lib/connections: Allow negative ACL entries on devices (fixes #4096)

Prefix an entry with "!" to make it a negative entry. First match wins. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4097
2017-04-13 17:43:29 +00:00
parent d48e46a29c
commit dd1f7a5ab7
2 changed files with 22 additions and 1 deletions
--- a/lib/connections/service.go
+++ b/lib/connections/service.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"net"
 	"net/url"
+	"strings"
 	"time"

 	"github.com/syncthing/syncthing/lib/config"
@@ -662,12 +663,17 @@ func IsAllowedNetwork(host string, allowed []string) bool {
 	}

 	for _, n := range allowed {
+		result := true
+		if strings.HasPrefix(n, "!") {
+			result = false
+			n = n[1:]
+		}
 		_, cidr, err := net.ParseCIDR(n)
 		if err != nil {
 			continue
 		}
 		if cidr.Contains(addr.IP) {
-			return true
+			return result
 		}
 	}