ZeroTierOne

mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-21 05:53:09 +00:00

Author	SHA1	Message	Date
Adam Ierymenko	a4e8847664	Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.	2022-04-19 10:37:58 -04:00
Adam Ierymenko	c492bf7eea	Forgot to send error on v0 auth expiry.	2022-04-18 16:36:09 -04:00
Adam Ierymenko	cb086ff97f	Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot.	2022-04-18 16:32:05 -04:00
Adam Ierymenko	55a99f34d0	Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.	2022-04-15 14:23:26 -04:00
Adam Ierymenko	58119598ae	comment out some new deauth code	2022-04-13 23:10:11 -04:00
Adam Ierymenko	42a2afaef9	This may improve controller behavior with SSO and mixed SSO, needs testing!	2022-04-13 21:39:56 -04:00
Grant Limberg	f8e24f4629	Fix issue where restarting a controller causes a DB write for each network member	2022-02-28 12:26:32 -08:00
Grant Limberg	c09010c25a	handle nonce rotation in controller better Won't generate new nonces until there are no active ones.	2022-01-20 15:14:29 -08:00
Grant Limberg	b3fbbd3124	refresh tokens now working Still investigating the best way to do a couple things, but we have something working	2021-12-07 16:29:50 -08:00
Grant Limberg	730482e62f	encode network ID into sso state param	2021-12-01 15:02:21 -08:00
Grant Limberg	663a09b38d	oidc stuff coming across the wire properly and generating a working login URL	2021-12-01 13:01:32 -08:00
Grant Limberg	7cce23ae79	wip	2021-12-01 10:44:29 -08:00
Grant Limberg	dfdac7adbd	iomanip	2021-11-30 17:31:46 -08:00
Grant Limberg	a33d7c64fe	more fixin	2021-11-30 17:27:13 -08:00
Grant Limberg	d15516f0ef	query fix & controller build fix	2021-11-30 16:18:34 -08:00
Grant Limberg	fa21fdc1cc	rename stuff for clarity authenticationURL will still be used by the client for v1 and v2 of sso	2021-11-11 16:19:26 -08:00
Grant Limberg	43433cdb5a	integrate rust build of zeroidc to linux	2021-11-04 17:16:23 -07:00
Grant Limberg	8d39c9a861	plumbing full flow from controller -> client network	2021-11-04 15:40:08 -07:00
Grant Limberg	3818351287	use pqxx::pipeline for online update thread	2021-10-06 09:39:30 -07:00
Grant Limberg	4d26b5a868	no reason for this to be a pointer	2021-10-05 17:02:50 -07:00
Grant Limberg	ac0dc7844f	rework commit thread & some connection pool borrowing issues	2021-10-05 09:25:24 -07:00
Adam Ierymenko	134d33c218	Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.	2021-09-20 15:40:55 -07:00
Grant Limberg	46adc1f059	ifdef this out	2021-09-20 15:39:53 -07:00
Grant Limberg	9002555596	ensure count > 0	2021-09-20 15:39:44 -07:00
Grant Limberg	c3a42bf590	remove heartbeat log	2021-09-02 16:46:42 -07:00
Grant Limberg	8b95afa96a	logging	2021-09-02 16:32:40 -07:00
Grant Limberg	6a49a766ca	logging	2021-09-02 16:22:59 -07:00
Grant Limberg	16ff14bda7	identify controller in pool stats	2021-09-02 13:48:08 -07:00
Grant Limberg	57c1d96b71	math	2021-09-02 12:48:49 -07:00
Grant Limberg	40f376e2b9	print db pool stats periodically	2021-09-02 12:45:26 -07:00
Grant Limberg	dc61f78916	set psql application_name in startup script	2021-09-02 11:24:07 -07:00
Grant Limberg	a2ffe8c05e	dont generate nonce for deleted members	2021-09-02 11:24:04 -07:00
Grant Limberg	d0f4cfe6b4	print load status messages a little less often now that things go brrrrrrrrr	2021-08-20 10:34:00 -07:00
Grant Limberg	3ec23f92ec	helps to add part of the query	2021-08-20 10:30:37 -07:00
Grant Limberg	6baac1b4e0	more query optimizations	2021-08-20 10:27:45 -07:00
Grant Limberg	50b0b2e2e9	query optimization	2021-08-19 17:55:30 -07:00
Grant Limberg	20721491e8	kill some noisy logs	2021-08-19 13:03:56 -07:00
Grant Limberg	eec46a137e	optimize data loading from psql on startup	2021-08-19 12:44:02 -07:00
Grant Limberg	9eae444104	kill some verbose logs	2021-08-19 09:21:52 -07:00
Adam Ierymenko	576b4f03a5	Adjust deauth time window and send revocation when SSO members expire.	2021-08-18 12:17:40 -04:00
Adam Ierymenko	461810b06a	Move return so record gets created before URL.	2021-08-10 11:22:29 -04:00
Grant Limberg	613d7b5ece	fix backwards logic	2021-08-04 09:16:04 -07:00
Adam Ierymenko	c101d71d7c	Tweak auth timeout notify.	2021-07-30 18:44:34 -04:00
Adam Ierymenko	663e748b8d	Deauth expiring members right away.	2021-07-26 23:45:18 -04:00
Adam Ierymenko	0cf62d334d	Remove pointless check.	2021-07-26 13:38:35 -04:00
Adam Ierymenko	0872012cd9	small fix	2021-07-26 13:11:01 -04:00
Adam Ierymenko	c2d8fe46d5	About ready to test notify of SSO timeout...	2021-07-23 19:20:10 -04:00
Adam Ierymenko	0310bfa3e3	Include authentication URL in config	2021-07-23 19:17:42 -04:00
Adam Ierymenko	efe0e8aa7b	Notification of about-to-expire status... almost there.	2021-07-23 19:05:59 -04:00
Adam Ierymenko	5c7e51feaf	Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev	2021-07-23 18:49:05 -04:00
Adam Ierymenko	34de579c91	Handling of soon-to-expire members	2021-07-23 18:49:00 -04:00
Grant Limberg	73ddea8864	use network ID, not controller ID for looking up network data	2021-07-06 14:15:01 -07:00
Grant Limberg	10215af96d	whoops	2021-07-06 13:18:08 -07:00
Grant Limberg	e67fee0264	debug logging	2021-07-06 13:08:21 -07:00
Grant Limberg	5ece4f734a	fix error message	2021-07-06 13:08:16 -07:00
Grant Limberg	f8ea7fdc2b	Fix for GitHub #859 Wrong DB::get() method being called to look up the network member for deletes	2021-06-24 10:32:21 -07:00
Grant Limberg	364ad87e2b	add ssoEnabled flag to network config	2021-06-05 13:44:45 -07:00
Grant Limberg	9380ef708a	debug strings & query fixes	2021-06-05 13:44:07 -07:00
Grant Limberg	fd174b3459	fix auth time lookup	2021-06-04 20:55:22 -07:00
Grant Limberg	21d27c314c	HMACSHA384 the nonce bytes, not the hex encoded nonce bytes	2021-06-04 20:06:04 -07:00
Grant Limberg	0b89a49201	typo	2021-06-04 16:56:28 -07:00
Grant Limberg	e6b4fb5af7	add "ssoRedirectURL" to local.conf plumbed it through to the central controller code	2021-06-04 16:29:03 -07:00
Grant Limberg	c227330d09	fix redirect_uri substitution	2021-06-04 15:58:38 -07:00
Grant Limberg	b16f40c0de	.	2021-06-04 15:18:18 -07:00
