Skip to content

Commit

Permalink
Merge PR #1779: Disable SuperUser
Browse files Browse the repository at this point in the history
  • Loading branch information
@mkrautz
mkrautz committed May 22, 2016
2 parents 7b54ad0 + fd24ee9 commit f990b90
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 21 deletions.
51 changes: 30 additions & 21 deletions src/murmur/ServerDB.cpp
View file
Expand Up @@ -1128,8 +1128,33 @@ bool Server::setTexture(int id, const QByteArray &texture) {
return true;
}

void ServerDB::writeSUPW(int srvnum, const QString &pwHash, const QString &saltHash, const QVariant &kdfIterations) {
TransactionHolder th;
QSqlQuery &query = *th.qsqQuery;

SQLPREP("SELECT `user_id` FROM `%1users` WHERE `server_id` = ? AND `user_id` = ?");
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
if (! query.next()) {
SQLPREP("INSERT INTO `%1users` (`server_id`, `user_id`, `name`) VALUES (?, ?, ?)");
query.addBindValue(srvnum);
query.addBindValue(0);
query.addBindValue(QLatin1String("SuperUser"));
SQLEXEC();
}

SQLPREP("UPDATE `%1users` SET `pw`=?, `salt`=?, `kdfiterations`=? WHERE `server_id` = ? AND `user_id`=?");
query.addBindValue(pwHash);
query.addBindValue(saltHash);
query.addBindValue(kdfIterations);
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
}


void ServerDB::setSUPW(int srvnum, const QString &pw) {
TransactionHolder th;
QString pwHash, saltHash;

if (!Meta::mp.legacyPasswordHash) {
Expand All @@ -1139,27 +1164,11 @@ void ServerDB::setSUPW(int srvnum, const QString &pw) {
pwHash = getLegacySHA1Hash(pw);
}

QSqlQuery &query = *th.qsqQuery;

SQLPREP("SELECT `user_id` FROM `%1users` WHERE `server_id` = ? AND `user_id` = ?");
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
if (! query.next()) {
SQLPREP("INSERT INTO `%1users` (`server_id`, `user_id`, `name`) VALUES (?, ?, ?)");
query.addBindValue(srvnum);
query.addBindValue(0);
query.addBindValue(QLatin1String("SuperUser"));
SQLEXEC();
}
writeSUPW(srvnum, pwHash, saltHash, Meta::mp.kdfIterations);
}

SQLPREP("UPDATE `%1users` SET `pw`=?, `salt`=?, `kdfiterations`=? WHERE `server_id` = ? AND `user_id`=?");
query.addBindValue(pwHash);
query.addBindValue(saltHash);
query.addBindValue(Meta::mp.kdfIterations);
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
void ServerDB::disableSU(int srvnum) {
writeSUPW(srvnum, QString(), QString(), QVariant()); // NULL, NULL, NULL
}

QString ServerDB::getLegacySHA1Hash(const QString &password) {
Expand Down
2 changes: 2 additions & 0 deletions src/murmur/ServerDB.h
View file
Expand Up @@ -27,6 +27,7 @@ class ServerDB {
static QSqlDatabase *db;
static QString qsUpgradeSuffix;
static void setSUPW(int iServNum, const QString &pw);
static void disableSU(int srvnum);
static QList<int> getBootServers();
static QList<int> getAllServers();
static int addServer();
Expand All @@ -47,6 +48,7 @@ class ServerDB {

private:
static void loadOrSetupMetaPKBDF2IterationsCount(QSqlQuery &query);
static void writeSUPW(int srvnum, const QString &pwHash, const QString &saltHash, const QVariant &kdfIterations);
};

#endif
17 changes: 17 additions & 0 deletions src/murmur/main.cpp
View file
Expand Up @@ -218,6 +218,7 @@ int main(int argc, char **argv) {

QString inifile;
QString supw;
bool disableSu = false;
bool wipeSsl = false;
bool wipeLogs = false;
int sunum = 1;
Expand Down Expand Up @@ -267,6 +268,14 @@ int main(int argc, char **argv) {
}
bLast = true;
#endif
} else if ((arg == "-disablesu")) {
detach = false;
disableSu = true;
if (i+1 < args.size()) {
i++;
sunum = args.at(i).toInt();
}
bLast = true;
} else if ((arg == "-ini") && (i+1 < args.size())) {
i++;
inifile = args.at(i);
Expand All @@ -288,6 +297,9 @@ int main(int argc, char **argv) {
" -supw <pw> [srv] Set password for 'SuperUser' account on server srv.\n"
#ifdef Q_OS_UNIX
" -readsupw [srv] Reads password for server srv from standard input.\n"
#endif
" -disablesu [srv] Disable password for 'SuperUser' account on server srv.\n"
#ifdef Q_OS_UNIX
" -limits Tests and shows how many file descriptors and threads can be created.\n"
" The purpose of this option is to test how many clients Murmur can handle.\n"
" Murmur will exit after this test.\n"
Expand Down Expand Up @@ -400,6 +412,11 @@ int main(int argc, char **argv) {
qFatal("Superuser password set on server %d", sunum);
}

if (disableSu) {
ServerDB::disableSU(sunum);
qFatal("SuperUser password disabled on server %d", sunum);
}

if (wipeSsl) {
qWarning("Removing all per-server SSL certificates from the database.");
foreach(int sid, ServerDB::getAllServers()) {
Expand Down

0 comments on commit f990b90

Please sign in to comment.