this is just the current changelog, an release is planed for next week.

2.0.19.50
- MANTIS 0000538
- MANTIS 0000537
- MANTIS 0000508
- MANTIS 0000525
- MANTIS 0000507
- MANTIS 0000513
- MANTUS 0000519
- fixed initial tcpqueryport is allready used check , port was not binded to the correct serverip
- MANTIS 0000549
- tcpquery, added command removeclient
removes the client from the server (other clients get a playerquit message)
removeclient <pid>

- tcpquery, added command globalset
globalset <varname> <value>
hoster_gfx_url (value is NOT saved to ini file,
also only new logged in users
get the new file)

2.0.19.49
- MANTIS 0000465
- MANTIS 0000481
- MANTIS 0000482
- tcpquery, added command banlist
shows the banlist
- tcpquery, added command banadd
banadd <ip> <minutes>
- tcpquery, added command banplayer
banplayer <pid> <minutes>
- tcpquery, added command bandel
bandel <dbid>
- tcpquery, added command banclear
removes all bans
- tcpquery, added command ki (kickidlers)
ki <max_idle_time_in_mins> <flags> <reason text>
flags:
1 kick unregistered clients
2 kick registered clients
4 kick only if client is on unregistered channel
8 kick only if client is on registered channel

exampel:
ki 30 5 dont idle here
kicks all who idle at least 30 minutes and are unregistered and on an unregistered channel.
- ServerAdmins cant exeed flood.
- tcpquery, msg,msgall,msgu @ will prevent telnet.loginname message

2.0.19.48
- MANTIS 0000460
- MANTIS 0000462
- added SSL for webinterface and tcpquery (only for commercial and on special-request)
- its now possible to bind the server, www, tcpquery to multiple ips
(BoundToIp is replaced by BoundToIp1, BoundToIp2, BoundToIpX...)
- tcpquery, added command lc (list connections)
gives a list of all established tcpquery connections
- tcpquery, added command msgu (message user)
msgu <pid> <text>

2.0.19.47
- MANTIS 0000454
- MANTIS 0000453
- MANTIS 0000339
- MANTIS 0000407

2.0.19.46
- MANTIS 0000413
- MANTIS 0000394

Oh,

and I might want to add that there will be a INSTALL.MYSQL file coming with this build...explaining howto switch to mysql instead of the default sqlite.

Wahoo a removeclient command. Thank you very much.
I currently have to move them to a seperate channel and have to leave them on the server, in wich case I have a problem when the max clients of the TS server match the max cleints of the game server.

EDIT: And what does the globalset <varname> <value> do?
Can you read the vars on the client via the TSRemote.dll?
Though I could use this feature too, I actually would like to have it in the other direction.
Currently I have to assign Nicks that are hashes of unique game client features (like the CD key) to match the users. But that makes the ts server nearly impossible to administrate manually.
This is a problem on game clients where you can not make an ingame GUI via mod (like BF1942 where no full sdk is available). If you want to mute a voice spammer you have to mute him manually in the TS client.
This was currently not a problem because TS was mainly used by clans. But if used on public servers this is needed.

oh my god!! that version rockz!!! now i can use mysql db. c00l.

MYSQL!!!!!!!!!! WHOOOOHOOOOOO!!!

MySQL sounds great indeed, that would resolve those problems with certain RH distros / SQLite thing. Nice work!

I cannot wait.. I am always looking for the newest and best versions of all software. I just hope there can be a idle kick feature in upcoming versions! :)

hmm,

you didnt read the changelog did you ?

ki <max_idle_time_in_mins> <flags> <reason text>
flags:
1 kick unregistered clients
2 kick registered clients
4 kick only if client is on unregistered channel
8 kick only if client is on registered channel

exampel:
ki 30 5 dont idle here
kicks all who idle at least 30 minutes and are unregistered and on an unregistered channel.

Where are the b50 files?

on FTP are only the b46:confused:

Well, obviously b50 has not hit the shelves yet. Be patient, there will be a post (propably a news item on the main page) when its read, so you wont miss it :D.

Sorry... I didnt see that!! I have fools that like to have idle contests and this will bust their bubbles...

:( :o :D ;) :p :cool: :rolleyes: :mad:









Originally posted by pwk.linuxfan
hmm,

you didnt read the changelog did you ?

ki <max_idle_time_in_mins> <flags> <reason text>
flags:
1 kick unregistered clients
2 kick registered clients
4 kick only if client is on unregistered channel
8 kick only if client is on registered channel

exampel:
ki 30 5 dont idle here
kicks all who idle at least 30 minutes and are unregistered and on an unregistered channel. :)

yeeehaaaa, another server-release is coming soon :D

Is their an ETA on this new version?

i cant wait :D

Originally posted by frankenberrie
Is their an ETA on this new version?

so when is this release coming out?

Originally posted by pwk.linuxfan
Oh,

and I might want to add that there will be a INSTALL.MYSQL file coming with this build...explaining howto switch to mysql instead of the default sqlite.

o well..... we're in 2004 now....

and were still f*cking eager to see that version ( which supports mysql)


happy newyear bytheway!

Please make it MSSQL compatable also..

i've been pulling so much hair out waiting for this release I am now bald!! ahhh!! :rolleyes:

reminds me of the ut2003 release..."next week, a couple days" = "two weeks" :D

lol... yah that and the HL2 release... I've setup a new linux server and haven't installed TS yet, cuz i figure might as well wait for the release.. :confused:

I wouldn't "hold my breath" if I were you...

