From 75b6051b7ae3aade1f06c8eb2bb915add4f317d1 Mon Sep 17 00:00:00 2001 From: Patric Stout Date: Mon, 28 Jun 2021 16:39:48 +0200 Subject: Change: move sensitive information to secrets.cfg and private information to private.cfg We often ask people for their openttd.cfg, which now includes their passwords, usernames, etc. It is easy for people to overlook this, unwillingly sharing information they shouldn't. By splitting this information over either private.cfg or secrets.cfg, we make it more obvious they shouldn't be sharing those files, and hint to what is inside them. --- src/table/settings/CMakeLists.txt | 2 + src/table/settings/network_private_settings.ini | 68 +++++++++++++++++++++ src/table/settings/network_secrets_settings.ini | 76 ++++++++++++++++++++++++ src/table/settings/network_settings.ini | 78 ------------------------- 4 files changed, 146 insertions(+), 78 deletions(-) create mode 100644 src/table/settings/network_private_settings.ini create mode 100644 src/table/settings/network_secrets_settings.ini (limited to 'src/table/settings') diff --git a/src/table/settings/CMakeLists.txt b/src/table/settings/CMakeLists.txt index 802b6b42d..f4d3c209e 100644 --- a/src/table/settings/CMakeLists.txt +++ b/src/table/settings/CMakeLists.txt @@ -7,6 +7,8 @@ set(TABLE_INI_SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/gameopt_settings.ini ${CMAKE_CURRENT_SOURCE_DIR}/misc_settings.ini ${CMAKE_CURRENT_SOURCE_DIR}/network_settings.ini + ${CMAKE_CURRENT_SOURCE_DIR}/network_private_settings.ini + ${CMAKE_CURRENT_SOURCE_DIR}/network_secrets_settings.ini ${CMAKE_CURRENT_SOURCE_DIR}/settings.ini ${CMAKE_CURRENT_SOURCE_DIR}/win32_settings.ini ${CMAKE_CURRENT_SOURCE_DIR}/window_settings.ini diff --git a/src/table/settings/network_private_settings.ini b/src/table/settings/network_private_settings.ini new file mode 100644 index 000000000..76fbd373a --- /dev/null +++ b/src/table/settings/network_private_settings.ini @@ -0,0 +1,68 @@ +; This file is part of OpenTTD. +; OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. +; OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +; See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see . +; + +; Network settings as stored in the private configuration file ("private.cfg"). + +[pre-amble] +static const SettingVariant _network_private_settings[] = { +[post-amble] +}; +[templates] +SDTC_SSTR = SDTC_SSTR( $var, $type, $flags, $def, $length, $pre_cb, $post_cb, $from, $to, $cat, $extra, $startup), + +[validation] + +[defaults] +flags = SF_NONE +interval = 0 +str = STR_NULL +strhelp = STR_CONFIG_SETTING_NO_EXPLANATION_AVAILABLE_HELPTEXT +strval = STR_NULL +pre_cb = nullptr +post_cb = nullptr +load = nullptr +from = SL_MIN_VERSION +to = SL_MAX_VERSION +cat = SC_ADVANCED +extra = 0 +startup = false + + + +[SDTC_SSTR] +var = network.client_name +type = SLE_STR +length = NETWORK_CLIENT_NAME_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = nullptr +pre_cb = NetworkValidateClientName +post_cb = NetworkUpdateClientName +cat = SC_BASIC + +[SDTC_SSTR] +var = network.server_name +type = SLE_STR +length = NETWORK_NAME_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY +def = nullptr +pre_cb = NetworkValidateServerName +post_cb = [](auto) { UpdateClientConfigValues(); } +cat = SC_BASIC + +[SDTC_SSTR] +var = network.connect_to_ip +type = SLE_STR +length = 0 +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = nullptr + +[SDTC_SSTR] +var = network.last_joined +type = SLE_STR +length = 0 +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = """" +cat = SC_EXPERT diff --git a/src/table/settings/network_secrets_settings.ini b/src/table/settings/network_secrets_settings.ini new file mode 100644 index 000000000..a408bad40 --- /dev/null +++ b/src/table/settings/network_secrets_settings.ini @@ -0,0 +1,76 @@ +; This file is part of OpenTTD. +; OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. +; OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +; See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see . +; + +; Network settings as stored in the secrets configuration file ("secrets.cfg"). + +[pre-amble] +static bool ReplaceAsteriskWithEmptyPassword(std::string &newval); + +static const SettingVariant _network_secrets_settings[] = { +[post-amble] +}; +[templates] +SDTC_SSTR = SDTC_SSTR( $var, $type, $flags, $def, $length, $pre_cb, $post_cb, $from, $to, $cat, $extra, $startup), + +[validation] + +[defaults] +flags = SF_NONE +interval = 0 +str = STR_NULL +strhelp = STR_CONFIG_SETTING_NO_EXPLANATION_AVAILABLE_HELPTEXT +strval = STR_NULL +pre_cb = nullptr +post_cb = nullptr +load = nullptr +from = SL_MIN_VERSION +to = SL_MAX_VERSION +cat = SC_ADVANCED +extra = 0 +startup = false + + + +[SDTC_SSTR] +var = network.server_password +type = SLE_STR +length = NETWORK_PASSWORD_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY +def = nullptr +pre_cb = ReplaceAsteriskWithEmptyPassword +post_cb = [](auto) { NetworkServerUpdateGameInfo(); } +cat = SC_BASIC + +[SDTC_SSTR] +var = network.rcon_password +type = SLE_STR +length = NETWORK_PASSWORD_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY +def = nullptr +pre_cb = ReplaceAsteriskWithEmptyPassword +cat = SC_BASIC + +[SDTC_SSTR] +var = network.admin_password +type = SLE_STR +length = NETWORK_PASSWORD_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY +def = nullptr +cat = SC_BASIC + +[SDTC_SSTR] +var = network.default_company_pass +type = SLE_STR +length = NETWORK_PASSWORD_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = nullptr + +[SDTC_SSTR] +var = network.network_id +type = SLE_STR +length = NETWORK_SERVER_ID_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY +def = nullptr diff --git a/src/table/settings/network_settings.ini b/src/table/settings/network_settings.ini index 5d33773c8..1317edbc7 100644 --- a/src/table/settings/network_settings.ini +++ b/src/table/settings/network_settings.ini @@ -7,7 +7,6 @@ ; Network settings as stored in the main configuration file ("openttd.cfg"). [pre-amble] -static bool ReplaceAsteriskWithEmptyPassword(std::string &newval); static void UpdateClientConfigValues(); static const SettingVariant _network_settings[] = { @@ -15,7 +14,6 @@ static const SettingVariant _network_settings[] = { }; [templates] SDTC_BOOL = SDTC_BOOL( $var, $flags, $def, $str, $strhelp, $strval, $pre_cb, $post_cb, $from, $to, $cat, $extra, $startup), -SDTC_SSTR = SDTC_SSTR( $var, $type, $flags, $def, $length, $pre_cb, $post_cb, $from, $to, $cat, $extra, $startup), SDTC_VAR = SDTC_VAR( $var, $type, $flags, $def, $min, $max, $interval, $str, $strhelp, $strval, $pre_cb, $post_cb, $from, $to, $cat, $extra, $startup), [validation] @@ -166,74 +164,6 @@ var = network.server_advertise flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY def = false -[SDTC_SSTR] -var = network.client_name -type = SLE_STR -length = NETWORK_CLIENT_NAME_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC -def = nullptr -pre_cb = NetworkValidateClientName -post_cb = NetworkUpdateClientName -cat = SC_BASIC - -[SDTC_SSTR] -var = network.server_password -type = SLE_STR -length = NETWORK_PASSWORD_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY -def = nullptr -pre_cb = ReplaceAsteriskWithEmptyPassword -post_cb = [](auto) { NetworkServerUpdateGameInfo(); } -cat = SC_BASIC - -[SDTC_SSTR] -var = network.rcon_password -type = SLE_STR -length = NETWORK_PASSWORD_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY -def = nullptr -pre_cb = ReplaceAsteriskWithEmptyPassword -cat = SC_BASIC - -[SDTC_SSTR] -var = network.admin_password -type = SLE_STR -length = NETWORK_PASSWORD_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY -def = nullptr -cat = SC_BASIC - -[SDTC_SSTR] -var = network.default_company_pass -type = SLE_STR -length = NETWORK_PASSWORD_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC -def = nullptr - -[SDTC_SSTR] -var = network.server_name -type = SLE_STR -length = NETWORK_NAME_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY -def = nullptr -pre_cb = NetworkValidateServerName -post_cb = [](auto) { UpdateClientConfigValues(); } -cat = SC_BASIC - -[SDTC_SSTR] -var = network.connect_to_ip -type = SLE_STR -length = 0 -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC -def = nullptr - -[SDTC_SSTR] -var = network.network_id -type = SLE_STR -length = NETWORK_SERVER_ID_LENGTH -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY -def = nullptr - [SDTC_BOOL] var = network.autoclean_companies flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY @@ -316,14 +246,6 @@ flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY def = false cat = SC_EXPERT -[SDTC_SSTR] -var = network.last_joined -type = SLE_STR -length = 0 -flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC -def = """" -cat = SC_EXPERT - [SDTC_BOOL] var = network.no_http_content_downloads flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC -- cgit v1.2.3-54-g00ecf