Merge pull request #1049 from openziti/add-identity-from-url-cert-key

refinements for external auth support

lib/ziti-tunnel-cbs/include/ziti/ziti_tunnel_cbs.h

@@ -180,7 +180,7 @@ XX(unlocked, model_bool, none, Unlocked, __VA_ARGS__)
 
 #define TUNNEL_ADD_IDENTITY(XX, ...) \
 XX(useKeychain, model_bool, none, UseKeychain, __VA_ARGS__) \
-XX(jwtFileName, model_string, none, JwtFileName, __VA_ARGS__) \
+XX(identityFilename, model_string, none, IdentityFilename, __VA_ARGS__) \
 XX(jwtContent, model_string, none, JwtContent, __VA_ARGS__) \
 XX(key, model_string, none, Key, __VA_ARGS__) \
 XX(cert, model_string, none, Certificate, __VA_ARGS__) \

lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c

@@ -79,6 +79,15 @@ struct tunnel_cb_s {
     void *cmd_ctx;
 };
 
+typedef struct api_update_req_s {
+    uv_work_t wr;
+    ziti_context ztx;
+    char *new_url;
+    char *new_ca;
+    int err;
+    const char *errmsg;
+} api_update_req;
+
 static uv_signal_t sigusr1;
 
 const ziti_tunnel_ctrl* ziti_tunnel_init_cmd(uv_loop_t *loop, tunneler_context tunnel_ctx, event_cb on_event) {
@@ -179,8 +188,8 @@ static void ip_dump(const tunnel_ip_stats *stats, dump_writer writer, void *writ
     char local_addr[64];
     char remote_addr[64];
     for (i = 0; conns[i] != NULL; i++) {
-        snprintf(local_addr, sizeof(local_addr), "%s:%lu", conns[i]->local_ip, (unsigned long)conns[i]->local_port);
-        snprintf(remote_addr, sizeof(remote_addr), "%s:%lu", conns[i]->remote_ip, (unsigned long)conns[i]->remote_port);
+        snprintf(local_addr, sizeof(local_addr), "%s:%lld", conns[i]->local_ip, conns[i]->local_port);
+        snprintf(remote_addr, sizeof(remote_addr), "%s:%lld", conns[i]->remote_ip, conns[i]->remote_port);
         writer(writer_ctx, "%-12s%-40s%-40s%-16s%-24s\n",
                conns[i]->protocol, local_addr, remote_addr, conns[i]->state, conns[i]->service);
     }
@@ -962,7 +971,7 @@ static void on_ziti_event(ziti_context ztx, const ziti_event_t *event) {
     }
 
     const ziti_identity *identity = ziti_get_identity(ztx);
-    const char *ctx_name = identity ? identity->name : "<not loaded>";
+    const char *ctx_name = identity ? identity->name : instance->identifier;
 
     switch (event->type) {
         case ZitiContextEvent: {
@@ -1453,8 +1462,14 @@ static void on_sigdump(uv_signal_t *sig, int signum) {
     fclose(dumpfile);
 }
 
-
-
+#define CHECK_UV(desc, op) do{ \
+int rc = op;             \
+if (rc < 0) {           \
+req->err = rc;           \
+req->errmsg = uv_strerror(rc); \
+ZITI_LOG(ERROR, "op[" desc "] failed: %d(%s)", req->err, req->errmsg); \
+goto DONE;               \
+}} while(0)
 
 IMPL_ENUM(TunnelCommand, TUNNEL_COMMANDS)
 

lib/ziti-tunnel/include/ziti/netif_driver.h

@@ -36,6 +36,8 @@ typedef int (*delete_route_cb)(netif_handle dev, const char *dest);
 typedef int (*exclude_route_fn)(netif_handle dev, uv_loop_t *loop, const char *dest);
 typedef int (*commit_routes_fn)(netif_handle dev, uv_loop_t *loop);
 
+typedef const char *(*name_fn)(netif_handle dev);
+
 typedef struct netif_driver_s {
     netif_handle handle;
     netif_read_cb read;
@@ -47,9 +49,9 @@ typedef struct netif_driver_s {
     delete_route_cb delete_route;
     exclude_route_fn exclude_rt;
     commit_routes_fn commit_routes;
+    name_fn get_name;
 } netif_driver_t;
 typedef netif_driver_t *netif_driver;
 
-extern int prefix_to_ipv4_subnet(int prefix_len, char *subnet, size_t subnet_sz);
-
+extern int prefix_to_ipv4_subnet(int prefix_len, char *subnet, size_t subnet_sz);;
 #endif //ZITI_TUNNELER_SDK_NETIF_DRIVER_H

programs/CMakeLists.txt

@@ -9,4 +9,6 @@ if (NOT TARGET subcommand)
     target_include_directories(subcommand INTERFACE ${subcommand_SOURCE_DIR})
 endif ()
 
+add_compile_definitions(DEFAULT_EXECUTABLE_NAME="ziti-edge-tunnel")
 add_subdirectory(ziti-edge-tunnel)
+

programs/ziti-edge-tunnel/CMakeLists.txt

@@ -24,9 +24,9 @@ set(ZITI_INSTANCE_COMMON
         include/model/dtos.h
         instance.c
         model.c
-        include/identity-utils.h
-        config-utils.c
         include/config-utils.h
+        config-utils.c
+        include/identity-utils.h
         instance-config.c
         include/instance-config.h
         process_cmd.c

programs/ziti-edge-tunnel/config-utils.c

@@ -28,50 +28,6 @@
 #include <unistd.h>
 #endif
 
-const char* app_data = "APPDATA";
-static char* identifier_path = NULL;
-
-char* get_system_config_path() {
-    char* config_path = malloc(FILENAME_MAX * sizeof(char));
-#if _WIN32
-    snprintf(config_path, FILENAME_MAX, "%s\\NetFoundry", getenv(app_data));
-#else
-    snprintf(config_path, FILENAME_MAX, "/var/lib/ziti");
-#endif
-    return config_path;
-}
-
-char* get_identifier_path() {
-    return identifier_path;
-}
-
-void set_identifier_path(char* id_path) {
-    if (id_path != NULL) {
-        identifier_path = strdup(id_path);
-    }
-}
-
-char* get_config_file_name(char* config_path) {
-    if (config_path != NULL) {
-        char* config_file_name = calloc(FILENAME_MAX, sizeof(char));
-        snprintf(config_file_name, FILENAME_MAX, "%s/config.json", config_path);
-        return config_file_name;
-    } else {
-        return "config.json";
-    }
-
-}
-
-char* get_backup_config_file_name(char* config_path) {
-    if (config_path != NULL) {
-        char* bkp_config_file_name = calloc(FILENAME_MAX, sizeof(char));
-        snprintf(bkp_config_file_name, FILENAME_MAX, "%s/config.json.backup", config_path);
-        return bkp_config_file_name;
-    } else {
-        return "config.json.backup";
-    }
-}
-
 typedef struct api_update_req_s {
     uv_work_t wr;
     char *identifier;

programs/ziti-edge-tunnel/include/config-utils.h

@@ -18,12 +18,6 @@
 #define ZITI_TUNNEL_SDK_C_CONFIG_UTILS_H
 #include <uv.h>
 
-char* get_system_config_path();
-void set_identifier_path(char* id_dir);
-char* get_identifier_path();
-char* get_config_file_name(char* config_path);
-char* get_backup_config_file_name(char* config_path);
-
 void update_identity_config(uv_loop_t *l, const char *identifier, const char *cfg_json);
 
 #endif //ZITI_TUNNEL_SDK_C_CONFIG_UTILS_H

programs/ziti-edge-tunnel/include/identity-utils.h

@@ -82,6 +82,10 @@ int get_api_page_size();
 
 tunnel_identity_array get_tunnel_identities_for_metrics();
 
+void normalize_identifier(char *str);
+
+void set_tun_name(const char *name);
+char* get_zet_instance_id(const char* discriminator);
 
 #ifdef __cplusplus
 }

programs/ziti-edge-tunnel/include/instance-config.h

@@ -21,15 +21,13 @@
 
 typedef char * (*to_json_fn)(const void * msg, int flags, size_t *len);
 
-bool load_tunnel_status_from_file(uv_loop_t *ziti_loop);
+bool load_tunnel_status_from_file(uv_loop_t *ziti_loop, const char* config_file_name);
 bool save_tunnel_status_to_file();
 void initialize_instance_config();
 void cleanup_instance_config();
 void stop_tunnel_and_cleanup();
-
 bool process_tunnel_commands(const tunnel_command *tnl_cmd, command_cb cb, void *ctx);
 void send_tunnel_command(const tunnel_command *tnl_cmd, void *ctx);
-
 void send_events_message(const void *message, to_json_fn to_json_f, bool displayEvent);
 
 extern uv_loop_t *global_loop_ref;

programs/ziti-edge-tunnel/include/model/dtos.h

@@ -104,7 +104,9 @@ XX(ServiceVersion, service_version, ptr, ServiceVersion, __VA_ARGS__) \
 XX(TunIpv4, model_string, none, TunIpv4, __VA_ARGS__) \
 XX(TunPrefixLength, model_number, none, TunIpv4Mask, __VA_ARGS__) \
 XX(AddDns, model_bool, none, AddDns, __VA_ARGS__) \
-XX(ApiPageSize, model_number, none, ApiPageSize, __VA_ARGS__)
+XX(ApiPageSize, model_number, none, ApiPageSize, __VA_ARGS__) \
+XX(TunName, model_string, none, TunName, __VA_ARGS__)\
+XX(ConfigDir, model_string, none, ConfigDir, __VA_ARGS__)
 
 #define IP_INFO(XX, ...) \
 XX(Ip, model_string, none, Ip, __VA_ARGS__) \

programs/ziti-edge-tunnel/include/windows/windows-scripts.h

@@ -30,10 +30,11 @@
 
 void add_nrpt_rules(uv_loop_t *nrpt_loop, model_map *hostnames, const char* dns_ip);
 void remove_nrpt_rules(uv_loop_t *nrpt_loop, model_map *hostnames);
-void remove_all_nrpt_rules();
-bool is_nrpt_policies_effective(const char* tns_ip);
+void remove_all_nrpt_rules(const char* zet_id, bool exact);
+bool is_nrpt_policies_effective(const char* tns_ip, char* zet_id);
 void remove_and_add_nrpt_rules(uv_loop_t *nrpt_loop, model_map *hostnames, const char* dns_ip);
-void update_interface_metric(uv_loop_t *ziti_loop, wchar_t* tun_name, int metric);
+
+void update_interface_metric(uv_loop_t *ziti_loop, const char *tun_name, int metric);
 void update_symlink(uv_loop_t *symlink_loop, char* symlink, char* filename);
 
 #endif //ZITI_TUNNEL_SDK_C_WINDOWS_SCRIPTS_H

programs/ziti-edge-tunnel/include/windows/windows-service.h

@@ -6,6 +6,14 @@
 #include <winsock2.h>
 #include <windows.h>
 
+#ifndef PATH_MAX //normalize to PATH_MAX even on vs 2022 and arm
+#ifdef MAX_PATH
+#define PATH_MAX MAX_PATH
+#else
+#error "PATH_MAX and MAX_PATH are not defined, PATH_MAX cannot be set
+#endif
+#endif
+
 #define SVCNAME TEXT("ziti")
 #define DISPLAYSVCNAME TEXT("Ziti Desktop Edge Service")
 #define SVCDESCRIPTION TEXT("Access your Networks Secured by Ziti")

programs/ziti-edge-tunnel/instance-config.c

@@ -16,10 +16,10 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <config-utils.h>
 #include <string.h>
 #include "identity-utils.h"
 #include <ziti/ziti_log.h>
+#include "instance-config.h"
 
 // to store the whole tunnel status data
 #define MIN_BUFFER_LEN 512
@@ -28,6 +28,7 @@ static uv_sem_t sem;
 static unsigned int sem_value = 1;
 static int sem_initialized = -1;
 
+extern char *config_file;
 void initialize_instance_config() {
     sem_initialized = uv_sem_init(&sem, sem_value);
     if (sem_initialized < 0) {
@@ -38,11 +39,11 @@ void initialize_instance_config() {
 bool load_config_from_file(char* config_file_name) {
     bool loaded = false;
 
-    FILE* config_file = fopen(config_file_name, "r");
-    if (config_file != NULL) {
+    FILE* cfg_file = fopen(config_file_name, "r");
+    if (cfg_file != NULL) {
         char* config_buffer = calloc(1024*1024, sizeof(char));
         char line[512];
-        while ((fgets(line, sizeof(line), config_file)) != NULL) {
+        while ((fgets(line, sizeof(line), cfg_file)) != NULL) {
             strcat(config_buffer, line);
         }
 
@@ -53,7 +54,7 @@ bool load_config_from_file(char* config_file_name) {
             }
         }
         config_buffer[0] = '\0';
-        fclose(config_file);
+        fclose(cfg_file);
         free(config_buffer);
     } else {
         if (errno != 0) {
@@ -65,41 +66,20 @@ bool load_config_from_file(char* config_file_name) {
     return loaded;
 }
 
