diff --git a/controller/PostgreSQL.cpp b/controller/PostgreSQL.cpp index 4ae7aa57..63d32b63 100644 --- a/controller/PostgreSQL.cpp +++ b/controller/PostgreSQL.cpp @@ -442,13 +442,9 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str exit(7); } - r = w.exec_params("SELECT oc.client_id, oc.authorization_endpoint, oc.issuer, oc.sso_impl_version " - "FROM ztc_network n " - "INNER JOIN ztc_network_oidc_config noc " - " ON noc.network_id = n.id " - "INNER JOIN ztc_oidc_config oc " - " ON noc.client_id = oc.client_id " - "WHERE n.id = $1 AND n.sso_enabled = true", networkId); + r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version " + "FROM ztc_network AS nw, ztc_org AS org " + "WHERE nw.id = $1 AND nw.sso_enabled = true AND org.owner_id = nw.owner_id", networkId); std::string client_id = ""; std::string authorization_endpoint = ""; diff --git a/ext/central-controller-docker/Dockerfile.builder b/ext/central-controller-docker/Dockerfile.builder index a2592bb7..edbcc228 100644 --- a/ext/central-controller-docker/Dockerfile.builder +++ b/ext/central-controller-docker/Dockerfile.builder @@ -18,6 +18,8 @@ RUN apt -y install \ libssl-dev \ postgresql-client \ postgresql-client-common \ - curl + curl \ + google-perftools \ + libgoogle-perftools-dev RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/ext/central-controller-docker/Dockerfile.run_base b/ext/central-controller-docker/Dockerfile.run_base index e09d214e..c0a18ca6 100644 --- a/ext/central-controller-docker/Dockerfile.run_base +++ b/ext/central-controller-docker/Dockerfile.run_base @@ -1,8 +1,14 @@ FROM ubuntu:jammy + RUN apt update && apt upgrade -y + RUN apt -y install \ postgresql-client \ postgresql-client-common \ libjemalloc2 \ libpq5 \ - curl + curl \ + binutils \ + linux-tools-gke \ + perf-tools-unstable \ + google-perftools diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index cb92ef6e..11efb932 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -498,7 +498,8 @@ impl ZeroIDC { let n = match i.nonce.clone() { Some(n) => n, None => { - println!("no noce"); + println!("no nonce"); + i.running = false; return None; } }; @@ -507,6 +508,7 @@ impl ZeroIDC { Some(t) => t, None => { println!("no id token"); + i.running = false; return None; } }; @@ -515,6 +517,7 @@ impl ZeroIDC { Ok(c) => c, Err(_e) => { println!("no claims"); + i.running = false; return None; } }; @@ -523,6 +526,7 @@ impl ZeroIDC { Ok(s) => s, Err(_) => { println!("no signing algorithm"); + i.running = false; return None; } }; @@ -535,12 +539,14 @@ impl ZeroIDC { Ok(h) => h, Err(e) => { println!("Error hashing access token: {}", e); + i.running = false; return None; } }; if actual_hash != *expected_hash { println!("token hash error"); + i.running = false; return None; } } @@ -549,7 +555,7 @@ impl ZeroIDC { Err(e) => { println!("token response error: {:?}", e.to_string()); println!("\t {:?}", e.source()); - + i.running = false; None } } @@ -634,10 +640,12 @@ impl ZeroIDC { Ok(bytes) } else if res.status() == 402 { - Err(SSOExchangeError::new( - "additional license seats required. Please contact your network administrator.".to_string(), - )) + i.running = false; + Err(SSOExchangeError::new( + "additional license seats required. Please contact your network administrator.".to_string(), + )) } else { + i.running = false; Err(SSOExchangeError::new( "error from central endpoint".to_string(), )) @@ -649,20 +657,24 @@ impl ZeroIDC { println!("Status: {}", res.status().unwrap()); println!("Post error: {}", res); i.exp_time = 0; + i.running = false; Err(SSOExchangeError::new( "error from central endpoint".to_string(), )) } } } else { + i.running = false; Err(SSOExchangeError::new( "error splitting state token".to_string(), )) } } else { + i.running = false; Err(SSOExchangeError::new("invalid token response".to_string())) } } else { + i.running = false; Err(SSOExchangeError::new("invalid pkce verifier".to_string())) } }); diff --git a/zerotier-one.spec b/zerotier-one.spec index 0aaa258c..022fa039 100644 --- a/zerotier-one.spec +++ b/zerotier-one.spec @@ -59,6 +59,12 @@ Requires: systemd openssl Requires(pre): /usr/sbin/useradd, /usr/bin/getent %endif +%if "%{?dist}" == ".amzn2022" +BuildRequires: systemd openssl-devel +Requires: systemd openssl +Requires(pre): /usr/sbin/useradd, /usr/bin/getent +%endif + %description ZeroTier is a software defined networking layer for Earth.