X-Git-Url: https://git.xonotic.org/?a=blobdiff_plain;f=netconn.c;h=32269b40d0be1455e42316f4a66d726c9ef1661d;hb=5a32d71c5c894401984cb1b96a8a92be7b6eeaff;hp=661455b9d5951d321cb518941ff409cc70b0e51d;hpb=eb4bd4314b0da59714e2502103bbd443a9a4df2e;p=xonotic%2Fdarkplaces.git diff --git a/netconn.c b/netconn.c index 661455b9..32269b40 100755 --- a/netconn.c +++ b/netconn.c @@ -23,6 +23,11 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include "quakedef.h" #include "lhnet.h" +// for secure rcon authentication +#include "hmac.h" +#include "mdfour.h" +#include + #define QWMASTER_PORT 27000 #define DPMASTER_PORT 27950 @@ -36,9 +41,9 @@ static cvar_t sv_masters [] = {CVAR_SAVE, "sv_master2", "", "user-chosen master server 2"}, {CVAR_SAVE, "sv_master3", "", "user-chosen master server 3"}, {CVAR_SAVE, "sv_master4", "", "user-chosen master server 4"}, - {0, "sv_masterextra1", "ghdigital.com", "default master server 1 (admin: LordHavoc)"}, // admin: LordHavoc - {0, "sv_masterextra2", "dpmaster.deathmask.net", "default master server 2 (admin: Willis)"}, // admin: Willis - {0, "sv_masterextra3", "dpmaster.tchr.no", "default master server 3 (admin: tChr)"}, // admin: tChr + {0, "sv_masterextra1", "69.59.212.88", "ghdigital.com - default master server 1 (admin: LordHavoc)"}, // admin: LordHavoc + {0, "sv_masterextra2", "64.22.107.125", "dpmaster.deathmask.net - default master server 2 (admin: Willis)"}, // admin: Willis + {0, "sv_masterextra3", "92.62.40.73", "dpmaster.tchr.no - default master server 3 (admin: tChr)"}, // admin: tChr {0, NULL, NULL, NULL} }; @@ -62,7 +67,7 @@ sizebuf_t net_message; static unsigned char net_message_buf[NET_MAXMESSAGE]; cvar_t net_messagetimeout = {0, "net_messagetimeout","300", "drops players who have not sent any packets for this many seconds"}; -cvar_t net_connecttimeout = {0, "net_connecttimeout","10", "after requesting a connection, the client must reply within this many seconds or be dropped (cuts down on connect floods)"}; +cvar_t net_connecttimeout = {0, "net_connecttimeout","15", "after requesting a connection, the client must reply within this many seconds or be dropped (cuts down on connect floods). Must be above 10 seconds."}; cvar_t net_connectfloodblockingtimeout = {0, "net_connectfloodblockingtimeout", "5", "when a connection packet is received, it will block all future connect packets from that IP address for this many seconds (cuts down on connect floods)"}; cvar_t hostname = {CVAR_SAVE, "hostname", "UNNAMED", "server message to show in server browser"}; cvar_t developer_networking = {0, "developer_networking", "0", "prints all received and sent packets (recommended only for debugging)"}; @@ -75,10 +80,15 @@ static cvar_t net_slist_queriesperframe = {0, "net_slist_queriesperframe", "4", static cvar_t net_slist_timeout = {0, "net_slist_timeout", "4", "how long to listen for a server information response before giving up"}; static cvar_t net_slist_pause = {0, "net_slist_pause", "0", "when set to 1, the server list won't update until it is set back to 0"}; static cvar_t net_slist_maxtries = {0, "net_slist_maxtries", "3", "how many times to ask the same server for information (more times gives better ping reports but takes longer)"}; - -static cvar_t gameversion = {0, "gameversion", "0", "version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible"}; -static cvar_t rcon_restricted_password = {CVAR_PRIVATE, "rcon_restricted_password", "", "password to authenticate rcon commands in restricted mode"}; +static cvar_t net_slist_favorites = {CVAR_SAVE | CVAR_NQUSERINFOHACK, "net_slist_favorites", "", "contains a list of IP addresses and ports to always query explicitly"}; +static cvar_t gameversion = {0, "gameversion", "0", "version of game data (mod-specific) to be sent to querying clients"}; +static cvar_t gameversion_min = {0, "gameversion_min", "-1", "minimum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"}; +static cvar_t gameversion_max = {0, "gameversion_max", "-1", "maximum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"}; +static cvar_t rcon_restricted_password = {CVAR_PRIVATE, "rcon_restricted_password", "", "password to authenticate rcon commands in restricted mode; may be set to a string of the form user1:pass1 user2:pass2 user3:pass3 to allow multiple user accounts - the client then has to specify ONE of these combinations"}; static cvar_t rcon_restricted_commands = {0, "rcon_restricted_commands", "", "allowed commands for rcon when the restricted mode password was used"}; +static cvar_t rcon_secure_maxdiff = {0, "rcon_secure_maxdiff", "5", "maximum