From 1a830b5679d3077a70bca4ffea62234eeeb33900 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sun, 19 Feb 2023 19:18:10 +0000 Subject: [PATCH] Merge the servprotect module into the services module. --- docs/conf/helpop.conf.example | 2 +- docs/conf/modules.conf.example | 5 -- src/configreader.cpp | 2 + src/modules/m_services.cpp | 74 +++++++++++++++++ src/modules/m_servprotect.cpp | 128 ----------------------------- src/modules/m_spanningtree/uid.cpp | 2 +- 6 files changed, 78 insertions(+), 135 deletions(-) delete mode 100644 src/modules/m_servprotect.cpp diff --git a/docs/conf/helpop.conf.example b/docs/conf/helpop.conf.example index a5b9db775..2f3035bff 100644 --- a/docs/conf/helpop.conf.example +++ b/docs/conf/helpop.conf.example @@ -826,7 +826,7 @@ using their cloak when they quit. a common channel. k Prevents the user from being kicked from channels, or having op modes removed from them (services only, - requires the servprotect module). + requires the services module). o Marks as a server operator. s Receives server notices specified by (server operators only). diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 2a687b164..e80d69bbb 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2147,11 +2147,6 @@ # showmsg="yes" # waittime="1m"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Servprotect module: Provides support for Austhex style +k / -# UnrealIRCD +S services mode. -# - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # See nicks module: Adds snomask +n and +N which show local and remote # nick changes. diff --git a/src/configreader.cpp b/src/configreader.cpp index 074429571..79ce004e0 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -636,6 +636,8 @@ std::vector ServerConfig::GetModules() const modules.push_back("account"); modules.push_back("services"); } + else if (stdalgo::string::equalsci(shortname, "servprotect")) + modules.push_back("services"); else { // No need to rewrite this module name. diff --git a/src/modules/m_services.cpp b/src/modules/m_services.cpp index 1e49a1d9f..d43eb6c76 100644 --- a/src/modules/m_services.cpp +++ b/src/modules/m_services.cpp @@ -20,6 +20,12 @@ #include "inspircd.h" #include "modules/account.h" +enum +{ + // From UnrealIRCd. + ERR_KILLDENY = 485 +}; + class RegisteredChannel final : public SimpleChannelMode { @@ -43,6 +49,24 @@ public: } }; +class ServProtect final + : public SimpleUserMode +{ +public: + ServProtect(Module* Creator) + : SimpleUserMode(Creator, "servprotect", 'k', true) + { + } + + bool OnModeChange(User* source, User* dest, Channel* channel, Modes::Change& change) override + { + // As this mode is only intended for use by pseudoclients the only way + // to set it is by introducing a user with it. + return false; + } +}; + + class RegisteredUser final : public SimpleUserMode { @@ -74,6 +98,7 @@ private: Account::API accountapi; RegisteredChannel registeredcmode; RegisteredUser registeredumode; + ServProtect servprotectmode; public: ModuleServices() @@ -81,9 +106,58 @@ public: , accountapi(this) , registeredcmode(this) , registeredumode(this) + , servprotectmode(this) { } + ModResult OnKill(User* source, User* dest, const std::string& reason) override + { + if (!source) + return MOD_RES_PASSTHRU; + + if (dest->IsModeSet(servprotectmode)) + { + source->WriteNumeric(ERR_KILLDENY, INSP_FORMAT("You are not permitted to kill {} services!", ServerInstance->Config->Network)); + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; + } + + ModResult OnRawMode(User* user, Channel* chan, const Modes::Change& change) override + { + if (!IS_LOCAL(user) || change.adding || change.param.empty()) + return MOD_RES_PASSTHRU; // We only care about local users removing prefix modes. + + const PrefixMode* const pm = change.mh->IsPrefixMode(); + if (!pm) + return MOD_RES_PASSTHRU; // Mode is not a prefix mode. + + auto* target = ServerInstance->Users.Find(change.param); + if (!target) + return MOD_RES_PASSTHRU; // Target does not exist. + + Membership* memb = chan->GetUser(target); + if (!memb || !memb->HasMode(pm)) + return MOD_RES_PASSTHRU; // Target does not have the mode. + + if (target->IsModeSet(servprotectmode)) + { + user->WriteNumeric(ERR_RESTRICTED, chan->name, INSP_FORMAT("You are not permitted to remove privileges from {} services!", ServerInstance->Config->Network)); + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; + } + + ModResult OnUserPreKick(User* source, Membership* memb, const std::string& reason) override + { + if (memb->user->IsModeSet(servprotectmode)) + { + source->WriteNumeric(ERR_RESTRICTED, memb->chan->name, INSP_FORMAT("You are not permitted to kick {} services!", ServerInstance->Config->Network)); + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; + } + void OnUserPostNick(User* user, const std::string& oldnick) override { if (user->IsModeSet(registeredumode) && irc::equals(oldnick, user->nick)) diff --git a/src/modules/m_servprotect.cpp b/src/modules/m_servprotect.cpp deleted file mode 100644 index 50924d226..000000000 --- a/src/modules/m_servprotect.