BaseJKA Security Fix

Miscellaneous programs and scripts, opensource or not, and sometimes, random mathematical stuff.
User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

BaseJKA Security Fix

Postby Gamall » Mon Mar 26, 2007 3:08 pm

FINAL OPEN-SOURCE VERSION

-> Download:

Note: Update to version 1.1a available -> here.
Adds fix for forcestring crash.

BaseJKA_Gamall_Fix_1.1.zip
CURRENT VERSION
(3.12 MiB) Downloaded 1015 times

-> See on Filefront

Code: Select all

*****************************************************************
**                  JEDI KNIGHT: Jedi Academy                  **
*****************************************************************
 
  #-----------------------------------------------------------# 
  #           TITLE : BaseJKA Security Fix + SOURCE           # 
  #                       VERSION : 1.1                       # 
  #               AUTHOR : Gamall Wednesday Ida               # 
  #               E-MAIL : gamall.ida@gmail.com               # 
  #              WEBSITE : http://gamall-ida.com              # 
  #                                                           # 
  #       FILENAME Windows : basejka_Gamalls_fix_11.pk3       # 
  #             FILENAME Linux : jampgamei386.so              # 
  #                     FILESIZE : ~ 4 Mo                     # 
  #               DATE RELEASED : October 2007                # 
  #-----------------------------------------------------------# 
 
 
 
+   INSTALLATION INSTRUCTIONS:                                   
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 Just  put  the  relevant  file  in  your  server's base folder.
 
 
+   DESCRIPTION                                                 
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 (version  1.0e,  see  below  for  changelog   to   final   1.1)
 
 This  patch (technically it is a mod, so do not expect it to be
 compatible with JA+ or anything else) corrects the three Denial
 of Service vulnerabilities I am aware of affecting basejka, and
 makes the logs more useful to  an  experienced  admin,  without
 attempting  to alter the gameplay or admin etc in any way. Some
 random fixes and features were also added  at  the  request  of
 users.                                                         
 
 IMPORTANT:  My  patch only affects the component "jampgame". In
 order to completely protect a  server,  you  must  also  use  a
 patched  "jampded". Here is one link to ready to use jampdeds :
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          http://jediknight2.filefront.com/file/
          UNOFFICIAL_Patch_for_JA_101_Dedicated_Servers;41652
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 Note that it seems that Windows servers are still vulnerable to
 targeted attacks on jampded. I won't say more since this is out
 of the scope of this mod.                                       
 
 
+   CHANGELOG v1.0e -> v1.1                                     
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 > The help page is now automatically displayed only on the very
 first connection,  as  opposed  to  connections  when  you  are
 carried over from a previous map, or at the end of a duel turn.
 
 >  Names  such as "**Spamzor" are automatically converted to "*
 Spamzor", so a display bug, causing  chat  lines  from  such  a
 player  to  be  displayed  in  both the chat box and the server
 broadcast line, cannot be exploited anymore.                   
 
 > Fixed a false positive in my bot detection scheme: bots  were
 detected  as  a  fake player attack ; although this had no real
 consequence,  it  was  a  source  of  confusion  in  the  logs.
 
 >  Logs  now  differentiate connections from bots and from real
 players.                                                       
 
 > Messages from the dedicated server have  been  made  slightly
 more  visible:  the  tag  is now [SERVER], with colors. I would
 have liked to do the same with the /svsay command, but it can't
 be altered, as  it  is  hard  coded  into  jampded  instead  of
 jampgame. Go figure...                                         
 
 >  The IP is now logged each time somebody changes their names.
 
 > Added the /(t)ime client command, displaying the  local  time
 of the server:                                                 
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          ]\time
          # Server time:
          Sun Sep 09 13:37:03 2007
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 >  Added  cvar ga_doNotAllowDualKataSpin, default 0, preventing
 anyone in a dual kata from spinning like  a  madman.  (slightly
 buggy,  as  the  screen seems to vibrate when moving the mouse,
 but it works.)                                                 
 
 > Added cvar ga_nameLengthLimit: names will be truncated not to
 exceed that length. Note that color escape sequences,  such  as
 ^1, are not counted.                                           
 
 >  Some ga_* cvars are now marked as serverinfo (external tools
 can read them).                                                 
 
 > Added the /info client command and ga_serverInfo cvar.  /info
 displays the contents of the cvar. Admins can put rules, etc in
 there, and any player can read it anytime.                     
 
 >  Anti  model/color change spam/lag: any player can now freely
 change their info only 50 times per map (unless they  reconnect
 of  course).  After  that,  they  need  to  wait for three full
 seconds between each change. This should not inconvenience  any
 legitimate player, and protects everyone on the server from the
 lag which can be created by fast and furious sustained userinfo
 change.                                                         
 
 >  Added  another  log  file,  ga_ConnectLog.txt, listing every
 connection and full userinfo, and nothing but  that,  which  is
 now created by the server: for instance                         
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          [Sun Sep 16 20:23:02 2007] [========================== SERVER START ==========================]
          
          [Sun Sep 16 20:23:11 2007] Connect :: name(num) = [^5G^7amall ^5W^7ednesday ^5I^7da]( 2) :: ip = [     127.0.0.1] :: userinfo = [COMPLETE USERINFO STRING LOGGED HERE]
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 > The logs now use real time:                                   
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          [Sun Sep 16 20:24:03 2007]  Kill: 2 1 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Desann by MOD_SABER
          [Sun Sep 16 20:24:07 2007]  say: (1)Desann: Impressive, most impressive... but you are not a Jedi yet!
          [Sun Sep 16 20:24:11 2007]  Kill: 2 4 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Imperial Saboteur by MOD_SABER
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 
+   SUMMARY OF THE CHANGES in v1.0e:                             
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 
   -   Client disconnect buffer overflow: fixed                 
   -   trap_SendServerCommand().                                 
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    The  possibility to cause a DoS disconnecting all clients by
    sending overlong strings  to  the  server  has  been  fixed.
    Incorrect commands are just ignored.                         
 
 
   -   Ingame buffer overflow (say/tell): fixed Cmd_Say_f()     
   -   and Cmd_Tell_f().                                         
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    The  possibility to crash the server by using say or tell to
    pass overlong  strings  to  the  server  has  been  removed.
    Incorrect  calls  are  truncated  to  a decent length (150).
 
 
   -   Fake Players Attack: heavily secured, customisable       
   -   ClientConnect().                                         
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    The possibility to lag and even crash the server by  sending
    a  great  number  of  fake  connection request using a third
    party program such as q3fill has been removed. See below for
    more information.                                           
 
 
   -   Improvement of the log file/server messages.             
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    Each time a client connects, the complete userinfo string is
    logged, even is the connection is denied. This includes  the
    IP,   port,  qport,  name  of  the  client  and  much  more.
 
    If the connection is denied, a  message  explaining  why  is
    displayed by the server, and relevant information is written
    down  in the log file. Since those messages could be used to
    spam the screen in case of a fake players attack, and in the
    case you just  don't  want  to  know  about  that,  you  can
    deactivate  the  public messages : just set those cvars to 0
    (default = 1):                                               
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          ga_showBadPassClient | 0 or 1 :
             -> display a message when a client connects with a bad password.
       
          ga_showBannedClient  | 0 or 1 :
             -> display a message when a banned client connects.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    The "Infostring length exceeded" console error  message  has
    been  made  a tad more explicit. I noticed a bug which would
    cause it to be sent each frame. It is hard to debug  if  you
    don't know what caused it ;)                                 
 
    Each time a user changes name, it is written down in the log
    file.                                                       
 
    When   a   client   disconnects,   their   name  is  logged.
 
    Each time a client says/tells something, their client number
    is logged along with their name.                             
 
 
   -   Random unimportant fixes/improvements.                   
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    The annoying timelimit when changing name  has  been  dulled
    down from five seconds to 0.7 second.                       
 
    The  ^0 (black) colour now works properly. If you don't want
    to see black in names, you can deactivate  this  by  setting
    the following cvar to 0:                                     
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
       ga_allowBlackInNames
         | 0 or 1 (default = 1)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    When a player's name is incorrect, it is set to "Padawan" in
    basejka,  which  is  annoying,  since  you  end up with many
    "Padawan"s. You can now decide what it will be, and  if  you
    so  choose,  you can add the player's client number to their
    name by typing "%i" in the name.                             
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
       ga_defaultName
         | (default = "^4P^7adawan ^5(^7%i^5)")
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    For instance, with the default setting, the client 9 will be
    renamed to "Padawan  (9)".  Note  that  I  put  many  spaces
    between  the  name and number: normal players can't use more
    than three spaces in a  row,  so  nobody  will  be  able  to
    imitate  the  default  name with the number of someone else,
    and trick you  in  kicking  that  other  player  instead  of
    them...                                                     
 
    If  you  don't  like  that,  you  can just change it back to
    "Padawan".                                                   
 
    Insignificant names, such as "Padawan", can be black-listed,
    which will result in them  being  replaced  by  the  default
    name.                                                       
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
       ga_nameBlackList
         | default =  "Padawan;otherunacceptablename"
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    Note  that  the  black  list  is  case insensitive, and that
    spaces, underscores and dashes are ignored. So  do  not  put
    any "_" etc in ga_nameBlackList.                             
 
