Merge pull request #566 from indigo-dc/prerel

5.1.0
indigo-dc · Jan 18, 2024 · aad31ba · aad31ba
2 parents 07ae656 + fbf7a63
commit aad31ba
Show file tree

Hide file tree

Showing 26 changed files with 235 additions and 161 deletions.
diff --git a/.github/workflows/codebase.yml b/.github/workflows/codebase.yml
@@ -0,0 +1,20 @@
+name: codebase-sync
+
+on:
+  - push
+  - delete
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    name: Git Repo Sync
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: wangchucheng/[email protected]
+        with:
+          target-url: https://codebase.helmholtz.cloud/m-team/oidc/oidc-agent.git
+          target-username: gabriel.zachmann
+          # You can store token in your project's 'Setting > Secrets' and reference the name here. Such as ${{ secrets.ACCESS_TOKEN }}
+          target-token: ${{ secrets.CODEBASE_TOKEN }}
diff --git a/.gitlab-ci-scripts/local-before-script.sh b/.gitlab-ci-scripts/local-before-script.sh
@@ -8,9 +8,9 @@ export VERSION=`cat VERSION`
 # clone the packages file of this repo:
 # Try with VERSION
 echo "Trying to use branch for packaging: ${PACKAGING_BRANCH}/v${VERSION}"
-git clone -b ${PACKAGING_BRANCH}/v${VERSION} http://git.scc.kit.edu/m-team/oidc-agent.git delme || {
+git clone -b ${PACKAGING_BRANCH}/v${VERSION} http://codebase.helmholtz.cloud/m-team/oidc/oidc-agent.git delme || {
     echo "Falling back to ${PACKAGING_BRANCH}/latest"
-    git clone -b ${PACKAGING_BRANCH}/latest http://git.scc.kit.edu/m-team/oidc-agent.git delme
+    git clone -b ${PACKAGING_BRANCH}/latest http://codebase.helmholtz.cloud/m-team/oidc/oidc-agent.git delme
 }
 
 
@@ -62,6 +62,8 @@ case ${DISTRO} in
             buster)     make buster-debsource                           ;;
         esac
     ;;
+    win) # Do nothing for windows
+    ;;
     *) # We expect only RPM by default
         [ -d rpm ] || {
             echo "using freshly cloned and adapted rpm folder"

diff --git a/.gitlab-ci-scripts/set-prerelease-version.sh b/.gitlab-ci-scripts/set-prerelease-version.sh
@@ -29,17 +29,33 @@ done
 # Get master branch name:
 #   use origin if exists
 #   else use last found remote
-REMOTES=$(git remote show)
-for R in $REMOTES; do
-    MASTER=$(git remote show "$R"  2>/dev/null \
-        | sed -n '/HEAD branch/s/.*: //p')
-    MASTER_BRANCH="refs/remotes/${R}/${MASTER}"
-    #echo "Master-branch: ${MASTER_BRANCH}"
-    [ "x${R}" == "xorigin" ] && break
-done
+MASTER_BRANCH=""
+get_master_branch_of_mteam() {
+    git remote -vv | awk -F[\\t@:] '{ print $1 " " $3 }' | while read REMOTE HOST; do 
+        # echo " $HOST -- $REMOTE"
+        MASTER=$(git remote show "$REMOTE"  2>/dev/null \
+            | sed -n '/HEAD branch/s/.*: //p')
+        MASTER_BRANCH="refs/remotes/${REMOTE}/${MASTER}"
+        [ "x${HOST}" == "xcodebase.helmholtz.cloud" ] && {
+            echo "${MASTER_BRANCH}"
+            break
+        }
+        [ "x${HOST}" == "xgit.scc.kit.edu" ] && {
+            echo "${MASTER_BRANCH}"
+            break
+        }
+        [ "x${REMOTE}" == "xorigin" ] && {
+            echo "${MASTER_BRANCH}"
+            break
+        }
+    done
+}
 
+MASTER_BRANCH=$(get_master_branch_of_mteam)
 PREREL=$(git rev-list --count HEAD ^"$MASTER_BRANCH")
 
+
+
 # use version file:
 VERSION=$(cat $VERSION_FILE)
 PR_VERSION="${VERSION}-${DEVSTRING}${PREREL}"

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,10 +1,12 @@
 ---
 include:
-  - 'https://git.scc.kit.edu/m-team/ci-voodoo/raw/master/ci-include/generic-ci.yml'
-  - 'https://git.scc.kit.edu/m-team/ci-voodoo/raw/master/ci-include/pipeline-jobs.yml'
-  - 'https://git.scc.kit.edu/m-team/ci-voodoo/raw/master/ci-include/pipeline-jobs-publish-to-repo.yml'
+  - 'https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/raw/master/ci-include/generic-ci.yml'
+  - 'https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/raw/master/ci-include/pipeline-jobs.yml'
+  - 'https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/raw/master/ci-include/pipeline-jobs-publish-to-repo.yml'
+  - 'https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/raw/master/ci-include/github-status-sync.yml'
 
 variables:
+  UPSTREAM_PROJECT: indigo-dc/oidc-agent
   STAGING_BRANCH_NAME: 'staging'
   DOCKER_IMAGE_NAMESPACE: 'marcvs/build'
   DOCKER_IMAGE_NAME: 'oidc-agent'
@@ -81,89 +83,3 @@ build-windows-64:
       ls -la bin
 
       set +x
-
-ki-oidc-plugin:
-  stage: build
-  needs:
-    - build-windows-64
-    - build-windows-lib-64
-  rules:
-    - if: $CI_PIPELINE_SOURCE != "push" && $CI_PIPELINE_SOURCE != "web"
-      when: never
-    - if: $CI_PIPELINE_SOURCE == "external_pull_request_event"
-      variables:
-        TRIGGER_BRANCH: main
-    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
-      variables:
-        TRIGGER_BRANCH: main
-    - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
-      variables:
-        TRIGGER_BRANCH: devel
-  inherit:
-    variables:
-      - ANYBRANCH_RESOLVE_DEPENDENCIES_REPO
-      - ANYBRANCH_RESOLVE_DEPENDENCIES_REPO
-      - DISTRO
-      - PREPROD_RESOLVE_DEPENDENCIES_REPO
-      - PREREL_BRANCH_NAME
-      - PREREL_RESOLVE_DEPENDENCIES_REPO
-      - RELEASE
-      - RESOLVE_DEPENDENCIES_REPO
-  variables:
-    # These are needed to find the artifacts:
-    CI_UPSTREAM_PROJECT_PATH: $CI_PROJECT_PATH
-    CI_UPSTREAM_COMMIT_REF_NAME: $CI_COMMIT_REF_NAME
-    # These are needed to synchronise the rules
-    CI_UPSTREAM_PIPELINE_SOURCE: $CI_PIPELINE_SOURCE
-    CI_UPSTREAM_COMMIT_BRANCH: $CI_COMMIT_BRANCH
-    CI_UPSTREAM_DEFAULT_BRANCH: $CI_DEFAULT_BRANCH
-    CI_UPSTREAM_COMMIT_SHA: $CI_COMMIT_SHA
-    AGENT_REF: $CI_COMMIT_REF_NAME
-  trigger:
-    project: m-team/ki-oidc-plugin
-    branch: $TRIGGER_BRANCH
-    strategy: depend
-
-installer:
-  stage: publish
-  needs:
-    - build-windows-64
-    - ki-oidc-plugin
-  rules:
-    - if: $CI_PIPELINE_SOURCE != "push" && $CI_PIPELINE_SOURCE != "web"
-      when: never
-    - if: $CI_PIPELINE_SOURCE == "external_pull_request_event"
-      variables:
-        TRIGGER_BRANCH: main
-    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
-      variables:
-        TRIGGER_BRANCH: main
-    - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
-      variables:
-        TRIGGER_BRANCH: devel # TODO change back to devel if 5 is merged
-  inherit:
-    variables:
-      - ANYBRANCH_RESOLVE_DEPENDENCIES_REPO
-      - ANYBRANCH_RESOLVE_DEPENDENCIES_REPO
-      - DISTRO
-      - PREPROD_RESOLVE_DEPENDENCIES_REPO
-      - PREREL_BRANCH_NAME
-      - PREREL_RESOLVE_DEPENDENCIES_REPO
-      - RELEASE
-      - RESOLVE_DEPENDENCIES_REPO
-  variables:
-    # These are needed to find the artifacts:
-    CI_UPSTREAM_PROJECT_PATH: $CI_PROJECT_PATH
-    CI_UPSTREAM_COMMIT_REF_NAME: $CI_COMMIT_REF_NAME
-    # These are needed to synchronise the rules
-    CI_UPSTREAM_PIPELINE_SOURCE: $CI_PIPELINE_SOURCE
-    CI_UPSTREAM_COMMIT_BRANCH: $CI_COMMIT_BRANCH
-    CI_UPSTREAM_DEFAULT_BRANCH: $CI_DEFAULT_BRANCH
-    CI_UPSTREAM_COMMIT_SHA: $CI_COMMIT_SHA
-    PLUGIN_REF: $TRIGGER_BRANCH
-    AGENT_REF: $CI_COMMIT_REF_NAME
-  trigger:
-    project: m-team/oidc/oidc-agent-win-installer
-    branch: $TRIGGER_BRANCH
-    strategy: depend
-
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,22 @@
 <!-- ### Dependencies -->
 <!--  -->
 
