/* sv_main.c (description) Copyright (C) 1996-1997 Id Software, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to: Free Software Foundation, Inc. 59 Temple Place - Suite 330 Boston, MA 02111-1307, USA */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifdef HAVE_WINDOWS_H # include "winquake.h" #endif #ifdef HAVE_STRING_H # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # define INET6 # define model_t sun_model_t # include # undef model_t #endif #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_ARPA_INET_H # include #endif #ifdef HAVE_WINSOCK_H # include #endif #include #include #include #include "QF/cbuf.h" #include "QF/idparse.h" #include "QF/cmd.h" #include "QF/console.h" #include "QF/cvar.h" #include "QF/dstring.h" #include "QF/model.h" #include "QF/msg.h" #include "QF/qargs.h" #include "QF/quakefs.h" #include "QF/sys.h" #include "QF/va.h" #include "QF/ver_check.h" #include "QF/zone.h" #include "QF/plugin/console.h" #include "qw/bothdefs.h" #include "buildnum.h" #include "compat.h" #include "crudefile.h" #include "game.h" #include "netchan.h" #include "qw/pmove.h" #include "server.h" #include "sv_demo.h" #include "sv_progs.h" #include "sv_gib.h" #include "sv_qtv.h" #include "sv_recorder.h" SERVER_PLUGIN_PROTOS static plugin_list_t server_plugin_list[] = { SERVER_PLUGIN_LIST }; cbuf_t *sv_cbuf; cbuf_args_t *sv_args; client_t *host_client; // current client entity_state_t cl_entities[MAX_CLIENTS][UPDATE_BACKUP+1][MAX_PACKET_ENTITIES]; // client entities double sv_frametime; double realtime; // without any filtering or bounding int host_hunklevel; netadr_t master_adr[MAX_MASTERS]; // address of group servers quakeparms_t host_parms; qboolean host_initialized; // true if into command execution qboolean rcon_from_user; // DoS protection // FLOOD_PING, FLOOD_LOG, FLOOD_CONNECT, FLOOD_STATUS, FLOOD_RCON, FLOOD_BAN // FIXME: these default values need to be tweaked after more testing double netdosexpire[DOSFLOODCMDS] = { 1, 1, 2, 0.9, 1, 5 }; double netdosvalues[DOSFLOODCMDS] = { 12, 1, 3, 1, 1, 1 }; cvar_t *sv_mem_size; cvar_t *sv_console_plugin; cvar_t *sv_allow_status; cvar_t *sv_allow_log; cvar_t *sv_allow_ping; cvar_t *sv_extensions; // Use the extended protocols cvar_t *sv_mintic; // bound the size of the cvar_t *sv_maxtic; // physics time tic cvar_t *sv_netdosprotect; // tone down DoS from quake servers cvar_t *sv_timeout; // seconds without any message cvar_t *zombietime; // seconds to sink messages after // disconnect cvar_t *rcon_password; // password for remote server cvar_t *admin_password; // password for admin commands cvar_t *password; // password for entering the game cvar_t *spectator_password; // password for entering as a // spectator cvar_t *allow_download; cvar_t *allow_download_skins; cvar_t *allow_download_models; cvar_t *allow_download_sounds; cvar_t *allow_download_maps; cvar_t *allow_download_demos; cvar_t *sv_highchars; cvar_t *sv_phs; cvar_t *pausable; cvar_t *sv_minqfversion; // Minimum QF version allowed to // connect cvar_t *sv_maxrate; // Maximum allowable rate (silently // capped) cvar_t *sv_timestamps; cvar_t *sv_timefmt; // game rules mirrored in svs.info cvar_t *fraglimit; cvar_t *timelimit; cvar_t *teamplay; cvar_t *samelevel; cvar_t *maxclients; cvar_t *maxspectators; cvar_t *deathmatch; // 0, 1, or 2 cvar_t *coop; cvar_t *skill; cvar_t *spawn; cvar_t *watervis; cvar_t *hostname; QFile *sv_fraglogfile; cvar_t *pr_gc; cvar_t *pr_gc_interval; int pr_gc_count = 0; int sv_net_initialized; const char *client_info_filters[] = { // Info keys needed by client "name", "topcolor", "bottomcolor", "rate", "msg", "skin", "team", "noaim", "pmodel", "emodel", "spectator", "*spectator", "*ver", NULL }; /* Master_Shutdown Informs