From 6d5be11fb141829ccee9df782d1633000f7dc3c1 Mon Sep 17 00:00:00 2001 From: Ed Kellett Date: Sun, 7 Jul 2019 20:56:41 +0100 Subject: [PATCH] Add oper:privs --- doc/ircd.conf.example | 2 +- doc/reference.conf | 3 ++- modules/m_privs.c | 7 +++++++ modules/m_stats.c | 9 ++++++++- modules/m_whois.c | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example index 4de004bd..705a0d6d 100644 --- a/doc/ircd.conf.example +++ b/doc/ircd.conf.example @@ -236,7 +236,7 @@ auth { * means they must be defined before operator {}. */ privset "local_op" { - privs = oper:general, auspex:oper, oper:local_kill, oper:operwall; + privs = oper:general, auspex:oper, oper:privs, oper:local_kill, oper:operwall; }; privset "server_bot" { diff --git a/doc/reference.conf b/doc/reference.conf index 3b0a5d54..6a268613 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -433,6 +433,7 @@ privset "local_op" { * oper:general: enable most general oper privileges that came * with +o in older releases * auspex:oper: allows the oper to see through oper hiding + * oper:privs: allows /stats o/O and seeing privset in /whois * oper:local_kill: allows local users to be /KILL'd * oper:global_kill: allows local and remote users to be /KILL'd * oper:routing: allows remote SQUIT and CONNECT @@ -458,7 +459,7 @@ privset "local_op" { * oper:mass_notice: allows sending wallops and mass notices * oper:grant: allows using the GRANT command */ - privs = oper:general, auspex:oper, oper:local_kill, oper:operwall; + privs = oper:general, auspex:oper, oper:privs, oper:local_kill, oper:operwall; }; privset "server_bot" { diff --git a/modules/m_privs.c b/modules/m_privs.c index fff49a85..29e141ae 100644 --- a/modules/m_privs.c +++ b/modules/m_privs.c @@ -177,6 +177,13 @@ mo_privs(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source } } + if (target_p != source_p && !HasPrivilege(source_p, "oper:privs")) + { + sendto_one(source_p, form_str(ERR_NOPRIVS), + me.name, source_p->name, "privs"); + return; + } + if (!IsServer(server_p)) server_p = server_p->servptr; diff --git a/modules/m_stats.c b/modules/m_stats.c index 03a70d6a..bc4ed1db 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -789,7 +789,7 @@ stats_oper(struct Client *source_p) sendto_one_numeric(source_p, RPL_STATSOLINE, form_str(RPL_STATSOLINE), oper_p->username, oper_p->host, oper_p->name, - IsOperGeneral(source_p) ? oper_p->privset->name : "0", "-1"); + HasPrivilege(source_p, "oper:privs") ? oper_p->privset->name : "0", "-1"); } } @@ -810,6 +810,13 @@ stats_capability(struct Client *client_p) static void stats_privset(struct Client *source_p) { + if (!HasPrivilege(source_p, "oper:privs")) + { + sendto_one(source_p, form_str(ERR_NOPRIVS), + me.name, source_p->name, "privs"); + return; + } + privilegeset_report(source_p); } diff --git a/modules/m_whois.c b/modules/m_whois.c index b0ca2c2a..a45b67c0 100644 --- a/modules/m_whois.c +++ b/modules/m_whois.c @@ -318,7 +318,7 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy) GlobalSetOptions.operstring)); } - if(!EmptyString(target_p->user->opername) && IsOper(target_p) && IsOper(source_p)) + if(!EmptyString(target_p->user->opername) && IsOper(target_p) && (target_p == source_p || HasPrivilege(source_p, "oper:privs"))) { char buf[512]; const char *privset = "(missing)";