ddnet/src/engine/server/authmanager.cpp

170 lines
4 KiB
C++
Raw Normal View History

#include "authmanager.h"
#include <base/hash_ctxt.h>
2017-03-02 15:16:29 +00:00
#include <engine/shared/config.h>
#define ADMIN_IDENT "default_admin"
#define MOD_IDENT "default_mod"
#define HELPER_IDENT "default_helper"
static MD5_DIGEST HashPassword(const char *pPassword, const unsigned char aSalt[SALT_BYTES])
{
// Hash the password and the salt
MD5_CTX Md5;
md5_init(&Md5);
md5_update(&Md5, (unsigned char *)pPassword, str_length(pPassword));
md5_update(&Md5, aSalt, SALT_BYTES);
return md5_finish(&Md5);
}
2017-03-02 15:16:29 +00:00
CAuthManager::CAuthManager()
{
m_aDefault[0] = -1;
m_aDefault[1] = -1;
m_aDefault[2] = -1;
2017-03-04 20:06:22 +00:00
m_Generated = false;
2017-03-02 15:16:29 +00:00
}
void CAuthManager::Init()
{
int NumDefaultKeys = 0;
if(g_Config.m_SvRconPassword[0])
NumDefaultKeys++;
if(g_Config.m_SvRconModPassword[0])
NumDefaultKeys++;
if(g_Config.m_SvRconHelperPassword[0])
NumDefaultKeys++;
if(m_aKeys.size() == NumDefaultKeys && !g_Config.m_SvRconPassword[0])
2017-03-04 20:06:22 +00:00
{
secure_random_password(g_Config.m_SvRconPassword, sizeof(g_Config.m_SvRconPassword), 6);
AddDefaultKey(AUTHED_ADMIN, g_Config.m_SvRconPassword);
2017-03-04 20:06:22 +00:00
m_Generated = true;
}
2017-03-02 15:16:29 +00:00
}
int CAuthManager::AddKeyHash(const char *pIdent, MD5_DIGEST Hash, const unsigned char *pSalt, int AuthLevel)
2017-03-02 15:16:29 +00:00
{
if(FindKey(pIdent) >= 0)
return -1;
2017-03-02 15:16:29 +00:00
CKey Key;
2017-03-06 19:11:23 +00:00
str_copy(Key.m_aIdent, pIdent, sizeof(Key.m_aIdent));
Key.m_Pw = Hash;
2017-03-02 15:16:29 +00:00
mem_copy(Key.m_aSalt, pSalt, SALT_BYTES);
Key.m_Level = AuthLevel;
return m_aKeys.add(Key);
}
int CAuthManager::AddKey(const char *pIdent, const char *pPw, int AuthLevel)
{
2017-03-06 19:11:23 +00:00
// Generate random salt
unsigned char aSalt[SALT_BYTES];
2017-03-02 15:16:29 +00:00
secure_random_fill(aSalt, SALT_BYTES);
return AddKeyHash(pIdent, HashPassword(pPw, aSalt), aSalt, AuthLevel);
2017-03-02 15:16:29 +00:00
}
int CAuthManager::RemoveKey(int Slot)
2017-03-02 15:16:29 +00:00
{
m_aKeys.remove_index_fast(Slot);
2020-10-26 14:14:07 +00:00
for(int &Default : m_aDefault)
{
2020-10-26 14:14:07 +00:00
if(Default == Slot)
{
2020-10-26 14:14:07 +00:00
Default = -1;
}
2020-10-26 14:14:07 +00:00
else if(Default == m_aKeys.size())
{
2020-10-26 14:14:07 +00:00
Default = Slot;
}
}
return m_aKeys.size();
2017-03-02 15:16:29 +00:00
}
int CAuthManager::FindKey(const char *pIdent)
{
for(int i = 0; i < m_aKeys.size(); i++)
if(!str_comp(m_aKeys[i].m_aIdent, pIdent))
return i;
return -1;
}
bool CAuthManager::CheckKey(int Slot, const char *pPw)
{
2017-06-02 16:13:15 +00:00
if(Slot < 0 || Slot >= m_aKeys.size())
return false;
return m_aKeys[Slot].m_Pw == HashPassword(pPw, m_aKeys[Slot].m_aSalt);
2017-03-02 15:16:29 +00:00
}
int CAuthManager::DefaultKey(int AuthLevel)
{
2017-06-02 16:13:15 +00:00
if(AuthLevel < 0 || AuthLevel > AUTHED_ADMIN)
return 0;
2017-03-02 15:16:29 +00:00
return m_aDefault[AUTHED_ADMIN - AuthLevel];
}
int CAuthManager::KeyLevel(int Slot)
{
2017-06-02 16:13:15 +00:00
if(Slot < 0 || Slot >= m_aKeys.size())
return false;
2017-03-02 15:16:29 +00:00
return m_aKeys[Slot].m_Level;
}
const char *CAuthManager::KeyIdent(int Slot)
{
2017-06-02 16:13:15 +00:00
if(Slot < 0 || Slot >= m_aKeys.size())
return NULL;
2017-03-02 15:16:29 +00:00
return m_aKeys[Slot].m_aIdent;
}
void CAuthManager::UpdateKeyHash(int Slot, MD5_DIGEST Hash, const unsigned char *pSalt, int AuthLevel)
2017-03-02 15:16:29 +00:00
{
2017-06-02 16:13:15 +00:00
if(Slot < 0 || Slot >= m_aKeys.size())
return;
2017-03-02 15:16:29 +00:00
CKey *pKey = &m_aKeys[Slot];
pKey->m_Pw = Hash;
2017-03-02 15:16:29 +00:00
mem_copy(pKey->m_aSalt, pSalt, SALT_BYTES);
pKey->m_Level = AuthLevel;
}
void CAuthManager::UpdateKey(int Slot, const char *pPw, int AuthLevel)
{
2017-06-02 16:13:15 +00:00
if(Slot < 0 || Slot >= m_aKeys.size())
return;
2017-03-02 15:16:29 +00:00
2017-03-06 19:11:23 +00:00
// Generate random salt
unsigned char aSalt[SALT_BYTES];
2017-03-02 15:16:29 +00:00
secure_random_fill(aSalt, SALT_BYTES);
UpdateKeyHash(Slot, HashPassword(pPw, aSalt), aSalt, AuthLevel);
2017-03-02 15:16:29 +00:00
}
void CAuthManager::ListKeys(FListCallback pfnListCallback, void *pUser)
{
for(int i = 0; i < m_aKeys.size(); i++)
pfnListCallback(m_aKeys[i].m_aIdent, m_aKeys[i].m_Level, pUser);
}
void CAuthManager::AddDefaultKey(int Level, const char *pPw)
2017-03-02 15:16:29 +00:00
{
2017-06-02 16:13:15 +00:00
if(Level < AUTHED_HELPER || Level > AUTHED_ADMIN)
return;
static const char IDENTS[3][sizeof(HELPER_IDENT)] = {ADMIN_IDENT, MOD_IDENT, HELPER_IDENT};
int Index = AUTHED_ADMIN - Level;
2017-06-02 16:13:15 +00:00
if(m_aDefault[Index] >= 0)
return; // already exists
m_aDefault[Index] = AddKey(IDENTS[Index], pPw, Level);
2017-03-04 20:06:22 +00:00
}
bool CAuthManager::IsGenerated()
{
return m_Generated;
}
int CAuthManager::NumNonDefaultKeys()
{
int DefaultCount = (m_aDefault[0] >= 0) + (m_aDefault[1] >= 0) + (m_aDefault[2] >= 0);
return m_aKeys.size() - DefaultCount;
}