2023-12-02 20:06:15 +02:00
|
|
|
diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs
|
|
|
|
index d1b02de0f..599dec6d5 100644
|
|
|
|
--- a/unix_integration/src/idprovider/kanidm.rs
|
|
|
|
+++ b/unix_integration/src/idprovider/kanidm.rs
|
|
|
|
@@ -2,6 +2,7 @@ use async_trait::async_trait;
|
|
|
|
use kanidm_client::{ClientError, KanidmClient, StatusCode};
|
|
|
|
use kanidm_proto::v1::{OperationError, UnixGroupToken, UnixUserToken};
|
|
|
|
use tokio::sync::RwLock;
|
|
|
|
+use std::env;
|
|
|
|
|
|
|
|
use super::interface::{
|
|
|
|
AuthCacheAction, AuthCredHandler, AuthRequest, AuthResult, GroupToken, Id, IdProvider,
|
|
|
|
@@ -11,12 +12,28 @@ use crate::unix_proto::PamAuthRequest;
|
|
|
|
|
|
|
|
pub struct KanidmProvider {
|
2023-06-11 00:28:58 +03:00
|
|
|
client: RwLock<KanidmClient>,
|
|
|
|
+ auth_name: Option<String>,
|
|
|
|
+ auth_password: Option<String>,
|
2023-12-02 20:06:15 +02:00
|
|
|
}
|
2023-06-11 00:28:58 +03:00
|
|
|
|
2023-12-02 20:06:15 +02:00
|
|
|
impl KanidmProvider {
|
|
|
|
pub fn new(client: KanidmClient) -> Self {
|
|
|
|
+ let env_username: Option<String>;
|
|
|
|
+ let env_password: Option<String>;
|
|
|
|
+ match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) {
|
|
|
|
+ (Some(username), Some(password)) => {
|
|
|
|
+ env_username = Some(username.into_string().unwrap());
|
|
|
|
+ env_password = Some(password.into_string().unwrap());
|
|
|
|
+ },
|
|
|
|
+ _ => {
|
|
|
|
+ env_username = None;
|
|
|
|
+ env_password = None;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
KanidmProvider {
|
|
|
|
client: RwLock::new(client),
|
|
|
|
+ auth_name: env_username,
|
|
|
|
+ auth_password: env_password,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -73,7 +90,11 @@ impl From<UnixGroupToken> for GroupToken {
|
|
|
|
impl IdProvider for KanidmProvider {
|
|
|
|
// Needs .read on all types except re-auth.
|
|
|
|
async fn provider_authenticate(&self) -> Result<(), IdpError> {
|
|
|
|
- match self.client.write().await.auth_anonymous().await {
|
|
|
|
+ let auth_method = match (&self.auth_name, &self.auth_password) {
|
|
|
|
+ (Some(name), Some(password)) => self.client.write().await.auth_simple_password(name, password).await,
|
|
|
|
+ _ => self.client.write().await.auth_anonymous().await
|
|
|
|
+ };
|
|
|
|
+ match auth_method {
|
|
|
|
Ok(_uat) => Ok(()),
|
|
|
|
Err(err) => {
|
|
|
|
error!(?err, "Provider authentication failed");
|