mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-25 05:27:01 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/docs/v1.0.0rc3/rustdoc/src/orca/kani.rs.html
Firstyear 0a1c69298b deploy: 55ee2410d7
2022-11-04 00:07:22 +00:00

846 lines
38 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `orca/src/kani.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>kani.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../orca/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../orca/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../orca/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="example-wrap"><pre class="line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
<span id="370">370</span>
<span id="371">371</span>
<span id="372">372</span>
<span id="373">373</span>
<span id="374">374</span>
<span id="375">375</span>
<span id="376">376</span>
<span id="377">377</span>
<span id="378">378</span>
<span id="379">379</span>
<span id="380">380</span>
<span id="381">381</span>
<span id="382">382</span>
<span id="383">383</span>
<span id="384">384</span>
<span id="385">385</span>
<span id="386">386</span>
<span id="387">387</span>
<span id="388">388</span>
<span id="389">389</span>
<span id="390">390</span>
<span id="391">391</span>
<span id="392">392</span>
<span id="393">393</span>
<span id="394">394</span>
<span id="395">395</span>
<span id="396">396</span>
<span id="397">397</span>
<span id="398">398</span>
<span id="399">399</span>
<span id="400">400</span>
<span id="401">401</span>
<span id="402">402</span>
<span id="403">403</span>
<span id="404">404</span>
<span id="405">405</span>
<span id="406">406</span>
<span id="407">407</span>
<span id="408">408</span>
<span id="409">409</span>
<span id="410">410</span>
<span id="411">411</span>
<span id="412">412</span>
<span id="413">413</span>
<span id="414">414</span>
<span id="415">415</span>
<span id="416">416</span>
<span id="417">417</span>
<span id="418">418</span>
<span id="419">419</span>
<span id="420">420</span>
<span id="421">421</span>
<span id="422">422</span>
</pre><pre class="rust"><code><span class="kw">use </span>std::collections::{HashMap, HashSet};
<span class="kw">use </span>std::time::{Duration, Instant};
<span class="kw">use </span>kanidm_client::{ClientError, KanidmClient, KanidmClientBuilder, StatusCode};
<span class="kw">use </span>kanidm_proto::v1::<span class="kw-2">*</span>;
<span class="kw">use </span>uuid::Uuid;
<span class="kw">use </span><span class="kw">crate</span>::data::<span class="kw-2">*</span>;
<span class="kw">use </span><span class="kw">crate</span>::ldap::{LdapClient, LdapSchema};
<span class="kw">use </span><span class="kw">crate</span>::profile::{KaniHttpConfig, KaniLdapConfig};
<span class="kw">use crate</span>::{TargetServer, TargetServerBuilder};
<span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>KaniHttpServer {
uri: String,
admin_pw: String,
client: KanidmClient,
}
<span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>KaniLdapServer {
http: KaniHttpServer,
ldap: LdapClient,
}
<span class="kw">impl </span>KaniHttpServer {
<span class="kw">fn </span>construct(uri: String, admin_pw: String) -&gt; <span class="prelude-ty">Result</span>&lt;<span class="self">Self</span>, ()&gt; {
<span class="kw">let </span>client = KanidmClientBuilder::new()
.address(uri.clone())
.danger_accept_invalid_hostnames(<span class="bool-val">true</span>)
.danger_accept_invalid_certs(<span class="bool-val">true</span>)
.build()
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to create kanidm client {:?}&quot;</span>, e);
})<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(KaniHttpServer {
uri,
admin_pw,
client,
})
}
<span class="kw">pub fn </span>build(uri: String, admin_pw: String) -&gt; <span class="prelude-ty">Result</span>&lt;TargetServer, ()&gt; {
<span class="self">Self</span>::construct(uri, admin_pw).map(TargetServer::Kanidm)
}
<span class="attribute">#[allow(clippy::new_ret_no_self)]
</span><span class="kw">pub fn </span>new(khconfig: <span class="kw-2">&amp;</span>KaniHttpConfig) -&gt; <span class="prelude-ty">Result</span>&lt;TargetServer, ()&gt; {
<span class="self">Self</span>::construct(khconfig.uri.clone(), khconfig.admin_pw.clone()).map(TargetServer::Kanidm)
}
<span class="kw">pub fn </span>info(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; String {
<span class="macro">format!</span>(<span class="string">&quot;Kanidm HTTP Connection: {}&quot;</span>, <span class="self">self</span>.uri)
}
<span class="kw">pub fn </span>builder(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; TargetServerBuilder {
TargetServerBuilder::Kanidm(<span class="self">self</span>.uri.clone(), <span class="self">self</span>.admin_pw.clone())
}
<span class="comment">// open the admin internal connection
</span><span class="kw">pub async fn </span>open_admin_connection(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="self">self</span>.client
.auth_simple_password(<span class="string">&quot;admin&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.admin_pw)
.<span class="kw">await
</span>.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to authenticate -&gt; {:?}&quot;</span>, e);
})<span class="question-mark">?</span>;
<span class="comment">// For admin to work, we need idm permissions.
// NOT RECOMMENDED IN PRODUCTION.
</span><span class="self">self</span>.client
.idm_group_add_members(<span class="string">&quot;idm_admins&quot;</span>, <span class="kw-2">&amp;</span>[<span class="string">&quot;admin&quot;</span>])
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to extend admin permissions (idm) -&gt; {:?}&quot;</span>, e);
})
}
<span class="kw">pub async fn </span>setup_admin_delete_uuids(<span class="kw-2">&amp;</span><span class="self">self</span>, targets: <span class="kw-2">&amp;</span>[Uuid]) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="comment">// Build the filter.
</span><span class="kw">let </span>inner: Vec&lt;Filter&gt; = targets
.iter()
.map(|u| Filter::Eq(<span class="string">&quot;name&quot;</span>.to_string(), <span class="macro">format!</span>(<span class="string">&quot;{}&quot;</span>, u)))
.collect();
<span class="kw">let </span>filter = Filter::Or(inner);
<span class="comment">// Submit it.
</span><span class="self">self</span>.client.delete(filter).<span class="kw">await</span>.map(|<span class="kw">_</span>| ()).or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error during delete -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})
}
<span class="kw">pub async fn </span>setup_admin_precreate_entities(
<span class="kw-2">&amp;</span><span class="self">self</span>,
targets: <span class="kw-2">&amp;</span>HashSet&lt;Uuid&gt;,
all_entities: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Entity&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="comment">// Create all the accounts and groups
</span><span class="kw">for </span>u <span class="kw">in </span>targets {
<span class="kw">let </span>e = all_entities.get(u).unwrap();
<span class="kw">match </span>e {
Entity::Account(a) =&gt; {
<span class="self">self</span>.client
.idm_person_account_create(<span class="kw-2">&amp;</span>a.name, <span class="kw-2">&amp;</span>a.display_name)
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="kw">match </span>e {
ClientError::Http(
StatusCode::INTERNAL_SERVER_ERROR,
<span class="prelude-val">Some</span>(OperationError::Plugin(PluginError::AttrUnique(<span class="kw">_</span>))),
<span class="kw">_</span>,
) =&gt; {
<span class="comment">// Ignore.
</span><span class="macro">debug!</span>(<span class="string">&quot;Account already exists ...&quot;</span>);
<span class="prelude-val">Ok</span>(())
}
<span class="kw">_ </span>=&gt; {
<span class="macro">error!</span>(<span class="string">&quot;Error creating account -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Err</span>(())
}
}
})<span class="question-mark">?</span>;
<span class="comment">// Now set the account password
</span><span class="self">self</span>.client
.idm_person_account_primary_credential_set_password(<span class="kw-2">&amp;</span>a.name, <span class="kw-2">&amp;</span>a.password)
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to set password for {}: {:?}&quot;</span>, a.name, e);
})<span class="question-mark">?</span>;
<span class="comment">// For ldap tests, we need to make these posix accounts.
