Skip to content
Permalink
Browse files

Merge PR #1779: Disable SuperUser

  • Loading branch information...
mkrautz committed May 22, 2016
2 parents 7b54ad0 + fd24ee9 commit f990b90d51587fbe14029bf3c748d1f8d6a485e4
Showing with 49 additions and 21 deletions.
  1. +30 −21 src/murmur/ServerDB.cpp
  2. +2 −0 src/murmur/ServerDB.h
  3. +17 −0 src/murmur/main.cpp
@@ -1128,8 +1128,33 @@ bool Server::setTexture(int id, const QByteArray &texture) {
return true;
}

void ServerDB::writeSUPW(int srvnum, const QString &pwHash, const QString &saltHash, const QVariant &kdfIterations) {
TransactionHolder th;
QSqlQuery &query = *th.qsqQuery;

SQLPREP("SELECT `user_id` FROM `%1users` WHERE `server_id` = ? AND `user_id` = ?");
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
if (! query.next()) {
SQLPREP("INSERT INTO `%1users` (`server_id`, `user_id`, `name`) VALUES (?, ?, ?)");
query.addBindValue(srvnum);
query.addBindValue(0);
query.addBindValue(QLatin1String("SuperUser"));
SQLEXEC();
}

SQLPREP("UPDATE `%1users` SET `pw`=?, `salt`=?, `kdfiterations`=? WHERE `server_id` = ? AND `user_id`=?");
query.addBindValue(pwHash);
query.addBindValue(saltHash);
query.addBindValue(kdfIterations);
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
}


void ServerDB::setSUPW(int srvnum, const QString &pw) {
TransactionHolder th;
QString pwHash, saltHash;

if (!Meta::mp.legacyPasswordHash) {
@@ -1139,27 +1164,11 @@ void ServerDB::setSUPW(int srvnum, const QString &pw) {
pwHash = getLegacySHA1Hash(pw);
}

QSqlQuery &query = *th.qsqQuery;

SQLPREP("SELECT `user_id` FROM `%1users` WHERE `server_id` = ? AND `user_id` = ?");
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
if (! query.next()) {
SQLPREP("INSERT INTO `%1users` (`server_id`, `user_id`, `name`) VALUES (?, ?, ?)");
query.addBindValue(srvnum);
query.addBindValue(0);
query.addBindValue(QLatin1String("SuperUser"));
SQLEXEC();
}
writeSUPW(srvnum, pwHash, saltHash, Meta::mp.kdfIterations);
}

SQLPREP("UPDATE `%1users` SET `pw`=?, `salt`=?, `kdfiterations`=? WHERE `server_id` = ? AND `user_id`=?");
query.addBindValue(pwHash);
query.addBindValue(saltHash);
query.addBindValue(Meta::mp.kdfIterations);
query.addBindValue(srvnum);
query.addBindValue(0);
SQLEXEC();
void ServerDB::disableSU(int srvnum) {
writeSUPW(srvnum, QString(), QString(), QVariant()); // NULL, NULL, NULL
}

QString ServerDB::getLegacySHA1Hash(const QString &password) {
@@ -27,6 +27,7 @@ class ServerDB {
static QSqlDatabase *db;
static QString qsUpgradeSuffix;
static void setSUPW(int iServNum, const QString &pw);
static void disableSU(int srvnum);
static QList<int> getBootServers();
static QList<int> getAllServers();
static int addServer();
@@ -47,6 +48,7 @@ class ServerDB {

private:
static void loadOrSetupMetaPKBDF2IterationsCount(QSqlQuery &query);
static void writeSUPW(int srvnum, const QString &pwHash, const QString &saltHash, const QVariant &kdfIterations);
};

#endif
@@ -218,6 +218,7 @@ int main(int argc, char **argv) {

QString inifile;
QString supw;
bool disableSu = false;
bool wipeSsl = false;
bool wipeLogs = false;
int sunum = 1;
@@ -267,6 +268,14 @@ int main(int argc, char **argv) {
}
bLast = true;
#endif
} else if ((arg == "-disablesu")) {
detach = false;
disableSu = true;
if (i+1 < args.size()) {
i++;
sunum = args.at(i).toInt();
}
bLast = true;
} else if ((arg == "-ini") && (i+1 < args.size())) {
i++;
inifile = args.at(i);
@@ -288,6 +297,9 @@ int main(int argc, char **argv) {
" -supw <pw> [srv] Set password for 'SuperUser' account on server srv.\n"
#ifdef Q_OS_UNIX
" -readsupw [srv] Reads password for server srv from standard input.\n"
#endif
" -disablesu [srv] Disable password for 'SuperUser' account on server srv.\n"
#ifdef Q_OS_UNIX
" -limits Tests and shows how many file descriptors and threads can be created.\n"
" The purpose of this option is to test how many clients Murmur can handle.\n"
" Murmur will exit after this test.\n"
@@ -400,6 +412,11 @@ int main(int argc, char **argv) {
qFatal("Superuser password set on server %d", sunum);
}

if (disableSu) {
ServerDB::disableSU(sunum);
qFatal("SuperUser password disabled on server %d", sunum);
}

if (wipeSsl) {
qWarning("Removing all per-server SSL certificates from the database.");
foreach(int sid, ServerDB::getAllServers()) {

0 comments on commit f990b90

Please sign in to comment.
You can’t perform that action at this time.