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * InspIRCd -- Internet Relay Chat Daemon - * - * Copyright (C) 2013, 2017-2018, 2020-2022 Sadie Powell - * Copyright (C) 2012-2016 Attila Molnar - * Copyright (C) 2012 Robby - * Copyright (C) 2009 Daniel De Graaf - * Copyright (C) 2008 Craig Edwards - * Copyright (C) 2007-2008 Robin Burchell - * - * This file is part of InspIRCd. InspIRCd is free software: you can - * redistribute it and/or modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation, version 2. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -#include "inspircd.h" - -enum -{ - // From UnrealIRCd. - ERR_KILLDENY = 485 -}; - -class ServProtectMode final - : public SimpleUserMode -{ -public: - ServProtectMode(Module* Creator) - : SimpleUserMode(Creator, "servprotect", 'k', true) - { - } - - bool OnModeChange(User* source, User* dest, Channel* channel, Modes::Change& change) override - { - /* Because this returns false all the time, there is only ONE - * way to add this mode and that is at client introduction in the UID command, - * as this calls OnModeChange for each mode but disregards the return values. - * The mode cannot be manually added or removed, not even by a server or by a remote - * user or service, which prevents its (ab)use as a kiddie 'god mode' on such networks. - * I'm sure if someone really wants to do that they can make a copy of this module - * that does the job. It won't be me though! - */ - return false; - } -}; - -class ModuleServProtectMode final - : public Module -{ -private: - ServProtectMode bm; - -public: - ModuleServProtectMode() - : Module(VF_VENDOR, "Adds user mode k (servprotect) which protects services pseudoclients from being kicked, being killed, or having their channel prefix modes changed.") - , bm(this) - { - } - - ModResult OnRawMode(User* user, Channel* chan, const Modes::Change& change) override - { - /* Check that the mode is not a server mode, it is being removed, the user making the change is local, there is a parameter, - * and the user making the change is not a service. - */ - if (!change.adding && chan && IS_LOCAL(user) && !change.param.empty()) - { - const PrefixMode* const pm = change.mh->IsPrefixMode(); - if (!pm) - return MOD_RES_PASSTHRU; - - /* Check if the parameter is a valid nick/uuid - */ - auto* u = ServerInstance->Users.Find(change.param); - if (u) - { - Membership* memb = chan->GetUser(u); - /* The target user has +k set on themselves, and you are trying to remove a privilege mode the user has set on themselves. - * This includes any prefix permission mode, even those registered in other modules, e.g. +qaohv. Using ::ModeString() - * here means that the number of modes is restricted to only modes the user has, limiting it to as short a loop as possible. - */ - if ((u->IsModeSet(bm)) && (memb) && (memb->HasMode(pm))) - { - /* BZZZT, Denied! */ - user->WriteNumeric(ERR_RESTRICTED, chan->name, INSP_FORMAT("You are not permitted to remove privileges from {} services", ServerInstance->Config->Network)); - return MOD_RES_DENY; - } - } - } - /* Mode allowed */ - return MOD_RES_PASSTHRU; - } - - ModResult OnKill(User* src, User* dst, const std::string& reason) override - { - if (!src) - return MOD_RES_PASSTHRU; - - if (dst->IsModeSet(bm)) - { - src->WriteNumeric(ERR_KILLDENY, INSP_FORMAT("You are not permitted to kill {} services!", ServerInstance->Config->Network)); - ServerInstance->SNO.WriteGlobalSno('a', src->nick+" tried to kill service "+dst->nick+" ("+reason+")"); - return MOD_RES_DENY; - } - return MOD_RES_PASSTHRU; - } - - ModResult OnUserPreKick(User* src, Membership* memb, const std::string& reason) override - { - if (memb->user->IsModeSet(bm)) - { - src->WriteNumeric(ERR_RESTRICTED, memb->chan->name, "You are not permitted to kick services"); - return MOD_RES_DENY; - } - - return MOD_RES_PASSTHRU; - } -}; - -MODULE_INIT(ModuleServProtectMode) diff --git a/src/modules/m_spanningtree/uid.cpp b/src/modules/m_spanningtree/uid.cpp index 7e8ff1383..d32e4a62f 100644 --- a/src/modules/m_spanningtree/uid.cpp +++ b/src/modules/m_spanningtree/uid.cpp @@ -110,7 +110,7 @@ CmdResult CommandUID::HandleServer(TreeServer* remoteserver, CommandBase::Params * All modes are assumed to succeed here as they are being set by a remote server. * Modes CANNOT FAIL here. If they DO fail, then the failure is ignored. This is important * to note as all but one modules currently cannot ever fail in this situation, except for - * m_servprotect which specifically works this way to prevent the mode being set ANYWHERE + * user mode +k which specifically works this way to prevent the mode being set ANYWHERE * but here, at client introduction. You may safely assume this behaviour is standard and * will not change in future versions if you want to make use of this protective behaviour * yourself.