Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2003:
[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: undisclosed-recipients: ;
Subject: [Freeciv-Dev] Re: client/server authentication (PR#1767)
From: "Mike Kaufman" <kaufman@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 27 May 2003 21:04:09 -0700
Reply-to: rt@xxxxxxxxxxxxxx

On Tue, May 27, 2003 at 01:36:56PM -0700, ChrisK@xxxxxxxx wrote:

heh, auth6q.diff at your service.

> After sending the password, there is a delay of 1-2 seconds before it get
> accepted (local). Is this necessary?

yes. unless we set a delay for the first request, password cracking is
fast. local users shouldn't worry about it since they won't be using auth.
(thx for testing anyway).
> During this delay, it is easy, to send the password twice. Maybe you can
> deactivate the next button until the server responds?

yes I can. done.
> When I send the password twice like this, I got rejected with "wrong
> password", even if the password is correct. The server complains:
> 1: chris's sending bad auth packets

the server message for bad auth packets is now LOG_VEROSE and now says
'unrequested auth packets'.
> When a client is rejected because of wrong password, the server says (first)
> 2: Connection request from chris from localhost
> 2: c4 has client version 1.14.1-devel
> but, after the reject, says nothing, so you do not know that the client is
> gone.

the console now gets a "Client rejected:" message if the client is rejected

> With wrong password the dialog says: "Your password is incorrect. Try again"
> A better feedback was if there is the number of tries included e.g. (2/4)

the desensitization of the next button should go a long way toward
alleviating this, so I didn't do anything here. I could have the client
blank the message line when sending, but...

> Finally, I was lying. I can crash the client when I connect in the startup
> phase of the server, when it is busy loading a savegame, with the well-known
> assert:
> 1: Unexpected buffers in try_to_connect()
> 1: last message repeated 2 times
> 1: last message repeated 2 times (total 4 repeats)
> 1: last message repeated 4 times (total 8 repeats)
> civclient: clinet.c:320: input_from_server: Assertion `fd ==
> aconnection.sock' failed.
> Abgebrochen (core dumped)
> I also managed to get the client stuck (disconnected) with the enter
> password dialog, whatever I enter or send, nothing happens, until I quit.

is this a result of hitting the next button rapidly? Can you reproduce it
with the new patch?


Attachment: auth6q.diff.bz2
Description: auth6q.diff.bz2

[Prev in Thread] Current Thread [Next in Thread]