This is my first post at these forums, so bare with me if the idea have already been proposed, I did some basic research but did not find any that seem to be relating to what I wanna achieve. I believe this feature is already available using packages such as Bukkit and the like, but I feel like this could be a valuable part of the "core" package.
The idea is to implement server side hooks, my case for writing this comes to a point at where my server have recently been attacked with what seems to be 'header' injections, using cracked clients or whatever to log in to administrator accounts and run various commands. My idea to solve this would be to write a little program that could validate some information upon a player connecting the server, and then choose to accept the incoming player or dismiss the player.
As written above, I believe it can be implemented more simplier in the core game (server part) alone, so that third party (non Java) can with great ease be used to integrate (now I'm a C/C++/PHP'er). This proposal is split in a specific part and an abstract part (later in this post), but lets begin out with the specific part which is designed for only the authentication:
Lets begin with having a look at the server.properties properties added:
auth-hook=false
auth-hook-exec=
The 'auth-hook' is disabled by default, so that servers won't try to allocate resources to the authentication hook in case nothing is defined (same with auth-hook=true && auth-hook-exec == ''), the other one 'auth-hook-exec' defines a path to the hook executable, this can be a relative path from the server.properties file, or an absolute path.
The type of program defined here should be an executable (.exe, .bat, ... (basically anything in the %PATHEXT% envrionment variable on Windows)), this program will be passed the hook data as arguments (argv in a C-like perspective). Lets have a more concrete example:
That is our setup, note that the hook itself exports the arguments sent to the program in a file called 'last-login.txt', located in the 'hooks/' folder.
Now a player log in at the server, the following details are avaiable for that player:
So that is fine and all with the example, but we're still missing a very critical part, that is the response a hook may give back. In VC++, we would use CreateProcess() to create a process handle for the hook when executed, and then we would use GetExitCodeFromProcess() to get the relevant exit code.
Using exit codes, on Windows, Microsoft reserves the first 16k codes, which means we should step up and use an "unreserved" namespace, for compliance with other platforms, I suggest beginning from 0xFFAA and forward:
0xFFAA (65450):
ERROR_BAD_LOGIN Bad log in (Note whitelisted name, IP mismatch, ...)
0xFFAB (65451):
ERROR_FAILURE General failure
0xFFAC (65452):
... ...
And so on, while this approach is not rock solid, it is an easy way to alert the server about the status code. An example in a C program could be:
server.properties:
auth-hook=true
auth-hook-exec=hooks/login.exe
login.c:
#define ERROR_NONE 0
#define ERROR_BAD_LOGIN 0xFFAA
#define ERROR_FAILURE 0xFFAB
int main(int argc, char *argv[])
{
char *player;
in_addr ip;
/* Initialize and handle argv[...] here */
/* ... */
if(login(player, ipaddr))
{
return ERROR_NONE;
}
return ERROR_BAD_LOGIN;
}
static int login(char *player, in_addr ip)
{
/* log in logic here */
}
So the other part of the suggestion (the abstract part), can already be done in Addons, and should most likely be kept there, so I'll be short on this one;
Instead of having a specific property in the server.properties file to the authentication, it could also contain other hooks, say for example everytime someone dies, executes a server /command, and so on, however it would not be ideal at all to dublicate code by having this available when addons can already do that, but I feel the authentication part is more tied in and is not being able to be hooked into in the same way as other basic events.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
This is my first post at these forums, so bare with me if the idea have already been proposed, I did some basic research but did not find any that seem to be relating to what I wanna achieve. I believe this feature is already available using packages such as Bukkit and the like, but I feel like this could be a valuable part of the "core" package.
The idea is to implement server side hooks, my case for writing this comes to a point at where my server have recently been attacked with what seems to be 'header' injections, using cracked clients or whatever to log in to administrator accounts and run various commands. My idea to solve this would be to write a little program that could validate some information upon a player connecting the server, and then choose to accept the incoming player or dismiss the player.
As written above, I believe it can be implemented more simplier in the core game (server part) alone, so that third party (non Java) can with great ease be used to integrate (now I'm a C/C++/PHP'er). This proposal is split in a specific part and an abstract part (later in this post), but lets begin out with the specific part which is designed for only the authentication:
Lets begin with having a look at the server.properties properties added:
The 'auth-hook' is disabled by default, so that servers won't try to allocate resources to the authentication hook in case nothing is defined (same with auth-hook=true && auth-hook-exec == ''), the other one 'auth-hook-exec' defines a path to the hook executable, this can be a relative path from the server.properties file, or an absolute path.
The type of program defined here should be an executable (.exe, .bat, ... (basically anything in the %PATHEXT% envrionment variable on Windows)), this program will be passed the hook data as arguments (argv in a C-like perspective). Lets have a more concrete example:
server.properties:
hooks/login.bat
hooks/login.php
<?php file_put_contents('./last-login.txt', var_export($argv, true)); ?>That is our setup, note that the hook itself exports the arguments sent to the program in a file called 'last-login.txt', located in the 'hooks/' folder.
Now a player log in at the server, the following details are avaiable for that player:
When the server sees this request, the hook is invoked, and is called as:
Which will invoke PHP as:
Causing the last-login.txt file to be populated with:
So that is fine and all with the example, but we're still missing a very critical part, that is the response a hook may give back. In VC++, we would use CreateProcess() to create a process handle for the hook when executed, and then we would use GetExitCodeFromProcess() to get the relevant exit code.
Using exit codes, on Windows, Microsoft reserves the first 16k codes, which means we should step up and use an "unreserved" namespace, for compliance with other platforms, I suggest beginning from 0xFFAA and forward:
And so on, while this approach is not rock solid, it is an easy way to alert the server about the status code. An example in a C program could be:
server.properties:
login.c:
#define ERROR_NONE 0 #define ERROR_BAD_LOGIN 0xFFAA #define ERROR_FAILURE 0xFFAB int main(int argc, char *argv[]) { char *player; in_addr ip; /* Initialize and handle argv[...] here */ /* ... */ if(login(player, ipaddr)) { return ERROR_NONE; } return ERROR_BAD_LOGIN; } static int login(char *player, in_addr ip) { /* log in logic here */ }So the other part of the suggestion (the abstract part), can already be done in Addons, and should most likely be kept there, so I'll be short on this one;
Instead of having a specific property in the server.properties file to the authentication, it could also contain other hooks, say for example everytime someone dies, executes a server /command, and so on, however it would not be ideal at all to dublicate code by having this available when addons can already do that, but I feel the authentication part is more tied in and is not being able to be hooked into in the same way as other basic events.