From: pk910 <philipp@zoelle1.de>
Date: Tue, 8 Jan 2013 02:36:32 +0000 (+0100)
Subject: added access restriction to oset (access to the active fakehost should also be required!)
X-Git-Url: http://git.pk910.de/?p=srvx.git;a=commitdiff_plain;h=869edf2c778550b4fb5ffca23311736ddc790d0d

added access restriction to oset (access to the active fakehost should also be required!)
---

diff --git a/src/mod-hostserv.c b/src/mod-hostserv.c
index 84094d2..e4b6124 100644
--- a/src/mod-hostserv.c
+++ b/src/mod-hostserv.c
@@ -29,7 +29,7 @@
  *         "manager_can_del_toplevel" "0"; //managers of a toplevel group may delete the whole group
  *         "manager_can_rename_secondlevel" "0"; //managers of a secondlevel group may rename the whole group
  *         "manager_can_del_secondlevel" "0"; //managers of a secondlevel group may delete the whole group
- *           "manager_toplevel_can_oset" "0"; //managers of a toplevel group can set other user's fakehosts
+ *         "manager_toplevel_can_oset" "0"; //managers of a toplevel group can set other user's fakehosts
  *         "manager_secondlevel_can_oset" "0"; //managers of a secondlevel group can set other user's fakehosts
  *     };
  *  };
@@ -1182,11 +1182,17 @@ static MODCMD_FUNC(cmd_oset) {
         return 0;
     }
     struct hs_user *hs_user = hs_get_user(hi, 1);
+    for(assignment = hs_user->assignments; assignment; assignment = assignment->unext) {
+        if(assignment->active)
+            break;
+    }
+    if(assignment && !check_management_access(user->handle_info, (hostserv_conf.manager_toplevel_can_oset ? assignment->secondlevel->toplevel : NULL), (hostserv_conf.manager_secondlevel_can_oset ? assignment->secondlevel : NULL))) {
+        reply("HSMSG_ACCESS_DENIED");
+        return 0;
+    }
     if(!strcmp(argv[1], "*")) {
-        if(!check_management_access(user->handle_info, NULL, NULL)) {
-            reply("HSMSG_ACCESS_DENIED");
-            return 0;
-        }
+        if(!assignment)
+            return 0; //simply ignore (there is no assignment in use)
         hs_activate_assignment(hs_user, NULL);
         return 1;
     } else {
@@ -1195,8 +1201,8 @@ static MODCMD_FUNC(cmd_oset) {
             reply("HSMSG_TOPLEVEL_INVALID", fakehost);
             return 0;
         } else if(fhinfo.parse_state == HS_FHPARSE_UNKNOWN || !fhinfo.slfh) {
-           reply("HSMSG_UNKNOWN_FAKEHOST", fhinfo.slfh_name, fhinfo.tlfh_name);
-           return 0;
+            reply("HSMSG_UNKNOWN_FAKEHOST", fhinfo.slfh_name, fhinfo.tlfh_name);
+            return 0;
         }
         if(!check_management_access(user->handle_info, (hostserv_conf.manager_toplevel_can_oset ? fhinfo.tlfh : NULL), (hostserv_conf.manager_secondlevel_can_oset ? fhinfo.slfh : NULL))) {
             reply("HSMSG_ACCESS_DENIED");