X-Git-Url: https://de.git.xonotic.org/?p=xonotic%2Fxonotic-data.pk3dir.git;a=blobdiff_plain;f=qcsrc%2Fserver%2Fipban.qc;h=66e5a97e5e817670566c84846573debf29d6dbbe;hp=ad09772a5354548b64bbc12e656622cf1076f83a;hb=2a9df1dc726597e8943be9ef956620c36693d219;hpb=420ea402654a79595838c48eddea825dac892016 diff --git a/qcsrc/server/ipban.qc b/qcsrc/server/ipban.qc index ad09772a5..66e5a97e5 100644 --- a/qcsrc/server/ipban.qc +++ b/qcsrc/server/ipban.qc @@ -26,12 +26,12 @@ void OnlineBanList_SendBan(string ip, float bantime, string reason) string uri; float i, n; - uri = strcat( "action=ban&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=ban&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&ip=", uri_escape(ip)); uri = strcat(uri, "&duration=", ftos(bantime)); uri = strcat(uri, "&reason=", uri_escape(reason)); - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -48,10 +48,10 @@ void OnlineBanList_SendUnban(string ip) string uri; float i, n; - uri = strcat( "action=unban&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=unban&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&ip=", uri_escape(ip)); - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -85,7 +85,7 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) return; } - tokenize_console(cvar_string("g_ban_sync_uri")); + tokenize_console(autocvar_g_ban_sync_uri); uri = argv(id); print("Received ban list from ", uri, ": "); @@ -104,7 +104,7 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) return; } - syncinterval = cvar("g_ban_sync_interval"); + syncinterval = autocvar_g_ban_sync_interval; if(syncinterval == 0) { print("rejected (syncing disabled)\n"); @@ -155,19 +155,22 @@ void OnlineBanList_URI_Get_Callback(float id, float status, string data) dprint(" timeleft=", ftos(timeleft), " reason=", reason); dprint(" serverip=", serverip, "\n"); - timeleft -= 1.5 * cvar("g_ban_sync_timeout"); + timeleft -= 1.5 * autocvar_g_ban_sync_timeout; if(timeleft < 0) continue; l = strlen(ip); - for(j = 0; j < l; ++j) - if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1) - { - print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n"); - goto skip; - } + if(l != 44) // length 44 is a cryptographic ID + { + for(j = 0; j < l; ++j) + if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1) + { + print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n"); + goto skip; + } + } - if(cvar("g_ban_sync_trusted_servers_verify")) + if(autocvar_g_ban_sync_trusted_servers_verify) if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1)) continue; @@ -189,11 +192,11 @@ void OnlineBanList_Think() string uri; float i, n; - if(cvar_string("g_ban_sync_uri") == "") + if(autocvar_g_ban_sync_uri == "") goto killme; - if(cvar("g_ban_sync_interval") == 0) // < 0 is okay, it means "sync on level start only" + if(autocvar_g_ban_sync_interval == 0) // < 0 is okay, it means "sync on level start only" goto killme; - argc = tokenize_console(cvar_string("g_ban_sync_trusted_servers")); + argc = tokenize_console(autocvar_g_ban_sync_trusted_servers); if(argc == 0) goto killme; @@ -204,12 +207,12 @@ void OnlineBanList_Think() OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i)); OnlineBanList_Servers = strzone(OnlineBanList_Servers); - uri = strcat( "action=list&hostname=", uri_escape(cvar_string("hostname"))); + uri = strcat( "action=list&hostname=", uri_escape(autocvar_hostname)); uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers)); - OnlineBanList_Timeout = time + cvar("g_ban_sync_timeout"); + OnlineBanList_Timeout = time + autocvar_g_ban_sync_timeout; - n = tokenize_console(cvar_string("g_ban_sync_uri")); + n = tokenize_console(autocvar_g_ban_sync_uri); if(n >= MAX_IPBAN_URIS) n = MAX_IPBAN_URIS; for(i = 0; i < n; ++i) @@ -223,8 +226,8 @@ void OnlineBanList_Think() uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target } - if(cvar("g_ban_sync_interval") > 0) - self.nextthink = time + max(60, cvar("g_ban_sync_interval") * 