.com/python/typeshed) | `0.10.8.7` | `0.10.8.20240310` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.4.3` | `7.4.4` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.23.5` | `0.23.5.post1` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.12` | `9.5.13` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `1.8.0` | `1.9.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.3.0` | `0.3.2` |


Updates `pydantic` from 2.6.3 to 2.6.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.3...v2.6.4)

Updates `mypy` from 1.8.0 to 1.9.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.8.0...1.9.0)

Updates `pytest` from 7.4.4 to 8.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.4.4...8.1.1)

Updates `types-toml` from 0.10.8.7 to 0.10.8.20240310
- [Commits](https://github.com/python/typeshed/commits)

Updates `coverage` from 7.4.3 to 7.4.4
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.3...7.4.4)

Updates `pytest-asyncio` from 0.23.5 to 0.23.5.post1
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.5...v0.23.5.post1)

Updates `mkdocs-material` from 9.5.12 to 9.5.13
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.12...9.5.13)

Updates `mkdocstrings-python` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.8.0...1.9.0)

Updates `ruff` from 0.3.0 to 0.3.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.0...v0.3.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: types-toml
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-15 10:20:07 +00:00
Merlijn a3ab0e39a6
Update bootstrap 5.0.2 to 5.3.3 & minor UI fixes (#2650) 2024-03-13 00:38:24 +00:00
José Fortún eec7b3fa05
fix(docs): typos, grammar and broken link fixes (#2644) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-03-12 03:38:43 +00:00
Vladimir Dronnikov 45f26888be
increase severity for "{:?} !⊆ allowed: {:?}" (#2648) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-03-12 03:08:50 +00:00
Martin Wurm a0357ad227
Add instructions on how to enable PKCE in Nextcloud (#2647) 2024-03-12 02:42:04 +00:00
Firstyear 285f4362b2
20230224 2437 orca remodel (#2591) 2024-03-09 16:09:15 +10:00
Firstyear 1887daa76a
Add initial design for key domains (#2564) 2024-03-09 14:13:10 +10:00
Firstyear e8d7010b4b
Add upgrade process, improve developer readme (#2635) 
* Add upgrade process, improve developer readme
* Rearrange some bits.
 2024-03-08 13:25:45 +10:00
Firstyear 4dc38e56c3
Doc unix client support (#2633) 2024-03-07 03:59:21 +00:00
Firstyear b4d9cdd7d5
20240301 systemd uid (#2602) 
Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range.

Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. 

The second is that systemd allocates 524288 through 1879048191 to itself for nspawn.

This leaves with with only a few usable ranges.

1000 through 60000
60578 through 61183
65520 through 65533
65536 through 524287
1879048192 through 2147483647

The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. 

There are now two major issues.

We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. 

External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. 

As a result we need to make two concessions.

We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. 

Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. 

An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
 2024-03-07 03:25:54 +00:00
Vladimir Dronnikov 221445d387
expose group patch for parity (#2628) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-03-07 09:54:20 +10:00
James Hodgkinson 4c1fa0d644
Adding a builtin class for all built-in things (#2603) 
* adding builtin class to builtin objects
* Resolve issues with builtin PR

---------

Co-authored-by: William Brown <william@blackhats.net.au>
 2024-03-06 01:33:14 +00:00
Vladimir Dronnikov 8175253bae
apidoc tag fixes (#2625) 
* apidoc tag fixes
* apidoc typo fixed
 2024-03-06 00:41:47 +00:00
dependabot[bot] 51cc11ee8c
chore(deps): bump mio from 0.8.10 to 0.8.11 (#2620) 
Bumps [mio](https://github.com/tokio-rs/mio) from 0.8.10 to 0.8.11.
- [Release notes](https://github.com/tokio-rs/mio/releases)
- [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11)

---
updated-dependencies:
- dependency-name: mio
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 06:41:19 +00:00
Firstyear 47fe9c78e6
Fix missing entry managed by on anonymouns (#2623) 2024-03-05 03:43:19 +00:00
Vladimir Dronnikov 0813099fad
Notes on privilege-expiry (#2622) 2024-03-05 02:56:46 +00:00
James Hodgkinson 9d05b797ed
SPAs really are stupid sometimes (#2609) 2024-03-04 13:14:51 +10:00
Vladimir Dronnikov 1a81b437d8
apidoc fixes (#2614) 2024-03-04 02:10:01 +00:00