Don't allow a ban of any node on same machine as domain-server

2025-04-08 05:52:38 +02:00 · 2017-02-13 14:38:21 -07:00 · 2017-02-13 14:38:21 -07:00 · 45cb11f38a
commit 45cb11f38a
parent f4ff5cf746
1 changed files with 11 additions and 1 deletions
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@ -667,7 +667,17 @@ void DomainServerSettingsManager::processNodeKickRequestPacket(QSharedPointer<Re
                    auto& kickAddress = matchingNode->getActiveSocket()
                        ? matchingNode->getActiveSocket()->getAddress()
                        : matchingNode->getPublicSocket().getAddress();
-
+                    
+                    // probably isLoopback covers it, as whenever I try to ban an agent on same machine as the domain-server
+                    // it is always 127.0.0.1, but looking at the public and local addresses just to be sure
+                    // TODO: soon we will have feedback (in the form of a message to the client) after we kick.  When we
+                    // do, we will have a success flag, and perhaps a reason for failure.  For now, just don't do it.  
+                    if (kickAddress == limitedNodeList->getPublicSockAddr().getAddress() ||
+                        kickAddress == limitedNodeList->getLocalSockAddr().getAddress() ||
+                        kickAddress.isLoopback() ) {
+                        qWarning() << "attempt to kick node running on same machine as domain server, ignoring KickRequest";
+                        return;
+                    }
                    NodePermissionsKey ipAddressKey(kickAddress.toString(), QUuid());

                    // check if there were already permissions for the IP