[nexuiz-commits] r8005 - trunk/server

[DONOTREPLY at icculus.org]

Author: div0
Date: 2009-10-02 04:20:54 -0400 (Fri, 02 Oct 2009)
New Revision: 8005

Modified:
   trunk/server/rcon.pl
Log:
rcon.pl: add a mode rcon_secure=2 using the more secure challenge-based mode.
NOTE: this mode will be bad for rcon2irc.


Modified: trunk/server/rcon.pl
===================================================================
--- trunk/server/rcon.pl	2009-10-01 19:58:51 UTC (rev 8004)
+++ trunk/server/rcon.pl	2009-10-02 08:20:54 UTC (rev 8005)
@@ -407,8 +407,16 @@
 sub send($$$)
 {
 	my ($self, $line, $nothrottle) = @_;
-	if($self->{secure})
+	if($self->{secure} > 1)
 	{
+		$self->{connector}->send("\377\377\377\377getchallenge");
+		my $c = $self->recvchallenge();
+		return 0 if not defined $c;
+		my $key = Digest::HMAC::hmac("$c $line", $self->{password}, \&Digest::MD4::md4);
+		return $self->{connector}->send("\377\377\377\377srcon HMAC-MD4 CHALLENGE $key $c $line");
+	}
+	elsif($self->{secure})
+	{
 		my $t = sprintf "%ld.%06d", time(), int rand 1000000;
 		my $key = Digest::HMAC::hmac("$t $line", $self->{password}, \&Digest::MD4::md4);
 		return $self->{connector}->send("\377\377\377\377srcon HMAC-MD4 TIME $key $t $line");
@@ -429,6 +437,38 @@
 	return $data;
 }
 
+sub recvchallenge($)
+{
+	my ($self) = @_;
+
+	my $sel = IO::Select->new($self->fds());
+	my $endtime_max = Time::HiRes::time() + 1;
+	my $endtime = $endtime_max;
+
+	while((my $dt = $endtime - Time::HiRes::time()) > 0)
+	{
+		if($sel->can_read($dt))
+		{
+			for(;;)
+			{
+				my $s = $self->{connector}->recv();
+				die "read error\n"
+					if not defined $s;
+				length $s
+					or last;
+				if($s =~ /^\377\377\377\377challenge (.*)$/s)
+				{
+					return $1;
+				}
+				next
+					if $s !~ /^\377\377\377\377n(.*)$/s;
+				$self->{recvbuf} .= $1;
+			}
+		}
+	}
+	return undef;
+}
+
 sub recv($)
 {
 	my ($self) = @_;