Ana Sayfa Keşfet Yardım
Giriş Yap
cpp
/
ZeroTierOne
şunun yansıması https://github.com/zerotier/ZeroTierOne
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Adjust deauth time window and send revocation when SSO members expire.

Adam Ierymenko 4 yıl önce
ebeveyn
2d0f76bb9c
işleme
576b4f03a5
6 değiştirilmiş dosya ile 27 ekleme ve 3 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 8 0
      controller/DB.cpp
  2. 2 0
      controller/DB.hpp
  3. 8 0
      controller/DBMirrorSet.cpp
  4. 1 0
      controller/DBMirrorSet.hpp
  5. 5 0
      controller/EmbeddedNetworkController.cpp
  6. 3 3
      make-mac.mk

+ 8 - 0
controller/DB.cpp
Dosyayı Görüntüle 

@@ -196,6 +196,14 @@ void DB::networks(std::set<uint64_t> &networks)
 
 		networks.insert(n->first);
 
 }
 
 
+void DB::networkMemberSSOHasExpired(uint64_t nwid, int64_t now) {
 
+	std::lock_guard<std::mutex> l(_networks_l);
 
+	auto nw = _networks.find(nwid);
 
+	if (nw != _networks.end()) {
 
+		nw->second->mostRecentDeauthTime = now;
 
+	}
 
+}
 
+
 
 void DB::_memberChanged(nlohmann::json &old,nlohmann::json &memberConfig,bool notifyListeners)
 
 {
 
 	uint64_t memberId = 0;

+ 2 - 0
controller/DB.hpp
Dosyayı Görüntüle 

@@ -107,7 +107,9 @@ public:
 
 	virtual void eraseNetwork(const uint64_t networkId) = 0;
 
 	virtual void eraseMember(const uint64_t networkId,const uint64_t memberId) = 0;
 
 	virtual void nodeIsOnline(const uint64_t networkId,const uint64_t memberId,const InetAddress &physicalAddress) = 0;
 
+
 
 	virtual std::string getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL) { return ""; }
 
+	virtual void networkMemberSSOHasExpired(uint64_t nwid, int64_t ts);
 
 
 	inline void addListener(DB::ChangeListener *const listener)
 
 	{

+ 8 - 0
controller/DBMirrorSet.cpp
Dosyayı Görüntüle 

@@ -137,6 +137,14 @@ std::string DBMirrorSet::getSSOAuthURL(const nlohmann::json &member, const std::
 
 	return "";
 
 }
 
 
+void DBMirrorSet::networkMemberSSOHasExpired(uint64_t nwid, int64_t ts)
 
+{
 
+	std::lock_guard<std::mutex> l(_dbs_l);
 
+	for(auto d=_dbs.begin();d!=_dbs.end();++d) { 
+		(*d)->networkMemberSSOHasExpired(nwid, ts);
 
+	}
 
+}
 
+
 
 void DBMirrorSet::networks(std::set<uint64_t> &networks)
 
 {
 
 	std::lock_guard<std::mutex> l(_dbs_l);

+ 1 - 0
controller/DBMirrorSet.hpp
Dosyayı Görüntüle 

@@ -52,6 +52,7 @@ public:
 
 	virtual void onNetworkMemberDeauthorize(const void *db,uint64_t networkId,uint64_t memberId);
 
 
 	std::string getSSOAuthURL(const nlohmann::json &member, const std::string &redirectURL);
 
+	void networkMemberSSOHasExpired(uint64_t nwid, int64_t ts);
 
 
 	inline void addDB(const std::shared_ptr<DB> &db)
 
 	{

+ 5 - 0
controller/EmbeddedNetworkController.cpp
Dosyayı Görüntüle 

@@ -1369,11 +1369,16 @@ void EmbeddedNetworkController::_request(
 
 		fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
 
 		if (authenticationExpiryTime < now) {
 
 			if (!authenticationURL.empty()) {
 
+				_db.networkMemberSSOHasExpired(nwid, now);
 
+				onNetworkMemberDeauthorize(&_db, nwid, identity.address().toInt());
 
+
 
 				Dictionary<3072> authInfo;
 
 				authInfo.add("aU", authenticationURL.c_str());
 
 				fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
 
+
 
 				DB::cleanMember(member);
 
 				_db.save(member,true);
 
+
 
 				_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
 
 				return;
 
 			}

+ 3 - 3
make-mac.mk
Dosyayı Görüntüle 

@@ -75,7 +75,7 @@ ifeq ($(ZT_DEBUG),1)
 
 node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g $(INCLUDES) $(DEFS)
 
 else
 
 	CFLAGS?=-Ofast -fstack-protector-strong
 
-	CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
 
+	CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -mmacosx-version-min=10.13 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
 
 	STRIP=strip
 
 endif
 
 
@@ -93,10 +93,10 @@ CXXFLAGS=$(CFLAGS) -std=c++11 -stdlib=libc++
 
 all: one
 
 
 ext/x64-salsa2012-asm/salsa2012.o:
 
-	as -arch x86_64 -mmacosx-version-min=10.7 -o ext/x64-salsa2012-asm/salsa2012.o ext/x64-salsa2012-asm/salsa2012.s
 
+	as -arch x86_64 -mmacosx-version-min=10.13 -o ext/x64-salsa2012-asm/salsa2012.o ext/x64-salsa2012-asm/salsa2012.s
 
 
 mac-agent: FORCE
 
-	$(CC) -Ofast $(ARCH_FLAGS) -mmacosx-version-min=10.7 -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c
 
+	$(CC) -Ofast $(ARCH_FLAGS) -mmacosx-version-min=10.13 -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c
 
 	$(CODESIGN) -f --options=runtime -s $(CODESIGN_APP_CERT) MacEthernetTapAgent
 
 
 osdep/MacDNSHelper.o: osdep/MacDNSHelper.mm