mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-10 06:20:26 +00:00
rename to 'AllowedBoxPubs' and similar
This commit is contained in:
Arceliar
parent
6ce16d8192
commit
5dac273a3d
@ -105,18 +105,18 @@ func (a *admin) init(c *Core, listenaddr string) {
|
|||||||
*out = []byte(a.printInfos([]admin_nodeInfo{info}))
|
*out = []byte(a.printInfos([]admin_nodeInfo{info}))
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
a.addHandler("getAuthBoxPubs", nil, func(out *[]byte, _ ...string) {
|
a.addHandler("getAllowedBoxPubs", nil, func(out *[]byte, _ ...string) {
|
||||||
*out = []byte(a.getAuthBoxPubs())
|
*out = []byte(a.getAllowedBoxPubs())
|
||||||
})
|
})
|
||||||
a.addHandler("addAuthBoxPub", []string{"<boxPubKey>"}, func(out *[]byte, saddr ...string) {
|
a.addHandler("addAllowedBoxPub", []string{"<boxPubKey>"}, func(out *[]byte, saddr ...string) {
|
||||||
if a.addAuthBoxPub(saddr[0]) == nil {
|
if a.addAllowedBoxPub(saddr[0]) == nil {
|
||||||
*out = []byte("Adding key: " + saddr[0] + "\n")
|
*out = []byte("Adding key: " + saddr[0] + "\n")
|
||||||
} else {
|
} else {
|
||||||
*out = []byte("Failed to add key: " + saddr[0] + "\n")
|
*out = []byte("Failed to add key: " + saddr[0] + "\n")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
a.addHandler("removeAuthBoxPub", []string{"<boxPubKey>"}, func(out *[]byte, sport ...string) {
|
a.addHandler("removeAllowedBoxPub", []string{"<boxPubKey>"}, func(out *[]byte, sport ...string) {
|
||||||
if a.removeAuthBoxPub(sport[0]) == nil {
|
if a.removeAllowedBoxPub(sport[0]) == nil {
|
||||||
*out = []byte("Removing key: " + sport[0] + "\n")
|
*out = []byte("Removing key: " + sport[0] + "\n")
|
||||||
} else {
|
} else {
|
||||||
*out = []byte("Failed to remove key: " + sport[0] + "\n")
|
*out = []byte("Failed to remove key: " + sport[0] + "\n")
|
||||||
@ -365,8 +365,8 @@ func (a *admin) getData_getSessions() []admin_nodeInfo {
|
|||||||
return infos
|
return infos
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *admin) getAuthBoxPubs() string {
|
func (a *admin) getAllowedBoxPubs() string {
|
||||||
pubs := a.core.peers.getAuthBoxPubs()
|
pubs := a.core.peers.getAllowedBoxPubs()
|
||||||
var out []string
|
var out []string
|
||||||
for _, pub := range pubs {
|
for _, pub := range pubs {
|
||||||
out = append(out, hex.EncodeToString(pub[:]))
|
out = append(out, hex.EncodeToString(pub[:]))
|
||||||
@ -375,22 +375,22 @@ func (a *admin) getAuthBoxPubs() string {
|
|||||||
return strings.Join(out, "\n")
|
return strings.Join(out, "\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *admin) addAuthBoxPub(bstr string) (err error) {
|
func (a *admin) addAllowedBoxPub(bstr string) (err error) {
|
||||||
boxBytes, err := hex.DecodeString(bstr)
|
boxBytes, err := hex.DecodeString(bstr)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
var box boxPubKey
|
var box boxPubKey
|
||||||
copy(box[:], boxBytes)
|
copy(box[:], boxBytes)
|
||||||
a.core.peers.addAuthBoxPub(&box)
|
a.core.peers.addAllowedBoxPub(&box)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *admin) removeAuthBoxPub(bstr string) (err error) {
|
func (a *admin) removeAllowedBoxPub(bstr string) (err error) {
|
||||||
