diff options
| author | Joseph Henry <[email protected]> | 2017-03-14 13:21:54 -0700 |
|---|---|---|
| committer | Joseph Henry <[email protected]> | 2017-03-14 13:21:54 -0700 |
| commit | 695b8ecc55a4b54aa47df181c1cdb674fd4b512c (patch) | |
| tree | 8b7815a5c2f4094d72cff5552d73dc7340277e3c /zto/node/Capability.cpp | |
| parent | e800e47a6333a0b4fe7df2a6093716cb2b44d308 (diff) | |
upgraded core to 1.2.00.8.0
Diffstat (limited to 'zto/node/Capability.cpp')
| -rw-r--r-- | zto/node/Capability.cpp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/zto/node/Capability.cpp b/zto/node/Capability.cpp new file mode 100644 index 0000000..0a736ca --- /dev/null +++ b/zto/node/Capability.cpp @@ -0,0 +1,65 @@ +/* + * ZeroTier One - Network Virtualization Everywhere + * Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/ + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "Capability.hpp" +#include "RuntimeEnvironment.hpp" +#include "Identity.hpp" +#include "Topology.hpp" +#include "Switch.hpp" +#include "Network.hpp" + +namespace ZeroTier { + +int Capability::verify(const RuntimeEnvironment *RR) const +{ + try { + // There must be at least one entry, and sanity check for bad chain max length + if ((_maxCustodyChainLength < 1)||(_maxCustodyChainLength > ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH)) + return -1; + + // Validate all entries in chain of custody + Buffer<(sizeof(Capability) * 2)> tmp; + this->serialize(tmp,true); + for(unsigned int c=0;c<_maxCustodyChainLength;++c) { + if (c == 0) { + if ((!_custody[c].to)||(!_custody[c].from)||(_custody[c].from != Network::controllerFor(_nwid))) + return -1; // the first entry must be present and from the network's controller + } else { + if (!_custody[c].to) + return 0; // all previous entries were valid, so we are valid + else if ((!_custody[c].from)||(_custody[c].from != _custody[c-1].to)) + return -1; // otherwise if we have another entry it must be from the previous holder in the chain + } + + const Identity id(RR->topology->getIdentity(_custody[c].from)); + if (id) { + if (!id.verify(tmp.data(),tmp.size(),_custody[c].signature)) + return -1; + } else { + RR->sw->requestWhois(_custody[c].from); + return 1; + } + } + + // We reached max custody chain length and everything was valid + return 0; + } catch ( ... ) {} + return -1; +} + +} // namespace ZeroTier |