Diffusion 0 A.D. Public Repository rP24728

Hide ip and port from users until they want to join, add optional password
rP24728
Actions

Description

Hide ip and port from users until they want to join, add optional password

Current issue with the lobby, is that we make ips of hosts public for anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to not trusted players.

Further description:
Do not send ports and stunip to the bots.

Removed from stanza.
Do not send ip to the lobby.

Removed from mapping gamelist from backend to gui (still on the backend side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.

On the host side, ask stun server what is host's public ip and remember it.
On the client side, send iq through xmppclient to the hosting player and ask for ip, port and if Stun is used, then if answer is success, continue

with connecting, else fail.

Add optional password for matches.

Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show additional window before trying to connect and ask for password, then hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches, else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match, will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.

Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby

Details

Committed

Silier

Jan 20 2021, 7:31 PM

Reviewer

wraitii

Differential Revision

D3184: Hide ip and port from users until they want to join, add optional password

Parents

rP24727: Commit the actual images for r24726

Branches

Unknown

Tags

Unknown

Build Status

Buildable 15294
Build 33302: Trigger Windows Autobuild
Build 33301: Post-Commit Build	Jenkins
Build 33300: Post-Commit Build (macOS)	Jenkins

Event Timeline

Silier committed rP24728: Hide ip and port from users until they want to join, add optional password.Jan 20 2021, 7:31 PM

Silier added an edge: D3184: Hide ip and port from users until they want to join, add optional password.

Silier added subscribers: vladislavbelov, bb, Stan and 2 others.

Harbormaster failed to build B15294: rP24728: Hide ip and port from users until they want to join, add optional password!Jan 20 2021, 7:34 PM

wraitii awarded a token.Jan 20 2021, 7:37 PM

Fixes: #5913

JSInterface_Network.cpp
../../../source/network/scripting/JSInterface_Network.cpp: In function ‘void JSI_Network::StartNetworkJoinLobby(ScriptInterface::CmptPrivate*, const CStrW&, const CStr8&, const CStr8&)’:
../../../source/network/scripting/JSInterface_Network.cpp:169:71: warning: unused parameter ‘pCmptPrivate’ [-Wunused-parameter]
 void JSI_Network::StartNetworkJoinLobby(ScriptInterface::CmptPrivate* pCmptPrivate, const CStrW& playerName, const CStr& hostJID, const CStr& password)
                                                                       ^~~~~~~~~~~~

wraitii mentioned this in D3438: Verify password in Authenticate.Jan 20 2021, 8:12 PM

Silier mentioned this in rP24733: Fix incorrect user identifier used in rP2478.Jan 20 2021, 9:00 PM

wraitii mentioned this in rP24775: Net Server: Verify password in Authenticate.Jan 23 2021, 7:04 PM

Silier mentioned this in rP24794: Limit possibility of brute force attacks when guessing password.Jan 26 2021, 9:21 PM

wraitii mentioned this in D3490: Get the public IP from the lobby if not using STUN..Jan 28 2021, 12:06 AM

Interestingly, this conceptually makes the WFGBot un-necessary to use the lobby. Assuming we had another way of finding which games are being hosted (using STUN), players only need a host JID (and a password) to join a game. This sounds to me like something we probably should try to do, to make deployment easier.

Edit: pushing games to a PubSub node sounds like it would do the trick.

Silier added inline comments.Feb 6 2021, 8:17 PM