solanum-ircd · jesopo · Jun 10, 2022 · Jun 10, 2022 · Jun 10, 2022 · Jun 10, 2022
diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example
@@ -249,7 +249,7 @@ privset "global_op" {
 
 privset "admin" {
 	extends = "global_op";
-	privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
+	privs = oper:admin, oper:die, oper:rehash, oper:spy_channel, oper:spy_user, oper:grant;
 };
 
 operator "god" {

diff --git a/doc/oper-guide/oprivs.rst b/doc/oper-guide/oprivs.rst
@@ -90,22 +90,26 @@ another server to connect somewhere, and using ``SQUIT`` with an argument
 that is not locally connected. (In both cases all opers with +w set will
 be notified.)
 
-oper:spy, use operspy
----------------------
+oper:spy_channel, use operspy on channels
+-----------------------------------------
 
 This allows using ``/mode !#channel``, ``/whois !nick``, ``/who !#channel``,
-``/chantrace !#channel``, ``/topic !#channel``, ``/who !mask``, ``/masktrace
-!user@host :gecos`` and ``/scan umodes +modes-modes global list`` to see
-through secret channels, invisible users, etc.
+``/chantrace !#channel``, ``/topic !#channel``, to see through secret channels,
+see details of channels you are not int, etc.
-see details of channels you are not int, etc.
+see details of channels you are not in, etc.
-see details of channels you are not int, etc.
+see details of channels you are not in, etc.
 
 All operspy usage is broadcasted to opers with snomask ``+Z`` set (on the
 entire network) and optionally logged. If you grant this to anyone, it
 is a good idea to establish concrete policies describing what it is to
 be used for, and what not.
 
-If ``operspy_dont_care_user_info`` is enabled, ``/who mask`` is operspy
-also, and ``/who !mask``, ``/who mask``, ``/masktrace !user@host :gecos`` and ``/scan
-umodes +modes-modes global list`` do not generate ``+Z`` notices or logs.
+oper:spy_user, use operspy on user info
+---------------------------------------
+
+This allows using ``/masktrace !nick!user@host :gecos``, ``/who !mask``, ``/scan
+umodes +modes-modes global list``, to see user info in bulk.
+
+If ``operspy_dont_care_user_info`` is enabled, these do not generate ``+Z`` notices
+or logs.
 
 oper:unkline, unkline and undline
 ---------------------------------

diff --git a/doc/reference.conf b/doc/reference.conf
@@ -457,8 +457,10 @@ privset "local_op" {
 	 * oper:resv:            allows /quote resv/unresv
 	 * oper:cmodes:          allows cmode +LP
 	 * oper:operwall:        allows the oper to send/receive operwalls
-	 * oper:spy:             allows 'operspy' features to see through +s
+	 * oper:spy_channel:     allows 'operspy' features to see through +s
 	 *                       channels etc. see /quote help operspy
+	 * oper:spy_user:        allows 'operspy' features to see user connection
+	 *			 details. see /quote help operspy
-	 *			 details. see /quote help operspy
+	 *                       details. see /quote help operspy
-	 *			 details. see /quote help operspy
+	 *                       details. see /quote help operspy
 	 * oper:hidden:          hides the oper from /stats p
 	 * oper:remoteban:       allows remote kline etc
 	 * oper:mass_notice:     allows sending mass notices
@@ -494,7 +496,7 @@ privset "global_op" {
 
 privset "admin" {
 	extends = "global_op";
-	privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
+	privs = oper:admin, oper:die, oper:rehash, oper:spy_channel, oper:spy_user, oper:grant;
 };
 
 /* operator {}: defines ircd operators. (OLD O:) */

diff --git a/include/s_newconf.h b/include/s_newconf.h
@@ -156,7 +156,8 @@ extern void cluster_generic(struct Client *, const char *, int cltype,
 #define IsOperHiddenAdmin(x)    (HasPrivilege((x), "oper:hidden_admin"))
 #define IsOperAdmin(x)          (HasPrivilege((x), "oper:admin") || HasPrivilege((x), "oper:hidden_admin"))
 #define IsOperOperwall(x)       (HasPrivilege((x), "oper:operwall"))
-#define IsOperSpy(x)            (HasPrivilege((x), "oper:spy"))
+#define IsOperSpyChannel(x)     (HasPrivilege((x), "oper:spy_channel"))
+#define IsOperSpyUser(x)        (HasPrivilege((x), "oper:spy_user"))
 #define IsOperInvis(x)          (HasPrivilege((x), "oper:hidden"))
 #define IsOperRemoteBan(x)      (HasPrivilege((x), "oper:remoteban"))
 #define IsOperMassNotice(x)     (HasPrivilege((x), "oper:mass_notice"))

diff --git a/modules/core/m_mode.c b/modules/core/m_mode.c
@@ -85,7 +85,7 @@ m_mode(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p
 
 	dest = parv[1];
 
-	if(IsOperSpy(source_p) && *dest == '!')
+	if(IsOperSpyChannel(source_p) && *dest == '!')
 	{
 		dest++;
 		operspy = 1;

diff --git a/modules/m_etrace.c b/modules/m_etrace.c
@@ -236,7 +236,7 @@ m_chantrace(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sou
 
 	name = parv[1];
 
-	if(IsOperSpy(source_p) && parv[1][0] == '!')
+	if(IsOperSpyChannel(source_p) && parv[1][0] == '!')
 	{
 		name++;
 		operspy = 1;
@@ -347,7 +347,7 @@ mo_masktrace(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *so
 	name = LOCAL_COPY(parv[1]);
 	collapse(name);
 
-	if(IsOperSpy(source_p) && parv[1][0] == '!')
+	if(IsOperSpyUser(source_p) && parv[1][0] == '!')
 	{
 		name++;
 		mask++;

diff --git a/modules/m_list.c b/modules/m_list.c
@@ -183,7 +183,7 @@ mo_list(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
 		args = LOCAL_COPY(parv[1]);
 	}
 
-	if (args && *args == '!' && IsOperSpy(source_p))
+	if (args && *args == '!' && IsOperSpyChannel(source_p))
 	{
 		args++;
 		report_operspy(source_p, "LIST", args);

diff --git a/modules/m_scan.c b/modules/m_scan.c
@@ -187,7 +187,7 @@ scan_umodes(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sou
 	}
 	if (target_list == &global_client_list && list_users)
 	{
-		if (IsOperSpy(source_p))
+		if (IsOperSpyUser(source_p))
 		{
 			if (!ConfigFileEntry.operspy_dont_care_user_info)
 			{

diff --git a/modules/m_topic.c b/modules/m_topic.c
@@ -74,7 +74,7 @@ m_topic(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
 
 	name = parv[1];
 
-	if(IsOperSpy(source_p) && parv[1][0] == '!')
+	if(IsOperSpyChannel(source_p) && parv[1][0] == '!')
 	{
 		name++;
 		operspy = 1;

diff --git a/modules/m_who.c b/modules/m_who.c
@@ -171,7 +171,8 @@ m_who(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
 		return;
 	}
 
-	if(IsOperSpy(source_p) && *mask == '!')
+	if(*mask == '!'
+		&& (IsChannelName(mask + 1) ? IsOperSpyChannel(source_p) : IsOperSpyUser(source_p)))
 	{
 		mask++;
 		operspy = 1;
@@ -268,11 +269,6 @@ m_who(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
 			last_used = rb_current_time();
 	}
 
-	/* Note: operspy_dont_care_user_info does not apply to
-	 * who on channels */
-	if(IsOperSpy(source_p) && ConfigFileEntry.operspy_dont_care_user_info)
-		operspy = 1;
-
 	/* '/who 0' for a global list.  this forces clients to actually
 	 * request a full list.  I presume its because of too many typos
 	 * with "/who" ;) --fl

diff --git a/modules/m_whois.c b/modules/m_whois.c
@@ -181,7 +181,7 @@ do_whois(struct Client *client_p, struct Client *source_p, int parc, const char
 	if((p = strchr(nick, ',')))
 		*p = '\0';
 
-	if(IsOperSpy(source_p) && *nick == '!')
+	if(IsOperSpyChannel(source_p) && *nick == '!')
 	{
 		operspy = 1;
 		nick++;