diff --git a/code/__DEFINES/admin.dm b/code/__DEFINES/admin.dm index 9702d51004ad..6844721cd7f0 100644 --- a/code/__DEFINES/admin.dm +++ b/code/__DEFINES/admin.dm @@ -71,3 +71,6 @@ var/global/list/note_categories = list("Admin", "Merit", "Commanding Officer", " #define ANTIGRIEF_NEW_PLAYERS 1 /// Enables antigrief entirely: Nobody can activate explosives on the Almayer, unless the ship crashed. #define ANTIGRIEF_ENABLED 2 + +/// Proc has been blocked by IsAdminAdvancedProcCall() +#define PROC_BLOCKED "PROCCALL BLOCKED" diff --git a/code/__HELPERS/type2type.dm b/code/__HELPERS/type2type.dm index 960f894d676f..4e4a1b3ff31c 100644 --- a/code/__HELPERS/type2type.dm +++ b/code/__HELPERS/type2type.dm @@ -226,7 +226,6 @@ if(rights & R_POSSESS) . += "[seperator]+POSSESS" if(rights & R_PERMISSIONS) . += "[seperator]+PERMISSIONS" if(rights & R_STEALTH) . += "[seperator]+STEALTH" - if(rights & R_REJUVINATE) . += "[seperator]+REJUVINATE" if(rights & R_COLOR) . += "[seperator]+COLOR" if(rights & R_VAREDIT) . += "[seperator]+VAREDIT" if(rights & R_SOUNDS) . += "[seperator]+SOUND" diff --git a/code/_globalvars/bitfields.dm b/code/_globalvars/bitfields.dm index 121d1e305e43..09b55accf16d 100644 --- a/code/_globalvars/bitfields.dm +++ b/code/_globalvars/bitfields.dm @@ -25,7 +25,6 @@ DEFINE_BITFIELD(rights, list( "POSSESS" = R_POSSESS, "PERMISSIONS" = R_PERMISSIONS, "STEALTH" = R_STEALTH, - "REJUVENATE" = R_REJUVINATE, "COLOR" = R_COLOR, "VAREDIT" = R_VAREDIT, "SOUNDS" = R_SOUNDS, diff --git a/code/controllers/configuration/configuration.dm b/code/controllers/configuration/configuration.dm index 86d5a11a668e..7f23bf494d20 100644 --- a/code/controllers/configuration/configuration.dm +++ b/code/controllers/configuration/configuration.dm @@ -24,7 +24,8 @@ /datum/controller/configuration/proc/admin_reload() if(IsAdminAdvancedProcCall()) - return + alert_proccall("configuration admin_reload") + return PROC_BLOCKED log_admin("[key_name(usr)] has forcefully reloaded the configuration from disk.") message_admins("[key_name_admin(usr)] has forcefully reloaded the configuration from disk.") full_wipe() @@ -33,7 +34,8 @@ /datum/controller/configuration/proc/Load(_directory) if(IsAdminAdvancedProcCall()) //If admin proccall is detected down the line it will horribly break everything. - return + alert_proccall("configuration Load") + return PROC_BLOCKED if(_directory) directory = _directory if(entries) @@ -117,7 +119,8 @@ /datum/controller/configuration/proc/full_wipe() if(IsAdminAdvancedProcCall()) - return + alert_proccall("configuration full_wipe") + return PROC_BLOCKED entries_by_type.Cut() QDEL_LIST_ASSOC_VAL(entries) entries = null @@ -163,7 +166,8 @@ /datum/controller/configuration/proc/LoadEntries(filename, list/stack = list()) if(IsAdminAdvancedProcCall()) - return + alert_proccall("configuration LoadEntries") + return PROC_BLOCKED var/filename_to_test = world.system_type == MS_WINDOWS ? lowertext(filename) : filename if(filename_to_test in stack) diff --git a/code/global.dm b/code/global.dm index 3f5a2f16adf1..28a8926cade4 100644 --- a/code/global.dm +++ b/code/global.dm @@ -12,20 +12,19 @@ #define R_POSSESS (1<<5) #define R_PERMISSIONS (1<<6) #define R_STEALTH (1<<7) -#define R_REJUVINATE (1<<8) -#define R_COLOR (1<<9) -#define R_VAREDIT (1<<10) -#define R_SOUNDS (1<<11) -#define R_SPAWN (1<<12) -#define R_MOD (1<<13) -#define R_MENTOR (1<<14) -#define R_HOST (1<<15) -#define R_PROFILER (1<<16) -#define R_NOLOCK (1<<17) -#define R_EVENT (1<<18) +#define R_COLOR (1<<8) +#define R_VAREDIT (1<<9) +#define R_SOUNDS (1<<10) +#define R_SPAWN (1<<11) +#define R_MOD (1<<12) +#define R_MENTOR (1<<13) +#define R_HOST (1<<14) +#define R_PROFILER (1<<15) +#define R_NOLOCK (1<<16) +#define R_EVENT (1<<17) /// The sum of all other rank permissions, other than host or profiler. -#define RL_EVERYTHING (R_BUILDMODE|R_ADMIN|R_BAN|R_SERVER|R_DEBUG|R_PERMISSIONS|R_POSSESS|R_STEALTH|R_REJUVINATE|R_COLOR|R_VAREDIT|R_EVENT|R_SOUNDS|R_NOLOCK|R_SPAWN|R_MOD|R_MENTOR) +#define RL_EVERYTHING (R_BUILDMODE|R_ADMIN|R_BAN|R_SERVER|R_DEBUG|R_PERMISSIONS|R_POSSESS|R_STEALTH|R_COLOR|R_VAREDIT|R_EVENT|R_SOUNDS|R_NOLOCK|R_SPAWN|R_MOD|R_MENTOR) /// Truely everything #define RL_HOST (RL_EVERYTHING|R_HOST|R_PROFILER) // 512.1430 increases maximum bit flags from 16 to 24, so the following flags should be available for future changes: diff --git a/code/modules/admin/NewBan.dm b/code/modules/admin/NewBan.dm index fab0c24622fe..b64b1e4682fd 100644 --- a/code/modules/admin/NewBan.dm +++ b/code/modules/admin/NewBan.dm @@ -226,6 +226,9 @@ var/savefile/Banlist RemoveBan(A) /client/proc/cmd_admin_do_ban(mob/M) + if(IsAdminAdvancedProcCall()) + alert_proccall("cmd_admin_do_ban") + return PROC_BLOCKED if(!check_rights(R_BAN|R_MOD)) return if(!ismob(M)) return diff --git a/code/modules/admin/admin_ranks.dm b/code/modules/admin/admin_ranks.dm index aa0a45353c06..cbeb1169c807 100644 --- a/code/modules/admin/admin_ranks.dm +++ b/code/modules/admin/admin_ranks.dm @@ -34,7 +34,6 @@ var/list/admin_ranks = list() //list of all ranks with associated rights if("permissions","rights") rights |= R_PERMISSIONS if("possess") rights |= R_POSSESS if("stealth") rights |= R_STEALTH - if("rejuv","rejuvinate") rights |= R_REJUVINATE if("color") rights |= R_COLOR if("varedit") rights |= R_VAREDIT if("event") rights |= R_EVENT diff --git a/code/modules/admin/callproc.dm b/code/modules/admin/callproc.dm index f84121785360..1af1f5aa9fa3 100644 --- a/code/modules/admin/callproc.dm +++ b/code/modules/admin/callproc.dm @@ -72,7 +72,8 @@ GLOBAL_PROTECT(LastAdminCalledProc) */ /proc/HandleUserlessProcCall(user, datum/target, procname, list/arguments) if(IsAdminAdvancedProcCall()) - return + alert_proccall("HandleUserlessProcCall") + return PROC_BLOCKED var/mob/proccall_handler/handler = GLOB.AdminProcCallHandler handler.add_caller(user) var/lastusr = usr @@ -90,7 +91,8 @@ GLOBAL_PROTECT(LastAdminCalledProc) */ /proc/HandleUserlessSDQL(user, query_text) if(IsAdminAdvancedProcCall()) - return + alert_proccall("HandleUserlessSDQL") + return PROC_BLOCKED var/mob/proccall_handler/handler = GLOB.AdminProcCallHandler handler.add_caller(user) @@ -224,6 +226,10 @@ GLOBAL_PROTECT(LastAdminCalledProc) /proc/IsAdminAdvancedProcCall() return (GLOB.AdminProcCaller && GLOB.AdminProcCaller == usr?.client?.ckey) || (GLOB.AdminProcCallHandler && usr == GLOB.AdminProcCallHandler) +/proc/alert_proccall(procname = "Unknown") + to_chat(usr, SPAN_BOLDWARNING("Warning: Force attempt has been logged.")) + message_admins("[key_name(usr)] has attempted to execute a restricted proc. ([procname])") + /client/proc/callproc_datum(datum/called_datum as null|area|mob|obj|turf) set category = "Debug" set name = "Datum ProcCall" diff --git a/code/modules/admin/holder2.dm b/code/modules/admin/holder2.dm index a119d4c0519f..e7559f3aa4fd 100644 --- a/code/modules/admin/holder2.dm +++ b/code/modules/admin/holder2.dm @@ -129,15 +129,18 @@ you will have to do something like if(client.admin_holder.rights & R_ADMIN) your return 0 /client/proc/deadmin() + if(IsAdminAdvancedProcCall()) + alert_proccall("deadmin") + return PROC_BLOCKED if(admin_holder) admin_holder.disassociate() QDEL_NULL(admin_holder) - return 1 + return TRUE /client/proc/readmin() if(admin_datums[ckey]) admin_datums[ckey].associate(src) - return 1 + return TRUE /datum/admins/proc/check_for_rights(rights_required) if(rights_required && !(rights_required & rights)) diff --git a/code/modules/admin/topic/topic.dm b/code/modules/admin/topic/topic.dm index b371db087be6..1f8f4fc20f8a 100644 --- a/code/modules/admin/topic/topic.dm +++ b/code/modules/admin/topic/topic.dm @@ -982,7 +982,7 @@ message_admins("[key_name_admin(usr)] has sent [key_name_admin(M)] to the thunderdome. (Observer.)", 1) else if(href_list["revive"]) - if(!check_rights(R_REJUVINATE)) return + if(!check_rights(R_MOD)) return var/mob/living/L = locate(href_list["revive"]) if(!istype(L)) diff --git a/code/modules/client/client_procs.dm b/code/modules/client/client_procs.dm index 07edc2c9781f..82f2122de9c4 100644 --- a/code/modules/client/client_procs.dm +++ b/code/modules/client/client_procs.dm @@ -616,7 +616,8 @@ GLOBAL_LIST_INIT(whitelisted_client_procs, list( */ /client/proc/init_verbs() if(IsAdminAdvancedProcCall()) - return + alert_proccall("init_verbs") + return PROC_BLOCKED var/list/verblist = list() var/list/verbstoprocess = verbs.Copy() if(mob) diff --git a/config/example/admin_ranks.txt b/config/example/admin_ranks.txt index e8d13e4f24fb..7fcac3b371f0 100644 --- a/config/example/admin_ranks.txt +++ b/config/example/admin_ranks.txt @@ -19,7 +19,6 @@ # +BAN = the ability to ban, jobban and fullban # +STEALTH = the ability to stealthmin (make yourself appear with a fake name to everyone but other admins # +POSSESS = the ability to possess objects -# +REJUV (or +REJUVINATE) = the ability to heal, respawn, modify damage and use godmode # +COLOR = the ability to use the OOC > "Set OOC Color - Self" verb # +BUILD (or +BUILDMODE) = the ability to use buildmode # +SERVER = higher-risk admin verbs and abilities, such as those which affect the server configuration. @@ -36,16 +35,16 @@ Mentor +MENTOR +COLOR Trial Moderator +MOD +SERVER +COLOR -Moderator +MOD +SERVER +BAN +REJUV +COLOR +NOLOCK -Trial Admin +ADMIN +MOD +SERVER +BAN +REJUV +SPAWN +STEALTH +VAREDIT +COLOR -Admin +ADMIN +MOD +SERVER +BAN +REJUV +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE +Moderator +MOD +SERVER +BAN +COLOR +NOLOCK +Trial Admin +ADMIN +MOD +SERVER +BAN +SPAWN +STEALTH +VAREDIT +COLOR +Admin +ADMIN +MOD +SERVER +BAN +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE Coder +MOD +SERVER +BAN +VAREDIT +SPAWN +DEBUG +COLOR Mapper +MOD +VAREDIT +COLOR +BUILDMODE +SPAWN Spriter +MOD +VAREDIT +SPAWN +COLOR -Developer +ADMIN +MOD +SERVER +BAN +VAREDIT +SPAWN +DEBUG +REJUV +POSSESS +BUILDMODE +SOUND +COLOR -Lead Spriter +ADMIN +MOD +SERVER +REJUV +VAREDIT +BUILDMODE +SPAWN +DEBUG +COLOR +Developer +ADMIN +MOD +SERVER +BAN +VAREDIT +SPAWN +DEBUG +POSSESS +BUILDMODE +SOUND +COLOR +Lead Spriter +ADMIN +MOD +SERVER +VAREDIT +BUILDMODE +SPAWN +DEBUG +COLOR Host +EVERYTHING @@ -55,6 +54,6 @@ Head Dev +EVERYTHING Legacy Mentor +MENTOR +COLOR -Senior Moderator +ADMIN +MOD +SERVER +BAN +REJUV +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE -Senior Admin +ADMIN +MOD +SERVER +BAN +REJUV +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE +DEBUG +Senior Moderator +ADMIN +MOD +SERVER +BAN +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE +Senior Admin +ADMIN +MOD +SERVER +BAN +SPAWN +STEALTH +VAREDIT +POSSESS +SOUND +COLOR +BUILDMODE +DEBUG