Board index FlightGear Development New features

MP user authentication (was Re: EDDF-Triangle)

Discussion and requests for new features. Please note that FlightGear developers are volunteers and may or may not be able to consider these requests.

MP user authentication (was Re: EDDF-Triangle)

Postby FED-EX » Tue May 07, 2019 10:08 am

Split off from the topic EDDF-Triangle.

jomo wrote in Tue May 07, 2019 7:02 am:To All
seems the test did work - so I will try again with my post from Monday morning:
--------------
I am very sorry that we had to "block" our own EDDF-Triangle-Event on Sunday, due to the more and more aggressive takeover-attempts of someone using my UID (EDDFjom) for that. That guy is using that since several sessions (see the movies). Pls notice the following msg of that guy:
"SESSION IS BLOCKED DUE TO BAD LANGUAGE BY EDDF"
    * Obviously he is unable to notice that in our tech. environment the system shortens the ID "EDDFjomo" always to "EDDFjom". Thus he accuses himself! (Is that a laugh or a pity or purely idiotic..?)
    * Of course he is not able to give any references to those happenings - which should be documented all in our movies about the session.
    * By using a stolen UID he is not ashamed to charge all his own misbehaving to me (as the owner of that stolen UID)
And that was not just Sunday but he is trying that since weeks - thus I was sure it is time to clarify that! And after he left frustrated we continued normal (see movi http://www.emmerich-j.de/EDDF/Films/201 ... 18-114.mp4 at end)

Hopefully he learned and is old enough to show that he is able to build up something by himself - without the need to hide behind other people UID's.

I'm a bit surprised that you can easily capture an UID. One should register and secure these with the mp-servers together with an e-mail address and password. Is there no way?
Last edited by Johan G on Wed May 08, 2019 9:09 am, edited 2 times in total.
Reason: Split off from the topic "EDDF-Triangle". For context a quote of the preceding post were added. Changed name of topic (somehow missed that when I split the topic)
THE WORLD ON TIME.
User avatar
FED-EX
 
Posts: 41
Joined: Mon May 06, 2019 11:19 am
Location: EDDL
Callsign: FDX-98
Version: 2018.3.2
OS: Windows 10 Pro

Re: EDDF-Triangle

Postby Johan G » Tue May 07, 2019 3:38 pm

FED-EX wrote in Tue May 07, 2019 10:08 am:One should register and secure these with the mp-servers together with an e-mail address and password. Is there no way?

Unfortunately not. (You can register a callsign to be tracked on the tracker though, but that is not the same as being the only one that can use a certain callsign.)

It would most likely take someone dedicated to make a fork of the FlightGear Multiplayer Server (perm) and set up infrastructure for the authentication, while at the same time discussing the new feature on the developer mailing list to make it possible to integrate it into the existing infrastructure. This is how new features usually come about in the FlightGear community, for better or worse. It sometimes takes years, but it works.
Low-level flying — It's all fun and games till someone looses an engine. (Paraphrased from a YouTube video)
Improving the Dassault Mirage F1 (Wiki, Forum, GitLab. Work in slow progress)
Some YouTube videos
Johan G
Moderator
 
Posts: 6629
Joined: Fri Aug 06, 2010 6:33 pm
Location: Sweden
Callsign: SE-JG
IRC name: Johan_G
Version: 2020.3.4
OS: Windows 10, 64 bit

Re: EDDF-Triangle

Postby AAL545 » Tue May 07, 2019 5:08 pm

It would most likely take someone dedicated to make a fork of the FlightGear Multiplayer Server (perm) and set up infrastructure for the authentication, while at the same time discussing the new feature on the developer mailing list to make it possible to integrate it into the existing infrastructure. This is how new features usually come about in the FlightGear community, for better or worse. It sometimes takes years, but it works.


It seems that someone has enough knowledge of the MP infrastructure or has spent enough time to learn it for malicious purpose, sad!!!!


but that is not the same as being the only one that can use a certain callsign


Then that is a system bug, it should be possible to set up that there is only one user name allowed, and only one call sign, if not then we can have a mess!!


AAL4955
AAL545
 
Posts: 227
Joined: Tue Aug 08, 2017 5:14 am

Re: EDDF-Triangle

Postby Johan G » Tue May 07, 2019 5:25 pm

Johan G wrote in Tue May 07, 2019 3:38 pm:You can register a callsign to be tracked on the tracker though, but that is not the same as being the only one that can use a certain callsign.

AAL545 wrote in Tue May 07, 2019 5:08 pm:Then that is a system bug, it should be possible to set up that there is only one user name allowed, and only one call sign [...]

No, the tracker is separate from the MP servers. It only listens to them.

The registration was to cut down on the wast amount of data stored.[1] Storage is not without cost. The tracker, like a lot of the other infrastructure is run by a someone who is dedicating time and money to making a feature available. :wink:

[1] See the announcement Register your callsign on the tracker website October 1, 2016
Low-level flying — It's all fun and games till someone looses an engine. (Paraphrased from a YouTube video)
Improving the Dassault Mirage F1 (Wiki, Forum, GitLab. Work in slow progress)
Some YouTube videos
Johan G
Moderator
 
Posts: 6629
Joined: Fri Aug 06, 2010 6:33 pm
Location: Sweden
Callsign: SE-JG
IRC name: Johan_G
Version: 2020.3.4
OS: Windows 10, 64 bit

Re: EDDF-Triangle

Postby AAL545 » Tue May 07, 2019 8:23 pm

But please think twice before you register your callsign. Change of callsign will not be entertained.



Not too long ago there were trolls/ idiots at EDDF and they posted on the MP chat "just change your call sign", explanation please!!!


AAL4955
AAL545
 
Posts: 227
Joined: Tue Aug 08, 2017 5:14 am

Re: EDDF-Triangle

Postby jomo » Tue May 07, 2019 8:54 pm

I suggest urgently not to discuss this problem any more:
- we know that problem cannot be solved in the near future
- I am sure FGFS will not change it's basic philosophy that everybody (especially kids) should have easy access - without the need to register!
- let us rather concentrate on how to tell those bad ones (and their friends!!!!) that they are bad!

Otherwise you might give more and more hints to people who want to find more holes for their idiotic attempts.
jomo / ATCjomo + EDDFjo + EDDFjo1 + EDDFjo2
ATC at EDDF Fr,Sa,Su,We from 20:00 to 24:00 CET/MEZ., see http://www.emmerich-j.de
User avatar
jomo
 
Posts: 1000
Joined: Thu Feb 12, 2009 7:46 pm
Location: Mainz, Germany
Callsign: jomo EDDFjo1+2
OS: UBUNTU 18.4

Re: EDDF-Triangle

Postby tdammers » Tue May 07, 2019 8:57 pm

AAL545 wrote in Tue May 07, 2019 5:08 pm:It seems that someone has enough knowledge of the MP infrastructure or has spent enough time to learn it for malicious purpose, sad!!!!


It doesn't take a lot of knowledge. All you need to know is how to set your callsign, and that there is no authentication; virtually everyone who has ever been on FG MP at all knows enough to do this kind of thing. I know that more than a handful of people have a problem with Jomo, for better or worse, and while most of them just silently move on, I wouldn't be surprised to see one or two react more destructively.

AAL545 wrote in Tue May 07, 2019 5:08 pm:Then that is a system bug, it should be possible to set up that there is only one user name allowed, and only one call sign, if not then we can have a mess!!


It probably should, but the problem is that this requires a lot more infrastructure, effort, and ongoing maintenance than the current situation. Right now, FG itself just sends the callsign as a property like every other, and the MP server just accepts packets from anyone who connects. Easy. But if you want authentication, you need:

- An authentication database that stores and manages users, their credentials, their passwords, and their callsigns.
- A frontend to that database that people can use to sign up and manage their accounts.
- An API on top of that database that applications (including FG and the MP servers) can connect to, including some sort of login / session / token mechanism.
- An SMTP server, because none of this will work if you can't send mail.
- A mechanism for FG to log into the API and forward the token that proves the validity of the login to the MP server it connects to.
- A mechanism in the MP server software to receive that token, talk to the API to verify it, and reject traffic from unauthenticated users / callsigns.
- Some sort of moderation mechanism; the whole login system only makes sense if we can use it to kick out / block /shadowban / ... people who misbehave.

And to make all that happen, you will need:

- Someone to provide the infrastructure (servers, domain names, storage, bandwidth)
- Someone to actually build that software
- Someone to keep it running (perform server maintenance, keep an eye on monitoring and server logs)
- Someone to actually police the whole thing

None of this is impossible, but it's not a trivial effort, and not having it isn't so much a bug as it is a decision to not implement something for which the resources aren't available.

FG and its ecosystem are, by and large, open source, so that means things happen if and when someone steps forward and makes them happen, because they want them to happen badly enough to either do the work themselves, or pay someone to do it for them.

But there's another side to all this, which is that despite all the friction we've seen lately, a substantial number of people in the community are actually very happy with the "free for all" situation, and they will (rightfully) argue that more restrictive alternatives already exist: you can always run your own MP server, and putting some sort of authentication mechanism in front of that is perfectly possible (IIRC the OPRF folks do exactly this); and starting with the 2019.2 release, you can fly FG on VATSIM (I've tried it; there are a few rough edges still, but it works fine), where all of the above things, and then some, already exist in production-ready, battle-hardened quality. FG MP is chaotic, but that's not ONLY a bad thing.
tdammers
 
Posts: 391
Joined: Wed Dec 13, 2017 11:35 am
Callsign: NL256
IRC name: nl256

MP user authentication

Postby AAL545 » Tue May 07, 2019 11:34 pm

My point was that no one should be able to use MY call sign, open source or not.
I have set up servers and web sites including authentication so I know a thing or two what's involved, now I agree the logging is a totally different matter (good and bad).


AAL4955
AAL545
 
Posts: 227
Joined: Tue Aug 08, 2017 5:14 am

Re: EDDF-Triangle

Postby FED-EX » Wed May 08, 2019 6:14 am

that's all right and understandable. Open source is a big asset, but if multiplayer can fly all over the place and drive air traffic ad absurdum, Flight Gear must be aware that it is no longer a simulation but an arcade game (in multiplayer mode). I would only be displeased if someone uses my callsign (FED-EX) and is neglected by Jomo. And at first I do not know anything about it ...

Anyway, we should accept misconduct and focus on getting better ourselves. In case of problems, we have the forum for sharing.
THE WORLD ON TIME.
User avatar
FED-EX
 
Posts: 41
Joined: Mon May 06, 2019 11:19 am
Location: EDDL
Callsign: FDX-98
Version: 2018.3.2
OS: Windows 10 Pro

Re: EDDF-Triangle

Postby V12 » Wed May 08, 2019 6:41 am

OpenSource is like unguided missile. No standards, main rule is FREE TO ALL. And it is not good. If I'm flying offline, all is OK. But at moment when I enter to MP, I entered into some kind of the society. And all society should have rules. And basic rules of MP comunities are login and password. IMHO, FG MP mode should use login, all problems with trolls should be solved on this forum.
I will have not problem with login to MP.

Check some YT videos with trolls in FSX. I'm very happy that this is not in FG.
Fly high, fly fast - fly Concorde !
V12
 
Posts: 2757
Joined: Thu Jan 12, 2017 5:27 pm
Location: LZIB
Callsign: BAWV12

Re: Re: EDDF-Triangle

Postby tdammers » Wed May 08, 2019 9:01 am

You guys are misunderstanding what I was saying. "Open Source" does not mean you can't have authentication on your servers. It just means that the source code for the software must be freely available, and that the license must allow anyone to use the software, inspect the code, modify it, and share it in its original or modified form. But that doesn't mean that someone who runs the software on their servers cannot enforce authentication - if that were the case, then all the open-source security software out there, all the insanely popular open-source operating systems, server software, websites, encryption suites, web browsers, etc., couldn't possibly work, because they all require handling secrets, encryption, access rules, and the like, in some way or another.

My argument was not that authentication and enforced rules are fundamentally incompatible with open source, or that we would have to give up open source in order to make that happen.

My argument was that in order to make authenticated MP servers happen, someone will have to write the code, and someone will have to convince the community and the server administrators to accept it. Anyone can do that, exactly BECAUSE flightgear is open source. The problem is just that, because nobody is getting rich from FG, that code will only be written, and that community lobbying will only be done, once someone has a strong enough interest to either do it themselves, or pay someone to do it for them.

Personally, I think a good goal would be a setup similar to how authentication works on IRC networks like freenode:

- The default is "free for all": pick a callsign / nick and start using it without further ado, exactly like it works today.
- Callsigns can be registered; this is completely optional, however, once registered, any user trying to use a registered callsign without authenticating will be kicked off the server.

IRC uses bots for the registration and authentication part ("nickserv" on freenode), but I believe that for FG, it might be better to extend the MP protocol to support these things directly (although implementing it all on top of chat messages is, in principle, possible).

I think that this would strike a good balance between keeping the barrier to entry minimal and preventing this particular kind of trolling / identity fraud. If you just want to fly casually, pick any unregistered callsign and get cracking; if your callsign is important / valuable to you, register it.
tdammers
 
Posts: 391
Joined: Wed Dec 13, 2017 11:35 am
Callsign: NL256
IRC name: nl256

MP user authentication

Postby FED-EX » Thu May 09, 2019 6:55 am

Yesterday was such a miserable troll that disturbed ATC. But I think that was pretty well solved by the true ATC and we pretty well ignored this madman.

