More cleanup, and fix for the extremely unlikely case of identity collision.

3 files changed, 14 insertions, 15 deletions

diff --git a/controller/README.md b/controller/README.md
index 6037424e..ee176d38 100644
--- a/controller/README.md
+++ b/controller/README.md
@@ -9,13 +9,11 @@ The standard implementation uses SQLite3 with the attached schema. A separate se
 
 By default this code is not built or included in the client. To build on Linux, BSD, or Mac add ZT_ENABLE_NETCONF_MASTER=1 to the make command line. It could be built on Windows as well, but you're on your own there. You'd have to build SQLite3 first, or get a pre-built copy somewhere.
 
-### Running
+### Createing databases
 
-To enable netconf functionality, place a properly initialized SQLite3 database called **netconf.db** into the ZeroTier working directory of the node you wish to serve network configurations and restart it. If that file is present it will be opened and the network configuration master function will be enabled. You will see this in the log file.
+If you execute a network controller enabled build of the ZeroTier One service, a *controller.db* will automatically be created and initialize. You can also create one manually with:
 
-To initialize a database run:
-
-    sqlite3 -init netconf-schema.sql netconf.db
+    sqlite3 -init schema.sql controller.db
 
 Then type '.quit' to exit the SQLite3 command shell.
 
diff --git a/controller/SqliteNetworkController.cpp b/controller/SqliteNetworkController.cpp
index c2e1a168..4dfdf78e 100644
--- a/controller/SqliteNetworkController.cpp
+++ b/controller/SqliteNetworkController.cpp
@@ -53,14 +53,10 @@
 
 namespace ZeroTier {
 
-SqliteNetworkController::SqliteNetworkController(const Identity &signingId,const char *dbPath) :
-	_signingId(signingId),
+SqliteNetworkController::SqliteNetworkController(const char *dbPath) :
 	_dbPath(dbPath),
 	_db((sqlite3 *)0)
 {
-	if (!_signingId.hasPrivate())
-		throw std::runtime_error("SqliteNetworkController signing identity must have a private key");
-
 	if (sqlite3_open_v2(dbPath,&_db,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,(const char *)0) != SQLITE_OK)
 		throw std::runtime_error("SqliteNetworkController cannot open database file");
 	sqlite3_busy_timeout(_db,10000);
@@ -137,13 +133,18 @@ SqliteNetworkController::~SqliteNetworkController()
 	}
 }
 
-NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
+NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &signingId,const Identity &identity,uint64_t nwid,const Dictionary &metaData,uint64_t haveRevision,Dictionary &netconf)
 {
 	Mutex::Lock _l(_lock);
 
 	// Note: we can't reuse prepared statements that return const char * pointers without
 	// making our own copy in e.g. a std::string first.
 
+	if ((!signingId)||(!signingId.hasPrivate())) {
+		netconf["error"] = "signing identity invalid or lacks private key";
+		return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
+	}
+
 	struct {
 		char id[24];
 		const char *name;
@@ -449,7 +450,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
 
 		if (network.isPrivate) {
 			CertificateOfMembership com(network.revision,16,nwid,identity.address());
-			if (com.sign(_signingId)) // basically can't fail unless our identity is invalid
+			if (com.sign(signingId)) // basically can't fail unless our identity is invalid
 				netconf[ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP] = com.toString();
 			else {
 				netconf["error"] = "unable to sign COM";
@@ -457,7 +458,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
 			}
 		}
 
-		if (!netconf.sign(_signingId)) {
+		if (!netconf.sign(signingId)) {
 			netconf["error"] = "unable to sign netconf dictionary";
 			return NETCONF_QUERY_INTERNAL_SERVER_ERROR;
 		}
diff --git a/controller/SqliteNetworkController.hpp b/controller/SqliteNetworkController.hpp
index 566e97d1..5487b59a 100644
--- a/controller/SqliteNetworkController.hpp
+++ b/controller/SqliteNetworkController.hpp
@@ -49,11 +49,12 @@ public:
 	class DBC;
 	friend class SqliteNetworkController::DBC;
 
-	SqliteNetworkController(const Identity &signingId,const char *dbPath);
+	SqliteNetworkController(const char *dbPath);
 	virtual ~SqliteNetworkController();
 
 	virtual NetworkController::ResultCode doNetworkConfigRequest(
 		const InetAddress &fromAddr,
+		const Identity &signingId,
 		const Identity &identity,
 		uint64_t nwid,
 		const Dictionary &metaData,
@@ -61,7 +62,6 @@ public:
 		Dictionary &netconf);
 
 private:
-	Identity _signingId;
 	std::string _dbPath;
 	sqlite3 *_db;