diff options
author | Peter Powell <petpow@saberuk.com> | 2013-04-07 17:02:37 +0100 |
---|---|---|
committer | Peter Powell <petpow@saberuk.com> | 2013-04-13 16:01:42 +0100 |
commit | b331d0549be435d77ceb52aee4a58ee4aa40ec7d (patch) | |
tree | c7c7c4cdf38d1c69828a8ed9c022851f75b44936 | |
parent | 1626437cbf963b16ce44ef6cc829957fd3a7e2ff (diff) |
Add <security:allowcoreunload>.
When enabled (the default) this setting prevents the unloading of
core modules such as cmd_privmsg.
-rw-r--r-- | docs/conf/inspircd.conf.example | 3 | ||||
-rw-r--r-- | src/commands/cmd_unloadmodule.cpp | 9 | ||||
-rw-r--r-- | src/modules/m_globalload.cpp | 7 |
3 files changed, 18 insertions, 1 deletions
diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 2988ccc0b..173355acd 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -657,6 +657,9 @@ # # <security + # allowcoreunload: If this value is set to yes, Opers will be able to + # unload core modules (e.g. cmd_privmsg.so). + allowcoreunload="no" # announceinvites: This option controls which members of the channel # receive an announcement when someone is INVITEd. Available values: diff --git a/src/commands/cmd_unloadmodule.cpp b/src/commands/cmd_unloadmodule.cpp index 6d0f5f41c..29f454987 100644 --- a/src/commands/cmd_unloadmodule.cpp +++ b/src/commands/cmd_unloadmodule.cpp @@ -42,12 +42,19 @@ class CommandUnloadmodule : public Command CmdResult CommandUnloadmodule::Handle (const std::vector<std::string>& parameters, User *user) { + if (!ServerInstance->Config->ConfValue("security")->getBool("allowcoreunload") && + InspIRCd::Match(parameters[0], "cmd_*.so", ascii_case_insensitive_map)) + { + user->WriteNumeric(972, "%s %s :You cannot unload core commands!", user->nick.c_str(), parameters[0].c_str()); + return CMD_FAILURE; + } + if (parameters[0] == "cmd_unloadmodule.so" || parameters[0] == "cmd_loadmodule.so") { user->WriteNumeric(972, "%s %s :You cannot unload module loading commands!", user->nick.c_str(), parameters[0].c_str()); return CMD_FAILURE; } - + Module* m = ServerInstance->Modules->Find(parameters[0]); if (m && ServerInstance->Modules->Unload(m)) { diff --git a/src/modules/m_globalload.cpp b/src/modules/m_globalload.cpp index d623ed262..6c6dd769e 100644 --- a/src/modules/m_globalload.cpp +++ b/src/modules/m_globalload.cpp @@ -79,6 +79,13 @@ class CommandGunloadmodule : public Command CmdResult Handle (const std::vector<std::string> ¶meters, User *user) { + if (!ServerInstance->Config->ConfValue("security")->getBool("allowcoreunload") && + InspIRCd::Match(parameters[0], "cmd_*.so", ascii_case_insensitive_map)) + { + user->WriteNumeric(972, "%s %s :You cannot unload core commands!", user->nick.c_str(), parameters[0].c_str()); + return CMD_FAILURE; + } + std::string servername = parameters.size() > 1 ? parameters[1] : "*"; if (InspIRCd::Match(ServerInstance->Config->ServerName.c_str(), servername)) |