2009Scape/Server
1
0
Fork 1
mirror of https://gitlab.com/2009scape/2009scape.git synced 2025-12-11 17:10:21 -07:00
Code Issues Projects Releases Packages Wiki Activity

Improved MS security

Browse source
This commit is contained in:
ceikry 2021-08-10 22:16:48 -05:00
parent b4b26cb583
commit cdc3d65fe8
10 changed files with 42 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Management-Server/managementprops/properties.json
View file

@ -10,6 +10,6 @@
"WorldTechnicalInformation": { "WorldTechnicalInformation": {
"world_limit": "10", "world_limit": "10",
"worldhop_delay": "20000" "worldhop_delay": "20000"
} },
"secret_key": "2009scape_development"
} }

12
Management-Server/src/main/java/ms/ServerConstants.java
View file

@ -29,18 +29,6 @@ public final class ServerConstants {
*/ */
public static final OperatingSystem OS = System.getProperty("os.name").toUpperCase().contains("WIN") ? OperatingSystem.WINDOWS : OperatingSystem.UNIX; public static final OperatingSystem OS = System.getProperty("os.name").toUpperCase().contains("WIN") ? OperatingSystem.WINDOWS : OperatingSystem.UNIX;
/**
* The administrators.
*/
public static final String[] ADMINISTRATORS = {
"redsparr0w",
};
public static final String[] DATABASE_NAMES = {
"server",
"global",
};
/** /**
* Stops from instantiating. * Stops from instantiating.
*/ */

8
Management-Server/src/main/java/ms/net/event/HSReadEvent.java
View file

@ -4,6 +4,7 @@ import java.nio.ByteBuffer;
import ms.net.IoReadEvent; import ms.net.IoReadEvent;
import ms.net.IoSession; import ms.net.IoSession;
import ms.system.util.ManagementConstants;
import ms.world.WorldDatabase; import ms.world.WorldDatabase;
import ms.system.util.ByteBufferUtils; import ms.system.util.ByteBufferUtils;
@ -13,11 +14,6 @@ import ms.system.util.ByteBufferUtils;
*/ */
public final class HSReadEvent extends IoReadEvent { public final class HSReadEvent extends IoReadEvent {
/**
* The password used to verify
*/
private static final String PASSWORD = "0x14ari0SSbh98989910";
/** /**
* Constructs a new {@code HSReadEvent}. * Constructs a new {@code HSReadEvent}.
* @param session The session. * @param session The session.
@ -33,7 +29,7 @@ public final class HSReadEvent extends IoReadEvent {
switch (opcode) { switch (opcode) {
case 88: case 88:
String password = ByteBufferUtils.getString(buffer); String password = ByteBufferUtils.getString(buffer);
if (!password.equals(PASSWORD)) { if (!password.equals(ManagementConstants.getSECRET_KEY())) {
System.out.println("Password mismatch (attempt=" + password + ")!"); System.out.println("Password mismatch (attempt=" + password + ")!");
session.disconnect(); session.disconnect();
break; break;

2
Management-Server/src/main/java/ms/net/packet/WorldPacketRepository.kt
View file

@ -5,7 +5,7 @@ import ms.system.PunishmentStorage
import ms.system.communication.ClanRank import ms.system.communication.ClanRank
import ms.system.communication.ClanRepository import ms.system.communication.ClanRepository
import ms.system.communication.CommunicationInfo import ms.system.communication.CommunicationInfo
import ms.system.util.ManagementConstants.Companion.WORLD_HOP_DELAY import ms.system.util.ManagementConstants.WORLD_HOP_DELAY
import ms.world.GameServer import ms.world.GameServer
import ms.world.PlayerSession import ms.world.PlayerSession
import ms.world.WorldDatabase import ms.world.WorldDatabase

10
Management-Server/src/main/java/ms/system/mysql/SQLManager.kt
View file

@ -1,11 +1,11 @@
package ms.system.mysql package ms.system.mysql
import ms.system.util.ManagementConstants import ms.system.util.ManagementConstants
import ms.system.util.ManagementConstants.Companion.DATABASE_HOST_ADDRESS import ms.system.util.ManagementConstants.DATABASE_HOST_ADDRESS
import ms.system.util.ManagementConstants.Companion.DATABASE_NAME import ms.system.util.ManagementConstants.DATABASE_NAME
import ms.system.util.ManagementConstants.Companion.DATABASE_PASSWORD import ms.system.util.ManagementConstants.DATABASE_PASSWORD
import ms.system.util.ManagementConstants.Companion.DATABASE_PORT import ms.system.util.ManagementConstants.DATABASE_PORT
import ms.system.util.ManagementConstants.Companion.DATABASE_USERNAME import ms.system.util.ManagementConstants.DATABASE_USERNAME
import java.sql.Connection import java.sql.Connection
import java.sql.DriverManager import java.sql.DriverManager
import java.sql.SQLException import java.sql.SQLException

