tka: move disablement logic out-of-band from AUMs
It doesn't make a ton of sense for disablement to be communicated as an AUM, because any failure in the AUM or chain mechanism will mean disablement wont function. Instead, tracking of the disablement secrets remains inside the state machine, but actual disablement and communication of the disablement secret is done by the caller. Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
Tom DNetto
Tom
@@ -549,6 +549,14 @@ func Bootstrap(storage Chonk, bootstrap AUM) (*Authority, error) {
|
||||
return Open(storage)
|
||||
}
|
||||
|
||||
// ValidDisablement returns true if the disablement secret was correct.
|
||||
//
|
||||
// If this method returns true, the caller should shut down the authority
|
||||
// and purge all network-lock state.
|
||||
func (a *Authority) ValidDisablement(secret []byte) bool {
|
||||
return a.state.checkDisablement(secret)
|
||||
}
|
||||
|
||||
// Inform is called to tell the authority about new updates. Updates
|
||||
// should be ordered oldest to newest. An error is returned if any
|
||||
// of the updates could not be processed.
|
||||
|
||||
Reference in New Issue
Block a user