feat: dedicated server security hardening
Comprehensive security system to protect against packet-sniffing attacks, XUID harvesting, privilege escalation, bot flooding, and XUID impersonation. - Stream cipher: per-session XOR cipher with 4-message handshake via CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection, backwards compatible (old clients/servers fall back to plaintext). - Security gate: buffers all game data until cipher handshake completes, preventing unsecured clients from receiving any XUIDs or game state. - Cipher handshake enforcer: kicks clients that don't complete the handshake within 5 seconds (configurable via require-secure-client). - Identity tokens: persistent per-XUID tokens in identity-tokens.json, issued over the encrypted channel, verified on reconnect. Prevents XUID replay attacks. Client stores server-specific tokens. - PROXY protocol v1: parses real client IPs from playit.gg tunnel headers so rate limiting, IP bans, and XUID spoof detection work per-player. - Rate limiting: per-IP sliding window (default 5 connections/30s) with pending connection cap (default 10). - Privilege hardening: OP requires ops.json, live checks on every command and privilege packet. Host-only server settings changes. - XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders. - Packet validation: readUtf global string cap, reduced max packet size, stream desync protection on oversized strings. - OpManager: persistent ops.json with XUID-based OP list. - Whitelist improvements: whitelist add accepts player names with ambiguity detection, XUID cache from login attempts. - revoketoken command: revoke identity tokens for players who lost theirs. - server.log: persistent log file written alongside console output with flush-per-write to survive crashes. - CLI security logging: consolidated per-join security summary with cipher status, token status, XUID, and real IP. Security warnings for kicks, spoofing, and unauthorized commands.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
#pragma once
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "..\Minecraft.World\DisconnectPacket.h"
|
||||
@@ -17,7 +18,10 @@ namespace ServerRuntime
|
||||
{
|
||||
eTcpRejectReason_BannedIp = 0,
|
||||
eTcpRejectReason_GameNotReady,
|
||||
eTcpRejectReason_ServerFull
|
||||
eTcpRejectReason_ServerFull,
|
||||
eTcpRejectReason_RateLimited,
|
||||
eTcpRejectReason_TooManyPending,
|
||||
eTcpRejectReason_InvalidProxyHeader
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -89,10 +93,26 @@ namespace ServerRuntime
|
||||
void OnAcceptedTcpConnection(unsigned char smallId, const char *ip);
|
||||
|
||||
/**
|
||||
* Associates a player name with the connection and emits the accepted login log
|
||||
* 接続にプレイヤー名を関連付けてログイン成功を記録
|
||||
* Associates a player name and identity with the connection and emits the accepted login log
|
||||
*/
|
||||
void OnAcceptedPlayerLogin(unsigned char smallId, const std::wstring &playerName);
|
||||
void OnAcceptedPlayerLogin(unsigned char smallId, const std::wstring &playerName,
|
||||
PlayerUID offlineXuid = INVALID_XUID, PlayerUID onlineXuid = INVALID_XUID, bool isGuest = false);
|
||||
|
||||
// Security milestone recording -- accumulates per-connection state for the
|
||||
// consolidated "player secured" summary line
|
||||
void OnCipherHandshakeCompleted(unsigned char smallId);
|
||||
void OnCipherCompletedNoTokenRequired(unsigned char smallId);
|
||||
void OnIdentityTokenIssued(unsigned char smallId);
|
||||
void OnIdentityTokenVerified(unsigned char smallId);
|
||||
void OnIdentityTokenTimeout(unsigned char smallId, const std::wstring &playerName);
|
||||
|
||||
// Security warnings -- emit immediately to CLI
|
||||
void OnIdentityTokenMismatch(unsigned char smallId, const std::wstring &playerName);
|
||||
void OnIdentityTokenTimeout(unsigned char smallId, const std::wstring &playerName);
|
||||
void OnUnsecuredClientKicked(unsigned char smallId);
|
||||
void OnXuidSpoofDetected(unsigned char smallId, const std::wstring &claimedName,
|
||||
const char *newIp, const char *existingIp);
|
||||
void OnUnauthorizedCommand(unsigned char smallId, const std::wstring &playerName, const char *action);
|
||||
|
||||
/**
|
||||
* Emits a named login rejection log and clears cached metadata for that smallId
|
||||
@@ -123,5 +143,21 @@ namespace ServerRuntime
|
||||
* 指定smallIdに紐づく接続キャッシュを消去
|
||||
*/
|
||||
void ClearConnection(unsigned char smallId);
|
||||
|
||||
/**
|
||||
* Cache a player name -> XUID mapping from a login attempt (accepted or rejected).
|
||||
* Used by `whitelist add <name>` to resolve names to XUIDs.
|
||||
*/
|
||||
void CachePlayerXuid(const std::wstring &playerName, PlayerUID xuid);
|
||||
|
||||
/**
|
||||
* Get all cached XUIDs for a player name (case-insensitive).
|
||||
* Returns the number of distinct XUIDs seen. If > 1, the name is ambiguous
|
||||
* and the operator should use an explicit XUID.
|
||||
*
|
||||
* Note: cached names are attacker-controlled (from LoginPacket). This cache
|
||||
* is an operator convenience tool, not a security mechanism.
|
||||
*/
|
||||
int GetCachedXuids(const std::string &playerName, std::vector<PlayerUID> *outXuids);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user