3 #include <server/defs.qh>
4 #include <server/miscfunctions.qh>
5 #include "autocvars.qh"
6 #include "command/banning.qh"
8 #include "../common/constants.qh"
9 #include "../common/util.qh"
12 * Protocol of online ban list:
15 * GET g_ban_sync_uri?action=ban&hostname=...&ip=xxx.xxx.xxx&duration=nnnn&reason=...................
16 * (IP 1, 2, 3, or 4 octets, 3 octets for example is a /24 mask)
18 * GET g_ban_sync_uri?action=unban&hostname=...&ip=xxx.xxx.xxx
19 * - Querying the ban list
20 * GET g_ban_sync_uri?action=list&hostname=...&servers=xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;...
22 * shows the bans from the listed servers, and possibly others.
23 * Format of a ban is ASCII plain text, four lines per ban, delimited by
24 * newline ONLY (no carriage return):
26 * IP address (also 1, 2, 3, or 4 octets, delimited by dot)
27 * time left in seconds
29 * server IP that registered the ban
32 #define MAX_IPBAN_URIS (URI_GET_IPBAN_END - URI_GET_IPBAN + 1)
34 void OnlineBanList_SendBan(string ip, float bantime, string reason)
39 uri = strcat( "action=ban&hostname=", uri_escape(autocvar_hostname));
40 uri = strcat(uri, "&ip=", uri_escape(ip));
41 uri = strcat(uri, "&duration=", ftos(bantime));
42 uri = strcat(uri, "&reason=", uri_escape(reason));
44 n = tokenize_console(autocvar_g_ban_sync_uri);
45 if(n >= MAX_IPBAN_URIS)
47 for(i = 0; i < n; ++i)
49 if(strstrofs(argv(i), "?", 0) >= 0)
50 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
52 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
56 void OnlineBanList_SendUnban(string ip)
61 uri = strcat( "action=unban&hostname=", uri_escape(autocvar_hostname));
62 uri = strcat(uri, "&ip=", uri_escape(ip));
64 n = tokenize_console(autocvar_g_ban_sync_uri);
65 if(n >= MAX_IPBAN_URIS)
67 for(i = 0; i < n; ++i)
69 if(strstrofs(argv(i), "?", 0) >= 0)
70 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
72 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
76 string OnlineBanList_Servers;
77 float OnlineBanList_Timeout;
78 float OnlineBanList_RequestWaiting[MAX_IPBAN_URIS];
80 void OnlineBanList_URI_Get_Callback(float id, float status, string data)
92 if(id >= MAX_IPBAN_URIS)
94 LOG_INFO("Received ban list for invalid ID");
98 tokenize_console(autocvar_g_ban_sync_uri);
101 string prelude = strcat("Received ban list from ", uri, ": ");
103 if(OnlineBanList_RequestWaiting[id] == 0)
105 LOG_INFO(prelude, "rejected (unexpected)");
109 OnlineBanList_RequestWaiting[id] = 0;
111 if(time > OnlineBanList_Timeout)
113 LOG_INFO(prelude, "rejected (too late)");
117 syncinterval = autocvar_g_ban_sync_interval;
118 if(syncinterval == 0)
120 LOG_INFO(prelude, "rejected (syncing disabled)");
128 LOG_INFO(prelude, "error: status is ", ftos(status));
132 if(substring(data, 0, 1) == "<")
134 LOG_INFO(prelude, "error: received HTML instead of a ban list");
138 if(strstrofs(data, "\r", 0) != -1)
140 LOG_INFO(prelude, "error: received carriage returns");
147 n = tokenizebyseparator(data, "\n");
151 LOG_INFO(prelude, "error: received invalid item count: ", ftos(n));
155 LOG_INFO(prelude, "OK, ", ftos(n / 4), " items");
157 for(i = 0; i < n; i += 4)
160 timeleft = stof(argv(i + 1));
161 reason = argv(i + 2);
162 serverip = argv(i + 3);
164 LOG_TRACE("received ban list item ", ftos(i / 4), ": ip=", ip);
165 LOG_TRACE(" timeleft=", ftos(timeleft), " reason=", reason);
166 LOG_TRACE(" serverip=", serverip);
168 timeleft -= 1.5 * autocvar_g_ban_sync_timeout;
173 if(l != 44) // length 44 is a cryptographic ID
175 for(j = 0; j < l; ++j)
176 if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1)
