Leahnaya/friends
1
0
Fork 0
mirror of https://github.com/PretendoNetwork/friends.git synced 2026-03-21 18:04:11 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: randomize kerberos password at boot
Some checks are pending
Build and Publish Docker Image / build-publish (push) Waiting to run
Details

Browse Source
This commit is contained in:
Jonathan Barrow 2025-02-15 23:39:06 -05:00
parent 8432cfd6d5
commit 95b3843bee
No known key found for this signature in database
GPG Key ID: 2A7DAA6DED5A77E5
2 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -87,8 +87,6 @@ All configuration options are handled via environment variables
| Name | Description | Required |
|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------|
| `PN_FRIENDS_CONFIG_DATABASE_URI` | Fully qualified URI to your Postgres server (Example `postgres://username:password@localhost/friends?sslmode=disable`) | Yes |
| `PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD` | The password of the authentication server user account. | Yes |
| `PN_FRIENDS_CONFIG_SECURE_PASSWORD` | The password of the secure server user account. Used as part of the internal server data in Kerberos tickets | Yes |
| `PN_FRIENDS_CONFIG_AES_KEY` | AES key used in tokens provided by the account server | Yes |
| `PN_FRIENDS_CONFIG_GRPC_API_KEY` | API key for your GRPC server | No (Assumed to be an open gRPC API) |
| `PN_FRIENDS_GRPC_SERVER_PORT` | Port for the GRPC server | Yes |

22
init.go
View File

@ -2,6 +2,7 @@ package main
import (
"cmp"
"crypto/rand"
"encoding/hex"
"fmt"
"os"
@ -36,8 +37,6 @@ func init() {
postgresURI := os.Getenv("PN_FRIENDS_CONFIG_DATABASE_URI")
databaseMaxConnectionsStr := cmp.Or(os.Getenv("PN_FRIENDS_CONFIG_DATABASE_MAX_CONNECTIONS"), "100")
authenticationServerPassword := os.Getenv("PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD")
secureServerPassword := os.Getenv("PN_FRIENDS_CONFIG_SECURE_PASSWORD")
aesKey := os.Getenv("PN_FRIENDS_CONFIG_AES_KEY")
grpcAPIKey := os.Getenv("PN_FRIENDS_CONFIG_GRPC_API_KEY")
grpcServerPort := os.Getenv("PN_FRIENDS_GRPC_SERVER_PORT")
@ -62,21 +61,18 @@ func init() {
globals.DatabaseMaxConnections = databaseMaxConnections
}
if strings.TrimSpace(authenticationServerPassword) == "" {
globals.Logger.Error("PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD environment variable not set")
kerberosPassword := make([]byte, 0x10)
_, err = rand.Read(kerberosPassword)
if err != nil {
globals.Logger.Error("Error generating Kerberos password")
os.Exit(0)
}
globals.AuthenticationServerAccount = nex.NewAccount(nex_types.NewPID(1), "Quazal Authentication", authenticationServerPassword)
globals.KerberosPassword = string(kerberosPassword)
if strings.TrimSpace(secureServerPassword) == "" {
globals.Logger.Error("PN_FRIENDS_CONFIG_SECURE_PASSWORD environment variable not set")
os.Exit(0)
}
globals.SecureServerAccount = nex.NewAccount(nex_types.NewPID(2), "Quazal Rendez-Vous", secureServerPassword)
globals.GuestAccount = nex.NewAccount(nex_types.NewPID(100), "guest", "MMQea3n!fsik") // * Guest account password is always the same, known to all consoles
globals.AuthenticationServerAccount = nex.NewAccount(nex_types.NewPID(1), "Quazal Authentication", globals.KerberosPassword)
globals.SecureServerAccount = nex.NewAccount(nex_types.NewPID(2), "Quazal Rendez-Vous", globals.KerberosPassword)
globals.GuestAccount = nex.NewAccount(nex_types.NewPID(100), "guest", "MMQea3n!fsik") // * Guest account password is always the same, known to all consoles. Only allow on the friends server
if strings.TrimSpace(aesKey) == "" {
globals.Logger.Error("PN_FRIENDS_CONFIG_AES_KEY environment variable not set")