Misterzym
/
rscPermissions-plugin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

New config.yml option: settings.disable-insecure-commands (true by default). 

When true all commands that can edit database contents will be disabled for all.
master
Stanislav Usenkov 9 years ago
parent
5848fb17d3
commit
d398d5060d
13 changed files with 37 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      pom.xml
  2. 1
      src/main/java/ru/simsonic/rscPermissions/API/Settings.java
  3. 2
      src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java
  4. 15
      src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitSettings.java
  5. 22
      src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java
  6. 3
      src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java
  7. 5
      src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java
  8. 1
      src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java
  9. 1
      src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java
  10. 5
      src/main/resources/config.yml
  11. 1
      src/main/resources/languages/english.yml
  12. 1
      src/main/resources/languages/russian.yml
  13. 1
      src/main/resources/plugin.yml

2
pom.xml
Unescape View File

@ -4,7 +4,7 @@
<groupId>ru.simsonic</groupId> <groupId>ru.simsonic</groupId>
<artifactId>rscPermissions</artifactId> <artifactId>rscPermissions</artifactId>
<version>0.10.8b-SNAPSHOT</version> <version>0.10.9b-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
<name>rscPermissions</name> <name>rscPermissions</name>

1
src/main/java/ru/simsonic/rscPermissions/API/Settings.java
Unescape View File

@ -47,6 +47,7 @@ public interface Settings
public boolean isDefaultForever(); public boolean isDefaultForever();
public boolean isAsteriskOP(); public boolean isAsteriskOP();
public boolean isUsingAncestorPrefixes(); public boolean isUsingAncestorPrefixes();
public boolean areInsecureCommandsDisabled();
public boolean isInMaintenance(); public boolean isInMaintenance();
public String getMaintenanceMode(); public String getMaintenanceMode();
public void setMaintenanceMode(String mode); public void setMaintenanceMode(String mode);

2
src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitRegionProviders.java
Unescape View File

@ -11,10 +11,8 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import org.bukkit.Location; import org.bukkit.Location;
import org.bukkit.World; import org.bukkit.World;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.bukkit.plugin.Plugin; import org.bukkit.plugin.Plugin;
import ru.simsonic.rscMinecraftLibrary.Bukkit.GenericChatCodes;
import ru.simsonic.rscPermissions.BukkitPluginMain; import ru.simsonic.rscPermissions.BukkitPluginMain;
import ru.simsonic.rscPermissions.Engine.Phrases; import ru.simsonic.rscPermissions.Engine.Phrases;

15
src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitPluginConfiguration.java → src/main/java/ru/simsonic/rscPermissions/Bukkit/BukkitSettings.java
Unescape View File

@ -12,7 +12,7 @@ import ru.simsonic.rscPermissions.API.Settings;
import ru.simsonic.rscPermissions.API.TranslationProvider; import ru.simsonic.rscPermissions.API.TranslationProvider;
import ru.simsonic.rscPermissions.BukkitPluginMain; import ru.simsonic.rscPermissions.BukkitPluginMain;
public class BukkitPluginConfiguration implements Settings public class BukkitSettings implements Settings
{ {
private final static int CURRENT_CONFIG_VERSION = 5; private final static int CURRENT_CONFIG_VERSION = 5;
private final BukkitPluginMain plugin; private final BukkitPluginMain plugin;
@ -24,12 +24,13 @@ public class BukkitPluginConfiguration implements Settings
private String language = "english"; private String language = "english";
private boolean bAlwaysInheritDefault = false; private boolean bAlwaysInheritDefault = false;
private boolean bTreatAsteriskAsOP = true; private boolean bTreatAsteriskAsOP = true;
private boolean bDisableDatabaseEdits = true;
private boolean bUsingAncestorPrefixes = true; private boolean bUsingAncestorPrefixes = true;
private boolean bUseMetrics = true; private boolean bUseMetrics = true;
private boolean bUseWorldGuard = true; private boolean bUseWorldGuard = true;
private int nAutoReloadDelayTicks = 20 * 900; private int nAutoReloadDelayTicks = 20 * 900;
private int nRegionFinderGranularity = 1000; private int nRegionFinderGranularity = 1000;
public BukkitPluginConfiguration(final BukkitPluginMain plugin) public BukkitSettings(final BukkitPluginMain plugin)
{ {
this.plugin = plugin; this.plugin = plugin;
} }
@ -52,9 +53,10 @@ public class BukkitPluginConfiguration implements Settings
case 4: case 4:
update_v4_to_v5(config); update_v4_to_v5(config);
BukkitPluginMain.consoleLog.info(Settings.CHAT_PREFIX + "Configuration updated from v3 to v4."); BukkitPluginMain.consoleLog.info(Settings.CHAT_PREFIX + "Configuration updated from v3 to v4.");
case CURRENT_CONFIG_VERSION: // Current version // Keep it here to not rewrite config everyday
config.set("internal.version", CURRENT_CONFIG_VERSION); config.set("internal.version", CURRENT_CONFIG_VERSION);
plugin.saveConfig(); plugin.saveConfig();
case CURRENT_CONFIG_VERSION:
break; break;
} }
} }
@ -85,6 +87,7 @@ public class BukkitPluginConfiguration implements Settings
private void update_v4_to_v5(FileConfiguration config) private void update_v4_to_v5(FileConfiguration config)
{ {
config.set("settings.integration.residence", null); config.set("settings.integration.residence", null);
config.set("settings.disable-insecure-commands", true);
} }
@Override @Override
public void onEnable() public void onEnable()
@ -96,6 +99,7 @@ public class BukkitPluginConfiguration implements Settings
strMaintenanceMode = config.getString("settings.maintenance-mode", ""); strMaintenanceMode = config.getString("settings.maintenance-mode", "");
bAlwaysInheritDefault = config.getBoolean("settings.always-inherit-default-group", false); bAlwaysInheritDefault = config.getBoolean("settings.always-inherit-default-group", false);
bTreatAsteriskAsOP = config.getBoolean("settings.treat-asterisk-as-op", true); bTreatAsteriskAsOP = config.getBoolean("settings.treat-asterisk-as-op", true);
bDisableDatabaseEdits = config.getBoolean("settings.disable-insecure-commands", true);
bUsingAncestorPrefixes = config.getBoolean("settings.groups-inherit-parent-prefixes", true); bUsingAncestorPrefixes = config.getBoolean("settings.groups-inherit-parent-prefixes", true);
bUseWorldGuard = config.getBoolean("settings.integration.worldguard", true); bUseWorldGuard = config.getBoolean("settings.integration.worldguard", true);
bUseMetrics = config.getBoolean("settings.use-metrics", true); bUseMetrics = config.getBoolean("settings.use-metrics", true);
@ -185,6 +189,11 @@ public class BukkitPluginConfiguration implements Settings
return bUseWorldGuard; return bUseWorldGuard;
} }
@Override @Override
public boolean areInsecureCommandsDisabled()
{
return bDisableDatabaseEdits;
}
@Override
public int getAutoReloadDelayTicks() public int getAutoReloadDelayTicks()
{ {
return nAutoReloadDelayTicks; return nAutoReloadDelayTicks;

22
src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntity.java
Unescape View File

@ -16,6 +16,7 @@ import ru.simsonic.rscPermissions.API.RowPermission;
import ru.simsonic.rscPermissions.Bukkit.BukkitUtilities; import ru.simsonic.rscPermissions.Bukkit.BukkitUtilities;
import ru.simsonic.rscPermissions.Bukkit.Commands.ArgumentUtilities.OptionalParams; import ru.simsonic.rscPermissions.Bukkit.Commands.ArgumentUtilities.OptionalParams;
import ru.simsonic.rscPermissions.BukkitPluginMain; import ru.simsonic.rscPermissions.BukkitPluginMain;
import ru.simsonic.rscPermissions.Engine.Phrases;
import ru.simsonic.rscPermissions.Engine.ResolutionResult; import ru.simsonic.rscPermissions.Engine.ResolutionResult;
public class CommandEntity extends CommandEntityHelper public class CommandEntity extends CommandEntityHelper
@ -221,6 +222,15 @@ public class CommandEntity extends CommandEntityHelper
onEntityCommand(entity, type, args); onEntityCommand(entity, type, args);
throw new CommandAnswerException(getHelpForType(type)); throw new CommandAnswerException(getHelpForType(type));
} }
private RowEntity createEntity(EntityType type, String name)
{
final RowEntity result = new RowEntity();
result.entity = name;
result.entityType = type;
result.permissions = new RowPermission[] {};
result.inheritance = new RowInheritance[] {};
return result;
}
private void onEntityCommand(RowEntity entity, TargetType type, String[] args) throws CommandAnswerException private void onEntityCommand(RowEntity entity, TargetType type, String[] args) throws CommandAnswerException
{ {
final String subcommand = args.length > 1 && args[1] != null final String subcommand = args.length > 1 && args[1] != null
@ -252,6 +262,9 @@ public class CommandEntity extends CommandEntityHelper
case "help": case "help":
throw new CommandAnswerException(getHelpForType(type)); throw new CommandAnswerException(getHelpForType(type));
} }
// Commands below are meant to be INSECURE
if(rscp.settings.areInsecureCommandsDisabled())
throw new CommandAnswerException(Phrases.COMMAND_IS_DENIED.toPlayer());
if(args.length < 3) if(args.length < 3)
throw new CommandAnswerException("FEW ARGUMENTS"); throw new CommandAnswerException("FEW ARGUMENTS");
final String target = args[2]; final String target = args[2];
@ -317,13 +330,4 @@ public class CommandEntity extends CommandEntityHelper
throw new CommandAnswerException(getHelpForType(TargetType.PLAYER)); throw new CommandAnswerException(getHelpForType(TargetType.PLAYER));
} }
} }
private RowEntity createEntity(EntityType type, String name)
{
final RowEntity result = new RowEntity();
result.entity = name;
result.entityType = type;
result.permissions = new RowPermission[] {};
result.inheritance = new RowInheritance[] {};
return result;
}
} }

3
src/main/java/ru/simsonic/rscPermissions/Bukkit/Commands/CommandEntityHelper.java
Unescape View File

@ -3,10 +3,7 @@ package ru.simsonic.rscPermissions.Bukkit.Commands;
import java.time.format.DateTimeFormatter; import java.time.format.DateTimeFormatter;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import org.bukkit.command.CommandSender;
import ru.simsonic.rscMinecraftLibrary.Bukkit.CommandAnswerException; import ru.simsonic.rscMinecraftLibrary.Bukkit.CommandAnswerException;
import ru.simsonic.rscPermissions.API.EntityType; import ru.simsonic.rscPermissions.API.EntityType;
import ru.simsonic.rscPermissions.API.RowEntity; import ru.simsonic.rscPermissions.API.RowEntity;

5
src/main/java/ru/simsonic/rscPermissions/BukkitPluginMain.java
Unescape View File

@ -6,7 +6,6 @@ import java.util.logging.Logger;
import org.bukkit.Bukkit; import org.bukkit.Bukkit;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.bukkit.plugin.java.JavaPlugin; import org.bukkit.plugin.java.JavaPlugin;
import org.bukkit.scheduler.BukkitScheduler; import org.bukkit.scheduler.BukkitScheduler;
@ -19,8 +18,8 @@ import ru.simsonic.rscPermissions.API.Settings;
import ru.simsonic.rscPermissions.Bukkit.BukkitFetching; import ru.simsonic.rscPermissions.Bukkit.BukkitFetching;
import ru.simsonic.rscPermissions.Bukkit.BukkitListener; import ru.simsonic.rscPermissions.Bukkit.BukkitListener;
import ru.simsonic.rscPermissions.Bukkit.BukkitPermissionManager; import ru.simsonic.rscPermissions.Bukkit.BukkitPermissionManager;
import ru.simsonic.rscPermissions.Bukkit.BukkitPluginConfiguration;
import ru.simsonic.rscPermissions.Bukkit.BukkitRegionProviders; import ru.simsonic.rscPermissions.Bukkit.BukkitRegionProviders;
import ru.simsonic.rscPermissions.Bukkit.BukkitSettings;
import ru.simsonic.rscPermissions.Bukkit.Commands.BukkitCommands; import ru.simsonic.rscPermissions.Bukkit.Commands.BukkitCommands;
import ru.simsonic.rscPermissions.Bukkit.RegionUpdateObserver; import ru.simsonic.rscPermissions.Bukkit.RegionUpdateObserver;
import ru.simsonic.rscPermissions.Engine.Backends.BackendJson; import ru.simsonic.rscPermissions.Engine.Backends.BackendJson;
@ -32,7 +31,7 @@ import ru.simsonic.rscPermissions.Engine.Phrases;
public final class BukkitPluginMain extends JavaPlugin public final class BukkitPluginMain extends JavaPlugin
{ {
public final static Logger consoleLog = Bukkit.getLogger(); public final static Logger consoleLog = Bukkit.getLogger();
public final Settings settings = new BukkitPluginConfiguration(this); public final Settings settings = new BukkitSettings(this);
public final BukkitUpdater updating = new BukkitUpdater(this, Settings.UPDATER_URL, Settings.CHAT_PREFIX, Settings.UPDATE_CMD); public final BukkitUpdater updating = new BukkitUpdater(this, Settings.UPDATER_URL, Settings.CHAT_PREFIX, Settings.UPDATE_CMD);
public final BridgeForBukkitAPI rscpAPIs = new BridgeForBukkitAPI(this); public final BridgeForBukkitAPI rscpAPIs = new BridgeForBukkitAPI(this);
public final BukkitListener listener = new BukkitListener(this); public final BukkitListener listener = new BukkitListener(this);

1
src/main/java/ru/simsonic/rscPermissions/Engine/Backends/DatabaseEditor.java
Unescape View File

