mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-13 22:37:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[7046] Do more security level checks in commands using HasLowerSecurity. Make use .account set addon safe for players.

Browse source
This commit is contained in:
VladimirMangos 2009-01-07 17:47:57 +03:00
parent d12944d8f2
commit cc5fc88fb2
7 changed files with 66 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/game/Chat.cpp
View file

@ -627,29 +627,46 @@ bool ChatHandler::isAvailable(ChatCommand const& cmd) const
return m_session->GetSecurity() >= cmd.SecurityLevel;
}
bool ChatHandler::HasLowerSecurity(Player* target, uint64 guid)
bool ChatHandler::HasLowerSecurity(Player* target, uint64 guid, bool strong)
{
uint32 target_sec;
if (!sWorld.getConfig(CONFIG_GM_LOWER_SECURITY))
return false;
// allow everything from RA console
if (!m_session)
return false;
WorldSession* target_session = NULL;
uint32 target_account = 0;
if (target)
target_sec = target->GetSession()->GetSecurity();
target_session = target->GetSession();
else if (guid)
target_sec = accmgr.GetSecurity(objmgr.GetPlayerAccountIdByGUID(guid));
else
target_account = objmgr.GetPlayerAccountIdByGUID(guid);
if(!target_session && !target_account)
{
SendSysMessage(LANG_PLAYER_NOT_FOUND);
SetSentErrorMessage(true);
return true;
}
if (m_session->GetSecurity() < target_sec)
return HasLowerSecurityAccount(target_session,target_account,strong);
}
bool ChatHandler::HasLowerSecurityAccount(WorldSession* target, uint32 target_account, bool strong)
{
uint32 target_sec;
// ignore only for non-players for non strong checks (when allow apply command at least to same sec level)
if (m_session->GetSecurity() > SEC_PLAYER && !strong && !sWorld.getConfig(CONFIG_GM_LOWER_SECURITY))
return false;
// allow everything from console and RA console
if (!m_session)
return false;
if (target)
target_sec = target->GetSecurity();
else if (target_account)
target_sec = accmgr.GetSecurity(target_account);
else
return true; // caller must report error for (target==NULL && target_account==0)
if (m_session->GetSecurity() < target_sec || strong && m_session->GetSecurity() <= target_sec)
{
SendSysMessage(LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage(true);

3
src/game/Chat.h
View file

@ -77,7 +77,8 @@ class ChatHandler
virtual bool isAvailable(ChatCommand const& cmd) const;
virtual bool needReportToTarget(Player* chr) const;
bool HasLowerSecurity(Player* target, uint64 guid);
bool HasLowerSecurity(Player* target, uint64 guid, bool strong = false);
bool HasLowerSecurityAccount(WorldSession* target, uint32 account, bool strong = false);
void SendGlobalSysMessage(const char *str);

2
src/game/ChatHandler.cpp
View file

@ -190,7 +190,7 @@ void WorldSession::HandleMessagechatOpcode( WorldPacket & recv_data )
Player *player = objmgr.GetPlayer(to.c_str());
uint32 tSecurity = GetSecurity();
uint32 pSecurity = player ? player->GetSession()->GetSecurity() : 0;
uint32 pSecurity = player ? player->GetSession()->GetSecurity() : SEC_PLAYER;
if(!player || tSecurity == SEC_PLAYER && pSecurity > SEC_PLAYER && !player->isAcceptWhispers())
{
WorldPacket data(SMSG_CHAT_PLAYER_NOT_FOUND, (to.size()+1));

48
src/game/Level2.cpp
View file

@ -86,27 +86,11 @@ bool ChatHandler::HandleMuteCommand(const char* args)
Player *chr = objmgr.GetPlayer(guid);
// check security
uint32 account_id = 0;
uint32 security = 0;
if (chr)
{
account_id = chr->GetSession()->GetAccountId();
security = chr->GetSession()->GetSecurity();
}
else
{
account_id = objmgr.GetPlayerAccountIdByGUID(guid);
security = accmgr.GetSecurity(account_id);
}
if(m_session && security >= m_session->GetSecurity())
{
SendSysMessage(LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage(true);
// must have strong lesser security level
if(HasLowerSecurity (chr,guid,true))
return false;
}
uint32 account_id = chr ? chr->GetSession()->GetAccountId() : objmgr.GetPlayerAccountIdByGUID(guid);
time_t mutetime = time(NULL) + notspeaktime*60;
@ -152,27 +136,11 @@ bool ChatHandler::HandleUnmuteCommand(const char* args)
Player *chr = objmgr.GetPlayer(guid);
// check security
uint32 account_id = 0;
uint32 security = 0;
if (chr)
{
account_id = chr->GetSession()->GetAccountId();
security = chr->GetSession()->GetSecurity();
}
else
{
account_id = objmgr.GetPlayerAccountIdByGUID(guid);
security = accmgr.GetSecurity(account_id);
}
if(m_session && security >= m_session->GetSecurity())
{
SendSysMessage(LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage(true);
// must have strong lesser security level
if(HasLowerSecurity (chr,guid,true))
return false;
}
uint32 account_id = chr ? chr->GetSession()->GetAccountId() : objmgr.GetPlayerAccountIdByGUID(guid);
if (chr)
{

43
src/game/Level3.cpp
View file

@ -696,7 +696,6 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char* args)
std::string targetAccountName;
uint32 targetAccountId = 0;
uint32 targetSecurity = 0;
/// only target player different from self allowed (if targetPlayer!=NULL then not console)
Player* targetPlayer = getSelectedPlayer();
@ -710,13 +709,6 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char* args)
arg2 = arg1;
targetAccountId = targetPlayer->GetSession()->GetAccountId();
targetSecurity = targetPlayer->GetSession()->GetSecurity();
if(!accmgr.GetName(targetAccountId,targetAccountName))
{
PSendSysMessage(LANG_ACCOUNT_NOT_EXIST,targetAccountName.c_str());
SetSentErrorMessage(true);
return false;
}
}
else
{
@ -733,7 +725,12 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char* args)
}
targetAccountId = accmgr.GetId(targetAccountName);
targetSecurity = accmgr.GetSecurity(targetAccountId);
if(!targetAccountId)
{
PSendSysMessage(LANG_ACCOUNT_NOT_EXIST,targetAccountName.c_str());
SetSentErrorMessage(true);
return false;
}
}
int32 gm = (int32)atoi(arg2);
@ -744,12 +741,14 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char* args)
return false;
}
/// m_session==NULL only for console
uint32 plSecurity = m_session ? m_session->GetSecurity() : SEC_CONSOLE;
/// can set security level only for target with less security and to less security that we have
/// This is also reject self apply in fact
if(targetSecurity >= plSecurity || uint32(gm) >= plSecurity )
if(HasLowerSecurityAccount(NULL,targetAccountId,true))
return false;
/// account can't set security to same or grater level, need more power GM or console
uint32 plSecurity = m_session ? m_session->GetSecurity() : SEC_CONSOLE;
if (uint32(gm) >= plSecurity )
{
SendSysMessage(LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage(true);
@ -798,19 +797,10 @@ bool ChatHandler::HandleAccountSetPasswordCommand(const char* args)
return false;
}
uint32 targetSecurity = accmgr.GetSecurity(targetAccountId);
/// m_session==NULL only for console
uint32 plSecurity = m_session ? m_session->GetSecurity() : SEC_CONSOLE;
/// can set password only for target with less security
/// This is also reject self apply in fact
if (targetSecurity >= plSecurity)
{
SendSysMessage (LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage (true);
if(HasLowerSecurityAccount (NULL,targetAccountId,true))
return false;
}
if (strcmp(szPassword1,szPassword2))
{
@ -6192,8 +6182,15 @@ bool ChatHandler::HandleAccountSetAddonCommand(const char* args)
SetSentErrorMessage(true);
return false;
}
}
// Let set addon state only for lesser (strong) security level
// or to self account
if (m_session && m_session->GetAccountId () != account_id &&
HasLowerSecurityAccount (NULL,account_id,true))
return false;
int lev=atoi(szExp); //get int anyway (0 if error)
if(lev < 0)
return false;

17
src/mangosd/CliRunnable.cpp
View file

@ -80,19 +80,10 @@ bool ChatHandler::HandleAccountDeleteCommand(const char* args)
}
/// Commands not recommended call from chat, but support anyway
if(m_session)
{
uint32 targetSecurity = accmgr.GetSecurity(account_id);
/// can delete only for account with less security
/// This is also reject self apply in fact
if (targetSecurity >= m_session->GetSecurity())
{
SendSysMessage (LANG_YOURS_SECURITY_IS_LOW);
SetSentErrorMessage (true);
return false;
}
}
/// can delete only for account with less security
/// This is also reject self apply in fact
if(HasLowerSecurityAccount (NULL,account_id,true))
return false;
AccountOpResult result = accmgr.DeleteAccount(account_id);
switch(result)

2
src/shared/revision_nr.h
View file

@ -1,4 +1,4 @@
#ifndef __REVISION_NR_H__
#define __REVISION_NR_H__
#define REVISION_NR "7045"
#define REVISION_NR "7046"
#endif // __REVISION_NR_H__