Log message:
I forgot to add permissions checks to mo_gline(). This commit causes any
remote changes (remote local G-lines, remote local status changes to global
G-lines, and global G-lines) to required CONFIG_OPERCMDS to be enabled and
the oper to have the GLINE privilege; local changes (local G-lines, local
status changes to global G-lines) require the oper to have the LOCAL_GLINE
privilege.
git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1786
c9e4aea6-c8fd-4c43-8297-
357d70d61c8c
+2007-03-18 Kevin L. Mitchell <klmitch@mit.edu>
+
+ * ircd/m_gline.c (mo_gline): add permissions checks I kept
+ forgetting to add--remote local modifications require
+ FEAT_CONFIG_OPERCMDS and PRIV_GLINE, local G-lines require
+ PRIV_LOCAL_GLINE, and global G-line changes (excluding local
+ activation/deactivation) require FEAT_CONFIG_OPERCMDS and
+ PRIV_GLINE
+
2007-03-17 Michael Poole <mdpoole@troilus.org>
* doc/example.conf (CRule): Document the support for multiple
2007-03-17 Michael Poole <mdpoole@troilus.org>
* doc/example.conf (CRule): Document the support for multiple
/* If it's a local activate/deactivate and server isn't me, propagate it */
if ((action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) &&
!IsMe(acptr)) {
/* If it's a local activate/deactivate and server isn't me, propagate it */
if ((action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) &&
!IsMe(acptr)) {
+ /* check for permissions... */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
Debug((DEBUG_DEBUG, "I am forwarding a local change to a global gline "
"to a remote server; target %s, mask %s, operforce %s, action %s",
cli_name(acptr), mask, flags & GLINE_OPERFORCE ? "YES" : "NO",
Debug((DEBUG_DEBUG, "I am forwarding a local change to a global gline "
"to a remote server; target %s, mask %s, operforce %s, action %s",
cli_name(acptr), mask, flags & GLINE_OPERFORCE ? "YES" : "NO",
+ /* check for permissions... */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
Debug((DEBUG_DEBUG, "I am forwarding a local G-line to a remote "
"server; target %s, mask %s, operforce %s, action %s, "
"expire %Tu, reason %s", target, mask,
Debug((DEBUG_DEBUG, "I am forwarding a local G-line to a remote "
"server; target %s, mask %s, operforce %s, action %s, "
"expire %Tu, reason %s", target, mask,
return 0; /* all done */
}
return 0; /* all done */
}
+ /* check local G-line permissions... */
+ if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+
/* let's handle activation... */
if (action == GLINE_ACTIVATE) {
if (agline) /* G-line already exists, so let's ignore it... */
/* let's handle activation... */
if (action == GLINE_ACTIVATE) {
if (agline) /* G-line already exists, so let's ignore it... */
action == GLINE_LOCAL_DEACTIVATE))
return send_reply(sptr, ERR_NOSUCHGLINE, mask);
action == GLINE_LOCAL_DEACTIVATE))
return send_reply(sptr, ERR_NOSUCHGLINE, mask);
+ /* check for G-line permissions... */
+ if (action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) {
+ /* only need local privileges for locally-limited status changes */
+ if (!HasPriv(sptr, PRIV_LOCAL_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+ } else { /* global privileges required */
+ if (!feature_bool(FEAT_CONFIG_OPERCMDS))
+ return send_reply(sptr, ERR_DISABLED, "GLINE");
+ else if (!HasPriv(sptr, PRIV_GLINE))
+ return send_reply(sptr, ERR_NOPRIVILEGES);
+ }
+
Debug((DEBUG_DEBUG, "I have a global G-line I am acting upon now; "
"target %s, mask %s, operforce %s, action %s, expire %Tu, "
"reason: %s; gline %s! (fields present: %s %s)", target,
Debug((DEBUG_DEBUG, "I have a global G-line I am acting upon now; "
"target %s, mask %s, operforce %s, action %s, expire %Tu, "
"reason: %s; gline %s! (fields present: %s %s)", target,