NOTICE: NWN Authentication Server Down

[Legacy_kalbaern]

               

Lomondra wrote...

That's an overload, I can't do that, I guess than the aforementioned safeguard to Local Authentication was only meant for DM's and Developers, and not for the User. I didn't get that, sorry. I wish someone could do something for us poor schmucks.

Forum thread is titled NWN Authentication Down, but I am not familiar with the acronym GoG?

The task of safeguarding your PW Character Vaults is something only the Admins/Scripters/Builders of the PW(s) you play on can take care of themselves. Most are doing so now or plan to as well.
               
               

               
            

[Legacy_FunkySwerve]

               Here's a system to link cd keys to playernames using the native bioware database.

When a character logs in, it will automatically check their cd key from oncliententer, and compare it to a Campaign variable stored in the database. If that variable is not set, this is the first time that playername has logged in (at least since this system was installed). The key will be linked to their account by setting that variable, and they can proceed with play as normal, unaware that anything has happened. If the variable is already set, however, and it does not match they key they are using, they are booted. This setup allows you to accumulate CD Key info as you go, and assumes that the first login of an account is ligit - an assumption that held true on our server. It's technically possible someone else could get to it first, but the chances are small, since most need to see the account name in use first in order to steal it (unless it's known already). Generally, I think this is far preferable to server passwording, as it's less of an impediment to players, an the chances of a  non-legitimate first logger are quite small, and can be addressed as soon as the legitimate logger posts on the forums of your server reporting the account lockout.

This system is a little more complex than that, though. It also allows addition of multiple keys, up to 7, for a playername - you'd be amazed at how many players use more than one. On our server, it's done via a conversation fired from a item they get when they enter the docks. The conditional checks to make sure they don't already have 7 keys added (this one returns FALSE if they do).


int StartingConditional()
{
    object oPC = GetPCSpeaker();
    string sStoredKey = GetCampaignString("PlayernameKey", GetPCPlayerName(oPC));
    if (sStoredKey != "") {
        int nLength =  GetStringLength(sStoredKey);
        if (nLength > 65) /* allow 7 keys max SET-key-key-key-key-key-key-key   SET/ADD + 7 spacers + 7x8 keys = 66 */
            return FALSE;
    }
    return TRUE;
}


If they do not have the maximum allowed already, their account is marked as ready to accept a new key, and they are asked to logout, swap to the new key, and log in again. This is the action taken script for that line:


void main()
{
    object oPC = GetPCSpeaker();
    string sStoredKey = GetCampaignString("PlayernameKey", GetPCPlayerName(oPC));
    string sKeys = "ADD" + GetStringRight(sStoredKey, GetStringLength(sStoredKey) - 3);//mark as adding
    SetCampaignString("PlayernameKey", GetPCPlayerName(oPC), sKeys);
}


Here is the oncliententer code I mentioned at the outset, which should make more sense now that you know the procedure for adding keys:



int VerifyPlayernameAgainstCDKey(object oPlayer) {
    int nBoot = FALSE;
    string sPName = GetPCPlayerName(oPlayer);
    string sKey = GetPCPublicCDKey(oPlayer);

    string sNewKey, sAddingKey, sStoredKey = GetCampaignString("PlayernameKey", sPName);

    /* there's at least one key stored already */

    if (sStoredKey != "") {
        sAddingKey = GetStringLeft(sStoredKey, 3);
        sStoredKey = GetStringRight(sStoredKey, GetStringLength(sStoredKey) - 3);

        /* they indicated that they wanted to add a key this login */

        if (sAddingKey == "ADD") {

            /* their current key is not in the key string, add it unless at 7 keys already */
            if (FindSubString(sStoredKey, sKey) == -1) {
                int nKeyLength = GetStringLength(sStoredKey);

                /* allow 7 keys max SET-key-key-key-key-key-key-key   SET/ADD + 7 spacers + 7x8 keys = 66 */
                if (nKeyLength > 65) {
                    nBoot = TRUE;

                    /* must mark as no longer adding */
                    SetCampaignString("PlayernameKey", sPName, "SET" + sStoredKey);

                    /* add the key to the string */
                } else {
                    sNewKey = "SET" + sStoredKey  + "-" + sKey;
                    SetCampaignString("PlayernameKey", sPName, sNewKey);
                    DelayCommand(25.0, FloatingTextStringOnCreature("New CD Key Successfully Added!", oPlayer, FALSE));
                }

                /* let them know they already had this key in their string */
            } else {
                DelayCommand(25.0,
                    FloatingTextStringOnCreature("CD Key Addition Failed! This key already listed for this account!", oPlayer,
                        FALSE));

                /* must mark as no longer adding */
                SetCampaignString("PlayernameKey", sPName, "SET" + sStoredKey);
            }


            /* they are not adding, and the cd key doesnt match those listed - boot and log */
        } else if (FindSubString(sStoredKey, sKey) == -1) {
            string sReport = "INCORRECT CD KEY DETECTED! ID: " + sUnencoded + "; Name: " +
                GetName(oPlayer) + "; CD Key: " + sKey + "; IP: " + GetPCIPAddress(oPlayer);

            WriteTimestampedLogEntry(sReport);
            SendMessageToAllDMs(sReport);

            nBoot = TRUE;
        }


        /* new account, add the key */
    } else {
        SetCampaignString("PlayernameKey", sPName, "SET-" + sKey);
    }

    return nBoot;
}
void main() {

    object oPC = GetEnteringObject();

    /* verify CD keys and double logins to stop hackers */
    if (VerifyPlayernameAgainstCDKey(oPC)) {
        if (GetIsObjectValid(oPC))
            BootPC(oPC);
        return;
    }
}

Funky
               
               

               

                     Modifié par FunkySwerve, 09 juillet 2011 - 03:43 .
                     
                  

            

[Legacy_IronRook]

               Thanks FunkySwerve !!!  I will install tonight when I get home .
               
               

               
            

[Legacy_Lomondra]

               This is wonderful, I hope the Sys Admins take advantage of your generosity.  Thank you.
               
               

               
            

[Legacy_Judge Dead]

               The system is good but only if you start from an empty servervault.

The problem with the master server down is that your account isn't protected. Let me show yo the problem.

The admin instal the stuff on he's PW. PLAYER A log in and since no key are stored for this account, script link the account with the key, well, no one else can log onto the account of PLAYER A. Then, PLAYER A (who is a bag guy) decide to log onto the account of PLAYER G, who has not logged in until the last update of the admin, Account of player G isn't stored yet in campain, so server will link the account of PLAYER G to the CD key of PLAYER A. Account of PLAYER G is now the one of PLAYER A.

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.
               
               

               
            

[Legacy_Judge Dead]

               
               
               

               

                     Modifié par Judge Dead, 08 juillet 2011 - 11:02 .
                     
                  

            

[Legacy_Judge Dead]

               Bha, bug double posted message :/
               
               

               
            

[Legacy_Balduvard]

               

Judge Dead wrote...

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.

That is correct, a feature of which makes it immediately recognizable by the true account holder when they cannot connect with their own account on the server, enabling them to take action by contacting the server administrator, whereas otherwise they would be unaware of any activity on their account unless they noticed changes to their characters.
               
               

               
            

[Legacy_FunkySwerve]

               

Judge Dead wrote...

The system is good but only if you start from an empty servervault.

The problem with the master server down is that your account isn't protected. Let me show yo the problem.

The admin instal the stuff on he's PW. PLAYER A log in and since no key are stored for this account, script link the account with the key, well, no one else can log onto the account of PLAYER A. Then, PLAYER A (who is a bag guy) decide to log onto the account of PLAYER G, who has not logged in until the last update of the admin, Account of player G isn't stored yet in campain, so server will link the account of PLAYER G to the CD key of PLAYER A. Account of PLAYER G is now the one of PLAYER A.

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky
               
               

               
            

[Legacy_Judge Dead]

               

FunkySwerve wrote...

