diff options
| author | sfan5 <sfan5@live.de> | 2022-04-27 19:10:03 +0200 |
|---|---|---|
| committer | sfan5 <sfan5@live.de> | 2022-04-28 19:55:36 +0200 |
| commit | 3d2bf8fb021ea839944830e212789532ba3f0370 (patch) | |
| tree | 90d9f19e14cacc2338f38f3dc910f6dcdbc81424 | |
| parent | 391eec9ee78fc9dfdc476ad2a8ed7755009e4a2f (diff) | |
| download | hax-minetest-server-3d2bf8fb021ea839944830e212789532ba3f0370.tar.gz hax-minetest-server-3d2bf8fb021ea839944830e212789532ba3f0370.zip | |
Apply disallow_empty_password to password changes too
| -rw-r--r-- | builtin/settingtypes.txt | 2 | ||||
| -rw-r--r-- | src/network/serverpackethandler.cpp | 16 |
2 files changed, 14 insertions, 4 deletions
diff --git a/builtin/settingtypes.txt b/builtin/settingtypes.txt index babb89481..a983a8f6b 100644 --- a/builtin/settingtypes.txt +++ b/builtin/settingtypes.txt @@ -1186,7 +1186,7 @@ enable_mod_channels (Mod channels) bool false # If this is set, players will always (re)spawn at the given position. static_spawnpoint (Static spawnpoint) string -# If enabled, new players cannot join with an empty password. +# If enabled, players cannot join without a password or change theirs to an empty password. disallow_empty_password (Disallow empty passwords) bool false # If enabled, disable cheat prevention in multiplayer. diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index 6d951c416..51061f57b 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -1475,6 +1475,9 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) verbosestream << "Server: Got TOSERVER_FIRST_SRP from " << addr_s << ", with is_empty=" << (is_empty == 1) << std::endl; + const bool empty_disallowed = !isSingleplayer() && is_empty == 1 && + g_settings->getBool("disallow_empty_password"); + // Either this packet is sent because the user is new or to change the password if (cstate == CS_HelloSent) { if (!client->isMechAllowed(AUTH_MECHANISM_FIRST_SRP)) { @@ -1485,9 +1488,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } - if (!isSingleplayer() && - g_settings->getBool("disallow_empty_password") && - is_empty == 1) { + if (empty_disallowed) { actionstream << "Server: " << playername << " supplied empty password from " << addr_s << std::endl; DenyAccess(peer_id, SERVER_ACCESSDENIED_EMPTY_PASSWORD); @@ -1520,6 +1521,15 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } m_clients.event(peer_id, CSE_SudoLeave); + + if (empty_disallowed) { + actionstream << "Server: " << playername + << " supplied empty password" << std::endl; + SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM, + L"Changing to an empty password is not allowed.")); + return; + } + std::string pw_db_field = encode_srp_verifier(verification_key, salt); bool success = m_script->setPassword(playername, pw_db_field); if (success) { |