ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-18 20:47:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev

Browse Source
This commit is contained in:
Adam Ierymenko 2022-06-03 16:12:40 -04:00
commit c6682f2a3f
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
35 changed files with 6960 additions and 827 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.drone.jsonnet Normal file
View File

@ -0,0 +1,68 @@
local targets = [
//
// Render these into .drone.yaml by running "make drone"
//
{ "os": "linux", "name": "el9", "isas": [ "amd64", "arm64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "el8", "isas": [ "amd64", "arm64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "el7", "isas": [ "amd64", "ppc64le"], "events": [ "tag" ] },
{ "os": "linux", "name": "el6", "isas": [ "amd64" ], "events": [ "tag" ] },
{ "os": "linux", "name": "amzn2", "isas": [ "amd64", "arm64" ], "events": [ "tag" ] },
{ "os": "linux", "name": "fc37", "isas": [ "amd64", "arm64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "fc36", "isas": [ "amd64", "arm64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "fc35", "isas": [ "amd64", "arm64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "jammy", "isas": [ "amd64", "arm64", "armv7", "riscv64", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "focal", "isas": [ "amd64", "arm64", "armv7", "riscv64", "ppc64le" ], "events": [ "tag" ] },
{ "os": "linux", "name": "bionic", "isas": [ "amd64", "arm64", "386", "ppc64le", "s390x" ], "events": ["tag" ] },
{ "os": "linux", "name": "xenial", "isas": [ "amd64", "arm64", "386" ], "events": [ "tag" ] },
{ "os": "linux", "name": "sid", "isas": [ "386", "amd64", "arm64", "armv7", "riscv64", "mips64le", "ppc64le", "s390x" ], "events": [ "push", "tag" ] },
{ "os": "linux", "name": "bookworm", "isas": [ "amd64", "arm64", "armv7", "386", "mips64le", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "bullseye", "isas": [ "amd64", "arm64", "armv7", "386", "mips64le", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "buster", "isas": [ "amd64", "arm64", "armv7", "386", "mips64le", "ppc64le", "s390x" ], "events": [ "tag" ] },
{ "os": "linux", "name": "stretch", "isas": [ "amd64", "arm64", "386" ], "events": [ "tag" ] },
// { "os": "windows", "name": "win2k19", "isas": [ "amd64" ], "events": ["push", "tag" ] }
];
local Build(platform, os, isa, events) = {
"kind": "pipeline",
"type": "docker",
"pull": "always",
"name": platform + " " + isa + " " + "build",
"clone": { "depth": 1 },
"steps": [
{
"name": "build",
"image": "registry.sean.farm/honda-builder",
"commands": [ "./ci/scripts/build.sh " + platform + " " + isa + " " + "100.0.0+${DRONE_COMMIT_SHA:0:8}" + " " + "${DRONE_BUILD_EVENT}" ]
},
{
"name": "list",
"image": "registry.sean.farm/honda-builder",
"commands": [ "ls -la " + platform ]
},
{
"name": "notify-mattermost",
"image": "registry.sean.farm/mattermost-notify",
"environment": {
"token": { "from_secret": "mattermost-token" },
"host": { "from_secret": "mattermost-host" },
"channel": { "from_secret": "mattermost-channel" },
"maxRetry": 3,
},
"when": { "status": [ "failure" ] }
}
],
"image_pull_secrets": [ "dockerconfigjson" ],
[ if isa == "arm64" || isa == "armv7" then "platform" ]: { os: os, arch: "arm64" },
"trigger": { "event": events }
};
// puttin on the bits
std.flattenArrays([
[
Build(p.name, p.os, isa, p.events)
for isa in p.isas
]
for p in targets
])

2844
.drone.yml
View File

File diff suppressed because it is too large Load Diff

4
Makefile
View File

@ -26,3 +26,7 @@ endif
ifeq ($(OSTYPE),NetBSD)
include make-netbsd.mk
endif
drone:
@echo "rendering .drone.yaml from .drone.jsonnet"
drone jsonnet --format --stream

5
README.md
View File

@ -53,7 +53,10 @@ To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU
- The minimum compiler versions required are GCC/G++ 4.9.3 or CLANG/CLANG++ 3.4.2. (Install `clang` on CentOS 7 as G++ is too old.)
- Linux makefiles automatically detect and prefer clang/clang++ if present as it produces smaller and slightly faster binaries in most cases. You can override by supplying CC and CXX variables on the make command line.
- **Windows**
- Windows 7 or newer is supported. This *may* work on Vista but isn't officially supported there. It will not work on Windows XP.
- Windows 8 or newer is supported.
- Windows 7 is supported by versions `<=1.6.6`.
- Windows Vista *may* work but isn't officially supported there.
- Windows XP is will not work.
- We build with Visual Studio 2017. Older versions may not work. Clang or MinGW will also probably work but may require some makefile hacking.
- **FreeBSD**
- GNU make is required. Type `gmake` to build.

10
ci/Dockerfile.deb Normal file
View File

@ -0,0 +1,10 @@
ARG PLATFORM
FROM registry.sean.farm/${PLATFORM}-builder as stage
WORKDIR /work/build
COPY . .
RUN make debian
RUN ls -ls /work
FROM scratch AS export
ARG PLATFORM
COPY --from=stage /work/*.deb ./${PLATFORM}/

36
ci/Dockerfile.el6 Normal file
View File

@ -0,0 +1,36 @@
ARG DOCKER_ARCH
FROM --platform=linux/${DOCKER_ARCH} alpine:edge AS builder
RUN apk update
RUN apk add curl
RUN apk add bash
RUN apk add file
RUN apk add rust
RUN apk add cargo
RUN apk add make
RUN apk add cmake
RUN apk add clang
RUN apk add openssl-dev
RUN apk add linux-headers
RUN apk add build-base
RUN apk add openssl-libs-static
COPY . .
RUN ZT_STATIC=1 make one
RUN ls -la
ARG DOCKER_ARCH
FROM --platform=linux/${DOCKER_ARCH} centos:6 AS stage
WORKDIR /root/rpmbuild/BUILD
COPY . .
COPY --from=builder zerotier-one ./
RUN curl https://gist.githubusercontent.com/someara/b363002ba6e57b3c474dd027d4daef85/raw/4ac5534139752fc92fbe1a53599a390214f69615/el6%2520vault --output /etc/yum.repos.d/CentOS-Base.repo
RUN uname -a
RUN yum -y install make gcc rpm-build
RUN pwd
RUN ls -la
RUN make redhat
FROM scratch AS export
ARG PLATFORM
COPY --from=stage /root/rpmbuild/RPMS/*/*.rpm ./${PLATFORM}/

9
ci/Dockerfile.rpm Normal file
View File

@ -0,0 +1,9 @@
ARG PLATFORM
FROM registry.sean.farm/${PLATFORM}-builder as stage
WORKDIR /root/rpmbuild/BUILD
COPY . .
RUN make redhat
FROM scratch AS export
ARG PLATFORM
COPY --from=stage /root/rpmbuild/RPMS/*/*.rpm ./${PLATFORM}/

7
ci/Dockerfile.sid
View File

@ -1,7 +0,0 @@
FROM registry.sean.farm/sid-builder as stage
COPY . .
RUN /usr/bin/make -j 8
FROM scratch AS export
COPY --from=stage /zerotier-one .
COPY --from=stage /zerotier-cli .

121
ci/scripts/build.sh
View File

@ -2,28 +2,115 @@
set -euo pipefail
IFS=$'\n\t'
export GOOS=$1
export GOARCH=$2
export PLATFORM=$1
export ZT_ISA=$2
export VERSION=$3
export DOCKER_BUILDKIT=1
export EVENT=$4
echo "nproc: $(nproc)"
case $GOARCH in
armv5)
export ARCH=arm/v5
;;
armv7)
export ARCH=arm/v7
;;
arm64)
export ARCH=arm64/v8
case $PLATFORM in
el*|fc*|amzn*)
export PKGFMT=rpm
;;
*)
export ARCH=$GOARCH
export PKGFMT=deb
esac
# OSX
# x86_64-apple-darwin
# aarch64-apple-darwin
# Windows
# x86_64-pc-windows-msvc
# i686-pc-windows-msvc
# aarch64-pc-windows-msvc
# Linux
# i686-unknown-linux-gnu
# x86_64-unknown-linux-gnu
# arm-unknown-linux-gnueabi ?
# arm-unknown-linux-gnueabihf ?
# armv7-unknown-linux-gnueabihf
#
case $ZT_ISA in
386)
export DOCKER_ARCH=386
export RUST_TRIPLET=i686-unknown-linux-gnu
;;
amd64)
export DOCKER_ARCH=amd64
export RUST_TRIPLET=x86_64-unknown-linux-gnu
;;
armv6)
export DOCKER_ARCH=arm/v6
export RUST_TRIPLET=arm-unknown-linux-gnueabi
;;
armv7)
export DOCKER_ARCH=arm/v7
export RUST_TRIPLET=arm-unknown-linux-gnueabihf
;;
arm64)
export DOCKER_ARCH=arm64/v8
export RUST_TRIPLET=aarch64-unknown-linux-gnu
;;
riscv64)
export DOCKER_ARCH=riscv64
export RUST_TRIPLET=riscv64gc-unknown-linux-gnu
;;
ppc64le)
export DOCKER_ARCH=ppc64le
export RUST_TRIPLET=powerpc64le-unknown-linux-gnu
;;
mips64le)
export DOCKER_ARCH=mips64le
export RUST_TRIPLET=mips64el-unknown-linux-gnuabi64
;;
s390x)
export DOCKER_ARCH=s390x
export RUST_TRIPLET=s390x-unknown-linux-gnu
;;
*)
echo "ERROR: could not determine architecture settings. PLEASE FIX ME"
exit 1
;;
esac
if [ -f "ci/Dockerfile.${PLATFORM}" ]; then
export DOCKERFILE="ci/Dockerfile.${PLATFORM}"
else
export DOCKERFILE="ci/Dockerfile.${PKGFMT}"
fi
echo "#~~~~~~~~~~~~~~~~~~~~"
echo "$0 variables:"
echo "nproc: $(nproc)"
echo "ZT_ISA: ${ZT_ISA}"
echo "DOCKER_ARCH: ${DOCKER_ARCH}"
echo "RUST_TRIPLET: ${RUST_TRIPLET}"
echo "VERSION: ${VERSION}"
echo "EVENT: ${EVENT}"
echo "PKGFMT: ${PKGFMT}"
echo "PWD: ${PWD}"
echo "DOCKERFILE: ${DOCKERFILE}"
echo "#~~~~~~~~~~~~~~~~~~~~"
if [ ${EVENT} == "push" ]; then
make munge_rpm zerotier-one.spec VERSION=${VERSION}
make munge_deb debian/changelog VERSION=${VERSION}
fi
export DOCKER_BUILDKIT=1
docker run --privileged --rm tonistiigi/binfmt --install all
docker pull registry.sean.farm/sid-builder
docker buildx build --platform ${GOOS}/${ARCH} -f ci/Dockerfile.sid --target export -t test . --output out/${GOOS}/${GOARCH}
# docker pull --platform linux/${DOCKER_ARCH} registry.sean.farm/${PLATFORM}-builder
docker buildx build \
--build-arg PLATFORM="${PLATFORM}" \
--build-arg RUST_TRIPLET="${RUST_TRIPLET}" \
--build-arg DOCKER_ARCH="${DOCKER_ARCH}" \
--platform linux/${DOCKER_ARCH} \
-f ${DOCKERFILE} \
-t build \
. \
--output type=local,dest=. \
--target export

37
ci/scripts/munge_debian_changelog.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
export FILE=$1
export VERSION=$2
export NAME=$3
export MESSAGE=$4
export DATE=$(date "+%a, %d %b %Y %T %z")
# export DATE=$(date "+%a %b %d %Y")
set +e
grep --version | grep BSD &> /dev/null
if [ $? == 0 ]; then BSDGREP=true ; else BSDGREP=false ; fi
set -e
# echo "#~~~~~~~~~~~~~~~~~~~~"
# echo "$0 variables:"
# echo "VERSION: ${VERSION}"
# echo "NAME: ${NAME}"
# echo "MESSAGE: ${MESSAGE}"
# echo "DATE: ${DATE}"
# echo "BSDGREP: ${BSDGREP}"
# echo "#~~~~~~~~~~~~~~~~~~~~"
# echo
if $BSDGREP ; then
sed -i '' s/^Version:.*/"Version: ${VERSION}"/ ${FILE}
else
sed -i s/^Version:.*/"Version: ${VERSION}"/ ${FILE}
fi
awk -v version=${VERSION} -v date=${DATE} -v name=${NAME} -v message=${MESSAGE} \
'BEGIN{print "zerotier-one (" version ") unstable; urgency=medium\n\n * " message "\n\n -- " name " " date "\n" }{ print }' \
${FILE} > ${FILE}.new
mv ${FILE}.new ${FILE}

36
ci/scripts/munge_rpm_spec.sh Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
export FILE=$1
export VERSION=$2
export NAME=$3
export MESSAGE=$4
export DATE=$(date "+%a %b %d %Y")
set +e
grep --version | grep BSD &> /dev/null
if [ $? == 0 ]; then BSDGREP=true ; else BSDGREP=false ; fi
set -e
# echo "#~~~~~~~~~~~~~~~~~~~~"
# echo "$0 variables:"
# echo "VERSION: ${VERSION}"
# echo "NAME: ${NAME}"
# echo "MESSAGE: ${MESSAGE}"
# echo "DATE: ${DATE}"
# echo "BSDGREP: ${BSDGREP}"
# echo "#~~~~~~~~~~~~~~~~~~~~"
# echo
if $BSDGREP ; then
sed -i '' s/^Version:.*/"Version: ${VERSION}"/ ${FILE}
else
sed -i s/^Version:.*/"Version: ${VERSION}"/ ${FILE}
fi
awk -v version=${VERSION} -v date=${DATE} -v name=${NAME} -v message=${MESSAGE} \
'FNR==NR{ if (/%changelog/) p=NR; next} 1; FNR==p{ print "* " date " " name " - " version "\n- " message "\n" }' \
${FILE} ${FILE} > ${FILE}.new
mv ${FILE}.new ${FILE}

2
controller/DB.hpp
View File

@ -33,7 +33,7 @@
#include <set>
#include <map>
#include "../ext/json/json.hpp"
#include <nlohmann/json.hpp>
#define ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE 25000

2
controller/EmbeddedNetworkController.hpp
View File

@ -35,7 +35,7 @@
#include "../osdep/Thread.hpp"
#include "../osdep/BlockingQueue.hpp"
#include "../ext/json/json.hpp"
#include <nlohmann/json.hpp>
#include "DB.hpp"
#include "DBMirrorSet.hpp"

21
ext/inja/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018-2021 Berscheid
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

391
ext/inja/README.md Normal file
View File

@ -0,0 +1,391 @@
[<div align="center"><img width="500" src="https://raw.githubusercontent.com/pantor/inja/master/doc/logo.svg?sanitize=true"></div>](https://github.com/pantor/inja/releases)
<p align="center">
<a href="https://github.com/pantor/inja/actions">
<img src="https://github.com/pantor/inja/workflows/CI/badge.svg" alt="CI Status">
</a>
<a href="https://github.com/pantor/inja/actions">
<img src="https://github.com/pantor/inja/workflows/Documentation/badge.svg" alt="Documentation Status">
</a>
<a href="https://www.codacy.com/manual/pantor/inja?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pantor/inja&amp;utm_campaign=Badge_Grade">
<img src="https://app.codacy.com/project/badge/Grade/211718f7a36541819d1244c0e2ee6f08"/>
</a>
<a href="https://github.com/pantor/inja/releases">
<img src="https://img.shields.io/github/release/pantor/inja.svg" alt="Github Releases">
</a>
<a href="http://github.com/pantor/inja/issues">
<img src="https://img.shields.io/github/issues/pantor/inja.svg" alt="Github Issues">
</a>
<a href="https://raw.githubusercontent.com/pantor/inja/master/LICENSE">
<img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="GitHub License">
</a>
</p>
Inja is a template engine for modern C++, loosely inspired by [jinja](http://jinja.pocoo.org) for python. It has an easy and yet powerful template syntax with all variables, loops, conditions, includes, callbacks, and comments you need, nested and combined as you like. Inja uses the wonderful [json](https://github.com/nlohmann/json) library by nlohmann for data input. Most importantly, inja needs only two header files, which is (nearly) as trivial as integration in C++ can get. Of course, everything is tested on all relevant compilers. Here is what it looks like:
```.cpp
json data;
data["name"] = "world";
inja::render("Hello {{ name }}!", data); // Returns "Hello world!"
```
## Integration
Inja is a headers only library, which can be downloaded from the [releases](https://github.com/pantor/inja/releases) or directly from the `include/` or `single_include/` folder. Inja uses `nlohmann/json.hpp` (>= v3.8.0) as its single dependency, so make sure it can be included from `inja.hpp`. json can be downloaded [here](https://github.com/nlohmann/json/releases). Then integration is as easy as:
```.cpp
#include <inja.hpp>
// Just for convenience
using namespace inja;
```
If you are using the [Meson Build System](http://mesonbuild.com), then you can wrap this repository as a subproject.
If you are using [Conan](https://conan.io) to manage your dependencies, have a look at [this repository](https://github.com/DEGoodmanWilson/conan-inja). Please file issues [here](https://github.com/DEGoodmanWilson/conan-inja/issues) if you experience problems with the packages.
You can also integrate inja in your project using [Hunter](https://github.com/cpp-pm/hunter), a package manager for C++.
If you are using [vcpkg](https://github.com/Microsoft/vcpkg) on your project for external dependencies, then you can use the [inja package](https://github.com/Microsoft/vcpkg/tree/master/ports/inja). Please see the vcpkg project for any issues regarding the packaging.
If you are using [cget](https://cget.readthedocs.io/en/latest/), you can install the latest development version with `cget install pantor/inja`. A specific version can be installed with `cget install pantor/inja@v2.1.0`.
On macOS, you can install inja via [Homebrew](https://formulae.brew.sh/formula/inja#default) and `brew install inja`.
If you are using [conda](https://docs.conda.io/en/latest/), you can install the latest version from [conda-forge](https://anaconda.org/conda-forge/inja) with `conda install -c conda-forge inja`.
## Tutorial
This tutorial will give you an idea how to use inja. It will explain the most important concepts and give practical advices using examples and executable code. Beside this tutorial, you may check out the [documentation](https://pantor.github.io/inja).
### Template Rendering
The basic template rendering takes a template as a `std::string` and a `json` object for all data. It returns the rendered template as an `std::string`.
```.cpp
json data;
data["name"] = "world";
render("Hello {{ name }}!", data); // Returns std::string "Hello world!"
render_to(std::cout, "Hello {{ name }}!", data); // Writes "Hello world!" to stream
```
For more advanced usage, an environment is recommended.
```.cpp
Environment env;
// Render a string with json data
std::string result = env.render("Hello {{ name }}!", data); // "Hello world!"
// Or directly read a template file
Template temp = env.parse_template("./templates/greeting.txt");
std::string result = env.render(temp, data); // "Hello world!"
data["name"] = "Inja";
std::string result = env.render(temp, data); // "Hello Inja!"
// Or read the template file (and/or the json file) directly from the environment
result = env.render_file("./templates/greeting.txt", data);
result = env.render_file_with_json_file("./templates/greeting.txt", "./data.json");
// Or write a rendered template file
env.write(temp, data, "./result.txt");
env.write_with_json_file("./templates/greeting.txt", "./data.json", "./result.txt");
```
The environment class can be configured to your needs.
```.cpp
// With default settings
Environment env_default;
// With global path to template files and where files will be saved
Environment env_1 {"../path/templates/"};
// With separate input and output path
Environment env_2 {"../path/templates/", "../path/results/"};
// With other opening and closing strings (here the defaults)
env.set_expression("{{", "}}"); // Expressions
env.set_comment("{#", "#}"); // Comments
env.set_statement("{%", "%}"); // Statements {% %} for many things, see below
env.set_line_statement("##"); // Line statements ## (just an opener)
```
### Variables
Variables are rendered within the `{{ ... }}` expressions.
```.cpp
json data;
data["neighbour"] = "Peter";
data["guests"] = {"Jeff", "Tom", "Patrick"};
data["time"]["start"] = 16;
data["time"]["end"] = 22;
// Indexing in array
render("{{ guests.1 }}", data); // "Tom"
// Objects
render("{{ time.start }} to {{ time.end + 1 }}pm", data); // "16 to 23pm"
```
If no variable is found, valid JSON is printed directly, otherwise an `inja::RenderError` is thrown.
### Statements
Statements can be written either with the `{% ... %}` syntax or the `##` syntax for entire lines. Note that `##` needs to start the line without indentation. The most important statements are loops, conditions and file includes. All statements can be nested.
#### Loops
```.cpp
// Combining loops and line statements
render(R"(Guest List:
## for guest in guests
{{ loop.index1 }}: {{ guest }}
## endfor )", data)
/* Guest List:
1: Jeff
2: Tom
3: Patrick */
```
In a loop, the special variables `loop.index (number)`, `loop.index1 (number)`, `loop.is_first (boolean)` and `loop.is_last (boolean)` are defined. In nested loops, the parent loop variables are available e.g. via `loop.parent.index`. You can also iterate over objects like `{% for key, value in time %}`.
#### Conditions
Conditions support the typical if, else if and else statements. Following conditions are for example possible:
```.cpp
// Standard comparisons with a variable
render("{% if time.hour >= 20 %}Serve{% else if time.hour >= 18 %}Make{% endif %} dinner.", data); // Serve dinner.
// Variable in list
render("{% if neighbour in guests %}Turn up the music!{% endif %}", data); // Turn up the music!
// Logical operations
render("{% if guest_count < (3+2) and all_tired %}Sleepy...{% else %}Keep going...{% endif %}", data); // Sleepy...
// Negations
render("{% if not guest_count %}The End{% endif %}", data); // The End
```
#### Includes
You can either include other in-memory templates or from the file system.
```.cpp
// To include in-memory templates, add them to the environment first
inja::Template content_template = env.parse("Hello {{ neighbour }}!");
env.include_template("content", content_template);
env.render("Content: {% include \"content\" %}", data); // "Content: Hello Peter!"
// Other template files are included relative from the current file location
render("{% include \"footer.html\" %}", data);
```
If a corresponding template could not be found in the file system, the *include callback* is called:
```.cpp
// The callback takes the current path and the wanted include name and returns a template
env.set_include_callback([&env](const std::string& path, const std::string& template_name) {
return env.parse("Hello {{ neighbour }} from " + template_name);
});
// You can disable to search for templates in the file system via
env.set_search_included_templates_in_files(false);
```
Inja will throw an `inja::RenderError` if an included file is not found and no callback is specified. To disable this error, you can call `env.set_throw_at_missing_includes(false)`.
#### Assignments
Variables can also be defined within the template using the set statment.
```.cpp
render("{% set new_hour=23 %}{{ new_hour }}pm", data); // "23pm"
render("{% set time.start=18 %}{{ time.start }}pm", data); // using json pointers
```
Assignments only set the value within the rendering context; they do not modify the json object passed into the `render` call.
### Functions
A few functions are implemented within the inja template syntax. They can be called with
```.cpp
// Upper and lower function, for string cases
render("Hello {{ upper(neighbour) }}!", data); // "Hello PETER!"
render("Hello {{ lower(neighbour) }}!", data); // "Hello peter!"
// Range function, useful for loops
render("{% for i in range(4) %}{{ loop.index1 }}{% endfor %}", data); // "1234"
render("{% for i in range(3) %}{{ at(guests, i) }} {% endfor %}", data); // "Jeff Tom Patrick "
// Length function (please don't combine with range, use list directly...)
render("I count {{ length(guests) }} guests.", data); // "I count 3 guests."
// Get first and last element in a list
render("{{ first(guests) }} was first.", data); // "Jeff was first."
render("{{ last(guests) }} was last.", data); // "Patir was last."
// Sort a list
render("{{ sort([3,2,1]) }}", data); // "[1,2,3]"
render("{{ sort(guests) }}", data); // "[\"Jeff\", \"Patrick\", \"Tom\"]"
// Join a list with a separator
render("{{ join([1,2,3], \" + \") }}", data); // "1 + 2 + 3"
render("{{ join(guests, \", \") }}", data); // "Jeff, Patrick, Tom"
// Round numbers to a given precision
render("{{ round(3.1415, 0) }}", data); // 3
render("{{ round(3.1415, 3) }}", data); // 3.142
// Check if a value is odd, even or divisible by a number
render("{{ odd(42) }}", data); // false
render("{{ even(42) }}", data); // true
render("{{ divisibleBy(42, 7) }}", data); // true
// Maximum and minimum values from a list
render("{{ max([1, 2, 3]) }}", data); // 3
render("{{ min([-2.4, -1.2, 4.5]) }}", data); // -2.4
// Convert strings to numbers
render("{{ int(\"2\") == 2 }}", data); // true
render("{{ float(\"1.8\") > 2 }}", data); // false
// Set default values if variables are not defined
render("Hello {{ default(neighbour, \"my friend\") }}!", data); // "Hello Peter!"
render("Hello {{ default(colleague, \"my friend\") }}!", data); // "Hello my friend!"
// Access an objects value dynamically
render("{{ at(time, \"start\") }} to {{ time.end }}", data); // "16 to 22"
// Check if a key exists in an object
render("{{ exists(\"guests\") }}", data); // "true"
render("{{ exists(\"city\") }}", data); // "false"
render("{{ existsIn(time, \"start\") }}", data); // "true"
render("{{ existsIn(time, neighbour) }}", data); // "false"
// Check if a key is a specific type
render("{{ isString(neighbour) }}", data); // "true"
render("{{ isArray(guests) }}", data); // "true"
// Implemented type checks: isArray, isBoolean, isFloat, isInteger, isNumber, isObject, isString,
```
### Callbacks
You can create your own and more complex functions with callbacks. These are implemented with `std::function`, so you can for example use C++ lambdas. Inja `Arguments` are a vector of json pointers.
```.cpp
Environment env;
/*
* Callbacks are defined by its:
* - name,
* - (optional) number of arguments,
* - callback function.
*/
env.add_callback("double", 1, [](Arguments& args) {
int number = args.at(0)->get<int>(); // Adapt the index and type of the argument
return 2 * number;
});
// You can then use a callback like a regular function
env.render("{{ double(16) }}", data); // "32"
// Inja falls back to variadic callbacks if the number of expected arguments is omitted.
env.add_callback("argmax", [](Arguments& args) {
auto result = std::max_element(args.begin(), args.end(), [](const json* a, const json* b) { return *a < *b;});
return std::distance(args.begin(), result);
});
env.render("{{ argmax(4, 2, 6) }}", data); // "2"
env.render("{{ argmax(0, 2, 6, 8, 3) }}", data); // "3"
// A callback without argument can be used like a dynamic variable:
std::string greet = "Hello";
env.add_callback("double-greetings", 0, [greet](Arguments args) {
return greet + " " + greet + "!";
});
env.render("{{ double-greetings }}", data); // "Hello Hello!"
```
You can also add a void callback without return variable, e.g. for debugging:
```.cpp
env.add_void_callback("log", 1, [greet](Arguments args) {
std::cout << "logging: " << args[0] << std::endl;
});
env.render("{{ log(neighbour) }}", data); // Prints nothing to result, only to cout...
```
### Template Inheritance
Template inheritance allows you to build a base *skeleton* template that contains all the common elements and defines blocks that child templates can override. Lets show an example: The base template
```.html
<!DOCTYPE html>
<html>
<head>
{% block head %}
<link rel="stylesheet" href="style.css" />
<title>{% block title %}{% endblock %} - My Webpage</title>
{% endblock %}
</head>
<body>
<div id="content">{% block content %}{% endblock %}</div>
</body>
</html>
```
contains three `blocks` that child templates can fill in. The child template
```.html
{% extends "base.html" %}
{% block title %}Index{% endblock %}
{% block head %}
{{ super() }}
<style type="text/css">
.important { color: #336699; }
</style>
{% endblock %}
{% block content %}
<h1>Index</h1>
<p class="important">
Welcome to my blog!
</p>
{% endblock %}
```
calls a parent template with the `extends` keyword; it should be the first element in the template. It is possible to render the contents of the parent block by calling `super()`. In the case of multiple levels of `{% extends %}`, super references may be called with an argument (e.g. `super(2)`) to skip levels in the inheritance tree.
### Whitespace Control
In the default configuration, no whitespace is removed while rendering the file. To support a more readable template style, you can configure the environment to control whitespaces before and after a statement automatically. While enabling `set_trim_blocks` removes the first newline after a statement, `set_lstrip_blocks` strips tabs and spaces from the beginning of a line to the start of a block.
```.cpp
Environment env;
env.set_trim_blocks(true);
env.set_lstrip_blocks(true);
```
With both `trim_blocks` and `lstrip_blocks` enabled, you can put statements on their own lines. Furthermore, you can also strip whitespaces for both statements and expressions by hand. If you add a minus sign (`-`) to the start or end, the whitespaces before or after that block will be removed:
```.cpp
render("Hello {{- name -}} !", data); // "Hello Inja!"
render("{% if neighbour in guests -%} I was there{% endif -%} !", data); // Renders without any whitespaces
```
Stripping behind a statement or expression also removes any newlines.
### Comments
Comments can be written with the `{# ... #}` syntax.
```.cpp
render("Hello{# Todo #}!", data); // "Hello!"
```
### Exceptions
Inja uses exceptions to handle ill-formed template input. However, exceptions can be switched off with either using the compiler flag `-fno-exceptions` or by defining the symbol `INJA_NOEXCEPTION`. In this case, exceptions are replaced by `abort()` calls.
## Supported compilers
Inja uses the `string_view` feature of the C++17 STL. Currently, the following compilers are tested:
- GCC 7 - 11 (and possibly later)
- Clang 5 - 12 (and possibly later)
- Microsoft Visual C++ 2017 15.0 - 2022 (and possibly later)
A list of supported compiler / os versions can be found in the [CI definition](https://github.com/pantor/inja/blob/master/.github/workflows/ci.yml).

2949
ext/inja/inja.hpp Normal file
View File

File diff suppressed because it is too large Load Diff

0
ext/json/LICENSE.MIT → ext/nlohmann/LICENSE.MIT
View File

0
ext/json/README.md → ext/nlohmann/README.md
View File

0
ext/json/json.hpp → ext/nlohmann/json.hpp
View File

4
make-bsd.mk
View File

@ -1,6 +1,6 @@
# This requires GNU make, which is typically "gmake" on BSD systems
INCLUDES=
INCLUDES=-isystem ext
DEFS=
LIBS=
@ -152,7 +152,7 @@ endif
override DEFS+=-DZT_BUILD_PLATFORM=$(ZT_BUILD_PLATFORM) -DZT_BUILD_ARCHITECTURE=$(ZT_ARCHITECTURE) -DZT_SOFTWARE_UPDATE_DEFAULT="\"disable\""
CXXFLAGS+=$(CFLAGS) -std=c++11 #-D_GLIBCXX_USE_C99 -D_GLIBCXX_USE_C99_MATH -D_GLIBCXX_USE_C99_MATH_TR1
CXXFLAGS+=$(CFLAGS) -std=c++17 #-D_GLIBCXX_USE_C99 -D_GLIBCXX_USE_C99_MATH -D_GLIBCXX_USE_C99_MATH_TR1
all: one

52
make-linux.mk
View File

@ -9,7 +9,7 @@ ifeq ($(origin CXX),default)
CXX:=$(shell if [ -e /opt/rh/devtoolset-8/root/usr/bin/g++ ]; then echo /opt/rh/devtoolset-8/root/usr/bin/g++; else echo $(CXX); fi)
endif
INCLUDES?=-Izeroidc/target
INCLUDES?=-Izeroidc/target -isystem ext
DEFS?=
LDLIBS?=
DESTDIR?=
@ -31,7 +31,7 @@ ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1)
override DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
LDLIBS+=-lminiupnpc
else
override DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING=\"Linux\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
override DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING="\"Linux\"" -DMINIUPNPC_VERSION_STRING="\"2.0\"" -DUPNP_VERSION_STRING="\"UPnP/1.1\"" -DENABLE_STRNATPMPERR
ONE_OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o
endif
ifeq ($(wildcard /usr/include/natpmp.h),)
@ -59,17 +59,17 @@ ifeq ($(ZT_SANITIZE),1)
endif
ifeq ($(ZT_DEBUG),1)
override CFLAGS+=-Wall -Wno-deprecated -g -O -pthread $(INCLUDES) $(DEFS)
override CXXFLAGS+=-Wall -Wno-deprecated -g -O -std=c++11 -pthread $(INCLUDES) $(DEFS)
override CXXFLAGS+=-Wall -Wno-deprecated -g -O -std=c++17 -pthread $(INCLUDES) $(DEFS)
ZT_TRACE=1
RUSTFLAGS=
# The following line enables optimization for the crypto code, since
# C25519 in particular is almost UNUSABLE in -O0 even on a 3ghz box!
node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CXXFLAGS=-Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
else
CFLAGS?=-O3 -fstack-protector -fPIE
CFLAGS?=-O3 -fstack-protector
override CFLAGS+=-Wall -Wno-deprecated -pthread $(INCLUDES) -DNDEBUG $(DEFS)
CXXFLAGS?=-O3 -fstack-protector -fPIE
override CXXFLAGS+=-Wall -Wno-deprecated -std=c++11 -pthread $(INCLUDES) -DNDEBUG $(DEFS)
CXXFLAGS?=-O3 -fstack-protector
override CXXFLAGS+=-Wall -Wno-deprecated -std=c++17 -pthread $(INCLUDES) -DNDEBUG $(DEFS)
LDFLAGS=-pie -Wl,-z,relro,-z,now
RUSTFLAGS=--release
endif
@ -84,8 +84,6 @@ ifeq ($(ZT_UBIQUITI), 1)
endif
ifeq ($(ZT_SYNOLOGY), 1)
override CFLAGS+=-fPIC
override CXXFLAGS+=-fPIC
override DEFS+=-D__SYNOLOGY__
ZT_EMBEDDED=1
endif
@ -336,12 +334,20 @@ ifeq ($(ZT_USE_ARM32_NEON_ASM_CRYPTO),1)
override CORE_OBJS+=ext/arm32-neon-salsa2012-asm/salsa2012.o
endif
# Position Independence
override CFLAGS+=-fPIC -fPIE
override CXXFLAGS+=-fPIC -fPIE
.PHONY: all
all: one
.PHONY: one
one: zerotier-one zerotier-idtool zerotier-cli
from_builder:
ln -sf zerotier-one zerotier-idtool
ln -sf zerotier-one zerotier-cli
zerotier-one: $(CORE_OBJS) $(ONE_OBJS) one.o
$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(CORE_OBJS) $(ONE_OBJS) one.o $(LDLIBS)
@ -354,7 +360,7 @@ zerotier-cli: zerotier-one
$(ONE_OBJS): zeroidc
libzerotiercore.a: FORCE
make CFLAGS="-O3 -fstack-protector -fPIC" CXXFLAGS="-O3 -std=c++11 -fstack-protector -fPIC" $(CORE_OBJS)
make CFLAGS="-O3 -fstack-protector -fPIC" CXXFLAGS="-O3 -std=c++17 -fstack-protector -fPIC" $(CORE_OBJS)
ar rcs libzerotiercore.a $(CORE_OBJS)
ranlib libzerotiercore.a
@ -452,6 +458,20 @@ uninstall: FORCE
# These are just for convenience for building Linux packages
echo_flags:
@echo "=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~"
@echo "echo_flags :: CC=$(CC)"
@echo "echo_flags :: CXX=$(CXX)"
@echo "echo_flags :: CFLAGS=$(CFLAGS)"
@echo "echo_flags :: CXXFLAGS=$(CXXFLAGS)"
@echo "echo_flags :: LDFLAGS=$(LDFLAGS)"
@echo "echo_flags :: RUSTFLAGS=$(RUSTFLAGS)"
@echo "=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~"
# debian: echo_flags
# @echo "building deb package"
# debuild --no-lintian -b -uc -us
debian: FORCE
debuild --no-lintian -I -i -us -uc -nc -b
@ -491,9 +511,19 @@ snap-upload-stable: FORCE
done
synology-pkg: FORCE
cd synology ; ./build.sh build
cd pkg/synology ; ./build.sh build
synology-docker: FORCE
cd synology/dsm7-docker/; ./build.sh build
cd pkg/synology/dsm7-docker/; ./build.sh build-and-push
munge_rpm:
@:$(call check_defined, VERSION)
@echo "Updating rpm spec to $(VERSION)"
ci/scripts/munge_rpm_spec.sh zerotier-one.spec $(VERSION) "Adam Ierymenko <adam.ierymenko@zerotier.com>" "see https://github.com/zerotier/ZeroTierOne for release notes"
munge_deb:
@:$(call check_defined, VERSION)
@echo "Updating debian/changelog to $(VERSION)"
ci/scripts/munge_debian_changelog.sh debian/changelog $(VERSION) "Adam Ierymenko <adam.ierymenko@zerotier.com>" "see https://github.com/zerotier/ZeroTierOne for release notes"
FORCE:

4
make-mac.mk
View File

@ -2,7 +2,7 @@ CC=clang
CXX=clang++
TOPDIR=$(shell PWD)
INCLUDES=-I$(shell PWD)/zeroidc/target
INCLUDES=-I$(shell PWD)/zeroidc/target -isystem $(TOPDIR)/ext
DEFS=
LIBS=
ARCH_FLAGS=-arch x86_64 -arch arm64
@ -47,7 +47,7 @@ endif
# Use fast ASM Salsa20/12 for x64 processors
DEFS+=-DZT_USE_X64_ASM_SALSA2012
CORE_OBJS+=ext/x64-salsa2012-asm/salsa2012.o
CXXFLAGS=$(CFLAGS) -std=c++11 -stdlib=libc++
CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++
# Build miniupnpc and nat-pmp as included libraries -- extra defs are required for these sources
DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR

2
node/Bond.cpp
View File

@ -236,7 +236,7 @@ void Bond::nominatePathToBond(const SharedPtr<Path>& path, int64_t now)
/**
* Ensure the link is allowed and the path is not already present
*/
if (! RR->bc->linkAllowed(_policyAlias, getLink(path))) {
if (! RR->bc->linkAllowed(_policyAlias, getLinkBySocket(_policyAlias, path->localSocket(), true))) {
debug("link %s is not permitted according to user-specified rules", pathToStr(path).c_str());
return;
}

2
one.cpp
View File

@ -88,7 +88,7 @@
#include "service/OneService.hpp"
#include "ext/json/json.hpp"
#include <nlohmann/json.hpp>
#ifdef __APPLE__
#include <SystemConfiguration/SystemConfiguration.h>

8
osdep/Binder.hpp
View File

@ -40,7 +40,7 @@
#endif
#endif
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__)
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__) && !defined(ZT_SDK)
#include <net/if.h>
#include <netinet6/in6_var.h>
#include <sys/ioctl.h>
@ -311,7 +311,7 @@ class Binder {
if (! gotViaProc) {
struct ifaddrs* ifatbl = (struct ifaddrs*)0;
struct ifaddrs* ifa;
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__)
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__) && !defined(ZT_SDK)
// set up an IPv6 socket so we can check the state of interfaces via SIOCGIFAFLAG_IN6
int infoSock = socket(AF_INET6, SOCK_DGRAM, 0);
#endif
@ -320,7 +320,7 @@ class Binder {
while (ifa) {
if ((ifa->ifa_name) && (ifa->ifa_addr)) {
InetAddress ip = *(ifa->ifa_addr);
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__)
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__) && !defined(ZT_SDK)
// Check if the address is an IPv6 Temporary Address, macOS/BSD version
if (ifa->ifa_addr->sa_family == AF_INET6) {
struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ifa->ifa_addr;
@ -368,7 +368,7 @@ class Binder {
else {
interfacesEnumerated = false;
}
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__)
#if (defined(__unix__) || defined(__APPLE__)) && !defined(__LINUX__) && !defined(ZT_SDK)
close(infoSock);
#endif
}

2
osdep/OSUtils.hpp
View File

@ -43,7 +43,7 @@
#endif
#ifndef OMIT_JSON_SUPPORT
#include "../ext/json/json.hpp"
#include <nlohmann/json.hpp>
#endif
namespace ZeroTier {

9
pkg/synology/dsm7-docker/build.sh
View File

@ -3,16 +3,17 @@
ZTO_VER=$(git describe --abbrev=0 --tags)
ZTO_COMMIT=$(git rev-parse HEAD)
build()
build-and-push()
{
# build
sudo docker build --load --rm -t zerotier-synology . --build-arg ZTO_COMMIT=${ZTO_COMMIT} --build-arg ZTO_VER=${ZTO_VER}
LATEST_DOCKER_IMAGE_HASH=$(sudo docker images -q zerotier-synology)
sudo docker tag ${LATEST_DOCKER_IMAGE_HASH} zerotier/zerotier-synology:${ZTO_VER}
sudo docker tag ${LATEST_DOCKER_IMAGE_HASH} zerotier/zerotier-synology:latest
}
push()
{
# push
sudo docker login --username=${DOCKERHUB_USERNAME}
sudo docker push zerotier/zerotier-synology:${ZTO_VER}
sudo docker push zerotier/zerotier-synology:latest

173
service/OneService.cpp
View File

@ -92,7 +92,8 @@ extern "C" {
}
#endif
#include "../ext/json/json.hpp"
#include <nlohmann/json.hpp>
#include <inja/inja.hpp>
using json = nlohmann::json;
@ -150,43 +151,54 @@ size_t curlResponseWrite(void *ptr, size_t size, size_t nmemb, std::string *data
namespace ZeroTier {
const char *ssoResponseTemplate = "<html>\
<head>\
<style type=\"text/css\">\
html,body {\
background: #eeeeee;\
margin: 0;\
padding: 0;\
font-family: \"Helvetica\";\
font-weight: bold;\
font-size: 12pt;\
height: 100%;\
width: 100%;\
}\
div.icon {\
background: #ffb354;\
color: #000000;\
font-size: 120pt;\
border-radius: 2.5rem;\
display: inline-block;\
width: 1.3em;\
height: 1.3em;\
padding: 0;\
margin: 15;\
line-height: 1.4em;\
vertical-align: middle;\
text-align: center;\
}\
</style>\
</head>\
<body>\
<br><br><br><br><br><br>\
<center>\
<div class=\"icon\">&#x23c1;</div>\
<div class=\"text\">%s</div>\
</center>\
</body>\
</html>";
std::string ssoResponseTemplate = R"""(
<!doctype html>
<html class="no-js" lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>Network SSO Login {{ networkId }}</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type=\"text/css\">
html,body {
background: #eeeeee;
margin: 0;
padding: 0;
font-family: "Helvetica";
font-weight: bold;
font-size: 12pt;
height: 100%;
width: 100%;
}
div.icon {
background: #ffb354;
color: #000000;
font-size: 120pt;
border-radius: 2.5rem;
display: inline-block;
width: 1.3em;
height: 1.3em;
padding: 0;
margin: 15;
line-height: 1.4em;
vertical-align: middle;
text-align: center;
}
.container {
vertical-align: center;
text-align: center;
}
</style>
</head>
<body>
<div class="container">
<div class="icon">&#x23c1;</div>
<div class="text">{{ messageText }}</div>
</div>
</body>
</html>
)""";
// Configured networks
class NetworkState
@ -286,16 +298,9 @@ public:
}
void setConfig(const ZT_VirtualNetworkConfig *nwc) {
char nwbuf[17] = {};
const char* nwid = Utils::hex(nwc->nwid, nwbuf);
// fprintf(stderr, "NetworkState::setConfig(%s)\n", nwid);
memcpy(&_config, nwc, sizeof(ZT_VirtualNetworkConfig));
// fprintf(stderr, "ssoEnabled: %s, ssoVersion: %d\n",
// _config.ssoEnabled ? "true" : "false", _config.ssoVersion);
if (_config.ssoEnabled && _config.ssoVersion == 1) {
// fprintf(stderr, "ssoEnabled for %s\n", nwid);
#if ZT_SSO_ENABLED
if (_idc == nullptr)
{
@ -303,10 +308,6 @@ public:
assert(_config.ssoClientID != nullptr);
assert(_config.centralAuthURL != nullptr);
// fprintf(stderr, "Issuer URL: %s\n", _config.issuerURL);
// fprintf(stderr, "Client ID: %s\n", _config.ssoClientID);
// fprintf(stderr, "Central Auth URL: %s\n", _config.centralAuthURL);
_idc = zeroidc::zeroidc_new(
_config.issuerURL,
_config.ssoClientID,
@ -318,8 +319,6 @@ public:
fprintf(stderr, "idc is null\n");
return;
}
// fprintf(stderr, "idc created (%s, %s, %s)\n", _config.issuerURL, _config.ssoClientID, _config.centralAuthURL);
}
zeroidc::zeroidc_set_nonce_and_csrf(
@ -334,7 +333,6 @@ public:
zeroidc::free_cstr(url);
if (zeroidc::zeroidc_is_running(_idc) && nwc->status == ZT_NETWORK_STATUS_AUTHENTICATION_REQUIRED) {
// TODO: kick the refresh thread
zeroidc::zeroidc_kick_refresh_thread(_idc);
}
#endif
@ -364,13 +362,14 @@ public:
}
char* doTokenExchange(const char *code) {
char *ret = nullptr;
#if ZT_SSO_ENABLED
if (_idc == nullptr) {
fprintf(stderr, "ainfo or idc null\n");
return "";
return ret;
}
char *ret = zeroidc::zeroidc_token_exchange(_idc, code);
ret = zeroidc::zeroidc_token_exchange(_idc, code);
zeroidc::zeroidc_set_nonce_and_csrf(
_idc,
_config.ssoState,
@ -381,11 +380,8 @@ public:
memcpy(_config.authenticationURL, url, strlen(url));
_config.authenticationURL[strlen(url)] = 0;
zeroidc::free_cstr(url);
return ret;
#else
return "";
#endif
return ret;
}
uint64_t getExpiryTime() {
@ -1702,23 +1698,37 @@ public:
}
#if ZT_SSO_ENABLED
} else if (ps[0] == "sso") {
char resBuf[4096] = {0};
const char *error = zeroidc::zeroidc_get_url_param_value("error", path.c_str());
std::string htmlTemplatePath = _homePath + ZT_PATH_SEPARATOR + "sso-auth.template.html";
std::string htmlTemplate;
if (!OSUtils::readFile(htmlTemplatePath.c_str(), htmlTemplate)) {
htmlTemplate = ssoResponseTemplate;
}
responseContentType = "text/html";
json outData;
char *error = zeroidc::zeroidc_get_url_param_value("error", path.c_str());
if (error != nullptr) {
const char *desc = zeroidc::zeroidc_get_url_param_value("error_description", path.c_str());
char *desc = zeroidc::zeroidc_get_url_param_value("error_description", path.c_str());
scode = 500;
char errBuff[256] = {0};
sprintf(errBuff, "ERROR %s: %s", error, desc);
sprintf(resBuf, ssoResponseTemplate, errBuff);
responseBody = std::string(resBuf);
responseContentType = "text/html";
json data;
outData["isError"] = true;
outData["messageText"] = (std::string("ERROR ") + error + std::string(": ") + desc);
responseBody = inja::render(htmlTemplate, outData);
zeroidc::free_cstr(desc);
zeroidc::free_cstr(error);
return scode;
}
// SSO redirect handling
char* state = zeroidc::zeroidc_get_url_param_value("state", path.c_str());
char* nwid = zeroidc::zeroidc_network_id_from_state(state);
outData["networkId"] = std::string(nwid);
const uint64_t id = Utils::hexStrToU64(nwid);
zeroidc::free_cstr(nwid);
@ -1729,14 +1739,30 @@ public:
NetworkState& ns = _nets[id];
char* code = zeroidc::zeroidc_get_url_param_value("code", path.c_str());
char *ret = ns.doTokenExchange(code);
scode = 200;
sprintf(resBuf, ssoResponseTemplate, "Authentication Successful. You may now access the network.");
responseBody = std::string(resBuf);
json ssoResult = json::parse(ret);
if (ssoResult.is_object()) {
if (ssoResult.contains("errorMessage")) {
outData["isError"] = true;
outData["messageText"] = ssoResult["errorMessage"];
responseBody = inja::render(htmlTemplate, outData);
scode = 500;
} else {
scode = 200;
outData["isError"] = false;
outData["messageText"] = "Authentication Successful. You may now access the network.";
responseBody = inja::render(htmlTemplate, outData);
}
} else {
// not an object? We got a problem
outData["isError"] = true;
outData["messageText"] = "ERROR: Unkown SSO response. Please contact your administrator.";
responseBody = inja::render(htmlTemplate, outData);
scode= 500;
}
zeroidc::free_cstr(code);
zeroidc::free_cstr(ret);
responseContentType = "text/html";
return scode;
} else {
scode = 404;
@ -1884,8 +1910,7 @@ public:
scode = _controller->handleControlPlaneHttpPOST(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
else scode = 404;
}
}
else {
} else {
scode = 401; // isAuth == false
}
} else if (httpMethod == HTTP_DELETE) {

2
service/SoftwareUpdater.hpp
View File

@ -27,7 +27,7 @@
#include "../node/Identity.hpp"
#include "../node/Packet.hpp"
#include "../ext/json/json.hpp"
#include <nlohmann/json.hpp>
/**
* VERB_USER_MESSAGE type ID for software update messages

34
windows/ZeroTierOne/ZeroTierOne.vcxproj
View File

@ -410,11 +410,11 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<LanguageStandard_C>stdc11</LanguageStandard_C>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
@ -432,11 +432,11 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<LanguageStandard_C>stdc11</LanguageStandard_C>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
@ -453,12 +453,12 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_RULES_ENGINE_DEBUGGING;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<LanguageStandard_C>stdc11</LanguageStandard_C>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
<GuardEHContMetadata>false</GuardEHContMetadata>
@ -476,7 +476,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_RULES_ENGINE_DEBUGGING;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
@ -499,12 +499,12 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<LanguageStandard_C>stdc11</LanguageStandard_C>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
<GuardEHContMetadata>false</GuardEHContMetadata>
@ -521,12 +521,12 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<LanguageStandard_C>stdc11</LanguageStandard_C>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
<GuardEHContMetadata>false</GuardEHContMetadata>
@ -545,7 +545,7 @@
<FunctionLevelLinking>false</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;STATICLIB;ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<StringPooling>true</StringPooling>
@ -555,7 +555,7 @@
<DisableSpecificWarnings>4996</DisableSpecificWarnings>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<DebugInformationFormat>None</DebugInformationFormat>
<CompileAsManaged>false</CompileAsManaged>
<CompileAsWinRT>false</CompileAsWinRT>
@ -581,7 +581,7 @@
<FunctionLevelLinking>false</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_SSO_ENABLED=1;ZT_EXPORT;FD_SETSIZE=1024;STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
@ -594,7 +594,7 @@
<EnableParallelCodeGeneration>false</EnableParallelCodeGeneration>
<CallingConvention>Cdecl</CallingConvention>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<DebugInformationFormat>None</DebugInformationFormat>
<CompileAsManaged>false</CompileAsManaged>
<CompileAsWinRT>false</CompileAsWinRT>
@ -619,7 +619,7 @@
<FunctionLevelLinking>false</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>$(SolutionDir)\..\ext;$(SolutionDir)\..\zeroidc\target;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
@ -632,7 +632,7 @@
<EnableParallelCodeGeneration>false</EnableParallelCodeGeneration>
<CallingConvention>Cdecl</CallingConvention>
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<LanguageStandard>stdcpp14</LanguageStandard>
<LanguageStandard>stdcpp17</LanguageStandard>
<DebugInformationFormat>None</DebugInformationFormat>
<CompileAsManaged>false</CompileAsManaged>
<CompileAsWinRT>false</CompileAsWinRT>

2
zeroidc/build.rs
View File

@ -34,4 +34,4 @@ fn target_dir() -> PathBuf {
} else {
PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()).join("target")
}
}
}

19
zeroidc/src/error.rs
View File

@ -13,11 +13,24 @@
use thiserror::Error;
#[derive(Error, Debug)]
pub enum ZeroIDCError
{
pub enum ZeroIDCError {
#[error(transparent)]
DiscoveryError(#[from] openidconnect::DiscoveryError<openidconnect::reqwest::Error<reqwest::Error>>),
DiscoveryError(
#[from] openidconnect::DiscoveryError<openidconnect::reqwest::Error<reqwest::Error>>,
),
#[error(transparent)]
ParseError(#[from] url::ParseError),
}
#[derive(Error, Debug)]
#[error("SSO Exchange Error: {message:}")]
pub struct SSOExchangeError {
message: String,
}
impl SSOExchangeError {
pub fn new(message: String) -> Self {
SSOExchangeError { message }
}
}

241
zeroidc/src/ext.rs
View File

@ -12,19 +12,17 @@
use std::ffi::{CStr, CString};
use std::os::raw::c_char;
use url::{Url};
use url::Url;
use crate::ZeroIDC;
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_new(
issuer: *const c_char,
@ -56,25 +54,21 @@ pub extern "C" fn zeroidc_new(
auth_endpoint.to_str().unwrap(),
web_listen_port,
) {
Ok(idc) => {
return Box::into_raw(Box::new(idc));
}
Ok(idc) => Box::into_raw(Box::new(idc)),
Err(s) => {
println!("Error creating ZeroIDC instance: {}", s);
return std::ptr::null_mut();
std::ptr::null_mut()
}
}
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_delete(ptr: *mut ZeroIDC) {
if ptr.is_null() {
@ -85,21 +79,19 @@ pub extern "C" fn zeroidc_delete(ptr: *mut ZeroIDC) {
&mut *ptr
};
idc.stop();
unsafe {
Box::from_raw(ptr);
}
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_start(ptr: *mut ZeroIDC) {
let idc = unsafe {
@ -109,15 +101,13 @@ pub extern "C" fn zeroidc_start(ptr: *mut ZeroIDC) {
idc.start();
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_stop(ptr: *mut ZeroIDC) {
let idc = unsafe {
@ -127,15 +117,13 @@ pub extern "C" fn zeroidc_stop(ptr: *mut ZeroIDC) {
idc.stop();
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool {
let idc = unsafe {
@ -156,20 +144,19 @@ pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
id.get_exp_time()
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_set_nonce_and_csrf(
ptr: *mut ZeroIDC,
csrf_token: *const c_char,
nonce: *const c_char) {
nonce: *const c_char,
) {
let idc = unsafe {
assert!(!ptr.is_null());
&mut *ptr
@ -193,19 +180,17 @@ pub extern "C" fn zeroidc_set_nonce_and_csrf(
.to_str()
.unwrap()
.to_string();
idc.set_nonce_and_csrf(csrf_token, nonce);
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn free_cstr(s: *mut c_char) {
if s.is_null() {
@ -218,40 +203,34 @@ pub extern "C" fn free_cstr(s: *mut c_char) {
}
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_get_auth_url(ptr: *mut ZeroIDC) -> *mut c_char {
if ptr.is_null() {
println!("passed a null object");
return std::ptr::null_mut();
}
let idc = unsafe {
&mut *ptr
};
let idc = unsafe { &mut *ptr };
let s = CString::new(idc.auth_url()).unwrap();
return s.into_raw();
s.into_raw()
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char ) -> *mut c_char {
pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char) -> *mut c_char {
if idc.is_null() {
println!("idc is null");
return std::ptr::null_mut();
@ -261,19 +240,37 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char
println!("code is null");
return std::ptr::null_mut();
}
let idc = unsafe {
&mut *idc
};
let idc = unsafe { &mut *idc };
let code = unsafe{CStr::from_ptr(code)}.to_str().unwrap();
let code = unsafe { CStr::from_ptr(code) }.to_str().unwrap();
let ret = idc.do_token_exchange( code);
let ret = CString::new(ret).unwrap();
return ret.into_raw();
let ret = idc.do_token_exchange(code);
match ret {
Ok(ret) => {
#[cfg(debug_assertions)]
{
println!("do_token_exchange ret: {}", ret);
}
let ret = CString::new(ret).unwrap();
ret.into_raw()
}
Err(e) => {
#[cfg(debug_assertions)]
{
println!("do_token_exchange err: {}", e);
}
let errstr = format!("{{\"errorMessage\": \"{}\"}}", e);
let ret = CString::new(errstr).unwrap();
ret.into_raw()
}
}
}
#[no_mangle]
pub extern "C" fn zeroidc_get_url_param_value(param: *const c_char, path: *const c_char) -> *mut c_char {
pub extern "C" fn zeroidc_get_url_param_value(
param: *const c_char,
path: *const c_char,
) -> *mut c_char {
if param.is_null() {
println!("param is null");
return std::ptr::null_mut();
@ -282,21 +279,21 @@ pub extern "C" fn zeroidc_get_url_param_value(param: *const c_char, path: *const
println!("path is null");
return std::ptr::null_mut();
}
let param = unsafe {CStr::from_ptr(param)}.to_str().unwrap();
let path = unsafe {CStr::from_ptr(path)}.to_str().unwrap();
let param = unsafe { CStr::from_ptr(param) }.to_str().unwrap();
let path = unsafe { CStr::from_ptr(path) }.to_str().unwrap();
let url = "http://localhost:9993".to_string() + path;
let url = Url::parse(&url).unwrap();
let pairs = url.query_pairs();
let pairs = url.query_pairs();
for p in pairs {
if p.0 == param {
let s = CString::new(p.1.into_owned()).unwrap();
return s.into_raw()
return s.into_raw();
}
}
return std::ptr::null_mut();
std::ptr::null_mut()
}
#[no_mangle]
@ -306,36 +303,32 @@ pub extern "C" fn zeroidc_network_id_from_state(state: *const c_char) -> *mut c_
return std::ptr::null_mut();
}
let state = unsafe{CStr::from_ptr(state)}.to_str().unwrap();
let state = unsafe { CStr::from_ptr(state) }.to_str().unwrap();
let split = state.split("_");
let split = state.split('_');
let split = split.collect::<Vec<&str>>();
if split.len() != 2 {
return std::ptr::null_mut();
}
let s = CString::new(split[1]).unwrap();
return s.into_raw();
s.into_raw()
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
#[no_mangle]
pub extern "C" fn zeroidc_kick_refresh_thread(idc: *mut ZeroIDC) {
if idc.is_null() {
println!("idc is null");
return;
}
let idc = unsafe {
&mut *idc
};
let idc = unsafe { &mut *idc };
idc.kick_refresh_thread();
}
}

