From 6d2ffb4c637a49983bc6ce22b68ccec0ed09e0f4 Mon Sep 17 00:00:00 2001 From: Tim Angus Date: Sat, 3 Oct 2009 15:17:16 +0000 Subject: * Merge ioq3-r1637 --- src/server/sv_client.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) (limited to 'src/server/sv_client.c') diff --git a/src/server/sv_client.c b/src/server/sv_client.c index 4b7b3bb6..4449f1c8 100644 --- a/src/server/sv_client.c +++ b/src/server/sv_client.c @@ -42,12 +42,21 @@ to be sent to the authorize server. When an authorizeip is returned, a challenge response will be sent to that ip. + +ioquake3: we added a possibility for clients to add a challenge +to their packets, to make it more difficult for malicious servers +to hi-jack client connections. +Also, the auth stuff is completely disabled for com_standalone games +as well as IPv6 connections, since there is no way to use the +v4-only auth server for these new types of connections. ================= */ -void SV_GetChallenge( netadr_t from ) { +void SV_GetChallenge(netadr_t from) +{ int i; int oldest; int oldestTime; + const char *clientChallenge = Cmd_Argv(1); challenge_t *challenge; oldest = 0; @@ -65,21 +74,24 @@ void SV_GetChallenge( netadr_t from ) { } } - if (i == MAX_CHALLENGES) { + if (i == MAX_CHALLENGES) + { // this is the first time this client has asked for a challenge challenge = &svs.challenges[oldest]; - challenge->challenge = ( (rand() << 16) ^ rand() ) ^ svs.time; + challenge->clientChallenge = 0; challenge->adr = from; challenge->firstTime = svs.time; challenge->time = svs.time; challenge->connected = qfalse; - i = oldest; } // send the challengeResponse challenge->pingTime = svs.time; NET_OutOfBandPrint( NS_SERVER, from, "challengeResponse %i", challenge->challenge ); + + challenge->pingTime = svs.time; + NET_OutOfBandPrint( NS_SERVER, challenge->adr, "challengeResponse %i %s", challenge->challenge, clientChallenge); } /* @@ -339,7 +351,7 @@ void SV_DropClient( client_t *drop, const char *reason ) { for (i = 0 ; i < MAX_CHALLENGES ; i++, challenge++) { if ( NET_CompareAdr( drop->netchan.remoteAddress, challenge->adr ) ) { - challenge->connected = qfalse; + Com_Memset(challenge, 0, sizeof(*challenge)); break; } } @@ -350,7 +362,6 @@ void SV_DropClient( client_t *drop, const char *reason ) { // tell everyone why they got dropped SV_SendServerCommand( NULL, "print \"%s" S_COLOR_WHITE " %s\n\"", drop->name, reason ); - if (drop->download) { FS_FCloseFile( drop->download ); drop->download = 0; @@ -394,7 +405,7 @@ It will be resent if the client acknowledges a later message but has the wrong gamestate. ================ */ -void SV_SendClientGameState( client_t *client ) { +static void SV_SendClientGameState( client_t *client ) { int start; entityState_t *base, nullstate; msg_t msg; @@ -531,7 +542,7 @@ SV_StopDownload_f Abort a download if in progress ================== */ -void SV_StopDownload_f( client_t *cl ) { +static void SV_StopDownload_f( client_t *cl ) { if (*cl->downloadName) Com_DPrintf( "clientDownload: %d : file \"%s\" aborted\n", (int) (cl - svs.clients), cl->downloadName ); @@ -545,7 +556,7 @@ SV_DoneDownload_f Downloads are finished ================== */ -void SV_DoneDownload_f( client_t *cl ) { +static void SV_DoneDownload_f( client_t *cl ) { Com_DPrintf( "clientDownload: %s Done\n", cl->name); // resend the game state to update any clients that entered during the download SV_SendClientGameState(cl); @@ -559,7 +570,7 @@ The argument will be the last acknowledged block from the client, it should be the same as cl->downloadClientBlock ================== */ -void SV_NextDownload_f( client_t *cl ) +static void SV_NextDownload_f( client_t *cl ) { int block = atoi( Cmd_Argv(1) ); @@ -588,7 +599,7 @@ void SV_NextDownload_f( client_t *cl ) SV_BeginDownload_f ================== */ -void SV_BeginDownload_f( client_t *cl ) { +static void SV_BeginDownload_f( client_t *cl ) { // Kill any existing download SV_CloseDownload( cl ); -- cgit