For various reasons, it is likely/expected for fe80:: to fail the 'local'
check. This is fine in most contexts, except for credserver and ssdp.
ssdp already special cased fe80::, so special case fe80:: in credserver
as well.
It is theoretically possible for a client to get disconnected
right in the middle. In such a scenario, err on the side of letting
the mechanism stay armed for the sake of a retry being possible.
This allows user to designate certain networks to be treated as
if they were local.
This enables the initial token grant to be allowed to a remote network.
This still requires that the api be armed (which should generally be a narrow window of
opportunity) and that the
request be privileged, it
just allows remote networks to be
elevated to be as trusted as local.
-Have apiclient set timeout on getting credential to avoid hang
-Change dcuiweasel to start shell earlier for better debug
-Do not expire the ident token if deployment is armed continuous anyway
For routed deployment, we have to preshare some information.
Additionally, the API arm mechanism gets too open ended.
Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
This is an optional capability that image payloads may use
to use the TPM2 to protect an apikey as an alternative to
arming a weak authentication invocation
Move from a clock based expiration to a simpler 'once' versus
'continous' model. 'once' is intended to be used generally, 'continuous'
for stateless without benefit of TPM. The goal would be to use TPM
to seal a key to avoid continuous.
Jarrod Johnson