ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-05-03 01:02:52 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

rename stuff for clarity

Browse Source 
authenticationURL will still be used by the client for v1 and v2 of sso
This commit is contained in:
Grant Limberg 2021-11-11 16:19:26 -08:00
parent f268237372
commit fa21fdc1cc
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
9 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controller/DB.hpp
View File

@ -48,6 +48,7 @@ public:
, version(0) , version(0)
, authenticationURL() , authenticationURL()
, authenticationExpiryTime(0) , authenticationExpiryTime(0)
, issuerURL()
, centralAuthURL() , centralAuthURL()
, ssoNonce() , ssoNonce()
, ssoState() , ssoState()
@ -58,6 +59,7 @@ public:
uint64_t version; uint64_t version;
std::string authenticationURL; std::string authenticationURL;
uint64_t authenticationExpiryTime; uint64_t authenticationExpiryTime;
std::string issuerURL;
std::string centralAuthURL; std::string centralAuthURL;
std::string ssoNonce; std::string ssoNonce;
std::string ssoState; std::string ssoState;

2
controller/EmbeddedNetworkController.cpp
View File

@ -1393,7 +1393,7 @@ void EmbeddedNetworkController::_request(
Dictionary<8192> authInfo; Dictionary<8192> authInfo;
authInfo.add(ZT_AUTHINFO_DICT_KEY_VERSION, info.version); authInfo.add(ZT_AUTHINFO_DICT_KEY_VERSION, info.version);
authInfo.add(ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL, info.authenticationURL.c_str()); authInfo.add(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, info.issuerURL.c_str());
authInfo.add(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, info.centralAuthURL.c_str()); authInfo.add(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, info.centralAuthURL.c_str());
authInfo.add(ZT_AUTHINFO_DICT_KEY_NONCE, info.ssoNonce.c_str()); authInfo.add(ZT_AUTHINFO_DICT_KEY_NONCE, info.ssoNonce.c_str());
authInfo.add(ZT_AUTHINFO_DICT_KEY_STATE, info.ssoState.c_str()); authInfo.add(ZT_AUTHINFO_DICT_KEY_STATE, info.ssoState.c_str());

2
controller/PostgreSQL.cpp
View File

@ -432,7 +432,7 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
info.authenticationURL = std::string(url); info.authenticationURL = std::string(url);
} else if (info.version == 1) { } else if (info.version == 1) {
info.ssoClientID = client_id; info.ssoClientID = client_id;
info.authenticationURL = authorization_endpoint; info.issuerURL = authorization_endpoint;
info.ssoNonce = nonce; info.ssoNonce = nonce;
info.ssoState = std::string(state_hex); info.ssoState = std::string(state_hex);
info.centralAuthURL = redirectURL; info.centralAuthURL = redirectURL;

5
include/ZeroTierOne.h
View File

@ -1216,6 +1216,11 @@ typedef struct
*/ */
uint64_t authenticationExpiryTime; uint64_t authenticationExpiryTime;
/**
* OIDC issuer URL.
*/
char issuerURL[2048];
/** /**
* central base URL. * central base URL.
*/ */

14
node/IncomingPacket.cpp
View File

@ -212,8 +212,8 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
noUrl = false; noUrl = false;
} }
} else if (authVer == 1) { } else if (authVer == 1) {
bool haveAuthURL = false; bool haveIssuerURL = false;
char authenticationURL[2048] = { 0 }; char issuerURL[2048] = { 0 };
bool haveCentralURL = false; bool haveCentralURL = false;
char centralAuthURL[2048] = { 0 }; char centralAuthURL[2048] = { 0 };
bool haveNonce = false; bool haveNonce = false;
@ -223,9 +223,9 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
bool haveClientID = false; bool haveClientID = false;
char ssoClientID[256] = { 0 }; char ssoClientID[256] = { 0 };
if (authInfo.get(ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL, authenticationURL, sizeof(authenticationURL)) > 0) { if (authInfo.get(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, issuerURL, sizeof(issuerURL)) > 0) {
authenticationURL[sizeof(authenticationURL) - 1] = 0; issuerURL[sizeof(issuerURL) - 1] = 0;
haveAuthURL = true; haveIssuerURL = true;
} }
if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, centralAuthURL, sizeof(centralAuthURL))>0) { if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, centralAuthURL, sizeof(centralAuthURL))>0) {
centralAuthURL[sizeof(centralAuthURL) - 1] = 0; centralAuthURL[sizeof(centralAuthURL) - 1] = 0;
@ -244,10 +244,10 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
haveClientID = true; haveClientID = true;
} }
noUrl = ! (haveAuthURL && haveCentralURL && haveNonce && haveState && haveClientID); noUrl = ! (haveIssuerURL && haveCentralURL && haveNonce && haveState && haveClientID);
if (!noUrl) { if (!noUrl) {
network->setAuthenticationRequired(authenticationURL, centralAuthURL, ssoClientID, ssoNonce, ssoState); network->setAuthenticationRequired(issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState);
} }
} }
} }

