[Security] Disable BungeeCord hook if the proxy is disable in Spigot (#2572 from @Ghost-chu)

If Spigot is running without a proxy, an incoming BungeeCord can also originate from a malicious player. This happens, because there is no proxy preventing this message. There appears to be no method to check if this message comes from a trusted source from the Bukkit side. This implementation checks if BungeeCord support is enabled in Spigot. This means that we notify them that we actually expect a proxy enabled configuration for this feature. This solves the issue, where the hook was enabled, because the server was earlier configured with proxies in mind, but they are no longer used. **Nevertheless** this doesn't fully solve the issue, because in misconfigured setups, where the Spigot server is publicly accessible, it's still possible. However this is always a recommended configuration step. Alternative solutions were rejected like: 1) Check on incoming BungeeCord message, if we received BungeeCord forwarding data during login This data can be fully faked by the player too. 2) Check the connection properties if the appearing proxy is local. While this is possible, there instance that the proxy is not on the same network although it's legitimate. Although it could be possible to introduce this with a configuration option, but it would increase the complexity for users. Related #2559 Related #2571
2022-07-06 15:08:08 +02:00 · 2022-07-06 15:08:08 +02:00 · 32d92e13c5
commit 32d92e13c5
parent 3892bb6923 25cf85a7dc
2 changed files with 13 additions and 3 deletions
--- a/src/main/java/fr/xephi/authme/service/bungeecord/BungeeReceiver.java
+++ b/src/main/java/fr/xephi/authme/service/bungeecord/BungeeReceiver.java
@ -20,7 +20,7 @@ import javax.inject.Inject;
 import java.util.Optional;

 public class BungeeReceiver implements PluginMessageListener, SettingsDependent {
-    
+
    private final ConsoleLogger logger = ConsoleLoggerFactory.get(BungeeReceiver.class);

    private final AuthMe plugin;
@ -45,7 +45,9 @@ public class BungeeReceiver implements PluginMessageListener, SettingsDependent
    @Override
    public void reload(final Settings settings) {
        this.isEnabled = settings.getProperty(HooksSettings.BUNGEECORD);
-
+        if (this.isEnabled) {
+            this.isEnabled = bukkitService.isBungeeCordConfiguredForSpigot().orElse(false);
+        }
        if (this.isEnabled) {
            final Messenger messenger = plugin.getServer().getMessenger();
            if (!messenger.isIncomingChannelRegistered(plugin, "BungeeCord")) {
@ -159,7 +161,7 @@ public class BungeeReceiver implements PluginMessageListener, SettingsDependent
            proxySessionManager.processProxySessionMessage(name);
            logger.info("The user " + name + " should be automatically logged in, "
                + "as requested via plugin messaging but has not been detected, nickname has been"
-                +" added to autologin queue.");
+                + " added to autologin queue.");
        }
    }

--- a/src/main/java/fr/xephi/authme/settings/SettingsWarner.java
+++ b/src/main/java/fr/xephi/authme/settings/SettingsWarner.java
@ -67,6 +67,14 @@ public class SettingsWarner {
                + " AuthMeBungee add-on to work properly you have to enable this option!");
        }

+        if (!isTrue(bukkitService.isBungeeCordConfiguredForSpigot())
+            && settings.getProperty(HooksSettings.BUNGEECORD)) {
+            logger.warning("Note: Hooks.bungeecord is set to true but your server appears to be running in"
+                + " non-bungeecord mode (see your spigot.yml). In order to prevent untrusted payload attack, "
+                + "BungeeCord hook will be automatically disabled!");
+        }
+
+
        // Check if argon2 library is present and can be loaded
        if (settings.getProperty(SecuritySettings.PASSWORD_HASH).equals(HashAlgorithm.ARGON2)
            && !Argon2.isLibraryLoaded()) {