From 1cf7c1ec251d6899707b0eced3bc75da2e212557 Mon Sep 17 00:00:00 2001 From: Haru Date: Sat, 8 Feb 2014 02:19:41 +0100 Subject: Improvements on the script commands sscanf, axtoi. Added strtol. - Added script command strtol (conforming to the ISO C90 function) - Modified script command axtoi to internally use strtol instead of an unnecessary own implementation. - Fixed sscanf behavior to conform to the C specifications in case the input string is empty. It now correctly returns -1, or 0 if the format string is also empty. Fixes bugreport:8009, thanks to AnnieRuru - http://hercules.ws/board/tracker/issue-8009-sscanf-should-return-1-if-the-string-field-is-an-empty-string/ Signed-off-by: Haru --- doc/script_commands.txt | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/script_commands.txt b/doc/script_commands.txt index c0b848663..aa8698418 100644 --- a/doc/script_commands.txt +++ b/doc/script_commands.txt @@ -7359,20 +7359,31 @@ setitemscript 2637,""; --------------------------------------- -*atoi ("") -*axtoi ("") +*atoi("") +*axtoi("") +*strtol("string", base) These commands are used to convert strings to numbers. 'atoi' will interpret given string as a decimal number (base 10), while 'axtoi' -interprets strings as hexadecimal numbers (base 16). +interprets strings as hexadecimal numbers (base 16). 'strtol' lets +the user specify a base (valid range is between 2 and 36 inclusive, +or the special value0, which means auto-detection). -Hexadecimal number set: {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F} +The atoi and strtol functions conform to the C functions with the same +names, and axtoi is the same as strtol, with a base of 16. Results are +clamped to signed 32 bit int range (INT_MIN ~ INT_MAX) Example: -set @var, atoi("11"); // Sets @var to 11 -set @var, axtoi("FF"); // Sets @var to 255 -mes axtoi("11"); // Displays 17 (1 = 1, 10 = 16) +.@var = atoi("11"); // Sets .@var to 11 +.@var = axtoi("FF"); // Sets .@var to 255 +mes axtoi("11"); // Displays 17 (1 = 1, 10 = 16) +.@var = strtol("11", 10); // Sets .@var to 11 (11 base 10) +.@var = strtol("11", 16); // Sets .@var to 17 (11 base 16) +.@var = strtol("11", 0); // Sets .@var to 11 (11 base 10, auto-detected) +.@var = strtol("0x11", 0); // Sets .@var to 17 (11 base 16, auto-detected because of the "0x" prefix) +.@var = strtol("011", 0); // Sets .@var to 9 (11 base 8, auto-detected because of the "0" prefix) +.@var = strtol("11", 2); // Sets .@var to 3 (binary 11) --------------------------------------- -- cgit v1.2.3-70-g09d2 From e4a1ca28de80e221198854b745be71d256e1f7b1 Mon Sep 17 00:00:00 2001 From: Haru Date: Sat, 8 Feb 2014 04:05:03 +0100 Subject: Improved client_hash_check - Added option to disable hash check by GM group_id (specify 'disabled' as hash for a certain group_id to let them log in with any client, even if client_hash_check is enabled - Updated and reworded related documentation for the feature, following user feedback about certain parts being incomplete or confusing. --- conf/login-server.conf | 15 +++++++++++---- doc/md5_hashcheck.txt | 46 +++++++++++++++++++++++++++++++++------------- src/login/login.c | 40 +++++++++++++++++++++++----------------- 3 files changed, 67 insertions(+), 34 deletions(-) (limited to 'doc') diff --git a/conf/login-server.conf b/conf/login-server.conf index 5a5a3e049..06e0eb18b 100644 --- a/conf/login-server.conf +++ b/conf/login-server.conf @@ -136,14 +136,21 @@ dnsbl_servers: bl.blocklist.de, socks.dnsbl.sorbs.net // Client MD5 hash check // If turned on, the login server will check if the client's hash matches // the value below, and will not connect tampered clients. -// Note: see doc\md5_hashcheck.txt for more details. +// Note: see doc/md5_hashcheck.txt for more details. client_hash_check: off // Client MD5 hashes -// A player can login with a client hash at or below the account group_id. +// The client with the specified hash can be used to log in by players with +// a group_id equal to or greater than the given value. +// If you specify 'disabled' as hash, players with a group_id greater than or +// equal to the given value will be able to log in regardless of hash (and even +// if their client does not send a hash at all.) // Format: group_id, hash -client_hash: 0, 113e195e6c051bb1cfb12a644bb084c5 -client_hash: 99, cb1ea78023d337c38e8ba5124e2338ae +// Note: see doc/md5_hashcheck.txt for more details. +//client_hash: 0, 113e195e6c051bb1cfb12a644bb084c5 +//client_hash: 10, cb1ea78023d337c38e8ba5124e2338ae +//client_hash: 99, disabled + import: conf/inter-server.conf import: conf/import/login_conf.txt diff --git a/doc/md5_hashcheck.txt b/doc/md5_hashcheck.txt index 779785638..d9064b1ab 100644 --- a/doc/md5_hashcheck.txt +++ b/doc/md5_hashcheck.txt @@ -3,7 +3,7 @@ //===== By: ================================================== //= Hercules Dev Team //===== Current Version: ===================================== -//= 20120921 +//= 20140208 //===== Description: ========================================= //= This file outlines the login server's MD5 hash check. //============================================================ @@ -13,26 +13,46 @@ This will ensure that a user has not tampered with the client and that the client is the one specific to your server. The client can only send the correct MD5 hash to the server on certain -server types, so a client diff is required to ensure the hash is sent. -A link containing the required WeeDiffGen plugin can be found at: -http://rathena.org/board/topic/70841-r16771-client-md5-hash-check/ +server types, so a client diff may be required to ensure the hash is +sent. +Please refer to your client diff tool manual for the appropriate patch +(i.e. in NEMO it's called "Force Send Client Hash Packet", in other +tools or diffs it may have similar names.) -The settings for the hash check are located in conf\login.conf: +The serverside settings for the hash check are located in +conf/login.conf: // Client MD5 hash check // If turned on, the login server will check if the client's hash matches // the value below, and will not connect tampered clients. -// Note: see doc\md5_hashcheck.txt for more details. +// Note: see doc/md5_hashcheck.txt for more details. client_hash_check: off // Client MD5 hashes -// A player can login with a client hash at or below the account group_id. +// The client with the specified hash can be used to log in by players with +// a group_id equal to or greater than the given value. +// If you specify 'disabled' as hash, players with a group_id greater than or +// equal to the given value will be able to log in regardless of hash (and even +// if their client does not send a hash at all.) // Format: group_id, hash +// Note: see doc/md5_hashcheck.txt for more details. client_hash: 0, 113e195e6c051bb1cfb12a644bb084c5 -client_hash: 99, cb1ea78023d337c38e8ba5124e2338ae +client_hash: 10, cb1ea78023d337c38e8ba5124e2338ae +client_hash: 99, disabled -To enable MD5 hash checks, set 'client_hash_check' to 'on'. -The 'client_hash' group_id can be any of the groups in conf\groups.conf, -and is particularly useful if you wanted to allow GMs a different client -than normal players; for example, a GM client could be hexed differently -with dual-clienting enabled and chat flood disabled. +To enable MD5 hash checks, set 'client_hash_check' to 'on' and add one +'client_hash' entry for each client you want to use. +The group_id can be any of the groups in conf/groups.conf, and it is +useful in case if you want to allow GMs to use a different client +than normal players; for example, a GM client could be hexed +differently, perhaps with dual-clienting enabled and chat flood +disabled. +You will need to replace the example MD5 hashes with the actual hash of +your client. +You can use any MD5 hash tools to generate it, e.g.: +- md5sum (command line) on linux +- WinMD5 on Windows +- md5 (command line) on Mac OS X +- If you hexed your client with NEMO (version 2.0 and above), you + can find the MD5 hash of the generated client automatically saved to + client_filename.exe.secure.txt diff --git a/src/login/login.c b/src/login/login.c index e9d0eac9d..249d008ec 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -977,27 +977,29 @@ int mmo_auth(struct login_session_data* sd, bool isServer) { } if( login_config.client_hash_check && !isServer ) { - struct client_hash_node *node = login_config.client_hash_nodes; + struct client_hash_node *node = NULL; bool match = false; - if( !sd->has_client_hash ) { - ShowNotice("Client doesn't sent client hash (account: %s, pass: %s, ip: %s)\n", sd->userid, sd->passwd, acc.state, ip); - return 5; - } - - while( node ) { - if( node->group_id <= acc.group_id && memcmp(node->hash, sd->client_hash, 16) == 0 ) { + for( node = login_config.client_hash_nodes; node; node = node->next ) { + if( acc.group_id < node->group_id ) + continue; + if( *node->hash == '\0' // Allowed to login without hash + || (sd->has_client_hash && memcmp(node->hash, sd->client_hash, 16) == 0 ) // Correct hash + ) { match = true; break; } - - node = node->next; } if( !match ) { char smd5[33]; int i; + if( !sd->has_client_hash ) { + ShowNotice("Client didn't send client hash (account: %s, pass: %s, ip: %s)\n", sd->userid, sd->passwd, acc.state, ip); + return 5; + } + for( i = 0; i < 16; i++ ) sprintf(&smd5[i * 2], "%02x", sd->client_hash[i]); @@ -1607,15 +1609,19 @@ int login_config_read(const char* cfgName) int i; CREATE(nnode, struct client_hash_node, 1); - for (i = 0; i < 32; i += 2) { - char buf[3]; - unsigned int byte; + if (strcmpi(md5, "disabled") == 0) { + nnode->hash[0] = '\0'; + } else { + for (i = 0; i < 32; i += 2) { + char buf[3]; + unsigned int byte; - memcpy(buf, &md5[i], 2); - buf[2] = 0; + memcpy(buf, &md5[i], 2); + buf[2] = 0; - sscanf(buf, "%x", &byte); - nnode->hash[i / 2] = (uint8)(byte & 0xFF); + sscanf(buf, "%x", &byte); + nnode->hash[i / 2] = (uint8)(byte & 0xFF); + } } nnode->group_id = group; -- cgit v1.2.3-70-g09d2