[s] Moves sensitive data out of GLOB (#26039)

* Moves sensitive data out of GLOB * Make it a real boy * Whoops
2025-12-10 18:11:47 +00:00 · 2017-04-12 13:53:14 -04:00
parent 0fb598f55e
commit a1403bc424
16 changed files with 72 additions and 83 deletions
--- a/code/__DATASTRUCTURES/globals.dm
+++ b/code/__DATASTRUCTURES/globals.dm
@@ -16,6 +16,7 @@
 #define GLOBAL_PROTECT(X)
 #endif

+#define GLOBAL_REAL_VAR(X) var/global/##X
 #define GLOBAL_REAL(X, Typepath) var/global##Typepath/##X

 #define GLOBAL_RAW(X) /datum/controller/global_vars/var/global##X
--- a/code/__HELPERS/text.dm
+++ b/code/__HELPERS/text.dm
@@ -19,7 +19,7 @@
 	return copytext(sqltext, 2, lentext(sqltext));//Quote() adds quotes around input, we already do that

 /proc/format_table_name(table as text)
-	return GLOB.sqlfdbktableprefix + table
+	return global.sqlfdbktableprefix + table

 /*
 * Text sanitization
--- a/code/_globalvars/configuration.dm
+++ b/code/_globalvars/configuration.dm
@@ -23,20 +23,6 @@ GLOBAL_VAR_INIT(tinted_weldhelh, TRUE)
 GLOBAL_VAR_INIT(Debug, FALSE)	// global debug switch
 GLOBAL_VAR_INIT(Debug2, FALSE)

-//Server API key
-GLOBAL_VAR_INIT(comms_key, "default_pwd")
-GLOBAL_PROTECT(comms_key)
-GLOBAL_VAR_INIT(comms_allowed, FALSE) //By default, the server does not allow messages to be sent to it, unless the key is strong enough (this is to prevent misconfigured servers from becoming vulnerable)
-GLOBAL_PROTECT(comms_allowed)
-
-GLOBAL_VAR(medal_hub)
-GLOBAL_PROTECT(medal_hub)
-GLOBAL_VAR_INIT(medal_pass, " ")
-GLOBAL_PROTECT(medal_pass)
-GLOBAL_VAR_INIT(medals_enabled, TRUE)	//will be auto set to false if the game fails contacting the medal hub to prevent unneeded calls.
-GLOBAL_PROTECT(medals_enabled)
-
-
 //This was a define, but I changed it to a variable so it can be changed in-game.(kept the all-caps definition because... code...) -Errorage
 GLOBAL_VAR_INIT(MAX_EX_DEVESTATION_RANGE, 3)
 GLOBAL_VAR_INIT(MAX_EX_HEAVY_RANGE, 7)
--- a/code/_globalvars/database.dm
+++ b/code/_globalvars/database.dm
@@ -1,19 +0,0 @@
-	// MySQL configuration
-
-GLOBAL_VAR_INIT(sqladdress, "localhost")
-GLOBAL_PROTECT(sqladdress)
-GLOBAL_VAR_INIT(sqlport, "3306")
-GLOBAL_PROTECT(sqlport)
-GLOBAL_VAR_INIT(sqlfdbkdb, "test")
-GLOBAL_PROTECT(sqlfdbkdb)
-GLOBAL_VAR_INIT(sqlfdbklogin, "root")
-GLOBAL_PROTECT(sqlfdbklogin)
-GLOBAL_VAR_INIT(sqlfdbkpass, "")
-GLOBAL_PROTECT(sqlfdbkpass)
-GLOBAL_VAR_INIT(sqlfdbktableprefix, "erro_") //backwords compatibility with downstream server hosts
-GLOBAL_PROTECT(sqlfdbktableprefix)
-
-//Database connections
-//A connection is established on world creation. Ideally, the connection dies when the server restarts (After feedback logging.).
-GLOBAL_DATUM_INIT(dbcon, /DBConnection, new)	//Feedback database (New database)
-GLOBAL_PROTECT(dbcon)
--- a/code/_globalvars/misc.dm
+++ b/code/_globalvars/misc.dm
@@ -7,3 +7,15 @@ GLOBAL_VAR_INIT(timezoneOffset, 0) // The difference betwen midnight (of the hos
 GLOBAL_VAR_INIT(fileaccess_timer, 0)

