Add support for limiting what opers can subscribe to snomasks.

diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example
index 67801ce31c4cb73af7bd5e51fc837428026cddcc..dfde001b5d781e42fc3843a107f61d7b615e2d55 100644 (file)
--- a/docs/conf/opers.conf.example
+++ b/docs/conf/opers.conf.example
@@ -49,12 +49,15 @@
      usermodes="*"
 
      # chanmodes: Oper-only channel modes that opers with this class can use.
-     chanmodes="*">
+     chanmodes="*"
+
+     # snomasks: The snomasks that opers with this class can use.
+     snomasks="*">
 
 <class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
-<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
-<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex" snomasks="Cc">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*" snomasks="Xx">
+<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message" snomasks="Gg">
 <class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
 
 

diff --git a/include/configreader.h b/include/configreader.h
index 4deef83f49a7b31c8c26f683bf078cea7d55f17d..5a775a016eb1f6c4ba386495ad0cc29083b881ed 100644 (file)
--- a/include/configreader.h
+++ b/include/configreader.h
@@ -188,6 +188,9 @@ class CoreExport OperInfo : public refcountbase
        /** Allowed channel modes from oper classes. */
        std::bitset<64> AllowedChanModes;
 
+       /** Allowed snomasks from oper classes. */
+       std::bitset<64> AllowedSnomasks;
+
        /** \<oper> block used for this oper-up. May be NULL. */
        reference<ConfigTag> oper_block;
        /** \<type> block used for this oper-up. Valid for local users, may be NULL on remote */

diff --git a/include/users.h b/include/users.h
index bae2615c251748106e814e0c57be32641163c7e4..4d7994e8ef995eb6527e454514b111301fcd4a59 100644 (file)
--- a/include/users.h
+++ b/include/users.h
@@ -490,6 +490,12 @@ class CoreExport User : public Extensible
         */
        virtual bool HasModePermission(const ModeHandler* mh) const;
 
+       /** Determines whether this user can set the specified snomask.
+        * @param chr The server notice mask character to look up.
+        * @return True if the user can set the specified snomask; otherwise, false.
+        */
+       virtual bool HasSnomaskPermission(char chr) const;
+
        /** Creates a usermask with real host.
         * Takes a buffer to use and fills the given buffer with the hostmask in the format user\@host
         * @return the usermask in the format user\@host
@@ -879,6 +885,9 @@ class CoreExport LocalUser : public User, public insp::intrusive_list_node<Local
         */
        bool HasModePermission(const ModeHandler* mh) const CXX11_OVERRIDE;
 
+       /** @copydoc User::HasSnomaskPermission */
+       bool HasSnomaskPermission(char chr) const CXX11_OVERRIDE;
+
        /** Change nick to uuid, unset REG_NICK and send a nickname overruled numeric.
         * This is called when another user (either local or remote) needs the nick of this user and this user
         * isn't registered.

diff --git a/src/coremods/core_user/umode_s.cpp b/src/coremods/core_user/umode_s.cpp
index 6e1f6d43db0775561795be6f107d92b6d33cc33e..5994f97fb753a557bb4a1c9188be74e71ed05858 100644 (file)
--- a/src/coremods/core_user/umode_s.cpp
+++ b/src/coremods/core_user/umode_s.cpp
@@ -89,7 +89,8 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
                        case '*':
                                for (size_t j = 0; j < 64; j++)
                                {
-                                       if (ServerInstance->SNO->IsSnomaskUsable(j+'A'))
+                                       const char chr = j + 'A';
+                                       if (user->HasSnomaskPermission(chr) && ServerInstance->SNO->IsSnomaskUsable(chr))
                                                curr[j] = adding;
                                }
                        break;
@@ -103,6 +104,12 @@ std::string ModeUserServerNoticeMask::ProcessNoticeMasks(User* user, const std::
                                                user->WriteNumeric(ERR_UNKNOWNSNOMASK, *i, "is an unknown snomask character");
                                                continue;
                                        }
+                                       else if (!user->HasSnomaskPermission(*i))
+                                       {
+                                               user->WriteNumeric(ERR_NOPRIVILEGES, InspIRCd::Format("Permission Denied - Oper type %s does not have access to snomask %c",
+                                                       user->oper->name.c_str(), *i));
+                                               continue;
+                                       }
                                }
                                else if (!(((*i >= 'a') && (*i <= 'z')) || ((*i >= 'A') && (*i <= 'Z'))))
                                        continue;

diff --git a/src/users.cpp b/src/users.cpp
index e8e2926155fedd87ff3a68c3e434a469618c44a5..bd7d046b8b9e7d6db909e536603229064039d5e7 100644 (file)
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -229,6 +229,19 @@ bool LocalUser::HasPrivPermission(const std::string& privstr)
        return oper->AllowedPrivs.Contains(privstr);
 }
 
+bool User::HasSnomaskPermission(char chr) const
+{
+       return true;
+}
+
+bool LocalUser::HasSnomaskPermission(char chr) const
+{
+       if (!this->IsOper() || !ModeParser::IsModeChar(chr))
+               return false;
+
+       return this->oper->AllowedSnomasks[chr - 'A'];
+}
+
 void UserIOHandler::OnDataReady()
 {
        if (user->quitting)
@@ -419,6 +432,7 @@ void OperInfo::init()
        AllowedPrivs.Clear();
        AllowedUserModes.reset();
        AllowedChanModes.reset();
+       AllowedSnomasks.reset();
        AllowedUserModes['o' - 'A'] = true; // Call me paranoid if you want.
 
        for(std::vector<reference<ConfigTag> >::iterator iter = class_blocks.begin(); iter != class_blocks.end(); ++iter)
@@ -447,6 +461,16 @@ void OperInfo::init()
                        else if (ModeParser::IsModeChar(chr))
                                this->AllowedChanModes[chr - 'A'] = true;
                }
+
+               const std::string snomasks = tag->getString("snomasks", "*");
+               for (std::string::const_iterator c = snomasks.begin(); c != snomasks.end(); ++c)
+               {
+                       const char& chr = *c;
+                       if (chr == '*')
+                               this->AllowedSnomasks.set();
+                       else if (ModeParser::IsModeChar(chr))
+                               this->AllowedSnomasks[chr - 'A'] = true;
+               }
        }
 }