octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2025-01-22 22:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

lib/connections: Allow negative ACL entries on devices (fixes #4096)

Browse Source 
Prefix an entry with "!" to make it a negative entry. First match wins.

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4097
This commit is contained in:
Jakob Borg 2017-04-13 17:43:29 +00:00 committed by Audrius Butkevicius
parent d48e46a29c
commit dd1f7a5ab7
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/connections/connections_test.go
View File

@ -81,6 +81,21 @@ func TestAllowedNetworks(t *testing.T) {
[]string{"192.168.0.0/24", "fe80::/48"}, []string{"192.168.0.0/24", "fe80::/48"},
true, true,
}, },
{
"10.20.30.40",
[]string{"!10.20.30.0/24", "10.0.0.0/8"},
false,
},
{
"10.20.30.40",
[]string{"10.0.0.0/8", "!10.20.30.0/24"},
true,
},
{
"[fe80::1]:4242",
[]string{"192.168.0.0/24", "!fe00::/8", "fe80::/48"},
false,
},
} }
for _, tc := range cases { for _, tc := range cases {

8
lib/connections/service.go
View File

@ -12,6 +12,7 @@ import (
"fmt" "fmt"
"net" "net"
"net/url" "net/url"
"strings"
"time" "time"
"github.com/syncthing/syncthing/lib/config" "github.com/syncthing/syncthing/lib/config"
@ -662,12 +663,17 @@ func IsAllowedNetwork(host string, allowed []string) bool {
} }
for _, n := range allowed { for _, n := range allowed {
result := true
if strings.HasPrefix(n, "!") {
result = false
n = n[1:]
}
_, cidr, err := net.ParseCIDR(n) _, cidr, err := net.ParseCIDR(n)
if err != nil { if err != nil {
continue continue
} }
if cidr.Contains(addr.IP) { if cidr.Contains(addr.IP) {
return true return result
} }
} }