[Dragokas]

Hi,

I think some plugin produces security hole.

Sometimes random clients become:

Quote:

GetUserAdmin(i) != INVALID_ADMIN_ID

and

Quote:

xxx. (STEAM_xxx | x.x.x.x). Admin name: , Inher.flag: 0, Group flag: 0, GroupCount: 0, Immun.: 0, User flag bits: 0

What kind of code could create such issue?

Code, I used to log above info:

Spoiler

PHP Code:

public void OnMapStart()
{
    CreateTimer(1.0, Timer_Check, _, TIMER_REPEAT | TIMER_FLAG_NO_MAPCHANGE);
}
public Action Timer_Check(Handle Timer)
{
    static char sSteam[64];
    static char sIP[32];
    char sName[64];
    AdminId Adm;

    for (int i = 1 ; i <= MaxClients; i++) {
        if (IsClientInGame(i) && !IsFakeClient(i)) {
            if (!IsClientRootAdmin(i) && GetUserAdmin(i) != INVALID_ADMIN_ID) {
                Adm = GetUserAdmin(i);
                
                GetClientAuthId(i, AuthId_Steam2, sSteam, sizeof(sSteam));
                GetClientIP(i, sIP, sizeof(sIP));
                
                Adm.GetUsername(sName, sizeof(sName));
                
                LogToFile(g_sLog, "%N. (%s | %s). Admin name: %s, Inher.flag: %i, Group flag: %i, GroupCount: %i, Immun.: %i, User flag bits: %i", 
                            i, sSteam, sIP, sName,     Adm.GetFlags(Access_Real), Adm.GetFlags(Access_Effective), Adm.GroupCount, Adm.ImmunityLevel, GetUserFlagBits(i));
                
            }
        }
    }
}
stock bool IsClientRootAdmin(int client)
{
    return ((GetUserFlagBits(client) & ADMFLAG_ROOT) != 0);
} 


Why GetUserAdmin() returns non-empty AdminId when client has 0 flag bits?

[Powerlord]

Are you using a plugin that uses CreateAdmin anywhere? Admins created that way will exist until you call RemoveAdmin whether or not they have any permissions.

[Mitchell]

Quote:

Originally Posted by Powerlord Are you using a plugin that uses CreateAdmin anywhere? Admins created that way will exist until you call RemoveAdmin whether or not they have any permissions.

Pretty source Sourcebans does this.

'Admin' is a loose term. If you're looking if a user has elevated privileges use CheckCommandAccess(), as it not only can fall back to a flag but it also allows server operators to customize who has access to what. Which is another reason I created my GroupHandlerAPI in favor of plugins creating their own adminIds for users and assigning them flags.

[Dragokas]

Only sourcebans.

Thank you. I'll check it.

[Dragokas]

Mitchell, I just need to check whether client is specified in admins_simple.ini file.

I think such check will be enough:

PHP Code:

stock bool IsClientAdmin(int client)
{
    return (GetUserAdmin(client) != INVALID_ADMIN_ID && GetUserFlagBits(client) != 0);
} 


Isn't it?

[Dragokas]

BTW, do you know why sourcebans require CreateAdmin() ?

[Mitchell]

Quote:

Originally Posted by Dragokas BTW, do you know why sourcebans require CreateAdmin() ?

Because it doesnt save into admins.cfg etc, it connects to their database and selects the admin list there. When it comes back it creates admin for users if they are needed. Either which way some one can still end up being admin when they have no permissions.
If you specifically want to know if they are in admin_simple.ini then you'll have to parse them or assign the steamid to a group name "@SimpleAdmin" etc and check if they are in the SimpleAdmin group

Also sourcemod native plugins use CreateAdmin also. It just shouldnt be used they way your using it to get the admin id to check if they're admin.

[Dragokas]

Brrrr, too difficult for such simple task.

Thanks for info.