From 9773803e4eb5f986750eb4daa726b25bb41e96e8 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Mon, 17 Oct 2022 12:17:07 +0200 Subject: [PATCH] [MP] Add optional authentication to SceneMultiplayer. Add few methods to allow peers to exchange authentication information. - `set_auth_callback(callback)`: Enable the authentication features. The callback is a `Callable` that accepts an `int` (the peer ID), and a `PackedByteArray` of data. - The `peer_authenticating(id)` signal will be emitted instead of `peer_connected` when a new peer connects. - Use `send_auth(id: int, data: PackedByteArray)` to exchange data. - Call `complete_auth(id: int)` when the authentication process is complete and you expect to start receiving game data. - The `peer_connected` signal will be emitted as soon as both parties complete the authentication. - Use `disconnect_peer(id)` to disconnect a connected peer. - If the `peer_connected` signal didn't fire for that peer (i.e. it was still in the authentication phase), the `peer_auth_failed` signal will be emitted instead of `peer_disconnected`. --- .../doc_classes/SceneMultiplayer.xml | 47 ++++ modules/multiplayer/scene_multiplayer.cpp | 213 +++++++++++++++++- modules/multiplayer/scene_multiplayer.h | 23 ++ 3 files changed, 271 insertions(+), 12 deletions(-) diff --git a/modules/multiplayer/doc_classes/SceneMultiplayer.xml b/modules/multiplayer/doc_classes/SceneMultiplayer.xml index a7b89f58ac2..e4e2b4f6311 100644 --- a/modules/multiplayer/doc_classes/SceneMultiplayer.xml +++ b/modules/multiplayer/doc_classes/SceneMultiplayer.xml @@ -19,6 +19,35 @@ Clears the current SceneMultiplayer network state (you shouldn't call this unless you know what you are doing). + + + + + Mark the authentication step as completed for the remote peer identified by [param id]. The [signal MultiplayerAPI.peer_connected] signal will be emitted for this peer once the remote side also completes the authentication. No further authentication messages are expected to be received from this peer. + If a peer disconnects before completing authentication, either due to a network issue, the [member auth_timeout] expiring, or manually calling [method disconnect_peer], the [signal peer_authentication_failed] signal will be emitted instead of [signal MultiplayerAPI.peer_disconnected]. + + + + + + + Disconnects the peer identified by [param id], removing it from the list of connected peers, and closing the underlying connection with it. + + + + + + Returns the IDs of the peers currently trying to authenticate with this [MultiplayerAPI]. + + + + + + + + Sends the specified [param data] to the remote peer identified by [param id] as part of an authentication message. This can be used to authenticate peers, and control when [signal MultiplayerAPI.peer_connected] is emitted (and the remote peer accepted as one of the connected peers). + + @@ -35,6 +64,12 @@ If [code]true[/code], the MultiplayerAPI will allow encoding and decoding of object during RPCs. [b]Warning:[/b] Deserialized objects can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threat such as remote code execution. + + The callback to execute when when receiving authentication data sent via [method send_auth]. If the [Callable] is empty (default), peers will be automatically accepted as soon as they connect. + + + If set to a value greater than [code]0.0[/code], the maximum amount of