Browse Source

pam module in right location

master
manvan 6 months ago
parent
commit
deb6e0e940
  1. 1
      .vscode/settings.json
  2. 3
      ansible/roles/scripts/tasks/main.yml
  3. 21
      ansible/roles/scripts/templates/oidc_pam.j2

1
.vscode/settings.json

@ -11,6 +11,7 @@
"oidc_env.j2": "jinja-shell",
"oidc_setup.j2": "jinja-shell",
"oidc_verify.j2": "jinja-shell",
"oidc_pam.j2": "jinja-shell",
"setup_ssh.j2": "jinja-shell",
}
}

3
ansible/roles/scripts/tasks/main.yml

@ -7,11 +7,12 @@
group: "{{ ansible_env.USER }}"
with_items:
- entrypoint
- setup_ssh
- get_qr
- oidc_env
- oidc_setup
- oidc_verify
- setup_ssh
- oidc_pam
- name: packages
package:

21
keypam_auth.sh → ansible/roles/scripts/templates/oidc_pam.j2

@ -1,19 +1,12 @@
#!/bin/bash
CLIENT_ID=serv1
CLIENT_SECRET=VbL5OELpk3wmp3ZqEw5Ef9arky48r4N4
KEYCLOAK_URL="https://keycloak.local.rezel.net"
keycloak_user=""
keycloak_groups=""
PAM_SUCCESS=0
PAM_SERVICE_ERR=3
PAM_PERM_DENIED=6
PAM_AUTH_ERR=7
env > /tmp/pam.env
date >> /tmp/pam.env
# env > {{ tmp_dir }}.env
# date >> {{ tmp_dir }}.env
tmp_file=""
case $PAM_TYPE in
@ -24,17 +17,17 @@ case $PAM_TYPE in
sshd)
# If authentication comes from SSH, our inetd script already created a device auth token
port=$(echo $SSH_CONNECTION | cut -d ' ' -f 2)
tmp_file="/tmp/pam/$port"
tmp_file="{{ tmp_dir }}$port"
;;
*)
# Otherwise, initiate a new device flow
tmp_file="$(mktemp -p /tmp/pam $PAM_SERVICE.XXXXX)"
/opt/pam/oidc_setup "$tmp_file"
/opt/pam/get_qr "$tmp_file"
tmp_file="$(mktemp -p {{ tmp_dir }} $PAM_SERVICE.XXXXX)"
{{ install_dir }}oidc_setup "$tmp_file"
{{ install_dir }}get_qr "$tmp_file"
;;
esac
echo $tmp_file
/opt/pam/oidc_verify "$tmp_file" > "${tmp_file}.result"
{{ install_dir }}oidc_verify "$tmp_file" > "${tmp_file}.result"
if [ $? == 1 ]; then
exit $PAM_PERM_DENIED
else
Loading…
Cancel
Save