mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-31 13:37:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[9518] Implement account associated execute for RA commands

Browse source 
* Now at login by RA-connection RA-connection use account id/access level
  for commands execute. So at login with moderator access by RA-connection you
  can execute only moderator level commands. For administrator level accounts
  allowed execute only console level commands if new config option RA.Stricted = 0.
  For security reasons by default RA.Stricted = 1.
* RA-connection executed commands now logged for associalted account id
* Some own account related commands allowed execute in RA-connection

NOTE: config version updated because RA.Stricted = 1 not compatible with old
      way work and this can break tools thta use RA-access if it not disabled.
      Yuo will need update mangosd.conf.
This commit is contained in:
VladimirMangos 2010-03-05 04:14:45 +03:00
parent 39559fc73a
commit 7fdbe497e9
13 changed files with 114 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

45
src/mangosd/RASocket.cpp
View file

@ -42,7 +42,8 @@ stage(NONE)
{
///- Get the config parameters
bSecure = sConfig.GetBoolDefault( "RA.Secure", true );
iMinLevel = sConfig.GetIntDefault( "RA.MinLevel", SEC_ADMINISTRATOR );
bStricted = sConfig.GetBoolDefault( "RA.Stricted", false );
iMinLevel = AccountTypes(sConfig.GetIntDefault( "RA.MinLevel", SEC_ADMINISTRATOR ));
reference_counting_policy ().value (ACE_Event_Handler::Reference_Counting_Policy::ENABLED);
}
@ -198,30 +199,32 @@ int RASocket::handle_input(ACE_HANDLE)
}
sendf("\r\n");
sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
break;
}
else
{
AccountTypes sec = sAccountMgr.GetSecurity(accId);
///- if gmlevel is too low, deny access
if (sec < iMinLevel)
accAccessLevel = sAccountMgr.GetSecurity(accId);
///- if gmlevel is too low, deny access
if (accAccessLevel < iMinLevel)
{
sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.",szLogin.c_str());
if(bSecure)
{
sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.",szLogin.c_str());
if(bSecure)
{
handle_output();
return -1;
}
sendf("\r\n");
sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
stage=LG;
sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
handle_output();
return -1;
}
sendf("\r\n");
sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
break;
}
///- allow by remotely connected admin use console level commands dependent from config setting
if (accAccessLevel >= SEC_ADMINISTRATOR && !bStricted)
accAccessLevel = SEC_CONSOLE;
stage=LG;
sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
break;
}
///<li> If the input is '<password>' (and the user already gave his username)
@ -261,7 +264,7 @@ int RASocket::handle_input(ACE_HANDLE)
return -1;
else
{
CliCommandHolder* cmd = new CliCommandHolder(this, inputBuffer, &RASocket::zprint, &RASocket::commandFinished);
CliCommandHolder* cmd = new CliCommandHolder(accId, accAccessLevel, this, inputBuffer, &RASocket::zprint, &RASocket::commandFinished);
sWorld.QueueCliCommand(cmd);
pendingCommands.acquire();
}