Define a privilege (off by default) that allows opers to use OPMODE

and CLEARMODE to set or remove Apass and Upass on channels.

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@1324 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index 2a0ed34dd85436d5d7bf6e08216466870e816160..834ecad610df81c853ad6a3fc1aad55b19575faa 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2005-02-23  Michael Poole <mdpoole@troilus.org>
+
+       * doc/example.conf: Explain apass_opmode privilege, pointing out
+       that, unlike previous privs, the default is OFF for global opers.
+
+       * include/client.h (PRIV_APASS_OPMODE): Define new privilege.
+
+       * ircd/channel.c (mode_parse_upass): Only prevent local opers
+       without the apass_opmode privilege from forcing a +U change.
+       (mode_parse_apass): Likewise, for +A.
+
+       * ircd/client.c (client_set_privs): Turn off PRIV_APASS_OPMODE in
+       the default privileges for global opers.
+
+       * ircd/ircd_lexer.l (apass_opmode): Recognize keyword.
+
+       * ircd/ircd_parser.y (TPRIV_APASS_OPMODE): New token.
+       (privtype): Fix typo for local_badchan privilege value.
+       Accept apass_opmode token.
+
 2005-02-23  Michael Poole <mdpoole@troilus.org>
 
        * doc/example.conf: Fix comment's description of "whox" privilege.

diff --git a/doc/example.conf b/doc/example.conf
index a3d1ef31f7fd1d8848e1877c778f3281957406c2..65060969a67f2a64239e7de058b58fb173e80e1d 100644 (file)
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -218,10 +218,11 @@ Class {
  # opmode (can use /OPMODE)
  # badchan (can issue Gchans to other servers)
  # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
+ # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
  #
  # For global opers (with propagate = yes or local = no), the default
- # is to grant all of the above privileges.  For local opers, the
- # default is to grant ONLY the following privileges:
+ # is to grant all of the above privileges EXCEPT apass_opmode.  For
+ # local opers, the default is to grant ONLY the following privileges:
  #  chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
  #  rehash, local_gline, local_jupe, local_opmode, whox, display,
  #  force_local_opmode

diff --git a/include/client.h b/include/client.h
index 367a0f226f4c490d18c4f8dc7c4e1ab9769c2985..7b4179f65bac182c178fd307b4ccaa91564de22f 100644 (file)
--- a/include/client.h
+++ b/include/client.h
@@ -125,6 +125,7 @@ enum Priv
     PRIV_LIST_CHAN, /**< oper can list secret channels */
     PRIV_FORCE_OPMODE, /**< can hack modes on quarantined channels */
     PRIV_FORCE_LOCAL_OPMODE, /**< can hack modes on quarantined local channels */
+    PRIV_APASS_OPMODE, /**< can hack modes +A/-A/+U/-U */
     PRIV_LAST_PRIV /**< number of privileges */
   };
 

diff --git a/ircd/channel.c b/ircd/channel.c
index b264db71fb3051e0d6d2f218ead60c73f4c94d0e..c311e4e3f8811b8992872556502ceb423510448d 100644 (file)
--- a/ircd/channel.c
+++ b/ircd/channel.c
@@ -2436,7 +2436,8 @@ mode_parse_upass(struct ParseState *state, int *flag_p)
   }
 
   /* If a non-service user is trying to force it, refuse. */
-  if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+  if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+      && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
     send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
                "Use /JOIN", state->chptr->chname, " <AdminPass>.");
     return;
@@ -2543,7 +2544,8 @@ mode_parse_apass(struct ParseState *state, int *flag_p)
   }
 
   /* If a non-service user is trying to force it, refuse. */
-  if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+  if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+      && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
     send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
                "Use /JOIN", state->chptr->chname, " <AdminPass>.");
     return;

diff --git a/ircd/client.c b/ircd/client.c
index e8bf6c9b3b4362cd94d4d4d08d83524cd3fe9002..28840bd57d2ea4ff92c175811063a9124833d718 100644 (file)
--- a/ircd/client.c
+++ b/ircd/client.c
@@ -152,6 +152,8 @@ client_set_privs(struct Client *client, struct ConfItem *oper)
   if (!privs_defaults_set)
   {
     memset(&privs_global, -1, sizeof(privs_global));
+    FlagClr(&privs_global, PRIV_APASS_OPMODE);
+
     memset(&privs_local, 0, sizeof(privs_local));
     FlagSet(&privs_local, PRIV_CHAN_LIMIT);
     FlagSet(&privs_local, PRIV_MODE_LCHAN);
@@ -165,6 +167,7 @@ client_set_privs(struct Client *client, struct ConfItem *oper)
     FlagSet(&privs_local, PRIV_WHOX);
     FlagSet(&privs_local, PRIV_DISPLAY);
     FlagSet(&privs_local, PRIV_FORCE_LOCAL_OPMODE);
+
     privs_defaults_set = 1;
   }
 

diff --git a/ircd/ircd_lexer.l b/ircd/ircd_lexer.l
index 1729ea807290ecffcf1e23ce07cbc53477ed2a42..48419e95a92bb4f795818e25bcebb9d037245a0e 100644 (file)
--- a/ircd/ircd_lexer.l
+++ b/ircd/ircd_lexer.l
@@ -100,6 +100,7 @@ static struct lexer_token {
   TOKEN(USERMODE),
 #undef TOKEN
   { "administrator", ADMIN },
+  { "apass_opmode", TPRIV_APASS_OPMODE },
   { "b", BYTES },
   { "badchan", TPRIV_BADCHAN },
   { "chan_limit", TPRIV_CHAN_LIMIT },

diff --git a/ircd/ircd_parser.y b/ircd/ircd_parser.y
index c2205973e3a93ecdec258621162410f8faa2350b..2bba81662e85bbd27a11c82cf3f33590a4f26eb8 100644 (file)
--- a/ircd/ircd_parser.y
+++ b/ircd/ircd_parser.y
@@ -163,7 +163,7 @@ static void parse_error(char *pattern,...) {
 %token TPRIV_LOCAL_OPMODE TPRIV_OPMODE TPRIV_SET TPRIV_WHOX TPRIV_BADCHAN
 %token TPRIV_SEE_CHAN TPRIV_SHOW_INVIS TPRIV_SHOW_ALL_INVIS TPRIV_PROPAGATE
 %token TPRIV_UNLIMIT_QUERY TPRIV_DISPLAY TPRIV_SEE_OPERS TPRIV_WIDE_GLINE
-%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE
+%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE TPRIV_APASS_OPMODE
 /* and some types... */
 %type <num> sizespec
 %type <num> timespec timefactor factoredtimes factoredtime
@@ -578,7 +578,7 @@ privtype: TPRIV_CHAN_LIMIT { $$ = PRIV_CHAN_LIMIT; } |
           TPRIV_SET { $$ = PRIV_SET; } |
           TPRIV_WHOX { $$ = PRIV_WHOX; } |
           TPRIV_BADCHAN { $$ = PRIV_BADCHAN; } |
-          TPRIV_LOCAL_BADCHAN { $$ = TPRIV_LOCAL_BADCHAN; } |
+          TPRIV_LOCAL_BADCHAN { $$ = PRIV_LOCAL_BADCHAN; } |
           TPRIV_SEE_CHAN { $$ = PRIV_SEE_CHAN; } |
           TPRIV_SHOW_INVIS { $$ = PRIV_SHOW_INVIS; } |
           TPRIV_SHOW_ALL_INVIS { $$ = PRIV_SHOW_ALL_INVIS; } |
@@ -589,7 +589,8 @@ privtype: TPRIV_CHAN_LIMIT { $$ = PRIV_CHAN_LIMIT; } |
           TPRIV_WIDE_GLINE { $$ = PRIV_WIDE_GLINE; } |
           LOCAL { $$ = PRIV_PROPAGATE; invert = 1; } |
           TPRIV_FORCE_OPMODE { $$ = PRIV_FORCE_OPMODE; } |
-          TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; };
+          TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; } |
+          TPRIV_APASS_OPMODE { $$ = PRIV_APASS_OPMODE; } ;
 
 yesorno: YES { $$ = 1; } | NO { $$ = 0; };