diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2015-06-26 13:02:33 -0700 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2015-06-26 13:02:33 -0700 |
| commit | f33f3fcb72590293f1ac3c3391b0140732ae8658 (patch) | |
| tree | e1cc03dbe75a9fc9f1bf9bcdd955b40efe5b760b /node | |
| parent | 57c7992c785ab2f69fb2ddffd6f48bfebd96cab8 (diff) | |
| parent | 3eca5d9c2933bc365de5b78e20976ccae360296e (diff) | |
| download | infinitytier-f33f3fcb72590293f1ac3c3391b0140732ae8658.tar.gz infinitytier-f33f3fcb72590293f1ac3c3391b0140732ae8658.zip | |
Merge pull request #196 from keesbos/fixes
Fixes for controller
Diffstat (limited to 'node')
| -rw-r--r-- | node/Network.cpp | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/node/Network.cpp b/node/Network.cpp index d5dc7d58..c072e978 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -286,18 +286,28 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool return; } - SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy())); + if (cert.signedBy() == RR->identity.address()) { + // We are the controller: RR->identity.address() == controller() == cert.signedBy() + // So, verify that we signed th cert ourself + if (!cert.verify(RR->identity)) { + TRACE("rejected network membership certificate for %.16llx self signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str()); + return; + } + } else { - if (!signer) { - // This would be rather odd, since this is our controller... could happen - // if we get packets before we've gotten config. - RR->sw->requestWhois(cert.signedBy()); - return; - } + SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy())); - if (!cert.verify(signer->identity())) { - TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str()); - return; + if (!signer) { + // This would be rather odd, since this is our controller... could happen + // if we get packets before we've gotten config. + RR->sw->requestWhois(cert.signedBy()); + return; + } + + if (!cert.verify(signer->identity())) { + TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str()); + return; + } } } |