aboutsummaryrefslogtreecommitdiff
path: root/src/login/ldap_provider.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/login/ldap_provider.rs')
-rw-r--r--src/login/ldap_provider.rs90
1 files changed, 53 insertions, 37 deletions
diff --git a/src/login/ldap_provider.rs b/src/login/ldap_provider.rs
index 2eeb6d9..561b1c2 100644
--- a/src/login/ldap_provider.rs
+++ b/src/login/ldap_provider.rs
@@ -5,10 +5,9 @@ use log::debug;
use crate::config::*;
use crate::login::*;
+use crate::storage;
pub struct LdapLoginProvider {
- k2v_region: Region,
- s3_region: Region,
ldap_server: String,
pre_bind_on_login: bool,
@@ -19,12 +18,9 @@ pub struct LdapLoginProvider {
username_attr: String,
mail_attr: String,
- aws_access_key_id_attr: String,
- aws_secret_access_key_attr: String,
+ storage_specific: StorageSpecific,
user_secret_attr: String,
alternate_user_secrets_attr: Option<String>,
-
- bucket_source: BucketSource,
}
enum BucketSource {
@@ -32,8 +28,13 @@ enum BucketSource {
Attr(String),
}
+enum StorageSpecific {
+ InMemory,
+ Garage { from_config: LdapGarageConfig, bucket_source: BucketSource },
+}
+
impl LdapLoginProvider {
- pub fn new(config: LoginLdapConfig, k2v_region: Region, s3_region: Region) -> Result<Self> {
+ pub fn new(config: LoginLdapConfig) -> Result<Self> {
let bind_dn_and_pw = match (config.bind_dn, config.bind_password) {
(Some(dn), Some(pw)) => Some((dn, pw)),
(None, None) => None,
@@ -42,12 +43,6 @@ impl LdapLoginProvider {
),
};
- let bucket_source = match (config.bucket, config.bucket_attr) {
- (Some(b), None) => BucketSource::Constant(b),
- (None, Some(a)) => BucketSource::Attr(a),
- _ => bail!("Must set `bucket` or `bucket_attr`, but not both"),
- };
-
if config.pre_bind_on_login && bind_dn_and_pw.is_none() {
bail!("Cannot use `pre_bind_on_login` without setting `bind_dn` and `bind_password`");
}
@@ -55,20 +50,34 @@ impl LdapLoginProvider {
let mut attrs_to_retrieve = vec![
config.username_attr.clone(),
config.mail_attr.clone(),
- config.aws_access_key_id_attr.clone(),
- config.aws_secret_access_key_attr.clone(),
config.user_secret_attr.clone(),
];
+
if let Some(a) = &config.alternate_user_secrets_attr {
attrs_to_retrieve.push(a.clone());
}
- if let BucketSource::Attr(a) = &bucket_source {
- attrs_to_retrieve.push(a.clone());
- }
+
+ // storage specific
+ let specific = match config.storage {
+ LdapStorage::InMemory => StorageSpecific::InMemory,
+ LdapStorage::Garage(grgconf) => {
+ let bucket_source = match (grgconf.default_bucket.clone(), grgconf.bucket_attr.clone()) {
+ (Some(b), None) => BucketSource::Constant(b),
+ (None, Some(a)) => BucketSource::Attr(a),
+ _ => bail!("Must set `bucket` or `bucket_attr`, but not both"),
+ };
+
+ if let BucketSource::Attr(a) = &bucket_source {
+ attrs_to_retrieve.push(a.clone());
+ }
+
+ StorageSpecific::Garage { from_config: grgconf, bucket_source }
+ },
+ };
+
+
Ok(Self {
- k2v_region,
- s3_region,
ldap_server: config.ldap_server,
pre_bind_on_login: config.pre_bind_on_login,
bind_dn_and_pw,
@@ -76,29 +85,36 @@ impl LdapLoginProvider {
attrs_to_retrieve,
username_attr: config.username_attr,
mail_attr: config.mail_attr,
- aws_access_key_id_attr: config.aws_access_key_id_attr,
- aws_secret_access_key_attr: config.aws_secret_access_key_attr,
+ storage_specific: specific,
user_secret_attr: config.user_secret_attr,
alternate_user_secrets_attr: config.alternate_user_secrets_attr,
- bucket_source,
})
}
- fn storage_creds_from_ldap_user(&self, user: &SearchEntry) -> Result<StorageCredentials> {
- let aws_access_key_id = get_attr(user, &self.aws_access_key_id_attr)?;
- let aws_secret_access_key = get_attr(user, &self.aws_secret_access_key_attr)?;
- let bucket = match &self.bucket_source {
- BucketSource::Constant(b) => b.clone(),
- BucketSource::Attr(a) => get_attr(user, a)?,
+ fn storage_creds_from_ldap_user(&self, user: &SearchEntry) -> Result<Builders> {
+ let storage: Builders = match &self.storage_specific {
+ StorageSpecific::InMemory => Box::new(storage::in_memory::FullMem {}),
+ StorageSpecific::Garage { from_config, bucket_source } => {
+ let aws_access_key_id = get_attr(user, &from_config.aws_access_key_id_attr)?;
+ let aws_secret_access_key = get_attr(user, &from_config.aws_secret_access_key_attr)?;
+ let bucket = match bucket_source {
+ BucketSource::Constant(b) => b.clone(),
+ BucketSource::Attr(a) => get_attr(user, &a)?,
+ };
+
+
+ Box::new(storage::garage::GrgCreds {
+ region: from_config.aws_region.clone(),
+ s3_endpoint: from_config.s3_endpoint.clone(),
+ k2v_endpoint: from_config.k2v_endpoint.clone(),
+ aws_access_key_id,
+ aws_secret_access_key,
+ bucket
+ })
+ },
};
- Ok(StorageCredentials {
- k2v_region: self.k2v_region.clone(),
- s3_region: self.s3_region.clone(),
- aws_access_key_id,
- aws_secret_access_key,
- bucket,
- })
+ Ok(storage)
}
}
@@ -204,7 +220,7 @@ impl LoginProvider for LdapLoginProvider {
let storage = self.storage_creds_from_ldap_user(&user)?;
drop(ldap);
- let k2v_client = storage.k2v_client()?;
+ let k2v_client = storage.row_store()?;
let (_, public_key) = CryptoKeys::load_salt_and_public(&k2v_client).await?;
Ok(PublicCredentials {
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 22:39:59 +0000