View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003593 | unreal | ircd | public | 2008-01-26 23:12 | 2015-07-19 18:35 |
| Reporter | DarkJester | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | all supported | OS | all supported | OS Version | all supported |
| Product Version | 3.2.7 | ||||
| Fixed in Version | 3.4-beta1 | ||||
| Summary | 0003593: Patch to enable Oper with +a to remote rehash | ||||
| Description | This Patch enables Opers with Services Admin oline to remote rehash | ||||
| Additional Information | Released under the GPL | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| 3rd party modules | |||||
|
|
i forgot to mention you need to apply this patch to s_serv.c in the unreal/src folder |
|
|
this definitely needs fixed - as it drives me partially insane that my services admins can not currently remote rehash - making it where i have to do all the work. makes it pointless to have a services admin if they can not remotely rehash it from the irc side of things. |
|
|
To be honest in my opinion a services admin is exactly that, services admin, administering services and shouldnt need to /rehash any server. Where a network admin administers the network as a whole, and could need to /rehash So I would have to ask the question, why do you not just give those admins the access they need? Additionally, instead of patching UnrealIRCd so services admins could remote rehash, I would have gone the better route of adding a flag that allows any oper that oper'ed using an oper block with the flag to be able to remote rehash. |
|
|
The docs say services admins are able to rehash, so they should be. |
|
|
Stealth, I think you misunderstood the point of this patch. Services admins can do local rehashes, but not global ones. There is a point not to use multiple netadmins for network structure, though that's a matter of personal preference. Personally, I'd say, deny this patch and rewrite with an oper flag "can_global_rehash" (old flag format: T) instead. |
|
|
It turns out I've had a bit too much time on my hands and implemented it myself. Note that this patch uses up another user mode (+e) and another oflag (e, can_globalrehash, 0x00040000 which seemed unused). Tested and it seems to work just fine. |
|
|
Should work, it's not the best code around, though. The patch was made on a daily-generated CVS .tar.gz of the unreal3_2_fixes branch from vulnscan.org, made on the 29th of December, 2010. |
|
|
SERVICES admins should not be able to /rehash. As Jobe stated, they admin SERVICES not SERVERS. There is a very distinct difference between services and servers, please lets keep it that way. Services Admins as they were written into DreamForge was to allow for an oper instance to exist on the network that can have some server side support for services, namely /samode. Sorry for the history lesson, just think that ircd maintenance of any kind other than global oper is outside the scope of a services admin. that's what we have co/server/netadmins for. As for this patch. If it is included, we don't need another umode, the oflag alone is plenty. |
|
|
Hm. I guess I can make it work without an umode, too, and instead access checks on the server the rehash is sent on (Though that will allow 3.2.8.1 servers to rehash 3.2.9 servers unconditionally if accepted). If I happen to have too much time on my hands again, I'll maybe try again. Turns out that I did have a time for another attempt. The current patch doesn't check for external operators rehashing to have the oflag set, though, but instead blindly trusts all incoming rehashes. This isn't necessarily very harmful, since if an attacker has enough access to change files on the system (or access to addline), (s)he has enough access to rehash anyway. Just make sure the patch is rolled out on all servers and there should be no problem. It also breaks /rehash local.server.invalid. Only /rehash (plus arguments) is able to rehash the local server now. If anyone has a reliable way to check for flags of remote opers, feel free to fix my mess. Use grehash.new.fixedpath.diff for patching, otherwise patch will choke on it. |
|
|
well then, lets just get rid of services admins and just make everyone a net admin, yeah sounds awesome! <~that's called sarcasm in case you forgot what that looks like or sounds like. Thing is, a lot of us "smaller" networks actually need services admins to be able to /rehash globally, making a network that has 5 shells with 2 network owners who can barely be around, but has 5 services admins who are around a lot more often, would make it a lot easier. would be kind of silly to make everyone a net admin on such a small network. and there are a lot more smaller networks out there than there are large ones. so having services admins who can actually globally rehash, would make a lot of sense, considering they can already locally rehash. making a services admin join each and every shell, just to rehash the way a net admin could, seems kind of pointless to me. and it is such a minor fix/patch to put into place and have it be official, so that we can still get support for future issues, rather than us mod it and then lose all support for having done so. |
|
|
oh and fyi. considering that services effects each and every SERVER, a services admin SHOULD have access to each server to make sure it has no issues with SERVICES. since we want to point out that a SERVICES admin deals with SERVICES. And if i RECALL correctly each server has this or SHOULD have this in its unrealircd.conf file: ulines { Services.Network.Name; Stats.Network.Name; }; oh wow, you mean this shows each SERVER having something to do with SERVICES. amazing is it not? |
|
|
"and it is such a minor fix/patch to put into place and have it be official, so that we can still get support for future issues, rather than us mod it and then lose all support for having done so." Well, that's one way to see it, but I think there will be equally much objection from the people who take the "services admins" literally. The best solution to the problem would be a complete rewrite of the entire oper system and make it more dynamic to begin with, but that would most likely end up in a lot of code being thrown over. Won't happen. The other solution, at least for this problem, is the introduction of a new oper flag that's by default given to network administrators. Everyone would be happy and have a solution. |
|
|
A rewrite of the oper system isn't going to happen in U3 as it's a bugfix only branch IIRC. As far as the solution goes, NetAdmins can already remote rehash without any additional flags or the patch. The topic here is for non-network admins, if you review the patch that is attached, a comment as to such is deleted. A vast majority of the Unreal users are happy as-is. If this "problem" was really a problem then it would have been addressed long ago as hundreds of nets before now would have brought it up. In my very humble opinion, I think you should keep the patch to yourself for you own nets needs. I really doubt there are many, if any, other net that shares your views. As with all other software packages, not all ideas .. even some really good ones make it in as a new feature otherwise Unreal would be 500mb in size and have 6,735,745 usermodes. It's just not practical. If any other network really wants this, they can download and apply the patch. ciao and Happy New Year! :) |
|
|
I'm completely fine if my patch isn't accepted. It was a solution to a relatively small problem, I know some nets wouldn't mind remote rehashing available for everyone, and accepting it upstream would make it easier for such nets, even though that means another oflag is used up. |
|
|
Well Happy New Year To Everyone! - Yes I admit that my small tiny tiny network is probably not worth the time of fixing such a small thing that was requested. maybe it would have just been easier to say in the very first reply "this fix will never happen" then people like me would just bugger off. i mean i am just a peon in the big mix of things. so whoever has the "rights" in here remove the whole subject my network started out requesting and be done with it. Peace Out & Happy New Year! |
|
|
I didn't say it wouldn't get added. i don't have the access or authority to say what goes in and what doesn't. I simply offered my opinion. |
|
|
I think the plan here is to use remote grants, like in hybrid-esque shared{}. |
|
|
With the new priv system this...... presumably.. is handled :D |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-01-26 23:12 | DarkJester | New Issue | |
| 2008-01-26 23:12 | DarkJester | File Added: rehash.patch | |
| 2008-01-27 14:49 | DarkJester | Note Added: 0015017 | |
| 2008-10-19 18:53 | DragonRyder | Note Added: 0015414 | |
| 2008-10-21 07:32 | Jobe | Note Added: 0015415 | |
| 2009-07-24 00:59 | Stealth | Note Added: 0015897 | |
| 2009-07-24 00:59 | Stealth | Status | new => confirmed |
| 2010-12-30 08:28 | CuleX | Note Added: 0016540 | |
| 2010-12-30 17:30 | CuleX | File Added: grehash.diff | |
| 2010-12-30 17:31 | CuleX | Note Added: 0016542 | |
| 2010-12-30 17:32 | CuleX | Note Added: 0016543 | |
| 2010-12-30 17:32 | CuleX | Status | confirmed => has patch |
| 2010-12-30 17:43 | CuleX | Note Edited: 0016543 | |
| 2010-12-31 01:11 | katsklaw | Note Added: 0016548 | |
| 2010-12-31 01:13 | katsklaw | Note Edited: 0016548 | |
| 2010-12-31 11:06 | CuleX | Note Added: 0016550 | |
| 2010-12-31 11:39 | CuleX | File Added: grehash.new.diff | |
| 2010-12-31 11:44 | CuleX | Note Edited: 0016550 | |
| 2010-12-31 11:44 | CuleX | File Added: grehash.new.fixedpath.diff | |
| 2010-12-31 12:34 | DragonRyder | Note Added: 0016551 | |
| 2010-12-31 12:39 | DragonRyder | Note Added: 0016552 | |
| 2010-12-31 12:41 | CuleX | Note Added: 0016553 | |
| 2011-01-01 04:01 | katsklaw | Note Added: 0016564 | |
| 2011-01-01 04:06 | katsklaw | Note Edited: 0016564 | |
| 2011-01-01 04:10 | katsklaw | Note Edited: 0016564 | |
| 2011-01-01 04:12 | katsklaw | Note Edited: 0016564 | |
| 2011-01-01 04:14 | katsklaw | Note Edited: 0016564 | |
| 2011-01-01 04:15 | katsklaw | Note Edited: 0016564 | |
| 2011-01-01 07:36 | CuleX | Note Added: 0016565 | |
| 2011-01-02 03:29 | DragonRyder | Note Added: 0016571 | |
| 2011-01-02 04:36 | katsklaw | Note Added: 0016572 | |
| 2013-05-07 02:12 |
|
Note Added: 0017511 | |
| 2015-07-19 18:34 | syzop | Note Added: 0018522 | |
| 2015-07-19 18:34 | syzop | Status | has patch => closed |
| 2015-07-19 18:35 | syzop | Assigned To | => syzop |
| 2015-07-19 18:35 | syzop | Resolution | open => fixed |
| 2015-07-19 18:35 | syzop | Fixed in Version | => 3.4-beta1 |
