From 45cb11f38a92c68b1c5eb1d7eb7e90c065bce95f Mon Sep 17 00:00:00 2001
From: David Kelly <david@highfidelity.io>
Date: Mon, 13 Feb 2017 14:38:21 -0700
Subject: [PATCH] Don't allow a ban of any node on same machine as
 domain-server

---
 domain-server/src/DomainServerSettingsManager.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp
index 31d6845972..379f812923 100644
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@@ -667,7 +667,17 @@ void DomainServerSettingsManager::processNodeKickRequestPacket(QSharedPointer<Re
                     auto& kickAddress = matchingNode->getActiveSocket()
                         ? matchingNode->getActiveSocket()->getAddress()
                         : matchingNode->getPublicSocket().getAddress();
-
+                    
+                    // probably isLoopback covers it, as whenever I try to ban an agent on same machine as the domain-server
+                    // it is always 127.0.0.1, but looking at the public and local addresses just to be sure
+                    // TODO: soon we will have feedback (in the form of a message to the client) after we kick.  When we
+                    // do, we will have a success flag, and perhaps a reason for failure.  For now, just don't do it.  
+                    if (kickAddress == limitedNodeList->getPublicSockAddr().getAddress() ||
+                        kickAddress == limitedNodeList->getLocalSockAddr().getAddress() ||
+                        kickAddress.isLoopback() ) {
+                        qWarning() << "attempt to kick node running on same machine as domain server, ignoring KickRequest";
+                        return;
+                    }
                     NodePermissionsKey ipAddressKey(kickAddress.toString(), QUuid());
 
                     // check if there were already permissions for the IP