Loading server_side/c/CMakeLists.txt +18 −5 Original line number Diff line number Diff line Loading @@ -3,22 +3,28 @@ project(oidc-pam LANGUAGES C) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/modules/") set(CMAKE_POSITION_INDEPENDENT_CODE ON) find_package(PAM REQUIRED) find_package(CURL REQUIRED) find_package(OpenSSL REQUIRED) include_directories ( ${PAM_INCLUDE_DIR} ${PAM_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR} ) add_library(oidc-pam SHARED oidc-pam.c config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) add_library(oidc-helpers STATIC config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) target_link_libraries(oidc-helpers ${PAM_LIBRARIES} ${CURL_LIBRARIES} ${OPENSSL_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY}) add_library(oidc-pam SHARED oidc-pam.c ) set_target_properties(oidc-pam PROPERTIES PREFIX "") target_link_libraries(oidc-pam ${PAM_LIBRARIES} ${CURL_LIBRARIES} ssl crypto) target_link_libraries(oidc-pam oidc-helpers) install(TARGETS oidc-pam DESTINATION /usr/lib/security) SET(CPACK_GENERATOR "DEB;RPM") SET(CPACK_DEBIAN_PACKAGE_MAINTAINER "ORNL") SET(CPACK_RPM_PACKAGE_MAINTAINER "ORNL") Loading @@ -32,5 +38,12 @@ set(CPACK_RPM_PACKAGE_DEPENDS "curl") INCLUDE(CPack) add_executable(oidc-pam-main main.c config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) target_link_libraries(oidc-pam-main ${PAM_LIBRARIES} ${CURL_LIBRARIES} ssl crypto) add_executable(oidc-pam-main main.c ) target_link_libraries(oidc-pam-main oidc-helpers) add_executable(oidc-run-as-user run_as_user.c ) target_link_libraries(oidc-run-as-user oidc-helpers) install(TARGETS oidc-run-as-user RUNTIME DESTINATION /usr/local/bin PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_EXECUTE GROUP_READ WORLD_READ WORLD_EXECUTE SETUID) server_side/c/run_as_user.c 0 → 100644 +47 −0 Original line number Diff line number Diff line #include "config.h" #include <stdio.h> #include <string.h> #include <stdlib.h> #include <pwd.h> #include <unistd.h> #include "auth.h" int main(int argc, char *argv[]) { if (argc != 4) { printf("usage: %s <config_file> <OIDC token> <command>\n", argv[0]); exit(1); } int res = parse_config(argv[1], &config); if (res != 0) { printf("cannot parse config file\n"); exit(1); } oidc_token_content_t token_info; res = verify_token(argv[2], &token_info); cJSON_Delete(config.parsed_object); if (res != 0) { printf("cannot verify token\n"); exit(1); } char *uname = malloc(sizeof(char) * 4); strncpy(uname, token_info.user, 3); uname[3] = 0; struct passwd *pwd = getpwnam(uname); if (pwd == NULL) { printf("Cannot find UID for name %s\n", uname); free(uname); exit(1); } free(token_info.user); free(uname); res = setuid(pwd->pw_uid); if (res != 0) { printf("cannot set uid\n"); exit(1); } printf("Executing command \"%s\" as %s(%d)\n", argv[3], uname, pwd->pw_uid); return system(argv[3]); } Loading
server_side/c/CMakeLists.txt +18 −5 Original line number Diff line number Diff line Loading @@ -3,22 +3,28 @@ project(oidc-pam LANGUAGES C) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/modules/") set(CMAKE_POSITION_INDEPENDENT_CODE ON) find_package(PAM REQUIRED) find_package(CURL REQUIRED) find_package(OpenSSL REQUIRED) include_directories ( ${PAM_INCLUDE_DIR} ${PAM_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR} ) add_library(oidc-pam SHARED oidc-pam.c config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) add_library(oidc-helpers STATIC config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) target_link_libraries(oidc-helpers ${PAM_LIBRARIES} ${CURL_LIBRARIES} ${OPENSSL_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY}) add_library(oidc-pam SHARED oidc-pam.c ) set_target_properties(oidc-pam PROPERTIES PREFIX "") target_link_libraries(oidc-pam ${PAM_LIBRARIES} ${CURL_LIBRARIES} ssl crypto) target_link_libraries(oidc-pam oidc-helpers) install(TARGETS oidc-pam DESTINATION /usr/lib/security) SET(CPACK_GENERATOR "DEB;RPM") SET(CPACK_DEBIAN_PACKAGE_MAINTAINER "ORNL") SET(CPACK_RPM_PACKAGE_MAINTAINER "ORNL") Loading @@ -32,5 +38,12 @@ set(CPACK_RPM_PACKAGE_DEPENDS "curl") INCLUDE(CPack) add_executable(oidc-pam-main main.c config.c cjwt/cJSON.c auth.c log.c cjwt/base64.c cjwt/cjwt.c cjwt/jws_evp_openssl.c cjwt/print.c cjwt/utils.c) target_link_libraries(oidc-pam-main ${PAM_LIBRARIES} ${CURL_LIBRARIES} ssl crypto) add_executable(oidc-pam-main main.c ) target_link_libraries(oidc-pam-main oidc-helpers) add_executable(oidc-run-as-user run_as_user.c ) target_link_libraries(oidc-run-as-user oidc-helpers) install(TARGETS oidc-run-as-user RUNTIME DESTINATION /usr/local/bin PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_EXECUTE GROUP_READ WORLD_READ WORLD_EXECUTE SETUID)
server_side/c/run_as_user.c 0 → 100644 +47 −0 Original line number Diff line number Diff line #include "config.h" #include <stdio.h> #include <string.h> #include <stdlib.h> #include <pwd.h> #include <unistd.h> #include "auth.h" int main(int argc, char *argv[]) { if (argc != 4) { printf("usage: %s <config_file> <OIDC token> <command>\n", argv[0]); exit(1); } int res = parse_config(argv[1], &config); if (res != 0) { printf("cannot parse config file\n"); exit(1); } oidc_token_content_t token_info; res = verify_token(argv[2], &token_info); cJSON_Delete(config.parsed_object); if (res != 0) { printf("cannot verify token\n"); exit(1); } char *uname = malloc(sizeof(char) * 4); strncpy(uname, token_info.user, 3); uname[3] = 0; struct passwd *pwd = getpwnam(uname); if (pwd == NULL) { printf("Cannot find UID for name %s\n", uname); free(uname); exit(1); } free(token_info.user); free(uname); res = setuid(pwd->pw_uid); if (res != 0) { printf("cannot set uid\n"); exit(1); } printf("Executing command \"%s\" as %s(%d)\n", argv[3], uname, pwd->pw_uid); return system(argv[3]); }