boxBytes, err := hex.DecodeString(bstr)
|
boxBytes, err := hex.DecodeString(bstr)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
var box boxPubKey
|
var box boxPubKey
|
||||||
copy(box[:], boxBytes)
|
copy(box[:], boxBytes)
|
||||||
a.core.peers.removeAuthBoxPub(&box)
|
a.core.peers.removeAllowedBoxPub(&box)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,7 +5,7 @@ type NodeConfig struct {
|
|||||||
Listen string
|
Listen string
|
||||||
AdminListen string
|
AdminListen string
|
||||||
Peers []string
|
Peers []string
|
||||||
PeerBoxPubs []string
|
AllowedBoxPubs []string
|
||||||
BoxPub string
|
BoxPub string
|
||||||
BoxPriv string
|
BoxPriv string
|
||||||
SigPub string
|
SigPub string
|
||||||
|
|||||||
@ -397,8 +397,8 @@ func (c *Core) DEBUG_setIfceExpr(expr *regexp.Regexp) {
|
|||||||
c.ifceExpr = expr
|
c.ifceExpr = expr
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Core) DEBUG_addAuthBoxPub(boxStr string) {
|
func (c *Core) DEBUG_addAllowedBoxPub(boxStr string) {
|
||||||
err := c.admin.addAuthBoxPub(boxStr)
|
err := c.admin.addAllowedBoxPub(boxStr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -35,7 +35,7 @@ type peers struct {
|
|||||||
ports atomic.Value //map[Port]*peer, use CoW semantics
|
ports atomic.Value //map[Port]*peer, use CoW semantics
|
||||||
//ports map[Port]*peer
|
//ports map[Port]*peer
|
||||||
authMutex sync.RWMutex
|
authMutex sync.RWMutex
|
||||||
authBoxPubs map[boxPubKey]struct{}
|
allowedBoxPubs map[boxPubKey]struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *peers) init(c *Core) {
|
func (ps *peers) init(c *Core) {
|
||||||
@ -43,33 +43,33 @@ func (ps *peers) init(c *Core) {
|
|||||||
defer ps.mutex.Unlock()
|
defer ps.mutex.Unlock()
|
||||||
ps.putPorts(make(map[switchPort]*peer))
|
ps.putPorts(make(map[switchPort]*peer))
|
||||||
ps.core = c
|
ps.core = c
|
||||||
ps.authBoxPubs = make(map[boxPubKey]struct{})
|
ps.allowedBoxPubs = make(map[boxPubKey]struct{})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *peers) isAuthBoxPub(box *boxPubKey) bool {
|
func (ps *peers) isAllowedBoxPub(box *boxPubKey) bool {
|
||||||
ps.authMutex.RLock()
|
ps.authMutex.RLock()
|
||||||
defer ps.authMutex.RUnlock()
|
defer ps.authMutex.RUnlock()
|
||||||
_, isIn := ps.authBoxPubs[*box]
|
_, isIn := ps.allowedBoxPubs[*box]
|
||||||
return isIn || len(ps.authBoxPubs) == 0
|
return isIn || len(ps.allowedBoxPubs) == 0
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *peers) addAuthBoxPub(box *boxPubKey) {
|
func (ps *peers) addAllowedBoxPub(box *boxPubKey) {
|
||||||
ps.authMutex.Lock()
|
ps.authMutex.Lock()
|
||||||
defer ps.authMutex.Unlock()
|
defer ps.authMutex.Unlock()
|
||||||
ps.authBoxPubs[*box] = struct{}{}
|
ps.allowedBoxPubs[*box] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *peers) removeAuthBoxPub(box *boxPubKey) {
|
func (ps *peers) removeAllowedBoxPub(box *boxPubKey) {
|
||||||
ps.authMutex.Lock()
|
ps.authMutex.Lock()
|
||||||
defer ps.authMutex.Unlock()
|
defer ps.authMutex.Unlock()
|
||||||
delete(ps.authBoxPubs, *box)
|
delete(ps.allowedBoxPubs, *box)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *peers) getAuthBoxPubs() []boxPubKey {
|
func (ps *peers) getAllowedBoxPubs() []boxPubKey {