-bool load_tunnel_status_from_file(uv_loop_t* ziti_loop) {
-    char* config_path = get_system_config_path();
-
-    uv_fs_t fs;
-    int check = uv_fs_mkdir(ziti_loop, &fs, config_path, 0755, NULL);
-    if (check == 0) {
-        ZITI_LOG(TRACE, "config path is created at %s", config_path);
-    } else if (check == UV_EEXIST) {
-        ZITI_LOG(TRACE, "config path exists at %s", config_path);
-    } else {
-        ZITI_LOG(ERROR, "error creating %s: %s", config_path, uv_strerror(check));
-        return false;
-    }
+bool load_tunnel_status_from_file(uv_loop_t* ziti_loop, const char* config_file_name) {
     bool loaded = false;
 
-    char* config_file_name = get_config_file_name(config_path);
-    char* bkp_config_file_name = get_backup_config_file_name(config_path);
     ZITI_LOG(INFO,"Loading config file from %s", config_file_name);
 
     // try to load tunnel status from config file
     loaded = load_config_from_file(config_file_name);
 
     // try to load tunnel status from backup config file
     if (!loaded) {
-        loaded = load_config_from_file(bkp_config_file_name);
+        // couldn't load the config file - only should happen on first startup
+        ZITI_LOG(WARN, "Config files could not be loaded: %s", config_file_name);
     }
 
-    // not able to load the tunnel status from both the config and backup files
-    if (!loaded) {
-        ZITI_LOG(WARN, "Config files %s and the backup file cannot be read or they do not exist, will create a new config file or the old one will be overwritten", config_file_name);
-    }
-
-    free(config_file_name);
-    free(bkp_config_file_name);
-    free(config_path);
     return loaded;
 }
 
@@ -109,36 +89,18 @@ bool save_tunnel_status_to_file() {
     bool saved = false;
 
     if (json_len > 0) {
-        char* config_path = get_system_config_path();
-
-        char* config_file_name = get_config_file_name(config_path);
-        char* bkp_config_file_name = get_backup_config_file_name(config_path);
-
         if (sem_initialized == 0) {
             uv_sem_wait(&sem);
         } else {
-            ZITI_LOG(ZITI_WTF, "Could not save the config file [%s] due to semaphore lock not initialized error.", config_file_name);
-            free(config_file_name);
-            free(bkp_config_file_name);
-            free(config_path);
+            ZITI_LOG(ZITI_WTF, "Could not save the config file [%s] due to semaphore lock not initialized error.", config_file);
             free(tunnel_status);
             return saved;
         }
-        //copy config to backup file
-        int rem = remove(bkp_config_file_name);
-        if (rem == 0) {
-            ZITI_LOG(DEBUG, "Deleted backup config file %s", bkp_config_file_name);
-        }
-        if (rename(config_file_name, bkp_config_file_name) == 0) {
-            ZITI_LOG(DEBUG, "Copied config file to backup config file %s", bkp_config_file_name);
-        } else {
-            ZITI_LOG(ERROR, "Could not copy config file [%s] to backup config file, the config might not exists at the moment", config_file_name);
-        }
 
         // write tunnel status to the config file
-        FILE* config = fopen(config_file_name, "w");
+        FILE* config = fopen(config_file, "w");
         if (config == NULL) {
-            ZITI_LOG(ERROR, "Could not open config file %s to store the tunnel status data", config_file_name);
+            ZITI_LOG(ERROR, "Could not open config file %s to store the tunnel status data", config_file);
         } else {
             char* tunnel_status_data = tunnel_status;
             for (int i =0; i< json_len; i=i+MIN_BUFFER_LEN-1, tunnel_status_data=tunnel_status_data+MIN_BUFFER_LEN-1) {
@@ -152,15 +114,11 @@ bool save_tunnel_status_to_file() {
             }
             saved = true;
             fclose(config);
-            ZITI_LOG(DEBUG, "Saved current tunnel status into Config file %s", config_file_name);
+            ZITI_LOG(DEBUG, "Saved current tunnel status into Config file %s", config_file);
         }
         uv_sem_post(&sem);
 
-        ZITI_LOG(TRACE, "Cleaning up resources used for the backup of tunnel config file %s", config_file_name);
-
-        free(config_file_name);
-        free(bkp_config_file_name);
-        free(config_path);
+        ZITI_LOG(TRACE, "Cleaning up resources used for the backup of tunnel config file %s", config_file);
     }
     free(tunnel_status);
     return saved;
@@ -176,4 +134,4 @@ void cleanup_instance_config() {
     } else {
         ZITI_LOG(ZITI_WTF, "Could not clean instance config. The semaphore is not initialized.");
     }
-}
+}