search

multitheftauto / mtasa-blue

Multi Theft Auto is a game engine that incorporates an extendable network play element into a proprietary commercial single-player game.
https://multitheftauto.com
GNU General Public License v3.0
1.42k stars 437 forks source link

Check if another player has the same serial #3854

Closed Nico8340 closed 1 week ago

Nico8340 commented 2 weeks ago

This pull request adds a check when connecting to ensure that players can't use the same serial, thus preventing abuses related to serial manipulation, such as for example, when they try to spoof a server's moderator's serial as their own, while they're connected to the server.

The change involved the addition of a new parameter called check_duplicate_serials which allows turning off the feature for development and testing servers to connect with virtual machines.

The new code is: CD50 The new description is: Serial already in use

Xenius97 commented 2 weeks ago

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

Xenius97 commented 2 weeks ago

Maybe you could add something like check_double_serials to server settings enabled by default.

Nico8340 commented 2 weeks ago

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot about that, thanks for reminding. If anyone has any ideas, feel free to share them.

Nico8340 commented 2 weeks ago

Maybe you could add something like check_double_serials to server settings enabled by default.

Good idea, I look forward to other people's opinions as well

Fernando-A-Rocha commented 2 weeks ago

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot you can use VMs to run multiple MTA clients. You need 1 VM (os) per client right?

Nico8340 commented 2 weeks ago

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot you can use VMs to run multiple MTA clients. You need 1 VM (os) per client right?

That's right

Fernando-A-Rocha commented 2 weeks ago

Maybe you could add something like check_double_serials to server settings enabled by default.

Maybe we can have a setting like allow_unverified_clients that is a more generic name

G-Moris commented 2 weeks ago

Would this be optimized if 'std::unordered_map' and 'find' were used instead of a loop?

Nico8340 commented 2 weeks ago

Would this be optimized if 'std::unordered_map' and 'find' were used instead of a loop?

In fact, in this use case there are no significant differences in terms of average server sizes, but for a larger search operation it is really better to use unordered_map and its method. If someone wants to refactor it, they have to modify the entire class, and this pull request is not intended for that.

lopezloo commented 1 week ago

when they try to spoof a server's moderator's serial as their own

How would they know server's moderator serial?

Nico8340 commented 1 week ago

How would they know server's moderator serial?

From servers with a loophole or a data leak