Просмотр исходного кода

* Fixed the whois_access() function to not allow non-perm owners to see/access perm-owners.
* cmd_chpass now uses the whois_access() function. (#122)


svn: 2285

Bryan Drewery 21 лет назад
Родитель
Сommit
0f01ec9802
3 измененных файлов с 8 добавлено и 6 удалено
  1. 2 0
      doc/UPDATES
  2. 2 5
      src/cmds.c
  3. 4 1
      src/flags.c

+ 2 - 0
doc/UPDATES

@@ -37,6 +37,8 @@ Lines prefixed with '-' were disabled before release and are not finished, or ar
 * Fixed security flaw with 'auth-obscure', and improved: auth-obscure now gives a hash regardless of 'dccauth'.
 * Possibly fixed a random segfault after linking/connecting to irc.
 * Fixed a segfault/cpu-spin during WHO parsing, although, it could have occurred at any time. (#110)
+* Fixed the whois_access() function to not allow non-perm owners to see/access perm-owners.
+* cmd_chpass now uses the whois_access() function. (#122)
 
 1.2.4
 * Fixed cmd_botset not displaying botnick.

+ 2 - 5
src/cmds.c

@@ -1166,11 +1166,8 @@ static void cmd_chpass(int idx, char *par)
     dprintf(idx, "You can't change passwords for non-bots.\n");
   else if (u->bot && !(atr & USER_OWNER))
     dprintf(idx, "You can't change a bot's password.\n");
-  else if ((u->flags & USER_OWNER) && !(atr & USER_OWNER) &&
-	    egg_strcasecmp(handle, dcc[idx].nick))
-    dprintf(idx, "You can't change a bot owner's password.\n");
-  else if (isowner(handle) && egg_strcasecmp(dcc[idx].nick, handle))
-    dprintf(idx, "You can't change a permanent bot owner's password.\n");
+  else if (!whois_access(dcc[idx].user, u))
+    dprintf(idx, "No such user.\n");
   else if (!par[0]) {
     putlog(LOG_CMDS, "*", "#%s# chpass %s [nothing]", dcc[idx].nick, handle);
     set_user(&USERENTRY_PASS, u, NULL);

+ 4 - 1
src/flags.c

@@ -546,6 +546,9 @@ dolimit(struct chanset_t *chan)
 int
 whois_access(struct userrec *user, struct userrec *whois_user)
 {
+  if (user == whois_user)
+    return 1;
+
   struct flag_record fr = { FR_GLOBAL | FR_CHAN, 0, 0, 0 }, whois = {
   FR_GLOBAL | FR_CHAN, 0, 0, 0};
 
@@ -553,7 +556,7 @@ whois_access(struct userrec *user, struct userrec *whois_user)
   get_user_flagrec(whois_user, &whois, NULL);
 
   if (
-      (isowner(user->handle) && !isowner(user->handle)) ||
+      (isowner(user->handle) && !isowner(whois_user->handle)) ||
       (glob_admin(whois) && !glob_admin(fr)) || 
       (glob_owner(whois) && !glob_owner(fr)) ||
       (glob_master(whois) && !glob_master(fr)) ||