X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fusers.cpp;h=784783086ca21f8bc3df288dbca0d8478057fbe7;hb=30b7a1bf7fb0b422a6fd674f0cce95b3b0f92673;hp=f5af3a80317a14b4ccda29d33c7116bda8aca9c9;hpb=ca42e175351b6209a8e9cbd5eb92bba4f38a38ce;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/users.cpp b/src/users.cpp
index f5af3a803..784783086 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -216,7 +216,7 @@ User::User(InspIRCd* Instance, const std::string &uid) : ServerInstance(Instance
 	Visibility = NULL;
 	ip = NULL;
 	MyClass = NULL;
-	AllowedOperCommands = NULL;
+	AllowedPrivs = AllowedOperCommands = NULL;
 	chans.clear();
 	invites.clear();
 
@@ -242,12 +242,19 @@ User::~User()
 		this->MyClass->RefCount--;
 		ServerInstance->Logs->Log("USERS", DEBUG, "User destructor -- connect refcount now: %lu", this->MyClass->RefCount);
 	}
+
 	if (this->AllowedOperCommands)
 	{
 		delete AllowedOperCommands;
 		AllowedOperCommands = NULL;
 	}
 
+	if (this->AllowedPrivs)
+	{
+		delete AllowedPrivs;
+		AllowedPrivs = NULL;
+	}
+
 	this->InvalidateCache();
 	this->DecrementModes();
 
@@ -505,10 +512,46 @@ bool User::HasPermission(const std::string &command)
 }
 
 
-bool User::HasPrivPermission(const std::string &privstr)
+bool User::HasPrivPermission(const std::string &privstr, bool noisy)
 {
-	ServerInstance->Logs->Log("CRAP", DEBUG, "Checking if I have " + privstr);
-	return true;
+	ServerInstance->Logs->Log("PRIVS", DEBUG, "Checking if I have " + privstr);
+	if (!IS_LOCAL(this))
+	{
+		ServerInstance->Logs->Log("PRIVS", DEBUG, "Remote (yes)");
+		return true;
+	}
+
+	if (!IS_OPER(this))
+	{
+		if (noisy)
+			this->WriteServ("NOTICE %s :You are not an oper", this->nick.c_str());
+		ServerInstance->Logs->Log("PRIVS", DEBUG, "Not oper (no)");
+		return false;
+	}
+
+	if (!AllowedPrivs)
+	{
+		if (noisy)
+			this->WriteServ("NOTICE %s :Privset empty(!?)", this->nick.c_str());
+		ServerInstance->Logs->Log("PRIVS", DEBUG, "No privs(?) (no)");
+		return false;
+	}
+
+	if (AllowedPrivs->find(privstr) != AllowedPrivs->end())
+	{
+		ServerInstance->Logs->Log("PRIVS", DEBUG, "I do have it.");		
+		return true;
+	}
+	else if (AllowedPrivs->find("*") != AllowedPrivs->end())
+	{
+		ServerInstance->Logs->Log("PRIVS", DEBUG, "I allow all.");
+		return true;
+	}
+
+	if (noisy)
+		this->WriteServ("NOTICE %s :Oper type %s does not have access to priv %s", this->nick.c_str(), this->oper.c_str(), privstr.c_str());
+	ServerInstance->Logs->Log("PRIVS", DEBUG, "I don't have it...");
+	return false;
 }
 
 bool User::AddBuffer(const std::string &a)
@@ -717,28 +760,40 @@ void User::Oper(const std::string &opertype, const std::string &opername)
 	opertype_t::iterator iter_opertype = ServerInstance->Config->opertypes.find(this->oper.c_str());
 	if (iter_opertype != ServerInstance->Config->opertypes.end())
 	{
-
 		if (AllowedOperCommands)
 			AllowedOperCommands->clear();
 		else
-			AllowedOperCommands = new std::map<std::string, bool>;
+			AllowedOperCommands = new std::set<std::string>;
+
+		if (AllowedPrivs)
+			AllowedPrivs->clear();
+		else
+			AllowedPrivs = new std::set<std::string>;
 
 		AllowedUserModes.reset();
 		AllowedChanModes.reset();
 		this->AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want.
 
-		std::string myclass, mycmd;
+		std::string myclass, mycmd, mypriv;
 		irc::spacesepstream Classes(iter_opertype->second);
 		while (Classes.GetToken(myclass))
 		{
 			operclass_t::iterator iter_operclass = ServerInstance->Config->operclass.find(myclass.c_str());
 			if (iter_operclass != ServerInstance->Config->operclass.end())
 			{
+				/* Process commands */
 				irc::spacesepstream CommandList(iter_operclass->second.commandlist);
 				while (CommandList.GetToken(mycmd))
 				{
-					this->AllowedOperCommands->insert(std::make_pair(mycmd, true));
+					this->AllowedOperCommands->insert(mycmd);
+				}
+
+				irc::spacesepstream PrivList(iter_operclass->second.privs);
+				while (PrivList.GetToken(mypriv))
+				{
+					this->AllowedPrivs->insert(mypriv);
 				}
+
 				for (unsigned char* c = (unsigned char*)iter_operclass->second.umodelist; *c; ++c)
 				{
 					if (*c == '*')
@@ -750,6 +805,7 @@ void User::Oper(const std::string &opertype, const std::string &opername)
 						this->AllowedUserModes[*c - 'A'] = true;
 					}
 				}
+
 				for (unsigned char* c = (unsigned char*)iter_operclass->second.cmodelist; *c; ++c)
 				{
 					if (*c == '*')
@@ -804,6 +860,12 @@ void User::UnOper()
 			AllowedOperCommands = NULL;
 		}
 
+		if (AllowedPrivs)
+		{
+			delete AllowedPrivs;
+			AllowedPrivs = NULL;
+		}
+
 		AllowedUserModes.reset();
 		AllowedChanModes.reset();
 	}
@@ -1768,6 +1830,9 @@ ConnectClass* User::SetClass(const std::string &explicit_name)
 		{
 			ConnectClass* c = *i;
 
+			if (c->GetDisabled())
+				continue; // can't possibly match, removed from conf
+
 			if (explicit_name == c->GetName())
 			{
 				ServerInstance->Logs->Log("CONNECTCLASS", DEBUG, "Explicitly set to %s", explicit_name.c_str());
@@ -1790,6 +1855,13 @@ ConnectClass* User::SetClass(const std::string &explicit_name)
 				ServerInstance->Logs->Log("CONNECTCLASS", DEBUG, "DENY %s %d %s", c->GetHost().c_str(), c->GetPort(), c->GetName().c_str());
 			}
 
+			/* if it's disabled, we can't match this one. */
+			if (c->GetDisabled())
+			{
+				ServerInstance->Logs->Log("CONNECTCLASS", DEBUG, "Class disabled");
+				continue;
+			}
+
 			/* check if host matches.. */
 			if (!InspIRCd::MatchCIDR(this->GetIPString(), c->GetHost(), NULL) && 
 			    !InspIRCd::MatchCIDR(this->host, c->GetHost(), NULL))