Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-10-17 20:05:55 +02:00
Code Issues Projects Releases Wiki Activity

fix(machine): revert modifications

Browse Source 
Using h.ListAllMachines also listed the current machine in the result. It's unnecessary (I don't know if it's harmful).

Breaking the check with the `matchSourceAndDestinationWithRule` broke the tests. We have a specificity with the '*' destination that isn't symetrical.
I need to think of a better way to do this. It too hard to read.
This commit is contained in:
Adrien Raffin-Caboisse 2022-02-20 23:47:04 +01:00
parent 5e167cc00a
commit b3d0fb7a93
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
machine.go
View File

@ -142,16 +142,6 @@ func containsAddresses(inputs []string, addrs MachineAddresses) bool {
return false
}
// matchSourceAndDestinationWithRule will check if source is authorized to communicate with destination through
// the given rule.
func matchSourceAndDestinationWithRule(rule tailcfg.FilterRule, source Machine, destination Machine) bool {
var dst []string
for _, d := range rule.DstPorts {
dst = append(dst, d.IP)
}
return (containsAddresses(rule.SrcIPs, source.IPAddresses) && containsAddresses(dst, destination.IPAddresses)) || containsString(dst, "*")
}
// getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine.
func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
log.Trace().
@ -159,9 +149,10 @@ func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
Str("machine", machine.Name).
Msg("Finding peers filtered by ACLs")
machines, err := h.ListAllMachines()
if err != nil {
log.Error().Err(err).Msg("Error retrieving list of machines")
machines := Machines{}
if err := h.db.Preload("Namespace").Where("machine_key <> ? AND registered",
machine.MachineKey).Find(&machines).Error; err != nil {
log.Error().Err(err).Msg("Error accessing db")
return Machines{}, err
}
peers := make(map[uint64]Machine)
@ -185,7 +176,13 @@ func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
for _, peer := range machines {
for _, rule := range h.aclRules {
if matchSourceAndDestinationWithRule(rule, *machine, peer) || matchSourceAndDestinationWithRule(rule, peer, *machine) {
var dst []string
for _, d := range rule.DstPorts {
dst = append(dst, d.IP)
}
if (containsAddresses(rule.SrcIPs, machine.IPAddresses) && (containsAddresses(dst, peer.IPAddresses) || containsString(dst, "*"))) || (
// open return path
containsAddresses(rule.SrcIPs, peer.IPAddresses) && containsAddresses(dst, machine.IPAddresses)) {
peers[peer.ID] = peer
}
}