User ID support (compile with -DUID)
[divverent/nexuiz.git] / data / qcsrc / server / ipban.qc
1 /*
2  * Protocol of online ban list:
3  *
4  * - Reporting a ban:
5  *     GET g_ban_sync_uri?action=ban&hostname=...&ip=xxx.xxx.xxx&duration=nnnn&reason=...................
6  *     (IP 1, 2, 3, or 4 octets, 3 octets for example is a /24 mask)
7  * - Removing a ban:
8  *     GET g_ban_sync_uri?action=unban&hostname=...&ip=xxx.xxx.xxx
9  * - Querying the ban list
10  *     GET g_ban_sync_uri?action=list&hostname=...&servers=xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;...
11  *     
12  *     shows the bans from the listed servers, and possibly others.
13  *     Format of a ban is ASCII plain text, four lines per ban, delimited by
14  *     newline ONLY (no carriage return):
15  *
16  *     IP address (also 1, 2, 3, or 4 octets, delimited by dot)
17  *     time left in seconds
18  *     reason of the ban
19  *     server IP that registered the ban
20  */
21
22 float Ban_Insert(string ip, float bantime, string reason, float dosync);
23
24 void OnlineBanList_SendBan(string ip, float bantime, string reason)
25 {
26         string uri;
27         float i, n;
28
29         uri = strcat(     "action=ban&hostname=", uri_escape(cvar_string("hostname")));
30         uri = strcat(uri, "&ip=", uri_escape(ip));
31         uri = strcat(uri, "&duration=", ftos(bantime));
32         uri = strcat(uri, "&reason=", uri_escape(reason));
33
34         n = tokenize_console(cvar_string("g_ban_sync_uri"));
35         if(n >= MAX_IPBAN_URIS)
36                 n = MAX_IPBAN_URIS;
37         for(i = 0; i < n; ++i)
38         {
39                 if(strstrofs(argv(i), "?", 0) >= 0)
40                         uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
41                 else
42                         uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
43         }
44 }
45
46 void OnlineBanList_SendUnban(string ip)
47 {
48         string uri;
49         float i, n;
50
51         uri = strcat(     "action=unban&hostname=", uri_escape(cvar_string("hostname")));
52         uri = strcat(uri, "&ip=", uri_escape(ip));
53
54         n = tokenize_console(cvar_string("g_ban_sync_uri"));
55         if(n >= MAX_IPBAN_URIS)
56                 n = MAX_IPBAN_URIS;
57         for(i = 0; i < n; ++i)
58         {
59                 if(strstrofs(argv(i), "?", 0) >= 0)
60                         uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
61                 else
62                         uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
63         }
64 }
65
66 string OnlineBanList_Servers;
67 float OnlineBanList_Timeout;
68 float OnlineBanList_RequestWaiting[MAX_IPBAN_URIS];
69
70 void OnlineBanList_URI_Get_Callback(float id, float status, string data)
71 {
72         float n, i, j, l;
73         string ip;
74         float timeleft;
75         string reason;
76         string serverip;
77         float syncinterval;
78         string uri;
79
80         id -= URI_GET_IPBAN;
81
82         if(id >= MAX_IPBAN_URIS)
83         {
84                 print("Received ban list for invalid ID\n");
85                 return;
86         }
87
88         tokenize_console(cvar_string("g_ban_sync_uri"));
89         uri = argv(id);
90
91         print("Received ban list from ", uri, ": ");
92
93         if(OnlineBanList_RequestWaiting[id] == 0)
94         {
95                 print("rejected (unexpected)\n");
96                 return;
97         }
98
99         OnlineBanList_RequestWaiting[id] = 0;
100
101         if(time > OnlineBanList_Timeout)
102         {
103                 print("rejected (too late)\n");
104                 return;
105         }
106
107         syncinterval = cvar("g_ban_sync_interval");
108         if(syncinterval == 0)
109         {
110                 print("rejected (syncing disabled)\n");
111                 return;
112         }
113         if(syncinterval > 0)
