Merge branch 'refs/heads/master' into dev

.gitignore

@@ -120,3 +120,4 @@ __pycache__
 *~
 attic/world/*.c25519
 attic/world/mkworld
+workspace/

Jenkinsfile

@@ -40,26 +40,26 @@ parallel 'centos7': {
 //             throw err
 //         }
 //     }
-// }, 'macOS': {
-//     node('macOS') {
-//         try {
-//             checkout scm
+}, 'macOS': {
+    node('macOS') {
+        try {
+            checkout scm
 
-//             stage('Build macOS') {
-//                 sh 'make -f make-mac.mk'
-//             }
+            stage('Build macOS') {
+                sh 'make -f make-mac.mk'
+            }
 
-//             stage('Build macOS UI') {
-//                 sh 'cd macui && xcodebuild -target "ZeroTier One" -configuration Debug'
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on macOS (<${env.BUILD_URL}|Open>)"
+            stage('Build macOS UI') {
+                sh 'cd macui && xcodebuild -target "ZeroTier One" -configuration Debug'
+            }
+        }
+        catch (err) {
+            currentBuild.result = "FAILURE"
+            mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on macOS (<${env.BUILD_URL}|Open>)"
 
-//             throw err
-//         }
-//     }
+            throw err
+        }
+    }
 // }, 'windows': {
 //     node('windows') {
 //         try {

controller/PostgreSQL.cpp

@@ -760,7 +760,7 @@ void PostgreSQL::networksDbWatcher()
 		fprintf(stderr, "ERROR: %s networksDbWatcher should still be running! Exiting Controller.\n", _myAddressStr.c_str());
 		exit(8);
 	}
-	fprintf(stderr, "Exited membersDbWatcher\n");
+	fprintf(stderr, "Exited networksDbWatcher\n");
 }
 
 void PostgreSQL::_networksWatcher_Postgres(PGconn *conn) {

controller/RabbitMQ.cpp

@@ -51,13 +51,13 @@ void RabbitMQ::init()
 		throw std::runtime_error("Can't create socket for RabbitMQ");
 	}
 
-	_status = amqp_socket_open_noblock(_socket, _mqc->host, _mqc->port, &tval);
+	_status = amqp_socket_open_noblock(_socket, _mqc->host.c_str(), _mqc->port, &tval);
 	if (_status) {
 		throw std::runtime_error("Can't connect to RabbitMQ");
 	}
 
 	amqp_rpc_reply_t r = amqp_login(_conn, "/", 0, 131072, 0, AMQP_SASL_METHOD_PLAIN,
-		_mqc->username, _mqc->password);
+		_mqc->username.c_str(), _mqc->password.c_str());
 	if (r.reply_type != AMQP_RESPONSE_NORMAL) {
 		throw std::runtime_error("RabbitMQ Login Error");
 	}

controller/RabbitMQ.hpp

@@ -15,14 +15,15 @@
 #define ZT_CONTROLLER_RABBITMQ_HPP
 
 #include "DB.hpp"
+#include <string>
 
 namespace ZeroTier
 {
 struct MQConfig {
-	const char *host;
+	std::string host;
 	int port;
-	const char *username;
-	const char *password;
+	std::string username;
+	std::string password;
 };
 }
 
@@ -32,7 +33,7 @@ struct MQConfig {
 
 #include <amqp.h>
 #include <amqp_tcp_socket.h>
-#include <string>
+
 
 namespace ZeroTier
 {

ext/central-controller-docker/Dockerfile

@@ -1,19 +1,26 @@
 # Dockerfile for ZeroTier Central Controllers
-FROM centos:7
+FROM centos:7 as builder
 MAINTAINER Adam Ierymekno <adam.ierymenko@zerotier.com>, Grant Limberg <grant.limberg@zerotier.com>
 
+ARG git_branch=master
+
 RUN yum update -y
 RUN yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
-RUN yum install -y bash postgresql10 libpqxx-devel
-
 RUN yum -y install epel-release && yum -y update && yum clean all
-RUN yum -y install clang jemalloc jemalloc-devel
+RUN yum groupinstall -y "Development Tools"
+RUN yum install -y bash postgresql10 postgresql10-devel libpqxx-devel glibc-static libstdc++-static clang jemalloc jemalloc-devel
 
+RUN git clone http://git.int.zerotier.com/zerotier/ZeroTierOne.git
+RUN if [ "$git_branch" != "master" ]; then cd ZeroTierOne && git checkout -b $git_branch origin/$git_branch; fi
+RUN ldconfig
+RUN cd ZeroTierOne && make central-controller
 