510
zeroidc/src/lib.rs
View File

@ -19,45 +19,44 @@ extern crate openidconnect;
extern crate time;
extern crate url;
use crate::error::ZeroIDCError;
use crate::error::*;
use bytes::Bytes;
use jwt::{Token};
use jwt::Token;
use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
use openidconnect::reqwest::http_client;
use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
use openidconnect::{
AccessToken, AccessTokenHash, AuthenticationFlow, AuthorizationCode, ClientId, CsrfToken,
IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
RefreshToken, Scope, TokenResponse,
};
use std::error::Error;
use std::str::from_utf8;
use std::sync::{Arc, Mutex};
use std::thread::{sleep, spawn, JoinHandle};
use std::time::{SystemTime, UNIX_EPOCH, Duration};
use time::{OffsetDateTime, format_description};
use std::time::{Duration, SystemTime, UNIX_EPOCH};
use time::{format_description, OffsetDateTime};
use url::Url;
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
pub struct ZeroIDC {
inner: Arc<Mutex<Inner>>,
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
struct Inner {
running: bool,
auth_endpoint: String,
@ -82,40 +81,35 @@ impl Inner {
}
fn csrf_func(csrf_token: String) -> Box<dyn Fn() -> CsrfToken> {
return Box::new(move || CsrfToken::new(csrf_token.to_string()));
Box::new(move || CsrfToken::new(csrf_token.to_string()))
}
fn nonce_func(nonce: String) -> Box<dyn Fn() -> Nonce> {
return Box::new(move || Nonce::new(nonce.to_string()));
Box::new(move || Nonce::new(nonce.to_string()))
}
#[cfg(debug_assertions)]
fn systemtime_strftime<T>(dt: T, format: &str) -> String
where T: Into<OffsetDateTime>
where
T: Into<OffsetDateTime>,
{
let f = format_description::parse(format);
match f {
Ok(f) => {
match dt.into().format(&f) {
Ok(s) => s,
Err(_e) => "".to_string(),
}
},
Err(_e) => {
"".to_string()
Ok(f) => match dt.into().format(&f) {
Ok(s) => s,
Err(_e) => "".to_string(),
},
Err(_e) => "".to_string(),
}
}
#[cfg(
any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
)
)]
#[cfg(any(
all(target_os = "linux", target_arch = "x86"),
all(target_os = "linux", target_arch = "x86_64"),
all(target_os = "linux", target_arch = "aarch64"),
target_os = "windows",
target_os = "macos",
))]
impl ZeroIDC {
pub fn new(
issuer: &str,
@ -137,12 +131,14 @@ impl ZeroIDC {
url: None,
csrf_token: None,
nonce: None,
pkce_verifier: None,
pkce_verifier: None,
})),
};
println!("issuer: {}, client_id: {}, auth_endopint: {}, local_web_port: {}",
issuer, client_id, auth_ep, local_web_port);
println!(
"issuer: {}, client_id: {}, auth_endopint: {}, local_web_port: {}",
issuer, client_id, auth_ep, local_web_port
);
let iss = IssuerUrl::new(issuer.to_string())?;
let provider_meta = CoreProviderMetadata::discover(&iss, http_client)?;
@ -184,35 +180,53 @@ impl ZeroIDC {
let nonce = (*inner_local.lock().unwrap()).nonce.clone();
while running {
let exp = UNIX_EPOCH + Duration::from_secs((*inner_local.lock().unwrap()).exp_time);
let exp =
UNIX_EPOCH + Duration::from_secs((*inner_local.lock().unwrap()).exp_time);
let now = SystemTime::now();
#[cfg(debug_assertions)] {
println!("refresh token thread tick, now: {}, exp: {}", systemtime_strftime(now, "[year]-[month]-[day] [hour]:[minute]:[second]"), systemtime_strftime(exp, "[year]-[month]-[day] [hour]:[minute]:[second]"));
#[cfg(debug_assertions)]
{
println!(
"refresh token thread tick, now: {}, exp: {}",
systemtime_strftime(
now,
"[year]-[month]-[day] [hour]:[minute]:[second]"
),
systemtime_strftime(
exp,
"[year]-[month]-[day] [hour]:[minute]:[second]"
)
);
}
let refresh_token = (*inner_local.lock().unwrap()).refresh_token.clone();
if let Some(refresh_token) = refresh_token {
if let Some(refresh_token) = refresh_token {
let should_kick = (*inner_local.lock().unwrap()).kick;
if now >= (exp - Duration::from_secs(30)) || should_kick {
if should_kick {
#[cfg(debug_assertions)] {
#[cfg(debug_assertions)]
{
println!("refresh thread kicked");
}
(*inner_local.lock().unwrap()).kick = false;
}
#[cfg(debug_assertions)] {
#[cfg(debug_assertions)]
{
println!("Refresh Token: {}", refresh_token.secret());
}
let token_response = (*inner_local.lock().unwrap()).oidc_client.as_ref().map(|c| {
let res = c.exchange_refresh_token(&refresh_token)
.request(http_client);
res
});
let token_response = (*inner_local.lock().unwrap())
.oidc_client
.as_ref()
.map(|c| {
let res = c
.exchange_refresh_token(&refresh_token)
.request(http_client);
res
});
if let Some(res) = token_response {
match res {
Ok(res) => {
@ -223,78 +237,123 @@ impl ZeroIDC {
None => "".to_string(),
};
let params = [("id_token", id_token.to_string()),("state", "refresh".to_string()),("extra_nonce", n)];
#[cfg(debug_assertions)] {
println!("New ID token: {}", id_token.to_string());
let params = [
("id_token", id_token.to_string()),
("state", "refresh".to_string()),
("extra_nonce", n),
];
#[cfg(debug_assertions)]
{
println!(
"New ID token: {}",
id_token.to_string()
);
}
let client = reqwest::blocking::Client::new();
let r = client.post((*inner_local.lock().unwrap()).auth_endpoint.clone())
let r = client
.post(
(*inner_local.lock().unwrap())
.auth_endpoint
.clone(),
)
.form(&params)
.send();
match r {
Ok(r) => {
if r.status().is_success() {
#[cfg(debug_assertions)] {
println!("hit url: {}", r.url().as_str());
#[cfg(debug_assertions)]
{
println!(
"hit url: {}",
r.url().as_str()
);
println!("status: {}", r.status());
}
let access_token = res.access_token();
let idt = &id_token.to_string();
let t: Result<Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>, jwt::Error> =
Token::parse_unverified(idt);
let t: Result<
Token<
jwt::Header,
jwt::Claims,
jwt::Unverified<'_>,
>,
jwt::Error,
> = Token::parse_unverified(idt);
if let Ok(t) = t {
let claims = t.claims().registered.clone();
let claims =
t.claims().registered.clone();
match claims.expiration {
Some(exp) => {
(*inner_local.lock().unwrap()).exp_time = exp;
},
(*inner_local
.lock()
.unwrap())
.exp_time = exp;
}
None => {
panic!("expiration is None. This shouldn't happen")
}
}
}
}
(*inner_local.lock().unwrap()).access_token = Some(access_token.clone());
(*inner_local.lock().unwrap())
.access_token =
Some(access_token.clone());
if let Some(t) = res.refresh_token() {
// println!("New Refresh Token: {}", t.secret());
(*inner_local.lock().unwrap()).refresh_token = Some(t.clone());
(*inner_local.lock().unwrap())
.refresh_token =
Some(t.clone());
}
#[cfg(debug_assertions)] {
#[cfg(debug_assertions)]
{
println!("Central post succeeded");
}
} else {
println!("Central post failed: {}", r.status().to_string());
println!("hit url: {}", r.url().as_str());
println!(
"Central post failed: {}",
r.status()
);
println!(
"hit url: {}",
r.url().as_str()
);
println!("Status: {}", r.status());
if let Ok(body) = r.bytes() {
if let Ok(body) = std::str::from_utf8(&body) {
if let Ok(body) =
std::str::from_utf8(&body)
{
println!("Body: {}", body);
}
}
(*inner_local.lock().unwrap()).exp_time = 0;
(*inner_local.lock().unwrap()).running = false;
(*inner_local.lock().unwrap())
.exp_time = 0;
(*inner_local.lock().unwrap())
.running = false;
}
},
}
Err(e) => {
println!("Central post failed: {}", e.to_string());
println!("hit url: {}", e.url().unwrap().as_str());
println!("Central post failed: {}", e);
println!(
"hit url: {}",
e.url().unwrap().as_str()
);
println!("Status: {}", e.status().unwrap());
(*inner_local.lock().unwrap()).exp_time = 0;
(*inner_local.lock().unwrap()).running = false;
(*inner_local.lock().unwrap()).running =
false;
}
}
},
}
None => {
println!("no id token?!?");
}
}
},
}
Err(e) => {
println!("token error: {}", e);
}
@ -323,7 +382,7 @@ impl ZeroIDC {
pub fn stop(&mut self) {
let local = self.inner.clone();
if self.is_running(){
if self.is_running() {
(*local.lock().unwrap()).running = false;
}
}
@ -341,81 +400,72 @@ impl ZeroIDC {
pub fn set_nonce_and_csrf(&mut self, csrf_token: String, nonce: String) {
let local = Arc::clone(&self.inner);
(*local.lock().expect("can't lock inner")).as_opt().map(|i| {
if i.running {
println!("refresh thread running. not setting new nonce or csrf");
return
}
let _ = (*local.lock().expect("can't lock inner"))
.as_opt()
.map(|i| {
if i.running {
println!("refresh thread running. not setting new nonce or csrf");
return;
}
let need_verifier = match i.pkce_verifier {
None => true,
_ => false,
};
let need_verifier = matches!(i.pkce_verifier, None);
let csrf_diff = if let Some(csrf) = i.csrf_token.clone() {
if *csrf.secret() != csrf_token {
true
let csrf_diff = if let Some(csrf) = i.csrf_token.clone() {
*csrf.secret() != csrf_token
} else {
false
}
} else {
false
};
};
let nonce_diff = if let Some(n) = i.nonce.clone() {
if *n.secret() != nonce {
true
let nonce_diff = if let Some(n) = i.nonce.clone() {
*n.secret() != nonce
} else {
false
};
if need_verifier || csrf_diff || nonce_diff {
let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
let r = i.oidc_client.as_ref().map(|c| {
let (auth_url, csrf_token, nonce) = c
.authorize_url(
AuthenticationFlow::<CoreResponseType>::AuthorizationCode,
csrf_func(csrf_token),
nonce_func(nonce),
)
.add_scope(Scope::new("profile".to_string()))
.add_scope(Scope::new("email".to_string()))
.add_scope(Scope::new("offline_access".to_string()))
.add_scope(Scope::new("openid".to_string()))
.set_pkce_challenge(pkce_challenge)
.url();
(auth_url, csrf_token, nonce)
});
if let Some(r) = r {
i.url = Some(r.0);
i.csrf_token = Some(r.1);
i.nonce = Some(r.2);
i.pkce_verifier = Some(pkce_verifier);
}
}
} else {
false
};
if need_verifier || csrf_diff || nonce_diff {
let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
let r = i.oidc_client.as_ref().map(|c| {
let (auth_url, csrf_token, nonce) = c
.authorize_url(
AuthenticationFlow::<CoreResponseType>::AuthorizationCode,
csrf_func(csrf_token),
nonce_func(nonce),
)
.add_scope(Scope::new("profile".to_string()))
.add_scope(Scope::new("email".to_string()))
.add_scope(Scope::new("offline_access".to_string()))
.add_scope(Scope::new("openid".to_string()))
.set_pkce_challenge(pkce_challenge)
.url();
(auth_url, csrf_token, nonce)
});
if let Some(r) = r {
i.url = Some(r.0);
i.csrf_token = Some(r.1);
i.nonce = Some(r.2);
i.pkce_verifier = Some(pkce_verifier);
}
}
});
});
}
pub fn auth_url(&self) -> String {
let url = (*self.inner.lock().expect("can't lock inner")).as_opt().map(|i| {
match i.url.clone() {
let url = (*self.inner.lock().expect("can't lock inner"))
.as_opt()
.map(|i| match i.url.clone() {
Some(u) => u.to_string(),
_ => "".to_string(),
}
});
});
match url {
Some(url) => url.to_string(),
Some(url) => url,
None => "".to_string(),
}
}
pub fn do_token_exchange(&mut self, code: &str) -> String {
pub fn do_token_exchange(&mut self, code: &str) -> Result<String, SSOExchangeError> {
let local = Arc::clone(&self.inner);
let mut should_start = false;
let res = (*local.lock().unwrap()).as_opt().map(|i| {
@ -423,13 +473,14 @@ impl ZeroIDC {
let token_response = i.oidc_client.as_ref().map(|c| {
println!("auth code: {}", code);
let r = c.exchange_code(AuthorizationCode::new(code.to_string()))
let r = c
.exchange_code(AuthorizationCode::new(code.to_string()))
.set_pkce_verifier(verifier)
.request(http_client);
// validate the token hashes
match r {
Ok(res) =>{
Ok(res) => {
let n = match i.nonce.clone() {
Some(n) => n,
None => {
@ -437,7 +488,7 @@ impl ZeroIDC {
return None;
}
};
let id = match res.id_token() {
Some(t) => t,
None => {
@ -463,7 +514,10 @@ impl ZeroIDC {
};
if let Some(expected_hash) = claims.access_token_hash() {
let actual_hash = match AccessTokenHash::from_token(res.access_token(), &signing_algo) {
let actual_hash = match AccessTokenHash::from_token(
res.access_token(),
&signing_algo,
) {
Ok(h) => h,
Err(e) => {
println!("Error hashing access token: {}", e);
@ -477,111 +531,131 @@ impl ZeroIDC {
}
}
Some(res)
},
}
Err(e) => {
println!("token response error: {:?}", e.to_string());
println!("\t {:?}", e.source());
return None;
},
None
}
}
});
if let Some(Some(tok)) = token_response {
let id_token = tok.id_token().unwrap();
#[cfg(debug_assertions)] {
#[cfg(debug_assertions)]
{
println!("ID token: {}", id_token.to_string());
}
let mut split = "".to_string();
match i.csrf_token.clone() {
Some(csrf_token) => {
split = csrf_token.secret().to_owned();
},
_ => (),
if let Some(tok) = i.csrf_token.clone() {
split = tok.secret().to_owned();
}
let split = split.split("_").collect::<Vec<&str>>();
let split = split.split('_').collect::<Vec<&str>>();
if split.len() == 2 {
let params = [("id_token", id_token.to_string()),("state", split[0].to_string())];
let params = [
("id_token", id_token.to_string()),
("state", split[0].to_string()),
];
let client = reqwest::blocking::Client::new();
let res = client.post(i.auth_endpoint.clone())
.form(&params)
.send();
let res = client.post(i.auth_endpoint.clone()).form(&params).send();
match res {
Ok(res) => {
#[cfg(debug_assertions)] {
println!("hit url: {}", res.url().as_str());
println!("Status: {}", res.status());
}
if res.status() == 200 {
#[cfg(debug_assertions)]
{
println!("hit url: {}", res.url().as_str());
println!("Status: {}", res.status());
}
let idt = &id_token.to_string();
let idt = &id_token.to_string();
let t: Result<Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>, jwt::Error>=
Token::parse_unverified(idt);
if let Ok(t) = t {
let claims = t.claims().registered.clone();
match claims.expiration {
Some(exp) => {
i.exp_time = exp;
println!("Set exp time to: {:?}", i.exp_time);
},
None => {
panic!("expiration is None. This shouldn't happen")
let t: Result<
Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>,
jwt::Error,
> = Token::parse_unverified(idt);
if let Ok(t) = t {
let claims = t.claims().registered.clone();
match claims.expiration {
Some(exp) => {
i.exp_time = exp;
println!("Set exp time to: {:?}", i.exp_time);
}
None => {
panic!("expiration is None. This shouldn't happen");
}
}
}
}
i.access_token = Some(tok.access_token().clone());
if let Some(t) = tok.refresh_token() {
i.refresh_token = Some(t.clone());
should_start = true;
i.access_token = Some(tok.access_token().clone());
if let Some(t) = tok.refresh_token() {
i.refresh_token = Some(t.clone());
should_start = true;
}
#[cfg(debug_assertions)]
{
let access_token = tok.access_token();
println!("Access Token: {}", access_token.secret());
let refresh_token = tok.refresh_token();
println!("Refresh Token: {}", refresh_token.unwrap().secret());
}
let bytes = match res.bytes() {
Ok(bytes) => bytes,
Err(_) => Bytes::from(""),
};
let bytes = match from_utf8(bytes.as_ref()) {
Ok(bytes) => bytes.to_string(),
Err(_) => "".to_string(),
};
Ok(bytes)
} else if res.status() == 402 {
Err(SSOExchangeError::new(
"additional license seats required. Please contact your network administrator.".to_string(),
))
} else {
Err(SSOExchangeError::new(
"error from central endpoint".to_string(),
))
}
#[cfg(debug_assertions)] {
let access_token = tok.access_token();
println!("Access Token: {}", access_token.secret());
let refresh_token = tok.refresh_token();
println!("Refresh Token: {}", refresh_token.unwrap().secret());
}
let bytes = match res.bytes() {
Ok(bytes) => bytes,
Err(_) => Bytes::from(""),
};
let bytes = match from_utf8(bytes.as_ref()) {
Ok(bytes) => bytes.to_string(),
Err(_) => "".to_string(),
};
return bytes;
},
}
Err(res) => {
println!("error result: {}", res);
println!("hit url: {}", res.url().unwrap().as_str());
println!("Status: {}", res.status().unwrap());
println!("Post error: {}", res.to_string());
println!("Post error: {}", res);
i.exp_time = 0;
Err(SSOExchangeError::new(
"error from central endpoint".to_string(),
))
}
}
} else {
println!("invalid split length?!?");
Err(SSOExchangeError::new(
"error splitting state token".to_string(),
))
}
} else {
Err(SSOExchangeError::new("invalid token response".to_string()))
}
} else {
Err(SSOExchangeError::new("invalid pkce verifier".to_string()))
}
"".to_string()
});
if should_start {
self.start();
}
return match res {
match res {
Some(res) => res,
_ => "".to_string(),
};
_ => Err(SSOExchangeError::new("invalid result".to_string())),
}
}
}

