Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent admin port authentication bypass #4771

Closed
DorpsGek opened this issue Sep 14, 2011 · 1 comment
Closed

Prevent admin port authentication bypass #4771

DorpsGek opened this issue Sep 14, 2011 · 1 comment
Labels
flyspray This issue is imported from FlySpray (https://bugs.openttd.org/)

Comments

@DorpsGek
Copy link
Member

monoid opened the ticket and wrote:

Currently, an admin socket's state is changed to ADMIN_STATUS_ACTIVE (ie., has been authenticated) in ServerNetworkAdminSocketHandler::SendWelcome. However, this function is not only called during the handling of a ADMIN_JOIN packet by ServerNetworkAdminSocketHandler::Receive_ADMIN_JOIN, but also by ServerNetworkAdminSocketHandler::WelcomeAll, which in turn is called by NetworkServerStart() in dedicated server mode during a game (re)start.

Hence, all a user needs to do to have their admin socket marked 'ACTIVE' without needing to go through the normal authentication routine (sending a ADMIN_JOIN packet with the admin password) is to hold onto the connection on the admin port until the dedicated server restarts to a new game. At that point the connection will be incorrectly marked as ACTIVE, and they can issue i.e., rcon commands as if authenticated normally.

This patch fixes this issue. It does so by making it so the setting of an admin socket's status to ACTIVE is only done directly after checking the ADMIN_JOIN packet, and not in welcome packet sending.

It also fixes a closely related secondary issue, where certain admin packets are sent to admin connections that are not actually marked ACTIVE. It fixes this by adding a new macro to enumerate over active admin sockets only, FOR_ALL_ACTIVE_ADMIN_SOCKETS, and using it where appropriate.

The attached python script demonstrates these two issues. Start a dedicated server, and run the script (giving the ip (+ port) on the command line). Restart the dedicated server (i.e. using the 'restart' console command), and the script will show inappropriately sent packets being received, following by an execution of the 'pwd' console command via rcon after its admin connection has been incorrectly marked ACTIVE following the SERVER_WELCOME packet.

Attachments

Reported version: trunk
Operating system: All


This issue was imported from FlySpray: https://bugs.openttd.org/task/4771
@DorpsGek
Copy link
Member Author

Rubidium closed the ticket.

Reason for closing: Fixed

In r22934


This comment was imported from FlySpray: https://bugs.openttd.org/task/4771

@DorpsGek DorpsGek added Admin flyspray This issue is imported from FlySpray (https://bugs.openttd.org/) labels Apr 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray This issue is imported from FlySpray (https://bugs.openttd.org/)
Projects
None yet
Development

No branches or pull requests

1 participant