wip

controller/EmbeddedNetworkController.cpp

@@ -1338,7 +1338,7 @@ void EmbeddedNetworkController::_request(
 	bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
 	bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false);
 	AuthInfo info;
-	if (networkSSOEnabled && ! memberSSOExempt) {
+	if (networkSSOEnabled && !memberSSOExempt) {
 		info = _db.getSSOAuthInfo(member, _ssoRedirectURL);
 		assert(info.enabled == networkSSOEnabled);
 
@@ -1364,24 +1364,23 @@ void EmbeddedNetworkController::_request(
 					return;
 				}
 			} else if (info.version == 1) {
-				if (!info.authenticationURL.empty()) {
-					_db.networkMemberSSOHasExpired(nwid, now);
-					onNetworkMemberDeauthorize(&_db, nwid, identity.address().toInt());
-
-					Dictionary<8192> authInfo;
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_VERSION, info.version);
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, info.issuerURL.c_str());
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, info.centralAuthURL.c_str());
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_NONCE, info.ssoNonce.c_str());
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_STATE, info.ssoState.c_str());
-					authInfo.add(ZT_AUTHINFO_DICT_KEY_CLIENT_ID, info.ssoClientID.c_str());
-
-					DB::cleanMember(member);
-					_db.save(member, true);
-
-					_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
-					return;
-				}
+				_db.networkMemberSSOHasExpired(nwid, now);
+				onNetworkMemberDeauthorize(&_db, nwid, identity.address().toInt());
+
+				Dictionary<8192> authInfo;
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_VERSION, info.version);
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, info.issuerURL.c_str());
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, info.centralAuthURL.c_str());
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_NONCE, info.ssoNonce.c_str());
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_STATE, info.ssoState.c_str());
+				authInfo.add(ZT_AUTHINFO_DICT_KEY_CLIENT_ID, info.ssoClientID.c_str());
+
+				DB::cleanMember(member);
+				_db.save(member, true);
+
+				fprintf(stderr, "Sending NC_ERROR_AUTHENTICATION_REQUIRED\n");
+				_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
+				return;
 			} else {
 				fprintf(stderr, "invalid sso info.version %llu\n", info.version);
 			}
@@ -1472,6 +1471,7 @@ void EmbeddedNetworkController::_request(
 			Utils::scopy(nc->centralAuthURL, sizeof(nc->centralAuthURL), info.centralAuthURL.c_str());
 		}
 		if (!info.issuerURL.empty()) {
+			fprintf(stderr, "copying issuerURL to nc: %s\n", info.issuerURL.c_str());
 			Utils::scopy(nc->issuerURL, sizeof(nc->issuerURL), info.issuerURL.c_str());
 		}
 		if (!info.ssoNonce.empty()) {

node/IncomingPacket.cpp

@@ -191,9 +191,9 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
 		}	break;
 
 		case Packet::ERROR_NETWORK_AUTHENTICATION_REQUIRED: {
+			fprintf(stderr, "\nPacket::ERROR_NETWORK_AUTHENTICATION_REQUIRED\n\n");
 			const SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
 			if ((network)&&(network->controller() == peer->address())) {
-				bool noUrl = true;
 				int s = (int)size() - (ZT_PROTO_VERB_ERROR_IDX_PAYLOAD + 8);
 				if (s > 2) {
 					const uint16_t errorDataSize = at<uint16_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD + 8);
@@ -204,55 +204,43 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
 						uint64_t authVer = authInfo.getUI(ZT_AUTHINFO_DICT_KEY_VERSION, 0ULL);
 
 						if (authVer == 0) {
+							fprintf(stderr, "authVer == 1\n");
 							char authenticationURL[2048];
-							
+
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL, authenticationURL, sizeof(authenticationURL)) > 0) {
 								authenticationURL[sizeof(authenticationURL) - 1] = 0; // ensure always zero terminated
 								network->setAuthenticationRequired(authenticationURL);
-								noUrl = false;
 							}
 						} else if (authVer == 1) {
-							bool haveIssuerURL = false;
+							fprintf(stderr, "authVer == 2\n");
 							char issuerURL[2048] = { 0 };
-							bool haveCentralURL = false;
 							char centralAuthURL[2048] = { 0 };
-							bool haveNonce = false;
 							char ssoNonce[64] = { 0 };
-							bool haveState = false;
 							char ssoState[128] = {0};
-							bool haveClientID = false;
 							char ssoClientID[256] = { 0 };
 
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, issuerURL, sizeof(issuerURL)) > 0) {
 								issuerURL[sizeof(issuerURL) - 1] = 0;
-								haveIssuerURL = true;
 							}
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, centralAuthURL, sizeof(centralAuthURL))>0) {
 								centralAuthURL[sizeof(centralAuthURL) - 1] = 0;
-								haveCentralURL = true;
 							}
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_NONCE, ssoNonce, sizeof(ssoNonce)) > 0) {
 								ssoNonce[sizeof(ssoNonce) - 1] = 0;
-								haveNonce = true;
 							}
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_STATE, ssoState, sizeof(ssoState)) > 0) {
 								ssoState[sizeof(ssoState) - 1] = 0;
-								haveState = true;
 							}
 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CLIENT_ID, ssoClientID, sizeof(ssoClientID)) > 0) {
 								ssoClientID[sizeof(ssoClientID) - 1] = 0;
-								haveClientID = true;
 							}
 
-							noUrl = ! (haveIssuerURL && haveCentralURL && haveNonce && haveState && haveClientID);
-
-							if (!noUrl) {
-								network->setAuthenticationRequired(issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState);
-							}
+							fprintf(stderr, "Setting auth required on network\n");
+							network->setAuthenticationRequired(issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState);
 						}
 					}
-				}
-				if (noUrl) {
+				} else {
+					fprintf(stderr, "authinfo??????\n");
 					network->setAuthenticationRequired("");
 				}
 			}

node/NetworkConfig.cpp

@@ -412,6 +412,7 @@ bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACI
 					}
 					if (d.get(ZT_NETWORKCONFIG_DICT_KEY_ISSUER_URL, this->issuerURL, (unsigned int)sizeof(this->issuerURL)) > 0) {
 						this->issuerURL[sizeof(this->issuerURL) - 1] = 0;
+						fprintf(stderr, "Loaded issuer url: %s\n", this->issuerURL);
 					}
 					if (d.get(ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL, this->centralAuthURL, (unsigned int)sizeof(this->centralAuthURL)) > 0) {
 						this->centralAuthURL[sizeof(this->centralAuthURL) - 1] = 0;
@@ -432,6 +433,7 @@ bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACI
 					this->ssoNonce[0] = 0;
 					this->ssoState[0] = 0;
 					this->ssoClientID[0] = 0;
+					this->issuerURL[0] = 0;
 				}
 			}
 		}

node/NetworkConfig.hpp

@@ -94,7 +94,7 @@
 namespace ZeroTier {
 
 // Dictionary capacity needed for max size network config
-#define ZT_NETWORKCONFIG_DICT_CAPACITY (4096 + (sizeof(ZT_VirtualNetworkRule) * ZT_MAX_NETWORK_RULES) + (sizeof(Capability) * ZT_MAX_NETWORK_CAPABILITIES) + (sizeof(Tag) * ZT_MAX_NETWORK_TAGS) + (sizeof(CertificateOfOwnership) * ZT_MAX_CERTIFICATES_OF_OWNERSHIP))
+#define ZT_NETWORKCONFIG_DICT_CAPACITY (4096 + (sizeof(ZT_VirtualNetworkConfig)) + (sizeof(ZT_VirtualNetworkRule) * ZT_MAX_NETWORK_RULES) + (sizeof(Capability) * ZT_MAX_NETWORK_CAPABILITIES) + (sizeof(Tag) * ZT_MAX_NETWORK_TAGS) + (sizeof(CertificateOfOwnership) * ZT_MAX_CERTIFICATES_OF_OWNERSHIP))
 
 // Dictionary capacity needed for max size network meta-data
 #define ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY 1024

node/Node.cpp

@@ -741,8 +741,10 @@ void Node::ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &des
 				n->setAccessDenied();
 				break;
 			case NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED: {
-			}
+				fprintf(stderr, "\n\nGot auth required\n\n");
+
 				break;
+			} 
 
 			default: break;
 		}

service/OneService.cpp

@@ -275,6 +275,11 @@ public:
 					_webPort
 				);
 
+				if (_idc == nullptr) {
+					fprintf(stderr, "idc is null\n");
+					return;
+				}
+
 				fprintf(stderr, "idc created (%s, %s, %s)\n", _config.issuerURL, _config.ssoClientID, _config.centralAuthURL);
 			}