openziti · ekoby · Dec 11, 2023 · Dec 3, 2023 · Dec 11, 2023
diff --git a/deps/CMakeLists.txt b/deps/CMakeLists.txt
@@ -8,7 +8,7 @@ else ()
 
     FetchContent_Declare(tlsuv
             GIT_REPOSITORY https://github.com/openziti/tlsuv.git
-            GIT_TAG v0.26.1
+            GIT_TAG main
             )
     FetchContent_MakeAvailable(tlsuv)
 

diff --git a/inc_internal/oidc.h b/inc_internal/oidc.h
@@ -0,0 +1,77 @@
+//
+// 	Copyright NetFoundry Inc.
+//
+// 	Licensed under the Apache License, Version 2.0 (the "License");
+// 	you may not use this file except in compliance with the License.
+// 	You may obtain a copy of the License at
+//
+// 	https://www.apache.org/licenses/LICENSE-2.0
+//
+// 	Unless required by applicable law or agreed to in writing, software
+// 	distributed under the License is distributed on an "AS IS" BASIS,
+// 	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// 	See the License for the specific language governing permissions and
+// 	limitations under the License.
+//
+
+#ifndef ZITI_SDK_OIDC_H
+#define ZITI_SDK_OIDC_H
+
+#include <ziti/model_support.h>
+
+#include <uv.h>
+#include "tlsuv/http.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct oidc_client_s oidc_client_t;
+typedef void (*oidc_config_cb)(oidc_client_t *, int, const char *);
+typedef void (*oidc_token_cb)(oidc_client_t *, int, const char *access_token);
+typedef void (*oidc_close_cb)(oidc_client_t *);
+
+
+typedef enum {
+    oidc_native,
+    oidc_external,
+} oidc_auth_mode;
+
+struct oidc_client_s {
+    void *data;
+    tlsuv_http_t http;
+
+    const char *client_id;
+    oidc_auth_mode mode;
+    oidc_config_cb config_cb;
+    oidc_token_cb token_cb;
+    oidc_close_cb close_cb;
+
+    void *config;
+    void *tokens;
+    uv_timer_t *timer;
+};
+
+// init
+int oidc_client_init(uv_loop_t *loop, oidc_client_t *clt, const char *url, tls_context *tls);
+
+int oidc_client_set_id(oidc_client_t *clt, const char *client_id);
+
+// configure client
+int oidc_client_configure(oidc_client_t *clt, oidc_config_cb);
+
+// acquire access token and start refresh cycle
+// oidc_token_cb will be called on first auth and on every refresh
+int oidc_client_start(oidc_client_t *clt, oidc_token_cb);
+
+// force token refresh ahead of normal cycle, error if called prior to oidc_client_start
+int oidc_client_refresh(oidc_client_t *clt);
+
+// close
+int oidc_client_close(oidc_client_t *clt, oidc_close_cb);
+
+#ifdef __cplusplus
+};
+#endif
+
+#endif //ZITI_SDK_OIDC_H
diff --git a/inc_internal/utils.h b/inc_internal/utils.h
@@ -106,7 +106,7 @@ if (COND(ex)(ERR(ex))) { ERFILE(ex) = __FILENAME__; ERLINE(ex) = __LINE__; _##ex
 
 
 
-#define container_of(ptr, type, member) ((type *) ((ptr) - offsetof(type, member)))
+#define container_of(ptr, type, member) ((type *) ((char*)(ptr) - offsetof(type, member)))
 
 #define CLOSE_AND_NULL(h) do{ if (h) { \
 if (!uv_is_closing((uv_handle_t*)(h))) uv_close((uv_handle_t*)(h), (uv_close_cb)free); \

diff --git a/inc_internal/ziti_ctrl.h b/inc_internal/ziti_ctrl.h
@@ -19,7 +19,6 @@
 #include <tlsuv/http.h>
 #include "internal_model.h"
 #include "ziti/ziti_model.h"
-#include "zt_internal.h"
 
 #ifdef __cplusplus
 extern "C" {

diff --git a/includes/ziti/ziti_model.h b/includes/ziti/ziti_model.h
@@ -59,10 +59,15 @@ XX(path, string, none, path, __VA_ARGS__)
 #define ZITI_API_VERSIONS_MODEL(XX, ...) \
 XX(edge, api_path, map, edge, __VA_ARGS__)
 
+#define ZITI_CTRL_CAP_ENUM(XX, ...) \
+XX(HA_CONTROLLER, __VA_ARGS__)      \
+XX(OIDC_AUTH, __VA_ARGS__)
+
 #define ZITI_VERSION_MODEL(XX, ...) \
 XX(version, string, none, version, __VA_ARGS__) \
 XX(revision, string, none, revision, __VA_ARGS__) \
 XX(build_date, string, none, buildDate, __VA_ARGS__) \
+XX(capabilities, ziti_ctrl_cap, list, capabilities, __VA_ARGS__) \
 XX(api_versions, ziti_api_versions, ptr, apiVersions, __VA_ARGS__)
 
 #define ZITI_IDENTITY_MODEL(XX, ...) \
@@ -206,6 +211,8 @@ ZITI_FUNC int ziti_port_match(int port, const model_list *port_range_list);
 
 DECLARE_ENUM(ziti_session_type, ZITI_SESSION_TYPE_ENUM)
 
+DECLARE_ENUM(ziti_ctrl_cap, ZITI_CTRL_CAP_ENUM)
+
 DECLARE_MODEL(api_path, ZITI_API_PATH_MODEL)
 
 DECLARE_MODEL(ziti_api_versions, ZITI_API_VERSIONS_MODEL)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
@@ -16,6 +16,8 @@ if (NOT sodium_libs)
     message(FATAL_ERROR "could not find required library[sodium]")
 endif ()
 
+find_package(json-c CONFIG REQUIRED)
+
 set(ZITI_HEADER_FILES
         ${PROJECT_SOURCE_DIR}/includes/ziti/errors.h
         ${PROJECT_SOURCE_DIR}/includes/ziti/ziti.h
@@ -53,6 +55,7 @@ SET(ZITI_SRC_FILES
         authenticators.c
         crypto.c
         bind.c
+        oidc.c
         )
 
 SET(ZITI_INCLUDE_DIRS
@@ -86,7 +89,7 @@ function(config_ziti_library target)
 
     target_sources(${target} PRIVATE ${ZITI_PRIVATE_SRC_FILES})
 
-    target_link_libraries(${target} PUBLIC tlsuv ${sodium_libs})
+    target_link_libraries(${target} PUBLIC tlsuv ${sodium_libs} json-c::json-c)
 
     if (CMAKE_SYSTEM_NAME MATCHES "Linux")
         target_link_libraries(${target} PUBLIC atomic)

diff --git a/library/internal_model.c b/library/internal_model.c
@@ -43,6 +43,8 @@
 
 IMPL_ENUM(ziti_enrollment_method, ZITI_ENROLLMENT_METHOD)
 
+IMPL_ENUM(ziti_ctrl_cap, ZITI_CTRL_CAP_ENUM)
+
 IMPL_MODEL(ziti_posture_query, ZITI_POSTURE_QUERY_MODEL)
 
 IMPL_MODEL(ziti_posture_query_set, ZITI_POSTURE_QUERY_SET_MODEL)
@@ -269,7 +271,7 @@

    addr->type = ziti_address_cidr;
    if (inet_pton(AF_INET, ip, (struct in_addr *) &addr->addr.cidr.ip) == 1) {
        if ((bits = slash ? bits : 32) > 32)
            goto invalid_cidr;
        addr->addr.cidr.af = AF_INET;
        addr->addr.cidr.bits = bits;