Security|Server: Disallow public servers without a shell password

If there is no shell password, anyone can login via Shell and modify the server's config. It is now mandatory to set 'server-password' before announcing the server to the master server.
skyjake · Mar 28, 2013 · bd15e74 · bd15e74
1 parent d5cd8e9
commit bd15e74
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/doomsday/client/src/network/masterserver.cpp b/doomsday/client/src/network/masterserver.cpp
@@ -269,7 +269,14 @@ void N_MasterAnnounceServer(boolean isOpen)
 {
 #ifdef __SERVER__
     // Must be a server.
-   if(isClient) return;
+    if(isClient) return;
+
+    if(isOpen && !strlen(netPassword))
+    {
+        Con_Message("Cannot announce server as public: no shell password set!\n"
+                    "You must set one with the 'server-password' cvar.");
+        return;
+    }
 
     DEBUG_Message(("N_MasterAnnounceServer: Announcing as open=%i.\n", isOpen));