#include "sv_demo.h"
#include "image.h"
+// for secure rcon authentication
+#include "hmac.h"
+#include "mdfour.h"
+#include <time.h>
+
int current_skill;
cvar_t sv_cheats = {0, "sv_cheats", "0", "enables cheat commands in any game, and cheat impulses in dpmod"};
cvar_t sv_adminnick = {CVAR_SAVE, "sv_adminnick", "", "nick name to use for admin messages instead of host name"};
cvar_t sv_status_privacy = {CVAR_SAVE, "sv_status_privacy", "0", "do not show IP addresses in 'status' replies to clients"};
cvar_t sv_status_show_qcstatus = {CVAR_SAVE, "sv_status_show_qcstatus", "0", "show the 'qcstatus' field in status replies, not the 'frags' field. Turn this on if your mod uses this field, and the 'frags' field on the other hand has no meaningful value."};
-cvar_t rcon_password = {CVAR_PRIVATE, "rcon_password", "", "password to authenticate rcon commands"};
+cvar_t rcon_password = {CVAR_PRIVATE, "rcon_password", "", "password to authenticate rcon commands; NOTE: changing rcon_secure clears rcon_password, so set rcon_secure always before rcon_password"};
+cvar_t rcon_secure = {CVAR_NQUSERINFOHACK, "rcon_secure", "0", "force secure rcon authentication (1 = time based, 2 = challenge based); NOTE: changing rcon_secure clears rcon_password, so set rcon_secure always before rcon_password"};
+cvar_t rcon_secure_challengetimeout = {0, "rcon_secure_challengetimeout", "5", "challenge-based secure rcon: time out requests if no challenge came within this time interval"};
cvar_t rcon_address = {0, "rcon_address", "", "server address to send rcon commands to (when not connected to a server)"};
cvar_t team = {CVAR_USERINFO | CVAR_SAVE, "team", "none", "QW team (4 character limit, example: blue)"};
cvar_t skin = {CVAR_USERINFO | CVAR_SAVE, "skin", "", "QW player skin name (example: base)"};
if (!sv.active)
return;
- SV_VM_Begin();
+ if(cmd_source == src_command)
+ SV_VM_Begin();
in = 0;
if (Cmd_Argc() == 2)
packetloss = 0;
if (client->netconnection)
for (j = 0;j < NETGRAPH_PACKETS;j++)
- if (client->netconnection->incoming_unreliablesize[j] == NETGRAPH_LOSTPACKET)
+ if (client->netconnection->incoming_netgraph[j].unreliablebytes == NETGRAPH_LOSTPACKET)
packetloss++;
packetloss = packetloss * 100 / NETGRAPH_PACKETS;
ping = bound(0, (int)floor(client->ping*1000+0.5), 9999);
if (in == 0) // default layout
{
- print ("#%-3u ", i+1);
- print ("%-16.16s ", client->name);
- print ("%4i ", frags);
- print ("%2i:%02i:%02i\n ", hours, minutes, seconds);
- print ("%s\n", ip);
+ print ("#%-3u %-16.16s %3i %2i:%02i:%02i\n", i+1, client->name, frags, hours, minutes, seconds);
+ print (" %s\n", ip);
}
else if (in == 1) // extended layout
{
- k%2 ? print("^3") : print("^7");
- print ("%-21s ", ip);
- print ("%2i ", packetloss);
- print ("%4i ", ping);
- print ("%2i:%02i:%02i ", hours, minutes, seconds);
- print ("%4i ", frags);
- print ("#%-3u ", i+1);
- print ("^7%s\n", client->name);
+ print ("%s%-21s %2i %4i %2i:%02i:%02i %4i #%-3u ^7%s\n", k%2 ? "^3" : "^7", ip, packetloss, ping, hours, minutes, seconds, frags, i+1, client->name);
}
else if (in == 2) // reduced layout
{
- k%2 ? print("^3") : print("^7");
- print ("%-21s ", ip);
- print ("#%-3u ", i+1);
- print ("^7%s\n", client->name);
+ print ("%s%-21s #%-3u ^7%s\n", k%2 ? "^3" : "^7", ip, i+1, client->name);
}
}
- SV_VM_End();
+ if(cmd_source == src_command)
+ SV_VM_End();
}
CL_Disconnect ();
Host_ShutdownServer();
+ if(svs.maxclients != svs.maxclients_next)
+ {
+ svs.maxclients = svs.maxclients_next;
+ if (svs.clients)
+ Mem_Free(svs.clients);
+ svs.clients = (client_t *)Mem_Alloc(sv_mempool, sizeof(client_t) * svs.maxclients);
+ }
+
// remove menu
key_dest = key_game;
Con_Print("connect <serveraddress> : connect to a multiplayer game\n");
return;
}
+ // clear the rcon password, to prevent vulnerability by stuffcmd-ing a connect command
+ if(!rcon_secure.integer)
+ Cvar_SetQuick(&rcon_password, "");
CL_EstablishConnection(Cmd_Argv(1));
}
// link it into the bsp tree
if (!ent->priv.server->free)
- SV_LinkEdict (ent, false);
+ SV_LinkEdict(ent);
}
end = t;
if (i >= 0 && i < MAX_MODELS)
{
strlcpy(sv.model_precache[i], com_token, sizeof(sv.model_precache[i]));
- sv.models[i] = Mod_ForName (sv.model_precache[i], true, false, false);
+ sv.models[i] = Mod_ForName (sv.model_precache[i], true, false, sv.model_precache[i][0] == '*' ? sv.modelname : NULL);
}
else
Con_Printf("unsupported model %i \"%s\"\n", i, com_token);
{
int i, j;
qboolean valid_colors;
+ const char *newNameSource;
char newName[sizeof(host_client->name)];
if (Cmd_Argc () == 1)
{
- Con_Printf("\"name\" is \"%s\"\n", cl_name.string);
+ Con_Printf("name: %s\n", cl_name.string);
return;
}
if (Cmd_Argc () == 2)
- strlcpy (newName, Cmd_Argv(1), sizeof (newName));
+ newNameSource = Cmd_Argv(1);
else
- strlcpy (newName, Cmd_Args(), sizeof (newName));
+ newNameSource = Cmd_Args();
+
+ strlcpy(newName, newNameSource, sizeof(newName));
if (cmd_source == src_command)
{
Cvar_Set ("_cl_name", newName);
+ if (strlen(newNameSource) >= sizeof(newName)) // overflowed
+ {
+ Con_Printf("Your name is longer than %i chars! It has been truncated.\n", (int) (sizeof(newName) - 1));
+ Con_Printf("name: %s\n", cl_name.string);
+ }
return;
}
i++;
continue;
}
- if (host_client->name[i+1] == STRING_COLOR_RGB_DEFAULT && isxdigit(host_client->name[i+2]) && isxdigit(host_client->name[i+3]) && isxdigit(host_client->name[i+4]))
+ if (host_client->name[i+1] == STRING_COLOR_RGB_TAG_CHAR && isxdigit(host_client->name[i+2]) && isxdigit(host_client->name[i+3]) && isxdigit(host_client->name[i+4]))
{
j = i;
i += 4;
if (!e)
return;
- m = Mod_ForName (Cmd_Argv(1), false, true, false);
+ m = Mod_ForName (Cmd_Argv(1), false, true, NULL);
if (!m || !m->loaded || !m->Draw)
{
Con_Printf("viewmodel: can't load %s\n", Cmd_Argv(1));
if (Cmd_Argc() != 2)
{
- Con_Printf("\"maxplayers\" is \"%u\"\n", svs.maxclients);
+ Con_Printf("\"maxplayers\" is \"%u\"\n", svs.maxclients_next);
return;
}
if (sv.active)
{
Con_Print("maxplayers can not be changed while a server is running.\n");
- return;
+ Con_Print("It will be changed on next server startup (\"map\" command).\n");
}
n = atoi(Cmd_Argv(1));
n = bound(1, n, MAX_SCOREBOARD);
Con_Printf("\"maxplayers\" set to \"%u\"\n", n);
- if (svs.clients)
- Mem_Free(svs.clients);
- svs.maxclients = n;
- svs.clients = (client_t *)Mem_Alloc(sv_mempool, sizeof(client_t) * svs.maxclients);
+ svs.maxclients_next = n;
if (n == 1)
Cvar_Set ("deathmatch", "0");
else
Cvar_Set ("deathmatch", "1");
}
+/*
+=====================
+Host_PQRcon_f
+
+ProQuake rcon support
+=====================
+*/
+void Host_PQRcon_f (void)
+{
+ int i;
+ lhnetaddress_t to;
+ lhnetsocket_t *mysocket;
+ char peer_address[64];
+
+ if (!rcon_password.string || !rcon_password.string[0] || rcon_secure.integer)
+ {
+ Con_Printf ("You must set rcon_password before issuing an pqrcon command, and rcon_secure must be 0.\n");
+ return;
+ }
+
+ for (i = 0;rcon_password.string[i];i++)
+ {
+ if (ISWHITESPACE(rcon_password.string[i]))
+ {
+ Con_Printf("rcon_password is not allowed to have any whitespace.\n");
+ return;
+ }
+ }
+
+ if (cls.netcon)
+ {
+ InfoString_GetValue(cls.userinfo, "*ip", peer_address, sizeof(peer_address));
+ }
+ else
+ {
+ if (!rcon_address.string[0])
+ {
+ Con_Printf ("You must either be connected, or set the rcon_address cvar to issue rcon commands\n");
+ return;
+ }
+ strlcpy(peer_address, rcon_address.string, strlen(rcon_address.string)+1);
+ }
+ LHNETADDRESS_FromString(&to, peer_address, sv_netport.integer);
+ mysocket = NetConn_ChooseClientSocketForAddress(&to);
+ if (mysocket)
+ {
+ SZ_Clear(&net_message);
+ MSG_WriteLong (&net_message, 0);
+ MSG_WriteByte (&net_message, CCREQ_RCON);
+ MSG_WriteString (&net_message, rcon_password.string);
+ MSG_WriteString (&net_message, Cmd_Args());
+ *((int *)net_message.data) = BigLong(NETFLAG_CTL | (net_message.cursize & NETFLAG_LENGTH_MASK));
+ NetConn_Write(mysocket, net_message.data, net_message.cursize, &to);
+ SZ_Clear (&net_message);
+ }
+}
+
//=============================================================================
// QuakeWorld commands
LHNETADDRESS_FromString(&to, rcon_address.string, sv_netport.integer);
}
mysocket = NetConn_ChooseClientSocketForAddress(&to);
- if (mysocket)
+ if (mysocket && Cmd_Args()[0])
{
// simply put together the rcon packet and send it
- NetConn_WriteString(mysocket, va("\377\377\377\377rcon %s %s", rcon_password.string, Cmd_Args()), &to);
+ if(Cmd_Argv(0)[0] == 's' || rcon_secure.integer > 1)
+ {
+ if(cls.rcon_commands[cls.rcon_ringpos][0])
+ {
+ char s[128];
+ LHNETADDRESS_ToString(&cls.rcon_addresses[cls.rcon_ringpos], s, sizeof(s), true);
+ Con_Printf("rcon to %s (for command %s) failed: too many buffered commands (possibly increase MAX_RCONS)\n", s, cls.rcon_commands[cls.rcon_ringpos]);
+ cls.rcon_commands[cls.rcon_ringpos][0] = 0;
+ --cls.rcon_trying;
+ }
+ for (i = 0;i < MAX_RCONS;i++)
+ if(cls.rcon_commands[i][0])
+ if (!LHNETADDRESS_Compare(&to, &cls.rcon_addresses[i]))
+ break;
+ ++cls.rcon_trying;
+ if(i >= MAX_RCONS)
+ NetConn_WriteString(mysocket, "\377\377\377\377getchallenge", &to); // otherwise we'll request the challenge later
+ strlcpy(cls.rcon_commands[cls.rcon_ringpos], Cmd_Args(), sizeof(cls.rcon_commands[cls.rcon_ringpos]));
+ cls.rcon_addresses[cls.rcon_ringpos] = to;
+ cls.rcon_timeout[cls.rcon_ringpos] = realtime + rcon_secure_challengetimeout.value;
+ cls.rcon_ringpos = (cls.rcon_ringpos + 1) % MAX_RCONS;
+ }
+ else if(rcon_secure.integer)
+ {
+ char buf[1500];
+ char argbuf[1500];
+ dpsnprintf(argbuf, sizeof(argbuf), "%ld.%06d %s", (long) time(NULL), (int) (rand() % 1000000), Cmd_Args());
+ memcpy(buf, "\377\377\377\377srcon HMAC-MD4 TIME ", 24);
+ if(HMAC_MDFOUR_16BYTES((unsigned char *) (buf + 24), (unsigned char *) argbuf, strlen(argbuf), (unsigned char *) rcon_password.string, strlen(rcon_password.string)))
+ {
+ buf[40] = ' ';
+ strlcpy(buf + 41, argbuf, sizeof(buf) - 41);
+ NetConn_Write(mysocket, buf, 41 + strlen(buf + 41), &to);
+ }
+ }
+ else
+ {
+ NetConn_WriteString(mysocket, va("\377\377\377\377rcon %s %s", rcon_password.string, Cmd_Args()), &to);
+ }
}
}
in = Cmd_Argv(2);
out = send+4;
- send[0] = send[1] = send[2] = send[3] = 0xff;
+ send[0] = send[1] = send[2] = send[3] = -1;
l = (int)strlen (in);
for (i=0 ; i<l ; i++)
packetloss = 0;
if (svs.clients[i].netconnection)
for (j = 0;j < NETGRAPH_PACKETS;j++)
- if (svs.clients[i].netconnection->incoming_unreliablesize[j] == NETGRAPH_LOSTPACKET)
+ if (svs.clients[i].netconnection->incoming_netgraph[j].unreliablebytes == NETGRAPH_LOSTPACKET)
packetloss++;
packetloss = packetloss * 100 / NETGRAPH_PACKETS;
ping = (int)floor(svs.clients[i].ping*1000+0.5);
Cvar_RegisterVariable (&rcon_password);
Cvar_RegisterVariable (&rcon_address);
- Cmd_AddCommand ("rcon", Host_Rcon_f, "sends a command to the server console (if your rcon_password matches the server's rcon_password), or to the address specified by rcon_address when not connected (again rcon_password must match the server's)");
+ Cvar_RegisterVariable (&rcon_secure);
+ Cvar_RegisterVariable (&rcon_secure_challengetimeout);
+ Cmd_AddCommand ("rcon", Host_Rcon_f, "sends a command to the server console (if your rcon_password matches the server's rcon_password), or to the address specified by rcon_address when not connected (again rcon_password must match the server's); note: if rcon_secure is set, client and server clocks must be synced e.g. via NTP");
+ Cmd_AddCommand ("srcon", Host_Rcon_f, "sends a command to the server console (if your rcon_password matches the server's rcon_password), or to the address specified by rcon_address when not connected (again rcon_password must match the server's); this always works as if rcon_secure is set; note: client and server clocks must be synced e.g. via NTP");
+ Cmd_AddCommand ("pqrcon", Host_PQRcon_f, "sends a command to a proquake server console (if your rcon_password matches the server's rcon_password), or to the address specified by rcon_address when not connected (again rcon_password must match the server's)");
Cmd_AddCommand ("user", Host_User_f, "prints additional information about a player number or name on the scoreboard");
Cmd_AddCommand ("users", Host_Users_f, "prints additional information about all players on the scoreboard");
Cmd_AddCommand ("fullserverinfo", Host_FullServerinfo_f, "internal use only, sent by server to client to update client's local copy of serverinfo string");
projects / xonotic / darkplaces.git / blobdiff