ok I'm not planning any big changes, but its more related to ensuring people using your server are using the ltktbm client.
basicaly its a cl_pure setting for ltktbm, and a new command that will be sent to clients. (a simple Q2 client with the ability to connect to these servers wil be provided as a precaution)
what happens is, the server can send various commands to clients, these are usually used for generating client side effects such as smoke or blood, (you may of seen ones such as TE_BLOOD).
to start with it wont be very secure, but I can improve it at a later date.
what will happen is just after a client connects if the server has cl_pure set, first it will send a (custom) message to them like "This server requires you use a pure version of ltktbm, if you are not you will find yourself disconnected shortly", then it will send a new one, TE_IDENTIFY followed by some random numbers, if the client is using a standard Q2 client, they will then drop with with an error message. If they are using the ltktbm client, they will then will then automatically send the server command "IAM" followed by the server numbers run through a simple encryption algorithm, if the key used to encrypt these numbers is the same as the servers, they (and only they) will recieve a message "Authentication complete", and they will stay connected, if the server doesn't recognise the response it will then kick them with a custom reason.
this way the source can remain open, but the actual key used in the encryption will not be provided and will be tied into the exe, gl and soft drivers.
if the client has cl_pure set, they will not be able to modify gl_modulate and certain other settings, if they dont then these settings will be open (but they wont complete the authorisation on pure servers)
So what happens if someone modifys the source so they can change gl_modulate when cl_pure is enabled
well, their source will compile, and they will then be able to change gl_modulate and the other settings with cl_pure enabled. However, because this source wasn't compiled using the 'official key' when the server sends the TE_IDENTIFY command they will respond incorrectly and be kicked.
What if I play on servers that dont enforce cl_pure, such as non tbm action servers
you can set cl_pure to 0 and have the same access to gl_modulate and other settings as everyone else.
simple yet effective.