Commit Graph

673 Commits

Author SHA1 Message Date
Grant Limberg
730482e62f
encode network ID into sso state param 2021-12-01 15:02:21 -08:00
Grant Limberg
663a09b38d
oidc stuff coming across the wire properly and generating a working login URL 2021-12-01 13:01:32 -08:00
Grant Limberg
7cce23ae79
wip 2021-12-01 10:44:29 -08:00
Grant Limberg
dfdac7adbd
iomanip 2021-11-30 17:31:46 -08:00
Grant Limberg
a33d7c64fe
more fixin 2021-11-30 17:27:13 -08:00
Grant Limberg
d15516f0ef
query fix & controller build fix 2021-11-30 16:18:34 -08:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
43433cdb5a integrate rust build of zeroidc to linux 2021-11-04 17:16:23 -07:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Grant Limberg
3818351287
use pqxx::pipeline for online update thread 2021-10-06 09:39:30 -07:00
Grant Limberg
4d26b5a868
no reason for this to be a pointer 2021-10-05 17:02:50 -07:00
Grant Limberg
ac0dc7844f
rework commit thread & some connection pool borrowing issues 2021-10-05 09:25:24 -07:00
Adam Ierymenko
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 15:40:55 -07:00
Grant Limberg
46adc1f059
ifdef this out 2021-09-20 15:39:53 -07:00
Grant Limberg
9002555596
ensure count > 0 2021-09-20 15:39:44 -07:00
Grant Limberg
c3a42bf590
remove heartbeat log 2021-09-02 16:46:42 -07:00
Grant Limberg
8b95afa96a
logging 2021-09-02 16:32:40 -07:00
Grant Limberg
6a49a766ca
logging 2021-09-02 16:22:59 -07:00
Grant Limberg
16ff14bda7
identify controller in pool stats 2021-09-02 13:48:08 -07:00
Grant Limberg
57c1d96b71
math 2021-09-02 12:48:49 -07:00
Grant Limberg
40f376e2b9
print db pool stats periodically 2021-09-02 12:45:26 -07:00
Grant Limberg
dc61f78916
set psql application_name in startup script 2021-09-02 11:24:07 -07:00
Grant Limberg
a2ffe8c05e
dont generate nonce for deleted members 2021-09-02 11:24:04 -07:00
Grant Limberg
d0f4cfe6b4
print load status messages a little less often now that things go brrrrrrrrr 2021-08-20 10:34:00 -07:00
Grant Limberg
3ec23f92ec
helps to add part of the query 2021-08-20 10:30:37 -07:00
Grant Limberg
6baac1b4e0
more query optimizations 2021-08-20 10:27:45 -07:00
Grant Limberg
50b0b2e2e9
query optimization 2021-08-19 17:55:30 -07:00
Grant Limberg
20721491e8
kill some noisy logs 2021-08-19 13:03:56 -07:00
Grant Limberg
eec46a137e
optimize data loading from psql on startup 2021-08-19 12:44:02 -07:00
Grant Limberg
9eae444104
kill some verbose logs 2021-08-19 09:21:52 -07:00
Adam Ierymenko
576b4f03a5
Adjust deauth time window and send revocation when SSO members expire. 2021-08-18 12:17:40 -04:00
Adam Ierymenko
461810b06a
Move return so record gets created before URL. 2021-08-10 11:22:29 -04:00
Grant Limberg
613d7b5ece
fix backwards logic 2021-08-04 09:16:04 -07:00
Adam Ierymenko
c101d71d7c
Tweak auth timeout notify. 2021-07-30 18:44:34 -04:00
Adam Ierymenko
663e748b8d
Deauth expiring members right away. 2021-07-26 23:45:18 -04:00
Adam Ierymenko
0cf62d334d
Remove pointless check. 2021-07-26 13:38:35 -04:00
Adam Ierymenko
0872012cd9
small fix 2021-07-26 13:11:01 -04:00
Adam Ierymenko
c2d8fe46d5
About ready to test notify of SSO timeout... 2021-07-23 19:20:10 -04:00
Adam Ierymenko
0310bfa3e3
Include authentication URL in config 2021-07-23 19:17:42 -04:00
Adam Ierymenko
efe0e8aa7b
Notification of about-to-expire status... almost there. 2021-07-23 19:05:59 -04:00
Adam Ierymenko
5c7e51feaf
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-07-23 18:49:05 -04:00
Adam Ierymenko
34de579c91
Handling of soon-to-expire members 2021-07-23 18:49:00 -04:00
Grant Limberg
73ddea8864
use network ID, not controller ID for looking up network data 2021-07-06 14:15:01 -07:00
Grant Limberg
10215af96d
whoops 2021-07-06 13:18:08 -07:00
Grant Limberg
e67fee0264
debug logging 2021-07-06 13:08:21 -07:00
Grant Limberg
5ece4f734a
fix error message 2021-07-06 13:08:16 -07:00
Grant Limberg
f8ea7fdc2b
Fix for GitHub #859
Wrong DB::get() method being called to look up the network member for deletes
2021-06-24 10:32:21 -07:00
Grant Limberg
364ad87e2b
add ssoEnabled flag to network config 2021-06-05 13:44:45 -07:00
Grant Limberg
9380ef708a
debug strings & query fixes 2021-06-05 13:44:07 -07:00
Grant Limberg
fd174b3459
fix auth time lookup 2021-06-04 20:55:22 -07:00
Grant Limberg
21d27c314c
HMACSHA384 the nonce bytes, not the hex encoded nonce bytes 2021-06-04 20:06:04 -07:00
Grant Limberg
0b89a49201
typo 2021-06-04 16:56:28 -07:00
Grant Limberg
e6b4fb5af7
add "ssoRedirectURL" to local.conf
plumbed it through to the central controller code
2021-06-04 16:29:03 -07:00
Grant Limberg
c227330d09
fix redirect_uri substitution 2021-06-04 15:58:38 -07:00
Grant Limberg
b16f40c0de
. 2021-06-04 15:18:18 -07:00
Grant Limberg
fd85f87ade
handle null in result set 2021-06-04 15:15:42 -07:00
Grant Limberg
add33f1ab3
cast to bigint in query 2021-06-04 14:48:41 -07:00
Grant Limberg
3bfc438ae8
null handling 2021-06-04 14:40:14 -07:00
Adam Ierymenko
1dfe909bab
Increase authentication URL sizes. 2021-06-04 16:46:56 -04:00
Grant Limberg
75d17ea3c8
Helps to commit when trying to write a change to the db 2021-06-04 13:20:03 -07:00
Grant Limberg
96d15337bb
default 0 2021-06-04 13:19:39 -07:00
Grant Limberg
74a678c1e1
chicken or egg problem.
