Inicio Explorar Axuda
Iniciar sesión
golang
/
netmaker
réplica de https://github.com/gravitl/netmaker
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

check default user policy

abhishek9686 hai 10 meses
pai
c0f107b302
achega
d4da1774ff
Modificáronse 3 ficheiros con 14 adicións e 19 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 4 0
      logic/acls.go
  2. 0 9
      logic/extpeers.go
  3. 10 10
      logic/peers.go

+ 4 - 0
logic/acls.go
Ver ficheiro 

@@ -441,6 +441,10 @@ func convAclTagToValueMap(acltags []models.AclPolicyTag) map[string]struct{} {
 
 
 // IsUserAllowedToCommunicate - check if user is allowed to communicate with peer
 
 func IsUserAllowedToCommunicate(userName string, peer models.Node) bool {
 
+	acl, _ := GetDefaultPolicy(models.NetworkID(peer.Network), models.UserPolicy)
 
+	if acl.Enabled {
 
+		return true
 
+	}
 
 	user, err := GetUser(userName)
 
 	if err != nil {
 
 		return false

+ 0 - 9
logic/extpeers.go
Ver ficheiro 

@@ -526,7 +526,6 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
 	var peers []wgtypes.PeerConfig
 
 	var idsAndAddr []models.IDandAddr
 
 	var egressRoutes []models.EgressNetworkRoutes
 
-	var extUserIps []net.IP
 
 	extPeers, err := GetNetworkExtClients(node.Network)
 
 	if err != nil {
 
 		return peers, idsAndAddr, egressRoutes, err
 
@@ -537,14 +536,6 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
 	}
 
 	for _, extPeer := range extPeers {
 
 		extPeer := extPeer
 
-		if extPeer.RemoteAccessClientID != "" {
 
-			if extPeer.AddressIPNet4().IP != nil {
 
-				extUserIps = append(extUserIps, extPeer.AddressIPNet4().IP)
 
-			}
 
-			if extPeer.AddressIPNet6().IP != nil {
 
-				extUserIps = append(extUserIps, extPeer.AddressIPNet6().IP)
 
-			}
 
-		}
 
 		if !IsClientNodeAllowed(&extPeer, peer.ID.String()) {
 
 			continue
 
 		}

+ 10 - 10
logic/peers.go
Ver ficheiro 

@@ -294,17 +294,17 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 			if err == nil {
 
 				defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 
 				defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 
-				ingFwUpdate := models.IngressInfo{
 
-					IngressID: node.ID.String(),
 
-					Network:   node.NetworkRange,
 
-					Network6:  node.NetworkRange6,
 
-					AllowAll:  defaultDevicePolicy.Enabled && defaultUserPolicy.Default,
 
-				}
 
-				if !ingFwUpdate.AllowAll {
 
-					ingFwUpdate.StaticNodeIps = GetStaticNodeIps(node)
 
-					ingFwUpdate.Rules = GetFwRulesOnIngressGateway(node)
 
+				if defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled {
 
+					ingFwUpdate := models.IngressInfo{
 
+						IngressID:     node.ID.String(),
 
+						Network:       node.NetworkRange,
 
+						Network6:      node.NetworkRange6,
 
+						AllowAll:      defaultDevicePolicy.Enabled && defaultUserPolicy.Default,
 
+						StaticNodeIps: GetStaticNodeIps(node),
 
+						Rules:         GetFwRulesOnIngressGateway(node),
 
+					}
 
+					hostPeerUpdate.FwUpdate.IngressInfo[node.ID.String()] = ingFwUpdate
 
 				}
 
-				hostPeerUpdate.FwUpdate.IngressInfo[node.ID.String()] = ingFwUpdate
 
 				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...)
 
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {