Multiplayer permissions - OpenRCT2/OpenRCT2 GitHub Wiki

This is a copy of a post made on reddit: https://www.reddit.com/r/rct/comments/4lcpjc/openrct2_psa_new_authentication_system_for/.

See #3699 for technical details, this will only be a high-level/"what you can do with it" overview.

We have designed and implemented a new peer-to-peer authentication system that allows to reliably identify clients over network. It's based on RSA asymmetric cryptography, which we use to make server generate a token, that gets signed by client and verified again by server. This is not an encryption system.

This system allows us to reliably identify clients, which in turn lets us enable persistent permissions.

If you are just a casual player, there is not much you will notice. This is aimed mostly at people who host or are more tech-savvy.

Each client will have a key generated for them and stored in a file, whose name is based on the username they chose for multiplayer. You can find those keys in keys directory, next to your config.ini. On the server side, a new file will be created, users.json, which will hold mapping of key hashes to groups. Once the host assigns clients to a particular group, it will persist across launches and connections, so the client will join the same group he was previously assigned to. The (public) keys are transferred over the wire automatically, but we only store (SHA1) hash of it, so it is human-readable.

Sample users.json:

[
    {
        "hash": "7db90b8f927f130286085138679903105529d56f",
        "name": "janisozaur",
        "groupId": 0
    }
]

groupId fields maps to id field from groups.json

The users.json file is reloaded each time the client tries to join, so you can safely edit it outside of the game and have changes go live without the need for restarting.

groupId can also be set to null, to make user holding given key get assigned to default group.

We have added a new capability to only allow known keys to be able to login to your server. You can either pre-populate your users.json or leave the server running for a while, until all your expected guests have joined, then toggle the option in new tab in multiplayer window.

When you kick a user from a server, the client's key will also get removed from users.json mapping, which means the client would no longer be able to join your server if you have "block unknown clients" option enabled or they will join and get assigned to the default group.

There is also a new permission, PERMISSION_PASSWORDLESS_LOGIN, which you can add to admin/mod groups if you wish to.

The way this system was designed, it should allow for future extension with a central authority (say openrct2.org) which hosts could use to pre-populate users.json on the fly with some sane values.

Some quick facts:

  • This is not an encryption system.
  • The generated key is 2048 bits long, this should be more than enough for us.
  • We use OpenSSL's crypto module for handling cryptography.
  • The private key is only loaded into memory when actually needed and then promptly unloaded, to reduce probability of leaking it.

I hope this answers most of the questions you may have, I will try answering more if you have them.

With this now in place, we hope to put an end to constant griefing, especially on public servers, as hosts will now have tools to limit such behaviour.