Log G-/K-Line changes only when not initiated by a server

[ngircd-alex.git] / src / ngircd / irc-oper.c

diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c
index 49768bc7e8f2b7974b0dd9c0048155bfdf7432c5..ae333b1018d1156f74414ee6c41ae7971ec32b10 100644 (file)
--- a/src/ngircd/irc-oper.c
+++ b/src/ngircd/irc-oper.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors.
+ * Copyright (c)2001-2015 Alexander Barton (alex@barton.de) and Contributors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,12 @@
  * IRC operator commands
  */
 
-#include "imp.h"
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#include <time.h>
 
 #include "ngircd.h"
 #include "conn-func.h"
@@ -38,7 +38,6 @@
 #include "messages.h"
 #include "op.h"
 
-#include <exp.h>
 #include "irc-oper.h"
 
 /**
@@ -48,7 +47,7 @@
 static bool
 Bad_OperPass(CLIENT *Client, char *errtoken, char *errmsg)
 {
-       Log(LOG_WARNING, "Got invalid OPER from \"%s\": \"%s\" -- %s",
+       Log(LOG_ERR|LOG_snotice, "Got invalid OPER from \"%s\": \"%s\" -- %s!",
            Client_Mask(Client), errtoken, errmsg);
        /* Increase penalty to slow down possible brute force attacks */
        IRC_SetPenalty(Client, 10);
@@ -360,6 +359,7 @@ IRC_WALLOPS( CLIENT *Client, REQUEST *Req )
                from = Client;
                break;
        case CLIENT_SERVER:
+               _IRC_REQUIRE_PREFIX_OR_RETURN_(Client, Req)
                from = Client_Search(Req->prefix);
                break;
        default:
@@ -398,7 +398,16 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
                return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
                                          Client_ID(Client), Req->command);
 
-       from = Op_Check(Client, Req);
+       if (!Conf_AllowRemoteOper && Client_Type(Client) == CLIENT_SERVER) {
+               /* Explicitely forbid remote servers to modify "x-lines" when
+                * the "AllowRemoteOper" configuration option isn't set, even
+                * when the command seems to originate from the remote server
+                * itself: this prevents GLINE's to become set during server
+                * handshake in this case (what wouldn't be possible during
+                * regular runtime when a remote IRC Op sends the command). */
+               from = NULL;
+       } else
+               from = Op_Check(Client, Req);
        if (!from)
                return Op_NoPrivileges(Client, Req);
 
@@ -438,10 +447,11 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
                if (Class_AddMask(class, Req->argv[0],
                                  timeout,
                                  Req->argv[2])) {
-                       Log(LOG_NOTICE|LOG_snotice,
-                           "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).",
-                           Client_Mask(from), Req->argv[0], class_c,
-                           Req->argv[2], atol(Req->argv[1]));
+                       if (Client_Type(from) != CLIENT_SERVER)
+                               Log(LOG_NOTICE|LOG_snotice,
+                                   "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).",
+                                   Client_Mask(from), Req->argv[0], class_c,
+                                   Req->argv[2], atol(Req->argv[1]));
                        if (class == CLASS_GLINE) {
                                /* Inform other servers */
                                IRC_WriteStrServersPrefix(Client, from,