member must exist in the database before we can generate a nonce & SSO URL
2021-06-04 12:49:26 -07:00
Grant Limberg
fed1846c6f
need tres commas 2021-06-04 12:19:52 -07:00
Grant Limberg
f27d193cf6
. 2021-06-04 11:56:12 -07:00
Grant Limberg
7941b63543
another typo 2021-06-04 11:43:42 -07:00
Grant Limberg
21965ac8e8
yet another query fix 2021-06-04 11:40:03 -07:00
Grant Limberg
7ca2ecb421
put expiry time back on nc object 2021-06-04 11:39:52 -07:00
Grant Limberg
1dcfc03cbc
another query fix 2021-06-04 11:22:30 -07:00
Grant Limberg
0702e581a1
remove some noisy log lines & fix a query error 2021-06-04 11:06:54 -07:00
Grant Limberg
c78792a705
moar temporary debug printfs 2021-06-04 11:00:51 -07:00
Grant Limberg
287c19e822
move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not 2021-06-04 09:46:31 -07:00
Grant Limberg
bc901d613d
check for nulls 2021-06-04 09:20:39 -07:00
Grant Limberg
6cb4c58d9a
linux docker build 2021-06-03 18:30:32 -07:00
Grant Limberg
4f521baafd
Big SSO update
make things hopefully work
2021-06-03 14:38:26 -07:00
Grant Limberg
81fda3f5b8
set a default and goes boom 🤦‍♂️ 2021-06-02 15:07:53 -07:00
Grant Limberg
91c4dfc7c0
database version 2021-06-02 14:49:12 -07:00
Grant Limberg
fc6d90a04a
set the correct default 2021-06-02 14:27:58 -07:00
Grant Limberg
faf0c6bbfa
make sure to commit on online notification thread 2021-06-02 14:08:09 -07:00
Grant Limberg
79f1e81745
debug printf typo & line break 2021-06-02 13:51:47 -07:00
Grant Limberg
7427961fcf
bug fixes & debug code 2021-06-02 13:46:54 -07:00
Grant Limberg
d2f1d05a06
handle cases where authenticationURL and authenticationExpiryTime don't exist 2021-06-02 13:46:43 -07:00
Grant Limberg
19f4146aca
make DB::_memberChanged and _networkChanged virtual 2021-06-02 13:46:11 -07:00
Grant Limberg
47154fa623
transiton to libpqxx & connection pool for central controllers 2021-06-02 11:44:00 -07:00
Grant Limberg
c2efdcabc5
fix 2021-05-28 15:01:42 -07:00
Grant Limberg
6d8c96b89f
formatting 2021-05-28 14:19:13 -07:00
Adam Ierymenko
c470c6255e
Postgres code for SSO (almost certainly needs work) 2021-05-28 17:08:24 -04:00
Adam Ierymenko
6b3a7ec827
Fix a few things... 2021-05-25 14:40:40 -04:00
Adam Ierymenko
1ce71f9dc0
Build fix. 2021-05-25 13:05:06 -04:00
Adam Ierymenko
18508b5a2e
Build fix. 2021-05-25 13:04:14 -04:00
Adam Ierymenko
621898f3c5
Forgot to set auth info in NetworkConfig. 2021-05-25 13:02:06 -04:00
Adam Ierymenko
2c1d7f3dcc
CLI printing of URL. 2021-05-25 12:58:33 -04:00
Adam Ierymenko
b270d527f4
Basic plumbing for authentication requirement and piping through of URL information. 2021-05-24 22:58:17 -04:00
Adam Ierymenko
d64c5a92c6
Merge pull request #1233 from dosuperuser/improvement/optimizations
Minor C++ optimizations
2020-11-24 19:24:36 -05:00
Adam Ierymenko
24769219b5 Merge branch 'dev' 2020-10-08 18:08:24 -04:00
Grant Limberg
c80843e496
Revert "remove redundant writes when changes come from Central"
This reverts commit f9396f979f.
2020-10-05 13:32:47 -07:00
Grant Limberg
f9396f979f
remove redundant writes when changes come from Central
network & member changes tagged with `"fromCentral": true` will not be rewritten to the db
2020-10-05 11:03:03 -07:00
Adam Ierymenko
bb45f9ca3c Upgrade cpp-httplib 2020-09-30 15:21:58 -04:00
Grant Limberg
ff23d3051f
self hosted controller JSON format fix for DNS 2020-09-23 12:16:23 -07:00
Grant Limberg
3db263284b
not sure how this got reverted 2020-09-10 13:18:25 -07:00
Grant Limberg
43c108f077
missed a rollback 2020-08-26 15:50:36 -07:00