Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2005:
[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition t
Home

[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition t

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Subject: [Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string
From: "Ed Overton" <edoverton@xxxxxxxxxx>
Date: Fri, 7 Jan 2005 17:59:34 -0800
Reply-to: bugs@xxxxxxxxxxx

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

The current hack request method essentially boils down to ensuring that
the server and client can both use the same file on the same host.  That
process hits possible trouble on Windows (and perhaps in some situations
on other platforms - I don't know).  On Windows, the directory chosen
for the hack request file can resolve to the current directory.  When
user A is running the server and user B is running a client, both can be
running in the same current directory (where the civserver and civclient
are installed).  In that case, user B's client is granted hack access to
user A's server when the common directory is writable.

This patch simply adds a userid (user_username) check to the hack
request process.  I hope I got everything right;  this is my first patch
submission.  Apologies if I missed something.

Ed
diff -ur -Xfreeciv/diff_ignore freeciv/client/connectdlg_common.c 
freeciv_mod/client/connectdlg_common.c
--- freeciv/client/connectdlg_common.c  2004-12-03 19:29:37.000000000 -0500
+++ freeciv_mod/client/connectdlg_common.c      2005-01-07 20:17:35.605875000 
-0500
@@ -408,8 +408,9 @@
 send the client a filename in the packet_join_game_reply packet.
 
 this function creates the file with a suitably random string in it 
-and then sends the string to the server. If the server can open
-and read the string, then the client is given hack access.
+and with the client's userid.  It then sends the string to the
+server.  If the server can open the file, validate the userid,
+and read the random string, then the client is given hack access.
 *****************************************************************/ 
 void send_client_wants_hack(const char *filename)
 {
@@ -432,7 +433,8 @@
     randomize_string(req.token, sizeof(req.token));
 
     section_file_init(&file);
-    secfile_insert_str(&file, req.token, "challenge.token");
+    secfile_insert_str(&file, req.token,       "challenge.token");
+    secfile_insert_str(&file, user_username(), "challenge.userid");
     if (!section_file_save(&file, challenge_fullname, 0)) {
       freelog(LOG_ERROR, "Couldn't write token to temporary file: %s",
              challenge_fullname);
diff -ur -Xfreeciv/diff_ignore freeciv/server/gamehand.c 
freeciv_mod/server/gamehand.c
--- freeciv/server/gamehand.c   2004-12-19 11:47:10.000000000 -0500
+++ freeciv_mod/server/gamehand.c       2005-01-07 20:18:54.543375000 -0500
@@ -448,20 +448,23 @@
 
 
 /************************************************************************** 
-opens a file specified by the packet and compares the packet values with
-the file values. Sends an answer to the client once it's done.
+opens a file specified by the packet and compares the packet and userid
+values with the file values. Sends an answer to the client once it's done.
 **************************************************************************/
 void handle_single_want_hack_req(struct connection *pc,
                                 const struct packet_single_want_hack_req
                                 *packet)
 {
   struct section_file file;
-  char *token = NULL;
+  char *token  = NULL;
+  char *userid = NULL;
   bool you_have_hack = FALSE;
 
   if (section_file_load_nodup(&file, get_challenge_fullname(pc))) {
-    token = secfile_lookup_str_default(&file, NULL, "challenge.token");
-    you_have_hack = (token && strcmp(token, packet->token) == 0);
+    token  = secfile_lookup_str_default(&file, NULL, "challenge.token");
+    userid = secfile_lookup_str_default(&file, NULL, "challenge.userid");
+    you_have_hack = (   (token  && strcmp(token,  packet->token)   == 0)
+                     && (userid && strcmp(userid, user_username()) == 0));
     section_file_free(&file);
   }
 

[Prev in Thread] Current Thread [Next in Thread]
  • [Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string, Ed Overton <=