/*
* Copyright (C) 2006 Jilles Tjoelker
* Copyright (C) 2006 Stephen Bennett <spb@gentoo.org>
- * Copyright (C) 2016 Jason Volk <jason@zemos.net>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice is present in all copies.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
- * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
*/
#include "stdinc.h"
#include "s_serv.h"
#include "s_conf.h"
#include "s_newconf.h"
-#include "privilege.h"
+#include "msgbuf.h"
+static void mo_grant(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
+static void me_grant(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
-static
-void set_mode(struct Client *const target,
- const char *const str)
-{
- const char *mode[] =
- {
- target->name,
- target->name,
- str,
- NULL
- };
+static int do_grant(struct Client *source_p, struct Client *target_p, const char *new_privset);
- user_mode(target, target, 3, mode);
-}
+struct Message grant_msgtab = {
+ "GRANT", 0, 0, 0, 0,
+ { mg_ignore, mg_not_oper, mg_ignore, mg_ignore, {me_grant, 3}, {mo_grant, 3}}
+};
+
+mapi_clist_av1 grant_clist[] = { &grant_msgtab, NULL };
+
+static const char grant_desc[] = "Allows operators to set or remove operator privileges on other users";
+DECLARE_MODULE_AV2(grant, NULL, NULL, grant_clist, NULL, NULL, NULL, NULL, grant_desc);
-static
-void set_privset(struct Client *const source,
- struct Client *const target,
- const char *const privset_name)
+static void
+mo_grant(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
- struct PrivilegeSet *const privset = privilegeset_get(privset_name);
- if(!privset)
+ struct Client *target_p;
+
+ if(!HasPrivilege(source_p, "oper:grant"))
{
- sendto_one_notice(source, ":There is no privilege set named '%s'.", privset_name);
+ sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "grant");
return;
}
- if(IsOper(target) && target->user->privset == privset)
+ target_p = find_named_person(parv[1]);
+ if (target_p == NULL)
{
- sendto_one_notice(source, ":%s already has role of %s.", target->name, privset_name);
+ sendto_one_numeric(source_p, ERR_NOSUCHNICK,
+ form_str(ERR_NOSUCHNICK), parv[1]);
return;
}
- if(IsOper(target))
+ if (MyClient(target_p))
{
- sendto_one_notice(target, ":%s has changed your role to %s.", source->name, privset_name);
- sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s has changed %s's role to %s.", get_oper_name(source), target->name, privset_name);
- target->user->privset = privset;
- return;
+ do_grant(source_p, target_p, parv[2]);
}
-
- struct oper_conf oper =
+ else
{
- .name = (char *)privset->name,
- .privset = privset,
- };
-
- oper_up(target, &oper);
- set_mode(target, "+o");
- sendto_one_notice(target, ":%s has granted you the role of %s.", source->name, privset_name);
- sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s has granted %s the role of %s.", get_oper_name(source), target->name, privset_name);
+ sendto_one(target_p, ":%s ENCAP %s GRANT %s %s",
+ get_id(source_p, target_p), target_p->servptr->name,
+ get_id(target_p, target_p), parv[2]);
+ }
}
-
-static
-void grant_revoke(struct Client *const source,
- struct Client *const target)
+static void
+me_grant(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
- if(!IsOper(target))
+ struct Client *target_p;
+
+ target_p = find_person(parv[1]);
+ if (target_p == NULL)
{
- sendto_one_notice(source, ":You can't deoper someone who isn't an oper.");
+ sendto_one_numeric(source_p, ERR_NOSUCHNICK,
+ form_str(ERR_NOSUCHNICK), parv[1]);
return;
}
- set_mode(target, "-o");
- sendto_one_notice(target, ":%s has deopered you.", source->name);
- sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s has deopered %s.", get_oper_name(source), target->name);
+ do_grant(source_p, target_p, parv[2]);
}
-static
-void grant(struct MsgBuf *msgbuf, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
+static int do_grant(struct Client *source_p, struct Client *target_p, const char *new_privset)
{
- if(MyClient(source_p) && !HasPrivilege(source_p, "oper:grant"))
- {
- sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "grant");
- return;
- }
