Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 6 of 6
  1. #1
    Join Date
    January 2010
    Location
    Germany
    Posts
    10

    Prevent Guests from connecting OR prevent server to create line in client table?

    Hi out there!

    I'd like to setup a TS3 server so that I know who is who and who is on it. Part of that is to sync the client_id in client table with an external forum/external account db.

    Problem is... Guest can connect to the server and for every new guest the server creates a new line, so takes away a client_id that maybe used by the forum in the future -> collision.

    I tried around for a couple of days but could not find a way to block guest/so far unkown clients OR prevent the server to create client_id lines in client table.

    Any idea how to get to one of these points?


    Why do I want to do that? (bigger part only for interested people):

    Well... I have a community and i want to know which user on the TS3 server is who in forum/external account db.

    So I came up with the idea to generate for every existing and new user the corresponding line inside the client table to sync the client_id field with my already existing account ids, besides setting client_descripting to the account name and not allowing it to change.
    That way nobody can mess around by hiding behind an anonymous public key and is well aware that he/she can be matched to the forum account id.

    In order to create the line inside the client table with the users public key I'll give them a form in their account management page where they should tell me there public key so I can insert that into or change their TS3 client tables line.

    Why such a complicated thing?
    Well... I read the forum carefully... but I couldn't find any realy trustfull method to give my users access to the TS3 server AND realy know what forum account belongs to a loged in client on the TS3 server.

    I know there are things like:

    <a href="ts3server://voice.teamspeak.com?nickname=UsErNaMe&token=NulDTa zANJRDQd/ArP8yb+m0Hea2AbqB3scKSvz/">Connect to TS3 server</a>

    but they themselves can extract the token and use it to connect with a different nickname, besides every login they can change the nickname, and I will never realy know which forum account the user belongs to since the token is deleted after activating the TS3 account.

    The account creation must be initialised by the server itself to match an account to an external account db. And other as described above I don't see a way.

    So I need to prevent guest from joining the TS3 server OR if that's not possible, prevent the server to create a new line in the client table so my id match won't be messed up by collisions/already used client_ids when a new regular user registers.

    Hope I could make my problem clear and anybody can help me or event has the same problem.

    In the end I want to say that I like TS3. Not only because I can get rid of my third party TS2 mac client, also because of the new functionality. Only the public/private auth system... is... not made to fit into every requirement out there...

    Thanks in advance!

  2. #2
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192
    Hi,

    (a) set a random password as server password (one you don't remember and don't give anybody)
    (b) put people that should be able to connect to the server in a server group that has the permission b_virtualserver_join_ignore_password set (so they don't need that password)
    (c) For "new" members you create a token that
    (i) puts this user in a group that has b_virtualserver_join_ignore_password
    (ii) sets the custom field(s) on this client to contain any information you will need to recognize this client (e.g. forum user-name etc.)

    This token can be used on connect (a connect token), so you can join even without known/entering the server password. You can also make things easier for your users and give them a link (e.g. somewhere in the user panel of your forum/website that they just need to click, the link will contain your server IP, the nick-name to use and the token.
    Since the client is always associated with the user name via this token you can always know "who is who" by querying the custom fields (=> customsearch in query).

    Of course the users only need to use the connect token (or the special link) once, since then they are in the needed server group, from there on they can connect "normally" using the client (e.g. via bookmarks).

    For more information read the last few posts at http://forum.teamspeak.com/showthread.php?t=49091

  3. #3
    Join Date
    January 2010
    Location
    Germany
    Posts
    10
    Well... that's indeed a good solution.
    Big thangs for this short and clear explanation.

    I just have a little trouble with this part:
    (ii) sets the custom field(s) on this client to contain any information you will need to recognize this client (e.g. forum user-name etc.)

    HOW do I do that?
    On creating a token with the client I can only add a description and no token_customset nor the content of these.

    Where Do I define these customsets and append a token specific values like an external user-id/user-name?

  4. #4
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192
    Code:
    Usage: customsearch ident={ident} pattern={pattern}                                                                                                                                                                                                         
    
    Searches for custom client properties specified by ident and value. The value parameter can include regular characters and SQL wildcard characters (e.g. %).
    
    Example:
       customsearch ident=forum_account pattern=%ScP%
       cldbid=2 ident=forum_account value=ScP        
       error id=0 msg=ok
    Code:
    Usage: tokenadd tokentype={1|0} tokenid1={groupID} tokenid2={channelID} [tokendescription={description}] [tokencustomset={customFieldSet}]
    
    Create a new token. If tokentype is set to 0, the ID specified with tokenid1 will be a server group ID. Otherwise, tokenid1 is used as a channel group ID and you need to provide a valid channel ID using tokenid2.
    
    The tokencustomset parameter allows you to specify a set of custom client properties. This feature can be used when generating tokens to combine a website account database with a TeamSpeak user. The syntax of the value needs to be escaped using the ServerQuery escape patterns and has to follow the general syntax of:
    
    ident=ident1 value=value1|ident=ident2 value=value2|ident=ident3 value=value3
    
    Example:
       tokenadd tokentype=0 tokenid1=6 tokenid2=0 tokendescription=Test\stoken\swith\scustom\sset tokencustomset=ident=forum_user\svalue=Sven\sPaulsen\pident=forum_id\svalue=123
       token=eKnFZQ9EK7G7MhtuQB6+N2B1PNZZ6OZL3ycDp2OW
       error id=0 msg=ok

  5. #5
    Join Date
    January 2010
    Location
    Germany
    Posts
    10
    Thanks.

    Sorry, I didn't ask accurate enaught xD

    I want to add tokens directly into db. As far as I understood I can generated random strings as tokens and insert them.

    So I wanted to know how the format or a SQL dump of such a token line would look light when it has additinal information appended.

    Well, I would look myself but...

    login serveradmin uVDdvQTh
    everything fine
    use 1
    everything fine

    but...
    tokenadd tokentype=0 tokenid1=7 tokenid2=0
    ->
    error id=0 msg=ok (49 ms)
    error id=2568 msg=insufficient\sclient\spermissions failed_permid=8739 (49 ms)
    Total: 98 ms

    And this was done on a complete fresh initialised server instance where I just used the admin token and tried to log into the ServerQuery manager inside the client.
    So I can't look myself how the generated db entry of a token will look like.


    And I came up with an other problem of this solution.
    With TS2 I could sync username/password of an external account with the TS2 account.
    So giving away your own TS2 login data to a person would allow this person to login to your external whatever account. Assuming that the TS2 account is not that critical but the external account is... no one ever did that because of the equality of the login data with the external account.
    Wit this solution you could give away your TS3 token without worrying about your external account.
    It feels for me that this cohesion beetween accounts and TS2 account is lost in the TS3 model.
    This was important to me, or better said, my server requirments... but I think this can't be achieved anymore!?

    I'll add at this point that I very well know what asynchronous encryption and public/private key models are and what they are good for. And I don't want to discuss about them in general. I'm happy to have them in mail and data exchange.

    So I'll came up with an other idea... is it planed to couple TS3 with already existing certificate systems (pointing at pkcs12)? So I could use my VerySign, CaCert, ... certificates to set up an TS3 client and use these public certificate information of a group to initialize and fill a servers client table?
    Or is the TS3 public/private key system meant to stay alone?
    It would be very interesting to be able to verify users by ther certificates that are signed by certification authorities or use the same pkcs12 certificate for email and TS3 that is sigend by my company or university.
    Last edited by Gucky; January 24th, 2010 at 06:02 PM.

  6. #6
    Join Date
    January 2010
    Location
    Germany
    Posts
    10
    Jipee, found out how to insert tokens.
    For everybody else:

    Code:
    INSERT INTO `tokens` VALUES ('1', 'Lf0DFou6CeV13HSRR5Fb1MvUJXA7TRR4fG9jA0Ud', '0', '6', '0', '1264354013', 'adminUser', 'ident=param1 value=value1|ident=param2 value=value2|ident=param3 value=value3');
    I did escape the values in the SQL field at first as in the serverquery command. That was nonsense.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Not possible] Prevent Guests from Listenning(Hear)
    By daniel974 in forum General Questions
    Replies: 5
    Last Post: April 28th, 2015, 03:12 PM
  2. [Not possible] Is it possible to prevent Guests from downloading avatars?
    By PatPeter in forum General Questions
    Replies: 1
    Last Post: April 15th, 2015, 08:07 AM
  3. How to prevent Guests to do anything on the server?
    By DoubleCore in forum Permission System
    Replies: 1
    Last Post: June 29th, 2012, 03:10 PM
  4. Replies: 1
    Last Post: September 25th, 2010, 09:34 AM
  5. Prevent guests from recording
    By MojoDK in forum General Questions
    Replies: 17
    Last Post: January 15th, 2010, 02:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •