-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathiam.cpp
159 lines (141 loc) · 5.4 KB
/
iam.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*
* CPP IAM Code linked to aws-sdk-cpp and exporting C symbols
*/
#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/GetUserRequest.h>
#include <aws/iam/model/GetUserResult.h>
#include <aws/iam/model/ListUsersRequest.h>
#include <aws/iam/model/ListUsersResult.h>
#include <nss.h>
#include <pwd.h>
#include <grp.h>
#include <shadow.h>
Aws::IAM::Model::User get_iam_user(char *username);
Aws::IAM::Model::User get_iam_uid(uid_t uid);
static const char* DATE_FORMAT = "%Y-%m-%d";
unsigned long hash(const char *str);
int __was_initialized = 0;
/**
* iam to posix users retriever
*/
#define __LEN 64
extern "C" enum nss_status get_posix_iam_user(char *buffer, int buflen, struct passwd *p) {
Aws::IAM::Model::User iam_user = get_iam_user(buffer);
if (!iam_user.GetUserId().empty()) {
if (p) {
Aws::String home = "/home/" + iam_user.GetUserName();
char shell[] = "/bin/bash";
char pwd[] = "*";
int bytes = iam_user.GetUserName().size() + 1 > __LEN ? __LEN : iam_user.GetUserName().size() + 1, offset = 0;
p->pw_name = (char*)memcpy(buffer + offset, iam_user.GetUserName().c_str(), bytes);
offset += bytes;
p->pw_uid = hash(iam_user.GetUserId().c_str());
p->pw_gid = 10; /* wheel harded */
bytes = iam_user.GetArn().size() + 1 > __LEN ? __LEN : iam_user.GetArn().size() + 1;
p->pw_gecos = (char*)memcpy(buffer + offset, iam_user.GetArn().c_str(), bytes);
offset += bytes;
bytes = home.size() + 1 > __LEN ? __LEN : home.size() + 1;
p->pw_dir = (char*)memcpy(buffer + offset, home.c_str(), bytes);
offset += bytes;
bytes = sizeof (shell) > __LEN ? __LEN : sizeof (shell);
p->pw_shell = (char*)memcpy(buffer + offset, shell, bytes);
offset += bytes;
bytes = sizeof (pwd) > __LEN ? __LEN : sizeof (pwd);
p->pw_passwd = (char*)memcpy(buffer + offset, pwd, buflen - offset);
}
return NSS_STATUS_SUCCESS;
}
return NSS_STATUS_NOTFOUND;
}
/**
* iam uid user retriever
*/
extern "C" enum nss_status get_posix_iam_user_by_uid(uid_t uid, char *buffer, int buflen, struct passwd *p) {
Aws::IAM::Model::User iam_user = get_iam_uid(uid);
if (!iam_user.GetUserId().empty()) {
if (p) {
Aws::String home = "/home/" + iam_user.GetUserName();
char shell[] = "/bin/bash";
char pwd[] = "*";
int bytes = iam_user.GetUserName().size() + 1 > __LEN ? __LEN : iam_user.GetUserName().size() + 1, offset = 0;
p->pw_name = (char*)memcpy(buffer + offset, iam_user.GetUserName().c_str(), bytes);
offset += bytes;
p->pw_uid = hash(iam_user.GetUserId().c_str());
p->pw_gid = 10; /* wheel harded */
bytes = iam_user.GetArn().size() + 1 > __LEN ? __LEN : iam_user.GetArn().size() + 1;
p->pw_gecos = (char*)memcpy(buffer + offset, iam_user.GetArn().c_str(), bytes);
offset += bytes;
bytes = home.size() + 1 > __LEN ? __LEN : home.size() + 1;
p->pw_dir = (char*)memcpy(buffer + offset, home.c_str(), bytes);
offset += bytes;
bytes = sizeof (shell) > __LEN ? __LEN : sizeof (shell);
p->pw_shell = (char*)memcpy(buffer + offset, shell, bytes);
offset += bytes;
bytes = sizeof (pwd) > __LEN ? __LEN : sizeof (pwd);
p->pw_passwd = (char*)memcpy(buffer + offset, pwd, buflen - offset);
}
return NSS_STATUS_SUCCESS;
}
return NSS_STATUS_NOTFOUND;
}
/**
* iam user retriever
*/
Aws::IAM::Model::User get_iam_uid(uid_t uid) {
Aws::SDKOptions options;
Aws::IAM::Model::User user;
if (!__was_initialized) {
Aws::InitAPI(options);
__was_initialized = 1;
}
{
Aws::IAM::IAMClient iam;
Aws::IAM::Model::ListUsersRequest request;
bool done = false;
while (!done) {
auto outcome = iam.ListUsers(request);
if (!outcome.IsSuccess()) {
std::cout << "Failed to list iam users:" <<
outcome.GetError().GetMessage() << std::endl;
break;
}
const auto &users = outcome.GetResult().GetUsers();
for (const auto &user : users) {
if (hash(user.GetUserId().c_str()) == uid) {
// Aws::ShutdownAPI(options);
return user;
}
}
if (outcome.GetResult().GetIsTruncated()) {
request.SetMarker(outcome.GetResult().GetMarker());
} else {
done = true;
}
}
}
// Aws::ShutdownAPI(options);
return user;
}
/**
* iam user retriever
*/
Aws::IAM::Model::User get_iam_user(char *username) {
Aws::SDKOptions options;
if (!__was_initialized) {
Aws::InitAPI(options);
__was_initialized = 1;
}
{
Aws::IAM::IAMClient iam;
Aws::IAM::Model::GetUserRequest get_request;
get_request.SetUserName(username);
auto outcome = iam.GetUser(get_request);
if (!outcome.IsSuccess()) {
std::cout << "Failed to list iam users:" <<
outcome.GetError().GetMessage() << std::endl;
}
// Aws::ShutdownAPI(options);
return outcome.GetResult().GetUser();
}
}