ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-09 10:39:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Scope the container SSL enforcement a bit better".

Browse Source 
This reverts commit 9c151650212e2101002f04bca902ca18982697c0.
This commit is contained in:
Sadie Powell 2025-03-02 13:38:06 +00:00
parent 9c15165021
commit ccdf1d4975
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/modules/m_spanningtree/server.cpp
View File

@ -37,16 +37,15 @@
namespace namespace
{ {
bool IsContainerAddress(const irc::sockets::sockaddrs& sa) bool RunningInContainer()
{ {
std::error_code ec; std::error_code ec;
if (std::filesystem::is_regular_file("/.dockerenv", ec)) if (std::filesystem::is_regular_file("/.dockerenv", ec))
{ {
// We are running in docker, check for internal addresses. // We are running inside of Docker so all IP addresses are
if (irc::sockets::cidr_mask("172.17.0.0/16").match(sa)) // non-local and as far as I can see there isn't a way to
return true; // docker0 // reliably detect the Docker network.
if (irc::sockets::cidr_mask("172.18.0.0/16").match(sa)) return true;
return true; // docker_gwbridge.
} }
return false; return false;
} }
@ -158,7 +157,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params)
ssliohook->GetCiphersuite(ciphersuite); ssliohook->GetCiphersuite(ciphersuite);
ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name); ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name);
} }
else if (!capab->remotesa.is_local() && !IsContainerAddress(capab->remotesa)) else if (!capab->remotesa.is_local() && !RunningInContainer())
{ {
this->SendError("Non-local server connections MUST be linked with SSL!"); this->SendError("Non-local server connections MUST be linked with SSL!");
return nullptr; return nullptr;