View Issue Details

IDProjectCategoryView StatusLast Update
0003593unrealircdpublic2015-07-19 18:35
ReporterDarkJesterAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Platformall supportedOSall supportedOS Versionall supported
Product Version3.2.7 
Target VersionFixed in Version3.4-beta1 
Summary0003593: Patch to enable Oper with +a to remote rehash
DescriptionThis Patch enables Opers with Services Admin oline to remote rehash
Additional InformationReleased under the GPL
TagsNo tags attached.
3rd party modules

Activities

2008-01-26 23:12

 

rehash.patch (367 bytes)

DarkJester

2008-01-27 14:49

reporter   ~0015017

i forgot to mention you need to apply this patch to s_serv.c in the unreal/src folder

DragonRyder

2008-10-19 18:53

reporter   ~0015414

this definitely needs fixed - as it drives me partially insane that my services admins can not currently remote rehash - making it where i have to do all the work. makes it pointless to have a services admin if they can not remotely rehash it from the irc side of things.

Jobe1986

2008-10-21 07:32

reporter   ~0015415

To be honest in my opinion a services admin is exactly that, services admin, administering services and shouldnt need to /rehash any server. Where a network admin administers the network as a whole, and could need to /rehash

So I would have to ask the question, why do you not just give those admins the access they need?

Additionally, instead of patching UnrealIRCd so services admins could remote rehash, I would have gone the better route of adding a flag that allows any oper that oper'ed using an oper block with the flag to be able to remote rehash.

Stealth

2009-07-24 00:59

reporter   ~0015897

The docs say services admins are able to rehash, so they should be.

CuleX

2010-12-30 08:28

reporter   ~0016540

Stealth, I think you misunderstood the point of this patch. Services admins can do local rehashes, but not global ones.

There is a point not to use multiple netadmins for network structure, though that's a matter of personal preference.

Personally, I'd say, deny this patch and rewrite with an oper flag "can_global_rehash" (old flag format: T) instead.

CuleX

2010-12-30 17:30

reporter  

grehash.diff (7,935 bytes)

CuleX

2010-12-30 17:31

reporter   ~0016542

It turns out I've had a bit too much time on my hands and implemented it myself.

Note that this patch uses up another user mode (+e) and another oflag (e, can_globalrehash, 0x00040000 which seemed unused). Tested and it seems to work just fine.

CuleX

2010-12-30 17:32

reporter   ~0016543

Last edited: 2010-12-30 17:43

View 2 revisions

Should work, it's not the best code around, though.

The patch was made on a daily-generated CVS .tar.gz of the unreal3_2_fixes branch from vulnscan.org, made on the 29th of December, 2010.

katsklaw

2010-12-31 01:11

reporter   ~0016548

Last edited: 2010-12-31 01:13

View 2 revisions

SERVICES admins should not be able to /rehash. As Jobe stated, they admin SERVICES not SERVERS. There is a very distinct difference between services and servers, please lets keep it that way.

Services Admins as they were written into DreamForge was to allow for an oper instance to exist on the network that can have some server side support for services, namely /samode.

Sorry for the history lesson, just think that ircd maintenance of any kind other than global oper is outside the scope of a services admin. that's what we have co/server/netadmins for.

As for this patch. If it is included, we don't need another umode, the oflag alone is plenty.

CuleX

2010-12-31 11:06

reporter   ~0016550

Last edited: 2010-12-31 11:44

View 2 revisions

Hm. I guess I can make it work without an umode, too, and instead access checks on the server the rehash is sent on (Though that will allow 3.2.8.1 servers to rehash 3.2.9 servers unconditionally if accepted). If I happen to have too much time on my hands again, I'll maybe try again.


Turns out that I did have a time for another attempt. The current patch doesn't check for external operators rehashing to have the oflag set, though, but instead blindly trusts all incoming rehashes. This isn't necessarily very harmful, since if an attacker has enough access to change files on the system (or access to addline), (s)he has enough access to rehash anyway. Just make sure the patch is rolled out on all servers and there should be no problem.
It also breaks /rehash local.server.invalid. Only /rehash (plus arguments) is able to rehash the local server now.

If anyone has a reliable way to check for flags of remote opers, feel free to fix my mess.

Use grehash.new.fixedpath.diff for patching, otherwise patch will choke on it.

CuleX

2010-12-31 11:39

reporter  

grehash.new.diff (6,220 bytes)

CuleX

2010-12-31 11:44

reporter  

grehash.new.fixedpath.diff (6,219 bytes)

DragonRyder

2010-12-31 12:34

reporter   ~0016551

well then, lets just get rid of services admins and just make everyone a net admin, yeah sounds awesome! <~that's called sarcasm in case you forgot what that looks like or sounds like.

Thing is, a lot of us "smaller" networks actually need services admins to be able to /rehash globally, making a network that has 5 shells with 2 network owners who can barely be around, but has 5 services admins who are around a lot more often, would make it a lot easier. would be kind of silly to make everyone a net admin on such a small network.

and there are a lot more smaller networks out there than there are large ones. so having services admins who can actually globally rehash, would make a lot of sense, considering they can already locally rehash. making a services admin join each and every shell, just to rehash the way a net admin could, seems kind of pointless to me.

and it is such a minor fix/patch to put into place and have it be official, so that we can still get support for future issues, rather than us mod it and then lose all support for having done so.

DragonRyder

2010-12-31 12:39

reporter   ~0016552

oh and fyi. considering that services effects each and every SERVER, a services admin SHOULD have access to each server to make sure it has no issues with SERVICES. since we want to point out that a SERVICES admin deals with SERVICES.

