diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index fbf3dd029..f875d917b 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -142,7 +142,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar if (inReVerb == Packet::VERB_NETWORK_CONFIG_REQUEST) { const SharedPtr network(RR->node->network(at(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD))); if ((network)&&(network->controller() == peer->address())) - network->setNotFound(); + network->setNotFound(tPtr); } break; @@ -153,7 +153,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar if (inReVerb == Packet::VERB_NETWORK_CONFIG_REQUEST) { const SharedPtr network(RR->node->network(at(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD))); if ((network)&&(network->controller() == peer->address())) - network->setNotFound(); + network->setNotFound(tPtr); } break; @@ -176,7 +176,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar // Network controller: network access denied. const SharedPtr network(RR->node->network(at(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD))); if ((network)&&(network->controller() == peer->address())) - network->setAccessDenied(); + network->setAccessDenied(tPtr); } break; case Packet::ERROR_UNWANTED_MULTICAST: { @@ -209,7 +209,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar if (authInfo.get(ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL, authenticationURL, sizeof(authenticationURL)) > 0) { authenticationURL[sizeof(authenticationURL) - 1] = 0; // ensure always zero terminated - network->setAuthenticationRequired(authenticationURL); + network->setAuthenticationRequired(tPtr, authenticationURL); } } else if (authVer == 1) { fprintf(stderr, "authVer == 2\n"); @@ -221,6 +221,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar if (authInfo.get(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, issuerURL, sizeof(issuerURL)) > 0) { issuerURL[sizeof(issuerURL) - 1] = 0; + fprintf(stderr, "Issuer URL from info: %s\n", issuerURL); } if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, centralAuthURL, sizeof(centralAuthURL))>0) { centralAuthURL[sizeof(centralAuthURL) - 1] = 0; @@ -236,12 +237,12 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar } fprintf(stderr, "Setting auth required on network\n"); - network->setAuthenticationRequired(issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState); + network->setAuthenticationRequired(tPtr, issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState); } } } else { fprintf(stderr, "authinfo??????\n"); - network->setAuthenticationRequired(""); + network->setAuthenticationRequired(tPtr, ""); } } } break; diff --git a/node/Network.cpp b/node/Network.cpp index 357cf1432..a8fa5ebca 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -1115,7 +1115,7 @@ void Network::requestConfiguration(void *tPtr) this->setConfiguration(tPtr,*nconf,false); delete nconf; } else { - this->setNotFound(); + this->setNotFound(tPtr); } } else if ((_id & 0xff) == 0x01) { // ffAAaaaaaaaaaa01 -- where AA is the IPv4 /8 to use and aaaaaaaaaa is the anchor node for multicast gather and replication @@ -1199,7 +1199,7 @@ void Network::requestConfiguration(void *tPtr) if (RR->localNetworkController) { RR->localNetworkController->request(_id,InetAddress(),0xffffffffffffffffULL,RR->identity,rmd); } else { - this->setNotFound(); + this->setNotFound(tPtr); } return; } @@ -1438,6 +1438,7 @@ void Network::_externalConfig(ZT_VirtualNetworkConfig *ec) const ec->authenticationExpiryTime = _config.authenticationExpiryTime; ec->ssoEnabled = _config.ssoEnabled; Utils::scopy(ec->centralAuthURL, sizeof(ec->centralAuthURL), _config.centralAuthURL); + Utils::scopy(ec->issuerURL, sizeof(ec->issuerURL), _config.issuerURL); Utils::scopy(ec->ssoNonce, sizeof(ec->ssoNonce), _config.ssoNonce); Utils::scopy(ec->ssoState, sizeof(ec->ssoState), _config.ssoState); Utils::scopy(ec->ssoClientID, sizeof(ec->ssoClientID), _config.ssoClientID); @@ -1547,18 +1548,26 @@ Membership &Network::_membership(const Address &a) return _memberships[a]; } -void Network::setAuthenticationRequired(const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state) +void Network::setAuthenticationRequired(void *tPtr, const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state) { Mutex::Lock _l(_lock); _netconfFailure = NETCONF_FAILURE_AUTHENTICATION_REQUIRED; _config.ssoEnabled = true; _config.ssoVersion = 1; + fprintf(stderr, "Network::setAuthenticationRequired issuerURL: %s\n", issuerURL); Utils::scopy(_config.issuerURL, sizeof(_config.issuerURL), issuerURL); Utils::scopy(_config.centralAuthURL, sizeof(_config.centralAuthURL), centralEndpoint); Utils::scopy(_config.ssoClientID, sizeof(_config.ssoClientID), clientID); Utils::scopy(_config.ssoNonce, sizeof(_config.ssoNonce), nonce); Utils::scopy(_config.ssoState, sizeof(_config.ssoState), state); + _sendUpdateEvent(tPtr); +} + +void Network::_sendUpdateEvent(void *tPtr) { + ZT_VirtualNetworkConfig ctmp; + _externalConfig(&ctmp); + RR->node->configureVirtualNetworkPort(tPtr, _id, &_uPtr, (_portInitialized) ? ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE : ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP, &ctmp); } } // namespace ZeroTier diff --git a/node/Network.hpp b/node/Network.hpp index 10b48f1f9..c201a6314 100644 --- a/node/Network.hpp +++ b/node/Network.hpp @@ -205,38 +205,43 @@ public: /** * Set netconf failure to 'access denied' -- called in IncomingPacket when controller reports this */ - inline void setAccessDenied() + inline void setAccessDenied(void *tPtr) { Mutex::Lock _l(_lock); _netconfFailure = NETCONF_FAILURE_ACCESS_DENIED; + + _sendUpdateEvent(tPtr); } /** * Set netconf failure to 'not found' -- called by IncomingPacket when controller reports this */ - inline void setNotFound() + inline void setNotFound(void *tPtr) { Mutex::Lock _l(_lock); _netconfFailure = NETCONF_FAILURE_NOT_FOUND; + + _sendUpdateEvent(tPtr); } /** * Set netconf failure to 'authentication required' possibly with an authorization URL */ - inline void setAuthenticationRequired(const char *url) + inline void setAuthenticationRequired(void *tPtr, const char *url) { Mutex::Lock _l(_lock); _netconfFailure = NETCONF_FAILURE_AUTHENTICATION_REQUIRED; _authenticationURL = (url) ? url : ""; _config.ssoEnabled = true; _config.ssoVersion = 0; + _sendUpdateEvent(tPtr); } /** * set netconf failure to 'authentication required' along with info needed * for sso full flow authentication. */ - void setAuthenticationRequired(const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state); + void setAuthenticationRequired(void *tPtr, const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state); /** * Causes this network to request an updated configuration from its master node now @@ -420,6 +425,7 @@ private: void _announceMulticastGroupsTo(void *tPtr,const Address &peer,const std::vector &allMulticastGroups); std::vector _allMulticastGroups() const; Membership &_membership(const Address &a); + void _sendUpdateEvent(void *tPtr); const RuntimeEnvironment *const RR; void *_uPtr; diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp index 4615b66a7..2d5e2a382 100644 --- a/node/NetworkConfig.cpp +++ b/node/NetworkConfig.cpp @@ -195,10 +195,9 @@ bool NetworkConfig::toDictionary(Dictionary &d,b } else if(this->ssoVersion == 1) { if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_VERSION, this->ssoVersion)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_ENABLED, this->ssoEnabled)) return false; - if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL)) return false; + //if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUER_URL, this->issuerURL)) return false; - if (! d.add(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL)) - return false; + if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_NONCE, this->ssoNonce)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_STATE, this->ssoState)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID, this->ssoClientID)) return false; diff --git a/node/Node.cpp b/node/Node.cpp index 75acc35de..a0dd03fc1 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -735,10 +735,10 @@ void Node::ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &des switch(errorCode) { case NetworkController::NC_ERROR_OBJECT_NOT_FOUND: case NetworkController::NC_ERROR_INTERNAL_SERVER_ERROR: - n->setNotFound(); + n->setNotFound(nullptr); break; case NetworkController::NC_ERROR_ACCESS_DENIED: - n->setAccessDenied(); + n->setAccessDenied(nullptr); break; case NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED: { fprintf(stderr, "\n\nGot auth required\n\n"); diff --git a/service/OneService.cpp b/service/OneService.cpp index 89734a690..cc579a61a 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -250,7 +250,10 @@ public: char nwbuf[17] = {}; const char* nwid = Utils::hex(nwc->nwid, nwbuf); fprintf(stderr, "NetworkState::setConfig(%s)\n", nwid); + + fprintf(stderr, "issuerUrl before: %s\n", nwc->issuerURL); memcpy(&_config, nwc, sizeof(ZT_VirtualNetworkConfig)); + fprintf(stderr, "issuerUrl after: %s\n", _config.issuerURL); fprintf(stderr, "ssoEnabled: %s, ssoVersion: %d\n", _config.ssoEnabled ? "true" : "false", _config.ssoVersion); @@ -2662,8 +2665,9 @@ public: // After setting up tap, fall through to CONFIG_UPDATE since we also want to do this... case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE: + fprintf(stderr, "conf update issuerURL: %s\n", nwc->issuerURL); n.setConfig(nwc); - + if (n.tap()) { // sanity check #if defined(__WINDOWS__) && !defined(ZT_SDK) // wait for up to 5 seconds for the WindowsEthernetTap to actually be initialized