diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs index 63cedb4d5..35c45fb0e 100644 --- a/unix_integration/resolver/src/idprovider/kanidm.rs +++ b/unix_integration/resolver/src/idprovider/kanidm.rs @@ -7,6 +7,7 @@ use kanidm_proto::internal::OperationError; use kanidm_proto::v1::{UnixGroupToken, UnixUserToken}; use std::collections::BTreeSet; use std::time::{Duration, SystemTime}; +use std::env; use tokio::sync::{broadcast, Mutex}; use kanidm_lib_crypto::CryptoPolicy; @@ -38,6 +39,8 @@ struct KanidmProviderInternal { hmac_key: HmacKey, crypto_policy: CryptoPolicy, pam_allow_groups: BTreeSet, + auth_name: Option, + auth_password: Option, } pub struct KanidmProvider { @@ -102,6 +105,19 @@ impl KanidmProvider { .map(|GroupMap { local, with }| (local, Id::Name(with))) .collect(); + let env_username: Option; + let env_password: Option; + match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) { + (Some(username), Some(password)) => { + env_username = Some(username.into_string().unwrap()); + env_password = Some(password.into_string().unwrap()); + }, + _ => { + env_username = None; + env_password = None; + } + } + Ok(KanidmProvider { inner: Mutex::new(KanidmProviderInternal { state: CacheState::OfflineNextCheck(now), @@ -109,6 +125,8 @@ impl KanidmProvider { hmac_key, crypto_policy, pam_allow_groups, + auth_name: env_username, + auth_password: env_password }), map_group, }) @@ -256,7 +274,11 @@ impl KanidmProviderInternal { } async fn attempt_online(&mut self, _tpm: &mut tpm::BoxedDynTpm, now: SystemTime) -> bool { - match self.client.auth_anonymous().await { + let auth_method = match (&self.auth_name, &self.auth_password) { + (Some(name), Some(password)) => self.client.auth_simple_password(name, password).await, + _ => self.client.auth_anonymous().await + }; + match auth_method { Ok(_uat) => { self.state = CacheState::Online; true