ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-28 06:50:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Get expiry time out of access token & propagate

Browse Source
This commit is contained in:
Grant Limberg 2021-12-03 11:32:29 -08:00
parent da4b9922d4
commit 43c528fdb6
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
5 changed files with 139 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
service/OneService.cpp
View File

@ -340,6 +340,15 @@ public:
_config.authenticationURL[strlen(url)] = 0; _config.authenticationURL[strlen(url)] = 0;
} }
uint64_t getExpiryTime() {
if (_idc == nullptr) {
fprintf(stderr, "idc is null\n");
return 0;
}
return zeroidc::zeroidc_get_exp_time(_idc);
}
private: private:
unsigned int _webPort; unsigned int _webPort;
std::shared_ptr<EthernetTap> _tap; std::shared_ptr<EthernetTap> _tap;
@ -463,7 +472,7 @@ static void _networkToJson(nlohmann::json &nj,NetworkState &ns)
const char* authURL = ns.getAuthURL(); const char* authURL = ns.getAuthURL();
fprintf(stderr, "Auth URL: %s\n", authURL); fprintf(stderr, "Auth URL: %s\n", authURL);
nj["authenticationURL"] = authURL; nj["authenticationURL"] = authURL;
nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime; nj["authenticationExpiryTime"] = (ns.getExpiryTime()*1000);
nj["ssoEnabled"] = ns.config().ssoEnabled; nj["ssoEnabled"] = ns.config().ssoEnabled;
} }
} }

93
zeroidc/Cargo.lock generated
View File

@ -28,6 +28,12 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "base64"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.13.0" version = "0.13.0"
@ -102,6 +108,7 @@ dependencies = [
"num-integer", "num-integer",
"num-traits", "num-traits",
"serde", "serde",
"time",
"winapi", "winapi",
] ]
@ -450,6 +457,20 @@ dependencies = [
"wasm-bindgen", "wasm-bindgen",
] ]
[[package]]
name = "jsonwebtoken"
version = "7.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "afabcc15e437a6484fc4f12d0fd63068fe457bf93f1c148d3d9649c60b103f32"
dependencies = [
"base64 0.12.3",
"pem",
"ring",
"serde",
"serde_json",
"simple_asn1",
]
[[package]] [[package]]
name = "lazy_static" name = "lazy_static"
version = "1.4.0" version = "1.4.0"
@ -538,6 +559,17 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "num-bigint"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
dependencies = [
"autocfg",
"num-integer",
"num-traits",
]
[[package]] [[package]]
name = "num-bigint" name = "num-bigint"
version = "0.4.3" version = "0.4.3"
@ -584,7 +616,7 @@ version = "4.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab" checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab"
dependencies = [ dependencies = [
"base64", "base64 0.13.0",
"chrono", "chrono",
"getrandom", "getrandom",
"http", "http",
@ -616,12 +648,12 @@ version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52" checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52"
dependencies = [ dependencies = [
"base64", "base64 0.13.0",
"chrono", "chrono",
"http", "http",
"itertools", "itertools",
"log", "log",
"num-bigint", "num-bigint 0.4.3",
"oauth2", "oauth2",
"rand", "rand",
"ring", "ring",
@ -677,6 +709,17 @@ dependencies = [
"num-traits", "num-traits",
] ]
[[package]]
name = "pem"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb"
dependencies = [
"base64 0.13.0",
"once_cell",
"regex",
]
[[package]] [[package]]
name = "percent-encoding" name = "percent-encoding"
version = "2.1.0" version = "2.1.0"
@ -774,6 +817,21 @@ dependencies = [
"bitflags", "bitflags",
] ]
[[package]]
name = "regex"
version = "1.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
dependencies = [
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.6.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
[[package]] [[package]]
name = "remove_dir_all" name = "remove_dir_all"
version = "0.5.3" version = "0.5.3"
@ -789,7 +847,7 @@ version = "0.11.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5" checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5"
dependencies = [ dependencies = [
"base64", "base64 0.13.0",
"bytes", "bytes",
"encoding_rs", "encoding_rs",
"futures-core", "futures-core",
@ -856,7 +914,7 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9" checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
dependencies = [ dependencies = [
"base64", "base64 0.13.0",
] ]
[[package]] [[package]]
@ -983,6 +1041,17 @@ dependencies = [
"opaque-debug", "opaque-debug",
] ]
[[package]]
name = "simple_asn1"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b"
dependencies = [
"chrono",
"num-bigint 0.2.6",
"num-traits",
]
[[package]] [[package]]
name = "slab" name = "slab"
version = "0.4.5" version = "0.4.5"
@ -1065,6 +1134,16 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "time"
version = "0.1.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
dependencies = [
"libc",
"winapi",
]
[[package]] [[package]]
name = "tinyvec" name = "tinyvec"
version = "1.5.0" version = "1.5.0"
@ -1404,9 +1483,11 @@ dependencies = [
name = "zeroidc" name = "zeroidc"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"base64", "base64 0.13.0",
"cbindgen", "cbindgen",
"jsonwebtoken",
"openidconnect", "openidconnect",
"reqwest", "reqwest",
"serde",
"url", "url",
] ]

2
zeroidc/Cargo.toml
View File

@ -16,6 +16,8 @@ openidconnect = "2.1.2"
base64 = "0.13.0" base64 = "0.13.0"
url = "2.2.2" url = "2.2.2"
reqwest = "0.11.7" reqwest = "0.11.7"
jsonwebtoken = "7.2.0"
serde = "1.0.130"
[build-dependencies] [build-dependencies]
cbindgen = "0.20.0" cbindgen = "0.20.0"

10
zeroidc/src/ext.rs
View File

@ -91,6 +91,16 @@ pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool {
idc.is_running() idc.is_running()
} }
#[no_mangle]
pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
let id = unsafe {
assert!(!ptr.is_null());
&mut *ptr
};
id.get_exp_time()
}
#[no_mangle] #[no_mangle]
pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool { pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool {
let idc = unsafe { let idc = unsafe {

40
zeroidc/src/lib.rs
View File

@ -7,17 +7,14 @@ extern crate url;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use std::thread::{sleep, spawn, JoinHandle}; use std::thread::{sleep, spawn, JoinHandle};
use std::time::Duration; use std::time::Duration;
use serde::{Deserialize, Serialize};
use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType}; use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
use openidconnect::reqwest::http_client; use openidconnect::reqwest::http_client;
use openidconnect::{AuthenticationFlow, PkceCodeVerifier, TokenResponse, OAuth2TokenResponse}; use openidconnect::{AccessToken, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
use openidconnect::{AuthorizationCode, ClientId, CsrfToken, IssuerUrl, Nonce, PkceCodeChallenge, RedirectUrl, RequestTokenError, Scope}; use jsonwebtoken::{dangerous_insecure_decode};
use reqwest::blocking::Client;
use url::Url; use url::Url;
pub struct ZeroIDC { pub struct ZeroIDC {
inner: Arc<Mutex<Inner>>, inner: Arc<Mutex<Inner>>,
} }
@ -28,6 +25,14 @@ struct Inner {
auth_endpoint: String, auth_endpoint: String,
oidc_thread: Option<JoinHandle<()>>, oidc_thread: Option<JoinHandle<()>>,
oidc_client: Option<openidconnect::core::CoreClient>, oidc_client: Option<openidconnect::core::CoreClient>,
access_token: Option<AccessToken>,
refresh_token: Option<RefreshToken>,
exp_time: u64,
}
#[derive(Debug, Serialize, Deserialize)]
struct Exp {
exp: u64
} }
fn csrf_func(csrf_token: String) -> Box<dyn Fn() -> CsrfToken> { fn csrf_func(csrf_token: String) -> Box<dyn Fn() -> CsrfToken> {
@ -60,6 +65,9 @@ impl ZeroIDC {
auth_endpoint: auth_ep.to_string(), auth_endpoint: auth_ep.to_string(),
oidc_thread: None, oidc_thread: None,
oidc_client: None, oidc_client: None,
access_token: None,
refresh_token: None,
exp_time: 0,
})), })),
}; };
@ -147,7 +155,11 @@ impl ZeroIDC {
} }
fn get_network_id(&mut self) -> String { fn get_network_id(&mut self) -> String {
return (*self.inner.lock().unwrap()).network_id.clone() return (*self.inner.lock().unwrap()).network_id.clone();
}
fn get_exp_time(&mut self) -> u64 {
return (*self.inner.lock().unwrap()).exp_time;
} }
fn do_token_exchange(&mut self, auth_info: &mut AuthInfo, code: &str) { fn do_token_exchange(&mut self, auth_info: &mut AuthInfo, code: &str) {
@ -185,6 +197,17 @@ impl ZeroIDC {
Ok(res) => { Ok(res) => {
println!("hit url: {}", res.url().as_str()); println!("hit url: {}", res.url().as_str());
println!("Status: {}", res.status()); println!("Status: {}", res.status());
let at = tok.access_token().secret();
let exp = dangerous_insecure_decode::<Exp>(&at);
if let Ok(e) = exp {
(*self.inner.lock().unwrap()).exp_time = e.claims.exp
}
(*self.inner.lock().unwrap()).access_token = Some(tok.access_token().clone());
if let Some(t) = tok.refresh_token() {
(*self.inner.lock().unwrap()).refresh_token = Some(t.clone());
}
}, },
Err(res) => { Err(res) => {
println!("hit url: {}", res.url().unwrap().as_str()); println!("hit url: {}", res.url().unwrap().as_str());
@ -193,9 +216,6 @@ impl ZeroIDC {
} }
} }
let claims = (*self.inner.lock().unwrap()).oidc_client.as_ref().map(|c| {
});
let access_token = tok.access_token(); let access_token = tok.access_token();
println!("Access Token: {}", access_token.secret()); println!("Access Token: {}", access_token.secret());