diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs index 6fc015756..31593f03e 100644 --- a/unix_integration/src/idprovider/kanidm.rs +++ b/unix_integration/src/idprovider/kanidm.rs @@ -4,6 +4,7 @@ use kanidm_client::{ClientError, KanidmClient, StatusCode}; use kanidm_proto::internal::OperationError; use kanidm_proto::v1::{UnixGroupToken, UnixUserToken}; use tokio::sync::{broadcast, RwLock}; +use std::env; use super::interface::{ // KeyStore, @@ -25,12 +26,28 @@ const TAG_IDKEY: &str = "idkey"; pub struct KanidmProvider { client: RwLock, + auth_name: Option, + auth_password: Option, } impl KanidmProvider { pub fn new(client: KanidmClient) -> Self { + let env_username: Option; + let env_password: Option; + match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) { + (Some(username), Some(password)) => { + env_username = Some(username.into_string().unwrap()); + env_password = Some(password.into_string().unwrap()); + }, + _ => { + env_username = None; + env_password = None; + } + } KanidmProvider { client: RwLock::new(client), + auth_name: env_username, + auth_password: env_password, } } } @@ -118,7 +135,11 @@ impl IdProvider for KanidmProvider { // Needs .read on all types except re-auth. async fn provider_authenticate(&self, _tpm: &mut tpm::BoxedDynTpm) -> Result<(), IdpError> { - match self.client.write().await.auth_anonymous().await { + let auth_method = match (&self.auth_name, &self.auth_password) { + (Some(name), Some(password)) => self.client.write().await.auth_simple_password(name, password).await, + _ => self.client.write().await.auth_anonymous().await + }; + match auth_method { Ok(_uat) => Ok(()), Err(err) => { error!(?err, "Provider authentication failed");