From b41437780b5740f7fcb813412b2bf4157ac8d807 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 30 Sep 2014 17:26:34 -0700 Subject: Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket... --- node/Network.cpp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'node/Network.cpp') diff --git a/node/Network.cpp b/node/Network.cpp index 577a736e..0dc5c8b6 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -239,16 +239,25 @@ void Network::requestConfiguration() RR->sw->send(outp,true); } -void Network::addMembershipCertificate(const CertificateOfMembership &cert) +void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool forceAccept) { if (!cert) // sanity check return; + if (!forceAccept) { + if (cert.signedBy() != controller()) + return; + SharedPtr signer(RR->topology->getPeer(cert.signedBy())); + if (!signer) + return; // we should already have done a WHOIS on this peer, since this is our netconf master + if (!cert.verify(signer->identity())) + return; + } + Mutex::Lock _l(_lock); // We go ahead and accept certs provisionally even if _isOpen is true, since // that might be changed in short order if the user is fiddling in the UI. - // These will be purged on clean() for open networks eventually. CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()]; if (cert.timestamp() >= old.timestamp()) { -- cgit v1.2.3