Refactored AllowedSourceAddress key to use existing tunnel_address mo…

…del type.

programs/ziti-edge-tunnel/include/model/dtos.h

@@ -62,10 +62,6 @@ XX(HostName, string, none, HostName, __VA_ARGS__) \
 XX(IP, string, none, IP, __VA_ARGS__) \
 XX(Prefix, int, none, Prefix, __VA_ARGS__)
 
-#define ALLOWED_SOURCE_ADDRESS(XX, ...) \
-XX(Prefix, string, none, Prefix, __VA_ARGS__) \
-XX(Suffix, int, none, Suffix, __VA_ARGS__)
-
 #define TUNNEL_PORT_RANGE(XX, ...) \
 XX(High, int, none, High, __VA_ARGS__) \
 XX(Low, int, none, Low, __VA_ARGS__)
@@ -86,7 +82,7 @@ XX(Id, string, none, Id, __VA_ARGS__) \
 XX(Name, string, none, Name, __VA_ARGS__) \
 XX(Protocols, string, array, Protocols, __VA_ARGS__) \
 XX(Addresses, tunnel_address, array, Addresses, __VA_ARGS__) \
-XX(AllowedSourceAddresses, allowed_source_address, array, AllowedSourceAddresses, __VA_ARGS__) \
+XX(AllowedSourceAddresses, tunnel_address, array, AllowedSourceAddresses, __VA_ARGS__) \
 XX(Ports, tunnel_port_range, array, Ports, __VA_ARGS__)  \
 XX(OwnsIntercept, bool, none, OwnsIntercept, __VA_ARGS__) \
 XX(PostureChecks, tunnel_posture_check, array, PostureChecks, __VA_ARGS__) \
@@ -122,7 +118,6 @@ XX(BuildDate, string, none, BuildDate, __VA_ARGS__)
 DECLARE_MODEL(tunnel_config, TUNNEL_CONFIG)
 DECLARE_MODEL(tunnel_metrics, TUNNEL_METRICS)
 DECLARE_MODEL(tunnel_address, TUNNEL_ADDRESS)
-DECLARE_MODEL(allowed_source_address, ALLOWED_SOURCE_ADDRESS)
 DECLARE_MODEL(tunnel_port_range, TUNNEL_PORT_RANGE)
 DECLARE_MODEL(tunnel_posture_check, TUNNEL_POSTURE_CHECK)
 DECLARE_MODEL(tunnel_service_permissions, TUNNEL_SERVICE_PERMISSIONS)

programs/ziti-edge-tunnel/instance.c

@@ -260,15 +260,6 @@ static void setTunnelPostureDataTimeout(tunnel_service *tnl_svc, ziti_service *s
     ZITI_LOG(DEBUG, "service[%s] timeout=%d timeoutRemaining=%d", service->name, minTimeout, minTimeoutRemaining);
 }
 
-static allowed_source_address *to_allowedSourceAddress(const ziti_address *za) {
-    allowed_source_address *allowed_address = calloc(1, sizeof(struct allowed_source_address_s));
-    allowed_address->Prefix = calloc(INET_ADDRSTRLEN+1, sizeof(char));
-    uv_inet_ntop(za->addr.cidr.af, &za->addr.cidr.ip, allowed_address->Prefix, INET_ADDRSTRLEN);
-    allowed_address->Suffix = (unsigned int) za->addr.cidr.bits;
-    ZITI_LOG(TRACE, "CIDR address: %s/%d", allowed_address->Prefix, allowed_address->Suffix);
-    return allowed_address;
-}
-
 static tunnel_address *to_address(const ziti_address *za) {
     tunnel_address *tnl_address = calloc(1, sizeof(struct tunnel_address_s));
 
@@ -298,7 +289,7 @@ tunnel_port_range *getTunnelPortRange(ziti_port_range *zpr){
 
 static void setTunnelAllowedSourceAddress(tunnel_service *tnl_svc, ziti_service *service) {
     const char* cfg_json = ziti_service_get_raw_config(service, CFG_HOST_V1);
-    allowed_source_address_array allowed_src_addr_arr = NULL;
+    tunnel_address_array allowed_src_addr_arr = NULL;
     if (cfg_json != NULL && strlen(cfg_json) > 0) {
         ZITI_LOG(TRACE, "host.v1: %s", cfg_json);
         ziti_host_cfg_v1 cfg_v1 = {0};
@@ -309,7 +300,7 @@ static void setTunnelAllowedSourceAddress(tunnel_service *tnl_svc, ziti_service
         for (int x = 0; allowed_src_addrs != NULL && allowed_src_addrs[x] != NULL; x++) {
             n++;
         }
-        allowed_src_addr_arr = calloc(n + 1, sizeof(allowed_source_address *));
+        allowed_src_addr_arr = calloc(n + 1, sizeof(tunnel_address *));
         for (int i = 0; i < n; i++) {
             if (allowed_src_addrs[i]->type != ziti_address_cidr) {
                     if (allowed_src_addrs[i]->type == ziti_address_hostname) {
@@ -321,15 +312,13 @@ static void setTunnelAllowedSourceAddress(tunnel_service *tnl_svc, ziti_service
                     continue;
             }
             else{
-                allowed_src_addr_arr[j] = to_allowedSourceAddress(allowed_src_addrs[i]);
+                allowed_src_addr_arr[j] = to_address(allowed_src_addrs[i]);
                 j++;
             }
         }
         free_ziti_host_cfg_v1(&cfg_v1);
         if (allowed_src_addr_arr != NULL) {
             tnl_svc->AllowedSourceAddresses = allowed_src_addr_arr;
-        }else{
-            tnl_svc->AllowedSourceAddresses = NULL;
         }
     }
 }
@@ -428,7 +417,9 @@ tunnel_service *get_tunnel_service(tunnel_identity* id, ziti_service* zs) {
     svc->Permissions.Dial = ziti_service_has_permission(zs, ziti_session_type_Dial);
     setTunnelPostureDataTimeout(svc, zs);
     setTunnelServiceAddress(svc, zs);
-    setTunnelAllowedSourceAddress(svc, zs);
+    if(svc->Permissions.Bind){
+        setTunnelAllowedSourceAddress(svc, zs);
+    }
     return svc;
 }
 
@@ -864,7 +855,6 @@ IMPL_MODEL(tunnel_identity, TUNNEL_IDENTITY)
 IMPL_MODEL(tunnel_config, TUNNEL_CONFIG)
 IMPL_MODEL(tunnel_metrics, TUNNEL_METRICS)
 IMPL_MODEL(tunnel_address, TUNNEL_ADDRESS)
-IMPL_MODEL(allowed_source_address, ALLOWED_SOURCE_ADDRESS)
 IMPL_MODEL(tunnel_port_range, TUNNEL_PORT_RANGE)
 IMPL_MODEL(tunnel_posture_check, TUNNEL_POSTURE_CHECK)
 IMPL_MODEL(tunnel_service_permissions, TUNNEL_SERVICE_PERMISSIONS)