mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

HMACSHA384 the nonce bytes, not the hex encoded nonce bytes

pull/2/head
Grant Limberg 5 years ago
parent
0b89a49201
commit
21d27c314c
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
2 changed files with 9 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      controller/PostgreSQL.cpp
  2. 4
      ext/central-controller-docker/Dockerfile

12
controller/PostgreSQL.cpp
Unescape View File

@ -143,6 +143,7 @@ PostgreSQL::PostgreSQL(const Identity &myId, const char *path, int listenPort, R
memset(_ssoPsk, 0, sizeof(_ssoPsk));
char *const ssoPskHex = getenv("ZT_SSO_PSK");
fprintf(stderr, "ZT_SSO_PSK: %s\n", ssoPskHex);
if (ssoPskHex) {
// SECURITY: note that ssoPskHex will always be null-terminated if libc acatually
// returns something non-NULL. If the hex encodes something shorter than 48 bytes,
@ -328,6 +329,7 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
auto c = _pool->borrow();
pqxx::work w(*c->c);
char nonceBytes[16] = {0};
std::string nonce = "";
// check if the member exists first.
@ -342,12 +344,12 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
if (r.size() == 1) {
// we have an existing nonce. Use it
nonce = r.at(0)[0].as<std::string>();
Utils::unhex(nonce.c_str(), nonceBytes, sizeof(nonceBytes));
} else if (r.empty()) {
// create a nonce
char randBuf[16] = {0};
Utils::getSecureRandom(randBuf, 16);
char nonceBuf[256] = {0};
Utils::hex(randBuf, sizeof(randBuf), nonceBuf);
Utils::getSecureRandom(nonceBytes, 16);
char nonceBuf[64] = {0};
Utils::hex(nonceBytes, sizeof(nonceBytes), nonceBuf);
nonce = std::string(nonceBuf);
pqxx::result ir = w.exec_params0("INSERT INTO ztc_sso_expiry "
@ -383,7 +385,7 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member, const std::s
have_auth = true;
uint8_t state[48];
HMACSHA384(_ssoPsk, nonce.data(), (unsigned int)nonce.length(), state);
HMACSHA384(_ssoPsk, nonceBytes, sizeof(nonceBytes), state);
char state_hex[256];
Utils::hex(state, 48, state_hex);

4
ext/central-controller-docker/Dockerfile
Unescape View File

@ -15,14 +15,14 @@ RUN tar -xzf libpqxx.tar.gz && \
pushd libpqxx-6.4.5/ && \
mkdir build && pushd build/ && \
cmake .. && \
make install && \
make install -j8 && \
popd && popd
# RUN git clone http://git.int.zerotier.com/zerotier/ZeroTierOne.git
# RUN if [ "$git_branch" != "master" ]; then cd ZeroTierOne && git checkout -b $git_branch origin/$git_branch; fi
ADD . /ZeroTierOne
RUN cd ZeroTierOne && make clean && make central-controller
RUN cd ZeroTierOne && make clean && make central-controller -j8
FROM centos:8
RUN yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Write Preview
Loading…
Cancel
Save