mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 20:43:44 +02:00
HMACSHA384 the nonce bytes, not the hex encoded nonce bytes
This commit is contained in:
parent
0b89a49201
commit
21d27c314c
2 changed files with 9 additions and 7 deletions
|
@ -143,6 +143,7 @@ PostgreSQL::PostgreSQL(const Identity &myId, const char *path, int listenPort, R
|
||||||
|
|
||||||
memset(_ssoPsk, 0, sizeof(_ssoPsk));
|
memset(_ssoPsk, 0, sizeof(_ssoPsk));
|
||||||
char *const ssoPskHex = getenv("ZT_SSO_PSK");
|
char *const ssoPskHex = getenv("ZT_SSO_PSK");
|
||||||
|
fprintf(stderr, "ZT_SSO_PSK: %s\n", ssoPskHex);
|
||||||
if (ssoPskHex) {
|
if (ssoPskHex) {
|
||||||
// SECURITY: note that ssoPskHex will always be null-terminated if libc acatually
|
// SECURITY: note that ssoPskHex will always be null-terminated if libc acatually
|
||||||
// returns something non-NULL. If the hex encodes something shorter than 48 bytes,
|
// returns something non-NULL. If the hex encodes something shorter than 48 bytes,
|
||||||
|
@ -328,6 +329,7 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
|
||||||
auto c = _pool->borrow();
|
auto c = _pool->borrow();
|
||||||
pqxx::work w(*c->c);
|
pqxx::work w(*c->c);
|
||||||
|
|
||||||
|
char nonceBytes[16] = {0};
|
||||||
std::string nonce = "";
|
std::string nonce = "";
|
||||||
|
|
||||||
// check if the member exists first.
|
// check if the member exists first.
|
||||||
|
@ -342,12 +344,12 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
|
||||||
if (r.size() == 1) {
|
if (r.size() == 1) {
|
||||||
// we have an existing nonce. Use it
|
// we have an existing nonce. Use it
|
||||||
nonce = r.at(0)[0].as<std::string>();
|
nonce = r.at(0)[0].as<std::string>();
|
||||||
|
Utils::unhex(nonce.c_str(), nonceBytes, sizeof(nonceBytes));
|
||||||
} else if (r.empty()) {
|
} else if (r.empty()) {
|
||||||
// create a nonce
|
// create a nonce
|
||||||
char randBuf[16] = {0};
|
Utils::getSecureRandom(nonceBytes, 16);
|
||||||
Utils::getSecureRandom(randBuf, 16);
|
char nonceBuf[64] = {0};
|
||||||
char nonceBuf[256] = {0};
|
Utils::hex(nonceBytes, sizeof(nonceBytes), nonceBuf);
|
||||||
Utils::hex(randBuf, sizeof(randBuf), nonceBuf);
|
|
||||||
nonce = std::string(nonceBuf);
|
nonce = std::string(nonceBuf);
|
||||||
|
|
||||||
pqxx::result ir = w.exec_params0("INSERT INTO ztc_sso_expiry "
|
pqxx::result ir = w.exec_params0("INSERT INTO ztc_sso_expiry "
|
||||||
|
@ -383,7 +385,7 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
|
||||||
have_auth = true;
|
have_auth = true;
|
||||||
|
|
||||||
uint8_t state[48];
|
uint8_t state[48];
|
||||||
HMACSHA384(_ssoPsk, nonce.data(), (unsigned int)nonce.length(), state);
|
HMACSHA384(_ssoPsk, nonceBytes, sizeof(nonceBytes), state);
|
||||||
char state_hex[256];
|
char state_hex[256];
|
||||||
Utils::hex(state, 48, state_hex);
|
Utils::hex(state, 48, state_hex);
|
||||||
|
|
||||||
|
|
|
@ -15,14 +15,14 @@ RUN tar -xzf libpqxx.tar.gz && \
|
||||||
pushd libpqxx-6.4.5/ && \
|
pushd libpqxx-6.4.5/ && \
|
||||||
mkdir build && pushd build/ && \
|
mkdir build && pushd build/ && \
|
||||||
cmake .. && \
|
cmake .. && \
|
||||||
make install && \
|
make install -j8 && \
|
||||||
popd && popd
|
popd && popd
|
||||||
|
|
||||||
|
|
||||||
# RUN git clone http://git.int.zerotier.com/zerotier/ZeroTierOne.git
|
# RUN git clone http://git.int.zerotier.com/zerotier/ZeroTierOne.git
|
||||||
# RUN if [ "$git_branch" != "master" ]; then cd ZeroTierOne && git checkout -b $git_branch origin/$git_branch; fi
|
# RUN if [ "$git_branch" != "master" ]; then cd ZeroTierOne && git checkout -b $git_branch origin/$git_branch; fi
|
||||||
ADD . /ZeroTierOne
|
ADD . /ZeroTierOne
|
||||||
RUN cd ZeroTierOne && make clean && make central-controller
|
RUN cd ZeroTierOne && make clean && make central-controller -j8
|
||||||
|
|
||||||
FROM centos:8
|
FROM centos:8
|
||||||
RUN yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
|
RUN yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
|
||||||
|
|
Loading…
Add table
Reference in a new issue