Netconf updates -- actually issue COM, and log attempts to access networks in NetworkActivity using the new authenticated flag in the new DB schema.

netconf-service/Makefile

@@ -1,7 +1,7 @@
 all:
 	gcc -O6 -c ../ext/lz4/lz4hc.c ../ext/lz4/lz4.c
-	g++ -DZT_OSNAME="linux" -DZT_ARCH="x86_64" -I/usr/include/mysql -I../ext/bin/libcrypto/include -O -pthread -o netconf.service netconf.cpp ../node/Utils.cpp ../node/Identity.cpp ../node/Salsa20.cpp ../node/C25519.cpp ../node/SHA512.cpp lz4.o lz4hc.o -lmysqlpp
-	g++ -DZT_OSNAME="linux" -DZT_ARCH="x86_64" -I/usr/include/mysql -I../ext/bin/libcrypto/include -O -pthread -o netconf-test netconf-test.cpp ../node/Utils.cpp ../node/Identity.cpp ../node/Salsa20.cpp ../node/Logger.cpp ../node/Service.cpp ../node/C25519.cpp ../node/SHA512.cpp lz4.o lz4hc.o
+	g++ -DZT_OSNAME="linux" -DZT_ARCH="x86_64" -I/usr/include/mysql -I../ext/bin/libcrypto/include -O -pthread -o netconf.service netconf.cpp ../node/Utils.cpp ../node/Identity.cpp ../node/Salsa20.cpp ../node/C25519.cpp ../node/SHA512.cpp ../node/CertificateOfMembership.cpp lz4.o lz4hc.o -lmysqlpp
+#	g++ -DZT_OSNAME="linux" -DZT_ARCH="x86_64" -I/usr/include/mysql -I../ext/bin/libcrypto/include -O -pthread -o netconf-test netconf-test.cpp ../node/Utils.cpp ../node/Identity.cpp ../node/Salsa20.cpp ../node/Logger.cpp ../node/Service.cpp ../node/C25519.cpp ../node/SHA512.cpp lz4.o lz4hc.o
 
 clean:
 	rm -f *.o netconf.service netconf-test

netconf-service/netconf.cpp

@@ -69,11 +69,13 @@
 
 #include <mysql++/mysql++.h>
 
+#include "../node/Constants.hpp"
 #include "../node/Dictionary.hpp"
 #include "../node/Identity.hpp"
 #include "../node/Utils.hpp"
 #include "../node/Mutex.hpp"
 #include "../node/NetworkConfig.hpp"
+#include "../node/CertificateOfMembership.hpp"
 
 using namespace ZeroTier;
 using namespace mysqlpp;
@@ -116,6 +118,7 @@ int main(int argc,char **argv)
 	}
 
 	char buf[131072],buf2[131072];
+	Identity signingIdentity;
 	std::string dictBuf;
 
 	try {
@@ -195,7 +198,15 @@ int main(int argc,char **argv)
 
 		try {
 			const std::string &reqType = request.get("type");
-			if (reqType == "netconf-request") { // NETWORK_CONFIG_REQUEST packet
+			if (reqType == "netconf-init") { // initialization to set things like netconf's identity
+				Identity netconfId(request.get("netconfId"));
+				if ((netconfId)&&(netconfId.hasPrivate()))
+					signingIdentity = netconfId;
+				else {
+					fprintf(stderr,"netconfId invalid or lacks private key\n");
+					return -1;
+				}
+			} else if (reqType == "netconf-request") { // NETWORK_CONFIG_REQUEST packet
 				// Deserialize querying peer identity and network ID
 				Identity peerIdentity(request.get("peerId"));
 				uint64_t nwid = strtoull(request.get("nwid").c_str(),(char **)0,16);
@@ -224,7 +235,7 @@ int main(int argc,char **argv)
 						}
 					} else {
 						q = dbCon->query();
-						q << "INSERT INTO Node (id,creationTime,lastSeen,identity) VALUES (" << peerIdentity.address().toInt() << "," << Utils::now() << ",0," << quote << peerIdentity.toString(false) << ")";
+						q << "INSERT INTO Node (id,creationTime,identity) VALUES (" << peerIdentity.address().toInt() << "," << Utils::now() << "," << quote << peerIdentity.toString(false) << ")";
 						if (!q.exec()) {
 							fprintf(stderr,"error inserting Node row for peer %s, aborting netconf request\n",peerIdentity.address().toString().c_str());
 							continue;
@@ -233,13 +244,6 @@ int main(int argc,char **argv)
 					}
 				}
 
