aboutsummaryrefslogtreecommitdiff
path: root/src/server
diff options
context:
space:
mode:
authorSpp <spp@jorge.gr>2013-09-27 13:25:48 +0200
committerSpp <spp@jorge.gr>2013-09-27 13:35:45 +0200
commit895a23df119d2cb6c7110752af6f81ccd1e5f1bb (patch)
tree94c0b1a105433679273127d7c39df4d2ddd83932 /src/server
parentcfaea769bc8989aa8193562316fdc32507b047a9 (diff)
Core/RBAC: Add default groups to accounts based on their security level.
- Removed config option RBAC.DefaultGroups Use the table rbac_security_level_groups to configure the groups to be added to the account at load time. Note: Those groups are only used at run time, never saved to DB
Diffstat (limited to 'src/server')
-rw-r--r--src/server/game/Accounts/AccountMgr.cpp72
-rw-r--r--src/server/game/Accounts/AccountMgr.h3
-rw-r--r--src/server/game/Accounts/RBAC.cpp14
-rw-r--r--src/server/game/Accounts/RBAC.h17
-rw-r--r--src/server/game/Server/WorldSession.cpp7
-rw-r--r--src/server/worldserver/worldserver.conf.dist8
6 files changed, 42 insertions, 79 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index a4bacbc6cfc..7fd27f76247 100644
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -56,19 +56,8 @@ AccountOpResult AccountMgr::CreateAccount(std::string username, std::string pass
LoginDatabase.DirectExecute(stmt); // Enforce saving, otherwise AddGroup can fail
stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_REALM_CHARACTERS_INIT);
-
LoginDatabase.Execute(stmt);
- // Add default rbac groups for that security level
- rbac::RBACData* rbac = new rbac::RBACData(GetId(username), username, -1);
- // No need to Load From DB, as it's new data
-
- rbac::RBACGroupContainer const& groupsToAdd = _defaultSecGroups[0]; // 0: Default sec level
- for (rbac::RBACGroupContainer::const_iterator it = groupsToAdd.begin(); it != groupsToAdd.end(); ++it)
- rbac->AddGroup(*it, -1);
-
- delete rbac;
-
return AOR_OK; // everything's fine
}
@@ -403,7 +392,7 @@ void AccountMgr::LoadRBAC()
{
ClearRBAC();
- TC_LOG_INFO(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, "AccountMgr::LoadRBAC");
uint32 oldMSTime = getMSTime();
uint32 count1 = 0;
uint32 count2 = 0;
@@ -413,7 +402,7 @@ void AccountMgr::LoadRBAC()
QueryResult result = LoginDatabase.Query("SELECT id, name FROM rbac_permissions");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account permission definitions. DB table `rbac_permissions` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account permission definitions. DB table `rbac_permissions` is empty.");
return;
}
@@ -430,7 +419,7 @@ void AccountMgr::LoadRBAC()
result = LoginDatabase.Query("SELECT id, name FROM rbac_roles");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account role definitions. DB table `rbac_roles` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account role definitions. DB table `rbac_roles` is empty.");
return;
}
@@ -447,7 +436,7 @@ void AccountMgr::LoadRBAC()
result = LoginDatabase.Query("SELECT roleId, permissionId FROM rbac_role_permissions");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account role-permission definitions. DB table `rbac_role_permissions` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account role-permission definitions. DB table `rbac_role_permissions` is empty.");
return;
}
@@ -464,7 +453,7 @@ void AccountMgr::LoadRBAC()
result = LoginDatabase.Query("SELECT id, name FROM rbac_groups");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account group definitions. DB table `rbac_groups` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account group definitions. DB table `rbac_groups` is empty.");
return;
}
@@ -481,7 +470,7 @@ void AccountMgr::LoadRBAC()
result = LoginDatabase.Query("SELECT groupId, roleId FROM rbac_group_roles");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account group-role definitions. DB table `rbac_group_roles` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account group-role definitions. DB table `rbac_group_roles` is empty.");
return;
}
@@ -498,7 +487,7 @@ void AccountMgr::LoadRBAC()
result = LoginDatabase.Query("SELECT secId, groupId FROM rbac_security_level_groups ORDER by secId ASC");
if (!result)
{
- TC_LOG_INFO(LOG_FILTER_SQL, ">> Loaded 0 account default groups for security levels definitions. DB table `rbac_security_level_groups` is empty.");
+ TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account default groups for security levels definitions. DB table `rbac_security_level_groups` is empty.");
return;
}
@@ -517,54 +506,12 @@ void AccountMgr::LoadRBAC()
while (result->NextRow());
TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded %u permission definitions, %u role definitions and %u group definitions in %u ms", count1, count2, count3, GetMSTimeDiffToNow(oldMSTime));
-
- TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading default groups");
- // Load default groups to be added to any RBAC Object.
