View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004771 | unreal | ircd | public | 2016-10-22 21:26 | 2018-12-14 17:08 |
| Reporter | webczat | Assigned To | syzop | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.0.7 | ||||
| Fixed in Version | 4.2.1 | ||||
| Summary | 0004771: inconsistent privileges | ||||
| Description | Hello. It seems that there are some/many inconsistent ircoperator privileges in unrealircd. I haven't tested it, just looked in the code, so my findings could be wrong and I recommend you check what I say in case of mistakes: - first one is that both channel:topic and override:topic seem to be needed for the irc operator to change channel topic without permissions. - Second one is that there are both immune:regonly and override:message:regonlyspeak that seem to mean "can speak in regonly channels". But in the corresponding module for +M, it seems that they actually work so that one of them allows part messages, and one allows sending messages, so another inconsistency? - Third one, maybe the last, is channel:restricted vs immune:forbiddenchan. m_join module checks for immune:forbiddenchan privilege before checking if the channel is denied in config, but channel:restricted is checked in CanJoin in s_extra.c, check is placed before another check for denied channels, and also check for qline placed on channel. It is possible there are more such nice things that I did not find yet. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
A lot of work went into splitting privileges up in these 99 new ones, especially by Heero. Attempts were made to group the privileges logically, both by Heero and me, but.. well, see next. I think I/we should take a look again at the (re)grouping of the various privileges now that we got a good list. There is considerable overlap (or at least vagueness) between the override::see and the channel privileges for instance. Need to go through them one by one. I don't think this will be done for 4.0.8, though. It's too much work and I want to release that soon. Possibly for 4.0.9. In the meantime if there are two privileges necessary to do the same thing then yes, as a workaround you will have to grant both privileges. |
|
|
Target for 4.0.9. |
|
|
I'm dropping this as a target for 4.0.10. Possibly for 4.0.11. |
|
|
ping |
|
|
I've been working on this all day, huge job. That is: going through all privileges and reorganizing, regrouping, removing duplicates, etc. About 80% of it is done. Will commit it later this week(end). |
|
|
commit a0167c35c0643328197bcf2d2efd664038467686 (HEAD -> unreal42, origin/unreal42) Author: Bram Matthys <[email protected]> Date: Fri Dec 14 17:05:32 2018 +0100 Major reorganization of operclass privileges: * The operclass privileges have been redone. Since there were 50+ changes to the 100+ privileges it makes little sense to list the changes here. If, like 99% of the users, you use default operclasses such as "globop" and "admin-with-override" then you don't need to do anything. However, if you have custom operclass { } blocks then the privileges will have to be redone. For more information on the conversion process, see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions For the new list of permissions, with much better naming and grouping: https://www.unrealircd.org/docs/Operclass_permissions The inconsistency in the privileges was initially reported by webczat in https://bugs.unrealircd.org/view.php?id=4771 The subsequent reorganization took two full days, so.. hopefully the people who are using - or plan to use - custom operclasses will like the new layout... except that they need to redo their work of course ;) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-10-22 21:26 | webczat | New Issue | |
| 2016-11-10 09:21 | syzop | Note Added: 0019496 | |
| 2016-11-10 09:21 | syzop | Assigned To | => syzop |
| 2016-11-10 09:21 | syzop | Status | new => confirmed |
| 2016-11-10 09:25 | syzop | Target Version | => 4.0.8.1 |
| 2016-11-10 09:26 | syzop | Note Added: 0019498 | |
| 2016-11-14 11:19 | syzop | Target Version | 4.0.8.1 => 4.0.9 |
| 2016-12-04 16:26 | syzop | Target Version | 4.0.9 => 4.0.10 |
| 2016-12-30 16:09 | syzop | Note Added: 0019584 | |
| 2016-12-30 16:09 | syzop | Target Version | 4.0.10 => |
| 2017-09-24 19:13 | webczat | Note Added: 0019886 | |
| 2018-12-12 16:28 | syzop | Status | confirmed => assigned |
| 2018-12-12 16:28 | syzop | Note Added: 0020407 | |
| 2018-12-14 17:08 | syzop | Status | assigned => resolved |
| 2018-12-14 17:08 | syzop | Resolution | open => fixed |
| 2018-12-14 17:08 | syzop | Fixed in Version | => 4.2.1 |
| 2018-12-14 17:08 | syzop | Note Added: 0020408 |