Grant Limberg	fd85f87ade	handle null in result set	2021-06-04 15:15:42 -07:00
Grant Limberg	add33f1ab3	cast to bigint in query	2021-06-04 14:48:41 -07:00
Grant Limberg	3bfc438ae8	null handling	2021-06-04 14:40:14 -07:00
Adam Ierymenko	1dfe909bab	Increase authentication URL sizes.	2021-06-04 16:46:56 -04:00
Grant Limberg	75d17ea3c8	Helps to commit when trying to write a change to the db	2021-06-04 13:20:03 -07:00
Grant Limberg	96d15337bb	default 0	2021-06-04 13:19:39 -07:00
Grant Limberg	74a678c1e1	chicken or egg problem. member must exist in the database before we can generate a nonce & SSO URL	2021-06-04 12:49:26 -07:00
Grant Limberg	fed1846c6f	need tres commas	2021-06-04 12:19:52 -07:00
Grant Limberg	f27d193cf6	.	2021-06-04 11:56:12 -07:00
Grant Limberg	7941b63543	another typo	2021-06-04 11:43:42 -07:00
Grant Limberg	21965ac8e8	yet another query fix	2021-06-04 11:40:03 -07:00
Grant Limberg	7ca2ecb421	put expiry time back on nc object	2021-06-04 11:39:52 -07:00
Grant Limberg	1dcfc03cbc	another query fix	2021-06-04 11:22:30 -07:00
Grant Limberg	0702e581a1	remove some noisy log lines & fix a query error	2021-06-04 11:06:54 -07:00
Grant Limberg	c78792a705	moar temporary debug printfs	2021-06-04 11:00:51 -07:00
Grant Limberg	287c19e822	move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not	2021-06-04 09:46:31 -07:00
Grant Limberg	bc901d613d	check for nulls	2021-06-04 09:20:39 -07:00
Grant Limberg	6cb4c58d9a	linux docker build	2021-06-03 18:30:32 -07:00
Grant Limberg	4f521baafd	Big SSO update make things hopefully work	2021-06-03 14:38:26 -07:00
Grant Limberg	81fda3f5b8	set a default and goes boom 🤦‍♂️	2021-06-02 15:07:53 -07:00
Grant Limberg	91c4dfc7c0	database version	2021-06-02 14:49:12 -07:00
Grant Limberg	fc6d90a04a	set the correct default	2021-06-02 14:27:58 -07:00
Grant Limberg	faf0c6bbfa	make sure to commit on online notification thread	2021-06-02 14:08:09 -07:00
Grant Limberg	79f1e81745	debug printf typo & line break	2021-06-02 13:51:47 -07:00
Grant Limberg	7427961fcf	bug fixes & debug code	2021-06-02 13:46:54 -07:00
Grant Limberg	d2f1d05a06	handle cases where authenticationURL and authenticationExpiryTime don't exist	2021-06-02 13:46:43 -07:00
Grant Limberg	19f4146aca	make DB::_memberChanged and _networkChanged virtual	2021-06-02 13:46:11 -07:00
Grant Limberg	47154fa623	transiton to libpqxx & connection pool for central controllers	2021-06-02 11:44:00 -07:00
Grant Limberg	c2efdcabc5	fix	2021-05-28 15:01:42 -07:00
Grant Limberg	6d8c96b89f	formatting	2021-05-28 14:19:13 -07:00
Adam Ierymenko	c470c6255e	Postgres code for SSO (almost certainly needs work)	2021-05-28 17:08:24 -04:00
Adam Ierymenko	6b3a7ec827	Fix a few things...	2021-05-25 14:40:40 -04:00
Adam Ierymenko	1ce71f9dc0	Build fix.	2021-05-25 13:05:06 -04:00
Adam Ierymenko	18508b5a2e	Build fix.	2021-05-25 13:04:14 -04:00
Adam Ierymenko	621898f3c5	Forgot to set auth info in NetworkConfig.	2021-05-25 13:02:06 -04:00
Adam Ierymenko	2c1d7f3dcc	CLI printing of URL.	2021-05-25 12:58:33 -04:00

1 2 3 4 5 ...

682 Commits