And if i RECALL correctly each server has this or SHOULD have this in its unrealircd.conf file:

ulines {
      Services.Network.Name;
      Stats.Network.Name;
};

oh wow, you mean this shows each SERVER having something to do with SERVICES. amazing is it not?

CuleX

2010-12-31 12:41

reporter   ~0016553

"and it is such a minor fix/patch to put into place and have it be official, so that we can still get support for future issues, rather than us mod it and then lose all support for having done so."

Well, that's one way to see it, but I think there will be equally much objection from the people who take the "services admins" literally. The best solution to the problem would be a complete rewrite of the entire oper system and make it more dynamic to begin with, but that would most likely end up in a lot of code being thrown over. Won't happen.

The other solution, at least for this problem, is the introduction of a new oper flag that's by default given to network administrators. Everyone would be happy and have a solution.

katsklaw

2011-01-01 04:01

reporter   ~0016564

Last edited: 2011-01-01 04:15

View 6 revisions

A rewrite of the oper system isn't going to happen in U3 as it's a bugfix only branch IIRC.

As far as the solution goes, NetAdmins can already remote rehash without any additional flags or the patch. The topic here is for non-network admins, if you review the patch that is attached, a comment as to such is deleted.

A vast majority of the Unreal users are happy as-is. If this "problem" was really a problem then it would have been addressed long ago as hundreds of nets before now would have brought it up.

In my very humble opinion, I think you should keep the patch to yourself for you own nets needs. I really doubt there are many, if any, other net that shares your views. As with all other software packages, not all ideas .. even some really good ones make it in as a new feature otherwise Unreal would be 500mb in size and have 6,735,745 usermodes. It's just not practical. If any other network really wants this, they can download and apply the patch.

ciao and Happy New Year! :)

CuleX

2011-01-01 07:36

reporter   ~0016565

I'm completely fine if my patch isn't accepted. It was a solution to a relatively small problem, I know some nets wouldn't mind remote rehashing available for everyone, and accepting it upstream would make it easier for such nets, even though that means another oflag is used up.

DragonRyder

2011-01-02 03:29

reporter   ~0016571

Well Happy New Year To Everyone! - Yes I admit that my small tiny tiny network is probably not worth the time of fixing such a small thing that was requested. maybe it would have just been easier to say in the very first reply "this fix will never happen" then people like me would just bugger off. i mean i am just a peon in the big mix of things. so whoever has the "rights" in here remove the whole subject my network started out requesting and be done with it.

Peace Out & Happy New Year!

katsklaw

2011-01-02 04:36

reporter   ~0016572

I didn't say it wouldn't get added. i don't have the access or authority to say what goes in and what doesn't. I simply offered my opinion.

nenolod

2013-05-07 02:12

reporter   ~0017511

I think the plan here is to use remote grants, like in hybrid-esque shared{}.

syzop

2015-07-19 18:34

administrator   ~0018522

With the new priv system this...... presumably.. is handled :D

Issue History

Date Modified Username Field Change
2008-01-26 23:12 DarkJester New Issue
2008-01-26 23:12 DarkJester File Added: rehash.patch
2008-01-27 14:49 DarkJester Note Added: 0015017
2008-10-19 18:53 DragonRyder Note Added: 0015414
2008-10-21 07:32 Jobe1986 Note Added: 0015415
2009-07-24 00:59 Stealth Note Added: 0015897
2009-07-24 00:59 Stealth Status new => confirmed
2010-12-30 08:28 CuleX Note Added: 0016540
2010-12-30 17:30 CuleX File Added: grehash.diff
2010-12-30 17:31 CuleX Note Added: 0016542
2010-12-30 17:32 CuleX Note Added: 0016543
2010-12-30 17:32 CuleX Status confirmed => has patch
2010-12-30 17:43 CuleX Note Edited: 0016543 View Revisions
2010-12-31 01:11 katsklaw Note Added: 0016548
2010-12-31 01:13 katsklaw Note Edited: 0016548 View Revisions
2010-12-31 11:06 CuleX Note Added: 0016550
2010-12-31 11:39 CuleX File Added: grehash.new.diff
2010-12-31 11:44 CuleX Note Edited: 0016550 View Revisions
2010-12-31 11:44 CuleX File Added: grehash.new.fixedpath.diff
2010-12-31 12:34 DragonRyder Note Added: 0016551
2010-12-31 12:39 DragonRyder Note Added: 0016552
2010-12-31 12:41 CuleX Note Added: 0016553
2011-01-01 04:01 katsklaw Note Added: 0016564
2011-01-01 04:06 katsklaw Note Edited: 0016564 View Revisions
2011-01-01 04:10 katsklaw Note Edited: 0016564 View Revisions
2011-01-01 04:12 katsklaw Note Edited: 0016564 View Revisions
2011-01-01 04:14 katsklaw Note Edited: 0016564 View Revisions
2011-01-01 04:15 katsklaw Note Edited: 0016564 View Revisions
2011-01-01 07:36 CuleX Note Added: 0016565
2011-01-02 03:29 DragonRyder Note Added: 0016571
2011-01-02 04:36 katsklaw Note Added: 0016572
2013-05-07 02:12 nenolod Note Added: 0017511
2015-07-19 18:34 syzop Note Added: 0018522
2015-07-19 18:34 syzop Status has patch => closed
2015-07-19 18:35 syzop Assigned To => syzop
2015-07-19 18:35 syzop Resolution open => fixed
2015-07-19 18:35 syzop Fixed in Version => 3.4-beta1