diff options
author | Barnaby <22575741+barnabwhy@users.noreply.github.com> | 2022-03-11 03:23:24 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-11 03:23:24 +0000 |
commit | 897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76 (patch) | |
tree | f96c5390bc8861e9088711f5bf9912b822dc7db1 /NorthstarDedicatedTest/serverauthentication.cpp | |
parent | 9837c1f79a01fa200f0991ebf3c05e5954199d3e (diff) | |
download | NorthstarLauncher-897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76.tar.gz NorthstarLauncher-897eaa0761e1acaf7c9181f5a18d6b34ce6e2c76.zip |
Add check for player name correctness (#86)
* Add player auth failure when username is faked
* Fix the action error?
* Split name check into different function
allows unique error message
* Oops
* Fix allow_insecure and kick message
* Put it back cause i'm bad at programmig
* format
* Fix duplicated if statement maybe? Will need testing
* Fail open + change to authData.username
* Change name instead of kicking
* Format
* Remove unecessary borked name check
* fail open in VerifyPlayerName if missing authData
* Fix convar stuff
* limit name length when copying from master server
* 63 < 64
* please bob for the love of god this is like the third time i've had to do this
Diffstat (limited to 'NorthstarDedicatedTest/serverauthentication.cpp')
-rw-r--r-- | NorthstarDedicatedTest/serverauthentication.cpp | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp index 44ee97f3..84a2bbeb 100644 --- a/NorthstarDedicatedTest/serverauthentication.cpp +++ b/NorthstarDedicatedTest/serverauthentication.cpp @@ -113,6 +113,9 @@ void ServerAuthenticationManager::StartPlayerAuthServer() strncpy(newAuthData.uid, request.get_param_value("id").c_str(), sizeof(newAuthData.uid)); newAuthData.uid[sizeof(newAuthData.uid) - 1] = 0; + strncpy(newAuthData.username, request.get_param_value("username").c_str(), sizeof(newAuthData.username)); + newAuthData.username[sizeof(newAuthData.username) - 1] = 0; + newAuthData.pdataSize = request.body.size(); newAuthData.pdata = new char[newAuthData.pdataSize]; memcpy(newAuthData.pdata, request.body.c_str(), newAuthData.pdataSize); @@ -141,6 +144,27 @@ void ServerAuthenticationManager::StopPlayerAuthServer() m_playerAuthServer.stop(); } +char* ServerAuthenticationManager::VerifyPlayerName(void* player, char* authToken, char* name) +{ + std::lock_guard<std::mutex> guard(m_authDataMutex); + + if (!m_authData.empty() && m_authData.count(std::string(authToken))) + { + AuthData authData = m_authData[authToken]; + + bool nameAccepted = (!*authData.username || !strcmp(name, authData.username)); + + if (!nameAccepted && g_MasterServerManager->m_bRequireClientAuth && !CVar_ns_auth_allow_insecure->GetInt()) + { + // limit name length to 64 characters just in case something changes, this technically shouldn't be needed given the master + // server gets usernames from origin but we have it just in case + strncpy(name, authData.username, 64); + name[63] = 0; + } + } + return name; +} + bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid, char* authToken) { std::string strUid = std::to_string(uid); @@ -151,6 +175,7 @@ bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid, { // use stored auth data AuthData authData = m_authData[authToken]; + if (!strcmp(strUid.c_str(), authData.uid)) // connecting client's uid is the same as auth's uid { authFail = false; @@ -297,6 +322,9 @@ void* CBaseServer__ConnectClientHook( bool CBaseClient__ConnectHook(void* self, char* name, __int64 netchan_ptr_arg, char b_fake_player_arg, __int64 a5, char* Buffer, void* a7) { + // try changing name before all else + name = g_ServerAuthenticationManager->VerifyPlayerName(self, nextPlayerToken, name); + // try to auth player, dc if it fails // we connect irregardless of auth, because returning bad from this function can fuck client state p bad bool ret = CBaseClient__Connect(self, name, netchan_ptr_arg, b_fake_player_arg, a5, Buffer, a7); |