mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-05 20:13:44 +02:00
Notification of about-to-expire status... almost there.
This commit is contained in:
parent
5c7e51feaf
commit
efe0e8aa7b
4 changed files with 24 additions and 18 deletions
|
@ -35,6 +35,8 @@
|
||||||
|
|
||||||
#include "../ext/json/json.hpp"
|
#include "../ext/json/json.hpp"
|
||||||
|
|
||||||
|
#define ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE 10000
|
||||||
|
|
||||||
namespace ZeroTier
|
namespace ZeroTier
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -240,9 +240,9 @@ void DBMirrorSet::onNetworkMemberDeauthorize(const void *db,uint64_t networkId,u
|
||||||
_listener->onNetworkMemberDeauthorize(this,networkId,memberId);
|
_listener->onNetworkMemberDeauthorize(this,networkId,memberId);
|
||||||
}
|
}
|
||||||
|
|
||||||
std::vector<std::pair<uint64_t, uint64_t>> DBMirrorSet::membersExpiringSoon()
|
std::set< std::pair<uint64_t, uint64_t> > DBMirrorSet::membersExpiringSoon()
|
||||||
{
|
{
|
||||||
std::vector<std::pair<uint64_t, uint64_t>> soon;
|
std::set< std::pair<uint64_t, uint64_t> > soon;
|
||||||
std::unique_lock<std::mutex> l(_membersExpiringSoon_l);
|
std::unique_lock<std::mutex> l(_membersExpiringSoon_l);
|
||||||
int64_t now = OSUtils::now();
|
int64_t now = OSUtils::now();
|
||||||
for(auto next=_membersExpiringSoon.begin();next!=_membersExpiringSoon.end();) {
|
for(auto next=_membersExpiringSoon.begin();next!=_membersExpiringSoon.end();) {
|
||||||
|
@ -259,11 +259,11 @@ std::vector<std::pair<uint64_t, uint64_t>> DBMirrorSet::membersExpiringSoon()
|
||||||
const bool ssoExempt = member["ssoExempt"];
|
const bool ssoExempt = member["ssoExempt"];
|
||||||
const int64_t authenticationExpiryTime = member["authenticationExpiryTime"];
|
const int64_t authenticationExpiryTime = member["authenticationExpiryTime"];
|
||||||
if ((authenticationExpiryTime == next->first)&&(authorized)&&(!ssoExempt)) {
|
if ((authenticationExpiryTime == next->first)&&(authorized)&&(!ssoExempt)) {
|
||||||
if ((authenticationExpiryTime - now) > 10000) {
|
if ((authenticationExpiryTime - now) > ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE) {
|
||||||
// Stop when we get to entries more than 10s in the future.
|
// Stop when we get to entries too far in the future.
|
||||||
break;
|
break;
|
||||||
} else {
|
} else {
|
||||||
soon.push_back(std::pair<uint64_t, uint64_t>(nwid, memberId));
|
soon.insert(std::pair<uint64_t, uint64_t>(nwid, memberId));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Obsolete entry, no longer authorized, or SSO exempt.
|
// Obsolete entry, no longer authorized, or SSO exempt.
|
||||||
|
|
|
@ -60,7 +60,7 @@ public:
|
||||||
_dbs.push_back(db);
|
_dbs.push_back(db);
|
||||||
}
|
}
|
||||||
|
|
||||||
std::vector<std::pair<uint64_t, uint64_t>> membersExpiringSoon();
|
std::set< std::pair<uint64_t, uint64_t> > membersExpiringSoon();
|
||||||
void memberExpiring(int64_t expTime, uint64_t nwid, uint64_t memberId);
|
void memberExpiring(int64_t expTime, uint64_t nwid, uint64_t memberId);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
@ -69,7 +69,7 @@ private:
|
||||||
std::thread _syncCheckerThread;
|
std::thread _syncCheckerThread;
|
||||||
std::vector< std::shared_ptr< DB > > _dbs;
|
std::vector< std::shared_ptr< DB > > _dbs;
|
||||||
mutable std::mutex _dbs_l;
|
mutable std::mutex _dbs_l;
|
||||||
std::multimap< int64_t, std::pair<uint64_t, uint64_t> > _membersExpiringSoon;
|
std::set< std::pair< int64_t, std::pair<uint64_t, uint64_t> > > _membersExpiringSoon;
|
||||||
mutable std::mutex _membersExpiringSoon_l;
|
mutable std::mutex _membersExpiringSoon_l;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1366,17 +1366,21 @@ void EmbeddedNetworkController::_request(
|
||||||
std::string memberId = member["id"];
|
std::string memberId = member["id"];
|
||||||
fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str());
|
fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str());
|
||||||
uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
|
uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
|
||||||
fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
|
if (authenticationExpiryTime > 0) {
|
||||||
if (authenticationExpiryTime < now) {
|
fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
|
||||||
std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
|
if (authenticationExpiryTime < now) {
|
||||||
if (!authenticationURL.empty()) {
|
std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
|
||||||
Dictionary<3072> authInfo;
|
if (!authenticationURL.empty()) {
|
||||||
authInfo.add("aU", authenticationURL.c_str());
|
Dictionary<3072> authInfo;
|
||||||
fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
|
authInfo.add("aU", authenticationURL.c_str());
|
||||||
DB::cleanMember(member);
|
fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
|
||||||
_db.save(member,true);
|
DB::cleanMember(member);
|
||||||
_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
|
_db.save(member,true);
|
||||||
return;
|
_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
_db.memberExpiring(authenticationExpiryTime, nwid, identity.address().toInt());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue