repo: ngircd
action: commit
revision: 
path_from: 
revision_from: f5ff22d98febeddcc51668c49f35940cbffe599e:
path_to: 
revision_to: 

commit f5ff22d98febeddcc51668c49f35940cbffe599e
Author: Alexander Barton 
Date:   Thu Dec 8 00:14:00 2016 +0100

    G-LINES: Forbid remote modifications if "AllowRemoteOper" is not set

    Explicitely forbid remote servers to modify "x-lines" (G-LINES) when the
    "AllowRemoteOper" configuration option isn't set, even when the command
    seems to originate from the remote server itself: this prevents GLINE's
    to become set during server handshake in this case (what wouldn't be
    possible during regular runtime when a remote IRC Op sends the command)
    and what can't be undone by IRC Ops later on (because of the missing
    "AllowRemoteOper" option) ...

diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c

--- a/src/ngircd/irc-oper.c
+++ b/src/ngircd/irc-oper.c
@@ -398,7 +398,16 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
 		return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
 					  Client_ID(Client), Req->command);

-	from = Op_Check(Client, Req);
+	if (!Conf_AllowRemoteOper && Client_Type(Client) == CLIENT_SERVER) {
+		/* Explicitely forbid remote servers to modify "x-lines" when
+		 * the "AllowRemoteOper" configuration option isn't set, even
+		 * when the command seems to originate from the remote server
+		 * itself: this prevents GLINE's to become set during server
+		 * handshake in this case (what wouldn't be possible during
+		 * regular runtime when a remote IRC Op sends the command). */
+		from = NULL;
+	} else
+		from = Op_Check(Client, Req);
 	if (!from)
 		return Op_NoPrivileges(Client, Req);

-----END OF PAGE-----