Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add function to toggle on/off IP Validation in Enhanced Permissioing NodeManager. #1677

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions permission/v2/contract/NodeManager.sol
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ contract NodeManager {
mapping(bytes32 => uint256) private enodeIdToIndex;
// tracking total number of nodes in network
uint256 private numberOfNodes;

// whether to do IP validation during checks if connection is allowed. This is enabled by default.
bool private isIpValidationEnabled = true;

// node permission events for new node propose
event NodeProposed(string _enodeId, string _ip, uint16 _port, uint16 _raftport, string _orgId);
Expand Down Expand Up @@ -289,6 +290,15 @@ contract NodeManager {
return nodeList[_getNodeIndex(_enodeId)].status;
}

/** @notice specify whether to perform source node IP validation in determining the connection permission.
This is enabled by default.
* @param _isIpValidationEnabled whether to enable or disable the IP validation
*/
function setIpValidation(bool _isIpValidationEnabled) public
onlyImplementation {
isIpValidationEnabled = _isIpValidationEnabled;
}

/** @notice checks if the node is allowed to connect or not
* @param _enodeId enode id
* @param _ip IP of node
Expand All @@ -301,7 +311,11 @@ contract NodeManager {
return false;
}
uint256 nodeIndex = _getNodeIndex(_enodeId);
if (nodeList[nodeIndex].status == 2 && keccak256(abi.encode(nodeList[nodeIndex].ip)) == keccak256(abi.encode(_ip))) {
if (nodeList[nodeIndex].status == 2
&& (!isIpValidationEnabled
|| keccak256(abi.encode(nodeList[nodeIndex].ip)) == keccak256(abi.encode(_ip))
)
) {
return true;
}

Expand Down
11 changes: 11 additions & 0 deletions permission/v2/contract/PermissionsImplementation.sol
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,17 @@ contract PermissionsImplementation {
roleManager.addRole(adminRole, adminOrg, fullAccess, true, true);
accountManager.setDefaults(adminRole, orgAdminRole);
}

/** @notice specify whether to perform source node IP validation in determining the connection permission.
This can only be set before network initialization is finalized
* @param _isIpValidationEnabled whether to enable or disable the IP validation
*/
function setIpValidation(bool _isIpValidationEnabled) external
onlyInterface
networkBootStatus(false) {
nodeManager.setIpValidation(_isIpValidationEnabled);
}

/** @notice as a part of network initialization add all nodes which
are part of static-nodes.json as nodes belonging to
network admin org
Expand Down
7 changes: 7 additions & 0 deletions permission/v2/contract/PermissionsInterface.sol
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@ contract PermissionsInterface {
permImplementation.init(_breadth, _depth);
}

/** @notice specify whether to perform source node IP validation in determining the connection permission.
* @param _isIpValidationEnabled whether to enable or disable the IP validation
*/
function setIpValidation(bool _isIpValidationEnabled) external {
permImplementation.setIpValidation(_isIpValidationEnabled);
}

/** @notice interface to add new node to an admin organization
* @param _enodeId enode id of the node to be added
* @param _ip IP of node
Expand Down