summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSadie Powell <sadie@witchery.services>2020-04-11 15:09:34 +0100
committerSadie Powell <sadie@witchery.services>2020-04-11 15:44:51 +0100
commit6fcbfc072387752ec345d7589e986b9959f350fc (patch)
treec62f9074e1d1409ac4379025d6938cbaf8c8e29f
parent41f781a9a6560eab393b18815dbdfa9073c6810b (diff)
Add support for limiting what opers can subscribe to snomasks.
-rw-r--r--docs/conf/opers.conf.example11
-rw-r--r--include/configreader.h3
-rw-r--r--include/users.h9
-rw-r--r--src/coremods/core_user/umode_s.cpp9
-rw-r--r--src/users.cpp24
5 files changed, 51 insertions, 5 deletions
diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example
index 67801ce31..dfde001b5 100644
--- a/docs/conf/opers.conf.example
+++ b/docs/conf/opers.conf.example
@@ -49,12 +49,15 @@
usermodes="*"
# chanmodes: Oper-only channel modes that opers with this class can use.
- chanmodes="*">
+ chanmodes="*"
+
+ # snomasks: The snomasks that opers with this class can use.
+ snomasks="*">
<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
-<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
-<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex" snomasks="Cc">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*" snomasks="Xx">
+<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message" snomasks="Gg">
<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
diff --git a/include/configreader.h b/include/configreader.h
index 4deef83f4..5a775a016 100644
--- a/include/configreader.h
+++ b/include/configreader.h
@@ -188,6 +188,9 @@ class CoreExport OperInfo : public refcountbase
/** Allowed channel modes from oper classes. */
std::bitset<64> AllowedChanModes;
+ /** Allowed snomasks from oper classes. */
+ std::bitset<64> AllowedSnomasks;
+
/** \<oper> block used for this oper-up. May be NULL. */
reference<ConfigTag> oper_block;
/** \<type> block used for this oper-up. Valid for local users, may be NULL on remote */
diff --git a/include/users.h b/include/users.h
index bae2615c2..4d7994e8e 100644
--- a/include/users.h
+++ b/include/users.h
@@ -490,6 +490,12 @@ class CoreExport User : public Extensible
*/
virtual bool HasModePermission(const ModeHandler* mh) const;
+ /** Determines whether this user can set the specified snomask.
+ * @param chr The server notice mask character to look up.
+ * @return True if the user can set the specified snomask; otherwise, false.
+ */
+ virtual bool HasSnomaskPermission(char chr) const;
+
/** Creates a usermask with real host.
* Takes a buffer to use and fills the given buffer with the hostmask in the format user\@host
* @return the usermask in the format user\@host
@@ -879,6 +885,9 @@ class CoreExport LocalUser : public User, public insp::intrusive_list_node<Local
*/
bool HasModePermission(const ModeHandler* mh) const CXX11_OVERRIDE;
+ /** @copydoc User::HasSnomaskPermission */
+ bool HasSnomaskPermission(char chr) const CXX11_OVERRIDE;
+
/** Change nick to uuid, unset REG_NICK and send a nickname overruled numeric.
* This is called when another user (either local or remote) needs the nick of this user and this user
* isn't registered.
diff --git a/src/coremods/core_user/umode_s.cpp b/src/coremods/core_user/umode_s.cpp
index 6e1f6d43d..5994f97fb 100644
--- a/src/coremods/core_user/umode_s.cpp
+++ b/src/coremods/core_user/umode_s.cpp
@@ -89,7 +89,8 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
case '*':
for (size_t j = 0; j < 64; j++)
{
- if (ServerInstance->SNO->IsSnomaskUsable(j+'A'))
+ const char chr = j + 'A';
+ if (user->HasSnomaskPermission(chr) && ServerInstance->SNO->IsSnomaskUsable(chr))
curr[j] = adding;
}
break;
@@ -103,6 +104,12 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
user->WriteNumeric(ERR_UNKNOWNSNOMASK, *i, "is an unknown snomask character");
continue;
}
+ else if (!user->HasSnomaskPermission(*i))
+ {
+ user->WriteNumeric(ERR_NOPRIVILEGES, InspIRCd::Format("Permission Denied - Oper type %s does not have access to snomask %c",
+ user->oper->name.c_str(), *i));
+ continue;
+ }
}
else if (!(((*i >= 'a') && (*i <= 'z')) || ((*i >= 'A') && (*i <= 'Z'))))
continue;
diff --git a/src/users.cpp b/src/users.cpp
index e8e292615..bd7d046b8 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -229,6 +229,19 @@ bool LocalUser::HasPrivPermission(const std::string& privstr)
return oper->AllowedPrivs.Contains(privstr);
}
+bool User::HasSnomaskPermission(char chr) const
+{
+ return true;
+}
+
+bool LocalUser::HasSnomaskPermission(char chr) const
+{
+ if (!this->IsOper() || !ModeParser::IsModeChar(chr))
+ return false;
+
+ return this->oper->AllowedSnomasks[chr - 'A'];
+}
+
void UserIOHandler::OnDataReady()
{
if (user->quitting)
@@ -419,6 +432,7 @@ void OperInfo::init()
AllowedPrivs.Clear();
AllowedUserModes.reset();
AllowedChanModes.reset();
+ AllowedSnomasks.reset();
AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want.
for(std::vector<reference<ConfigTag> >::iterator iter = class_blocks.begin(); iter != class_blocks.end(); ++iter)
@@ -447,6 +461,16 @@ void OperInfo::init()
else if (ModeParser::IsModeChar(chr))
this->AllowedChanModes[chr - 'A'] = true;
}
+
+ const std::string snomasks = tag->getString("snomasks", "*");
+ for (std::string::const_iterator c = snomasks.begin(); c != snomasks.end(); ++c)
+ {
+ const char& chr = *c;
+ if (chr == '*')
+ this->AllowedSnomasks.set();
+ else if (ModeParser::IsModeChar(chr))
+ this->AllowedSnomasks[chr - 'A'] = true;
+ }
}
}