Replaced ACE base AutoPtr class with shared_ptr
Note: worldserver currently broken due to MapUpdater threading failure (ACE ofc, what else could it be)
Remove the filter on CMSG_CHAR_ENUM added in 59b4c34924 since the same opcode is already throttled in the new improved system. DoS attacks using this opcode are still mitigated with same effect of before.
Fixes#10915
Adjust some more packet throttling values.
Revert b35f831f2b since it's no longer needed.
Modify the AntiDoS log to specify in a more readable way which opcode triggered the system and how many packets have been received.
Adjust packet throttling values to avoid false positive. In case you are experiencing random kicks change the PacketSpoof.Policy setting in worldserver configs and report which packets are triggering the anti-dos system.
Implement an improved packet Anti-DoS by counting how many times the same opcode has been sent in the last second and applying the policy specified in the configs if the amount of packets exceeds a reasonable amount.
Credits to the original author who decided to share this with TrinityCore team.
Fix some static analysis issues about uninitialized values. Most of them are false positives, always initialized before being accessed, while some of them are real issues spotted by valgrind too.
Mitigate DoS attacks like one explained in #10555 by processing a limited number of packets at each WorldSession::Update() call, allowing other WorldSessions to be processed.
100 packets in a single update sound like a reasonable amount.
* Rewritten path generation, now uses splines - timers are a lot more accurate now
* Implemented stopping transports
* Implemented spawning transports in instances
* Implemented spawning gameobjects as transport passengers
* Transport passengers are now stored in creature/gameobject table using gameobject_template.data6 from transport's template as map id
- Removed config option RBAC.DefaultGroups
Use the table rbac_security_level_groups to configure the groups to be added to the account at load time.
Note: Those groups are only used at run time, never saved to DB
Port some movement packet fixes, taking into account client/server connection lag.
Credits to original author, check http://sourceforge.net/p/ascentemubackup/code/1637/ for more details.
MOVEMENT_PACKET_TIME_DELAY default value is currently set to 0, feel free to set it to different values and report feedback.
Currently regulates the usage of CMSG_CHAR_ENUM only, but can be easily
extended to detect inappropriate network behaviour by using
AntiDOS.AllowOpcode in WorldSession's handlers.
- This system will give more control of actions an account can perform.
System defines:
- Permissions to perform some action
- Roles: a set of permissions that have some relation
- Groups: a set of roles that have some relation
Operations:
- Grant: Assign and allow
- Deny: Assign and do not allow
- Revoke: Remove
Precedence to know if something can be done: Grant, Deny. That means, if you are granted some action by a role but you have denied the permission, the action can not be done.
Some Rules:
- Groups can only have roles
- Roles can only have permissions
- An account can be assigned granted and denied roles. Permissions inherited from roles are granted if roles is granted and denied if roles is denied
- An account can be assigned granted and denied permissions
- An account can have multiple groups, roles and permissions
- An account can not have same role granted and denied at same time
- An acconnt can not have same permission granted and denied at same time
- Id 0 can not be used to define a group, role or permission
Added some permissions as a sample of use (Instant Logout, Skip Queue, Join BGs, Join DF) and some permissions as a workaround to commands till command system is modified to use RBAC
