Brenton Bostick
f73e51e94c
Brenton/curly braces ( #1971 )
...
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
2023-05-01 11:48:16 -07:00
Adam Ierymenko
ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9.
2022-04-19 21:29:11 -04:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
2022-04-19 19:59:54 -04:00
Adam Ierymenko
fe0068da52
A bit more auth cleanup in the local node.
2022-04-19 16:34:46 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff.
2022-04-19 16:06:53 -04:00
Adam Ierymenko
877f86a896
build fix
2022-04-19 12:44:18 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
2022-04-19 12:41:38 -04:00
Adam Ierymenko
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
2021-09-20 15:40:55 -07:00
Adam Ierymenko
06730c7d1d
BSL date bump
2020-08-20 12:51:39 -07:00
Adam Ierymenko
633cf9ec04
Warning removal
2019-08-23 21:28:26 -07:00
Adam Ierymenko
e8ae333443
Version bumps, license fixed, and GitHub issue #990 take two
2019-08-23 10:15:13 -07:00
Adam Ierymenko
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1
2019-08-23 09:23:39 -07:00
Adam Ierymenko
639fc60257
GitHub issue #990
2019-08-04 15:08:33 -07:00
Adam Ierymenko
75ebe5172f
Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced)
2019-08-02 20:43:02 -07:00
Adam Ierymenko
a019c3dd5d
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
2019-06-25 13:42:20 -07:00
Adam Ierymenko
39e1021f62
Replace certificate based gating of multicast like/gather with a simpler more efficient method, fix some minor issues with request based com/cert push, and clean up some other random stuff.
2019-03-21 16:18:49 -07:00
Adam Ierymenko
63ec19674c
.
2019-03-19 16:43:43 -07:00
Joseph Henry
0e597191b8
Updated licenses for 2019
2019-01-14 10:25:53 -08:00
Adam Ierymenko
b3c2c0866f
Times should be int64_t, not uint64_t
2018-11-11 17:38:17 -08:00
Adam Ierymenko
65c07afe05
Copyright updates for 2018.
2018-01-08 14:33:28 -08:00
Grant Limberg
099bedd2e9
A few more uint64_t -> int64_t changes for timestamps
2017-10-04 12:01:17 -07:00
Grant Limberg
b1d60df44c
timestamps changed from uint64_t to int64_t
...
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability. This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
Adam Ierymenko
495c5ce81d
Bunch of remote tracing work.
2017-07-13 10:51:05 -07:00
Adam Ierymenko
1b68d6dbdc
License header update.
2017-04-27 20:47:25 -07:00
Adam Ierymenko
5ad120208f
Small fix, should filter by temporal validity.
2017-04-04 08:46:12 -07:00
Adam Ierymenko
eddbc7e757
Logic simplification, cleanup, and memory use improvements in Membership. Also fix an issue that may cause network instability in some cases.
2017-04-04 08:07:38 -07:00
Adam Ierymenko
8a62ba07e5
Membership cleanup work in progress.
2017-04-04 06:47:01 -07:00
Adam Ierymenko
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
2017-03-27 17:03:17 -07:00
Adam Ierymenko
5e6a4e5f5e
Send revocations automatically on deauth for instant kill, also fix some issues with the RP.
2017-03-06 15:12:28 -08:00
Adam Ierymenko
72653e54f9
Finish wiring up ipauth and macauth to Network filter.
2017-02-23 12:34:17 -08:00
Adam Ierymenko
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
2017-02-23 11:47:36 -08:00
Adam Ierymenko
78d548458b
Capabilities basically work but need to refactor a bit for performance reasons.
2017-02-06 16:38:48 -08:00
Adam Ierymenko
eac3667ec1
Bunch more refactoring and work on revocations, etc.
2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
2016-09-20 21:21:34 -07:00
Adam Ierymenko
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
2016-09-08 19:48:05 -07:00
Adam Ierymenko
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
2016-09-07 15:47:20 -07:00
Adam Ierymenko
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
2016-09-07 15:15:52 -07:00
Adam Ierymenko
1c08f5e857
Tweak some expire times.
2016-09-07 12:25:19 -07:00
Adam Ierymenko
c9ee8612e4
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
2016-09-07 12:12:52 -07:00
Adam Ierymenko
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
2016-08-31 17:56:59 -07:00
Adam Ierymenko
a3c7627acf
Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags.
2016-08-26 14:43:16 -07:00
Adam Ierymenko
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
2016-08-25 18:21:20 -07:00
Adam Ierymenko
e52c2c41ec
Add a circuit breaker to prevent too many credentials from being stored per member.
2016-08-24 17:24:35 -07:00
Adam Ierymenko
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
2016-08-23 13:46:36 -07:00
Adam Ierymenko
32fa061700
Compute credential TTL et al.
2016-08-23 13:02:59 -07:00
Adam Ierymenko
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
2016-08-22 18:06:46 -07:00
Adam Ierymenko
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
2016-08-08 16:50:00 -07:00