gmsv_rcon - Lua controlled RCON authentication

This module allows you to handle the RCON protocol via Lua.

Hooks:

Return nil to pass the data onto the engine.

RCON_CheckPassword(password:string, ip:string, port:number) - Called when client’s password is checked against the server’s. Return true for valid, false for invalid, nil for the default handler.

RCON_WriteDataRequest(id:number, request:number, data:string, ip:string, port:number) - Called when client ‘requests’ the server to do something (authenticate, execute command).

RCON_LogCommand(msg:string, ip:string, port:number) - Called when the engine has processed a data request. Usually seen in console as:

(If sv_rcon_log is enabled)

Examples:

[lua]require(“rcon”)

RCON_Passwords = {
[“192.168.1.1”] = “hi”,
[“123.456.78.9”] = “hello”,
}

RCON_RestrictedCommands = {
“lua_run”,
}

hook.Add(“RCON_CheckPassword”, “MultiPass”, function(pass, ip, port)
local entry = RCON_Passwords[ip]

if (entry) then --Always true with hook below running
	if (pass == entry) then
		ServerLog(string.format("[gmsv_rcon] (%s:%d) RCON auth successful

", ip, port))

		return true
	else
		ServerLog(string.format("[gmsv_rcon] (%s:%d) RCON auth failed

", ip, port))

		return false
	end
end

--Don't return, let engine handle (Checks rcon_password cvar)

end )

hook.Add(“RCON_WriteDataRequest”, “ProcessData”, function(id, request, data, ip, port)
local entry = RCON_Passwords[ip]

if (entry) then
	if (request == 2) then --Command
		local restricted = false

		for k, v in ipairs(RCON_RestrictedCommands) do
			if (string.Left(data, string.len(v)) == v) then
				restricted = true
				
				break
			end
		end
		
		if (restricted) then
			ServerLog(string.format("[gmsv_rcon] (%s:%d) Client tried to run restricted command '%s'

", ip, port, data))

			return false --Don't tell the engine, prevent command being added to buffer
		else
			ServerLog(string.format("[gmsv_rcon] (%s:%d) RCON command '%s'

“, ip, port, data))
end
elseif (request == 3) then --Auth
ServerLog(string.format(”[gmsv_rcon] (%s:%d) RCON auth attempt
", ip, port))
end

	--Others unknown for now (VPROF, screenshots?), pass to engine
else
	ServerLog(string.format("[gmsv_rcon] (%s:%d) Unauthorized RCON request

", ip, port))

	return false --Don't pass to engine
end

end )

hook.Add(“RCON_LogCommand”, “LogMessages”, function(msg, ip, port)
local str = string.format(“RCON message from %s:%d (%s)”, ip, port, msg)

for k, v in ipairs(player.GetAll()) do
	v:ChatPrint(str)
end

end )[/lua]

[lua]require(“rcon”)

local ipNames = {
[“192.168.1.1”] = “Chrisaster”,
}

hook.Add(“RCON_WriteDataRequest”, “ProcessData”, function(id, request, data, ip, port)
if (request == 2) then --Command
if (string.match(data, “^(say .+)”)) then
local msg = string.format("(RCON) %s: %s", ipNames[ip] || “Console”, string.sub(data, 5, string.len(data)))

		for k, v in ipairs(player.GetAll()) do
			v:ChatPrint(msg)
		end

		return false --Ignore the command, handled manually
	end
end

end )[/lua]

Download:

http://christopherthorne.googlecode.com/svn/trunk/gmsv_rcon/release/gmsv_rcon.dll (Updated 24/06/12)

Awesome, very useful.

Awsome, now i can stop people from hacking my rcon

Fucking awesome. Finally no more rcon hacking. And we can give away the rcon passwords now without having to worry for passwords leaks.

Wow, this is simply awesome. How did someone not think of this before?

I’ve just noticed there’s a problem with the custom password thing - I’m working on adding it now.

[editline]05:09PM[/editline]

Added a new hook to support custom passwords, RCON_CheckPassword.

I love this.

:buddy:

Awesome.

Epic :smiley:

This would be really useful if I didn’t just use Remote Desktop, I might use it to further restrict off rcon.

Oh my god, ive been waiting for this.

-snip-

Nevermind

Hey, that’s my avatar :argh:

I had that for about 10 minutes until I realised that the frames were overlapping.

Very useful module. Now I can make a username/password kinda RCON authentication.

I ripped it myself from Doom. Only pain.net screwed the frames up. But i shall change it when i find something decent

Omg i ripped rcon password from your code, i gonna go hack those srvars now>

I think you are confusing that with gmsh_rcon.dll.

Can’t get it to work on our dedicated server. Server crashes as soon as I try to ‘test’ the password. And this is all I have in the script right now:

[lua]
//Include the module
require( “rcon” )

//All access to rcon is rerouted through here
hook.Add( “RCON_CheckPassword”, “CheckPassword”, function( sPassword, sIP, iPort )
print("[RCON] Checking RCON pass ‘"…sPassword…"’ from "…sIP)

end )

//All commands made through rcon are rerouted here
hook.Add( “RCON_WriteDataRequest”, “ProcessData”, function( iID, iRequest, sData, sIP, iPort )
print("[RCON] Request from "…sIP)
end )

//Rcon messages
hook.Add( “RCON_LogCommand”, “LogMessages”, function( sText, sIP, iPort )
print("[RCON] Log from “…sIP…”:"…iPort…" - "…sText)
end )
[/lua]

Tried with SourceMod and MetaMod disabled, but it still crashed. Re-downloaded all server binaries; still crashed.

Strange, can you send me the dump it (should have) generated?

Using your code: