mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2184 commits 17 branches 59 tags 246 MiB
Commit graph

29 commits

Author SHA1 Message Date
James Hodgkinson 516874460b
Canonicalize path for user shell check (#3265) 2024-12-04 11:55:30 +10:00
Firstyear 8bbdf6bd6a
Clear invalid tokens from unix resolver (#3256) 2024-11-30 06:32:10 +00:00
Firstyear db101e6d26
Clippy Lints (#3255) 2024-11-30 06:13:26 +00:00
Firstyear 52987ab8b2
Display account_id during success/deny paths in unixd (#3253) 2024-11-30 13:57:01 +10:00
James Hodgkinson a5adf8bcad
handle missing map_group setting in config (#3242) 2024-11-29 02:03:48 +00:00
Firstyear d2f5e13c97
Warn when v2 options are used in v1 unixd config (#3228) 
Options like map_group would fail silently when version=2 wasn't
set in our unix config. this detects that case and warns that it
is occuring.

To prevent this in the future, we deny unknown keys in v2 so that
if (when?) we add v3, new keys will cause an error.
 2024-11-22 02:02:04 +00:00
Firstyear ce0ad8f854
Harden transport in pam unixd (#3227) 
In some cases if the transport drops out from underneath unixd,
it can be difficult to diagnose and leads to inconsistent errors
and output such as prompting for a password multiple times when
it can't succeed.

This makes it clearer that the transport had an error, and it
denies the inflight authsession to prevent spurious password
prompts.
 2024-11-21 07:43:14 +00:00
Firstyear c96e9772c7
Resolve pam services not always having a tty (#3176) 2024-11-05 00:49:33 +00:00
Firstyear ea1fcf59e5
Resolve incorrect handling of rhost in pam (#3171) 2024-11-03 00:13:26 +00:00
George Wu d2c329f330
Change to text input and use numeric mode for TOTP prompts. (#3154) 
* Change to text input and use inputmode numeric for TOTP prompts.

* Fix some typos.
 2024-10-27 23:57:28 +00:00
Firstyear 2e6d940691
Remove WASM (#3148) 
liberal party took over, more cuts
 2024-10-26 17:19:13 +10:00
Firstyear 4c2eeeb135
Update docs, improve locking (#3141) 2024-10-25 09:42:52 +10:00
Firstyear c9bf304bc0
Improve handling of inaccesible shadow file (#3122) 2024-10-19 07:36:27 +00:00
James Hodgkinson 68119e1067
more errors for the people (#3121) 2024-10-18 23:51:45 +00:00
Firstyear dc5f40d404
20241017 unixd home (#3113) 2024-10-18 05:06:33 +00:00
Firstyear 50e513b30b
Add nss testframework and fallback when daemon offline (#3093) 2024-10-15 04:05:51 +00:00
Firstyear 20b2d40215
Add support for group extension (#3081) 2024-10-03 06:33:56 +00:00
Firstyear 131ff80b32
20240921 ssh keys and unix password in credential update session (#3056) 2024-10-03 05:57:18 +00:00
CEbbinghaus d109622d71
Make good on some TechDebt (#3084) 
adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.
 2024-10-03 10:48:28 +10:00
Firstyear cf63c6b98b
Complete the implementation of the posix account cache (#3041) 
Allow caching and checking of shadow entries (passwords)
    Cache and serve system id's
    improve some security warnings
    prepare for multi-resolver
    Allow the kanidm provider to be not configured
    Allow group extension
 2024-10-02 02:12:13 +00:00
James Hodgkinson 3eae7be0bb
OAuth2 Token Type (#3008) 
* fix(OAuth2): Invalid `token_type` for token introspection
Fixes #3005

* fix(aut): `assert_eq` instead of `assert ==`

* fix(OAuth2): IANA registry access token types

* fix(OAuth2): deserialize case insensitively
 2024-08-25 23:30:20 +00:00
James Hodgkinson 7c3deab2c4
enforcen den clippen (#2990) 
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
 2024-08-21 00:32:56 +00:00
Firstyear b1099dfa3b
Foundations of pam/nss multi resolver 
This starts the support for multi-resolver operation as well as a system level nss resolver.

In future we'll add the remaining support to auth system users with pam too.
 2024-08-15 23:54:35 +00:00
James Hodgkinson 2a7a009482
clippying all the things (#2931) 
* clippying all the things
 2024-07-26 07:02:37 +00:00
Firstyear 7bbb193cdf
20240725 allow connection to older servers (#2930) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-25 16:11:14 +10:00
Firstyear 0836118443
20240716 check mkdir (#2906) 2024-07-17 01:11:11 +00:00
Anton Loukianov 028e7c1694
Implement home_mount_path logic (#2894) 2024-07-16 00:34:11 +00:00
James Hodgkinson eddec88429
making the internals of kanidmclientconfig public for other users (#2895) 
* making the internals of kanidmclientconfig public for other users
* clippyisms
 2024-07-15 10:28:23 +00:00
Firstyear 0ce333ff5a
Allow providers to be box dyn (#2794) 
* Allow providers to be box dyn in kanidm_unixd
* Massive refactor
 2024-06-16 22:21:25 +00:00