    Admins  can  now  close  the server and display a message to
    connecting clients explaining  why  the  server  is  closed,
    instead of putting a password.                               
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
       ga_closeServer     
         | 0 or 1 or 2
       ga_closedServerMsg;   
         | default = "^1The server is closed at the moment\n^2Please come back later"
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    As you have undoubtedly noticed, you can use colors and line
    breaks  in  the  message.  Try  and  keep  it  short though.
 
    If ga_closeServer is set to 0, the server  is  open  (normal
    behaviour).  If  set to 1, the server is closed, and you are
    notified each time somebody connects to the server.  If  set
    to  2,  the  server  is closed, and you won't be notified of
    connecting clients.                                         
 
    Every client can use the /list (or /l) function,  displaying
    information  on  the  connected  clients, which is useful in
    order to know who is who. (the  server  status  function  is
    useless  as  it  doesn't  always  yield  the  correct client
    number...)                                                   
 
    There is also the /help (/h)  command,  displaying  a  small
    help text.                                                   
 
 
+   PROTECTION AGAINST THE FAKE PLAYERS :                       
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 There are three different protections against the q3fill attack
 :  When  a  client connects, three protection layers activate :
 
 
   -   Clever Fake Detection                                     
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    The connection string is checked for a value specific to JKA
    players, of which the bots are devoid by default. If no such
    value is found, then the connection is denied,  and  the  IP
    can be automatically added to the banlist.                   
 
    This   aspect   is  controlled  by  the  following  cvars  :
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          ga_cleverFakeDetection | default = "model"
          ga_cleverfakeAutoBan   | default = "1"
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    This first protection alone will get rid of 99.99 %  of  all
    attacks.                                                     
 
    If  the  attacker knows what he is doing, he can easily fool
    that by altering the attack. Most script-kiddies do not have
    that kind of know-how though.                               
 
    You    can    deactivate    this    feature    by    setting
    ga_cleverFakeDetection "none".                               
 
 
   -   Hard-Coded Fake Detection                                 
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    Check  for a value specific to bots, that does not appear in
    legitimate players. This is a viewpoint  completely  opposed
    to  the  first  layer,  but  works  exactly  the  same  way.
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          ga_hardFakeDetection | default = "cl_guid"
          ga_hardFakeAutoBan   | default = "1"
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    To fool this  layer  is  tricky,  as  the  target  value  is
    hard-coded  into  q3fill.  The  attacker would need to alter
    q3fill's source code in an appropriate way without  breaking
    anything  and  recompile it... definitely not something your
    average dumb server crasher can do :D                       
 
    You    can    deactivate    this    feature    by    setting
    ga_hardFakeDetection "none".                                 
 
 
   -   Connect Flood Detection                                   
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    If  the  two  first  layers  fail (or are deactivated), then
    there is no way to tell a genuine player and a bot apart. So
    we must detect them by the speed at which they connect  from
    the same IP.                                                 
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          ga_sameIpNumber
            | default = "5"
          ga_sameIpTime
            | default = "30"
          ga_sameIpAutoBan
            | default = "1"
          ga_sameIpAutoKick
            | default = "1"
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
    With  the  default  settings,  the connection of more than 5
    players from the same ip in less than  30  seconds  will  be
    deemed  a fake players attack. As usual, the connection will
    be denied, and the  IP  can  be  banned,  depending  on  the
    admin's  choice.  The  bots that got in can also been kicked
    automatically.                                               
 
    Setting ga_sameIpNumber to  0  will  deactivate  this  third
    layer.                                                       
 
    NOTE: Be very careful when playing with ga_hardFakeDetection
    and  ga_cleverFakeDetection.  Putting incorrect values there
    may prevent ANY player from entering the  game,  or  in  the
    best  case  scenario  render  the  protection  useless.  The
    default values are good. Don't alter them  unless  you  know
    what you are doing.                                         
 
 
+   TECHNICALITIES:                                             
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 This  patch  has  been  compiled  with the following compilers:
 
 
   -   On Windows:                                               
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    Visual C++ 2005 (8);                                         
                                                                 
    It is the same compiler Raven Software used to  compile  the
    original jampgame (albeit they used version 7), and the very
    same  compilation  parameters.  So there is NO reason at all
    that the  damages/blocks  should  be  altered  in  any  way.
 
 
   -   On Linux:                                                 
   -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~o          -
 
    GCC   2.96   on  a  Red  Hat  Linux  release  7.2  (Enigma);
                                                                 
    GCC is a very good compiler, but Raven used ICC, which is  a
    commercial  product  I  don't  have. So the damages might in
    theory be slightly altered, although I personally can't tell
    the difference.                                             
                                                                 
    This would come from  the  way  each  compiler  handles  the
    computation of float variables.                             
 
 
+   SOURCE CODE:                                                 
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 I  won't  be  working  on that mod anymore, unless a 'real' (as
 opposed to 'alleged', you know ;)  )  unless  a  real  security
 exploit  is  brought  to  my  attention,  so I chose to make it
 completely open-source, under the GPL. That way anyone can  add
 or  remove features as they please, or use some of my tricks in
 their own mod if they want to.                                 
 
 A copy of the source code has been shipped with  this  package.
 My  modifications to raven's source code are released under the
 GNU General Public License (GPL), which  means  (roughly)  that
 you  are  free  to  use  the code as you please, so long as you
 release your own work under the GPL.                           
 
 A copy of the GPL has been shipped with this package. You  must
 read  and  understand  it if you intend to use the source code.
 
 In addition, I would appreciate it if anyone using any part  of
 my  code  took  the time to post a link to their own project on
 the fix's thread:                                               
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          http://gamall-ida.com/f/viewtopic.php?f=3&t=120
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 
+   CONTACT / SUPPORT                                           
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 If you need help or have suggestions, comments, insults, praise
 or in general, anything to say  about  this  program  that  you
 expect  me  to read and answer to, please post on the program's
 topic on my website:                                           
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
          http://gamall-ida.com/f/viewtopic.php?f=3&t=120
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
 
 
+   CREDITS:                                                     
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 Kudos to Trimbo for his linux-ready version of the vanilla SDK.
 
 Warm regards to Luigi Auriemma for his work on JKA and  the  q3
 engine.                                                         
 
 THIS  MODIFICATION  IS  NOT  MADE, DISTRIBUTED, OR SUPPORTED BY
 ACTIVISION, RAVEN,  OR  LUCASARTS  ENTERTAINMENT  COMPANY  LLC.
 ELEMENTS TM & © LUCASARTS ENTERTAINMENT COMPANY LLC AND/OR ITS
 LICENSORS.                                                     
 




























  +-----------------------------+
  | File generated with 'GaTeX',|
  | an ASCII typesetting system |
  | by  Gamall  Wednesday  Ida. |
  |   http://gamall-ida.com     |
  +-----------------------------+
  Build: Sun Oct 21 12:32:47 2007
  File : f:readme.GaTeX.source
Attachments
basejka_Gamalls_fix_10e.zip
OUTDATED VERSION
(1.33 MiB) Downloaded 729 times
Last edited by Gamall on Fri Apr 13, 2007 7:01 pm, edited 15 times in total.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Postby cybermaniac » Tue Apr 10, 2007 12:12 am

admin enhancements.


as per our chat on the email, i had the idea of (much like JA+) to add a "anti multiple padawan" protection.


of course, this would be a 0 or 1 setting in your config, but the gist is this:


imagine a typical server:


PADAWAN
PADAWAN
REAL USER
PADAWAN
REAL USER
PADAWAN
REAL USER
REAL USER
REAL USER


one of the padawans is being a twat, he's erm...........lets say laming the scepter.


who do you kick?!

if you have rcon access, you could cross reference padawan with ping vs score and do it that way (tedious, but doable).

however......what happens.......if you dont?



you fumble around in vote, hope its the right padawan, and pray as you click "vote kick".


to be perfectly honest, many people do not care if they get renamed to padawan (number)



so here is my solution (using same scenario):



PADAWAN (1) (would require 3 spaces as per blankname protection)
PADAWAN (4)
REAL USER
PADAWAN (2)
REAL USER
PADAWAN (3)
REAL USER
REAL USER
REAL USER


this might be a fix you might have to work on a while, mainly because its got to work when:

a) a person JOINS as a padawan
b) a person RENAMES as a padawan
c) a person renames/joins as blank and is renamed by server.




also, maybe might be useful to have "same name protection", very useful as part of an anti-laming protection "suite".



My server is available for certain types of testing, and is one of the 3 most popular siege servers in JKA base.
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Tue Apr 10, 2007 12:52 am

Working on a names "blacklist" cvar.

