From 5b04ab6d530fa8d7347be6841e3548ca0dc7d436 Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Tue, 26 Jul 2016 09:58:34 -0700
Subject: [PATCH] add node kick request handling to DS

---
 domain-server/src/DomainServer.cpp            |  1 +
 .../src/DomainServerSettingsManager.cpp       | 59 +++++++++++++++++++
 .../src/DomainServerSettingsManager.h         |  1 +
 3 files changed, 61 insertions(+)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 8af364992c..23e37efaf1 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -411,6 +411,7 @@ void DomainServer::setupNodeListAndAssignments() {
     
     // NodeList won't be available to the settings manager when it is created, so call registerListener here
     packetReceiver.registerListener(PacketType::DomainSettingsRequest, &_settingsManager, "processSettingsRequestPacket");
+    packetReceiver.registerListener(PacketType::NodeKickRequest, &_settingsManager, "processNodeKickRequestPacket");
     
     // register the gatekeeper for the packets it needs to receive
     packetReceiver.registerListener(PacketType::DomainConnectRequest, &_gatekeeper, "processConnectRequestPacket");
diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp
index aba2c25db5..639098fdef 100644
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@@ -613,6 +613,65 @@ bool DomainServerSettingsManager::ensurePermissionsForGroupRanks() {
     return changed;
 }
 
+
+void DomainServerSettingsManager::processNodeKickRequestPacket(QSharedPointer<ReceivedMessage> message, SharedNodePointer sendingNode) {
+    // before we do any processing on this packet make sure it comes from a node that is allowed to kick
+    if (sendingNode->getCanKick()) {
+        // pull the UUID being kicked from the packet
+        QUuid nodeUUID = QUuid::fromRfc4122(message->readWithoutCopy(NUM_BYTES_RFC4122_UUID));
+
+        if (!nodeUUID.isNull() && nodeUUID != sendingNode->getUUID()) {
+            // make sure we actually have a node with this UUID
+            auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
+
+            auto matchingNode = limitedNodeList->nodeWithUUID(nodeUUID);
+
+            if (matchingNode) {
+                // we have a matching node, time to decide how to store updated permissions for this node
+
+                NodePermissionsPointer destinationPermissions;
+
+                auto verifiedUsername = matchingNode->getPermissions().getVerifiedUserName();
+
+                if (!verifiedUsername.isEmpty()) {
+                    // if we have a verified user name for this user, we apply the kick to the username
+
+                    // grab or create permissions for the given username
+                    destinationPermissions = _agentPermissions[matchingNode->getPermissions().getKey()];
+                } else {
+                    // otherwise we apply the kick to the IP from active socket for this node
+                    // (falling back to the public socket if not yet active)
+                    auto& kickAddress = matchingNode->getActiveSocket()
+                        ? matchingNode->getActiveSocket()->getAddress()
+                        : matchingNode->getPublicSocket().getAddress();
+
+                    // grab or create permissions for the given IP address
+                    NodePermissionsKey ipAddressKey(kickAddress.toString(), QUuid());
+                    destinationPermissions = _ipPermissions[ipAddressKey];
+                }
+
+                // ensure that the connect permission is clear
+                destinationPermissions->clear(NodePermissions::Permission::canConnectToDomain);
+
+                // we've changed permissions, time to store them to disk and emit our signal to say they have changed
+                packPermissions();
+
+                emit updateNodePermissions();
+
+            } else {
+                qWarning() << "Node kick request received for unknown node. Refusing to process.";
+            }
+        } else {
+            // this isn't a UUID we can use
+            qWarning() << "Node kick request received for invalid node ID or from node being kicked. Refusing to process.";
+        }
+
+    } else {
+        qWarning() << "Refusing to process a kick packet from node" << uuidStringWithoutCurlyBraces(sendingNode->getUUID())
+        << "that does not have kick permissions.";
+    }
+}
+
 QStringList DomainServerSettingsManager::getAllNames() const {
     QStringList result;
     foreach (auto key, _agentPermissions.keys()) {
diff --git a/domain-server/src/DomainServerSettingsManager.h b/domain-server/src/DomainServerSettingsManager.h
index 49c3ac95b7..d551132006 100644
--- a/domain-server/src/DomainServerSettingsManager.h
+++ b/domain-server/src/DomainServerSettingsManager.h
@@ -105,6 +105,7 @@ public slots:
 
 private slots:
     void processSettingsRequestPacket(QSharedPointer<ReceivedMessage> message);
+    void processNodeKickRequestPacket(QSharedPointer<ReceivedMessage> message, SharedNodePointer sendingNode);
 
 private:
     QStringList _argumentList;