More cleanup, and fix for the extremely unlikely case of identity collision.
This commit is contained in:
Adam Ierymenko
parent
f7b1437154
commit
ea1859541c
9 changed files with 94 additions and 57 deletions
|
|
@ -9,13 +9,11 @@ The standard implementation uses SQLite3 with the attached schema. A separate se
|
|||
|
||||
By default this code is not built or included in the client. To build on Linux, BSD, or Mac add ZT_ENABLE_NETCONF_MASTER=1 to the make command line. It could be built on Windows as well, but you're on your own there. You'd have to build SQLite3 first, or get a pre-built copy somewhere.
|
||||
|
||||
### Running
|
||||
### Createing databases
|
||||
|
||||
To enable netconf functionality, place a properly initialized SQLite3 database called **netconf.db** into the ZeroTier working directory of the node you wish to serve network configurations and restart it. If that file is present it will be opened and the network configuration master function will be enabled. You will see this in the log file.
|
||||
If you execute a network controller enabled build of the ZeroTier One service, a *controller.db* will automatically be created and initialize. You can also create one manually with:
|
||||
|
||||
To initialize a database run:
|
||||
|
||||
sqlite3 -init netconf-schema.sql netconf.db
|
||||
sqlite3 -init schema.sql controller.db
|
||||
|
||||
Then type '.quit' to exit the SQLite3 command shell.
|
||||
|
||||
|
|
|
|||
|
|
@ -53,14 +53,10 @@
|
|||
|
||||
namespace ZeroTier {
|
||||
|
||||
SqliteNetworkController::SqliteNetworkController(const Identity &signingId,const char *dbPath) :
|
||||
_signingId(signingId),
|
||||
SqliteNetworkController::SqliteNetworkController(const char *dbPath) :
|
||||
_dbPath(dbPath),
|
||||
_db((sqlite3 *)0)
|
||||
{
|
||||
if (!_signingId.hasPrivate())
|
||||
throw std::runtime_error("SqliteNetworkController signing identity must have a private key");
|
||||
|
||||
if (sqlite3_open_v2(dbPath,&_db,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,(const char *)0) != SQLITE_OK)
|
||||
throw std::runtime_error("SqliteNetworkController cannot open database file");
|
||||
sqlite3_busy_timeout(_db,10000);
|
||||
|
|
@ -137,13 +133,18 @@ SqliteNetworkController::~SqliteNetworkController()
|
|||
}
|
||||
}
|
||||
|
||||
NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
|
||||
NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &signingId,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
|
||||
{
|
||||
Mutex::Lock _l(_lock);
|
||||
|
||||
// Note: we can't reuse prepared statements that return const char * pointers without
|
||||
// making our own copy in e.g. a std::string first.
|
||||
|
||||
if ((!signingId)||(!signingId.hasPrivate())) {
|
||||
netconf["error"] = "signing identity invalid or lacks private key";
|
||||
return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
struct {
|
||||
char id[24];
|
||||
const char *name;
|
||||
|
|
@ -449,7 +450,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
|
|||
|
||||
if (network.isPrivate) {
|
||||
CertificateOfMembership com(network.revision,16,nwid,identity.address());
|
||||
if (com.sign(_signingId)) // basically can't fail unless our identity is invalid
|
||||
if (com.sign(signingId)) // basically can't fail unless our identity is invalid
|
||||
netconf[ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP] = com.toString();
|
||||
else {
|
||||
netconf["error"] = "unable to sign COM";
|
||||
|
|
@ -457,7 +458,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
|
|||
}
|
||||
}
|
||||
|
||||
if (!netconf.sign(_signingId)) {
|
||||
if (!netconf.sign(signingId)) {
|
||||
netconf["error"] = "unable to sign netconf dictionary";
|
||||
return NETCONF_QUERY_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,11 +49,12 @@ public:
|
|||
class DBC;
|
||||
friend class SqliteNetworkController::DBC;
|
||||
|
||||
SqliteNetworkController(const Identity &signingId,const char *dbPath);
|
||||
SqliteNetworkController(const char *dbPath);
|
||||
virtual ~SqliteNetworkController();
|
||||
|
||||
virtual NetworkController::ResultCode doNetworkConfigRequest(
|
||||
const InetAddress &fromAddr,
|
||||
const Identity &signingId,
|
||||
const Identity &identity,
|
||||
uint64_t nwid,
|
||||
const Dictionary &metaData,
|
||||
|
|
@ -61,7 +62,6 @@ public:
|
|||
Dictionary &netconf);
|
||||
|
||||
private:
|
||||
Identity _signingId;
|
||||
std::string _dbPath;
|
||||
sqlite3 *_db;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue