Commit Graph

185 Commits

Author SHA1 Message Date
Grant Limberg
0ae09577f6
Client & Central Controller updates to support additonal OIDC features (#1848)
Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different

Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
2023-01-19 15:39:15 -08:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff. 2022-04-19 16:06:53 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Grant Limberg
eaccce743f
moar plumbing progress 2021-12-01 12:07:05 -08:00
Grant Limberg
91e9b736dd
make service objs dependent on zeroidc 2021-11-18 10:42:12 -08:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Grant Limberg
8dd3639576
set ssoEnabled = true on network config if we get ERROR_NETWORK_AUTHENTICATION_REQUIRED 2021-06-05 14:00:03 -07:00
Adam Ierymenko
810e2a761f
Fix authentication URL... 2021-05-25 14:49:06 -04:00
Adam Ierymenko
b270d527f4
Basic plumbing for authentication requirement and piping through of URL information. 2021-05-24 22:58:17 -04:00
Adam Ierymenko
06730c7d1d BSL date bump 2020-08-20 12:51:39 -07:00
Adam Ierymenko
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1 2019-08-23 09:23:39 -07:00
Adam Ierymenko
75ebe5172f Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced) 2019-08-02 20:43:02 -07:00
Adam Ierymenko
a019c3dd5d Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes. 2019-06-25 13:42:20 -07:00
Adam Ierymenko
63ec19674c . 2019-03-19 16:43:43 -07:00
Adam Ierymenko
e03102dbcb Clean out some unnecessarily pedantic auth stuff in favor of a simpler way of gating multicast gathers. 2019-03-14 14:29:15 -07:00
Joseph Henry
0e597191b8 Updated licenses for 2019 2019-01-14 10:25:53 -08:00
Joseph Henry
28cb40529d Rough draft of fq-codel implementation 2018-07-10 16:50:12 -07:00
Joseph Henry
9681fedbb4 Spellcheck sweep across codebase 2018-06-07 17:25:27 -07:00
Adam Ierymenko
6d8e1e8783 More cleanup of old stuff. 2018-01-26 21:34:56 -05:00
Adam Ierymenko
65c07afe05 Copyright updates for 2018. 2018-01-08 14:33:28 -08:00
Grant Limberg
b1d60df44c timestamps changed from uint64_t to int64_t
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability.  This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
Adam Ierymenko
b9e1d53d7a Minor cleanup. 2017-07-17 14:21:09 -07:00
Adam Ierymenko
495c5ce81d Bunch of remote tracing work. 2017-07-13 10:51:05 -07:00
Adam Ierymenko
6015b529a0 More clustering work. 2017-06-01 12:33:05 -07:00
Adam Ierymenko
1b68d6dbdc License header update. 2017-04-27 20:47:25 -07:00
Adam Ierymenko
88a4a3b1ba Pass tptr on leave. 2017-04-11 08:47:02 -07:00
Adam Ierymenko
e4896b257f Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call. 2017-03-27 17:03:17 -07:00
Adam Ierymenko
e10325e133 GitHub issue #461 -- plus a bit of cleanup and optimization 2017-03-17 17:15:23 -07:00
Adam Ierymenko
10185e92fa Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6. 2017-02-23 11:47:36 -08:00
Adam Ierymenko
ed31cb76d6 Fix to cluster network configs. 2017-01-30 16:04:05 -08:00
Adam Ierymenko
226123ca08 Refactor controller to permit sending of pushes as well as just replies to config requests. 2016-11-10 11:54:47 -08:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko
daf8a66ced More correct and efficient to initialize member relationship push stuff lazily when member is learned. 2016-09-07 15:47:20 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
f0636ffd4a EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule. 2016-08-29 15:54:06 -07:00
Adam Ierymenko
2cdda38dc4 It basically works... at least on current controllers. 2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6 Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller. 2016-08-24 14:28:16 -07:00
Adam Ierymenko
0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00
Adam Ierymenko
4d498b3765 Handling of multi-part chunked network configs on the inbound side. 2016-08-09 13:14:38 -07:00