diff --git a/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c b/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c index 3a5f2d97..844bd92d 100644 --- a/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c +++ b/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c @@ -1023,14 +1023,16 @@ static void on_enable_mfa(ziti_context ztx, int status, ziti_mfa_enrollment *enr ev->provisioning_url = strdup(enrollment->provisioning_url); char **rc = enrollment->recovery_codes; int size = 0; - while (*rc != NULL) { + while (rc != NULL && *rc != NULL) { rc++; size++; } ev->recovery_codes = calloc((size + 1), sizeof(char *)); - int idx; - for (idx=0; enrollment->recovery_codes[idx] !=0; idx++) { - ev->recovery_codes[idx] = strdup(enrollment->recovery_codes[idx]); + if(enrollment->recovery_codes != NULL) { + int idx; + for (idx = 0; enrollment->recovery_codes[idx] != 0; idx++) { + ev->recovery_codes[idx] = strdup(enrollment->recovery_codes[idx]); + } } } diff --git a/programs/ziti-edge-tunnel/instance.c b/programs/ziti-edge-tunnel/instance.c index 2f55b1d1..fd482c5c 100644 --- a/programs/ziti-edge-tunnel/instance.c +++ b/programs/ziti-edge-tunnel/instance.c @@ -76,7 +76,7 @@ tunnel_identity *create_or_get_tunnel_identity(const char* identifier, char* fil snprintf(tnl_id->Name, length+1, "%s", fingerprint); tnl_id->IdFileStatus = true; - + tnl_id->Active = true; } model_map_set(&tnl_identity_map, identifier, tnl_id); return tnl_id; @@ -555,7 +555,6 @@ void set_identifier_from_identities() { } //on startup - set mfa needed to false to correctly reflect tunnel status. After the identity is loaded these //are set to true __if necessary__ - tnl_id->MfaEnabled = false; tnl_id->MfaNeeded = false; } } @@ -565,14 +564,9 @@ void initialize_tunnel_status() { tnl_status.Duration = 0; uv_timeval64_t now; uv_gettimeofday(&now); - tnl_status.StartTime.tv_sec = now.tv_sec; + tnl_status.StartTime.tv_sec = (long)now.tv_sec; tnl_status.StartTime.tv_usec = now.tv_usec; - if (tnl_status.ApiPageSize < MIN_API_PAGESIZE) { - tnl_status.ApiPageSize = DEFAULT_API_PAGESIZE; - } - if (tnl_status.LogLevel == NULL) { - tnl_status.LogLevel = "info"; - } + tnl_status.ApiPageSize = DEFAULT_API_PAGESIZE; } diff --git a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c index 8defe199..b66ca1ed 100644 --- a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c +++ b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c @@ -149,7 +149,7 @@ static const ziti_tunnel_ctrl *CMD_CTRL; static bool started_by_scm = false; static bool tunnel_interrupted = false; -uv_loop_t *ziti_loop = NULL; +uv_loop_t *global_loop_ref = NULL; tunneler_context tunneler; static uv_mutex_t stop_mutex; static uv_cond_t stop_cond; @@ -214,6 +214,15 @@ static void cmd_alloc(uv_handle_t *s, size_t sugg, uv_buf_t *b) { b->len = sugg; } +static void send_tunnel_status() { + tunnel_status_event tnl_sts_evt = {0}; + tnl_sts_evt.Op = strdup("status"); + tnl_sts_evt.Status = get_tunnel_status(); + send_events_message(&tnl_sts_evt, (to_json_fn) tunnel_status_event_to_json, true); + tnl_sts_evt.Status = NULL; //don't free + free_tunnel_status_event(&tnl_sts_evt); +} + static void on_cmd_write(uv_write_t *wr, int len) { if (wr->data) { free(wr->data); @@ -258,7 +267,7 @@ static void on_command_resp(const tunnel_result* result, void *ctx) { } if (model_map_size(&hostnamesToRemove) > 0) { - remove_nrpt_rules(ziti_loop, &hostnamesToRemove); + remove_nrpt_rules(global_loop_ref, &hostnamesToRemove); } } @@ -358,6 +367,7 @@ void tunnel_enroll_cb(const ziti_config *cfg, int status, const char *err, void send_tunnel_command(&tnl_cmd, add_id_req->cmd_ctx); free_tunnel_command(&tnl_cmd); free(add_id_req); + save_tunnel_status_to_file(); } static void enroll_ziti_async(uv_loop_t *loop, void *arg) { @@ -548,7 +558,7 @@ static bool process_tunnel_commands(const tunnel_command *tnl_cmd, command_cb cb add_id_req->identifier_file_name = strdup(new_identifier_name); add_id_req->jwt_content = strdup(tunnel_add_identity_cmd.jwtContent); - enroll_ziti_async(ziti_loop, add_id_req); + enroll_ziti_async(global_loop_ref, add_id_req); free_tunnel_add_identity(&tunnel_add_identity_cmd); return true; } @@ -570,7 +580,7 @@ static bool process_tunnel_commands(const tunnel_command *tnl_cmd, command_cb cb if (!stop_windows_service()) { ZITI_LOG(INFO, "Could not send stop signal to scm, Tunnel must not be started as service"); stop_tunnel_and_cleanup(); - uv_stop(ziti_loop); + uv_stop(global_loop_ref); } } free_tunnel_service_control(&tunnel_service_control_opts); @@ -734,13 +744,7 @@ static void on_events_client(uv_stream_t *s, int status) { ZITI_LOG(DEBUG,"Received events client connection request, count: %d", ++current_events_channels); // send status message immediately - tunnel_status_event tnl_sts_evt = {0}; - tnl_sts_evt.Op = strdup("status"); - tnl_sts_evt.Status = get_tunnel_status(); - send_events_message(&tnl_sts_evt, (to_json_fn) tunnel_status_event_to_json, true); - tnl_sts_evt.Status = NULL; - free_tunnel_status_event(&tnl_sts_evt); - + send_tunnel_status(); } @@ -750,7 +754,7 @@ void on_write_event(uv_write_t* req, int status) { if (status == UV_EPIPE) { struct event_conn_s *event_client; LIST_FOREACH(event_client, &event_clients_list, _next_event) { - if (event_client->event_client_conn == req->handle) { + if (event_client->event_client_conn == (uv_pipe_t*) req->handle) { break; } } @@ -1321,13 +1325,13 @@ static void on_event(const base_event *ev) { } } if (model_map_size(&hostnamesToEdit) > 0 && !is_host_only()) { - remove_and_add_nrpt_rules(ziti_loop, &hostnamesToEdit, get_dns_ip()); + remove_and_add_nrpt_rules(global_loop_ref, &hostnamesToEdit, get_dns_ip()); } if (model_map_size(&hostnamesToAdd) > 0 && !is_host_only()) { - add_nrpt_rules(ziti_loop, &hostnamesToAdd, get_dns_ip()); + add_nrpt_rules(global_loop_ref, &hostnamesToAdd, get_dns_ip()); } if (model_map_size(&hostnamesToRemove) > 0 && !is_host_only()) { - remove_nrpt_rules(ziti_loop, &hostnamesToRemove); + remove_nrpt_rules(global_loop_ref, &hostnamesToRemove); } #endif @@ -1361,12 +1365,13 @@ static void on_event(const base_event *ev) { case TunnelEvent_MFAEvent: { const mfa_event *mfa_ev = (mfa_event *) ev; - ZITI_LOG(INFO, "ztx[%s] is requesting MFA code", ev->identifier); + ZITI_LOG(INFO, "ztx[%s] is requesting MFA code. Identity needs MFA", ev->identifier); tunnel_identity *id = find_tunnel_identity(ev->identifier); if (id == NULL) { break; } - set_mfa_status(ev->identifier, true, true); + set_mfa_status(ev->identifier, id->MfaEnabled, true); + send_tunnel_status(); mfa_status_event mfa_sts_event = { .Op = strdup("mfa"), .Action = strdup(mfa_ev->operation), @@ -1411,9 +1416,11 @@ static void on_event(const base_event *ev) { send_events_message(&id_event, (to_json_fn) identity_event_to_json, true); id_event.Id = NULL; free_identity_event(&id_event); + save_tunnel_status_to_file(); // persist the mfa change break; case mfa_status_enrollment_remove: set_mfa_status(ev->identifier, false, false); + save_tunnel_status_to_file(); // persist the mfa change break; case mfa_status_enrollment_challenge: mfa_sts_event.RecoveryCodes = mfa_ev->recovery_codes; @@ -2001,19 +2008,19 @@ static void run(int argc, char *argv[]) { #if _WIN32 // initialize log function here. level will be set further down - log_init(ziti_loop); + log_init(global_loop_ref); log_fn = ziti_log_writer; remove_all_nrpt_rules(); signal(SIGINT, interrupt_handler); #endif - ziti_log_init(ziti_loop, log_level, log_fn); + ziti_log_init(global_loop_ref, log_level, log_fn); // generate tunnel status instance and save active state and start time if (config_dir != NULL) { set_identifier_path(config_dir); - load_tunnel_status_from_file(ziti_loop); + load_tunnel_status_from_file(global_loop_ref); } uint32_t tun_ip; @@ -2075,7 +2082,7 @@ static void run(int argc, char *argv[]) { ZITI_LOG(INFO," - initialized at : %s (local time), %s (UTC)", time_val, time_str); ZITI_LOG(INFO," - log file location: %s", get_log_file_name()); ZITI_LOG(INFO,"============================================================================"); - move_config_from_previous_windows_backup(ziti_loop); + move_config_from_previous_windows_backup(global_loop_ref); ZITI_LOG(DEBUG, "granting se_debug privilege to current process to allow access to privileged processes during posture checks"); //ensure this process has the necessary access token to get the full path of privileged processes @@ -2101,9 +2108,9 @@ static void run(int argc, char *argv[]) { int rc; if (is_host_only()) { - rc = run_tunnel_host_mode(ziti_loop); + rc = run_tunnel_host_mode(global_loop_ref); } else { - rc = run_tunnel(ziti_loop, tun_ip, dns_ip, configured_cidr, dns_upstream); + rc = run_tunnel(global_loop_ref, tun_ip, dns_ip, configured_cidr, dns_upstream); } exit(rc); } @@ -2258,7 +2265,7 @@ static int write_close(FILE *fp, const uv_buf_t *data) static void enroll(int argc, char *argv[]) { uv_loop_t *l = uv_loop_new(); int log_level = get_log_level(configured_log_level); - ziti_log_init(ziti_loop, log_level, NULL); + ziti_log_init(global_loop_ref, log_level, NULL); if (init_proxy_connector(configured_proxy) != 0) { exit(EXIT_FAILURE); } @@ -3298,8 +3305,8 @@ int main(int argc, char *argv[]) { } #endif - ziti_loop = uv_default_loop(); - if (ziti_loop == NULL) { + global_loop_ref = uv_default_loop(); + if (global_loop_ref == NULL) { ZITI_LOG(ERROR, "failed to initialize default uv loop"); exit(EXIT_FAILURE); }