From 5e6a4e5f5e0022dccbc2f6cf8a8b38c038720866 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 6 Mar 2017 15:12:28 -0800 Subject: Send revocations automatically on deauth for instant kill, also fix some issues with the RP. --- controller/EmbeddedNetworkController.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'controller/EmbeddedNetworkController.cpp') diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp index 78fa79f2..2f6142a9 100644 --- a/controller/EmbeddedNetworkController.cpp +++ b/controller/EmbeddedNetworkController.cpp @@ -661,6 +661,17 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST( ah["ct"] = json(); ah["c"] = json(); member["authHistory"].push_back(ah); + + // Member is being de-authorized, so spray Revocation objects to all online members + if (!newAuth) { + Revocation rev(_node->prng(),nwid,0,now,ZT_REVOCATION_FLAG_FAST_PROPAGATE,Address(address),Revocation::CREDENTIAL_TYPE_COM); + rev.sign(_signingId); + Mutex::Lock _l(_lastRequestTime_m); + for(std::map< std::pair,uint64_t >::iterator i(_lastRequestTime.begin());i!=_lastRequestTime.end();++i) { + if ((now - i->second) < ZT_NETWORK_AUTOCONF_DELAY) + _node->ncSendRevocation(Address(i->first.first),rev); + } + } } } @@ -1037,8 +1048,9 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST( Mutex::Lock _l(_db_m); _db.put("network",nwids,network); } - std::string pfx("network/"); pfx.append(nwids); pfx.append("/member/"); - _db.filter(pfx,120000,[this,&now,&nwid](const std::string &n,const json &obj) { + + // Send an update to all members of the network + _db.filter((std::string("network/") + nwids + "/member/"),120000,[this,&now,&nwid](const std::string &n,const json &obj) { _pushMemberUpdate(now,nwid,obj); return true; // do not delete }); -- cgit v1.2.3