X-Git-Url: http://de.git.xonotic.org/?a=blobdiff_plain;f=qcsrc%2Fserver%2Fipban.qc;h=b40a1e3a289ad682f95cfe8a96b35e83d84a9aa3;hb=b9892287df60503128fd17f1be8289b44243e179;hp=ad09772a5354548b64bbc12e656622cf1076f83a;hpb=420ea402654a79595838c48eddea825dac892016;p=xonotic%2Fxonotic-data.pk3dir.git diff --git a/qcsrc/server/ipban.qc b/qcsrc/server/ipban.qc index ad09772a5..b40a1e3a2 100644 --- a/qcsrc/server/ipban.qc +++ b/qcsrc/server/ipban.qc @@ -26,12 +26,12 @@ void OnlineBanList_SendBan(string ip, float bantime, string reason) string uri; float i, n; - uri = strcat( "action=ban&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=ban&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&ip=", uri_escape(ip)); uri = strcat(uri, "&duration=", ftos(bantime)); uri = strcat(uri, "&reason=", uri_escape(reason)); - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -48,10 +48,10 @@ void OnlineBanList_SendUnban(string ip) string uri; float i, n; - uri = strcat( "action=unban&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=unban&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&ip=", uri_escape(ip)); - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -85,7 +85,7 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) return; } - tokenize_console(cvar_string("g_ban_sync_uri")); + tokenize_console(autocvar_g_ban_sync_uri); uri = argv(id); print("Received ban list from ", uri, ": "); @@ -104,7 +104,7 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) return; } - syncinterval = cvar("g_ban_sync_interval"); + syncinterval = autocvar_g_ban_sync_interval; if(syncinterval == 0) { print("rejected (syncing disabled)\n"); @@ -155,19 +155,22 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) dprint(" timeleft=", ftos(timeleft), " reason=", reason); dprint(" serverip=", serverip, "\n"); - timeleft -= 1.5 * cvar("g_ban_sync_timeout"); + timeleft -= 1.5 * autocvar_g_ban_sync_timeout; if(timeleft < 0) continue; l = strlen(ip); - for(j = 0; j < l; ++j) - if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1) - { - print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n"); - goto skip; - } + if(l != 44) // length 44 is a cryptographic ID + { + for(j = 0; j < l; ++j) + if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1) + { + print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n"); + goto skip; + } + } - if(cvar("g_ban_sync_trusted_servers_verify")) + if(autocvar_g_ban_sync_trusted_servers_verify) if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1)) continue; @@ -189,11 +192,11 @@ void OnlineBanList_Think() string uri; float i, n; - if(cvar_string("g_ban_sync_uri") == "") + if(autocvar_g_ban_sync_uri == "") goto killme; - if(cvar("g_ban_sync_interval") == 0) // < 0 is okay, it means "sync on level start only" + if(autocvar_g_ban_sync_interval == 0) // < 0 is okay, it means "sync on level start only" goto killme; - argc = tokenize_console(cvar_string("g_ban_sync_trusted_servers")); + argc = tokenize_console(autocvar_g_ban_sync_trusted_servers); if(argc == 0) goto killme; @@ -204,12 +207,12 @@ void OnlineBanList_Think() OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i)); OnlineBanList_Servers = strzone(OnlineBanList_Servers); - uri = strcat( "action=list&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=list&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers)); - OnlineBanList_Timeout = time + cvar("g_ban_sync_timeout"); + OnlineBanList_Timeout = time + autocvar_g_ban_sync_timeout; - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -223,8 +226,8 @@ void OnlineBanList_Think() uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target } - if(cvar("g_ban_sync_interval") > 0) - self.nextthink = time + max(60, cvar("g_ban_sync_interval") * 60); + if(autocvar_g_ban_sync_interval > 0) + self.nextthink = time + max(60, autocvar_g_ban_sync_interval * 60); else goto killme; return; @@ -243,9 +246,7 @@ string ban_ip1; string ban_ip2; string ban_ip3; string ban_ip4; -#ifdef UID -string ban_uid; -#endif +string ban_idfp; void Ban_SaveBans() { @@ -296,7 +297,7 @@ void Ban_LoadBans() Ban_Delete(i); ban_count = 0; ban_loaded = TRUE; - n = tokenize_console(cvar_string("g_banned_list")); + n = tokenize_console(autocvar_g_banned_list); if(stof(argv(0)) == 1) { ban_count = (n - 1) / 2; @@ -316,17 +317,26 @@ void Ban_LoadBans() void Ban_View() { - float i; + float i, n; string msg; + + print("^2Listing all existing active bans:\n"); + for(i = 0; i < ban_count; ++i) { if(time > ban_expire[i]) continue; + + ++n; // total number of existing bans + msg = strcat("#", ftos(i), ": "); msg = strcat(msg, ban_ip[i], " is still banned for "); msg = strcat(msg, ftos(ban_expire[i] - time), " seconds"); - print(msg, "\n"); + + print(" ", msg, "\n"); } + + print("^2Done listing all active (", ftos(n), ") bans.\n"); } float Ban_GetClientIP(entity client) @@ -335,43 +345,61 @@ float Ban_GetClientIP(entity client) float i1, i2, i3, i4; string s; + if(client.crypto_keyfp) + ban_idfp = client.crypto_idfp; + else + ban_idfp = string_null; + s = client.netaddress; i1 = strstrofs(s, ".", 0); if(i1 < 0) - i1 = strstrofs(s, ":", 0); - if(i1 < 0) - return FALSE; + goto ipv6; i2 = strstrofs(s, ".", i1 + 1); - if(i2 < 0) - i2 = strstrofs(s, ":", i1 + 1); if(i2 < 0) return FALSE; i3 = strstrofs(s, ".", i2 + 1); - if(i3 < 0) - i3 = strstrofs(s, ":", i2 + 1); if(i3 < 0) return FALSE; i4 = strstrofs(s, ".", i3 + 1); - if(i4 < 0) - i4 = strstrofs(s, ":", i3 + 1); if(i4 >= 0) s = substring(s, 0, i4); - ban_ip1 = substring(s, 0, i1); - ban_ip2 = substring(s, 0, i2); - ban_ip3 = substring(s, 0, i3); - ban_ip4 = strcat1(s); -#ifdef UID - ban_uid = client.uid; -#endif + ban_ip1 = substring(s, 0, i1); // 8 + ban_ip2 = substring(s, 0, i2); // 16 + ban_ip3 = substring(s, 0, i3); // 24 + ban_ip4 = strcat1(s); // 32 + return TRUE; + +:ipv6 + i1 = strstrofs(s, ":", 0); + if(i1 < 0) + return FALSE; + i1 = strstrofs(s, ":", i1 + 1); + if(i1 < 0) + return FALSE; + i2 = strstrofs(s, ":", i1 + 1); + if(i2 < 0) + return FALSE; + i3 = strstrofs(s, ":", i2 + 1); + if(i3 < 0) + return FALSE; + + ban_ip1 = strcat(substring(s, 0, i1), "::/32"); // 32 + ban_ip2 = strcat(substring(s, 0, i2), "::/48"); // 48 + ban_ip4 = strcat(substring(s, 0, i3), "::/64"); // 64 + + if(i3 - i2 > 3) // means there is more than 2 digits and a : in the range + ban_ip3 = strcat(substring(s, 0, i2), ":", substring(s, i2 + 1, i3 - i2 - 3), "00::/56"); + else + ban_ip3 = strcat(substring(s, 0, i2), ":0::/56"); return TRUE; } float Ban_IsClientBanned(entity client, float idx) { - float i, b, e; + float i, b, e, ipbanned; if(!ban_loaded) Ban_LoadBans(); if(!Ban_GetClientIP(client)) @@ -386,20 +414,22 @@ float Ban_IsClientBanned(entity client, float idx) b = idx; e = idx + 1; } + ipbanned = FALSE; for(i = b; i < e; ++i) { string s; if(time > ban_expire[i]) continue; s = ban_ip[i]; - if(ban_ip1 == s) return TRUE; - if(ban_ip2 == s) return TRUE; - if(ban_ip3 == s) return TRUE; - if(ban_ip4 == s) return TRUE; -#ifdef UID - if(ban_uid == s) return TRUE; -#endif + if(ban_ip1 == s) ipbanned = TRUE; + if(ban_ip2 == s) ipbanned = TRUE; + if(ban_ip3 == s) ipbanned = TRUE; + if(ban_ip4 == s) ipbanned = TRUE; + if(ban_idfp == s) return TRUE; } + if(ipbanned) + if(!autocvar_g_banned_list_idmode || !ban_idfp) + return TRUE; return FALSE; } @@ -543,12 +573,9 @@ void Ban_KickBanClient(entity client, float bantime, float masksize, string reas default: Ban_Insert(ban_ip4, bantime, reason, 1); break; -#ifdef UID - case 0: - Ban_Insert(ban_uid, bantime, reason, 1); - break; -#endif } + if(ban_idfp) + Ban_Insert(ban_idfp, bantime, reason, 1); /* * not needed, as we enforce the ban in Ban_Insert anyway // and kick him @@ -556,79 +583,3 @@ void Ban_KickBanClient(entity client, float bantime, float masksize, string reas dropclient(client); */ } - -float GameCommand_Ban(string command) -{ - float argc; - float bantime; - entity client; - float entno; - float masksize; - string reason; - float reasonarg; - - argc = tokenize_console(command); - if(argv(0) == "help") - { - print(" kickban # n m p reason - kickban player n for m seconds, using mask size p (1 to 4)\n"); - print(" ban ip m reason - ban an IP or range (incomplete IP, like 1.2.3) for m seconds\n"); - print(" bans - list all existing bans\n"); - print(" unban n - delete the entry #n from the bans list\n"); - return TRUE; - } - if(argv(0) == "kickban") - { -#define INITARG(c) reasonarg = c -#define GETARG(v,d) if((argc > reasonarg) && ((v = stof(argv(reasonarg))) != 0)) ++reasonarg; else v = d -#define RESTARG(v) if(argc > reasonarg) v = substring(command, argv_start_index(reasonarg), strlen(command) - argv_start_index(reasonarg)); else v = "" - if(argc >= 3) - { - entno = stof(argv(2)); - if(entno > maxclients || entno < 1) - return TRUE; - client = edict_num(entno); - - INITARG(3); - GETARG(bantime, cvar("g_ban_default_bantime")); - GETARG(masksize, cvar("g_ban_default_masksize")); - RESTARG(reason); - - Ban_KickBanClient(client, bantime, masksize, reason); - return TRUE; - } - } - else if(argv(0) == "ban") - { - if(argc >= 2) - { - string ip; - ip = argv(1); - - INITARG(2); - GETARG(bantime, cvar("g_ban_default_bantime")); - RESTARG(reason); - - Ban_Insert(ip, bantime, reason, 1); - return TRUE; - } -#undef INITARG -#undef GETARG -#undef RESTARG - } - else if(argv(0) == "bans") - { - Ban_View(); - return TRUE; - } - else if(argv(0) == "unban") - { - if(argc >= 2) - { - float who; - who = stof(argv(1)); - Ban_Delete(who); - return TRUE; - } - } - return FALSE; -}