Revision as of 21:15, 25 February 2010 view source imported>Hendrik Brummermann No edit summary ← Older edit		Revision as of 21:27, 25 February 2010 view source imported>Hendrik Brummermann →State connected Newer edit →
Line 20: Onces the TCP connection is established the clients requests the RSA public key from the server using [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageC2SLoginRequestKey.html C2SLoginRequestKey]. The server checks the protocol version implicitly included in every message. If it is compatible, it replies with a [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageS2CLoginSendKey.html S2CLoginSendKey] including the RSA public key. It is composed of two bytes arrays: The first one contains the value of 'n', and the second the value of 'e'. The client now computes a nonce (a random number) and sends its hash as byte array to the server in a [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageC2SLoginSendPromise.html C2SLoginPromise] message. The server remembers the client nonce and answers with its own nonce in a [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageS2CLoginSendNonce.html S2CLoginSendNonce]. Almost there: The client has now ~~sends~~all ~~its~~the information it needs to actually send the [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageC2SLoginSendNonceNameAndPassword.html C2SLoginSendNonceNameAndPassword]: Its nonce, ~~its~~the username and the value ~~Crypt~~rsaCrypt(xor(xor(client nonce, server nonce), password)~~. This message contains 3 fields~~). The first ~~one~~field is a bytes array containing the client nonce, the second one a string containing the username and the third one a ~~bytes~~byte array containing the encrypted password. On reception, the server checks that the hash he received at first is the hash of the nonce he just received. It then decodes the password field, and having the value of the client nonce and its nonce, it gets the value of the password. If the username/password combination is correct then the Server must send a Login ACK Message to indicate to the Client that the message has been correctly processed. However, if the username/password is wrong the Server will send a Login NACK (Not ACKnoledge).▼ ~~{{TODO\|~~ ~~Message S2C Login Send Nonce~~ If the username/password combination is correct then the Server must send a [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageS2CLoginACK.html S2CLoginACK] message to tell the client that the message has been correctly processed. It contains information about the last login, so that the user is able to recognize unauthorized usage of his account. ~~The server responds to the client promise by computing a nonce and sending it in this message. This message contains the nonce as a bytes array.~~ ~~Message C2S Login Send Nonce Name and Password~~ The [http://stendhal.game-host.org/hudson/job/marauroa_HEAD/javadoc/marauroa/common/net/message/MessageS2CLoginNACK.html S2CLoginNACK] message is sent from the server to the client to tell the client that its login request was rejected because the username or password is wrong, the account was banned or the server is full. The included result object will tell which of the cases prevented the login. ▲The client now sends its nonce, its username and the value Crypt(xor(xor(client nonce, server nonce), password). This message contains 3 fields. The first one is a bytes array containing the client nonce, the second one a string containing the username and the third one a bytes array containing the encrypted password. On reception, the server checks that the hash he received at first is the hash of the nonce he just received. It then decodes the password field, and having the value of the client nonce and its nonce, it gets the value of the password. If the username/password combination is correct then the Server must send a Login ACK Message to indicate to the Client that the message has been correctly processed. However, if the username/password is wrong the Server will send a Login NACK (Not ACKnoledge). ~~Message S2C Login ACK~~ ~~The LoginACK Message is sent from the Server to the Client to indicate that the login process has been completed correctly and that it can proceed to the next step. It has no params.~~ ~~Message S2C Login NACK~~ The LoginNACK Message is sent from the Server to the Client to tell the Client that its login message is incorrect because either the username or password is wrong or because Server has decided to reject the login request, e.g. if the Server is full or because the IP is banned. ~~The message is composed of: Message indicating the resolution.~~ }} {{br}}

NetworkDesign: Difference between revisions