2 * Protocol of online ban list:
\r
5 * GET g_ban_sync_uri?action=ban&hostname=...&ip=xxx.xxx.xxx&duration=nnnn&reason=...................
\r
6 * (IP 1, 2, 3, or 4 octets, 3 octets for example is a /24 mask)
\r
8 * GET g_ban_sync_uri?action=unban&hostname=...&ip=xxx.xxx.xxx
\r
9 * - Querying the ban list
\r
10 * GET g_ban_sync_uri?action=list&hostname=...&servers=xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;...
\r
12 * shows the bans from the listed servers, and possibly others.
\r
13 * Format of a ban is ASCII plain text, four lines per ban, delimited by
\r
14 * newline ONLY (no carriage return):
\r
16 * IP address (also 1, 2, 3, or 4 octets, delimited by dot)
\r
17 * time left in seconds
\r
19 * server IP that registered the ban
\r
22 float Ban_Insert(string ip, float bantime, string reason, float dosync);
\r
24 void OnlineBanList_SendBan(string ip, float bantime, string reason)
\r
29 uri = strcat( "action=ban&hostname=", uri_escape(cvar_string("hostname")));
\r
30 uri = strcat(uri, "&ip=", uri_escape(ip));
\r
31 uri = strcat(uri, "&duration=", ftos(bantime));
\r
32 uri = strcat(uri, "&reason=", uri_escape(reason));
\r
34 n = tokenize_console(cvar_string("g_ban_sync_uri"));
\r
35 if(n >= MAX_IPBAN_URIS)
\r
37 for(i = 0; i < n; ++i)
\r
39 if(strstrofs(argv(i), "?", 0) >= 0)
\r
40 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
\r
42 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
\r
46 void OnlineBanList_SendUnban(string ip)
\r
51 uri = strcat( "action=unban&hostname=", uri_escape(cvar_string("hostname")));
\r
52 uri = strcat(uri, "&ip=", uri_escape(ip));
\r
54 n = tokenize_console(cvar_string("g_ban_sync_uri"));
\r
55 if(n >= MAX_IPBAN_URIS)
\r
57 for(i = 0; i < n; ++i)
\r
59 if(strstrofs(argv(i), "?", 0) >= 0)
\r
60 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
\r
62 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
\r
66 string OnlineBanList_Servers;
\r
67 float OnlineBanList_Timeout;
\r
68 float OnlineBanList_RequestWaiting[MAX_IPBAN_URIS];
\r
70 void OnlineBanList_URI_Get_Callback(float id, float status, string data)
\r
80 id -= URI_GET_IPBAN;
\r
82 if(id >= MAX_IPBAN_URIS)
\r
84 print("Received ban list for invalid ID\n");
\r
88 tokenize_console(cvar_string("g_ban_sync_uri"));
\r
91 print("Received ban list from ", uri, ": ");
\r
93 if(OnlineBanList_RequestWaiting[id] == 0)
\r
95 print("rejected (unexpected)\n");
\r
99 OnlineBanList_RequestWaiting[id] = 0;
\r
101 if(time > OnlineBanList_Timeout)
\r
103 print("rejected (too late)\n");
\r
107 syncinterval = cvar("g_ban_sync_interval");
\r
108 if(syncinterval == 0)
\r
110 print("rejected (syncing disabled)\n");
\r
113 if(syncinterval > 0)
\r
114 syncinterval *= 60;
\r
118 print("error: status is ", ftos(status), "\n");
\r
122 if(substring(data, 0, 1) == "<")
\r
124 print("error: received HTML instead of a ban list\n");
\r
128 if(strstrofs(data, "\r", 0) != -1)
\r
130 print("error: received carriage returns\n");
\r
137 n = tokenizebyseparator(data, "\n");
\r
141 print("error: received invalid item count: ", ftos(n), "\n");
\r
145 print("OK, ", ftos(n / 4), " items\n");
\r
147 for(i = 0; i < n; i += 4)
\r
150 timeleft = stof(argv(i + 1));
\r
151 reason = argv(i + 2);
\r
152 serverip = argv(i + 3);
\r
154 dprint("received ban list item ", ftos(i / 4), ": ip=", ip);
\r
155 dprint(" timeleft=", ftos(timeleft), " reason=", reason);
\r
156 dprint(" serverip=", serverip, "\n");
\r
158 timeleft -= 1.5 * cvar("g_ban_sync_timeout");
\r
163 for(j = 0; j < l; ++j)
\r
164 if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1)
\r
166 print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n");
\r
170 if(cvar("g_ban_sync_trusted_servers_verify"))
\r
171 if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1))
\r
174 if(syncinterval > 0)
\r
175 timeleft = min(syncinterval + (OnlineBanList_Timeout - time) + 5, timeleft);
\r
176 // the ban will be prolonged on the next sync
\r
177 // or expire 5 seconds after the next timeout
\r
178 Ban_Insert(ip, timeleft, strcat("ban synced from ", serverip, " at ", uri), 0);
\r
179 print("Ban list syncing: accepted ban of ", ip, " by ", serverip, " at ", uri, ": ");
\r
180 print(reason, "\n");
\r
186 void OnlineBanList_Think()
\r
192 if(cvar_string("g_ban_sync_uri") == "")
\r
194 if(cvar("g_ban_sync_interval") == 0) // < 0 is okay, it means "sync on level start only"