-				// Update lastSeen for Node, which is always updated on a netconf request
-				{
-					Query q = dbCon->query();
-					q << "UPDATE Node SET lastSeen = " << Utils::now() << " WHERE id = " << peerIdentity.address().toInt();
-					q.exec();
-				}
-
 				// Look up core network information
 				bool isOpen = false;
 				unsigned int multicastPrefixBits = 0;
@@ -278,11 +282,13 @@ int main(int argc,char **argv)
 						write(STDOUT_FILENO,&respml,4);
 						write(STDOUT_FILENO,respm.data(),respm.length());
 						stdoutWriteLock.unlock();
+
 						continue; // ABORT, wait for next request
 					}
 				}
 
 				// Check membership if this is a closed network
+				bool authenticated = true;
 				if (!isOpen) {
 					Query q = dbCon->query();
 					q << "SELECT Node_id FROM NetworkNodes WHERE Network_id = " << nwid << " AND Node_id = " << peerIdentity.address().toInt();
@@ -301,10 +307,28 @@ int main(int argc,char **argv)
 						write(STDOUT_FILENO,&respml,4);
 						write(STDOUT_FILENO,respm.data(),respm.length());
 						stdoutWriteLock.unlock();
-						continue; // ABORT, wait for next request
+
+						authenticated = false;
+					}
+				}
+
+				// Update most recent activity entry for this peer, also indicating
+				// whether authentication was successful.
+				{
+					if (fromAddr.length()) {
+						Query q = dbCon->query();
+						q << "INSERT INTO NetworkActivity (Network_id,Node_id,lastActivityTime,authenticated,lastActivityFrom) VALUES (" << nwid << "," << peerIdentity.address().toInt() << "," << Utils::now() << "," << (authenticated ? 1 : 0) << "," << quote << fromAddr << ") ON DUPLICATE KEY UPDATE lastActivityTime = VALUES(lastActivityTime),authenticated = VALUES(authenticated),lastActivityFrom = VALUES(lastActivityFrom)";
+						q.exec();
+					} else {
+						Query q = dbCon->query();
+						q << "INSERT INTO NetworkActivity (Network_id,Node_id,lastActivityTime,authenticated) VALUES (" << nwid << "," << peerIdentity.address().toInt() << "," << Utils::now() << "," << (authenticated ? 1 : 0) << ") ON DUPLICATE KEY UPDATE lastActivityTime = VALUES(lastActivityTime),authenticated = VALUES(authenticated)";
+						q.exec();
 					}
 				}
 
+				if (!authenticated)
+					continue; // ABORT, wait for next request
+
 				// Get list of etherTypes in comma-delimited hex format
 				std::string etherTypeWhitelist;
 				{
@@ -401,19 +425,6 @@ int main(int argc,char **argv)
 					}
 				}
 
-				// Update activity table for this network to indicate peer's participation
-				{
-					if (fromAddr.length()) {
-						Query q = dbCon->query();
-						q << "INSERT INTO NetworkActivity (Network_id,Node_id,lastActivityTime,lastActivityFrom) VALUES (" << nwid << "," << peerIdentity.address().toInt() << "," << Utils::now() << "," << quote << fromAddr << ") ON DUPLICATE KEY UPDATE lastActivityTime = VALUES(lastActivityTime),lastActivityFrom = VALUES(lastActivityFrom)";
-						q.exec();
-					} else {
-						Query q = dbCon->query();
-						q << "INSERT INTO NetworkActivity (Network_id,Node_id,lastActivityTime) VALUES (" << nwid << "," << peerIdentity.address().toInt() << "," << Utils::now() << ") ON DUPLICATE KEY UPDATE lastActivityTime = VALUES(lastActivityTime)";
-						q.exec();
-					}
-				}
-
 				// Assemble response dictionary to send to peer
 				Dictionary netconf;
 				sprintf(buf,"%.16llx",(unsigned long long)nwid);
@@ -448,6 +459,11 @@ int main(int argc,char **argv)
 					netconf[ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC] = ipv4Static;
 				if (ipv6Static.length())
 					netconf[ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC] = ipv6Static;
+				if ((!isOpen)&&(authenticated)&&(signingIdentity)&&(signingIdentity.hasPrivate())) {
+					CertificateOfMembership com(Utils::now(),ZT_NETWORK_AUTOCONF_DELAY * 3,nwid,peerIdentity.address());
+					com.sign(signingIdentity);
+					netconf[ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP] = com.toString();
+				}
 
 				// Send netconf as service bus response
 				{

node/Node.cpp

@@ -444,6 +444,10 @@ Node::ReasonForTermination Node::run()
 		if (Utils::fileExists(netconfServicePath.c_str())) {
 			LOG("netconf.d/netconfi.service appears to exist, starting...");
 			_r->netconfService = new Service(_r,"netconf",netconfServicePath.c_str(),&_netconfServiceMessageHandler,_r);
+			Dictionary initMessage;
+			initMessage["type"] = "netconf-init";
+			initMessage["netconfId"] = _r->identity.toString(true);
+			_r->netconfService->send(initMessage);
 		}
 	} catch ( ... ) {
 		LOG("unexpected exception attempting to start services");