From bb93871238ecd77e4af7024017a95a7b1d077045 Mon Sep 17 00:00:00 2001
From: pk910 <philipp@zoelle1.de>
Date: Sat, 7 Jan 2012 01:59:57 +0100
Subject: [PATCH] made commands op, deop, opall, deopall, voice, devoice,
 voiceall, devoiceall a little bit more secure

---
 src/cmd_global_command.c  |  4 ++++
 src/cmd_global_commands.c |  4 ++++
 src/commands.c            | 16 ++++++++--------
 src/modcmd.c              | 10 ++++++++++
 4 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/cmd_global_command.c b/src/cmd_global_command.c
index 59a2a93..594ea1b 100644
--- a/src/cmd_global_command.c
+++ b/src/cmd_global_command.c
@@ -138,6 +138,10 @@ static int global_cmd_command_chanaccess(struct cmd_binding *cbind, struct ChanN
                 *str_b = '\0';
                 str_b++;
             }
+            if(*str_a == '@' || *str_a == '+') {
+                //privs can override this access requirement
+                str_a++;
+            }
             if(*str_a == '#') {
                 str_a++;
                 access_pos += sprintf(access_list+access_pos, (access_pos ? ", `%s`" : "`%s`"), str_a);
diff --git a/src/cmd_global_commands.c b/src/cmd_global_commands.c
index 426be8b..b6cb01e 100644
--- a/src/cmd_global_commands.c
+++ b/src/cmd_global_commands.c
@@ -109,6 +109,10 @@ static int global_cmd_commands_chanaccess(struct cmd_binding *cbind, struct Chan
                 *str_b = '\0';
                 str_b++;
             }
+            if(*str_a == '@' || *str_a == '+') {
+                //privs can override this access requirement
+                str_a++;
+            }
             if(*str_a == '#') {
                 str_a++;
                 access_pos += sprintf(access_list+access_pos, (access_pos ? ", `%s`" : "`%s`"), str_a);
diff --git a/src/commands.c b/src/commands.c
index 4dcf4cb..c7978d1 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -80,14 +80,14 @@ void register_commands() {
     USER_COMMAND("mdeluser",     neonserv_cmd_mdeluser,  2, "#channel_candel",      CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
     USER_COMMAND("trim",         neonserv_cmd_trim,      2, NULL,                   CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
     USER_COMMAND("giveowner",    neonserv_cmd_giveowner, 1, "500",                  CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("op",           neonserv_cmd_op,        1, "#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("deop",         neonserv_cmd_deop,      1, "#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("voice",        neonserv_cmd_voice,     1, "#channel_canvoice",    CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("devoice",      neonserv_cmd_devoice,   1, "#channel_canvoice",    CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("opall",        neonserv_cmd_opall,     0, "#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("deopall",      neonserv_cmd_deopall,   0, "#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("voiceall",     neonserv_cmd_voiceall,  0, "#channel_canvoice",    CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
-    USER_COMMAND("devoiceall",   neonserv_cmd_devoiceall,0, "#channel_canvoice",    CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("op",           neonserv_cmd_op,        1, "@#channel_getop,#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("deop",         neonserv_cmd_deop,      1, "@#channel_getop,#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("voice",        neonserv_cmd_voice,     1, "+#channel_getvoice,#channel_canvoice", CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("devoice",      neonserv_cmd_devoice,   1, "+#channel_getvoice,#channel_canvoice", CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("opall",        neonserv_cmd_opall,     0, "@#channel_getop,#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("deopall",      neonserv_cmd_deopall,   0, "@#channel_getop,#channel_canop",       CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("voiceall",     neonserv_cmd_voiceall,  0, "+#channel_getvoice,#channel_canvoice", CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
+    USER_COMMAND("devoiceall",   neonserv_cmd_devoiceall,0, "+#channel_getvoice,#channel_canvoice", CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
     USER_COMMAND("set",          neonserv_cmd_set,       0, "#channel_setters",     CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
     USER_COMMAND("kick",         neonserv_cmd_kick,      1, "#channel_cankick",     CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
     USER_COMMAND("kickban",      neonserv_cmd_kickban,   1, "#channel_cankick,#channel_canban", CMDFLAG_REQUIRE_CHAN | CMDFLAG_REGISTERED_CHAN | CMDFLAG_REQUIRE_AUTH | CMDFLAG_CHECK_AUTH | CMDFLAG_LOG);
diff --git a/src/modcmd.c b/src/modcmd.c
index 18483ed..ea8b416 100644
--- a/src/modcmd.c
+++ b/src/modcmd.c
@@ -456,6 +456,7 @@ static void handle_command_async(struct ClientSocket *client, struct UserNode *u
             str_b = cbind->channel_access;
         access_list[0] = '\0';
         if(str_b) {
+            struct ChanUser *chanuser = getChanUser(user, chan);
             str_c = strdup(str_b);
             str_b = str_c;
             while((str_a = str_b)) {
@@ -464,6 +465,15 @@ static void handle_command_async(struct ClientSocket *client, struct UserNode *u
                     *str_b = '\0';
                     str_b++;
                 }
+                if(*str_a == '@' || *str_a == '+') {
+                    //privs can override this access requirement
+                    int priv = 0;
+                    if(*str_a == '@') priv = CHANUSERFLAG_OPPED;
+                    else if(*str_a == '%') priv = CHANUSERFLAG_HALFOPPED;
+                    else if(*str_a == '+') priv = CHANUSERFLAG_VOICED;
+                    if(chanuser && (chanuser->flags & priv)) continue;
+                    str_a++;
+                }
                 if(*str_a == '#') {
                     str_a++;
                     access_pos += sprintf(access_list+access_pos, ", `%s`", str_a);
-- 
2.20.1