Docs and a bit of cleanup. In particular ALL makes no sense for revocations because they have IDs. In that case you would just revoke the COM.

2025-06-02 15:30:55 +00:00 · 2017-03-13 06:53:23 -07:00 · 2017-03-13 06:53:23 -07:00 · 010d0a7d56
commit 010d0a7d56
parent 902807ea50
4 changed files with 34 additions and 3 deletions
--- a/node/Capability.hpp
+++ b/node/Capability.hpp
@ -52,6 +52,11 @@ class RuntimeEnvironment;
 *
 * Note that this is after evaluation of network scope rules and only if
 * network scope rules do not deliver an explicit match.
 *
 * Capabilities support a chain of custody. This is currently unused but
 * in the future would allow the publication of capabilities that can be
 * handed off between nodes. Limited transferrability of capabilities is
 * a feature of true capability based security.
 */
 class Capability
 {
--- a/node/CertificateOfRepresentation.hpp
+++ b/node/CertificateOfRepresentation.hpp
@ -32,6 +32,21 @@
 namespace ZeroTier {
 /**
 * A signed enumeration of a node's roots (planet and moons)
 *
 * This is sent as part of HELLO and attests to which roots a node trusts
 * to represent it on the network. Federated roots (moons) can send these
 * further upstream to tell global roots which nodes they represent, making
 * them reachable via federated roots if they are not reachable directly.
 *
 * As of 1.2.0 this is sent but not used. Right now nodes still always
 * announce to planetary roots no matter what. In the future this can be
 * used to implement even better fault tolerance for federation for the
 * no roots are reachable case as well as a "privacy mode" where federated
 * roots can shield nodes entirely and p2p connectivity behind them can
 * be disabled. This will be desirable for a number of use cases.
 */
 class CertificateOfRepresentation
 {
 public:
--- a/node/Membership.cpp
+++ b/node/Membership.cpp
@ -223,8 +223,7 @@ Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironme
 			const uint64_t now = RR->node->now();
 			switch(rev.type()) {
 				default:
-				//case Revocation::CREDENTIAL_TYPE_ALL:
+					return ADD_REJECTED;
 					return ( (_revokeCom(rev)||_revokeCap(rev,now)||_revokeTag(rev,now)||_revokeCoo(rev,now)) ? ADD_ACCEPTED_NEW : ADD_ACCEPTED_REDUNDANT );
 				case Revocation::CREDENTIAL_TYPE_COM:
 					return (_revokeCom(rev) ? ADD_ACCEPTED_NEW : ADD_ACCEPTED_REDUNDANT);
 				case Revocation::CREDENTIAL_TYPE_CAPABILITY:
--- a/node/Revocation.hpp
+++ b/node/Revocation.hpp
@ -47,9 +47,12 @@ class RuntimeEnvironment;
 class Revocation
 {
 public:
 	/**
 	 * Credential type being revoked
 	 */
 	enum CredentialType
 	{
-		CREDENTIAL_TYPE_ALL = 0,
+		CREDENTIAL_TYPE_NULL = 0,
 		CREDENTIAL_TYPE_COM = 1, // CertificateOfMembership
 		CREDENTIAL_TYPE_CAPABILITY = 2,
 		CREDENTIAL_TYPE_TAG = 3,
@ -61,6 +64,15 @@ public:
 		memset(this,0,sizeof(Revocation));
 	}
 	/**
 	 * @param i ID (arbitrary for revocations, currently random)
 	 * @param nwid Network ID
 	 * @param cid Credential ID being revoked (0 for all or for COMs, which lack IDs)
 	 * @param thr Revocation time threshold before which credentials will be revoked
 	 * @param fl Flags
 	 * @param tgt Target node whose credential(s) are being revoked
 	 * @param ct Credential type being revoked
 	 */
 	Revocation(const uint64_t i,const uint64_t nwid,const uint64_t cid,const uint64_t thr,const uint64_t fl,const Address &tgt,const CredentialType ct) :
 		_id(i),
 		_networkId(nwid),