all masters that this server is going down */ static void Master_Shutdown (void) { char string[2048]; int i; snprintf (string, sizeof (string), "%c\n", S2M_SHUTDOWN); // send to group master for (i = 0; i < MAX_MASTERS; i++) if (master_adr[i].port) { SV_Printf ("Sending heartbeat to %s\n", NET_AdrToString (master_adr[i])); Netchan_SendPacket (strlen (string), string, master_adr[i]); } } /* SV_Shutdown Quake calls this before calling Sys_Quit or Sys_Error */ void SV_Shutdown (void) { Master_Shutdown (); if (sv_fraglogfile) { Qclose (sv_fraglogfile); sv_fraglogfile = NULL; } if (sv.recording_demo) SV_Stop (0); NET_Shutdown (); Con_Shutdown (); } /* SV_Error Sends a datagram to all the clients informing them of the server crash, then exits */ static void SV_Error (const char *error, va_list argptr) { static qboolean inerror = false; dstring_t *string; if (inerror) return; inerror = true; string = dstring_new (); dvsprintf (string, error, argptr); Sys_Printf ("%s\n", string->str); if (sv_net_initialized) { dstring_insertstr (string, 0, "server crashed: "); dstring_appendstr (string, "\n"); SV_FinalMessage (string->str); } dstring_delete (string); } /* SV_FinalMessage Used by SV_Error and SV_Quit_f to send a final message to all connected clients before the server goes down. The messages are sent immediately, not just stuck on the outgoing message list, because the server is going to totally exit after returning from this function. */ void SV_FinalMessage (const char *message) { client_t *cl; int i; SZ_Clear (net_message->message); MSG_WriteByte (net_message->message, svc_print); MSG_WriteByte (net_message->message, PRINT_HIGH); MSG_WriteString (net_message->message, message); MSG_WriteByte (net_message->message, svc_disconnect); for (i = 0, cl = svs.clients; i < MAX_CLIENTS; i++, cl++) if (cl->state >= cs_connected) Netchan_Transmit (&cl->netchan, net_message->message->cursize, net_message->message->data); SV_qtvFinalMessage (message); } /* SV_DropClient Called when the player is totally leaving the server, either willingly or unwillingly. This is NOT called if the entire server is quiting or crashing. */ void SV_DropClient (client_t *drop) { SV_SavePenaltyFilter (drop, ft_mute, drop->lockedtill); SV_SavePenaltyFilter (drop, ft_cuff, drop->cuff_time); // add the disconnect MSG_WriteByte (&drop->netchan.message, svc_disconnect); if (drop->state == cs_spawned) {//FIXME cs_server? if (!drop->spectator) { // call the prog function for removing a client // this will set the body to a dead frame, among other things *sv_globals.self = EDICT_TO_PROG (&sv_pr_state, drop->edict); PR_ExecuteProgram (&sv_pr_state, sv_funcs.ClientDisconnect); } else if (sv_funcs.SpectatorDisconnect) { // call the prog function for removing a client // this will set the body to a dead frame, among other things *sv_globals.self = EDICT_TO_PROG (&sv_pr_state, drop->edict); PR_ExecuteProgram (&sv_pr_state, sv_funcs.SpectatorDisconnect); } } if (drop->spectator) SV_Printf ("Spectator %s removed\n", drop->name); else SV_Printf ("Client %s removed\n", drop->name); if (drop->download) { Qclose (drop->download); drop->download = NULL; } if (drop->upload) { Qclose (drop->upload); drop->upload = NULL; } if (drop->uploadfn) dstring_delete (drop->uploadfn); drop->uploadfn = 0; drop->state = cs_zombie; // become free in a few seconds drop->connection_started = realtime; // for zombie timeout drop->old_frags = 0; SVfloat (drop->edict, frags) = 0; drop->name[0] = 0; if (drop->userinfo) Info_Destroy (drop->userinfo); drop->userinfo = 0; // send notification to all remaining clients SV_FullClientUpdate (drop, &sv.reliable_datagram); // Trigger GIB event if (sv_client_disconnect_e->func) GIB_Event_Callback (sv_client_disconnect_e, 