From a0ff5f4536e0e20c0361ee7bd20625d2998c8583 Mon Sep 17 00:00:00 2001 From: VladimirMangos Date: Wed, 13 Jul 2011 05:38:43 +0400 Subject: [PATCH] [11736] Hide passwords from logs * DB connection * chat/console password changes commands. --- src/game/Chat.cpp | 35 +++++++------- src/game/Chat.h | 2 + src/game/Level0.cpp | 5 +- src/game/Level3.cpp | 7 ++- src/mangosd/Master.cpp | 6 +-- src/realmd/Main.cpp | 3 +- src/shared/Database/DatabaseMysql.cpp | 61 ++++++++++++------------- src/shared/Database/DatabasePostgre.cpp | 4 +- src/shared/revision_nr.h | 2 +- 9 files changed, 68 insertions(+), 57 deletions(-) diff --git a/src/game/Chat.cpp b/src/game/Chat.cpp index 1a0b44941..d7d06c82e 100644 --- a/src/game/Chat.cpp +++ b/src/game/Chat.cpp @@ -1223,22 +1223,7 @@ void ChatHandler::ExecuteCommand(const char* text) if ((this->*(command->Handler))((char*)text)) // text content destroyed at call { if (command->SecurityLevel > SEC_PLAYER) - { - // chat case - if (m_session) - { - Player* p = m_session->GetPlayer(); - ObjectGuid sel_guid = p->GetSelectionGuid(); - sLog.outCommand(GetAccountId(),"Command: %s [Player: %s (Account: %u) X: %f Y: %f Z: %f Map: %u Selected: %s]", - fullcmd.c_str(),p->GetName(),GetAccountId(),p->GetPositionX(),p->GetPositionY(),p->GetPositionZ(),p->GetMapId(), - sel_guid.GetString().c_str()); - } - else // 0 account -> console - { - sLog.outCommand(GetAccountId(),"Command: %s [Account: %u from %s]", - fullcmd.c_str(),GetAccountId(),GetAccountId() ? "RA-connection" : "Console"); - } - } + LogCommand(fullcmd.c_str()); } // some commands have custom error messages. Don't send the default one in these cases. else if (!HasSentErrorMessage()) @@ -3571,6 +3556,24 @@ std::string ChatHandler::PrepareStringNpcOrGoSpawnInformation(uint32 guid) return str; } +void ChatHandler::LogCommand(char const* fullcmd) +{ + // chat case + if (m_session) + { + Player* p = m_session->GetPlayer(); + ObjectGuid sel_guid = p->GetSelectionGuid(); + sLog.outCommand(GetAccountId(),"Command: %s [Player: %s (Account: %u) X: %f Y: %f Z: %f Map: %u Selected: %s]", + fullcmd, p->GetName(), GetAccountId(), p->GetPositionX(), p->GetPositionY(), p->GetPositionZ(), p->GetMapId(), + sel_guid.GetString().c_str()); + } + else // 0 account -> console + { + sLog.outCommand(GetAccountId(),"Command: %s [Account: %u from %s]", + fullcmd, GetAccountId(), GetAccountId() ? "RA-connection" : "Console"); + } +} + // Instantiate template for helper function template void ChatHandler::ShowNpcOrGoSpawnInformation(uint32 guid); template void ChatHandler::ShowNpcOrGoSpawnInformation(uint32 guid); diff --git a/src/game/Chat.h b/src/game/Chat.h index 116eead93..87c274421 100644 --- a/src/game/Chat.h +++ b/src/game/Chat.h @@ -124,6 +124,8 @@ class MANGOS_DLL_SPEC ChatHandler bool SetDataForCommandInTable(ChatCommand *table, const char* text, uint32 security, std::string const& help); void ExecuteCommand(const char* text); + void LogCommand(char const* fullcmd); + bool ShowHelpForCommand(ChatCommand *table, const char* cmd); bool ShowHelpForSubCommands(ChatCommand *table, char const* cmd); ChatCommandSearchResult FindCommand(ChatCommand* table, char const*& text, ChatCommand*& command, ChatCommand** parentCommand = NULL, std::string* cmdNamePtr = NULL, bool allAvailable = false, bool exactlyName = false); diff --git a/src/game/Level0.cpp b/src/game/Level0.cpp index d0dab5230..6b65e64ca 100644 --- a/src/game/Level0.cpp +++ b/src/game/Level0.cpp @@ -248,7 +248,10 @@ bool ChatHandler::HandleAccountPasswordCommand(char* args) return false; } - return true; + // OK, but avoid normal report for hide passwords, but log use command for anyone + LogCommand(".account password *** *** ***"); + SetSentErrorMessage(true); + return false; } bool ChatHandler::HandleAccountLockCommand(char* args) diff --git a/src/game/Level3.cpp b/src/game/Level3.cpp index 1394d6606..7eea87975 100644 --- a/src/game/Level3.cpp +++ b/src/game/Level3.cpp @@ -1226,7 +1226,12 @@ bool ChatHandler::HandleAccountSetPasswordCommand(char* args) return false; } - return true; + // OK, but avoid normal report for hide passwords, but log use command for anyone + char msg[100]; + snprintf( msg, 100, ".account set password %s *** ***", account_name.c_str()); + LogCommand(msg); + SetSentErrorMessage(true); + return false; } diff --git a/src/mangosd/Master.cpp b/src/mangosd/Master.cpp index eb9863c35..5fbe67dc0 100644 --- a/src/mangosd/Master.cpp +++ b/src/mangosd/Master.cpp @@ -431,7 +431,7 @@ bool Master::_StartDB() sLog.outError("Database not specified in configuration file"); return false; } - sLog.outString("World Database: %s, total connections: %i", dbstring.c_str(), nConnections + 1); + sLog.outString("World Database total connections: %i", nConnections + 1); ///- Initialise the world database if(!WorldDatabase.Initialize(dbstring.c_str(), nConnections)) @@ -457,7 +457,7 @@ bool Master::_StartDB() WorldDatabase.HaltDelayThread(); return false; } - sLog.outString("Character Database: %s, total connections: %i", dbstring.c_str(), nConnections + 1); + sLog.outString("Character Database total connections: %i", nConnections + 1); ///- Initialise the Character database if(!CharacterDatabase.Initialize(dbstring.c_str(), nConnections)) @@ -491,7 +491,7 @@ bool Master::_StartDB() } ///- Initialise the login database - sLog.outString("Login Database: %s, total connections: %i", dbstring.c_str(), nConnections + 1); + sLog.outString("Login Database total connections: %i", nConnections + 1); if(!LoginDatabase.Initialize(dbstring.c_str(), nConnections)) { sLog.outError("Cannot connect to login database %s",dbstring.c_str()); diff --git a/src/realmd/Main.cpp b/src/realmd/Main.cpp index f22a2f682..6c13ccf5e 100644 --- a/src/realmd/Main.cpp +++ b/src/realmd/Main.cpp @@ -388,7 +388,8 @@ bool StartDB() return false; } - sLog.outString("Database: %s", dbstring.c_str() ); + sLog.outString("Login Database total connections: %i", 1 + 1); + if(!LoginDatabase.Initialize(dbstring.c_str())) { sLog.outError("Cannot connect to database"); diff --git a/src/shared/Database/DatabaseMysql.cpp b/src/shared/Database/DatabaseMysql.cpp index dd635e93d..78110a6bc 100644 --- a/src/shared/Database/DatabaseMysql.cpp +++ b/src/shared/Database/DatabaseMysql.cpp @@ -137,44 +137,41 @@ bool MySQLConnection::Initialize(const char *infoString) mMysql = mysql_real_connect(mysqlInit, host.c_str(), user.c_str(), password.c_str(), database.c_str(), port, unix_socket, 0); - if (mMysql) - { - DETAIL_LOG( "Connected to MySQL database at %s", - host.c_str()); - sLog.outString( "MySQL client library: %s", mysql_get_client_info()); - sLog.outString( "MySQL server ver: %s ", mysql_get_server_info( mMysql)); - - /*----------SET AUTOCOMMIT ON---------*/ - // It seems mysql 5.0.x have enabled this feature - // by default. In crash case you can lose data!!! - // So better to turn this off - // --- - // This is wrong since mangos use transactions, - // autocommit is turned of during it. - // Setting it to on makes atomic updates work - // --- - // LEAVE 'AUTOCOMMIT' MODE ALWAYS ENABLED!!! - // W/O IT EVEN 'SELECT' QUERIES WOULD REQUIRE TO BE WRAPPED INTO 'START TRANSACTION'<>'COMMIT' CLAUSES!!! - if (!mysql_autocommit(mMysql, 1)) - DETAIL_LOG("AUTOCOMMIT SUCCESSFULLY SET TO 1"); - else - DETAIL_LOG("AUTOCOMMIT NOT SET TO 1"); - /*-------------------------------------*/ - - // set connection properties to UTF8 to properly handle locales for different - // server configs - core sends data in UTF8, so MySQL must expect UTF8 too - Execute("SET NAMES `utf8`"); - Execute("SET CHARACTER SET `utf8`"); - - return true; - } - else + if (!mMysql) { sLog.outError( "Could not connect to MySQL database at %s: %s\n", host.c_str(),mysql_error(mysqlInit)); mysql_close(mysqlInit); return false; } + + DETAIL_LOG("Connected to MySQL database %s@%s:%s/%s", user.c_str(), host.c_str(), port_or_socket.c_str(), database.c_str()); + sLog.outString("MySQL client library: %s", mysql_get_client_info()); + sLog.outString("MySQL server ver: %s ", mysql_get_server_info( mMysql)); + + /*----------SET AUTOCOMMIT ON---------*/ + // It seems mysql 5.0.x have enabled this feature + // by default. In crash case you can lose data!!! + // So better to turn this off + // --- + // This is wrong since mangos use transactions, + // autocommit is turned of during it. + // Setting it to on makes atomic updates work + // --- + // LEAVE 'AUTOCOMMIT' MODE ALWAYS ENABLED!!! + // W/O IT EVEN 'SELECT' QUERIES WOULD REQUIRE TO BE WRAPPED INTO 'START TRANSACTION'<>'COMMIT' CLAUSES!!! + if (!mysql_autocommit(mMysql, 1)) + DETAIL_LOG("AUTOCOMMIT SUCCESSFULLY SET TO 1"); + else + DETAIL_LOG("AUTOCOMMIT NOT SET TO 1"); + /*-------------------------------------*/ + + // set connection properties to UTF8 to properly handle locales for different + // server configs - core sends data in UTF8, so MySQL must expect UTF8 too + Execute("SET NAMES `utf8`"); + Execute("SET CHARACTER SET `utf8`"); + + return true; } bool MySQLConnection::_Query(const char *sql, MYSQL_RES **pResult, MYSQL_FIELD **pFields, uint64* pRowCount, uint32* pFieldCount) diff --git a/src/shared/Database/DatabasePostgre.cpp b/src/shared/Database/DatabasePostgre.cpp index 55cdb818b..25b155238 100644 --- a/src/shared/Database/DatabasePostgre.cpp +++ b/src/shared/Database/DatabasePostgre.cpp @@ -92,8 +92,8 @@ bool PostgreSQLConnection::Initialize(const char *infoString) return false; } - sLog.outDetail( "Connected to Postgre database at %s", host.c_str()); - sLog.outString( "PostgreSQL server ver: %d", PQserverVersion(mPGconn)); + DETAIL_LOG("Connected to Postgre database %s@%s:%s/%s", user.c_str(), host.c_str(), port_or_socket_dir.c_str(), database.c_str()); + sLog.outString("PostgreSQL server ver: %d", PQserverVersion(mPGconn)); return true; } diff --git a/src/shared/revision_nr.h b/src/shared/revision_nr.h index c0b010f76..1860994c8 100644 --- a/src/shared/revision_nr.h +++ b/src/shared/revision_nr.h @@ -1,4 +1,4 @@ #ifndef __REVISION_NR_H__ #define __REVISION_NR_H__ - #define REVISION_NR "11735" + #define REVISION_NR "11736" #endif // __REVISION_NR_H__