- always locked
- no time limit
- lets clients try auth key is working (speaks to auth.sauerworld.org:28787 like any other game server would)
- lets SW admins prepare accounts (/servcmd makeacc pix)
- lets gauth holders without an admin present using their gauth name
- lets players register in three easy steps (SVN client supports all of this today):
- /addauthkey pix (genauthkey (rndstr 32)) sauerworld
- /saveauthkeys
- /servcmd register pix (getpubkey "sauerworld")
- lets SW admins add clans, users, and users to clans
- lets clan members add users to their clan (both have to be on the server and confirm the action)
- logs EVERYTHING except privkeys and pubkeys for transparency (publicly available)
- uses general auth domain, e.g. "sauerworld"
- uses variation of master server protocol (more info see below):
regserv
,failreg
,succreg
reqauth
,chalauth
confauth
,succauth
,failauth
stats
- successful auth with "sauerworld" key does not have to give privileges (up to server)
- integration into servers:
- hardest part: support for two (or any amount of?) auth servers (good: can re-use master server code, bad: one more socket to check in
serverslice()
) - needs hook for
N_TRYAUTH
to handle the "sauerworld" domain (spaghetti already has this, remod and zeromod don't) - if auth-on-connect wanted, needs hook for a player joining a game to send
N_REQAUTH
(or send "sauerworld" as server auth domain inN_SERVINFO
, if unused) - for stats system: needs hook for intermission, to:
N_REQAUTH
the "sauerworld" key of all players- send batched
reqauth
to auth server - receive batched
chalauth
- forward to players
- send batched
confauth
to auth server - receive batched
succauth
&failauth
- build batched
stats
message of all successfuly authed players and send to auth server (more info see below)
- patch targets:
- implement in waiter first (proof of concept)
- implement in vanilla
- let mods copy/merge code
- help mods
- hopefully get support for secondary auth server upstream
- hardest part: support for two (or any amount of?) auth servers (good: can re-use master server code, bad: one more socket to check in
- could be extensible to be a full masterserver and provide a list of only the servers that use "sauerworld" auth
- list of pubkeys remains secret for 2 reasons:
- avoid servers copying functionality without talking to SW auth server
- avoid targeting of specific user using
N_REQAUTH
and banning them from a server - data is the new oil ;)
-
compatible with default master server protocol:
regserv
at beginning of connection is required forstats
to work later (prevents server spoofing)reqauth
,chalauth
,confauth
,succauth
,failauth
same as with vanilla master (plus batching)- server will never send
addgban
orcleargban
messages - additional
succstats
andfailstats
messages (master -> server only) to let players know if stats were stored or not
-
auth commands can be batched, e.g.
reqauth 1934 pix 45304 miu 395948 obstriegel
will result inchalauth 1934 +83029d902f930e9a\nchalauth 45304 -39303a9cb0e0f0a0d\nchalauth 395948 -bc830a0d9e0f8f835058
-
additional stats command expects game mode ID, map name and serialized
server::savedscores
, indexed by authname and auth request ID:stats <mode> <map> [<authreq> <authname> <frags> <deaths> <damage> <shotdamage> <flags>]...
-
example:
stats 17 reissen 1934 pix 12 11 3920 6700 5 45304 miu 34 23 2840 5000 2