BaseJKA Security Fix

Miscellaneous programs and scripts, opensource or not, and sometimes, random mathematical stuff.
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Version 1.0e out.

If there is a next one, it will probably take another name, since the "comfort" code is beginning to outweigh the "security fix" code.

Unless of course someone submits a real security threat to my attention, ie. something a tad more specific than the usual "ohh I am a 1337 haXX0rz and I crash Ur serv under various sets of conditions" bullsh!t. #end rant.

__________________

I have in mind to write an admin mod, based on 1.0e, with the following features:

:y

-> Infinite number of admin "ranks" (permission sets) [as opposed to having just instructor, knight, council etc]

-> Infinite number of admins [as opposed to mixing admins and admin ranks... here each admin would log as themselves, and use the permissions assigned to them, as opposed to use the pass of a rank.]

-> Every connected player has the permission mask "user", which can be set however the server's admin sees fit. Which means everyone can have access to a subset of the available commands (such as /list and other inoffensive but convenient ones)

-> The server admin can create his set of "macros", aka admin functions which support argument parsing. The created macros can be dealt with individually when creating permission masks.

-> local admins can use defined vstr, and pass arguments to them.

:n

-> Since I don't like reinventing the wheel, I won't redo most of the admin gimmicks used and abused of in about every single mod out there. Unless someone gives me code for that.

-> The learning curve of the system will be a wee bit steeper than for most admin systems out there. (which is the price of being more flexible). It will involve using a program similar to my script generators (tele and map cycles)
______________________

However, I do wonder whether the world really needs YAJAM (Yet Another JKA Admin Mod) at this point. Especially since I do not really play the game anymore.

So it is not clear in my mind yet if I shall work on that or not.

edit: Since I don't really play JKA anymore, and have many other projects, I won't be working on that.
Last edited by Gamall on Fri May 11, 2007 1:16 pm, edited 1 time in total.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Post by cybermaniac »

plz can u increase the size of the banlist?


apparantly if you have more than 20 IP bans on the system, the server can crash......


maybe adjust that to maybe 2000?
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Yep, that's a bug I read about.

I would have though the limit was around 60 though...

A way around that is to not use g_banips anymore, and use a text file instead.

I'll probably do that in 1.0f.

Meanwhile, just take it easy on the bans ;) There is no point in storing dynamic ips in the banlist forever anyway...
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Post by cybermaniac »

Gamall wrote:Yep, that's a bug I read about.

I would have though the limit was around 60 though...

A way around that is to not use g_banips anymore, and use a text file instead.

I'll probably do that in 1.0f.

Meanwhile, just take it easy on the bans ;) There is no point in storing dynamic ips in the banlist forever anyway...
i was thinking more about the autoban feature of the fix....if that were to ban too many people, or if a person kept reconnecting to get a new IP address to spambot the server........i'm sure you see what im saying.
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Yep. That's why you can deactivate the auto-ban.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
Maikoru
Jedi Perpétuellement Affamé
Posts: 485
Joined: Sun Aug 27, 2006 11:15 pm

Post by Maikoru »

Yop,
Tu pourrais rajouter le fix pour les véhicules ?
"..." -- Link
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Déjà fait dans 1.0e
Gamall wrote:-> While I was at it, I have also doubled the number of vehicles supported by the server so as to avoid crashes on vehicle maps.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Post by John Preston »

Its amazing, but i have three needful suggestions:
1. Disable auto-help info on client-side. Its spam thing, displayed every time in duel gametype after each round. ;(
Also, change cmds: /h and /list to /showhelp and /showlist. More differ from default JA cmds and looking pretty :super
2. Change gamename from basejka: Gamall's Fix v1.0e to just basejka
It will be more good, because its realy basejka with fixes and servers on this "mod" can be found with "Jedi Academy only" filter (its blocking non-basejka servers).
3. Fix nicknames with two * symbols:
for example: **Spamzor
If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Hi, thanks for the feedback :)
John Preston wrote: 1. Disable auto-help info on client-side. Its spam thing, displayed every time in duel gametype after each round. ;(
Ooops. I'll fix that :livre

