diff --git a/service/OneService.cpp b/service/OneService.cpp index 4dce383f7..59ba389b2 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -247,19 +247,28 @@ public: } void setConfig(const ZT_VirtualNetworkConfig *nwc) { + char nwbuf[17] = {}; + const char* nwid = Utils::hex(nwc->nwid, nwbuf); + fprintf(stderr, "NetworkState::setConfig(%s)\n", nwid); memcpy(&_config, nwc, sizeof(ZT_VirtualNetworkConfig)); if (_config.ssoEnabled && _config.ssoVersion == 1) { - if (_idc == nullptr) { - assert(_config.issuerURL[0] != nullptr); + fprintf(stderr, "ssoEnabled for %s\n", nwid); + if (_idc == nullptr) + { + assert(_config.issuerURL != nullptr); assert(_config.ssoClientID != nullptr); assert(_config.centralAuthURL != nullptr); + char buf[17] = {}; _idc = zeroidc::zeroidc_new( + Utils::hex(_config.nwid, buf), _config.issuerURL, _config.ssoClientID, _config.centralAuthURL, _webPort ); + + fprintf(stderr, "idc created (%s, %s, %s)\n", _config.issuerURL, _config.ssoClientID, _config.centralAuthURL); } if (_ainfo != nullptr) { @@ -291,6 +300,14 @@ public: return _managedRoutes; } + const char* getAuthURL() { + if (_ainfo != nullptr) { + return zeroidc::zeroidc_get_auth_url(_ainfo); + } + fprintf(stderr, "_ainfo is null\n"); + return ""; + } + private: unsigned int _webPort; std::shared_ptr _tap; @@ -410,10 +427,11 @@ static void _networkToJson(nlohmann::json &nj,NetworkState &ns) } } nj["dns"] = m; - - nj["authenticationURL"] = ns.config().authenticationURL; - nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime; - nj["ssoEnabled"] = ns.config().ssoEnabled; + if (ns.config().ssoEnabled) { + nj["authenticationURL"] = ns.getAuthURL(); + nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime; + nj["ssoEnabled"] = ns.config().ssoEnabled; + } } static void _peerToJson(nlohmann::json &pj,const ZT_Peer *peer) @@ -1519,10 +1537,12 @@ public: // Return [array] of all networks res = nlohmann::json::array(); + for (auto it = _nets.begin(); it != _nets.end(); ++it) { NetworkState &ns = it->second; nlohmann::json nj; - _networkToJson(res, ns); + _networkToJson(nj, ns); + res.push_back(nj); } scode = 200; @@ -1536,8 +1556,14 @@ public: _networkToJson(res, ns); scode = 200; } - } else scode = 404; - } else scode = 500; + } else { + fprintf(stderr, "not found\n"); + scode = 404; + } + } else { + fprintf(stderr, "_nets is empty??\n"); + scode = 500; + } } else if (ps[0] == "peer") { ZT_PeerList *pl = _node->peers(); if (pl) { @@ -1602,7 +1628,15 @@ public: } else scode = 404; } - } else scode = 401; // isAuth == false + } else if (ps[0] == "sso") { + // SSO redirect handling + fprintf(stderr, "sso get\n"); + fprintf(stderr, "path: %s\n", path.c_str()); + fprintf(stderr, "body: %s\n", body.c_str()); + scode = 200; scode = 200; + } else { + scode = 401; // isAuth == false && !sso + } } else if ((httpMethod == HTTP_POST)||(httpMethod == HTTP_PUT)) { if (isAuth) { if (ps[0] == "bond") { @@ -1743,7 +1777,16 @@ public: else scode = 404; } - } else scode = 401; // isAuth == false + } else if (ps[0] == "sso") { + // sso post handling + fprintf(stderr, "sso post\n"); + fprintf(stderr, "path: %s\n", path.c_str()); + fprintf(stderr, "body: %s\n", body.c_str()); + scode = 200; + } + else { + scode = 401; // isAuth == false + } } else if (httpMethod == HTTP_DELETE) { if (isAuth) { @@ -1774,7 +1817,6 @@ public: scode = _controller->handleControlPlaneHttpDELETE(std::vector(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType); else scode = 404; } - } else scode = 401; // isAuth = false } else { scode = 400; diff --git a/zeroidc/src/ext.rs b/zeroidc/src/ext.rs index 507a64db7..ab69829ac 100644 --- a/zeroidc/src/ext.rs +++ b/zeroidc/src/ext.rs @@ -5,11 +5,17 @@ use crate::{AuthInfo, ZeroIDC}; #[no_mangle] pub extern "C" fn zeroidc_new( + network_id: *const c_char, issuer: *const c_char, client_id: *const c_char, auth_endpoint: *const c_char, web_listen_port: u16, ) -> *mut ZeroIDC { + if network_id.is_null() { + println!("network_id is null"); + return std::ptr::null_mut(); + + } if issuer.is_null() { println!("issuer is null"); return std::ptr::null_mut(); @@ -25,12 +31,14 @@ pub extern "C" fn zeroidc_new( return std::ptr::null_mut(); } - let iss = unsafe { CStr::from_ptr(issuer) }; - let c_id = unsafe { CStr::from_ptr(client_id) }; + let network_id = unsafe {CStr::from_ptr(network_id) }; + let issuer = unsafe { CStr::from_ptr(issuer) }; + let client_id = unsafe { CStr::from_ptr(client_id) }; let auth_endpoint = unsafe { CStr::from_ptr(auth_endpoint) }; match ZeroIDC::new( - iss.to_str().unwrap(), - c_id.to_str().unwrap(), + network_id.to_str().unwrap(), + issuer.to_str().unwrap(), + client_id.to_str().unwrap(), auth_endpoint.to_str().unwrap(), web_listen_port, ) { @@ -82,6 +90,24 @@ pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool { idc.is_running() } +#[no_mangle] +pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool { + let idc = unsafe { + assert!(!ptr.is_null()); + &mut *ptr + }; + + if body.is_null() { + println!("body is null"); + return false + } + + let body = unsafe { CStr::from_ptr(body) } + .to_str().unwrap().to_string(); + + false +} + #[no_mangle] pub extern "C" fn zeroidc_get_auth_info( ptr: *mut ZeroIDC, diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index 15beea403..6deebeaaf 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -21,6 +21,7 @@ pub struct ZeroIDC { struct Inner { running: bool, + network_id: String, auth_endpoint: String, oidc_thread: Option>, oidc_client: Option, @@ -43,6 +44,7 @@ pub struct AuthInfo { impl ZeroIDC { fn new( + network_id: &str, issuer: &str, client_id: &str, auth_ep: &str, @@ -51,6 +53,7 @@ impl ZeroIDC { let idc = ZeroIDC { inner: Arc::new(Mutex::new(Inner { running: false, + network_id: network_id.to_string(), auth_endpoint: auth_ep.to_string(), oidc_thread: None, oidc_client: None,