Opened 3 years ago

Closed 3 years ago

#5913 closed defect (fixed)

Hide ip and port from users until they want to join, add optional password

Reported by: Stan Owned by: Angen user1
Priority: Release Blocker Milestone: Alpha 24
Component: Multiplayer lobby Keywords:
Cc: user1 Patch: Phab:D3184 Phab:D3473 Phab:D3490

Description (last modified by Stan)

The lobby currently displays the IPs of the users. this should not happen.

Change History (11)

comment:1 by Stan, 3 years ago

Milestone: Alpha 25Alpha 24

comment:2 by Stan, 3 years ago

Owner: set to Angen user1

comment:3 by Silier, 3 years ago

In 24728:

Hide ip and port from users until they want to join, add optional password

Current issue with the lobby, is that we make ips of hosts public for anyone to read. This patch consists of 3 parts. 1.) Removing ips and ports from lobby javascript 2.) Removing need of script on the server to attach public ips to game stanza by asking the host using xmppclient as proxy. 3.) Implementing password protected matches, to deny this information to not trusted players.

Further description: Do not send ports and stunip to the bots.

Removed from stanza. Do not send ip to the lobby.

Removed from mapping gamelist from backend to gui (still on the backend side, because it is done by script on 0ad server). Get ip and ports on request when trying to connect.

On the host side, ask stun server what is host's public ip and remember it. On the client side, send iq through xmppclient to the hosting player and ask for ip, port and if Stun is used, then if answer is success, continue

with connecting, else fail. Add optional password for matches.

Add password required identifier to the stanza. Allow host to setup password for the match. Hash it on the host side and store inside Netserver. If no password is given, matches will behave as it is not required. On the client side, if password for the match is required, show additional window before trying to connect and ask for password, then hash it and send with iq request for ip, port and stun. Server will answer with ip, port and stun only if passwords matches, else will asnwer with error string. Some security: Passwords are hashed before sending, so it is not easy to guess what users typed. (per wraitii) Hashes are using different salt as lobby hashing and not using usernames as salt (as that is not doable), so they are different even typing the same password as for the lobby account. Client remembers which user was asked for connection data and iq's id of request. If answer doesn't match these things, it is ignored. (thnx user1) Every request for connection data is logged with hostname of the requester to the mainlog file (no ips). If user gets iq to send connection data and is not hosting the match, will respond with error string "not_server". If server gets iq::result with connection data, request is ignored.

Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby

comment:4 by Silier, 3 years ago

now we need to get rid of the script, that adds ips to stanza

comment:5 by Stan, 3 years ago

Resolution: fixed
Status: newclosed

In r24733:

Fix incorrect user identifier used in r24728

iq uses lowercased version of user name, but patch was saving raw one. Found by: @Freagarach

comment:6 by wraitii, 3 years ago

In 24775:

Net Server: Verify password in Authenticate

Follows rP24728.
Validate the password when a client joins a game, so even a player that knows the connection data cannot join.

Refs #3556, Refs #5913

Differential Revision:

comment:7 by Silier, 3 years ago

Resolution: fixed
Status: closedreopened

we need to remove scripts from svn

comment:8 by Stan, 3 years ago

Patch: Phab:D3184Phab:D3184 Phab:D3473

comment:9 by Stan, 3 years ago

Description: modified (diff)
Patch: Phab:D3184 Phab:D3473Phab:D3184 Phab:D3473 Phab:D3490

comment:10 by wraitii, 3 years ago

In 24858:

Get the public IP from the lobby if not using STUN.

Follow-up to rP24728. This makes it again possible to host without STUN via the lobby.
The lobby bot will answer the host "Register" command with the external IP. This is only sent to the host, avoiding IP leakage.

There is a small window in which a client might try to join and the public IP isn't up, and the request goes through, but that seems rather unlikely to be a problem in practice.

Refs #5913

Differential Revision:

comment:11 by wraitii, 3 years ago

Resolution: fixed
Status: reopenedclosed

Closing again - the above revisions closed up remaining issues.

Note: See TracTickets for help on using tickets.