 GLOBAL_VAR_INIT(TAB, "&nbsp;&nbsp;&nbsp;&nbsp;")
+
+GLOBAL_DATUM(data_core, /datum/datacore)
+
+GLOBAL_VAR_INIT(CELLRATE, 0.002)  // multiplier for watts per tick <> cell storage (eg: .002 means if there is a load of 1000 watts, 20 units will be taken from a cell per second)
+GLOBAL_VAR_INIT(CHARGELEVEL, 0.001) // Cap for how fast cells charge, as a percentage-per-tick (.001 means cellcharge is capped to 1% per second)
+
+GLOBAL_LIST_EMPTY(powernets)
+
+//Database connections
+//A connection is established on world creation. Ideally, the connection dies when the server restarts (After feedback logging.).
+GLOBAL_DATUM_INIT(dbcon, /DBConnection, new)	//Feedback database (New database)
+GLOBAL_PROTECT(dbcon)
--- a/code/_globalvars/sensitive.dm
+++ b/code/_globalvars/sensitive.dm
@@ -0,0 +1,16 @@
+//Server API key
+GLOBAL_REAL_VAR(comms_key) = "default_pwd"
+GLOBAL_REAL_VAR(comms_allowed) = FALSE //By default, the server does not allow messages to be sent to it, unless the key is strong enough (this is to prevent misconfigured servers from becoming vulnerable)
+
+GLOBAL_REAL_VAR(medal_hub)
+GLOBAL_REAL_VAR(medal_pass) = " "
+GLOBAL_REAL_VAR(medals_enabled) = TRUE	//will be auto set to false if the game fails contacting the medal hub to prevent unneeded calls.
+
+// MySQL configuration
+
+GLOBAL_REAL_VAR(sqladdress) = "localhost"
+GLOBAL_REAL_VAR(sqlport) = "3306"
+GLOBAL_REAL_VAR(sqlfdbkdb) = "test"
+GLOBAL_REAL_VAR(sqlfdbklogin) = "root"
+GLOBAL_REAL_VAR(sqlfdbkpass) = ""
+GLOBAL_REAL_VAR(sqlfdbktableprefix) = "erro_"
--- a/code/_globalvars/station.dm
+++ b/code/_globalvars/station.dm
@@ -1,6 +0,0 @@
-GLOBAL_DATUM(data_core, /datum/datacore)
-
-GLOBAL_VAR_INIT(CELLRATE, 0.002)  // multiplier for watts per tick <> cell storage (eg: .002 means if there is a load of 1000 watts, 20 units will be taken from a cell per second)
-GLOBAL_VAR_INIT(CHARGELEVEL, 0.001) // Cap for how fast cells charge, as a percentage-per-tick (.001 means cellcharge is capped to 1% per second)
-
-GLOBAL_LIST_EMPTY(powernets)
--- a/code/controllers/configuration.dm
+++ b/code/controllers/configuration.dm
@@ -421,9 +421,9 @@
 				if("automute_on")
 					automute_on = 1
 				if("comms_key")
-					GLOB.comms_key = value
+					global.comms_key = value
 					if(value != "default_pwd" && length(value) > 6) //It's the default value or less than 6 characters long, warn badmins
-						GLOB.comms_allowed = 1
+						global.comms_allowed = 1
 				if("cross_server_address")
 					cross_address = value
 					if(value != "byond:\\address:port")
@@ -437,9 +437,9 @@
 					if(value != "byond:\\address:port")
 						allow_panic_bunker_bounce = 1
 				if("medal_hub_address")
-					GLOB.medal_hub = value
+					global.medal_hub = value
 				if("medal_hub_password")
-					GLOB.medal_pass = value
+					global.medal_pass = value
 				if("show_irc_name")
 					config.showircname = 1
 				if("see_own_notes")
@@ -843,17 +843,17 @@
 			if("sql_enabled")
 				config.sql_enabled = 1
 			if("address")
-				GLOB.sqladdress = value
+				global.sqladdress = value
 			if("port")
-				GLOB.sqlport = value
+				global.sqlport = value
 			if("feedback_database")
-				GLOB.sqlfdbkdb = value
+				global.sqlfdbkdb = value
 			if("feedback_login")
-				GLOB.sqlfdbklogin = value
+				global.sqlfdbklogin = value
 			if("feedback_password")
-				GLOB.sqlfdbkpass = value
+				global.sqlfdbkpass = value
 			if("feedback_tableprefix")
-				GLOB.sqlfdbktableprefix = value
+				global.sqlfdbktableprefix = value
 			else
 				GLOB.diary << "Unknown setting in configuration: '[name]'"

--- a/code/modules/admin/verbs/adminhelp.dm
+++ b/code/modules/admin/verbs/adminhelp.dm
@@ -172,7 +172,7 @@
 		message["message_sender"] = source
 		message["message"] = msg
 		message["source"] = "([config.cross_name])"
-		message["key"] = GLOB.comms_key
+		message["key"] = global.comms_key
 		message["crossmessage"] = type

 		world.Export("[config.cross_address]?[list2params(message)]")
--- a/code/modules/admin/verbs/debug.dm
+++ b/code/modules/admin/verbs/debug.dm
@@ -755,11 +755,11 @@ But you can call procs that are of type /mob/living/carbon/human/proc/ for that
 	if(!holder)
 		return

