mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-31 22:37:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[8886] Add username/password prompts to Remote Admin

Browse source 
Signed-off-by: VladimirMangos <vladimir@getmangos.com>
This commit is contained in:
Nick Templeton 2009-11-24 20:31:10 -06:00 committed by VladimirMangos
parent d80b7a2de1
commit 4c328f4b0c
7 changed files with 112 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

184
src/mangosd/RASocket.cpp
View file

@ -28,15 +28,12 @@
#include "Config/ConfigEnv.h"
#include "Util.h"
#include "AccountMgr.h"
#include "Language.h"
#include "ObjectMgr.h"
/// \todo Make this thread safe if in the future 2 admins should be able to log at the same time.
SOCKET r;
#define dropclient {Sendf("I'm busy right now, come back later."); \
SetCloseAndDelete(); \
return; \
}
uint32 iSession=0; ///< Session number (incremented each time a new connection is made)
unsigned int iUsers=0; ///< Number of active administrators
@ -80,10 +77,15 @@ void RASocket::OnAccept()
sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
///- If there is already an active admin, drop the connection
if(iUsers)
dropclient
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
/// Read data from the network
@ -93,7 +95,7 @@ void RASocket::OnRead()
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength();
if(iInputLength+sz>=RA_BUFF_SIZE)
if (iInputLength+sz>=RA_BUFF_SIZE)
{
sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
SetCloseAndDelete();
@ -101,126 +103,126 @@ void RASocket::OnRead()
}
///- If there is already an active admin (other than you), drop the connection
if(stage!=OK && iUsers)
dropclient
if (stage!=OK && iUsers)
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
char *inp = new char [sz+1];
char *inp = new char [sz+1];
ibuf.Read(inp,sz);
/// \todo Can somebody explain this 'Linux bugfix'?
if(stage==NONE)
if(sz>4) //linux remote telnet
if(memcmp(inp ,"USER ",5))
{
delete [] inp;return;
printf("lin bugfix");
} //linux bugfix
///- Discard data after line break or line feed
bool gotenter=false;
unsigned int y=0;
for(;y<sz;y++)
if(inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
if (inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
}
}
//No buffer overflow (checked above)
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if(gotenter)
if (gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
/// <ul> <li> If the input is 'USER <username>'
case NONE:
if(!memcmp(buff,"USER ",5)) //got "USER" cmd
{
///- If we're interactive we don't expect "USER " to be there
szLogin=&buff[0];
///- Get the gmlevel from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
loginDatabase.escape_string(login);
QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '%s'",login.c_str());
///- If the user is not found, deny access
if(!result)
{
szLogin=&buff[5];
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
Field *fields = result->Fetch();
///- Get the gmlevel and password from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
loginDatabase.escape_string(login);
QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '%s'",login.c_str());
///- If the user is not found, deny access
if(!result)
///- if gmlevel is too low, deny access
if (fields[0].GetUInt32()<iMinLevel)
{
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
Field *fields = result->Fetch();
//szPass=fields[0].GetString();
///- if gmlevel is too low, deny access
if(fields[0].GetUInt32()<iMinLevel)
{
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
} else
{
stage=LG;
}
delete result;
stage=LG;
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
delete result;
}
break;
///<li> If the input is 'PASS <password>' (and the user already gave his username)
}
///<li> If the input is 'PASS <password>' (and the user already gave his username)
case LG:
if(!memcmp(buff,"PASS ",5)) //got "PASS" cmd
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
std::string pw = &buff[5];
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
///- If we're interactive we don't expect "PASS " to be there
std::string pw = &buff[0];
QueryResult *check = loginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
login.c_str(), pw.c_str());
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
if(check)
{
delete check;
r=GetSocket();
stage=OK;
++iUsers;
QueryResult *check = loginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
login.c_str(), pw.c_str());
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
Sendf("mangos>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
}
if (check)
{
delete check;
r=GetSocket();
stage=OK;
++iUsers;
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
Sendf("mangos>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
break;
///<li> If user is logged, parse and execute the command
}
///<li> If user is logged, parse and execute the command
case OK:
if(strlen(buff))
if (strlen(buff))
{
sLog.outRALog("Got '%s' cmd.\n",buff);
sWorld.QueueCliCommand(&RASocket::zprint , buff);
@ -228,7 +230,7 @@ void RASocket::OnRead()
else
Sendf("mangos>");
break;
///</ul>
///</ul>
};
}