|
||||||
ps.authMutex.RLock()
|
ps.authMutex.RLock()
|
||||||
defer ps.authMutex.RUnlock()
|
defer ps.authMutex.RUnlock()
|
||||||
keys := make([]boxPubKey, 0, len(ps.authBoxPubs))
|
keys := make([]boxPubKey, 0, len(ps.allowedBoxPubs))
|
||||||
for key := range ps.authBoxPubs {
|
for key := range ps.allowedBoxPubs {
|
||||||
keys = append(keys, key)
|
keys = append(keys, key)
|
||||||
}
|
}
|
||||||
return keys
|
return keys
|
||||||
|
|||||||
@ -151,7 +151,7 @@ func (iface *tcpInterface) handler(sock net.Conn, incoming bool) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Check if we're authorized to connect to this key / IP
|
// Check if we're authorized to connect to this key / IP
|
||||||
if incoming && !iface.core.peers.isAuthBoxPub(&info.box) {
|
if incoming && !iface.core.peers.isAllowedBoxPub(&info.box) {
|
||||||
// Allow unauthorized peers if they're link-local
|
// Allow unauthorized peers if they're link-local
|
||||||
raddrStr, _, _ := net.SplitHostPort(sock.RemoteAddr().String())
|
raddrStr, _, _ := net.SplitHostPort(sock.RemoteAddr().String())
|
||||||
raddr := net.ParseIP(raddrStr)
|
raddr := net.ParseIP(raddrStr)
|
||||||
|
|||||||
@ -206,7 +206,7 @@ func (iface *udpInterface) handleKeys(msg []byte, addr connAddr) {
|
|||||||
udpAddr := addr.toUDPAddr()
|
udpAddr := addr.toUDPAddr()
|
||||||
// Check if we're authorized to connect to this key / IP
|
// Check if we're authorized to connect to this key / IP
|
||||||
// TODO monitor and always allow outgoing connections
|
// TODO monitor and always allow outgoing connections
|
||||||
if !iface.core.peers.isAuthBoxPub(&ks.box) {
|
if !iface.core.peers.isAllowedBoxPub(&ks.box) {
|
||||||
// Allow unauthorized peers if they're link-local
|
// Allow unauthorized peers if they're link-local
|
||||||
if !udpAddr.IP.IsLinkLocalUnicast() {
|
if !udpAddr.IP.IsLinkLocalUnicast() {
|
||||||
return
|
return
|
||||||
|
|||||||
@ -66,8 +66,8 @@ func (n *node) init(cfg *nodeConfig, logger *log.Logger) {
|
|||||||
logger.Println("Starting admin socket...")
|
logger.Println("Starting admin socket...")
|
||||||
n.core.DEBUG_setupAndStartAdminInterface(cfg.AdminListen)
|
n.core.DEBUG_setupAndStartAdminInterface(cfg.AdminListen)
|
||||||
logger.Println("Started admin socket")
|
logger.Println("Started admin socket")
|
||||||
for _, pBoxStr := range cfg.PeerBoxPubs {
|
for _, pBoxStr := range cfg.AllowedBoxPubs {
|
||||||
n.core.DEBUG_addAuthBoxPub(pBoxStr)
|
n.core.DEBUG_addAllowedBoxPub(pBoxStr)
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
@ -101,7 +101,7 @@ func generateConfig(isAutoconf bool) *nodeConfig {
|
|||||||
cfg.SigPub = hex.EncodeToString(spub[:])
|
cfg.SigPub = hex.EncodeToString(spub[:])
|
||||||
cfg.SigPriv = hex.EncodeToString(spriv[:])
|
cfg.SigPriv = hex.EncodeToString(spriv[:])
|
||||||
cfg.Peers = []string{}
|
cfg.Peers = []string{}
|
||||||
cfg.PeerBoxPubs = []string{}
|
cfg.AllowedBoxPubs = []string{}
|
||||||
cfg.Multicast = true
|
cfg.Multicast = true
|
||||||
cfg.LinkLocal = ""
|
cfg.LinkLocal = ""
|
||||||
cfg.IfName = core.DEBUG_GetTUNDefaultIfName()
|
cfg.IfName = core.DEBUG_GetTUNDefaultIfName()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user