pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-28 23:06:39 +02:00
Code Activity

Add access checking to cs_* modules. Also change number of arguments for cs_modes commands.

Browse Source 
git-svn-id: http://anope.svn.sourceforge.net/svnroot/anope/trunk@2134 5417fbe8-f217-4b02-8779-1006273d7864
This commit is contained in:
rburchell
2009-02-28 00:48:36 +00:00
parent f2fb7ef53f
commit 090107db5f
15 changed files with 82 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/core/cs_access.c
+18 -10
View File
@@ -34,7 +34,8 @@ static int access_del(User * u, ChannelInfo *ci, ChanAccess * access, int *perm,
char *nick;
if (!access->in_use)
return 0;
if (!is_services_admin(u) && uacc <= access->level) {
if (uacc <= access->level && !u->nc->HasPriv("chanserv/access/change"))
{
(*perm)++;
return 0;
}
@@ -116,7 +117,6 @@ class CommandCSAccess : public Command
unsigned i;
int level = 0, ulev;
int is_list = (cmd && stricmp(cmd, "LIST") == 0);
int is_servadmin = is_services_admin(u);
/* If LIST, we don't *require* any parameters, but we can take any.
* If DEL, we require a nick and no level.
@@ -134,9 +134,13 @@ class CommandCSAccess : public Command
notice_lang(s_ChanServ, u, CHAN_ACCESS_XOP_HOP, s_ChanServ);
else
notice_lang(s_ChanServ, u, CHAN_ACCESS_XOP, s_ChanServ);
} else if (((is_list && !check_access(u, ci, CA_ACCESS_LIST))
|| (!is_list && !check_access(u, ci, CA_ACCESS_CHANGE)))
&& !is_servadmin) {
} else if (
(
(is_list && !check_access(u, ci, CA_ACCESS_LIST) && !u->nc->HasCommand("chanserv/access/list"))
||
(!is_list && !check_access(u, ci, CA_ACCESS_CHANGE) && !u->nc->HasPriv("chanserv/access/modify"))
))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
} else if (stricmp(cmd, "ADD") == 0) {
if (readonly) {
@@ -147,7 +151,8 @@ class CommandCSAccess : public Command
level = atoi(s);
ulev = get_access(u, ci);
if (!is_servadmin && level >= ulev) {
if (level >= ulev && !u->nc->HasPriv("chanserv/access/modify"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
}
@@ -176,7 +181,8 @@ class CommandCSAccess : public Command
access++, i++) {
if (access->nc == nc) {
/* Don't allow lowering from a level >= ulev */
if (!is_servadmin && access->level >= ulev) {
if (access->level >= ulev && !u->nc->HasPriv("chanserv/access/change"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
}
@@ -270,7 +276,8 @@ class CommandCSAccess : public Command
return MOD_CONT;
}
access = &ci->access[i];
if (!is_servadmin && get_access(u, ci) <= access->level) {
if (get_access(u, ci) <= access->level && !u->nc->HasPriv("chanserv/access/change"))
{
deleted = 0;
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
} else {
@@ -352,7 +359,8 @@ class CommandCSAccess : public Command
return MOD_CONT;
}
if (!is_servadmin && !is_founder(u, ci)) {
if (!is_founder(u, ci) && !u->nc->HasPriv("chanserv/access/change"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
}
@@ -420,7 +428,7 @@ class CommandCSLevels : public Command
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
} else if (ci->flags & CI_XOP) {
notice_lang(s_ChanServ, u, CHAN_LEVELS_XOP);
} else if (!is_founder(u, ci) && !is_services_admin(u)) {
} else if (!is_founder(u, ci) && !u->nc->HasPriv("chanserv/access/change")) {
notice_lang(s_ChanServ, u, ACCESS_DENIED);
} else if (stricmp(cmd, "SET") == 0) {
level = strtol(s, &error, 10);
src/core/cs_akick.c
+2 -1
View File
@@ -220,7 +220,8 @@ class CommandCSAKick : public Command
notice_lang(s_ChanServ, u, CHAN_X_NOT_REGISTERED, chan);
} else if (ci-> flags & CI_FORBIDDEN) {
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
} else if (!check_access(u, ci, CA_AKICK) && !is_services_admin(u)) {
} else if (!check_access(u, ci, CA_AKICK) && !u->nc->HasPriv("chanserv/access/change"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
} else if (stricmp(cmd, "ADD") == 0) {
NickAlias *na = findnick(mask), *na2;
src/core/cs_drop.c
+4 -5
View File
@@ -38,7 +38,6 @@ class CommandCSDrop : public Command
{
const char *chan = params[0].c_str();
ChannelInfo *ci;
int is_servadmin = is_services_admin(u);
if (readonly)
{
@@ -52,19 +51,19 @@ class CommandCSDrop : public Command
return MOD_CONT;
}
if (!is_servadmin && (ci->flags & CI_FORBIDDEN))
if ((ci->flags & CI_FORBIDDEN) && !u->nc->HasCommand("chanserv/drop"))
{
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
return MOD_CONT;
}
if (!is_servadmin && (ci->flags & CI_SUSPENDED))
if ((ci->flags & CI_SUSPENDED) && !u->nc->HasCommand("chanserv/drop"))
{
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
return MOD_CONT;
}
if (!is_servadmin && (ci->flags & CI_SECUREFOUNDER ? !is_real_founder(u, ci) : !is_founder(u, ci)))
if ((ci->flags & CI_SECUREFOUNDER ? !is_real_founder(u, ci) : !is_founder(u, ci)) && !u->nc->HasCommand("chanserv/drop"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
return MOD_CONT;
@@ -95,7 +94,7 @@ class CommandCSDrop : public Command
/* We must make sure that the Services admin has not normally the right to
* drop the channel before issuing the wallops.
*/
if (WallDrop && is_servadmin && level < ACCESS_FOUNDER)
if (WallDrop && level < ACCESS_FOUNDER)
ircdproto->SendGlobops(s_ChanServ, "\2%s\2 used DROP on channel \2%s\2", u->nick, chan);
notice_lang(s_ChanServ, u, CHAN_DROPPED, chan);
src/core/cs_forbid.c
+6
View File
@@ -44,6 +44,12 @@ class CommandCSForbid : public Command
Channel *c;
if (!u->nc->HasCommand("chanserv/forbid"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
return MOD_CONT;
}
if (ForceForbidReason && !reason)
{
syntax_error(s_ChanServ, u, "FORBID", CHAN_FORBID_SYNTAX_REASON);
src/core/cs_getkey.c
+6
View File
@@ -38,6 +38,12 @@ class CommandCSGetKey : public Command
const char *chan = params[0].c_str();
ChannelInfo *ci;
if (!u->nc->HasCommand("chanserv/getkey"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
return MOD_CONT;
}
if (!(ci = cs_findchan(chan)))
{
notice_lang(s_ChanServ, u, CHAN_X_NOT_REGISTERED, chan);
src/core/cs_getpass.c
+6
View File
@@ -39,6 +39,12 @@ class CommandCSGetPass : public Command
char tmp_pass[PASSMAX];
ChannelInfo *ci;
if (!u->nc->HasCommand("chanserv/getpass"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
return MOD_CONT;
}
if (!(ci = cs_findchan(chan)))
{
notice_lang(s_ChanServ, u, CHAN_X_NOT_REGISTERED, chan);
src/core/cs_info.c
+4 -4
View File
@@ -53,7 +53,7 @@ class CommandCSInfo : public Command
ChannelInfo *ci;
char buf[BUFSIZE];
struct tm *tm;
int is_servadmin = is_services_admin(u);
bool has_auspex = u->nc->HasPriv("chanserv/auspex");
int show_all = 0;
time_t expt;
@@ -78,7 +78,7 @@ class CommandCSInfo : public Command
/* Should we show all fields? Only for sadmins and identified users */
if (param && stricmp(param, "ALL") == 0 && (check_access(u, ci, CA_INFO) || is_servadmin))
if (param && stricmp(param, "ALL") == 0 && (check_access(u, ci, CA_INFO) || has_auspex))
show_all = 1;
notice_lang(s_ChanServ, u, CHAN_INFO_HEADER, chan);
@@ -137,7 +137,7 @@ class CommandCSInfo : public Command
}
else
{
if (is_servadmin)
if (has_auspex)
{
expt = ci->last_used + CSExpire;
tm = localtime(&expt);
@@ -151,7 +151,7 @@ class CommandCSInfo : public Command
notice_lang(s_ChanServ, u, CHAN_X_SUSPENDED, ci->forbidby, (ci->forbidreason ? ci->forbidreason : getstring(u, NO_REASON)));
}
if (!show_all && (check_access(u, ci, CA_INFO) || is_servadmin))
if (!show_all && (check_access(u, ci, CA_INFO) || has_auspex))
notice_lang(s_ChanServ, u, NICK_INFO_FOR_MORE, s_ChanServ, ci->name);
return MOD_CONT;
}
src/core/cs_list.c
+1 -1
View File
@@ -44,7 +44,7 @@ public:
ChannelInfo *ci;
unsigned nchans, i;
char buf[BUFSIZE];
int is_servadmin = is_services_admin(u);
bool is_servadmin = u->nc->HasCommand("chanserv/list");
int count = 0, from = 0, to = 0, tofree = 0;
char *tmp = NULL;
char *s = NULL;
src/core/cs_logout.c
+4 -14
View File
@@ -52,7 +52,7 @@ class CommandCSLogout : public Command
}
public:
CommandCSLogout() : Command("LOGOUT", 1, 2)
CommandCSLogout() : Command("LOGOUT", 2, 2)
{
}
@@ -63,20 +63,12 @@ class CommandCSLogout : public Command
const char *nick = params.size() > 1 ? params[1].c_str() : NULL;
ChannelInfo *ci;
User *u2 = NULL;
int is_servadmin = is_services_admin(u);
if (!nick && !is_servadmin)
{
// XXX: this should be permission denied.
syntax_error(s_ChanServ, u, "LOGOUT",
(!is_servadmin ? CHAN_LOGOUT_SYNTAX :
CHAN_LOGOUT_SERVADMIN_SYNTAX));
}
else if (!(ci = cs_findchan(chan)))
if (!(ci = cs_findchan(chan)))
{
notice_lang(s_ChanServ, u, CHAN_X_NOT_REGISTERED, chan);
}
else if (!is_servadmin && (ci->flags & CI_FORBIDDEN))
else if ((ci->flags & CI_FORBIDDEN))
{
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
}
@@ -84,7 +76,7 @@ class CommandCSLogout : public Command
{
notice_lang(s_ChanServ, u, NICK_X_NOT_IN_USE, nick);
}
else if (!is_servadmin && u2 != u && !is_real_founder(u, ci))
else if (u2 != u && !is_real_founder(u, ci))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
}
@@ -114,8 +106,6 @@ class CommandCSLogout : public Command
bool OnHelp(User *u, const std::string &subcommand)
{
if (is_services_admin(u) || is_services_root(u))
notice_help(s_NickServ, u, CHAN_SERVADMIN_HELP_LOGOUT);
notice_help(s_NickServ, u, CHAN_HELP_LOGOUT);
return true;
}
src/core/cs_modes.c
+13 -36
View File
@@ -54,30 +54,7 @@ static CommandReturn do_util(User *u, CSModeUtil *util, const char *chan, const
int is_same;
if (!chan) {
struct u_chanlist *uc;
av[0] = util->mode;
av[1] = u->nick;
/* Sets the mode to the user on every channels he is on. */
for (uc = u->chans; uc; uc = uc->next) {
if ((ci = uc->chan->ci) && !(ci->flags & CI_FORBIDDEN)
&& check_access(u, ci, util->levelself)) {
ircdproto->SendMode(whosends(ci), uc->chan->name, "%s %s",
util->mode, u->nick);
chan_set_modes(s_ChanServ, uc->chan, 2, av, 2);
if (util->notice && ci->flags & util->notice)
ircdproto->SendMessage(whosends(ci), uc->chan->name,
"%s command used for %s by %s", util->name,
u->nick, u->nick);
}
}
return MOD_CONT;
} else if (!nick) {
if (!nick) {
nick = u->nick;
}
@@ -121,7 +98,7 @@ static CommandReturn do_util(User *u, CSModeUtil *util, const char *chan, const
class CommandCSOp : public Command
{
public:
CommandCSOp() : Command("OP", 0, 2)
CommandCSOp() : Command("OP", 1, 2)
{
}
@@ -142,7 +119,7 @@ class CommandCSOp : public Command
class CommandCSDeOp : public Command
{
public:
CommandCSDeOp() : Command("DEOP", 0, 2)
CommandCSDeOp() : Command("DEOP", 1, 2)
{
}
@@ -163,7 +140,7 @@ class CommandCSDeOp : public Command
class CommandCSVoice : public Command
{
public:
CommandCSVoice() : Command("VOICE", 0, 2)
CommandCSVoice() : Command("VOICE", 1, 2)
{
}
@@ -184,7 +161,7 @@ class CommandCSVoice : public Command
class CommandCSDeVoice : public Command
{
public:
CommandCSDeVoice() : Command("DEVOICE", 0, 2)
CommandCSDeVoice() : Command("DEVOICE", 1, 2)
{
}
@@ -205,7 +182,7 @@ class CommandCSDeVoice : public Command
class CommandCSHalfOp : public Command
{
public:
CommandCSHalfOp() : Command("HALFOP", 0, 2)
CommandCSHalfOp() : Command("HALFOP", 1, 2)
{
}
@@ -232,7 +209,7 @@ class CommandCSHalfOp : public Command
class CommandCSDeHalfOp : public Command
{
public:
CommandCSDeHalfOp() : Command("DEHALFOP", 0, 2)
CommandCSDeHalfOp() : Command("DEHALFOP", 1, 2)
{
}
@@ -258,7 +235,7 @@ class CommandCSDeHalfOp : public Command
class CommandCSProtect : public Command
{
public:
CommandCSProtect() : Command("PROTECT", 0, 2)
CommandCSProtect() : Command("PROTECT", 1, 2)
{
}
@@ -285,7 +262,7 @@ class CommandCSProtect : public Command
class CommandCSDeProtect : public Command
{
public:
CommandCSDeProtect() : Command("DEPROTECT", 0, 2)
CommandCSDeProtect() : Command("DEPROTECT", 1, 2)
{
}
@@ -312,7 +289,7 @@ class CommandCSDeProtect : public Command
class CommandCSOwner : public Command
{
public:
CommandCSOwner() : Command("OWNER", 2, 2)
CommandCSOwner() : Command("OWNER", 1, 2)
{
}
@@ -321,7 +298,7 @@ class CommandCSOwner : public Command
{
const char *av[2];
const char *chan = params[0].c_str();
const char *nick = params[1].c_str();
const char *nick = params.size() > 1 ? params[1].c_str() : NULL;
User *u2;
Channel *c;
ChannelInfo *ci;
@@ -366,7 +343,7 @@ class CommandCSOwner : public Command
class CommandCSDeOwner : public Command
{
public:
CommandCSDeOwner() : Command("DEOWNER", 2, 2)
CommandCSDeOwner() : Command("DEOWNER", 1, 2)
{
}
@@ -375,7 +352,7 @@ class CommandCSDeOwner : public Command
{
const char *av[2];
const char *chan = params[0].c_str();
const char *nick = params[1].c_str();
const char *nick = params.size() > 1 ? params[1].c_str() : NULL;
User *u2;
Channel *c;
src/core/cs_register.c
+1 -2
View File
@@ -33,7 +33,6 @@ class CommandCSRegister : public Command
Channel *c;
ChannelInfo *ci;
struct u_chaninfolist *uc;
int is_servadmin = is_services_admin(u);
char founderpass[PASSMAX];
char tmp_pass[PASSMAX];
@@ -71,7 +70,7 @@ class CommandCSRegister : public Command
notice_lang(s_ChanServ, u, CHAN_MAY_NOT_BE_REGISTERED, chan);
else if (!chan_has_user_status(c, u, CUS_OP))
notice_lang(s_ChanServ, u, CHAN_MUST_BE_CHANOP);
else if (!is_servadmin && CSMaxReg && u->nc->channelcount >= CSMaxReg)
else if (CSMaxReg && u->nc->channelcount >= CSMaxReg && !u->nc->HasPriv("chanserv/no-register-limit"))
notice_lang(s_ChanServ, u, u->nc->channelcount > CSMaxReg ? CHAN_EXCEEDED_CHANNEL_LIMIT : CHAN_REACHED_CHANNEL_LIMIT, CSMaxReg);
else if (!stricmp(u->nick, pass) || (StrictPasswords && strlen(pass) < 5))
notice_lang(s_ChanServ, u, MORE_OBSCURE_PASSWORD);
src/core/cs_set.c
+4 -3
View File
@@ -33,7 +33,7 @@ class CommandCSSet : public Command
}
nc = na->nc;
if (CSMaxReg && nc->channelcount >= CSMaxReg && !is_services_admin(u)) {
if (CSMaxReg && nc->channelcount >= CSMaxReg && !u->nc->HasPriv("chanserv/no-register-limit")) {
notice_lang(s_ChanServ, u, CHAN_SET_FOUNDER_TOO_MANY_CHANS, param);
return MOD_CONT;
}
@@ -513,7 +513,8 @@ class CommandCSSet : public Command
CommandReturn DoSetNoExpire(User * u, ChannelInfo * ci, const char *param)
{
if (!is_services_admin(u)) {
if (!u->nc->HasCommand("chanserv/set/noexpire"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
}
@@ -541,7 +542,7 @@ class CommandCSSet : public Command
const char *cmd = params[1].c_str();
const char *param = params.size() > 2 ? params[2].c_str() : NULL;
ChannelInfo *ci;
int is_servadmin = is_services_admin(u);
bool is_servadmin = u->nc->HasPriv("chanserv/set");
if (readonly) {
notice_lang(s_ChanServ, u, CHAN_SET_DISABLED);
src/core/cs_status.c
+3
View File
@@ -32,6 +32,9 @@ class CommandCSStatus : public Command
const char *nick = params[1].c_str();
const char *temp = NULL;
if (!u->nc->HasCommand("chanserv/status"))
return MOD_CONT; // XXX: error?
if (!(ci = cs_findchan(chan)))
{
temp = chan;
src/core/cs_suspend.c
+3
View File
@@ -32,6 +32,9 @@ class CommandCSSuspend : public Command
Channel *c;
if (!u->nc->HasCommand("chanserv/suspend"))
return MOD_CONT; // XXX: error?
/* Assumes that permission checking has already been done. */
if (ForceForbidReason && !reason)
{
src/core/cs_xop.c
+7 -7
View File
@@ -126,7 +126,7 @@ class XOPBase : public Command
short ulev = get_access(u, ci);
if ((level >= ulev || ulev < ACCESS_AOP) && !is_services_admin(u))
if ((level >= ulev || ulev < ACCESS_AOP) && !u->nc->HasPriv("chanserv/access/modify"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
@@ -152,7 +152,7 @@ class XOPBase : public Command
/**
* Patch provided by PopCorn to prevert AOP's reducing SOP's levels
**/
if (access->level >= ulev && !is_services_admin(u))
if (access->level >= ulev && !u->nc->HasPriv("chanserv/access/modify"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
@@ -229,7 +229,7 @@ class XOPBase : public Command
short ulev = get_access(u, ci);
if ((level >= ulev || ulev < ACCESS_AOP) && !is_services_admin(u))
if ((level >= ulev || ulev < ACCESS_AOP) && !u->nc->HasPriv("chanserv/access/modify"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
@@ -275,7 +275,7 @@ class XOPBase : public Command
}
access = &ci->access[i];
if (!is_services_admin(u) && ulev <= access->level)
if (ulev <= access->level && !u->nc->HasPriv("chanserv/access/change"))
{
deleted = 0;
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
@@ -336,7 +336,7 @@ class XOPBase : public Command
int sent_header = 0;
const char *nick = params.size() > 2 ? params[2].c_str() : NULL;
if (!is_services_admin(u) && level < ACCESS_AOP)
if (level < ACCESS_AOP && !u->nc->HasCommand("chanserv/aop/list"))
{
notice_lang(s_ChanServ, u, ACCESS_DENIED);
return MOD_CONT;
@@ -379,7 +379,7 @@ class XOPBase : public Command
return MOD_CONT;
}
if (!is_services_admin(u) && !is_founder(u, ci))
if (!is_founder(u, ci) && !u->nc->HasPriv("chanserv/access/change"))
{
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
return MOD_CONT;
@@ -578,7 +578,7 @@ int xop_del(User *u, ChannelInfo *ci, ChanAccess *access, int *perm, int uacc, i
char *nick = access->nc->display;
if (!access->in_use || access->level != xlev)
return 0;
if (!is_services_admin(u) && uacc <= access->level)
if (uacc <= access->level && !u->nc->HasPriv("chanserv/access/change"))
{
++(*perm);
return 0;