\r
196 argc = tokenize_console(cvar_string("g_ban_sync_trusted_servers"));
\r
200 if(OnlineBanList_Servers)
\r
201 strunzone(OnlineBanList_Servers);
\r
202 OnlineBanList_Servers = argv(0);
\r
203 for(i = 1; i < argc; ++i)
\r
204 OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i));
\r
205 OnlineBanList_Servers = strzone(OnlineBanList_Servers);
\r
207 uri = strcat( "action=list&hostname=", uri_escape(cvar_string("hostname")));
\r
208 uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers));
\r
210 OnlineBanList_Timeout = time + cvar("g_ban_sync_timeout");
\r
212 n = tokenize_console(cvar_string("g_ban_sync_uri"));
\r
213 if(n >= MAX_IPBAN_URIS)
\r
214 n = MAX_IPBAN_URIS;
\r
215 for(i = 0; i < n; ++i)
\r
217 if(OnlineBanList_RequestWaiting[i])
\r
219 OnlineBanList_RequestWaiting[i] = 1;
\r
220 if(strstrofs(argv(i), "?", 0) >= 0)
\r
221 uri_get(strcat(argv(i), "&", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
\r
223 uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
\r
226 if(cvar("g_ban_sync_interval") > 0)
\r
227 self.nextthink = time + max(60, cvar("g_ban_sync_interval") * 60);
\r
236 #define BAN_MAX 256
\r
238 string ban_ip[BAN_MAX];
\r
239 float ban_expire[BAN_MAX];
\r
250 void Ban_SaveBans()
\r
260 for(i = 0; i < ban_count; ++i)
\r
262 if(time > ban_expire[i])
\r
264 out = strcat(out, " ", ban_ip[i]);
\r
265 out = strcat(out, " ", ftos(ban_expire[i] - time));
\r
267 if(strlen(out) <= 1) // no real entries
\r
268 cvar_set("g_banned_list", "");
\r
270 cvar_set("g_banned_list", out);
\r
273 float Ban_Delete(float i)
\r
279 if(ban_expire[i] == 0)
\r
281 if(ban_expire[i] > 0)
\r
283 OnlineBanList_SendUnban(ban_ip[i]);
\r
284 strunzone(ban_ip[i]);
\r
292 void Ban_LoadBans()
\r
295 for(i = 0; i < ban_count; ++i)
\r
299 n = tokenize_console(cvar_string("g_banned_list"));
\r
300 if(stof(argv(0)) == 1)
\r
302 ban_count = (n - 1) / 2;
\r
303 for(i = 0; i < ban_count; ++i)
\r
305 ban_ip[i] = strzone(argv(2*i+1));
\r
306 ban_expire[i] = time + stof(argv(2*i+2));
\r
312 e.classname = "bansyncer";
\r
313 e.think = OnlineBanList_Think;
\r
314 e.nextthink = time + 1;
\r
321 for(i = 0; i < ban_count; ++i)
\r
323 if(time > ban_expire[i])
\r
325 msg = strcat("#", ftos(i), ": ");
\r
326 msg = strcat(msg, ban_ip[i], " is still banned for ");
\r
327 msg = strcat(msg, ftos(ban_expire[i] - time), " seconds");
\r
332 float Ban_GetClientIP(entity client)
\r
334 // we can't use tokenizing here, as this is called during ban list parsing
\r
335 float i1, i2, i3, i4;
\r
338 s = client.netaddress;
\r
340 i1 = strstrofs(s, ".", 0);
\r
343 i2 = strstrofs(s, ".", i1 + 1);
\r
346 i3 = strstrofs(s, ".", i2 + 1);
\r
349 i4 = strstrofs(s, ".", i3 + 1);
\r
353 ban_ip1 = substring(s, 0, i1);
\r
354 ban_ip2 = substring(s, 0, i2);
\r
355 ban_ip3 = substring(s, 0, i3);
\r
356 ban_ip4 = strcat1(s);
\r
358 ban_uid = client.uid;
\r
364 float Ban_IsClientBanned(entity client, float idx)
\r
369 if(!Ban_GetClientIP(client))
\r
381 for(i = b; i < e; ++i)
\r
384 if(time > ban_expire[i])
\r
387 if(ban_ip1 == s) return TRUE;
\r
388 if(ban_ip2 == s) return TRUE;
\r
389 if(ban_ip3 == s) return TRUE;
\r
390 if(ban_ip4 == s) return TRUE;
\r
392 if(ban_uid == s) return TRUE;
\r
398 float Ban_MaybeEnforceBan(entity client)
\r
400 if(Ban_IsClientBanned(client, -1))
\r
403 s = strcat("^1NOTE:^7 banned client ", client.netaddress, " just tried to enter\n");
\r
404 dropclient(client);
\r
411 string Ban_Enforce(float i, string reason)
\r
416 // Enforce our new ban
\r
418 FOR_EACH_REALCLIENT(e)
\r
419 if(Ban_IsClientBanned(e, i))
\r
424 reason = strcat(reason, ": affects ");
\r
426 reason = strcat(reason, ", ");
\r
427 reason = strcat(reason, e.netname);
\r
429 s = strcat(s, "^1NOTE:^7 banned client ", e.netname, "^7 has to go\n");
\r
437 float Ban_Insert(string ip, float bantime, string reason, float dosync)
\r
444 for(i = 0; i < ban_count; ++i)
\r
445 if(ban_ip[i] == ip)
\r
448 if(time + bantime > ban_expire[i])
\r
450 ban_expire[i] = time + bantime;
\r
451 dprint(ip, "'s ban has been prolonged to ", ftos(bantime), " seconds from now\n");
\r
454 dprint(ip, "'s ban is still active until ", ftos(ban_expire[i] - time), " seconds from now\n");
\r
457 reason = Ban_Enforce(i, reason);
\r
462 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
\r
463 OnlineBanList_SendBan(ip, bantime, reason);
\r
468 // do we have a free slot?
