"/join #chan override" channel mode +z

These are old archives. They are kept for historic purposes only.
Post Reply
viein
Posts: 10
Joined: Sat Jun 21, 2014 5:47 pm

"/join #chan override" channel mode +z

Post by viein »

m_join:

Code: Select all

/* This function adds as an extra (weird) operoverride.
 * Currently it's only used if you try to operoverride for a +z channel,
 * if you then do '/join #chan override' it will put the channel -z and allow you directly in.
 * This is to avoid attackers from using 'race conditions' to prevent you from joining.
 * PARAMETERS: sptr = the client, chptr = the channel, mval = mode value (eg MODE_ONLYSECURE),
 *             mchar = mode char (eg 'z')
 * RETURNS: 1 if operoverride, 0 if not.
 */
int extended_operoverride(aClient *sptr, aChannel *chptr, char *key, int mval, char mchar) ...
ok further in m_join the section that concern secure mode

Code: Select all

DLLFUNC int _can_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *key, char *link, char *parv[])
{
Link *lp;
Ban *banned;

	if ((chptr->mode.mode & MODE_ONLYSECURE) && !(sptr->umodes & UMODE_SECURE))
	{
		if (IsAnOper(sptr))
		{
			/* Yeah yeah.. duplicate code..
			 * Anyway: if the channel is +z we still allow an ircop to bypass it
			 * if they are invited.
			 */
			for (lp = sptr->user->invited; lp; lp = lp->next)
				if (lp->value.chptr == chptr)
					return 0;
		}
		return (ERR_SECUREONLYCHAN);
	}
...
i don't see in the code the function (extended_operoverride) called (used) again to check whether an oper could bypass that restriction (+z) int _can_join not even on (_can_join) above
i tried to use: "/join #chan override" as an oper who had the flag can_override with nothing happend channel still +z and get i ERR_SECUREONLYCHAN
of course /invite works well, i just want to know why ?
ps: i think it doesn't matter anway ... unrealircd isn't compiled with ssl support
thanks to all the Team.
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: "/join #chan override" channel mode +z

Post by Stealth »

"/join #chan override" is not the proper method to override modes or bans on a channel. You always need to invite yourself into the channel.

If the channel is +z and the oper is not +z, the oper will still be unable to join (as I recall). +z will need to be removed for a non-SSL oper to join.

EDIT: Opers should ALWAYS use SSL when available. Not using SSL and being an oper opens up the potential for an attacker to get oper login information through packet sniffing or connection hijacking.
viein
Posts: 10
Joined: Sat Jun 21, 2014 5:47 pm

Re: "/join #chan override" channel mode +z

Post by viein »

i tested it channel +z oper not +z, did invite override after that /join it's ok i was able to join the channel but the channel still +z mode not as described in the source

quote " if you then do '/join #chan override' it will put the channel -z and allow you directly in."

i know about important of ssl for opers it just for tests stuff.
Post Reply