* Refactor: move the object graph ui to admin web ui
* Add dynamic js loading support
Load viz.js dynamically
* Add some js docs
* chore: cleanup imports
* chore: remove unused clipboard feature
chore: remove unused mermaid.sh
* Messing with the profile.release settings and reverting the changes I tried has now made the build much smaller yay :D
* Refactor: user raw search requests
Assert service-accounts properly
* refactor: new v1 proto structure
* Add self to CONTRIBUTORS.md
---------
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
* Make the ubuntu_docker_builder.sh script a bit easier to use
- Entrypoint that installs dependencies on launch
- Echo hint on how to build deb packages
* Change debian packaging version string format to fix sort order
The sort order is important so that newer packages are seen as an update
and get installed, instead of apt preferring the older versions!
With these changes, a package is generated as `kanidm_Ubuntu_22.04_1:1.1.0~rc.15-dev~202401311334+c8a9e2c_x86_64.deb`
with the version string `1:1.1.0~rc.15-dev~202401311334+c8a9e2c`
Deb package version string comparison is Complex:
https://man7.org/linux/man-pages/man7/deb-version.7.html
With the previous versioning scheme for dev packages, the git hash
ended up getting prioritized over the date string, see for example:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1.1.0-rc.15-dev-20240120072786916a3; echo $?`
-> 1 (comparison failure)
A simple schema change avoiding most dashes could rescue the hash trouble:
`dpkg --compare-versions 1.1.0~rc.15-dev-202401100453+666448f lt 1.1.0-rc.15-dev-202401200727+86916a3; echo $?`
-> 0 (comparison success)
.. But, the second problem is seeing a stable release as newer:
`dpkg --compare-versions 1.1.0~rc.15-dev~202401100453+666448f lt 1.1.0; echo $?`
-> 1 (comparison failure)
.. Which can be solved by forcing the entire dev portion to not be
interpreted as a debian version by substituting tildes:
`dpkg --compare-versions 1.1.0~rc.15-dev~202401100453+666448f lt 1.1.0; echo $?`
-> 0 (comparison success)
.. But, old schema versions still seem newer due to their debian
version:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1.1.0~rc.15-dev~202401200727+86916a3; echo $?`
-> 1 (comparison failure)
Thus, the only solution is to change the scheme and increment the epoch value once
to force all lesser default epoch versions to be seen as older:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1:1.1.0~rc.15-dev~202401200727+86916a3; echo $?`
-> 0 (comparison success)
`dpkg --compare-versions 1:1.1.0~rc.15-dev~202401200727+86916a3 lt 1:1.1.0; echo $?`
-> 0 (comparison success)
* Drop epoch field from deb filenames
GitHub Actions enforces NTFS compatible artifact filenames, ergo the
colon required for the epoch field is banned. The epoc is still in the
version field itself, just not in the filename.
---------
Co-authored-by: Jinna Kiisuo <jinna+git@nocturnal.fi>
`pam_kanidm` doesn't set AUTHTOK after reading from user input, so modules down the stack will have to ask for passwords redundantly. This is only a workaround, and might not be the desired behaviour in all cases.
This change adds documentation on how to set up OpenID connect with
Miniflux, a feedreader application.
Miniflux currently does not support PKCE, and I've therefore raised and
upstream issue, that I reference in the book section.
* selinux is an optional feature
* unix_integration: add selinux config option
On SELinux systems, this setting controls whether SELinux relabeling of
newly created home directories should be performed. The default value of
this is on (even on non-SELinux systems), but the tasks daemon will
perform an additional runtime check for SELinux support and will disable
this feature automatically if this check fails.
* unix_integration: wire up home dir selinux labeling
* unix_integration: create equivalence rules in SELinux policy for aliases
* book: document selinux setting
* Add myself to CONTRIBUTORS.md
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
* removed old todo from #62
* implemented proper display for user_auth_token_session
* auth-token-session display fixes
* updated contributors list
---------
Co-authored-by: Firstyear <william@blackhats.net.au>
* Update CONTRIBUTORS
* Fix debian & ubuntu packaging
* Use standard way to install pam config
* Fix simple_pkg.sh & add pam nss instructions
* Merge ssh with unixd; update CI to build for multiple os versions; upload packages to artifacts
* feat: add unix passwod reset to security web ui
* refactor: fetch profile info in ViewsApp
prevents constant re-fetching of the profile page and allows every view
to access the current_user property
* refactor: move unix password change to component
* docs: add @theSuess to contributors
* fix: further specify kind of password updated
* refactor: perform validity check before submit
* chore: regenerate vendored wasm package
- Fix volume mount name typo in the server configuration and
administrivia documentation pages
- Fix typo in link from PAM and nsswitch documentation
Signed-off-by: Kellin <kellin@retromud.org>
* Use pkg-config to link against pam
Some distros, such as nixos, require more than just '-lpam' to locate
the library. Adding a naive pkg-config invocation to the pam FFI
crate allows pam_kanidm to build on my system, where before this change
it did not.
* Update contributors
Add myself, as requested
Fixes#195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
