[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string

["Ed Overton" <edoverton@xxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

> [ednotover - Sun Jan 16 13:56:27 2005]:

> If I don't make headway by late today, I'll just post the patch as is in
> the hopes that someone else can validate when the server invoked by the
> client.

I don't have time to beat on the environment any more today, so I've
attached the proposed patch.  Since it was simple, I went ahead and
added support for a definable maximum number of hack elevations
(MAX_HACK_ELEVATIONS), which I set to 1.

Ed


For the curious, here was my last build failure, based off an autogen.sh
call with --build=i686-pc-mingw32 --enable-client=win32
--with-included-gettext:

gcc  -g -O2 -Wall -Wpointer-arith -Wcast-align -Wmissing-prototypes
-Wmissing-de
clarations  -mno-cygwin -L/usr/more-mingw32/lib -o civserver.exe 
civserver.o ..
/utility/libcivutility.a ../common/libcivcommon.a ../ai/libcivai.a
../utility/li
bcivutility.a ./libcivserver.a ../intl/libintl.a -liconv
../utility/libcivutilit
y.a ../common/libcivcommon.a ../ai/libcivai.a ../utility/libcivutility.a
./libci
vserver.a ../utility/libcivutility.a ../common/aicore/libaicore.a
./generator/li
bgenerator.a userdb/libuserdb.a  -lz  -lwsock32 -liconv
/usr/more-mingw32/lib/libiconv.a(ds00007.o)(.text+0x0): multiple
definition of `
_locale_charset'
../intl/libintl.a(localcharset.o)(.text+0x20):/home/Ed/freeciv/freeciv_cvs/intl/
localcharset.c:206: first defined here
collect2: ld returned 1 exit status
make[3]: *** [civserver.exe] Error 1
make[3]: Leaving directory `/home/Ed/freeciv/freeciv_cvs/server'

diff -ur -Xfreeciv_cvs/diff_ignore freeciv_cvs/client/connectdlg_common.c 
freeciv_mod/client/connectdlg_common.c
--- freeciv_cvs/client/connectdlg_common.c      2005-01-10 22:34:46.277750000 
-0500
+++ freeciv_mod/client/connectdlg_common.c      2005-01-14 18:38:10.703125000 
-0500
@@ -25,6 +25,10 @@
 #include <windows.h>
 #endif
 
+#if defined(HAVE_SETENV) || defined(HAVE_PUTENV)
+#include <stdlib.h>
+#endif
+
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>         /* fchmod */
 #endif
@@ -157,6 +161,21 @@
 {
   client_kill_server();
 }
+
+/*************************************************************************
+  generate a random string.
+*************************************************************************/
+static void randomize_string(char *str, size_t n)
+{
+  const char chars[] =
+    "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  int i;
+
+  for (i = 0; i < n - 1; i++) {
+    str[i] = chars[myrand(sizeof(chars) - 1)];
+  }
+  str[i] = '\0';
+}
                                                                                
 /**************************************************************** 
 forks a server if it can. returns FALSE is we find we couldn't start
@@ -172,6 +191,10 @@
 #else
   char buf[512];
   int connect_tries = 0;
+# if defined(HAVE_SETENV) || defined(HAVE_PUTENV)
+  char envname[MAX_LEN_NAME + 9];
+  char envval[MAX_LEN_NAME];
+# endif
 # ifdef WIN32_NATIVE
   STARTUPINFO si;
   PROCESS_INFORMATION pi;
@@ -196,6 +219,26 @@
 
   append_output_window(_("Starting server..."));
 
+# ifdef HAVE_SETENV
+  my_snprintf(envname, sizeof(envname), HACK_ELEVATION_ENV_VAR);
+  randomize_string(envval, sizeof(envval));
+  /* Really want some sort of encrypted(envval) here */
+  setenv(envname, envval, 1);
+# else
+#  ifdef HAVE_PUTENV
+  randomize_string(envval, sizeof(envval));
+  /* Really want some sort of encrypted(envval) here */
+  my_snprintf(envname
+            , sizeof(envname)
+            , HACK_ELEVATION_ENV_VAR "=%s"
+            , envval
+  );
+  putenv(envname);
+#  else
+  freelog(LOG_DEBUG, "Failed to set hack elevation env. var");
+#  endif
+# endif
+
   /* find a free port */ 
   internal_server_port = find_next_free_port(DEFAULT_SOCK_PORT);
 
@@ -373,21 +416,6 @@
 }
 
 /*************************************************************************
-  generate a random string.
-*************************************************************************/
-static void randomize_string(char *str, size_t n)
-{
-  const char chars[] =
-    "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-  int i;
-
-  for (i = 0; i < n - 1; i++) {
-    str[i] = chars[myrand(sizeof(chars) - 1)];
-  }
-  str[i] = '\0';
-}
-
-/*************************************************************************
   returns TRUE if a filename is safe (i.e. doesn't have path components).
 *************************************************************************/
 static bool is_filename_safe(const char *filename)
@@ -439,6 +467,19 @@
     }
     section_file_free(&file);
 
