Commit Graph

55 Commits

Author SHA1 Message Date
Brenton Bostick
f73e51e94c
Brenton/curly braces (#1971)
* fix formatting

* properly adjust various lines
breakup multiple statements onto multiple lines

* insert {} around if, for, etc.
2023-05-01 11:48:16 -07:00
Adam Ierymenko
ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9. 2022-04-19 21:29:11 -04:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
fe0068da52
A bit more auth cleanup in the local node. 2022-04-19 16:34:46 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff. 2022-04-19 16:06:53 -04:00
Adam Ierymenko
877f86a896
build fix 2022-04-19 12:44:18 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Adam Ierymenko
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 15:40:55 -07:00
Adam Ierymenko
06730c7d1d BSL date bump 2020-08-20 12:51:39 -07:00
Adam Ierymenko
633cf9ec04
Warning removal 2019-08-23 21:28:26 -07:00
Adam Ierymenko
e8ae333443
Version bumps, license fixed, and GitHub issue #990 take two 2019-08-23 10:15:13 -07:00
Adam Ierymenko
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1 2019-08-23 09:23:39 -07:00
Adam Ierymenko
639fc60257 GitHub issue #990 2019-08-04 15:08:33 -07:00
Adam Ierymenko
75ebe5172f Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced) 2019-08-02 20:43:02 -07:00
Adam Ierymenko
a019c3dd5d Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes. 2019-06-25 13:42:20 -07:00
Adam Ierymenko
39e1021f62 Replace certificate based gating of multicast like/gather with a simpler more efficient method, fix some minor issues with request based com/cert push, and clean up some other random stuff. 2019-03-21 16:18:49 -07:00
Adam Ierymenko
63ec19674c . 2019-03-19 16:43:43 -07:00
Joseph Henry
0e597191b8 Updated licenses for 2019 2019-01-14 10:25:53 -08:00
Adam Ierymenko
b3c2c0866f Times should be int64_t, not uint64_t 2018-11-11 17:38:17 -08:00
Adam Ierymenko
65c07afe05 Copyright updates for 2018. 2018-01-08 14:33:28 -08:00
Grant Limberg
099bedd2e9 A few more uint64_t -> int64_t changes for timestamps 2017-10-04 12:01:17 -07:00
Grant Limberg
b1d60df44c timestamps changed from uint64_t to int64_t
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability.  This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
Adam Ierymenko
495c5ce81d Bunch of remote tracing work. 2017-07-13 10:51:05 -07:00
Adam Ierymenko
1b68d6dbdc License header update. 2017-04-27 20:47:25 -07:00
Adam Ierymenko
5ad120208f Small fix, should filter by temporal validity. 2017-04-04 08:46:12 -07:00
Adam Ierymenko
eddbc7e757 Logic simplification, cleanup, and memory use improvements in Membership. Also fix an issue that may cause network instability in some cases. 2017-04-04 08:07:38 -07:00
Adam Ierymenko
8a62ba07e5 Membership cleanup work in progress. 2017-04-04 06:47:01 -07:00
Adam Ierymenko
e4896b257f Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call. 2017-03-27 17:03:17 -07:00
Adam Ierymenko
5e6a4e5f5e Send revocations automatically on deauth for instant kill, also fix some issues with the RP. 2017-03-06 15:12:28 -08:00
Adam Ierymenko
72653e54f9 Finish wiring up ipauth and macauth to Network filter. 2017-02-23 12:34:17 -08:00
Adam Ierymenko
10185e92fa Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6. 2017-02-23 11:47:36 -08:00
Adam Ierymenko
78d548458b Capabilities basically work but need to refactor a bit for performance reasons. 2017-02-06 16:38:48 -08:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko
daf8a66ced More correct and efficient to initialize member relationship push stuff lazily when member is learned. 2016-09-07 15:47:20 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
1c08f5e857 Tweak some expire times. 2016-09-07 12:25:19 -07:00
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
25056de5d3 Also need to send credentials when TEEing and REDIRECTing. 2016-08-31 17:56:59 -07:00
Adam Ierymenko
a3c7627acf Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags. 2016-08-26 14:43:16 -07:00
Adam Ierymenko
d637988ccf Fix chicken or egg problem in tags, and better filter debug instrumentation. 2016-08-25 18:21:20 -07:00
Adam Ierymenko
e52c2c41ec Add a circuit breaker to prevent too many credentials from being stored per member. 2016-08-24 17:24:35 -07:00
Adam Ierymenko
0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00
Adam Ierymenko
32fa061700 Compute credential TTL et al. 2016-08-23 13:02:59 -07:00
Adam Ierymenko
9a3c652a51 Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity. 2016-08-22 18:06:46 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first. 2016-08-08 16:50:00 -07:00