Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
/* Copyright (C) 2021 Wildfire Games.
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
* Copyright (C) 2013-2016 SuperTuxKart-Team.
|
|
|
|
|
* This file is part of 0 A.D.
|
|
|
|
|
*
|
|
|
|
|
* 0 A.D. is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* 0 A.D. is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with 0 A.D. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "precompiled.h"
|
|
|
|
|
|
|
|
|
|
#include "StunClient.h"
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
#include "scriptinterface/ScriptInterface.h"
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
#include <chrono>
|
|
|
|
|
#include <cstdio>
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#ifdef WIN32
|
|
|
|
|
# include <winsock2.h>
|
|
|
|
|
# include <ws2tcpip.h>
|
|
|
|
|
#else
|
|
|
|
|
# include <sys/socket.h>
|
|
|
|
|
# include <netdb.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
#include "lib/external_libraries/enet.h"
|
|
|
|
|
|
|
|
|
|
#if OS_WIN
|
|
|
|
|
#include "lib/sysdep/os/win/wposix/wtime.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "scriptinterface/ScriptInterface.h"
|
|
|
|
|
#include "ps/CLogger.h"
|
|
|
|
|
#include "ps/ConfigDB.h"
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
#include "ps/CStr.h"
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
unsigned int m_StunServerIP;
|
|
|
|
|
int m_StunServerPort;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* These constants are defined in Section 6 of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
const u32 m_MagicCookie = 0x2112A442;
|
|
|
|
|
const u32 m_MethodTypeBinding = 0x0001;
|
|
|
|
|
const u32 m_BindingSuccessResponse = 0x0101;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Bit determining whether comprehension of an attribute is optional.
|
|
|
|
|
* Described in Section 15 of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
const u16 m_ComprehensionOptional = 0x1 << 15;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Bit determining whether the bit was assigned by IETF Review.
|
|
|
|
|
* Described in section 18.1. of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
const u16 m_IETFReview = 0x1 << 14;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* These constants are defined in Section 15.1 of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
const u8 m_IPAddressFamilyIPv4 = 0x01;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* These constants are defined in Section 18.2 of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
const u16 m_AttrTypeMappedAddress = 0x001;
|
|
|
|
|
const u16 m_AttrTypeXORMappedAddress = 0x0020;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Described in section 3 of RFC 5389.
|
|
|
|
|
*/
|
|
|
|
|
u8 m_TransactionID[12];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Discovered STUN endpoint
|
|
|
|
|
*/
|
|
|
|
|
u32 m_IP;
|
|
|
|
|
u16 m_Port;
|
|
|
|
|
|
|
|
|
|
void AddUInt16(std::vector<u8>& buffer, const u16 value)
|
|
|
|
|
{
|
|
|
|
|
buffer.push_back((value >> 8) & 0xff);
|
|
|
|
|
buffer.push_back(value & 0xff);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void AddUInt32(std::vector<u8>& buffer, const u32 value)
|
|
|
|
|
{
|
|
|
|
|
buffer.push_back((value >> 24) & 0xff);
|
|
|
|
|
buffer.push_back((value >> 16) & 0xff);
|
|
|
|
|
buffer.push_back((value >> 8) & 0xff);
|
|
|
|
|
buffer.push_back( value & 0xff);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template<typename T, size_t n>
|
2017-06-05 13:44:00 -07:00
|
|
|
bool GetFromBuffer(const std::vector<u8>& buffer, u32& offset, T& result)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
if (offset + n > buffer.size())
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
int a = n;
|
|
|
|
|
offset += n;
|
|
|
|
|
while (a--)
|
|
|
|
|
{
|
2017-12-04 06:30:38 -08:00
|
|
|
// Prevent shift count overflow if the type is u8
|
|
|
|
|
if (n > 1)
|
|
|
|
|
result <<= 8;
|
|
|
|
|
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
result += buffer[offset - 1 - a];
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates a STUN request and sends it to a STUN server.
|
|
|
|
|
* The request is sent through transactionHost, from which the answer
|
|
|
|
|
* will be retrieved by ReceiveStunResponse and interpreted by ParseStunResponse.
|
|
|
|
|
*/
|
2019-08-16 17:12:19 -07:00
|
|
|
bool CreateStunRequest(ENetHost& transactionHost)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
CStr server_name;
|
|
|
|
|
CFG_GET_VAL("lobby.stun.server", server_name);
|
|
|
|
|
CFG_GET_VAL("lobby.stun.port", m_StunServerPort);
|
|
|
|
|
|
|
|
|
|
debug_printf("GetPublicAddress: Using STUN server %s:%d\n", server_name.c_str(), m_StunServerPort);
|
|
|
|
|
|
|
|
|
|
addrinfo hints;
|
|
|
|
|
addrinfo* res;
|
|
|
|
|
|
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
|
|
|
|
// Resolve the stun server name so we can send it a STUN request
|
|
|
|
|
int status = getaddrinfo(server_name.c_str(), nullptr, &hints, &res);
|
|
|
|
|
if (status != 0)
|
|
|
|
|
{
|
2017-11-29 12:14:22 -08:00
|
|
|
#ifdef UNICODE
|
|
|
|
|
LOGERROR("GetPublicAddress: Error in getaddrinfo: %s", utf8_from_wstring(gai_strerror(status)));
|
|
|
|
|
#else
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
LOGERROR("GetPublicAddress: Error in getaddrinfo: %s", gai_strerror(status));
|
2017-11-29 12:14:22 -08:00
|
|
|
#endif
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ENSURE(res);
|
|
|
|
|
|
|
|
|
|
// Documentation says it points to "one or more addrinfo structures"
|
2019-08-16 17:12:19 -07:00
|
|
|
sockaddr_in* current_interface = reinterpret_cast<sockaddr_in*>(res->ai_addr);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
m_StunServerIP = ntohl(current_interface->sin_addr.s_addr);
|
|
|
|
|
|
|
|
|
|
StunClient::SendStunRequest(transactionHost, m_StunServerIP, m_StunServerPort);
|
|
|
|
|
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
void StunClient::SendStunRequest(ENetHost& transactionHost, u32 targetIp, u16 targetPort)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
std::vector<u8> buffer;
|
|
|
|
|
AddUInt16(buffer, m_MethodTypeBinding);
|
|
|
|
|
AddUInt16(buffer, 0); // length
|
|
|
|
|
AddUInt32(buffer, m_MagicCookie);
|
|
|
|
|
|
|
|
|
|
for (std::size_t i = 0; i < sizeof(m_TransactionID); ++i)
|
|
|
|
|
{
|
|
|
|
|
u8 random_byte = rand() % 256;
|
|
|
|
|
buffer.push_back(random_byte);
|
|
|
|
|
m_TransactionID[i] = random_byte;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sockaddr_in to;
|
|
|
|
|
int to_len = sizeof(to);
|
|
|
|
|
memset(&to, 0, to_len);
|
|
|
|
|
|
|
|
|
|
to.sin_family = AF_INET;
|
|
|
|
|
to.sin_port = htons(targetPort);
|
|
|
|
|
to.sin_addr.s_addr = htonl(targetIp);
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
sendto(
|
|
|
|
|
transactionHost.socket,
|
|
|
|
|
reinterpret_cast<char*>(buffer.data()),
|
|
|
|
|
static_cast<int>(buffer.size()),
|
|
|
|
|
0,
|
|
|
|
|
reinterpret_cast<sockaddr*>(&to),
|
|
|
|
|
to_len);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Gets the response from the STUN server and checks it for its validity.
|
|
|
|
|
*/
|
2019-08-16 17:12:19 -07:00
|
|
|
bool ReceiveStunResponse(ENetHost& transactionHost, std::vector<u8>& buffer)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
// TransportAddress sender;
|
|
|
|
|
const int LEN = 2048;
|
|
|
|
|
char input_buffer[LEN];
|
|
|
|
|
|
|
|
|
|
memset(input_buffer, 0, LEN);
|
|
|
|
|
|
|
|
|
|
sockaddr_in addr;
|
|
|
|
|
socklen_t from_len = sizeof(addr);
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
int len = recvfrom(transactionHost.socket, input_buffer, LEN, 0, reinterpret_cast<sockaddr*>(&addr), &from_len);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
int delay = 200;
|
|
|
|
|
CFG_GET_VAL("lobby.stun.delay", delay);
|
|
|
|
|
|
|
|
|
|
// Wait to receive the message because enet sockets are non-blocking
|
|
|
|
|
const int max_tries = 5;
|
|
|
|
|
for (int count = 0; len < 0 && (count < max_tries || max_tries == -1); ++count)
|
|
|
|
|
{
|
|
|
|
|
usleep(delay * 1000);
|
2019-08-16 17:12:19 -07:00
|
|
|
len = recvfrom(transactionHost.socket, input_buffer, LEN, 0, reinterpret_cast<sockaddr*>(&addr), &from_len);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (len < 0)
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("GetPublicAddress: recvfrom error (%d): %s", errno, strerror(errno));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
u32 sender_ip = ntohl(static_cast<u32>(addr.sin_addr.s_addr));
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
u16 sender_port = ntohs(addr.sin_port);
|
|
|
|
|
|
|
|
|
|
if (sender_ip != m_StunServerIP)
|
|
|
|
|
LOGERROR("GetPublicAddress: Received stun response from different address: %d:%d (%d.%d.%d.%d:%d) %s",
|
|
|
|
|
addr.sin_addr.s_addr,
|
|
|
|
|
addr.sin_port,
|
|
|
|
|
(sender_ip >> 24) & 0xff,
|
|
|
|
|
(sender_ip >> 16) & 0xff,
|
|
|
|
|
(sender_ip >> 8) & 0xff,
|
|
|
|
|
(sender_ip >> 0) & 0xff,
|
|
|
|
|
sender_port,
|
|
|
|
|
input_buffer);
|
|
|
|
|
|
|
|
|
|
// Convert to network string.
|
|
|
|
|
buffer.resize(len);
|
2019-08-16 17:12:19 -07:00
|
|
|
memcpy(buffer.data(), reinterpret_cast<u8*>(input_buffer), len);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool ParseStunResponse(const std::vector<u8>& buffer)
|
|
|
|
|
{
|
|
|
|
|
u32 offset = 0;
|
|
|
|
|
|
|
|
|
|
u16 responseType = 0;
|
|
|
|
|
if (!GetFromBuffer<u16, 2>(buffer, offset, responseType) || responseType != m_BindingSuccessResponse)
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("STUN response isn't a binding success response");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ignore message size
|
|
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
|
|
u32 cookie = 0;
|
|
|
|
|
if (!GetFromBuffer<u32, 4>(buffer, offset, cookie) || cookie != m_MagicCookie)
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("STUN response doesn't contain the magic cookie");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (std::size_t i = 0; i < sizeof(m_TransactionID); ++i)
|
|
|
|
|
{
|
|
|
|
|
u8 transactionChar = 0;
|
|
|
|
|
if (!GetFromBuffer<u8, 1>(buffer, offset, transactionChar) || transactionChar != m_TransactionID[i])
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("STUN response doesn't contain the transaction ID");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (offset < buffer.size())
|
|
|
|
|
{
|
|
|
|
|
u16 type = 0;
|
|
|
|
|
u16 size = 0;
|
|
|
|
|
if (!GetFromBuffer<u16, 2>(buffer, offset, type) ||
|
|
|
|
|
!GetFromBuffer<u16, 2>(buffer, offset, size))
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("STUN response contains invalid attribute");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The first two bits are irrelevant to the type
|
|
|
|
|
type &= ~(m_ComprehensionOptional | m_IETFReview);
|
|
|
|
|
|
|
|
|
|
switch (type)
|
|
|
|
|
{
|
|
|
|
|
case m_AttrTypeMappedAddress:
|
|
|
|
|
case m_AttrTypeXORMappedAddress:
|
|
|
|
|
{
|
|
|
|
|
if (size != 8)
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("Invalid STUN Mapped Address length");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ignore the first byte as mentioned in Section 15.1 of RFC 5389.
|
|
|
|
|
++offset;
|
|
|
|
|
|
|
|
|
|
u8 ipFamily = 0;
|
|
|
|
|
if (!GetFromBuffer<u8, 1>(buffer, offset, ipFamily) || ipFamily != m_IPAddressFamilyIPv4)
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("Unsupported address family, IPv4 is expected");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
u16 port = 0;
|
|
|
|
|
u32 ip = 0;
|
|
|
|
|
if (!GetFromBuffer<u16, 2>(buffer, offset, port) ||
|
|
|
|
|
!GetFromBuffer<u32, 4>(buffer, offset, ip))
|
|
|
|
|
{
|
|
|
|
|
LOGERROR("Mapped address doesn't contain IP and port");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Obfuscation is described in Section 15.2 of RFC 5389.
