Halaman utama Jelajahi Bantuan
Masuk
cpp
/
ZeroTierOne
cermin dari https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

allow user to specify arbitrary allowed IP networks in allowManaged

Michał Zieliński 8 tahun lalu
induk
9a475eeff9
melakukan
8f2a42d1ad
4 mengubah file dengan 60 tambahan dan 9 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 5 5
      node/Buffer.hpp
  2. 10 1
      service/ControlPlane.cpp
  3. 38 3
      service/OneService.cpp
  4. 7 0
      service/OneService.hpp

+ 5 - 5
node/Buffer.hpp
Tampilan Berkas 

@@ -61,11 +61,11 @@ public:
 
 	// STL container idioms
 
 	typedef unsigned char value_type;
 
 	typedef unsigned char * pointer;
 
-	typedef const unsigned char * const_pointer;
 
-	typedef unsigned char & reference;
 
-	typedef const unsigned char & const_reference;
 
-	typedef unsigned char * iterator;
 
-	typedef const unsigned char * const_iterator;
 
+	typedef const char * const_pointer;
 
+	typedef char & reference;
 
+	typedef const char & const_reference;
 
+	typedef char * iterator;
 
+	typedef const char * const_iterator;
 
 	typedef unsigned int size_type;
 
 	typedef int difference_type;
 
 	typedef std::reverse_iterator<iterator> reverse_iterator;

+ 10 - 1
service/ControlPlane.cpp
Tampilan Berkas 

@@ -121,6 +121,15 @@ static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_VirtualNetw
 
 		case ZT_NETWORK_TYPE_PUBLIC:                     ntype = "PUBLIC"; break;
 
 	}
 
 
+	std::string allowManaged = (localSettings.allowManaged) ? "true" : "false";
 
+	if (localSettings.allowManagedWhitelist.size() != 0) {
 
+		allowManaged = "";
 
+		for (InetAddress address : localSettings.allowManagedWhitelist) {
 
+			if (allowManaged.size() != 0) allowManaged += ',';
 
+			allowManaged += address.toIpString() + "/" + std::to_string(address.netmaskBits());
 
+		}
 
+	}
 
+
 
 	Utils::snprintf(json,sizeof(json),
 
 		"%s{\n"
 
 		"%s\t\"id\": \"%.16llx\",\n"
 
@@ -158,7 +167,7 @@ static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_VirtualNetw
 
 		prefix,_jsonEnumerate(nc->assignedAddresses,nc->assignedAddressCount).c_str(),
 
 		prefix,_jsonEnumerate(nc->routes,nc->routeCount).c_str(),
 
 		prefix,_jsonEscape(portDeviceName).c_str(),
 
-		prefix,(localSettings.allowManaged) ? "true" : "false",
 
+		prefix,allowManaged.c_str(),
 
 		prefix,(localSettings.allowGlobal) ? "true" : "false",
 
 		prefix,(localSettings.allowDefault) ? "true" : "false",
 
 		prefix);

+ 38 - 3
service/OneService.cpp
Tampilan Berkas 

@@ -1039,6 +1039,18 @@ public:
 
 	{
 
 		if (!n.settings.allowManaged)
 
 			return false;
 
+
 
+		if (n.settings.allowManagedWhitelist.size() > 0) {
 
+			bool allowed = false;
 
+			for (InetAddress addr : n.settings.allowManagedWhitelist) {
 
+				if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) {
 
+					allowed = true;
 
+					break;
 
+				}
 
+			}
 
+			if (!allowed) return false;
 
+		}
 
+
 
 		if (target.isDefaultRoute())
 
 			return n.settings.allowDefault;
 
 		switch(target.ipScope()) {
 
@@ -1423,9 +1435,32 @@ public:
 
 						if (OSUtils::readFile(nlcpath,nlcbuf)) {
 
 							Dictionary<4096> nc;
 
 							nc.load(nlcbuf.c_str());
 
-							n.settings.allowManaged = nc.getB("allowManaged",true);
 
-							n.settings.allowGlobal = nc.getB("allowGlobal",false);
 
-							n.settings.allowDefault = nc.getB("allowDefault",false);
 
+							Buffer<1024> allowManaged;
 
+							if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) {
 
+								std::string addresses (allowManaged.begin(), allowManaged.size());
 
+								if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility
 
+									if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') {
 
+										n.settings.allowManaged = true;
 
+									} else {
 
+										n.settings.allowManaged = false;
 
+									}
 
+								} else {
 
+									// this should be a list of IP addresses
 
+									n.settings.allowManaged = true;
 
+									size_t pos = 0;
 
+									while (true) {
 
+										size_t nextPos = addresses.find(',', pos);
 
+										std::string address = addresses.substr(pos, (nextPos == std::string::npos ? addresses.size() : nextPos) - pos);
 
+										n.settings.allowManagedWhitelist.push_back(InetAddress(address));
 
+										if (nextPos == std::string::npos) break;
 
+										pos = nextPos + 1;
 
+									}
 
+								}
 
+							} else {
 
+								n.settings.allowManaged = true;
 
+							}
 
+							n.settings.allowGlobal = nc.getB("allowGlobal", false);
 
+							n.settings.allowDefault = nc.getB("allowDefault", false);
 
 						}
 
 					} catch (std::exception &exc) {
 
 #ifdef __WINDOWS__

+ 7 - 0
service/OneService.hpp
Tampilan Berkas 

@@ -20,6 +20,7 @@
 
 #define ZT_ONESERVICE_HPP
 
 
 #include <string>
 
+#include <vector>
 
 
 namespace ZeroTier {
 
 
@@ -65,6 +66,12 @@ public:
 
 		 */
 
 		bool allowManaged;
 
 
+		/**
 
+		 * Whitelist of addresses that can be configured by this network.
 
+		 * If empty and allowManaged is true, allow all private/pseudoprivate addresses.
 
+		 */
 
+		std::vector<InetAddress> allowManagedWhitelist;
 
+
 
 		/**
 
 		 * Allow configuration of IPs and routes within global (Internet) IP space?
 
 		 */