+#if defined(HAVE_SETENV) || defined(HAVE_PUTENV)
+    if (NULL == getenv(HACK_ELEVATION_ENV_VAR)) {
+      freelog(LOG_DEBUG, "Failed to read hack elevation env. var");
+    } else {
+      my_snprintf(req.envvar
+                , sizeof(req.envvar)
+                , getenv(HACK_ELEVATION_ENV_VAR)
+      );
+    }
+#else
+    req.envvar[0] = '\0';
+#endif
+
     /* tell the server what we put into the file */ 
     send_packet_single_want_hack_req(&aconnection, &req);
   }
diff -ur -Xfreeciv_cvs/diff_ignore freeciv_cvs/common/packets.def 
freeciv_mod/common/packets.def
--- freeciv_cvs/common/packets.def      2005-01-07 19:39:10.824625000 -0500
+++ freeciv_mod/common/packets.def      2005-01-14 12:11:58.203125000 -0500
@@ -1214,6 +1214,7 @@
 *********************************************************/
 PACKET_SINGLE_WANT_HACK_REQ=108;cs,handle-per-conn,no-handle
  STRING token[MAX_LEN_NAME];
+ STRING envvar[MAX_LEN_NAME];
 end
 
 PACKET_SINGLE_WANT_HACK_REPLY=109;sc,dsend
diff -ur -Xfreeciv_cvs/diff_ignore freeciv_cvs/server/gamehand.c 
freeciv_mod/server/gamehand.c
--- freeciv_cvs/server/gamehand.c       2005-01-10 22:35:12.855875000 -0500
+++ freeciv_mod/server/gamehand.c       2005-01-14 18:40:05.734375000 -0500
@@ -39,6 +39,10 @@
 
 #define CHALLENGE_ROOT "challenge"
 
+#ifndef MAX_HACK_ELEVATIONS
+#define MAX_HACK_ELEVATIONS 1       /* Set negative for unlimited */
+#endif
+
 
 /****************************************************************************
   Initialize the game.id variable to a random string of characters.
@@ -459,6 +463,31 @@
   char *token = NULL;
   bool you_have_hack = FALSE;
 
+#if MAX_HACK_ELEVATIONS >= 0
+  static int hack_elevation_count = 0;
+
+  if (hack_elevation_count >= MAX_HACK_ELEVATIONS) {
+    freelog(LOG_DEBUG, "Reached max number of hack elevations");
+    dsend_packet_single_want_hack_reply(pc, you_have_hack);
+    return;
+  }
+#endif
+
+#if defined(HAVE_SETENV) || defined(HAVE_PUTENV)
+  if (NULL != getenv(HACK_ELEVATION_ENV_VAR)) {
+    /* Really want some sort of encrypted(packet->envvar) here */
+    if (strcmp(packet->envvar, getenv(HACK_ELEVATION_ENV_VAR)) != 0) {
+      freelog(LOG_DEBUG, "Hack elevation env. variable disagreement");
+      dsend_packet_single_want_hack_reply(pc, you_have_hack);
+      return;
+    }
+  } else {
+    freelog(LOG_DEBUG, "Could not read hack elevation env. var.");
+    dsend_packet_single_want_hack_reply(pc, you_have_hack);
+    return;
+  }
+#endif
+
   if (section_file_load_nodup(&file, get_challenge_fullname(pc))) {
     token = secfile_lookup_str_default(&file, NULL, "challenge.token");
     you_have_hack = (token && strcmp(token, packet->token) == 0);
@@ -471,6 +500,9 @@
 
   if (you_have_hack) {
     pc->access_level = ALLOW_HACK;
+#if MAX_HACK_ELEVATIONS > 0
+    hack_elevation_count++;
+#endif
   }
 
   dsend_packet_single_want_hack_reply(pc, you_have_hack);
diff -ur -Xfreeciv_cvs/diff_ignore freeciv_cvs/utility/shared.h 
freeciv_mod/utility/shared.h
--- freeciv_cvs/utility/shared.h        2004-12-15 04:06:59.000000000 -0500
+++ freeciv_mod/utility/shared.h        2005-01-14 12:54:16.125000000 -0500
@@ -75,6 +75,8 @@
 #define MAX_VET_LEVELS 10
 #define MAX_LEN_PATH 4095
 
+#define HACK_ELEVATION_ENV_VAR "CIVHCKEY"
+
 /* Use FC_INFINITY to denote that a certain event will never occur or
    another unreachable condition. */
 #define FC_INFINITY            (1000 * 1000 * 1000)