-ADD zerotier-one /usr/local/bin/zerotier-one
+FROM centos:7
+
+COPY --from=builder /ZeroTierOne/zerotier-one /usr/local/bin/zerotier-one
 RUN chmod a+x /usr/local/bin/zerotier-one
 
-ADD docker/main.sh /
+ADD ext/central-controller-docker/main.sh /
 RUN chmod a+x /main.sh
 
 ENTRYPOINT /main.sh

ext/librabbitmq/macos/include/amqp_tcp_socket.h

@@ -0,0 +1,68 @@
+/** \file */
+/*
+ * Portions created by Alan Antonuk are Copyright (c) 2013-2014 Alan Antonuk.
+ * All Rights Reserved.
+ *
+ * Portions created by Michael Steinert are Copyright (c) 2012-2013 Michael
+ * Steinert. All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+/**
+ * A TCP socket connection.
+ */
+
+#ifndef AMQP_TCP_SOCKET_H
+#define AMQP_TCP_SOCKET_H
+
+#include <amqp.h>
+
+AMQP_BEGIN_DECLS
+
+/**
+ * Create a new TCP socket.
+ *
+ * Call amqp_connection_close() to release socket resources.
+ *
+ * \return A new socket object or NULL if an error occurred.
+ *
+ * \since v0.4.0
+ */
+AMQP_PUBLIC_FUNCTION
+amqp_socket_t *AMQP_CALL amqp_tcp_socket_new(amqp_connection_state_t state);
+
+/**
+ * Assign an open file descriptor to a socket object.
+ *
+ * This function must not be used in conjunction with amqp_socket_open(), i.e.
+ * the socket connection should already be open(2) when this function is
+ * called.
+ *
+ * \param [in,out] self A TCP socket object.
+ * \param [in] sockfd An open socket descriptor.
+ *
+ * \since v0.4.0
+ */
+AMQP_PUBLIC_FUNCTION
+void AMQP_CALL amqp_tcp_socket_set_sockfd(amqp_socket_t *self, int sockfd);
+
+AMQP_END_DECLS
+
+#endif /* AMQP_TCP_SOCKET_H */

macui/ZeroTier One.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

make-linux.mk

@@ -334,8 +334,8 @@ docker:	FORCE
 central-controller:	FORCE
 	make -j4 LDLIBS="-L/usr/pgsql-10/lib/ -lpq -Lext/librabbitmq/centos_x64/lib/ -lrabbitmq" CXXFLAGS="-I/usr/pgsql-10/include -I./ext/librabbitmq/centos_x64/include -fPIC" DEFS="-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER" ZT_OFFICIAL=1 ZT_USE_X64_ASM_ED25519=1 one
 
-central-controller-docker:	central-controller
-	docker build -t docker.zerotier.com/zerotier-central/ztcentral-controller:${TIMESTAMP} -f ext/central-controller-docker/Dockerfile .
+central-controller-docker: FORCE
+	docker build -t docker.zerotier.com/zerotier-central/ztcentral-controller:${TIMESTAMP} -f ext/central-controller-docker/Dockerfile --build-arg git_branch=`git name-rev --name-only HEAD` .
 
 debug:	FORCE
 	make ZT_DEBUG=1 one

make-mac.mk

@@ -18,14 +18,18 @@ ZT_VERSION_MINOR=$(shell cat version.h | grep -F VERSION_MINOR | cut -d ' ' -f 3
 ZT_VERSION_REV=$(shell cat version.h | grep -F VERSION_REVISION | cut -d ' ' -f 3)
 ZT_VERSION_BUILD=$(shell cat version.h | grep -F VERSION_BUILD | cut -d ' ' -f 3)
 
+# for central controller builds
+TIMESTAMP=$(shell date +"%Y%m%d%H%M")
+
 DEFS+=-DZT_BUILD_PLATFORM=$(ZT_BUILD_PLATFORM) -DZT_BUILD_ARCHITECTURE=$(ZT_BUILD_ARCHITECTURE)
 
 include objects.mk
 ONE_OBJS+=osdep/MacEthernetTap.o osdep/MacKextEthernetTap.o ext/http-parser/http_parser.o
 
 ifeq ($(ZT_CONTROLLER),1)
-	LIBS+=-lpq -lrabbitmq
+	LIBS+=-L/usr/local/opt/libpq/lib -lpq -Lext/librabbitmq/macos/lib -lrabbitmq
 	DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER
+	INCLUDES+=-Iext/librabbitmq/macos/include -I/usr/local/opt/libpq/include
 endif
 
 # Official releases are signed with our Apple cert and apply software updates by default
@@ -145,6 +149,9 @@ official: FORCE
 	make ZT_OFFICIAL_RELEASE=1 macui
 	make ZT_OFFICIAL_RELEASE=1 mac-dist-pkg
 
+central-controller-docker: FORCE
+	docker build -t docker.zerotier.com/zerotier-central/ztcentral-controller:${TIMESTAMP} -f ext/central-controller-docker/Dockerfile --build-arg git_branch=$(shell git name-rev --name-only HEAD) .
+
 clean:
 	rm -rf MacEthernetTapAgent *.dSYM build-* *.a *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier doc/node_modules macui/build zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_*
 

service/OneService.cpp

@@ -678,45 +678,51 @@ public:
 			// than one device behind the same NAT tries to use the same internal
 			// private address port number. Buggy NATs are a running theme.
 			if (_allowSecondaryPort) {
-				_ports[1] = (_secondaryPort == 0) ? 20000 + ((unsigned int)_node->address() % 45500) : _secondaryPort;
-				for(int i=0;;++i) {
-					if (i > 1000) {
-						_ports[1] = 0;
-						break;
-					} else if (++_ports[1] >= 65536) {
-						_ports[1] = 20000;
+				if (_secondaryPort) {
+					_ports[1] = _secondaryPort;
+				} else {
+					_ports[1] = 20000 + ((unsigned int)_node->address() % 45500);
+					for(int i=0;;++i) {
+						if (i > 1000) {
+							_ports[1] = 0;
+							break;
+						} else if (++_ports[1] >= 65536) {
+							_ports[1] = 20000;
+						}
+						if (_trialBind(_ports[1]))
+							break;
 					}
-					if (_trialBind(_ports[1]))
-						break;
 				}
 			}
-
 #ifdef ZT_USE_MINIUPNPC
 			if (_portMappingEnabled) {
 				// If we're running uPnP/NAT-PMP, bind a *third* port for that. We can't
 				// use the other two ports for that because some NATs do really funky
 				// stuff with ports that are explicitly mapped that breaks things.
 				if (_ports[1]) {
-					_ports[2] = (_tertiaryPort == 0) ? _ports[1] : _tertiaryPort;
-					for(int i=0;;++i) {
-						if (i > 1000) {
-							_ports[2] = 0;
-							break;
-						} else if (++_ports[2] >= 65536) {
-							_ports[2] = 20000;
+					if (_tertiaryPort) {
+						_ports[2] = _tertiaryPort;
+					} else {
+						_ports[2] = _ports[1];
+						for(int i=0;;++i) {
+							if (i > 1000) {
+								_ports[2] = 0;
+								break;
+							} else if (++_ports[2] >= 65536) {
+								_ports[2] = 20000;
+							}
+							if (_trialBind(_ports[2]))
+								break;
+						}
+						if (_ports[2]) {
+							char uniqueName[64];
+							OSUtils::ztsnprintf(uniqueName,sizeof(uniqueName),"ZeroTier/%.10llx@%u",_node->address(),_ports[2]);
+							_portMapper = new PortMapper(_ports[2],uniqueName);
 						}
-						if (_trialBind(_ports[2]))
-							break;
-					}
-					if (_ports[2]) {
-						char uniqueName[64];
-						OSUtils::ztsnprintf(uniqueName,sizeof(uniqueName),"ZeroTier/%.10llx@%u",_node->address(),_ports[2]);
-						_portMapper = new PortMapper(_ports[2],uniqueName);
 					}
 				}
 			}
 #endif
-
 			// Delete legacy iddb.d if present (cleanup)
 			OSUtils::rmDashRf((_homePath + ZT_PATH_SEPARATOR_S "iddb.d").c_str());
 
@@ -990,9 +996,9 @@ public:
 				fprintf(stderr, "Reading RabbitMQ Config\n");
 				_mqc = new MQConfig;
 				_mqc->port = rmq["port"];
-				_mqc->host = OSUtils::jsonString(rmq["host"], "").c_str();
-				_mqc->username = OSUtils::jsonString(rmq["username"], "").c_str();
-				_mqc->password = OSUtils::jsonString(rmq["password"], "").c_str();
+				_mqc->host = OSUtils::jsonString(rmq["host"], "");
+				_mqc->username = OSUtils::jsonString(rmq["username"], "");
+				_mqc->password = OSUtils::jsonString(rmq["password"], "");
 			}
 
 			// Bind to wildcard instead of to specific interfaces (disables full tunnel capability)