dave/openttd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add public key auth support for settings_access console command

Browse Source
This commit is contained in:
Jonathan G Rennison
2024-05-27 16:24:34 +01:00
parent 84a0dd326f
commit 7874fb7a12
4 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/console_cmds.cpp
View File

@@ -954,6 +954,7 @@ DEF_CONSOLE_CMD(ConSettingsAccess)
if (argc == 0) { if (argc == 0) {
IConsolePrint(CC_HELP, "Enable changing game settings from this client. Usage: 'settings_access <password>'"); IConsolePrint(CC_HELP, "Enable changing game settings from this client. Usage: 'settings_access <password>'");
IConsolePrint(CC_HELP, "Send an empty password \"\" to drop access"); IConsolePrint(CC_HELP, "Send an empty password \"\" to drop access");
IConsolePrint(CC_HELP, "When your client's public key is in the 'authorized keys' for 'settings', the password is not checked and may be '*'.");
return true; return true;
} }
@@ -2144,6 +2145,7 @@ DEF_CONSOLE_CMD(ConCompanyPassword)
static std::vector<std::pair<std::string_view, std::vector<std::string> *>> _console_cmd_authorized_keys{ static std::vector<std::pair<std::string_view, std::vector<std::string> *>> _console_cmd_authorized_keys{
{ "rcon", &_settings_client.network.rcon_authorized_keys }, { "rcon", &_settings_client.network.rcon_authorized_keys },
{ "server", &_settings_client.network.server_authorized_keys }, { "server", &_settings_client.network.server_authorized_keys },
{ "settings", &_settings_client.network.settings_authorized_keys },
}; };
/** /**

6
src/network/network_server.cpp
View File

@@ -61,6 +61,7 @@ template SocketList TCPListenHandler<ServerNetworkGameSocketHandler, PACKET_SERV
static NetworkAuthenticationDefaultPasswordProvider _password_provider(_settings_client.network.server_password); ///< Provides the password validation for the game's password. static NetworkAuthenticationDefaultPasswordProvider _password_provider(_settings_client.network.server_password); ///< Provides the password validation for the game's password.
static NetworkAuthenticationDefaultAuthorizedKeyHandler _authorized_key_handler(_settings_client.network.server_authorized_keys); ///< Provides the authorized key handling for the game authentication. static NetworkAuthenticationDefaultAuthorizedKeyHandler _authorized_key_handler(_settings_client.network.server_authorized_keys); ///< Provides the authorized key handling for the game authentication.
static NetworkAuthenticationDefaultAuthorizedKeyHandler _rcon_authorized_key_handler(_settings_client.network.rcon_authorized_keys); ///< Provides the authorized key validation for rcon. static NetworkAuthenticationDefaultAuthorizedKeyHandler _rcon_authorized_key_handler(_settings_client.network.rcon_authorized_keys); ///< Provides the authorized key validation for rcon.
static NetworkAuthenticationDefaultAuthorizedKeyHandler _settings_authorized_key_handler(_settings_client.network.settings_authorized_keys); ///< Provides the authorized key validation for settings access.
/** Writing a savegame directly to a number of packets. */ /** Writing a savegame directly to a number of packets. */
@@ -1124,6 +1125,11 @@ NetworkRecvStatus ServerNetworkGameSocketHandler::Receive_CLIENT_SETTINGS_PASSWO
if (!p.CanReadFromPacket(1)) { if (!p.CanReadFromPacket(1)) {
if (this->settings_authed) DEBUG(net, 0, "[settings-ctrl] client-id %d deauthed", this->client_id); if (this->settings_authed) DEBUG(net, 0, "[settings-ctrl] client-id %d deauthed", this->client_id);
this->settings_authed = false; this->settings_authed = false;
} else if (_settings_authorized_key_handler.IsAllowed(this->peer_public_key)) {
/* Public key in allow list */
DEBUG(net, 0, "[settings-ctrl] client-id %d (pubkey)", this->client_id);
this->settings_authed = true;
this->settings_auth_failures = 0;
} else if (_settings_client.network.settings_password.empty() || } else if (_settings_client.network.settings_password.empty() ||
!this->ParseKeyPasswordPacket(p, ss, _settings_client.network.settings_password, nullptr, 0)) { !this->ParseKeyPasswordPacket(p, ss, _settings_client.network.settings_password, nullptr, 0)) {
DEBUG(net, 0, "[settings-ctrl] wrong password from client-id %d", this->client_id); DEBUG(net, 0, "[settings-ctrl] wrong password from client-id %d", this->client_id);

2
src/settings.cpp
View File

@@ -199,6 +199,7 @@ private:
"server_bind_addresses", "server_bind_addresses",
"server_authorized_keys", "server_authorized_keys",
"rcon_authorized_keys", "rcon_authorized_keys",
"settings_authorized_keys",
}; };
public: public:
@@ -2782,6 +2783,7 @@ static void HandlePrivateSettingDescs(IniFile &private_ini, SettingDescProc *pro
proc_list(private_ini, "bans", _network_ban_list); proc_list(private_ini, "bans", _network_ban_list);
proc_list(private_ini, "server_authorized_keys", _settings_client.network.server_authorized_keys); proc_list(private_ini, "server_authorized_keys", _settings_client.network.server_authorized_keys);
proc_list(private_ini, "rcon_authorized_keys", _settings_client.network.rcon_authorized_keys); proc_list(private_ini, "rcon_authorized_keys", _settings_client.network.rcon_authorized_keys);
proc_list(private_ini, "settings_authorized_keys", _settings_client.network.settings_authorized_keys);
} }
} }

1
src/settings_type.h
View File

@@ -440,6 +440,7 @@ struct NetworkSettings {
std::vector<std::string> rcon_authorized_keys; ///< Public keys of clients that are authorized to use the rconsole (server side). std::vector<std::string> rcon_authorized_keys; ///< Public keys of clients that are authorized to use the rconsole (server side).
std::string admin_password; ///< password for the admin network std::string admin_password; ///< password for the admin network
std::string settings_password; ///< password for game settings (server side) std::string settings_password; ///< password for game settings (server side)
std::vector<std::string> settings_authorized_keys; ///< Public keys of clients that are authorized to use settings access (server side).
std::string client_name; ///< name of the player (as client) std::string client_name; ///< name of the player (as client)
std::string client_secret_key; ///< The secret key of the client for authorized key logins. std::string client_secret_key; ///< The secret key of the client for authorized key logins.
std::string client_public_key; ///< The public key of the client for authorized key logins. std::string client_public_key; ///< The public key of the client for authorized key logins.