114                 syncinterval *= 60;
115         
116         if(status != 0)
117         {
118                 print("error: status is ", ftos(status), "\n");
119                 return;
120         }
121
122         if(substring(data, 0, 1) == "<")
123         {
124                 print("error: received HTML instead of a ban list\n");
125                 return;
126         }
127
128         if(strstrofs(data, "\r", 0) != -1)
129         {
130                 print("error: received carriage returns\n");
131                 return;
132         }
133
134         if(data == "")
135                 n = 0;
136         else
137                 n = tokenizebyseparator(data, "\n");
138
139         if(mod(n, 4) != 0)
140         {
141                 print("error: received invalid item count: ", ftos(n), "\n");
142                 return;
143         }
144
145         print("OK, ", ftos(n / 4), " items\n");
146
147         for(i = 0; i < n; i += 4)
148         {
149                 ip = argv(i);
150                 timeleft = stof(argv(i + 1));
151                 reason = argv(i + 2);
152                 serverip = argv(i + 3);
153
154                 dprint("received ban list item ", ftos(i / 4), ": ip=", ip);
155                 dprint(" timeleft=", ftos(timeleft), " reason=", reason);
156                 dprint(" serverip=", serverip, "\n");
157
158                 timeleft -= 1.5 * cvar("g_ban_sync_timeout");
159                 if(timeleft < 0)
160                         continue;
161
162                 l = strlen(ip);
163                 for(j = 0; j < l; ++j)
164                         if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1)
165                         {
166                                 print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n");
167                                 goto skip;
168                         }
169
170                 if(cvar("g_ban_sync_trusted_servers_verify"))
171                         if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1))
172                                 continue;
173
174                 if(syncinterval > 0)
175                         timeleft = min(syncinterval + (OnlineBanList_Timeout - time) + 5, timeleft);
176                         // the ban will be prolonged on the next sync
177                         // or expire 5 seconds after the next timeout
178                 Ban_Insert(ip, timeleft, strcat("ban synced from ", serverip, " at ", uri), 0);
179                 print("Ban list syncing: accepted ban of ", ip, " by ", serverip, " at ", uri, ": ");
180                 print(reason, "\n");
181
182 :skip
183         }
184 }
185
186 void OnlineBanList_Think()
187 {
188         float argc;
189         string uri;
190         float i, n;
191         
192         if(cvar_string("g_ban_sync_uri") == "")
193                 goto killme;
194         if(cvar("g_ban_sync_interval") == 0) // < 0 is okay, it means "sync on level start only"
195                 goto killme;
196         argc = tokenize_console(cvar_string("g_ban_sync_trusted_servers"));
197         if(argc == 0)
198                 goto killme;
199
200         if(OnlineBanList_Servers)
201                 strunzone(OnlineBanList_Servers);
202         OnlineBanList_Servers = argv(0);
203         for(i = 1; i < argc; ++i)
204                 OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i));
205         OnlineBanList_Servers = strzone(OnlineBanList_Servers);
206         
207         uri = strcat(     "action=list&hostname=", uri_escape(cvar_string("hostname")));
208         uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers));
209
210         OnlineBanList_Timeout = time + cvar("g_ban_sync_timeout");
211
212         n = tokenize_console(cvar_string("g_ban_sync_uri"));
213         if(n >= MAX_IPBAN_URIS)
214                 n = MAX_IPBAN_URIS;
215         for(i = 0; i < n; ++i)
216         {
217                 if(OnlineBanList_RequestWaiting[i])
218                         continue;
219                 OnlineBanList_RequestWaiting[i] = 1;
220                 if(strstrofs(argv(i), "?", 0) >= 0)
221                         uri_get(strcat(argv(i), "&", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
222                 else
223                         uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
224         }
225         
226         if(cvar("g_ban_sync_interval") > 0)
227                 self.nextthink = time + max(60, cvar("g_ban_sync_interval") * 60);
228         else
229                 goto killme;
230         return;
231
232 :killme
233         remove(self);
234 }
235
236 #define BAN_MAX 256
237 float ban_loaded;
238 string ban_ip[BAN_MAX];
239 float ban_expire[BAN_MAX];
240 float ban_count;
241
242 string ban_ip1;
243 string ban_ip2;
244 string ban_ip3;
245 string ban_ip4;
246 #ifdef UID
247 string ban_uid;
248 #endif
249
250 void Ban_SaveBans()
251 {
252         string out;
253         float i;
254
255         if(!ban_loaded)
256                 return;
257
258         // version of list
259         out = "1";
260         for(i = 0; i < ban_count; ++i)
261         {
262                 if(time > ban_expire[i])
263                         continue;
264                 out = strcat(out, " ", ban_ip[i]);
265                 out = strcat(out, " ", ftos(ban_expire[i] - time));
266         }
267         if(strlen(out) <= 1) // no real entries
268                 cvar_set("g_banned_list", "");
269         else
270                 cvar_set("g_banned_list", out);
271 }
272
273 float Ban_Delete(float i)
274 {
275         if(i < 0)
276                 return FALSE;
277         if(i >= ban_count)
278                 return FALSE;
279         if(ban_expire[i] == 0)
280                 return FALSE;
281         if(ban_expire[i] > 0)
282         {
283                 OnlineBanList_SendUnban(ban_ip[i]);
284                 strunzone(ban_ip[i]);
285         }
286         ban_expire[i] = 0;
287         ban_ip[i] = "";
288         Ban_SaveBans();
289         return TRUE;
290 }
291
292 void Ban_LoadBans()
293 {
294         float i, n;
295         for(i = 0; i < ban_count; ++i)
296                 Ban_Delete(i);
297         ban_count = 0;
298         ban_loaded = TRUE;
299         n = tokenize_console(cvar_string("g_banned_list"));
300         if(stof(argv(0)) == 1)
301         {
302                 ban_count = (n - 1) / 2;
303                 for(i = 0; i < ban_count; ++i)
304                 {
305                         ban_ip[i] = strzone(argv(2*i+1));
306                         ban_expire[i] = time + stof(argv(2*i+2));
307                 }
308         }
309
310         entity e;
311         e = spawn();
312         e.classname = "bansyncer";
313         e.think = OnlineBanList_Think;
314         e.nextthink = time + 1;
315 }
316
317 void Ban_View()
318 {
319         float i;
320         string msg;
321         for(i = 0; i < ban_count; ++i)
322         {
323                 if(time > ban_expire[i])
324                         continue;
325                 msg = strcat("#", ftos(i), ": ");
326                 msg = strcat(msg, ban_ip[i], " is still banned for ");
327                 msg = strcat(msg, ftos(ban_expire[i] - time), " seconds");
328                 print(msg, "\n");
329         }
330 }
331
332 float Ban_GetClientIP(entity client)
333 {
334         // we can't use tokenizing here, as this is called during ban list parsing
335         float i1, i2, i3, i4;
336         string s;
337
338         s = client.netaddress;
339         
340         i1 = strstrofs(s, ".", 0);
341         if(i1 < 0)
342                 return FALSE;
343         i2 = strstrofs(s, ".", i1 + 1);
344         if(i2 < 0)
345                 return FALSE;
346         i3 = strstrofs(s, ".", i2 + 1);
347         if(i3 < 0)
348                 return FALSE;
349         i4 = strstrofs(s, ".", i3 + 1);
350         if(i4 >= 0)
351                 return FALSE;
352         
353         ban_ip1 = substring(s, 0, i1);
354         ban_ip2 = substring(s, 0, i2);
355         ban_ip3 = substring(s, 0, i3);
356         ban_ip4 = strcat1(s);
357 #ifdef UID
358         ban_uid = client.uid;
359 #endif
360
361         return TRUE;
362 }
363
364 float Ban_IsClientBanned(entity client, float idx)
365 {
366         float i, b, e;
367         if(!ban_loaded)
368                 Ban_LoadBans();
369         if(!Ban_GetClientIP(client))
370                 return FALSE;
371         if(idx < 0)
372         {
373                 b = 0;
374                 e = ban_count;
375         }
376         else
377         {
378                 b = idx;
379                 e = idx + 1;
380         }
381         for(i = b; i < e; ++i)
382         {
383                 string s;
384                 if(time > ban_expire[i])
385                         continue;
386                 s = ban_ip[i];
387                 if(ban_ip1 == s) return TRUE;
388                 if(ban_ip2 == s) return TRUE;
389                 if(ban_ip3 == s) return TRUE;
390                 if(ban_ip4 == s) return TRUE;
391 #ifdef UID
392                 if(ban_uid == s) return TRUE;
393 #endif
394         }
395         return FALSE;
396 }
397
398 float Ban_MaybeEnforceBan(entity client)
399 {
400         if(Ban_IsClientBanned(client, -1))
401         {
402                 string s;
403                 s = strcat("^1NOTE:^7 banned client ", client.netaddress, " just tried to enter\n");
404                 dropclient(client);
405                 bprint(s);
406                 return TRUE;
407         }
408         return FALSE;
409 }
410
411 string Ban_Enforce(float i, string reason)
412 {
413         string s;
414         entity e;
415
416         // Enforce our new ban
417         s = "";
418         FOR_EACH_REALCLIENT(e)
419                 if(Ban_IsClientBanned(e, i))
420                 {
421                         if(reason != "")
422                         {
423                                 if(s == "")
424                                         reason = strcat(reason, ": affects ");
425                                 else
426                                         reason = strcat(reason, ", ");
427                                 reason = strcat(reason, e.netname);
428                         }
429                         s = strcat(s, "^1NOTE:^7 banned client ", e.netname, "^7 has to go\n");
430                         dropclient(e);
431                 }
432         bprint(s);
433
434         return reason;
435 }
436
437 float Ban_Insert(string ip, float bantime, string reason, float dosync)
438 {
439         float i;
440         float j;
441         float bestscore;
442
443         // already banned?
444         for(i = 0; i < ban_count; ++i)
445                 if(ban_ip[i] == ip)
446                 {
447                         // prolong the ban
448                         if(time + bantime > ban_expire[i])
449                         {
450                                 ban_expire[i] = time + bantime;
451                                 dprint(ip, "'s ban has been prolonged to ", ftos(bantime), " seconds from now\n");
452                         }
453                         else
454                                 dprint(ip, "'s ban is still active until ", ftos(ban_expire[i] - time), " seconds from now\n");
455
456                         // and enforce
457                         reason = Ban_Enforce(i, reason);
458
459                         // and abort
460                         if(dosync)
461                                 if(reason != "")
462                                         if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
463                                                 OnlineBanList_SendBan(ip, bantime, reason);
464
465                         return FALSE;
466                 }
467
468         // do we have a free slot?
469         for(i = 0; i < ban_count; ++i)
470                 if(time > ban_expire[i])
471                         break;
472         // no free slot? Then look for the one who would get unbanned next
473         if(i >= BAN_MAX)
474         {
475                 i = 0;
476                 bestscore = ban_expire[i];
477                 for(j = 1; j < ban_count; ++j)
478                 {
479                         if(ban_expire[j] < bestscore)
480                         {
481                                 i = j;
482                                 bestscore = ban_expire[i];
483                         }
484                 }
485         }
486         // if we replace someone, will we be banned longer than him (so long-term
487         // bans never get overridden by short-term bans)
488         if(i < ban_count)
489         if(ban_expire[i] > time + bantime)
490         {
491                 print(ip, " could not get banned due to no free ban slot\n");
492                 return FALSE;
493         }
494         // okay, insert our new victim as i
495         Ban_Delete(i);
496         dprint(ip, " has been banned for ", ftos(bantime), " seconds\n");
497         ban_expire[i] = time + bantime;
498         ban_ip[i] = strzone(ip);
499         ban_count = max(ban_count, i + 1);
500
501         Ban_SaveBans();
502
503         reason = Ban_Enforce(i, reason);
504
505         // and abort
506         if(dosync)
507                 if(reason != "")
508                         if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
509                                 OnlineBanList_SendBan(ip, bantime, reason);
510
511         return TRUE;
512 }
513
514 void Ban_KickBanClient(entity client, float bantime, float masksize, string reason)
515 {
516         if(!Ban_GetClientIP(client))
517         {
518                 sprint(client, strcat("Kickbanned: ", reason, "\n"));
519                 dropclient(client);
520                 return;
521         }
522         // now ban him
523         switch(masksize)
524         {
525                 case 1:
526                         Ban_Insert(ban_ip1, bantime, reason, 1);
527                         break;
528                 case 2:
529                         Ban_Insert(ban_ip2, bantime, reason, 1);
530                         break;
531                 case 3:
532                         Ban_Insert(ban_ip3, bantime, reason, 1);
533                         break;
534                 case 4:
535                 default:
536                         Ban_Insert(ban_ip4, bantime, reason, 1);
537                         break;
538 #ifdef UID
539                 case 0:
540                         Ban_Insert(ban_uid, bantime, reason, 1);
541                         break;
542 #endif
543         }
544         /*
545          * not needed, as we enforce the ban in Ban_Insert anyway
546         // and kick him
547         sprint(client, strcat("Kickbanned: ", reason, "\n"));
548         dropclient(client);
549          */
550 }
551
552 float GameCommand_Ban(string command)
553 {
554         float argc;
555         float bantime;
556         entity client;
557         float entno;
558         float masksize;
559         string reason;
560         float reasonarg;
561
562         argc = tokenize_console(command);
563         if(argv(0) == "help")
564         {
565                 print("  kickban # n m p reason - kickban player n for m seconds, using mask size p (1 to 4)\n");
566                 print("  ban ip m reason - ban an IP or range (incomplete IP, like 1.2.3) for m seconds\n");
567                 print("  bans - list all existing bans\n");
568                 print("  unban n - delete the entry #n from the bans list\n");
569                 return TRUE;
570         }
571         if(argv(0) == "kickban")
572         {
573 #define INITARG(c) reasonarg = c
574 #define GETARG(v,d) if((argc > reasonarg) && ((v = stof(argv(reasonarg))) != 0)) ++reasonarg; else v = d
575 #define RESTARG(v) if(argc > reasonarg) v = substring(command, argv_start_index(reasonarg), strlen(command) - argv_start_index(reasonarg)); else v = ""
576                 if(argc >= 3)
577                 {
578                         entno = stof(argv(2));
579                         if(entno > maxclients || entno < 1)
580                                 return TRUE;
581                         client = edict_num(entno);
582
583                         INITARG(3);
584                         GETARG(bantime, cvar("g_ban_default_bantime"));
585                         GETARG(masksize, cvar("g_ban_default_masksize"));
586                         RESTARG(reason);
587
588                         Ban_KickBanClient(client, bantime, masksize, reason);
589                         return TRUE;
590                 }
591         }
592         else if(argv(0) == "ban")
593         {
594                 if(argc >= 2)
595                 {
596                         string ip;
597                         ip = argv(1);
598
599                         INITARG(2);
600                         GETARG(bantime, cvar("g_ban_default_bantime"));
601                         RESTARG(reason);
602
603                         Ban_Insert(ip, bantime, reason, 1);
604                         return TRUE;
605                 }
606 #undef INITARG
607 #undef GETARG
608 #undef RESTARG
609         }
610         else if(argv(0) == "bans")
611         {
612                 Ban_View();
613                 return TRUE;
614         }
615         else if(argv(0) == "unban")
616         {
617                 if(argc >= 2)
618                 {
619                         float who;
620                         who = stof(argv(1));
621                         Ban_Delete(who);
622                         return TRUE;
623                 }
624         }
625         return FALSE;
626 }