Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check if another player has the same serial #3854

Merged
merged 11 commits into from
Nov 21, 2024

Conversation

Nico8340
Copy link
Contributor

@Nico8340 Nico8340 commented Nov 13, 2024

This pull request adds a check when connecting to ensure that players can't use the same serial, thus preventing abuses related to serial manipulation, such as for example, when they try to spoof a server's moderator's serial as their own, while they're connected to the server.

The change involved the addition of a new parameter called check_duplicate_serials which allows turning off the feature for development and testing servers to connect with virtual machines.

The new code is: CD50
The new description is: Serial already in use

New util function that allows to search for players by serial
New enum called SERIAL_DUPLICATE and logic that checks if there are no other players on the server having the same serial
Copy link
Contributor

@Fernando-A-Rocha Fernando-A-Rocha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea.

@Nico8340 Nico8340 requested a review from TracerDS November 13, 2024 13:20
Server/mods/deathmatch/logic/CGame.cpp Outdated Show resolved Hide resolved
@Xenius97
Copy link
Contributor

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

@Xenius97
Copy link
Contributor

Maybe you could add something like check_double_serials to server settings enabled by default.

@Nico8340
Copy link
Contributor Author

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot about that, thanks for reminding.
If anyone has any ideas, feel free to share them.

@Nico8340
Copy link
Contributor Author

Nico8340 commented Nov 13, 2024

Maybe you could add something like check_double_serials to server settings enabled by default.

Good idea, I look forward to other people's opinions as well

@Fernando-A-Rocha
Copy link
Contributor

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot you can use VMs to run multiple MTA clients. You need 1 VM (os) per client right?

@Nico8340
Copy link
Contributor Author

This solution is not perfect because if you run multiple MTA clients on one machine (VM), you get the same serial, making localhost testing impossible.

I forgot you can use VMs to run multiple MTA clients. You need 1 VM (os) per client right?

That's right

@Fernando-A-Rocha
Copy link
Contributor

Maybe you could add something like check_double_serials to server settings enabled by default.

Maybe we can have a setting like allow_unverified_clients that is a more generic name

Make a new parameter called check_duplicate_serials which is enabled by default
@G-Moris
Copy link
Contributor

G-Moris commented Nov 13, 2024

Would this be optimized if 'std::unordered_map' and 'find' were used instead of a loop?

@Nico8340
Copy link
Contributor Author

Would this be optimized if 'std::unordered_map' and 'find' were used instead of a loop?

In fact, in this use case there are no significant differences in terms of average server sizes, but for a larger search operation it is really better to use unordered_map and its method. If someone wants to refactor it, they have to modify the entire class, and this pull request is not intended for that.

@TheNormalnij TheNormalnij added the enhancement New feature or request label Nov 17, 2024
@TheNormalnij TheNormalnij added this to the 1.6.1 milestone Nov 17, 2024
@lopezloo
Copy link
Member

when they try to spoof a server's moderator's serial as their own

How would they know server's moderator serial?

@Nico8340
Copy link
Contributor Author

How would they know server's moderator serial?

From servers with a loophole or a data leak

Copy link
Contributor

@Fernando-A-Rocha Fernando-A-Rocha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than that, good job!

Server/mods/deathmatch/logic/CPlayerManager.cpp Outdated Show resolved Hide resolved
Co-authored-by: Fernando Rocha <[email protected]>
@Dutchman101 Dutchman101 merged commit e094942 into multitheftauto:master Nov 21, 2024
6 checks passed
@Nico8340 Nico8340 deleted the serial branch November 22, 2024 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants