search

Cube-Space / geSuit

Plugin suite for BungeeCord
5 stars 8 forks source link

Console !ban writes UUID to wrong record #36

Closed TheLecturer closed 10 years ago

TheLecturer commented 10 years ago

Issuing a ban from the BungeeCord console writes UUID to wrong record.

16:43:36 [INFO] Loaded plugin geSuit version 0.7.7b-62 by geNAZt

Note the UUID of our victim, Rakaron.

mysql> select * from players where playername='rakaron';
+------------+----------------------------------+---------------------+---------------+------+
| playername | uuid                             | lastonline          | ipaddress     | tps  |
+------------+----------------------------------+---------------------+---------------+------+
| Rakaron    | 2ad67911d26a4c23a2c6408b56eba6c0 | 2013-12-29 11:08:26 | 87.114.100.51 |    1 |
+------------+----------------------------------+---------------------+---------------+------+
1 row in set (0.00 sec)

Note the UUID of the 1st entry in the bans table.

mysql> select * from bans;
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
| id  | banned_playername | banned_uuid                      | banned_ip | banned_by        | reason                                                        | type    | banned_on           | banned_until        |
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
|   1 | shane_mcl         | 616aaf72b27c49cebe0a535e93476fec | NULL      | TheLecturer      | Inappropriate language                                        | ban     | 2013-11-26 00:00:00 | NULL                |

Issue the console ban of Rakaron (not online).

>!ban rakaron
17:02:12 [INFO] Created new sql connection!
17:02:12 [INFO] Player is unknown. Banning by name and maybe by UUID.
17:02:13 [INFO] rakaron has been banned for: Breaking server rules, by CONSOLE

Rakaron's UUID has overwritten the UUID of the 1st entry of the bans table, and NULL been entered against Rakaron's UUID.

mysql> select * from bans;
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
| id  | banned_playername | banned_uuid                      | banned_ip | banned_by        | reason                                                        | type    | banned_on           | banned_until        |
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
|   1 | shane_mcl         | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | TheLecturer      | Inappropriate language                                        | ban     | 2013-11-26 00:00:00 | NULL                |
...
| 481 | rakaron           | NULL                             | NULL      | CONSOLE          | Breaking server rules                                         | ban     | 2014-04-09 17:02:12 | NULL                |
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
481 rows in set (0.01 sec)

It is now impossible to unban Rakaron. The unban command appears to work, but Rakaron's UUID is still in the 'bans' table, in record 1. Also I presume in theory this means "shane_mcl" is no longer banned, as his UUID has been wiped from the 'bans' table.

TheLecturer commented 10 years ago

In another test -

  1. Rakaron online.
  2. Issue a console ban from one of the MC Servers (simulating an automatically triggered ban from PwnFilter on that server).
  3. Rakaron banned correctly, SQL all looks good.
  4. Rakaron now offline and cannot join the server.
  5. Issue a "!unban rakaron" from the BungeeCord console.
  6. It reports success, but has written Rakaron's UUID into row 1 of the bans table again. It has changed the "type" field to "unban" on Rakaron's row (and UUID stays intact), but he is still banned as his UUID has been copied to row 1, where type still = 'ban'.
geNAZt commented 10 years ago

Does banning unbanning from mc work correct ? Am 09.04.2014 19:35 schrieb "TheLecturer" notifications@github.com:

In another test -

  1. Rakaron online.
  2. Issue a console ban from one of the MC Servers (simulating an automatically triggered ban from PwnFilter on that server).
  3. Rakaron banned correctly, SQL all looks good.
  4. Rakaron now offline and cannot join the server.
  5. Issue a "!unban rakaron" from the BungeeCord console.
  6. It reports success, but has written Rakaron's UUID into row 1 of the bans table again. It has changed the "type" field to "unban" on Rakaron's row (and UUID stays intact), but he is still banned as his UUID has been copied to row 1, where type still = 'ban'.

Reply to this email directly or view it on GitHubhttps://github.com/Cube-Space/geSuit/issues/36#issuecomment-39992989 .

TheLecturer commented 10 years ago

Yes, tested that already but didn't specifically capture the output. Didn't notice any problems though. Think it is just the console related bans/unbans.

TheLecturer commented 10 years ago

Of course, this is no worse than BungeeBans, which NEVER worked for console-issued bans, but I figured you'd like to know.

TheLecturer commented 10 years ago

Versions

23:18:13 [INFO] Enabled BungeeCord version git:BungeeCord-Bootstrap:1.7-SNAPSHOT:"153bca0":883
...
23:18:13 [INFO] Loaded plugin geSuit version 0.8.0b-66 by geNAZt

Conditions pre-test. I manually update the "banned_uuid" field on row #1 to the below for clarity.

mysql> select * from bans;
+-----+-------------------+----------------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
|   1 | shane_mcl         | This UUID is going to get over-written | NULL      | TheLecturer      | Inappropriate language                                        | ban     | 2013-11-26 00:00:00 | NULL                |
...
| 482 | rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0       | NULL      | CONSOLE          | auto ban test                                                 | unban   | 2014-04-09 18:27:16 | NULL                |
| 483 | Rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0       | NULL      | CONSOLE          | swearing                                                      | unban   | 2014-04-10 23:10:38 | NULL                |
| 484 | Rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0       | NULL      | CONSOLE          | swearing                                                      | unban   | 2014-04-10 23:19:26 | NULL                |
+-----+-------------------+----------------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+

Now ban Rakaron from the console of one of the MC servers.

>list
[23:30:20 INFO]: CONSOLE issued server command: /list 
[23:30:20 INFO]: There are 1 out of maximum 40 players online.
[23:30:20 INFO]: Players: Rakaron
>ban Rakaron swearing
[23:31:24 INFO]: Rakaron lost connection: Disconnected
[23:31:24 INFO]: Rakaron left the game.

Now re-check database -

+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
| id  | banned_playername | banned_uuid                      | banned_ip | banned_by        | reason                                                        | type    | banned_on           | banned_until        |
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+
|   1 | shane_mcl         | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | TheLecturer      | Inappropriate language                                        | ban     | 2013-11-26 00:00:00 | NULL                |
...
| 482 | rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | CONSOLE          | auto ban test                                                 | unban   | 2014-04-09 18:27:16 | NULL                |
| 483 | Rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | CONSOLE          | swearing                                                      | unban   | 2014-04-10 23:10:38 | NULL                |
| 484 | Rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | CONSOLE          | swearing                                                      | unban   | 2014-04-10 23:19:26 | NULL                |
| 485 | Rakaron           | 2ad67911d26a4c23a2c6408b56eba6c0 | NULL      | CONSOLE          | swearing                                                      | ban     | 2014-04-10 23:31:23 | NULL                |
+-----+-------------------+----------------------------------+-----------+------------------+---------------------------------------------------------------+---------+---------------------+---------------------+

Row #1 has inherited Rakaron's UUID again.

TheLecturer commented 10 years ago

Hi geNAZt.

Could you re-open this one please? Per my previous post, it is still not working on build 66 - writes the banned player's UUID into another row (row 1 in my case) meaning that user can never be unbanned without hacking the SQL table directly.

Many thanks.