oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-08-06 17:41:04 +00:00
Code Wiki Activity

Fix multiple password changes in one session

Browse source
This commit is contained in:
savilli 2024-01-19 11:50:55 +01:00 committed by GitHub
parent a8cf10b0b5
commit 432988a4ad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 23 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/network/serverpackethandler.cpp
View file

@ -1515,8 +1515,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
return;
}
std::string initial_ver_key;
initial_ver_key = encode_srp_verifier(verification_key, salt);
std::string encpwd = encode_srp_verifier(verification_key, salt);
// It is possible for multiple connections to get this far with the same
// player name. In the end only one player with a given name will be emerged
@ -1529,9 +1528,11 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED);
return;
}
m_script->createAuth(playername, initial_ver_key);
m_script->on_authplayer(playername, addr_s, true);
m_script->createAuth(playername, encpwd);
client->setEncryptedPassword(encpwd);
m_script->on_authplayer(playername, addr_s, true);
acceptAuth(peer_id, false);
} else {
if (cstate < CS_SudoMode) {
@ -1550,12 +1551,13 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
return;
}
std::string pw_db_field = encode_srp_verifier(verification_key, salt);
bool success = m_script->setPassword(playername, pw_db_field);
std::string encpwd = encode_srp_verifier(verification_key, salt);
bool success = m_script->setPassword(playername, encpwd);
if (success) {
actionstream << playername << " changes password" << std::endl;
SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM,
L"Password change successful."));
client->setEncryptedPassword(encpwd);
} else {
actionstream << playername <<
" tries to change password but it fails" << std::endl;
@ -1606,7 +1608,8 @@ void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
AUTH_MECHANISM_LEGACY_PASSWORD : AUTH_MECHANISM_SRP;
if (wantSudo) {
if (!client->isSudoMechAllowed(chosen)) {
// Right now, the auth mechs don't change between login and sudo mode.
if (!client->isMechAllowed(chosen)) {
actionstream << "Server: Player \"" << client->getName() <<
"\" at " << getPeerAddress(peer_id).serializeString() <<
" tried to change password using unallowed mech " << chosen <<