[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string

["Ed Overton" <edoverton@xxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

> [vasc - Tue Jan 11 03:09:16 2005]:
> 
> On Sun, 9 Jan 2005, Ed Overton wrote:

> > In case A or in case B, the server could have a command line option
> > that would enable the hack elevation.  Without the option, no hack
> > elevation would be granted.  Server invocations from the client
> > would need to enable the option.
> 
> Indeed. We also considered this. Our remaining question is if these
> arguments will show up in the process list information via UNIX "ps"
> or not.

Yes, the command line options would be viewable (at least on linux via
the -w flag).  However, I was thinking that the option would merely
indicate if the elevation would be enabled - not that the command line
option would pass a key value.  The filesystem (and environment variable
validation) would still be the authentication method used when the
elevation was enabled.

> Mind you, the idea of saving settings at the user "Application Data"
> directory is still interesting, because it will have a per user
> savedgame directory and per-user client settings, etc. So I still
> think that should be done, even if we change the authentication
> protocol.

I think the Application Data change is good, too.  I'm new here and
don't know protocol - should that be split into a separate ticket?  If
not, should the patch be separate from the other work in this ticket?  I
haven't got my build environment quite right yet for the win32 client,
so there's likely someone better able to work / test that one.

> > In case A, an environment variable could be used to indicate
> > whether the server was invoked from the given client.  The
> > client, prior to invoking the server, would create a random
> > string.  The client would encrypt that string and store the
> > encrypted version in an environment variable.  The client
> > would invoke the server.  The hack elevation request would
> > include the unencrypted version of the string, and the server
> > would then encrypt that and compare the value to the one from
> > the environment variable.
> 
> The environment variable option seems *very* interesting and we didn't
> remember of that before IIRC. It would be worthwhile to pursue that.

> Just use the current code for generating the key. Don't worry about
> encryption for now. Currently Freeciv doesn't use encryption for
> anything, even when the client sends a user password, so...

I'll take a crack at it in the next day or two.  My intent is to add the
environment variable check to the existing filesystem check.

Thanks,
Ed