Loading pkgs/by-name/ka/kanidm/1_7.nix +7 −3 Original line number Diff line number Diff line import ./generic.nix { version = "1.7.1"; hash = "sha256-CG4s6fYxTM2I/kFjD905g8/DSFkyB+0pnGVXgyRXtlE="; cargoHash = "sha256-9bE3hSCFBJF8f3Lm5SzEuDtEpJBbCBijUDfqGiPnRsc="; version = "1.7.3"; hash = "sha256-eptbxhbd3pUvYCncgKprh0qes9CjdvGUl3CsG/sHX7M="; cargoHash = "sha256-M0TXGvpMkV/4U0MRYVqiWQsA+9AHdeS89noLxE2Llt0="; patches = [ # remove 1.7.4 - https://github.com/kanidm/kanidm/issues/3813 ./a3bc718a8a0325a53e0857668b8a0134d371794d.patch ]; } pkgs/by-name/ka/kanidm/a3bc718a8a0325a53e0857668b8a0134d371794d.patch 0 → 100644 +29 −0 Original line number Diff line number Diff line From a3bc718a8a0325a53e0857668b8a0134d371794d Mon Sep 17 00:00:00 2001 From: Firstyear <william@blackhats.net.au> Date: Sat, 16 Aug 2025 13:46:23 +1000 Subject: [PATCH] Fix account recover-disable edge case (#3796) --- server/lib/src/idm/server.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/lib/src/idm/server.rs b/server/lib/src/idm/server.rs index 0fc6d78787..51bfbf6705 100644 --- a/server/lib/src/idm/server.rs +++ b/server/lib/src/idm/server.rs @@ -1900,6 +1900,7 @@ impl IdmServerProxyWriteTransaction<'_> { let modlist = ModifyList::new_list(vec![ // Ensure the account is valid from *now*, and that the expiry is unset. m_purge(Attribute::AccountExpire), + m_purge(Attribute::AccountValidFrom), Modify::Present(Attribute::AccountValidFrom, v_valid_from), // We need to remove other credentials too. m_purge(Attribute::PassKeys), @@ -1934,6 +1935,7 @@ impl IdmServerProxyWriteTransaction<'_> { let modlist = ModifyList::new_list(vec![ // Ensure that the account has no validity, and the expiry is now. m_purge(Attribute::AccountValidFrom), + m_purge(Attribute::AccountExpire), Modify::Present(Attribute::AccountExpire, v_expire), ]); pkgs/by-name/ka/kanidm/generic.nix +7 −4 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ cargoHash, unsupported ? false, eolDate ? null, patches ? [ ], }: { Loading Loading @@ -60,7 +61,9 @@ rustPlatform.buildRustPackage (finalAttrs: { env.KANIDM_BUILD_PROFILE = "release_nixpkgs_${arch}"; patches = lib.optionals enableSecretProvisioning [ patches = patches ++ lib.optionals enableSecretProvisioning [ (./. + "/provision-patches/${versionUnderscored finalAttrs}/oauth2-basic-secret-modify.patch") (./. + "/provision-patches/${versionUnderscored finalAttrs}/recover-account.patch") ]; Loading pkgs/by-name/ka/kanidm/provision-patches/1_7/recover-account.patch +1 −1 Original line number Diff line number Diff line Loading @@ -45,9 +45,9 @@ index 90ccb1927..85e31ddef 100644 pub enum AdminTaskRequest { - RecoverAccount { name: String }, + RecoverAccount { name: String, password: Option<String> }, DisableAccount { name: String }, ShowReplicationCertificate, RenewReplicationCertificate, RefreshReplicationConsumer, @@ -309,8 +309,8 @@ async fn handle_client( let resp = async { Loading Loading
pkgs/by-name/ka/kanidm/1_7.nix +7 −3 Original line number Diff line number Diff line import ./generic.nix { version = "1.7.1"; hash = "sha256-CG4s6fYxTM2I/kFjD905g8/DSFkyB+0pnGVXgyRXtlE="; cargoHash = "sha256-9bE3hSCFBJF8f3Lm5SzEuDtEpJBbCBijUDfqGiPnRsc="; version = "1.7.3"; hash = "sha256-eptbxhbd3pUvYCncgKprh0qes9CjdvGUl3CsG/sHX7M="; cargoHash = "sha256-M0TXGvpMkV/4U0MRYVqiWQsA+9AHdeS89noLxE2Llt0="; patches = [ # remove 1.7.4 - https://github.com/kanidm/kanidm/issues/3813 ./a3bc718a8a0325a53e0857668b8a0134d371794d.patch ]; }
pkgs/by-name/ka/kanidm/a3bc718a8a0325a53e0857668b8a0134d371794d.patch 0 → 100644 +29 −0 Original line number Diff line number Diff line From a3bc718a8a0325a53e0857668b8a0134d371794d Mon Sep 17 00:00:00 2001 From: Firstyear <william@blackhats.net.au> Date: Sat, 16 Aug 2025 13:46:23 +1000 Subject: [PATCH] Fix account recover-disable edge case (#3796) --- server/lib/src/idm/server.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/lib/src/idm/server.rs b/server/lib/src/idm/server.rs index 0fc6d78787..51bfbf6705 100644 --- a/server/lib/src/idm/server.rs +++ b/server/lib/src/idm/server.rs @@ -1900,6 +1900,7 @@ impl IdmServerProxyWriteTransaction<'_> { let modlist = ModifyList::new_list(vec![ // Ensure the account is valid from *now*, and that the expiry is unset. m_purge(Attribute::AccountExpire), + m_purge(Attribute::AccountValidFrom), Modify::Present(Attribute::AccountValidFrom, v_valid_from), // We need to remove other credentials too. m_purge(Attribute::PassKeys), @@ -1934,6 +1935,7 @@ impl IdmServerProxyWriteTransaction<'_> { let modlist = ModifyList::new_list(vec![ // Ensure that the account has no validity, and the expiry is now. m_purge(Attribute::AccountValidFrom), + m_purge(Attribute::AccountExpire), Modify::Present(Attribute::AccountExpire, v_expire), ]);
pkgs/by-name/ka/kanidm/generic.nix +7 −4 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ cargoHash, unsupported ? false, eolDate ? null, patches ? [ ], }: { Loading Loading @@ -60,7 +61,9 @@ rustPlatform.buildRustPackage (finalAttrs: { env.KANIDM_BUILD_PROFILE = "release_nixpkgs_${arch}"; patches = lib.optionals enableSecretProvisioning [ patches = patches ++ lib.optionals enableSecretProvisioning [ (./. + "/provision-patches/${versionUnderscored finalAttrs}/oauth2-basic-secret-modify.patch") (./. + "/provision-patches/${versionUnderscored finalAttrs}/recover-account.patch") ]; Loading
pkgs/by-name/ka/kanidm/provision-patches/1_7/recover-account.patch +1 −1 Original line number Diff line number Diff line Loading @@ -45,9 +45,9 @@ index 90ccb1927..85e31ddef 100644 pub enum AdminTaskRequest { - RecoverAccount { name: String }, + RecoverAccount { name: String, password: Option<String> }, DisableAccount { name: String }, ShowReplicationCertificate, RenewReplicationCertificate, RefreshReplicationConsumer, @@ -309,8 +309,8 @@ async fn handle_client( let resp = async { Loading
