search

DDRace / teeworlds

DEPRECATED - Go to https://github.com/ddnet/ddnet instead!
Other
37 stars 15 forks source link

Banmaster #241

Closed def- closed 10 years ago

def- commented 11 years ago

As suggested in issue #240 I added the old banmaster code again and made it work. I've also added a readme-banmaster.txt that explains how it works.

heinrich5991 commented 11 years ago

Please note that there are some security issues with my old banmaster system, especially with spoofed IP packets.

def- commented 11 years ago

Do you mean that someone could just send bogus banmaster packets to a server at the moment someone connects to it to get him banned? At least this shouldn't happen when using localhost as banmaster, which I made default.

I'd fix this by adding a random sequence number to requests to the banmaster, which the banmaster has to return, otherwise the packet is ignored.

Also, there is no IPV6 support.

ravomavain commented 11 years ago

I think that one reason why it wasn't used so much (and thus removed for lack of will to maintain it) is that there's no easy way to add bans. Let's consider a typical use case: you have several teeworlds servers (like ddmax) and want to have a common ban list for all your servers, so that when you ban someone on one of your server (from ingame rcon), he automically get ban on all your servers for the same amount of time. With current code, the only way to add bans is to edit bans.cfg, but it's not easy to do from rcon, may cause some trouble if a lot of servers are trying to modify it at the same time, and there's no cleanning process to remove old bans, so all the ban handling should be done by hand. The best thing would to forward all ban* rcon commands to the banmaster and let it handle all this, but then we should make sure that only autorized access can modify bans.

heinrich5991 commented 11 years ago

Note that you should adapt to the surrounding coding style (for example where to place the curly braces and also variable naming conventions). :)

Do you mean that someone could just send bogus banmaster packets to a server at the moment someone connects to it to get him banned? At least this shouldn't happen when using localhost as banmaster, which I made default.

This could even happen with localhost I guess. Also he doesn't need to send them the moment the clients connect - bans from the banmaster are accepted all the time.