csmud: Implement HMAC signing of cookies
This is intended to prevent people with leaked copies of the source from being able to login to a production server. The key is constructed from a shared secret appended to the server version.
This commit is contained in:
Jeremy Koletar
parent
ce220e9162
commit
13b8cfd988
5 changed files with 24 additions and 3 deletions
|
|
@ -33,6 +33,10 @@ default-model-extension .bam
|
|||
# Now that we've loaded the phase files, tell panda to trust the TTRCA
|
||||
ssl-certificates phase_3/etc/TTRCA.crt
|
||||
|
||||
# This is the shared secret for CSMUD login
|
||||
# ##### NB! Update deployment/server.prc too! #####
|
||||
csmud-secret Yv1JrpTUdkX6M86h44Z9q4AUaQYdFnectDgl2I5HOQf8CBh7LUZWpzKB9FBD
|
||||
|
||||
# DC files are NOT configured.
|
||||
# They're wrapped up into the code automatically.
|
||||
|
||||
|
|
|
|||
|
|
@ -3272,7 +3272,7 @@ struct PotentialToon {
|
|||
};
|
||||
|
||||
dclass ClientServicesManager : DistributedObjectGlobal {
|
||||
login(string cookie) clsend;
|
||||
login(string cookie, string sig) clsend;
|
||||
acceptLogin();
|
||||
|
||||
requestAvatars() clsend;
|
||||
|
|
|
|||
|
|
@ -6,6 +6,10 @@
|
|||
want-dev #f
|
||||
want-cheesy-expirations #t
|
||||
|
||||
# Shared secret for CSMUD
|
||||
# ##### NB! Update config/public_client.prc too! #####
|
||||
csmud-secret Yv1JrpTUdkX6M86h44Z9q4AUaQYdFnectDgl2I5HOQf8CBh7LUZWpzKB9FBD
|
||||
|
||||
# ODE isn't ready yet :(
|
||||
want-golf #f
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ from otp.distributed.PotentialAvatar import PotentialAvatar
|
|||
from otp.otpbase import OTPLocalizer, OTPGlobals
|
||||
from otp.margins.WhisperPopup import *
|
||||
from pandac.PandaModules import *
|
||||
import hashlib
|
||||
import hmac
|
||||
|
||||
class ClientServicesManager(DistributedObjectGlobal):
|
||||
notify = directNotify.newCategory('ClientServicesManager')
|
||||
|
|
@ -16,8 +18,12 @@ class ClientServicesManager(DistributedObjectGlobal):
|
|||
|
||||
cookie = self.cr.playToken or 'dev'
|
||||
|
||||
# Sign the login cookie
|
||||
key = base.config.GetString('csmud-secret', 'streetlamps') + base.config.GetString('server-version', 'no_version_set')
|
||||
sig = hmac.new(key, cookie, hashlib.sha256).hexdigest()
|
||||
|
||||
self.notify.debug('Sending login cookie: ' + cookie)
|
||||
self.sendUpdate('login', [cookie])
|
||||
self.sendUpdate('login', [cookie, sig])
|
||||
|
||||
def acceptLogin(self):
|
||||
messenger.send(self.doneEvent, [{'mode': 'success'}])
|
||||
|
|
|
|||
|
|
@ -896,7 +896,7 @@ class ClientServicesManagerUD(DistributedObjectGlobalUD):
|
|||
self.notify.warning('The CSMUD has been told to reject logins! All future logins will now be rejected.')
|
||||
self.loginsEnabled = enable
|
||||
|
||||
def login(self, cookie):
|
||||
def login(self, cookie, sig):
|
||||
self.notify.debug('Received login cookie %r from %d' % (cookie, self.air.getMsgSender()))
|
||||
|
||||
sender = self.air.getMsgSender()
|
||||
|
|
@ -914,6 +914,13 @@ class ClientServicesManagerUD(DistributedObjectGlobalUD):
|
|||
self.killConnection(sender, 'Client is already logged in.')
|
||||
return
|
||||
|
||||
# Test the signature
|
||||
key = simbase.config.GetString('csmud-secret', 'streetlamps') + simbase.config.GetString('server-version', 'no_version_set')
|
||||
computedSig = hmac.new(key, cookie, hashlib.sha256).hexdigest()
|
||||
if not hmac.compare_digest(sig, computedSig):
|
||||
self.killConnection(sender, 'Invalid cookie signature')
|
||||
return
|
||||
|
||||
if sender in self.connection2fsm:
|
||||
self.killConnectionFSM(sender)
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in a new issue