Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    huadianz

    Can whirlpool hashes be converted back to MD5? What I worry about is if a security plugin breaks down or is abandoned, I can move MD5 hashes to other plugins and they will work fine. That way I dint have to have everyone reregister.
     
  3. Offline

    CypherX

    Nope, the cleartext password would have to be MD5'd then saved when a player used /login. That's how xAuth converts them to Whirlpool hashes.
     
  4. Offline

    unenergizer

    I am getting this error from a clean install.

    PHP:
    23:56:05 [INFOStarting minecraft server version Beta 1.4
    23
    :56:05 [INFOLoading properties
    23
    :56:05 [INFOStarting Minecraft server on *:25565
    23
    :56:05 [WARNING] **** SERVER IS RUNNING IN OFFLINE/INSECURE MODE!
    23:56:05 [WARNINGThe server will make no attempt to authenticate usernamesBe
    ware
    .
    23:56:05 [WARNING] While this makes the game possible to play without internet a
    ccess
    it also opens up the ability for hackers to connect with any username the
    y choose
    .
    23:56:05 [WARNINGTo change thisset "online-mode" to "true" in the server.set
    tings file
    .
    23:56:05 [INFOThis server is running Craftbukkit version git-Bukkit-0.0.0-646-
    gb61ef8c-b670jnks (MC1.4)
    23:56:05 [INFOPreparing level "world"
    23:56:05 [INFOPreparing start region
    23
    :56:05 [INFO144 recipes
    23
    :56:06 [INFOPreparing spawn area93%
    23:56:06 [INFO] [xAuthLoading player accounts..
    23:56:06 [INFO] [xAuthDoneLoaded 0 Accounts!
    23:56:06 [INFO] [xAuthPermissions plugin not detecteddefaulting to ops.txt
    23
    :56:06 [INFO] [xAuthv1.2 Enabled!
    23:56:06 [INFODone (0.120s)! For helptype "help" or "?"
    23:56:16 [INFOunenergizer [/192.168.2.3:51353logged in with entity id 170
    23
    :56:16 [SEVERECould not pass event PLAYER_JOIN to xAuth
    java
    .lang.NoClassDefFoundErrorcom/nijiko/permissions/PermissionHandler
            at com
    .cypherx.xauth.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListene
    r
    .java:45)
            
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.ja
    va
    :204)
            
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.jav
    a
    :59)
            
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.j
    ava
    :255)
            
    at net.minecraft.server.ServerConfigurationManager.a(ServerConfiguration
    Manager
    .java:98)
            
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:87)
            
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:68)
            
    at net.minecraft.server.Packet1Login.a(SourceFile:46)
            
    at net.minecraft.server.NetworkManager.a(NetworkManager.java:198)
            
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:34)
            
    at net.minecraft.server.NetworkListenThread.a(SourceFile:87)
            
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:368)
            
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:283)
            
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
    Caused byjava.lang.ClassNotFoundExceptioncom.nijiko.permissions.PermissionHa
    ndler
            at java
    .net.URLClassLoader$1.run(Unknown Source)
            
    at java.security.AccessController.doPrivileged(Native Method)
            
    at java.net.URLClassLoader.findClass(Unknown Source)
            
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:36)
            
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:24)
            
    at java.lang.ClassLoader.loadClass(Unknown Source)
            
    at java.lang.ClassLoader.loadClass(Unknown Source)
            ... 
    14 more
    >
    23:56:05 [INFO] Starting minecraft server version Beta 1.4
    Bukkit: 670
    Fresh Install with no changed settings.
     
  5. Offline

    Big___Rich

    I see. Thank you for your response. However, I have found that my admins are not required to register, and users cannot register because they receive this error: "You must be logged in."
    In essence, users cannot register because they need to be logged in. And anyone can spoof into the admins account, thus rendering the plugin useless.

    Halp? :(
     
  6. Offline

    CypherX

    Whoops, forgot to add a check to see if Permissions wasn't installed. Updated to version 1.2.1 which should fix it.

    Check your inbox in ~2 minutes.
     
  7. Offline

    ksevelyar

    Could you please add sessions' saving after server restart?
     
  8. Offline

    lycano

    Would be nice if you could add Help 0.2 support.
     
  9. Offline

    CypherX

    Both of these will be in version 2.0.
     
  10. Offline

    lycano

    Nice! After finally finished configuring my server i noticed that the login notice "Please log in using /login .." is send to Player before LoginMessage appears (directly after connect). Im using Essentials and it would be nice if this Message send to Player would appear after the LoginMessage was send because the first line is "Welcome %player".

    (I didnt realised that there is a message that notifies you about it since i took a closer look)
     
  11. Offline

    Almin

    "(NEW!)Players are no longer kicked if someone with the same name joins" This feature isn't working :(
     
  12. Offline

    lycano

    Request for quoted options to be optional. Would be nice if it is possible to make move, chat at least configureable via config, so that an unregistered person can at least chat.

