forked from Mirrorlandia_minetest/minetest
Apply disallow_empty_password to password changes too
This commit is contained in:
parent
391eec9ee7
commit
3d2bf8fb02
@ -1186,7 +1186,7 @@ enable_mod_channels (Mod channels) bool false
|
||||
# If this is set, players will always (re)spawn at the given position.
|
||||
static_spawnpoint (Static spawnpoint) string
|
||||
|
||||
# If enabled, new players cannot join with an empty password.
|
||||
# If enabled, players cannot join without a password or change theirs to an empty password.
|
||||
disallow_empty_password (Disallow empty passwords) bool false
|
||||
|
||||
# If enabled, disable cheat prevention in multiplayer.
|
||||
|
@ -1475,6 +1475,9 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
|
||||
verbosestream << "Server: Got TOSERVER_FIRST_SRP from " << addr_s
|
||||
<< ", with is_empty=" << (is_empty == 1) << std::endl;
|
||||
|
||||
const bool empty_disallowed = !isSingleplayer() && is_empty == 1 &&
|
||||
g_settings->getBool("disallow_empty_password");
|
||||
|
||||
// Either this packet is sent because the user is new or to change the password
|
||||
if (cstate == CS_HelloSent) {
|
||||
if (!client->isMechAllowed(AUTH_MECHANISM_FIRST_SRP)) {
|
||||
@ -1485,9 +1488,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isSingleplayer() &&
|
||||
g_settings->getBool("disallow_empty_password") &&
|
||||
is_empty == 1) {
|
||||
if (empty_disallowed) {
|
||||
actionstream << "Server: " << playername
|
||||
<< " supplied empty password from " << addr_s << std::endl;
|
||||
DenyAccess(peer_id, SERVER_ACCESSDENIED_EMPTY_PASSWORD);
|
||||
@ -1520,6 +1521,15 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
|
||||
return;
|
||||
}
|
||||
m_clients.event(peer_id, CSE_SudoLeave);
|
||||
|
||||
if (empty_disallowed) {
|
||||
actionstream << "Server: " << playername
|
||||
<< " supplied empty password" << std::endl;
|
||||
SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM,
|
||||
L"Changing to an empty password is not allowed."));
|
||||
return;
|
||||
}
|
||||
|
||||
std::string pw_db_field = encode_srp_verifier(verification_key, salt);
|
||||
bool success = m_script->setPassword(playername, pw_db_field);
|
||||
if (success) {
|
||||
|
Loading…
Reference in New Issue
Block a user