1, va ("%u", drop->userid)); } int SV_CalcPing (client_t *cl) { float ping; int count, i; register client_frame_t *frame; if (cl->state == cs_server) return cl->ping; ping = 0; count = 0; for (frame = cl->delta.frames, i = 0; i < UPDATE_BACKUP; i++, frame++) { if (frame->ping_time > 0) { ping += frame->ping_time; count++; } } if (!count) return 9999; ping /= count; return ping * 1000; } static int make_info_string_filter (const char *key) { return *key == '_' || !Info_FilterForKey (key, client_info_filters); } /* SV_FullClientUpdate Writes all update values to a sizebuf */ void SV_FullClientUpdate (client_t *client, sizebuf_t *buf) { const char *info; int i; i = client - svs.clients; // SV_Printf ("SV_FullClientUpdate: Updated frags for client %d\n", i); MSG_WriteByte (buf, svc_updatefrags); MSG_WriteByte (buf, i); MSG_WriteShort (buf, client->old_frags); MSG_WriteByte (buf, svc_updateping); MSG_WriteByte (buf, i); MSG_WriteShort (buf, SV_CalcPing (client)); MSG_WriteByte (buf, svc_updatepl); MSG_WriteByte (buf, i); MSG_WriteByte (buf, client->lossage); MSG_WriteByte (buf, svc_updateentertime); MSG_WriteByte (buf, i); MSG_WriteFloat (buf, realtime - client->connection_started); info = client->userinfo ? Info_MakeString (client->userinfo, make_info_string_filter) : ""; MSG_WriteByte (buf, svc_updateuserinfo); MSG_WriteByte (buf, i); MSG_WriteLong (buf, client->userid); MSG_WriteString (buf, info); } /* SV_FullClientUpdateToClient Writes all update values to a client's reliable stream */ void SV_FullClientUpdateToClient (client_t *client, backbuf_t *backbuf) { if (client->state < cs_connected && client->state != cs_server) return; MSG_ReliableCheckBlock (backbuf, 24 + Info_CurrentSize (client->userinfo)); if (backbuf->num_backbuf) { SV_FullClientUpdate (client, &backbuf->backbuf); MSG_Reliable_FinishWrite (backbuf); } else SV_FullClientUpdate (client, &backbuf->netchan->message); } /* CONNECTIONLESS COMMANDS */ /* CheckForFlood :: EXPERIMENTAL Makes it more difficult to use Quake servers for DoS attacks against other sites. Bad sides: affects gamespy and spytools somewhat... */ static int CheckForFlood (flood_enum_t cmdtype) { double currenttime; double oldestTime; static double lastmessagetime = 0; static flood_t floodstatus[DOSFLOODCMDS][DOSFLOODIP]; int oldest, i; static qboolean firsttime = true; if (!sv_netdosprotect->int_val) return 0; oldestTime = 0x7fffffff; oldest = 0; if (firsttime) { memset (floodstatus, 0, sizeof (flood_t) * DOSFLOODCMDS * DOSFLOODIP); firsttime = false; } currenttime = Sys_DoubleTime (); for (i = 0; i < DOSFLOODIP; i++) { if (NET_CompareBaseAdr (net_from, floodstatus[cmdtype][i].adr)) break; if (floodstatus[cmdtype][i].issued < oldestTime) { oldestTime = floodstatus[cmdtype][i].issued; oldest = i; } } if (i < DOSFLOODIP && floodstatus[cmdtype][i].issued) { if ((floodstatus[cmdtype][i].issued + netdosexpire[cmdtype]) > currenttime) { floodstatus[cmdtype][i].floodcount += 1; if (floodstatus[cmdtype][i].floodcount > netdosvalues[cmdtype]) { if ((lastmessagetime + 5) < currenttime) SV_Printf ("Blocking type %d flood from (or to) %s\n", cmdtype, NET_AdrToString (net_from)); floodstatus[cmdtype][i].floodcount = 0; floodstatus[cmdtype][i].issued = currenttime; floodstatus[cmdtype][i].cmdcount += 1; lastmessagetime = currenttime; return 1; } } else { floodstatus[cmdtype][i].floodcount = 0; } } if (i == DOSFLOODIP) { i = oldest; floodstatus[cmdtype][i].adr = net_from; floodstatus[cmdtype][i].firstseen = currenttime; floodstatus[cmdtype][i].cmdcount = 0; floodstatus[cmdtype][i].floodcount = 0; } floodstatus[cmdtype][i].issued = currenttime; floodstatus[cmdtype][i].cmdcount += 1; return 0; } /* SVC_Status Responds with all the info that qplug or qspy can see This message can be up to around 5k with worst case string lengths. */ static void SVC_Status (void) { client_t *cl; int ping, bottom, top, i; if (!sv_allow_status->int_val) return; if (CheckForFlood (FLOOD_STATUS)) return; con_printf_no_log = 1; SV_BeginRedirect (RD_PACKET); SV_Printf ("%s\n", Info_MakeString (svs.info, 0)); for (i = 0; i < MAX_CLIENTS; i++) { cl = &svs.clients[i]; if ((cl->state >= cs_connected) && !cl->spectator) { top = atoi (Info_ValueForKey (cl->userinfo, "topcolor")); bottom = atoi (Info_ValueForKey (cl->userinfo, "bottomcolor")); top = (top < 0) ? 0 : ((top > 13) ? 13 : top); bottom = (bottom < 0) ? 0 : ((bottom > 13) ? 13 : bottom); ping = SV_CalcPing (cl); SV_Printf ("%i %i %i %i \"%s\" \"%s\" %i %i\n", cl->userid, cl->old_frags, (int) (realtime - cl->connection_started) / 60, ping, cl->name, Info_ValueForKey (cl->userinfo, "skin"), top, bottom); } } SV_EndRedirect (); con_printf_no_log = 0; } /* SV_CheckLog */ #define LOG_HIGHWATER (MAX_DATAGRAM - 100) #define LOG_FLUSH 10*60 static void SV_CheckLog (void) { sizebuf_t *sz; sz = &svs.log[svs.logsequence & 1]; // bump sequence if allmost full, or ten minutes have passed and // there is something still sitting there if (sz->cursize > LOG_HIGHWATER || (realtime - svs.logtime > LOG_FLUSH && sz->cursize)) { // swap buffers and bump sequence svs.logtime = realtime; svs.logsequence++; sz = &svs.log[svs.logsequence & 1]; sz->cursize = 0; SV_Printf ("beginning fraglog sequence %i\n", svs.logsequence); } } /* SVC_Log Responds with all the logged frags for ranking programs. If a sequence number is passed as a parameter and it is the same as the current sequence, an A2A_NACK will be returned instead of the data. */ static void SVC_Log (void) { char data[MAX_DATAGRAM + 64]; int seq; if (!sv_allow_log->int_val) return; if (CheckForFlood (FLOOD_LOG)) return; if (Cmd_Argc () == 2) seq = atoi (Cmd_Argv (1)); else seq = -1; if (seq == svs.logsequence - 1 || !sv_fraglogfile) { // they already have this data, or we aren't logging frags data[0] = A2A_NACK; Netchan_SendPacket (1, data, net_from); return; } Sys_MaskPrintf (SYS_DEV, "sending log %i to %s\n", svs.logsequence - 1, NET_AdrToString (net_from)); // snprintf (data, sizeof (data), "stdlog %i\n", svs.logsequence - 1); // strncat (data, (char *) svs.log_buf[((svs.logsequence - 1) & 1)], // sizeof (data) - strlen (data)); snprintf (data, sizeof (data), "stdlog %i\n%s", svs.logsequence - 1, (char *) svs.log_buf[((svs.logsequence - 1) & 1)]); Netchan_SendPacket (strlen (data) + 1, data, net_from); } /* SVC_Ping Just responds with an acknowledgement */ static void SVC_Ping (void) { char data; if (!sv_allow_ping->int_val) return; if (CheckForFlood (FLOOD_PING)) return; data = A2A_ACK; Netchan_SendPacket (1, &data, net_from); } /* SVC_GetChallenge Returns a challenge number that can be used in a subsequent client_connect command. We do this to prevent denial of service attacks that flood the server with invalid connection IPs. With a challenge, they must give a valid IP address. */ static void SVC_GetChallenge (void) { int oldest, oldestTime, i; const char *extended = ""; oldest = 0; oldestTime = 0x7fffffff; // see if we already have a challenge for this ip for (i = 0; i < MAX_CHALLENGES; i++) { if (NET_CompareBaseAdr (net_from, svs.challenges[i].adr)) break; if (svs.challenges[i].time < oldestTime) { oldestTime = svs.challenges[i].time; oldest = i; } } if (i == MAX_CHALLENGES) { // overwrite the oldest svs.challenges[oldest].challenge = (rand () << 16) ^ rand (); svs.challenges[oldest].adr = net_from; svs.challenges[oldest].time = realtime; i = oldest; } if (sv_extensions->int_val) { extended = " QF qtv EXT"; } // send it to the client