    There is an option for allowed-cmds inside the config but other commands than register and login cant be executed (maybe i got something wrong with the permissions plugin, currently reading about the default group behavior checking that later).

    If the unregistered person is not targetable by mobs then makeing move optional would be very nice. E.g. that someone can build a house around the spawn area and place some signs. to inform the player about the restriction via signs (actually i did that to not confuse a new joined player and make em to force disconnecting xD)

    [Edit]: As i checked a minute ago: Deleting me from the users section in Permissions 2.6 Config. Well, default group assign is working cause i was assigned to my default group with option default=true. Im not logged in at this moment and i cannot use commands that are permitted by the default group. lets say essentials.me

    Features stated "permissions support" Shouln't it work that way?

    What does "registration.force" option do? I don't get it ^^

    Thanks for your time reading this.
     
  13. Offline

    CypherX

    Working fine for me on my test server. Previously, when a player joined a server with the same name as someone else on the server the player already online was disconnected. Now, the player who is attempting to join the server is disconnected instead of the one online.

    Configurable limits on what players who aren't registered can do will be implemented in xAuth 2.0. "Permissions support" basically means that xAuth has nodes that can be used with Permissions/GroupManager. If you want to allow commands to those who aren't registered/logged in you have to add them to the allowed-cmds node in xAuth's config.yml. The registration.forced configuration node controls whether players must register or not. If set to true, they are forced to register before doing anything, if false, registration is optional.
     
  14. Offline

    lycano

    I had added additional command to the config file like /me or /help but i couldn't execute them either. Those commands comes from essentials and help 0.2. Ill test it again maybe i missed something during configuring the server like simply executing /authreload ;) Sometimes this happens even to me xD Thanks!
     
  15. Offline

    moparisthebest

    So with strikes set and enabled, it IP bans a user if they pass the threshold, which is good. But really those shouldn't be permanent bans, so we should at least have an option to expire them after a certain amount of time. Any plans to implement something like this?
     
  16. Offline

    CypherX

    I've actually been thinking about this myself lately. Version 2 will most likely include a way to configure the length of the ban or some other means of making it temporary.
     
  17. Offline

    Almin

    Sorry, i installed againg and it's still same. I can login from another client. I try it on same ip. Can this be a problem?

    Edit: I use 670. Can this be a problem too?
     
  18. Offline

    tonihoks

    plese help it write to me musch errors if i use some plugin command like /npc create from citizen or world edit...
    wot must i do
     
  19. Offline

    CypherX

    Neither of those should be a problem. Explain step by step what you're doing.

    Take a screenshot of or paste the error(s) here. I can't do much if you just say you get errors.
     
  20. Offline

    Boon Pek

    Now then, for MySQL support! ;)
     
  21. Offline

    Almin

    I added the xAuth plugin and i logged in from my computer to the server on vps. Then a player connected with my nick. The server doesn't kick him, it kicks me. Where is the problem?
     
  22. Offline

    moparisthebest

    That is fixed in the latest version, just update your plugin.
     
  23. Offline

    Almin

    I'm already using the latest version.
     
  24. Offline

    Lolmao

    I use this plugin and it works great thanks but recently i want to check if my epic zones plugin is working and when i try logging in on another client it says "You don't have permission to enter KEGS" Kegs is my world name, is this the problem?

    EDIT: Working after restarting the server, no more permission to enter the world error :S Could be a bugg?
    Thanks in advance,
    Lolmao.
     
  25. Offline

    CypherX

    Could be possible that another plugin is conflicting with it. I see from your signature that you're using a whitelist plugin. Which one exactly?
     
  26. Offline

    Almin

    Im using [ADMN/GEN] Whitelist v2.7 [431-670].
     
  27. Offline

    CypherX

    Well, that wasn't the cause. The only thing I can think of is that you're using the wrong version by accident or one of those other plugins is causing it.
     
  28. Offline

    The PC Tech Guy

    This plugin looks very interesting compared to the Authme plugin I currently use. I'll probably switch over, specifically looking at the password complexity part, since I've got players who use their own name as their password. Now, when a moderator uses such a password... it gets me a little angry...

    Is it possible you can add aliases for logging in? Such as /l
    Also, could you add a configuration node to kick after an incorrect password attempt? And also to kick after not logging in after a specified time?
     
  29. Offline

    CypherX

    Glad to see another possible supporter. As for you're requests/suggestions, I will definitely be adding the /login alias, the strike system will most likely be modified to allow the server manager to choose what happens after x amount of incorrect password attempts (kick, ban), and I'll see what I can do about kicking a player if they don't login after a certain amount of time.
     
  30. Offline

    RazorFlint

    Make so prompts you on login??
     
  31. Offline

    Plague

    Do not use a plus sign in the RB version, you should state the latest tested version.
     
Thread Status:
Not open for further replies.

Share This Page