ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-05-31 14:30:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add "ssoRedirectURL" to local.conf

Browse Source 
plumbed it through to the central controller code
This commit is contained in:
Grant Limberg 2021-06-04 16:29:03 -07:00
parent c227330d09
commit e6b4fb5af7
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
8 changed files with 48 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controller/DB.hpp
View File

@ -104,7 +104,7 @@ public:
virtual void eraseNetwork(const uint64_t networkId) = 0; virtual void eraseNetwork(const uint64_t networkId) = 0;
virtual void eraseMember(const uint64_t networkId,const uint64_t memberId) = 0; virtual void eraseMember(const uint64_t networkId,const uint64_t memberId) = 0;
virtual void nodeIsOnline(const uint64_t networkId,const uint64_t memberId,const InetAddress &physicalAddress) = 0; virtual void nodeIsOnline(const uint64_t networkId,const uint64_t memberId,const InetAddress &physicalAddress) = 0;
virtual std::string getSSOAuthURL(const nlohmann::json &member) { return ""; } virtual std::string getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL) { return ""; }
inline void addListener(DB::ChangeListener *const listener) inline void addListener(DB::ChangeListener *const listener)
{ {

4
controller/DBMirrorSet.cpp
View File

@ -125,11 +125,11 @@ bool DBMirrorSet::get(const uint64_t networkId,nlohmann::json &network,std::vect
return false; return false;
} }
std::string DBMirrorSet::getSSOAuthURL(const nlohmann::json &member) std::string DBMirrorSet::getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL)
{ {
std::lock_guard<std::mutex> l(_dbs_l); std::lock_guard<std::mutex> l(_dbs_l);
for(auto d=_dbs.begin();d!=_dbs.end();++d) { for(auto d=_dbs.begin();d!=_dbs.end();++d) {
std::string url = (*d)->getSSOAuthURL(member); std::string url = (*d)->getSSOAuthURL(member, redirectURL);
if (!url.empty()) { if (!url.empty()) {
return url; return url;
} }

2
controller/DBMirrorSet.hpp
View File

@ -51,7 +51,7 @@ public:
virtual void onNetworkMemberUpdate(const void *db,uint64_t networkId,uint64_t memberId,const nlohmann::json &member); virtual void onNetworkMemberUpdate(const void *db,uint64_t networkId,uint64_t memberId,const nlohmann::json &member);
virtual void onNetworkMemberDeauthorize(const void *db,uint64_t networkId,uint64_t memberId); virtual void onNetworkMemberDeauthorize(const void *db,uint64_t networkId,uint64_t memberId);
std::string getSSOAuthURL(const nlohmann::json &member); std::string getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL);
inline void addDB(const std::shared_ptr<DB> &db) inline void addDB(const std::shared_ptr<DB> &db)
{ {

32
controller/EmbeddedNetworkController.cpp
View File

@ -28,6 +28,9 @@
#include <map> #include <map>
#include <thread> #include <thread>
#include <memory> #include <memory>
#include <iomanip>
#include <sstream>
#include <cctype>
#include "../include/ZeroTierOne.h" #include "../include/ZeroTierOne.h"
#include "../version.h" #include "../version.h"
@ -60,6 +63,29 @@ namespace ZeroTier {
namespace { namespace {
std::string url_encode(const std::string &value) {
std::ostringstream escaped;
escaped.fill('0');
escaped << std::hex;
for (std::string::const_iterator i = value.begin(), n = value.end(); i != n; ++i) {
std::string::value_type c = (*i);
// Keep alphanumeric and other accepted characters intact
if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') {
escaped << c;
continue;
}
// Any other characters are percent-encoded
escaped << std::uppercase;
escaped << '%' << std::setw(2) << int((unsigned char) c);
escaped << std::nouppercase;
}
return escaped.str();
}
static json _renderRule(ZT_VirtualNetworkRule &rule) static json _renderRule(ZT_VirtualNetworkRule &rule)
{ {
char tmp[128]; char tmp[128];
@ -476,6 +502,10 @@ EmbeddedNetworkController::~EmbeddedNetworkController()
t->join(); t->join();
} }
void EmbeddedNetworkController::setSSORedirectURL(const std::string &url) {
_ssoRedirectURL = url_encode(url);
}
void EmbeddedNetworkController::init(const Identity &signingId,Sender *sender) void EmbeddedNetworkController::init(const Identity &signingId,Sender *sender)
{ {
char tmp[64]; char tmp[64];
@ -1338,7 +1368,7 @@ void EmbeddedNetworkController::_request(
int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0); int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime); fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) { if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) {
std::string authenticationURL = _db.getSSOAuthURL(member); std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
if (!authenticationURL.empty()) { if (!authenticationURL.empty()) {
Dictionary<3072> authInfo; Dictionary<3072> authInfo;
authInfo.add("aU", authenticationURL.c_str()); authInfo.add("aU", authenticationURL.c_str());

3
controller/EmbeddedNetworkController.hpp
View File

@ -57,6 +57,8 @@ public:
virtual void init(const Identity &signingId,Sender *sender); virtual void init(const Identity &signingId,Sender *sender);
void setSSORedirectURL(const std::string &url);
virtual void request( virtual void request(
uint64_t nwid, uint64_t nwid,
const InetAddress &fromAddr, const InetAddress &fromAddr,
@ -151,6 +153,7 @@ private:
std::mutex _memberStatus_l; std::mutex _memberStatus_l;
RedisConfig *_rc; RedisConfig *_rc;
std::string _ssoRedirectURL;
}; };
} // namespace ZeroTier } // namespace ZeroTier

5
controller/PostgreSQL.cpp
View File

@ -309,7 +309,7 @@ void PostgreSQL::nodeIsOnline(const uint64_t networkId, const uint64_t memberId,
} }
} }
std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member) std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL)
{ {
// NONCE is just a random character string. no semantic meaning // NONCE is just a random character string. no semantic meaning
// state = HMAC SHA384 of Nonce based on shared sso key // state = HMAC SHA384 of Nonce based on shared sso key
@ -387,11 +387,10 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member)
char state_hex[256]; char state_hex[256];
Utils::hex(state, 48, state_hex); Utils::hex(state, 48, state_hex);
const char *redirect_url = "https%3A%2F%2Fmy.zerotier.com%2Fapi%2Fnetwork%2Fsso-auth"; // TODO: this should be configurable
OSUtils::ztsnprintf(authenticationURL, sizeof(authenticationURL), OSUtils::ztsnprintf(authenticationURL, sizeof(authenticationURL),
"%s?response_type=id_token&response_mode=form_post&scope=openid+email+profile&redriect_uri=%s&nonce=%s&state=%s&client_id=%s", "%s?response_type=id_token&response_mode=form_post&scope=openid+email+profile&redriect_uri=%s&nonce=%s&state=%s&client_id=%s",
authorization_endpoint.c_str(), authorization_endpoint.c_str(),
redirect_url, redirectURL.c_str(),
nonce.c_str(), nonce.c_str(),
state_hex, state_hex,
client_id.c_str()); client_id.c_str());

2
controller/PostgreSQL.hpp
View File

@ -107,7 +107,7 @@ public:
virtual void eraseNetwork(const uint64_t networkId); virtual void eraseNetwork(const uint64_t networkId);
virtual void eraseMember(const uint64_t networkId, const uint64_t memberId); virtual void eraseMember(const uint64_t networkId, const uint64_t memberId);
virtual void nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress &physicalAddress); virtual void nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress &physicalAddress);
virtual std::string getSSOAuthURL(const nlohmann::json &member); virtual std::string getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL);
protected: protected:
struct _PairHasher struct _PairHasher

7
service/OneService.cpp
View File

@ -575,6 +575,7 @@ public:
Mutex _run_m; Mutex _run_m;
RedisConfig *_rc; RedisConfig *_rc;
std::string _ssoRedirectURL;
// end member variables ---------------------------------------------------- // end member variables ----------------------------------------------------
@ -612,6 +613,7 @@ public:
#endif #endif
,_run(true) ,_run(true)
,_rc(NULL) ,_rc(NULL)
,_ssoRedirectURL()
{ {
_ports[0] = 0; _ports[0] = 0;
_ports[1] = 0; _ports[1] = 0;
@ -790,6 +792,9 @@ public:
// Network controller is now enabled by default for desktop and server // Network controller is now enabled by default for desktop and server
_controller = new EmbeddedNetworkController(_node,_homePath.c_str(),_controllerDbPath.c_str(),_ports[0], _rc); _controller = new EmbeddedNetworkController(_node,_homePath.c_str(),_controllerDbPath.c_str(),_ports[0], _rc);
if (!_ssoRedirectURL.empty()) {
_controller->setSSORedirectURL(_ssoRedirectURL);
}
_node->setNetconfMaster((void *)_controller); _node->setNetconfMaster((void *)_controller);
// Join existing networks in networks.d // Join existing networks in networks.d
@ -1048,6 +1053,8 @@ public:
if (cdbp.length() > 0) if (cdbp.length() > 0)
_controllerDbPath = cdbp; _controllerDbPath = cdbp;
_ssoRedirectURL = OSUtils::jsonString(settings["ssoRedirectURL"], "");
#ifdef ZT_CONTROLLER_USE_LIBPQ #ifdef ZT_CONTROLLER_USE_LIBPQ
// TODO: Redis config // TODO: Redis config
json &redis = settings["redis"]; json &redis = settings["redis"];