Merge pull request #1 from guzman-raphael/scopes

Add scope handling, clean up, add docs, tests, and examples

.gitignore

@@ -1 +1,3 @@
-target
+target
+libpam_oidc.yaml
+.env

Dockerfile

@@ -36,8 +36,7 @@ RUN \
 USER rust_dev
 ENV USER rust_dev
 ENV HOME /home/rust_dev
-# hi
-# COPY ./pam-rs/pam-http/target/release/libpam_http.so /workspace/pam-rs/pam-http/target/release/libpam_http.so
-COPY ./pam-oidc/target/release/libpam_oidc.so /workspace/pam-oidc/target/release/libpam_oidc.so
-# COPY ./test-module/target/release/libtest_module.so /workspace/test-module/target/release/libtest_module.so
+
+
+# COPY ./pam-oidc/target/release/libpam_oidc.so /workspace/pam-oidc/target/release/libpam_oidc.so
 WORKDIR /workspace

README.md

@@ -1,22 +1,61 @@
 # Rust Demo
 
-## Start
+## Deploy Instructions
+
+1. Acquire (see the [releases](https://github.com/vathes/pam-oauth2/releases) page) or build (see below) the appropriate `libpam_oidc.so` dynamic clib binary for your platform that provides the PAM interface to authenticate via an OIDC provider.
+1. Copy `libpam_oidc.so` into the appropriate directory that your system expects new modules to be loaded e.g. on Debian, it is located in `/lib/x86_64-linux-gnu/security/`.
+1. Create a service config file within the directory that your system expects for PAM e.g. on Debian, it is located in `/etc/pam.d/`. We can for instance create a service/file called `oidc` with the following contents (note the argument in the 1st line should be the path where `pam_oidc`'s config will be located):
+
+   ```text
+   auth sufficient libpam_oidc.so /etc/datajoint/libpam_oidc.yaml
+   account optional libpam_oidc.so
+   ```
+
+   See [service_example](./service_example) for more info.
+
+1. In the path provided to the service config, create a config file for `pam_oidc`. See [libpam_oidc_example.yaml](./libpam_oidc_example.yaml) for more info.
+1. Configure your PAM-compatible application/service to point to the `oidc` service we just created.
+
+## Developer Instructions
+
+### Build
+
+```bash
+cd ./pam-oidc && cargo build; cd ..  # DEBUG
+cd ./pam-oidc && cargo build --release; cd ..  # PROD
+```
+
+### Manually copy over new build for PAM
+
+```bash
+docker exec -itu root pam-oauth2_app_1 cp pam-oidc/target/debug/libpam_oidc.so /lib/x86_64-linux-gnu/security/
+```
+
+### Validate PAM with test cases
+
+```bash
+python3 test.py
+```
+
+## --- Old Notes ---
+
+### Start
 
 To do in local folder
 `cargo init`
 
 
-## Debug
+### Debug
 
 `cargo run`
 
-## Build (debug, prod)
+### Build (debug, prod)
 
 `cargo build`
 `cargo build --release`
 
 
-## test case (needed to install gcc, g++, openssl, libressl-dev, pkgconfig, OPENSSL_DIR=/etc/ssl)
+### test case (needed to install gcc, g++, openssl, libressl-dev, pkgconfig, OPENSSL_DIR=/etc/ssl)
 
 *as root
 
@@ -28,22 +67,23 @@ apt-get install libssl-dev pkg-config build-essential libpam0g-dev libpam0g -y
 
 *as user
 
-cd /workspace/app
+cd /workspace/pam-oidc
 
 cargo build
 
 echo shh | PAM_TYPE=auth PAM_USER=raphael ./pam_oidc/target/release/pam_oidc ./sample.yaml
 
 
-# cross-compile
+## cross-compile
 
 rustup target add x86_64-unknown-linux-gnu
 rustup target add x86_64-unknown-linux-musl
 rustup show
 cargo build --target x86_64-unknown-linux-musl --features vendored
 cargo build --release --target x86_64-unknown-linux-musl
 
-# testing
+## testing (current on 07/01/21)
 
 cp pam-oidc/test /etc/pam.d/
-cp pam-oidc/target/debug/libpam_oidc.so /lib/x86_64-linux-gnu/security/
+cp pam-oidc/target/debug/libpam_oidc.so /lib/x86_64-linux-gnu/security/
+python3 /workspace/test.py

docker-compose.yml

@@ -1,9 +1,14 @@
+# docker buildx bake --set "*.platform=linux/amd64" --load
+# docker-compose up --build
 version: "2.4"
 services:
   app:
     build: .
-    image: pam_oidc:v0.0.2
-    # environment:
+    image: pam_oidc:v0.0.3
+    environment:
+      - DJ_AUTH_USER
+      - DJ_AUTH_PASSWORD
+      - DJ_AUTH_TOKEN
     #   - RUSTFLAGS=-C link-arg=-undefined
     #   - RUSTFLAGS=-C target-feature=-crt-static
     #   - DISPLAY
@@ -17,8 +22,17 @@ services:
     # ports:
     #   - 2345:2345
     volumes:
-      - ./sample.yaml:/workspace/sample.yaml
-networks:
-  default:
-    external:
-      name: node-oidc-provider_default
+      - ./pam-oidc/target/debug/libpam_oidc.so:/lib/x86_64-linux-gnu/security/libpam_oidc.so  # add pam_oidc to available authentication schemes
+      - ./service_example:/etc/pam.d/oidc  # add a 'oidc' config that utilizes pam_oidc
+      # - ./pam-oidc/target/target/libpam_oidc.so /lib/x86_64-linux-gnu/security/libpam_oidc.so
+      - ./libpam_oidc.yaml:/etc/datajoint/libpam_oidc.yaml  # add pam_oidc-specific config
+#     networks:
+#       - network1
+#       - network2
+# networks:
+#   network1:
+#     external:
+#       name: accountsdatajointio_main
+#   network2:
+#     external:
+#       name: node-oidc-provider_default