summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Powell <petpow@saberuk.com>2013-04-07 17:02:37 +0100
committerPeter Powell <petpow@saberuk.com>2013-04-13 16:01:42 +0100
commitb331d0549be435d77ceb52aee4a58ee4aa40ec7d (patch)
treec7c7c4cdf38d1c69828a8ed9c022851f75b44936
parent1626437cbf963b16ce44ef6cc829957fd3a7e2ff (diff)
Add <security:allowcoreunload>.
When enabled (the default) this setting prevents the unloading of core modules such as cmd_privmsg.
-rw-r--r--docs/conf/inspircd.conf.example3
-rw-r--r--src/commands/cmd_unloadmodule.cpp9
-rw-r--r--src/modules/m_globalload.cpp7
3 files changed, 18 insertions, 1 deletions
diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example
index 2988ccc0b..173355acd 100644
--- a/docs/conf/inspircd.conf.example
+++ b/docs/conf/inspircd.conf.example
@@ -657,6 +657,9 @@
# #
<security
+ # allowcoreunload: If this value is set to yes, Opers will be able to
+ # unload core modules (e.g. cmd_privmsg.so).
+ allowcoreunload="no"
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
diff --git a/src/commands/cmd_unloadmodule.cpp b/src/commands/cmd_unloadmodule.cpp
index 6d0f5f41c..29f454987 100644
--- a/src/commands/cmd_unloadmodule.cpp
+++ b/src/commands/cmd_unloadmodule.cpp
@@ -42,12 +42,19 @@ class CommandUnloadmodule : public Command
CmdResult CommandUnloadmodule::Handle (const std::vector<std::string>& parameters, User *user)
{
+ if (!ServerInstance->Config->ConfValue("security")->getBool("allowcoreunload") &&
+ InspIRCd::Match(parameters[0], "cmd_*.so", ascii_case_insensitive_map))
+ {
+ user->WriteNumeric(972, "%s %s :You cannot unload core commands!", user->nick.c_str(), parameters[0].c_str());
+ return CMD_FAILURE;
+ }
+
if (parameters[0] == "cmd_unloadmodule.so" || parameters[0] == "cmd_loadmodule.so")
{
user->WriteNumeric(972, "%s %s :You cannot unload module loading commands!", user->nick.c_str(), parameters[0].c_str());
return CMD_FAILURE;
}
-
+
Module* m = ServerInstance->Modules->Find(parameters[0]);
if (m && ServerInstance->Modules->Unload(m))
{
diff --git a/src/modules/m_globalload.cpp b/src/modules/m_globalload.cpp
index d623ed262..6c6dd769e 100644
--- a/src/modules/m_globalload.cpp
+++ b/src/modules/m_globalload.cpp
@@ -79,6 +79,13 @@ class CommandGunloadmodule : public Command
CmdResult Handle (const std::vector<std::string> &parameters, User *user)
{
+ if (!ServerInstance->Config->ConfValue("security")->getBool("allowcoreunload") &&
+ InspIRCd::Match(parameters[0], "cmd_*.so", ascii_case_insensitive_map))
+ {
+ user->WriteNumeric(972, "%s %s :You cannot unload core commands!", user->nick.c_str(), parameters[0].c_str());
+ return CMD_FAILURE;
+ }
+
std::string servername = parameters.size() > 1 ? parameters[1] : "*";
if (InspIRCd::Match(ServerInstance->Config->ServerName.c_str(), servername))