181
zerotier-one.spec
View File

@ -6,28 +6,56 @@ Summary: ZeroTier network virtualization service
License: ZeroTier BSL 1.1
URL: https://www.zerotier.com
%if 0%{?rhel} >= 7
BuildRequires: systemd
%endif
# Fedora
%if 0%{?fedora} >= 21
BuildRequires: systemd
%endif
Requires: iproute libstdc++ openssl
AutoReqProv: no
%if 0%{?rhel} >= 7
Requires: systemd
%if "%{?dist}" == ".fc35"
BuildRequires: systemd clang openssl openssl-devel
Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%if 0%{?rhel} <= 6
Requires: chkconfig
%if "%{?dist}" == ".fc36"
BuildRequires: systemd clang openssl1.1 openssl1.1-devel
Requires: systemd openssl1.1
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%if 0%{?fedora} >= 21
Requires: systemd
%if "%{?dist}" == ".fc37"
BuildRequires: systemd clang openssl1.1 openssl1.1-devel
Requires: systemd openssl1.1
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
# RHEL
%if "%{?dist}" == ".el6"
Requires: chkconfig
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%if "%{?dist}" == ".el7"
BuildRequires: systemd openssl11-devel
Requires: systemd openssl11
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%if "%{?dist}" == ".el8"
BuildRequires: systemd openssl-devel
Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
%if "%{?dist}" == ".el9"
BuildRequires: systemd openssl-devel
Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
# Amazon
%if "%{?dist}" == ".amzn2"
BuildRequires: systemd openssl-devel
Requires: systemd openssl
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%endif
@ -44,123 +72,60 @@ like conventional VPNs or VLANs. It can run on native systems, VMs, or
containers (Docker, OpenVZ, etc.).
%prep
%if 0%{?rhel} >= 7
rm -rf *
ln -s %{getenv:PWD} %{name}-%{version}
tar --exclude=%{name}-%{version}/.git --exclude=%{name}-%{version}/%{name}-%{version} -czf %{_sourcedir}/%{name}-%{version}.tar.gz %{name}-%{version}/*
rm -f %{name}-%{version}
cp -a %{getenv:PWD}/* .
%endif
# ls -la
# %if 0%{?rhel} && 0%{?rhel} >= 7
# rm -rf *
# ln -s %{getenv:PWD} %{name}-%{version}
# tar --exclude=%{name}-%{version}/.git --exclude=%{name}-%{version}/%{name}-%{version} -czf %{_sourcedir}/%{name}-%{version}.tar.gz %{name}-%{version}/*
# rm -f %{name}-%{version}
# cp -a %{getenv:PWD}/* .
# %endif
%build
#%if 0%{?rhel} <= 7
#make CFLAGS="`echo %{optflags} | sed s/stack-protector-strong/stack-protector/`" CXXFLAGS="`echo %{optflags} | sed s/stack-protector-strong/stack-protector/`" ZT_USE_MINIUPNPC=1 %{?_smp_mflags} one manpages selftest
#%else
%if 0%{?rhel} >= 7
make ZT_USE_MINIUPNPC=1 %{?_smp_mflags} one
%if "%{?dist}" == ".el6"
make RUST_BACKTRACE=full ZT_USE_MINIUPNPC=1 %{?_smp_mflags} from_builder
%else
make RUST_BACKTRACE=full ZT_USE_MINIUPNPC=1 %{?_smp_mflags} one
%endif
%pre
%if 0%{?rhel} >= 7
/usr/bin/getent passwd zerotier-one || /usr/sbin/useradd -r -d /var/lib/zerotier-one -s /sbin/nologin zerotier-one
%endif
%if 0%{?fedora} >= 21
/usr/bin/getent passwd zerotier-one || /usr/sbin/useradd -r -d /var/lib/zerotier-one -s /sbin/nologin zerotier-one
%endif
%install
rm -rf $RPM_BUILD_ROOT
%if 0%{?rhel} < 7
pushd %{getenv:PWD}
%endif
# rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%if 0%{?rhel} < 7
popd
%endif
%if 0%{?rhel} >= 7
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
cp %{getenv:PWD}/debian/zerotier-one.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
%endif
%if 0%{?fedora} >= 21
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
cp ${getenv:PWD}/debian/zerotier-one.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
%endif
%if 0%{?rhel} <= 6
mkdir -p $RPM_BUILD_ROOT/etc/init.d
%if 0%{?rhel} && 0%{?rhel} <= 6
mkdir -p $RPM_BUILD_ROOT/etc/init.d/
cp %{getenv:PWD}/ext/installfiles/linux/zerotier-one.init.rhel6 $RPM_BUILD_ROOT/etc/init.d/zerotier-one
chmod 0755 $RPM_BUILD_ROOT/etc/init.d/zerotier-one
chmod 700 $RPM_BUILD_ROOT/etc/init.d/${name}
%endif
%files
%{_sbindir}/*
%{_mandir}/*
%{_localstatedir}/*
%if 0%{?rhel} >= 7
%{_unitdir}/%{name}.service
%endif
%if 0%{?fedora} >= 21
%{_unitdir}/%{name}.service
%endif
%if 0%{?rhel} <= 6
%if 0%{?rhel} && 0%{?rhel} <= 6
/etc/init.d/zerotier-one
%else
%{_unitdir}/%{name}.service
%endif
%post
%if 0%{?rhel} >= 7
%if ! 0%{?rhel} && 0%{?rhel} <= 6
%systemd_post zerotier-one.service
%endif
%if 0%{?fedora} >= 21
%systemd_post zerotier-one.service
%endif
%if 0%{?rhel} <= 6
case "$1" in
1)
chkconfig --add zerotier-one
;;
2)
chkconfig --del zerotier-one
chkconfig --add zerotier-one
;;
esac
if [ -x /usr/bin/checkmodule -a -x /usr/bin/semodule_package -a -x /usr/sbin/semodule ]; then
rm -f /var/lib/zerotier-one/zerotier-one.mod
/usr/bin/checkmodule -M -m -o /var/lib/zerotier-one/zerotier-one.mod /var/lib/zerotier-one/zerotier-one.te
if [ -f /var/lib/zerotier-one/zerotier-one.pp ]; then
rm -f /var/lib/zerotier-one/zerotier-one.pp
/usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
/usr/sbin/semodule -u /var/lib/zerotier-one/zerotier-one.pp
else
/usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
/usr/sbin/semodule -i /var/lib/zerotier-one/zerotier-one.pp
fi
fi
%endif
%preun
%if 0%{?rhel} >= 7
%if ! 0%{?rhel} && 0%{?rhel} <= 6
%systemd_preun zerotier-one.service
%endif
%if 0%{?fedora} >= 21
%systemd_preun zerotier-one.service
%endif
%if 0%{?rhel} <= 6
case "$1" in
0)
service zerotier-one stop
chkconfig --del zerotier-one
;;
1)
# This is an upgrade.
:
;;
esac
%endif
%postun
%if 0%{?rhel} >= 7
%systemd_postun_with_restart zerotier-one.service
%endif
%if 0%{?fedora} >= 21
%if ! 0%{?rhel} && 0%{?rhel} <= 6
%systemd_postun_with_restart zerotier-one.service
%endif
@ -171,16 +136,16 @@ esac
* Tue May 10 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.10
- see https://github.com/zerotier/ZeroTierOne for release notes
* Fri Apr 25 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.9
* Mon Apr 25 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.9
- see https://github.com/zerotier/ZeroTierOne for release notes
* Fri Apr 11 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.8
* Mon Apr 11 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.8
- see https://github.com/zerotier/ZeroTierOne for release notes
* Fri Mar 21 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.7
* Mon Mar 21 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.7
- see https://github.com/zerotier/ZeroTierOne for release notes
* Fri Mar 07 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.6
* Mon Mar 07 2022 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.6
- see https://github.com/zerotier/ZeroTierOne for release notes
* Fri Dec 17 2021 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.5
@ -198,7 +163,7 @@ esac
* Wed Oct 20 2021 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.1
- see https://github.com/zerotier/ZeroTierOne for release notes
* Tue Sep 15 2021 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.0
* Wed Sep 15 2021 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.8.0
- see https://github.com/zerotier/ZeroTierOne for release notes
* Tue Apr 13 2021 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.6.5