data/qcsrc/server/ipban.qc

   1 /*
   2  * Protocol of online ban list:
   3  *
   4  * - Reporting a ban:
   5  *     GET g_ban_sync_uri?action=ban&hostname=...&ip=xxx.xxx.xxx&duration=nnnn&reason=...................
   6  *     (IP 1, 2, 3, or 4 octets, 3 octets for example is a /24 mask)
   7  * - Removing a ban:
   8  *     GET g_ban_sync_uri?action=unban&hostname=...&ip=xxx.xxx.xxx
   9  * - Querying the ban list
  10  *     GET g_ban_sync_uri?action=list&hostname=...&servers=xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;...
  11  *
  12  *     shows the bans from the listed servers, and possibly others.
  13  *     Format of a ban is ASCII plain text, four lines per ban, delimited by
  14  *     newline ONLY (no carriage return):
  15  *
  16  *     IP address (also 1, 2, 3, or 4 octets, delimited by dot)
  17  *     time left in seconds
  18  *     reason of the ban
  19  *     server IP that registered the ban
  20  */
  21
  22 float Ban_Insert(string ip, float bantime, string reason, float dosync);
  23
  24 void OnlineBanList_SendBan(string ip, float bantime, string reason)
  25 {
  26         string uri;
  27         float i, n;
  28
  29         uri = strcat(     "action=ban&hostname=", uri_escape(cvar_string("hostname")));
  30         uri = strcat(uri, "&ip=", uri_escape(ip));
  31         uri = strcat(uri, "&duration=", ftos(bantime));
  32         uri = strcat(uri, "&reason=", uri_escape(reason));
  33
  34         n = tokenize_console(cvar_string("g_ban_sync_uri"));
  35         if(n >= MAX_IPBAN_URIS)
  36                 n = MAX_IPBAN_URIS;
  37         for(i = 0; i < n; ++i)
  38         {
  39                 if(strstrofs(argv(i), "?", 0) >= 0)
  40                         uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
  41                 else
  42                         uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
  43         }
  44 }
  45
  46 void OnlineBanList_SendUnban(string ip)
  47 {
  48         string uri;
  49         float i, n;
  50
  51         uri = strcat(     "action=unban&hostname=", uri_escape(cvar_string("hostname")));
  52         uri = strcat(uri, "&ip=", uri_escape(ip));
  53
  54         n = tokenize_console(cvar_string("g_ban_sync_uri"));
  55         if(n >= MAX_IPBAN_URIS)
  56                 n = MAX_IPBAN_URIS;
  57         for(i = 0; i < n; ++i)
  58         {
  59                 if(strstrofs(argv(i), "?", 0) >= 0)
  60                         uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
  61                 else
  62                         uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
  63         }
  64 }
  65
  66 string OnlineBanList_Servers;
  67 float OnlineBanList_Timeout;
  68 float OnlineBanList_RequestWaiting[MAX_IPBAN_URIS];
  69
  70 void OnlineBanList_URI_Get_Callback(float id, float status, string data)
  71 {
  72         float n, i, j, l;
  73         string ip;
  74         float timeleft;
  75         string reason;
  76         string serverip;
  77         float syncinterval;
  78         string uri;
  79
  80         id -= URI_GET_IPBAN;
  81
  82         if(id >= MAX_IPBAN_URIS)
  83         {
  84                 print("Received ban list for invalid ID\n");
  85                 return;
  86         }
  87
  88         tokenize_console(cvar_string("g_ban_sync_uri"));
  89         uri = argv(id);
  90
  91         print("Received ban list from ", uri, ": ");
  92
  93         if(OnlineBanList_RequestWaiting[id] == 0)
  94         {
  95                 print("rejected (unexpected)\n");
  96                 return;
  97         }
  98
  99         OnlineBanList_RequestWaiting[id] = 0;
 100
 101         if(time > OnlineBanList_Timeout)
 102         {
 103                 print("rejected (too late)\n");
 104                 return;
 105         }
 106
 107         syncinterval = cvar("g_ban_sync_interval");
 108         if(syncinterval == 0)
 109         {
 110                 print("rejected (syncing disabled)\n");
 111                 return;
 112         }
 113         if(syncinterval > 0)
 114                 syncinterval *= 60;
 115
 116         if(status != 0)
 117         {
 118                 print("error: status is ", ftos(status), "\n");
 119                 return;
 120         }
 121
 122         if(substring(data, 0, 1) == "<")
 123         {
 124                 print("error: received HTML instead of a ban list\n");
 125                 return;
 126         }
 127
 128         if(strstrofs(data, "\r", 0) != -1)
 129         {
 130                 print("error: received carriage returns\n");
 131                 return;
 132         }
 133
 134         if(data == "")
 135                 n = 0;
 136         else
 137                 n = tokenizebyseparator(data, "\n");
 138
 139         if(mod(n, 4) != 0)
 140         {
 141                 print("error: received invalid item count: ", ftos(n), "\n");
 142                 return;
 143         }
 144
 145         print("OK, ", ftos(n / 4), " items\n");
 146
 147         for(i = 0; i < n; i += 4)
 148         {
 149                 ip = argv(i);
 150                 timeleft = stof(argv(i + 1));
 151                 reason = argv(i + 2);
 152                 serverip = argv(i + 3);
 153
 154                 dprint("received ban list item ", ftos(i / 4), ": ip=", ip);
 155                 dprint(" timeleft=", ftos(timeleft), " reason=", reason);
 156                 dprint(" serverip=", serverip, "\n");
 157
 158                 timeleft -= 1.5 * cvar("g_ban_sync_timeout");
 159                 if(timeleft < 0)
 160                         continue;
 161
 162                 l = strlen(ip);
 163                 for(j = 0; j < l; ++j)
 164                         if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1)
 165                         {
 166                                 print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n");
 167                                 goto skip;
 168                         }
 169
 170                 if(cvar("g_ban_sync_trusted_servers_verify"))
 171                         if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1))
 172                                 continue;
 173
 174                 if(syncinterval > 0)
 175                         timeleft = min(syncinterval + (OnlineBanList_Timeout - time) + 5, timeleft);
 176                         // the ban will be prolonged on the next sync
 177                         // or expire 5 seconds after the next timeout
 178                 Ban_Insert(ip, timeleft, strcat("ban synced from ", serverip, " at ", uri), 0);
 179                 print("Ban list syncing: accepted ban of ", ip, " by ", serverip, " at ", uri, ": ");
 180                 print(reason, "\n");
 181
 182 :skip
 183         }
 184 }
 185
 186 void OnlineBanList_Think()
 187 {
 188         float argc;
 189         string uri;
 190         float i, n;
 191
 192         if(cvar_string("g_ban_sync_uri") == "")
 193                 goto killme;
 194         if(cvar("g_ban_sync_interval") == 0) // < 0 is okay, it means "sync on level start only"
 195                 goto killme;
 196         argc = tokenize_console(cvar_string("g_ban_sync_trusted_servers"));
 197         if(argc == 0)
 198                 goto killme;
 199
 200         if(OnlineBanList_Servers)
 201                 strunzone(OnlineBanList_Servers);
 202         OnlineBanList_Servers = argv(0);
 203         for(i = 1; i < argc; ++i)
 204                 OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i));
 205         OnlineBanList_Servers = strzone(OnlineBanList_Servers);
 206
 207         uri = strcat(     "action=list&hostname=", uri_escape(cvar_string("hostname")));
 208         uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers));
 209
 210         OnlineBanList_Timeout = time + cvar("g_ban_sync_timeout");
 211
 212         n = tokenize_console(cvar_string("g_ban_sync_uri"));
 213         if(n >= MAX_IPBAN_URIS)
 214                 n = MAX_IPBAN_URIS;
 215         for(i = 0; i < n; ++i)
 216         {
 217                 if(OnlineBanList_RequestWaiting[i])
 218                         continue;
 219                 OnlineBanList_RequestWaiting[i] = 1;
 220                 if(strstrofs(argv(i), "?", 0) >= 0)
 221                         uri_get(strcat(argv(i), "&", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
 222                 else
 223                         uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
 224         }
 225
 226         if(cvar("g_ban_sync_interval") > 0)
 227                 self.nextthink = time + max(60, cvar("g_ban_sync_interval") * 60);
 228         else
 229                 goto killme;
 230         return;
 231
 232 :killme
 233         remove(self);
 234 }
 235
 236 #define BAN_MAX 256
 237 float ban_loaded;
 238 string ban_ip[BAN_MAX];
 239 float ban_expire[BAN_MAX];
 240 float ban_count;
 241
 242 string ban_ip1;
 243 string ban_ip2;
 244 string ban_ip3;
 245 string ban_ip4;
 246
 247 void Ban_SaveBans()
 248 {
 249         string out;
 250         float i;
 251
 252         if(!ban_loaded)
 253                 return;
 254
 255         // version of list
 256         out = "1";
 257         for(i = 0; i < ban_count; ++i)
 258         {
 259                 if(time > ban_expire[i])
 260                         continue;
 261                 out = strcat(out, " ", ban_ip[i]);
 262                 out = strcat(out, " ", ftos(ban_expire[i] - time));
 263         }
 264         if(strlen(out) <= 1) // no real entries
 265                 cvar_set("g_banned_list", "");
 266         else
 267                 cvar_set("g_banned_list", out);
 268 }
 269
 270 float Ban_Delete(float i)
 271 {
 272         if(i < 0)
 273                 return FALSE;
 274         if(i >= ban_count)
 275                 return FALSE;
 276         if(ban_expire[i] == 0)
 277                 return FALSE;
 278         if(ban_expire[i] > 0)
 279         {
 280                 OnlineBanList_SendUnban(ban_ip[i]);
 281                 strunzone(ban_ip[i]);
 282         }
 283         ban_expire[i] = 0;
 284         ban_ip[i] = "";
 285         Ban_SaveBans();
 286         return TRUE;
 287 }
 288
 289 void Ban_LoadBans()
 290 {
 291         float i, n;
 292         for(i = 0; i < ban_count; ++i)
 293                 Ban_Delete(i);
 294         ban_count = 0;
 295         ban_loaded = TRUE;
 296         n = tokenize_console(cvar_string("g_banned_list"));
 297         if(stof(argv(0)) == 1)
 298         {
 299                 ban_count = (n - 1) / 2;
 300                 for(i = 0; i < ban_count; ++i)
 301                 {
 302                         ban_ip[i] = strzone(argv(2*i+1));
 303                         ban_expire[i] = time + stof(argv(2*i+2));
 304                 }
 305         }
 306
 307         entity e;
 308         e = spawn();
 309         e.classname = "bansyncer";
 310         e.think = OnlineBanList_Think;
 311         e.nextthink = time + 1;
 312 }
 313
 314 void Ban_View()
 315 {
 316         float i;
 317         string msg;
 318         for(i = 0; i < ban_count; ++i)
 319         {
 320                 if(time > ban_expire[i])
 321                         continue;
 322                 msg = strcat("#", ftos(i), ": ");
 323                 msg = strcat(msg, ban_ip[i], " is still banned for ");
 324                 msg = strcat(msg, ftos(ban_expire[i] - time), " seconds");
 325                 print(msg, "\n");
 326         }
 327 }
 328
 329 float Ban_GetClientIP(entity client)
 330 {
 331         // we can't use tokenizing here, as this is called during ban list parsing
 332         float i1, i2, i3, i4;
 333         string s;
 334
 335         s = client.netaddress;
 336
 337         i1 = strstrofs(s, ".", 0);
 338         if(i1 < 0)
 339                 return FALSE;
 340         i2 = strstrofs(s, ".", i1 + 1);
 341         if(i2 < 0)
 342                 return FALSE;
 343         i3 = strstrofs(s, ".", i2 + 1);
 344         if(i3 < 0)
