ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-29 15:43:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #442 from zielmicha/allow-managed

Browse Source 
allow user to specify arbitrary allowed IP networks in allowManaged
This commit is contained in:
Adam Ierymenko 2017-01-30 06:54:49 -08:00 committed by GitHub
commit 2ceb162df0
4 changed files with 60 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
node/Buffer.hpp
View File

@ -61,11 +61,11 @@ public:
// STL container idioms // STL container idioms
typedef unsigned char value_type; typedef unsigned char value_type;
typedef unsigned char * pointer; typedef unsigned char * pointer;
typedef const unsigned char * const_pointer; typedef const char * const_pointer;
typedef unsigned char & reference; typedef char & reference;
typedef const unsigned char & const_reference; typedef const char & const_reference;
typedef unsigned char * iterator; typedef char * iterator;
typedef const unsigned char * const_iterator; typedef const char * const_iterator;
typedef unsigned int size_type; typedef unsigned int size_type;
typedef int difference_type; typedef int difference_type;
typedef std::reverse_iterator<iterator> reverse_iterator; typedef std::reverse_iterator<iterator> reverse_iterator;

11
service/ControlPlane.cpp
View File

@ -121,6 +121,15 @@ static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_VirtualNetw
case ZT_NETWORK_TYPE_PUBLIC: ntype = "PUBLIC"; break; case ZT_NETWORK_TYPE_PUBLIC: ntype = "PUBLIC"; break;
} }
std::string allowManaged = (localSettings.allowManaged) ? "true" : "false";
if (localSettings.allowManagedWhitelist.size() != 0) {
allowManaged = "";
for (InetAddress address : localSettings.allowManagedWhitelist) {
if (allowManaged.size() != 0) allowManaged += ',';
allowManaged += address.toIpString() + "/" + std::to_string(address.netmaskBits());
}
}
Utils::snprintf(json,sizeof(json), Utils::snprintf(json,sizeof(json),
"%s{\n" "%s{\n"
"%s\t\"id\": \"%.16llx\",\n" "%s\t\"id\": \"%.16llx\",\n"
@ -158,7 +167,7 @@ static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_VirtualNetw
prefix,_jsonEnumerate(nc->assignedAddresses,nc->assignedAddressCount).c_str(), prefix,_jsonEnumerate(nc->assignedAddresses,nc->assignedAddressCount).c_str(),
prefix,_jsonEnumerate(nc->routes,nc->routeCount).c_str(), prefix,_jsonEnumerate(nc->routes,nc->routeCount).c_str(),
prefix,_jsonEscape(portDeviceName).c_str(), prefix,_jsonEscape(portDeviceName).c_str(),
prefix,(localSettings.allowManaged) ? "true" : "false", prefix,allowManaged.c_str(),
prefix,(localSettings.allowGlobal) ? "true" : "false", prefix,(localSettings.allowGlobal) ? "true" : "false",
prefix,(localSettings.allowDefault) ? "true" : "false", prefix,(localSettings.allowDefault) ? "true" : "false",
prefix); prefix);

41
service/OneService.cpp
View File

@ -1028,6 +1028,18 @@ public:
{ {
if (!n.settings.allowManaged) if (!n.settings.allowManaged)
return false; return false;
if (n.settings.allowManagedWhitelist.size() > 0) {
bool allowed = false;
for (InetAddress addr : n.settings.allowManagedWhitelist) {
if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) {
allowed = true;
break;
}
}
if (!allowed) return false;
}
if (target.isDefaultRoute()) if (target.isDefaultRoute())
return n.settings.allowDefault; return n.settings.allowDefault;
switch(target.ipScope()) { switch(target.ipScope()) {
@ -1412,9 +1424,32 @@ public:
if (OSUtils::readFile(nlcpath,nlcbuf)) { if (OSUtils::readFile(nlcpath,nlcbuf)) {
Dictionary<4096> nc; Dictionary<4096> nc;
nc.load(nlcbuf.c_str()); nc.load(nlcbuf.c_str());
n.settings.allowManaged = nc.getB("allowManaged",true); Buffer<1024> allowManaged;
n.settings.allowGlobal = nc.getB("allowGlobal",false); if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) {
n.settings.allowDefault = nc.getB("allowDefault",false); std::string addresses (allowManaged.begin(), allowManaged.size());
if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility
if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') {
n.settings.allowManaged = true;
} else {
n.settings.allowManaged = false;
}
} else {
// this should be a list of IP addresses
n.settings.allowManaged = true;
size_t pos = 0;
while (true) {
size_t nextPos = addresses.find(',', pos);
std::string address = addresses.substr(pos, (nextPos == std::string::npos ? addresses.size() : nextPos) - pos);
n.settings.allowManagedWhitelist.push_back(InetAddress(address));
if (nextPos == std::string::npos) break;
pos = nextPos + 1;
}
}
} else {
n.settings.allowManaged = true;
}
n.settings.allowGlobal = nc.getB("allowGlobal", false);
n.settings.allowDefault = nc.getB("allowDefault", false);
} }
} catch (std::exception &exc) { } catch (std::exception &exc) {
#ifdef __WINDOWS__ #ifdef __WINDOWS__

7
service/OneService.hpp
View File

@ -20,6 +20,7 @@
#define ZT_ONESERVICE_HPP #define ZT_ONESERVICE_HPP
#include <string> #include <string>
#include <vector>
namespace ZeroTier { namespace ZeroTier {
@ -65,6 +66,12 @@ public:
*/ */
bool allowManaged; bool allowManaged;
/**
* Whitelist of addresses that can be configured by this network.
* If empty and allowManaged is true, allow all private/pseudoprivate addresses.
*/
std::vector<InetAddress> allowManagedWhitelist;
/** /**
* Allow configuration of IPs and routes within global (Internet) IP space? * Allow configuration of IPs and routes within global (Internet) IP space?
*/ */