- std::string defaultGroups = sConfigMgr->GetStringDefault("RBAC.DefaultGroups", "");
- Tokenizer tokens(defaultGroups, ',');
- for (Tokenizer::const_iterator itr = tokens.begin(); itr != tokens.end(); ++itr)
- if (uint32 groupId = atoi(*itr))
- _defaultGroups.insert(groupId);
}
void AccountMgr::UpdateAccountAccess(rbac::RBACData* rbac, uint32 accountId, uint8 securityLevel, int32 realmId)
{
- int32 serverRealmId = realmId != -1 ? realmId : sConfigMgr->GetIntDefault("RealmID", 0);
- bool needDelete = false;
- if (!rbac)
- {
- needDelete = true;
- rbac = new rbac::RBACData(accountId, "", serverRealmId);
- rbac->LoadFromDB();
- }
-
- // Get max security level and realm (checking current realm and -1)
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ACCESS_BY_ID);
- stmt->setUInt32(0, accountId);
- stmt->setInt32(1, serverRealmId);
- PreparedQueryResult result = LoginDatabase.Query(stmt);
- if (result)
- {
- do
- {
- Field* field = result->Fetch();
- uint8 secLevel = field[0].GetUInt8();
- int32 realmId = field[1].GetUInt32();
-
- rbac::RBACGroupContainer const& groupsToRemove = _defaultSecGroups[secLevel];
- for (rbac::RBACGroupContainer::const_iterator it = groupsToRemove.begin(); it != groupsToRemove.end(); ++it)
- rbac->RemoveGroup(*it, realmId);
- }
- while (result->NextRow());
- }
-
- // Add new groups depending on the new security Level
- rbac::RBACGroupContainer const& groupsToAdd = _defaultSecGroups[securityLevel];
- for (rbac::RBACGroupContainer::const_iterator it = groupsToAdd.begin(); it != groupsToAdd.end(); ++it)
- rbac->AddGroup(*it, realmId);
-
- if (needDelete)
- delete rbac;
+ if (rbac)
+ rbac->SetSecurityLevel(securityLevel);
// Delete old security level from DB
if (realmId == -1)
@@ -653,6 +600,5 @@ void AccountMgr::ClearRBAC()
_permissions.clear();
_roles.clear();
_groups.clear();
- _defaultGroups.clear();
_defaultSecGroups.clear();
}
diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h
index d143e28ba05..8b2e77d3e9b 100644
--- a/src/server/game/Accounts/AccountMgr.h
+++ b/src/server/game/Accounts/AccountMgr.h
@@ -93,7 +93,7 @@ class AccountMgr
rbac::RBACGroupsContainer const& GetRBACGroupList() const { return _groups; }
rbac::RBACRolesContainer const& GetRBACRoleList() const { return _roles; }
rbac::RBACPermissionsContainer const& GetRBACPermissionList() const { return _permissions; }
- rbac::RBACGroupContainer const& GetRBACDefaultGroups() const { return _defaultGroups; }
+ rbac::RBACGroupContainer const& GetRBACDefaultGroups(uint8 secLevel) { return _defaultSecGroups[secLevel]; }
private:
void ClearRBAC();
@@ -101,7 +101,6 @@ class AccountMgr
rbac::RBACRolesContainer _roles;
rbac::RBACGroupsContainer _groups;
rbac::RBACDefaultSecurityGroupContainer _defaultSecGroups;
- rbac::RBACGroupContainer _defaultGroups;
};
#define sAccountMgr ACE_Singleton<AccountMgr, ACE_Null_Mutex>::instance()
diff --git a/src/server/game/Accounts/RBAC.cpp b/src/server/game/Accounts/RBAC.cpp
index 27669f1b012..d8333ce74d8 100644
--- a/src/server/game/Accounts/RBAC.cpp
+++ b/src/server/game/Accounts/RBAC.cpp
@@ -390,6 +390,8 @@ RBACCommandResult RBACData::RevokePermission(uint32 permissionId, int32 realmId
void RBACData::LoadFromDB()
{
+ ClearData();
+
TC_LOG_INFO(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]", GetId(), GetName().c_str());
TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Loading groups", GetId(), GetName().c_str());
@@ -451,7 +453,7 @@ void RBACData::LoadFromDB()
TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Adding default groups", GetId(), GetName().c_str());
// Add default groups
- RBACGroupContainer const& groups = sAccountMgr->GetRBACDefaultGroups();
+ RBACGroupContainer const& groups = sAccountMgr->GetRBACDefaultGroups(GetSecurityLevel());
for (RBACGroupContainer::const_iterator itr = groups.begin(); itr != groups.end(); ++itr)
AddGroup(*itr);
@@ -496,4 +498,14 @@ void RBACData::CalculateNewPermissions()
_globalPerms &= ~role->GetPermissions();
}
+void RBACData::ClearData()
+{
+ _groups.clear();
+ _grantedRoles.clear();
+ _deniedRoles.clear();
+ _grantedPerms.reset();
+ _deniedPerms.reset();
+ _globalPerms.reset();
+}
+
}
diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h
index 4b655692701..039492d6a6e 100644
--- a/src/server/game/Accounts/RBAC.h
+++ b/src/server/game/Accounts/RBAC.h
@@ -780,8 +780,8 @@ class RBACGroup: public RBACObject
class RBACData: public RBACObject
{
public:
- RBACData(uint32 id, std::string const& name, int32 realmId):
- RBACObject(id, name), _realmId(realmId) { }
+ RBACData(uint32 id, std::string const& name, int32 realmId, uint8 secLevel = 0):
+ RBACObject(id, name), _realmId(realmId), _secLevel(secLevel) { }
/**
* @name HasPermission
@@ -1005,11 +1005,23 @@ class RBACData: public RBACObject
/// Loads all permissions, groups and roles assigned to current account
void LoadFromDB();
+
+ /// Sets security level
+ void SetSecurityLevel(uint8 id)
+ {
+ _secLevel = id;
+ LoadFromDB();
+ }
+
+ /// Returns the security level assigned
+ uint8 GetSecurityLevel() const { return _secLevel; }
private:
/// Saves a role to DB, Granted or Denied
void SaveRole(uint32 role, bool granted, int32 realm);
/// Saves a permission to DB, Granted or Denied
void SavePermission(uint32 role, bool granted, int32 realm);
+ /// Clears roles, groups and permissions - Used for reload
+ void ClearData();
/**
* @name CalculateNewPermissions
@@ -1025,6 +1037,7 @@ class RBACData: public RBACObject
int32 GetRealmId() { return _realmId; }
int32 _realmId; ///> RealmId Affected
+ uint8 _secLevel; ///> Account SecurityLevel
RBACGroupContainer _groups; ///> Granted groups
RBACRoleContainer _grantedRoles; ///> Granted roles
RBACRoleContainer _deniedRoles; ///> Denied roles
diff --git a/src/server/game/Server/WorldSession.cpp b/src/server/game/Server/WorldSession.cpp
index 42359a95633..c60b09438c1 100644
--- a/src/server/game/Server/WorldSession.cpp
+++ b/src/server/game/Server/WorldSession.cpp
@@ -1189,12 +1189,13 @@ void WorldSession::LoadPermissions()
uint32 id = GetAccountId();
std::string name;
AccountMgr::GetName(id, name);
+ uint8 secLevel = GetSecurity();
- _RBACData = new rbac::RBACData(id, name, realmID);
+ _RBACData = new rbac::RBACData(id, name, realmID, secLevel);
_RBACData->LoadFromDB();
- TC_LOG_DEBUG(LOG_FILTER_RBAC, "WorldSession::LoadPermissions [AccountId: %u, Name: %s, realmId: %d]",
- id, name.c_str(), realmID);
+ TC_LOG_DEBUG(LOG_FILTER_RBAC, "WorldSession::LoadPermissions [AccountId: %u, Name: %s, realmId: %d, secLevel: %u]",
+ id, name.c_str(), realmID, secLevel);
}
rbac::RBACData* WorldSession::GetRBACData()
diff --git a/src/server/worldserver/worldserver.conf.dist b/src/server/worldserver/worldserver.conf.dist
index 62008a3eb38..23db3330943 100644
--- a/src/server/worldserver/worldserver.conf.dist
+++ b/src/server/worldserver/worldserver.conf.dist
@@ -1131,14 +1131,6 @@ DBC.EnforceItemAttributes = 1
AccountInstancesPerHour = 5
#
-# RBAC.DefaultGroups
-# Description: Comma separated list of groups to be added to any account
-# Check auth.rbac_groups for correct ids
-# Default: "" (No group)
-
-RBAC.DefaultGroups = ""
-
-#
# Account.PasswordChangeSecurity
# Description: Controls how secure the password changes are.
# Default: 0 - None (Old and new password)