ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-30 08:04:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'dev' of github.com:/zerotier/ZeroTierOne into dev

Browse Source
This commit is contained in:
Adam Ierymenko 2022-10-06 16:54:00 -04:00
commit 5a6c229b27
5 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controller/PostgreSQL.cpp
View File

@ -442,13 +442,9 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
exit(7); exit(7);
} }
r = w.exec_params("SELECT oc.client_id, oc.authorization_endpoint, oc.issuer, oc.sso_impl_version " r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version "
"FROM ztc_network n " "FROM ztc_network AS nw, ztc_org AS org "
"INNER JOIN ztc_network_oidc_config noc " "WHERE nw.id = $1 AND nw.sso_enabled = true AND org.owner_id = nw.owner_id", networkId);
" ON noc.network_id = n.id "
"INNER JOIN ztc_oidc_config oc "
" ON noc.client_id = oc.client_id "
"WHERE n.id = $1 AND n.sso_enabled = true", networkId);
std::string client_id = ""; std::string client_id = "";
std::string authorization_endpoint = ""; std::string authorization_endpoint = "";

4
ext/central-controller-docker/Dockerfile.builder
View File

@ -18,6 +18,8 @@ RUN apt -y install \
libssl-dev \ libssl-dev \
postgresql-client \ postgresql-client \
postgresql-client-common \ postgresql-client-common \
curl curl \
google-perftools \
libgoogle-perftools-dev
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

8
ext/central-controller-docker/Dockerfile.run_base
View File

@ -1,8 +1,14 @@
FROM ubuntu:jammy FROM ubuntu:jammy
RUN apt update && apt upgrade -y RUN apt update && apt upgrade -y
RUN apt -y install \ RUN apt -y install \
postgresql-client \ postgresql-client \
postgresql-client-common \ postgresql-client-common \
libjemalloc2 \ libjemalloc2 \
libpq5 \ libpq5 \
curl curl \
binutils \
linux-tools-gke \
perf-tools-unstable \
google-perftools

22
zeroidc/src/lib.rs
View File

@ -498,7 +498,8 @@ impl ZeroIDC {
let n = match i.nonce.clone() { let n = match i.nonce.clone() {
Some(n) => n, Some(n) => n,
None => { None => {
println!("no noce"); println!("no nonce");
i.running = false;
return None; return None;
} }
}; };
@ -507,6 +508,7 @@ impl ZeroIDC {
Some(t) => t, Some(t) => t,
None => { None => {
println!("no id token"); println!("no id token");
i.running = false;
return None; return None;
} }
}; };
@ -515,6 +517,7 @@ impl ZeroIDC {
Ok(c) => c, Ok(c) => c,
Err(_e) => { Err(_e) => {
println!("no claims"); println!("no claims");
i.running = false;
return None; return None;
} }
}; };
@ -523,6 +526,7 @@ impl ZeroIDC {
Ok(s) => s, Ok(s) => s,
Err(_) => { Err(_) => {
println!("no signing algorithm"); println!("no signing algorithm");
i.running = false;
return None; return None;
} }
}; };
@ -535,12 +539,14 @@ impl ZeroIDC {
Ok(h) => h, Ok(h) => h,
Err(e) => { Err(e) => {
println!("Error hashing access token: {}", e); println!("Error hashing access token: {}", e);
i.running = false;
return None; return None;
} }
}; };
if actual_hash != *expected_hash { if actual_hash != *expected_hash {
println!("token hash error"); println!("token hash error");
i.running = false;
return None; return None;
} }
} }
@ -549,7 +555,7 @@ impl ZeroIDC {
Err(e) => { Err(e) => {
println!("token response error: {:?}", e.to_string()); println!("token response error: {:?}", e.to_string());
println!("\t {:?}", e.source()); println!("\t {:?}", e.source());
i.running = false;
None None
} }
} }
@ -634,10 +640,12 @@ impl ZeroIDC {
Ok(bytes) Ok(bytes)
} else if res.status() == 402 { } else if res.status() == 402 {
Err(SSOExchangeError::new( i.running = false;
"additional license seats required. Please contact your network administrator.".to_string(), Err(SSOExchangeError::new(
)) "additional license seats required. Please contact your network administrator.".to_string(),
))
} else { } else {
i.running = false;
Err(SSOExchangeError::new( Err(SSOExchangeError::new(
"error from central endpoint".to_string(), "error from central endpoint".to_string(),
)) ))
@ -649,20 +657,24 @@ impl ZeroIDC {
println!("Status: {}", res.status().unwrap()); println!("Status: {}", res.status().unwrap());
println!("Post error: {}", res); println!("Post error: {}", res);
i.exp_time = 0; i.exp_time = 0;
i.running = false;
Err(SSOExchangeError::new( Err(SSOExchangeError::new(
"error from central endpoint".to_string(), "error from central endpoint".to_string(),
)) ))
} }
} }
} else { } else {
i.running = false;
Err(SSOExchangeError::new( Err(SSOExchangeError::new(
"error splitting state token".to_string(), "error splitting state token".to_string(),
)) ))
} }
} else { } else {
i.running = false;
Err(SSOExchangeError::new("invalid token response".to_string())) Err(SSOExchangeError::new("invalid token response".to_string()))
} }
} else { } else {
i.running = false;
Err(SSOExchangeError::new("invalid pkce verifier".to_string())) Err(SSOExchangeError::new("invalid pkce verifier".to_string()))
} }
}); });

6
zerotier-one.spec
View File

@ -59,6 +59,12 @@ Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif %endif
%if "%{?dist}" == ".amzn2022"
BuildRequires: systemd openssl-devel
Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%description %description
ZeroTier is a software defined networking layer for Earth. ZeroTier is a software defined networking layer for Earth.