I can easily make it so it is only displayed the very first time a client is connected to the server. In fact, it should have been that way right from the start, but I forgot :banghead

As for the names, I prefer them shorter and really easy to type.
John Preston wrote: 2. Change gamename from basejka: Gamall's Fix v1.0e to just basejka
It will be more good, because its realy basejka with fixes and servers on this "mod" can be found with "Jedi Academy only" filter (its blocking non-basejka servers).
Hum... servers with this mod can be found with the "Jedi Academy" filter in JKA itself: I just checked: the serv in the screen is one of mine, and runs v1.0e:
Image
3. Fix nicknames with two * symbols:
for example: **Spamzor
If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.
:Oo Hoho! That's a nice one :) I have no idea what's causing it, but I'll look into that. A quick work around if the cause is not in jampgame is to simply filter that pattern and turn it into something else.




I'll deal with points 1. (first part) and 3. and release 1.0f during the summer (should take 5 minutes). (don't expect me to be lightning-fast though, I have exams and such at the moment.)
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Post by John Preston »

As for the names, I prefer them shorter and really easy to type.
But its not comfortable to use other cmds (same first letter) with tab.
Hum... servers with this mod can be found with the "Jedi Academy" filter in JKA itself: I just checked
Strange... My Duel server (win OS) is not displayed. Check on win it please :|
Hoho! That's a nice one I have no idea what's causing it, but I'll look into that. A quick work around if the cause is not in jampgame is to simply filter that pattern and turn it into something else.

I'll deal with points 1. (first part) and 3. and release 1.0f during the summer (should take 5 minutes). (don't expect me to be lightning-fast though, I have exams and such at the moment.)
Yep yep, i have a lot of time to wait :D
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

But its not comfortable to use other cmds (same first letter) with tab.
Tab completion belongs entirely to the client side, which is both a curse (I can't have autocompletion for my commands unless I make and enforce a client-side plugin) and a blessing: my extra-short commands can't interfere with auto-completion.

Strange... My Duel server (win OS) is not displayed. Check on win it please :|
Is it a dedicated server ? (as opposed to hosted on your PC) If it is, give me the IP, I'll check if it appears in my list. If not, it may be hidden by your router, independantly of the mod.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Post by Gamall »

Since it was so easy (exactly 3 lines of code to add ;) ) I made the 1.0f version:

But I won't bother to build a Linux version, update the readme, update the package etc etc, unless an army comes knocking onto my door demanding it :livre . (It takes more time to wrap everything up than it took to actually fix the things...)

Here is the Windows pk3 for version 1.0f.

Changelog 1.0e to 1.0f:

-> The help page is now automatically displayed only on the very first connection.

-> Names such as "**Spamzor" are automatically converted to "* Spamzor", so the display bug cannot be exploited anymore.
Attachments
basejka_Gamalls_fix_10f.pk3
(584.46 KiB) Downloaded 898 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
Tyleor
Posts: 15
Joined: Wed May 23, 2007 7:41 pm

Re:

Post by Tyleor »

John Preston wrote:If someone set this name, his messages are displayed both in chatbox and in broadcast line. You can test it yourself.
Je ne sais pas si ça va aider de quelque manière que ce soit, mais j'avais déjà vu ça : une membre RDH dont les messages apparaissaient à la fois dans la zone habituelle et en console... la seule différence qu'elle avait avec les autres joueurs c'est qu'elle jouait sous Mac :huh:
mais je vois pas trop le rapport ^^
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

J'ai déjà résolu ce bug, Tyléor ;)
Gamall wrote: Names such as "**Spamzor" are automatically converted to "* Spamzor", so the display bug cannot be exploited anymore.
Heu... à moins que tu ne veuilles dire que ça s'est produit avec qqn qui n'avait PAS de "**" au début de son nom ?
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
Tyleor
Posts: 15
Joined: Wed May 23, 2007 7:41 pm

Re: BaseJKA Security Fix

Post by Tyleor »

Oui il me semble :huh: c'est vieux
Post Reply

Who is online

Users browsing this forum: No registered users and 350 guests