diff options
| author | Adam Ierymenko <adam.ierymenko@zerotier.com> | 2017-01-30 06:54:49 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-30 06:54:49 -0800 |
| commit | 2ceb162df0b6d0ce5984aed749680d2379b830bd (patch) | |
| tree | f5f14041a5c122f869b66277acc7c83b4e3a344d /service/OneService.cpp | |
| parent | 915206405cc614a77a62a1173c361547423c4399 (diff) | |
| parent | 8f2a42d1ad84e5dba590e7f593d8a46cc81389b3 (diff) | |
| download | infinitytier-2ceb162df0b6d0ce5984aed749680d2379b830bd.tar.gz infinitytier-2ceb162df0b6d0ce5984aed749680d2379b830bd.zip | |
Merge pull request #442 from zielmicha/allow-managed
allow user to specify arbitrary allowed IP networks in allowManaged
Diffstat (limited to 'service/OneService.cpp')
| -rw-r--r-- | service/OneService.cpp | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/service/OneService.cpp b/service/OneService.cpp index d2ebe6b7..49c5f4a0 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1028,6 +1028,18 @@ public: { if (!n.settings.allowManaged) return false; + + if (n.settings.allowManagedWhitelist.size() > 0) { + bool allowed = false; + for (InetAddress addr : n.settings.allowManagedWhitelist) { + if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) { + allowed = true; + break; + } + } + if (!allowed) return false; + } + if (target.isDefaultRoute()) return n.settings.allowDefault; switch(target.ipScope()) { @@ -1412,9 +1424,32 @@ public: if (OSUtils::readFile(nlcpath,nlcbuf)) { Dictionary<4096> nc; nc.load(nlcbuf.c_str()); - n.settings.allowManaged = nc.getB("allowManaged",true); - n.settings.allowGlobal = nc.getB("allowGlobal",false); - n.settings.allowDefault = nc.getB("allowDefault",false); + Buffer<1024> allowManaged; + if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) { + std::string addresses (allowManaged.begin(), allowManaged.size()); + if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility + if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') { + n.settings.allowManaged = true; + } else { + n.settings.allowManaged = false; + } + } else { + // this should be a list of IP addresses + n.settings.allowManaged = true; + size_t pos = 0; + while (true) { + size_t nextPos = addresses.find(',', pos); + std::string address = addresses.substr(pos, (nextPos == std::string::npos ? addresses.size() : nextPos) - pos); + n.settings.allowManagedWhitelist.push_back(InetAddress(address)); + if (nextPos == std::string::npos) break; + pos = nextPos + 1; + } + } + } else { + n.settings.allowManaged = true; + } + n.settings.allowGlobal = nc.getB("allowGlobal", false); + n.settings.allowDefault = nc.getB("allowDefault", false); } } catch (std::exception &exc) { #ifdef __WINDOWS__ |