Loading config/oidc-pam.json +15 −4 Original line number Diff line number Diff line { "jwks_url": "xxx", "check_2fa": false, "enable_log": false, "log_file": "/tmp/oidc.log" "auth": [ { "jwks_url": "jwks_url_1", "name_field": "username", "name_separator": "" }, { "jwks_url": "jwks_url_2", "name_field": "preferred_username", "name_separator": "@" } ], "enable_log": true, "cache_folder": "/var/tmp/oidc_cache", "log_file": "/var/log/oidc_log" } dockerfiles/Dockerfile.opensuse +0 −3 Original line number Diff line number Diff line Loading @@ -32,9 +32,6 @@ COPY config/sshd_pam.conf /etc/ssh/sshd_config.d/ EXPOSE 22 ENV OIDC_CHECK_2FA=1 RUN ssh-keygen -A RUN chmod 777 /tmp/oidc/start_2fa.sh Loading src/config.c +1 −4 Original line number Diff line number Diff line Loading @@ -62,20 +62,17 @@ int parse_config(const char* fname, json_config_t* config) { config->name_separator[i] = name_separator->valuestring; i++; } const cJSON *check_2fa = cJSON_GetObjectItemCaseSensitive(config_json, "check_2fa"); const cJSON *enable_log = cJSON_GetObjectItemCaseSensitive(config_json, "enable_log"); const cJSON *log_file = cJSON_GetObjectItemCaseSensitive(config_json, "log_file"); const cJSON *cache_folder = cJSON_GetObjectItemCaseSensitive(config_json, "cache_folder"); if (!cJSON_IsBool(check_2fa) || !cJSON_IsBool(enable_log) if (!cJSON_IsBool(enable_log) || !cJSON_IsString(cache_folder) || (cache_folder->valuestring == NULL)) { free(buffer); return 1; } config->enable_2fa = cJSON_IsFalse(check_2fa)?0:1; config->enable_log = cJSON_IsFalse(enable_log)?0:1; config->log_file = log_file->valuestring; config->cache_folder = cache_folder->valuestring; Loading src/config.h +0 −1 Original line number Diff line number Diff line Loading @@ -9,7 +9,6 @@ typedef struct json_config_t const char **jwks_url; const char **name_field; const char **name_separator; int enable_2fa; int enable_log; const char *log_file; const char *cache_folder; Loading src/run_as_user.c +8 −5 Original line number Diff line number Diff line Loading @@ -73,7 +73,7 @@ int token_from_file(const char *token_file_path, char *username) { if (fscanf(file, "%s %ld", username, &expirationTime) != 2) { fprintf(stderr, "Error reading from file\n"); fclose(file); return 0; return 1; } fclose(file); } Loading Loading @@ -121,15 +121,18 @@ int main(int argc, char *argv[]) { printf("cannot parse config file\n"); exit(1); } config.log_file="system"; // get uid from token, verify token if not in cache char token_file_path[4056]; get_token_file_path(argv[2], token_file_path, sizeof(token_file_path)); char username[50]; struct passwd *pwd; if (token_from_file(token_file_path, username) == 1) { pwd = pwd_from_token(argv[2], token_file_path); } else { if (token_from_file(token_file_path, username) == 0) { // token in cache and not expired pwd = getpwnam(username); } else { pwd = pwd_from_token(argv[2], token_file_path); } res = setuid(pwd->pw_uid); Loading Loading
config/oidc-pam.json +15 −4 Original line number Diff line number Diff line { "jwks_url": "xxx", "check_2fa": false, "enable_log": false, "log_file": "/tmp/oidc.log" "auth": [ { "jwks_url": "jwks_url_1", "name_field": "username", "name_separator": "" }, { "jwks_url": "jwks_url_2", "name_field": "preferred_username", "name_separator": "@" } ], "enable_log": true, "cache_folder": "/var/tmp/oidc_cache", "log_file": "/var/log/oidc_log" }
dockerfiles/Dockerfile.opensuse +0 −3 Original line number Diff line number Diff line Loading @@ -32,9 +32,6 @@ COPY config/sshd_pam.conf /etc/ssh/sshd_config.d/ EXPOSE 22 ENV OIDC_CHECK_2FA=1 RUN ssh-keygen -A RUN chmod 777 /tmp/oidc/start_2fa.sh Loading
src/config.c +1 −4 Original line number Diff line number Diff line Loading @@ -62,20 +62,17 @@ int parse_config(const char* fname, json_config_t* config) { config->name_separator[i] = name_separator->valuestring; i++; } const cJSON *check_2fa = cJSON_GetObjectItemCaseSensitive(config_json, "check_2fa"); const cJSON *enable_log = cJSON_GetObjectItemCaseSensitive(config_json, "enable_log"); const cJSON *log_file = cJSON_GetObjectItemCaseSensitive(config_json, "log_file"); const cJSON *cache_folder = cJSON_GetObjectItemCaseSensitive(config_json, "cache_folder"); if (!cJSON_IsBool(check_2fa) || !cJSON_IsBool(enable_log) if (!cJSON_IsBool(enable_log) || !cJSON_IsString(cache_folder) || (cache_folder->valuestring == NULL)) { free(buffer); return 1; } config->enable_2fa = cJSON_IsFalse(check_2fa)?0:1; config->enable_log = cJSON_IsFalse(enable_log)?0:1; config->log_file = log_file->valuestring; config->cache_folder = cache_folder->valuestring; Loading
src/config.h +0 −1 Original line number Diff line number Diff line Loading @@ -9,7 +9,6 @@ typedef struct json_config_t const char **jwks_url; const char **name_field; const char **name_separator; int enable_2fa; int enable_log; const char *log_file; const char *cache_folder; Loading
src/run_as_user.c +8 −5 Original line number Diff line number Diff line Loading @@ -73,7 +73,7 @@ int token_from_file(const char *token_file_path, char *username) { if (fscanf(file, "%s %ld", username, &expirationTime) != 2) { fprintf(stderr, "Error reading from file\n"); fclose(file); return 0; return 1; } fclose(file); } Loading Loading @@ -121,15 +121,18 @@ int main(int argc, char *argv[]) { printf("cannot parse config file\n"); exit(1); } config.log_file="system"; // get uid from token, verify token if not in cache char token_file_path[4056]; get_token_file_path(argv[2], token_file_path, sizeof(token_file_path)); char username[50]; struct passwd *pwd; if (token_from_file(token_file_path, username) == 1) { pwd = pwd_from_token(argv[2], token_file_path); } else { if (token_from_file(token_file_path, username) == 0) { // token in cache and not expired pwd = getpwnam(username); } else { pwd = pwd_from_token(argv[2], token_file_path); } res = setuid(pwd->pw_uid); Loading