\r
469 for(i = 0; i < ban_count; ++i)
\r
470 if(time > ban_expire[i])
\r
472 // no free slot? Then look for the one who would get unbanned next
\r
476 bestscore = ban_expire[i];
\r
477 for(j = 1; j < ban_count; ++j)
\r
479 if(ban_expire[j] < bestscore)
\r
482 bestscore = ban_expire[i];
\r
486 // if we replace someone, will we be banned longer than him (so long-term
\r
487 // bans never get overridden by short-term bans)
\r
489 if(ban_expire[i] > time + bantime)
\r
491 print(ip, " could not get banned due to no free ban slot\n");
\r
494 // okay, insert our new victim as i
\r
496 dprint(ip, " has been banned for ", ftos(bantime), " seconds\n");
\r
497 ban_expire[i] = time + bantime;
\r
498 ban_ip[i] = strzone(ip);
\r
499 ban_count = max(ban_count, i + 1);
\r
503 reason = Ban_Enforce(i, reason);
\r
508 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
\r
509 OnlineBanList_SendBan(ip, bantime, reason);
\r
514 void Ban_KickBanClient(entity client, float bantime, float masksize, string reason)
\r
516 if(!Ban_GetClientIP(client))
\r
518 sprint(client, strcat("Kickbanned: ", reason, "\n"));
\r
519 dropclient(client);
\r
526 Ban_Insert(ban_ip1, bantime, reason, 1);
\r
529 Ban_Insert(ban_ip2, bantime, reason, 1);
\r
532 Ban_Insert(ban_ip3, bantime, reason, 1);
\r
536 Ban_Insert(ban_ip4, bantime, reason, 1);
\r
540 Ban_Insert(ban_uid, bantime, reason, 1);
\r
545 * not needed, as we enforce the ban in Ban_Insert anyway
\r
547 sprint(client, strcat("Kickbanned: ", reason, "\n"));
\r
548 dropclient(client);
\r
552 float GameCommand_Ban(string command)
\r
562 argc = tokenize_console(command);
\r
563 if(argv(0) == "help")
\r
565 print(" kickban # n m p reason - kickban player n for m seconds, using mask size p (1 to 4)\n");
\r
566 print(" ban ip m reason - ban an IP or range (incomplete IP, like 1.2.3) for m seconds\n");
\r
567 print(" bans - list all existing bans\n");
\r
568 print(" unban n - delete the entry #n from the bans list\n");
\r
571 if(argv(0) == "kickban")
\r
573 #define INITARG(c) reasonarg = c
\r
574 #define GETARG(v,d) if((argc > reasonarg) && ((v = stof(argv(reasonarg))) != 0)) ++reasonarg; else v = d
\r
575 #define RESTARG(v) if(argc > reasonarg) v = substring(command, argv_start_index(reasonarg), strlen(command) - argv_start_index(reasonarg)); else v = ""
\r
578 entno = stof(argv(2));
\r
579 if(entno > maxclients || entno < 1)
\r
581 client = edict_num(entno);
\r
584 GETARG(bantime, cvar("g_ban_default_bantime"));
\r
585 GETARG(masksize, cvar("g_ban_default_masksize"));
\r
588 Ban_KickBanClient(client, bantime, masksize, reason);
\r
592 else if(argv(0) == "ban")
\r
600 GETARG(bantime, cvar("g_ban_default_bantime"));
\r
603 Ban_Insert(ip, bantime, reason, 1);
\r
610 else if(argv(0) == "bans")
\r
615 else if(argv(0) == "unban")
\r
620 who = stof(argv(1));
\r