3 gadi atpakaļ · 663a09b38d
--- a/controller/PostgreSQL.cpp
+++ b/controller/PostgreSQL.cpp
@@ -415,18 +415,20 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
 
				 				exit(6);
			
 
				 			}
			
 
				 
			
 
				-			r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.sso_impl_version "
			
 
				+			r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version "
			
 
				 				"FROM ztc_network AS nw, ztc_org AS org "
			
 
				 				"WHERE nw.id = $1 AND nw.sso_enabled = true AND org.owner_id = nw.owner_id", networkId);
			
 
				 		
			
 
				 			std::string client_id = "";
			
 
				 			std::string authorization_endpoint = "";
			
 
				+			std::string issuer = "";
			
 
				 			uint64_t sso_version = 0;
			
 
				 
			
 
				 			if (r.size() == 1) {
			
 
				 				client_id = r.at(0)[0].as<std::string>();
			
 
				 				authorization_endpoint = r.at(0)[1].as<std::string>();
			
 
				-				sso_version = r.at(0)[2].as<uint64_t>();
			
 
				+				issuer = r.at(0)[2].as<std::string>();
			
 
				+				sso_version = r.at(0)[3].as<uint64_t>();
			
 
				 			} else if (r.size() > 1) {
			
 
				 				fprintf(stderr, "ERROR: More than one auth endpoint for an organization?!?!? NetworkID: %s\n", networkId.c_str());
			
 
				 			} else {
			
@@ -455,7 +457,7 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
 
				 					info.authenticationURL = std::string(url);
			
 
				 				} else if (info.version == 1) {
			
 
				 					info.ssoClientID = client_id;
			
 
				-					info.issuerURL = authorization_endpoint;
			
 
				+					info.issuerURL = issuer;
			
 
				 					info.ssoNonce = nonce;
			
 
				 					info.ssoState = std::string(state_hex);
			
 
				 					info.centralAuthURL = redirectURL;
			
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -221,7 +221,6 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
 
				 
			
 
				 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_ISSUER_URL, issuerURL, sizeof(issuerURL)) > 0) {
			
 
				 								issuerURL[sizeof(issuerURL) - 1] = 0;
			
 
				-								fprintf(stderr, "Issuer URL from info: %s\n", issuerURL);
			
 
				 							}
			
 
				 							if (authInfo.get(ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL, centralAuthURL, sizeof(centralAuthURL))>0) {
			
 
				 								centralAuthURL[sizeof(centralAuthURL) - 1] = 0;
			
@@ -236,7 +235,6 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
 
				 								ssoClientID[sizeof(ssoClientID) - 1] = 0;
			
 
				 							}
			
 
				 
			
 
				-							fprintf(stderr, "Setting auth required on network\n");
			
 
				 							network->setAuthenticationRequired(tPtr, issuerURL, centralAuthURL, ssoClientID, ssoNonce, ssoState);
			
 
				 						}
			
 
				 					}
			
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -1555,7 +1555,6 @@ void Network::setAuthenticationRequired(void *tPtr, const char* issuerURL, const
 
				 	_config.ssoEnabled = true;
			
 
				 	_config.ssoVersion = 1;
			
 
				 
			
 
				-	fprintf(stderr, "Network::setAuthenticationRequired issuerURL: %s\n", issuerURL);
			
 
				 	Utils::scopy(_config.issuerURL, sizeof(_config.issuerURL), issuerURL);
			
 
				 	Utils::scopy(_config.centralAuthURL, sizeof(_config.centralAuthURL), centralEndpoint);
			
 
				 	Utils::scopy(_config.ssoClientID, sizeof(_config.ssoClientID), clientID);
			
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -251,9 +251,7 @@ public:
 
				 		const char* nwid = Utils::hex(nwc->nwid, nwbuf);
			
 
				 		fprintf(stderr, "NetworkState::setConfig(%s)\n", nwid);
			
 
				 
			
 
				-		fprintf(stderr, "issuerUrl before: %s\n", nwc->issuerURL);
			
 
				 		memcpy(&_config, nwc, sizeof(ZT_VirtualNetworkConfig));
			
 
				-		fprintf(stderr, "issuerUrl after: %s\n", _config.issuerURL);
			
 
				 		fprintf(stderr, "ssoEnabled: %s, ssoVersion: %d\n", 
			
 
				 			_config.ssoEnabled ? "true" : "false", _config.ssoVersion);
			