Netchan_OutOfBandPrint (net_from, "%c%i%s", S2C_CHALLENGE, svs.challenges[i].challenge, extended); } client_t * SV_AllocClient (int spectator, int server) { client_t *cl; int i, clients, spectators, free, bots; static int userid; // count up the clients and spectators clients = 0; spectators = 0; free = 0; bots = 0; for (i = 0, cl = svs.clients; i < MAX_CLIENTS; i++, cl++) { if (cl->state == cs_free) free++; else if (cl->state == cs_server) bots++; else if (cl->spectator) spectators++; else clients++; } // if at server limits, refuse connection if (!free || (!server && ((spectator && spectators >= maxspectators->int_val) || (!spectator && clients >= maxclients->int_val)))) { return 0; } // find a client slot for (i = 0, cl = svs.clients; i < MAX_CLIENTS; i++, cl++) { if (cl->state == cs_free) { svs.num_clients++; memset (cl, 0, sizeof (client_t)); cl->userid = userid++; // so every client gets a unique id if (userid < 0) // reserve -ve userids for special purposes userid = 0; cl->edict = EDICT_NUM (&sv_pr_state, (cl - svs.clients) + 1); return cl; } } SV_Printf ("WARNING: miscounted available clients\n"); return 0; } /* SVC_DirectConnect A connection request that did not come from the master */ static void SVC_DirectConnect (void) { info_t *userinfo = 0; const char *s; client_t *cl, *newcl; int challenge, version, i, qtv = 0; int qport; netadr_t adr; qboolean spectator; client_frame_t *frames; if (CheckForFlood (FLOOD_CONNECT)) return; s = Cmd_Argv (1); if (!strcmp (s, "qtv")) { qtv = 1; } else { version = atoi (s); if (version != PROTOCOL_VERSION) { Netchan_OutOfBandPrint (net_from, "%c\nServer is version %s.\n", A2C_PRINT, QW_VERSION); SV_Printf ("* rejected connect from version %i\n", version); return; } } qport = atoi (Cmd_Argv (2)); challenge = atoi (Cmd_Argv (3)); if (strlen (Cmd_Argv (4)) < MAX_INFO_STRING) userinfo = Info_ParseString (Cmd_Argv (4), 1023, !sv_highchars->int_val); // Validate the userinfo string. if (!userinfo) { Netchan_OutOfBandPrint (net_from, "%c\nInvalid userinfo string.\n", A2C_PRINT); return; } // see if the challenge is valid for (i = 0; i < MAX_CHALLENGES; i++) { if (NET_CompareBaseAdr (net_from, svs.challenges[i].adr)) { if (challenge == svs.challenges[i].challenge) break; // good Netchan_OutOfBandPrint (net_from, "%c\nBad challenge.\n", A2C_PRINT); return; } } if (i == MAX_CHALLENGES) { Netchan_OutOfBandPrint (net_from, "%c\nNo challenge for address.\n", A2C_PRINT); return; } if (qtv) { SV_qtvConnect (qport, userinfo); return; } s = Info_ValueForKey (userinfo, "*qf_version"); if ((!s[0]) || sv_minqfversion->string[0]) { // kick old clients? if (ver_compare (s, sv_minqfversion->string) < 0) { SV_Printf ("%s: Version %s is less than minimum version %s.\n", NET_AdrToString (net_from), s, sv_minqfversion->string); Netchan_OutOfBandPrint (net_from, "%c\nserver requires QuakeForge " "v%s or greater. Get it from " "http://www.quakeforge.net/\n", A2C_PRINT, sv_minqfversion->string); return; } } // check for password or spectator_password s = Info_ValueForKey (userinfo, "spectator"); if (s[0] && strcmp (s, "0")) { if (spectator_password->string[0] && !strcaseequal (spectator_password->string, "none") && !strequal (spectator_password->string, s)) { // failed SV_Printf ("%s: spectator password failed\n", NET_AdrToString (net_from)); Netchan_OutOfBandPrint (net_from, "%c\nrequires a spectator password\n\n", A2C_PRINT); return; } Info_RemoveKey (userinfo, "spectator"); // remove passwd Info_SetValueForStarKey (userinfo, "*spectator", "1", !sv_highchars->int_val); spectator = true; } else { s = Info_ValueForKey (userinfo, "password"); if (password->string[0] && !strcaseequal (password->string, "none") && !strequal (password->string, s)) { SV_Printf ("%s:password failed\n", NET_AdrToString (net_from)); Netchan_OutOfBandPrint (net_from, "%c\nserver requires a password\n\n", A2C_PRINT); return; } spectator = false; Info_RemoveKey (userinfo, "password"); // remove passwd } adr = net_from; // if there is already a slot for this ip, drop it for (i = 0, cl = svs.clients; i < MAX_CLIENTS; i++, cl++) { if (cl->state < cs_zombie) continue; if (NET_CompareBaseAdr (adr, cl->netchan.remote_address) && (cl->netchan.qport == qport || adr.port == cl->netchan.remote_address.port)) { if (cl->state == cs_connected) { SV_Printf ("%s:dup connect\n", NET_AdrToString (adr)); return; } SV_Printf ("%s:reconnect\n", NET_AdrToString (adr)); SV_DropClient (cl); break; } } if (!(newcl = SV_AllocClient (spectator, 0))) { SV_Printf ("%s:full connect\n", NET_AdrToString (adr)); Netchan_OutOfBandPrint (adr, "%c\nserver is full\n\n", A2C_PRINT); return; } newcl->userinfo = userinfo; // build a new connection // accept the new client // this is the only place a client_t is ever initialized frames = newcl->delta.frames; for (i = 0; i < UPDATE_BACKUP; i++) { frames[i].entities.entities = cl_entities[newcl-svs.clients][i]; memset (cl_entities[newcl-svs.clients][i], 0, sizeof (cl_entities[newcl-svs.clients][i])); } newcl->delta.client = newcl; Netchan_OutOfBandPrint (adr, "%c", S2C_CONNECTION); Netchan_Setup (&newcl->netchan, adr, qport, NC_QPORT_READ); newcl->backbuf.netchan = &newcl->netchan; newcl->backbuf.name = newcl->name; newcl->state = cs_connected; newcl->prespawned = false; newcl->spawned = false; newcl->datagram.allowoverflow = true; newcl->datagram.data = newcl->datagram_buf; newcl->datagram.maxsize = sizeof (newcl->datagram_buf); // spectator mode can be set ONLY at join time newcl->spectator = spectator; // parse some info from the info strings SV_ExtractFromUserinfo (newcl); // JACK: Init the floodprot stuff. for (i = 0; i < 10; i++) newcl->whensaid[i] = 0.0; newcl->whensaidhead = 0; newcl->lockedtill = SV_RestorePenaltyFilter (newcl, ft_mute); // call the progs to get default spawn parms for the new client PR_ExecuteProgram (&sv_pr_state, sv_funcs.SetNewParms); for (i = 0; i < NUM_SPAWN_PARMS; i++) newcl->spawn_parms[i] = sv_globals.parms[i]; if (newcl->spectator) SV_Printf ("Spectator %s (%s) connected\n", newcl->name, NET_AdrToString (adr)); else SV_Printf ("Client %s (%s) connected\n", newcl->name, NET_AdrToString (adr)); newcl->sendinfo = true; // QuakeForge stuff. newcl->msecs = 0; newcl->msec_cheating = 0; newcl->last_check = -1; newcl->cuff_time = SV_RestorePenaltyFilter (newcl, ft_cuff); } static int Rcon_Validate (cvar_t *pass) { if (!strlen (pass->string)) return 0; if (strcmp (Cmd_Argv (1), pass->string)) return 0; return 1; } static char * Name_of_sender (void) { client_t *cl; int i; for (i=0, cl=svs.clients ; istate < cs_zombie) continue; if (!NET_CompareBaseAdr (net_from, cl->netchan.remote_address)) continue; if (cl->netchan.remote_address.port != net_from.port) continue; return cl->name; } return NULL; } /* SVC_RemoteCommand A client issued an rcon command. Shift down the remaining args Redirect all printfs */ static void SVC_RemoteCommand (void) { const char *command; char *name; qboolean admin_cmd = false; qboolean do_cmd = false; if (CheckForFlood (FLOOD_RCON)) return; if (Rcon_Validate (rcon_password)) { do_cmd = true; } else if (Rcon_Validate (admin_password)) { admin_cmd = true; if (strcmp (Cmd_Argv (2), "say") == 0 || strcmp (Cmd_Argv (2), "kick") == 0 || strcmp (Cmd_Argv (2), "ban") == 0 || strcmp (Cmd_Argv (2), "map") == 0 || strcmp (Cmd_Argv (2), "mute") == 0 || strcmp (Cmd_Argv (2), "cuff") == 0 || strcmp (Cmd_Argv (2), "exec") == 0 || strcmp (Cmd_Argv (2), "addip") == 0 || strcmp (Cmd_Argv (2), "listip") == 