diff options
author | Sadie Powell <sadie@witchery.services> | 2020-04-11 15:09:34 +0100 |
---|---|---|
committer | Sadie Powell <sadie@witchery.services> | 2020-04-11 15:44:51 +0100 |
commit | 6fcbfc072387752ec345d7589e986b9959f350fc (patch) | |
tree | c62f9074e1d1409ac4379025d6938cbaf8c8e29f | |
parent | 41f781a9a6560eab393b18815dbdfa9073c6810b (diff) |
Add support for limiting what opers can subscribe to snomasks.
-rw-r--r-- | docs/conf/opers.conf.example | 11 | ||||
-rw-r--r-- | include/configreader.h | 3 | ||||
-rw-r--r-- | include/users.h | 9 | ||||
-rw-r--r-- | src/coremods/core_user/umode_s.cpp | 9 | ||||
-rw-r--r-- | src/users.cpp | 24 |
5 files changed, 51 insertions, 5 deletions
diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index 67801ce31..dfde001b5 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -49,12 +49,15 @@ usermodes="*" # chanmodes: Oper-only channel modes that opers with this class can use. - chanmodes="*"> + chanmodes="*" + + # snomasks: The snomasks that opers with this class can use. + snomasks="*"> <class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN"> -<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex"> -<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*"> -<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message"> +<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex" snomasks="Cc"> +<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*" snomasks="Xx"> +<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message" snomasks="Gg"> <class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex"> diff --git a/include/configreader.h b/include/configreader.h index 4deef83f4..5a775a016 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -188,6 +188,9 @@ class CoreExport OperInfo : public refcountbase /** Allowed channel modes from oper classes. */ std::bitset<64> AllowedChanModes; + /** Allowed snomasks from oper classes. */ + std::bitset<64> AllowedSnomasks; + /** \<oper> block used for this oper-up. May be NULL. */ reference<ConfigTag> oper_block; /** \<type> block used for this oper-up. Valid for local users, may be NULL on remote */ diff --git a/include/users.h b/include/users.h index bae2615c2..4d7994e8e 100644 --- a/include/users.h +++ b/include/users.h @@ -490,6 +490,12 @@ class CoreExport User : public Extensible */ virtual bool HasModePermission(const ModeHandler* mh) const; + /** Determines whether this user can set the specified snomask. + * @param chr The server notice mask character to look up. + * @return True if the user can set the specified snomask; otherwise, false. + */ + virtual bool HasSnomaskPermission(char chr) const; + /** Creates a usermask with real host. * Takes a buffer to use and fills the given buffer with the hostmask in the format user\@host * @return the usermask in the format user\@host @@ -879,6 +885,9 @@ class CoreExport LocalUser : public User, public insp::intrusive_list_node<Local */ bool HasModePermission(const ModeHandler* mh) const CXX11_OVERRIDE; + /** @copydoc User::HasSnomaskPermission */ + bool HasSnomaskPermission(char chr) const CXX11_OVERRIDE; + /** Change nick to uuid, unset REG_NICK and send a nickname overruled numeric. * This is called when another user (either local or remote) needs the nick of this user and this user * isn't registered. diff --git a/src/coremods/core_user/umode_s.cpp b/src/coremods/core_user/umode_s.cpp index 6e1f6d43d..5994f97fb 100644 --- a/src/coremods/core_user/umode_s.cpp +++ b/src/coremods/core_user/umode_s.cpp @@ -89,7 +89,8 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std:: case '*': for (size_t j = 0; j < 64; j++) { - if (ServerInstance->SNO->IsSnomaskUsable(j+'A')) + const char chr = j + 'A'; + if (user->HasSnomaskPermission(chr) && ServerInstance->SNO->IsSnomaskUsable(chr)) curr[j] = adding; } break; @@ -103,6 +104,12 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std:: user->WriteNumeric(ERR_UNKNOWNSNOMASK, *i, "is an unknown snomask character"); continue; } + else if (!user->HasSnomaskPermission(*i)) + { + user->WriteNumeric(ERR_NOPRIVILEGES, InspIRCd::Format("Permission Denied - Oper type %s does not have access to snomask %c", + user->oper->name.c_str(), *i)); + continue; + } } else if (!(((*i >= 'a') && (*i <= 'z')) || ((*i >= 'A') && (*i <= 'Z')))) continue; diff --git a/src/users.cpp b/src/users.cpp index e8e292615..bd7d046b8 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -229,6 +229,19 @@ bool LocalUser::HasPrivPermission(const std::string& privstr) return oper->AllowedPrivs.Contains(privstr); } +bool User::HasSnomaskPermission(char chr) const +{ + return true; +} + +bool LocalUser::HasSnomaskPermission(char chr) const +{ + if (!this->IsOper() || !ModeParser::IsModeChar(chr)) + return false; + + return this->oper->AllowedSnomasks[chr - 'A']; +} + void UserIOHandler::OnDataReady() { if (user->quitting) @@ -419,6 +432,7 @@ void OperInfo::init() AllowedPrivs.Clear(); AllowedUserModes.reset(); AllowedChanModes.reset(); + AllowedSnomasks.reset(); AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want. for(std::vector<reference<ConfigTag> >::iterator iter = class_blocks.begin(); iter != class_blocks.end(); ++iter) @@ -447,6 +461,16 @@ void OperInfo::init() else if (ModeParser::IsModeChar(chr)) this->AllowedChanModes[chr - 'A'] = true; } + + const std::string snomasks = tag->getString("snomasks", "*"); + for (std::string::const_iterator c = snomasks.begin(); c != snomasks.end(); ++c) + { + const char& chr = *c; + if (chr == '*') + this->AllowedSnomasks.set(); + else if (ModeParser::IsModeChar(chr)) + this->AllowedSnomasks[chr - 'A'] = true; + } } } |