for now, only enable sso on certain platforms

mac, windows, linux x86/x86_64/aarch64

node/Constants.hpp

@@ -50,9 +50,16 @@
 #define __UNIX_LIKE__
 #endif
 #include <endian.h>
+
+#if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__) || defined(_M_X64) || defined(__aarch64__))
+#define OIDC_SUPPORTED 1
+#else
+#define OIDC_SUPPORTED 0
+#endif
 #endif
 
 #ifdef __APPLE__
+#define OIDC_SUPPORTED 1
 #define likely(x) __builtin_expect((x),1)
 #define unlikely(x) __builtin_expect((x),0)
 #include <TargetConditionals.h>
@@ -66,6 +73,7 @@
 #endif
 
 #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
+#define OIDC_SUPPORTED 0
 #ifndef __UNIX_LIKE__
 #define __UNIX_LIKE__
 #endif
@@ -81,6 +89,7 @@
 #endif
 
 #if defined(_WIN32) || defined(_WIN64)
+#define OIDC_SUPPORTED 1
 #ifndef __WINDOWS__
 #define __WINDOWS__
 #endif

service/OneService.cpp

@@ -53,7 +53,9 @@
 #include "OneService.hpp"
 #include "SoftwareUpdater.hpp"
 
+#if OIDC_SUPPORTED
 #include <zeroidc.h>
+#endif
 
 #ifdef __WINDOWS__
 #include <winsock2.h>
@@ -169,11 +171,13 @@ public:
 		this->_managedRoutes.clear();
 		this->_tap.reset();
 
+#if OIDC_SUPPORTED
 		if (_idc) {
 			zeroidc::zeroidc_stop(_idc);
 			zeroidc::zeroidc_delete(_idc);
 			_idc = nullptr;
 		}
+#endif
 	}
 
 	void setWebPort(unsigned int port) {
@@ -251,6 +255,7 @@ public:
 
 		if (_config.ssoEnabled && _config.ssoVersion == 1) {
 			//  fprintf(stderr, "ssoEnabled for %s\n", nwid);
+#if OIDC_SUPPORTED
 			if (_idc == nullptr)
 			{
 				assert(_config.issuerURL != nullptr);
@@ -290,6 +295,7 @@ public:
 				// TODO: kick the refresh thread
 				zeroidc::zeroidc_kick_refresh_thread(_idc);
 			}
+#endif
 		}
 	}
 
@@ -306,14 +312,17 @@ public:
 	}
 
 	const char* getAuthURL() {
+#if OIDC_SUPPORTED
 		if (_idc != nullptr) {
 			return zeroidc::zeroidc_get_auth_url(_idc);
 		}
 		fprintf(stderr, "_idc is null\n");
+#endif
 		return "";
 	}
 
 	const char* doTokenExchange(const char *code) {
+#if OIDC_SUPPORTED
 		if (_idc == nullptr) {
 			fprintf(stderr, "ainfo or idc null\n");
 			return "";
@@ -330,6 +339,9 @@ public:
 		memcpy(_config.authenticationURL, url, strlen(url));
 		_config.authenticationURL[strlen(url)] = 0;
 		return ret;
+#else
+		return "";
+#endif
 	}
 
 	uint64_t getExpiryTime() {
@@ -337,8 +349,11 @@ public:
 			fprintf(stderr, "idc is null\n");
 			return 0;
 		}
-
+#if OIDC_SUPPORTED
 		return zeroidc::zeroidc_get_exp_time(_idc);
+#else
+		return 0;
+#endif
 	}
 
 private:
@@ -348,7 +363,9 @@ private:
 	std::vector<InetAddress> _managedIps;
 	std::map< InetAddress, SharedPtr<ManagedRoute> > _managedRoutes;
 	OneService::NetworkSettings _settings;
+#if OIDC_SUPPORTED
 	zeroidc::ZeroIDC *_idc;
+#endif
 };
 
 namespace {
@@ -1661,10 +1678,10 @@ public:
 						scode = _controller->handleControlPlaneHttpGET(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
 					} else scode = 404;
 				}
-
+#if OIDC_SUPPORTED
 			} else if (ps[0] == "sso") {
 				// SSO redirect handling
-				const char* state = zeroidc::zeroidc_get_url_param_value("state", path.c_str());
+								const char* state = zeroidc::zeroidc_get_url_param_value("state", path.c_str());
 				const char* nwid = zeroidc::zeroidc_network_id_from_state(state);
 				
 				const uint64_t id = Utils::hexStrToU64(nwid);
@@ -1716,6 +1733,7 @@ div.icon {\
 				} else {
 					scode = 404;
 				}
+#endif
 			} else {
 				scode = 401; // isAuth == false && !sso
 			}

zeroidc/Cargo.lock

@@ -412,19 +412,6 @@ dependencies = [
  "want",
 ]
 
