Merge pull request #9663 from davidkelly/dk/2789

Don't allow a ban of any node on same machine as domain-server
2025-04-25 22:35:14 +02:00 · 2017-02-13 14:23:26 -08:00 · 2017-02-13 14:23:26 -08:00 · 7853899f9f
commit 7853899f9f
parent d24ed62116 45cb11f38a
1 changed files with 11 additions and 1 deletions
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@ -668,6 +668,16 @@ void DomainServerSettingsManager::processNodeKickRequestPacket(QSharedPointer<Re
                        ? matchingNode->getActiveSocket()->getAddress()
                        : matchingNode->getPublicSocket().getAddress();
                    
+                    // probably isLoopback covers it, as whenever I try to ban an agent on same machine as the domain-server
+                    // it is always 127.0.0.1, but looking at the public and local addresses just to be sure
+                    // TODO: soon we will have feedback (in the form of a message to the client) after we kick.  When we
+                    // do, we will have a success flag, and perhaps a reason for failure.  For now, just don't do it.  
+                    if (kickAddress == limitedNodeList->getPublicSockAddr().getAddress() ||
+                        kickAddress == limitedNodeList->getLocalSockAddr().getAddress() ||
+                        kickAddress.isLoopback() ) {
+                        qWarning() << "attempt to kick node running on same machine as domain server, ignoring KickRequest";
+                        return;
+                    }
                    NodePermissionsKey ipAddressKey(kickAddress.toString(), QUuid());

                    // check if there were already permissions for the IP