Now that this is being put all over the place, there will be an incentive for people to figure out how to spoof the certificate and get free reserved slots.
I suggest logging the players IP/SteamID combo, when their SteamID finally authenticates, if their steam id does not match the ID that was passed in ConnectClient, issue a ban.
Also, after looking at the source code, you don't do any kind of validation on the certificate.
Code:
CDetourManager::DetourReturn ConnectClientDetour(void *CBaseServer, void *netaddr_s, int something, int something2, int something3, char const* name, char const* pass, const char* steamcert, int len)
{
g_pConnect->PushCell(something);
g_pConnect->PushCell(something2);
g_pConnect->PushCell(something3);
g_pConnect->PushString(name);
g_pConnect->PushString(pass);
char steamid[100];
snprintf(steamid, sizeof(steamid), "STEAM_0:%u:%u", (*(unsigned int *)((char*)steamcert+0x10))%2, (*(unsigned int *)((char *)steamcert+0x10))/2);
g_pConnect->PushString(steamid);
g_pConnect->Execute(NULL);
RETURN_DETOUR(CDetourManager::DetourReturn_Ignored);
}
The Steam Cert +16 is actually a CSteamID Instance.
I suggest doing something along the lines of...
Code:
CDetourManager::DetourReturn ConnectClientDetour(void *CBaseServer, void *netaddr_s, int something, int something2, int something3, char const* name, char const* pass, const char* steamcert, int len)
{
g_pConnect->PushCell(something);
g_pConnect->PushCell(something2);
g_pConnect->PushCell(something3);
g_pConnect->PushString(name);
g_pConnect->PushString(pass);
if(steamcert != NULL && len >= 256)
{
CSteamID SteamID;
memcpy(&SteamID, &steamcert[16], sizeof(SteamID));
if(SteamID.GetEAccountType() == 1 && SteamID.GetEUniverse() == 1) {
g_pConnect->PushString(SteamID.Render());
} else {
//This ID is invalid! THIS CAN AND DOES HAPPEN.
}
}
g_pConnect->Execute(NULL);
RETURN_DETOUR(CDetourManager::DetourReturn_Ignored);
}
Here's render.
Code:
char * CSteamID :: Render() const
{
static char szSteamID[64];
_snprintf(szSteamID, sizeof(szSteamID), "STEAM_0:%u:%u", (m_unAccountID % 2) ? 1 : 0, (int32)m_unAccountID/2);
return szSteamID;
}
Clients with invalid ID's at ConnectClient, in my case, I reject them. They are usually the pirate server browsers looking for pirated servers to add to their pirate server list or other various scumbags.