 345                 return FALSE;
 346         i4 = strstrofs(s, ".", i3 + 1);
 347         if(i4 >= 0)
 348                 return FALSE;
 349
 350         ban_ip1 = substring(s, 0, i1);
 351         ban_ip2 = substring(s, 0, i2);
 352         ban_ip3 = substring(s, 0, i3);
 353         ban_ip4 = strcat1(s);
 354
 355         return TRUE;
 356 }
 357
 358 float Ban_IsClientBanned(entity client, float idx)
 359 {
 360         float i, b, e;
 361         if(!ban_loaded)
 362                 Ban_LoadBans();
 363         if(!Ban_GetClientIP(client))
 364                 return FALSE;
 365         if(idx < 0)
 366         {
 367                 b = 0;
 368                 e = ban_count;
 369         }
 370         else
 371         {
 372                 b = idx;
 373                 e = idx + 1;
 374         }
 375         for(i = b; i < e; ++i)
 376         {
 377                 string s;
 378                 if(time > ban_expire[i])
 379                         continue;
 380                 s = ban_ip[i];
 381                 if(ban_ip1 == s) return TRUE;
 382                 if(ban_ip2 == s) return TRUE;
 383                 if(ban_ip3 == s) return TRUE;
 384                 if(ban_ip4 == s) return TRUE;
 385         }
 386         return FALSE;
 387 }
 388
 389 float Ban_MaybeEnforceBan(entity client)
 390 {
 391         if(Ban_IsClientBanned(client, -1))
 392         {
 393                 string s;
 394                 s = strcat("^1NOTE:^7 banned client ", client.netaddress, " just tried to enter\n");
 395                 dropclient(client);
 396                 bprint(s);
 397                 return TRUE;
 398         }
 399         return FALSE;
 400 }
 401
 402 string Ban_Enforce(float i, string reason)
 403 {
 404         string s;
 405         entity e;
 406
 407         // Enforce our new ban
 408         s = "";
 409         FOR_EACH_REALCLIENT(e)
 410                 if(Ban_IsClientBanned(e, i))
 411                 {
 412                         if(reason != "")
 413                         {
 414                                 if(s == "")
 415                                         reason = strcat(reason, ": affects ");
 416                                 else
 417                                         reason = strcat(reason, ", ");
 418                                 reason = strcat(reason, e.netname);
 419                         }
 420                         s = strcat(s, "^1NOTE:^7 banned client ", e.netname, "^7 has to go\n");
 421                         dropclient(e);
 422                 }
 423         bprint(s);
 424
 425         return reason;
 426 }
 427
 428 float Ban_Insert(string ip, float bantime, string reason, float dosync)
 429 {
 430         float i;
 431         float j;
 432         float bestscore;
 433
 434         // already banned?
 435         for(i = 0; i < ban_count; ++i)
 436                 if(ban_ip[i] == ip)
 437                 {
 438                         // prolong the ban
 439                         if(time + bantime > ban_expire[i])
 440                         {
 441                                 ban_expire[i] = time + bantime;
 442                                 dprint(ip, "'s ban has been prolonged to ", ftos(bantime), " seconds from now\n");
 443                         }
 444                         else
 445                                 dprint(ip, "'s ban is still active until ", ftos(ban_expire[i] - time), " seconds from now\n");
 446
 447                         // and enforce
 448                         reason = Ban_Enforce(i, reason);
 449
 450                         // and abort
 451                         if(dosync)
 452                                 if(reason != "")
 453                                         if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
 454                                                 OnlineBanList_SendBan(ip, bantime, reason);
 455
 456                         return FALSE;
 457                 }
 458
 459         // do we have a free slot?
 460         for(i = 0; i < ban_count; ++i)
 461                 if(time > ban_expire[i])
 462                         break;
 463         // no free slot? Then look for the one who would get unbanned next
 464         if(i >= BAN_MAX)
 465         {
 466                 i = 0;
 467                 bestscore = ban_expire[i];
 468                 for(j = 1; j < ban_count; ++j)
 469                 {
 470                         if(ban_expire[j] < bestscore)
 471                         {
 472                                 i = j;
 473                                 bestscore = ban_expire[i];
 474                         }
 475                 }
 476         }
 477         // if we replace someone, will we be banned longer than him (so long-term
 478         // bans never get overridden by short-term bans)
 479         if(i < ban_count)
 480         if(ban_expire[i] > time + bantime)
 481         {
 482                 print(ip, " could not get banned due to no free ban slot\n");
 483                 return FALSE;
 484         }
 485         // okay, insert our new victim as i
 486         Ban_Delete(i);
 487         dprint(ip, " has been banned for ", ftos(bantime), " seconds\n");
 488         ban_expire[i] = time + bantime;
 489         ban_ip[i] = strzone(ip);
 490         ban_count = max(ban_count, i + 1);
 491
 492         Ban_SaveBans();
 493
 494         reason = Ban_Enforce(i, reason);
 495
 496         // and abort
 497         if(dosync)
 498                 if(reason != "")
 499                         if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
 500                                 OnlineBanList_SendBan(ip, bantime, reason);
 501
 502         return TRUE;
 503 }
 504
 505 void Ban_KickBanClient(entity client, float bantime, float masksize, string reason)
 506 {
 507         if(!Ban_GetClientIP(client))
 508         {
 509                 sprint(client, strcat("Kickbanned: ", reason, "\n"));
 510                 dropclient(client);
 511                 return;
 512         }
 513         // now ban him
 514         switch(masksize)
 515         {
 516                 case 1:
 517                         Ban_Insert(ban_ip1, bantime, reason, 1);
 518                         break;
 519                 case 2:
 520                         Ban_Insert(ban_ip2, bantime, reason, 1);
 521                         break;
 522                 case 3:
 523                         Ban_Insert(ban_ip3, bantime, reason, 1);
 524                         break;
 525                 default:
 526                         Ban_Insert(ban_ip4, bantime, reason, 1);
 527                         break;
 528         }
 529         /*
 530          * not needed, as we enforce the ban in Ban_Insert anyway
 531         // and kick him
 532         sprint(client, strcat("Kickbanned: ", reason, "\n"));
 533         dropclient(client);
 534          */
 535 }
 536
 537 float GameCommand_Ban(string command)
 538 {
 539         float argc;
 540         float bantime;
 541         entity client;
 542         float entno;
 543         float masksize;
 544         string reason;
 545         float reasonarg;
 546
 547         argc = tokenize_console(command);
 548         if(argv(0) == "help")
 549         {
 550                 print("  kickban # n m p reason - kickban player n for m seconds, using mask size p (1 to 4)\n");
 551                 print("  ban ip m reason - ban an IP or range (incomplete IP, like 1.2.3) for m seconds\n");
 552                 print("  bans - list all existing bans\n");
 553                 print("  unban n - delete the entry #n from the bans list\n");
 554                 return TRUE;
 555         }
 556         if(argv(0) == "kickban")
 557         {
 558 #define INITARG(c) reasonarg = c
 559 #define GETARG(v,d) if((argc > reasonarg) && ((v = stof(argv(reasonarg))) != 0)) ++reasonarg; else v = d
 560 #define RESTARG(v) if(argc > reasonarg) v = substring(command, argv_start_index(reasonarg), strlen(command) - argv_start_index(reasonarg)); else v = ""
 561                 if(argc >= 3)
 562                 {
 563                         entno = stof(argv(2));
 564                         if(entno > maxclients || entno < 1)
 565                                 return TRUE;
 566                         client = edict_num(entno);
 567
 568                         INITARG(3);
 569                         GETARG(bantime, cvar("g_ban_default_bantime"));
 570                         GETARG(masksize, cvar("g_ban_default_masksize"));
 571                         RESTARG(reason);
 572
 573                         Ban_KickBanClient(client, bantime, masksize, reason);
 574                         return TRUE;
 575                 }
 576         }
 577         else if(argv(0) == "ban")
 578         {
 579                 if(argc >= 2)
 580                 {
 581                         string ip;
 582                         ip = argv(1);
 583
 584                         INITARG(2);
 585                         GETARG(bantime, cvar("g_ban_default_bantime"));
 586                         RESTARG(reason);
 587
 588                         Ban_Insert(ip, bantime, reason, 1);
 589                         return TRUE;
 590                 }
 591 #undef INITARG
 592 #undef GETARG
 593 #undef RESTARG
 594         }
 595         else if(argv(0) == "bans")
 596         {
 597                 Ban_View();
 598                 return TRUE;
 599         }
 600         else if(argv(0) == "unban")
 601         {
 602                 if(argc >= 2)
 603                 {
 604                         float who;
 605                         who = stof(argv(1));
 606                         Ban_Delete(who);
 607                         return TRUE;
 608                 }
 609         }
 610         return FALSE;
 611 }