mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-14 16:37:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[8886] Add username/password prompts to Remote Admin

Browse source 
Signed-off-by: VladimirMangos <vladimir@getmangos.com>
This commit is contained in:
Nick Templeton 2009-11-24 20:31:10 -06:00 committed by VladimirMangos
parent d80b7a2de1
commit 4c328f4b0c
7 changed files with 112 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

5
sql/mangos.sql
View file

@ -24,7 +24,7 @@ CREATE TABLE `db_version` (
`version` varchar(120) default NULL,
`creature_ai_version` varchar(120) default NULL,
`cache_id` int(10) default '0',
`required_8883_02_mangos_spell_bonus_data` bit(1) default NULL
`required_8886_01_mangos_string` bit(1) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=FIXED COMMENT='Used DB version notes';
--
@ -2849,6 +2849,9 @@ INSERT INTO `mangos_string` VALUES
(57,'Using World DB: %s',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(58,'Using script library: %s',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(59,'Using creature EventAI: %s',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(60,'I\'m busy right now, come back later.',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(61,'Username: ',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(62,'Password: ',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(100,'Global notify: ',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(101,'Map: %u (%s) Zone: %u (%s) Area: %u (%s) Phase: %u\nX: %f Y: %f Z: %f Orientation: %f\ngrid[%u,%u]cell[%u,%u] InstanceID: %u\n ZoneX: %f ZoneY: %f\nGroundZ: %f FloorZ: %f Have height data (Map: %u VMap: %u)',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(102,'%s is already being teleported.',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),

7
sql/updates/8886_01_mangos_string.sql Normal file
View file

@ -0,0 +1,7 @@
ALTER TABLE db_version CHANGE COLUMN required_8883_02_mangos_spell_bonus_data required_8886_01_mangos_string bit;
DELETE FROM mangos_string WHERE entry IN(60,61,62);
INSERT INTO mangos_string VALUES
(60,'I\'m busy right now, come back later.',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(61,'Username: ',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL),
(62,'Password: ',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);

2
sql/updates/Makefile.am
View file

@ -180,6 +180,7 @@ pkgdata_DATA = \
8882_03_mangos_spell_bonus_data.sql \
8883_01_mangos_spell_proc_event.sql \
8883_02_mangos_spell_bonus_data.sql \
8886_01_mangos_string.sql \
README
## Additional files to include when running 'make dist'
@ -340,4 +341,5 @@ EXTRA_DIST = \
8882_03_mangos_spell_bonus_data.sql \
8883_01_mangos_spell_proc_event.sql \
8883_02_mangos_spell_bonus_data.sql \
8886_01_mangos_string.sql \
README

5
src/game/Language.h
View file

@ -83,7 +83,10 @@ enum MangosStrings
LANG_USING_WORLD_DB = 57,
LANG_USING_SCRIPT_LIB = 58,
LANG_USING_EVENT_AI = 59,
// Room for more level 0 60-99 not used
LANG_RA_BUSY = 60,
LANG_RA_USER = 61,
LANG_RA_PASS = 62,
// Room for more level 0 63-99 not used
// level 1 chat
LANG_GLOBAL_NOTIFY = 100,

