From 6fcbfc072387752ec345d7589e986b9959f350fc Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sat, 11 Apr 2020 15:09:34 +0100 Subject: Add support for limiting what opers can subscribe to snomasks. --- docs/conf/opers.conf.example | 11 +++++++---- include/configreader.h | 3 +++ include/users.h | 9 +++++++++ src/coremods/core_user/umode_s.cpp | 9 ++++++++- src/users.cpp | 24 ++++++++++++++++++++++++ 5 files changed, 51 insertions(+), 5 deletions(-) diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index 67801ce31..dfde001b5 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -49,12 +49,15 @@ usermodes="*" # chanmodes: Oper-only channel modes that opers with this class can use. - chanmodes="*"> + chanmodes="*" + + # snomasks: The snomasks that opers with this class can use. + snomasks="*"> - - - + + + diff --git a/include/configreader.h b/include/configreader.h index 4deef83f4..5a775a016 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -188,6 +188,9 @@ class CoreExport OperInfo : public refcountbase /** Allowed channel modes from oper classes. */ std::bitset<64> AllowedChanModes; + /** Allowed snomasks from oper classes. */ + std::bitset<64> AllowedSnomasks; + /** \ block used for this oper-up. May be NULL. */ reference oper_block; /** \ block used for this oper-up. Valid for local users, may be NULL on remote */ diff --git a/include/users.h b/include/users.h index bae2615c2..4d7994e8e 100644 --- a/include/users.h +++ b/include/users.h @@ -490,6 +490,12 @@ class CoreExport User : public Extensible */ virtual bool HasModePermission(const ModeHandler* mh) const; + /** Determines whether this user can set the specified snomask. + * @param chr The server notice mask character to look up. + * @return True if the user can set the specified snomask; otherwise, false. + */ + virtual bool HasSnomaskPermission(char chr) const; + /** Creates a usermask with real host. * Takes a buffer to use and fills the given buffer with the hostmask in the format user\@host * @return the usermask in the format user\@host @@ -879,6 +885,9 @@ class CoreExport LocalUser : public User, public insp::intrusive_list_nodeSNO->IsSnomaskUsable(j+'A')) + const char chr = j + 'A'; + if (user->HasSnomaskPermission(chr) && ServerInstance->SNO->IsSnomaskUsable(chr)) curr[j] = adding; } break; @@ -103,6 +104,12 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std:: user->WriteNumeric(ERR_UNKNOWNSNOMASK, *i, "is an unknown snomask character"); continue; } + else if (!user->HasSnomaskPermission(*i)) + { + user->WriteNumeric(ERR_NOPRIVILEGES, InspIRCd::Format("Permission Denied - Oper type %s does not have access to snomask %c", + user->oper->name.c_str(), *i)); + continue; + } } else if (!(((*i >= 'a') && (*i <= 'z')) || ((*i >= 'A') && (*i <= 'Z')))) continue; diff --git a/src/users.cpp b/src/users.cpp index e8e292615..bd7d046b8 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -229,6 +229,19 @@ bool LocalUser::HasPrivPermission(const std::string& privstr) return oper->AllowedPrivs.Contains(privstr); } +bool User::HasSnomaskPermission(char chr) const +{ + return true; +} + +bool LocalUser::HasSnomaskPermission(char chr) const +{ + if (!this->IsOper() || !ModeParser::IsModeChar(chr)) + return false; + + return this->oper->AllowedSnomasks[chr - 'A']; +} + void UserIOHandler::OnDataReady() { if (user->quitting) @@ -419,6 +432,7 @@ void OperInfo::init() AllowedPrivs.Clear(); AllowedUserModes.reset(); AllowedChanModes.reset(); + AllowedSnomasks.reset(); AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want. for(std::vector >::iterator iter = class_blocks.begin(); iter != class_blocks.end(); ++iter) @@ -447,6 +461,16 @@ void OperInfo::init() else if (ModeParser::IsModeChar(chr)) this->AllowedChanModes[chr - 'A'] = true; } + + const std::string snomasks = tag->getString("snomasks", "*"); + for (std::string::const_iterator c = snomasks.begin(); c != snomasks.end(); ++c) + { + const char& chr = *c; + if (chr == '*') + this->AllowedSnomasks.set(); + else if (ModeParser::IsModeChar(chr)) + this->AllowedSnomasks[chr - 'A'] = true; + } } } -- cgit v1.2.3