Regarding a release after b46 (http://www.teamspeak.org/forums/showthread.php?s=&threadid=7481):

Originally posted by Zero-Point on 28-08-2003
Originally posted by R. Ludwig on 19-08-2003
** please update as soon as possible to this version **
there will be also an official release of this version in max 2 days.
What ever happened? I decided not to update cause it was going to be only 2 days for an official release that never showed up.

Does anyone have any info on this piece:


- added SSL for webinterface and tcpquery (only for commercial and on special-request)

i still do not see any ""SQL" or "MD5" in those changes, or are they hidden in those "bugfixes" ?

all i would like to see in the next version is security and stability.

with MD5 you mean storing passwords hashed in the database ? Not yet in.

with MD5 i mean, storing the password encripted in the database, and sending the password encrypted to the server.

maybe it would be nice to use the IP also with the md5 hash

so "user passwd"+"user IP" = hash
so when someone sniffs the passwd it has no use.

Originally posted by madcat
with MD5 i mean, storing the password encripted in the database, and sending the password encrypted to the server.

maybe it would be nice to use the IP also with the md5 hash

so "user passwd"+"user IP" = hash
so when someone sniffs the passwd it has no use. MD5 hash by itself is of no use to anyone anyway. What point would including IP have?

@Dark Star: Though integrated SSL would be nice, you can archive the same functionality by using stunnel or a similar program (I used stunnel for testing and it worked ok).

Originally posted by Zero-Point
reminds me of the ut2003 release..."next week, a couple days" = "two weeks" :D

Are you sure that was not "two months"??? ;)

Originally posted by madcat
with MD5 i mean, storing the password encripted in the database, and sending the password encrypted to the server.

maybe it would be nice to use the IP also with the md5 hash

so "user passwd"+"user IP" = hash
so when someone sniffs the passwd it has no use.

Problem with hashing the IP in to a larger hash. Folks behind firewalls/proxies will potentially have their IP address changed. One solution I use is to hash the password, then hash it again with a one time value sent from the server. So you have something like the following:

0) Server has hashed password stored.
1) Client requests login
2) Server sends one time (e.g. random value)
3) Client sends

CH = H(H(passwd)+OTV)

Where H(x) denotes some hash of x.

4) Server computes

SH = H(stored_hashed_passwd + OTV)

and validates CH == SH

Only issue is that the server must somehow get the H(passwd) to store as store in a secure fashion. Since applications I use can establish secure connections using SSL when needed, or an admin can enter a password, that has not been a problem with me.

Since SSL is not an option (SSL only works on TCP connections) this is not much more secure than sending the hash drectly.

Because if OVT is known it is not too difficult to compute H(passwd) from H(H(passwd)+OVT) (with MD5 at least). And it should not be much more difficult to also snoop OVT when you can snoop H(H(passwd)+OVT) from the connection.

And if SSL would be an option (and assuming that SSL is secure) then you could directly send H(passwd) or even passwd (which is no big difference since H(passwd) would be sufficient login credetial).

EDIT: Ups maybe I was wrong here. It may be difficult to compute H(passwd) from H(H(passwd)+OVT) even if OVT is known. Have to read up some stuff on that. I will report back when I know more.

Originally posted by Dummer Sack
Since SSL is not an option (SSL only works on TCP connections) this is not much more secure than sending the hash drectly.

Because if OVT is known it is not too difficult to compute H(passwd) from H(H(passwd)+OVT) (with MD5 at least). And it should not be much more difficult to also snoop OVT when you can snoop H(H(passwd)+OVT) from the connection.

And if SSL would be an option (and assuming that SSL is secure) then you could directly send H(passwd) or even passwd (which is no big difference since H(passwd) would be sufficient login credetial).

EDIT: Ups maybe I was wrong here. It may be difficult to compute H(passwd) from H(H(passwd)+OVT) even if OVT is known. Have to read up some stuff on that. I will report back when I know more.

Agreed that SSL is useless in the current architecture, and that snooping sessions is halfway trivial, at least on the local LAN (I do that all the time diagnosing problems). If I were designing things, I would actually use the combination of TCP+SSL at least for the registration process. As for whether or not we could find passwd from MD5(passwd) or from MD5(MD5(passwd)+OVT) knowing OVT, we almost certainly could, but it would probably take too much resources (time/cpu) to use for legitimate client/server communications. But hey, it is better than clear text. Kinda like locking the car door, even though someone could jimmy the lock in about 30 seconds. ;)

Originally posted by RandyO
MD5 hash by itself is of no use to anyone anyway. What point would including IP have?

if you only need to send the md5 hash to the server it stil is not very usefull because it can be spoofed.

if you send your IP it can't.

but cinnion is correct, proxy's and nat routers will mess up this idea. so it's useless. but there could be a nice handshake for this, maybe even with SSL.

but sending the password in md5 at least will be better then plain text :)

Originally posted by madcat


if you only need to send the md5 hash to the server it stil is not very usefull because it can be spoofed.

if you send your IP it can't.

but cinnion is correct, proxy's and nat routers will mess up this idea. so it's useless. but there could be a nice handshake for this, maybe even with SSL.

but sending the password in md5 at least will be better then plain text :)

DOH! Forgot...I also hash in the time (as a time_t) and mandate a window to avoid replay. Since all the machines which run my protocol are running NTP and I also send the time_t with the OTV to alert about being out of sync, I restrict this window to +/- 5 seconds and have no problems.

As for sending the IP, that could be given as a lie. It is unfortunate that too many firewalls/proxies do not handle this better, but that is expecting too much of them to open up the data and knowing how to handle it. FTP sure, but the 1M+1 other protocols...naaa.

- Doug

Well personally I doubt that such security is all that necessary for a program like this.

What I mean what kind of data is being passed etc. Anyone willing to go to all the trouble to hack this I would just give a server to and save them the trouble. There is always a telephone, and guess what, bugs, taps and no password at all. :D

Originally posted by cinnion
As for whether or not we could find passwd from MD5(passwd) or from MD5(MD5(passwd)+OVT) knowing OVT, we almost certainly could, but it would probably take too much resources (time/cpu) to use for legitimate client/server communications.
What I meant is that if OVT is known that it is not too complicated (as I have written), which means that not much cpu time/resources are needed.
Also you don't need the time thing you mentioned if you cannot compute MD5(passwd) from MD5(MD5(passwd)+OVT) with OVT known in reasonable time (which means less than a week or month, since a doubt anyone changes their paswords weekly).

Originally posted by Dummer Sack

What I meant is that if OVT is known that it is not too complicated (as I have written), which means that not much cpu time/resources are needed.
Also you don't need the time thing you mentioned if you cannot compute MD5(passwd) from MD5(MD5(passwd)+OVT) with OVT known in reasonable time (which means less than a week or month, since a doubt anyone changes their paswords weekly).

Mmm...I have not thought about encryption since my days at CompuServe, where I was the UN*X expert and one of the folks on our core security team. We had looked at encryption quite a few times, and actually experimented with breaking encryption, authentication and digest schemes which used DES, MD5 and other algorithms.

In the interest of validating my session authentication algorithm which we have discussed, I have written a little program to get a feel for how vulnerable it really is. I will probably be putting something up with a link from my web page (listed in my profile) in the next week or so with better results, but here are the preliminaries. With any known salt (OTV or OTV+time), we are essentially looking at a domain for MD5(password) having 2^128 possible values. My program uses the optimized MD5 code published by RSA, and has been running on what is normally an idle a K7/2500+ Barton for 5 hours and has not yet tested 2^64 values (the point at which a unsigned long long overflows). This means that the total amount of time required will probably be on the order of 5*2^64 hours to exhaust the domain. However, also know that intelligently, a MD5 hash of mostly zeros is unlikely, as well as the fact that I know that there have got to be collisions (you do not encode more than 2^128 bits into 2^128 bits without collisions). This means that it could probably be reduced somewhat, but imagine trying to write that code. Also, the collision issue means that you want to compromise on the size of the salt. If the OTV has a reasonable cycle time, then, as you say, including the time is not only unnecessary, but is in fact undesirable since 2^64 bits of salt will result in more collisions than 2^32 bits of salt. However, another option is just to use the time as the OTV.

More on this later if folks are intersted.

- Doug

1/25 FOLLOWUP: Using a very optimized program, I have still to roll over the first 64-bit counter I am using to handle the 128-bit value which constitutes a guessed MD5 hash. This is on what was the top-of-the-line AMD K7 machine purchased for use at a radio observatory in June, but which is currently otherwise sitting idle waiting on some other key components. Total CPU time is 18000+ minutes and counting. I am almost tempted to use the debugger to find out where it is in that counter.

- Doug

cracking an md5 hash in good time is almost impossable (with normal hardware), i have the password file from the unix machienes from school, and i used "jack the ripper" to get a valid password (remember cracking the code does not mean you will get THE password) and it took over 90 days to get the password

but it depends on the protocol to be secure, if teamspeak only needs the md5 of the password, it can be sniffed and can be spoofed by an other user.

if you add an other value to that md5 it's impossable to crack

asume the password in md5 is available in the database of the server.

when a client enters his password the program first will md5 that password, and then add the current date (in GMT timezone) to that password and maybe even an other random number and sends that to the server

so MD5(MD5(passwd),timstamp)

so the password send over the net needs to be cracked in 1 day, which is imposable.
then the server does the same and match it.

MD5(passwd from DB,timestamp)

the only time the password only in md5 will be send is when a user is added by the client. but that would be acceptable i guess.

Sorry, but that is not true.
Once I know MD5(passwd) I can generate MD5(MD5(passwd),timestamp) (whatever operation , is) for any timestamp I want, which means that I can reproduce the loginprocess at any given time.
So I do not have to compute MD5(passwd) whithin one hour or day.

Also what makes computing MD5(passwd) easier is that I know timestamp. The question is how much easier (I am currently reading up the stuff about that).

What makes it definitly easier up to the point where computing MD5(passwd) in reasonable time is possible if you have multiple pairs of MD5(MD5(passwd),timestamp) and timestamp. The more you have the better.
This is equal to snoop multiple logins of the same user which should be possible if you can snoop one.

EDIT: @Randall_James: Yes, but doing somthing more than just sending MD5(passwd) should be done because it is no more secure than sending the password in plaintext. Also the discussion is interesting nevertheless.

Originally posted by Dummer Sack
Sorry, but that is not true.
Once I know MD5(passwd) I can generate MD5(MD5(passwd),timestamp) (whatever operation , is) for any timestamp I want, which means that I can reproduce the loginprocess at any given time.
So I do not have to compute MD5(passwd) whithin one hour or day.
I may be wrong but I think he is means that the time it would take to hack the PW it would already be replaced by the new one.
The miitary uses a similar system, You are issued what looks like a pager, it has a satellite connection,

You initialize the authentication process and the server begins sending an endless stream of passwords to your pager. You hit the button to lock on to one of the passwords. The pager unit then sends a signal back to system at exactly what time you hit the button. The system has stored the correct password at that second you hit the button. (password changes every second yes)
You then have only a short time to get this password entered. Should you fail , you are toast. System locks you out and sends security alert to admins. You then must go through a process to get your account reactivated.

As all passwords are unique each time a user logs on they can verify just by the password used who, what, when and where access was made from. This will also only work from a dial in access account.

I don't think that he means that, because the timelimit he mentioned was 1 day.
Because in that case a TS server operator would have to change his password every day.

Also your system has the problem that the security is moved from remebering a password to the pager (anyone who can get the pager can initialize the auth process).
I think that it is more difficult to get to a password stored in someones brain than to aquire a device that he carries around (I know you could secure the device too, and then you have got a smartcard :)).

But that is no system that may be applicable with TS (since additional hardware has to be used).

Originally posted by Dummer Sack
Sorry, but that is not true.
Once I know MD5(passwd) I can generate MD5(MD5(passwd),timestamp) (whatever operation , is) for any timestamp I want, which means that I can reproduce the loginprocess at any given time.
So I do not have to compute MD5(passwd) whithin one hour or day.



that is the fun about it, you will never know the md5 hash stored in the db. because it's never send over the net, or only once when you add a user

example:
you have intercepted these 2 passwords:

it's this formula md5(md5(passwd)+1);
c4ca4238a0b923820dcc509a6f75849b

this is this formula md5(md5(passwd)+2);
c81e728d9d4c2f636f067f89cc14862c

if you can tell me what md5(passwd) is or even more intresting what "passwd" is then you have convinced me.

Originally posted by Randall_James
I may be wrong but I think he is means that the time it would take to hack the PW it would already be replaced by the new one.
The miitary uses a similar system, You are issued what looks like a pager, it has a satellite connection,

You initialize the authentication process and the server begins sending an endless stream of passwords to your pager. You hit the button to lock on to one of the passwords. The pager unit then sends a signal back to system at exactly what time you hit the button. The system has stored the correct password at that second you hit the button. (password changes every second yes)
You then have only a short time to get this password entered. Should you fail , you are toast. System locks you out and sends security alert to admins. You then must go through a process to get your account reactivated.

As all passwords are unique each time a user logs on they can verify just by the password used who, what, when and where access was made from. This will also only work from a dial in access account.

it's not that advanced, because the passwd itself is not changed, only the hash you will send over the net every day wil be changed.
but it's a nice and easy trick to keep it secure, and easy to implement

The system requires a users password and the generated code. It has 0 fault tolerance for error. This is an additional item above and beyond the users password. The idea behind it is that there is no brute force attack that can work and any attempt to hack a user account shuts the user account down.

Hi there,

you can download an pre b50 from our <dev-ftp>.
please notice to post bugs only to THIS thread.

have fun,
ralf

ps:
hoster_gfx_url should now be useable for ALL.

2.0.19.50
- webinterface, fixed bug where it wasnt possible to change max spam commands
- sqlite database will auto VACUUM on start
- MANTIS 0000560
- MANTIS 0000538
- MANTIS 0000537
- MANTIS 0000508
- MANTIS 0000525
- MANTIS 0000507
- MANTIS 0000513
- MANTUS 0000519
- maximum entries to banlist limited to 20 until the protocol can handle more
- fixed sqlite parser bug
- fixed initial tcpqueryport is allready used check , was not binded to
the correct serverip
- MANTIS 0000549
- tcpquery, added command removeclient
removes the client from the server (other clients get a playerquit message)
removeclient <pid>
- tcpquery, version command shows now servertype (free,commercial)
- tcpquery, added command globalset
globalset <varname> <value>
hoster_gfx_url (value is NOT saved to ini file,
also only new logged in users
get the new file)

First off, great job; I really like the updates to the webadmin, especially the help system.

index.html (welcome message):

"...display the acording web-page." --> "acording" should be "according"


server settings overview:

display platform (Linux/Win32) in ServerVersion?
Bandwidth In/Out last second/minute: units? Bytes/s?


SuperAdmin Manager:

Last Login: is there a purpose for this, not being able to log-in to server via client? The help system does not show the "Last Login" column.

Also, help system does not show "Last Login" column for User Manager.

What is meant by this in help system: "...so remember to create an SuperAdmin-User for yourself on the servers you want use with your TS-Client?"


Error Log:

---------------------------------------------------------------
-------------- log started at 15-01-04 02:17 -------------
---------------------------------------------------------------
15-01-04 02:17:40,ALL,Info,server, Server init initialized
15-01-04 02:17:40,ALL,Info,server, Server version: 2.0.19.50 Win32
15-01-04 02:17:40,ALL,Info,db, Upgrading database script upgrade_3.sql
15-01-04 02:17:40,ALL,Info,db, Upgrading successfully
15-01-04 02:17:41,ALL,Info,server, Starting VirtualServer id:1 with port:8767
15-01-04 02:17:41,ALL,Info,server, Server init finished
15-01-04 02:17:44,ERROR,All,frmMain, unable to detect external ip
15-01-04 02:21:26,ERROR,All,CHANNEL, SID: 1 Destroy Exception: EInvalidPointer.Invalid pointer operation
15-01-04 02:21:50,ALL,Info,server, Starting VirtualServer id:1 with port:8767
15-01-04 02:22:16,ERROR,All,CHANNEL, SID: 1 Destroy Exception: EInvalidPointer.Invalid pointer operation
15-01-04 02:22:41,ALL,Info,server, Starting VirtualServer id:1 with port:8767
15-01-04 02:22:50,ALL,Info,server, Starting VirtualServer id:1 with port:8767
15-01-04 02:25:54,ERROR,All,frmMain, unable to detect external ip

sepcifically:

15-01-04 02:22:16,ERROR,All,CHANNEL, SID: 1 Destroy Exception: EInvalidPointer.Invalid pointer operation

Thanks, nice job

Big thanks to the TS team for that new release.
Keep up the good work.

@Zero-Point: I do not get this error.
Also I do not get the external IP detection error since I disabled external IP detection in the server.ini.

Try to disable external IP detection. Maybe the errors are related.

update: hoster_gfx will not work until niels updated client ;(

@zero-point:
does the error occur also if you delete your server.dbs ?

just checked, i can delete channels without any problems.
strange...

logins over tcpquery, webinterface will not set the lastlogin
field. this will be fixed until official release.

@zero point:

how did you update the mysql DB from the sqllite DB?

here is my install log:
madcat:/usr/share/teamspeak/pre50# ./tss.minimal_startscript start
Error starting daemon. Aborted
madcat:/usr/share/teamspeak/pre50# cat server.log
---------------------------------------------------------------
-------------- log started at 15-01-04 13:26 -------------
---------------------------------------------------------------
15-01-04 13:26:15,ALL,Info,server, Server init initialized
15-01-04 13:26:15,ALL,Info,server, Server version: 2.0.19.50 Linux
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_servers
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_server_privileges
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_channels
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_channel_privileges
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_clients
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_bans
----------------------------------------------------------
---------------------------------------------------------------
--------------- log ended at 15-01-04 13:26 --------------
---------------------------------------------------------------
madcat:/usr/share/teamspeak/pre50# ./tss.minimal_startscript start
Error starting daemon. Aborted
madcat:/usr/share/teamspeak/pre50# cat server.log
---------------------------------------------------------------
-------------- log started at 15-01-04 13:26 -------------
---------------------------------------------------------------
15-01-04 13:26:15,ALL,Info,server, Server init initialized
15-01-04 13:26:15,ALL,Info,server, Server version: 2.0.19.50 Linux
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_servers
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_server_privileges
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_channels
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_channel_privileges
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_clients
15-01-04 13:26:15,WARNING,Info,SQL, created table ts2_bans
----------------------------------------------------------
---------------------------------------------------------------
--------------- log ended at 15-01-04 13:26 --------------
---------------------------------------------------------------
15-01-04 13:26:32,ALL,Info,server, Starting VirtualServer id:1 with port:8767
15-01-04 13:26:32,WARNING,Info,SERVER, Default VirtualServer created
15-01-04 13:26:32,WARNING,Info,SERVER, admin account info: username: admin password: *kuch*
15-01-04 13:26:33,WARNING,Info,SERVER, superadmin account info: username: superadmin password: *kuch*
---------------------------------------------------------------
-------------- log started at 15-01-04 13:26 -------------
---------------------------------------------------------------
15-01-04 13:26:37,ALL,Info,server, Server init initialized
15-01-04 13:26:37,ALL,Info,server, Server version: 2.0.19.50 Linux
----------------------------------------------------------
---------------------------------------------------------------
--------------- log ended at 15-01-04 13:26 --------------
---------------------------------------------------------------

how did you start that update script?

Update script?
I still use sqlite, so I don't know how it is with mysql.

I just cept server.ini, server.dbs and server.log in the directory and it updated the db by itself.

@madcat: a fresh installation dont needs an update.

did I miss somthing?
ftp://webpost.teamspeak.org/releases/ts2_server_rc2_202050.tar.bz2 does not seem to exist.

I don't know.
I downloaded it here: ftp://ftp.teamspeak.org/developer/server/.

well you missed to read it properly...


you can download an pre b50 from our <dev-ftp>.
please notice to post bugs only to THIS thread.


its DEV-FTP
its not a OFFICIAL release

I get the following error when I try to create a registred channel:

15-01-04 14:06:47,ERROR,All,CHANNEL, SID: 2 SetChannelAttribs Exception: EAccessViolation.Access violation at address 080FBD84, accessing address 00000000

System is a dual PIII with suse9.0.
Name of the channel Test, Codec GSM 16.4, no other flags or settings.
The channel appears though on the server and the database (sqlite).

EDIT: Only registred is relevant to produce the error. All other settings do not matter.
No error occures if registred is not set in any combination.
So I suspect that it happens when the db is accessed (though the channel appears in the db, Don know if all flags are correct in the db though).

EDIT2: Did not see your post when I started to edit. Good reaction time though :).

arghs... found it. (ChannelCreate Exception Bug)

please redownload "just" the binary for your platform.

i dont updated version numbers... so it will show you
just the same version as before.

ps:
please report back if that fixed it for you also

@madcat:
that should fix your problem also (redownload the binary)

Right it fixed it (ChannelCreate Exception Bug).
Thx.

Originally posted by R. Ludwig
@madcat:
that should fix your problem also (redownload the binary)


it still does not convert the sqlite to mysql, my mysql tables are still default, i have the server.dbs copyed in the same directory as the new teamspeak. and the permissions are correct

it actualy gives an error now:
madcat:/usr/share/teamspeak/pre50# ./tss.minimal_startscript start
Error starting daemon. Aborted

but the server has started successfully

Originally posted by Dummer Sack
I don't know.
I downloaded it here: ftp://ftp.teamspeak.org/developer/server/. Ok I was just going to download directly to one of my servers, and the tar files are so much easier is all.

