1 /*
2  * Copyright (C) 2005 Jilles Tjoelker, et al.
3  * Rights to this code are as documented in doc/LICENSE.
4  *
5  * Fine grained services operator privileges
6  *
7  */
8 
9 #ifndef PRIVS_H
10 #define PRIVS_H
11 
12 #define PRIV_NONE            NULL
13 
14 /* nickserv/userserv */
15 #define PRIV_USER_AUSPEX     "user:auspex"
16 #define PRIV_USER_ADMIN      "user:admin"
17 #define PRIV_USER_SENDPASS   "user:sendpass"
18 #define PRIV_USER_VHOST      "user:vhost"
19 #define PRIV_USER_FREGISTER  "user:fregister"
20 /* chanserv */
21 #define PRIV_CHAN_AUSPEX     "chan:auspex"
22 #define PRIV_CHAN_ADMIN      "chan:admin"
23 #define PRIV_CHAN_CMODES     "chan:cmodes"
24 #define PRIV_JOIN_STAFFONLY  "chan:joinstaffonly"
25 /* nickserv/userserv+chanserv */
26 #define PRIV_MARK            "user:mark"
27 #define PRIV_HOLD            "user:hold"
28 #define PRIV_REG_NOLIMIT     "user:regnolimit"
29 /* generic */
30 #define PRIV_SERVER_AUSPEX   "general:auspex"
31 #define PRIV_VIEWPRIVS       "general:viewprivs"
32 #define PRIV_FLOOD           "general:flood"
33 #define PRIV_HELPER	     "general:helper"
34 #define PRIV_METADATA        "general:metadata"
35 #define PRIV_ADMIN           "general:admin"
36 /* operserv */
37 #define PRIV_OMODE           "operserv:omode"
38 #define PRIV_AKILL           "operserv:akill"
39 #define PRIV_MASS_AKILL      "operserv:massakill"
40 #define PRIV_AKILL_ANYMASK   "operserv:akill-anymask"
41 #define PRIV_JUPE            "operserv:jupe"
42 #define PRIV_NOOP            "operserv:noop"
43 #define PRIV_GLOBAL          "operserv:global"
44 #define PRIV_GRANT           "operserv:grant"
45 #define PRIV_OVERRIDE        "operserv:override"
46 /* saslserv */
47 #define PRIV_IMPERSONATE_CLASS_FMT	"impersonate:class:%s"
48 #define PRIV_IMPERSONATE_ENTITY_FMT	"impersonate:entity:%s"
49 #define PRIV_IMPERSONATE_ANY		"impersonate:any"
50 
51 /* other access levels */
52 #define AC_NONE NULL /* anyone */
53 #define AC_DISABLED "special:disabled" /* noone */
54 #define AC_AUTHENTICATED "special:authenticated"
55 /* please do not use the following anymore */
56 #define AC_IRCOP "special:ircop"
57 #define AC_SRA "general:admin"
58 
59 struct operclass_ {
60   char *name;
61   char *privs; /* priv1 priv2 priv3... */
62   int flags;
63   mowgli_node_t node;
64 };
65 
66 #define OPERCLASS_NEEDOPER	0x1 /* only give privs to IRCops */
67 #define OPERCLASS_BUILTIN	0x2 /* builtin */
68 
69 /* soper list struct */
70 struct soper_ {
71   myuser_t *myuser;
72   char *name;
73   operclass_t *operclass;
74   char *classname;
75   int flags;
76   char *password;
77 };
78 
79 #define SOPER_CONF	0x1 /* oper is listed in atheme.conf */
80 
81 /* privs.c */
82 E mowgli_list_t operclasslist;
83 E mowgli_list_t soperlist;
84 
85 E void init_privs(void);
86 
87 E operclass_t *operclass_add(const char *name, const char *privs, int flags);
88 E void operclass_delete(operclass_t *operclass);
89 E operclass_t *operclass_find(const char *name);
90 
91 E soper_t *soper_add(const char *name, const char *classname, int flags, const char *password);
92 E void soper_delete(soper_t *soper);
93 E soper_t *soper_find(myuser_t *myuser);
94 E soper_t *soper_find_named(const char *name);
95 
96 E bool is_soper(myuser_t *myuser);
97 E bool is_conf_soper(myuser_t *myuser);
98 
99 /* has_any_privs(): used to determine whether we should give detailed
100  * messages about disallowed things
101  * warning: do not use this for any kind of real privilege! */
102 E bool has_any_privs(sourceinfo_t *);
103 E bool has_any_privs_user(user_t *);
104 /* has_priv(): for sources of commands */
105 E bool has_priv(sourceinfo_t *, const char *);
106 /* has_priv_user(): for online users */
107 E bool has_priv_user(user_t *, const char *);
108 /* has_priv_myuser(): channel succession etc */
109 E bool has_priv_myuser(myuser_t *, const char *);
110 /* has_priv_operclass(): /os specs etc */
111 E bool has_priv_operclass(operclass_t *, const char *);
112 /* has_all_operclass(): checks if source has all privs in operclass */
113 E bool has_all_operclass(sourceinfo_t *, operclass_t *);
114 
115 /* get_sourceinfo_soper(): get the specific operclass role which is granting
116  * privilege authority
117  */
118 E const soper_t *get_sourceinfo_soper(sourceinfo_t *si);
119 /* get_sourceinfo_operclass(): get the specific operclass role which is granting
120  * privilege authority
121  */
122 E const operclass_t *get_sourceinfo_operclass(sourceinfo_t *si);
123 
124 #endif /* PRIVS_H */
125 
126 /* vim:cinoptions=>s,e0,n0,f0,{0,}0,^0,=s,ps,t0,c3,+s,(2s,us,)20,*30,gs,hs
127  * vim:ts=8
128  * vim:sw=8
129  * vim:noexpandtab
130  */
131