WIP: Add ACL support to the server (closes #25)

luca0N commented

2026-02-02 23:49:40 +00:00

Owner

This pull request adds the ACL functionality to the server, which allows administrators to define which hosts have access to the server. At this time, the Lanbassador server will establish connection with any host it can reach, which may be undesirable due to the information being dealt with by Lanbassador. The ACL functionality makes it easy for administrators to prevent unauthorized access to their servers, and avoid sensitive/confidential data in their networks.

Create sample configuration file
Parse configuration file
Retrieve host addresses on connection
- Close connection if the host is unauthorized to connect, based on ACL rules

This pull request does not add account support, which is tracked by issue #26.

This pull request adds the ACL functionality to the server, which allows administrators to define which hosts have access to the server. At this time, the Lanbassador server will establish connection with any host it can reach, which may be undesirable due to the information being dealt with by Lanbassador. The ACL functionality makes it easy for administrators to prevent unauthorized access to their servers, and avoid sensitive/confidential data in their networks. - [x] Create sample configuration file - [ ] Parse configuration file - [ ] Retrieve host addresses on connection - [ ] Close connection if the host is unauthorized to connect, based on ACL rules This pull request does _not_ add account support, which is tracked by issue #26.

luca0N added the

labels

2026-02-02 23:49:40 +00:00

luca0N self-assigned this

2026-02-02 23:49:40 +00:00

luca0N added 1 commit

2026-02-02 23:49:40 +00:00

Add initial server configuration file 3c04242070

Add the initial server configuration file.  This file will follow the
same syntax that is used among many *NIX programs, which is based on the
INI format.  For now, only options regarding the ACL feature that is
planned have been added.  This commit does not add any functionality to
the server yet, it merely adds this configuration file, which the server
will then parse in a future commit.

luca0N commented

2026-02-02 23:54:39 +00:00

Author

Owner

As for the configuration file path, I believe it should be kept on /etc/lanbassador/server.cfg by default. The /etc/lanbassador path is already used in the web app Docker image¹ Administrators should have the ability to override this path, either via an environment variable, command line option, or a build option (which would change the default hardcoded path).

I think having the configuration file in the same path as the server program is bad design, since program executables are usually stored in /usr/bin, and configuration files are usually stored in /etc. Even if Lanbassador were to be ported to Windows, that would still be bad design, since %ProgramFiles% is meant to be read only (hence the UAC requirement when installing programs there).

client/Dockerfile
Line 49 in eec7526
ln -s /etc/lanbassador/client.json lanbassador-config.json
↩︎

As for the configuration file path, I believe it should be kept on `/etc/lanbassador/server.cfg` by default. The `/etc/lanbassador` path is already used in the web app Docker image[^1] Administrators should have the ability to override this path, either via an environment variable, command line option, or a build option (which would change the default hardcoded path). I think having the configuration file in the same path as the server program is bad design, since program executables are usually stored in `/usr/bin`, and configuration files are usually stored in `/etc`. Even if Lanbassador were to be ported to Windows, that would still be bad design, since `%ProgramFiles%` is meant to be read only (hence the UAC requirement when installing programs there). [^1]: https://git.luca0n.com/luca0N/lanbassador/src/commit/eec752603dd2310f8ad36e2a40ac00dd58ad0a3a/client/Dockerfile#L49

luca0N added a new dependency

2026-02-02 23:55:09 +00:00

#25 Add ACL support to the server

luca0N added 1 commit

2026-02-03 10:30:26 +00:00

Parse host address on WebSocket connection 7e5ce59c90

When establishing a connection with a remote host, parse its IP address.
This will come in handy in a future commit, which will make use of these
changes to check if a host is authorized to connect to the server or
not, based on ACL rules.

This commit does not introduce any ACL functionality: it only parses the
source connection host address and prints it to standard output.

This pull request has changes conflicting with the target branch.

server/main.go

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dev_server_acl:dev_server_acl

git switch dev_server_acl

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch dev

git merge --no-ff dev_server_acl

git switch dev_server_acl

git rebase dev

git switch dev

git merge --ff-only dev_server_acl

git switch dev_server_acl

git rebase dev

git switch dev

git merge --no-ff dev_server_acl

git switch dev

git merge --squash dev_server_acl

git switch dev

git merge --ff-only dev_server_acl

git switch dev

git merge dev_server_acl

git push origin dev

Rows
Columns

WIP: Add ACL support to the server (closes #25) #42

Checkout

Merge