+ int dooper = 0, dodeoper = 0;
+ struct PrivilegeSet *privset = NULL, *old_privset = NULL;
- if(parc < 3)
+ if (!IsPerson(source_p))
{
- sendto_one_notice(source_p, ":usage GRANT: <target nickname> <privilegese name | 'revoke'>");
- return;
+ /* This can only happen if a broken server sends us nonsense, so ignore it */
+ return 0;
}
- struct Client *const target_p = find_person(parv[1]);
-
- if(!target_p)
+ if (!strcasecmp(new_privset, "deoper"))
{
- if(IsPerson(source_p))
- sendto_one_numeric(source_p, ERR_NOSUCHNICK, form_str(ERR_NOSUCHNICK), parv[1]);
-
- return;
+ if (!IsOper(target_p))
+ {
+ sendto_one_notice(source_p, ":You can't deoper someone who isn't an oper.");
+ return 0;
+ }
+ dodeoper = 1;
+
+ sendto_one_notice(target_p, ":%s is deopering you.", source_p->name);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s is deopering %s.", get_oper_name(source_p), target_p->name);
}
-
- if(!MyClient(source_p) && !find_shared_conf(source_p->username, source_p->host, source_p->servptr->name, SHARED_GRANT))
+ else
{
- sendto_one_notice(source_p, ":GRANT failed: You have no shared configuration block on this server.");
- return;
+ if (!(privset = privilegeset_get(new_privset)))
+ {
+ sendto_one_notice(source_p, ":There is no privilege set named '%s'.", new_privset);
+ return 0;
+ }
+
+ if (privset == target_p->user->privset)
+ {
+ sendto_one_notice(source_p, ":%s already has privilege set %s.", target_p->name, target_p->user->privset->name);
+ return 0;
+ }
+
+ if (ConfigFileEntry.oper_secure_only && !IsSecureClient(target_p))
+ {
+ sendto_one_notice(source_p, ":Cannot GRANT %s, opers must be using secure connections.", target_p->name);
+ return 0;
+ }
}
- if(MyClient(target_p))
+ if (!dodeoper)
{
- if(irccmp(parv[2], "revoke") == 0)
- grant_revoke(source_p, target_p);
+ if (!IsOper(target_p))
+ {
+ sendto_one_notice(target_p, ":%s is opering you with privilege set %s", source_p->name, privset->name);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s is opering %s with privilege set %s", get_oper_name(source_p), target_p->name, privset->name);
+ dooper = 1;
+ }
else
- set_privset(source_p, target_p, parv[2]);
+ {
+ sendto_one_notice(target_p, ":%s is changing your privilege set to %s", source_p->name, privset->name);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "%s is changing the privilege set of %s to %s", get_oper_name(source_p), target_p->name, privset->name);
+ }
+
+ if (!IsOper(target_p))
+ {
+ dooper = 1;
+ }
}
- else if(MyClient(source_p))
+
+ if (dodeoper)
{
- sendto_one(target_p, ":%s ENCAP %s GRANT %s %s",
- get_id(source_p, target_p),
- target_p->servptr->name,
- get_id(target_p, target_p),
- parv[2]);
- }
+ const char *modeparv[4];
+ modeparv[0] = modeparv[1] = target_p->name;
+ modeparv[2] = "-o";
+ modeparv[3] = NULL;
+ user_mode(target_p, target_p, 3, modeparv);
- return;
-}
+ return 0;
+ }
-struct Message msgtab =
-{
- "GRANT", 0, 0, 0, 0,
+ if (dooper)
{
- mg_ignore,
- mg_not_oper,
- mg_ignore,
- mg_ignore,
- { grant, 3 },
- { grant, 3 }
+ struct oper_conf oper = {0};
+ oper.name = "<grant>";
+ oper.privset = privset;
+
+ oper_up(target_p, &oper);
}
-};
+ else
+ {
+ if (privset != NULL)
+ privilegeset_ref(privset);
-mapi_clist_av1 grant_clist[] =
-{
- &msgtab,
- NULL
-};
+ if (target_p->user->privset != NULL)
+ old_privset = target_p->user->privset;
+
+ target_p->user->privset = privset;
+
+ if (privset != NULL)
+ sendto_server(NULL, NULL, CAP_TS6, NOCAPS, ":%s OPER %s %s",
+ use_id(target_p), target_p->user->opername, privset->name);
-static const char grant_desc[] =
- "Provides the grant facility for giving other users specific privilege sets";
-
-DECLARE_MODULE_AV2
-(
- grant,
- NULL,
- NULL,
- grant_clist,
- NULL,
- NULL,
- NULL,
- NULL,
- grant_desc
-);
+ report_priv_change(target_p, old_privset, privset);
+
+ if (old_privset != NULL)
+ privilegeset_unref(old_privset);
+
+ const char *modeparv[4];
+ modeparv[0] = modeparv[1] = target_p->name;
+ modeparv[2] = "+";
+ modeparv[3] = NULL;
+ user_mode(target_p, target_p, 3, modeparv);
+ }
+
+ return 0;
+}
projects / solanum.git / blobdiff