</span><span class="self">self</span>.client
.idm_person_account_unix_extend(<span class="kw-2">&amp;</span>a.name, <span class="prelude-val">None</span>, <span class="prelude-val">None</span>)
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to set unix attributes for {}: {:?}&quot;</span>, a.name, e);
})<span class="question-mark">?</span>;
<span class="self">self</span>.client
.idm_person_account_unix_cred_put(<span class="kw-2">&amp;</span>a.name, <span class="kw-2">&amp;</span>a.password)
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to set unix password for {}: {:?}&quot;</span>, a.name, e);
})<span class="question-mark">?</span>;
}
Entity::Group(g) =&gt; {
<span class="self">self</span>.client
.idm_group_create(<span class="kw-2">&amp;</span>g.name)
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="kw">match </span>e {
ClientError::Http(
StatusCode::INTERNAL_SERVER_ERROR,
<span class="prelude-val">Some</span>(OperationError::Plugin(PluginError::AttrUnique(<span class="kw">_</span>))),
<span class="kw">_</span>,
) =&gt; {
<span class="comment">// Ignore.
</span><span class="macro">debug!</span>(<span class="string">&quot;Group already exists ...&quot;</span>);
<span class="prelude-val">Ok</span>(())
}
<span class="kw">_ </span>=&gt; {
<span class="macro">error!</span>(<span class="string">&quot;Error creating group -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Err</span>(())
}
}
})<span class="question-mark">?</span>;
}
}
}
<span class="comment">// Then add the members to the groups.
</span><span class="kw">for </span>g <span class="kw">in </span>targets.iter().filter_map(|u| {
<span class="kw">let </span>e = all_entities.get(u).unwrap();
<span class="kw">match </span>e {
Entity::Group(g) =&gt; <span class="prelude-val">Some</span>(g),
<span class="kw">_ </span>=&gt; <span class="prelude-val">None</span>,
}
}) {
<span class="kw">let </span>m: Vec&lt;<span class="kw">_</span>&gt; = g
.members
.iter()
.map(|id| all_entities.get(id).unwrap().get_name())
.collect();
<span class="self">self</span>.client
.idm_group_set_members(<span class="kw-2">&amp;</span>g.name, m.as_slice())
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error setting group members -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})<span class="question-mark">?</span>;
}
<span class="prelude-val">Ok</span>(())
}
<span class="kw">pub async fn </span>setup_access_controls(
<span class="kw-2">&amp;</span><span class="self">self</span>,
access: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Vec&lt;EntityType&gt;&gt;,
all_entities: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Entity&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="comment">// To make this somewhat effecient, we fold each access req to &quot;need group&quot; or &quot;need user&quot;
// access.
</span><span class="macro">debug!</span>(<span class="string">&quot;setup_access_controls&quot;</span>);
<span class="kw">for </span>(id, list) <span class="kw">in </span>access.iter() {
<span class="comment">// get the users name.
