Improved MS security

Management-Server/managementprops/properties.json

@@ -10,6 +10,6 @@
   "WorldTechnicalInformation": {
     "world_limit": "10",
     "worldhop_delay": "20000"
-  }
-
+  },
+  "secret_key": "2009scape_development"
 }

Management-Server/src/main/java/ms/ServerConstants.java

@@ -29,18 +29,6 @@ public final class ServerConstants {
 	 */
 	public static final OperatingSystem OS = System.getProperty("os.name").toUpperCase().contains("WIN") ? OperatingSystem.WINDOWS : OperatingSystem.UNIX;
 	
-	/**
-	 * The administrators.
-	 */
-	public static final String[] ADMINISTRATORS = {
-			"redsparr0w",
-	};
-	
-	public static final String[] DATABASE_NAMES = {
-			"server",
-			"global",
-	};
-	
 	/**
 	 * Stops from instantiating.
 	 */

Management-Server/src/main/java/ms/net/event/HSReadEvent.java

@@ -4,6 +4,7 @@ import java.nio.ByteBuffer;
 
 import ms.net.IoReadEvent;
 import ms.net.IoSession;
+import ms.system.util.ManagementConstants;
 import ms.world.WorldDatabase;
 import ms.system.util.ByteBufferUtils;
 
@@ -12,11 +13,6 @@ import ms.system.util.ByteBufferUtils;
  * @author Emperor
  */
 public final class HSReadEvent extends IoReadEvent {
-
-	/**
-	 * The password used to verify
-	 */
-	private static final String PASSWORD = "0x14ari0SSbh98989910";
 	
 	/**
 	 * Constructs a new {@code HSReadEvent}.
@@ -33,7 +29,7 @@ public final class HSReadEvent extends IoReadEvent {
 		switch (opcode) {
 		case 88:
 			String password = ByteBufferUtils.getString(buffer);
-			if (!password.equals(PASSWORD)) {
+			if (!password.equals(ManagementConstants.getSECRET_KEY())) {
 				System.out.println("Password mismatch (attempt=" + password + ")!");
 				session.disconnect();
 				break;

Management-Server/src/main/java/ms/net/packet/WorldPacketRepository.kt

@@ -5,7 +5,7 @@ import ms.system.PunishmentStorage
 import ms.system.communication.ClanRank
 import ms.system.communication.ClanRepository
 import ms.system.communication.CommunicationInfo
-import ms.system.util.ManagementConstants.Companion.WORLD_HOP_DELAY
+import ms.system.util.ManagementConstants.WORLD_HOP_DELAY
 import ms.world.GameServer
 import ms.world.PlayerSession
 import ms.world.WorldDatabase

Management-Server/src/main/java/ms/system/mysql/SQLManager.kt

@@ -1,11 +1,11 @@
 package ms.system.mysql
 
 import ms.system.util.ManagementConstants
-import ms.system.util.ManagementConstants.Companion.DATABASE_HOST_ADDRESS
-import ms.system.util.ManagementConstants.Companion.DATABASE_NAME
-import ms.system.util.ManagementConstants.Companion.DATABASE_PASSWORD
-import ms.system.util.ManagementConstants.Companion.DATABASE_PORT
-import ms.system.util.ManagementConstants.Companion.DATABASE_USERNAME
+import ms.system.util.ManagementConstants.DATABASE_HOST_ADDRESS
+import ms.system.util.ManagementConstants.DATABASE_NAME
+import ms.system.util.ManagementConstants.DATABASE_PASSWORD
+import ms.system.util.ManagementConstants.DATABASE_PORT
+import ms.system.util.ManagementConstants.DATABASE_USERNAME
 import java.sql.Connection
 import java.sql.DriverManager
 import java.sql.SQLException

Management-Server/src/main/java/ms/system/util/ManagementConfigParser.kt

@@ -30,19 +30,20 @@ class ManagementConfigParser(path: String) {
             data = parser.parse(reader) as JSONObject
             parseDatabaseInformation()
             parseWorldTechnicalSettings()
+            ManagementConstants.SECRET_KEY = data!!["secret_key"].toString()
         }
     }
 
     private fun parseDatabaseInformation(){
         data ?: return
         val dbData = data!!["DatabaseInformation"] as JSONObject
-        ManagementConstants().parseDBProp(dbData)
+        ManagementConstants.parseDBProp(dbData)
     }
 
     private fun parseWorldTechnicalSettings(){
         data ?: return
         val wtiData = data!!["WorldTechnicalInformation"] as JSONObject
-        ManagementConstants().parseWTIProp(wtiData)
+        ManagementConstants.parseWTIProp(wtiData)
     }
 
     /**

Management-Server/src/main/java/ms/system/util/ManagementConstants.kt

@@ -2,32 +2,31 @@ package ms.system.util
 
 import org.json.simple.JSONObject
 
-class ManagementConstants {
+object ManagementConstants {
 
-    companion object {
+    //MySQL main database name
+    var DATABASE_NAME: String = "global"
 
-        //MySQL main database name
-        var DATABASE_NAME: String = "global"
+    //MySQL database username
+    var DATABASE_USERNAME: String = "root"
 
-        //MySQL database username
-        var DATABASE_USERNAME: String = "root"
+    //MySQL database password
+    var DATABASE_PASSWORD: String = ""
 
-        //MySQL database password
-        var DATABASE_PASSWORD: String = ""
+    //MySQL host
+    var DATABASE_HOST_ADDRESS: String = "127.0.0.1"
 
-        //MySQL host
-        var DATABASE_HOST_ADDRESS: String = "127.0.0.1"
+    //MySQL port
+    var DATABASE_PORT: Int = 3306
 
-        //MySQL port
-        var DATABASE_PORT: Int = 3306
+    //Max amount of worlds supported on the world list
+    var MAX_WORLD_AMOUNT: Int = 10
 
-        //Max amount of worlds supported on the world list
-        var MAX_WORLD_AMOUNT: Int = 10
+    //User world hop delay in seconds
+    var WORLD_HOP_DELAY: Long = 20_000L
 
-        //User world hop delay in seconds
-        var WORLD_HOP_DELAY: Long = 20_000L
-
-    }
+    @JvmStatic
+    var SECRET_KEY: String = ""
 
     fun parseDBProp(data: JSONObject) {
         DATABASE_NAME = data["database_name"].toString()

Server/src/main/java/core/net/event/MSHSWriteEvent.java

@@ -3,6 +3,8 @@ package core.net.event;
 import core.cache.misc.buffer.ByteBufferUtils;
 import core.net.IoSession;
 import core.net.IoWriteEvent;
+import rs09.Server;
+import rs09.ServerConstants;
 
 import java.nio.ByteBuffer;
 
@@ -12,11 +14,6 @@ import java.nio.ByteBuffer;
  */
 public final class MSHSWriteEvent extends IoWriteEvent {
 
-	/**
-	 * The password used to verify
-	 */
-	private static final String PASSWORD = "0x14ari0SSbh98989910";
-
 	/**
 	 * Constructs a new {@code MSHSWriteEvent} {@code Object}
 	 * @param session The session.
@@ -28,9 +25,9 @@ public final class MSHSWriteEvent extends IoWriteEvent {
 
 	@Override
 	public void write(IoSession session, Object context) {
-		ByteBuffer	buffer = ByteBuffer.allocate(2 + PASSWORD.length());
+		ByteBuffer	buffer = ByteBuffer.allocate(2 + ServerConstants.MS_SECRET_KEY.length());
 		buffer.put((byte) 88);
-		ByteBufferUtils.putString(PASSWORD, buffer);
+		ByteBufferUtils.putString(ServerConstants.MS_SECRET_KEY, buffer);
 		session.queue((ByteBuffer) buffer.flip());
 	}
 

Server/src/main/kotlin/rs09/ServerConstants.kt

@@ -106,6 +106,9 @@ class ServerConstants {
 		@JvmField
 		var GE_AUTOSTOCK_ENABLED = false
 
+		@JvmField
+		var MS_SECRET_KEY = ""
+
 		//location names for the ::to command.
 		val TELEPORT_DESTINATIONS = arrayOf(
 				arrayOf(Location.create(2974, 4383, 2), "corp", "corporal", "corporeal"),
@@ -218,6 +221,9 @@ class ServerConstants {
 			if(data.containsKey("daily_restart")){
 				DAILY_RESTART = data["daily_restart"] as Boolean
 			}
+
+			if(data.containsKey("ms_secret_key")) MS_SECRET_KEY = data["ms_secret_key"].toString()
+			else MS_SECRET_KEY = "2009scape_development"
 		}
 	}
 }

Server/worldprops/default.json

@@ -43,7 +43,8 @@
     "database_username": "root",
     "database_password": "",
     "database_address": "127.0.0.1",
-    "database_port": "3306"
+    "database_port": "3306",
+    "ms_secret_key": "2009scape_development"
   },
 
   "PluginToggles": {