From d398d5060dfdff518eabb1509a8d626b176ece50 Mon Sep 17 00:00:00 2001 From: Stanislav Usenkov Date: Thu, 11 Aug 2016 21:35:51 +0700 Subject: [PATCH] New config.yml option: settings.disable-insecure-commands (true by default). When true all commands that can edit database contents will be disabled for all. --- pom.xml | 2 +- .../simsonic/rscPermissions/API/Settings.java | 1 + .../Bukkit/BukkitRegionProviders.java | 2 -- ...Configuration.java => BukkitSettings.java} | 15 ++++++++++--- .../Bukkit/Commands/CommandEntity.java | 22 +++++++++++-------- .../Bukkit/Commands/CommandEntityHelper.java | 3 --- .../rscPermissions/BukkitPluginMain.java | 5 ++--- .../Engine/Backends/DatabaseEditor.java | 1 - .../rscPermissions/Engine/Phrases.java | 1 + src/main/resources/config.yml | 5 +++++ src/main/resources/languages/english.yml | 1 + src/main/resources/languages/russian.yml | 1 + src/main/resources/plugin.yml | 1 - 13 files changed, 37 insertions(+), 23 deletions(-) rename src/main/java/ru/simsonic/rscPermissions/Bukkit/{BukkitPluginConfiguration.java => BukkitSettings.java} (91%) diff --git a/pom.xml b/pom.xml index de21997..7372ef5 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ ru.simsonic rscPermissions - 0.10.8b-SNAPSHOT + 0.10.9b-SNAPSHOT jar rscPermissions diff --git a/src/main/java/ru/simsonic/rscPermissions/API/Settings.java b/src/main/java/ru/simsonic/rscPermissions/API/Settings.java index 3945525..73fe3b0 100644 --- a/src/main/java/ru/simsonic/rscPermissions/API/Settings.java +++ b/src/main/java/ru/simsonic/rscPermissions/API/Settings.java @@ -47,6 +47,7 @@ public interface Settings public boolean isDefaultForever(); public boolean isAsteriskOP(); public boolean isUsingAncestorPrefixes(); + public boolean areInsecureCommandsDisabled(); public boolean isInMaintenance(); public String getMaintenanceMode(); public void setMaintenanceMode(String mode); diff --git a/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java b/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java index dcaf892..d1eca3e 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java +++ b/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java @@ -11,10 +11,8 @@ import java.util.Map; import java.util.Set; import org.bukkit.Location; import org.bukkit.World; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import org.bukkit.plugin.Plugin; -import ru.simsonic.rscMinecraftLibrary.Bukkit.GenericChatCodes; import ru.simsonic.rscPermissions.BukkitPluginMain; import ru.simsonic.rscPermissions.Engine.Phrases; diff --git a/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitPluginConfiguration.java b/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitSettings.java similarity index 91% rename from src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitPluginConfiguration.java rename to src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitSettings.java index 52b0aa1..9e974c2 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitPluginConfiguration.java +++ b/src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitSettings.java @@ -12,7 +12,7 @@ import ru.simsonic.rscPermissions.API.Settings; import ru.simsonic.rscPermissions.API.TranslationProvider; import ru.simsonic.rscPermissions.BukkitPluginMain; -public class BukkitPluginConfiguration implements Settings +public class BukkitSettings implements Settings { private final static int CURRENT_CONFIG_VERSION = 5; private final BukkitPluginMain plugin; @@ -24,12 +24,13 @@ public class BukkitPluginConfiguration implements Settings private String language = "english"; private boolean bAlwaysInheritDefault = false; private boolean bTreatAsteriskAsOP = true; + private boolean bDisableDatabaseEdits = true; private boolean bUsingAncestorPrefixes = true; private boolean bUseMetrics = true; private boolean bUseWorldGuard = true; private int nAutoReloadDelayTicks = 20 * 900; private int nRegionFinderGranularity = 1000; - public BukkitPluginConfiguration(final BukkitPluginMain plugin) + public BukkitSettings(final BukkitPluginMain plugin) { this.plugin = plugin; } @@ -52,9 +53,10 @@ public class BukkitPluginConfiguration implements Settings case 4: update_v4_to_v5(config); BukkitPluginMain.consoleLog.info(Settings.CHAT_PREFIX + "Configuration updated from v3 to v4."); - case CURRENT_CONFIG_VERSION: // Current version + // Keep it here to not rewrite config everyday config.set("internal.version", CURRENT_CONFIG_VERSION); plugin.saveConfig(); + case CURRENT_CONFIG_VERSION: break; } } @@ -85,6 +87,7 @@ public class BukkitPluginConfiguration implements Settings private void update_v4_to_v5(FileConfiguration config) { config.set("settings.integration.residence", null); + config.set("settings.disable-insecure-commands", true); } @Override public void onEnable() @@ -96,6 +99,7 @@ public class BukkitPluginConfiguration implements Settings strMaintenanceMode = config.getString("settings.maintenance-mode", ""); bAlwaysInheritDefault = config.getBoolean("settings.always-inherit-default-group", false); bTreatAsteriskAsOP = config.getBoolean("settings.treat-asterisk-as-op", true); + bDisableDatabaseEdits = config.getBoolean("settings.disable-insecure-commands", true); bUsingAncestorPrefixes = config.getBoolean("settings.groups-inherit-parent-prefixes", true); bUseWorldGuard = config.getBoolean("settings.integration.worldguard", true); bUseMetrics = config.getBoolean("settings.use-metrics", true); @@ -185,6 +189,11 @@ public class BukkitPluginConfiguration implements Settings return bUseWorldGuard; } @Override + public boolean areInsecureCommandsDisabled() + { + return bDisableDatabaseEdits; + } + @Override public int getAutoReloadDelayTicks() { return nAutoReloadDelayTicks; diff --git a/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java b/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java index 3f3f65c..8626512 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java +++ b/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java @@ -16,6 +16,7 @@ import ru.simsonic.rscPermissions.API.RowPermission; import ru.simsonic.rscPermissions.Bukkit.BukkitUtilities; import ru.simsonic.rscPermissions.Bukkit.Commands.ArgumentUtilities.OptionalParams; import ru.simsonic.rscPermissions.BukkitPluginMain; +import ru.simsonic.rscPermissions.Engine.Phrases; import ru.simsonic.rscPermissions.Engine.ResolutionResult; public class CommandEntity extends CommandEntityHelper @@ -221,6 +222,15 @@ public class CommandEntity extends CommandEntityHelper onEntityCommand(entity, type, args); throw new CommandAnswerException(getHelpForType(type)); } + private RowEntity createEntity(EntityType type, String name) + { + final RowEntity result = new RowEntity(); + result.entity = name; + result.entityType = type; + result.permissions = new RowPermission[] {}; + result.inheritance = new RowInheritance[] {}; + return result; + } private void onEntityCommand(RowEntity entity, TargetType type, String[] args) throws CommandAnswerException { final String subcommand = args.length > 1 && args[1] != null @@ -252,6 +262,9 @@ public class CommandEntity extends CommandEntityHelper case "help": throw new CommandAnswerException(getHelpForType(type)); } + // Commands below are meant to be INSECURE + if(rscp.settings.areInsecureCommandsDisabled()) + throw new CommandAnswerException(Phrases.COMMAND_IS_DENIED.toPlayer()); if(args.length < 3) throw new CommandAnswerException("FEW ARGUMENTS"); final String target = args[2]; @@ -317,13 +330,4 @@ public class CommandEntity extends CommandEntityHelper throw new CommandAnswerException(getHelpForType(TargetType.PLAYER)); } } - private RowEntity createEntity(EntityType type, String name) - { - final RowEntity result = new RowEntity(); - result.entity = name; - result.entityType = type; - result.permissions = new RowPermission[] {}; - result.inheritance = new RowInheritance[] {}; - return result; - } } diff --git a/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java b/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java index 20d4501..59766cf 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java +++ b/src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java @@ -3,10 +3,7 @@ package ru.simsonic.rscPermissions.Bukkit.Commands; import java.time.format.DateTimeFormatter; import java.util.ArrayList; import java.util.LinkedList; -import java.util.List; import java.util.Map; -import java.util.Set; -import org.bukkit.command.CommandSender; import ru.simsonic.rscMinecraftLibrary.Bukkit.CommandAnswerException; import ru.simsonic.rscPermissions.API.EntityType; import ru.simsonic.rscPermissions.API.RowEntity; diff --git a/src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java b/src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java index 2170c13..d949d91 100644 --- a/src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java +++ b/src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java @@ -6,7 +6,6 @@ import java.util.logging.Logger; import org.bukkit.Bukkit; import org.bukkit.command.Command; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import org.bukkit.plugin.java.JavaPlugin; import org.bukkit.scheduler.BukkitScheduler; @@ -19,8 +18,8 @@ import ru.simsonic.rscPermissions.API.Settings; import ru.simsonic.rscPermissions.Bukkit.BukkitFetching; import ru.simsonic.rscPermissions.Bukkit.BukkitListener; import ru.simsonic.rscPermissions.Bukkit.BukkitPermissionManager; -import ru.simsonic.rscPermissions.Bukkit.BukkitPluginConfiguration; import ru.simsonic.rscPermissions.Bukkit.BukkitRegionProviders; +import ru.simsonic.rscPermissions.Bukkit.BukkitSettings; import ru.simsonic.rscPermissions.Bukkit.Commands.BukkitCommands; import ru.simsonic.rscPermissions.Bukkit.RegionUpdateObserver; import ru.simsonic.rscPermissions.Engine.Backends.BackendJson; @@ -32,7 +31,7 @@ import ru.simsonic.rscPermissions.Engine.Phrases; public final class BukkitPluginMain extends JavaPlugin { public final static Logger consoleLog = Bukkit.getLogger(); - public final Settings settings = new BukkitPluginConfiguration(this); + public final Settings settings = new BukkitSettings(this); public final BukkitUpdater updating = new BukkitUpdater(this, Settings.UPDATER_URL, Settings.CHAT_PREFIX, Settings.UPDATE_CMD); public final BridgeForBukkitAPI rscpAPIs = new BridgeForBukkitAPI(this); public final BukkitListener listener = new BukkitListener(this); diff --git a/src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java b/src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java index 94314bc..cdbc0ee 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java +++ b/src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java @@ -1,6 +1,5 @@ package ru.simsonic.rscPermissions.Engine.Backends; -import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedList; diff --git a/src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java b/src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java index 3c1b7fe..474e674 100644 --- a/src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java +++ b/src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java @@ -39,6 +39,7 @@ public enum Phrases FETCHED_ANSWER ("database.command-answer"), FETCHED_LOCAL_CACHE("database.fetched-local"), FETCHED_REMOTE_DB ("database.fetched-remote"), + COMMAND_IS_DENIED ("database.command-denied"), HELP_HEADER_1 ("help.header-1"), HELP_HEADER_2 ("help.header-2"), HELP_HEADER_3 ("help.header-3"), diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index ec38add..5181c40 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -19,6 +19,11 @@ settings: # Игроки, имеющие право '*', немедленно получат статус оператора. # Со всех остальных статус оператора будет немедленно снят. treat-asterisk-as-op: true + # Completely disable all commands that are designed to edit database contents. + # Even if somebody will receive for a short time all rights he won't be able to control your permissions. + # Полностью отключить все команды, предназначенные для редактирования базы данных. + # Даже если кто-то взломает Ваш сервер и получит все права он не сможет испортить содержимое базы данных. + disable-insecure-commands: true # How often should plugin reload database contents into local cache. # Как часто обновлять локальный кэш свежими данными из БД? Если ввести отрицательное или # нулевое значение, то автоматическое перечитывание будет отключено. diff --git a/src/main/resources/languages/english.yml b/src/main/resources/languages/english.yml index 953ea53..1b2a132 100644 --- a/src/main/resources/languages/english.yml +++ b/src/main/resources/languages/english.yml @@ -28,6 +28,7 @@ database: command-answer: "Tables have been fetched." fetched-local: "{_LG}Loaded {:E} entity, {:P} permission and {:I} inheritance rows from local cache." fetched-remote: "{_LG}Fetched {:E} entities, {:P} permissions and {:I} inheritances." + command-denied: "{_LR}This command is denied by administrator." help: header-1: "{_LS}Perfect permission manager for multiserver environments" header-2: "{_LS}Current serverId is '{_LG}{:SERVERID}{_LS}' (server.properties)" diff --git a/src/main/resources/languages/russian.yml b/src/main/resources/languages/russian.yml index 70c190e..3837549 100644 --- a/src/main/resources/languages/russian.yml +++ b/src/main/resources/languages/russian.yml @@ -28,6 +28,7 @@ database: command-answer: "База данных перечитана." fetched-local: "{_LG}Восстановлено {:E} сущностей, {:P} прав и {:I} наследований." fetched-remote: "{_LG}Получено {:E} сущностей, {:P} прав и {:I} наследований." + command-denied: "{_LR}Эта команда заблокирована адмнистратором." help: header-1: "{_LS}Идеальный плагин для мультисерверных проектов" header-2: "{_LS}Идентификатор этого сервера установлен в '{_LG}{:SERVERID}{_LS}' (server.properties)" diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml index 15d6a25..74a7015 100644 --- a/src/main/resources/plugin.yml +++ b/src/main/resources/plugin.yml @@ -9,7 +9,6 @@ softdepend: - Vault - WorldEdit - WorldGuard -- Residence commands: rscp: