Grant Limberg
0ae09577f6
Client & Central Controller updates to support additonal OIDC features ( #1848 )
...
Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different
Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
2023-01-19 15:39:15 -08:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
2022-04-19 19:59:54 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff.
2022-04-19 16:06:53 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
2022-04-19 12:41:38 -04:00
Grant Limberg
eaccce743f
moar plumbing progress
2021-12-01 12:07:05 -08:00
Grant Limberg
91e9b736dd
make service objs dependent on zeroidc
2021-11-18 10:42:12 -08:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
...
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network
2021-11-04 15:40:08 -07:00
Grant Limberg
8dd3639576
set ssoEnabled = true on network config if we get ERROR_NETWORK_AUTHENTICATION_REQUIRED
2021-06-05 14:00:03 -07:00
Adam Ierymenko
810e2a761f
Fix authentication URL...
2021-05-25 14:49:06 -04:00
Adam Ierymenko
b270d527f4
Basic plumbing for authentication requirement and piping through of URL information.
2021-05-24 22:58:17 -04:00
Adam Ierymenko
06730c7d1d
BSL date bump
2020-08-20 12:51:39 -07:00
Adam Ierymenko
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1
2019-08-23 09:23:39 -07:00
Adam Ierymenko
75ebe5172f
Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced)
2019-08-02 20:43:02 -07:00
Adam Ierymenko
a019c3dd5d
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
2019-06-25 13:42:20 -07:00
Adam Ierymenko
63ec19674c
.
2019-03-19 16:43:43 -07:00
Adam Ierymenko
e03102dbcb
Clean out some unnecessarily pedantic auth stuff in favor of a simpler way of gating multicast gathers.
2019-03-14 14:29:15 -07:00
Joseph Henry
0e597191b8
Updated licenses for 2019
2019-01-14 10:25:53 -08:00
Joseph Henry
28cb40529d
Rough draft of fq-codel implementation
2018-07-10 16:50:12 -07:00
Joseph Henry
9681fedbb4
Spellcheck sweep across codebase
2018-06-07 17:25:27 -07:00
Adam Ierymenko
6d8e1e8783
More cleanup of old stuff.
2018-01-26 21:34:56 -05:00
Adam Ierymenko
65c07afe05
Copyright updates for 2018.
2018-01-08 14:33:28 -08:00
Grant Limberg
b1d60df44c
timestamps changed from uint64_t to int64_t
...
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability. This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
Adam Ierymenko
b9e1d53d7a
Minor cleanup.
2017-07-17 14:21:09 -07:00
Adam Ierymenko
495c5ce81d
Bunch of remote tracing work.
2017-07-13 10:51:05 -07:00
Adam Ierymenko
6015b529a0
More clustering work.
2017-06-01 12:33:05 -07:00
Adam Ierymenko
1b68d6dbdc
License header update.
2017-04-27 20:47:25 -07:00
Adam Ierymenko
88a4a3b1ba
Pass tptr on leave.
2017-04-11 08:47:02 -07:00
Adam Ierymenko
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
2017-03-27 17:03:17 -07:00
Adam Ierymenko
e10325e133
GitHub issue #461 -- plus a bit of cleanup and optimization
2017-03-17 17:15:23 -07:00
Adam Ierymenko
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
2017-02-23 11:47:36 -08:00
Adam Ierymenko
ed31cb76d6
Fix to cluster network configs.
2017-01-30 16:04:05 -08:00
Adam Ierymenko
226123ca08
Refactor controller to permit sending of pushes as well as just replies to config requests.
2016-11-10 11:54:47 -08:00
Adam Ierymenko
9f550292fe
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
2016-09-27 13:49:43 -07:00
Adam Ierymenko
15c07c58b6
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
2016-09-27 11:33:48 -07:00
Adam Ierymenko
eac3667ec1
Bunch more refactoring and work on revocations, etc.
2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
2016-09-20 21:21:34 -07:00
Adam Ierymenko
ab9afbc749
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
2016-09-08 19:48:05 -07:00
Adam Ierymenko
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
2016-09-07 15:47:20 -07:00
Adam Ierymenko
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
2016-09-07 15:15:52 -07:00
Adam Ierymenko
74afef8eb1
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
2016-08-31 16:50:22 -07:00
Adam Ierymenko
f0636ffd4a
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
2016-08-29 15:54:06 -07:00
Adam Ierymenko
2cdda38dc4
It basically works... at least on current controllers.
2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
2016-08-24 14:28:16 -07:00
Adam Ierymenko
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
2016-08-23 13:46:36 -07:00
Adam Ierymenko
4d498b3765
Handling of multi-part chunked network configs on the inbound side.
2016-08-09 13:14:38 -07:00