diff options
| author | Adam <Adam@anope.org> | 2013-09-13 04:48:24 -0400 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2013-09-27 17:21:46 -0400 |
| commit | b60b23fd4854101b7283bc189ae6515d547d6ce3 (patch) | |
| tree | 777aafda3b080307116d682143fca331497d9b3b /modules/commands/os_oper.cpp | |
| parent | 5aac6377c2c5795455d41ceea82a5b080a269e04 (diff) | |
Only allow using os_oper add and del if you have the privileges for what
you are giving or taking.
Diffstat (limited to 'modules/commands/os_oper.cpp')
| -rw-r--r-- | modules/commands/os_oper.cpp | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/modules/commands/os_oper.cpp b/modules/commands/os_oper.cpp index 66a76334a..a83ba0d24 100644 --- a/modules/commands/os_oper.cpp +++ b/modules/commands/os_oper.cpp @@ -48,6 +48,21 @@ struct MyOper : Oper, Serializable class CommandOSOper : public Command { + bool HasPrivs(CommandSource &source, OperType *ot) const + { + std::list<Anope::string> commands = ot->GetCommands(), privs = ot->GetPrivs(); + + for (std::list<Anope::string>::iterator it = commands.begin(); it != commands.end(); ++it) + if (!source.HasCommand(*it)) + return false; + + for (std::list<Anope::string>::iterator it = privs.begin(); it != privs.end(); ++it) + if (!source.HasPriv(*it)) + return false; + + return true; + } + public: CommandOSOper(Module *creator) : Command(creator, "operserv/oper", 1, 3) { @@ -76,14 +91,21 @@ class CommandOSOper : public Command { OperType *ot = OperType::Find(otype); if (ot == NULL) - source.Reply(_("Oper type \002%s\002 has not been configured."), otype.c_str()); - else { - na->nc->o = new MyOper(na->nc->display, ot); + source.Reply(_("Oper type \002%s\002 has not been configured."), otype.c_str()); + return; + } - Log(LOG_ADMIN, source, this) << "ADD " << na->nick << " as type " << ot->GetName(); - source.Reply("%s (%s) added to the \002%s\002 list.", na->nick.c_str(), na->nc->display.c_str(), ot->GetName().c_str()); + if (!HasPrivs(source, ot)) + { + source.Reply(ACCESS_DENIED); + return; } + + na->nc->o = new MyOper(na->nc->display, ot); + + Log(LOG_ADMIN, source, this) << "ADD " << na->nick << " as type " << ot->GetName(); + source.Reply("%s (%s) added to the \002%s\002 list.", na->nick.c_str(), na->nc->display.c_str(), ot->GetName().c_str()); } } else if (subcommand.equals_ci("DEL") && params.size() > 1) @@ -95,6 +117,8 @@ class CommandOSOper : public Command source.Reply(NICK_X_NOT_REGISTERED, oper.c_str()); else if (!na->nc || !na->nc->o) source.Reply(_("Nick \002%s\002 is not a Services Operator."), oper.c_str()); + else if (!HasPrivs(source, na->nc->o->ot)) + source.Reply(ACCESS_DENIED); else { delete na->nc->o; |