From 3d2bf8fb021ea839944830e212789532ba3f0370 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Wed, 27 Apr 2022 19:10:03 +0200 Subject: Apply disallow_empty_password to password changes too --- src/network/serverpackethandler.cpp | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index 6d951c416..51061f57b 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -1475,6 +1475,9 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) verbosestream << "Server: Got TOSERVER_FIRST_SRP from " << addr_s << ", with is_empty=" << (is_empty == 1) << std::endl; + const bool empty_disallowed = !isSingleplayer() && is_empty == 1 && + g_settings->getBool("disallow_empty_password"); + // Either this packet is sent because the user is new or to change the password if (cstate == CS_HelloSent) { if (!client->isMechAllowed(AUTH_MECHANISM_FIRST_SRP)) { @@ -1485,9 +1488,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } - if (!isSingleplayer() && - g_settings->getBool("disallow_empty_password") && - is_empty == 1) { + if (empty_disallowed) { actionstream << "Server: " << playername << " supplied empty password from " << addr_s << std::endl; DenyAccess(peer_id, SERVER_ACCESSDENIED_EMPTY_PASSWORD); @@ -1520,6 +1521,15 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) return; } m_clients.event(peer_id, CSE_SudoLeave); + + if (empty_disallowed) { + actionstream << "Server: " << playername + << " supplied empty password" << std::endl; + SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM, + L"Changing to an empty password is not allowed.")); + return; + } + std::string pw_db_field = encode_srp_verifier(verification_key, salt); bool success = m_script->setPassword(playername, pw_db_field); if (success) { -- cgit v1.2.3