Merge the servprotect module into the services module.

2025-03-09 10:39:02 -04:00 · 2023-02-19 19:18:10 +00:00 · 2023-02-19 19:18:10 +00:00 · 1a830b5679
commit 1a830b5679
parent 0b3e14dadb
6 changed files with 78 additions and 135 deletions
--- a/docs/conf/helpop.conf.example
+++ b/docs/conf/helpop.conf.example
@ -826,7 +826,7 @@ using their cloak when they quit.
              a common channel.
 k            Prevents the user from being kicked from channels, or
              having op modes removed from them (services only,
-              requires the servprotect module).
+              requires the services module).
 o            Marks as a server operator.
 s <mask>     Receives server notices specified by <mask>
              (server operators only).
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -2147,11 +2147,6 @@
 #            showmsg="yes"
 #            waittime="1m">

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Servprotect module: Provides support for Austhex style +k /
-# UnrealIRCD +S services mode.
-#<module name="servprotect">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # See nicks module: Adds snomask +n and +N which show local and remote
 # nick changes.
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@ -636,6 +636,8 @@ std::vector<std::string> ServerConfig::GetModules() const
 			modules.push_back("account");
 			modules.push_back("services");
 		}
+		else if (stdalgo::string::equalsci(shortname, "servprotect"))
+			modules.push_back("services");
 		else
 		{
 			// No need to rewrite this module name.
--- a/src/modules/m_services.cpp
+++ b/src/modules/m_services.cpp
@ -20,6 +20,12 @@
 #include "inspircd.h"
 #include "modules/account.h"

+enum
+{
+	// From UnrealIRCd.
+	ERR_KILLDENY = 485
+};
+
 class RegisteredChannel final
 	: public SimpleChannelMode
 {
@ -43,6 +49,24 @@ public:
 	}
 };

+class ServProtect final
+	: public SimpleUserMode
+{
+public:
+	ServProtect(Module* Creator)
+		: SimpleUserMode(Creator, "servprotect", 'k', true)
+	{
+	}
+
+	bool OnModeChange(User* source, User* dest, Channel* channel, Modes::Change& change) override
+	{
+		// As this mode is only intended for use by pseudoclients the only way
+		// to set it is by introducing a user with it.
+		return false;
+	}
+};
+
+
 class RegisteredUser final
 	: public SimpleUserMode
 {
@ -74,6 +98,7 @@ private:
 	Account::API accountapi;
 	RegisteredChannel registeredcmode;
 	RegisteredUser registeredumode;
+	ServProtect servprotectmode;

 public:
 	ModuleServices()
@ -81,9 +106,58 @@ public:
 		, accountapi(this)
 		, registeredcmode(this)
 		, registeredumode(this)
+		, servprotectmode(this)
 	{
 	}

+	ModResult OnKill(User* source, User* dest, const std::string& reason) override
+	{
+		if (!source)
+			return MOD_RES_PASSTHRU;
+
+		if (dest->IsModeSet(servprotectmode))
+		{
+			source->WriteNumeric(ERR_KILLDENY, INSP_FORMAT("You are not permitted to kill {} services!", ServerInstance->Config->Network));
+			return MOD_RES_DENY;
+		}
+		return MOD_RES_PASSTHRU;
+	}
+
+	ModResult OnRawMode(User* user, Channel* chan, const Modes::Change& change) override
+	{
+		if (!IS_LOCAL(user) || change.adding || change.param.empty())
+			return MOD_RES_PASSTHRU; // We only care about local users removing prefix modes.
+
+		const PrefixMode* const pm = change.mh->IsPrefixMode();
+		if (!pm)
+			return MOD_RES_PASSTHRU; // Mode is not a prefix mode.
+
+		auto* target = ServerInstance->Users.Find(change.param);
+		if (!target)
+			return MOD_RES_PASSTHRU; // Target does not exist.
+
+		Membership* memb = chan->GetUser(target);
+		if (!memb || !memb->HasMode(pm))
+			return MOD_RES_PASSTHRU; // Target does not have the mode.
+
+		if (target->IsModeSet(servprotectmode))
+		{
+			user->WriteNumeric(ERR_RESTRICTED, chan->name, INSP_FORMAT("You are not permitted to remove privileges from {} services!", ServerInstance->Config->Network));
+			return MOD_RES_DENY;
+		}
+		return MOD_RES_PASSTHRU;
+	}
+
+	ModResult OnUserPreKick(User* source, Membership* memb, const std::string& reason) override
+	{
+		if (memb->user->IsModeSet(servprotectmode))
+		{
+			source->WriteNumeric(ERR_RESTRICTED, memb->chan->name, INSP_FORMAT("You are not permitted to kick {} services!", ServerInstance->Config->Network));
+			return MOD_RES_DENY;
+		}
+		return MOD_RES_PASSTHRU;
+	}
+
 	void OnUserPostNick(User* user, const std::string& oldnick) override
 	{
 		if (user->IsModeSet(registeredumode) && irc::equals(oldnick, user->nick))
--- a/src/modules/m_servprotect.cpp
+++ b/src/modules/m_servprotect.cpp
@ -1,128 +0,0 @@
-/*
- * InspIRCd -- Internet Relay Chat Daemon
- *
- *   Copyright (C) 2013, 2017-2018, 2020-2022 Sadie Powell <sadie@witchery.services>
- *   Copyright (C) 2012-2016 Attila Molnar <attilamolnar@hush.com>
- *   Copyright (C) 2012 Robby <robby@chatbelgie.be>
- *   Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
- *   Copyright (C) 2008 Craig Edwards <brain@inspircd.org>
- *   Copyright (C) 2007-2008 Robin Burchell <robin+git@viroteck.net>
- *
- * This file is part of InspIRCd.  InspIRCd is free software: you can
- * redistribute it and/or modify it under the terms of the GNU General Public
- * License as published by the Free Software Foundation, version 2.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include "inspircd.h"
-
-enum
-{
-	// From UnrealIRCd.
-	ERR_KILLDENY = 485
-};
-
-class ServProtectMode final
-	: public SimpleUserMode
-{
-public:
-	ServProtectMode(Module* Creator)
-		: SimpleUserMode(Creator, "servprotect", 'k', true)
-	{
-	}
-
-	bool OnModeChange(User* source, User* dest, Channel* channel, Modes::Change& change) override
-	{
-		/* Because this returns false all the time, there is only ONE
-		 * way to add this mode and that is at client introduction in the UID command,
-		 * as this calls OnModeChange for each mode but disregards the return values.
-		 * The mode cannot be manually added or removed, not even by a server or by a remote
-		 * user or service, which prevents its (ab)use as a kiddie 'god mode' on such networks.
-		 * I'm sure if someone really wants to do that they can make a copy of this module
-		 * that does the job. It won't be me though!
-		 */
-		return false;
-	}
-};
-
-class ModuleServProtectMode final
-	: public Module
-{
-private:
-	ServProtectMode bm;
-
-public:
-	ModuleServProtectMode()
-		: Module(VF_VENDOR, "Adds user mode k (servprotect) which protects services pseudoclients from being kicked, being killed, or having their channel prefix modes changed.")
-		, bm(this)
-	{
-	}
-
-	ModResult OnRawMode(User* user, Channel* chan, const Modes::Change& change) override
-	{
-		/* Check that the mode is not a server mode, it is being removed, the user making the change is local, there is a parameter,
-		 * and the user making the change is not a service.
-		 */
-		if (!change.adding && chan && IS_LOCAL(user) && !change.param.empty())
-		{
-			const PrefixMode* const pm = change.mh->IsPrefixMode();
-			if (!pm)
-				return MOD_RES_PASSTHRU;
-
-			/* Check if the parameter is a valid nick/uuid
-			 */
-			auto* u = ServerInstance->Users.Find(change.param);
-			if (u)
-			{
-				Membership* memb = chan->GetUser(u);
-				/* The target user has +k set on themselves, and you are trying to remove a privilege mode the user has set on themselves.
-				 * This includes any prefix permission mode, even those registered in other modules, e.g. +qaohv. Using ::ModeString()
-				 * here means that the number of modes is restricted to only modes the user has, limiting it to as short a loop as possible.
-				 */
-				if ((u->IsModeSet(bm)) && (memb) && (memb->HasMode(pm)))
-				{
-					/* BZZZT, Denied! */
-					user->WriteNumeric(ERR_RESTRICTED, chan->name, INSP_FORMAT("You are not permitted to remove privileges from {} services", ServerInstance->Config->Network));
-					return MOD_RES_DENY;
-				}
-			}
-		}
-		/* Mode allowed */
-		return MOD_RES_PASSTHRU;
-	}
-
-	ModResult OnKill(User* src, User* dst, const std::string& reason) override
-	{
-		if (!src)
-			return MOD_RES_PASSTHRU;
-
-		if (dst->IsModeSet(bm))
-		{
-			src->WriteNumeric(ERR_KILLDENY, INSP_FORMAT("You are not permitted to kill {} services!", ServerInstance->Config->Network));
-			ServerInstance->SNO.WriteGlobalSno('a', src->nick+" tried to kill service "+dst->nick+" ("+reason+")");
-			return MOD_RES_DENY;
-		}
-		return MOD_RES_PASSTHRU;
-	}
-
-	ModResult OnUserPreKick(User* src, Membership* memb, const std::string& reason) override
-	{
-		if (memb->user->IsModeSet(bm))
-		{
-			src->WriteNumeric(ERR_RESTRICTED, memb->chan->name, "You are not permitted to kick services");
-			return MOD_RES_DENY;
-		}
-
-		return MOD_RES_PASSTHRU;
-	}
-};
-
-MODULE_INIT(ModuleServProtectMode)
--- a/src/modules/m_spanningtree/uid.cpp
+++ b/src/modules/m_spanningtree/uid.cpp
@ -110,7 +110,7 @@ CmdResult CommandUID::HandleServer(TreeServer* remoteserver, CommandBase::Params
 			 * All modes are assumed to succeed here as they are being set by a remote server.
 			 * Modes CANNOT FAIL here. If they DO fail, then the failure is ignored. This is important
 			 * to note as all but one modules currently cannot ever fail in this situation, except for
-			 * m_servprotect which specifically works this way to prevent the mode being set ANYWHERE
+			 * user mode +k which specifically works this way to prevent the mode being set ANYWHERE
 			 * but here, at client introduction. You may safely assume this behaviour is standard and
 			 * will not change in future versions if you want to make use of this protective behaviour
 			 * yourself.