mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 12:33:44 +02:00
Just some comments
This commit is contained in:
parent
a69e91c541
commit
057356a725
3 changed files with 34 additions and 36 deletions
|
@ -261,9 +261,7 @@ public:
|
||||||
// fprintf(stderr, "Client ID: %s\n", _config.ssoClientID);
|
// fprintf(stderr, "Client ID: %s\n", _config.ssoClientID);
|
||||||
// fprintf(stderr, "Central Auth URL: %s\n", _config.centralAuthURL);
|
// fprintf(stderr, "Central Auth URL: %s\n", _config.centralAuthURL);
|
||||||
|
|
||||||
char buf[17] = {};
|
|
||||||
_idc = zeroidc::zeroidc_new(
|
_idc = zeroidc::zeroidc_new(
|
||||||
Utils::hex(_config.nwid, buf),
|
|
||||||
_config.issuerURL,
|
_config.issuerURL,
|
||||||
_config.ssoClientID,
|
_config.ssoClientID,
|
||||||
_config.centralAuthURL,
|
_config.centralAuthURL,
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c)2021 ZeroTier, Inc.
|
||||||
|
*
|
||||||
|
* Use of this software is governed by the Business Source License included
|
||||||
|
* in the LICENSE.TXT file in the project's root directory.
|
||||||
|
*
|
||||||
|
* Change Date: 2025-01-01
|
||||||
|
*
|
||||||
|
* On the date above, in accordance with the Business Source License, use
|
||||||
|
* of this software will be governed by version 2.0 of the Apache License.
|
||||||
|
*/
|
||||||
|
|
||||||
use std::ffi::{CStr, CString};
|
use std::ffi::{CStr, CString};
|
||||||
use std::os::raw::c_char;
|
use std::os::raw::c_char;
|
||||||
use url::{Url};
|
use url::{Url};
|
||||||
|
@ -6,17 +18,11 @@ use crate::ZeroIDC;
|
||||||
|
|
||||||
#[no_mangle]
|
#[no_mangle]
|
||||||
pub extern "C" fn zeroidc_new(
|
pub extern "C" fn zeroidc_new(
|
||||||
network_id: *const c_char,
|
|
||||||
issuer: *const c_char,
|
issuer: *const c_char,
|
||||||
client_id: *const c_char,
|
client_id: *const c_char,
|
||||||
auth_endpoint: *const c_char,
|
auth_endpoint: *const c_char,
|
||||||
web_listen_port: u16,
|
web_listen_port: u16,
|
||||||
) -> *mut ZeroIDC {
|
) -> *mut ZeroIDC {
|
||||||
if network_id.is_null() {
|
|
||||||
println!("network_id is null");
|
|
||||||
return std::ptr::null_mut();
|
|
||||||
|
|
||||||
}
|
|
||||||
if issuer.is_null() {
|
if issuer.is_null() {
|
||||||
println!("issuer is null");
|
println!("issuer is null");
|
||||||
return std::ptr::null_mut();
|
return std::ptr::null_mut();
|
||||||
|
@ -32,12 +38,10 @@ pub extern "C" fn zeroidc_new(
|
||||||
return std::ptr::null_mut();
|
return std::ptr::null_mut();
|
||||||
}
|
}
|
||||||
|
|
||||||
let network_id = unsafe {CStr::from_ptr(network_id) };
|
|
||||||
let issuer = unsafe { CStr::from_ptr(issuer) };
|
let issuer = unsafe { CStr::from_ptr(issuer) };
|
||||||
let client_id = unsafe { CStr::from_ptr(client_id) };
|
let client_id = unsafe { CStr::from_ptr(client_id) };
|
||||||
let auth_endpoint = unsafe { CStr::from_ptr(auth_endpoint) };
|
let auth_endpoint = unsafe { CStr::from_ptr(auth_endpoint) };
|
||||||
match ZeroIDC::new(
|
match ZeroIDC::new(
|
||||||
network_id.to_str().unwrap(),
|
|
||||||
issuer.to_str().unwrap(),
|
