G-LINES: Forbid remote modifications if "AllowRemoteOper" is not set

Explicitely forbid remote servers to modify "x-lines" (G-LINES) when the
"AllowRemoteOper" configuration option isn't set, even when the command
seems to originate from the remote server itself: this prevents GLINE's
to become set during server handshake in this case (what wouldn't be
possible during regular runtime when a remote IRC Op sends the command)
and what can't be undone by IRC Ops later on (because of the missing
"AllowRemoteOper" option) ...

diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c
index ee0a556349b3c113f5dd6841a01f42e9b9baabef..cf3b9d0485436e03e1d1d63d74be85a4d7f901e8 100644 (file)
--- a/src/ngircd/irc-oper.c
+++ b/src/ngircd/irc-oper.c
@@ -398,7 +398,16 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
                return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
                                          Client_ID(Client), Req->command);
 
                return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
                                          Client_ID(Client), Req->command);
 

-       from = Op_Check(Client, Req);
+       if (!Conf_AllowRemoteOper && Client_Type(Client) == CLIENT_SERVER) {
+               /* Explicitely forbid remote servers to modify "x-lines" when
+                * the "AllowRemoteOper" configuration option isn't set, even
+                * when the command seems to originate from the remote server
+                * itself: this prevents GLINE's to become set during server
+                * handshake in this case (what wouldn't be possible during
+                * regular runtime when a remote IRC Op sends the command). */
+               from = NULL;
+       } else
+               from = Op_Check(Client, Req);

        if (!from)
                return Op_NoPrivileges(Client, Req);
 
        if (!from)
                return Op_NoPrivileges(Client, Req);