178 LOG_INFO("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.");
183 if(autocvar_g_ban_sync_trusted_servers_verify)
184 if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1))
188 timeleft = min(syncinterval + (OnlineBanList_Timeout - time) + 5, timeleft);
189 // the ban will be prolonged on the next sync
190 // or expire 5 seconds after the next timeout
191 Ban_Insert(ip, timeleft, strcat("ban synced from ", serverip, " at ", uri), 0);
192 LOG_INFO("Ban list syncing: accepted ban of ", ip, " by ", serverip, " at ", uri, ": ", reason);
198 void OnlineBanList_Think(entity this)
204 if(autocvar_g_ban_sync_uri == "")
206 if(autocvar_g_ban_sync_interval == 0) // < 0 is okay, it means "sync on level start only"
208 argc = tokenize_console(autocvar_g_ban_sync_trusted_servers);
212 string s = argv(0); for(i = 1; i < argc; ++i) s = strcat(s, ";", argv(i));
213 strcpy(OnlineBanList_Servers, s);
215 uri = strcat( "action=list&hostname=", uri_escape(autocvar_hostname));
216 uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers));
218 OnlineBanList_Timeout = time + autocvar_g_ban_sync_timeout;
220 n = tokenize_console(autocvar_g_ban_sync_uri);
221 if(n >= MAX_IPBAN_URIS)
223 for(i = 0; i < n; ++i)
225 if(OnlineBanList_RequestWaiting[i])
227 OnlineBanList_RequestWaiting[i] = 1;
228 if(strstrofs(argv(i), "?", 0) >= 0)
229 uri_get(strcat(argv(i), "&", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
231 uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
234 if(autocvar_g_ban_sync_interval > 0)
235 this.nextthink = time + max(60, autocvar_g_ban_sync_interval * 60);
244 const float BAN_MAX = 256;
246 string ban_ip[BAN_MAX];
247 float ban_expire[BAN_MAX];
266 for(i = 0; i < ban_count; ++i)
268 if(time > ban_expire[i])
270 out = strcat(out, " ", ban_ip[i]);
271 out = strcat(out, " ", ftos(ban_expire[i] - time));
273 if(strlen(out) <= 1) // no real entries
274 cvar_set("g_banned_list", "");
276 cvar_set("g_banned_list", out);
279 float Ban_Delete(float i)
285 if(ban_expire[i] == 0)
287 if(ban_expire[i] > 0)
289 OnlineBanList_SendUnban(ban_ip[i]);
290 strunzone(ban_ip[i]);
301 for(i = 0; i < ban_count; ++i)
305 n = tokenize_console(autocvar_g_banned_list);
306 if(stof(argv(0)) == 1)
308 ban_count = (n - 1) / 2;
309 for(i = 0; i < ban_count; ++i)
311 ban_ip[i] = strzone(argv(2*i+1));
312 ban_expire[i] = time + stof(argv(2*i+2));
316 entity e = new(bansyncer);
317 setthink(e, OnlineBanList_Think);
318 e.nextthink = time + 1;
326 LOG_INFO("^2Listing all existing active bans:");
329 for(i = 0; i < ban_count; ++i)
331 if(time > ban_expire[i])
334 ++n; // total number of existing bans
336 msg = strcat("#", ftos(i), ": ");
337 msg = strcat(msg, ban_ip[i], " is still banned for ");
338 msg = strcat(msg, ftos(ban_expire[i] - time), " seconds");
343 LOG_INFO("^2Done listing all active (", ftos(n), ") bans.");
346 float Ban_GetClientIP(entity client)
348 // we can't use tokenizing here, as this is called during ban list parsing
349 float i1, i2, i3, i4;
352 if(client.crypto_idfp_signed)
353 ban_idfp = client.crypto_idfp;
355 ban_idfp = string_null;
357 s = client.netaddress;
359 i1 = strstrofs(s, ".", 0);
362 i2 = strstrofs(s, ".", i1 + 1);
365 i3 = strstrofs(s, ".", i2 + 1);
368 i4 = strstrofs(s, ".", i3 + 1);
370 s = substring(s, 0, i4);
372 ban_ip1 = substring(s, 0, i1); // 8
373 ban_ip2 = substring(s, 0, i2); // 16
374 ban_ip3 = substring(s, 0, i3); // 24
375 ban_ip4 = strcat1(s); // 32
379 i1 = strstrofs(s, ":", 0);
382 i1 = strstrofs(s, ":", i1 + 1);
385 i2 = strstrofs(s, ":", i1 + 1);