</span><span class="kw">let </span>account = all_entities.get(id).unwrap();
<span class="kw">let </span>need_account = list
.iter()
.filter(|v| <span class="macro">matches!</span>(v, EntityType::Account(<span class="kw">_</span>)))
.count()
== <span class="number">0</span>;
<span class="kw">let </span>need_group = list
.iter()
.filter(|v| <span class="macro">matches!</span>(v, EntityType::Group(<span class="kw">_</span>)))
.count()
== <span class="number">0</span>;
<span class="kw">if </span>need_account {
<span class="self">self</span>.client
.idm_group_add_members(<span class="string">&quot;idm_account_manage_priv&quot;</span>, <span class="kw-2">&amp;</span>[account.get_name()])
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error setting group members -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})<span class="question-mark">?</span>;
<span class="self">self</span>.client
.idm_group_add_members(<span class="string">&quot;idm_hp_account_manage_priv&quot;</span>, <span class="kw-2">&amp;</span>[account.get_name()])
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error setting group members -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})<span class="question-mark">?</span>;
}
<span class="kw">if </span>need_group {
<span class="self">self</span>.client
.idm_group_add_members(<span class="string">&quot;idm_group_manage_priv&quot;</span>, <span class="kw-2">&amp;</span>[account.get_name()])
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error setting group members -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})<span class="question-mark">?</span>;
<span class="self">self</span>.client
.idm_group_add_members(<span class="string">&quot;idm_hp_group_manage_priv&quot;</span>, <span class="kw-2">&amp;</span>[account.get_name()])
.<span class="kw">await
</span>.map(|<span class="kw">_</span>| ())
.or_else(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Error setting group members -&gt; {:?}&quot;</span>, e);
<span class="prelude-val">Ok</span>(())
})<span class="question-mark">?</span>;
}
}
<span class="prelude-val">Ok</span>(())
}
<span class="kw">pub async fn </span>open_user_connection(
<span class="kw-2">&amp;</span><span class="self">self</span>,
test_start: Instant,
name: <span class="kw-2">&amp;</span>str,
pw: <span class="kw-2">&amp;</span>str,
) -&gt; <span class="prelude-ty">Result</span>&lt;(Duration, Duration), ()&gt; {
<span class="kw">let </span>start = Instant::now();
<span class="self">self</span>.client
.auth_simple_password(name, pw)
.<span class="kw">await
</span>.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;Unable to authenticate -&gt; {:?}&quot;</span>, e);
})
.map(|<span class="kw">_</span>| {
<span class="kw">let </span>end = Instant::now();
<span class="kw">let </span>diff = end.duration_since(start);
<span class="kw">let </span>rel_diff = start.duration_since(test_start);
(rel_diff, diff)
})
}
<span class="kw">pub async fn </span>close_connection(<span class="kw-2">&amp;</span><span class="self">self</span>) {
<span class="macro">assert!</span>(<span class="self">self</span>.client.logout().<span class="kw">await</span>.is_ok());
}
<span class="kw">pub async fn </span>search(
<span class="kw-2">&amp;</span><span class="self">self</span>,
test_start: Instant,
ids: <span class="kw-2">&amp;</span>[String],
) -&gt; <span class="prelude-ty">Result</span>&lt;(Duration, Duration, usize), ()&gt; {
<span class="comment">// Create the filter
</span><span class="kw">let </span>inner: Vec&lt;<span class="kw">_</span>&gt; = ids
.iter()
.map(|n| Filter::Eq(<span class="string">&quot;name&quot;</span>.to_string(), n.to_string()))
.collect();
<span class="kw">let </span>filter = Filter::Or(inner);
<span class="kw">let </span>start = Instant::now();
<span class="kw">let </span>l = <span class="self">self
</span>.client
.search(filter)
.<span class="kw">await
</span>.map(|r| r.len())
.map_err(|e| {
<span class="macro">error!</span>(<span class="string">&quot;{:?}&quot;</span>, e);
})<span class="question-mark">?</span>;
<span class="kw">let </span>end = Instant::now();
<span class="kw">let </span>diff = end.duration_since(start);
<span class="kw">let </span>rel_diff = start.duration_since(test_start);
<span class="prelude-val">Ok</span>((rel_diff, diff, l))
}
}
<span class="kw">impl </span>KaniLdapServer {
<span class="kw">fn </span>construct(
uri: String,