-[[package]]
-name = "hyper-rustls"
-version = "0.23.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d87c48c02e0dc5e3b849a2041db3029fd066650f8f717c07bf8ed78ccb895cac"
-dependencies = [
- "http",
- "hyper",
- "rustls",
- "tokio",
- "tokio-rustls",
-]
-
 [[package]]
 name = "hyper-tls"
 version = "0.5.0"
@@ -851,7 +838,6 @@ dependencies = [
  "http",
  "http-body",
  "hyper",
- "hyper-rustls",
  "hyper-tls",
  "ipnet",
  "js-sys",
@@ -861,19 +847,15 @@ dependencies = [
  "native-tls",
  "percent-encoding",
  "pin-project-lite",
- "rustls",
- "rustls-pemfile",
  "serde",
  "serde_json",
  "serde_urlencoded",
  "tokio",
  "tokio-native-tls",
- "tokio-rustls",
  "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
- "webpki-roots",
  "winreg",
 ]
 
@@ -892,27 +874,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "rustls"
-version = "0.20.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d37e5e2290f3e040b594b1a9e04377c2c671f1a1cfd9bfdef82106ac1c113f84"
-dependencies = [
- "log",
- "ring",
- "sct",
- "webpki 0.22.0",
-]
-
-[[package]]
-name = "rustls-pemfile"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
-dependencies = [
- "base64",
-]
-
 [[package]]
 name = "ryu"
 version = "1.0.5"
@@ -929,16 +890,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "sct"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "security-framework"
 version = "2.4.2"
@@ -1187,17 +1138,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-rustls"
-version = "0.23.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4baa378e417d780beff82bf54ceb0d195193ea6a00c14e22359e7f39456b5689"
-dependencies = [
- "rustls",
- "tokio",
- "webpki 0.22.0",
-]
-
 [[package]]
 name = "tokio-util"
 version = "0.6.8"
@@ -1421,35 +1361,6 @@ dependencies = [
  "wasm-bindgen",
 ]
 
-[[package]]
-name = "webpki"
-version = "0.21.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
-name = "webpki"
-version = "0.22.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
-name = "webpki-roots"
-version = "0.21.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940"
-dependencies = [
- "webpki 0.21.4",
-]
-
 [[package]]
 name = "winapi"
 version = "0.3.9"

zeroidc/Cargo.toml

@@ -12,7 +12,7 @@ crate-type = ["staticlib","rlib"]
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-openidconnect = "2.2"
+openidconnect = { version = "2.2", default-features = false, features = ["reqwest", "native-tls"] }
 base64 = "0.13"
 url = "2.2"
 reqwest = "0.11"

zeroidc/src/ext.rs

@@ -16,6 +16,15 @@ use url::{Url};
 
 use crate::ZeroIDC;
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_new(
     issuer: *const c_char,
@@ -57,6 +66,15 @@ pub extern "C" fn zeroidc_new(
     }
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_delete(ptr: *mut ZeroIDC) {
     if ptr.is_null() {
@@ -67,6 +85,15 @@ pub extern "C" fn zeroidc_delete(ptr: *mut ZeroIDC) {
     }
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_start(ptr: *mut ZeroIDC) {
     let idc = unsafe {
@@ -76,6 +103,15 @@ pub extern "C" fn zeroidc_start(ptr: *mut ZeroIDC) {
     idc.start();
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_stop(ptr: *mut ZeroIDC) {
     let idc = unsafe {
@@ -85,6 +121,15 @@ pub extern "C" fn zeroidc_stop(ptr: *mut ZeroIDC) {
     idc.stop();
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool {
     let idc = unsafe {
@@ -105,6 +150,15 @@ pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
     id.get_exp_time()
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_set_nonce_and_csrf(
     ptr: *mut ZeroIDC,
@@ -137,6 +191,15 @@ pub extern "C" fn zeroidc_set_nonce_and_csrf(
     idc.set_nonce_and_csrf(csrf_token, nonce);
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_get_auth_url(ptr: *mut ZeroIDC) -> *const c_char {
     if ptr.is_null() {
@@ -151,6 +214,15 @@ pub extern "C" fn zeroidc_get_auth_url(ptr: *mut ZeroIDC) -> *const c_char {
     return s.into_raw();
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char ) -> *const c_char {
     if idc.is_null() {
@@ -219,6 +291,15 @@ pub extern "C" fn zeroidc_network_id_from_state(state: *const c_char) -> *const
     return s.into_raw();
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 #[no_mangle]
 pub extern "C" fn zeroidc_kick_refresh_thread(idc: *mut ZeroIDC) {
     if idc.is_null() {

zeroidc/src/lib.rs

@@ -35,10 +35,28 @@ use time::{OffsetDateTime, format_description};
 
 use url::Url;
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 pub struct ZeroIDC {
     inner: Arc<Mutex<Inner>>,
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 struct Inner {
     running: bool,
     auth_endpoint: String,
@@ -88,6 +106,15 @@ fn systemtime_strftime<T>(dt: T, format: &str) -> String
     }
 }
 
+#[cfg(
+    any(
+        all(target_os = "linux", target_arch = "x86"),
+        all(target_os = "linux", target_arch = "x86_64"),
+        all(target_os = "linux", target_arch = "aarch64"),
+        target_os = "windows",
+        target_os = "macos",
+    )
+)]
 impl ZeroIDC {
     pub fn new(
         issuer: &str,
@@ -606,4 +633,3 @@ impl ZeroIDC {
         };
     }
 }
-