From 7eac05528a98ec31e26d75093bd6ddf338f7f5d6 Mon Sep 17 00:00:00 2001
From: 0xdcarns <dillon.carns@gmail.com>
Date: Fri, 11 Mar 2022 08:59:53 -0500
Subject: [PATCH] edited where server sets peers to account for ACLs

---
 logic/server.go                   | 13 ++++++++++++-
 netclient/functions/mqhandlers.go |  1 -
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/logic/server.go b/logic/server.go
index d8b84181..35907be6 100644
--- a/logic/server.go
+++ b/logic/server.go
@@ -11,6 +11,8 @@ import (
 	"time"
 
 	"github.com/gravitl/netmaker/logger"
+	"github.com/gravitl/netmaker/logic/acls"
+	"github.com/gravitl/netmaker/logic/acls/nodeacls"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/servercfg"
@@ -208,6 +210,11 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 		return nil, hasGateway, gateways, err
 	}
 
+	currentNetworkACL, err := nodeacls.FetchAllACLs(nodeacls.NetworkID(serverNode.Network))
+	if err != nil {
+		logger.Log(1, "could not fetch current ACL list, proceeding with all peers")
+	}
+
 	for _, node := range nodes {
 		pubkey, err := wgtypes.ParseKey(node.PublicKey)
 		if err != nil {
@@ -290,7 +297,11 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 			ReplaceAllowedIPs:           true,
 			AllowedIPs:                  allowedips,
 		}
-		peers = append(peers, peer)
+		if currentNetworkACL != nil && currentNetworkACL.IsAllowed(acls.AclID(serverNode.ID), acls.AclID(node.ID)) {
+			peers = append(peers, peer)
+		} else { // if ACLs were not found
+			peers = append(peers, peer)
+		}
 	}
 	if serverNode.IsIngressGateway == "yes" {
 		extPeers, err := GetServerExtPeers(serverNode)
diff --git a/netclient/functions/mqhandlers.go b/netclient/functions/mqhandlers.go
index 33a3c855..09fcc28e 100644
--- a/netclient/functions/mqhandlers.go
+++ b/netclient/functions/mqhandlers.go
@@ -206,7 +206,6 @@ func UpdatePeers(client mqtt.Client, msg mqtt.Message) {
 			ncutils.Log("error updating /etc/hosts " + err.Error())
 			return
 		}
-		ncutils.Log("DNS updating /etc/hosts")
 	} else {
 		if err := removeHostDNS(ncutils.IsWindows()); err != nil {
 			ncutils.Log("error removing netmaker profile from /etc/hosts " + err.Error())