I had copy the Files and edit the Server.ini for MySQL.

TS Server runs, but the mysql db is empty !
It use the server.dbs File for Servers and Users.

Why ?

@madcat:
it WONT convert an existing .dbs file to mysql

Originally posted by R. Ludwig
@madcat:
it WONT convert an existing .dbs file to mysql

okey, that is to bad...

then it works fine here, except the error when i start it, which isn't a error.

Originally posted by LittleBuddha
I had copy the Files and edit the Server.ini for MySQL.

TS Server runs, but the mysql db is empty !
It use the server.dbs File for Servers and Users.

Why ?

Done.
After a new install of TS, it works with MySQL.

How can i import the old dbs File in the MySQL DB ?

I need it, because there are many Servers and Users inside.

Originally posted by LittleBuddha
How can i import the old dbs File in the MySQL DB ?

I need it, because there are many Servers and Users inside.

yeah i also would like that, but like R. Ludwig said:

@madcat:
it WONT convert an existing .dbs file to mysql

I don't know if the tables for mysql and sqlite are identical but if they are you can use sqlite (google for it) to dump the database to a file.

./sqlite server.dbs > dbdump.sql
.dump ts2_bans ts2_channels ts2_server_privileges ts2_channel_privileges ts2_clients ts2_servers
.quit

Basically you will get a file full of insert statements that you can import to mysql (you will have to edit it first to remove the create table statements).

EDIT: Maybe you will have to check the mysql db and the dump file for duplicate entries first (like superadmin and admin and the initial server entry in the mysql db)

nope does not work, if anyone else wanna try:
http://madcat.student.utwente.nl/teamspeak_server.dbs_to_sql.exe

the layout is differend i think, maybe some of the developers can tell what's changed.

oh maybe i have an idea, what if i disable the mysql DB first, and then convert the updated db :)

edit:

YES it works!!

here is a quick howto:

first do not edit the server.ini as described in the readme (ftp://ftp.teamspeak.org/developer/server/pre_b50/root_files/README).
update to _50 then start it, when the server.log said "updating blablabla" backup the server.dbs

then download the above file (it's a self extractable file)
copy the server.dbs to the same directory as the rest of the files you downloaded

then double click / execute the run.bat
a dbdump.sql should be created,

edit the file with notepad, and remove the first and the last line, namely:
BEGIN TRANSACTION;
and
COMMIT;

put teh rest of the file into phpmyadmin or an other way to update your mysql server

then change the server.ini like it said in the readme and it should run, at least it does here..

ps:
maybe this could be standard in the next version or at least the final version

edit:
some typo's

oh my god!! where is the new version???? when???? :(

Go a few posts back the link to the new version is there.

Originally posted by R. Ludwig
@zero-point:
does the error occur also if you delete your server.dbs ?

just checked, i can delete channels without any problems.
strange...

logins over tcpquery, webinterface will not set the lastlogin
field. this will be fixed until official release.

Well, I restarted the server now, and I do not get the error anymore, even with ExternalIPDectection=1. I now have ExternalIPDectection=0. Strange. Also, if you mean that error can occur with deleting channels, I didn't do anything except start the server, and possibly login via client by that time.

madcat: I did not update to MySQL, I have it kept sqlite.

I hope you have redownloaded the server binary also, because Ralf fixed a bug in the meantime, but did not bump the server version.

Yes, I did, thank you.

i found a bug/feature:

teamspeak keeps connected to mysql, even when there is no-one logged in. is this nessesary?

if not i rather see TS login in mysql when there is at least one person connected to the TS server.

How about adding a MSSQL function
that would be very nice
well for us that use MSSQL it would..

Please

Originally posted by madcat
i found a bug/feature:

teamspeak keeps connected to mysql, even when there is no-one logged in. is this nessesary?

if not i rather see TS login in mysql when there is at least one person connected to the TS server.

nah, i dont think i gonna invest time into this. there is more important thinks to change in the maintime.

maybe with the new db backend in the final this could be supported. please add an mantis.teamspeak.org entry for
that.

thanks.

Originally posted by LïttlëØñê
How about adding a MSSQL function
that would be very nice
well for us that use MSSQL it would..
Please

with that version of teamspeak, mysql / sqlite will be the only
database we support.

Originally posted by R. Ludwig


nah, i dont think i gonna invest time into this. there is more important thinks to change in the maintime.

maybe with the new db backend in the final this could be supported. please add an mantis.teamspeak.org entry for
that.

thanks.

okey i have added it as a "tweak" i'm not sure in which problems this could result in, but it is at least memory consuming.
maybe mysql optimises the database when no user is connected, so it will be never optimised etc.

@LïttlëØñê: TS is using Borlands Data Express.
For MSSQL support you may try Borlands site.
(If you are lucky, you only need the correct libraries and enter them in the server.ini)

PS: As far as I know mysql does not optimize automatically. You have to explicitly call optimize table to make it do that.

i dont think m$sql will work since i needed to made some changes to this dbexpress stuff.

next generation ts will have a more better db support...

On a side note thanks for answering my information question on the SSL and ALL of the additional information that was posted. Good stuff there and since I run many servers, important.


As for the new version. Woot!


