From ca6a74d63d1fa02cc89921aaa00bb2630f080508 Mon Sep 17 00:00:00 2001
From: Ryan Huffman <ryanhuffman@gmail.com>
Date: Fri, 11 Nov 2016 10:19:46 -0800
Subject: [PATCH] Add whitelist filtering to assignment requests

---
 domain-server/src/DomainServer.cpp | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 6766290440..722ffc6a74 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -1037,6 +1037,23 @@ void DomainServer::processRequestAssignmentPacket(QSharedPointer<ReceivedMessage
     // construct the requested assignment from the packet data
     Assignment requestAssignment(*message);
 
+    auto senderAddr = message->getSenderSockAddr().getAddress();
+
+    auto isHostAddressInSubnet = [&senderAddr](const SubnetMask& mask) -> bool {
+        return senderAddr.isInSubnet(mask);
+    };
+
+    auto it = find_if(_acIPAddressWhitelist.begin(), _acIPAddressWhitelist.end(), isHostAddressInSubnet);
+    if (it != _acIPAddressWhitelist.end()) {
+        auto maskString = it->first.toString() + "/" + QString::number(it->second);
+        qDebug() << "Received connection from whitelisted ip: " << senderAddr.toString()
+            << ", matches subnet mask: " << maskString;
+    } else {
+        qDebug() << "Received an assignment connect request from a disallowed ip address: "
+            << senderAddr;
+        return;
+    }
+
     // Suppress these for Assignment::AgentType to once per 5 seconds
     static QElapsedTimer noisyMessageTimer;
     static bool wasNoisyTimerStarted = false;