From: Michael Poole <mdpoole@troilus.org>
Date: Thu, 24 Feb 2005 03:07:03 +0000 (+0000)
Subject: Define a privilege (off by default) that allows opers to use OPMODE
X-Git-Url: http://git.pk910.de/?p=ircu2.10.12-pk.git;a=commitdiff_plain;h=8d3f0571c3983d18c55572796d86e44c1ed89ff0

Define a privilege (off by default) that allows opers to use OPMODE
and CLEARMODE to set or remove Apass and Upass on channels.


git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@1324 c9e4aea6-c8fd-4c43-8297-357d70d61c8c
---

diff --git a/ChangeLog b/ChangeLog
index 2a0ed34..834ecad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2005-02-23  Michael Poole <mdpoole@troilus.org>
+
+	* doc/example.conf: Explain apass_opmode privilege, pointing out
+	that, unlike previous privs, the default is OFF for global opers.
+
+	* include/client.h (PRIV_APASS_OPMODE): Define new privilege.
+
+	* ircd/channel.c (mode_parse_upass): Only prevent local opers
+	without the apass_opmode privilege from forcing a +U change.
+	(mode_parse_apass): Likewise, for +A.
+
+	* ircd/client.c (client_set_privs): Turn off PRIV_APASS_OPMODE in
+	the default privileges for global opers.
+
+	* ircd/ircd_lexer.l (apass_opmode): Recognize keyword.
+
+	* ircd/ircd_parser.y (TPRIV_APASS_OPMODE): New token.
+	(privtype): Fix typo for local_badchan privilege value.
+	Accept apass_opmode token.
+
 2005-02-23  Michael Poole <mdpoole@troilus.org>
 
 	* doc/example.conf: Fix comment's description of "whox" privilege.
diff --git a/doc/example.conf b/doc/example.conf
index a3d1ef3..6506096 100644
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -218,10 +218,11 @@ Class {
  # opmode (can use /OPMODE)
  # badchan (can issue Gchans to other servers)
  # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
+ # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
  #
  # For global opers (with propagate = yes or local = no), the default
- # is to grant all of the above privileges.  For local opers, the
- # default is to grant ONLY the following privileges:
+ # is to grant all of the above privileges EXCEPT apass_opmode.  For
+ # local opers, the default is to grant ONLY the following privileges:
  #  chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
  #  rehash, local_gline, local_jupe, local_opmode, whox, display,
  #  force_local_opmode
diff --git a/include/client.h b/include/client.h
index 367a0f2..7b4179f 100644
--- a/include/client.h
+++ b/include/client.h
@@ -125,6 +125,7 @@ enum Priv
     PRIV_LIST_CHAN, /**< oper can list secret channels */
     PRIV_FORCE_OPMODE, /**< can hack modes on quarantined channels */
     PRIV_FORCE_LOCAL_OPMODE, /**< can hack modes on quarantined local channels */
+    PRIV_APASS_OPMODE, /**< can hack modes +A/-A/+U/-U */
     PRIV_LAST_PRIV /**< number of privileges */
   };
 
diff --git a/ircd/channel.c b/ircd/channel.c
index b264db7..c311e4e 100644
--- a/ircd/channel.c
+++ b/ircd/channel.c
@@ -2436,7 +2436,8 @@ mode_parse_upass(struct ParseState *state, int *flag_p)
   }
 
   /* If a non-service user is trying to force it, refuse. */
-  if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+  if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+      && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
     send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
                "Use /JOIN", state->chptr->chname, " <AdminPass>.");
     return;
@@ -2543,7 +2544,8 @@ mode_parse_apass(struct ParseState *state, int *flag_p)
   }
 
   /* If a non-service user is trying to force it, refuse. */
-  if (state->flags & MODE_PARSE_FORCE && !IsChannelService(state->sptr)) {
+  if (state->flags & MODE_PARSE_FORCE && MyUser(state->sptr)
+      && !HasPriv(state->sptr, PRIV_APASS_OPMODE)) {
     send_reply(state->sptr, ERR_NOTMANAGER, state->chptr->chname,
                "Use /JOIN", state->chptr->chname, " <AdminPass>.");
     return;
diff --git a/ircd/client.c b/ircd/client.c
index e8bf6c9..28840bd 100644
--- a/ircd/client.c
+++ b/ircd/client.c
@@ -152,6 +152,8 @@ client_set_privs(struct Client *client, struct ConfItem *oper)
   if (!privs_defaults_set)
   {
     memset(&privs_global, -1, sizeof(privs_global));
+    FlagClr(&privs_global, PRIV_APASS_OPMODE);
+
     memset(&privs_local, 0, sizeof(privs_local));
     FlagSet(&privs_local, PRIV_CHAN_LIMIT);
     FlagSet(&privs_local, PRIV_MODE_LCHAN);
@@ -165,6 +167,7 @@ client_set_privs(struct Client *client, struct ConfItem *oper)
     FlagSet(&privs_local, PRIV_WHOX);
     FlagSet(&privs_local, PRIV_DISPLAY);
     FlagSet(&privs_local, PRIV_FORCE_LOCAL_OPMODE);
+
     privs_defaults_set = 1;
   }
 
diff --git a/ircd/ircd_lexer.l b/ircd/ircd_lexer.l
index 1729ea8..48419e9 100644
--- a/ircd/ircd_lexer.l
+++ b/ircd/ircd_lexer.l
@@ -100,6 +100,7 @@ static struct lexer_token {
   TOKEN(USERMODE),
 #undef TOKEN
   { "administrator", ADMIN },
+  { "apass_opmode", TPRIV_APASS_OPMODE },
   { "b", BYTES },
   { "badchan", TPRIV_BADCHAN },
   { "chan_limit", TPRIV_CHAN_LIMIT },
diff --git a/ircd/ircd_parser.y b/ircd/ircd_parser.y
index c220597..2bba816 100644
--- a/ircd/ircd_parser.y
+++ b/ircd/ircd_parser.y
@@ -163,7 +163,7 @@ static void parse_error(char *pattern,...) {
 %token TPRIV_LOCAL_OPMODE TPRIV_OPMODE TPRIV_SET TPRIV_WHOX TPRIV_BADCHAN
 %token TPRIV_SEE_CHAN TPRIV_SHOW_INVIS TPRIV_SHOW_ALL_INVIS TPRIV_PROPAGATE
 %token TPRIV_UNLIMIT_QUERY TPRIV_DISPLAY TPRIV_SEE_OPERS TPRIV_WIDE_GLINE
-%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE
+%token TPRIV_FORCE_OPMODE TPRIV_FORCE_LOCAL_OPMODE TPRIV_APASS_OPMODE
 /* and some types... */
 %type <num> sizespec
 %type <num> timespec timefactor factoredtimes factoredtime
@@ -578,7 +578,7 @@ privtype: TPRIV_CHAN_LIMIT { $$ = PRIV_CHAN_LIMIT; } |
           TPRIV_SET { $$ = PRIV_SET; } |
           TPRIV_WHOX { $$ = PRIV_WHOX; } |
           TPRIV_BADCHAN { $$ = PRIV_BADCHAN; } |
-          TPRIV_LOCAL_BADCHAN { $$ = TPRIV_LOCAL_BADCHAN; } |
+          TPRIV_LOCAL_BADCHAN { $$ = PRIV_LOCAL_BADCHAN; } |
           TPRIV_SEE_CHAN { $$ = PRIV_SEE_CHAN; } |
           TPRIV_SHOW_INVIS { $$ = PRIV_SHOW_INVIS; } |
           TPRIV_SHOW_ALL_INVIS { $$ = PRIV_SHOW_ALL_INVIS; } |
@@ -589,7 +589,8 @@ privtype: TPRIV_CHAN_LIMIT { $$ = PRIV_CHAN_LIMIT; } |
           TPRIV_WIDE_GLINE { $$ = PRIV_WIDE_GLINE; } |
           LOCAL { $$ = PRIV_PROPAGATE; invert = 1; } |
           TPRIV_FORCE_OPMODE { $$ = PRIV_FORCE_OPMODE; } |
-          TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; };
+          TPRIV_FORCE_LOCAL_OPMODE { $$ = PRIV_FORCE_LOCAL_OPMODE; } |
+          TPRIV_APASS_OPMODE { $$ = PRIV_APASS_OPMODE; } ;
 
 yesorno: YES { $$ = 1; } | NO { $$ = 0; };