wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
authentik-community · Nov 30, 2024 · ed94c39 · ed94c39
1 parent 7e15332
commit ed94c39
Show file tree

Hide file tree

Showing 9 changed files with 464 additions and 23 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/kadmin/Cargo.toml b/kadmin/Cargo.toml
@@ -19,6 +19,7 @@ local = ["kadmin-sys/server"]
 
 [dependencies]
 chrono = "0.4"
+getset = "0.1"
 kadmin-sys = { path = "../kadmin-sys", version = "0.2.0", default-features = false }
 thiserror = "2"
 

diff --git a/kadmin/src/conv.rs b/kadmin/src/conv.rs
@@ -1,6 +1,6 @@
 //! Conversion utilities
 
-use std::{ffi::CStr, os::raw::c_char};
+use std::{ffi::CStr, os::raw::c_char, time::Duration};
 
 use chrono::{DateTime, Utc};
 use kadmin_sys::*;
@@ -20,6 +20,28 @@ pub(crate) fn c_string_to_string(c_string: *const c_char) -> Result<String> {
 }
 
 /// Convert a [`krb5_timestamp`] to a [`DateTime<Utc>`]
-pub(crate) fn ts_to_dt(ts: krb5_timestamp) -> Result<DateTime<Utc>> {
-    DateTime::from_timestamp((ts as u32).into(), 0).ok_or(Error::TimestampConversion)
+pub(crate) fn ts_to_dt(ts: krb5_timestamp) -> Result<Option<DateTime<Utc>>> {
+    if ts == 0 {
+        return Ok(None);
+    }
+    DateTime::from_timestamp((ts as u32).into(), 0)
+        .map(Some)
+        .ok_or(Error::TimestampConversion)
+}
+
+/// Convert a [`krb5_deltat`] to a [`Duration`]
+pub(crate) fn delta_to_dur(delta: i64) -> Option<Duration> {
+    if delta == 0 {
+        return None;
+    }
+    Some(Duration::from_secs(delta as u64))
+}
+
+/// Convert a [`Duration`] to a [`krb5_deltat`]
+pub(crate) fn dur_to_delta(dur: Option<Duration>) -> Result<krb5_deltat> {
+    if let Some(dur) = dur {
+        dur.as_secs().try_into().map_err(Error::DateTimeConversion)
+    } else {
+        Ok(0)
+    }
 }
diff --git a/kadmin/src/error.rs b/kadmin/src/error.rs
@@ -56,6 +56,12 @@ pub enum Error {
     /// Failed to convert a [`krb5_timestamp`] to a [`chrono::DateTime`]
     #[error("Failed to convert krb5 timestamp to chrono DateTime")]
     TimestampConversion,
+    /// Failed to convert a [`chrono::DateTime`] to a [`krb5_timestamp`]
+    #[error("Failed to convert chrono DateTime to krb5 timestamp")]
+    DateTimeConversion(std::num::TryFromIntError),
+    /// Failed to convert a [`Duration`][`std::time::Duration`] to a [`krb5_deltat`]
+    #[error("Failed to convert Duration to a krb5 deltat")]
+    DurationConversion(std::num::TryFromIntError),
 }
 
 impl<T> From<std::sync::mpsc::SendError<T>> for Error {

diff --git a/kadmin/src/kadmin.rs b/kadmin/src/kadmin.rs
@@ -17,6 +17,7 @@ use crate::{
     db_args::DbArgs,
     error::{Result, kadm5_ret_t_escape_hatch, krb5_error_code_escape_hatch},
     params::Params,
+    policy::{Policy, PolicyBuilder, PolicyModifier},
     principal::Principal,
 };
 
@@ -119,15 +120,11 @@ pub trait KAdminImpl {
 
     /// Add a policy. Not yet implemented
     #[doc(alias = "addpol")]
-    fn add_policy() {
-        unimplemented!();
-    }
+    fn add_policy(&self, builder: &PolicyBuilder) -> Result<()>;
 
     /// Modify a policy. Not yet implemented
     #[doc(alias = "modpol")]
-    fn modify_policy() {
-        unimplemented!();
-    }
+    fn modify_policy(&self, modifier: &PolicyModifier) -> Result<()>;
 
     /// Delete a policy. Not yet implemented
     #[doc(alias = "delpol")]
@@ -137,8 +134,21 @@ pub trait KAdminImpl {
 
     /// Retrieve a policy. Not yet implemented
     #[doc(alias = "getpol")]
-    fn get_policy() {
-        unimplemented!();
+    fn get_policy(&self, name: &str) -> Result<Option<Policy>>;
+
+    /// Check if a policy exists
+    ///
+    /// ```no_run
+    /// # use crate::kadmin::{KAdmin, KAdminImpl};
+    /// # #[cfg(feature = "client")]
+    /// # fn example() {
+    /// let kadm = kadmin::KAdmin::builder().with_ccache(None, None).unwrap();
+    /// let polname = String::from("mypolicy");
+    /// assert!(kadm.policy_exists(&princname).unwrap());
+    /// # }
+    /// ```
+    fn policy_exists(&self, name: &str) -> Result<bool> {
+        Ok(self.get_policy(name)?.is_some())
     }
 
     /// List policies
@@ -247,6 +257,40 @@ impl KAdminImpl for KAdmin {
         Ok(result)
     }
 
+    fn add_policy(&self, builder: &PolicyBuilder) -> Result<()> {
+        let (mut policy, mask) = builder.make_entry()?;
+        let code = unsafe { kadm5_create_policy(self.server_handle, &mut policy, mask) };
+        kadm5_ret_t_escape_hatch(&self.context, code)?;
+        Ok(())
+    }
+
+    fn modify_policy(&self, modifier: &PolicyModifier) -> Result<()> {
+        let (mut policy, mask) = modifier.make_entry()?;
+        let code = unsafe { kadm5_modify_policy(self.server_handle, &mut policy, mask) };
+        kadm5_ret_t_escape_hatch(&self.context, code)?;
+        Ok(())
+    }
+
+    fn get_policy(&self, name: &str) -> Result<Option<Policy>> {
+        let name = CString::new(name)?;
+        let mut policy_ent = _kadm5_policy_ent_t::default();
+        let code = unsafe {
+            kadm5_get_policy(
+                self.server_handle,
+                name.as_ptr().cast_mut(),
+                &mut policy_ent,
+            )
+        };
+        if code == KADM5_UNK_POLICY as i64 {
+            return Ok(None);
+        }
+        kadm5_ret_t_escape_hatch(&self.context, code)?;
+        let policy = Policy::from_raw(&policy_ent)?;
+        let code = unsafe { kadm5_free_policy_ent(self.server_handle, &mut policy_ent) };
+        kadm5_ret_t_escape_hatch(&self.context, code)?;
+        Ok(Some(policy))
+    }
+
     fn list_policies(&self, query: Option<&str>) -> Result<Vec<String>> {
         let query = CString::new(query.unwrap_or("*"))?;
         let mut count = 0;

diff --git a/kadmin/src/lib.rs b/kadmin/src/lib.rs
@@ -68,5 +68,8 @@ pub use kadmin::{KAdmin, KAdminImpl};
 
 pub mod sync;
 
+pub mod policy;
+pub use policy::Policy;
+
 pub mod principal;
 pub use principal::Principal;