From 42a313486a412101910d91da6965e43a6cf8b4a2 Mon Sep 17 00:00:00 2001
From: David Anderson <dvander@alliedmods.net>
Date: Tue, 8 Jan 2008 03:06:33 +0000
Subject: [PATCH] - added amb1332, new cvar protection mechanism for
 rcon_password - removed FCVAR_PROTECTED from Core cvars

--HG--
extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/trunk%401845
---
 core/AdminCache.cpp                  |  2 +-
 core/smn_player.cpp                  |  2 +-
 plugins/basecommands.sp              | 85 +++++++++++++++++++---------
 translations/plugin.basecommands.txt |  6 ++
 4 files changed, 66 insertions(+), 29 deletions(-)

diff --git a/core/AdminCache.cpp b/core/AdminCache.cpp
index f8c880e3..9e447248 100644
--- a/core/AdminCache.cpp
+++ b/core/AdminCache.cpp
@@ -50,7 +50,7 @@ AdminCache g_Admins;
 AdminFlag g_FlagLetters[26];
 bool g_FlagSet[26];
 
-ConVar sm_immunity_mode("sm_immunity_mode", "1", FCVAR_SPONLY|FCVAR_PROTECTED, "Mode for deciding immunity protection");
+ConVar sm_immunity_mode("sm_immunity_mode", "1", FCVAR_SPONLY, "Mode for deciding immunity protection");
 
 /* Default flags */
 AdminFlag g_DefaultFlags[26] = 
diff --git a/core/smn_player.cpp b/core/smn_player.cpp
index 03f504b0..09c3f4e8 100644
--- a/core/smn_player.cpp
+++ b/core/smn_player.cpp
@@ -38,7 +38,7 @@
 #include <inetchannel.h>
 #include <iclient.h>
 
-ConVar sm_show_activity("sm_show_activity", "13", FCVAR_SPONLY|FCVAR_PROTECTED, "Activity display setting (see sourcemod.cfg)");
+ConVar sm_show_activity("sm_show_activity", "13", FCVAR_SPONLY, "Activity display setting (see sourcemod.cfg)");
 
 static cell_t sm_GetClientCount(IPluginContext *pCtx, const cell_t *params)
 {
diff --git a/plugins/basecommands.sp b/plugins/basecommands.sp
index 3471bc5a..a33f2c68 100644
--- a/plugins/basecommands.sp
+++ b/plugins/basecommands.sp
@@ -49,6 +49,7 @@ public Plugin:myinfo =
 new Handle:hTopMenu = INVALID_HANDLE;
 
 new Handle:g_MapList;
+new Handle:g_ProtectedVars;
 
 #include "basecommands/kick.sp"
 #include "basecommands/reloadadmins.sp"
@@ -85,6 +86,11 @@ public OnPluginStart()
 	decl String:mapListPath[PLATFORM_MAX_PATH];
 	BuildPath(Path_SM, mapListPath, sizeof(mapListPath), "configs/adminmenu_maplist.ini");
 	SetMapListCompatBind("sm_map menu", mapListPath);
+	
+	g_ProtectedVars = CreateTrie();
+	ProtectVar("rcon_password");
+	ProtectVar("sm_show_activity");
+	ProtectVar("sm_immunity_mode");
 }
 
 public OnMapStart()
@@ -97,6 +103,17 @@ public OnConfigsExecuted()
 	LoadMapList(g_MapList);
 }
 
+ProtectVar(const String:cvar[])
+{
+	SetTrieValue(g_ProtectedVars, cvar, 1);
+}
+
+bool:IsVarProtected(const String:cvar[])
+{
+	decl dummy_value;
+	return GetTrieValue(g_ProtectedVars, cvar, dummy_value);
+}
+
 public OnAdminMenuReady(Handle:topmenu)
 {
 	/* Block us from being called twice */
@@ -244,12 +261,32 @@ public Action:Command_Cvar(client, args)
 {
 	if (args < 1)
 	{
-		ReplyToCommand(client, "[SM] Usage: sm_cvar <cvar> [value]");
+		if (client == 0)
+		{
+			ReplyToCommand(client, "[SM] Usage: sm_cvar <cvar|protect> [value]");
+		}
+		else
+		{
+			ReplyToCommand(client, "[SM] Usage: sm_cvar <cvar> [value]");
+		}
 		return Plugin_Handled;
 	}
 
 	decl String:cvarname[64];
 	GetCmdArg(1, cvarname, sizeof(cvarname));
+	
+	if (client == 0 && StrEqual(cvarname, "protect"))
+	{
+		if (args < 2)
+		{
+			ReplyToCommand(client, "[SM] Usage: sm_cvar <protect> <cvar>");
+			return Plugin_Handled;
+		}
+		GetCmdArg(2, cvarname, sizeof(cvarname));
+		ProtectVar(cvarname);
+		ReplyToCommand(client, "[SM] %t", "Cvar is now protected", cvarname);
+		return Plugin_Handled;
+	}
 
 	new Handle:hndl = FindConVar(cvarname);
 	if (hndl == INVALID_HANDLE)
@@ -257,36 +294,30 @@ public Action:Command_Cvar(client, args)
 		ReplyToCommand(client, "[SM] %t", "Unable to find cvar", cvarname);
 		return Plugin_Handled;
 	}
-
+	
 	new bool:allowed = false;
-	if (GetConVarFlags(hndl) & FCVAR_PROTECTED)
-	{
-		/* If they're root, allow anything */
-		if ((GetUserFlagBits(client) & ADMFLAG_ROOT) == ADMFLAG_ROOT)
-		{
-			allowed = true;
-		}
-		/* If they're not root, and getting sv_password, see if they have ADMFLAG_PASSWORD */
-		else if (StrEqual(cvarname, "sv_password") && (GetUserFlagBits(client) & ADMFLAG_PASSWORD))
-		{
-			allowed = true;
-		}
-	}
-	/* Do a check for the cheat cvar */
-	else if (StrEqual(cvarname, "sv_cheats"))
-	{
-		if (GetUserFlagBits(client) & ADMFLAG_CHEATS
-			|| GetUserFlagBits(client) & ADMFLAG_ROOT)
-		{
-			allowed = true;
-		}
-	}
-	/* If we drop down to here, it was a normal cvar. */
-	else
+	new client_flags = GetUserFlagBits(client);
+	
+	if (client_flags & ADMFLAG_ROOT)
 	{
 		allowed = true;
 	}
-
+	else
+	{
+		if (GetConVarFlags(hndl) & FCVAR_PROTECTED)
+		{
+			allowed = ((client_flags & ADMFLAG_PASSWORD) == ADMFLAG_PASSWORD);
+		}
+		else if (StrEqual(cvarname, "sv_cheats"))
+		{
+			allowed = ((client_flags & ADMFLAG_CHEATS) == ADMFLAG_CHEATS);
+		}
+		else if (!IsVarProtected(cvarname))
+		{
+			allowed = true;
+		}
+	}
+	
 	if (!allowed)
 	{
 		ReplyToCommand(client, "[SM] %t", "No access to cvar");
diff --git a/translations/plugin.basecommands.txt b/translations/plugin.basecommands.txt
index 7410b72a..48400328 100644
--- a/translations/plugin.basecommands.txt
+++ b/translations/plugin.basecommands.txt
@@ -129,4 +129,10 @@
 	{
 		"en"			"Admin access"
 	}
+	
+	"Cvar is now protected"
+	{
+		"#format"		"{1:s}"
+		"en"			"Cvar {1} is now protected."
+	}
 }