View Issue Details

IDProjectCategoryView StatusLast Update
0004771unrealircdpublic2018-12-14 17:08
ReporterwebczatAssigned Tosyzop 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version4.0.7 
Target VersionFixed in Version4.2.1 
Summary0004771: inconsistent privileges
DescriptionHello. It seems that there are some/many inconsistent ircoperator privileges in unrealircd. I haven't tested it, just looked in the code, so my findings could be wrong and I recommend you check what I say in case of mistakes:
- first one is that both channel:topic and override:topic seem to be needed for the irc operator to change channel topic without permissions.
- Second one is that there are both immune:regonly and override:message:regonlyspeak that seem to mean "can speak in regonly channels". But in the corresponding module for +M, it seems that they actually work so that one of them allows part messages, and one allows sending messages, so another inconsistency?
- Third one, maybe the last, is channel:restricted vs immune:forbiddenchan. m_join module checks for immune:forbiddenchan privilege before checking if the channel is denied in config, but channel:restricted is checked in CanJoin in s_extra.c, check is placed before another check for denied channels, and also check for qline placed on channel.
It is possible there are more such nice things that I did not find yet.
TagsNo tags attached.
3rd party modules

Activities

syzop

2016-11-10 09:21

administrator   ~0019496

A lot of work went into splitting privileges up in these 99 new ones, especially by Heero. Attempts were made to group the privileges logically, both by Heero and me, but.. well, see next.
I think I/we should take a look again at the (re)grouping of the various privileges now that we got a good list. There is considerable overlap (or at least vagueness) between the override::see and the channel privileges for instance. Need to go through them one by one. I don't think this will be done for 4.0.8, though. It's too much work and I want to release that soon. Possibly for 4.0.9.
In the meantime if there are two privileges necessary to do the same thing then yes, as a workaround you will have to grant both privileges.

syzop

2016-11-10 09:26

administrator   ~0019498

Target for 4.0.9.

syzop

2016-12-30 16:09

administrator   ~0019584

I'm dropping this as a target for 4.0.10. Possibly for 4.0.11.

webczat

2017-09-24 19:13

reporter   ~0019886

ping

syzop

2018-12-12 16:28

administrator   ~0020407

I've been working on this all day, huge job. That is: going through all privileges and reorganizing, regrouping, removing duplicates, etc. About 80% of it is done. Will commit it later this week(end).

syzop

2018-12-14 17:08

administrator   ~0020408

commit a0167c35c0643328197bcf2d2efd664038467686 (HEAD -> unreal42, origin/unreal42)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Fri Dec 14 17:05:32 2018 +0100

    Major reorganization of operclass privileges:
    * The operclass privileges have been redone. Since there were 50+ changes
      to the 100+ privileges it makes little sense to list the changes here.
      If, like 99% of the users, you use default operclasses such as "globop"
      and "admin-with-override" then you don't need to do anything.
      However, if you have custom operclass { } blocks then the privileges
      will have to be redone. For more information on the conversion process,
      see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
      For the new list of permissions, with much better naming and grouping:
      https://www.unrealircd.org/docs/Operclass_permissions
    The inconsistency in the privileges was initially reported by webczat in
    https://bugs.unrealircd.org/view.php?id=4771
    The subsequent reorganization took two full days, so.. hopefully the
    people who are using - or plan to use - custom operclasses will like the
    new layout... except that they need to redo their work of course ;)

Issue History

Date Modified Username Field Change
2016-10-22 21:26 webczat New Issue
2016-11-10 09:21 syzop Note Added: 0019496
2016-11-10 09:21 syzop Assigned To => syzop
2016-11-10 09:21 syzop Status new => confirmed
2016-11-10 09:25 syzop Target Version => 4.0.8.1
2016-11-10 09:26 syzop Note Added: 0019498
2016-11-14 11:19 syzop Target Version 4.0.8.1 => 4.0.9
2016-12-04 16:26 syzop Target Version 4.0.9 => 4.0.10
2016-12-30 16:09 syzop Note Added: 0019584
2016-12-30 16:09 syzop Target Version 4.0.10 =>
2017-09-24 19:13 webczat Note Added: 0019886
2018-12-12 16:28 syzop Status confirmed => assigned
2018-12-12 16:28 syzop Note Added: 0020407
2018-12-14 17:08 syzop Status assigned => resolved
2018-12-14 17:08 syzop Resolution open => fixed
2018-12-14 17:08 syzop Fixed in Version => 4.2.1
2018-12-14 17:08 syzop Note Added: 0020408