1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
/*
* InspIRCd -- Internet Relay Chat Daemon
*
* Copyright (C) 2013, 2017-2018 Sadie Powell <sadie@witchery.services>
* Copyright (C) 2012-2016 Attila Molnar <attilamolnar@hush.com>
* Copyright (C) 2012, 2019 Robby <robby@chatbelgie.be>
* Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
* Copyright (C) 2008, 2010 Craig Edwards <brain@inspircd.org>
* Copyright (C) 2007-2008 Robin Burchell <robin+git@viroteck.net>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
* redistribute it and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, version 2.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "inspircd.h"
#include "modules/whois.h"
enum
{
// From AustHex.
RPL_WHOISSERVICE = 310,
// From UnrealIRCd.
ERR_KILLDENY = 485
};
/** Handles user mode +k
*/
class ServProtectMode : public ModeHandler
{
public:
ServProtectMode(Module* Creator) : ModeHandler(Creator, "servprotect", 'k', PARAM_NONE, MODETYPE_USER) { oper = true; }
ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
{
/* Because this returns MODEACTION_DENY all the time, there is only ONE
* way to add this mode and that is at client introduction in the UID command,
* as this calls OnModeChange for each mode but disregards the return values.
* The mode cannot be manually added or removed, not even by a server or by a remote
* user or uline, which prevents its (ab)use as a kiddie 'god mode' on such networks.
* I'm sure if someone really wants to do that they can make a copy of this module
* that does the job. It won't be me though!
*/
return MODEACTION_DENY;
}
};
class ModuleServProtectMode : public Module, public Whois::EventListener, public Whois::LineEventListener
{
ServProtectMode bm;
public:
ModuleServProtectMode()
: Whois::EventListener(this)
, Whois::LineEventListener(this)
, bm(this)
{
}
Version GetVersion() CXX11_OVERRIDE
{
return Version("Adds user mode k (servprotect) which protects services pseudoclients from being kicked, being killed, or having their user modes changed.", VF_VENDOR);
}
void OnWhois(Whois::Context& whois) CXX11_OVERRIDE
{
if (whois.GetTarget()->IsModeSet(bm))
{
whois.SendLine(RPL_WHOISSERVICE, "is a Network Service on " + ServerInstance->Config->Network);
}
}
ModResult OnRawMode(User* user, Channel* chan, ModeHandler* mh, const std::string& param, bool adding) CXX11_OVERRIDE
{
/* Check that the mode is not a server mode, it is being removed, the user making the change is local, there is a parameter,
* and the user making the change is not a uline
*/
if (!adding && chan && IS_LOCAL(user) && !param.empty())
{
const PrefixMode* const pm = mh->IsPrefixMode();
if (!pm)
return MOD_RES_PASSTHRU;
/* Check if the parameter is a valid nick/uuid
*/
User *u = ServerInstance->FindNick(param);
if (u)
{
Membership* memb = chan->GetUser(u);
/* The target user has +k set on themselves, and you are trying to remove a privilege mode the user has set on themselves.
* This includes any prefix permission mode, even those registered in other modules, e.g. +qaohv. Using ::ModeString()
* here means that the number of modes is restricted to only modes the user has, limiting it to as short a loop as possible.
*/
if ((u->IsModeSet(bm)) && (memb) && (memb->HasMode(pm)))
{
/* BZZZT, Denied! */
user->WriteNumeric(ERR_CHANOPRIVSNEEDED, chan->name, InspIRCd::Format("You are not permitted to remove privileges from %s services", ServerInstance->Config->Network.c_str()));
return MOD_RES_DENY;
}
}
}
/* Mode allowed */
return MOD_RES_PASSTHRU;
}
ModResult OnKill(User* src, User* dst, const std::string &reason) CXX11_OVERRIDE
{
if (src == NULL)
return MOD_RES_PASSTHRU;
if (dst->IsModeSet(bm))
{
src->WriteNumeric(ERR_KILLDENY, InspIRCd::Format("You are not permitted to kill %s services!", ServerInstance->Config->Network.c_str()));
ServerInstance->SNO->WriteGlobalSno('a', src->nick+" tried to kill service "+dst->nick+" ("+reason+")");
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
}
ModResult OnUserPreKick(User *src, Membership* memb, const std::string &reason) CXX11_OVERRIDE
{
if (memb->user->IsModeSet(bm))
{
src->WriteNumeric(ERR_RESTRICTED, memb->chan->name, "You are not permitted to kick services");
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
}
ModResult OnWhoisLine(Whois::Context& whois, Numeric::Numeric& numeric) CXX11_OVERRIDE
{
return ((numeric.GetNumeric() == 319) && whois.GetTarget()->IsModeSet(bm)) ? MOD_RES_DENY : MOD_RES_PASSTHRU;
}
};
MODULE_INIT(ModuleServProtectMode)
|