2024-11-08 23:53:06 +01:00
|
|
|
diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs
|
2024-12-27 19:57:55 +01:00
|
|
|
index d0a6a8159..7ebc0449d 100644
|
2024-11-08 23:53:06 +01:00
|
|
|
--- a/unix_integration/resolver/src/idprovider/kanidm.rs
|
|
|
|
|
+++ b/unix_integration/resolver/src/idprovider/kanidm.rs
|
|
|
|
|
@@ -7,6 +7,7 @@ use kanidm_proto::internal::OperationError;
|
2024-06-04 16:08:36 +02:00
|
|
|
use kanidm_proto::v1::{UnixGroupToken, UnixUserToken};
|
2024-11-08 23:53:06 +01:00
|
|
|
use std::collections::BTreeSet;
|
|
|
|
|
use std::time::{Duration, SystemTime};
|
2023-12-02 19:06:15 +01:00
|
|
|
+use std::env;
|
2024-11-08 23:53:06 +01:00
|
|
|
use tokio::sync::{broadcast, Mutex};
|
2023-12-02 19:06:15 +01:00
|
|
|
|
2024-11-08 23:53:06 +01:00
|
|
|
use kanidm_lib_crypto::CryptoPolicy;
|
2024-12-27 19:57:55 +01:00
|
|
|
@@ -39,6 +40,8 @@ struct KanidmProviderInternal {
|
2024-11-08 23:53:06 +01:00
|
|
|
hmac_key: HmacKey,
|
|
|
|
|
crypto_policy: CryptoPolicy,
|
|
|
|
|
pam_allow_groups: BTreeSet<String>,
|
2023-06-10 23:28:58 +02:00
|
|
|
+ auth_name: Option<String>,
|
|
|
|
|
+ auth_password: Option<String>,
|
2023-12-02 19:06:15 +01:00
|
|
|
}
|
2023-06-10 23:28:58 +02:00
|
|
|
|
2024-11-08 23:53:06 +01:00
|
|
|
pub struct KanidmProvider {
|
2024-12-27 19:57:55 +01:00
|
|
|
@@ -103,6 +106,19 @@ impl KanidmProvider {
|
2024-11-08 23:53:06 +01:00
|
|
|
.map(|GroupMap { local, with }| (local, Id::Name(with)))
|
|
|
|
|
.collect();
|
|
|
|
|
|
2023-12-02 19:06:15 +01:00
|
|
|
+ let env_username: Option<String>;
|
|
|
|
|
+ let env_password: Option<String>;
|
|
|
|
|
+ match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) {
|
|
|
|
|
+ (Some(username), Some(password)) => {
|
|
|
|
|
+ env_username = Some(username.into_string().unwrap());
|
|
|
|
|
+ env_password = Some(password.into_string().unwrap());
|
|
|
|
|
+ },
|
|
|
|
|
+ _ => {
|
|
|
|
|
+ env_username = None;
|
|
|
|
|
+ env_password = None;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
2024-11-08 23:53:06 +01:00
|
|
|
+
|
|
|
|
|
Ok(KanidmProvider {
|
|
|
|
|
inner: Mutex::new(KanidmProviderInternal {
|
|
|
|
|
state: CacheState::OfflineNextCheck(now),
|
2024-12-27 19:57:55 +01:00
|
|
|
@@ -110,6 +126,8 @@ impl KanidmProvider {
|
2024-11-08 23:53:06 +01:00
|
|
|
hmac_key,
|
|
|
|
|
crypto_policy,
|
|
|
|
|
pam_allow_groups,
|
2024-11-09 00:41:02 +01:00
|
|
|
+ auth_name: env_username,
|
|
|
|
|
+ auth_password: env_password
|
2024-11-08 23:53:06 +01:00
|
|
|
}),
|
|
|
|
|
map_group,
|
|
|
|
|
})
|
2024-12-27 19:57:55 +01:00
|
|
|
@@ -262,7 +280,11 @@ impl KanidmProviderInternal {
|
|
|
|
|
let mut max_attempts = 3;
|
|
|
|
|
while max_attempts > 0 {
|
|
|
|
|
max_attempts -= 1;
|
|
|
|
|
- match self.client.auth_anonymous().await {
|
|
|
|
|
+ let auth_method = match (&self.auth_name, &self.auth_password) {
|
|
|
|
|
+ (Some(name), Some(password)) => self.client.auth_simple_password(name, password).await,
|
|
|
|
|
+ _ => self.client.auth_anonymous().await
|
|
|
|
|
+ };
|
|
|
|
|
+ match auth_method {
|
|
|
|
|
Ok(_uat) => {
|
|
|
|
|
debug!("provider is now online");
|
|
|
|
|
self.state = CacheState::Online;
|
