Quake3World.com Forums
     Programming Discussion
        Rcon Authorization


Post new topicReply to topic
Login | Profile | | FAQ | Search | IRC




Print view Previous topic | Next topic 
Topic Starter Topic: Rcon Authorization

Immortal
Immortal
Joined: 12 Mar 2005
Posts: 2205
PostPosted: 06-29-2008 12:13 AM           Profile   Send private message  E-mail  Edit post Reply with quote


I haven't poked around the rcon code very much yet but something has been bugging me for the past few days.

When I send an rcon command to a server without putting in the password first I get the "Bad Rcon Password" message back from the server.

When I enter the password then send the rcon command the server executes normally as expected.

What I'm wondering is, how does the server know that I'm the admin and that the other players are still not authorized to use the commands? Does it keep a tally on its side saying "ok, Silicone_Milk knows the password is = this string so commands from his ID are good for execution only for the current session. If he disconnects, he's no longer ok."

If this is the case, what keeps a determined individual from crafting some packets and claiming to be me (who has been authorized) so that the server is tricked into letting that person execute rcon commands as well?




Top
                 

Mentor
Mentor
Joined: 12 Mar 2005
Posts: 3958
PostPosted: 06-29-2008 12:59 AM           Profile Send private message  E-mail  Edit post Reply with quote


Nothing of the sort. Your client inserts the value of the rconpassword cvar in every rcon command you send.




Top
                 

Immortal
Immortal
Joined: 12 Mar 2005
Posts: 2205
PostPosted: 06-29-2008 01:06 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Very interesting. Simpler than I could have imagined.

Thanks for the swift response Misantropia




Top
                 

Beggar@Q3W
Beggar@Q3W
Joined: 09 Feb 2005
Posts: 1086
PostPosted: 06-29-2008 02:16 AM           Profile Send private message  E-mail  Edit post Reply with quote


After all, it's a communication via udp, hence no session can be managed.
It's kind of odd that such a person like Silicon_Milke asks this kind of question.




Top
                 

Mentor
Mentor
Joined: 12 Mar 2005
Posts: 3958
PostPosted: 06-29-2008 04:39 AM           Profile Send private message  E-mail  Edit post Reply with quote


a13n wrote:
After all, it's a communication via udp, hence no session can be managed.

Utter nonsense.




Top
                 

Immortal
Immortal
Joined: 12 Mar 2005
Posts: 2205
PostPosted: 06-29-2008 10:55 AM           Profile   Send private message  E-mail  Edit post Reply with quote


What do you mean by "such a person"?




Top
                 

Beggar@Q3W
Beggar@Q3W
Joined: 09 Feb 2005
Posts: 1086
PostPosted: 07-01-2008 03:53 AM           Profile Send private message  E-mail  Edit post Reply with quote


^misantropia^ wrote:
Utter nonsense.

Correct me, if I'm wrong.

Silicone_Milk wrote:
What do you mean by "such a person"?

such a tech person :rolleyes:




Top
                 

Mentor
Mentor
Joined: 12 Mar 2005
Posts: 3958
PostPosted: 07-01-2008 07:15 AM           Profile Send private message  E-mail  Edit post Reply with quote


a13n wrote:
Correct me, if I'm wrong.

Alright. You're wrong.




Top
                 

Beggar@Q3W
Beggar@Q3W
Joined: 09 Feb 2005
Posts: 1086
PostPosted: 07-02-2008 04:24 AM           Profile Send private message  E-mail  Edit post Reply with quote


Can you prove it? :rolleyes:




Top
                 

Mentor
Mentor
Joined: 12 Mar 2005
Posts: 3958
PostPosted: 07-02-2008 04:26 AM           Profile Send private message  E-mail  Edit post Reply with quote


I can.




Top
                 

Commander
Commander
Joined: 15 Nov 2006
Posts: 129
PostPosted: 07-02-2008 08:54 AM           Profile Send private message  E-mail  Edit post Reply with quote


a13n wrote:
Can you prove it? :rolleyes:


Well, its not really that hard to prove it really. Q3 only uses UDP for all communications with its clients. If it wasnt able to associate data with specific clients the game would be unworkable. See SV_PacketEvent() for how Q3 matches UDP packets up to clients in the game, therefore maintaining state for that client throughout the session (game).

It'd be fairly easy to modify q3 to work the way Silicone Milk thought - change it so that SVC_RemoteCommand does a similar thing with matching the netadr_t's, and if they're a client in the game you can easily mark them as an admin so that they dont need the correct password in the future. Its potentially a useful change to be able to tell who has rcon access - eg highlight them differently in the scoreboard (as CPMA does with referee status players, f.ex).

If you wanted, you could even extend it so that it maintains a session for non-client netadr_t's too, just maintain a list of "active rconners" (with timeouts etc), although SM's original post suggested he was assuming it was a special case for players on the server.




Top
                 

Beggar@Q3W
Beggar@Q3W
Joined: 09 Feb 2005
Posts: 1086
PostPosted: 07-04-2008 01:47 AM           Profile Send private message  E-mail  Edit post Reply with quote


ouch!
apology for my stupidity :o




Top
                 
Quake3World.com | Forum Index | Programming Discussion


Post new topic Reply to topic


cron
Quake3World.com
© ZeniMax. Zenimax, QUAKE III ARENA, Id Software and associated trademarks are trademarks of the ZeniMax group of companies. All rights reserved.
This is an unofficial fan website without any affiliation with or endorsement by ZeniMax.
All views and opinions expressed are those of the author.