c974a159af
fix for issue #2114
2023-08-28 08:10:17 -07:00
7637ef10d7
Fix primary port binding issue in 1.12 ( #2107 )
...
* Add test for primary port bindings to validator - See #2105
* Add delay to binding test
* Remove TCP binding logic from Binder to fix #2105
* add second control plane socket for ipv6
* fix controller network post endpoint
* exit if we can't bind at least one of IPV4 or IPV6 for control plane port
---------
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com >
2023-08-25 12:51:33 -04:00
f42841a6ab
fix init order for EmbeddedNetworkController ( #2014 )
2023-05-25 11:09:08 -07:00
17f6b3a10b
central controller metrics & request path updates ( #2012 )
...
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
2023-05-23 12:11:26 -07:00
da71e2524c
fix typos ( #2010 )
2023-05-19 19:21:24 +02:00
f3da2b4031
Capture setContent by-value instead of by-reference ( #2006 )
...
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com >
2023-05-17 17:55:32 -07:00
adfbbc3fb0
Controller Metrics & Network Config Request Fix ( #2003 )
...
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
2023-05-16 11:56:58 -07:00
e5fc89821f
use cpp-httplib for HTTP control plane ( #1979 )
...
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib ) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
2023-04-28 11:03:28 -07:00
64b7f8e445
quiet down logs more
2022-06-15 16:58:11 -07:00
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
2022-04-19 19:59:54 -04:00
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
2022-04-19 12:41:38 -04:00
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.
2022-04-19 10:37:58 -04:00
c492bf7eea
Forgot to send error on v0 auth expiry.
2022-04-18 16:36:09 -04:00
cb086ff97f
Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot.
2022-04-18 16:32:05 -04:00
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
2022-04-15 14:23:26 -04:00
58119598ae
comment out some new deauth code
2022-04-13 23:10:11 -04:00
42a2afaef9
This may improve controller behavior with SSO and mixed SSO, needs testing!
2022-04-13 21:39:56 -04:00
b3fbbd3124
refresh tokens now working
...
Still investigating the best way to do a couple things, but we have something working
2021-12-07 16:29:50 -08:00
7cce23ae79
wip
2021-12-01 10:44:29 -08:00
a33d7c64fe
more fixin
2021-11-30 17:27:13 -08:00
fa21fdc1cc
rename stuff for clarity
...
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
43433cdb5a
integrate rust build of zeroidc to linux
2021-11-04 17:16:23 -07:00
8d39c9a861
plumbing full flow from controller -> client network
2021-11-04 15:40:08 -07:00
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
2021-09-20 15:40:55 -07:00
20721491e8
kill some noisy logs
2021-08-19 13:03:56 -07:00
9eae444104
kill some verbose logs
2021-08-19 09:21:52 -07:00
576b4f03a5
Adjust deauth time window and send revocation when SSO members expire.
2021-08-18 12:17:40 -04:00
461810b06a
Move return so record gets created before URL.
2021-08-10 11:22:29 -04:00
613d7b5ece
fix backwards logic
2021-08-04 09:16:04 -07:00
663e748b8d
Deauth expiring members right away.
2021-07-26 23:45:18 -04:00
0cf62d334d
Remove pointless check.
2021-07-26 13:38:35 -04:00
0310bfa3e3
Include authentication URL in config
2021-07-23 19:17:42 -04:00
efe0e8aa7b
Notification of about-to-expire status... almost there.
2021-07-23 19:05:59 -04:00
5c7e51feaf
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev
2021-07-23 18:49:05 -04:00
34de579c91
Handling of soon-to-expire members
2021-07-23 18:49:00 -04:00
10215af96d
whoops
2021-07-06 13:18:08 -07:00
e67fee0264
debug logging
2021-07-06 13:08:21 -07:00
364ad87e2b
add ssoEnabled flag to network config
2021-06-05 13:44:45 -07:00
e6b4fb5af7
add "ssoRedirectURL" to local.conf
...
plumbed it through to the central controller code
2021-06-04 16:29:03 -07:00
1dfe909bab
Increase authentication URL sizes.
2021-06-04 16:46:56 -04:00
74a678c1e1
chicken or egg problem.
...
member must exist in the database before we can generate a nonce & SSO URL
2021-06-04 12:49:26 -07:00
f27d193cf6
.
2021-06-04 11:56:12 -07:00
7ca2ecb421
put expiry time back on nc object
2021-06-04 11:39:52 -07:00
0702e581a1
remove some noisy log lines & fix a query error
2021-06-04 11:06:54 -07:00
c78792a705
moar temporary debug printfs
2021-06-04 11:00:51 -07:00
287c19e822
move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not
2021-06-04 09:46:31 -07:00
4f521baafd
Big SSO update
...
make things hopefully work
2021-06-03 14:38:26 -07:00
fc6d90a04a
set the correct default
2021-06-02 14:27:58 -07:00
d2f1d05a06
handle cases where authenticationURL and authenticationExpiryTime don't exist
2021-06-02 13:46:43 -07:00
c470c6255e
Postgres code for SSO (almost certainly needs work)
2021-05-28 17:08:24 -04:00
