Author: Kev <klmitch@mit.edu>

Log message:

I forgot to add permissions checks to mo_gline().  This commit causes any
remote changes (remote local G-lines, remote local status changes to global
G-lines, and global G-lines) to required CONFIG_OPERCMDS to be enabled and
the oper to have the GLINE privilege; local changes (local G-lines, local
status changes to global G-lines) require the oper to have the LOCAL_GLINE
privilege.

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1786 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index 0688a24501dcbe6732cfabdbaecac19bad78e6b4..2c22dddea8fa46cf062a0d3f65645b627ccf1915 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2007-03-18  Kevin L. Mitchell  <klmitch@mit.edu>
+
+       * ircd/m_gline.c (mo_gline): add permissions checks I kept
+       forgetting to add--remote local modifications require
+       FEAT_CONFIG_OPERCMDS and PRIV_GLINE, local G-lines require
+       PRIV_LOCAL_GLINE, and global G-line changes (excluding local
+       activation/deactivation) require FEAT_CONFIG_OPERCMDS and
+       PRIV_GLINE
+
 2007-03-17  Michael Poole <mdpoole@troilus.org>
 
        * doc/example.conf (CRule): Document the support for multiple

diff --git a/ircd/m_gline.c b/ircd/m_gline.c
index f3b436762d781aa2afa60cf7c034bdb436763054..18c1855ae6c72f99dd9c7b4adcd0365b0fc46aec 100644 (file)
--- a/ircd/m_gline.c
+++ b/ircd/m_gline.c
@@ -460,6 +460,12 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
   /* If it's a local activate/deactivate and server isn't me, propagate it */
   if ((action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) &&
       !IsMe(acptr)) {
+    /* check for permissions... */
+    if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+      return send_reply(sptr, ERR_DISABLED, "GLINE");
+    else if (!HasPriv(sptr, PRIV_GLINE))
+      return send_reply(sptr, ERR_NOPRIVILEGES);
+
     Debug((DEBUG_DEBUG, "I am forwarding a local change to a global gline "
           "to a remote server; target %s, mask %s, operforce %s, action %s",
           cli_name(acptr), mask, flags & GLINE_OPERFORCE ? "YES" : "NO",
@@ -498,6 +504,12 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
      */
 
     if (!IsMe(acptr)) {
+      /* check for permissions... */
+      if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+       return send_reply(sptr, ERR_DISABLED, "GLINE");
+      else if (!HasPriv(sptr, PRIV_GLINE))
+       return send_reply(sptr, ERR_NOPRIVILEGES);
+
       Debug((DEBUG_DEBUG, "I am forwarding a local G-line to a remote "
             "server; target %s, mask %s, operforce %s, action %s, "
             "expire %Tu, reason %s", target, mask,
@@ -512,6 +524,10 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
       return 0; /* all done */
     }
 
+    /* check local G-line permissions... */
+    if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+      return send_reply(sptr, ERR_NOPRIVILEGES);
+
     /* let's handle activation... */
     if (action == GLINE_ACTIVATE) {
       if (agline) /* G-line already exists, so let's ignore it... */
@@ -545,6 +561,18 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
        action == GLINE_LOCAL_DEACTIVATE))
     return send_reply(sptr, ERR_NOSUCHGLINE, mask);
 
+  /* check for G-line permissions... */
+  if (action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) {
+    /* only need local privileges for locally-limited status changes */
+    if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+      return send_reply(sptr, ERR_NOPRIVILEGES);
+  } else { /* global privileges required */
+    if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+      return send_reply(sptr, ERR_DISABLED, "GLINE");
+    else if (!HasPriv(sptr, PRIV_GLINE))
+      return send_reply(sptr, ERR_NOPRIVILEGES);
+  }
+
   Debug((DEBUG_DEBUG, "I have a global G-line I am acting upon now; "
         "target %s, mask %s, operforce %s, action %s, expire %Tu, "
         "reason: %s; gline %s!  (fields present: %s %s)", target,