Most of the plugins here are made by B3 users and the authors may not visit frequently. If you need support for plugins or if questions remain unanswered, you will have to contact the author directly. Read the full Support Disclaimer here
NOTE: Do not attach plugins to your forumtopics! Attachements are periodically removed by maintenance tasks. Upload your plugins to our Downloads section instead!

You are here: Big Brother Bot ForumAdd-OnsPlugins Discussion (Moderator: MordyT)login.py bug
Pages: [1]   Go Down
  Print  
Author Topic: login.py bug  (Read 1347 times) Bookmark and Share
Newbie
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 8
Offline Offline
« on: November 24, 2012, 04:44:10 PM »

Hi,

It appears login.py contains a bit of deprecated code in b3 1.7.1.

(in cmd_login())
Code: python
        if data:
           digest = newmd5(data).hexdigest()
           if digest == client.password:
               client.setvar(self, 'loggedin', 1)
               client.groupBits = client.var(self, 'login_groupbits').value
               client.message('You are successfully logged in.')
               return
           else:
               client.message('^1***Access denied***^7')
               return

There is, line 3, a comparison between a hash of the input password, and ... the client's /password (which is set client-side), instead of the client's password hash as in the server database.

I do not know what property the Client class has that refers to it. If someone familiar with the B3 core code could fix this, or tell me if I am wrong... Thanks!
« Last Edit: November 24, 2012, 04:45:53 PM by felixmole » Logged

Senior Dev.
*
OS: Linux
Type: Home user
Posts: 4753
Offline Offline
WWW
Support Specialty: B3-Core, UrT/SmG/BFBC2 parsers, Plugin development
« Reply #1 on: November 24, 2012, 06:37:48 PM »

If I understand the code correctly, 'client.password' refers to whatever value is in the 'password' column of the 'client' table in your database. In the database, this value must not be the password in plain text but instead its md5 hash.
So the code compares a hash to a hash
Logged

Newbie
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 8
Offline Offline
« Reply #2 on: November 25, 2012, 12:43:54 AM »

If I understand the code correctly, 'client.password' refers to whatever value is in the 'password' column of the 'client' table in your database. [...]
Well, it should, but it doesn't: after doing some debugging I have found out it refers to the client's /password setting (that can be used to access a private server or a private slot).

Client user-info as in the log file:
Quote
  6:35 ClientUserinfo: 15 \ip\x.x.x.x:27960\name\Zesco\password\some_password_here\racered\2\raceblue\3\rate\8000\ut_timenudge\0\cg_rgb\128 128 128\cg_predictitems\0\cg_physics\1\snaps\20\model\sarge\headmodel\sarge\team_model\james\team_headmodel\*james\color1\4\color2\5\handicap\100\sex\male\cl_anonymous\0\gear\GMIORAA\teamtask\0\cl_guid\THEIRGUID\weapmodes\00000110120000020002
For this client, client.password gives "some_password_here".
Logged
Dev. Team
*
OS: Windows
Type: Gameserver Rental Co.
Gameservers: COD4, COD5, Arma 2
Posts: 2011
Offline Offline
« Reply #3 on: November 25, 2012, 08:33:01 AM »

We have been using the login plugin for years, and it works fine with no issues - you must be misunderstanding something, or your mod is doing something really strange.

What game, and which mod are you using?

EDIT: Is it usual to have the password in the ClientUserInfo line like that, since it looks like it is that that is causing the issue?
« Last Edit: November 25, 2012, 09:43:39 AM by 82ndAB.Bravo17 » Logged
Newbie
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 8
Offline Offline
« Reply #4 on: November 25, 2012, 08:54:23 AM »

We have been using the login plugin for years, and it works fine with no issues - you must be misunderstanding something, or your mod is doing something really strange.

What game, and which mod are you using?
I use Urban Terror, vanilla B3 (Except a couple of minor modifications in plugin_admin.py but that's it).

when I insert self.debug("client password = %s; input hex'd password = %s" % (client.password, digest)), I can clearly see the user-defined /password for the first value, which is not normal.

If it works for you, I'm assuming this is a problem with the UrT parser.

EDIT: I have not tried to see if it worked normally when the user in question has no /password set
« Last Edit: November 25, 2012, 08:57:30 AM by felixmole » Logged
Senior Dev.
*
OS: Linux
Type: Home user
Posts: 4753
Offline Offline
WWW
Support Specialty: B3-Core, UrT/SmG/BFBC2 parsers, Plugin development
« Reply #5 on: November 25, 2012, 09:45:02 AM »

There is indeed an issue as you found out. It is bound to the iourt41 and iourt42 parser (at least).
I will update the login plugin to prevent any misbehavior due to bugs or bad habits from the game parsers. Then I will also update the UrT* parsers.
Follow this topic for updates
Logged

Newbie
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 8
Offline Offline
« Reply #6 on: November 25, 2012, 10:11:48 AM »

Thanks all for your input!
Logged
Senior Dev.
*
OS: Linux
Type: Home user
Posts: 4753
Offline Offline
WWW
Support Specialty: B3-Core, UrT/SmG/BFBC2 parsers, Plugin development
« Reply #7 on: November 25, 2012, 12:03:04 PM »

Could you replace your login.py file with this one and tell me how it goes ?
Logged

Newbie
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 8
Offline Offline
« Reply #8 on: November 25, 2012, 01:18:17 PM »

Works perfectly. Thank you for your time.
Logged
Senior Dev.
*
OS: Linux
Type: Home user
Posts: 4753
Offline Offline
WWW
Support Specialty: B3-Core, UrT/SmG/BFBC2 parsers, Plugin development
« Reply #9 on: November 26, 2012, 04:14:50 PM »

fixes have been made to the UrT parsers (4.1 and 4.2)
Please update to B3 v1.9.0dev22 (or later) and report back any issue
Logged

Tags: login.py  plugin  inbuilt  bug 
Pages: [1]   Go Up
  Print  
 
Jump to:  


Rate this page +1 at Google Search


SimplePortal 2.3.1 © 2008-2009, SimplePortal