Merge pull request #412 from himmelblau-idm/stable-0.9.x_backports

Stable 0.9.x backports

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.9.0"
+version = "0.9.1"
 authors = [
     "David Mulder <[email protected]>"
 ]

man/man5/himmelblau.conf.5

@@ -147,12 +147,12 @@ Determines whether password-only (single-factor) authentication is permitted whe
 enable_sfa_fallback = true
 
 .TP
-.B cn_to_upn_mapping
+.B cn_name_mapping
 .RE
 Allows users to enter the short form of their username (e.g., 'dave') instead of the full UPN.
 
 .EXAMPLES
-cn_to_upn_mapping = true
+cn_name_mapping = true
 
 .TP
 .B local_groups

src/cli/src/main.rs

@@ -265,7 +265,7 @@ async fn main() -> ExitCode {
             };
 
             if !really {
-                error!("Are you sure you want to proceed? If so use --really");
+                error!("Are you sure you want to proceed? This will revert the host to an unjoined state while NOT removing the host object from Entra Id. If so use --really");
                 return ExitCode::SUCCESS;
             }
 

src/common/src/resolver.rs

@@ -13,6 +13,7 @@ use hashbrown::HashSet;
 use libc::uid_t;
 use std::collections::BTreeSet;
 use std::fmt::Display;
+use std::fs;
 use std::num::NonZeroUsize;
 use std::ops::{Add, DerefMut, Sub};
 use std::path::Path;
@@ -23,6 +24,7 @@ use lru::LruCache;
 use tokio::sync::Mutex;
 use uuid::Uuid;
 
+use crate::constants::SERVER_CONFIG_PATH;
 use crate::db::{Cache, CacheTxn, Db};
 use crate::idprovider::interface::{
     AuthCacheAction,
@@ -229,7 +231,14 @@ where
         let mut nxcache_txn = self.nxcache.lock().await;
         nxcache_txn.clear();
         let mut dbtxn = self.db.write().await;
-        dbtxn.clear().and_then(|_| dbtxn.commit()).map_err(|_| ())
+        dbtxn.clear().and_then(|_| dbtxn.commit()).map_err(|_| ())?;
+
+        // Also delete the generated himmelblau.conf. This unjoins the host!
+        let path = Path::new(SERVER_CONFIG_PATH);
+        if path.exists() {
+            fs::remove_file(path).map_err(|_| ())?;
+        }
+        Ok(())
     }
 
     pub async fn invalidate(&self) -> Result<(), ()> {

src/daemon/src/tasks_daemon.rs

@@ -431,32 +431,40 @@ async fn handle_tasks(stream: UnixStream, cfg: &HimmelblauConfig) {
             }
             Some(Ok(TaskRequest::LoadProfilePhoto(mut account_id, access_token))) => {
                 debug!("Received task -> LoadProfilePhoto({}, ...)", account_id);
-                let domain = split_username(&access_token).map(|(_, domain)| domain);
-                account_id = cfg.map_upn_to_name(&account_id);
-                // Set the profile picture
-                if let Some(domain) = domain {
-                    match File::create(format!("/var/lib/AccountsService/icons/{}", account_id)) {
-                        Ok(file) => {
-                            let authority_host = cfg.get_authority_host(&domain);
-                            let tenant_id = cfg.get_tenant_id(&domain);
-                            let graph_url = cfg.get_graph_url(&domain);
-                            if let Ok(graph) = Graph::new(
-                                &cfg.get_odc_provider(&domain),
-                                &domain,
-                                Some(&authority_host),
-                                tenant_id.as_deref(),
-                                graph_url.as_deref(),
-                            )
-                            .await
-                            {
-                                if let Err(e) =
-                                    graph.fetch_user_profile_photo(&access_token, file).await
+                let icons_dir = "/var/lib/AccountsService/icons/";
+                if !Path::new(icons_dir).exists() {
+                    info!("Profile photo directory '{}' doesn't exist.", icons_dir);
+                } else {
+                    let domain = split_username(&access_token).map(|(_, domain)| domain);
+                    account_id = cfg.map_upn_to_name(&account_id);
+                    // Set the profile picture
+                    if let Some(domain) = domain {
+                        match File::create(format!("/var/lib/AccountsService/icons/{}", account_id))
+                        {
+                            Ok(file) => {
+                                let authority_host = cfg.get_authority_host(&domain);
+                                let tenant_id = cfg.get_tenant_id(&domain);
+                                let graph_url = cfg.get_graph_url(&domain);
+                                if let Ok(graph) = Graph::new(
+                                    &cfg.get_odc_provider(&domain),
+                                    &domain,
+                                    Some(&authority_host),
+                                    tenant_id.as_deref(),
+                                    graph_url.as_deref(),
+                                )
+                                .await
                                 {
-                                    error!("Failed fetching user profile photo: {:?}", e);
+                                    if let Err(e) =
+                                        graph.fetch_user_profile_photo(&access_token, file).await
+                                    {
+                                        error!("Failed fetching user profile photo: {:?}", e);
+                                    }
                                 }
                             }
+                            Err(e) => {
+                                error!("Failed creating file for user profile photo: {:?}", e)
+                            }
                         }
-                        Err(e) => error!("Failed creating file for user profile photo: {:?}", e),
                     }
                 }