Committer : klmitch
CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Branch tags: u2_10_12_branch
Commit time: 2007-03-18 12:15:56 UTC
Modified files:
Tag: u2_10_12_branch
ChangeLog ircd/m_gline.c
Log message:
Author: Kev <[EMAIL PROTECTED]>
Log message:
I forgot to add permissions checks to mo_gline(). This commit causes any
remote changes (remote local G-lines, remote local status changes to global
G-lines, and global G-lines) to required CONFIG_OPERCMDS to be enabled and
the oper to have the GLINE privilege; local changes (local G-lines, local
status changes to global G-lines) require the oper to have the LOCAL_GLINE
privilege.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.710.2.164 ircu2.10/ChangeLog:1.710.2.165
--- ircu2.10/ChangeLog:1.710.2.164 Sat Mar 17 19:46:56 2007
+++ ircu2.10/ChangeLog Sun Mar 18 05:15:43 2007
@@ -1,3 +1,12 @@
+2007-03-18 Kevin L. Mitchell <[EMAIL PROTECTED]>
+
+ * ircd/m_gline.c (mo_gline): add permissions checks I kept
+ forgetting to add--remote local modifications require
+ FEAT_CONFIG_OPERCMDS and PRIV_GLINE, local G-lines require
+ PRIV_LOCAL_GLINE, and global G-line changes (excluding local
+ activation/deactivation) require FEAT_CONFIG_OPERCMDS and
+ PRIV_GLINE
+
2007-03-17 Michael Poole <[EMAIL PROTECTED]>
* doc/example.conf (CRule): Document the support for multiple
Index: ircu2.10/ircd/m_gline.c
diff -u ircu2.10/ircd/m_gline.c:1.26.2.3 ircu2.10/ircd/m_gline.c:1.26.2.4
--- ircu2.10/ircd/m_gline.c:1.26.2.3 Sat Mar 17 15:45:35 2007
+++ ircu2.10/ircd/m_gline.c Sun Mar 18 05:15:45 2007
@@ -20,7 +20,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
- * $Id: m_gline.c,v 1.26.2.3 2007/03/17 22:45:35 klmitch Exp $
+ * $Id: m_gline.c,v 1.26.2.4 2007/03/18 12:15:45 klmitch Exp $
*/
/*
@@ -460,6 +460,12 @@
/* If it's a local activate/deactivate and server isn't me, propagate it */
if ((action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) &&
!IsMe(acptr)) {
+ /* check for permissions... */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
Debug((DEBUG_DEBUG, "I am forwarding a local change to a global gline "
"to a remote server; target %s, mask %s, operforce %s, action %s",
cli_name(acptr), mask, flags & GLINE_OPERFORCE ? "YES" : "NO",
@@ -498,6 +504,12 @@
*/
if (!IsMe(acptr)) {
+ /* check for permissions... */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
Debug((DEBUG_DEBUG, "I am forwarding a local G-line to a remote "
"server; target %s, mask %s, operforce %s, action %s, "
"expire %Tu, reason %s", target, mask,
@@ -512,6 +524,10 @@
return 0; /* all done */
}
+ /* check local G-line permissions... */
+ if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
/* let's handle activation... */
if (action == GLINE_ACTIVATE) {
if (agline) /* G-line already exists, so let's ignore it... */
@@ -545,6 +561,18 @@
action == GLINE_LOCAL_DEACTIVATE))
return send_reply(sptr, ERR_NOSUCHGLINE, mask);
+ /* check for G-line permissions... */
+ if (action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) {
+ /* only need local privileges for locally-limited status changes */
+ if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+ } else { /* global privileges required */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+ }
+
Debug((DEBUG_DEBUG, "I have a global G-line I am acting upon now; "
"target %s, mask %s, operforce %s, action %s, expire %Tu, "
"reason: %s; gline %s! (fields present: %s %s)", target,
----------------------- End of diff -----------------------
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