388 i3 = strstrofs(s, ":", i2 + 1);
392 ban_ip1 = strcat(substring(s, 0, i1), "::/32"); // 32
393 ban_ip2 = strcat(substring(s, 0, i2), "::/48"); // 48
394 ban_ip4 = strcat(substring(s, 0, i3), "::/64"); // 64
396 if(i3 - i2 > 3) // means there is more than 2 digits and a : in the range
397 ban_ip3 = strcat(substring(s, 0, i2), ":", substring(s, i2 + 1, i3 - i2 - 3), "00::/56");
399 ban_ip3 = strcat(substring(s, 0, i2), ":0::/56");
404 float Ban_IsClientBanned(entity client, float idx)
406 float i, b, e, ipbanned;
409 if(!Ban_GetClientIP(client))
422 for(i = b; i < e; ++i)
425 if(time > ban_expire[i])
428 if(ban_ip1 == s) ipbanned = true;
429 if(ban_ip2 == s) ipbanned = true;
430 if(ban_ip3 == s) ipbanned = true;
431 if(ban_ip4 == s) ipbanned = true;
432 if(ban_idfp == s) return true;
436 if(!autocvar_g_banned_list_idmode)
444 bool Ban_MaybeEnforceBan(entity client)
446 if (Ban_IsClientBanned(client, -1))
448 string s = sprintf("^1NOTE:^7 banned client %s just tried to enter\n", client.netaddress);
449 if(autocvar_g_ban_telluser)
450 sprint(client, "You are banned from this server.\n");
459 bool Ban_MaybeEnforceBanOnce(entity client)
461 if (client.ban_checked) return false;
462 client.ban_checked = true;
463 return Ban_MaybeEnforceBan(client);
466 string Ban_Enforce(float j, string reason)
470 // Enforce our new ban
472 FOREACH_CLIENTSLOT(IS_REAL_CLIENT(it),
474 if(Ban_IsClientBanned(it, j))
479 reason = strcat(reason, ": affects ");
481 reason = strcat(reason, ", ");
482 reason = strcat(reason, it.netname);
484 s = strcat(s, "^1NOTE:^7 banned client ", it.netaddress, "^7 has to go\n");
493 float Ban_Insert(string ip, float bantime, string reason, float dosync)
500 for(i = 0; i < ban_count; ++i)
504 if(time + bantime > ban_expire[i])
506 ban_expire[i] = time + bantime;
507 LOG_TRACE(ip, "'s ban has been prolonged to ", ftos(bantime), " seconds from now");
510 LOG_TRACE(ip, "'s ban is still active until ", ftos(ban_expire[i] - time), " seconds from now");
513 reason = Ban_Enforce(i, reason);
518 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
519 OnlineBanList_SendBan(ip, bantime, reason);
524 // do we have a free slot?
525 for(i = 0; i < ban_count; ++i)
526 if(time > ban_expire[i])
528 // no free slot? Then look for the one who would get unbanned next
532 bestscore = ban_expire[i];
533 for(j = 1; j < ban_count; ++j)
535 if(ban_expire[j] < bestscore)
538 bestscore = ban_expire[i];
542 // if we replace someone, will we be banned longer than him (so long-term
543 // bans never get overridden by short-term bans)
545 if(ban_expire[i] > time + bantime)
547 LOG_INFO(ip, " could not get banned due to no free ban slot");
550 // okay, insert our new victim as i
552 LOG_TRACE(ip, " has been banned for ", ftos(bantime), " seconds");
553 ban_expire[i] = time + bantime;
554 ban_ip[i] = strzone(ip);
555 ban_count = max(ban_count, i + 1);
559 reason = Ban_Enforce(i, reason);
564 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
565 OnlineBanList_SendBan(ip, bantime, reason);
570 void Ban_KickBanClient(entity client, float bantime, float masksize, string reason)
573 if(!Ban_GetClientIP(client))
575 sprint(client, strcat("Kickbanned: ", reason, "\n"));
584 ip = strcat1(ban_ip1);
587 ip = strcat1(ban_ip2);
590 ip = strcat1(ban_ip3);
594 ip = strcat1(ban_ip4);
598 id = strcat1(ban_idfp);
602 Ban_Insert(ip, bantime, reason, 1);
604 Ban_Insert(id, bantime, reason, 1);
606 * not needed, as we enforce the ban in Ban_Insert anyway
608 sprint(client, strcat("Kickbanned: ", reason, "\n"));
projects / xonotic / xonotic-data.pk3dir.git / blob