[Reference] GameConnection::onConnectRequest

[Pah1023]

I've realized, A lot of people use this to check for versions in their mods, RTB used it, Blockland Plus, Realistic Space Client.
I'd like to compile a list for reference in-case there is ever any conflicting mods.
The arguments I know of currently in order.

0. Client 1. Address 2. LANName 3. NETName 4. Prefix 5. Suffix 6. BLP 7. RTB 8. Unused 9. Unused2 10. Handshake

Default | GameConnection that is sending a connection request. Default | Address of the connecting client. Default | LAN name of the connecting client. Default | Network Name of the connecting client. Default | Clan Prefix of the connecting client. Default | Clan Suffix of the connecting client. User-added | Blockland Plus version User-added | Return To Blockland version Unused | First unused argument Unused | Second unused argument User-added | Xalos' Handshake Argument

As a safety precaution, always add extra arguments if you ever use this function so they won't get removed.

GameConnection::onConnectRequest (%this, %ip, %lan, %net, %pre, %suf, %blp, %rtb, %un, %un2, %rsc, %ex1, %ex2, %ex3, %ex4 )

If I've missed any user-added args, just reply with them and where exactly they are.

[Ad Bot]

[Ipquarx]

This is why I hold a strong philosophy that it's not a good idea to use onConnectRequest args. Not only is it a bad idea to use them due to possibly conflicting mods, but they've even been used to do remote code execution and addon backdooring.

[Pah1023]

This is why I hold a strong philosophy that it's not a good idea to use onConnectRequest args. Not only is it a bad idea to use them due to possibly conflicting mods, but they've even been used to do remote code execution and addon backdooring.

Oh really?
I personally haven't messed with an add-on that used this for back-dooring.
Though, it has gotten me curious as to what add-on has used it.
But with all add-ons can't you use any function for back-doors?

[$trinick]

The difference is GameConnection::onConnectRequest can be accessed by a banned user. So if the backdoor is in that function, it can be used to unban themself or wreak havoc without even fully connecting.

[Pah1023]

The difference is GameConnection::onConnectRequest can be accessed by a banned user. So if the backdoor is in that function, it can be used to unban themself or wreak havoc without even fully connecting.

Ahh, so a better use would be autoAdminCheck.
Such as sending them a client command and waiting for a reply to get the information.

[$trinick]

Yep.

[Greek2me]

Slayer uses a handshake system.

AutoAdminCheck -> Server sends handshake to client -> client gets handshake -> client responds to handshake

[Xalos]

The eleventh argument is actually what I prefer to think of as the handshake argument.

RSM's client and server have the following handshake code:

Code: (Client.cs) [Select]

function GameConnection::setConnectArgs(%a, %b, %c, %d, %e, %f, %g, %h, %i, %j)
{
%j = %j@(%j$=""?"":"\t")@"RSC "@$RSC::Revision;
//Irrelevant code omitted
Parent::setConnectArgs(%a, %b, %c, %d, %e, %f, %g, %h, %i, %j);
}


Code: (Main.cs) [Select]

function GameConnection::onConnectRequest(%cl, %a, %b, %c, %d, %e, %f, %g, %h, %i, %j)
{
%fields = getFieldCount(%j);
for(%ind=0;%ind<%fields;%ind++)
{
%field = getField(%j, %ind);
if(firstWord(%field) $= "RSC")
%version = restWords(%field);
}
%cl.RSCJoinVersion = %version;
if(%version < $RSM::RequiredRSCVersion)
%cl.schedule(0, "delete", "You must have <a:long_link_omitted>revision "@$RSM::RequiredRSCVersion@" or later</a> to play on Realistic Space Mod!<br><br>If you have Client_DRPG, delete it - it is poorly written and breaks clients that play nice.");
Parent::onConnectRequest(%cl, %a, %b, %c, %d, %e, %f, %g, %h, %i, %j);
}


This allows any other mod that 'plays nice' to use the same field as RSM, without either mod breaking in the process.

[Ipquarx]

The difference is GameConnection::onConnectRequest can be accessed by a banned user. So if the backdoor is in that function, it can be used to unban themself or wreak havoc without even fully connecting.

Fun fact: Truce did this once. (http://forum.blockland.us/index.php?topic=251611.msg7279256#msg7279256 ) His backdoored addon that used onConnectionRequest (which just so happened to have an eval backdoor in it) got through the rtb approval process. That plus the fact that the RTB api allowed you to see which servers were using his addon, he could go around and "hack" unsuspecting servers completely remotely.

[Pah1023]

Ah, I remember you mentioning something like that before.
Forgot about that, I'll modify the description a bit.

Dang, but other than the fact that you can do it while banned, it's just as insecure as any other function.
And another function can be as damaging if you inject a remote eval.

Slayer uses a handshake system.

AutoAdminCheck -> Server sends handshake to client -> client gets handshake -> client responds to handshake

Yeah, I knew of the existence of this, but always felt onConnectRequest is better for mod versions.

[portify]

BAM uses this argument list:

• Remote client address
• LAN name
• Net name
• Clan prefix
• Clan suffix
• RTB version
• Auth nonce (not always used)
• BAM version + version of any client-sided modules registered with BAM_registerClientModule
• Unused 1
• Unused 2
• Unused 3
• Unused 4
• Unused 5
• Unused 6
• Unused 7
• Unused 8