+## oidc-agent 5.1.0
+
+### Changes
+
+- When an account configuration is generated and the OP returns scopes in the initial token flow, the account
+  configuration is updated with those scopes.
+
+### Features
+
+- Added option to `oidc-add` to load an account config directly into the agent without the agent checking if it works.
+
+### Bugfixes
+
+- Fixed a problem with the tmp dir path that could occur on some windows systems that prevented oidc-agent to start.
+- Fixed a potential segmentation fault when the oidc-agent dir is empty and account configs are listed.
+
 ## oidc-agent 5.0.1
 
 ### Bugfixes

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017 - 2022 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
+Copyright (c) 2017 - 2024 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/Makefile b/Makefile
@@ -438,9 +438,8 @@ $(OBJDIR)/%.o : $(SRCDIR)/%.c
 	set -e ;\
 	depFileName=$(OBJDIR)/$*.d ;\
 	$(CC) -MM $(CFLAGS) $< -o $${depFileName} $(DEFINE_USE_CJSON_SO) $(DEFINE_USE_LIST_SO) $(DEFINE_USE_MUSTACHE_SO) ;\
-	mv -f $${depFileName} $${depFileName}.tmp ;\
-	sed -e 's|.*:|$@:|' < $${depFileName}.tmp > $${depFileName} ;\
-	cp -f $${depFileName} $${depFileName}.tmp ;\
+	sed -e 's|.*:|$@:|' < $${depFileName} > $${depFileName}.tmp ;\
+	cp -f $${depFileName}.tmp $${depFileName} ;\
 	sed -e 's/.*://' -e 's/\\$$//' < $${depFileName}.tmp | fmt -1 | \
 	  sed -e 's/^ *//' -e 's/$$/:/' >> $${depFileName} ;\
 	rm -f $${depFileName}.tmp ;\
@@ -467,7 +466,7 @@ $(OBJDIR)/%.o : $(SRCDIR)/%.cc
 ## Compile lib sources
 $(OBJDIR)/%.o : $(LIBDIR)/%.c
 	@mkdir -p $(@D)
-	@$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) $(CFLAGS) -c $< -o $@ $(DEFINE_USE_CJSON_SO)
 	@echo "Compiled "$<" successfully!"
 