60); + if(autocvar_g_ban_sync_interval > 0) + self.nextthink = time + max(60, autocvar_g_ban_sync_interval * 60); else goto killme; return; @@ -243,9 +246,7 @@ string ban_ip1; string ban_ip2; string ban_ip3; string ban_ip4; -#ifdef UID -string ban_uid; -#endif +string ban_idfp; void Ban_SaveBans() { @@ -296,7 +297,7 @@ void Ban_LoadBans() Ban_Delete(i); ban_count = 0; ban_loaded = TRUE; - n = tokenize_console(cvar_string("g_banned_list")); + n = tokenize_console(autocvar_g_banned_list); if(stof(argv(0)) == 1) { ban_count = (n - 1) / 2; @@ -335,43 +336,61 @@ float Ban_GetClientIP(entity client) float i1, i2, i3, i4; string s; + if(client.crypto_keyfp) + ban_idfp = client.crypto_idfp; + else + ban_idfp = string_null; + s = client.netaddress; i1 = strstrofs(s, ".", 0); if(i1 < 0) - i1 = strstrofs(s, ":", 0); - if(i1 < 0) - return FALSE; + goto ipv6; i2 = strstrofs(s, ".", i1 + 1); - if(i2 < 0) - i2 = strstrofs(s, ":", i1 + 1); if(i2 < 0) return FALSE; i3 = strstrofs(s, ".", i2 + 1); - if(i3 < 0) - i3 = strstrofs(s, ":", i2 + 1); if(i3 < 0) return FALSE; i4 = strstrofs(s, ".", i3 + 1); - if(i4 < 0) - i4 = strstrofs(s, ":", i3 + 1); if(i4 >= 0) s = substring(s, 0, i4); - ban_ip1 = substring(s, 0, i1); - ban_ip2 = substring(s, 0, i2); - ban_ip3 = substring(s, 0, i3); - ban_ip4 = strcat1(s); -#ifdef UID - ban_uid = client.uid; -#endif + ban_ip1 = substring(s, 0, i1); // 8 + ban_ip2 = substring(s, 0, i2); // 16 + ban_ip3 = substring(s, 0, i3); // 24 + ban_ip4 = strcat1(s); // 32 + return TRUE; + +:ipv6 + i1 = strstrofs(s, ":", 0); + if(i1 < 0) + return FALSE; + i1 = strstrofs(s, ":", i1 + 1); + if(i1 < 0) + return FALSE; + i2 = strstrofs(s, ":", i1 + 1); + if(i2 < 0) + return FALSE; + i3 = strstrofs(s, ":", i2 + 1); + if(i3 < 0) + return FALSE; + + ban_ip1 = strcat(substring(s, 0, i1), "::/32"); // 32 + ban_ip2 = strcat(substring(s, 0, i2), "::/48"); // 48 + ban_ip4 = strcat(substring(s, 0, i3), "::/64"); // 64 + + if(i3 - i2 > 3) // means there is more than 2 digits and a : in the range + ban_ip3 = strcat(substring(s, 0, i2), ":", substring(s, i2 + 1, i3 - i2 - 3), "00::/56"); + else + ban_ip3 = strcat(substring(s, 0, i2), ":0::/56"); return TRUE; } float Ban_IsClientBanned(entity client, float idx) { - float i, b, e; + float i, b, e, ipbanned; if(!ban_loaded) Ban_LoadBans(); if(!Ban_GetClientIP(client)) @@ -386,20 +405,22 @@ float Ban_IsClientBanned(entity client, float idx) b = idx; e = idx + 1; } + ipbanned = FALSE; for(i = b; i < e; ++i) { string s; if(time > ban_expire[i]) continue; s = ban_ip[i]; - if(ban_ip1 == s) return TRUE; - if(ban_ip2 == s) return TRUE; - if(ban_ip3 == s) return TRUE; - if(ban_ip4 == s) return TRUE; -#ifdef UID - if(ban_uid == s) return TRUE; -#endif + if(ban_ip1 == s) ipbanned = TRUE; + if(ban_ip2 == s) ipbanned = TRUE; + if(ban_ip3 == s) ipbanned = TRUE; + if(ban_ip4 == s) ipbanned = TRUE; + if(ban_idfp == s) return TRUE; } + if(ipbanned) + if(!autocvar_g_banned_list_idmode || !ban_idfp) + return TRUE; return FALSE; } @@ -543,12 +564,9 @@ void Ban_KickBanClient(entity client, float bantime, float masksize, string reas default: Ban_Insert(ban_ip4, bantime, reason, 1); break; -#ifdef UID - case 0: - Ban_Insert(ban_uid, bantime, reason, 1); - break; -#endif } + if(ban_idfp) + Ban_Insert(ban_idfp, bantime, reason, 1); /* * not needed, as we enforce the ban in Ban_Insert anyway // and kick him @@ -589,8 +607,8 @@ float GameCommand_Ban(string command) client = edict_num(entno); INITARG(3); - GETARG(bantime, cvar("g_ban_default_bantime")); - GETARG(masksize, cvar("g_ban_default_masksize")); + GETARG(bantime, autocvar_g_ban_default_bantime); + GETARG(masksize, autocvar_g_ban_default_masksize); RESTARG(reason); Ban_KickBanClient(client, bantime, masksize, reason); @@ -605,7 +623,7 @@ float GameCommand_Ban(string command) ip = argv(1); INITARG(2); - GETARG(bantime, cvar("g_ban_default_bantime")); + GETARG(bantime, autocvar_g_ban_default_bantime); RESTARG(reason); Ban_Insert(ip, bantime, reason, 1);