From 38d6b4d36f30de4afaa4eb529a7abcfddb5010ae Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Tue, 17 Sep 2024 11:55:16 -0400
Subject: [PATCH 1/2] only add nrpt entry when the service has dial permission

---
 programs/ziti-edge-tunnel/ziti-edge-tunnel.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
index c8444144..b283a752 100644
--- a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
+++ b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
@@ -1304,7 +1304,8 @@ static void on_event(const base_event *ev) {
                     if (svc->Addresses != NULL) {
                         for (int i = 0; svc->Addresses[i]; i++) {
                             tunnel_address *addr = svc->Addresses[i];
-                            if (addr->IsHost && model_map_get(&hostnamesToAdd, addr->HostName) == NULL) {
+                            bool has_dial = ziti_service_has_permission(svc_ev->added_services[svc_idx], ziti_session_type_Dial);
+                            if (addr->IsHost && model_map_get(&hostnamesToAdd, addr->HostName) == NULL && svc_ev->added_services && has_dial) {
                                 if (model_map_get(&hostnamesToRemove, addr->HostName) != NULL) {
                                     model_map_set(&hostnamesToEdit, addr->HostName, "TRUE");
                                 } else {

From 367f073b416107ee1f6936a56d3155d09692fcd9 Mon Sep 17 00:00:00 2001
From: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
Date: Tue, 17 Sep 2024 12:16:05 -0400
Subject: [PATCH 2/2] remove redundant check

---
 programs/ziti-edge-tunnel/ziti-edge-tunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
index b283a752..ed8d7d4c 100644
--- a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
+++ b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c
@@ -1305,7 +1305,7 @@ static void on_event(const base_event *ev) {
                         for (int i = 0; svc->Addresses[i]; i++) {
                             tunnel_address *addr = svc->Addresses[i];
                             bool has_dial = ziti_service_has_permission(svc_ev->added_services[svc_idx], ziti_session_type_Dial);
-                            if (addr->IsHost && model_map_get(&hostnamesToAdd, addr->HostName) == NULL && svc_ev->added_services && has_dial) {
+                            if (addr->IsHost && model_map_get(&hostnamesToAdd, addr->HostName) == NULL && has_dial) {
                                 if (model_map_get(&hostnamesToRemove, addr->HostName) != NULL) {
                                     model_map_set(&hostnamesToEdit, addr->HostName, "TRUE");
                                 } else {