aboutsummaryrefslogtreecommitdiff
path: root/NorthstarDedicatedTest/serverauthentication.cpp
diff options
context:
space:
mode:
authorBarnaby <22575741+barnabwhy@users.noreply.github.com>2022-03-11 03:23:24 +0000
committerGitHub <noreply@github.com>2022-03-11 03:23:24 +0000
commit897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76 (patch)
treef96c5390bc8861e9088711f5bf9912b822dc7db1 /NorthstarDedicatedTest/serverauthentication.cpp
parent9837c1f79a01fa200f0991ebf3c05e5954199d3e (diff)
downloadNorthstarLauncher-897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76.tar.gz
NorthstarLauncher-897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76.zip
Add check for player name correctness (#86)
* Add player auth failure when username is faked * Fix the action error? * Split name check into different function allows unique error message * Oops * Fix allow_insecure and kick message * Put it back cause i'm bad at programmig * format * Fix duplicated if statement maybe? Will need testing * Fail open + change to authData.username * Change name instead of kicking * Format * Remove unecessary borked name check * fail open in VerifyPlayerName if missing authData * Fix convar stuff * limit name length when copying from master server * 63 < 64 * please bob for the love of god this is like the third time i've had to do this
Diffstat (limited to 'NorthstarDedicatedTest/serverauthentication.cpp')
-rw-r--r--NorthstarDedicatedTest/serverauthentication.cpp28
1 files changed, 28 insertions, 0 deletions
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index 44ee97f3..84a2bbeb 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -113,6 +113,9 @@ void ServerAuthenticationManager::StartPlayerAuthServer()
strncpy(newAuthData.uid, request.get_param_value("id").c_str(), sizeof(newAuthData.uid));
newAuthData.uid[sizeof(newAuthData.uid) - 1] = 0;
+ strncpy(newAuthData.username, request.get_param_value("username").c_str(), sizeof(newAuthData.username));
+ newAuthData.username[sizeof(newAuthData.username) - 1] = 0;
+
newAuthData.pdataSize = request.body.size();
newAuthData.pdata = new char[newAuthData.pdataSize];
memcpy(newAuthData.pdata, request.body.c_str(), newAuthData.pdataSize);
@@ -141,6 +144,27 @@ void ServerAuthenticationManager::StopPlayerAuthServer()
m_playerAuthServer.stop();
}
+char* ServerAuthenticationManager::VerifyPlayerName(void* player, char* authToken, char* name)
+{
+ std::lock_guard<std::mutex> guard(m_authDataMutex);
+
+ if (!m_authData.empty() && m_authData.count(std::string(authToken)))
+ {
+ AuthData authData = m_authData[authToken];
+
+ bool nameAccepted = (!*authData.username || !strcmp(name, authData.username));
+
+ if (!nameAccepted && g_MasterServerManager->m_bRequireClientAuth && !CVar_ns_auth_allow_insecure->GetInt())
+ {
+ // limit name length to 64 characters just in case something changes, this technically shouldn't be needed given the master
+ // server gets usernames from origin but we have it just in case
+ strncpy(name, authData.username, 64);
+ name[63] = 0;
+ }
+ }
+ return name;
+}
+
bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid, char* authToken)
{
std::string strUid = std::to_string(uid);
@@ -151,6 +175,7 @@ bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid,
{
// use stored auth data
AuthData authData = m_authData[authToken];
+
if (!strcmp(strUid.c_str(), authData.uid)) // connecting client's uid is the same as auth's uid
{
authFail = false;
@@ -297,6 +322,9 @@ void* CBaseServer__ConnectClientHook(
bool CBaseClient__ConnectHook(void* self, char* name, __int64 netchan_ptr_arg, char b_fake_player_arg, __int64 a5, char* Buffer, void* a7)
{
+ // try changing name before all else
+ name = g_ServerAuthenticationManager->VerifyPlayerName(self, nextPlayerToken, name);
+
// try to auth player, dc if it fails
// we connect irregardless of auth, because returning bad from this function can fuck client state p bad
bool ret = CBaseClient__Connect(self, name, netchan_ptr_arg, b_fake_player_arg, a5, Buffer, a7);