 
				 
			
@@ -443,7 +441,9 @@ static void _networkToJson(nlohmann::json &nj,NetworkState &ns)
 
				 	}
			
 
				 	nj["dns"] = m;
			
 
				 	if (ns.config().ssoEnabled) {
			
 
				-		nj["authenticationURL"] = ns.getAuthURL();
			
 
				+		const char* authURL = ns.getAuthURL();
			
 
				+		fprintf(stderr, "Auth URL: %s\n", authURL);
			
 
				+		nj["authenticationURL"] = authURL;
			
 
				 		nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime;
			
 
				 		nj["ssoEnabled"] = ns.config().ssoEnabled;
			
 
				 	}
			
@@ -2665,7 +2665,6 @@ public:
 
				 				// After setting up tap, fall through to CONFIG_UPDATE since we also want to do this...
			
 
				 
			
 
				 			case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE:
			
 
				-				fprintf(stderr, "conf update issuerURL: %s\n", nwc->issuerURL);
			
 
				 				n.setConfig(nwc);
			
 
				 
			
 
				 				if (n.tap()) { // sanity check
			
--- a/zeroidc/src/ext.rs
+++ b/zeroidc/src/ext.rs
@@ -156,10 +156,14 @@ pub extern "C" fn zeroidc_auth_info_delete(ptr: *mut AuthInfo) {
 
				 
			
 
				 #[no_mangle]
			
 
				 pub extern "C" fn zeroidc_get_auth_url(ptr: *mut AuthInfo) -> *const c_char {
			
 
				+    if ptr.is_null() {
			
 
				+        println!("passed a null object");
			
 
				+        return std::ptr::null_mut();
			
 
				+    }
			
 
				     let ai = unsafe {
			
 
				-        assert!(!ptr.is_null());
			
 
				         &mut *ptr
			
 
				     };
			
 
				+    
			
 
				     let s = CString::new(ai.url.to_string()).unwrap();
			
 
				-    return s.as_ptr();
			
 
				+    return s.into_raw();
			
 
				 }
			
--- a/zeroidc/src/lib.rs
+++ b/zeroidc/src/lib.rs
@@ -71,7 +71,10 @@ impl ZeroIDC {
 
				 
			
 
				         let provider_meta = match CoreProviderMetadata::discover(&iss, http_client) {
			
 
				             Ok(m) => m,
			
 
				-            Err(e) => return Err(e.to_string()),
			
 
				+            Err(e) => {
			
 
				+                println!("Error discovering provider metadata");
			
 
				+                return Err(e.to_string());
			
 
				+            },
			
 
				         };
			
 
				 
			
 
				         let r = format!("http://localhost:{}/sso", local_web_port);
			
@@ -85,7 +88,10 @@ impl ZeroIDC {
 
				 
			
 
				         let redirect = match RedirectUrl::new(redir_url.to_string()) {
			
 
				             Ok(s) => s,
			
 
				-            Err(e) => return Err(e.to_string()),
			
 
				+            Err(e) => {
			
 
				+                println!("Error generating RedirectURL instance from string: {}", redir_url.to_string());
			
 
				+                return Err(e.to_string());
			
 
				+            }
			
 
				         };
			
 
				 
			
 
				         (*idc.inner.lock().unwrap()).oidc_client = Some(
			
@@ -152,13 +158,16 @@ impl ZeroIDC {
 
				                     csrf_func(csrf_token),
			
 
				                     nonce_func(nonce),
			
 
				                 )
			
 
				-                .add_scope(Scope::new("read".to_string()))
			
 
				+                .add_scope(Scope::new("profile".to_string()))
			
 
				+                .add_scope(Scope::new("email".to_string()))
			
 
				                 .add_scope(Scope::new("offline_access".to_string()))
			
 
				                 .add_scope(Scope::new("openid".to_string()))
			
 
				                 .set_pkce_challenge(pkce_challenge)
			
 
				                 .add_extra_param("network_id", network_id)
			
 
				                 .url();
			
 
				 
			
 
				+            println!("URL: {}", auth_url);
			
 
				+
			
 
				             return AuthInfo {
			
 
				                 url: auth_url,
			
 
				                 csrf_token,