diff options
author | sfan5 <sfan5@live.de> | 2022-04-27 19:10:03 +0200 |
---|---|---|
committer | sfan5 <sfan5@live.de> | 2022-05-14 18:33:42 +0200 |
commit | 1ac378063e37e5b1485438e5321252b42471ba79 (patch) | |
tree | 5403633c0e9b450e8a96c58d7214cea8ed27bf65 | |
parent | d497c926849fc716d486d400fed45063577bd99a (diff) | |
download | minetest-1ac378063e37e5b1485438e5321252b42471ba79.tar.gz minetest-1ac378063e37e5b1485438e5321252b42471ba79.tar.bz2 minetest-1ac378063e37e5b1485438e5321252b42471ba79.zip |
Apply disallow_empty_password to password changes too
-rw-r--r-- | builtin/settingtypes.txt | 2 | ||||
-rw-r--r-- | src/network/serverpackethandler.cpp | 16 |
2 files changed, 14 insertions, 4 deletions
diff --git a/builtin/settingtypes.txt b/builtin/settingtypes.txt index 42b45aa00..01bebe4cc 100644 --- a/builtin/settingtypes.txt +++ b/builtin/settingtypes.txt @@ -1123,7 +1123,7 @@ enable_mod_channels (Mod channels) bool false # If this is set, players will always (re)spawn at the given position. static_spawnpoint (Static spawnpoint) string -# If enabled, new players cannot join with an empty password. +# If enabled, players cannot join without a password or change theirs to an empty password. disallow_empty_password (Disallow empty passwords) bool false # If enabled, disable cheat prevention in multiplayer. diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index ee94edc3c..366ec2d28 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -1476,6 +1476,9 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) verbosestream << "Server: Got TOSERVER_FIRST_SRP from " << addr_s << ", with is_empty=" << (is_empty == 1) << std::endl; + const bool empty_disallowed = !isSingleplayer() && is_empty == 1 && + g_settings->getBool("disallow_empty_password"); + // Either this packet is sent because the user is new or to change the password if (cstate == CS_HelloSent) { if (!client->isMechAllowed(AUTH_MECHANISM_FIRST_SRP)) { @@ -1486,9 +1489,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } - if (!isSingleplayer() && - g_settings->getBool("disallow_empty_password") && - is_empty == 1) { + if (empty_disallowed) { actionstream << "Server: " << playername << " supplied empty password from " << addr_s << std::endl; DenyAccess(peer_id, SERVER_ACCESSDENIED_EMPTY_PASSWORD); @@ -1521,6 +1522,15 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } m_clients.event(peer_id, CSE_SudoLeave); + + if (empty_disallowed) { + actionstream << "Server: " << playername + << " supplied empty password" << std::endl; + SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM, + L"Changing to an empty password is not allowed.")); + return; + } + std::string pw_db_field = encode_srp_verifier(verification_key, salt); bool success = m_script->setPassword(playername, pw_db_field); if (success) { |