Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
This commit is contained in:
parent
d0c68096df
commit
55a99f34d0
5 changed files with 21 additions and 98 deletions
|
@ -248,51 +248,4 @@ void DBMirrorSet::onNetworkMemberDeauthorize(const void *db,uint64_t networkId,u
|
|||
_listener->onNetworkMemberDeauthorize(this,networkId,memberId);
|
||||
}
|
||||
|
||||
/*
|
||||
void DBMirrorSet::membersExpiring(std::set< std::pair<uint64_t, uint64_t> > &soon, std::set< std::pair<uint64_t, uint64_t> > &expired)
|
||||
{
|
||||
std::unique_lock<std::mutex> l(_membersExpiringSoon_l);
|
||||
int64_t now = OSUtils::now();
|
||||
for(auto next=_membersExpiringSoon.begin();next!=_membersExpiringSoon.end();) {
|
||||
if (next->first > now) {
|
||||
const uint64_t nwid = next->second.first;
|
||||
const uint64_t memberId = next->second.second;
|
||||
nlohmann::json network, member;
|
||||
if (this->get(nwid, network, memberId, member)) {
|
||||
try {
|
||||
const bool authorized = member["authorized"];
|
||||
const bool ssoExempt = member["ssoExempt"];
|
||||
const int64_t authenticationExpiryTime = member["authenticationExpiryTime"];
|
||||
if ((authenticationExpiryTime == next->first)&&(authorized)&&(!ssoExempt)) {
|
||||
if ((authenticationExpiryTime - now) > ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE) {
|
||||
// Stop when we get to entries too far in the future.
|
||||
break;
|
||||
} else {
|
||||
const bool ssoEnabled = network["ssoEnabled"];
|
||||
if (ssoEnabled)
|
||||
soon.insert(std::pair<uint64_t, uint64_t>(nwid, memberId));
|
||||
}
|
||||
} else {
|
||||
// Obsolete entry, no longer authorized, or SSO exempt.
|
||||
}
|
||||
} catch ( ... ) {
|
||||
// Invalid member object, erase.
|
||||
}
|
||||
} else {
|
||||
// Not found.
|
||||
}
|
||||
}
|
||||
_membersExpiringSoon.erase(next++);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
/*
|
||||
void DBMirrorSet::memberWillExpire(int64_t expTime, uint64_t nwid, uint64_t memberId)
|
||||
{
|
||||
std::unique_lock<std::mutex> l(_membersExpiringSoon_l);
|
||||
_membersExpiringSoon.insert(std::pair< int64_t, std::pair< uint64_t, uint64_t > >(expTime, std::pair< uint64_t, uint64_t >(nwid, memberId)));
|
||||
}
|
||||
*/
|
||||
|
||||
} // namespace ZeroTier
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue