Add warning when rpc-user::rpc-class is missing. Add default 'full' and 'read-only'.

The reason for the warning is that in some future UnrealIRCd version I want the
rpc-user::rpc-class to become a required item.

This commit also adds rpc-class.default.conf which is by default
included from rpc.modules.default.conf.

This also completes the TODO list from b9de933378
(the rpc.add_timer was never a loophole and i kept rpc.info as-is)

doc/RELEASE-NOTES.md

@@ -15,12 +15,14 @@ in progress and may not always be a stable version.
   since UnrealIRCd 5.0.8 we warn if a SSL/TLS certificate is (nearly) expired.
   This new option allows turning it off, it is (still) on by default.
 * [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC):
-  Similar to oper and operclass, you can now restrict an
-  [rpc-user](https://www.unrealircd.org/docs/Rpc-user_block) via
-  rpc-user::rpc-class. The rpc-class is defined in an
+  Similar to oper and operclass, in an
+  [rpc-user](https://www.unrealircd.org/docs/Rpc-user_block) you now have
+  to specify an rpc-user::rpc-class. The rpc-class is defined in an
   [rpc-class block](https://www.unrealircd.org/docs/Rpc-class_block)
   and configures what JSON methods can be called.  
-  **NOTE: This is work in progress, things are not fully contained yet!**
+  There are two default json-rpc classes:
+  * `full`: access to all JSON-RPC Methods
+  * `read-only`: access to things list *server_ban.list* but not to *server_ban.add*
 
 ### Changes:
 * IRCOps with the operclass `locop` can now only `REHASH` the local server

doc/conf/rpc-class.default.conf

@@ -0,0 +1,39 @@
+/* This file defines a number of default rpc-class blocks which you can
+ * use in your rpc-user blocks (via rpc-user::rpc-class).
+ *
+ * This file is normally included via rpc.modules.default.conf, or you
+ * can do so from your unrealircd.conf through:
+ * include "rpc-class.default.conf";
+ *
+ * The rpc-class block is documented at:
+ * https://www.unrealircd.org/docs/Rpc-class_block
+ *
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * If you want to tweak rpc-class { } blocks, simply define your own
+ * and optionally use 'parent read-only' or the like if you want to inherit.
+ * Do not edit the build-in rpc-classes from below ('full' and 'read-only').
+ */
+
+rpc-class full {
+	permissions {
+		all;
+	}
+}
+
+rpc-class read-only {
+	permissions {
+		rpc;
+		stats;
+		log;
+		user { list; get; }
+		whowas { get; }
+		server { list; get; }
+		channel { list; get; }
+		server_ban { list; get; }
+		server_ban_exception { list; get; }
+		spamfilter { list; get; }
+		name_ban { list; get; }
+	}
+}

doc/conf/rpc.modules.default.conf

@@ -60,3 +60,6 @@ log {
 	}
 }
 @endif
+
+/* Also load the default rpc-class { } blocks */
+include "rpc-class.default.conf";

src/modules/rpc/rpc.c

@@ -371,7 +371,7 @@ static int valid_rpc_user_name(const char *str)
 int rpc_config_test_rpc_user(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
 {
 	int errors = 0;
-	char has_match = 1, has_password = 1;
+	char has_match = 0, has_password = 0, has_rpc_class = 0;
 	ConfigEntry *cep;
 
 	/* We are only interested in rpc-user { } */
@@ -409,6 +409,7 @@ int rpc_config_test_rpc_user(ConfigFile *cf, ConfigEntry *ce, int type, int *err
 		} else
 		if (!strcmp(cep->name, "rpc-class"))
 		{
+			has_rpc_class = 1;
 			if (!cep->value)
 			{
 				config_error_empty(cep->file->filename,
@@ -423,6 +424,30 @@ int rpc_config_test_rpc_user(ConfigFile *cf, ConfigEntry *ce, int type, int *err
 		}
 	}
 
+	if (!has_match)
+	{
+		config_error_missing(ce->file->filename, ce->line_number,
+			"rpc-user::mask");
+		errors++;
+	}
+
+	if (!has_password)
+	{
+		config_error_missing(ce->file->filename, ce->line_number,
+			"rpc-user::password");
+		errors++;
+	}
+
+	if (!has_rpc_class)
+	{
+		config_warn("%s:%d: rpc-user block should have a ::rpc-class item to indicate "
+		            "the permissions, like: rpc-user %s { rpc-class full; ....etc.... }",
+		            ce->file->filename, ce->line_number, ce->value);
+		config_warn("See https://www.unrealircd.org/docs/Rpc-user_block. For now, this "
+		            "is a warning and we assume you want rpc-class 'full', but in later "
+		            "versions this will become an error.");
+	}
+
 	*errs = errors;
 	return errors ? -1 : 1;
 }
@@ -606,6 +631,13 @@ OperPermission ValidatePermissionsForJSONRPC(const char *path, Client *client)
 	if (r->rpc_class == NULL)
 		return OPER_ALLOW;
 
+	/* The 'full' is a virtual rpc-class, actually. So we can do a shortcut.
+	 * We have a clear (triple) warning about this in operclass.default.conf
+	 * that you should not fiddle with build-in classes so this should be OK.
+	 */
+	if (!strcmp(r->rpc_class, "full"))
+		return OPER_ALLOW;
+
 	ce_operClass = find_rpc_class(r->rpc_class);
 	if (!ce_operClass)
 		return OPER_DENY;