////////////////////////////////////////////////////////////////////////////////////// // akashi - a server for Attorney Online 2 // // Copyright (C) 2020 scatterflower // // // // This program is free software: you can redistribute it and/or modify // // it under the terms of the GNU Affero General Public License as // // published by the Free Software Foundation, either version 3 of the // // License, or (at your option) any later version. // // // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY; without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // // GNU Affero General Public License for more details. // // // // You should have received a copy of the GNU Affero General Public License // // along with this program. If not, see . // ////////////////////////////////////////////////////////////////////////////////////// #include "include/aoclient.h" // This file is for commands under the authentication category in aoclient.h // Be sure to register the command in the header before adding it here! void AOClient::cmdLogin(int argc, QStringList argv) { if (authenticated) { sendServerMessage("You are already logged in!"); return; } if (server->auth_type == "simple") { if (server->modpass == "") { sendServerMessage("No modpass is set! Please set a modpass before authenticating."); } else if(argv[0] == server->modpass) { sendPacket("AUTH", {"1"}); // Client: "You were granted the Disable Modcalls button." sendServerMessage("Logged in as a moderator."); // pre-2.9.1 clients are hardcoded to display the mod UI when this string is sent in OOC authenticated = true; } else { sendPacket("AUTH", {"0"}); // Client: "Login unsuccessful." sendServerMessage("Incorrect password."); } server->areas.value(current_area)->logger->logLogin(this, authenticated, "moderator"); } else if (server->auth_type == "advanced") { if (argc < 2) { sendServerMessage("You must specify a username and a password"); return; } QString username = argv[0]; QString password = argv[1]; if (server->db_manager->authenticate(username, password)) { moderator_name = username; authenticated = true; sendPacket("AUTH", {"1"}); // Client: "You were granted the Disable Modcalls button." if (version.release <= 2 && version.major <= 9 && version.minor <= 0) sendServerMessage("Logged in as a moderator."); // pre-2.9.1 clients are hardcoded to display the mod UI when this string is sent in OOC sendServerMessage("Welcome, " + username); } else { sendPacket("AUTH", {"0"}); // Client: "Login unsuccessful." sendServerMessage("Incorrect password."); } server->areas.value(current_area)->logger->logLogin(this, authenticated, username); } else { qWarning() << "config.ini has an unrecognized auth_type!"; sendServerMessage("Config.ini contains an invalid auth_type, please check your config."); } } void AOClient::cmdChangeAuth(int argc, QStringList argv) { if (server->auth_type == "simple") { change_auth_started = true; sendServerMessage("WARNING!\nThis command will change how logging in as a moderator works.\nOnly proceed if you know what you are doing\nUse the command /rootpass to set the password for your root account."); } } void AOClient::cmdSetRootPass(int argc, QStringList argv) { if (!change_auth_started) return; sendServerMessage("Changing auth type and setting root password.\nLogin again with /login root [password]"); authenticated = false; QSettings settings("config/config.ini", QSettings::IniFormat); settings.beginGroup("Options"); settings.setValue("auth", "advanced"); server->auth_type = "advanced"; #if QT_VERSION < QT_VERSION_CHECK(5, 10, 0) qsrand(QDateTime::currentMSecsSinceEpoch()); quint32 upper_salt = qrand(); quint32 lower_salt = qrand(); quint64 salt_number = (upper_salt << 32) | lower_salt; #else quint64 salt_number = QRandomGenerator::system()->generate64(); #endif QString salt = QStringLiteral("%1").arg(salt_number, 16, 16, QLatin1Char('0')); server->db_manager->createUser("root", salt, argv[0], ACLFlags.value("SUPER")); } void AOClient::cmdAddUser(int argc, QStringList argv) { #if QT_VERSION < QT_VERSION_CHECK(5, 10, 0) qsrand(QDateTime::currentMSecsSinceEpoch()); quint32 upper_salt = qrand(); quint32 lower_salt = qrand(); quint64 salt_number = (upper_salt << 32) | lower_salt; #else quint64 salt_number = QRandomGenerator::system()->generate64(); #endif QString salt = QStringLiteral("%1").arg(salt_number, 16, 16, QLatin1Char('0')); if (server->db_manager->createUser(argv[0], salt, argv[1], ACLFlags.value("NONE"))) sendServerMessage("Created user " + argv[0] + ".\nUse /addperm to modify their permissions."); else sendServerMessage("Unable to create user " + argv[0] + ".\nDoes a user with that name already exist?"); } void AOClient::cmdRemoveUser(int argc, QStringList argv) { if (server->db_manager->deleteUser(argv[0])) sendServerMessage("Successfully removed user " + argv[0] + "."); else sendServerMessage("Unable to remove user " + argv[0] + ".\nDoes it exist?"); } void AOClient::cmdListPerms(int argc, QStringList argv) { unsigned long long user_acl = server->db_manager->getACL(moderator_name); QStringList message; if (argc == 0) { // Just print out all permissions available to the user. message.append("You have been given the following permissions:"); for (QString perm : ACLFlags.keys()) { if (perm == "NONE"); // don't need to list this one else if (perm == "SUPER") { if (user_acl == ACLFlags.value("SUPER")) // This has to be checked separately, because SUPER & anything will always be truthy message.append("SUPER (Be careful! This grants the user all permissions.)"); } else if ((ACLFlags.value(perm) & user_acl) == 0); // user doesn't have this permission, don't print it else message.append(perm); } } else { if ((user_acl & ACLFlags.value("MODIFY_USERS")) == 0) { sendServerMessage("You do not have permission to view other users' permissions."); return; } message.append("User " + argv[0] + " has the following permissions:"); unsigned long long acl = server->db_manager->getACL(argv[0]); if (acl == 0) { sendServerMessage("This user either doesn't exist, or has no permissions set."); return; } for (QString perm : ACLFlags.keys()) { if ((ACLFlags.value(perm) & acl) != 0 && perm != "SUPER") { message.append(perm); } } } sendServerMessage(message.join("\n")); } void AOClient::cmdAddPerms(int argc, QStringList argv) { unsigned long long user_acl = server->db_manager->getACL(moderator_name); argv[1] = argv[1].toUpper(); if (!ACLFlags.keys().contains(argv[1])) { sendServerMessage("That permission doesn't exist!"); return; } if (argv[1] == "SUPER") { if (user_acl != ACLFlags.value("SUPER")) { // This has to be checked separately, because SUPER & anything will always be truthy sendServerMessage("You aren't allowed to add that permission!"); return; } } if (argv[1] == "NONE") { sendServerMessage("Added no permissions!"); return; } unsigned long long newperm = ACLFlags.value(argv[1]); if ((newperm & user_acl) != 0) { if (server->db_manager->updateACL(argv[0], newperm, true)) sendServerMessage("Successfully added permission " + argv[1] + " to user " + argv[0]); else sendServerMessage(argv[0] + " wasn't found!"); return; } sendServerMessage("You aren't allowed to add that permission!"); } void AOClient::cmdRemovePerms(int argc, QStringList argv) { unsigned long long user_acl = server->db_manager->getACL(moderator_name); argv[1] = argv[1].toUpper(); if (!ACLFlags.keys().contains(argv[1])) { sendServerMessage("That permission doesn't exist!"); return; } if (argv[0] == "root") { sendServerMessage("You cannot change the permissions of the root account!"); return; } if (argv[1] == "SUPER") { if (user_acl != ACLFlags.value("SUPER")) { // This has to be checked separately, because SUPER & anything will always be truthy sendServerMessage("You aren't allowed to remove that permission!"); return; } } if (argv[1] == "NONE") { sendServerMessage("Removed no permissions!"); return; } unsigned long long newperm = ACLFlags.value(argv[1]); if ((newperm & user_acl) != 0) { if (server->db_manager->updateACL(argv[0], newperm, false)) sendServerMessage("Successfully removed permission " + argv[1] + " from user " + argv[0]); else sendServerMessage(argv[0] + " wasn't found!"); return; } sendServerMessage("You aren't allowed to remove that permission!"); } void AOClient::cmdListUsers(int argc, QStringList argv) { QStringList users = server->db_manager->getUsers(); sendServerMessage("All users:\n" + users.join("\n")); } void AOClient::cmdLogout(int argc, QStringList argv) { if (!authenticated) { sendServerMessage("You are not logged in!"); return; } authenticated = false; moderator_name = ""; sendPacket("AUTH", {"-1"}); // Client: "You were logged out." }