quantomsadmn
Wanderer
authid
In packethandlers.cs there is this code in the GameLogin function:
The first if statement checks if the authID sent by the client matches with one previously sent to the client during the first login step, correct?
Now what I'm trying to do is a server redirect, so that people can see a list of shards that are hosted on multiple IP/ports, so when they do this, then that ID is invalid when they hit that packet handler, as the ID was generated at the login server, not on the destination server. My system works fine if I comment out the first if statement. But I don't feel right just doing that and calling it a day.
Does this ID thing do anything in particular, regarding security? I really can't see why, given there still needs to be a password authentication done on the destination server, but thought I would check. It obviously exists for a reason.
If I need to keep it, I have an idea how I'll work around the issue. I'll probably code a logon server thats is a separate program you run, and it will send a special packet to all servers in the list so that they have the IDs in the array. Or something along those lines. Probably how OSI does it as their shards are certainly on separate servers.
In packethandlers.cs there is this code in the GameLogin function:
Code:
int authID = pvSrc.ReadInt32();
if ( !IsValidAuthID( authID ) )
{
Console.WriteLine( "Login: {0}: Invalid client detected, disconnecting [PacketHandlers GameLogin() 1]", state );
state.Dispose();
return;
}
else if ( state.m_AuthID != 0 && authID != state.m_AuthID )
{
Console.WriteLine( "Login: {0}: Invalid client detected, disconnecting [PacketHandlers GameLogin() 2]", state );
state.Dispose();
return;
}
else if ( state.m_AuthID == 0 && authID != state.m_Seed )
{
Console.WriteLine( "Login: {0}: Invalid client detected, disconnecting [PacketHandlers GameLogin() 3]", state );
state.Dispose();
return;
}Now what I'm trying to do is a server redirect, so that people can see a list of shards that are hosted on multiple IP/ports, so when they do this, then that ID is invalid when they hit that packet handler, as the ID was generated at the login server, not on the destination server. My system works fine if I comment out the first if statement. But I don't feel right just doing that and calling it a day.
Does this ID thing do anything in particular, regarding security? I really can't see why, given there still needs to be a password authentication done on the destination server, but thought I would check. It obviously exists for a reason.
If I need to keep it, I have an idea how I'll work around the issue. I'll probably code a logon server thats is a separate program you run, and it will send a special packet to all servers in the list so that they have the IDs in the array. Or something along those lines. Probably how OSI does it as their shards are certainly on separate servers.
