More cleanup, and fix for the extremely unlikely case of identity collision.

This commit is contained in:
Adam Ierymenko 2015-04-15 18:32:25 -07:00
parent f7b1437154
commit ea1859541c
9 changed files with 94 additions and 57 deletions

View file

@ -53,14 +53,10 @@
namespace ZeroTier {
SqliteNetworkController::SqliteNetworkController(const Identity &signingId,const char *dbPath) :
_signingId(signingId),
SqliteNetworkController::SqliteNetworkController(const char *dbPath) :
_dbPath(dbPath),
_db((sqlite3 *)0)
{
if (!_signingId.hasPrivate())
throw std::runtime_error("SqliteNetworkController signing identity must have a private key");
if (sqlite3_open_v2(dbPath,&_db,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,(const char *)0) != SQLITE_OK)
throw std::runtime_error("SqliteNetworkController cannot open database file");
sqlite3_busy_timeout(_db,10000);
@ -137,13 +133,18 @@ SqliteNetworkController::~SqliteNetworkController()
}
}
NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &signingId,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
{
Mutex::Lock _l(_lock);
// Note: we can't reuse prepared statements that return const char * pointers without
// making our own copy in e.g. a std::string first.
if ((!signingId)||(!signingId.hasPrivate())) {
netconf["error"] = "signing identity invalid or lacks private key";
return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
}
struct {
char id[24];
const char *name;
@ -449,7 +450,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
if (network.isPrivate) {
CertificateOfMembership com(network.revision,16,nwid,identity.address());
if (com.sign(_signingId)) // basically can't fail unless our identity is invalid
if (com.sign(signingId)) // basically can't fail unless our identity is invalid
netconf[ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP] = com.toString();
else {
netconf["error"] = "unable to sign COM";
@ -457,7 +458,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
}
}
if (!netconf.sign(_signingId)) {
if (!netconf.sign(signingId)) {
netconf["error"] = "unable to sign netconf dictionary";
return NETCONF_QUERY_INTERNAL_SERVER_ERROR;
}