:D

Ok I am feeling pretty stupid here, I got the new version to run but the mysql db thing has me whipped. I have tried all the various instructions here to transfer mysql.

sqldir=mysql_sql/ < this was uploaded to same dir as the binary
Drivername=mysql < unchanged
Database=Your_Database_Name_Here < easy enough
Hostname=The_PC_the_MySQL-Server_is_on > localhost
User_name=User_name_on_the_MySQL-Server > easy enough
Password=Password_to_go_with_above_user_name > got it
GetDriverFunc=getSQLDriverMYSQL >unchanged

VendorLib=path_pointing_at_your_mysql_vendor_lib > located on my server and pointed to it, server log does indicate a problem here however, I copied to binary folder and tried there but got error. Not sure what this is or what it is needed for even but appears to be my problem

LibraryName=./libsqlmy.so
Active=1



RH9 2.4.20-28.9
Mysql 4.0.1.5
PHP 4.3.4

here is my server.ini:


[DBEXPRESS]
sqldir=/usr/share/teamspeak/pre50/mysql_sql/
Drivername=mysql
Database=teamspeak
Hostname=localhost
User_name=teamspeak
Password=<pwd_here>
GetDriverFunc=getSQLDriverMYSQL
VendorLib=/usr/lib/libmysqlclient_r.so.10.0.0
LibraryName=./libsqlmy.so
Active=1


also make sure you have the sql files in the correct directory
so i have in the directory /usr/share/teamspeak/pre50/mysql_sql/ the sql files needed for teamspeak

Superadmin user "last login" does not function. It remains at "never"

I also got mysql to work,
FIX:

I was using libmysqlclient_r.so.12.0.0 it would not work
I changed it to libmysqlclient_r.so.10.0.0 and it now works.

start works on

suse 8.1
mysql-3.23.52-106

If the server incompatible with MySQL 4.0 ?

(libmysqlclient_r.so.10.0.0 not found on my system.)

Linux: SuSE Linux 9.0
TS-Server: 2.0.19.50
MySQL: 4.0.15-13

*** console ***
user1@blackhole:~> cd 0progs/tss/
user1@blackhole:~/0progs/tss> ./server_linux
Error starting daemon. Aborted
user1@blackhole:~/0progs/tss> ll /usr/lib/libmysqlclient_r.so.12.0.0
-rwxr-xr-x 1 root root 249149 2003-10-02 22:22 /usr/lib/libmysqlclient_r.so.12.0.0
user1@blackhole:~/0progs/tss>
*** ende console ***

*** server.log ***
---------------------------------------------------------------
-------------- log started at 20-01-04 08:33 -------------
---------------------------------------------------------------
20-01-04 08:33:40,ALL,Info,server, Server init initialized
20-01-04 08:33:40,ALL,Info,server, Server version: 2.0.19.50 Linux
20-01-04 08:33:40,ERROR,All,SQL, Database initialization error: EDatabase Error.Unable to Load /usr/lib/libmysqlclient_r.so.12.0.0
20-01-04 08:33:40,ERROR,All,SERVER, Start_Server: unable to open database
----------------------------------------------------------
---------------------------------------------------------------
--------------- log ended at 20-01-04 08:33 --------------
---------------------------------------------------------------
*** ende server.log ***

*** server.ini ***
[DBEXPRESS]
sqldir=mysql_sql/
Drivername=mysql
Database=tsuser
Hostname=localhost
User_name=tss
Password=tss
GetDriverFunc=getSQLDriverMYSQL
VendorLib=/usr/lib/libmysqlclient_r.so.12.0.0
LibraryName=./libsqlmy.so
Active=1
*** ende server.ini ***

Today I updated our TS Server to b50.

During some Tests with MySQL (which still doesn't work :() I noticed that I can't start the server when the webpostscripts are running on our homepage.

I always got an error "TCPQueryPort in use". Without changing anything in the config Files it worked after I stopped the webserver. We are running 2 webpost scripts which query the server for user/channels on our homepage (maybe Ralf knows this page from his famous DF1 Days :D : http://kampfzone.org). Since we have heavy load on this site, the webpost skripts are called nearly every second.
As workaround I had to stop the webserver. I don't remember that earlier TS versions showed this behaviour.

----------
Update: I wrote a litte script which checks if TS is running, if not it trys to start the TS server continuously. After a 10-30 seconds the server is up (without stoping apache).

Ok.. I've done some farting around, and found out that yes, it is linked against libmysqlclient_r.so.10.0.0.

Essentially this means that it out of the box ONLY supports My SQL 3.23. All is not lost however.

Basically, if your using MySql 4.x then you need to get a 3.23 library that was compiled with compatible options.

If your using a 4.x binary install from mysql.com, then simply downloading 3.23 and extracting the libmysqlclient_r.so.10.0.0 will work. (Don't install 3.23 tho! Just put the file in the appropriate libs dir).

If your one of those people that compile their own versions of MySQL (Like me), you'll have to download the source to 3.23, configure it using the same configure line you used for 4.x, adding "--with-innodb" at the end if you need it (4.x compiles in innodb by default), and then "make". Once thats done, then copy the librarys out (srcpath/libmysql_r/.libs/libmysqlclient_r.so.10.0.0) to the appropriate library dir. BTW, if you didn't compile the first time with safethreads, you'll need to add that, and recompile your 4.x as well.

For the rest of you using a RPM/Package install, see if you can get a "compat" package.. if not, then download the mysql 3.2x package (without installing), and extract the libs out of it.

Make sure you edit the server.ini file to reflect the correct library locations!

Filename: INSTALL.mysql

---snip---
NOTE: To allow TeamSpeak to access the MySQL database the dbExpress driver from
Borland was used. It has only been verified to work with MySQL version 3.x - if
you need more info about dbExpress, you can contact Borland.
-------

Righto - Officially it doesn't support 4, but the 3.x client libraries can call into a 4.x system fine (just without the fancy 4.x calls).