184
src/mangosd/RASocket.cpp
View file

@ -28,15 +28,12 @@
#include "Config/ConfigEnv.h"
#include "Util.h"
#include "AccountMgr.h"
#include "Language.h"
#include "ObjectMgr.h"
/// \todo Make this thread safe if in the future 2 admins should be able to log at the same time.
SOCKET r;
#define dropclient {Sendf("I'm busy right now, come back later."); \
SetCloseAndDelete(); \
return; \
}
uint32 iSession=0; ///< Session number (incremented each time a new connection is made)
unsigned int iUsers=0; ///< Number of active administrators
@ -80,10 +77,15 @@ void RASocket::OnAccept()
sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
///- If there is already an active admin, drop the connection
if(iUsers)
dropclient
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
/// Read data from the network
@ -93,7 +95,7 @@ void RASocket::OnRead()
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength();
if(iInputLength+sz>=RA_BUFF_SIZE)
if (iInputLength+sz>=RA_BUFF_SIZE)
{
sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
SetCloseAndDelete();
@ -101,126 +103,126 @@ void RASocket::OnRead()
}
///- If there is already an active admin (other than you), drop the connection
if(stage!=OK && iUsers)
dropclient
if (stage!=OK && iUsers)
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
char *inp = new char [sz+1];
char *inp = new char [sz+1];
ibuf.Read(inp,sz);
/// \todo Can somebody explain this 'Linux bugfix'?
if(stage==NONE)
if(sz>4) //linux remote telnet
if(memcmp(inp ,"USER ",5))
{
delete [] inp;return;
printf("lin bugfix");
} //linux bugfix
///- Discard data after line break or line feed
bool gotenter=false;
unsigned int y=0;
for(;y<sz;y++)
if(inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
if (inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
}
}
//No buffer overflow (checked above)
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if(gotenter)
if (gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
/// <ul> <li> If the input is 'USER <username>'
case NONE:
if(!memcmp(buff,"USER ",5)) //got "USER" cmd
{
///- If we're interactive we don't expect "USER " to be there
szLogin=&buff[0];
///- Get the gmlevel from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
loginDatabase.escape_string(login);
QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '%s'",login.c_str());
///- If the user is not found, deny access
if(!result)
{
szLogin=&buff[5];
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
Field *fields = result->Fetch();
///- Get the gmlevel and password from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
loginDatabase.escape_string(login);
QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '%s'",login.c_str());
///- If the user is not found, deny access
if(!result)
///- if gmlevel is too low, deny access
if (fields[0].GetUInt32()<iMinLevel)
{
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
Field *fields = result->Fetch();
//szPass=fields[0].GetString();
///- if gmlevel is too low, deny access
if(fields[0].GetUInt32()<iMinLevel)
{
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
} else
{
stage=LG;
}
delete result;
stage=LG;
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
delete result;
}
break;
///<li> If the input is 'PASS <password>' (and the user already gave his username)
}
///<li> If the input is 'PASS <password>' (and the user already gave his username)
case LG:
if(!memcmp(buff,"PASS ",5)) //got "PASS" cmd
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
std::string pw = &buff[5];
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
///- If we're interactive we don't expect "PASS " to be there
std::string pw = &buff[0];
QueryResult *check = loginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
login.c_str(), pw.c_str());
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
if(check)
{
delete check;
r=GetSocket();
stage=OK;
++iUsers;
QueryResult *check = loginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
login.c_str(), pw.c_str());
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
Sendf("mangos>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
}
if (check)
{
delete check;
r=GetSocket();
stage=OK;
++iUsers;
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
Sendf("mangos>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
break;
///<li> If user is logged, parse and execute the command
}
///<li> If user is logged, parse and execute the command
case OK:
if(strlen(buff))
if (strlen(buff))
{
sLog.outRALog("Got '%s' cmd.\n",buff);
sWorld.QueueCliCommand(&RASocket::zprint , buff);
@ -228,7 +230,7 @@ void RASocket::OnRead()
else
Sendf("mangos>");
break;
///</ul>
///</ul>
};
}

2
src/shared/revision_nr.h
View file

@ -1,4 +1,4 @@
#ifndef __REVISION_NR_H__
#define __REVISION_NR_H__
#define REVISION_NR "8885"
#define REVISION_NR "8886"
#endif // __REVISION_NR_H__

2
src/shared/revision_sql.h
View file

@ -1,6 +1,6 @@
#ifndef __REVISION_SQL_H__
#define __REVISION_SQL_H__
#define REVISION_DB_CHARACTERS "required_8874_01_characters_character_skills"
#define REVISION_DB_MANGOS "required_8883_02_mangos_spell_bonus_data"
#define REVISION_DB_MANGOS "required_8886_01_mangos_string"
#define REVISION_DB_REALMD "required_8728_01_realmd_account"
#endif // __REVISION_SQL_H__