[Freeciv-Dev] Re: connect dialog update
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Sun, 10 Nov 2002, Raimar Falke wrote:
> On Sun, Nov 10, 2002 at 02:09:12PM -0600, Mike Kaufman wrote:
> > here the update on what's happening:
> >
> > Nutshell: the connect dialog is being postponed indefinitely.
> >
> > Longer explanation: I have become convinced for several reasons that the
> > current implementation is not the ideal one. A better implementation is one
> > that I originally started with: that being one in which the server is
> > controlled via network packets rather than sockets and server commandline.
> > This has many advantages:
> > 1. you can resurrect a spawned server if you disconnect the client from it.
> > 2. It is a much cleaner interface.
> > 3. the current implementation depends on some functions that may not be
> > fully
> > portable across platforms.
> > 4. It is semi-difficult to tell if commands have succeeded or not.
> >
> > it also has some disadvantages:
> > 1. It is insecure. You must make sure that whoever has access to hack level
> > is trusted.
>
> > 2. Solving 1. requires either encryption or access to the same filesystem or
> > probably both.
>
> Simple solution mention before: pass a cookie to the server via the
> command line of the server. A connection which also now has this
> cookie get hack level access.
>
Minor modification: pass the cookie through a pipe -- commandline args are
visible to anyone on the same host.
It's not hard to do. Here's a patch that allows you to specify on the
comandline (or through hacklevel access) a password. Any client with the
password can claim hacklevel access with it, but the password is then
de-activated. Note that the password only flows over the network *once*,
so packet sniffers are not a threat.
--- stdinhand.c.orig Mon Nov 11 11:58:58 2002
+++ stdinhand.c Mon Nov 11 10:40:19 2002
@@ -72,6 +72,7 @@
static void fix_command(struct connection *caller, char *str, int
cmd_enum);
+static char hacklevel_password[32]={0};
static const char horiz_line[] =
"------------------------------------------------------------------------------
";
@@ -964,6 +965,9 @@
CMD_CMDLEVEL,
CMD_FIRSTLEVEL,
CMD_TIMEOUT,
+ CMD_SETPASSWORD,
+ CMD_USEPASSWORD,
+
/* potentially harmful: */
CMD_END_GAME,
@@ -1206,6 +1210,24 @@
"to <turn> and multiply <value> by <valuemult>. Use this command
in "
"concert with the option \"timeout\". Defaults are 0 0 0 1")
},
+ {"setpassword", ALLOW_HACK,
+ /* TRANS: translate text between <> only */
+ N_("setpassword <password>"),
+ N_("See \"help setpassword\"."),
+ N_("Set the hacklevel password to be <password> -- any network player
may th
en "
+ "use this password to gain hacklevel access\n"
+ " ** WARNING: there is no encryption! **\n"
+ "This means that if you run this command over a network, the
password mig
ht "
+ "be intercepted by a packet sniffer.")
+ },
+ {"usepassword", ALLOW_INFO,
+ /* TRANS: translate text between <> only */
+ N_("usepassword <password>"),
+ N_("See \"help usepassword\"."),
+ N_("If a hacklevel password has been set for this game, use this
command to
claim "
+ "hacklevel access using the password. It also blanks the password
for se
curity "
+ "reasons. You can restore the password with setpassword.")
+ },
{"endgame", ALLOW_HACK,
"endgame",
N_("End the game."),
@@ -2287,6 +2309,34 @@
}
/**************************************************************************
+ Set hacklevel password.
+**************************************************************************/
+static void setpassword_command(struct connection* caller, char *str)
+{
+ if (strlen(str)>31){
+ cmd_reply(CMD_SETPASSWORD, caller, C_FAIL, _("Password is excessively
long"
));
+ return;
+ }
+ strcpy(hacklevel_password,str);
+ cmd_reply(CMD_SETPASSWORD, caller, C_OK, _("Password set"));
+}
+
+/**************************************************************************
+ Use hacklevel password.
+**************************************************************************/
+static void usepassword_command(struct connection* caller, char *str)
+{
+ if (hacklevel_password[0] && !strcmp(str,hacklevel_password)){
+ caller->access_level=ALLOW_HACK;
+ hacklevel_password[0]=0;
+ cmd_reply(CMD_USEPASSWORD, caller, C_OK, _("You now have hacklevel
access -
- "
+ "hacklevel password is
unset"));
+ }else{
+ cmd_reply(CMD_USEPASSWORD, caller, C_FAIL, _("Wrong password or no
password
set"));
+ }
+}
+
+/**************************************************************************
Find option index by name. Return index (>=0) on success, -1 if no
suitable options were found, -2 if several matches were found.
**************************************************************************/
@@ -3237,6 +3287,12 @@
break;
case CMD_TIMEOUT:
timeout_command(caller, allargs);
+ break;
+ case CMD_SETPASSWORD:
+ setpassword_command(caller,arg);
+ break;
+ case CMD_USEPASSWORD:
+ usepassword_command(caller, arg);
break;
case CMD_START_GAME:
if (server_state==PRE_GAME_STATE) {
That's all it takes. This patch is independant of the main connect dialog
patch, and may have other uses (not that I can think of any offhand).
--Daniel Speyer
If you *don't* consider sharing information to be morally equivalent to
kidnapping and murder on the high seas, you probably shouldn't use the
phrase "software piracy."
> > 3. It probably requires writing a couple new packets which handle
> > command-responses from the server. (we usually need to know that a
> > command
> > has succeeded or failed before sending another command)
>
> A good idea anyway.
>
> Raimar
>
> --
> email: rf13@xxxxxxxxxxxxxxxxx
> "Like the ad says, at 300 dpi you can tell she's wearing a
> swimsuit. At 600 dpi you can tell it's wet. At 1200 dpi you
> can tell it's painted on. I suppose at 2400 dpi you can tell
> if the paint is giving her a rash."
> -- Joshua R. Poulson
>
>
|
|