I'm lovin the new version tho, I've already integrated the clients table to be linked against a user manage that exists for the website we use. It seems to work pretty good, and most status can be figured out by cross referencing data through the various tables. Pretty kool :)

@Mentaloid: Good work.

Maybe we should get Mentaloids description to a bit more prominent place?
I know this is only for the beta but since the last official release was quite a while ago the betas get used more frequently.

Uptime: 5D 22:53:26
Version: 2.0.19.50
Current Users: 67
Total logins: 1629

and still works.

Originally posted by Randall_James
Well personally I doubt that such security is all that necessary for a program like this.

What I mean what kind of data is being passed etc. Anyone willing to go to all the trouble to hack this I would just give a server to and save them the trouble. There is always a telephone, and guess what, bugs, taps and no password at all. :D

However, I feel that even if it is just a password to a page that does nothing more than tell you the time, you should never get in the habit of passing or storing plain text passwords. That way, when it matters, force of habit has you using obsecured/encrypted passwords.

BTW...folks generally follow patterns on their passwords, even if they do not realize it. Given one or two samples, the search realm for more critical passwords can often be reduced.

- Doug

Originally posted by madcat
cracking an md5 hash in good time is almost impossable (with normal hardware), i have the password file from the unix machienes from school, and i used "jack the ripper" to get a valid password (remember cracking the code does not mean you will get THE password) and it took over 90 days to get the password

but it depends on the protocol to be secure, if teamspeak only needs the md5 of the password, it can be sniffed and can be spoofed by an other user.

if you add an other value to that md5 it's impossable to crack

asume the password in md5 is available in the database of the server.

when a client enters his password the program first will md5 that password, and then add the current date (in GMT timezone) to that password and maybe even an other random number and sends that to the server

so MD5(MD5(passwd),timstamp)

so the password send over the net needs to be cracked in 1 day, which is imposable.
then the server does the same and match it.

MD5(passwd from DB,timestamp)

the only time the password only in md5 will be send is when a user is added by the client. but that would be acceptable i guess.

I wish I could quote multiple messages. A couple of points here.

1) The timestamp I mentioned is a POSIX time_t, which when combined with a window, renders it unusable outside of that window. If a two-way handshake is used to give the time to the client (which really should already know it, since NTP has been out in some form for many years), then we can use a window of no more than 5-10 seconds.

2) Determining MD5(passwd) from MD5(MD5(passwd)+salt) is not computationally insignificant. As noted in another of my notes, I am now up to 18000+ minutes of compute time to test this, and I have not even tested 2^64 of the possible combinations on AMD K7 machine which was the top of the line 6 months ago. By my estimations, this means that it would take at least 3.3E23 compute minutes (try 6.3E17 CPU YEARS!!!) using equivalent HW to exhaust the total domain in which the value of MD5(passwd) resides. Granted, collisions by MD5() could yield a result much sooner, but we cannot compute when we might see such a collision.

In summary, I would have to say that right now, I think that if MD5(passwd) were stored securly (say via a registration page using https), and the exchange resulted in the client transmitting MD5(MD5(passwd)+timestamp) and the server validating the same with a window, then such a system would be very secure.

- Doug

Hmmm,

i remember reading something about hashes of hashes being a BadThing(TM), but I cant find it right now...anybody know about this ?

hashes of hashed are quite common used, the second time it's just used as a normal string. so it's not realy a problem.

but you have to watch out for spaces or other wrong characters.

Just read this:

http://www.md5crk.com/

seems like md5 isnt a wise choice, SHA-1 or SHA-256 seem the way to go.

Originally posted by pwk.linuxfan
Just read this:

http://www.md5crk.com/

seems like md5 isnt a wise choice, SHA-1 or SHA-256 seem the way to go.

ah, i didn't know md5 was already to easy to break.

then you use SHA-256, but you still can match:
SHA-256(passwd from DB+date) against SHA-256(SHA-256(passwd)+date)

:) :( ;) :o :p :mad: :rolleyes: :confused: :eek: :cool: that is what is going in my mind

Originally posted by pwk.linuxfan
Just read this:

http://www.md5crk.com/

seems like md5 isnt a wise choice, SHA-1 or SHA-256 seem the way to go.

That project has been going on for over 5-6 years now, md5 is a good choice for quick encryption and throws off most attackers if used properly. Using SHA and higher encryption schemes is for the paranoid.

My suggestion is allowing for different hash schemes with md5 being the default for better security.

Great work with mysql support.
It's working really nice on my server.

About the kick idle function : can you add to the possible values something like :
16 kick only if client is NOT on moderate channel

I've a clan TS server and I've set up an Away channel which is moderated. That way when someone idle there it doesn't take any bandwidth, but still u can leave a msg to them and so on. Too bad the kick idle function as it is now will kick all the ones who idle there, so for us it's pretty much useless :(

Thanks again for your great work on ts2

I now get Database initialization error: EDatabaseError.dbExpress Error: Invalid Username/Password

I know that the username/password work correct with the teamspeak database. Any ideas? Need anymore information?

did you already notice that there is a new version which is called 2.0.20.1 ??? read the news-items, you're out of date if you're still posting in this thread...

cu
SatanClaus

PS: thread closed, please use the last official release: ( http://www.teamspeak.org/modules.php?op=modload&name=Downloads&file=index )
There are no planned developer releases for the TS2 series, we're working on TS3