Loading .gitlab-ci.yml +4 −0 Original line number Diff line number Diff line Loading @@ -26,9 +26,13 @@ docker-build: - if [$CI_COMMIT_REF_NAME == 'master']; then export IMAGE_PREFIX=""; fi - docker build -f server_side/Dockerfile -t no2fa --target no2fa ./server_side - docker build -f server_side/Dockerfile -t with2fa --target with2fa ./server_side - docker run --rm -v `pwd`:/tmp no2fa bash -c "cp /package/* /tmp" - docker tag no2fa $NO2FA_URL$IMAGE_PREFIX:latest - docker tag with2fa $WITH2FA_URL$IMAGE_PREFIX:latest - docker push $NO2FA_URL$IMAGE_PREFIX:latest - docker push $WITH2FA_URL$IMAGE_PREFIX:latest artifacts: paths: - "oidc-pam-0.1.0-Linux.deb" tags: - rse-multi-builder server_side/Dockerfile +2 −2 Original line number Diff line number Diff line Loading @@ -19,9 +19,9 @@ RUN mkdir /run/sshd /etc/security/oidc RUN apt-get update && apt-get install -y curl python3 ssh COPY --from=package /src/c/build/*.deb / COPY --from=package /src/c/build/*.deb /package/ RUN dpkg -i /oidc-pam-0.1.0-Linux.deb RUN dpkg -i /package/oidc-pam-0.1.0-Linux.deb COPY c/sshd /etc/pam.d/ COPY sshd_pam.conf /etc/ssh/sshd_config.d/ Loading server_side/c/CMakeLists.txt +3 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,9 @@ SET(CPACK_DEBIAN_PACKAGE_MAINTAINER "ORNL") set(CPACK_PACKAGE_VERSION_MAJOR "0") set(CPACK_PACKAGE_VERSION_MINOR "1") set(CPACK_PACKAGE_VERSION_PATCH "0") set(CPACK_DEBIAN_PACKAGE_DEPENDS "curl") INCLUDE(CPack) add_executable(oidc-pam-main main.c config.c json/cJSON.c auth.c log.c) Loading server_side/c/oidc-pam.c +6 −6 Original line number Diff line number Diff line Loading @@ -123,31 +123,31 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons return retval; } oidc_token_content_t token_info; res = introspect_token(access_token, &token_info); oidc_token_content_t token_content; res = introspect_token(access_token, &token_content); if (res != 0) { logit("error introspecting token: %s\n",access_token); return PAM_AUTH_ERR; } int token_ok = 1; if (!token_info.active) { if (!token_content.active) { logit("token inactive or wrong: %s\n",access_token); token_ok = 0; } if (strcmp(token_info.user, pUsername) != 0) { if (strcmp(token_content.user, pUsername) != 0) { logit("error checking username, token: %s, user:\n",access_token,pUsername); token_ok = 0; } if (config.enable_2fa && (token_info.session_attribute == NULL || strcmp(token_info.session_attribute, "2fa") != 0)) { (token_content.session_attribute == NULL || strcmp(token_content.session_attribute, "2fa") != 0)) { logit("error checking 2fa attribute, token: %s\n",access_token); token_ok = 0; } cJSON_Delete(token_info.parsed_object); cJSON_Delete(token_content.parsed_object); cJSON_Delete(config.parsed_object); free(access_token); Loading Loading
.gitlab-ci.yml +4 −0 Original line number Diff line number Diff line Loading @@ -26,9 +26,13 @@ docker-build: - if [$CI_COMMIT_REF_NAME == 'master']; then export IMAGE_PREFIX=""; fi - docker build -f server_side/Dockerfile -t no2fa --target no2fa ./server_side - docker build -f server_side/Dockerfile -t with2fa --target with2fa ./server_side - docker run --rm -v `pwd`:/tmp no2fa bash -c "cp /package/* /tmp" - docker tag no2fa $NO2FA_URL$IMAGE_PREFIX:latest - docker tag with2fa $WITH2FA_URL$IMAGE_PREFIX:latest - docker push $NO2FA_URL$IMAGE_PREFIX:latest - docker push $WITH2FA_URL$IMAGE_PREFIX:latest artifacts: paths: - "oidc-pam-0.1.0-Linux.deb" tags: - rse-multi-builder
server_side/Dockerfile +2 −2 Original line number Diff line number Diff line Loading @@ -19,9 +19,9 @@ RUN mkdir /run/sshd /etc/security/oidc RUN apt-get update && apt-get install -y curl python3 ssh COPY --from=package /src/c/build/*.deb / COPY --from=package /src/c/build/*.deb /package/ RUN dpkg -i /oidc-pam-0.1.0-Linux.deb RUN dpkg -i /package/oidc-pam-0.1.0-Linux.deb COPY c/sshd /etc/pam.d/ COPY sshd_pam.conf /etc/ssh/sshd_config.d/ Loading
server_side/c/CMakeLists.txt +3 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,9 @@ SET(CPACK_DEBIAN_PACKAGE_MAINTAINER "ORNL") set(CPACK_PACKAGE_VERSION_MAJOR "0") set(CPACK_PACKAGE_VERSION_MINOR "1") set(CPACK_PACKAGE_VERSION_PATCH "0") set(CPACK_DEBIAN_PACKAGE_DEPENDS "curl") INCLUDE(CPack) add_executable(oidc-pam-main main.c config.c json/cJSON.c auth.c log.c) Loading
server_side/c/oidc-pam.c +6 −6 Original line number Diff line number Diff line Loading @@ -123,31 +123,31 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons return retval; } oidc_token_content_t token_info; res = introspect_token(access_token, &token_info); oidc_token_content_t token_content; res = introspect_token(access_token, &token_content); if (res != 0) { logit("error introspecting token: %s\n",access_token); return PAM_AUTH_ERR; } int token_ok = 1; if (!token_info.active) { if (!token_content.active) { logit("token inactive or wrong: %s\n",access_token); token_ok = 0; } if (strcmp(token_info.user, pUsername) != 0) { if (strcmp(token_content.user, pUsername) != 0) { logit("error checking username, token: %s, user:\n",access_token,pUsername); token_ok = 0; } if (config.enable_2fa && (token_info.session_attribute == NULL || strcmp(token_info.session_attribute, "2fa") != 0)) { (token_content.session_attribute == NULL || strcmp(token_content.session_attribute, "2fa") != 0)) { logit("error checking 2fa attribute, token: %s\n",access_token); token_ok = 0; } cJSON_Delete(token_info.parsed_object); cJSON_Delete(token_content.parsed_object); cJSON_Delete(config.parsed_object); free(access_token); Loading
