Permalink
Browse files

Implement rcon secure 2 on the client

  • Loading branch information...
mbasaglia committed Feb 14, 2016
1 parent f6a8da5 commit 081a72c843edfd59407376387723085a47ed4bee
Showing with 74 additions and 15 deletions.
  1. +71 −13 daemon/src/engine/client/cl_main.cpp
  2. +2 −1 daemon/src/engine/framework/Rcon.cpp
  3. +1 −1 daemon/src/engine/server/sv_main.cpp
@@ -47,6 +47,7 @@ cvar_t *cl_wavefilerecord;
#include "mumblelink/libmumblelink.h"
#include "qcommon/crypto.h"
#include "framework/Rcon.h"
#include <common/Network.h>
#ifndef _WIN32
#include <sys/stat.h>
@@ -1427,7 +1428,61 @@ void CL_Connect_f()
Cvar_Set( "cl_currentServerIP", serverString );
}
#define MAX_RCON_MESSAGE 1024
static void CL_RconSend(const Rcon::Message &message)
{
std::string invalid_reason;
if ( message.valid(&invalid_reason) )
{
message.send();
}
else
{
Com_Printf("Invalid rcon message: %s\n", invalid_reason.c_str());
}
}
struct RconChallengeQueue
{
public:
struct Request
{
netadr_t server;
std::string command;
};
void Push(const Request& request)
{
auto lock = std::unique_lock<std::mutex>(mutex);
requests.push_back(request);
}
void Pop(const netadr_t &server, const std::string& challenge)
{
auto lock = std::unique_lock<std::mutex>(mutex);
auto it = std::find_if(requests.begin(), requests.end(),
[server](const Request& req) {
return NET_CompareAdr(req.server, server);
});
if ( it != requests.end() )
{
CL_RconSend(Rcon::Message(
server,
it->command,
Rcon::Secure::EncryptedChallenge,
Rcon::cvar_server_password.Get(),
challenge
));
}
}
private:
std::vector<Request> requests;
std::mutex mutex;
};
static RconChallengeQueue CL_RconChallengeQueue;
/*
=====================
@@ -1470,22 +1525,19 @@ void CL_Rcon_f()
}
}
Rcon::Message message(
to,
Cmd::GetCurrentArgs().EscapedArgs(1),
Rcon::Secure(Rcon::cvar_server_secure.Get()),
Rcon::cvar_server_password.Get(),
"" // TODO challenge
);
std::string invalid_reason;
if ( message.valid(&invalid_reason) )
if ( Rcon::Secure(Rcon::cvar_server_secure.Get()) == Rcon::Secure::EncryptedChallenge )
{
message.send();
CL_RconChallengeQueue.Push({to, Cmd::GetCurrentArgs().EscapedArgs(1)});
Net::OutOfBandPrint(NS_CLIENT, to, "getchallengenew");
}
else
{
Com_Printf("Invalid rcon message: %s\n", invalid_reason.c_str());
CL_RconSend(Rcon::Message(
to,
Cmd::GetCurrentArgs().EscapedArgs(1),
Rcon::Secure(Rcon::cvar_server_secure.Get()),
Rcon::cvar_server_password.Get()
));
}
}
@@ -2735,6 +2787,12 @@ void CL_ConnectionlessPacket( netadr_t from, msg_t *msg )
return;
}
if ( args.Argv(0) == "challengeResponseNew" )
{
CL_RconChallengeQueue.Pop(from, args.Argv(1));
return;
}
Com_DPrintf( "Unknown connectionless packet command.\n" );
}
@@ -84,6 +84,7 @@ void Message::send() const
if ( secure_ == Secure::Unencrypted )
{
Net::OutOfBandPrint(NS_CLIENT, remote_, "rcon %s %s", password_, command_);
return;
}
std::string method = "PLAIN";
@@ -97,7 +98,7 @@ void Message::send() const
}
Crypto::Data cypher;
if ( Crypto::Aes256Encrypt(Crypto::String(command_), key, cypher) )
if ( Crypto::Aes256Encrypt(Crypto::String(plaintext), key, cypher) )
{
Net::OutOfBandPrint(NS_CLIENT, remote_, "srcon %s %s",
method,
@@ -879,7 +879,7 @@ void SV_ConnectionlessPacket( netadr_t from, msg_t *msg )
{
SV_GetChallenge( from );
}
else if ( args.Argv(0) == "getchallenge_new" )
else if ( args.Argv(0) == "getchallengenew" )
{
SV_GetChallengeNew( from );
}

0 comments on commit 081a72c

Please sign in to comment.