Just put meaningless names such as "Padawan" in it, and it will be dealt with as an "empty" name.

this might be a fix you might have to work on a while, mainly because its got to work when:

a) a person JOINS as a padawan
b) a person RENAMES as a padawan
c) a person renames/joins as blank and is renamed by server.


Technically, there is a bottleneck in the code, so this is all the same thing ;)

also, maybe might be useful to have "same name protection", very useful as part of an anti-laming protection "suite".


Knowing who is who is always best. I'll probably implement that as well. (but maybe later)


Nota:

These features are on the very edge of being "admin" features, rather than security fixes.

However, in my experience clever hooligans use uncertainty with names to get other people kicked (especially admins ;) ), so I shall consider the possibility of having non-significant names a security issue (albeit fairly minor) and incorporate these fixes in version 1.0e.


-> While I was at it, I have also doubled the number of vehicles supported by the server so as to avoid crashes on vehicle maps.

-> I also have much real life work to do, but I think it will be done in about a week.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Tue Apr 10, 2007 8:46 pm

-> blacklist : done :y

-> added client-side command (everybody on the serv can use it) for listing players ingame (since serverstatus doesn't yield the right client numbers ;) ) cf screen.
Attachments
console.JPG
console.JPG (87.66 KiB) Viewed 22456 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Postby cybermaniac » Tue Apr 10, 2007 10:26 pm

oooooh.

good work m8
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Tue Apr 10, 2007 10:32 pm

Thanks :)

I've also added some other things. I have yet to test, compile for both win and lux, write the doc etc. So let us say I'll release it next weekend.

PS : What does "m8" mean ?
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Postby cybermaniac » Tue Apr 10, 2007 10:34 pm

Gamall wrote:Thanks :)

I've also added some other things. I have yet to test, compile for both win and lux, write the doc etc. So let us say I'll release it next weekend.

PS : What does "m8" mean ?


m8 means mate = meight = mate :P


if u want me to test it on my server, i'm all up for it
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Tue Apr 10, 2007 10:43 pm

cybermaniac wrote:if u want me to test it on my server, i'm all up for it


Thanks, but I have my own servers, both under Win and Lux, to beta-test my mods :)

This being said, you'll have the next version from that site long before I submit anything else to jk3 files, so this might be considered "testing" :P

edit: cleaned posts so as to remain on-topic :livre
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Wed Apr 11, 2007 8:49 am

Test linux serveur set :

213.251.186.99:29070 Dragon's Lair Base

running 1.0e-dev

-> type /h for help
-> /list for the player list. (I'll probably make that more tidy ;) )
-> name blacklist = padawan; other_unacceptable_name (case & space insensitive, so Padawan = "padawan"="P A D a w A N" etc...
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Wed Apr 11, 2007 1:58 pm

Better looking users list (it was really ugly ;) )
Attachments
new_list.JPG
new_list.JPG (26.4 KiB) Viewed 22462 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Maikoru
Jedi Perpétuellement Affamé
Posts: 480
Joined: Sun Aug 27, 2006 11:15 pm

Postby Maikoru » Wed Apr 11, 2007 2:45 pm

Hey ! C'est pas mal ton truc :)

Quand est-ce que tu le mets en ligne ?
"..." -- Link

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Wed Apr 11, 2007 3:34 pm

Gamall wrote:-> I also have much real life work to do, but I think it will be done in about a week.


:P

Sinon, une version pas très à jour tourne sur Dragon's Lair.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Wed Apr 11, 2007 6:15 pm

Bad news. I just wanted to do a quick compile for linux, and I realized the .so has become corrupted under linux. It still works flawlessly under windows, but I've got a biiig Sys_Error: Sys_LoadDll(jampgame) failed dlopen() completely! under linux.

It compiles though. Worst thing is that I've changed nothing essential between now and the last time I did a linux comp....

Since I don't have a clue what causes this strange error, it may take a very long time before I sort things out.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Wed Apr 11, 2007 6:31 pm

I have a rough idea where the problem is, so I am confident I can overcome this problem quickly.

I don't have time to go any further today though.

Meanwhile, the test server is back to 1.0e, but neither /n nor /l work (that is where the problem lies ;) ). The name blacklist is still functional though...
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4126
Joined: Fri May 26, 2006 11:09 pm
Contact:

Postby Gamall » Fri Apr 13, 2007 1:41 pm

Found the bug:

Code: Select all

strcpy_s(buff, length, text);


gcc doesn't like that.... 8|

replaced by

Code: Select all

Q_strncpyz(buff, text, length);


And everything works fine.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }


Return to “Freewares, game mods, Java, C++, OCaml & Maths”

Who is online

Users browsing this forum: No registered users and 13 guests