time peers can stay in the authenticating state, after which the authentication will automatically fail. See the [signal peer_authenticating] and [signal peer_authentication_failed] signals. + If [code]true[/code], the MultiplayerAPI's [member MultiplayerAPI.multiplayer_peer] refuses new incoming connections. @@ -48,6 +83,18 @@ + + + + Emitted when this MultiplayerAPI's [member MultiplayerAPI.multiplayer_peer] connects to a new peer and a valid [member auth_callback] is set. In this case, the [signal MultiplayerAPI.peer_connected] will not be emitted until [method complete_auth] is called with given peer [param id]. While in this state, the peer will not be included in the list returned by [method MultiplayerAPI.get_peers] (but in the one returned by [method get_authenticating_peers]), and only authentication data will be sent or received. See [method send_auth] for sending authentication data. + + + + + + Emitted when this MultiplayerAPI's [member MultiplayerAPI.multiplayer_peer] disconnects from a peer for which authentication had not yet completed. See [signal peer_authenticating]. + + diff --git a/modules/multiplayer/scene_multiplayer.cpp b/modules/multiplayer/scene_multiplayer.cpp index f94f8ef6585..73c4346d937 100644 --- a/modules/multiplayer/scene_multiplayer.cpp +++ b/modules/multiplayer/scene_multiplayer.cpp @@ -51,14 +51,27 @@ void SceneMultiplayer::profile_bandwidth(const String &p_inout, int p_size) { } #endif +void SceneMultiplayer::_update_status() { + MultiplayerPeer::ConnectionStatus status = multiplayer_peer.is_valid() ? multiplayer_peer->get_connection_status() : MultiplayerPeer::CONNECTION_DISCONNECTED; + if (last_connection_status != status) { + if (status == MultiplayerPeer::CONNECTION_DISCONNECTED) { + clear(); + } + last_connection_status = status; + } +} + Error SceneMultiplayer::poll() { - if (!multiplayer_peer.is_valid() || multiplayer_peer->get_connection_status() == MultiplayerPeer::CONNECTION_DISCONNECTED) { - return ERR_UNCONFIGURED; + _update_status(); + if (last_connection_status == MultiplayerPeer::CONNECTION_DISCONNECTED) { + return OK; } multiplayer_peer->poll(); - if (!multiplayer_peer.is_valid()) { // It's possible that polling might have resulted in a disconnection, so check here. + _update_status(); + if (last_connection_status != MultiplayerPeer::CONNECTION_CONNECTED) { + // We might be still connecting, or polling might have resulted in a disconnection. return OK; } @@ -73,8 +86,48 @@ Error SceneMultiplayer::poll() { Error err = multiplayer_peer->get_packet(&packet, len); ERR_FAIL_COND_V_MSG(err != OK, err, vformat("Error getting packet! %d", err)); + if (pending_peers.has(sender)) { + if (pending_peers[sender].local) { + // If the auth is over, admit the peer at the first packet. + pending_peers.erase(sender); + _admit_peer(sender); + } else { + ERR_CONTINUE(len < 2 || (packet[0] & CMD_MASK) != NETWORK_COMMAND_SYS || packet[1] != SYS_COMMAND_AUTH); + // Auth message. + PackedByteArray pba; + pba.resize(len - 2); + if (pba.size()) { + memcpy(pba.ptrw(), &packet[2], len - 2); + // User callback + const Variant sv = sender; + const Variant pbav = pba; + const Variant *argv[2] = { &sv, &pbav }; + Variant ret; + Callable::CallError ce; + auth_callback.callp(argv, 2, ret, ce); + ERR_CONTINUE_MSG(ce.error != Callable::CallError::CALL_OK, "Failed to call authentication callback"); + } else { + // Remote