plumbing full flow from controller -> client network

2021-11-04 15:40:08 -07:00 · 2021-11-04 15:40:08 -07:00 · 8d39c9a861
commit 8d39c9a861
parent f8bf91426b
14 changed files with 400 additions and 70 deletions
--- a/node/NetworkConfig.hpp
+++ b/node/NetworkConfig.hpp
@ -180,10 +180,35 @@ namespace ZeroTier {
 #define ZT_NETWORKCONFIG_DICT_KEY_DNS "DNS"
 // sso enabld
 #define ZT_NETWORKCONFIG_DICT_KEY_SSO_ENABLED "ssoe"
+// so version
+#define ZT_NETWORKCONFIG_DICT_KEY_SSO_VERSION "ssov"
 // authentication URL
 #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL "aurl"
 // authentication expiry
 #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_EXPIRY_TIME "aexpt"
+// central endpoint
+#define ZT_NETWORKCONFIG_DICT_KEY_CENTRAL_ENDPOINT_URL "ssoce"
+// nonce
+#define ZT_NETWORKCONFIG_DICT_KEY_NONCE "sson"
+// state
+#define ZT_NETWORKCONFIG_DICT_KEY_STATE "ssos"
+// client ID
+#define ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID "ssocid"
+
+// AuthInfo fields -- used by ncSendError for sso
+
+// AuthInfo Version
+#define ZT_AUTHINFO_DICT_KEY_VERSION "aV"
+// authenticaiton URL
+#define ZT_AUTHINFO_DICT_KEY_AUTHENTICATION_URL "aU"
+// Central endpoint URL
+#define ZT_AUTHINFO_DICT_KEY_CENTRAL_ENDPOINT_URL "aCU"
+// Nonce
+#define ZT_AUTHINFO_DICT_KEY_NONCE "aN"
+// State
+#define ZT_AUTHINFO_DICT_KEY_STATE "aS"
+// Client ID
+#define ZT_AUTHINFO_DICT_KEY_CLIENT_ID "aCID"

 // Legacy fields -- these are obsoleted but are included when older clients query

@ -242,7 +267,11 @@ public:
 		dnsCount(0),
 		ssoEnabled(false),
 		authenticationURL(),
-		authenticationExpiryTime(0)
+		authenticationExpiryTime(0),
+		centralAuthURL(),
+		ssoNonce(),
+		ssoState(),
+		ssoClientID()
 	{
 		name[0] = 0;
 		memset(specialists, 0, sizeof(uint64_t)*ZT_MAX_NETWORK_SPECIALISTS);
@ -250,6 +279,11 @@ public:
 		memset(staticIps, 0, sizeof(InetAddress)*ZT_MAX_ZT_ASSIGNED_ADDRESSES);
 		memset(rules, 0, sizeof(ZT_VirtualNetworkRule)*ZT_MAX_NETWORK_RULES);
 		memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS));
+		memset(authenticationURL, 0, sizeof(authenticationURL));
+		memset(centralAuthURL, 0, sizeof(centralAuthURL));
+		memset(ssoNonce, 0, sizeof(ssoNonce));
+		memset(ssoState, 0, sizeof(ssoState));
+		memset(ssoClientID, 0, sizeof(ssoClientID));
 	}

 	/**
@ -619,15 +653,42 @@ public:
 	 */
 	bool ssoEnabled;

+	/**
+	 * SSO verison
+	 */
+	uint64_t ssoVersion;
+
 	/**
 	 * Authentication URL if authentication is required
 	 */
 	char authenticationURL[2048];

-	/**
+/**
 	 * Time current authentication expires or 0 if external authentication is disabled
+	 * 
+	 * Not used if authVersion >= 1
 	 */
 	uint64_t authenticationExpiryTime;
+
+	/**
+	 * central base URL.
+	 */
+	char centralAuthURL[2048];
+
+	/**
+	 * sso nonce
+	 */
+	char ssoNonce[64];
+
+	/**
+	 * sso state
+	 */
+	char ssoState[128];
+
+	/**
+	 * oidc client id
+	 */
+	char ssoClientID[256];
 };

 } // namespace ZeroTier