Unfortunately, I did not pay attention once, when I was approaching and the lunatic has given a new height (4000ft), which was not true (I should stay at 3000ft). That would have almost neglected me. Here I would have expected a little more patience on the part of the professional ATC instead of snarling at me right away.

I'm installing mumble tonight, then the issue is annoying text dialog done anyway. In the end, my line broke down, although I was just fine in the (second) approach. And I still have to learn what's left and right :).
THE WORLD ON TIME.
User avatar
FED-EX
 
Posts: 41
Joined: Mon May 06, 2019 11:19 am
Location: EDDL
Callsign: FDX-98
Version: 2018.3.2
OS: Windows 10 Pro

Re: MP user authentication

Postby jomo » Fri May 10, 2019 10:37 am

[quote="FED-EX";p=347656]
Thx for trying - and I guess it ran well - except when you (accidentally) followed an advise of the lunatic. But sorry: If there are several customers it really is a very very hard time to ctrl who is "friend" and who "follows (or switched to) this idiot".

I love your suggestion: Let us promote "mumble" for all. The ID of voice is hard to fake! And everybody saying they cannot afford a headset --> that is not needed (at least not for people that have an handy!). "mumble" is available for ALL OperatingSystems (including handies!) and it is free of charge! And usually they come with headsets - so nobody has to pay for them extra"

The only problem: Also that can be misused - as it happened already several times: Somebody playing (Nazi_music, bad intoxicated speeches, etc. ). "BUT: " we proved already twice that we can find even his (or his employer or parents) local Adr via IP tracking -- that ended that problem within a day -- I hope our now absolute idiot has enough brain to guess what might happen in court and especially what may his future employers think/do when they get to know!
jomo / ATCjomo + EDDFjo + EDDFjo1 + EDDFjo2
ATC at EDDF Fr,Sa,Su,We from 20:00 to 24:00 CET/MEZ., see http://www.emmerich-j.de
User avatar
jomo
 
Posts: 1000
Joined: Thu Feb 12, 2009 7:46 pm
Location: Mainz, Germany
Callsign: jomo EDDFjo1+2
OS: UBUNTU 18.4

Re: MP user authentication (was Re: EDDF-Triangle)

Postby geed » Mon May 03, 2021 8:54 am

Sounds like a plan to me.

Free means, pick any callsign and if you pick someone's callsign that has been registered, you will get an error.

Registering somewhere central to claim a callsign will be possible and logging onto the server with either username and password or maybe even better, a one time password, generated by the registration backend.

The user will initiate the login process to the MP server he wants to hop on.
That will initiate a UI for username and password, which are then sent to the server.
The server generates a one time password that is being sent to the server and to the user.
The user code will automatically send a login message to the server including the one time password and the server accepts as long as the one time password is active. (it only has a short life time of let's say 30 seconds)
In any case where the OTP (one time password) does not match a new username password dialog will be triggered.

This whole OTP stuff is nessesary to not to send the username password to the server directly as there is no encryption available as far as I know. So you have to separate authentication streams that cannot interfere with each other and a man in the middle attack is quite difficult to maintain which makes the whole thing more secure.
geed
 
Posts: 89
Joined: Fri Apr 18, 2014 1:53 pm
Location: in between
Callsign: G-EED
Version: 2017.3.1
OS: OSX, Win8.1

Re: MP user authentication (was Re: EDDF-Triangle)

Postby benih » Mon May 03, 2021 11:45 am

Registering somewhere central to claim a callsign will be possible and logging onto the server with either username and password or maybe even better, a one time password, generated by the registration backend.

"The Battle for Wesnoth" solves this by linking the ingame account to their forum account.
Couldn't we have this too? It should be straightforward, because the username/password stuff would be handled by the forums software and the MP-Servers just need to make a SQL query against the SQL-Server hosting the forum.

When receiving a new pilot, the MP-Server:
1. query the SQL db if the callsign is claimed (additionally check against last login or something like that, so long-time-unused callsignes can be reclaimed)
2a. If no, let the pilot proceed
2b. If yes, check the supplied password against the DB, and if succeeding, proceed.


This whole OTP stuff is nessesary to not to send the username password to the server directly as there is no encryption available as far as I know. So you have to separate authentication streams that cannot interfere with each other and a man in the middle attack is quite difficult to maintain which makes the whole thing more secure.

The easier option would be to make comms ssl encrypted, probably, at least for the authentication transactions.
User avatar
benih
 
Posts: 1689
Joined: Tue Aug 15, 2017 10:34 am
Callsign: D-EBHX
Version: next
OS: Debian Linux 64bit

Next

Return to New features

Who is online

Users browsing this forum: wlbragg and 4 guests