Re: Updater
Sine all my projects where already on Github I had a similar problem to solve. I built a small PHP wrapper script running on my web server delivering the files via HTTP instead of HTTPS:
PHP Code:
|
Re: Updater
L 04/01/2014 - 18:11:23: SMC parsing error on line 0
L 04/01/2014 - 18:11:23: [0] URL: http://dev.xadgaming.com/simple-chat...er/updater.txt L 04/01/2014 - 18:11:23: [1] ERROR: Line contained too many invalid tokens We have this error on our server. |
Re: Updater
http://dev.xadgaming.com/simple-chat...er/updater.txt
That doesn't look like a valid updater text file... |
Re: Updater
Quote:
|
Re: Updater
Is there ever going to be an option to have paths be different on the download server than the game server?
For instance, to make it easier to create distributions, I store my source and resource files using the full path (addons/sourcemod/scripting/whatever.sp or sound/prophunt/whatever.mp3) but I don't want to put my updater files... or models/materials/sounds... under the sourcemod directory. |
Re: Updater
First thanks GoD-Tony for this powerfull and usefull tool.
And well, I have read your finals notes, not sure if you still want give a look about how I added Updater to my plugin, here is a link. |
Re: Updater
How vulnerable is this to EvilGrade if DNS records are compromised?
http://www.infobyte.com.ar/down/Fran...%20-%20ENG.pdf |
Re: Updater
Quote:
|
Re: Updater
should add functionality to check downloaded file signatures (public/private key) before doing the update? Is that possible?
let's say I target the BGF warmod plugin. the dns redirects the update request to my compromised add-on. If the updater had functionality to download the plugin together with a hash, signed with the warmod author private key and the updater was configured to read the public key the server admin stored on the server, it would reject the compromised add-on, no? or does the SSL handle this already? |
Re: Updater
2 Attachment(s)
If you can ensure the safety of your DNS-Server you may use SSL/TLS (HTTPS) to protect the content of the connection once established. I managed to get it working with Github using SSL/TLS, just edit scripting/updater/download_curl.sp and add the following after line 41:
Code:
curl_easy_setopt_int(curl, CURLOPT_SSLVERSION, 3); If you still can't use SSL, try these steps (still requires cURL extension, no Socket or SteamTools support!):
If you trust me and don't want to compile yourself you can use the attached updater.smx (as it can't be compiled on the forum), I increased the version number to 1.2.1 so it won't get confused with the official one. |
Re: Updater
You'll need to attach a zip file of sources for that binary.
SteamTools already support HTTPS, cURL should as well without needing that flag unless you're talking to broken servers. |
Re: Updater
Added source code.
Ah, I stand corrected, after a bit of research there really seems to be a problem with Github not graciously downgrading from TLS 1.0/1.1/1.2 to SSLv3 automatically, how odd! |
Re: Updater
Thank you, I'm just curious about the case where DNS can't be guaranteed :)
with all the router hacks I read about these days |
Re: Updater
If you consistently use SSL and your Clients strictly validates the certificate against an official CA (VeriSign, COMODO, StartSSL and so on) you are pretty safe against DNS spoofing attacks (I'm simplifying it a bit, in reality it's more complicated but I won't go in to deep) because the target host name has to match the certificates "distinguished name". If someone on your network gained access to the DNS system your server uses to resolve names and redirects traffic from your client to himself (faking the real update website) this validation would fail because only the real owner of the official update site has the corresponding private key and no connection would be established. This only works if the private key really remains secret (which can't be assured for old certificates since the heartbleed disaster) and the client won't skip the peer/host validation.
I hope this wasn't worded too complicated, long story short: SSL also protects against spoofed DNS requests (as long as it's set up properly) |
Re: Updater
to get VeriSign certs you have to pay
I think it would be way easier if there is an RSA keypair, the plugin author keeps the secret key and generates a signature for the updater plugin to check with the public key. When you install a plugin, you provide the author public key with it so you can validate the downloaded plugin comes from the right source. a dns hack won't be able to insert evil soucemod addons |
Re: Updater
Quote:
Signing the files would need an implementation for SourceMod to check (like an OpenSSL extension) and a few modifications on Updater, while HTTPS would ensure transport security and is easier to implement as long as people use SteamTools or cURL. |
Re: Updater
Quote:
I think that using a type of signature system would work better. Requiring SSL is not compatible with Updater as it is now, since the Socket extension doesn't support it. Signatures would also allow for binaries supplied from other sources to be linked back to a trusted key. |
Re: Updater
Quote:
As for the signing of files; it's possible to achieve with OpenSSL:
A plugin using this may use the System2 extension to run the openssl command. This requires openssl being present in the system path ofc. or a static build of openssl is shipped with the plugin. |
Re: Updater
Quote:
|
Re: Updater
Never mind, I think I misunderstood your comment. Ofc. a build compatible with all operating systems :)
Linux will - in most cases - not be a problem, I just tested it with a static build for Windows: http://www0.xup.in/exec/ximg.php?fid=95980068 |
Re: Updater
Quote:
Still, security should not cost money. I think something like PGP would work best for this, as an extension or widely built into SourceMod. |
Re: Updater
So you really want a signature based solution, eh? You shall get one :)
After a hard night of coding and stopping my brain from escaping as i dove through the OpenSSL documentation it's finally finished; a SourceMod extension for verifying files signed with an RSA private key: SourceSec! (my product names are always creative as hell) http://www0.xup.in/exec/ximg.php?fid=10400326 It abstracts away the fairly complicated process of computing hashes and validating signatures with OpenSSL's API hell :) Currently there are two natives implemented:
Here you can see a live test; someone tried to slip a potentially malicious version of a plugin which get's caught in the validation process: http://www0.xup.in/exec/ximg.php?fid=17234424 Currently it's working flawlessly on windows only, I'll release all the project data in a separate thread in the extensions-sub-forums tomorrow. Usage is meant to be as simple as possible as this demo script shows: PHP Code:
|
Re: Updater
Nice idea. Now to really have some use of this one would need some trusted place where to get the public key instead of just shipping it together with the plugin. And some way to assign those public keys with the .smx.
How about a small change to the plugin header where the compiler could add a signed hash of the .data and .code section if some command line flag is set to the private key. Then people could add their public key to their forum profiles and their forum userid would be added as the "owner" of the plugin in the header too. When the plugin is loaded, sourcemod would fetch the publickey, display the username so admins can verify where it's from and verify the signature. That way one could be sure, the binary is from the correct author you trust. People would have to upload the signed .smx despite the plugin being able to compile through the online compiler "Get Plugin", but it's still the user's choice if they like some security of the plugin's origin. |
Re: Updater
I'd target a solution which won't need to recompile every plugin or modify the compiler. I haven't yet dove deep enough into the SourceMod API but I think it's possible to intercept loading a plugin from an extension. The idea would be the following:
|
Re: Updater
Quote:
How many server admins are going to bother to download 2 extra files for a plugin? It'd be nicer if the signature were embedded directly into the binary. The public keys could be kept in a repository on this site (it's already served over HTTPS), with the certificate pinned if you're paranoid. |
Re: Updater
wow, good job.
this "sourcesec" mod you just wrote is what I was looking for, thanks! |
Re: Updater
Quote:
I, for instance, usually want to inspect the code to learn and understand how it works and usually download the source & dependencies and compile myself. (I usually don't set up the updater part). it's good to have a system available where you can validate the plugin before it is being automatically updated. |
Re: Updater
Hello, i have a big problem with the updater,
Quote:
and that is my Error Log Quote:
|
Re: Updater
Hello. I would like to use an updater in my plugin, but i would also like the plugin could be loaded if there is no Updater on current server. To add Updater support, i use the example code from the 1st post of thos topic. When i try to load my plugin w/o loaded updater i get the message:
Quote:
|
Re: Updater
Quote:
|
Re: Updater
Quote:
Code:
#undef REQUIRE_PLUGIN Code:
public APLRes:AskPluginLoad2(Handle:myself, bool:late, String:error[], err_max) |
Re: Updater
Yes, but i wanna the plugin in this directory...
|
Re: Updater
So why doesn't it already exist then? Shouldn't it be created at the initial installation of your plugin? Like in the shipped ZIP or smth.? AFAIK there is no routine in Updater to create "missing" directories.
|
Re: Updater
I will try, thanks :)
|
Re: Updater
Quote:
Also, ReloadPlugin isn't a native. The code that it executes is included right there in the INC. It's worth noting that if ReloadPlugin() isn't ever used in the plugin, it will not be compiled into the plugin at all, as it is prefixed with "stock" |
Re: Updater
I see, thanks for clearing this up!
|
Re: Updater
Quote:
Quote:
henri9813: Check to make sure plugins/Module is writable. |
Re: Updater
Quote:
|
Re: Updater
Hello,
does this not work properly with CS:GO on a linux server? Output of sm_updater_status: PHP Code:
PHP Code:
Metamod: PHP Code:
PHP Code:
PHP Code:
PHP Code:
With kind regards, Karower |
Re: Updater
Same problem like Karower. Any fix?
|
All times are GMT -4. The time now is 05:23. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.