diff options
| author | est31 <MTest31@outlook.com> | 2016-08-22 04:27:44 +0200 |
|---|---|---|
| committer | est31 <MTest31@outlook.com> | 2016-08-22 20:23:28 +0200 |
| commit | d767f025cb0d5cca29c1f2147d2a0931a088b717 (patch) | |
| tree | eddc886ed5e6f09e43fa6c4224e4e14d5a840608 /builtin | |
| parent | 0b0075e6ad0b3110cabdfc92cedb0a24d2b5ec42 (diff) | |
| download | minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.tar.gz minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.tar.bz2 minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.zip | |
Client: disable pre v25 init sending by default
Disable the ability to connect to old servers by default to
improve password security.
If people still want to connect to old (0.4.12 and earlier)
servers, they can flip the send_pre_v25_init setting.
Add the ability to detect if we've tried to connect
to a server which only supports the pre v25 init protocol,
and show an apropriate error message. Most times the error
will already be catched at the serverlist level, the
detection mechanism only acts as last resort, because the
"Connection timed out" error message that would be shown
otherwise would be very confusing.
Automatic "fixing" of this condition is not desired,
as it would allow for downgrade attacks.
As already 161 of the 167 servers on the serverlist
support the new srp based auth protocol (> 96%),
the breakage should be minimal.
Follow up of commit
af30183124d40a969040d7de4b3a487feec466e4 "Add option to not send pre v25 init packet"
Also change the pessimistic assumption of masterlist
server versions to optimistic, in order to avoid buggy
behaviour (favourites not in the serverlist would be
denied to connect to, etc).
Diffstat (limited to 'builtin')
| -rw-r--r-- | builtin/mainmenu/common.lua | 10 | ||||
| -rw-r--r-- | builtin/settingtypes.txt | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/builtin/mainmenu/common.lua b/builtin/mainmenu/common.lua index 1fd89ff77..da3667828 100644 --- a/builtin/mainmenu/common.lua +++ b/builtin/mainmenu/common.lua @@ -248,14 +248,18 @@ end -------------------------------------------------------------------------------- function is_server_protocol_compat(server_proto_min, server_proto_max) - return min_supp_proto <= (server_proto_max or 24) and max_supp_proto >= (server_proto_min or 13) + if (not server_proto_min) or (not server_proto_max) then + -- There is no info. Assume the best and act as if we would be compatible. + return true + end + return min_supp_proto <= server_proto_max and max_supp_proto >= server_proto_min end -------------------------------------------------------------------------------- function is_server_protocol_compat_or_error(server_proto_min, server_proto_max) if not is_server_protocol_compat(server_proto_min, server_proto_max) then local server_prot_ver_info, client_prot_ver_info - local s_p_min = server_proto_min or 13 - local s_p_max = server_proto_max or 24 + local s_p_min = server_proto_min + local s_p_max = server_proto_max if s_p_min ~= s_p_max then server_prot_ver_info = fgettext_ne("Server supports protocol versions between $1 and $2. ", diff --git a/builtin/settingtypes.txt b/builtin/settingtypes.txt index 864485cce..4d354a7ef 100644 --- a/builtin/settingtypes.txt +++ b/builtin/settingtypes.txt @@ -247,7 +247,7 @@ remote_port (Remote port) int 30000 1 65535 # Enable if you want to connect to 0.4.12 servers and before. # Servers starting with 0.4.13 will work, 0.4.12-dev servers may work. # Disabling this option will protect your password better. -send_pre_v25_init (Support older servers) bool true +send_pre_v25_init (Support older servers) bool false # Save the map received by the client on disk. enable_local_map_saving (Saving map received from server) bool false |