Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding TLS authentication #840

Merged
merged 42 commits into from
May 31, 2024
Merged
Show file tree
Hide file tree
Changes from 38 commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
4456e3f
adding test files
kauncoder Mar 13, 2024
3c84e59
testing cert names
kauncoder Mar 13, 2024
7c8ee21
testing cert authn
kauncoder Mar 13, 2024
a067a77
adding basic authID functionality
kauncoder Mar 18, 2024
4e91772
remove secret files
kauncoder Mar 18, 2024
613086c
add extensibility
kauncoder Mar 19, 2024
e83ca81
add extensibility
kauncoder Mar 19, 2024
fa20fad
add extensibility
kauncoder Mar 19, 2024
bc1558d
adding type constraints
kauncoder Mar 20, 2024
294e0c5
adding level abstraction for authentication info
kauncoder Mar 22, 2024
f512764
adding username authentication
kauncoder Mar 25, 2024
8d048f4
cleaning code
kauncoder Mar 26, 2024
8ed2361
added cfg checks for auth_usrpwd
kauncoder Mar 27, 2024
29760c0
adding test files
kauncoder Mar 13, 2024
339170d
merge with 0.11
kauncoder Apr 22, 2024
39ec2bf
fix error due to vsock
kauncoder Apr 22, 2024
e43aa77
fix test error
kauncoder Apr 23, 2024
0b6b80f
access auth ids in acl interceptor
kauncoder Apr 25, 2024
427733b
add authentication support in acl
kauncoder Apr 25, 2024
78eacc9
added Subject
kauncoder Apr 25, 2024
7ba77b6
adding test files
kauncoder Mar 13, 2024
49143b4
merge with quic changes
kauncoder Apr 25, 2024
310c122
add authn features with acl
kauncoder Apr 26, 2024
b6eb797
remove error
kauncoder Apr 30, 2024
66dc536
add tests for tls and quic
kauncoder May 2, 2024
bfeaa53
add tests for user-password
kauncoder May 2, 2024
84bd03a
merge with latest acl
kauncoder May 2, 2024
0513918
remove format error
kauncoder May 2, 2024
b999a21
ignore tests without testfiles
kauncoder May 3, 2024
ae40b9c
remove shm test errors
kauncoder May 3, 2024
58739b1
remove typos
kauncoder May 3, 2024
bb16d4c
add testfiles for authn
kauncoder May 4, 2024
babdabc
fix testfiles for authn
kauncoder May 4, 2024
b4aaef9
Merge branch 'dev/1.0.0' into authn/testing
oteffahi May 28, 2024
0a03e99
Chore: Code format
oteffahi May 28, 2024
f91e885
Change port numbers to allow tests to run concurrently
oteffahi May 29, 2024
2714ced
Fix TLS and Quic test failures due to subsequent sessions on same por…
oteffahi May 29, 2024
baf4704
Format json configs
oteffahi May 29, 2024
405000a
Remove unused deprecated dependency async-rustls
oteffahi May 31, 2024
84ae20e
Chore: format list of cargo dependencies
oteffahi May 31, 2024
ae7f496
Merge branch 'dev/1.0.0' into authn/testing
oteffahi May 31, 2024
b136812
Fix imports
oteffahi May 31, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,6 @@

cargo-timing*.html

#ignore test data
testfiles
ci/valgrind-check/*.log
113 changes: 113 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -75,14 +75,17 @@ description = "Zenoh: Zero Overhead Pub/sub, Store/Query and Compute."
# DEFAULT-FEATURES NOTE: Be careful with default-features and additivity!
# (https://github.com/rust-lang/cargo/issues/11329)
[workspace.dependencies]


async-rustls = "0.4.0"
Mallets marked this conversation as resolved.
Show resolved Hide resolved
async-trait = "0.1.60"
aes = "0.8.2"
ahash = "0.8.7"
anyhow = { version = "1.0.69", default-features = false } # Default features are disabled due to usage in no_std crates
async-executor = "1.5.0"
async-global-executor = "2.3.1"
async-io = "1.13.0"
async-std = { version = "=1.12.0", default-features = false } # Default features are disabled due to some crates' requirements
async-trait = "0.1.60"
base64 = "0.21.4"
bincode = "1.3.3"
clap = { version = "4.4.11", features = ["derive"] }
Expand Down
4 changes: 4 additions & 0 deletions commons/zenoh-config/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@ pub struct DownsamplingItemConf {
#[derive(Serialize, Debug, Deserialize, Clone)]
pub struct AclConfigRules {
pub interfaces: Option<Vec<String>>,
pub cert_common_names: Option<Vec<String>>,
pub usernames: Option<Vec<String>>,
pub key_exprs: Vec<String>,
pub actions: Vec<Action>,
pub flows: Option<Vec<InterceptorFlow>>,
Expand All @@ -124,6 +126,8 @@ pub struct PolicyRule {
#[serde(rename_all = "snake_case")]
pub enum Subject {
Interface(String),
CertCommonName(String),
Username(String),
}

#[derive(Clone, Copy, Debug, Serialize, Deserialize, Eq, Hash, PartialEq)]
Expand Down
3 changes: 3 additions & 0 deletions io/zenoh-link-commons/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ pub struct Link {
pub is_reliable: bool,
pub is_streamed: bool,
pub interfaces: Vec<String>,
pub auth_identifier: LinkAuthId,
}

#[async_trait]
Expand Down Expand Up @@ -78,6 +79,7 @@ impl From<&LinkUnicast> for Link {
is_reliable: link.is_reliable(),
is_streamed: link.is_streamed(),
interfaces: link.get_interface_names(),
auth_identifier: link.get_auth_identifier(),
}
}
}
Expand All @@ -98,6 +100,7 @@ impl From<&LinkMulticast> for Link {
is_reliable: link.is_reliable(),
is_streamed: false,
interfaces: vec![],
auth_identifier: LinkAuthId::default(),
}
}
}
Expand Down
68 changes: 68 additions & 0 deletions io/zenoh-link-commons/src/unicast.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ use core::{
use std::net::SocketAddr;

use async_trait::async_trait;
use serde::Serialize;
use zenoh_protocol::{
core::{EndPoint, Locator},
transport::BatchSize,
Expand Down Expand Up @@ -51,6 +52,7 @@ pub trait LinkUnicastTrait: Send + Sync {
fn is_reliable(&self) -> bool;
fn is_streamed(&self) -> bool;
fn get_interface_names(&self) -> Vec<String>;
fn get_auth_identifier(&self) -> LinkAuthId;
async fn write(&self, buffer: &[u8]) -> ZResult<usize>;
async fn write_all(&self, buffer: &[u8]) -> ZResult<()>;
async fn read(&self, buffer: &mut [u8]) -> ZResult<usize>;
Expand Down Expand Up @@ -118,3 +120,69 @@ pub fn get_ip_interface_names(addr: &SocketAddr) -> Vec<String> {
}
}
}
#[derive(Clone, Debug, Serialize, Hash, PartialEq, Eq)]

pub enum LinkAuthType {
Tls,
Quic,
None,
}
#[derive(Clone, Debug, Serialize, Hash, PartialEq, Eq)]

pub struct LinkAuthId {
auth_type: LinkAuthType,
auth_value: Option<String>,
}

impl LinkAuthId {
pub fn get_type(&self) -> &LinkAuthType {
&self.auth_type
}
pub fn get_value(&self) -> &Option<String> {
&self.auth_value
}
}
impl Default for LinkAuthId {
fn default() -> Self {
LinkAuthId {
auth_type: LinkAuthType::None,
auth_value: None,
}
}
}

#[derive(Debug)]
pub struct LinkAuthIdBuilder {
pub auth_type: LinkAuthType, //HAS to be provided when building
pub auth_value: Option<String>, //actual value added to the above type; is None for None type
}
impl Default for LinkAuthIdBuilder {
fn default() -> Self {
Self::new()
}
}

impl LinkAuthIdBuilder {
pub fn new() -> LinkAuthIdBuilder {
LinkAuthIdBuilder {
auth_type: LinkAuthType::None,
auth_value: None,
}
}

pub fn auth_type(&mut self, auth_type: LinkAuthType) -> &mut Self {
self.auth_type = auth_type;
self
}
pub fn auth_value(&mut self, auth_value: Option<String>) -> &mut Self {
self.auth_value = auth_value;
self
}

pub fn build(&self) -> LinkAuthId {
LinkAuthId {
auth_type: self.auth_type.clone(),
auth_value: self.auth_value.clone(),
}
}
}
7 changes: 5 additions & 2 deletions io/zenoh-links/zenoh-link-quic/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,14 @@ base64 = { workspace = true }
futures = { workspace = true }
quinn = { workspace = true }
rustls-native-certs = { workspace = true }
rustls-pki-types = { workspace = true }
rustls-pki-types = { workspace = true }
rustls-webpki = { workspace = true }

secrecy = { workspace = true }
tokio = { workspace = true, features = [
"fs",
"io-util",
"net",
"fs",
"sync",
"time",
] }
Expand All @@ -56,3 +57,5 @@ zenoh-util = { workspace = true }
rustls = { version = "0.21", features = ["dangerous_configuration", "quic"] }
tokio-rustls = "0.24.1"
rustls-pemfile = { version = "1" }

x509-parser = "0.16.0"
Loading