0 || strcmp (Cmd_Argv (2), "writeip") == 0 || strcmp (Cmd_Argv (2), "removeip") == 0) do_cmd = true; } if ((name = Name_of_sender ())) { // log issuer if (do_cmd && admin_cmd) { SV_BroadcastPrintf (PRINT_HIGH, "Admin %s issued %s command:\n", name, Cmd_Argv (2)); } else if (admin_cmd) { SV_Printf ("Admin %s issued %s command:\n", name, Cmd_Argv (2)); } else { SV_Printf ("User %s %s rcon command:\n", name, do_cmd ? "issued" : "attempted"); } } if (do_cmd) { command = Cmd_Args (2); SV_Printf ("Rcon from %s:\n\trcon (hidden) %s\n", NET_AdrToString (net_from), command); SV_BeginRedirect (RD_PACKET); if (name) rcon_from_user = true; Cmd_ExecuteString (command, src_command); rcon_from_user = false; } else { SV_Printf ("Bad rcon from %s:\n\t rcon (hidden) %s\n", NET_AdrToString (net_from), Cmd_Args (2)); SV_BeginRedirect (RD_PACKET); if (admin_cmd) { SV_Printf ("Command not valid with admin password.\n"); } else { SV_Printf ("Bad rcon_password.\n"); } } SV_EndRedirect (); } /* SV_ConnectionlessPacket A connectionless packet has four leading 0xff characters to distinguish it from a game channel. Clients that are in the game can still send connectionless packets. */ static void SV_ConnectionlessPacket (void) { const char *c, *s; MSG_BeginReading (net_message); MSG_ReadLong (net_message); // skip the -1 marker s = MSG_ReadString (net_message); COM_TokenizeString (s, sv_args); cmd_args = sv_args; c = sv_args->argv[0]->str; if (!strcmp (c, "ping") || (c[0] == A2A_PING && (c[1] == 0 || c[1] == '\n'))) { SVC_Ping (); return; } if (c[0] == A2A_ACK && (c[1] == 0 || c[1] == '\n')) { SV_Printf ("A2A_ACK from %s\n", NET_AdrToString (net_from)); return; } else if (!strcmp (c, "status")) { SVC_Status (); return; } else if (!strcmp (c, "log")) { SVC_Log (); return; } else if (!strcmp (c, "connect")) { SVC_DirectConnect (); return; } else if (!strcmp (c, "getchallenge")) { SVC_GetChallenge (); return; } else if (!strcmp (c, "rcon")) SVC_RemoteCommand (); else SV_Printf ("bad connectionless packet from %s:\n%s\n", NET_AdrToString (net_from), s); } /* PACKET FILTERING You can add or remove addresses from the filter list with: addip removeip The ip address is specified in dot format, and any unspecified digits will match any value, so you can specify an entire class C network with "addip 192.246.40". Removeip will remove only an address specified exactly the same way. You cannot addip a subnet, then removeip a single host. listip Prints the current list of filters. writeip Dumps "addip " commands to listip.cfg so it can be execed at a later date. The filter lists are not saved and restored by default, because I beleive it would cause too much confusion. filterban <0 or 1> If 1 (the default), then ip addresses matching the current list will be prohibited from entering the game. This is the default setting. If 0, then only addresses matching the list will be allowed. This lets you easily set up a private game, or a game that allows only players from your local network. */ typedef struct { int mask; #ifdef HAVE_IPV6 byte ip[16]; #else byte ip[4]; #endif double time; filtertype_t type; } ipfilter_t; #define MAX_IPFILTERS 1024 cvar_t *filterban; cvar_t *sv_filter_automask; int numipfilters; ipfilter_t ipfilters[MAX_IPFILTERS]; unsigned int ipmasks[33]; // network byte order static void SV_GenerateIPMasks (void) { int i; unsigned int j = 0xFFFFFFFF; for (i = 32; i >= 0; i--) { ipmasks[i] = htonl (j); j = j << 1; } } // Note: this function is non-reentrant and not threadsafe static const char * SV_PrintIP (byte *ip) { #ifdef HAVE_IPV6 static char buf[INET6_ADDRSTRLEN]; if (!inet_ntop (AF_INET6, ip, buf, INET6_ADDRSTRLEN)) #else # ifdef _WIN32 static char buf[16]; strcpy (buf, inet_ntoa (*(struct in_addr*)ip)); if (0) # else static char buf[INET_ADDRSTRLEN]; if (!inet_ntop (AF_INET, ip, buf, INET_ADDRSTRLEN)) # endif #endif Sys_Error ("SV_CleanIPList: inet_ntop_failed. wtf?"); return buf; } static inline void SV_MaskIPTrim (byte *ip, int mask) { int i; #ifdef HAVE_IPV6 int intcount = 4; #else int intcount = 1; #endif for (i = 0; i < intcount; i++) { ((unsigned int *)ip)[i] &= ipmasks[mask > 32 ? 32 : mask]; if ((mask -= 32) < 0) mask = 0; } } // assumes b has already been masked static inline qboolean SV_MaskIPCompare (byte *a, byte *b, int mask) { int i; #ifdef HAVE_IPV6 int intcount = 4; #else int intcount = 1; #endif for (i = 0; i < intcount; i++) { unsigned int x, y; memcpy (&x, a + i * 4, 4); memcpy (&y, b + i * 4, 4); if ((x & ipmasks[mask > 32 ? 32 : mask]) != y) return false; if ((mask -= 32) < 0) mask = 0; } return true; } static inline qboolean SV_IPCompare (byte *a, byte *b) { int i; #ifdef HAVE_IPV6 int intcount = 4; #else int intcount = 1; #endif for (i = 0; i < intcount; i++) if (((unsigned int *)a)[i] != ((unsigned int *)b)[i]) return false; return true; } static inline void SV_IPCopy (byte *dest, byte *src) { int i; #ifdef HAVE_IPV6 int intcount = 4; #else int intcount = 1; #endif for (i = 0; i < intcount; i++) ((unsigned int *)dest)[i] = ((unsigned int *)src)[i]; } static qboolean SV_StringToFilter (const char *address, ipfilter_t *f) { #ifdef HAVE_IPV6 byte b[16] = {0}; #else byte b[4] = {0}; #endif int mask = 0; unsigned int i; char *s; char *slash; char *c; s = strdup (address); if (!s) Sys_Error ("SV_StringToFilter: memory allocation failure"); // Parse out the mask (the /8 part) if ((slash = strchr (s, '/'))) { char *endptr; *slash = '\0'; slash++; if (*slash < '0' || *slash > '9' || strchr (slash, '/')) goto bad_address; mask = strtol (slash, &endptr, 10); if (!*slash || *endptr) goto bad_address; } else mask = -1; // parse the ip for ipv6 #ifdef HAVE_IPV6 if (inet_pton (AF_INET6, s, b) != 1) { b[10] = 0xFF; // Prefix bytes for hosts that don't support ipv6 b[11] = 0xFF; // (see RFC 2373, section 2.5.4) i = 12; #else i = 0; #endif c = s; // parse for ipv4, as dotted quad, only we have implicit trailing segments do { int j; if (*c == '.') c++; j = strtol (c, &c, 10); if (j < 0 || j > 255 || i >= sizeof (b)) goto bad_address; b[i++] = j; } while (*c == '.'); if (*c) goto bad_address; // change trailing 0 segments to be a mask, eg 1.2.0.0 gives a /16 mask if (mask == -1) { if (sv_filter_automask->int_val) { mask = sizeof (b) * 8; i = sizeof (b) - 1; while (i >= 0 && !b[i]) { mask -= 8; i--; } } else mask = 0; } #ifdef HAVE_IPV6 } else { mask = 128; } #endif #ifdef HAVE_IPV6 if (mask > 128) #else if (mask > 32) #endif goto bad_address; // incase they did 1.2.3.4/16, change it to 1.2.0.0 for easier comparison SV_MaskIPTrim (b, mask); // yada :) f->mask = mask; SV_IPCopy (f->ip, b); free (s); return true; bad_address: SV_Printf ("Bad filter address: %s\n", address); free (s); return false; } static void SV_RemoveIPFilter (int i) { for (; i + 1 < numipfilters; i++) ipfilters[i] = ipfilters[i + 1]; numipfilters--; } static void SV_CleanIPList (void) { int i; const char *type; for (i = 0; i < numipfilters;) { if (ipfilters[i].time && (ipfilters[i].time <= realtime)) { switch (ipfilters[i].type) { case ft_ban: type = "Ban"; break; case ft_mute: type = "Mute"; break; case ft_cuff: type = "Cuff"; break; default: Sys_Error ("SV_CleanIPList: invalid filter type"); } SV_Printf ("SV_CleanIPList: %s for %s/%d removed\n", type, SV_PrintIP (ipfilters[i].ip), ipfilters[i].mask); SV_RemoveIPFilter (i); } else i++; } } static void SV_AddIP_f (void) { int i; double bantime; filtertype_t type; if (Cmd_Argc () < 2 || Cmd_Argc () > 4) { SV_Printf ("Usage: addip / [