[Tool] AdminServ 2.1.0

[weerwolf]

Code: Select all

'mapsbasepath'   => '/gameserver/tmuf/dunnotrain/GameData/Tracks',

mapsbasepath is added to the build-in basepath (GameData/Tracks/)
so actually what this said was

/dedicated/GameData/Tracks//gameserver/tmuf/dunnotrain/GameData/Tracks

U can use this for examaple

Code: Select all

'mapsbasepath'   => 'Server1',

Which would set the basepath to:
/dedicated/GameData/Tracks/Server1

When u set matchsettings with given basepath

Code: Select all

'matchsettings'	=> 'MatchSettings/matchsettings.txt',

It points to
/dedicated/GameData/Tracks/Server1/MatchSettings/matchsettings.txt

This applies to TMF dedicated

For maniaplanet dedicated it would set to:
/dedicated/UserData/Maps/Server1

and matchsettings to
/dedicated/UserData/Maps/Server1/MatchSettings/matchsettings.txt

In this way u can do i nice organized structure to your multiple servers.

[Flighthigh]

Nothing helps. So i make the Test:

I put the Gameserver incl. all stuff like Expansion and Xaseco2 into the httpdocs-folder and start the Server from there.
The Gameserver works with XAseco2 and allso with eXpansion.
At this Point the AdminServ works with all i need. Mapupload > 0,8 MB works and i see the Folders where i can add Maps what i load up with FTP. So i see that my problems are a questions of the rights from the Home-Folder and behind there.

I can live with this.

[nighthawk4571]

[weerwolf]

all stuff like Expansion and Xaseco2 into the httpdocs-folder and start the Server from there.

That is VERY UNSAFE!

So i see that my problems are a questions of the rights from the Home-Folder and behind there.

What i said before

I do not know how u set up your domain, but usualy with hosters or control panels it looks like this:

/pathtoyourvhost/yourdomainname
Which typically has a map /httpdocs or /htdocs

httpdocs or htdocs and everything below that serves to the internet that makes it accesable for browsers.
All other maps in /yourdomainname are not served to the internet.
Often you will fin here /cgi-bin for scripts which the webserver is allowed to execute.

So if you want to do it more safe u will make a map e.g. /mpserver in the map /yourdomain
This is not reachable through internet, but the webserver may acces it.

--/example.org
--/example.org/mpserver
--/example.org/mpserver/xaseco2
--/example.org/mpserver/manialive
--/example.org/httpdocs/AdminServ

and in light of the basepath post above the folowing mapstructure

--/example.org/mpserver/UserData/Maps/Server1
--/example.org/mpserver/UserData/Maps/Server1/Maps
../example.org/mpserver/UserData/Maps/Server1/MatchSettings
../example.org/mpserver/UserData/Maps/Server2
../example.org/mpserver/UserData/Maps/Server2/Maps
../example.org/mpserver/UserData/Maps/Server2/MatchSettings

etc.

[aMariNe]

Hi is there a way to display the servers by type, i mean by that having different config files where i can put the joust servers, the elite one ..etc, etc..
Thx in advance, with regards, amarinediary.

[weerwolf]

Not that im aware of, but i arrange the servers by editing the config file in the desired order.
For example

Code: Select all

'Joust server1'	=> array(
'address'		=> 'localhost',
'port'			=> xxxxxx,
'mapsbasepath'	=> 'xxxxxx',
'matchsettings'	=> 'MatchSettings/xxxxxx.txt',
'adminlevel'	=> array('SuperAdmin' => 'all', 'Admin' => 'all', 'User' => 'all')
),

//// NEW JOUST SERVER? ADD IT IN THE CONFIG HERE ////

'Elite server 1'	=> array(
'address'		=> 'localhost',
'port'			=> xxxxxx,
'mapsbasepath'	=> 'xxxxxx',
'matchsettings'	=> 'MatchSettings/xxxxxx.txt',
'adminlevel'	=> array('SuperAdmin' => 'all', 'Admin' => 'all', 'User' => 'all')
),

'Elite server 2'	=> array(
'address'		=> 'localhost',
'port'			=> xxxxxx,
'mapsbasepath'	=> 'xxxxxx',
'matchsettings'	=> 'MatchSettings/xxxxxx.txt',
'adminlevel'	=> array('SuperAdmin' => 'all', 'Admin' => 'all', 'User' => 'all')
),

[Flighthigh]

all stuff like Expansion and Xaseco2 into the httpdocs-folder and start the Server from there.

That is VERY UNSAFE!

LoL Sorry i know what i do. I make this TM Server Stuff for about 6 Years. I write httpdocs-Folder. That isnt right. I mean the Domainfolder looks like your explanation. I hope that your blood presure isnt go to high.

[weerwolf]

LoL Sorry i know what i do. I make this TM Server Stuff for about 6 Years. I write httpdocs-Folder. That isnt right. I mean the Domainfolder looks like your explanation. I hope that your blood presure isnt go to high.

XD, well im here also for a long time (almost 8 years), and ive seen my share of unsafe setups and exploits
Just helping

[Flighthigh]

I have only one Server in the Domain-Folder for my Friend with his own AdminServ. This is the Server where we are talk about.
Then i have 2 Server for my own Community. This Servers runs in the /home/tm2-server/Server1 und server 2 Folders
Today i look into the AdminServ and there are all Folder what i miss before. Soon i load up a Map greater then 0,8 MB up and it works perfect. I do nothing there with the rights. I cant explain why i see the Folder 1 week ago not and why i cant load up Track greater then 0,8 MB. That is crasy. I will see this afternoon with a great check of AdminServ if all runs well.

[toffe]

The matchsettings and maps browser is very unsafe! It allows me to do a simple trick in the get request and navigate to the (for me) linux server root or to /etc. From there you can make folders, rename or delete folders.
Like this:

Code: Select all

https://*******/?p=maps-local&d=../../../../../../etc/

But after some more research I found out that you can even download files from another folder.

File Inclusion
I tested to download /etc/passwd and it was possible with the following hack in the map browser, search for the line that begins with:

Code: Select all

<input type="checkbox" name="map[]"

Then change value="Maps/orsomethinghere.gbx" to value="../../../../../../../../../../../etc/passwd" so that it is something like this:

Code: Select all

<input type="checkbox" name="map[]" value="../../../../../../../../../../../etc/passwd">

Then check the checkbox, click on download and there you go, you just received the /etc/passwd file!

For now, disable the permissions to show maps and matchsettings and edditing directories helps. But this really needs a fix!