void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-21 22:46:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add ability to fully specify controller fingerprint on join for the paranoid.

Browse source
This commit is contained in:
Adam Ierymenko 2020-03-27 16:36:38 -07:00
parent 674edab814
commit 1df7f21f5f
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
5 changed files with 27 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/ZeroTierCore.h
View file

@ -1867,11 +1867,12 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_processBackgroundTasks(
*
* @param node Node instance
* @param nwid 64-bit ZeroTier network ID
* @param fingerprintHash If non-NULL this is the full fingerprint of the controller
* @param uptr An arbitrary pointer to associate with this network (default: NULL)
* @param tptr Thread pointer to pass to functions/callbacks resulting from this call
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,void *uptr,void *tptr);
ZT_SDK_API enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,const ZT_Fingerprint *controllerFingerprint,void *uptr,void *tptr);
/**
* Leave a network

16
node/Network.cpp
View file

@ -158,7 +158,7 @@ _doZtFilterResult _doZtFilter(
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_WATCH:
case ZT_NETWORK_RULE_ACTION_REDIRECT:
if (RR->identity.address() == rules[rn].v.fwd.address)
if (RR->identity.address().toInt() == rules[rn].v.fwd.address)
superAccept = true;
break;
default:
@ -533,7 +533,7 @@ _doZtFilterResult _doZtFilter(
const ZeroTier::MulticastGroup Network::BROADCAST(ZeroTier::MAC(0xffffffffffffULL),0);
Network::Network(const RuntimeEnvironment *renv,void *tPtr,uint64_t nwid,void *uptr,const NetworkConfig *nconf) :
Network::Network(const RuntimeEnvironment *renv,void *tPtr,uint64_t nwid,const Fingerprint &controllerFingerprint,void *uptr,const NetworkConfig *nconf) :
RR(renv),
_uPtr(uptr),
_id(nwid),
@ -543,6 +543,9 @@ Network::Network(const RuntimeEnvironment *renv,void *tPtr,uint64_t nwid,void *u
_destroyed(false),
_netconfFailure(NETCONF_FAILURE_NONE)
{
if (controllerFingerprint)
_controllerFingerprint = controllerFingerprint;
if (nconf) {
this->setConfiguration(tPtr,*nconf,false);
_lastConfigUpdate = 0; // still want to re-request since it's likely outdated
@ -868,6 +871,15 @@ void Network::multicastUnsubscribe(const MulticastGroup &mg)
uint64_t Network::handleConfigChunk(void *tPtr,uint64_t packetId,const SharedPtr<Peer> &source,const Buf &chunk,int ptr,int size)
{
// If the controller's full fingerprint is known or was explicitly specified on join(),
// require that the controller's identity match. Otherwise learn it.
if (_controllerFingerprint) {
if (source->identity().fingerprint() != _controllerFingerprint)
return 0;
} else {
_controllerFingerprint = source->identity().fingerprint();
}
return 0;
#if 0
if (_destroyed)

4
node/Network.hpp
View file

@ -67,10 +67,11 @@ public:
* @param renv Runtime environment
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
* @param nwid Network ID
* @param controllerFingerprint Initial controller fingerprint if non-NULL
* @param uptr Arbitrary pointer used by externally-facing API (for user use)
* @param nconf Network config, if known
*/
Network(const RuntimeEnvironment *renv,void *tPtr,uint64_t nwid,void *uptr,const NetworkConfig *nconf);
Network(const RuntimeEnvironment *renv,void *tPtr,uint64_t nwid,const Fingerprint &controllerFingerprint,void *uptr,const NetworkConfig *nconf);
~Network();
@ -350,6 +351,7 @@ private:
const RuntimeEnvironment *const RR;
void *_uPtr;
const uint64_t _id;
Fingerprint _controllerFingerprint;
MAC _mac; // local MAC address
bool _portInitialized;

11
node/Node.cpp
View file

@ -347,7 +347,7 @@ ZT_ResultCode Node::processBackgroundTasks(void *tPtr, int64_t now, volatile int
return ZT_RESULT_OK;
}
ZT_ResultCode Node::join(uint64_t nwid,void *uptr,void *tptr)
ZT_ResultCode Node::join(uint64_t nwid,const ZT_Fingerprint *controllerFingerprint,void *uptr,void *tptr)
{
RWMutex::Lock l(_networks_m);
@ -382,7 +382,10 @@ try_larger_network_hashtable:
nw = &(_networks[(unsigned long)(nwidHashed & newNetworksMask)]);
}
nw->set(new Network(RR,tptr,nwid,uptr,(const NetworkConfig *)0));
Fingerprint fp;
if (controllerFingerprint)
Utils::copy<sizeof(ZT_Fingerprint)>(fp.apiFingerprint(),controllerFingerprint);
nw->set(new Network(RR,tptr,nwid,fp,uptr,(const NetworkConfig *)0));
return ZT_RESULT_OK;
}
@ -928,10 +931,10 @@ enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node *node,void *tptr,int64
}
}
enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,void *uptr,void *tptr)
enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,const ZT_Fingerprint *controllerFingerprint,void *uptr,void *tptr)
{
try {
return reinterpret_cast<ZeroTier::Node *>(node)->join(nwid,uptr,tptr);
return reinterpret_cast<ZeroTier::Node *>(node)->join(nwid,controllerFingerprint,uptr,tptr);
} catch (std::bad_alloc &exc) {
return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
} catch ( ... ) {

2
node/Node.hpp
View file

@ -88,7 +88,7 @@ public:
unsigned int frameLength,
volatile int64_t *nextBackgroundTaskDeadline);
ZT_ResultCode processBackgroundTasks(void *tPtr, int64_t now, volatile int64_t *nextBackgroundTaskDeadline);
ZT_ResultCode join(uint64_t nwid,void *uptr,void *tptr);
ZT_ResultCode join(uint64_t nwid,const ZT_Fingerprint *controllerFingerprint,void *uptr,void *tptr);
ZT_ResultCode leave(uint64_t nwid,void **uptr,void *tptr);
ZT_ResultCode multicastSubscribe(void *tPtr,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
ZT_ResultCode multicastUnsubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);