X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_servprotect.cpp;h=3aafda237d3123c5cbd35eca9418addd852324d8;hb=d185decae97752368d5cf62311cbc0d1a52aa22c;hp=cb4f0e1af07524826da260de277446bcf6c2a643;hpb=007ce21b595a4bed48a7f4146946566dd6aa7a39;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_servprotect.cpp b/src/modules/m_servprotect.cpp index cb4f0e1af..3aafda237 100644 --- a/src/modules/m_servprotect.cpp +++ b/src/modules/m_servprotect.cpp @@ -38,13 +38,13 @@ class ServProtectMode : public ModeHandler class ModuleServProtectMode : public Module { - + ServProtectMode* bm; public: ModuleServProtectMode(InspIRCd* Me) : Module(Me) { - + bm = new ServProtectMode(ServerInstance); if (!ServerInstance->Modes->AddMode(bm)) throw ModuleException("Could not add new modes!"); @@ -52,13 +52,13 @@ class ModuleServProtectMode : public Module ServerInstance->Modules->Attach(eventlist, this, 4); } - + virtual ~ModuleServProtectMode() { ServerInstance->Modes->DelMode(bm); delete bm; } - + virtual Version GetVersion() { return Version(1,2,0,0,VF_COMMON,API_VERSION); @@ -74,18 +74,29 @@ class ModuleServProtectMode : public Module virtual int OnRawMode(User* user, Channel* chan, const char mode, const std::string ¶m, bool adding, int pcnt, bool servermode) { - if (!servermode && (mode == 'o') && !adding && chan && IS_LOCAL(user) && !ServerInstance->ULine(user->server)) + /* Check that the mode is not a server mode, it is being removed, the user making the change is local, there is a parameter, + * and the user making the change is not a uline + */ + if (!servermode && !adding && chan && IS_LOCAL(user) && !param.empty() && !ServerInstance->ULine(user->server)) { + /* Check if the parameter is a valid nick/uuid + */ User *u = ServerInstance->FindNick(param); if (u) { - if (u->IsModeSet('k')) + /* The target user has +k set on themselves, and you are trying to remove a privilege mode the user has set on themselves. + * This includes any prefix permission mode, even those registered in other modules, e.g. +qaohv. Using ::ModeString() + * here means that the number of modes is restricted to only modes the user has, limiting it to as short a loop as possible. + */ + if (u->IsModeSet('k') && ServerInstance->Modes->ModeString(u, chan, false).find(mode) != std::string::npos) { - user->WriteNumeric(482, "%s %s :You are not permitted to deop %s services", user->nick.c_str(), chan->name.c_str(), ServerInstance->Config->Network); + /* BZZZT, Denied! */ + user->WriteNumeric(482, "%s %s :You are not permitted to remove privileges from %s services", user->nick.c_str(), chan->name.c_str(), ServerInstance->Config->Network); return ACR_DENY; } } } + /* Mode allowed */ return 0; }