complete notification. + pending_peers[sender].remote = true; + if (pending_peers[sender].local) { + pending_peers.erase(sender); + _admit_peer(sender); + } + } + continue; // Auth in progress. + } + } + + ERR_CONTINUE(!connected_peers.has(sender)); + if (len && (packet[0] & CMD_MASK) == NETWORK_COMMAND_SYS) { // Sys messages are processed separately since they might call _process_packet themselves. + if (len > 1 && packet[1] == SYS_COMMAND_AUTH) { + ERR_CONTINUE(len != 2); + // If we are here, we already admitted the peer locally, and this is just a confirmation packet. + continue; + } + _process_sys(sender, packet, len, mode, channel); } else { remote_sender_id = sender; @@ -82,17 +135,42 @@ Error SceneMultiplayer::poll() { remote_sender_id = 0; } - if (!multiplayer_peer.is_valid()) { - return OK; // It's also possible that a packet or RPC caused a disconnection, so also check here. + _update_status(); + if (last_connection_status != MultiplayerPeer::CONNECTION_CONNECTED) { // It's possible that processing a packet might have resulted in a disconnection, so check here. + return OK; } } + if (pending_peers.size() && auth_timeout) { + HashSet to_drop; + uint64_t time = OS::get_singleton()->get_ticks_msec(); + for (const KeyValue &pending : pending_peers) { + if (pending.value.time + auth_timeout <= time) { + multiplayer_peer->disconnect_peer(pending.key); + to_drop.insert(pending.key); + } + } + for (const int &P : to_drop) { + // Each signal might trigger a disconnection. + pending_peers.erase(P); + emit_signal(SNAME("peer_authentication_failed"), P); + } + } + + _update_status(); + if (last_connection_status != MultiplayerPeer::CONNECTION_CONNECTED) { // Signals might have triggered disconnection. + return OK; + } + replicator->on_network_process(); return OK; } void SceneMultiplayer::clear() { + last_connection_status = MultiplayerPeer::CONNECTION_DISCONNECTED; + pending_peers.clear(); connected_peers.clear(); packet_cache.clear(); + replicator->on_reset(); cache->clear(); relay_buffer->clear(); } @@ -132,7 +210,7 @@ void SceneMultiplayer::set_multiplayer_peer(const Ref &p_peer) multiplayer_peer->connect("connection_failed", callable_mp(this, &SceneMultiplayer::_connection_failed)); multiplayer_peer->connect("server_disconnected", callable_mp(this, &SceneMultiplayer::_server_disconnected)); } - replicator->on_reset(); + _update_status(); } Ref SceneMultiplayer::get_multiplayer_peer() { @@ -193,18 +271,19 @@ Error SceneMultiplayer::send_command(int p_to, const uint8_t *p_packet, int p_pa const Vector data = relay_buffer->get_data_array(); return multiplayer_peer->put_packet(data.ptr(), relay_buffer->get_position()); } - if (p_to < 0) { + if (p_to > 0) { + ERR_FAIL_COND_V(!connected_peers.has(p_to), ERR_BUG); + multiplayer_peer->set_target_peer(p_to); + return multiplayer_peer->put_packet(p_packet, p_packet_len); + } else { for (const int &pid : connected_peers) { - if (pid == -p_to) { + if (p_to && pid == -p_to) { continue; } multiplayer_peer->set_target_peer(pid); multiplayer_peer->put_packet(p_packet, p_packet_len); } return OK; - } else { - multiplayer_peer->set_target_peer(p_to); - return multiplayer_peer->put_packet(p_packet, p_packet_len); } } @@ -215,7 +294,7 @@ void SceneMultiplayer::_process_sys(int p_from, const uint8_t *p_packet, int p_p switch (sys_cmd_type) { case SYS_COMMAND_ADD_PEER: { ERR_FAIL_COND(!server_relay || !multiplayer_peer->is_server_relay_supported() || get_unique_id() == 1 || p_from != 1); - _add_peer(peer); + _admit_peer(peer); // Relayed peers are automatically accepted. } break; case SYS_COMMAND_DEL_PEER: { ERR_FAIL_COND(!server_relay || !multiplayer_peer->is_server_relay_supported() || get_unique_id() == 1 || p_from != 1); @@ -273,6 +352,17 @@ void SceneMultiplayer::_process_sys(int p_from, const uint8_t *p_packet, int p_p } void SceneMultiplayer::_add_peer(int p_id) { + if (auth_callback.is_valid()) { + pending_peers[p_id] = PendingPeer(); + pending_peers[p_id].time = OS::get_singleton()->get_ticks_msec(); + emit_signal(SNAME("peer_authenticating"), p_id); + return; + } else { + _admit_peer(p_id); + } +} + +void SceneMultiplayer::_admit_peer(int p_id) { if (server_relay && get_unique_id() == 1 && multiplayer_peer->is_server_relay_supported()) { // Notify others of connection, and send connected peers to newly connected one. uint8_t buf[SYS_CMD_SIZE]; @@ -299,6 +389,14 @@ void SceneMultiplayer::_add_peer(int p_id) { } void SceneMultiplayer::_del_peer(int p_id) { + if (pending_peers.has(p_id)) { + pending_peers.erase(p_id); + emit_signal(SNAME("peer_authentication_failed"), p_id); + return; + } else if (!connected_peers.has(p_id)) { + return; + } + if (server_relay && get_unique_id() == 1 && multiplayer_peer->is_server_relay_supported()) { // Notify others of disconnection. uint8_t buf[SYS_CMD_SIZE]; @@ -322,6 +420,16 @@ void SceneMultiplayer::_del_peer(int p_id) { emit_signal(SNAME("peer_disconnected"), p_id); } +void SceneMultiplayer::disconnect_peer(int p_id) { + ERR_FAIL_COND(multiplayer_peer.is_null() || multiplayer_peer->get_connection_status() != MultiplayerPeer::CONNECTION_CONNECTED); + if (pending_peers.has(p_id)) { + pending_peers.erase(p_id); + } else if (connected_peers.has(p_id)) { + connected_peers.has(p_id); + } + multiplayer_peer->disconnect_peer(p_id); +} + void SceneMultiplayer::_connected_to_server() { emit_signal(SNAME("connected_to_server")); } @@ -353,6 +461,61 @@ Error SceneMultiplayer::send_bytes(Vector p_data, int p_to, Multiplayer return send_command(p_to, packet_cache.ptr(), p_data.size() + 1); } +Error SceneMultiplayer::send_auth(int p_to, Vector p_data) { + ERR_FAIL_COND_V(multiplayer_peer.is_null() || multiplayer_peer->get_connection_status() != MultiplayerPeer::CONNECTION_CONNECTED, ERR_UNCONFIGURED); + ERR_FAIL_COND_V(!pending_peers.has(p_to), ERR_INVALID_PARAMETER); + ERR_FAIL_COND_V(p_data.size() < 1, ERR_INVALID_PARAMETER); + ERR_FAIL_COND_V_MSG(pending_peers[p_to].local, ERR_FILE_CANT_WRITE, "The authentication session was previously marked as completed, no more authentication data can be sent."); + ERR_FAIL_COND_V_MSG(pending_peers[p_to].remote, ERR_FILE_CANT_WRITE, "The remote peer notified that the authentication session was completed, no more authentication data can be sent."); + + if (packet_cache.size() < p_data.size() + 2) { + packet_cache.resize(p_data.size() + 2); + } + + packet_cache.write[0] = NETWORK_COMMAND_SYS; + packet_cache.write[1] = SYS_COMMAND_AUTH; + memcpy(&packet_cache.write[2], p_data.ptr(), p_data.size()); + + multiplayer_peer->set_target_peer(p_to); + multiplayer_peer->set_transfer_channel(0); + multiplayer_peer->set_transfer_mode(MultiplayerPeer::TRANSFER_MODE_RELIABLE); + return multiplayer_peer->put_packet(packet_cache.ptr(), p_data.size() + 2); +} + +Error