diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs index d1b02de0f..599dec6d5 100644 --- a/unix_integration/src/idprovider/kanidm.rs +++ b/unix_integration/src/idprovider/kanidm.rs @@ -2,6 +2,7 @@ use async_trait::async_trait; use kanidm_client::{ClientError, KanidmClient, StatusCode}; use kanidm_proto::v1::{OperationError, UnixGroupToken, UnixUserToken}; use tokio::sync::RwLock; +use std::env; use super::interface::{ AuthCacheAction, AuthCredHandler, AuthRequest, AuthResult, GroupToken, Id, IdProvider, @@ -11,12 +12,28 @@ use crate::unix_proto::PamAuthRequest; pub struct KanidmProvider { client: RwLock, + auth_name: Option, + auth_password: Option, } impl KanidmProvider { pub fn new(client: KanidmClient) -> Self { + let env_username: Option; + let env_password: Option; + match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) { + (Some(username), Some(password)) => { + env_username = Some(username.into_string().unwrap()); + env_password = Some(password.into_string().unwrap()); + }, + _ => { + env_username = None; + env_password = None; + } + } KanidmProvider { client: RwLock::new(client), + auth_name: env_username, + auth_password: env_password, } } } @@ -73,7 +90,11 @@ impl From for GroupToken { impl IdProvider for KanidmProvider { // Needs .read on all types except re-auth. async fn provider_authenticate(&self) -> Result<(), IdpError> { - match self.client.write().await.auth_anonymous().await { + let auth_method = match (&self.auth_name, &self.auth_password) { + (Some(name), Some(password)) => self.client.write().await.auth_simple_password(name, password).await, + _ => self.client.write().await.auth_anonymous().await + }; + match auth_method { Ok(_uat) => Ok(()), Err(err) => { error!(?err, "Provider authentication failed");