dline: Prevent opers from banning themselves

irc/dline.go

@@ -168,7 +168,7 @@ func (dm *DLineManager) CheckIP(addr net.IP) (isBanned bool, info *IPBanInfo) {
 	return false, nil
 }
 
-// DLINE [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
+// DLINE [MYSELF] [duration] <ip>/<net> [ON <server>] [reason [| oper reason]]
 func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	// check oper permissions
 	if !client.class.Capabilities["oper:local_ban"] {
@@ -178,6 +178,14 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 
 	currentArg := 0
 
+	// when setting a ban that covers the oper's current connection, we require them to say
+	// "DLINE MYSELF" so that we're sure they really mean it.
+	var dlineMyself bool
+	if len(msg.Params) > currentArg+1 && strings.ToLower(msg.Params[currentArg]) == "myself" {
+		dlineMyself = true
+		currentArg++
+	}
+
 	// duration
 	duration, err := time.ParseDuration(msg.Params[currentArg])
 	durationIsUsed := err == nil
@@ -209,8 +217,16 @@ func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 
 	if hostNet == nil {
 		hostString = hostAddr.String()
+		if !dlineMyself && hostAddr.Equal(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
+			client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command:  /DLINE MYSELF <arguments>")
+			return false
+		}
 	} else {
 		hostString = hostNet.String()
+		if !dlineMyself && hostNet.Contains(net.ParseIP(IPString(client.socket.conn.RemoteAddr()))) {
+			client.Send(nil, server.name, ERR_UNKNOWNERROR, client.nick, msg.Command, "This ban matches you. To DLINE yourself, you must pass use the command:  /DLINE MYSELF <arguments>")
+			return false
+		}
 	}
 
 	// check remote