X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_servprotect.cpp;h=b4f2b5bbd5ae5ba5a42ac78a9db2587e8a7c4ec9;hb=4e3d7a6e30eadf714483994681b8b2534229f4a8;hp=076acd3ffe787cdef1ab65740e1c7454af83d55d;hpb=ece985ccb3210a132d67381511642edfb359f5c4;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_servprotect.cpp b/src/modules/m_servprotect.cpp
index 076acd3ff..b4f2b5bbd 100644
--- a/src/modules/m_servprotect.cpp
+++ b/src/modules/m_servprotect.cpp
@@ -1,94 +1,141 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2008 InspIRCd Development Team
- * See: http://www.inspircd.org/wiki/index.php/Credits
+ *   Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2008 Craig Edwards <craigedwards@brainbox.cc>
+ *   Copyright (C) 2007 Robin Burchell <robin+git@viroteck.net>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+
 #include "inspircd.h"
-#include <stdio.h>
-#include <string>
-#include "users.h"
-#include "channels.h"
-#include "modules.h"
-#include "configreader.h"
 
-/* $ModDesc: Provides support for Austhex style +k / UnrealIRCD +S services mode */
+/* $ModDesc: Provides usermode +k to protect services from kicks, kills and mode changes. */
 
 /** Handles user mode +k
  */
 class ServProtectMode : public ModeHandler
 {
  public:
-	ServProtectMode(InspIRCd* Instance) : ModeHandler(Instance, 'k', 0, 0, false, MODETYPE_USER, true) { }
+	ServProtectMode(Module* Creator) : ModeHandler(Creator, "servprotect", 'k', PARAM_NONE, MODETYPE_USER) { oper = true; }
 
 	ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string &parameter, bool adding)
 	{
+		/* Because this returns MODEACTION_DENY all the time, there is only ONE
+		 * way to add this mode and that is at client introduction in the UID command,
+		 * as this calls OnModeChange for each mode but disregards the return values.
+		 * The mode cannot be manually added or removed, not even by a server or by a remote
+		 * user or uline, which prevents its (ab)use as a kiddie 'god mode' on such networks.
+		 * I'm sure if someone really wants to do that they can make a copy of this module
+		 * that does the job. It won't be me though!
+		 */
 		return MODEACTION_DENY;
 	}
-
-	bool NeedsOper() { return true; }
 };
 
 class ModuleServProtectMode : public Module
 {
-	
-	ServProtectMode* bm;
+	ServProtectMode bm;
  public:
-	ModuleServProtectMode(InspIRCd* Me)
-		: Module(Me)
+	ModuleServProtectMode()
+		: bm(this)
+	{
+	}
+
+	void init()
 	{
-		
-		bm = new ServProtectMode(ServerInstance);
-		if (!ServerInstance->Modes->AddMode(bm))
-			throw ModuleException("Could not add new modes!");
-		Implementation eventlist[] = { I_OnWhois, I_OnKill, I_OnWhoisLine };
-		ServerInstance->Modules->Attach(eventlist, this, 3);
+		ServerInstance->Modules->AddService(bm);
+		Implementation eventlist[] = { I_OnWhois, I_OnKill, I_OnWhoisLine, I_OnRawMode, I_OnUserPreKick };
+		ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
 	}
 
-	
-	virtual ~ModuleServProtectMode()
+
+	~ModuleServProtectMode()
 	{
-		ServerInstance->Modes->DelMode(bm);
-		delete bm;
 	}
-	
-	virtual Version GetVersion()
+
+	Version GetVersion()
 	{
-		return Version(1,1,0,0,VF_COMMON,API_VERSION);
+		return Version("Provides usermode +k to protect services from kicks, kills, and mode changes.", VF_VENDOR);
 	}
 
-	virtual void OnWhois(User* src, User* dst)
+	void OnWhois(User* src, User* dst)
 	{
 		if (dst->IsModeSet('k'))
 		{
-			ServerInstance->SendWhoisLine(src, dst, 310, std::string(src->nick)+" "+std::string(dst->nick)+" :is an "+ServerInstance->Config->Network+" Service");
+			ServerInstance->SendWhoisLine(src, dst, 310, src->nick+" "+dst->nick+" :is an "+ServerInstance->Config->Network+" Service");
 		}
 	}
 
-	virtual int OnKill(User* src, User* dst, const std::string &reason)
+	ModResult OnRawMode(User* user, Channel* chan, const char mode, const std::string &param, bool adding, int pcnt)
+	{
+		/* Check that the mode is not a server mode, it is being removed, the user making the change is local, there is a parameter,
+		 * and the user making the change is not a uline
+		 */
+		if (!adding && chan && IS_LOCAL(user) && !param.empty() && !ServerInstance->ULine(user->server))
+		{
+			/* Check if the parameter is a valid nick/uuid
+			 */
+			User *u = ServerInstance->FindNick(param);
+			if (u)
+			{
+				Membership* memb = chan->GetUser(u);
+				/* The target user has +k set on themselves, and you are trying to remove a privilege mode the user has set on themselves.
+				 * This includes any prefix permission mode, even those registered in other modules, e.g. +qaohv. Using ::ModeString()
+				 * here means that the number of modes is restricted to only modes the user has, limiting it to as short a loop as possible.
+				 */
+				if (u->IsModeSet('k') && memb && memb->modes.find(mode) != std::string::npos)
+				{
+					/* BZZZT, Denied! */
+					user->WriteNumeric(482, "%s %s :You are not permitted to remove privileges from %s services", user->nick.c_str(), chan->name.c_str(), ServerInstance->Config->Network.c_str());
+					return MOD_RES_DENY;
+				}
+			}
+		}
+		/* Mode allowed */
+		return MOD_RES_PASSTHRU;
+	}
+
+	ModResult OnKill(User* src, User* dst, const std::string &reason)
 	{
 		if (src == NULL)
-			return 0;
+			return MOD_RES_PASSTHRU;
 
 		if (dst->IsModeSet('k'))
 		{
-			src->WriteServ("485 %s :You are not allowed to kill %s Services!", src->nick, ServerInstance->Config->Network);
-			ServerInstance->SNO->WriteToSnoMask('A', std::string(src->nick)+" tried to kill service "+dst->nick+" ("+reason+")");
-			return 1;
+			src->WriteNumeric(485, "%s :You are not permitted to kill %s services!", src->nick.c_str(), ServerInstance->Config->Network.c_str());
+			ServerInstance->SNO->WriteGlobalSno('a', src->nick+" tried to kill service "+dst->nick+" ("+reason+")");
+			return MOD_RES_DENY;
 		}
-		return 0;
+		return MOD_RES_PASSTHRU;
+	}
+
+	ModResult OnUserPreKick(User *src, Membership* memb, const std::string &reason)
+	{
+		if (memb->user->IsModeSet('k'))
+		{
+			src->WriteNumeric(484, "%s %s :You are not permitted to kick services",
+				src->nick.c_str(), memb->chan->name.c_str());
+			return MOD_RES_DENY;
+		}
+
+		return MOD_RES_PASSTHRU;
 	}
 
-	virtual int OnWhoisLine(User* src, User* dst, int &numeric, std::string &text)
+	ModResult OnWhoisLine(User* src, User* dst, int &numeric, std::string &text)
 	{
-		return ((src != dst) && (numeric == 319) && dst->IsModeSet('k'));
+		return ((src != dst) && (numeric == 319) && dst->IsModeSet('k')) ? MOD_RES_DENY : MOD_RES_PASSTHRU;
 	}
 };