4
node/Network.cpp
View File

@ -1561,14 +1561,14 @@ Membership &Network::_membership(const Address &a)
return _memberships[a]; return _memberships[a];
} }
void Network::setAuthenticationRequired(const char* authEndpoint, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state) void Network::setAuthenticationRequired(const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state)
{ {
Mutex::Lock _l(_lock); Mutex::Lock _l(_lock);
_netconfFailure = NETCONF_FAILURE_AUTHENTICATION_REQUIRED; _netconfFailure = NETCONF_FAILURE_AUTHENTICATION_REQUIRED;
_config.ssoEnabled = true; _config.ssoEnabled = true;
_config.ssoVersion = 1; _config.ssoVersion = 1;
Utils::scopy(_config.authenticationURL, sizeof(_config.authenticationURL), authEndpoint); Utils::scopy(_config.issuerURL, sizeof(_config.issuerURL), issuerURL);
Utils::scopy(_config.centralAuthURL, sizeof(_config.centralAuthURL), centralEndpoint); Utils::scopy(_config.centralAuthURL, sizeof(_config.centralAuthURL), centralEndpoint);
Utils::scopy(_config.ssoClientID, sizeof(_config.ssoClientID), clientID); Utils::scopy(_config.ssoClientID, sizeof(_config.ssoClientID), clientID);
Utils::scopy(_config.ssoNonce, sizeof(_config.ssoNonce), nonce); Utils::scopy(_config.ssoNonce, sizeof(_config.ssoNonce), nonce);

2
node/Network.hpp
View File

@ -240,7 +240,7 @@ public:
* set netconf failure to 'authentication required' along with info needed * set netconf failure to 'authentication required' along with info needed
* for sso full flow authentication. * for sso full flow authentication.
*/ */
void setAuthenticationRequired(const char* authEndpoint, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state); void setAuthenticationRequired(const char* issuerURL, const char* centralEndpoint, const char* clientID, const char* nonce, const char* state);
/** /**
* Causes this network to request an updated configuration from its master node now * Causes this network to request an updated configuration from its master node now

7
node/NetworkConfig.cpp
View File

@ -196,7 +196,9 @@ bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,b
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_VERSION, this->ssoVersion)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_VERSION, this->ssoVersion)) return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_ENABLED, this->ssoEnabled)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SSO_ENABLED, this->ssoEnabled)) return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL)) return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUER_URL, this->issuerURL)) return false;
if (! d.add(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL))
return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_NONCE, this->ssoNonce)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_NONCE, this->ssoNonce)) return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_STATE, this->ssoState)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_STATE, this->ssoState)) return false;
if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID, this->ssoClientID)) return false; if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID, this->ssoClientID)) return false;
@ -408,6 +410,9 @@ bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACI
if (d.get(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL, (unsigned int)sizeof(this->authenticationURL)) > 0) { if (d.get(ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL, this->authenticationURL, (unsigned int)sizeof(this->authenticationURL)) > 0) {
this->authenticationURL[sizeof(this->authenticationURL) - 1] = 0; this->authenticationURL[sizeof(this->authenticationURL) - 1] = 0;
} }
if (d.get(ZT_NETWORKCONFIG_DICT_KEY_ISSUER_URL, this->issuerURL, (unsigned int)sizeof(this->issuerURL)) > 0) {
this->issuerURL[sizeof(this->issuerURL) - 1] = 0;
}
if (d.get(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL, (unsigned int)sizeof(this->centralAuthURL)) > 0) { if (d.get(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL, (unsigned int)sizeof(this->centralAuthURL)) > 0) {
this->centralAuthURL[sizeof(this->centralAuthURL) - 1] = 0; this->centralAuthURL[sizeof(this->centralAuthURL) - 1] = 0;
} }

11
node/NetworkConfig.hpp
View File

@ -186,6 +186,8 @@ namespace ZeroTier {
#define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL "aurl" #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL "aurl"
// authentication expiry // authentication expiry
#define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_EXPIRY_TIME "aexpt" #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_EXPIRY_TIME "aexpt"
// oidc issuer URL
#define ZT_NETWORKCONFIG_DICT_KEY_ISSUER_URL "iurl"
// central endpoint // central endpoint
#define ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL "ssoce" #define ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL "ssoce"
// nonce // nonce
@ -201,6 +203,8 @@ namespace ZeroTier {
#define ZT_AUTHINFO_DICT_KEY_VERSION "aV" #define ZT_AUTHINFO_DICT_KEY_VERSION "aV"
// authenticaiton URL // authenticaiton URL
#define ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL "aU" #define ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL "aU"
// issuer URL
#define ZT_AUTHINFO_DICT_KEY_ISSUER_URL "iU"
// Central endpoint URL // Central endpoint URL
#define ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL "aCU" #define ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL "aCU"
// Nonce // Nonce
@ -268,6 +272,7 @@ public:
ssoEnabled(false), ssoEnabled(false),
authenticationURL(), authenticationURL(),
authenticationExpiryTime(0), authenticationExpiryTime(0),
issuerURL(),
centralAuthURL(), centralAuthURL(),
ssoNonce(), ssoNonce(),
ssoState(), ssoState(),
@ -280,6 +285,7 @@ public:
memset(rules, 0, sizeof(ZT_VirtualNetworkRule)*ZT_MAX_NETWORK_RULES); memset(rules, 0, sizeof(ZT_VirtualNetworkRule)*ZT_MAX_NETWORK_RULES);
memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS)); memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS));
memset(authenticationURL, 0, sizeof(authenticationURL)); memset(authenticationURL, 0, sizeof(authenticationURL));
memset(issuerURL, 0, sizeof(issuerURL));
memset(centralAuthURL, 0, sizeof(centralAuthURL)); memset(centralAuthURL, 0, sizeof(centralAuthURL));
memset(ssoNonce, 0, sizeof(ssoNonce)); memset(ssoNonce, 0, sizeof(ssoNonce));
memset(ssoState, 0, sizeof(ssoState)); memset(ssoState, 0, sizeof(ssoState));
@ -670,6 +676,11 @@ public:
*/ */
uint64_t authenticationExpiryTime; uint64_t authenticationExpiryTime;
/**
* OIDC issuer URL
*/
char issuerURL[2048];
/** /**
* central base URL. * central base URL.
*/ */