Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixeszerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
