Commit 3632b9c3 authored by Rob Swindell's avatar Rob Swindell 💬
Browse files

Change the semantics of the "Allow Sysop Logins" setting in SCFG->System

As Andre pointed out while documenting this setting on the wiki, the option seemed confusing: if a sysop could not login with "system operator access", how could they login at all? Answer: they could not.

This setting used to be called "Allow Remote Sysop Logins", back when there was the concept of a "local login", so setting this option to "No" would mean that user accounts with sysop access could only be used for *local* login. But in Synchronet v3, there's really no such concept as a "local login", so it was changed to just "Allow Sysop Logins" (period) and not a lot of thought given to how/why a sysop would actually set to this "No" or what the implications would be (presumably, nobody ever sets this to "No").

So rather than just get rid if the option altogether, I changed it to mean: an account with sysop access (i.e. level 90+) can still login, but any action that normally requires the system password will not be allowed. This includes the sysop-actions available in the FTP server when authenticating with <user-pass>:<system-pass> as the password. The sysop-user can still authenticate (and login), but none of those sysop-actions will be available to them.
parent b3c536e4
Pipeline #2753 passed with stage
in 9 minutes and 21 seconds
......@@ -115,7 +115,7 @@ bool sbbs_t::answer()
console&=~(CON_R_ECHOX|CON_L_ECHOX);
}
else {
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN)) {
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN) && (cfg.sys_misc&SM_R_SYSOP)) {
rioctl(IOFI); /* flush input buffer */
if(!chksyspass())
bputs(text[InvalidLogon]);
......@@ -216,7 +216,7 @@ bool sbbs_t::answer()
}
else {
SAFECOPY(rlogin_pass, tmp);
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN)) {
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN) && (cfg.sys_misc&SM_R_SYSOP)) {
rioctl(IOFI); /* flush input buffer */
if(!chksyspass())
bputs(text[InvalidLogon]);
......
......@@ -2470,8 +2470,11 @@ static void ctrl_thread(void* arg)
putuserrec(&scfg,user.number,U_NETMAIL,LEN_NETMAIL,password);
}
else if(user.level>=SYSOP_LEVEL && !stricmp(password,sys_pass)) {
lprintf(LOG_INFO,"%04d <%s> Sysop access granted", sock, user.alias);
sysop=TRUE;
if(scfg.sys_misc&SM_R_SYSOP) {
lprintf(LOG_INFO,"%04d <%s> Sysop access granted", sock, user.alias);
sysop=TRUE;
} else
lprintf(LOG_NOTICE, "%04d <%s> Remote sysop access disabled", sock, user.alias);
}
else if(stricmp(password,user.pass)) {
if(scfg.sys_misc&SM_ECHO_PW)
......
......@@ -138,7 +138,7 @@ int sbbs_t::login(char *username, char *pw_prompt, const char* user_pw, const ch
useron.misc=useron_misc;
return(LOGIC_FALSE);
}
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN) && !chksyspass(sys_pw)) {
if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN) && (cfg.sys_misc&SM_R_SYSOP) && !chksyspass(sys_pw)) {
bputs(text[InvalidLogon]);
useron.number=0;
useron.misc=useron_misc;
......
......@@ -57,10 +57,6 @@ bool sbbs_t::logon()
if(useron.rest&FLAG('Q'))
sys_status ^= SS_QWKLOGON;
if(SYSOP && !(cfg.sys_misc&SM_R_SYSOP)) {
hangup();
return(false);
}
if(useron.rest&FLAG('G')) { /* Guest account */
useron.misc=(cfg.new_misc&(~ASK_NSCAN));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment