GitHub
/
ergo
mirror of https://github.com/ergochat/ergo.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

dline: Prevent opers from banning themselves

This commit is contained in:
Daniel Oaks 2016-11-05 21:44:49 +10:00
parent e973862944
commit f1e2c54fca
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
irc/dline.go
View File

@ -168,7 +168,7 @@ func (dm *DLineManager) CheckIP(addr net.IP) (isBanned bool, info *IPBanInfo) {
return false, nil return false, nil
} }
// DLINE [duration] <ip>/<net> [ON <server>] [reason [| oper reason]] // DLINE [MYSELF] [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool { func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
// check oper permissions // check oper permissions
if !client.class.Capabilities["oper:local_ban"] { if !client.class.Capabilities["oper:local_ban"] {
@ -178,6 +178,14 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
currentArg := 0 currentArg := 0
// when setting a ban that covers the oper's current connection, we require them to say
// "DLINE MYSELF" so that we're sure they really mean it.
var dlineMyself bool
if len(msg.Params) > currentArg+1 && strings.ToLower(msg.Params[currentArg]) == "myself" {
dlineMyself = true
currentArg++
}
// duration // duration
duration, err := time.ParseDuration(msg.Params[currentArg]) duration, err := time.ParseDuration(msg.Params[currentArg])
durationIsUsed := err == nil durationIsUsed := err == nil
@ -209,8 +217,16 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
if hostNet == nil { if hostNet == nil {
hostString = hostAddr.String() hostString = hostAddr.String()
if !dlineMyself && hostAddr.Equal(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command: /DLINE MYSELF <arguments>")
return false
}
} else { } else {
hostString = hostNet.String() hostString = hostNet.String()
if !dlineMyself && hostNet.Contains(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command: /DLINE MYSELF <arguments>")
return false
}
} }
// check remote // check remote

7
irc/help.go
View File

@ -99,7 +99,7 @@ Prints debug information about the IRCd. <option> can be one of:
}, },
"dline": { "dline": {
oper: true, oper: true,
text: `DLINE [duration] <ip>/<net> [ON <server>] [reason [| oper reason]] text: `DLINE [MYSELF] [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
Bans an IP address or network from connecting to the server. If the duration is Bans an IP address or network from connecting to the server. If the duration is
given then only for that long. The reason is shown to the user themselves, but given then only for that long. The reason is shown to the user themselves, but
@ -108,6 +108,9 @@ operators getting info about the DLINEs that exist.
Bans are saved across subsequent launches of the server. Bans are saved across subsequent launches of the server.
"MYSELF" is required when the DLINE matches the address the person applying it is connected
from. If "MYSELF" is not given, trying to DLINE yourself will result in an error.
[duration] can be of the following forms: [duration] can be of the following forms:
10h 8m 13s 10h 8m 13s
@ -115,6 +118,8 @@ Bans are saved across subsequent launches of the server.
127.0.0.1/8 127.0.0.1/8
8.8.8.8/24 8.8.8.8/24
ON <server> specifies that the ban is to be set on that specific server.
[reason] and [oper reason], if they exist, are separated by a vertical bar (|).`, [reason] and [oper reason], if they exist, are separated by a vertical bar (|).`,
}, },
"help": { "help": {