From 6fcbfc072387752ec345d7589e986b9959f350fc Mon Sep 17 00:00:00 2001
From: Sadie Powell <sadie@witchery.services>
Date: Sat, 11 Apr 2020 15:09:34 +0100
Subject: Add support for limiting what opers can subscribe to snomasks.

---
 src/coremods/core_user/umode_s.cpp |  9 ++++++++-
 src/users.cpp                      | 24 ++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/coremods/core_user/umode_s.cpp b/src/coremods/core_user/umode_s.cpp
index 6e1f6d43d..5994f97fb 100644
--- a/src/coremods/core_user/umode_s.cpp
+++ b/src/coremods/core_user/umode_s.cpp
@@ -89,7 +89,8 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
 			case '*':
 				for (size_t j = 0; j < 64; j++)
 				{
-					if (ServerInstance->SNO->IsSnomaskUsable(j+'A'))
+					const char chr = j + 'A';
+					if (user->HasSnomaskPermission(chr) && ServerInstance->SNO->IsSnomaskUsable(chr))
 						curr[j] = adding;
 				}
 			break;
@@ -103,6 +104,12 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
 						user->WriteNumeric(ERR_UNKNOWNSNOMASK, *i, "is an unknown snomask character");
 						continue;
 					}
+					else if (!user->HasSnomaskPermission(*i))
+					{
+						user->WriteNumeric(ERR_NOPRIVILEGES, InspIRCd::Format("Permission Denied - Oper type %s does not have access to snomask %c",
+							user->oper->name.c_str(), *i));
+						continue;
+					}
 				}
 				else if (!(((*i >= 'a') && (*i <= 'z')) || ((*i >= 'A') && (*i <= 'Z'))))
 					continue;
diff --git a/src/users.cpp b/src/users.cpp
index e8e292615..bd7d046b8 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -229,6 +229,19 @@ bool LocalUser::HasPrivPermission(const std::string& privstr)
 	return oper->AllowedPrivs.Contains(privstr);
 }
 
+bool User::HasSnomaskPermission(char chr) const
+{
+	return true;
+}
+
+bool LocalUser::HasSnomaskPermission(char chr) const
+{
+	if (!this->IsOper() || !ModeParser::IsModeChar(chr))
+		return false;
+
+	return this->oper->AllowedSnomasks[chr - 'A'];
+}
+
 void UserIOHandler::OnDataReady()
 {
 	if (user->quitting)
@@ -419,6 +432,7 @@ void OperInfo::init()
 	AllowedPrivs.Clear();
 	AllowedUserModes.reset();
 	AllowedChanModes.reset();
+	AllowedSnomasks.reset();
 	AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want.
 
 	for(std::vector<reference<ConfigTag> >::iterator iter = class_blocks.begin(); iter != class_blocks.end(); ++iter)
@@ -447,6 +461,16 @@ void OperInfo::init()
 			else if (ModeParser::IsModeChar(chr))
 				this->AllowedChanModes[chr - 'A'] = true;
 		}
+
+		const std::string snomasks = tag->getString("snomasks", "*");
+		for (std::string::const_iterator c = snomasks.begin(); c != snomasks.end(); ++c)
+		{
+			const char& chr = *c;
+			if (chr == '*')
+				this->AllowedSnomasks.set();
+			else if (ModeParser::IsModeChar(chr))
+				this->AllowedSnomasks[chr - 'A'] = true;
+		}
 	}
 }
 
-- 
cgit v1.2.3