From f1e2c54fca57359fa0ce1a73d56bf52245ed6f74 Mon Sep 17 00:00:00 2001
From: Daniel Oaks <daniel@danieloaks.net>
Date: Sat, 5 Nov 2016 21:44:49 +1000
Subject: [PATCH] dline: Prevent opers from banning themselves

---
 irc/dline.go | 18 +++++++++++++++++-
 irc/help.go  |  7 ++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/irc/dline.go b/irc/dline.go
index 120fba9e..e3eb6e85 100644
--- a/irc/dline.go
+++ b/irc/dline.go
@@ -168,7 +168,7 @@ func (dm *DLineManager) CheckIP(addr net.IP) (isBanned bool, info *IPBanInfo) {
 	return false, nil
 }
 
-// DLINE [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
+// DLINE [MYSELF] [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
 func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	// check oper permissions
 	if !client.class.Capabilities["oper:local_ban"] {
@@ -178,6 +178,14 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 
 	currentArg := 0
 
+	// when setting a ban that covers the oper's current connection, we require them to say
+	// "DLINE MYSELF" so that we're sure they really mean it.
+	var dlineMyself bool
+	if len(msg.Params) > currentArg+1 && strings.ToLower(msg.Params[currentArg]) == "myself" {
+		dlineMyself = true
+		currentArg++
+	}
+
 	// duration
 	duration, err := time.ParseDuration(msg.Params[currentArg])
 	durationIsUsed := err == nil
@@ -209,8 +217,16 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 
 	if hostNet == nil {
 		hostString = hostAddr.String()
+		if !dlineMyself && hostAddr.Equal(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
+			client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command:  /DLINE MYSELF <arguments>")
+			return false
+		}
 	} else {
 		hostString = hostNet.String()
+		if !dlineMyself && hostNet.Contains(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
+			client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command:  /DLINE MYSELF <arguments>")
+			return false
+		}
 	}
 
 	// check remote
diff --git a/irc/help.go b/irc/help.go
index ace446e4..64dee78e 100644
--- a/irc/help.go
+++ b/irc/help.go
@@ -99,7 +99,7 @@ Prints debug information about the IRCd. <option> can be one of:
 	},
 	"dline": {
 		oper: true,
-		text: `DLINE [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
+		text: `DLINE [MYSELF] [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
 
 Bans an IP address or network from connecting to the server. If the duration is
 given then only for that long. The reason is shown to the user themselves, but
@@ -108,6 +108,9 @@ operators getting info about the DLINEs that exist.
 
 Bans are saved across subsequent launches of the server.
 
+"MYSELF" is required when the DLINE matches the address the person applying it is connected
+from. If "MYSELF" is not given, trying to DLINE yourself will result in an error.
+
 [duration] can be of the following forms:
 	10h 8m 13s
 
@@ -115,6 +118,8 @@ Bans are saved across subsequent launches of the server.
 	127.0.0.1/8
 	8.8.8.8/24
 
+ON <server> specifies that the ban is to be set on that specific server.
+
 [reason] and [oper reason], if they exist, are separated by a vertical bar (|).`,
 	},
 	"help": {