[cvslog] (2002-09-11 02:07:36 UTC) Module eggdrop1.6: Change committed

cvslog cvs at tsss.org
Tue Sep 10 21:08:01 CST 2002


CVSROOT    : /usr/local/cvsroot
Module     : eggdrop1.6
Commit time: 2002-09-11 02:07:36 UTC
Commited by: Will Buckner <wcc at techmonkeys.org>

Modified files:
     doc/UPDATES1.6 src/cmds.c src/patch.h

Log message:

Improved access checking in -host/+host. This prevents a channel +m user
from adding/removing hosts to/from a channel +n user, and also fixes other
small problems.

---------------------- diff included ----------------------
Index: eggdrop1.6/doc/UPDATES1.6
diff -u eggdrop1.6/doc/UPDATES1.6:1.405 eggdrop1.6/doc/UPDATES1.6:1.406
--- eggdrop1.6/doc/UPDATES1.6:1.405	Mon Sep  9 21:22:00 2002
+++ eggdrop1.6/doc/UPDATES1.6	Tue Sep 10 21:07:26 2002
@@ -1,10 +1,11 @@
-$Id: UPDATES1.6,v 1.405 2002/09/10 02:22:00 wcc Exp $
+$Id: UPDATES1.6,v 1.406 2002/09/11 02:07:26 wcc Exp $
 
 Changes in Eggdrop: (since v1.6.0)
 ----------------------------------
 
 1.6.13
 Found by  Fixed by  What...
+ridens    Wcc       improved access checking in -host/+host
 Jerome    Wcc       fixed a possible buffer overflow in raw_dcc_resend_send()
           darko``   fixed a missing escape in some regexps in misc/modconfig
 [sL]      Wcc       channel set #chan chanmode $var corrupted $var in Tcl8.x
Index: eggdrop1.6/src/cmds.c
diff -u eggdrop1.6/src/cmds.c:1.82 eggdrop1.6/src/cmds.c:1.83
--- eggdrop1.6/src/cmds.c:1.82	Thu Aug  8 15:49:32 2002
+++ eggdrop1.6/src/cmds.c	Tue Sep 10 21:07:26 2002
@@ -3,7 +3,7 @@
  *   commands from a user via dcc
  *   (split in 2, this portion contains no-irc commands)
  *
- * $Id: cmds.c,v 1.82 2002/08/08 20:49:32 wcc Exp $
+ * $Id: cmds.c,v 1.83 2002/09/11 02:07:26 wcc Exp $
  */
 /*
  * Copyright (C) 1997 Robey Pointer
@@ -2464,7 +2464,8 @@
   char *handle, *host;
   struct userrec *u2;
   struct list_type *q;
-  struct flag_record fr = {FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0};
+  struct flag_record fr2 = {FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0},
+                     fr  = {FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0};
   module_entry *me;
 
   if (!par[0]) {
@@ -2486,34 +2487,35 @@
     dprintf(idx, "No such user.\n");
     return;
   }
+  get_user_flagrec(u, &fr, NULL);
   if (egg_strcasecmp(handle, dcc[idx].nick)) {
-    get_user_flagrec(u, &fr, NULL);
-    if ((u->flags & USER_BOTMAST) && !(u->flags & USER_MASTER) &&
-	!(u2->flags & USER_BOT) && !chan_master(fr)) {
+    get_user_flagrec(u2, &fr2, NULL);
+    if (!glob_master(fr) && !glob_bot(fr2) && !chan_master(fr)) {
       dprintf(idx, "You can't add hostmasks to non-bots.\n");
       return;
     }
-    if (!(u->flags & USER_OWNER) && (u2->flags & USER_BOT) &&
-	(bot_flags(u2) & BOT_SHARE)) {
+    if (!glob_owner(fr) && glob_bot(fr2) && (bot_flags(u2) & BOT_SHARE)) {
       dprintf(idx, "You can't add hostmasks to share bots.\n");
       return;
     }
-    if ((u2->flags & (USER_OWNER|USER_MASTER)) &&
-	!(u->flags & USER_OWNER) && egg_strcasecmp(handle, dcc[idx].nick)) {
+    if ((glob_owner(fr2) || glob_master(fr2)) && !glob_owner(fr)) {
       dprintf(idx, "You can't add hostmasks to a bot owner/master.\n");
       return;
     }
-    if (!(u->flags & USER_BOTMAST) && !chan_master(fr)) {
-      dprintf(idx, "Permission denied.\n");
+    if ((chan_owner(fr2) || chan_master(fr2)) && !glob_master(fr) &&
+        !glob_owner(fr) && !chan_owner(fr)) {
+      dprintf(idx, "You can't add hostmasks to a channel owner/master.\n");
       return;
     }
-  }
-  if (!(u->flags & USER_BOTMAST) && !chan_master(fr)) {
-    if (get_user_by_host(host)) {
-      dprintf(idx, "You cannot add a host matching another user!\n");
+    if (!glob_botmast(fr) && !glob_master(fr) && !chan_master(fr)) {
+      dprintf(idx, "Permission denied.\n");
       return;
     }
   }
+  if (!glob_botmast(fr) && !chan_master(fr) && get_user_by_host(host)) {
+    dprintf(idx, "You cannot add a host matching another user!\n");
+    return;
+  }
   for (q = get_user(&USERENTRY_HOSTS, u); q; q = q->next)
     if (!egg_strcasecmp(q->extra, host)) {
       dprintf(idx, "That hostmask is already there.\n");
@@ -2533,7 +2535,8 @@
 {
   char *handle, *host;
   struct userrec *u2;
-  struct flag_record fr = {FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0};
+  struct flag_record fr2 = {FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0},
+                     fr  = {FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0};
   module_entry *me;
 
   if (!par[0]) {
@@ -2555,27 +2558,32 @@
   }
 
   get_user_flagrec(u, &fr, NULL);
+  get_user_flagrec(u2, &fr2, NULL);
   /* check to see if user is +d or +k and don't let them remove hosts */
-  if ((u->flags & USER_DEOP) || (u->flags & USER_KICK) || chan_deop(fr) || chan_kick (fr))
-    {
-      dprintf(idx, "You can't remove hosts while having the +d or +k flag.\n");
-      return;
-    }
+  if (glob_deop(fr) || glob_kick(fr) || chan_deop(fr) || chan_kick (fr)) {
+    dprintf(idx, "You can't remove hosts while having the +d or +k flag.\n");
+    return;
+  }
 
   if (egg_strcasecmp(handle, dcc[idx].nick)) {
-    if (!(u2->flags & USER_BOT) && !(u->flags & USER_MASTER) &&
-	!chan_master(fr)) {
+    if (!glob_master(fr) && !glob_bot(fr2) && !chan_master(fr)) {
       dprintf(idx, "You can't remove hostmasks from non-bots.\n");
       return;
-    } else if ((u2->flags & USER_BOT) && (bot_flags(u2) & BOT_SHARE) &&
-	       !(u->flags & USER_OWNER)) {
+    }
+    if (glob_bot(fr2) && (bot_flags(u2) & BOT_SHARE) && !glob_owner(fr)) {
       dprintf(idx, "You can't remove hostmasks from a share bot.\n");
       return;
-    } else if ((u2->flags & (USER_OWNER|USER_MASTER)) &&
-	       !(u->flags & USER_OWNER) && (u2 != u)) {
+    }
+    if ((glob_owner(fr2) || glob_master(fr2)) && !glob_owner(fr)) {
       dprintf(idx, "You can't remove hostmasks from a bot owner/master.\n");
       return;
-    } else if (!(u->flags & USER_BOTMAST) && !chan_master(fr)) {
+    }
+    if ((chan_owner(fr2) || chan_master(fr2)) && !glob_master(fr) &&
+        !glob_owner(fr) && !chan_owner(fr)) {
+      dprintf(idx, "You can't remove hostmasks from a channel owner/master.\n");
+      return;
+    }
+    if (!glob_botmast(fr) && !glob_master(fr) && !chan_master(fr)) {
       dprintf(idx, "Permission denied.\n");
       return;
     }
Index: eggdrop1.6/src/patch.h
diff -u eggdrop1.6/src/patch.h:1.818 eggdrop1.6/src/patch.h:1.819
--- eggdrop1.6/src/patch.h:1.818	Mon Sep  9 21:22:01 2002
+++ eggdrop1.6/src/patch.h	Tue Sep 10 21:07:26 2002
@@ -10,7 +10,7 @@
  * statement, leave the rest of the file alone, this allows better
  * overlapping patches.
  *
- * $Id: patch.h,v 1.818 2002/09/10 02:22:01 wcc Exp $
+ * $Id: patch.h,v 1.819 2002/09/11 02:07:26 wcc Exp $
  */
 /*
  * Copyright (C) 1997 Robey Pointer
@@ -41,12 +41,12 @@
  *
  *
  */
-patch("1031624286");		/* current unixtime */
+patch("1031709546");		/* current unixtime */
 /*
  *
  *
  */
-patch("dcc-overflow");
+patch("host-access");
 /*
  *
  *
----------------------- End of diff -----------------------



More information about the Changes mailing list