|
|
|
|
|
if (type == m_AttrTypeXORMappedAddress)
|
|
|
|
|
{
|
|
|
|
|
port ^= m_MagicCookie >> 16;
|
|
|
|
|
ip ^= m_MagicCookie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m_Port = port;
|
|
|
|
|
m_IP = ip;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
{
|
|
|
|
|
// We don't care about other attributes at all
|
|
|
|
|
|
|
|
|
|
// Skip attribute
|
|
|
|
|
offset += size;
|
|
|
|
|
|
|
|
|
|
// Skip padding
|
|
|
|
|
int padding = size % 4;
|
|
|
|
|
if (padding)
|
|
|
|
|
offset += 4 - padding;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
bool STUNRequestAndResponse(ENetHost& transactionHost)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
if (!CreateStunRequest(transactionHost))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
std::vector<u8> buffer;
|
|
|
|
|
return ReceiveStunResponse(transactionHost, buffer) &&
|
|
|
|
|
ParseStunResponse(buffer);
|
|
|
|
|
}
|
|
|
|
|
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
bool StunClient::FindStunEndpointHost(CStr8& ip, u16& port)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
2019-08-16 17:12:19 -07:00
|
|
|
ENetAddress hostAddr{ENET_HOST_ANY, static_cast<u16>(port)};
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
ENetHost* transactionHost = enet_host_create(&hostAddr, 1, 1, 0, 0);
|
|
|
|
|
if (!transactionHost)
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
return false;
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
bool success = STUNRequestAndResponse(*transactionHost);
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
enet_host_destroy(transactionHost);
|
|
|
|
|
if (!success)
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
return false;
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
// Convert m_IP to string
|
|
|
|
|
char ipStr[256] = "(error)";
|
|
|
|
|
ENetAddress addr;
|
|
|
|
|
addr.host = ntohl(m_IP);
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
int result = enet_address_get_host_ip(&addr, ipStr, ARRAY_SIZE(ipStr));
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
Hide ip and port from users until they want to join, add optional password
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
2021-01-20 10:31:39 -08:00
|
|
|
ip = ipStr;
|
|
|
|
|
port = m_Port;
|
|
|
|
|
return result == 0;
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
}
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
bool StunClient::FindStunEndpointJoin(ENetHost& transactionHost, StunClient::StunEndpoint& stunEndpoint)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
if (!STUNRequestAndResponse(transactionHost))
|
2019-08-16 17:12:19 -07:00
|
|
|
return false;
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
// Convert m_IP to string
|
|
|
|
|
char ipStr[256] = "(error)";
|
|
|
|
|
ENetAddress addr;
|
|
|
|
|
addr.host = ntohl(m_IP);
|
|
|
|
|
enet_address_get_host_ip(&addr, ipStr, ARRAY_SIZE(ipStr));
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
stunEndpoint.ip = m_IP;
|
|
|
|
|
stunEndpoint.port = m_Port;
|
|
|
|
|
|
|
|
|
|
return true;
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
}
|
|
|
|
|
|
2019-08-16 17:12:19 -07:00
|
|
|
void StunClient::SendHolePunchingMessages(ENetHost& enetClient, const std::string& serverAddress, u16 serverPort)
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
{
|
|
|
|
|
// Convert ip string to int64
|
|
|
|
|
ENetAddress addr;
|
|
|
|
|
addr.port = serverPort;
|
2019-08-16 17:12:19 -07:00
|
|
|
enet_address_set_host(&addr, serverAddress.c_str());
|
STUN + XMPP ICE implementation.
Allows lobby players to host games without having to configure their
router.
Differential Revision: https://code.wildfiregames.com/D364
Fixes #2305
Patch By: fcxSanya.
StunClient based on code by SuperTuxKart, relicensed with approval of
the according authors hilnius, hiker, Auria, deveee, Flakebi, leper,
konstin and KroArtem.
Added rfc5245 (ejabberd) support, a GUI option, refactoring and segfault
fixes by myself.
Tested By: user1, Sandarac, Sestroretsk1714, Vladislav, Grugnas,
javiergodas
Partially Reviewed By: leper, Philip, echotangoecho
This was SVN commit r19703.
2017-05-31 23:33:52 -07:00
|
|
|
|
|
|
|
|
int delay = 200;
|
|
|
|
|
CFG_GET_VAL("lobby.stun.delay", delay);
|
|
|
|
|
|
|
|
|
|
// Send an UDP message from enet host to ip:port
|
|
|
|
|
for (int i = 0; i < 3; ++i)
|
|
|
|
|
{
|
|
|
|
|
StunClient::SendStunRequest(enetClient, htonl(addr.host), serverPort);
|
|
|
|
|
usleep(delay * 1000);
|
|
|
|
|
}
|
|
|
|
|
}
|