BaseJKA Security Fix

[Gamall]

Version 1.0e out.

If there is a next one, it will probably take another name, since the "comfort" code is beginning to outweigh the "security fix" code.

Unless of course someone submits a real security threat to my attention, ie. something a tad more specific than the usual "ohh I am a 1337 haXX0rz and I crash Ur serv under various sets of conditions" bullsh!t. #end rant.

__________________

I have in mind to write an admin mod, based on 1.0e, with the following features:



Infinite number of admin "ranks" (permission sets) [as opposed to having just instructor, knight, council etc]

Infinite number of admins [as opposed to mixing admins and admin ranks... here each admin would log as themselves, and use the permissions assigned to them, as opposed to use the pass of a rank.]

Every connected player has the permission mask "user", which can be set however the server's admin sees fit. Which means everyone can have access to a subset of the available commands (such as /list and other inoffensive but convenient ones)

The server admin can create his set of "macros", aka admin functions which support argument parsing. The created macros can be dealt with individually when creating permission masks.

local admins can use defined vstr, and pass arguments to them.



Since I don't like reinventing the wheel, I won't redo most of the admin gimmicks used and abused of in about every single mod out there. Unless someone gives me code for that.

The learning curve of the system will be a wee bit steeper than for most admin systems out there. (which is the price of being more flexible). It will involve using a program similar to my script generators (tele and map cycles)
______________________

However, I do wonder whether the world really needs YAJAM (Yet Another JKA Admin Mod) at this point. Especially since I do not really play the game anymore.

So it is not clear in my mind yet if I shall work on that or not.

edit: Since I don't really play JKA anymore, and have many other projects, I won't be working on that.

[cybermaniac]

plz can u increase the size of the banlist?


apparantly if you have more than 20 IP bans on the system, the server can crash......


maybe adjust that to maybe 2000?

[Gamall]

Yep, that's a bug I read about.

I would have though the limit was around 60 though...

A way around that is to not use g_banips anymore, and use a text file instead.

I'll probably do that in 1.0f.

Meanwhile, just take it easy on the bans There is no point in storing dynamic ips in the banlist forever anyway...

[cybermaniac]

Yep, that's a bug I read about.

I would have though the limit was around 60 though...

A way around that is to not use g_banips anymore, and use a text file instead.

I'll probably do that in 1.0f.

Meanwhile, just take it easy on the bans There is no point in storing dynamic ips in the banlist forever anyway...

i was thinking more about the autoban feature of the fix....if that were to ban too many people, or if a person kept reconnecting to get a new IP address to spambot the server........i'm sure you see what im saying.

[Gamall]

Yep. That's why you can deactivate the auto-ban.

[Maikoru]

Yop,
Tu pourrais rajouter le fix pour les véhicules ?

[Gamall]

Déjà fait dans 1.0e

While I was at it, I have also doubled the number of vehicles supported by the server so as to avoid crashes on vehicle maps.

[John Preston]

Its amazing, but i have three needful suggestions:
1. Disable auto-help info on client-side. Its spam thing, displayed every time in duel gametype after each round.
Also, change cmds: /h and /list to /showhelp and /showlist. More differ from default JA cmds and looking pretty
2. Change gamename from basejka: Gamall's Fix v1.0e to just basejka
It will be more good, because its realy basejka with fixes and servers on this "mod" can be found with "Jedi Academy only" filter (its blocking non-basejka servers).
3. Fix nicknames with two * symbols:
for example: **Spamzor
If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.

[Gamall]

Hi, thanks for the feedback

1. Disable auto-help info on client-side. Its spam thing, displayed every time in duel gametype after each round.

Ooops. I'll fix that

I can easily make it so it is only displayed the very first time a client is connected to the server. In fact, it should have been that way right from the start, but I forgot

As for the names, I prefer them shorter and really easy to type.

2. Change gamename from basejka: Gamall's Fix v1.0e to just basejka
It will be more good, because its realy basejka with fixes and servers on this "mod" can be found with "Jedi Academy only" filter (its blocking non-basejka servers).

Hum... servers with this mod can be found with the "Jedi Academy" filter in JKA itself: I just checked: the serv in the screen is one of mine, and runs v1.0e:

3. Fix nicknames with two * symbols:
for example: **Spamzor
If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.

Hoho! That's a nice one I have no idea what's causing it, but I'll look into that. A quick work around if the cause is not in jampgame is to simply filter that pattern and turn it into something else.




I'll deal with points 1. (first part) and 3. and release 1.0f during the summer (should take 5 minutes). (don't expect me to be lightning-fast though, I have exams and such at the moment.)

[John Preston]

As for the names, I prefer them shorter and really easy to type.

But its not comfortable to use other cmds (same first letter) with tab.

Hum... servers with this mod can be found with the "Jedi Academy" filter in JKA itself: I just checked

Strange... My Duel server (win OS) is not displayed. Check on win it please :|

Hoho! That's a nice one I have no idea what's causing it, but I'll look into that. A quick work around if the cause is not in jampgame is to simply filter that pattern and turn it into something else.

I'll deal with points 1. (first part) and 3. and release 1.0f during the summer (should take 5 minutes). (don't expect me to be lightning-fast though, I have exams and such at the moment.)

Yep yep, i have a lot of time to wait

[Gamall]

But its not comfortable to use other cmds (same first letter) with tab.

Tab completion belongs entirely to the client side, which is both a curse (I can't have autocompletion for my commands unless I make and enforce a client-side plugin) and a blessing: my extra-short commands can't interfere with auto-completion.

Strange... My Duel server (win OS) is not displayed. Check on win it please :|

Is it a dedicated server ? (as opposed to hosted on your PC) If it is, give me the IP, I'll check if it appears in my list. If not, it may be hidden by your router, independantly of the mod.

[Gamall]

Since it was so easy (exactly 3 lines of code to add ) I made the 1.0f version:

But I won't bother to build a Linux version, update the readme, update the package etc etc, unless an army comes knocking onto my door demanding it . (It takes more time to wrap everything up than it took to actually fix the things...)

Here is the Windows pk3 for version 1.0f.

Changelog 1.0e to 1.0f:

The help page is now automatically displayed only on the very first connection.

Names such as "**Spamzor" are automatically converted to "* Spamzor", so the display bug cannot be exploited anymore.

[Tyleor]

If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.

Je ne sais pas si ça va aider de quelque manière que ce soit, mais j'avais déjà vu ça : une membre RDH dont les messages apparaissaient à la fois dans la zone habituelle et en console... la seule différence qu'elle avait avec les autres joueurs c'est qu'elle jouait sous Mac
mais je vois pas trop le rapport ^^

[Gamall]

J'ai déjà résolu ce bug, Tyléor

Names such as "**Spamzor" are automatically converted to "* Spamzor", so the display bug cannot be exploited anymore.

Heu... à moins que tu ne veuilles dire que ça s'est produit avec qqn qui n'avait PAS de "**" au début de son nom ?

[Tyleor]

Oui il me semble c'est vieux