issuer.to_str().unwrap(),
|
||||||
client_id.to_str().unwrap(),
|
client_id.to_str().unwrap(),
|
||||||
auth_endpoint.to_str().unwrap(),
|
auth_endpoint.to_str().unwrap(),
|
||||||
|
@ -101,24 +105,6 @@ pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
|
||||||
id.get_exp_time()
|
id.get_exp_time()
|
||||||
}
|
}
|
||||||
|
|
||||||
// #[no_mangle]
|
|
||||||
// pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool {
|
|
||||||
// let idc = unsafe {
|
|
||||||
// assert!(!ptr.is_null());
|
|
||||||
// &mut *ptr
|
|
||||||
// };
|
|
||||||
|
|
||||||
// if body.is_null() {
|
|
||||||
// println!("body is null");
|
|
||||||
// return false
|
|
||||||
// }
|
|
||||||
|
|
||||||
// let body = unsafe { CStr::from_ptr(body) }
|
|
||||||
// .to_str().unwrap().to_string();
|
|
||||||
|
|
||||||
// false
|
|
||||||
// }
|
|
||||||
|
|
||||||
#[no_mangle]
|
#[no_mangle]
|
||||||
pub extern "C" fn zeroidc_set_nonce_and_csrf(
|
pub extern "C" fn zeroidc_set_nonce_and_csrf(
|
||||||
ptr: *mut ZeroIDC,
|
ptr: *mut ZeroIDC,
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c)2021 ZeroTier, Inc.
|
||||||
|
*
|
||||||
|
* Use of this software is governed by the Business Source License included
|
||||||
|
* in the LICENSE.TXT file in the project's root directory.
|
||||||
|
*
|
||||||
|
* Change Date: 2025-01-01
|
||||||
|
*
|
||||||
|
* On the date above, in accordance with the Business Source License, use
|
||||||
|
* of this software will be governed by version 2.0 of the Apache License.
|
||||||
|
*/
|
||||||
|
|
||||||
pub mod ext;
|
pub mod ext;
|
||||||
|
|
||||||
extern crate base64;
|
extern crate base64;
|
||||||
|
@ -27,7 +39,6 @@ pub struct ZeroIDC {
|
||||||
|
|
||||||
struct Inner {
|
struct Inner {
|
||||||
running: bool,
|
running: bool,
|
||||||
network_id: String,
|
|
||||||
auth_endpoint: String,
|
auth_endpoint: String,
|
||||||
oidc_thread: Option<JoinHandle<()>>,
|
oidc_thread: Option<JoinHandle<()>>,
|
||||||
oidc_client: Option<openidconnect::core::CoreClient>,
|
oidc_client: Option<openidconnect::core::CoreClient>,
|
||||||
|
@ -80,7 +91,6 @@ fn systemtime_strftime<T>(dt: T, format: &str) -> String
|
||||||
|
|
||||||
impl ZeroIDC {
|
impl ZeroIDC {
|
||||||
fn new(
|
fn new(
|
||||||
network_id: &str,
|
|
||||||
issuer: &str,
|
issuer: &str,
|
||||||
client_id: &str,
|
client_id: &str,
|
||||||
auth_ep: &str,
|
auth_ep: &str,
|
||||||
|
@ -89,7 +99,6 @@ impl ZeroIDC {
|
||||||
let idc = ZeroIDC {
|
let idc = ZeroIDC {
|
||||||
inner: Arc::new(Mutex::new(Inner {
|
inner: Arc::new(Mutex::new(Inner {
|
||||||
running: false,
|
running: false,
|
||||||
network_id: network_id.to_string(),
|
|
||||||
auth_endpoint: auth_ep.to_string(),
|
auth_endpoint: auth_ep.to_string(),
|
||||||
oidc_thread: None,
|
oidc_thread: None,
|
||||||
oidc_client: None,
|
oidc_client: None,
|
||||||
|
@ -162,7 +171,7 @@ impl ZeroIDC {
|
||||||
// Keep a copy of the initial nonce used to get the tokens
|
// Keep a copy of the initial nonce used to get the tokens
|
||||||
// Will be needed later when verifying the responses from refresh tokens
|
// Will be needed later when verifying the responses from refresh tokens
|
||||||
let nonce = (*inner_local.lock().unwrap()).nonce.clone();
|
let nonce = (*inner_local.lock().unwrap()).nonce.clone();
|
||||||
|
|
||||||
while running {
|
while running {
|
||||||
let exp = UNIX_EPOCH + Duration::from_secs((*inner_local.lock().unwrap()).exp_time);
|
let exp = UNIX_EPOCH + Duration::from_secs((*inner_local.lock().unwrap()).exp_time);
|
||||||
let now = SystemTime::now();
|
let now = SystemTime::now();
|
||||||
|
@ -200,6 +209,7 @@ impl ZeroIDC {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// verify & validate claims
|
||||||
let verified = (*inner_local.lock().unwrap()).oidc_client.as_ref().map(|c| {
|
let verified = (*inner_local.lock().unwrap()).oidc_client.as_ref().map(|c| {
|
||||||
let claims = match id.claims(&c.id_token_verifier(), &n) {
|
let claims = match id.claims(&c.id_token_verifier(), &n) {
|
||||||
Ok(c) => c,
|
Ok(c) => c,
|
||||||
|
@ -271,6 +281,10 @@ impl ZeroIDC {
|
||||||
|
|
||||||
let access_token = res.access_token();
|
let access_token = res.access_token();
|
||||||
let at = access_token.secret();
|
let at = access_token.secret();
|
||||||
|
// yes this function is called `dangerous_insecure_decode`
|
||||||
|
// and it doesn't validate the jwt token signature,
|
||||||
|
// but if we've gotten this far, our claims have already
|
||||||
|
// been validated up above
|
||||||
let exp = dangerous_insecure_decode::<Exp>(&at);
|
let exp = dangerous_insecure_decode::<Exp>(&at);
|
||||||
|
|
||||||
if let Ok(e) = exp {
|
if let Ok(e) = exp {
|
||||||
|
@ -350,10 +364,6 @@ impl ZeroIDC {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_network_id(&mut self) -> String {
|
|
||||||
return (*self.inner.lock().unwrap()).network_id.clone();
|
|
||||||
}
|
|
||||||
|
|
||||||
fn get_exp_time(&mut self) -> u64 {
|
fn get_exp_time(&mut self) -> u64 {
|
||||||
return (*self.inner.lock().unwrap()).exp_time;
|
return (*self.inner.lock().unwrap()).exp_time;
|
||||||
}
|
}
|
||||||
|
@ -438,6 +448,8 @@ impl ZeroIDC {
|
||||||
let r = c.exchange_code(AuthorizationCode::new(code.to_string()))
|
let r = c.exchange_code(AuthorizationCode::new(code.to_string()))
|
||||||
.set_pkce_verifier(verifier)
|
.set_pkce_verifier(verifier)
|
||||||
.request(http_client);
|
.request(http_client);
|
||||||
|
|
||||||
|
// validate the token hashes
|
||||||
match r {
|
match r {
|
||||||
Ok(res) =>{
|
Ok(res) =>{
|
||||||
let n = match i.nonce.clone() {
|
let n = match i.nonce.clone() {
|
||||||
|
@ -525,6 +537,8 @@ impl ZeroIDC {
|
||||||
}
|
}
|
||||||
|
|
||||||
let at = tok.access_token().secret();
|
let at = tok.access_token().secret();
|
||||||
|
|
||||||
|
// see previous note about this function's use
|
||||||
let exp = dangerous_insecure_decode::<Exp>(&at);
|
let exp = dangerous_insecure_decode::<Exp>(&at);
|
||||||
if let Ok(e) = exp {
|
if let Ok(e) = exp {
|
||||||
i.exp_time = e.claims.exp
|
i.exp_time = e.claims.exp
|
||||||
|
|
Loading…
Add table
Reference in a new issue