Merge pull request #3615 from birarda/master

flip domain-server local connect conditional
2025-04-20 12:04:18 +02:00 · 2014-10-17 10:56:05 -07:00 · 2014-10-17 10:56:05 -07:00 · 94da712af0
commit 94da712af0
parent 005f56c19b 9a842e2202
2 changed files with 7 additions and 5 deletions
--- a/domain-server/resources/describe-settings.json
+++ b/domain-server/resources/describe-settings.json
@ -64,7 +64,7 @@
        "name": "allowed_users",
        "type": "table",
        "label": "Allowed Users",
-        "help": "List the High Fidelity names for people you want to be able to connect to this domain.<br/>An empty list means everyone.<br/>You can always connect from this machine.",
+        "help": "List the High Fidelity names for people you want to be able to connect to this domain.<br/>An empty list means everyone.<br/>You can always connect from the domain-server machine.",
        "numbered": false,
        "columns": [
          {
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -616,13 +616,13 @@ const QString ALLOWED_USERS_SETTINGS_KEYPATH = "security.allowed_users";
 bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                 const QByteArray& usernameSignature,
                                                 const HifiSockAddr& senderSockAddr) {
-    static const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
+    const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
                                                                 ALLOWED_USERS_SETTINGS_KEYPATH);
-    static QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
+    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
    
    // we always let in a user who is sending a packet from our local socket or from the localhost address
-    if (senderSockAddr.getAddress() != LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
-        && senderSockAddr.getAddress() != QHostAddress::LocalHost) {
+    if (senderSockAddr.getAddress() == LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
+        && senderSockAddr.getAddress() == QHostAddress::LocalHost) {
        return true;
    }
    
@ -670,6 +670,8 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
            }
        
            requestUserPublicKey(username);
+        } else {
+            qDebug() << "Connect request denied for user" << username << "not in allowed users list.";
        }
    } else {
        // since we have no allowed user list, let them all in