• gmsv_gatekeeper - Lua controlled server authentication
    453 replies, posted
  • Avatar of slayer3032
  • When valve did that update a while back that changed the SteamID's to STEAM_1 like in L4D they removed STEAM_ID_PENDING being used very far into the connection process. The Player's SteamID exists now when when the client connects or at least shortly after. By the time gatekeeper can even come into play STEAM_ID_PENDING should be gone.
  • Avatar of ComWalk
  • [QUOTE=slayer3032;16471745]When valve did that update a while back that changed the SteamID's to STEAM_1 like in L4D they removed STEAM_ID_PENDING being used very far into the connection process. The Player's SteamID exists now when when the client connects or at least shortly after. By the time gatekeeper can even come into play STEAM_ID_PENDING should be gone.[/QUOTE] Gatekeeper runs before any of that has a chance to happen; gatekeeper is run in the middle of the function that first processes any connection attempt. Certificate verification takes place later. I think that the real reason STEAM_ID_PENDING doesn't show up is that I trust the steamid supplied in the certificate, while the server itself seem to typically report STEAM_ID_PENDING until the certificate is verified with steam (something which happens much earlier now). While blind trust in an unverified certificate would be unwise, I can afford to do so since any ticket that has been tampered with be rejected when the checks you are referring to occur (unless, of course, it's a cracked server, but I don't care in the slightest about those).
  • Avatar of ComWalk
  • [QUOTE=huntskikbut;16486636]Version 3.0 causes an instant server crash for me.[/QUOTE] I've had one report of a crash on startup so far, but that wasn't unique to v3. Could you try to use [url=http://comwalk.gayluadad.net/garrysmod/gmsv_gatekeeperv3_test.rar]this[/url] module? If the error occurs during sigscanning (one instance of this spotted so far, present on a windows 2003 server and not limited only to v3), this will prevent the crash and return an error including the stage at which it fails. Could you send me any mdmps you have available? Was a previous version working without issues? Does this version continue to crash (if so, would you be able to provide mdmps for the new crashes?) or does it simply fail with a stage number?
  • Avatar of huntskikbut
  • [QUOTE=ComWalk;16487643]I've had one report of a crash on startup so far, but that wasn't unique to v3. Could you try to use [url=http://comwalk.gayluadad.net/garrysmod/gmsv_gatekeeperv3_test.rar]this[/url] module? If the error occurs during sigscanning (one instance of this spotted so far, present on a windows 2003 server and not limited only to v3), this will prevent the crash and return an error including the stage at which it fails. Could you send me any mdmps you have available? Was a previous version working without issues? Does this version continue to crash (if so, would you be able to provide mdmps for the new crashes?) or does it simply fail with a stage number?[/QUOTE] It's unique to v3, but beyond that I don't know. I'll grab some crash dumps if I remember.
  • Avatar of ComWalk
  • [QUOTE=huntskikbut;16526897]It's unique to v3, but beyond that I don't know. I'll grab some crash dumps if I remember.[/QUOTE] My best guess is that a call to VirtualProtect executed during VMT hooking is failing due to some windows security measure. Can you try to run [url=http://comwalk.gayluadad.net/garrysmod/gmsv_gatekeeperv3_test2.rar]this[/url] module, giving me a crash dump if one is created and any errors you receive on startup (will be thrown either by Lua error or MessageBox)? It won't fix the problem but it should tell me what, exactly, is causing it.
  • Avatar of Costest
  • is this module only required on the server, or does the client need it too? I think it's server only because it's 'gmsv' but I am wrong alot :/
  • mdmp from your last post. [url]http://www.filefront.com/14242237/Steam__3791__2009_8_10T2_18_43C0.zip[/url]
  • Avatar of ComWalk
  • [url=http://comwalk.gayluadad.net/garrysmod/gmsv_gatekeeperv3_test4.rar]This compile[/url] should fix the DEP crash on all systems with DEP enabled. This fixed the startup crash on both a Vista x64 and a Win7 x64 machine. If anybody previously affected by the crash could report back on this it would be appreciated. [editline]10:21PM[/editline] [QUOTE=Costest;16592111]is this module only required on the server, or does the client need it too? I think it's server only because it's 'gmsv' but I am wrong alot :/[/QUOTE] Only required on the server; clients have no use for the module.
  • Avatar of Mr.NaviPacho
  • Hey, I am getting this error on Windows Server 2008 64-Bit with SP1 and Gatekeeper v3 (I have not tried any other versions.), but as far as I can tell this was working perfectly hosting it at home on my Windows 7 64-Bit. error loading module 'gatekeeper' from file 'c:\srcds\orangebox\garrysmod\lua\includes\modules\gmsv_gatekeeper.dll': system error 14001
  • Avatar of ComWalk
  • [QUOTE=Mr.NaviPacho;16862000]Hey, I am getting this error on Windows Server 2008 64-Bit with SP1 and Gatekeeper v3 (I have not tried any other versions.), but as far as I can tell this was working perfectly hosting it at home on my Windows 7 64-Bit. error loading module 'gatekeeper' from file 'c:\srcds\orangebox\garrysmod\lua\includes\modules\gmsv_gatekeeper.dll': system error 14001[/QUOTE] You need to download and install the 2008 SP1 redistributable. It's available [url=http://www.microsoft.com/downloads/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en]here[/url]. If it crashes, look one post up for the latest test version. If that doesn't fix it, please send me mdmps. Thank you!
  • Avatar of Mr.NaviPacho
  • [QUOTE=ComWalk;16870409]You need to download and install the 2008 SP1 redistributable. It's available [url=http://www.microsoft.com/downloads/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en]here[/url]. If it crashes, look one post up for the latest test version. If that doesn't fix it, please send me mdmps. Thank you![/QUOTE] Thanks, that fixed the issue! Damn, this thing is great! [b]Edit:[/b] The "Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)" fixed it.
  • Avatar of leeetdude
  • Version 3 Test 4 Fixed all Crashs i had with Version 3 when a client connected. Thanks.
  • Avatar of ComWalk
  • Minor update released. The signature used to scan for CBaseServer has been recreated (the old signature broke with the exploit fix released today), I pinpointed a crash bug in CSigScan::FindSignature that caused a crash on anything newer than Vista/Server 2008 when a signature scan fails, and integrated the fix that worked for leeetdude and several others. If anybody has any crash issues please send me mdmps.
  • Avatar of raBBish
  • [QUOTE=leeetdude;17333749]But why can't we kick with this when the client is already on Server?[/QUOTE] From the OP: [lua] -- Server sterilization for k,v in pairs(player.GetAll()) do if v:Name() == "SamuraiMushroom" then gatekeeper.Drop(v:UserID(), "Worthless faggot") end end [/lua]
  • Avatar of AzuiSleet
  • I updated gatekeeper to add gatekeeper.DropAllClients() incase anyone wanted it. I use it to clear a server of all players, including those connecting that player.GetAll doesn't report. [url]http://gmodmodules.googlecode.com/svn/trunk/gmsv_gatekeeper/Release/gmsv_gatekeeper.dll[/url] It's hosted on [url]http://code.google.com/p/gmodmodules/[/url]
  • Avatar of LauIsFun
  • [QUOTE=AzuiSleet;17425412]I updated gatekeeper to add gatekeeper.DropAllClients() incase anyone wanted it. I use it to clear a server of all players, including those connecting that player.GetAll doesn't report. [url]http://gmodmodules.googlecode.com/svn/trunk/gmsv_gatekeeper/Release/gmsv_gatekeeper.dll[/url] It's hosted on [url]http://code.google.com/p/gmodmodules/[/url][/QUOTE] Is it possible to make a public version that kicks by steamid instead of userid. I cannot get a userid of a connecting player in lua.
  • Avatar of ComWalk
  • [QUOTE=LauIsFun;17436186]Is it possible to make a public version that kicks by steamid instead of userid. I cannot get a userid of a connecting player in lua.[/QUOTE] I've been kicking around the idea of exposing parts of the IServer and IClient interface to make kicking select clients during the connection process possible, but it's unlikely that the networkid will be available reliably at that stage (even the steamid provided to the playerpasswordauth hook is not available occasionally). It would make it possible to get a list of all connected clients, whether they are connecting or in game, as well as their name/address/userid. No promises on networkid, but I guess I can take a look. Also, 'public version'?
  • Avatar of LauIsFun
  • [QUOTE=ComWalk;17438136]Also, 'public version'?[/QUOTE] One that is available for anyone. It doesn't have to be steamid. I just cannot kick by userid because the player has to join fully for me to get the userid. Sending UserID as an extra parameter would be great for the password auth hook.
  • Avatar of AzuiSleet
  • [QUOTE=LauIsFun;17450142]One that is available for anyone. It doesn't have to be steamid. I just cannot kick by userid because the player has to join fully for me to get the userid. Sending UserID as an extra parameter would be great for the password auth hook.[/QUOTE] You don't drop them from the PlayerPasswordAuth hook... you return {false, "your witty message here"} You probably want [url]http://wiki.garrysmod.com/?title=Gamemode.PlayerAuthed[/url] when you can catch the real steamid and kick them then.
  • Avatar of LauIsFun
  • [QUOTE=AzuiSleet;17453110]You don't drop them from the PlayerPasswordAuth hook... you return {false, "your witty message here"} You probably want [url]http://wiki.garrysmod.com/?title=Gamemode.PlayerAuthed[/url] when you can catch the real steamid and kick them then.[/QUOTE] allow them to join, then kick them midjoin after the hook. That's what I'm getting at.
  • Avatar of AzuiSleet
  • PlayAuthed is after the password hook, and is the place where you want to be checking your bans. You can gatekeeper.DropClient(pl:UserID(), "message") any time, assuming you know the player isn't going to be referenced the rest of the frame.
  • Avatar of Grocel
  • This is a server site module and must be run server site. init.lua is a server site run cl_init.lua is a client site run
  • Avatar of infinitywrai
  • [QUOTE=Grocel;18713758]This is a server site module and must be run server site. init.lua is a server site run cl_init.lua is a client site run[/QUOTE] serverside clientside... not -site
  • Avatar of slayer3032
  • Would it be possible for the the PlayerPasswordAuth hook to also have userid as an argument? Currently I have to check my database every time a player joins, then if the callback from tmysql returns a steamid that is currently connected the server will ban the ip to drop him from the server. I would much rather just use the gatekeeper.Drop() function than banning their IP so they leave the server, I can't use kickid on their steamid at this point because according to the command their steamid does not exist yet. I do not wish to have banned clients getting any further into the connection progress because then they can run commands on the server and I don't want that, they are banned they shouldn't be able to do anything to the server from an in-game level.
  • Avatar of Lau
  • [QUOTE=slayer3032;18894408]Would it be possible for the the PlayerPasswordAuth hook to also have userid as an argument? Currently I have to check my database every time a player joins, then if the callback from tmysql returns a steamid that is currently connected the server will ban the ip to drop him from the server. I would much rather just use the gatekeeper.Drop() function than banning their IP so they leave the server, I can't use kickid on their steamid at this point because according to the command their steamid does not exist yet. I do not wish to have banned clients getting any further into the connection progress because then they can run commands on the server and I don't want that, they are banned they shouldn't be able to do anything to the server from an in-game level.[/QUOTE] Aye.
  • Avatar of AzuiSleet
  • I've added gatekeeper.GetUserByAddress, I can't find an IClient or userid on the stack, so you have to use the address passed to PlayerPasswordAuth. [url]http://gmodmodules.googlecode.com/svn/trunk/gmsv_gatekeeper/Release/gmsv_gatekeeper.dll[/url] You should be aware that not returning immediately allows an attacker to run commands anyway, so you need to decide in the callback whether or not you want to kick them. The solution would be to pre-load the banlist on map load.