diff --git a/src/console_cmds.cpp b/src/console_cmds.cpp index cc09e90c26..bfe89ba3cb 100644 --- a/src/console_cmds.cpp +++ b/src/console_cmds.cpp @@ -954,6 +954,7 @@ DEF_CONSOLE_CMD(ConSettingsAccess) if (argc == 0) { IConsolePrint(CC_HELP, "Enable changing game settings from this client. Usage: 'settings_access '"); IConsolePrint(CC_HELP, "Send an empty password \"\" to drop access"); + IConsolePrint(CC_HELP, "When your client's public key is in the 'authorized keys' for 'settings', the password is not checked and may be '*'."); return true; } @@ -2144,6 +2145,7 @@ DEF_CONSOLE_CMD(ConCompanyPassword) static std::vector *>> _console_cmd_authorized_keys{ { "rcon", &_settings_client.network.rcon_authorized_keys }, { "server", &_settings_client.network.server_authorized_keys }, + { "settings", &_settings_client.network.settings_authorized_keys }, }; /** diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp index e7470a7180..46409451c8 100644 --- a/src/network/network_server.cpp +++ b/src/network/network_server.cpp @@ -61,6 +61,7 @@ template SocketList TCPListenHandlersettings_authed) DEBUG(net, 0, "[settings-ctrl] client-id %d deauthed", this->client_id); this->settings_authed = false; + } else if (_settings_authorized_key_handler.IsAllowed(this->peer_public_key)) { + /* Public key in allow list */ + DEBUG(net, 0, "[settings-ctrl] client-id %d (pubkey)", this->client_id); + this->settings_authed = true; + this->settings_auth_failures = 0; } else if (_settings_client.network.settings_password.empty() || !this->ParseKeyPasswordPacket(p, ss, _settings_client.network.settings_password, nullptr, 0)) { DEBUG(net, 0, "[settings-ctrl] wrong password from client-id %d", this->client_id); diff --git a/src/settings.cpp b/src/settings.cpp index 2bfac0bd9e..249bf27bb1 100644 --- a/src/settings.cpp +++ b/src/settings.cpp @@ -199,6 +199,7 @@ private: "server_bind_addresses", "server_authorized_keys", "rcon_authorized_keys", + "settings_authorized_keys", }; public: @@ -2782,6 +2783,7 @@ static void HandlePrivateSettingDescs(IniFile &private_ini, SettingDescProc *pro proc_list(private_ini, "bans", _network_ban_list); proc_list(private_ini, "server_authorized_keys", _settings_client.network.server_authorized_keys); proc_list(private_ini, "rcon_authorized_keys", _settings_client.network.rcon_authorized_keys); + proc_list(private_ini, "settings_authorized_keys", _settings_client.network.settings_authorized_keys); } } diff --git a/src/settings_type.h b/src/settings_type.h index 44b4750f6a..ab84ff4769 100644 --- a/src/settings_type.h +++ b/src/settings_type.h @@ -440,6 +440,7 @@ struct NetworkSettings { std::vector rcon_authorized_keys; ///< Public keys of clients that are authorized to use the rconsole (server side). std::string admin_password; ///< password for the admin network std::string settings_password; ///< password for game settings (server side) + std::vector settings_authorized_keys; ///< Public keys of clients that are authorized to use settings access (server side). std::string client_name; ///< name of the player (as client) std::string client_secret_key; ///< The secret key of the client for authorized key logins. std::string client_public_key; ///< The public key of the client for authorized key logins.