From 4e57abb159885d63f0505e4fdaa235ad90d2fba5 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 28 Sep 2022 13:26:41 -0700 Subject: [PATCH 1/4] Revert "modify sso queries for schema change" This reverts commit 8b67d062721ce65e8bbc4643da4cf351d0759229. --- controller/PostgreSQL.cpp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/controller/PostgreSQL.cpp b/controller/PostgreSQL.cpp index 4ae7aa574..63d32b637 100644 --- a/controller/PostgreSQL.cpp +++ b/controller/PostgreSQL.cpp @@ -442,13 +442,9 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str exit(7); } - r = w.exec_params("SELECT oc.client_id, oc.authorization_endpoint, oc.issuer, oc.sso_impl_version " - "FROM ztc_network n " - "INNER JOIN ztc_network_oidc_config noc " - " ON noc.network_id = n.id " - "INNER JOIN ztc_oidc_config oc " - " ON noc.client_id = oc.client_id " - "WHERE n.id = $1 AND n.sso_enabled = true", networkId); + r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version " + "FROM ztc_network AS nw, ztc_org AS org " + "WHERE nw.id = $1 AND nw.sso_enabled = true AND org.owner_id = nw.owner_id", networkId); std::string client_id = ""; std::string authorization_endpoint = ""; From 12392b519035222a4eb1bf3532e16337683421ec Mon Sep 17 00:00:00 2001 From: Sean OMeara Date: Sun, 2 Oct 2022 09:58:23 +0200 Subject: [PATCH 2/4] adding amzn2022 to rpm spec (#1761) --- zerotier-one.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/zerotier-one.spec b/zerotier-one.spec index 0aaa258cd..022fa039c 100644 --- a/zerotier-one.spec +++ b/zerotier-one.spec @@ -59,6 +59,12 @@ Requires: systemd openssl Requires(pre): /usr/sbin/useradd, /usr/bin/getent %endif +%if "%{?dist}" == ".amzn2022" +BuildRequires: systemd openssl-devel +Requires: systemd openssl +Requires(pre): /usr/sbin/useradd, /usr/bin/getent +%endif + %description ZeroTier is a software defined networking layer for Earth. From 9826c20d1aed826ed82efa30f28ba76b161c82b3 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Thu, 6 Oct 2022 08:59:27 -0700 Subject: [PATCH 3/4] set zeroidc.running = false on token exchange error --- zeroidc/src/lib.rs | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index cb92ef6e8..11efb932b 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -498,7 +498,8 @@ impl ZeroIDC { let n = match i.nonce.clone() { Some(n) => n, None => { - println!("no noce"); + println!("no nonce"); + i.running = false; return None; } }; @@ -507,6 +508,7 @@ impl ZeroIDC { Some(t) => t, None => { println!("no id token"); + i.running = false; return None; } }; @@ -515,6 +517,7 @@ impl ZeroIDC { Ok(c) => c, Err(_e) => { println!("no claims"); + i.running = false; return None; } }; @@ -523,6 +526,7 @@ impl ZeroIDC { Ok(s) => s, Err(_) => { println!("no signing algorithm"); + i.running = false; return None; } }; @@ -535,12 +539,14 @@ impl ZeroIDC { Ok(h) => h, Err(e) => { println!("Error hashing access token: {}", e); + i.running = false; return None; } }; if actual_hash != *expected_hash { println!("token hash error"); + i.running = false; return None; } } @@ -549,7 +555,7 @@ impl ZeroIDC { Err(e) => { println!("token response error: {:?}", e.to_string()); println!("\t {:?}", e.source()); - + i.running = false; None } } @@ -634,10 +640,12 @@ impl ZeroIDC { Ok(bytes) } else if res.status() == 402 { - Err(SSOExchangeError::new( - "additional license seats required. Please contact your network administrator.".to_string(), - )) + i.running = false; + Err(SSOExchangeError::new( + "additional license seats required. Please contact your network administrator.".to_string(), + )) } else { + i.running = false; Err(SSOExchangeError::new( "error from central endpoint".to_string(), )) @@ -649,20 +657,24 @@ impl ZeroIDC { println!("Status: {}", res.status().unwrap()); println!("Post error: {}", res); i.exp_time = 0; + i.running = false; Err(SSOExchangeError::new( "error from central endpoint".to_string(), )) } } } else { + i.running = false; Err(SSOExchangeError::new( "error splitting state token".to_string(), )) } } else { + i.running = false; Err(SSOExchangeError::new("invalid token response".to_string())) } } else { + i.running = false; Err(SSOExchangeError::new("invalid pkce verifier".to_string())) } }); From 7516fd03a38625d788f2d2e5ac4f02bb09a04f05 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Thu, 6 Oct 2022 09:00:21 -0700 Subject: [PATCH 4/4] central controller docker image updates --- ext/central-controller-docker/Dockerfile.builder | 4 +++- ext/central-controller-docker/Dockerfile.run_base | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ext/central-controller-docker/Dockerfile.builder b/ext/central-controller-docker/Dockerfile.builder index a2592bb78..edbcc228f 100644 --- a/ext/central-controller-docker/Dockerfile.builder +++ b/ext/central-controller-docker/Dockerfile.builder @@ -18,6 +18,8 @@ RUN apt -y install \ libssl-dev \ postgresql-client \ postgresql-client-common \ - curl + curl \ + google-perftools \ + libgoogle-perftools-dev RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/ext/central-controller-docker/Dockerfile.run_base b/ext/central-controller-docker/Dockerfile.run_base index e09d214e3..c0a18ca66 100644 --- a/ext/central-controller-docker/Dockerfile.run_base +++ b/ext/central-controller-docker/Dockerfile.run_base @@ -1,8 +1,14 @@ FROM ubuntu:jammy + RUN apt update && apt upgrade -y + RUN apt -y install \ postgresql-client \ postgresql-client-common \ libjemalloc2 \ libpq5 \ - curl + curl \ + binutils \ + linux-tools-gke \ + perf-tools-unstable \ + google-perftools