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky

Erf, Do not take it bad Funk ^^ I was not saying your stuff wont work at all, i just want to make you notice that both situation are totaly different, you havn't put your system on when master server was down for weeks, so it gave time to your module to build a large data base of valide account played by the real propretair.

In the situation today, anyone can log on any account so, it does not let a chance to build up the database.
               
               

               
            

[Legacy_FunkySwerve]

               

Judge Dead wrote...

FunkySwerve wrote...

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky

Erf, Do not take it bad Funk ^^ I was not saying your stuff wont work at all, i just want to make you notice that both situation are totaly different, you havn't put your system on when master server was down for weeks, so it gave time to your module to build a large data base of valide account played by the real propretair.

In the situation today, anyone can log on any account so, it does not let a chance to build up the database.

Yes, I understand what you're saying. What I'm telling you is that you're wrong, there's absolutely no reason to wait. The odds of account theft during this period are low enough that it didn't happen a single time on our server, which is one of the most active out there - and the MS had downtimes back then as well, though nothing so long (remember that they have to see the playername they're stealing somewhere). Furthermore, disabling MS verification has always been comically easy, though I won't go into detail on that, for obvious reasons. And, even if an account theft WERE to happen, it wouldn't take long to fix, and, as Baldy has pointed out, nothing would be lost that hadn't been already. The notion that server admins should wait to enable a system like this is pure folly - there's nothing but upside, even if you do need to fix a few stolen accounts. Why? Because they would've been stolen if you hadn't put the system in anyway, and passively collecting data isn't going to guarantee the right ip gets stored, so you're just prolonging the period of vulnerability with no net gain.

On a related note, I'll be posting code to remove key-account links in a bit, since you need it with the bioware database, as you can't simply use the command-line mysql/sqlite clients to undo things. We actually wind up having to remove a dozen or so playername-key links a year, due to loss of keys from moves, etc. This is yet another point at which the account would be vulnerable, and we've also not seen a single account theft there either, despite most of them being handled with public posts giving their playernames.

Funky.
               
               

               

                     Modifié par FunkySwerve, 09 juillet 2011 - 03:02 .
                     
                  

            

[Legacy_IronRook]

               Excellent work FunkySwerve,,, I am working on putting it in as I type this.The Master Server could be down for awhile and the lack of an update from Bioware isnt helpful.Bioware did say they were fixing it ..but gave no time table.*as soon as possible * could mean anything.there is a strong comminnity here with helpful people.This has been explained in detail IMHO .You can also redue it after the MS comes back up.




EDIT: I was unable to compile because of this line.

              ":" + IntToString(GetPCPort(oPlayer));
               
               

               

                     Modifié par IronRook, 09 juillet 2011 - 12:49 .
                     
                  

            

[Legacy_Marflarian]

               Dunno if this is the proper place for this but I've yet to hear of anyone else experiencing this problem, right now as it stands I'm unable to gain access to the master server which is fine n all, but everyone else tells me (stateside and non) are able to play just fine right now, yet for some reason no servers pop up under my history or favorites and direct connect does not work either, I'm not sure if this has anything to do with me being in Afghanistan or not but if everyone else can play, why can't I?


Any help would be greatly appreciated as I was hoping this problem would have settled by now.

Thank you.

PS: Good to see ya Funky, Baldy, hopefully if I get some help I'll be able to play HG again lol
               
               

               

                     Modifié par Marflarian, 09 juillet 2011 - 01:23 .
                     
                  

            

[Legacy_Calvinthesneak]

               Two possibilities I can think of are your game version isn't patched up to the latest version.

The other is that your incomming and outgoing traffic on your game port is blocked, not sure what military setup is like.
               
               

               
            

[Legacy_FunkySwerve]

               

IronRook wrote...


EDIT: I was unable to compile because of this line.

              ":" + IntToString(GetPCPort(oPlayer));

Sorry about that. That's a nwnx_ linux function only - I deleted it from the script just now.

Funky