arrai
Members-
Posts
104 -
Joined
-
Last visited
Never -
Donations
0.00 GBP
Content Type
Profiles
Bug Tracker
Wiki
Release Notes
Forums
Downloads
Blogs
Events
Everything posted by arrai
-
Great, but give him that not-so-public address. Otherwise his mail could be missed in all that spam
-
It's part of his mangos management suite: http://game-trac.fragfrog.nl/browser/source/server/src/mangos/SoapInterface.java
-
Excellent, it has been committed to both master and mangos-0.12
-
The SV semaphore is only available under posix systems, please check if it works with only that patch applied: http://gist.github.com/317824
-
Maybe semaphores are bugged under windows, please check if the problem persists with this hackfix: http://gist.github.com/317778 Btw, are you using a 64bit version of windows 2003?
-
I couldn't reproduce that problem under linux with mangos-0.12 at a208fd2a8264b1142cac0249dc9be064955cc7c6. What OS do you use?
-
It has been fixed before committing, there is no need to do anything if you use the mangos master branch
-
Thanks for testing Maik, the output is the command specific return value. The announce command simply lacks of this - in contrast to "server info" or "lookup item". It's always the text a GM char would see ingame
-
[patch]Special items for sale shop(Very useful feature)
arrai replied to a topic in OldCore modifications
You're right UnkleNuke, the first 3 post originated from the same IP address -
Thanks, I've added that patch in e2f8686b37ab9cef9773f1a6a91a0190992c9344
-
Derex has pointed out that there was an issue with more than 1024 connected players. It has been fixed in MaNGOS_soap_patch_2010_02_23_00_31_55.diff, huge thanks for that
-
While the telnet interface is clearly a better approach than the database as IPC antipattern, it has some limitations. Currently only one user is allowed to login, which can become a problem for crowded websites. Some form of queuing is needed serverside. Another issue is the missing specification; you can hardly say if an output of a command ended or if other lines will follow, which makes automated use of the telnet interface difficult. In order to eliminate these restrictions, I started to implement a SOAP interface. After authenticating, you will send your commands encapsulate in a SOAP request. You will either receive a success message or a SOAP fault message. Handling things with this will be far more easy, expect a fiveliner in php It's in an early state of development, but if you're interested you might want to have a look at it: http://github.com/arrai/mangos/commits/mangossoap
-
Mangosd, realmd and mysqld (with mangos tables) on Quad Core httpd and another mysqld(with http related databases as forum, dynamic page content etc.) on core2duo
-
No, this information is exported to the vmaps but currently not used. I started by making vmap_exporter linux compatible, but I hibernated that project due to a lack of time
-
Fixed in 9341
-
Quickfix (players won't get XP instead of crashing the server): http://paste2.org/p/657551
-
UDB MaNGOS ScriptDev2 / ACID
-
I had a glimpse on your patch and might have found a flaw: + // AddDamage total dealt from players to creatures + if (pVictim->GetTypeId() == TYPEID_UNIT && !((Creature*)pVictim)->isPet() && !((Creature*)pVictim)->hasLootRecipient() && this->GetTypeId() == TYPEID_PLAYER) + { + ((Creature*)pVictim)->AddDamage(this,damage); + sLog.outDetail("DealDamage: total dmg done:%d to maxhealth:%d by %u", pVictim->m_DamageManager.totalDamage(), pVictim->GetMaxHealth(), this->GetGUID()); + } What about pets, which are owned by a player, dealing damage? It would sadden warlocks and hunters for sure if they'd have to deal at least 50% of the damage themself. I suggest to use Unit::isCharmedOwnedByPlayerOrPlayer() instead
-
welcome lightguard
-
I can't see how this is related to the ongoing discussion about sha_pass_hash; you could build such a service in both cases. However, I think it would be an overkill: A feature wich requires quite some work, creates an additional library dependency and is rarely used. Furthermore, as DasBlub already mentioned, it requires some considerations about securing that web-service.
-
I consent with you, redundancy is (in this case) a bad thing. However, we could use a trigger to truncate v and s once sha_pass_hash is modified. That way we would prevent contradicting data The whole "make sha_pass_hash a config option" makes IMHO only sense if we keep sha_pass_hash even if it's disabled. I will reset the vote to allow that new option. It's the first time I used GMP in php To check robustness, I could write a test which generates random passwords and validates the generated v. It wouldn't prove correctness (we all know Dijkstra famous quote ) but make a failure less unlikely.
-
Hi folks, since a commit some months ago, we actually don't need sha_pass_hash anymore. v and s, which are stored since that commit persistently, are sufficient to authenticate a user. To explain this issue, I refer to the SRP6 specifications. s is basicly some random number to prevent precalculated attacks and v is something(for detailed information have a look at the specs; it's not really important to understand the math behind it to get my point) to check whether a given password is correct. It boils down to the following: Everytime a useraccount is created or updates his password, s and v are calculated and stored in the database. But what about sha_pass_hash? The stanford document doesn't mention it (l is the username=login): Furthermore, it doesn't mention anything like SHA(UPPER(username):UPPER(password)), which is how sha_pass_hash is calculated. The alarming truth is that MaNGOS' sha_pass_hash is actually SRP's Cleartext Password. That means, that anybody who has gained reading access to mangos.realmd can authenticate himself using a modified or non-standard client. The obvious solution is to drop sha_pass_hash and thus enhance security. However, there are two problems which prevented this step: * Many 3rd party applications use sha_pass_hash to verifiy user passwords. All of them would have to be adapted to use only s and v. I already wrote a php class which handles the cryptography, but it requires the GMP extension. * There might be accounts which haven't logged in since that commit, thus s and v are null. Because it's impossible to generate them from sha_pass_hash using pure SQL, there would be the need for executing a script before applying the SQL update which drops the column. This would be either a php script or a c++ application. So what's your opinion? security > usability?
-
Of course it's possible, it's just a bunch of work. Most probably nobody implemented it, because the effort/benefit consideration is too bad
-
The most efficient way is to read it from the wow process itself - simply memory reading as it's done there: http://hg.sharesource.org/sniffitzt/file/04b874f8d78d/tools/SniffitztClient.cpp If you don't plan to write the decryption part on your own, you also might want to have a look at the whole project http://sharesource.org/project/sniffitzt/
Contact Us
To contact us
click here
You can also email us at [email protected]
Privacy Policy | Terms & Conditions
You can also email us at [email protected]
Privacy Policy | Terms & Conditions
Copyright © getMaNGOS. All rights Reserved.
This website is in no way associated with or endorsed by Blizzard Entertainment®
This website is in no way associated with or endorsed by Blizzard Entertainment®