| View previous topic :: View next topic |
| Author |
Message |
virusman
Joined: 30 Jan 2005
Posts: 1020
Location: Russia
|
 Posted: Thu Jul 23, 2009 22:43 Post subject: |
 |
|
| I think we should discuss this when and if the Master Server will be taken down. A viable solution with infrastructure can be set up in less than a month, and if EA/Bioware is going to make that decision, I think we'll have enough time to develop this solution. |
|
| Back to top |
|
 |
Asparius
Joined: 18 Sep 2007
Posts: 52
|
| Posted: Fri Jul 24, 2009 0:35 Post subject: |
|
|
With all due respect - I disagree.
Master Server is down quite often and when it is down, practically nothing prevents people from getting onto others people accounts (unless login during master server down is disallowed - in this case nobody can login and server is empty).
An open door for malicious people.
I had other solutions (typing a password on client enter for players (using SetCommandable to disable actions) , for DMs- special items in inventory), but those protections are still very weak. |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Fri Jul 24, 2009 15:30 Post subject: |
|
|
| Zebranky wrote: | You're just saying this because all of BioWare's systems were down last night.  |
Actually, Bioware's Net presence has been very unstable for the past week. Most of the outages have occurred during business hours so they were addressed within an hour so not terribly remarkable. The overnight outage was painful since it hit during our primetime and took several hours to get corrected. I'm impressed that they got to it before start of business the next day, but by that time most of the US gave up for the night.
| Quote: | Point taken. There are still difficult decisions to be made about how the infrastructure is implemented. Where and how is the community master server database stored? Is it monolithic or does each server/server group have to run their own? How do new users get added to it? How does it handle CD key validation? And so on...
Not insurmountable by any means, but they're things that should be addressed before tackling implementation. |
You're overscoping the request. I just care about the hooks. The consumers of that information are completely external. |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Fri Jul 24, 2009 17:02 Post subject: |
|
|
continuation...
I do see the need for PW's to be able to perform their own player authentications via overriding the single server password with a player specific one.
I just don't see the need for a centralized alternate MS specifically when I'd much prefer to build and maintain an infrastructure independent of any such 3rd party. If anybody can offer a reason why the alternate is necessary to me then I'm willing to reconsider. The arguments must be backed by fact and detail. Specifically telling me that it covers an exploit without explaining that exploit is not good enough.
The only value I see added by the Master Server is that the keys used are recognized by Bioware as paid for (in theory). Eventually (in my experience) it gets too expensive for those inclined to misbehave to acquire a new set of keys.
There's a lot that I despise about the MS: Obviously the outages, but also the Big Brother aspect. I tolerate those because the stick associated with the keys is the best tool I have. It isn't the only tool however, so if that tool becomes worthless, then I don't give a flying fig about key validity.
Please do not make hook development depend on the existence of an alternative central MS (or at least its design). You're just blocking me for no real benefit. |
|
| Back to top |
|
|
Zebranky
Joined: 04 Jun 2006
Posts: 415
|
| Posted: Sat Jul 25, 2009 1:21 Post subject: |
|
|
I should have asked "Is there a replacement master server at all?" as the first question. You're right, a per-player server password would solve that for most purposes (apart from a slight delay while the client and server each try to contact the MS and time out). I had forgotten where we were originally going with this thread.
What kind of interface would you want from the hooks? Launch a script and expose NWNX methods to get player name, check password against hash provided, and accept or reject the credentials?
_________________
Win32 SVN builds: http://www.mercuric.net/nwn/nwnx/
<Fluffy-Kooshy> NWNx plugin is to this as nuclear warheads are to getting rid of fire ants.
<ThriWork> whenever I hear nwn extender, I think what does NWN need a penis extender for? |
|
| Back to top |
|
|
Disco
Joined: 06 Dec 2006
Posts: 152
|
| Posted: Thu Aug 27, 2009 12:11 Post subject: |
|
|
| We got rid of master server authentication months ago and implemented our own protection with scripts. I didn't hear about any abuse so far and we're having quite a few players. |
|
| Back to top |
|
|
maddogfargo
Joined: 03 Nov 2009
Posts: 49
|
| Posted: Mon Dec 21, 2009 23:34 Post subject: |
|
|
My question then...without going into details about the aforementioned vulnerabilities...what is a recommended best practice for capturing & validating authentication information?
With a database it's easy enough to track if a particular account and key combination has ever logged into your server before. With a sim-tools like tool and setting non-commandable you could capture a password for setting and authentication. Or maybe you could use the journal notes to type in a password which would then be deleted from the journal post authentication?
Has anyone posted a good system to do this on the vault? Or perhaps it is already included with an existing system and I'm overlooking that?
_________________
* illegible scribble * |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Tue Dec 22, 2009 7:26 Post subject: |
|
|
As discussed earlier in this thread, cd keys are better than nothing but not infallible. You want a system that prompts the user to pick a password on enter, and asks for it before it allows them to do anything. We do this, though the passwords are optional for non-dms. They're stored in encrypted form in our database, thanks to code by acaos. Here's a chunk of code from our cliententer, though it's obviously far from complete:
| Code: |
/* password check */
object oMod = GetModule();
nPerm = 0;
if (GetPCIPAddress(oPC) != GetLocalString(oPC, "FKY_CHAT_PASSWORD_IP")) {
if (VerifyDMCDKey(sKey) || VerifyAdminCDKey(sKey)) {
nPerm = 1;
} else {
SQLExecDirect("SELECT COUNT(*) FROM user_passwords WHERE up_cdkey = '" + sKey + "'");
if (SQLFetch() == SQL_SUCCESS && StringToInt(SQLGetData(1)) > 0)
nPerm = 1;
}
}
if (nPerm) {
if (nPerm) {
if (GetLocalString(oMod, "FKY_CHAT_PASSWORD_IP_" + sKey) == sAddr) {
nPerm = 0;
SetLocalString(oPC, "FKY_CHAT_PASSWORD_IP", sAddr);
}
}
if (nPerm && GetLocalString(oPC, "FKY_CHAT_PASSWORD_IP") == "") {
SQLExecDirect("SELECT val FROM pwdata WHERE player = '~' AND tag = 'MODULE' " +
"and name = 'FKY_CHAT_PASSWORD_STATICIP_" + sKey + "'");
if (SQLFetch() != SQL_ERROR && SQLGetData(1) == sAddr) {
nPerm = 0;
SetLocalString(oPC, "FKY_CHAT_PASSWORD_IP", sAddr);
}
}
if (nPerm) {
SetLocalString(oPC, "FKY_CHAT_PASSWORD_IP", "CHECK");
AssignCommand(GenCreator(), ApplyPasswordHold(oPC));
object oMessenger = GetMessenger();
DelayCommand(2.0, SendChatLogMessage(oPC, COLOR_RED +
"You must speak your password before you can continue." + COLOR_END, oMessenger));
DelayCommand(2.0, FloatingTextStringOnCreature(COLOR_RED +
"You must speak your password before you can continue." + COLOR_END, oPC, FALSE));
}
} else {
DeleteLocalString(oPC, "FKY_CHAT_PASSWORD_IP");
RemoveEffectsFromSpell(HGEFFECT_ANTIEXPLOIT_PASSWORD, oPC);
}
|
Here's the SIMTools !password command we use to allow them to set it - code, like the above, is acaos'.
| Code: |
} else if (GetStringLeft(sCText, 8) == "password") {
DeleteLocalString(oCPC, "FKY_CHAT_LOCAL_CTEXT");
string sPass = GetSubString(GetLocalString(oCPC, "FKY_CHAT_LOCAL_CUPPER"), 9, 100);
if (sPass != "" && GetSubString(sCText, 8, 1) != " ") {
SetLocalString(oCPC, "FKY_CHAT_LOCAL_CTEXT", sCText);
} else if (sPass == "-") {
if (VerifyDMKey(oCPC) || VerifyAdminKey(oCPC)) {
FloatingTextStringOnCreature(COLOR_RED + "You must have a password as a DM." + COLOR_END, oCPC, FALSE);
} else {
SQLExecStatement("DELETE FROM user_passwords WHERE up_cdkey = ?", GetPCPublicCDKey(oCPC));
FloatingTextStringOnCreature(COLOR_ORANGE + "Your password was erased." + COLOR_END, oCPC, FALSE);
}
} else if (sPass != "" && sPass == GetLocalString(oCPC, "FKY_CHAT_PASSWORD_CONFIRM")) {
DeleteLocalString(oCPC, "FKY_CHAT_PASSWORD_CONFIRM");
string sKey = GetPCPublicCDKey(oCPC);
SQLExecStatement("REPLACE INTO user_passwords VALUES (?, OLD_PASSWORD(?))", sKey, sPass);
SQLExecStatement("SELECT COUNT(*) FROM user_passwords WHERE up_cdkey = ? AND up_password = OLD_PASSWORD(?)",
sKey, sPass);
if (SQLFetch() != SQL_SUCCESS || StringToInt(SQLGetData(1)) < 1) {
SQLExecStatement("DELETE FROM user_passwords WHERE up_cdkey = ?", sKey);
FloatingTextStringOnCreature(COLOR_RED + "Your password was unable to be set. Please try again or contact a DM." + COLOR_END, oCPC, FALSE);
return;
} else {
FloatingTextStringOnCreature(COLOR_GREEN + "Your password has been set." + COLOR_END, oCPC, FALSE);
return;
}
} else {
if (GetStringLength(sPass) < 6 || GetStringLength(sPass) > 64) {
FloatingTextStringOnCreature(COLOR_RED + "Your password must be between 6 and 64 characters long." + COLOR_END, oCPC, FALSE);
return;
}
if (!ValidatePassword(sPass)) {
FloatingTextStringOnCreature(COLOR_RED + "Your password can only consist of the characters " +
"A-Z, a-z, 0-9, -, _, and space. Set your password to '-' (without " +
"quotes) to clear it." + COLOR_END, oCPC, FALSE);
return;
}
FloatingTextStringOnCreature(COLOR_ORANGE + "Please enter the !password command a second time to confirm your password." + COLOR_END, oCPC, FALSE);
SetLocalString(oCPC, "FKY_CHAT_PASSWORD_CONFIRM", sPass);
}
}
break;
|
Obviously that isn't all the code, but that should be enough to get you started. The table used is simple:
| Code: |
mysql> describe user_passwords;
+-------------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+-------------+------+-----+---------+-------+
| up_cdkey | varchar(16) | NO | PRI | NULL | |
| up_password | varchar(16) | NO | | NULL | |
+-------------+-------------+------+-----+---------+-------+
2 rows in set (0.00 sec)
|
Funky |
|
| Back to top |
|
|
maddogfargo
Joined: 03 Nov 2009
Posts: 49
|
| Posted: Tue Dec 22, 2009 20:58 Post subject: |
|
|
Thanks Funky, that does give me some good ideas.
I'm curious, what is the purpose behind looking at the IP in the beginning? I can think of several possibilities, and was just wondering.
_________________
* illegible scribble * |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Fri Jan 08, 2010 21:59 Post subject: |
|
|
| Zebranky wrote: | | What kind of interface would you want from the hooks? Launch a script and expose NWNX methods to get player name, check password against hash provided, and accept or reject the credentials? |
Not sure why I didn't reply to this...
Calling a script would be great if that won't break stuff.
I'd like access to the player id and all the keys.
An auth function like bool auth(string clear_pass) is fine.
If at all possible, I'd like the reject mechanism to pass back a tlk table reference like the Custom Boot message extension does.
My use cases:
- Optionally ignore password if player-id,ip,cdkeys have already matched
- Prevent all logins until the server has stabilized.
- Prevent logins of banned players.
- The use of temporary passwords for inter-server portalling and vaultster transfers. |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Thu Feb 25, 2010 21:53 Post subject: |
|
|
| *bump* 'cause the MS flaked out again |
|
| Back to top |
|
|
drake127
Joined: 26 Jan 2010
Posts: 28
|
| Posted: Mon Mar 01, 2010 21:19 Post subject: |
|
|
| I created replacement for master server but it is not ready for public release yet (and certainly won't be for few weeks) and it for the time being it heavily relies on iptables. I am also concerned about licensing issues so there may not be public release at all. So this post is just to say that this topic is not dead. |
|
| Back to top |
|
|
Sethan
Joined: 04 Oct 2008
Posts: 47
|
| Posted: Fri Apr 23, 2010 1:26 Post subject: |
|
|
| PlasmaJohn wrote: | | *bump* 'cause the MS flaked out again |
Last 5 hours or so, today, too. |
|
| Back to top |
|
|
drake127
Joined: 26 Jan 2010
Posts: 28
|
| Posted: Fri Apr 08, 2011 4:24 Post subject: |
|
|
Well, I managed to take a time and pack source together. It still needs some work but I like the way it is going.
Look at https://redmine.drake127.net/, not much there as I am still testing project environment but could be nice preview for those interested.
Basically, it is complete implementation of a master auth server with currently only basic functionality (always authenticate, always reject, use BioWare server) but I plan to use SQL to work with custom authentications tables (given you know private CD keys and/or player password). The ultimate goal is to provide application that can work on localhost and suits admin's needs or in nested chain with other master servers (including BioWare's).
I would probably like to hear some opinions on topic, particulary whether is it appropriate not to consider CD key authentication results and whether to release information how to fix an authentication exploit (and therefore disclose details of such exploit). |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Wed May 04, 2011 21:26 Post subject: |
|
|
| CD key verification is pretty much useless. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
