From 1b84f9d61f0d089189daa91bccc4387dab4b4dad Mon Sep 17 00:00:00 2001 From: Enno Rehling Date: Sun, 22 Jun 2003 08:38:55 +0000 Subject: [PATCH] - Bugfix FOLGE exploit - Visual Studio .net 2003 project files - SHORTPWD define (disabled) --- src/common/attributes/attributes.vcproj | 18 ++++++- src/common/gamecode/creport.c | 13 +++++ src/common/gamecode/economy.c | 21 ++++---- src/common/gamecode/gamecode.vcproj | 24 +++++++++- src/common/gamecode/laws.c | 41 +++++++--------- src/common/gamecode/report.c | 13 +++++ src/common/gamecode/spy.c | 8 ++-- src/common/gamecode/study.c | 2 +- src/common/items/birthday_firework.c | 2 +- src/common/items/items.vcproj | 18 ++++++- src/common/kernel/build.c | 2 +- src/common/kernel/eressea.c | 14 +++--- src/common/kernel/eressea.h | 4 +- src/common/kernel/faction.c | 12 ++++- src/common/kernel/faction.h | 14 +++++- src/common/kernel/karma.c | 6 +-- src/common/kernel/kernel.vcproj | 24 +++++++++- src/common/kernel/magic.c | 4 +- src/common/kernel/magic.h | 2 +- src/common/kernel/movement.c | 6 +-- src/common/kernel/pool.c | 2 +- src/common/kernel/save.c | 4 +- src/common/modules/gmcmd.c | 2 +- src/common/modules/modules.vcproj | 18 ++++++- src/common/races/races.vcproj | 18 ++++++- src/common/settings-eressea.h | 2 + src/common/spells/spells.vcproj | 18 ++++++- src/common/triggers/triggers.vcproj | 18 ++++++- src/common/util/util.vcproj | 24 +++++++++- src/eressea.sln | 64 ++++++++++++++++--------- src/eressea/eressea.vcproj | 24 +++++++++- src/eressea/main.c | 35 ++++++++++++++ src/mapper/mapper.vcproj | 18 ++++++- 33 files changed, 382 insertions(+), 113 deletions(-) diff --git a/src/common/attributes/attributes.vcproj b/src/common/attributes/attributes.vcproj index b9022a0f6..0757bcc70 100644 --- a/src/common/attributes/attributes.vcproj +++ b/src/common/attributes/attributes.vcproj @@ -1,7 +1,7 @@ - + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + alliance->id); fprintf(F, "\"%s\";alliancename\n", f->alliance->name); } +#endif +#ifdef SHORTPWDS + if (f->shortpwds) { + shortpwd * spwd = f->shortpwds; + while (spwd) { + unsigned int vacation = 0; + if (spwd->used) { + fprintf(F, "VACATION %u\n", ++vacation); + fprintf(F, "\"%s\";email\n", spwd->email); + } + spwd=spwd->next; + } + } #endif } flist = flist->next; diff --git a/src/common/gamecode/economy.c b/src/common/gamecode/economy.c index 52176f7f6..302aa670e 100644 --- a/src/common/gamecode/economy.c +++ b/src/common/gamecode/economy.c @@ -801,7 +801,7 @@ dogive(region * r, unit * u, strlist * S, boolean liefere, int mode) */ { unit *u2; - char *s; + const char *s; int i, n; const item_type * itype; int notfound_error = 63; @@ -961,7 +961,7 @@ dogive(region * r, unit * u, strlist * S, boolean liefere, int mode) return; } if (findparam(s, u->faction->locale) == P_ANY) { /* Alle Gegenstände übergeben */ - char * s = getstrtoken(); + const char * s = getstrtoken(); if(u2 && !ucontact(u2, u)) { cmistake(u, S->s, 40, MSG_COMMERCE); @@ -1081,9 +1081,7 @@ void forgetskill(unit * u) { skill_t talent; - char *s; - - s = getstrtoken(); + const char *s = getstrtoken(); if ((talent = findskill(s, u->faction->locale)) != NOSKILL) { struct message * m = add_message(&u->faction->msgs, @@ -1908,14 +1906,13 @@ create_item(unit * u, const item_type * itype, int want) static void make(region * r, unit * u) { - char *s; const building_type * btype; const ship_type * stype; param_t p; int m; const item_type * itype; + const char *s = getstrtoken(); - s = getstrtoken(); m = atoi(s); sprintf(buf, "%d", m); if (!strcmp(buf, s)) { @@ -2375,7 +2372,7 @@ sell(region * r, unit * u, request ** sellorders, const char * cmd) const luxury_type * ltype=NULL; int n; request *o; - char *s; + const char *s; if (u->ship && is_guarded(r, u, GUARD_CREWS)) { cmistake(u, cmd, 69, MSG_INCOME); @@ -2718,7 +2715,7 @@ void pflanze(region *r, unit *u) { int m; - char *s; + const char *s; param_t p; const item_type * itype = NULL; @@ -2797,7 +2794,7 @@ void zuechte(region *r, unit *u) { int m; - char *s; + const char *s; param_t p; /* züchte [] */ @@ -2853,9 +2850,7 @@ rough_amount(int a, int m) static void research(region *r, unit *u) { - char *s; - - s = getstrtoken(); + const char *s = getstrtoken(); if (findparam(s, u->faction->locale) == P_HERBS) { diff --git a/src/common/gamecode/gamecode.vcproj b/src/common/gamecode/gamecode.vcproj index c9a627dc1..e2cb4a375 100644 --- a/src/common/gamecode/gamecode.vcproj +++ b/src/common/gamecode/gamecode.vcproj @@ -1,7 +1,7 @@ - + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + + + next; for (S = u->orders; S; S = S->next) { if (igetkeyword(S->s, u->faction->locale) == K_QUIT) { - if (checkpasswd(u->faction, getstrtoken())) { + if (checkpasswd(u->faction, getstrtoken(), false)) { #ifdef ENHANCED_QUIT int f2_id = getid(); @@ -1098,7 +1098,7 @@ quit(void) factionid(u->faction), S->s); } } else if(igetkeyword(S->s, u->faction->locale) == K_RESTART && u->number > 0) { - char *s_race,*s_pass; + const char *s_race, *s_pass; if (!landregion(rterrain(r))) { cmistake(u, S->s, 242, MSG_EVENT); @@ -1128,7 +1128,7 @@ quit(void) continue; } - if (!checkpasswd(u->faction, s_pass)) { + if (!checkpasswd(u->faction, s_pass, false)) { cmistake(u, S->s, 86, MSG_EVENT); printf(" Warnung: NEUSTART mit falschem Passwort für Partei %s: %s\n", factionid(u->faction), S->s); @@ -1222,7 +1222,7 @@ set_ally(unit * u, strlist * S) ally * sf, ** sfp; faction *f; int keyword, not_kw; - char *s; + const char *s; f = getfaction(); @@ -1339,7 +1339,8 @@ set_ally(unit * u, strlist * S) static void set_display(region * r, unit * u, strlist * S) { - char **s, *s2; + char **s; + const char *s2; s = 0; @@ -1383,7 +1384,7 @@ set_display(region * r, unit * u, strlist * S) case P_PRIVAT: { - char *d = getstrtoken(); + const char *d = getstrtoken(); if(d == NULL || *d == 0) { usetprivate(u, NULL); } else { @@ -1418,10 +1419,6 @@ set_display(region * r, unit * u, strlist * S) s2 = getstrtoken(); - if (strlen(s2) >= DISPLAYSIZE) { - s2[DISPLAYSIZE] = 0; - cmistake(u, S->s, 3, MSG_EVENT); - } set_string(&(*s), s2); } @@ -1517,14 +1514,15 @@ set_synonym(unit * u, strlist *S) void set_group(unit * u) { - char * s = getstrtoken(); + const char * s = getstrtoken(); join_group(u, s); } void set_name(region * r, unit * u, strlist * S) { - char **s, *s2; + char **s; + const char *s2; int i; param_t p; boolean foreign = false; @@ -1794,7 +1792,7 @@ void distributeMail(region * r, unit * u, strlist * S) { unit *u2; - char *s; + const char *s; int n; s = getstrtoken(); @@ -1813,10 +1811,6 @@ distributeMail(region * r, unit * u, strlist * S) cmistake(u, S->s, 30, MSG_MESSAGE); return; } else { - if (strlen(s) >= DISPLAYSIZE) { - s[DISPLAYSIZE] = 0; - cmistake(u, S->s, 111, MSG_MESSAGE); - } sprintf(buf, "von %s: '%s'", unitname(u), s); addmessage(r, 0, buf, MSG_MESSAGE, ML_IMPORTANT); return; @@ -1981,7 +1975,7 @@ set_passw(void) region *r; unit *u; strlist *S; - char *s; + const char *s; int o, i; magic_t mtyp; @@ -2316,8 +2310,8 @@ instant_orders(void) region *r; unit *u; strlist *S; - char *s; - char *param; + const char *s; + const char *param; spell *spell; #ifdef NEW_ITEMS const item_type * itype; @@ -2897,7 +2891,7 @@ static void renumber(void) { region *r; - char *s; + const char *s; strlist *S; unit * u; int i; @@ -2911,7 +2905,6 @@ renumber(void) case P_FACTION: s = getstrtoken(); - if(strlen(s)>4) s[4]=0; if (s && *s) { int i = atoi36(s); attrib * a = a_find(f->attribs, &at_number); @@ -3110,7 +3103,7 @@ new_units (void) for (S = u->orders; S;) { if ((igetkeyword(S->s, u->faction->locale) == K_MAKE) && (getparam(u->faction->locale) == P_TEMP)) { int g; - char * name; + const char * name; int alias; int mu = maxunits(u->faction); @@ -3415,7 +3408,7 @@ defaultorders (void) { region *r; unit *u; - char * c; + const char * c; int i; strlist *s; list_foreach(region, regions, r) { diff --git a/src/common/gamecode/report.c b/src/common/gamecode/report.c index 0849d81e8..914d5a48a 100644 --- a/src/common/gamecode/report.c +++ b/src/common/gamecode/report.c @@ -1854,6 +1854,19 @@ list_address(FILE * F, const faction * uf, const faction_list * seenfactions) if (f->no!=MONSTER_FACTION) { sprintf(buf, "%s: %s; %s", factionname(f), f->email, f->banner); rparagraph(F, buf, 4, (char)(ALLIED(uf, f)?'+':'*')); +#ifdef SHORTPWDS + if (f->shortpwds) { + shortpwd * spwd = f->shortpwds; + while (spwd) { + if (spwd->used) { + sprintf(buf, "Vertretung: %s", spwd->email); + rparagraph(F, buf, 6, '-'); + } + spwd=spwd->next; + } + } +#endif + } flist = flist->next; } diff --git a/src/common/gamecode/spy.c b/src/common/gamecode/spy.c index 3e83a4700..18850d9d5 100644 --- a/src/common/gamecode/spy.c +++ b/src/common/gamecode/spy.c @@ -115,7 +115,7 @@ void setwere(unit *u, strlist *S) { int level = fspecial(u->faction,FS_LYCANTROPE); - char *s; + const char *s; if(!level) { cmistake(u, S->s, 311, MSG_EVENT); @@ -153,7 +153,7 @@ setwere(unit *u, strlist *S) void setstealth(unit * u, strlist * S) { - char *s; + const char *s; char level; const race * trace; attrib *a; @@ -214,7 +214,7 @@ setstealth(unit * u, strlist * S) } else if (findparam(s, u->faction->locale) == P_NOT) { freset(u, FL_PARTEITARNUNG); } else if (findkeyword(s, u->faction->locale) == K_NUMBER) { - char *s2 = getstrtoken(); + const char *s2 = getstrtoken(); int nr = -1; if(s2) nr = atoi36(s2); @@ -493,7 +493,7 @@ sink_ship(region * r, ship * sh, const char *name, char spy, unit * saboteur) void sabotage(region * r, unit * u) { - char *s; + const char *s; int i; ship *sh; unit *u2; diff --git a/src/common/gamecode/study.c b/src/common/gamecode/study.c index ef15e7faf..ac63ca154 100644 --- a/src/common/gamecode/study.c +++ b/src/common/gamecode/study.c @@ -243,7 +243,7 @@ teach(region * r, unit * u) static char order[BUFSIZE]; int teaching, i, j, count, academy=0; unit *u2; - char *s; + const char *s; skill_t sk; if ((u->race->flags & RCF_NOTEACH) || fval(u, UFL_WERE)) { diff --git a/src/common/items/birthday_firework.c b/src/common/items/birthday_firework.c index 264a35664..875dec796 100644 --- a/src/common/items/birthday_firework.c +++ b/src/common/items/birthday_firework.c @@ -40,7 +40,7 @@ use_birthday_firework(struct unit * u, const struct item_type * itype, int amoun regionlist *rlist = all_in_range(u->region, FIREWORK_RANGE); regionlist *rl; message *m; - char *name; + const char *name; unused(amount); diff --git a/src/common/items/items.vcproj b/src/common/items/items.vcproj index 92619a8cb..1b6a29963 100644 --- a/src/common/items/items.vcproj +++ b/src/common/items/items.vcproj @@ -1,7 +1,7 @@ - + @@ -54,6 +54,12 @@ Culture="1031"/> + + + + + + + + number < 1) diff --git a/src/common/kernel/eressea.c b/src/common/kernel/eressea.c index 1d753f3e2..e099700e9 100644 --- a/src/common/kernel/eressea.c +++ b/src/common/kernel/eressea.c @@ -1053,7 +1053,7 @@ count_maxmigrants(const faction * f) /* GET STR, I zur Eingabe von Daten liest diese aus dem Buffer, der beim ersten * Aufruf inititialisiert wird? */ -char * +const char * igetstrtoken (const char *s1) { int i; @@ -1087,7 +1087,7 @@ igetstrtoken (const char *s1) return lbuf; } -char * +const char * getstrtoken (void) { return igetstrtoken (0); @@ -1348,9 +1348,7 @@ read_newunitid (const faction * f, const region * r) int read_unitid (const faction * f, const region * r) { - char *s; - - s = getstrtoken (); + const char * s = getstrtoken (); /* Da s nun nur einen string enthaelt, suchen wir ihn direkt in der * paramliste. machen wir das nicht, dann wird getnewunit in s nach der @@ -2683,8 +2681,8 @@ fwage(const region *r, const faction *f, boolean img) -region * -findspecialdirection(const region *r, char *token) +static region * +findspecialdirection(const region *r, const char *token) { attrib *a; spec_direction *d; @@ -2705,7 +2703,7 @@ region * movewhere(region * r, const unit *u) { direction_t d; - char *token; + const char *token; region * r2; token = getstrtoken(); diff --git a/src/common/kernel/eressea.h b/src/common/kernel/eressea.h index 90f0c1e80..b08dd59bf 100644 --- a/src/common/kernel/eressea.h +++ b/src/common/kernel/eressea.h @@ -982,8 +982,8 @@ int geti(void); extern int findstr(const char **v, const char *s, unsigned char n); -extern char *igetstrtoken(const char *s); -extern char *getstrtoken(void); +extern const char *igetstrtoken(const char *s); +extern const char *getstrtoken(void); extern skill_t findskill(const char *s, const struct locale * lang); diff --git a/src/common/kernel/faction.c b/src/common/kernel/faction.c index b873de151..d182b100c 100644 --- a/src/common/kernel/faction.c +++ b/src/common/kernel/faction.c @@ -145,8 +145,18 @@ addplayer(region *r, const char *email, const char * password, } boolean -checkpasswd(const faction * f, const char * passwd) +checkpasswd(const faction * f, const char * passwd, boolean shortp) { +#ifdef SHORTPWDS + shortpwd * slist = f->shortpwds; + if (shortp) while (slist) { + if (strcasecmp(slist->pwd, passwd)==0) { + slist->used = true; + return true; + } + slist = slist->next; + } +#endif if (strcasecmp(f->passw, passwd)==0) return true; if (strcasecmp(f->override, passwd)==0) return true; return false; diff --git a/src/common/kernel/faction.h b/src/common/kernel/faction.h index 53a6fc263..12280d71f 100644 --- a/src/common/kernel/faction.h +++ b/src/common/kernel/faction.h @@ -16,6 +16,15 @@ struct player; struct alliance; +#ifdef SHORTPWDS +typedef struct shortpwd { + struct shortpwd * next; + char * email; + char * pwd; + boolean used; +} shortpwd; +#endif + typedef struct faction { struct faction *next; struct faction *nexthash; @@ -31,6 +40,9 @@ typedef struct faction { char *email; char *passw; char *override; +#ifdef SHORTPWDS + struct shortpwd * shortpwds; +#endif const struct locale * locale; int lastorders; /* enno: short? */ int age; /* enno: short? */ @@ -86,7 +98,7 @@ extern void * resolve_faction(void * data); extern struct unit * addplayer(struct region *r, const char *email, const char* password, const struct race * frace, const struct locale *loc, int subscription); -extern boolean checkpasswd(const faction * f, const char * passwd); +extern boolean checkpasswd(const faction * f, const char * passwd, boolean shortp); extern void destroyfaction(faction * f); #ifdef REGIONOWNERS diff --git a/src/common/kernel/karma.c b/src/common/kernel/karma.c index 3d608ad82..8a1101588 100644 --- a/src/common/kernel/karma.c +++ b/src/common/kernel/karma.c @@ -368,7 +368,7 @@ sacrificings(void) for(u=r->units; u; u=u->next) { if(igetkeyword(u->thisorder, u->faction->locale) == K_SACRIFICE) { int n = 1, karma; - char *s = getstrtoken(); + const char *s = getstrtoken(); if(s && *s) n = atoi(s); if(n <= 0) { @@ -432,7 +432,7 @@ prayers(void) int karma_cost; short mult = 1; param_t p; - char *s = getstrtoken(); + const char *s = getstrtoken(); if(findparam(s, u->faction->locale) == P_FOR) s = getstrtoken(); @@ -509,7 +509,7 @@ set_jihad(void) const race * jrace; race_t jrt; attrib *a; - char *s; + const char *s; for(a = a_find(f->attribs, &at_jihad); a; a = a->nexttype) { has += a->data.sa[1]; diff --git a/src/common/kernel/kernel.vcproj b/src/common/kernel/kernel.vcproj index ffc09e9dc..84a21a3f2 100644 --- a/src/common/kernel/kernel.vcproj +++ b/src/common/kernel/kernel.vcproj @@ -1,7 +1,7 @@ - + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + + + next; - if (fval(up, FL_FOLLOWING) && !fval(up, FL_MOVED)) { + if (fval(up, FL_FOLLOWING) && !fval(up, FL_LONGACTION) && !fval(up, FL_MOVED)) { attrib * a = a_find(up->attribs, &at_follow); if (a && a->data.v==u) { /* wir basteln ihm ein NACH */ @@ -1804,7 +1804,7 @@ piracy(unit *u) int aff[MAXDIRECTIONS]; int saff = 0; int *il; - char *s; + const char *s; boolean all = true; attrib *a; diff --git a/src/common/kernel/pool.c b/src/common/kernel/pool.c index ff2babb67..4567dd2a9 100644 --- a/src/common/kernel/pool.c +++ b/src/common/kernel/pool.c @@ -385,7 +385,7 @@ init_pool(void) && (urace(u)->ec_flags & GETITEM)) { int count = geti(); int use; - char *what = getstrtoken(); + const char *what = getstrtoken(); const resource_type * rtype = findresourcetype(what, u->faction->locale); if (rtype == NULL) list_continue(s); /* nur mit resources implementiert */ diff --git a/src/common/kernel/save.c b/src/common/kernel/save.c index fcc5f0c74..4b12f311c 100644 --- a/src/common/kernel/save.c +++ b/src/common/kernel/save.c @@ -548,7 +548,7 @@ factionorders(void) { char b[16]; char * fid = strnzcpy(b, getstrtoken(), 15); - char * pass = getstrtoken(); + const char * pass = getstrtoken(); faction *f; f = findfaction(atoi36(fid)); @@ -565,7 +565,7 @@ factionorders(void) freestrlist(f->mistakes); f->mistakes = 0; - if (checkpasswd(f, pass) == false) { + if (checkpasswd(f, pass, true) == false) { addstrlist(&f->mistakes, "Das Passwort wurde falsch eingegeben"); return 0; } diff --git a/src/common/modules/gmcmd.c b/src/common/modules/gmcmd.c index b13a16889..00e7943a3 100644 --- a/src/common/modules/gmcmd.c +++ b/src/common/modules/gmcmd.c @@ -141,7 +141,7 @@ gm_create(const tnode * tnext, const char * str, void * data, const char * cmd) i = atoi(igetstrtoken(str)); if (i>0) { - char * iname = getstrtoken(); + const char * iname = getstrtoken(); const item_type * itype = finditemtype(iname, u->faction->locale); if (itype==NULL) { mistake(u, cmd, "Unbekannter Gegenstand.\n", 0); diff --git a/src/common/modules/modules.vcproj b/src/common/modules/modules.vcproj index 927c7346a..cd424fff1 100644 --- a/src/common/modules/modules.vcproj +++ b/src/common/modules/modules.vcproj @@ -1,7 +1,7 @@ - + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + @@ -54,6 +54,12 @@ Culture="1031"/> + + + + + + + + + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + @@ -55,6 +55,12 @@ Culture="1031"/> + + + + + + + + + + + + @@ -63,8 +63,14 @@ Culture="1031"/> + + + + + + + + + + + +#include #include #include @@ -267,12 +268,46 @@ writepasswd(void) } } +#ifdef SHORTPWDS +static void +readshortpwds() +{ + FILE * F; + char zText[MAX_PATH]; + sprintf(zText, "%s/%s.%u", basepath(), "shortpwds", turn); + + F = fopen(zText, "r"); + if (F==NULL) { + log_error(("could not open password file %s", zText)); + } else { + while (!feof(F)) { + faction * f; + char passwd[16], faction[5], email[64]; + fscanf(F, "%s %s %s\n", faction, passwd, email); + f = findfaction(atoi36(faction)); + if (f!=NULL) { + shortpwd * pwd = (shortpwd*)malloc(sizeof(shortpwd)); + pwd->email = strdup(email); + pwd->pwd = strdup(passwd); + pwd->used = false; + pwd->next = f->shortpwds; + f->shortpwds = pwd; + } + } + fclose(F); + } +} +#endif + static int processturn(char *filename) { struct summary * begin, * end; int i; +#ifdef SHORTPWDS + readshortpwds("passwords"); +#endif begin = make_summary(false); printf(" - Korrekturen Runde %d\n", turn); korrektur(); diff --git a/src/mapper/mapper.vcproj b/src/mapper/mapper.vcproj index 0f8f812c7..d8d28ab44 100644 --- a/src/mapper/mapper.vcproj +++ b/src/mapper/mapper.vcproj @@ -1,7 +1,7 @@ - + @@ -62,8 +62,14 @@ Culture="1031"/> + + + + + + + +