MantisBT - Zandronum
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002763Zandronum[All Projects] Suggestionpublic2016-06-25 23:452016-07-12 20:19
ReporterAlexMax 
Assigned ToTorr Samaho 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0002763: Allow logging in as part of connection sequence.
DescriptionRight now, you can only log in while you are ingame. It would be really nice if you could log in as part of connecting to the game itself.

This would open the door to things like only allowing logged-in players to connect, login whitelist support, login admin support, and login banlist support. I'm not sure if such features should be in separate tickets or not.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-06-25 23:45AlexMaxNew Issue
2016-06-26 00:00Konar6Note Added: 0015114
2016-06-26 08:46FusedNote Added: 0015116
2016-06-26 12:07Torr SamahoNote Added: 0015119
2016-06-26 12:07Torr SamahoAssigned To => Torr Samaho
2016-06-26 12:07Torr SamahoStatusnew => feedback
2016-06-26 16:37AlexMaxNote Added: 0015130
2016-06-26 16:37AlexMaxStatusfeedback => assigned
2016-07-10 11:12Torr SamahoNote Added: 0015250
2016-07-11 19:51Torr SamahoNote Added: 0015283
2016-07-12 20:19DuskNote Added: 0015298

Notes
(0015114)
Konar6   
2016-06-26 00:00   
IIRC allowing only logged-in players to connect was declined.
(0015116)
Fused   
2016-06-26 08:46   
Why would it be declined? I can really understand this being wanted as future mods could have features that really needs players to login.
(0015119)
Torr Samaho   
2016-06-26 12:07   
Allow logging in as part of the connection sequence is a reasonable thing and I wouldn't mind having it (only allowing logged-in players to connect is a different story though, the current mechanism to prevent unauthenticated clients from joining the game should be sufficient).

A requirement for this to work is a way to feed the login credentials to the client though (I'd prefer if the launcher somehow hands the credentials over). This came up in other tickets in the past, but we never finalized anything. Any suggestions?
(0015130)
AlexMax   
2016-06-26 16:37   
> only allowing logged-in players to connect is a different story though, the current mechanism to prevent unauthenticated clients from joining the game should be sufficient

The particular use-case I was thinking of was for Private CTF. Instead of handing out a password, I could simply ban everybody and whitelist only specific usernames that are allowed to connect.
(0015250)
Torr Samaho   
2016-07-10 11:12   
Update: I made some experiments with the Windows Data Protection API and now have code that encrypts and decrypts strings under Windows. This should be safe enough to have Zandronum store the password.
(0015283)
Torr Samaho   
2016-07-11 19:51   
Another update: I scratched the DPAPI approach and instead store the credentials in the Windows Credential Manager. That's hopefully secure enough, at least it's not less secure than the DPAPI approach since all user programs have access to both mechanisms.
(0015298)
Dusk   
2016-07-12 20:19   
The commits were based off the HITTARGET/etc commits for ticket 0002445, so I closed the head, and transplanted the commits to bookmark store-logins-2763.