Right...
Background Information
I used the following server configuration:
Code: Select all
server1 <---> server2 <---> services
Both IRCd's were v3.2.2b, and the version of Services used was 5.0.44.
Test 1 - non-oper being the first to join a channel with +O mlocked on
First off, I had to register the channel. Obviously, I made sure that things like restricted mode were turned off. As soon as the non-oper attempted to join the channel, ChanServ kicked/banned the user.
Test 2 - locop being the first to join a channel with +O mlocked on
I gave my dummy client a local oper block on server 2, and successfully managed to oper up that client. However, an interesting thing was noticed: I have the option whereby OperServ broadcasts to the network about oper-ups turned on, so OperServ should have sent a notice when the locops gained locop status; no such message was sent. Indicative of things to come. Needless to say, the results here were the same for in the previous test - ChanServ kicked/banned the locop.
Test 3 - locop joining a channel with +O mlocked on
One would expect the result to be the same as the previous test, and indeed this was the case.
Test 4 - locop joining a channel with +O on, but not in the mlock
Same result. Surprise, surprise.
Test 5 - attempt to gain access via a netsplit
I moved the locop to server 1, then split the link between servers 1 and 2. Once done, the locop joined the channel (which was empty). Then, I relinked the two servers. As soon as the link was reestablished, ChanServ removed the locop from the channel. No surprise there
Test 6 - locop status between servers
I introduced dummy clients on both servers, and performed a /WHOIS on the locop. The clients on the server that the locop was on recognised the locop status, however the clients on the other server did not. This, coupled with the aforementioned broadcast message issue, suggests that UnrealIRCd does not send locop information between servers.
Conclusion
It seems like Services has an undocumented feature preventing users from sneaking into +O channels (by being the first to join, by netsplits, or otherwise). Undoubtedly, this would work for +A as well. However, since UnrealIRCd seemingly does not send locop information between servers (and hence to Services), Services will think that a locop joining a +O channel is unauthorized to do so, and therefore it's +O/+A protection feature will be triggered.
Based on this, your options are:
- Turn +O off and instead control access to the channel via the restricted option. However, this might allow users to get in via netsplits.
- Go to the UnrealIRCd bug tracker and suggest that UnrealIRCd send locop information between servers in future versions.
- Go to the Services mailing list and suggest that this feature either be disabled, or can be user-configurable (on or off).
Should you choose one of the last two options, a link to this thread would be helpful, so that those attempting to rectify this can get a good idea what the problem is.