 ## Compile position independent code

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-5.0.1
+5.1.0
diff --git a/config/issuer.config.d/cilogon b/config/issuer.config.d/cilogon
@@ -0,0 +1,8 @@
+{
+  "issuer": "https://cilogon.org",
+  "contact": "",
+  "pubclient": {
+    "client_id": "cilogon:/client_id/657ba8a09892e3122957a61a0729201d",
+    "scope": "openid profile email offline_access org.cilogon.userinfo edu.uiuc.ncsa.myproxy.getcert"
+  }
+}
diff --git a/config/issuer.config.d/fels-regapp b/config/issuer.config.d/fels-regapp
@@ -0,0 +1,10 @@
+{
+  "issuer": "https://fels.scc.kit.edu/oidc/realms/fels",
+  "contact": "[email protected]",
+  "pubclient": {
+    "client_id": "public_oidc_agent",
+    "client_secret": "public",
+    "scope": "openid profile email"
+  },
+  "pw-store": true
+}
diff --git a/gitbook/agent-clients.md b/gitbook/agent-clients.md
@@ -7,7 +7,7 @@ to obtain an access token from oidc-agent. The following applications are alread
 - [wattson](https://github.com/indigo-dc/wattson)
 - [orchent](https://github.com/indigo-dc/orchent)
 - [UNICORE command line client](https://www.unicore.eu)
-- [feudalSSH](https://git.scc.kit.edu/feudal/feudalSSH)
+- [feudalSSH](https://codebase.helmholtz.cloud/m-team/feudal/feudalSSH)
 - [mccli](https://github.com/dianagudu/mccli)
 - [fedcloud client](https://www.fedcloud.eu/fedcloudclient)
 - [FLAAT](https://github.com/indigo-dc/flaat)

diff --git a/gitbook/installation/intro.md b/gitbook/installation/intro.md
@@ -1,4 +1,4 @@
 # Installation
 
-`oidc-agent` is avialable on [Linux](install.md), [MacOS](macos.md), and [Windows](windows.md). The installataion method
+`oidc-agent` is available on [Linux](install.md), [MacOS](macos.md), and [Windows](windows.md). The installation method
 differs depending on your operating system. Please refer to the relevant page.
diff --git a/src/defines/agent_values.h b/src/defines/agent_values.h
@@ -50,6 +50,7 @@
 #define CONFIG_KEY_STATSCOLLECTSHARE "stats_collect_share"
 #define CONFIG_KEY_STATSCOLLECTLOCATION "stats_collect_location"
 #define CONFIG_KEY_LEGACYAUDMODE "legacy_aud_mode"
+#define CONFIG_KEY_PLAINADD "skip-check"
 
 #define ACCOUNTINFO_KEY_HASPUBCLIENT "pubclient"
 

diff --git a/src/defines/ipc_values.h b/src/defines/ipc_values.h
@@ -36,6 +36,7 @@
 #define IPC_KEY_ONLYAT "only_at"
 #define IPC_KEY_MYTOKEN_OIDC_ISS "oidc_issuer"
 #define IPC_KEY_MYTOKEN_MY_ISS "mytoken_issuer"
+#define IPC_KEY_PLAINADD "plain_add"
 
 // STATUS
 #define STATUS_SUCCESS "success"
@@ -137,11 +138,12 @@
 #define REQUEST_ADD_LIFETIME                                             \
   "{\"" IPC_KEY_REQUEST "\":\"" REQUEST_VALUE_ADD "\",\"" IPC_KEY_CONFIG \
   "\":%s,\"" IPC_KEY_LIFETIME "\":%lu,\"" IPC_KEY_PASSWORDENTRY          \
-  "\":%s,\"" IPC_KEY_CONFIRM "\":%d,\"" IPC_KEY_ALWAYSALLOWID "\":%d}"
+  "\":%s,\"" IPC_KEY_CONFIRM "\":%d,\"" IPC_KEY_ALWAYSALLOWID            \
+  "\":%d,\"" IPC_KEY_PLAINADD "\":%d}"
 #define REQUEST_ADD                                                      \
   "{\"" IPC_KEY_REQUEST "\":\"" REQUEST_VALUE_ADD "\",\"" IPC_KEY_CONFIG \
   "\":%s,\"" IPC_KEY_PASSWORDENTRY "\":%s,\"" IPC_KEY_CONFIRM            \
-  "\":%d,\"" IPC_KEY_ALWAYSALLOWID "\":%d}"
+  "\":%d,\"" IPC_KEY_ALWAYSALLOWID "\":%d,\"" IPC_KEY_PLAINADD "\":%d}"
 #define REQUEST_REMOVE                                                         \
   "{\"" IPC_KEY_REQUEST "\":\"" REQUEST_VALUE_REMOVE "\",\"" IPC_KEY_SHORTNAME \
   "\":\"%s\"}"

diff --git a/src/oidc-add/add_handler.c b/src/oidc-add/add_handler.c
@@ -80,14 +80,14 @@ void add_handleAdd(char* account, struct arguments* arguments) {
 
   char* res = NULL;
   if (storePW) {
-    res = ipc_cryptCommunicate(arguments->remote, REQUEST_ADD_LIFETIME, json_p,
-                               arguments->lifetime.lifetime, pw_str,
-                               arguments->confirm,
-                               arguments->always_allow_idtoken);
+    res = ipc_cryptCommunicate(
+        arguments->remote, REQUEST_ADD_LIFETIME, json_p,
+        arguments->lifetime.lifetime, pw_str, arguments->confirm,
+        arguments->always_allow_idtoken, arguments->plainadd);
   } else {
-    res = ipc_cryptCommunicate(arguments->remote, REQUEST_ADD, json_p, pw_str,
-                               arguments->confirm,
-                               arguments->always_allow_idtoken);
+    res = ipc_cryptCommunicate(
+        arguments->remote, REQUEST_ADD, json_p, pw_str, arguments->confirm,
+        arguments->always_allow_idtoken, arguments->plainadd);
   }
   secFree(pw_str);
   secFree(json_p);

diff --git a/src/oidc-add/oidc-add_options.c b/src/oidc-add/oidc-add_options.c
@@ -1,5 +1,6 @@
 #include "oidc-add_options.h"
 
+#include "defines/agent_values.h"
 #include "defines/settings.h"
 #include "utils/commonFeatures.h"
 #include "utils/config/add_config.h"
@@ -13,6 +14,7 @@
 #define OPT_PW_FILE 7
 #define OPT_REMOTE 8
 #define OPT_PW_ENV 9
+#define OPT_PLAINADD 10
 
 static struct argp_option options[] = {
     {0, 0, 0, 0, "General:", 1},
@@ -53,6 +55,10 @@ static struct argp_option options[] = {
      "Always allow id-token requests without manual approval by the user for "
      "this account configuration.",
      1},
+    {CONFIG_KEY_PLAINADD, OPT_PLAINADD, 0, 0,
+     "Indicates that the agent should load the account configuration without "
+     "checking it, i.e. no access token is obtained on load.",
+     1},
     {"remote", OPT_REMOTE, 0, 0,
      "Use a remote central oidc-agent, instead of a local one.", 1},
     {"force", 'f', 0, 0,
@@ -107,6 +113,7 @@ static error_t parse_opt(int key, char* arg, struct argp_state* state) {
       arguments->pw_lifetime.argProvided = 1;
       break;
     case OPT_ALWAYS_ALLOW_IDTOKEN: arguments->always_allow_idtoken = 1; break;
+    case OPT_PLAINADD: arguments->plainadd = 1; break;
     case 't':
       if (!isdigit(*arg)) {
         return ARGP_ERR_UNKNOWN;
@@ -169,6 +176,7 @@ void initArguments(struct arguments* arguments) {
   arguments->always_allow_idtoken    = 0;
   arguments->remote                  = 0;
   arguments->force                   = 0;
+  arguments->plainadd                = getAddConfig()->plain_add;
   arguments->pw_prompt_mode          = getAddConfig()->pw_prompt_mode;
   set_pw_prompt_mode(arguments->pw_prompt_mode);
 }