Merge pull request #762 from openziti/fix-disable-during-pre-auth

Fix disable during pre auth
openziti · Oct 30, 2024 · 1046c26 · 1046c26
2 parents 2120296 + fcfe897
commit 1046c26
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 19 deletions.
diff --git a/inc_internal/zt_internal.h b/inc_internal/zt_internal.h
@@ -296,7 +296,7 @@ struct ziti_ctx {
 
     char *last_update;
 
-    uv_timer_t *service_refresh_timer;
+    uv_timer_t *refresh_timer;
     uv_prepare_t *prepper;
 
     uv_loop_t *loop;

diff --git a/library/ziti.c b/library/ziti.c
@@ -357,6 +357,7 @@ const char* ziti_get_api_session_token(ziti_context ztx) {
 
 static void ziti_stop_internal(ziti_context ztx, void *data) {
     if (ztx->enabled) {
+        ZTX_LOG(INFO, "disabling Ziti Context");
         ztx->enabled = false;
 
         metrics_rate_close(&ztx->up_rate);
@@ -367,7 +368,7 @@ static void ziti_stop_internal(ziti_context ztx, void *data) {
         }
 
         // stop updates
-        uv_timer_stop(ztx->service_refresh_timer);
+        uv_timer_stop(ztx->refresh_timer);
 
         if (ztx->posture_checks) {
             ziti_posture_checks_free(ztx->posture_checks);
@@ -392,8 +393,10 @@ static void ziti_stop_internal(ziti_context ztx, void *data) {
             it = model_map_it_remove(it);
         }
 
-        ztx->auth_method->free(ztx->auth_method);
-        ztx->auth_method = NULL;
+        if (ztx->auth_method) {
+            ztx->auth_method->free(ztx->auth_method);
+            ztx->auth_method = NULL;
+        }
 
         if (ztx->ext_auth) {
             oidc_client_close(ztx->ext_auth, (oidc_close_cb) free);
@@ -418,6 +421,7 @@ uv_timer_t* new_ztx_timer(ziti_context ztx) {
 
 static void ziti_start_internal(ziti_context ztx, void *init_req) {
     if (!ztx->enabled) {
+        ZTX_LOG(INFO, "enabling Ziti Context");
         ztx->enabled = true;
         ztx->logout = false;
 
@@ -517,7 +521,7 @@ static void ziti_init_async(ziti_context ztx, void *data) {
     ztx->id = ztx_seq++;
     uv_loop_t *loop = ztx->w_async.loop;
 
-    ztx->service_refresh_timer = new_ztx_timer(ztx);
+    ztx->refresh_timer = new_ztx_timer(ztx);
 
     ztx->prepper = calloc(1, sizeof(uv_prepare_t));
     uv_prepare_init(loop, ztx->prepper);
@@ -672,7 +676,7 @@ static void shutdown_and_free(ziti_context ztx) {
 
     grim_reaper(ztx);
     CLOSE_AND_NULL(ztx->prepper);
-    CLOSE_AND_NULL(ztx->service_refresh_timer);
+    CLOSE_AND_NULL(ztx->refresh_timer);
 
     uv_close((uv_handle_t *) &ztx->w_async, free_ztx);
 }
@@ -1276,7 +1280,7 @@ void ziti_services_refresh(ziti_context ztx, bool now) {
             ZTX_LOG(VERBOSE, "scheduling service refresh %ld seconds from now", ztx->opts.refresh_interval);
         }
         uint64_t timeout = now ? 0 : (ztx->opts.refresh_interval * 1000);
-        uv_timer_start(ztx->service_refresh_timer, refresh_cb, timeout, 0);
+        uv_timer_start(ztx->refresh_timer, refresh_cb, timeout, 0);
     }
 }
 
@@ -1730,8 +1734,9 @@ int ziti_refresh(ziti_context ztx) {
 
 static void pre_auth_retry(uv_timer_t *t) {
     ziti_context ztx = t->data;
-    ziti_re_auth(ztx);
-    uv_close((uv_handle_t *) t, (uv_close_cb) free);
+    if (ztx->enabled) {
+        ziti_re_auth(ztx);
+    }
 }
 
 static void jwt_signers_cb(ziti_jwt_signer_array arr, const ziti_error *err, void *ctx) {
@@ -1750,10 +1755,7 @@ static void version_pre_auth_cb(const ziti_version *version, const ziti_error *e
     ziti_context ztx = ctx;
     if (err) {
         ZTX_LOG(WARN, "failed to get controller version: %s/%s", err->code, err->message);
-        uv_timer_t *t = calloc(1, sizeof(*t));
-        uv_timer_init(ztx->loop, t);
-        t->data = ztx;
-        uv_timer_start(t, pre_auth_retry, 5 * 1000, 0);
+        uv_timer_start(ztx->refresh_timer, pre_auth_retry, 5 * 1000, 0);
     } else {
         bool ha = ziti_has_capability(version, ziti_ctrl_caps.HA_CONTROLLER);
         ZTX_LOG(INFO, "connected to %s controller %s version %s(%s %s)",

diff --git a/programs/ziti-prox-c/proxy.c b/programs/ziti-prox-c/proxy.c
@@ -648,11 +648,40 @@ static void stopper_alloc(uv_handle_t *h, size_t i, uv_buf_t *pBuf) {
     *pBuf = uv_buf_init(buf, sizeof(buf));
 }
 
+#define PROXC_CMD(XX, ...) \
+XX(stop, __VA_ARGS__)      \
+XX(enable, __VA_ARGS__)    \
+XX(disable, __VA_ARGS__)   \
+
+
+DECLARE_ENUM(ProxyCmd, PROXC_CMD)
+
+IMPL_ENUM(ProxyCmd, PROXC_CMD)
+
+
 static void stopper_recv(uv_udp_t *u, ssize_t len,
                          const uv_buf_t *b,
                          const struct sockaddr *addr, unsigned int flags) {
-    process_stop(u->loop, &app_ctx);
-    uv_close((uv_handle_t *) u, NULL);
+
+    if (len == 0) return;
+
+    ProxyCmd cmd = ProxyCmds.value_ofn(b->base, len - 1);
+
+    switch (cmd) {
+        case ProxyCmd_Unknown:
+            ZITI_LOG(WARN, "unknown cmd: %.*s", (int)len, b->base);
+            break;
+        case ProxyCmd_stop:
+            process_stop(u->loop, &app_ctx);
+            uv_close((uv_handle_t *) u, NULL);
+            break;
+        case ProxyCmd_enable:
+            ziti_set_enabled(app_ctx.ziti, true);
+            break;
+        case ProxyCmd_disable:
+            ziti_set_enabled(app_ctx.ziti, false);
+            break;
+    }
 }
 
 void run(int argc, char **argv) {
@@ -692,10 +721,9 @@ void run(int argc, char **argv) {
     }
 
     ziti_config cfg;
-    ziti_context ztx;
 
     ziti_load_config(&cfg, config);
-    ziti_context_init(&ztx, &cfg);
+    ziti_context_init(&app_ctx.ziti, &cfg);
 
     ziti_options opts = {
             .events = -1,
@@ -706,9 +734,9 @@ void run(int argc, char **argv) {
             .config_types = my_configs,
             .metrics_type = INSTANT,
     };
-    ziti_context_set_options(ztx, &opts);
+    ziti_context_set_options(app_ctx.ziti, &opts);
 
-    ziti_context_run(ztx, loop);
+    ziti_context_run(app_ctx.ziti, loop);
 
 
 #if __unix__ || __unix