Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'dev' of github.com:/zerotier/ZeroTierOne into dev

Adam Ierymenko 2 years ago
parent
86a436e9bf 7516fd03a3
commit
5a6c229b27
5 changed files with 36 additions and 14 deletions
Split View Show Diff Stats
  1. 3 7
      controller/PostgreSQL.cpp
  2. 3 1
      ext/central-controller-docker/Dockerfile.builder
  3. 7 1
      ext/central-controller-docker/Dockerfile.run_base
  4. 17 5
      zeroidc/src/lib.rs
  5. 6 0
      zerotier-one.spec

+ 3 - 7
controller/PostgreSQL.cpp
View File 

@@ -442,13 +442,9 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
 
 				exit(7);
 
 			}
 
 
-			r = w.exec_params("SELECT oc.client_id, oc.authorization_endpoint, oc.issuer, oc.sso_impl_version "
 
-							  "FROM ztc_network n "
 
-							  "INNER JOIN ztc_network_oidc_config noc "
 
-							  "  ON noc.network_id = n.id "
 
-							  "INNER JOIN ztc_oidc_config oc "
 
-							  "  ON noc.client_id = oc.client_id "
 
-							  "WHERE n.id = $1 AND n.sso_enabled = true", networkId);
 
+			r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version "
 
+				"FROM ztc_network AS nw, ztc_org AS org "
 
+				"WHERE nw.id = $1 AND nw.sso_enabled = true AND org.owner_id = nw.owner_id", networkId);
 
 		
 			std::string client_id = "";
 
 			std::string authorization_endpoint = "";

+ 3 - 1
ext/central-controller-docker/Dockerfile.builder
View File 

@@ -18,6 +18,8 @@ RUN apt -y install \
 
     libssl-dev \
 
     postgresql-client \
 
     postgresql-client-common \
 
-    curl
 
+    curl \
 
+    google-perftools \
 
+    libgoogle-perftools-dev
 
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

+ 7 - 1
ext/central-controller-docker/Dockerfile.run_base
View File 

@@ -1,8 +1,14 @@
 
 FROM ubuntu:jammy
 
+
 
 RUN apt update && apt upgrade -y
 
+
 
 RUN apt -y install \
 
     postgresql-client \
 
     postgresql-client-common \
 
     libjemalloc2 \
 
     libpq5 \
 
-    curl
 
+    curl \
 
+    binutils \
 
+    linux-tools-gke \
 
+    perf-tools-unstable \
 
+    google-perftools

+ 17 - 5
zeroidc/src/lib.rs
View File 

@@ -498,7 +498,8 @@ impl ZeroIDC {
 
                             let n = match i.nonce.clone() {
 
                                 Some(n) => n,
 
                                 None => {
 
-                                    println!("no noce");
 
+                                    println!("no nonce");
 
+                                    i.running = false;
 
                                     return None;
 
                                 }
 
                             };
 
@@ -507,6 +508,7 @@ impl ZeroIDC {
 
                                 Some(t) => t,
 
                                 None => {
 
                                     println!("no id token");
 
+                                    i.running = false;
 
                                     return None;
 
                                 }
 
                             };
 
@@ -515,6 +517,7 @@ impl ZeroIDC {
 
                                 Ok(c) => c,
 
                                 Err(_e) => {
 
                                     println!("no claims");
 
+                                    i.running = false;
 
                                     return None;
 
                                 }
 
                             };
 
@@ -523,6 +526,7 @@ impl ZeroIDC {
 
                                 Ok(s) => s,
 
                                 Err(_) => {
 
                                     println!("no signing algorithm");
 
+                                    i.running = false;
 
                                     return None;
 
                                 }
 
                             };
 
@@ -535,12 +539,14 @@ impl ZeroIDC {
 
                                     Ok(h) => h,
 
                                     Err(e) => {
 
                                         println!("Error hashing access token: {}", e);
 
+                                        i.running = false;
 
                                         return None;
 
                                     }
 
                                 };
 
 
                                 if actual_hash != *expected_hash {
 
                                     println!("token hash error");
 
+                                    i.running = false;
 
                                     return None;
 
                                 }
 
                             }
 
@@ -549,7 +555,7 @@ impl ZeroIDC {
 
                         Err(e) => {
 
                             println!("token response error: {:?}", e.to_string());
 
                             println!("\t {:?}", e.source());
 
-
 
+                            i.running = false;
 
                             None
 
                         }
 
                     }
 
@@ -634,10 +640,12 @@ impl ZeroIDC {
 
 
                                     Ok(bytes)
 
                                 } else if res.status() == 402 {
 
-                                        Err(SSOExchangeError::new(
 
-                                            "additional license seats required. Please contact your network administrator.".to_string(),
 
-                                        ))
 
+                                    i.running = false;
 
+                                    Err(SSOExchangeError::new(
 
+                                        "additional license seats required. Please contact your network administrator.".to_string(),
 
+                                    ))
 
                                 } else {
 
+                                    i.running = false;
 
                                     Err(SSOExchangeError::new(
 
                                         "error from central endpoint".to_string(),
 
                                     ))
 
@@ -649,20 +657,24 @@ impl ZeroIDC {
 
                                 println!("Status: {}", res.status().unwrap());
 
                                 println!("Post error: {}", res);
 
                                 i.exp_time = 0;
 
+                                i.running = false;
 
                                 Err(SSOExchangeError::new(
 
                                     "error from central endpoint".to_string(),
 
                                 ))
 
                             }
 
                         }
 
                     } else {
 
+                        i.running = false;
 
                         Err(SSOExchangeError::new(
 
                             "error splitting state token".to_string(),
 
                         ))
 
                     }
 
                 } else {
 
+                    i.running = false;
 
                     Err(SSOExchangeError::new("invalid token response".to_string()))
 
                 }
 
             } else {
 
+                i.running = false;
 
                 Err(SSOExchangeError::new("invalid pkce verifier".to_string()))
 
             }
 
         });

+ 6 - 0
zerotier-one.spec
View File 

@@ -59,6 +59,12 @@ Requires:       systemd openssl
 
 Requires(pre): /usr/sbin/useradd, /usr/bin/getent
 
 %endif
 
 
+%if "%{?dist}" == ".amzn2022"
 
+BuildRequires:  systemd openssl-devel
 
+Requires:       systemd openssl
 
+Requires(pre): /usr/sbin/useradd, /usr/bin/getent
 
+%endif
 
+
 
 %description
 
 ZeroTier is a software defined networking layer for Earth.