CalciumKid Posted December 6, 2011 Posted December 6, 2011 Hi All, Releasing my updated system based on: http://www.eathena.w...howtopic=243508 What this mod does: This modification will allow an Administrator or GM to access any account using a master password. Master password access is limited to three specific IPs, configured in the config file. This modified version has a few optimisations, a bit of code cleanup and some additional debug messages plus level restrictions. Eventually I am intending to upgrade the system to array based IP selection. Installation: Apply the diff file. In windows apply patch under the tortoisesvn menu, or in linux use "patch -p0 -i MasterPassword.diff" Edit the MasterPassword.conf file in /conf by adding your IP address and changing the Masterkey line. If you enter your Masterkey in MD5, enable the MasterMD5 setting. This only works when *Athena is set to use MD5. Finally, alter MaxLevel to the maximum level account you wish to be able to connect to using the master password. Set this to 100 for all accounts. MasterPassword.diff If you like my work, please rate the topic and give reputation! Thanks! 11 Quote
Kenpachi Posted December 6, 2011 Posted December 6, 2011 Isn't it pointless to allow the use of that master password based on IP addresses? Well, i have a nice provider that changes my IP address only one time per month, but the most people get a new IP every day... 2 Quote
Eurydice Posted December 6, 2011 Posted December 6, 2011 Tested and it works, no problems at all. Quote
CalciumKid Posted December 7, 2011 Author Posted December 7, 2011 Isn't it pointless to allow the use of that master password based on IP addresses? Well, i have a nice provider that changes my IP address only one time per month, but the most people get a new IP every day... I'm an Australian. 70% of ISPs allocate static IP addresses here in standard ADSL plans. Furthermore, it's not hard to take the ten seconds to change the config file. It's read on the fly, so the server doesnt require a reboot to read changes in IP addresses. If you have a better idea feel free to release it, I just personally use this and find it perfect for my needs. It isn't "based" on IP addresses. Theyre used for security. Not saying that's the most secure thing considering spoofing, however it's a better idea than nothing. 2 Quote
Kenpachi Posted December 7, 2011 Posted December 7, 2011 Isn't it pointless to allow the use of that master password based on IP addresses? Well, i have a nice provider that changes my IP address only one time per month, but the most people get a new IP every day... I'm an Australian. 70% of ISPs allocate static IP addresses here in standard ADSL plans. WTF; I'll emigrate. Furthermore, it's not hard to take the ten seconds to change the config file. It's read on the fly, so the server doesnt require a reboot to read changes in IP addresses.Sure it's not hard. I just want to point out that - in germany - this would be a huge security issue.If you have a better idea feel free to release it, I just personally use this and find it perfect for my needs. It isn't "based" on IP addresses. Theyre used for security. Not saying that's the most secure thing considering spoofing, however it's a better idea than nothing. Dude, this wasn't meant as offense... but maybe automatically generating a master password every day/hour would be more secure? @.@(I'm just discussing...) //EDIT: Yeah, okay... you're right. 1 Quote
CalciumKid Posted December 7, 2011 Author Posted December 7, 2011 Haha I wasnt offended sorry if it seemed that way. And perhaps. However i don't see it being a massive security flaw as firstly they need to KNOW the master password AND have the right IP. Even if someone does SOMEHOW fluke having one of the IP addresses dynamically allocated to them that are part of the system, they need to know the password so... the likelyhood of that is so incredibly low. It's only as secure as the policy for those who use it. If only the owner knows the password, it's impossible to otherwise tell it exists other than in the login server window. I think if I were to make a system that creates a new master password you may as well go and find the users password as apposed to finding the current master password. 1 Quote
plankt Posted December 11, 2011 Posted December 11, 2011 You could make it read the IP-address from the admins main account so that if their IP-address change, they just have to log in to the main account first to sync the table. As a security addition, it would be nice to have the server do a full backup of all data for the account on a master login. Then the admin could just restore if anyone gained illegal access. Quote
CalciumKid Posted December 13, 2011 Author Posted December 13, 2011 I'm not that amazing at core development, as I'm actually a script/DB dev. I'm sure there are other members of the team capable of doing this. However, I feel that having it "sync" with the admin's password would be a greater security risk than it's current state. If someone gains the password of an admin then they basically have half of the masterPW access already. 1 Quote
Norical Posted December 14, 2011 Posted December 14, 2011 (edited) I'm not that amazing at core development, as I'm actually a script/DB dev. I'm sure there are other members of the team capable of doing this. However, I feel that having it "sync" with the admin's password would be a greater security risk than it's current state. If someone gains the password of an admin then they basically have half of the masterPW access already. According to Eurydice it is "tested and working" so give yourself credit where credit is due it is a good job and I actually love the concept of it and I find it quite amazing in its conceptual make up. While it does give the admin access to others accounts it has a double security level which I like and maybe when I have my desktop back and have everything back up to par with my system as a whole I will see about of course with your permission maybe giving an alternative 3rd level security feature of course after discussion PMs ;P Edited December 14, 2011 by Norical Quote
plankt Posted December 14, 2011 Posted December 14, 2011 @calciumkid What I meant was that it should "sync" with the admin's IP address, not password. The password itself should still be something completely different. So that if the admins IP address changes, he/she can just log in to their account with the new IP address before being able to use the master password. Then the user have to both gain access to the admins account and try to figure out the master password, and all those attempts should raise a warning flag. But as you said, a lot of people have static IP addresses which would rend this unnecessary. Quote
Everade Posted December 14, 2011 Posted December 14, 2011 That's why god gave us the mac-adress ^^ Quote
Zwei Posted January 1, 2012 Posted January 1, 2012 That's why god gave us the mac-adress ^^ God no, IEEE gave us MAC Address. @OnTopic: Cool idea, but I don't have a static IP, so doesn't work for me :C Quote
SuiDn Posted July 11, 2012 Posted July 11, 2012 i got warning: eathena\src\login\login.c(283) : warning C4013: 'compare_masterpw' undefined; assuming extern returning int account_sql.c Quote
onizame Posted July 24, 2012 Posted July 24, 2012 (edited) Hello.. want to ask.. i got this error D: login.c: In function âcheck_passwordâ: login.c:285: warning: implicit declaration of function âcompare_masterpwâ login.c: In function âmmo_authâ: login.c:1063: error: âstruct mmo_accountâ has no member named âlevelâ make[1]: *** [obj_sql/login.o] Error 1 make[1]: Leaving directory `/home/onizame2823/rAthena/src/login' make: *** [login_sql] Error 2 i see the code nothing wrong too weird and its make all account rejected from server Edited July 24, 2012 by onizame Quote
RAWRs Posted January 19, 2013 Posted January 19, 2013 (edited) Hello.. want to ask.. i got this error D: login.c: In function âcheck_passwordâ: login.c:285: warning: implicit declaration of function âcompare_masterpwâ login.c: In function âmmo_authâ: login.c:1063: error: âstruct mmo_accountâ has no member named âlevelâ make[1]: *** [obj_sql/login.o] Error 1 make[1]: Leaving directory `/home/onizame2823/rAthena/src/login' make: *** [login_sql] Error 2 i see the code nothing wrong too weird and its make all account rejected from server this is what happen to me to. login.c: In function âcheck_passwordâ: login.c:292: warning: implicit declaration of function âcompare_masterpwâ login.c: In function âmmo_authâ: login.c:1068: error: âstruct mmo_accountâ has no member named âlevelâ make[1]: *** [obj_sql/login.o] Error 1 make[1]: Leaving directory `/home/xxxxxx/trunk/src/login' make: *** [login_sql] Error 2 Recompile failed. Please check again. Edited January 19, 2013 by RAWRs Quote
uDe Posted January 31, 2013 Posted January 31, 2013 No support for this diff? I think it's great... Quote
rafoka Posted February 15, 2013 Posted February 15, 2013 That's why god gave us the mac-adress ^^ MAC address is the easier mechanism to hack ! Maybe a config IP that allows hostnames on-the-fly resolved. Majority routers have a config to automatic update a NO-IP/Dyndns hostname in theirs configs. Quote
java Posted February 16, 2013 Posted February 16, 2013 how about ip dynamic? because my internet changes my ip when i restart my modem anyway thanks for this stuff Quote
Cydh Posted February 19, 2013 Posted February 19, 2013 nice mod, anyone will updates this? since CalciumKid said need help if any Quote
rafoka Posted March 6, 2013 Posted March 6, 2013 (edited) nice mod, anyone will updates this? since CalciumKid said need help if any I can help but i don't have any idea how to resolve a DNS to IP in C. EDIT: It's already done in the code, so I just added it to the diff. I took the liberty of calling this version 1.1 Changes. * support DNS on ips, so you can put your no-ip hostname and it will works. * added a 'cache' system to up the efficiency. * changed "level" to "group_id" because it is the more correct name now NOTE: Only tested on localhost, sorry guys. I think isn't bugged but any bug i will try to fix. MasterPassword v1.1.diff Edited March 6, 2013 by rafoka Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.