fix #1443

Improve auditability of sensitive operator actions

irc/chanserv.go

 	chname = regInfo.Name
 	account := client.Account()
 	isFounder := account != "" && account == regInfo.Founder
-	hasPrivs := client.HasRoleCapabs("chanreg")
-	if !(isFounder || hasPrivs) {
-		service.Notice(rb, client.t("Insufficient privileges"))
-		return
+	var oper *Oper
+	if !isFounder {
+		oper = client.Oper()
+		if !oper.HasRoleCapab("chanreg") {
+			service.Notice(rb, client.t("Insufficient privileges"))
+			return
+		}
 	}
 	target := params[1]
 	targetAccount, err := server.accounts.LoadAccount(params[1])
 			return
 		}
 	}
-	status, err := channel.Transfer(client, target, hasPrivs)
+	if !isFounder {
+		message := fmt.Sprintf("Operator %s ran CS TRANSFER on %s to account %s", oper.Name, chname, target)
+		server.snomasks.Send(sno.LocalOpers, message)
+		server.logger.Info("opers", message)
+	}
+	status, err := channel.Transfer(client, target, oper != nil)
 	if err == nil {
 		switch status {
 		case channelTransferComplete:

irc/config.go

 	Modes     []modes.ModeChange
 }
 
+func (oper *Oper) HasRoleCapab(capab string) bool {
+	return oper != nil && oper.Class.Capabilities.Has(capab)
+}
+
 // Operators returns a map of operator configs from the given OperClass and config.
 func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error) {
 	operators := make(map[string]*Oper)

irc/handlers.go

 func dlineHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
 	// check oper permissions
 	oper := client.Oper()
-	if oper == nil || !oper.Class.Capabilities.Has("ban") {
+	if !oper.HasRoleCapab("ban") {
 		rb.Add(nil, server.name, ERR_NOPRIVS, client.nick, msg.Command, client.t("Insufficient oper privs"))
 		return false
 	}
 		}
 	}
 
+	message := fmt.Sprintf("Operator %s ran SAJOIN %s", client.Oper().Name, strings.Join(msg.Params, " "))
+	server.snomasks.Send(sno.LocalOpers, message)
+	server.logger.Info("opers", message)
+
 	channels := strings.Split(channelString, ",")
 	for _, chname := range channels {
 		err, _ := server.channels.Join(target, chname, "", true, rb)
 	details := client.Details()
 	// check oper permissions
 	oper := client.Oper()
-	if oper == nil || !oper.Class.Capabilities.Has("ban") {
+	if !oper.HasRoleCapab("ban") {
 		rb.Add(nil, server.name, ERR_NOPRIVS, details.nick, msg.Command, client.t("Insufficient oper privs"))
 		return false
 	}
 		return false
 	}
 
+	if msg.Command == "SAMODE" {
+		message := fmt.Sprintf("Operator %s ran SAMODE %s", client.Oper().Name, strings.Join(msg.Params, " "))
+		server.snomasks.Send(sno.LocalOpers, message)
+		server.logger.Info("opers", message)
+	}
+
 	// applied mode changes
 	applied := make(modes.ModeChanges, 0)
 
 		copy(modeChanges[1:], oper.Modes)
 		applied := ApplyUserModeChanges(client, modeChanges, true, oper)
 
+		client.server.logger.Info("opers", details.nick, "opered up as", oper.Name)
 		client.server.snomasks.Send(sno.LocalOpers, fmt.Sprintf(ircfmt.Unescape("Client opered up $c[grey][$r%s$c[grey], $r%s$c[grey]]"), newDetails.nickMask, oper.Name))
 
 		rb.Broadcast(nil, client.server.name, RPL_YOUREOPER, details.nick, client.t("You are now an IRC operator"))
 func unDLineHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
 	// check oper permissions
 	oper := client.Oper()
-	if oper == nil || !oper.Class.Capabilities.Has("ban") {
+	if !oper.HasRoleCapab("ban") {
 		rb.Add(nil, server.name, ERR_NOPRIVS, client.nick, msg.Command, client.t("Insufficient oper privs"))
 		return false
 	}
 	details := client.Details()
 	// check oper permissions
 	oper := client.Oper()
-	if oper == nil || !oper.Class.Capabilities.Has("ban") {
+	if !oper.HasRoleCapab("ban") {
 		rb.Add(nil, server.name, ERR_NOPRIVS, details.nick, msg.Command, client.t("Insufficient oper privs"))
 		return false
 	}

irc/nickserv.go

 	var newPassword string
 	var errorMessage string
 
-	hasPrivs := client.HasRoleCapabs("accreg")
+	var oper *Oper
 
 	switch len(params) {
 	case 2:
-		if !hasPrivs {
+		oper = client.Oper()
+		if !oper.HasRoleCapab("accreg") {
 			errorMessage = `Insufficient privileges`
 		} else {
 			target, newPassword = params[0], params[1]
 			if newPassword == "*" {
 				newPassword = ""
 			}
+			message := fmt.Sprintf("Operator %s ran NS PASSWD for account %s", oper.Name, target)
+			server.snomasks.Send(sno.LocalOpers, message)
+			server.logger.Info("opers", message)
 		}
 	case 3:
 		target = client.Account()
 		return
 	}
 
-	err := server.accounts.setPassword(target, newPassword, hasPrivs)
+	err := server.accounts.setPassword(target, newPassword, oper != nil)
 	switch err {
 	case nil:
 		service.Notice(rb, client.t("Password changed"))
 		// User must have "kill" privileges to logout other user sessions.
 		if target != client {
 			oper := client.Oper()
-			if oper == nil || !oper.Class.Capabilities.Has("kill") {
+			if oper.HasRoleCapab("kill") {
 				service.Notice(rb, client.t("Insufficient oper privs"))
 				return
 			}