admin_pw: String,
ldap_uri: String,
basedn: String,
) -&gt; <span class="prelude-ty">Result</span>&lt;Box&lt;<span class="self">Self</span>&gt;, ()&gt; {
<span class="kw">let </span>http = KaniHttpServer::construct(uri, admin_pw)<span class="question-mark">?</span>;
<span class="kw">let </span>ldap = LdapClient::new(ldap_uri, basedn, LdapSchema::Kanidm)<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(Box::new(KaniLdapServer { http, ldap }))
}
<span class="kw">pub fn </span>build(
uri: String,
admin_pw: String,
ldap_uri: String,
basedn: String,
) -&gt; <span class="prelude-ty">Result</span>&lt;TargetServer, ()&gt; {
<span class="self">Self</span>::construct(uri, admin_pw, ldap_uri, basedn).map(TargetServer::KanidmLdap)
}
<span class="attribute">#[allow(clippy::new_ret_no_self)]
</span><span class="kw">pub fn </span>new(klconfig: <span class="kw-2">&amp;</span>KaniLdapConfig) -&gt; <span class="prelude-ty">Result</span>&lt;TargetServer, ()&gt; {
<span class="self">Self</span>::construct(
klconfig.uri.clone(),
klconfig.admin_pw.clone(),
klconfig.ldap_uri.clone(),
klconfig.base_dn.clone(),
)
.map(TargetServer::KanidmLdap)
}
<span class="kw">pub fn </span>info(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; String {
<span class="macro">format!</span>(
<span class="string">&quot;Kanidm LDAP Connection: {} {}&quot;</span>,
<span class="self">self</span>.ldap.uri, <span class="self">self</span>.ldap.basedn
)
}
<span class="kw">pub fn </span>builder(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; TargetServerBuilder {
TargetServerBuilder::KanidmLdap(
<span class="self">self</span>.http.uri.clone(),
<span class="self">self</span>.http.admin_pw.clone(),
<span class="self">self</span>.ldap.uri.clone(),
<span class="self">self</span>.ldap.basedn.clone(),
)
}
<span class="kw">pub async fn </span>open_admin_connection(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="self">self</span>.http.open_admin_connection().<span class="kw">await
</span>}
<span class="kw">pub async fn </span>setup_admin_delete_uuids(<span class="kw-2">&amp;</span><span class="self">self</span>, targets: <span class="kw-2">&amp;</span>[Uuid]) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="self">self</span>.http.setup_admin_delete_uuids(targets).<span class="kw">await
</span>}
<span class="kw">pub async fn </span>setup_admin_precreate_entities(
<span class="kw-2">&amp;</span><span class="self">self</span>,
targets: <span class="kw-2">&amp;</span>HashSet&lt;Uuid&gt;,
all_entities: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Entity&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="self">self</span>.http
.setup_admin_precreate_entities(targets, all_entities)
.<span class="kw">await
</span>}
<span class="kw">pub async fn </span>setup_access_controls(
<span class="kw-2">&amp;</span><span class="self">self</span>,
access: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Vec&lt;EntityType&gt;&gt;,
all_entities: <span class="kw-2">&amp;</span>HashMap&lt;Uuid, Entity&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ()&gt; {
<span class="self">self</span>.http.setup_access_controls(access, all_entities).<span class="kw">await
</span>}
<span class="kw">pub async fn </span>open_user_connection(
<span class="kw-2">&amp;</span><span class="self">self</span>,
test_start: Instant,
name: <span class="kw-2">&amp;</span>str,
pw: <span class="kw-2">&amp;</span>str,
) -&gt; <span class="prelude-ty">Result</span>&lt;(Duration, Duration), ()&gt; {
<span class="self">self</span>.ldap.open_user_connection(test_start, name, pw).<span class="kw">await
</span>}
<span class="kw">pub async fn </span>close_connection(<span class="kw-2">&amp;</span><span class="self">self</span>) {
<span class="self">self</span>.ldap.close_connection().<span class="kw">await</span>;
}
<span class="kw">pub async fn </span>search(
<span class="kw-2">&amp;</span><span class="self">self</span>,
test_start: Instant,
ids: <span class="kw-2">&amp;</span>[String],
) -&gt; <span class="prelude-ty">Result</span>&lt;(Duration, Duration, usize), ()&gt; {
<span class="self">self</span>.ldap.search_name(test_start, ids).<span class="kw">await
</span>}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="orca" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.65.0 (897e37553 2022-11-02)" ></div></body></html>
Reference in a new issue View git blame Copy permalink