@ -1,6 +1,5 @@
package ru.simsonic.rscPermissions.Engine.Backends; package ru.simsonic.rscPermissions.Engine.Backends;
import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.LinkedList; import java.util.LinkedList;

1
src/main/java/ru/simsonic/rscPermissions/Engine/Phrases.java
Unescape View File

@ -39,6 +39,7 @@ public enum Phrases
FETCHED_ANSWER ("database.command-answer"), FETCHED_ANSWER ("database.command-answer"),
FETCHED_LOCAL_CACHE("database.fetched-local"), FETCHED_LOCAL_CACHE("database.fetched-local"),
FETCHED_REMOTE_DB ("database.fetched-remote"), FETCHED_REMOTE_DB ("database.fetched-remote"),
COMMAND_IS_DENIED ("database.command-denied"),
HELP_HEADER_1 ("help.header-1"), HELP_HEADER_1 ("help.header-1"),
HELP_HEADER_2 ("help.header-2"), HELP_HEADER_2 ("help.header-2"),
HELP_HEADER_3 ("help.header-3"), HELP_HEADER_3 ("help.header-3"),

5
src/main/resources/config.yml
Unescape View File

@ -19,6 +19,11 @@ settings:
# Игроки, имеющие право '*', немедленно получат статус оператора. # Игроки, имеющие право '*', немедленно получат статус оператора.
# Со всех остальных статус оператора будет немедленно снят. # Со всех остальных статус оператора будет немедленно снят.
treat-asterisk-as-op: true treat-asterisk-as-op: true
# Completely disable all commands that are designed to edit database contents.
# Even if somebody will receive for a short time all rights he won't be able to control your permissions.
# Полностью отключить все команды, предназначенные для редактирования базы данных.
# Даже если кто-то взломает Ваш сервер и получит все права он не сможет испортить содержимое базы данных.
disable-insecure-commands: true
# How often should plugin reload database contents into local cache. # How often should plugin reload database contents into local cache.
# Как часто обновлять локальный кэш свежими данными из БД? Если ввести отрицательное или # Как часто обновлять локальный кэш свежими данными из БД? Если ввести отрицательное или
# нулевое значение, то автоматическое перечитывание будет отключено. # нулевое значение, то автоматическое перечитывание будет отключено.

1
src/main/resources/languages/english.yml
Unescape View File

@ -28,6 +28,7 @@ database:
command-answer: "Tables have been fetched." command-answer: "Tables have been fetched."
fetched-local: "{_LG}Loaded {:E} entity, {:P} permission and {:I} inheritance rows from local cache." fetched-local: "{_LG}Loaded {:E} entity, {:P} permission and {:I} inheritance rows from local cache."
fetched-remote: "{_LG}Fetched {:E} entities, {:P} permissions and {:I} inheritances." fetched-remote: "{_LG}Fetched {:E} entities, {:P} permissions and {:I} inheritances."
command-denied: "{_LR}This command is denied by administrator."
help: help:
header-1: "{_LS}Perfect permission manager for multiserver environments" header-1: "{_LS}Perfect permission manager for multiserver environments"
header-2: "{_LS}Current serverId is '{_LG}{:SERVERID}{_LS}' (server.properties)" header-2: "{_LS}Current serverId is '{_LG}{:SERVERID}{_LS}' (server.properties)"

1
src/main/resources/languages/russian.yml
Unescape View File

@ -28,6 +28,7 @@ database:
command-answer: "База данных перечитана." command-answer: "База данных перечитана."
fetched-local: "{_LG}Восстановлено {:E} сущностей, {:P} прав и {:I} наследований." fetched-local: "{_LG}Восстановлено {:E} сущностей, {:P} прав и {:I} наследований."
fetched-remote: "{_LG}Получено {:E} сущностей, {:P} прав и {:I} наследований." fetched-remote: "{_LG}Получено {:E} сущностей, {:P} прав и {:I} наследований."
command-denied: "{_LR}Эта команда заблокирована адмнистратором."
help: help:
header-1: "{_LS}Идеальный плагин для мультисерверных проектов" header-1: "{_LS}Идеальный плагин для мультисерверных проектов"
header-2: "{_LS}Идентификатор этого сервера установлен в '{_LG}{:SERVERID}{_LS}' (server.properties)" header-2: "{_LS}Идентификатор этого сервера установлен в '{_LG}{:SERVERID}{_LS}' (server.properties)"

1
src/main/resources/plugin.yml
Unescape View File

@ -9,7 +9,6 @@ softdepend:
- Vault - Vault
- WorldEdit - WorldEdit
- WorldGuard - WorldGuard
- Residence
commands: commands:
rscp: rscp:

Write Preview
Loading…
Cancel
Save