+2005-02-23 Michael Poole <mdpoole@troilus.org>
+
+ * doc/example.conf: Explain apass_opmode privilege, pointing out
+ that, unlike previous privs, the default is OFF for global opers.
+
+ * include/client.h (PRIV_APASS_OPMODE): Define new privilege.
+
+ * ircd/channel.c (mode_parse_upass): Only prevent local opers
+ without the apass_opmode privilege from forcing a +U change.
+ (mode_parse_apass): Likewise, for +A.
+
+ * ircd/client.c (client_set_privs): Turn off PRIV_APASS_OPMODE in
+ the default privileges for global opers.
+
+ * ircd/ircd_lexer.l (apass_opmode): Recognize keyword.
+
+ * ircd/ircd_parser.y (TPRIV_APASS_OPMODE): New token.
+ (privtype): Fix typo for local_badchan privilege value.
+ Accept apass_opmode token.
+
2005-02-23 Michael Poole <mdpoole@troilus.org>
* doc/example.conf: Fix comment's description of "whox" privilege.
# opmode (can use /OPMODE)
# badchan (can issue Gchans to other servers)
# force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
+ # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
#
# For global opers (with propagate = yes or local = no), the default
- # is to grant all of the above privileges. For local opers, the
- # default is to grant ONLY the following privileges:
+ # is to grant all of the above privileges EXCEPT apass_opmode. For
+ # local opers, the default is to grant ONLY the following privileges:
# chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
# rehash, local_gline, local_jupe, local_opmode, whox, display,
# force_local_opmode
PRIV_LIST_CHAN, /**< oper can list secret channels */
PRIV_FORCE_OPMODE, /**< can hack modes on quarantined channels */
PRIV_FORCE_LOCAL_OPMODE, /**< can hack modes on quarantined local channels */
+ PRIV_APASS_OPMODE, /**< can hack modes +A/-A/+U/-U */
PRIV_LAST_PRIV /**< number of privileges */
};
}
/* If a non-service user is trying to force it, refuse. */
- if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+ if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+ && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
"Use /JOIN", state->chptr->chname, " <AdminPass>.");
return;
}
/* If a non-service user is trying to force it, refuse. */
- if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+ if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+ && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
"Use /JOIN", state->chptr->chname, " <AdminPass>.");
return;
if (!privs_defaults_set)
{
memset(&privs_global, -1, sizeof(privs_global));
+ FlagClr(&privs_global, PRIV_APASS_OPMODE);
+
memset(&privs_local, 0, sizeof(privs_local));
FlagSet(&privs_local, PRIV_CHAN_LIMIT);
FlagSet(&privs_local, PRIV_MODE_LCHAN);
FlagSet(&privs_local, PRIV_WHOX);
FlagSet(&privs_local, PRIV_DISPLAY);
FlagSet(&privs_local, PRIV_FORCE_LOCAL_OPMODE);
+
privs_defaults_set = 1;
}
TOKEN(USERMODE),
#undef TOKEN
{ "administrator", ADMIN },
+ { "apass_opmode", TPRIV_APASS_OPMODE },
{ "b", BYTES },
{ "badchan", TPRIV_BADCHAN },
{ "chan_limit", TPRIV_CHAN_LIMIT },
%token TPRIV_LOCAL_OPMODE TPRIV_OPMODE TPRIV_SET TPRIV_WHOX TPRIV_BADCHAN
%token TPRIV_SEE_CHAN TPRIV_SHOW_INVIS TPRIV_SHOW_ALL_INVIS TPRIV_PROPAGATE
%token TPRIV_UNLIMIT_QUERY TPRIV_DISPLAY TPRIV_SEE_OPERS TPRIV_WIDE_GLINE
-%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE
+%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE TPRIV_APASS_OPMODE
/* and some types... */
%type <num> sizespec
%type <num> timespec timefactor factoredtimes factoredtime
TPRIV_SET { $$ = PRIV_SET; } |
TPRIV_WHOX { $$ = PRIV_WHOX; } |
TPRIV_BADCHAN { $$ = PRIV_BADCHAN; } |
- TPRIV_LOCAL_BADCHAN { $$ = TPRIV_LOCAL_BADCHAN; } |
+ TPRIV_LOCAL_BADCHAN { $$ = PRIV_LOCAL_BADCHAN; } |
TPRIV_SEE_CHAN { $$ = PRIV_SEE_CHAN; } |
TPRIV_SHOW_INVIS { $$ = PRIV_SHOW_INVIS; } |
TPRIV_SHOW_ALL_INVIS { $$ = PRIV_SHOW_ALL_INVIS; } |
TPRIV_WIDE_GLINE { $$ = PRIV_WIDE_GLINE; } |
LOCAL { $$ = PRIV_PROPAGATE; invert = 1; } |
TPRIV_FORCE_OPMODE { $$ = PRIV_FORCE_OPMODE; } |
- TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; };
+ TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; } |
+ TPRIV_APASS_OPMODE { $$ = PRIV_APASS_OPMODE; } ;
yesorno: YES { $$ = 1; } | NO { $$ = 0; };