SceneMultiplayer::complete_auth(int p_peer) { + ERR_FAIL_COND_V(multiplayer_peer.is_null() || multiplayer_peer->get_connection_status() != MultiplayerPeer::CONNECTION_CONNECTED, ERR_UNCONFIGURED); + ERR_FAIL_COND_V(!pending_peers.has(p_peer), ERR_INVALID_PARAMETER); + ERR_FAIL_COND_V_MSG(pending_peers[p_peer].local, ERR_FILE_CANT_WRITE, "The authentication session was already marked as completed."); + pending_peers[p_peer].local = true; + // Notify the remote peer that the authentication has completed. + uint8_t buf[2] = { NETWORK_COMMAND_SYS, SYS_COMMAND_AUTH }; + Error err = multiplayer_peer->put_packet(buf, 2); + // The remote peer already reported the authentication as completed, so admit the peer. + // May generate new packets, so it must happen after sending confirmation. + if (pending_peers[p_peer].remote) { + pending_peers.erase(p_peer); + _admit_peer(p_peer); + } + return err; +} + +void SceneMultiplayer::set_auth_callback(Callable p_callback) { + auth_callback = p_callback; +} + +Callable SceneMultiplayer::get_auth_callback() const { + return auth_callback; +} + +void SceneMultiplayer::set_auth_timeout(double p_timeout) { + ERR_FAIL_COND_MSG(p_timeout < 0, "Timeout must be greater or equal to 0 (where 0 means no timeout)"); + auth_timeout = uint64_t(p_timeout * 1000); +} + +double SceneMultiplayer::get_auth_timeout() const { + return double(auth_timeout) / 1000.0; +} + void SceneMultiplayer::_process_raw(int p_from, const uint8_t *p_packet, int p_packet_len) { ERR_FAIL_COND_MSG(p_packet_len < 2, "Invalid packet received. Size too small."); @@ -392,6 +555,16 @@ Vector SceneMultiplayer::get_peer_ids() { return ret; } +Vector SceneMultiplayer::get_authenticating_peer_ids() { + Vector out; + out.resize(pending_peers.size()); + int idx = 0; + for (const KeyValue &E : pending_peers) { + out.write[idx++] = E.key; + } + return out; +} + void SceneMultiplayer::set_allow_object_decoding(bool p_enable) { allow_object_decoding = p_enable; } @@ -453,6 +626,18 @@ void SceneMultiplayer::_bind_methods() { ClassDB::bind_method(D_METHOD("set_root_path", "path"), &SceneMultiplayer::set_root_path); ClassDB::bind_method(D_METHOD("get_root_path"), &SceneMultiplayer::get_root_path); ClassDB::bind_method(D_METHOD("clear"), &SceneMultiplayer::clear); + + ClassDB::bind_method(D_METHOD("disconnect_peer", "id"), &SceneMultiplayer::disconnect_peer); + + ClassDB::bind_method(D_METHOD("get_authenticating_peers"), &SceneMultiplayer::get_authenticating_peer_ids); + ClassDB::bind_method(D_METHOD("send_auth", "id", "data"), &SceneMultiplayer::send_auth); + ClassDB::bind_method(D_METHOD("complete_auth", "id"), &SceneMultiplayer::complete_auth); + + ClassDB::bind_method(D_METHOD("set_auth_callback", "callback"), &SceneMultiplayer::set_auth_callback); + ClassDB::bind_method(D_METHOD("get_auth_callback"), &SceneMultiplayer::get_auth_callback); + ClassDB::bind_method(D_METHOD("set_auth_timeout", "timeout"), &SceneMultiplayer::set_auth_timeout); + ClassDB::bind_method(D_METHOD("get_auth_timeout"), &SceneMultiplayer::get_auth_timeout); + ClassDB::bind_method(D_METHOD("set_refuse_new_connections", "refuse"), &SceneMultiplayer::set_refuse_new_connections); ClassDB::bind_method(D_METHOD("is_refusing_new_connections"), &SceneMultiplayer::is_refusing_new_connections); ClassDB::bind_method(D_METHOD("set_allow_object_decoding", "enable"), &SceneMultiplayer::set_allow_object_decoding); @@ -462,12 +647,16 @@ void SceneMultiplayer::_bind_methods() { ClassDB::bind_method(D_METHOD("send_bytes", "bytes", "id", "mode", "channel"), &SceneMultiplayer::send_bytes, DEFVAL(MultiplayerPeer::TARGET_PEER_BROADCAST), DEFVAL(MultiplayerPeer::TRANSFER_MODE_RELIABLE), DEFVAL(0)); ADD_PROPERTY(PropertyInfo(Variant::NODE_PATH, "root_path"), "set_root_path", "get_root_path"); + ADD_PROPERTY(PropertyInfo(Variant::CALLABLE, "auth_callback"), "set_auth_callback", "get_auth_callback"); + ADD_PROPERTY(PropertyInfo(Variant::FLOAT, "auth_timeout", PROPERTY_HINT_RANGE, "0,30,0.1,or_greater,suffix:s"), "set_auth_timeout", "get_auth_timeout"); ADD_PROPERTY(PropertyInfo(Variant::BOOL, "allow_object_decoding"), "set_allow_object_decoding", "is_object_decoding_allowed"); ADD_PROPERTY(PropertyInfo(Variant::BOOL, "refuse_new_connections"), "set_refuse_new_connections", "is_refusing_new_connections"); ADD_PROPERTY(PropertyInfo(Variant::BOOL, "server_relay"), "set_server_relay_enabled", "is_server_relay_enabled"); ADD_PROPERTY_DEFAULT("refuse_new_connections", false); + ADD_SIGNAL(MethodInfo("peer_authenticating", PropertyInfo(Variant::INT, "id"))); + ADD_SIGNAL(MethodInfo("peer_authentication_failed", PropertyInfo(Variant::INT, "id"))); ADD_SIGNAL(MethodInfo("peer_packet", PropertyInfo(Variant::INT, "id"), PropertyInfo(Variant::PACKED_BYTE_ARRAY, "packet"))); } diff --git a/modules/multiplayer/scene_multiplayer.h b/modules/multiplayer/scene_multiplayer.h index 06d7b2c7a78..a8e182db92e 100644 --- a/modules/multiplayer/scene_multiplayer.h +++ b/modules/multiplayer/scene_multiplayer.h @@ -53,6 +53,7 @@ public: }; enum SysCommands { + SYS_COMMAND_AUTH, SYS_COMMAND_ADD_PEER, SYS_COMMAND_DEL_PEER, SYS_COMMAND_RELAY, @@ -76,7 +77,17 @@ public: }; private: + struct PendingPeer { + bool local = false; + bool remote = false; + uint64_t time = 0; + }; + Ref multiplayer_peer; + MultiplayerPeer::ConnectionStatus last_connection_status = MultiplayerPeer::CONNECTION_DISCONNECTED; + HashMap pending_peers; // true if locally finalized. + Callable auth_callback; + uint64_t auth_timeout = 3000; HashSet connected_peers; int remote_sender_id = 0; int remote_sender_override = 0; @@ -100,10 +111,12 @@ protected: void _process_sys(int p_from, const uint8_t *p_packet, int p_packet_len, MultiplayerPeer::TransferMode p_mode, int p_channel); void _add_peer(int p_id); + void _admit_peer(int p_id); void _del_peer(int p_id); void _connected_to_server(); void _connection_failed(); void _server_disconnected(); + void _update_status(); public: virtual void set_multiplayer_peer(const Ref &p_peer) override; @@ -125,6 +138,16 @@ public: void set_root_path(const NodePath &p_path); NodePath get_root_path() const; + void disconnect_peer(int p_id); + + Error send_auth(int p_to, Vector p_bytes); + Error complete_auth(int p_peer); + void set_auth_callback(Callable p_callback); + Callable get_auth_callback() const; + void set_auth_timeout(double p_timeout); + double get_auth_timeout() const; + Vector get_authenticating_peer_ids(); + Error send_command(int p_to, const uint8_t *p_packet, int p_packet_len); // Used internally to relay packets when needed. Error send_bytes(Vector p_data, int p_to = MultiplayerPeer::TARGET_PEER_BROADCAST, MultiplayerPeer::TransferMode p_mode = MultiplayerPeer::TRANSFER_MODE_RELIABLE, int p_channel = 0); String get_rpc_md5(const Object *p_obj);