Skip to content

Commit

Permalink
update auth events
Browse files Browse the repository at this point in the history
  • Loading branch information
@ekoby
ekoby committed Jan 3, 2025
1 parent da88e7c commit 273e81d
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 24 deletions.
3 changes: 2 additions & 1 deletion lib/ziti-tunnel-cbs/include/ziti/ziti_tunnel_cbs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,8 @@ XX(mfa_auth_status, __VA_ARGS__) \
XX(auth_challenge, __VA_ARGS__) \
XX(enrollment_verification, __VA_ARGS__) \
XX(enrollment_remove, __VA_ARGS__) \
XX(enrollment_challenge, __VA_ARGS__)
XX(enrollment_challenge, __VA_ARGS__) \
XX(key_pass_challenge, __VA_ARGS__)

DECLARE_ENUM(mfa_status, MFA_STATUS)

Expand Down
75 changes: 52 additions & 23 deletions lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1074,30 +1074,59 @@ static void on_ziti_event(ziti_context ztx, const ziti_event_t *event) {
}

case ZitiAuthEvent :
if (event->auth.action == ziti_auth_prompt_totp) {
ZITI_LOG(INFO, "ztx[%s/%s] Mfa event received", instance->identifier, ctx_name);
mfa_event ev = {0};
ev.event_type = TunnelEvents.MFAEvent;
ev.identifier = instance->identifier;
ev.operation = mfa_status_name(mfa_status_auth_challenge);
CMD_CTX.on_event((const base_event *) &ev);
} else if (event->auth.action == ziti_auth_login_external ||
event->auth.action == ziti_auth_select_external) {
ZITI_LOG(INFO, "ztx[%s/%s] ext auth event received", instance->identifier, ctx_name);
ext_signer_event ev = {0};
ev.event_type = TunnelEvents.ExtJWTEvent;
ev.identifier = instance->identifier;
ev.status = "login_with_ext_signer";

for (int idx = 0; event->auth.providers && event->auth.providers[idx]; idx++) {
ziti_jwt_signer *signer = event->auth.providers[idx];
jwt_provider *provider = calloc(1, sizeof(*provider));
provider->name = signer->name;
provider->issuer = signer->provider_url;
model_list_append(&ev.providers, provider);
switch (event->auth.action) {
case ziti_auth_cannot_continue: {
ZITI_LOG(ERROR, "ztx[%s/%s] authorization flow cannot continue: %s",
instance->identifier, ctx_name, event->auth.detail);
ziti_ctx_event ev = {
.event_type = TunnelEvent_ContextEvent,
.identifier = instance->identifier,
.status = event->auth.detail,
.code = ZITI_AUTHENTICATION_FAILED,
};
break;
}
CMD_CTX.on_event((const base_event *) &ev);
model_list_clear(&ev.providers, free);
case ziti_auth_prompt_totp: {
ZITI_LOG(INFO, "ztx[%s/%s] Mfa event received", instance->identifier, ctx_name);
mfa_event ev = {0};
ev.event_type = TunnelEvents.MFAEvent;
ev.identifier = instance->identifier;
ev.operation = mfa_status_name(mfa_status_auth_challenge);
CMD_CTX.on_event((const base_event *) &ev);
break;
}
case ziti_auth_prompt_pin: {
ZITI_LOG(INFO, "ztx[%s/%s] key pin/password requested", instance->identifier, ctx_name);
mfa_event ev = {0};
ev.event_type = TunnelEvents.MFAEvent;
ev.identifier = instance->identifier;
ev.operation = mfa_status_name(mfa_status_key_pass_challenge);
CMD_CTX.on_event((const base_event *) &ev);
break;
}
case ziti_auth_select_external:
case ziti_auth_login_external: {
ZITI_LOG(INFO, "ztx[%s/%s] ext auth event received", instance->identifier, ctx_name);
ext_signer_event ev = {0};
ev.event_type = TunnelEvents.ExtJWTEvent;
ev.identifier = instance->identifier;
ev.status = "login_with_ext_signer";

for (int idx = 0; event->auth.providers && event->auth.providers[idx]; idx++) {
ziti_jwt_signer *signer = event->auth.providers[idx];
jwt_provider *provider = calloc(1, sizeof(*provider));
provider->name = signer->name;
provider->issuer = signer->provider_url;
model_list_append(&ev.providers, provider);
}
CMD_CTX.on_event((const base_event *) &ev);
model_list_clear(&ev.providers, free);
break;
}
default:
ZITI_LOG(WARN, "ztx[%s/%s] unsupported auth request[%d]",
instance->identifier, ctx_name, event->auth.action);
break;
}
break;

Expand Down

0 comments on commit 273e81d

Please sign in to comment.