Added server-side test to see if client is authorised to send commands.

src/network/protocols/server_lobby_room_protocol.cpp

@@ -85,7 +85,7 @@ bool ServerLobbyRoomProtocol::notifyEventAsynchronous(Event* event)
         switch(message_type)
         {
         case LE_CONNECTION_REQUESTED: connectionRequested(event); break;
-        case LE_REQUEST_BEGIN: startSelection();                  break;
+        case LE_REQUEST_BEGIN: startSelection(event);             break;
         case LE_KART_SELECTION: kartSelectionRequested(event);    break;
         case LE_VOTE_MAJOR: playerMajorVote(event);               break;
         case LE_VOTE_RACE_COUNT: playerRaceCountVote(event);      break;
@@ -229,9 +229,18 @@ void ServerLobbyRoomProtocol::startGame()
 }   // startGame
 
 //-----------------------------------------------------------------------------
-
-void ServerLobbyRoomProtocol::startSelection()
+/** Instructs all clients to start the kart selection. If event is not NULL,
+ *  the command comes from a client (which needs to be authorised).
+ */
+void ServerLobbyRoomProtocol::startSelection(const Event *event)
 {
+    if(event && !STKHost::get()->isAuthorisedToControl(event->getPeer()))
+    {
+        Log::warn("ServerLobby", 
+                  "Client %lx is not authorised to start selection.",
+                  event->getPeer());
+        return;
+    }
     const std::vector<STKPeer*> &peers = STKHost::get()->getPeers();
     for (unsigned int i = 0; i < peers.size(); i++)
     {

src/network/protocols/server_lobby_room_protocol.hpp

@@ -49,7 +49,7 @@ public:
     virtual void asynchronousUpdate() {};
 
     void startGame();
-    void startSelection();
+    void startSelection(const Event *event=NULL);
     void checkIncomingConnectionRequests();
     void checkRaceFinished();
 

src/network/stk_host.cpp

@@ -411,11 +411,30 @@ bool STKHost::isAuthorisedToControl() const
 
     return true;
 
-    // Does not yet work: m_peers[0] has address 0xcdcdcdcd
+    // FIXME Does not yet work: m_peers[0] has address 0xcdcdcdcd on client
     Server *server = ServersManager::get()->getJoinedServer();
     return m_peers[0]->getAddress() == server->getAddress().getIP();
 }   // isAuthorisedToControl
 
+// ----------------------------------------------------------------------------
+/** Server-side check if the client sending a command is really authorised 
+ *  to do so.
+ *  \param peer Peer sending the command.
+ */
+bool STKHost::isAuthorisedToControl(const STKPeer *peer) const 
+{
+    // If we are not properly connected (i.e. only enet connection, but not
+    // stk logic), no peer is authorised.
+    if(m_peers.size()==0)
+        return false;
+
+    //FIXME
+    return true;
+
+    // getAddress returns 0 on server
+   return peer->getAddress()==getAddress();
+}   // isAuthorisedToControl
+
 // ----------------------------------------------------------------------------
 /** \brief Thread function checking if data is received.
  *  This function tries to get data from network low-level functions as

src/network/stk_host.hpp

@@ -148,6 +148,7 @@ public:
     uint16_t    getPort() const;
     void        setErrorMessage(const irr::core::stringw &message);
     bool        isAuthorisedToControl() const;
+    bool        isAuthorisedToControl(const STKPeer *peer) const;
     const irr::core::stringw& 
                 getErrorMessage() const;