From: Kevin L. Mitchell Date: Sun, 18 Mar 2007 12:15:45 +0000 (+0000) Subject: Author: Kev X-Git-Url: http://git.pk910.de/?p=ircu2.10.12-pk.git;a=commitdiff_plain;h=e27e63ec513836471ddd4be591b4be9d10a6612d Author: Kev Log message: I forgot to add permissions checks to mo_gline(). This commit causes any remote changes (remote local G-lines, remote local status changes to global G-lines, and global G-lines) to required CONFIG_OPERCMDS to be enabled and the oper to have the GLINE privilege; local changes (local G-lines, local status changes to global G-lines) require the oper to have the LOCAL_GLINE privilege. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1786 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- diff --git a/ChangeLog b/ChangeLog index 0688a24..2c22ddd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2007-03-18 Kevin L. Mitchell + + * ircd/m_gline.c (mo_gline): add permissions checks I kept + forgetting to add--remote local modifications require + FEAT_CONFIG_OPERCMDS and PRIV_GLINE, local G-lines require + PRIV_LOCAL_GLINE, and global G-line changes (excluding local + activation/deactivation) require FEAT_CONFIG_OPERCMDS and + PRIV_GLINE + 2007-03-17 Michael Poole * doc/example.conf (CRule): Document the support for multiple diff --git a/ircd/m_gline.c b/ircd/m_gline.c index f3b4367..18c1855 100644 --- a/ircd/m_gline.c +++ b/ircd/m_gline.c @@ -460,6 +460,12 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) /* If it's a local activate/deactivate and server isn't me, propagate it */ if ((action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) && !IsMe(acptr)) { + /* check for permissions... */ + if (!feature_bool(FEAT_CONFIG_OPERCMDS)) + return send_reply(sptr, ERR_DISABLED, "GLINE"); + else if (!HasPriv(sptr, PRIV_GLINE)) + return send_reply(sptr, ERR_NOPRIVILEGES); + Debug((DEBUG_DEBUG, "I am forwarding a local change to a global gline " "to a remote server; target %s, mask %s, operforce %s, action %s", cli_name(acptr), mask, flags & GLINE_OPERFORCE ? "YES" : "NO", @@ -498,6 +504,12 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) */ if (!IsMe(acptr)) { + /* check for permissions... */ + if (!feature_bool(FEAT_CONFIG_OPERCMDS)) + return send_reply(sptr, ERR_DISABLED, "GLINE"); + else if (!HasPriv(sptr, PRIV_GLINE)) + return send_reply(sptr, ERR_NOPRIVILEGES); + Debug((DEBUG_DEBUG, "I am forwarding a local G-line to a remote " "server; target %s, mask %s, operforce %s, action %s, " "expire %Tu, reason %s", target, mask, @@ -512,6 +524,10 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) return 0; /* all done */ } + /* check local G-line permissions... */ + if (!HasPriv(sptr, PRIV_LOCAL_GLINE)) + return send_reply(sptr, ERR_NOPRIVILEGES); + /* let's handle activation... */ if (action == GLINE_ACTIVATE) { if (agline) /* G-line already exists, so let's ignore it... */ @@ -545,6 +561,18 @@ mo_gline(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) action == GLINE_LOCAL_DEACTIVATE)) return send_reply(sptr, ERR_NOSUCHGLINE, mask); + /* check for G-line permissions... */ + if (action == GLINE_LOCAL_ACTIVATE || action == GLINE_LOCAL_DEACTIVATE) { + /* only need local privileges for locally-limited status changes */ + if (!HasPriv(sptr, PRIV_LOCAL_GLINE)) + return send_reply(sptr, ERR_NOPRIVILEGES); + } else { /* global privileges required */ + if (!feature_bool(FEAT_CONFIG_OPERCMDS)) + return send_reply(sptr, ERR_DISABLED, "GLINE"); + else if (!HasPriv(sptr, PRIV_GLINE)) + return send_reply(sptr, ERR_NOPRIVILEGES); + } + Debug((DEBUG_DEBUG, "I have a global G-line I am acting upon now; " "target %s, mask %s, operforce %s, action %s, expire %Tu, " "reason: %s; gline %s! (fields present: %s %s)", target,