depot/patches/base/kanidm/unixd-authenticated.patch

55 lines
2.1 KiB
Diff
Raw Normal View History

2023-12-02 20:06:15 +02:00
diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs
2024-06-04 17:08:36 +03:00
index 6fc015756..31593f03e 100644
2023-12-02 20:06:15 +02:00
--- a/unix_integration/src/idprovider/kanidm.rs
+++ b/unix_integration/src/idprovider/kanidm.rs
2024-06-04 17:08:36 +03:00
@@ -4,6 +4,7 @@ use kanidm_client::{ClientError, KanidmClient, StatusCode};
use kanidm_proto::internal::OperationError;
use kanidm_proto::v1::{UnixGroupToken, UnixUserToken};
use tokio::sync::{broadcast, RwLock};
2023-12-02 20:06:15 +02:00
+use std::env;
use super::interface::{
2024-06-04 17:08:36 +03:00
// KeyStore,
@@ -25,12 +26,28 @@ const TAG_IDKEY: &str = "idkey";
2023-12-02 20:06:15 +02:00
pub struct KanidmProvider {
client: RwLock<KanidmClient>,
+ auth_name: Option<String>,
+ auth_password: Option<String>,
2023-12-02 20:06:15 +02:00
}
2023-12-02 20:06:15 +02:00
impl KanidmProvider {
pub fn new(client: KanidmClient) -> Self {
+ let env_username: Option<String>;
+ let env_password: Option<String>;
+ match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) {
+ (Some(username), Some(password)) => {
+ env_username = Some(username.into_string().unwrap());
+ env_password = Some(password.into_string().unwrap());
+ },
+ _ => {
+ env_username = None;
+ env_password = None;
+ }
+ }
KanidmProvider {
client: RwLock::new(client),
+ auth_name: env_username,
+ auth_password: env_password,
}
}
}
2024-06-04 17:08:36 +03:00
@@ -118,7 +135,11 @@ impl IdProvider for KanidmProvider {
2023-12-02 20:06:15 +02:00
// Needs .read on all types except re-auth.
2024-06-04 17:08:36 +03:00
async fn provider_authenticate(&self, _tpm: &mut tpm::BoxedDynTpm) -> Result<(), IdpError> {
2023-12-02 20:06:15 +02:00
- match self.client.write().await.auth_anonymous().await {
+ let auth_method = match (&self.auth_name, &self.auth_password) {
+ (Some(name), Some(password)) => self.client.write().await.auth_simple_password(name, password).await,
+ _ => self.client.write().await.auth_anonymous().await
+ };
+ match auth_method {
Ok(_uat) => Ok(()),
Err(err) => {
error!(?err, "Provider authentication failed");