diff options
author | Ethan Jones <ethan@yasfu.net> | 2021-09-23 22:09:52 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-23 22:09:52 +0200 |
commit | 7b0872aeccc2be460e8af5cd4a14b0660a83c1ed (patch) | |
tree | f6164ea4070d6d49f0f3968a970258559d562752 /src/ClientHandle.cpp | |
parent | Ignore dead movement (#5292) (diff) | |
download | cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar.gz cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar.bz2 cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar.lz cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar.xz cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.tar.zst cuberite-7b0872aeccc2be460e8af5cd4a14b0660a83c1ed.zip |
Diffstat (limited to '')
-rw-r--r-- | src/ClientHandle.cpp | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/src/ClientHandle.cpp b/src/ClientHandle.cpp index cf70f870e..bbf018587 100644 --- a/src/ClientHandle.cpp +++ b/src/ClientHandle.cpp @@ -222,6 +222,28 @@ bool cClientHandle::IsUUIDOnline(const cUUID & a_UUID) +void cClientHandle::ProxyInit(const AString & a_IPString, const cUUID & a_UUID) +{ + this->SetIPString(a_IPString); + this->SetUUID(a_UUID); + + this->m_ProxyConnection = true; +} + + + + + +void cClientHandle::ProxyInit(const AString & a_IPString, const cUUID & a_UUID, const Json::Value & a_Properties) +{ + this->SetProperties(a_Properties); + this->ProxyInit(a_IPString, a_UUID); +} + + + + + void cClientHandle::ProcessProtocolOut() { decltype(m_OutgoingData) OutgoingData; @@ -264,6 +286,54 @@ void cClientHandle::Kick(const AString & a_Reason) +bool cClientHandle::BungeeAuthenticate() +{ + if (!m_ProxyConnection && cRoot::Get()->GetServer()->OnlyAllowBungeeCord()) + { + Kick("You can only connect to this server using a Proxy."); + + return false; + } + + cServer * Server = cRoot::Get()->GetServer(); + + // Proxy Shared Secret Check (BungeeGuard) + const AString & ForwardSecret = Server->GetProxySharedSecret(); + const bool AllowBungee = Server->ShouldAllowBungeeCord(); + const bool RequireForwardSecret = AllowBungee && !ForwardSecret.empty(); + + if (RequireForwardSecret) + { + for (auto & Node : GetProperties()) + { + if (Node.get("name", "").asString() == "bungeeguard-token") + { + AString SentToken = Node.get("value", "").asString(); + + if (ForwardSecret.compare(SentToken) == 0) + { + return true; + } + + break; + } + } + + Kick("Unable to authenticate."); + return false; + } + else if (m_ProxyConnection) + { + LOG("A player connected through a proxy without requiring a forwarding secret. If open to the internet, this is very insecure!"); + } + + return true; +} + + + + + void cClientHandle::Authenticate(const AString & a_Name, const cUUID & a_UUID, const Json::Value & a_Properties) { { @@ -281,6 +351,11 @@ void cClientHandle::Authenticate(const AString & a_Name, const cUUID & a_UUID, c ASSERT(m_Player == nullptr); + if (!BungeeAuthenticate()) + { + return; + } + m_Username = a_Name; // Only assign UUID and properties if not already pre-assigned (BungeeCord sends those in the Handshake packet): |