5
Management-Server/src/main/java/ms/system/util/ManagementConfigParser.kt
View file

@ -30,19 +30,20 @@ class ManagementConfigParser(path: String) {
data = parser.parse(reader) as JSONObject data = parser.parse(reader) as JSONObject
parseDatabaseInformation() parseDatabaseInformation()
parseWorldTechnicalSettings() parseWorldTechnicalSettings()
ManagementConstants.SECRET_KEY = data!!["secret_key"].toString()
} }
} }
private fun parseDatabaseInformation(){ private fun parseDatabaseInformation(){
data ?: return data ?: return
val dbData = data!!["DatabaseInformation"] as JSONObject val dbData = data!!["DatabaseInformation"] as JSONObject
ManagementConstants().parseDBProp(dbData) ManagementConstants.parseDBProp(dbData)
} }
private fun parseWorldTechnicalSettings(){ private fun parseWorldTechnicalSettings(){
data ?: return data ?: return
val wtiData = data!!["WorldTechnicalInformation"] as JSONObject val wtiData = data!!["WorldTechnicalInformation"] as JSONObject
ManagementConstants().parseWTIProp(wtiData) ManagementConstants.parseWTIProp(wtiData)
} }
/** /**

35
Management-Server/src/main/java/ms/system/util/ManagementConstants.kt
View file

@ -2,32 +2,31 @@ package ms.system.util
import org.json.simple.JSONObject import org.json.simple.JSONObject
class ManagementConstants { object ManagementConstants {
companion object { //MySQL main database name
var DATABASE_NAME: String = "global"
//MySQL main database name //MySQL database username
var DATABASE_NAME: String = "global" var DATABASE_USERNAME: String = "root"
//MySQL database username //MySQL database password
var DATABASE_USERNAME: String = "root" var DATABASE_PASSWORD: String = ""
//MySQL database password //MySQL host
var DATABASE_PASSWORD: String = "" var DATABASE_HOST_ADDRESS: String = "127.0.0.1"
//MySQL host //MySQL port
var DATABASE_HOST_ADDRESS: String = "127.0.0.1" var DATABASE_PORT: Int = 3306
//MySQL port //Max amount of worlds supported on the world list
var DATABASE_PORT: Int = 3306 var MAX_WORLD_AMOUNT: Int = 10
//Max amount of worlds supported on the world list //User world hop delay in seconds
var MAX_WORLD_AMOUNT: Int = 10 var WORLD_HOP_DELAY: Long = 20_000L
//User world hop delay in seconds @JvmStatic
var WORLD_HOP_DELAY: Long = 20_000L var SECRET_KEY: String = ""
}
fun parseDBProp(data: JSONObject) { fun parseDBProp(data: JSONObject) {
DATABASE_NAME = data["database_name"].toString() DATABASE_NAME = data["database_name"].toString()

11
Server/src/main/java/core/net/event/MSHSWriteEvent.java
View file

@ -3,6 +3,8 @@ package core.net.event;
import core.cache.misc.buffer.ByteBufferUtils; import core.cache.misc.buffer.ByteBufferUtils;
import core.net.IoSession; import core.net.IoSession;
import core.net.IoWriteEvent; import core.net.IoWriteEvent;
import rs09.Server;
import rs09.ServerConstants;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
@ -12,11 +14,6 @@ import java.nio.ByteBuffer;
*/ */
public final class MSHSWriteEvent extends IoWriteEvent { public final class MSHSWriteEvent extends IoWriteEvent {
/**
* The password used to verify
*/
private static final String PASSWORD = "0x14ari0SSbh98989910";
/** /**
* Constructs a new {@code MSHSWriteEvent} {@code Object} * Constructs a new {@code MSHSWriteEvent} {@code Object}
* @param session The session. * @param session The session.
@ -28,9 +25,9 @@ public final class MSHSWriteEvent extends IoWriteEvent {
@Override @Override
public void write(IoSession session, Object context) { public void write(IoSession session, Object context) {
ByteBuffer buffer = ByteBuffer.allocate(2 + PASSWORD.length()); ByteBuffer buffer = ByteBuffer.allocate(2 + ServerConstants.MS_SECRET_KEY.length());
buffer.put((byte) 88); buffer.put((byte) 88);
ByteBufferUtils.putString(PASSWORD, buffer); ByteBufferUtils.putString(ServerConstants.MS_SECRET_KEY, buffer);
session.queue((ByteBuffer) buffer.flip()); session.queue((ByteBuffer) buffer.flip());
} }

6
Server/src/main/kotlin/rs09/ServerConstants.kt
View file

@ -106,6 +106,9 @@ class ServerConstants {
@JvmField @JvmField
var GE_AUTOSTOCK_ENABLED = false var GE_AUTOSTOCK_ENABLED = false
@JvmField
var MS_SECRET_KEY = ""
//location names for the ::to command. //location names for the ::to command.
val TELEPORT_DESTINATIONS = arrayOf( val TELEPORT_DESTINATIONS = arrayOf(
arrayOf(Location.create(2974, 4383, 2), "corp", "corporal", "corporeal"), arrayOf(Location.create(2974, 4383, 2), "corp", "corporal", "corporeal"),
@ -218,6 +221,9 @@ class ServerConstants {
if(data.containsKey("daily_restart")){ if(data.containsKey("daily_restart")){
DAILY_RESTART = data["daily_restart"] as Boolean DAILY_RESTART = data["daily_restart"] as Boolean
} }
if(data.containsKey("ms_secret_key")) MS_SECRET_KEY = data["ms_secret_key"].toString()
else MS_SECRET_KEY = "2009scape_development"
} }
} }
} }

3
Server/worldprops/default.json
View file

@ -43,7 +43,8 @@
"database_username": "root", "database_username": "root",
"database_password": "", "database_password": "",
"database_address": "127.0.0.1", "database_address": "127.0.0.1",
"database_port": "3306" "database_port": "3306",
"ms_secret_key": "2009scape_development"
}, },
"PluginToggles": { "PluginToggles": {