-	GLOB.medals_enabled = !GLOB.medals_enabled
+	global.medals_enabled = !global.medals_enabled

-	message_admins("<span class='adminnotice'>[key_name_admin(src)] [GLOB.medals_enabled ? "disabled" : "enabled"] the medal hub lockout.</span>")
+	message_admins("<span class='adminnotice'>[key_name_admin(src)] [global.medals_enabled ? "disabled" : "enabled"] the medal hub lockout.</span>")
 	feedback_add_details("admin_verb","Toggle Medal Disable") // If...
-	log_admin("[key_name(src)] [GLOB.medals_enabled ? "disabled" : "enabled"] the medal hub lockout.")
+	log_admin("[key_name(src)] [global.medals_enabled ? "disabled" : "enabled"] the medal hub lockout.")

 /client/proc/view_runtimes()
 	set category = "Debug"
--- a/code/modules/client/client_procs.dm
+++ b/code/modules/client/client_procs.dm
@@ -264,7 +264,7 @@ GLOBAL_LIST(external_rsc_urls)
 		add_admin_verbs()
 		to_chat(src, get_message_output("memo"))
 		adminGreet()
-		if((GLOB.comms_key == "default_pwd" || length(GLOB.comms_key) <= 6) && GLOB.comms_allowed) //It's the default value or less than 6 characters long, but it somehow didn't disable comms.
+		if((global.comms_key == "default_pwd" || length(global.comms_key) <= 6) && global.comms_allowed) //It's the default value or less than 6 characters long, but it somehow didn't disable comms.
 			to_chat(src, "<span class='danger'>The server's API key is either too short or is the default value! Consider changing it immediately!</span>")

 	add_verbs_from_config()
--- a/code/modules/mob/living/simple_animal/hostile/megafauna/megafauna.dm
+++ b/code/modules/mob/living/simple_animal/hostile/megafauna/megafauna.dm
@@ -118,7 +118,7 @@
 	if(admin_spawned)
 		return FALSE

-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)
 		for(var/mob/living/L in view(7,src))
 			if(L.stat)
 				continue
@@ -135,11 +135,11 @@

 	if(!player || !medal)
 		return
-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)
 		spawn()
-			var/result = world.SetMedal(medal, player, GLOB.medal_hub, GLOB.medal_pass)
+			var/result = world.SetMedal(medal, player, global.medal_hub, global.medal_pass)
 			if(isnull(result))
-				GLOB.medals_enabled = FALSE
+				global.medals_enabled = FALSE
 				log_game("MEDAL ERROR: Could not contact hub to award medal:[medal] player:[player.ckey]")
 				message_admins("Error! Failed to contact hub to award [medal] medal to [player.ckey]!")
 			else if (result)
@@ -150,7 +150,7 @@

 	if(!score || !player)
 		return
-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)
 		spawn()
 			var/list/oldscore = GetScore(score,player,1)

@@ -164,10 +164,10 @@

 			var/newscoreparam = list2params(oldscore)

-			var/result = world.SetScores(player.ckey, newscoreparam, GLOB.medal_hub, GLOB.medal_pass)
+			var/result = world.SetScores(player.ckey, newscoreparam, global.medal_hub, global.medal_pass)

 			if(isnull(result))
-				GLOB.medals_enabled = FALSE
+				global.medals_enabled = FALSE
 				log_game("SCORE ERROR: Could not contact hub to set score. Score:[score] player:[player.ckey]")
 				message_admins("Error! Failed to contact hub to set [score] score for [player.ckey]!")

@@ -176,11 +176,11 @@

 	if(!score || !player)
 		return
-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)

-		var/scoreget = world.GetScores(player.ckey, score, GLOB.medal_hub, GLOB.medal_pass)
+		var/scoreget = world.GetScores(player.ckey, score, global.medal_hub, global.medal_pass)
 		if(isnull(scoreget))
-			GLOB.medals_enabled = FALSE
+			global.medals_enabled = FALSE
 			log_game("SCORE ERROR: Could not contact hub to get score. Score:[score] player:[player.ckey]")
 			message_admins("Error! Failed to contact hub to get score: [score] for [player.ckey]!")
 			return
@@ -197,12 +197,12 @@

 	if(!player || !medal)
 		return
-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)

-		var/result = world.GetMedal(medal, player, GLOB.medal_hub, GLOB.medal_pass)
+		var/result = world.GetMedal(medal, player, global.medal_hub, global.medal_pass)

 		if(isnull(result))
-			GLOB.medals_enabled = FALSE
+			global.medals_enabled = FALSE
 			log_game("MEDAL ERROR: Could not contact hub to get medal:[medal] player:[player.ckey]")
 			message_admins("Error! Failed to contact hub to get [medal] medal for [player.ckey]!")
 		else if (result)
@@ -212,12 +212,12 @@

 	if(!player || !medal)
 		return
-	if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+	if(global.medal_hub && global.medal_pass && global.medals_enabled)

-		var/result = world.ClearMedal(medal, player, GLOB.medal_hub, GLOB.medal_pass)
+		var/result = world.ClearMedal(medal, player, global.medal_hub, global.medal_pass)

 		if(isnull(result))
-			GLOB.medals_enabled = FALSE
+			global.medals_enabled = FALSE
 			log_game("MEDAL ERROR: Could not contact hub to clear medal:[medal] player:[player.ckey]")
 			message_admins("Error! Failed to contact hub to clear [medal] medal for [player.ckey]!")
 		else if (result)
@@ -227,6 +227,6 @@


 /proc/ClearScore(client/player)
-	world.SetScores(player.ckey, "", GLOB.medal_hub, GLOB.medal_pass)
+	world.SetScores(player.ckey, "", global.medal_hub, global.medal_pass)

 #undef MEDAL_PREFIX
--- a/code/modules/mob/living/simple_animal/hostile/mining_mobs.dm
+++ b/code/modules/mob/living/simple_animal/hostile/mining_mobs.dm
@@ -1014,7 +1014,7 @@
 			last_tendril = FALSE
 			break
 	if(last_tendril && !admin_spawned)
-		if(GLOB.medal_hub && GLOB.medal_pass && GLOB.medals_enabled)
+		if(global.medal_hub && global.medal_pass && global.medals_enabled)
 			for(var/mob/living/L in view(7,src))
 				if(L.stat)
 					continue
--- a/code/orphaned_procs/dbcore.dm
+++ b/code/orphaned_procs/dbcore.dm
@@ -63,11 +63,11 @@ DBConnection/proc/Connect()
 	if(failed_connections > FAILED_DB_CONNECTION_CUTOFF)	//If it failed to establish a connection more than 5 times in a row, don't bother attempting to connect anymore.
 		return FALSE

-	var/user = GLOB.sqlfdbklogin
-	var/pass = GLOB.sqlfdbkpass
-	var/db = GLOB.sqlfdbkdb
-	var/address = GLOB.sqladdress
-	var/port = GLOB.sqlport
+	var/user = global.sqlfdbklogin
+	var/pass = global.sqlfdbkpass
+	var/db = global.sqlfdbkdb
+	var/address = global.sqladdress
+	var/port = global.sqlport

 	doConnect("dbi:mysql:[db]:[address]:[port]","[user]","[pass]")
 	. = IsConnected()
@@ -98,7 +98,7 @@ DBConnection/proc/ErrorMsg() return _dm_db_error_msg(_db_con)
 DBConnection/proc/SelectDB(database_name,dbi)
 	if(IsConnected()) Disconnect()
 	//return Connect("[dbi?"[dbi]":"dbi:mysql:[database_name]:[DB_SERVER]:[DB_PORT]"]",user,password)
-	return Connect("[dbi?"[dbi]":"dbi:mysql:[database_name]:[GLOB.sqladdress]:[GLOB.sqlport]"]",user,password)
+	return Connect("[dbi?"[dbi]":"dbi:mysql:[database_name]:[global.sqladdress]:[global.sqlport]"]",user,password)
 DBConnection/proc/NewQuery(sql_query,cursor_handler=src.default_cursor) return new/DBQuery(sql_query,src,cursor_handler)


--- a/code/world.dm
+++ b/code/world.dm
@@ -64,7 +64,7 @@
 		GLOB.diary << "TOPIC: \"[T]\", from:[addr], master:[master], key:[key]"

 	var/list/input = params2list(T)
-	var/key_valid = (GLOB.comms_allowed && input["key"] == GLOB.comms_key)
+	var/key_valid = (global.comms_allowed && input["key"] == global.comms_key)
 	var/static/last_irc_status = 0

 	if("ping" in input)
--- a/tgstation.dme
+++ b/tgstation.dme
@@ -94,12 +94,11 @@
 #include "code\__HELPERS\sorts\MergeSort.dm"
 #include "code\__HELPERS\sorts\TimSort.dm"
 #include "code\_globalvars\configuration.dm"
-#include "code\_globalvars\database.dm"
 #include "code\_globalvars\game_modes.dm"
 #include "code\_globalvars\genetics.dm"
 #include "code\_globalvars\logging.dm"
 #include "code\_globalvars\misc.dm"
-#include "code\_globalvars\station.dm"
+#include "code\_globalvars\sensitive.dm"
 #include "code\_globalvars\lists\flavor_misc.dm"
 #include "code\_globalvars\lists\mapping.dm"
 #include "code\_globalvars\lists\mobs.dm"