gfwleak/zhangyang-zerotierone
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,180 Commits 2 Branches 0 Tags
2d499313000ed1a95dda2f71b56d24c15f7ead08
Commit Graph

248 Commits

Author SHA1 Message Date
Grant Limberg
8426677c55 fix /controller endpoint 2023-09-06 09:44:25 -07:00
Grant Limberg
c974a159af fix for issue #2114 2023-08-28 08:10:17 -07:00
Joseph Henry
7637ef10d7 Fix primary port binding issue in 1.12 (#2107) 
* Add test for primary port bindings to validator - See #2105

* Add delay to binding test

* Remove TCP binding logic from Binder to fix #2105

* add second control plane socket for ipv6

* fix controller network post endpoint

* exit if we can't bind at least one of IPV4 or IPV6 for control plane port

---------

Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
 2023-08-25 12:51:33 -04:00
Grant Limberg
f42841a6ab fix init order for EmbeddedNetworkController (#2014) 2023-05-25 11:09:08 -07:00
Grant Limberg
17f6b3a10b central controller metrics & request path updates (#2012) 
* internal db metrics

* use shared mutexes for read/write locks

* remove this lock. only used for a metric

* more metrics

* remove exploratory metrics

place controller request benchmarks behind ifdef
 2023-05-23 12:11:26 -07:00
Brenton Bostick
da71e2524c fix typos (#2010) 2023-05-19 19:21:24 +02:00
Brenton Bostick
f3da2b4031 Capture setContent by-value instead of by-reference (#2006) 
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
 2023-05-17 17:55:32 -07:00
Grant Limberg
adfbbc3fb0 Controller Metrics & Network Config Request Fix (#2003) 
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
 2023-05-16 11:56:58 -07:00
Grant Limberg
e5fc89821f use cpp-httplib for HTTP control plane (#1979) 
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server.  Makes the control plane code much more legible.  Also no longer randomly stops responding.
 2023-04-28 11:03:28 -07:00
Grant Limberg
64b7f8e445 quiet down logs more 2022-06-15 16:58:11 -07:00
Adam Ierymenko
ef08346a74 Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
912036b260 Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Adam Ierymenko
a4e8847664 Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes. 2022-04-19 10:37:58 -04:00
Adam Ierymenko
c492bf7eea Forgot to send error on v0 auth expiry. 2022-04-18 16:36:09 -04:00
Adam Ierymenko
cb086ff97f Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot. 2022-04-18 16:32:05 -04:00
Adam Ierymenko
55a99f34d0 Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine. 2022-04-15 14:23:26 -04:00
Adam Ierymenko
58119598ae comment out some new deauth code 2022-04-13 23:10:11 -04:00
Adam Ierymenko
42a2afaef9 This may improve controller behavior with SSO and mixed SSO, needs testing! 2022-04-13 21:39:56 -04:00
Grant Limberg
b3fbbd3124 refresh tokens now working 
Still investigating the best way to do a couple things, but we have something working
 2021-12-07 16:29:50 -08:00
Grant Limberg
7cce23ae79 wip 2021-12-01 10:44:29 -08:00
Grant Limberg
a33d7c64fe more fixin 2021-11-30 17:27:13 -08:00
Grant Limberg
fa21fdc1cc rename stuff for clarity 
authenticationURL will still be used by the client for v1 and v2 of sso
 2021-11-11 16:19:26 -08:00
Grant Limberg
43433cdb5a integrate rust build of zeroidc to linux 2021-11-04 17:16:23 -07:00
Grant Limberg
8d39c9a861 plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Adam Ierymenko
134d33c218 Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 15:40:55 -07:00
Grant Limberg
20721491e8 kill some noisy logs 2021-08-19 13:03:56 -07:00
Grant Limberg
9eae444104 kill some verbose logs 2021-08-19 09:21:52 -07:00
Adam Ierymenko
576b4f03a5 Adjust deauth time window and send revocation when SSO members expire. 2021-08-18 12:17:40 -04:00
Adam Ierymenko
461810b06a Move return so record gets created before URL. 2021-08-10 11:22:29 -04:00
Grant Limberg
613d7b5ece fix backwards logic 2021-08-04 09:16:04 -07:00
Adam Ierymenko
663e748b8d Deauth expiring members right away. 2021-07-26 23:45:18 -04:00
Adam Ierymenko
0cf62d334d Remove pointless check. 2021-07-26 13:38:35 -04:00
Adam Ierymenko
0310bfa3e3 Include authentication URL in config 2021-07-23 19:17:42 -04:00
Adam Ierymenko
efe0e8aa7b Notification of about-to-expire status... almost there. 2021-07-23 19:05:59 -04:00
Adam Ierymenko
5c7e51feaf Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-07-23 18:49:05 -04:00
Adam Ierymenko
34de579c91 Handling of soon-to-expire members 2021-07-23 18:49:00 -04:00
Grant Limberg
10215af96d whoops 2021-07-06 13:18:08 -07:00
Grant Limberg
e67fee0264 debug logging 2021-07-06 13:08:21 -07:00
Grant Limberg
364ad87e2b add ssoEnabled flag to network config 2021-06-05 13:44:45 -07:00
Grant Limberg
e6b4fb5af7 add "ssoRedirectURL" to local.conf 
plumbed it through to the central controller code
 2021-06-04 16:29:03 -07:00
Adam Ierymenko
1dfe909bab Increase authentication URL sizes. 2021-06-04 16:46:56 -04:00
Grant Limberg
74a678c1e1 chicken or egg problem. 
member must exist in the database before we can generate a nonce & SSO URL
 2021-06-04 12:49:26 -07:00
Grant Limberg
f27d193cf6 . 2021-06-04 11:56:12 -07:00
Grant Limberg
7ca2ecb421 put expiry time back on nc object 2021-06-04 11:39:52 -07:00
Grant Limberg
0702e581a1 remove some noisy log lines & fix a query error 2021-06-04 11:06:54 -07:00
Grant Limberg
c78792a705 moar temporary debug printfs 2021-06-04 11:00:51 -07:00
Grant Limberg
287c19e822 move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not 2021-06-04 09:46:31 -07:00
Grant Limberg
4f521baafd Big SSO update 
make things hopefully work
 2021-06-03 14:38:26 -07:00
Grant Limberg
fc6d90a04a set the correct default 2021-06-02 14:27:58 -07:00
Grant Limberg
d2f1d05a06 handle cases where authenticationURL and authenticationExpiryTime don't exist 2021-06-02 13:46:43 -07:00