time difference between rcon request and server system clock (to protect against replay attack)"}; +extern cvar_t rcon_secure; +extern cvar_t rcon_secure_challengetimeout; /* statistic counters */ static int packetsSent = 0; @@ -98,12 +108,12 @@ int masterreplycount = 0; int serverquerycount = 0; int serverreplycount = 0; -// this is only false if there are still servers left to query +/// this is only false if there are still servers left to query static qboolean serverlist_querysleep = true; static qboolean serverlist_paused = false; -// this is pushed a second or two ahead of realtime whenever a master server -// reply is received, to avoid issuing queries while master replies are still -// flooding in (which would make a mess of the ping times) +/// this is pushed a second or two ahead of realtime whenever a master server +/// reply is received, to avoid issuing queries while master replies are still +/// flooding in (which would make a mess of the ping times) static double serverlist_querywaittime = 0; static unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE]; @@ -119,19 +129,23 @@ mempool_t *netconn_mempool = NULL; cvar_t cl_netport = {0, "cl_port", "0", "forces client to use chosen port number if not 0"}; cvar_t sv_netport = {0, "port", "26000", "server port for players to connect to"}; -cvar_t net_address = {0, "net_address", "0.0.0.0", "network address to open ports on"}; -//cvar_t net_netaddress_ipv6 = {0, "net_address_ipv6", "[0:0:0:0:0:0:0:0]", "network address to open ipv6 ports on"}; +cvar_t net_address = {0, "net_address", "", "network address to open ipv4 ports on (if empty, use default interfaces)"}; +cvar_t net_address_ipv6 = {0, "net_address_ipv6", "", "network address to open ipv6 ports on (if empty, use default interfaces)"}; -char net_extresponse[NET_EXTRESPONSE_MAX][1400]; -int net_extresponse_count = 0; -int net_extresponse_last = 0; +char cl_net_extresponse[NET_EXTRESPONSE_MAX][1400]; +int cl_net_extresponse_count = 0; +int cl_net_extresponse_last = 0; + +char sv_net_extresponse[NET_EXTRESPONSE_MAX][1400]; +int sv_net_extresponse_count = 0; +int sv_net_extresponse_last = 0; // ServerList interface serverlist_mask_t serverlist_andmasks[SERVERLIST_ANDMASKCOUNT]; serverlist_mask_t serverlist_ormasks[SERVERLIST_ORMASKCOUNT]; serverlist_infofield_t serverlist_sortbyfield; -qboolean serverlist_sortdescending; +int serverlist_sortflags; int serverlist_viewcount = 0; serverlist_entry_t *serverlist_viewlist[SERVERLIST_VIEWLISTSIZE]; @@ -141,8 +155,23 @@ serverlist_entry_t serverlist_cache[SERVERLIST_TOTALSIZE]; qboolean serverlist_consoleoutput; -// helper function to insert a value into the viewset -// spare entries will be removed +static int nFavorites = 0; +static lhnetaddress_t favorites[256]; + +void NetConn_UpdateFavorites(void) +{ + const char *p; + nFavorites = 0; + p = net_slist_favorites.string; + while((size_t) nFavorites < sizeof(favorites) / sizeof(*favorites) && COM_ParseToken_Console(&p)) + { + if(LHNETADDRESS_FromString(&favorites[nFavorites], com_token, 26000)) + ++nFavorites; + } +} + +/// helper function to insert a value into the viewset +/// spare entries will be removed static void _ServerList_ViewList_Helper_InsertBefore( int index, serverlist_entry_t *entry ) { int i; @@ -158,7 +187,7 @@ static void _ServerList_ViewList_Helper_InsertBefore( int index, serverlist_entr serverlist_viewlist[index] = entry; } -// we suppose serverlist_viewcount to be valid, ie > 0 +/// we suppose serverlist_viewcount to be valid, ie > 0 static void _ServerList_ViewList_Helper_Remove( int index ) { serverlist_viewcount--; @@ -166,11 +195,17 @@ static void _ServerList_ViewList_Helper_Remove( int index ) serverlist_viewlist[index] = serverlist_viewlist[index + 1]; } -// returns true if A should be inserted before B +/// \returns true if A should be inserted before B static qboolean _ServerList_Entry_Compare( serverlist_entry_t *A, serverlist_entry_t *B ) { int result = 0; // > 0 if for numbers A > B and for text if A < B + if( serverlist_sortflags & SLSF_FAVORITESFIRST ) + { + if(A->info.isfavorite != B->info.isfavorite) + return A->info.isfavorite; + } + switch( serverlist_sortbyfield ) { case SLIF_PING: result = A->info.ping - B->info.ping; @@ -211,18 +246,22 @@ static qboolean _ServerList_Entry_Compare( serverlist_entry_t *A, serverlist_ent case SLIF_QCSTATUS: result = strcasecmp( B->info.qcstatus, A->info.qcstatus ); // not really THAT useful, though break; - case SLIF_PLAYERS: - result = strcasecmp( B->info.players, A->info.qcstatus ); // not really THAT useful, though + case SLIF_ISFAVORITE: + result = !!B->info.isfavorite - !!A->info.isfavorite; break; default: Con_DPrint( "_ServerList_Entry_Compare: Bad serverlist_sortbyfield!\n" ); break; } - if( serverlist_sortdescending ) - return result > 0; if (result != 0) - return result < 0; + { + if( serverlist_sortflags & SLSF_DESCENDING ) + return result > 0; + else + return result < 0; + } + // if the chosen sort key is identical, sort by index // (makes this a stable sort, so that later replies from servers won't // shuffle the servers around when they have the same ping) @@ -334,17 +373,43 @@ static qboolean _ServerList_Entry_Mask( serverlist_mask_t *mask, serverlist_info if( *mask->info.players && !_ServerList_CompareStr( info->players, mask->tests[SLIF_PLAYERS], mask->info.players ) ) return false; + if( !_ServerList_CompareInt( info->isfavorite, mask->tests[SLIF_ISFAVORITE], mask->info.isfavorite )) + return false; return true; } static void ServerList_ViewList_Insert( serverlist_entry_t *entry ) { - int start, end, mid; + int start, end, mid, i; + lhnetaddress_t addr; // reject incompatible servers - if (entry->info.gameversion != gameversion.integer) + if( + entry->info.gameversion != gameversion.integer + && + !( + gameversion_min.integer >= 0 // min/max range set by user/mod? + && gameversion_max.integer >= 0 + && gameversion_min.integer >= entry->info.gameversion // version of server in min/max range? + && gameversion_max.integer <= entry->info.gameversion + ) + ) return; + // refresh the "favorite" status + entry->info.isfavorite = false; + if(LHNETADDRESS_FromString(&addr, entry->info.cname, 26000)) + { + for(i = 0; i < nFavorites; ++i) + { + if(LHNETADDRESS_Compare(&addr, &favorites[i]) == 0) + { + entry->info.isfavorite = true; + break; + } + } + } + // FIXME: change this to be more readable (...) // now check whether it passes through the masks for( start = 0 ; start < SERVERLIST_ANDMASKCOUNT && serverlist_andmasks[start].active; start++ ) @@ -505,11 +570,11 @@ int NetConn_Read(lhnetsocket_t *mysocket, void *data, int maxlength, lhnetaddres if (length > 0) { LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true); - Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i from %s:\n", mysocket, addressstring, data, maxlength, peeraddress, length, addressstring2); + Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i from %s:\n", (void *)mysocket, addressstring, (void *)data, maxlength, (void *)peeraddress, length, addressstring2); Com_HexDumpToConsole((unsigned char *)data, length); } else - Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i\n", mysocket, addressstring, data, maxlength, peeraddress, length); + Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i\n", (void *)mysocket, addressstring, (void *)data, maxlength, (void *)peeraddress, length); } return length; } @@ -528,7 +593,7 @@ int NetConn_Write(lhnetsocket_t *mysocket, const void *data, int length, const l char addressstring[128], addressstring2[128]; LHNETADDRESS_ToString(LHNET_AddressFromSocket(mysocket), addressstring, sizeof(addressstring), true); LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true); - Con_Printf("LHNET_Write(%p (%s), %p, %i, %p (%s)) = %i%s\n", mysocket, addressstring, data, length, peeraddress, addressstring2, length, ret == length ? "" : " (ERROR)"); + Con_Printf("LHNET_Write(%p (%s), %p, %i, %p (%s)) = %i%s\n", (void *)mysocket, addressstring, (void *)data, length, (void *)peeraddress, addressstring2, length, ret == length ? "" : " (ERROR)"); Com_HexDumpToConsole((unsigned char *)data, length); } return ret; @@ -543,14 +608,15 @@ int NetConn_WriteString(lhnetsocket_t *mysocket, const char *string, const lhnet qboolean NetConn_CanSend(netconn_t *conn) { conn->outgoing_packetcounter = (conn->outgoing_packetcounter + 1) % NETGRAPH_PACKETS; - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] = NETGRAPH_NOPACKET; - conn->outgoing_reliablesize[conn->outgoing_packetcounter] = NETGRAPH_NOPACKET; - conn->outgoing_acksize[conn->outgoing_packetcounter] = NETGRAPH_NOPACKET; + conn->outgoing_netgraph[conn->outgoing_packetcounter].time = realtime; + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET; + conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes = NETGRAPH_NOPACKET; + conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes = NETGRAPH_NOPACKET; if (realtime > conn->cleartime) return true; else { - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] = NETGRAPH_CHOKEDPACKET; + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_CHOKEDPACKET; return false; } } @@ -562,8 +628,8 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers // if this packet was supposedly choked, but we find ourselves sending one // anyway, make sure the size counting starts at zero // (this mostly happens on level changes and disconnects and such) - if (conn->outgoing_unreliablesize[conn->outgoing_packetcounter] == NETGRAPH_CHOKEDPACKET) - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] = NETGRAPH_NOPACKET; + if (conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes == NETGRAPH_CHOKEDPACKET) + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET; if (protocol == PROTOCOL_QUAKEWORLD) { @@ -606,12 +672,12 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers return -1; } - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] += packetLen; + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += packetLen + 28; // add the reliable message if there is one if (sendreliable) { - conn->outgoing_reliablesize[conn->outgoing_packetcounter] += conn->sendMessageLength; + conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += conn->sendMessageLength + 28; memcpy(sendbuffer + packetLen, conn->sendMessage, conn->sendMessageLength); packetLen += conn->sendMessageLength; conn->qw.last_reliable_sequence = conn->outgoing_unreliable_sequence; @@ -620,7 +686,7 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers // add the unreliable message if possible if (packetLen + data->cursize <= 1400) { - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] += data->cursize; + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += data->cursize + 28; memcpy(sendbuffer + packetLen, data->data, data->cursize); packetLen += data->cursize; } @@ -660,7 +726,7 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers header[1] = BigLong(conn->nq.sendSequence - 1); memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen); - conn->outgoing_reliablesize[conn->outgoing_packetcounter] += packetLen; + conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += packetLen + 28; if (NetConn_Write(conn->mysocket, (void *)&sendbuffer, packetLen, &conn->peeraddress) == (int)packetLen) { @@ -711,7 +777,7 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers conn->nq.sendSequence++; - conn->outgoing_reliablesize[conn->outgoing_packetcounter] += packetLen; + conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += packetLen + 28; NetConn_Write(conn->mysocket, (void *)&sendbuffer, packetLen, &conn->peeraddress); @@ -740,7 +806,7 @@ int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolvers conn->outgoing_unreliable_sequence++; - conn->outgoing_unreliablesize[conn->outgoing_packetcounter] += packetLen; + conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += packetLen + 28; NetConn_Write(conn->mysocket, (void *)&sendbuffer, packetLen, &conn->peeraddress); @@ -778,12 +844,17 @@ void NetConn_CloseClientPorts(void) LHNET_CloseSocket(cl_sockets[cl_numsockets - 1]); } -void NetConn_OpenClientPort(const char *addressstring, int defaultport) +void NetConn_OpenClientPort(const char *addressstring, lhnetaddresstype_t addresstype, int defaultport) { lhnetaddress_t address; lhnetsocket_t *s; + int success; char addressstring2[1024]; - if (LHNETADDRESS_FromString(&address, addressstring, defaultport)) + if (addressstring && addressstring[0]) + success = LHNETADDRESS_FromString(&address, addressstring, defaultport); + else + success = LHNETADDRESS_FromPort(&address, addresstype, defaultport); + if (success) { if ((s = LHNET_OpenSocket_Connectionless(&address))) { @@ -812,9 +883,9 @@ void NetConn_OpenClientPorts(void) Con_Printf("Client using an automatically assigned port\n"); else Con_Printf("Client using port %i\n", port); - NetConn_OpenClientPort("local:2", 0); - NetConn_OpenClientPort(net_address.string, port); - //NetConn_OpenClientPort(net_address_ipv6.string, port); + NetConn_OpenClientPort(NULL, LHNETADDRESSTYPE_LOOP, 2); + NetConn_OpenClientPort(net_address.string, LHNETADDRESSTYPE_INET4, port); + NetConn_OpenClientPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port); } void NetConn_CloseServerPorts(void) @@ -824,23 +895,28 @@ void NetConn_CloseServerPorts(void) LHNET_CloseSocket(sv_sockets[sv_numsockets - 1]); } -void NetConn_OpenServerPort(const char *addressstring, int defaultport) +qboolean NetConn_OpenServerPort(const char *addressstring, lhnetaddresstype_t addresstype, int defaultport, int range) { lhnetaddress_t address; lhnetsocket_t *s; int port; char addressstring2[1024]; + int success; - for (port = defaultport; port <= defaultport + 100; port++) + for (port = defaultport; port <= defaultport + range; port++) { - if (LHNETADDRESS_FromString(&address, addressstring, port)) + if (addressstring && addressstring[0]) + success = LHNETADDRESS_FromString(&address, addressstring, port); + else + success = LHNETADDRESS_FromPort(&address, addresstype, port); + if (success) { if ((s = LHNET_OpenSocket_Connectionless(&address))) { sv_sockets[sv_numsockets++] = s; LHNETADDRESS_ToString(LHNET_AddressFromSocket(s), addressstring2, sizeof(addressstring2), true); Con_Printf("Server listening on address %s\n", addressstring2); - break; + return true; } else { @@ -852,9 +928,10 @@ void NetConn_OpenServerPort(const char *addressstring, int defaultport) { Con_Printf("Server unable to parse address %s\n", addressstring); // if it cant parse one address, it wont be able to parse another for sure - break; + return false; } } + return false; } void NetConn_OpenServerPorts(int opennetports) @@ -869,11 +946,11 @@ void NetConn_OpenServerPorts(int opennetports) if (sv_netport.integer != port) Cvar_SetValueQuick(&sv_netport, port); if (cls.state != ca_dedicated) - NetConn_OpenServerPort("local:1", 0); + NetConn_OpenServerPort(NULL, LHNETADDRESSTYPE_LOOP, 1, 1); if (opennetports) { - NetConn_OpenServerPort(net_address.string, port); - //NetConn_OpenServerPort(net_address_ipv6.string, port); + qboolean ip4success = NetConn_OpenServerPort(net_address.string, LHNETADDRESSTYPE_INET4, port, 100); + NetConn_OpenServerPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port, ip4success ? 1 : 100); } if (sv_numsockets == 0) Host_Error("NetConn_OpenServerPorts: unable to open any ports!"); @@ -950,6 +1027,8 @@ static int clientport2 = -1; static int hostport = -1; void NetConn_UpdateSockets(void) { + int i, j; + if (cls.state != ca_dedicated) { if (clientport2 != cl_netport.integer) @@ -973,6 +1052,23 @@ void NetConn_UpdateSockets(void) if (sv.active) Con_Print("Changing \"port\" will not take effect until \"map\" command is executed.\n"); } + + for (j = 0;j < MAX_RCONS;j++) + { + i = (cls.rcon_ringpos + j + 1) % MAX_RCONS; + if(cls.rcon_commands[i][0]) + { + if(realtime > cls.rcon_timeout[i]) + { + char s[128]; + LHNETADDRESS_ToString(&cls.rcon_addresses[i], s, sizeof(s), true); + Con_Printf("rcon to %s (for command %s) failed: challenge request timed out\n", s, cls.rcon_commands[i]); + cls.rcon_commands[i][0] = 0; + --cls.rcon_trying; + break; + } + } + } } static int NetConn_ReceivedMessage(netconn_t *conn, unsigned char *data, int length, protocolversion_t protocol, double newtimeout) @@ -1022,15 +1118,17 @@ static int NetConn_ReceivedMessage(netconn_t *conn, unsigned char *data, int len while (count--) { conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS; - conn->incoming_unreliablesize[conn->incoming_packetcounter] = NETGRAPH_LOSTPACKET; - conn->incoming_reliablesize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; - conn->incoming_acksize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime; + conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET; } } conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS; - conn->incoming_unreliablesize[conn->incoming_packetcounter] = originallength; - conn->incoming_reliablesize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; - conn->incoming_acksize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime; + conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28; + conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET; if (reliable_ack == conn->qw.reliable_sequence) { // received, now we will be able to send another reliable message @@ -1081,15 +1179,17 @@ static int NetConn_ReceivedMessage(netconn_t *conn, unsigned char *data, int len while (count--) { conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS; - conn->incoming_unreliablesize[conn->incoming_packetcounter] = NETGRAPH_LOSTPACKET; - conn->incoming_reliablesize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; - conn->incoming_acksize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime; + conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET; } } conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS; - conn->incoming_unreliablesize[conn->incoming_packetcounter] = originallength; - conn->incoming_reliablesize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; - conn->incoming_acksize[conn->incoming_packetcounter] = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime; + conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28; + conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET; + conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET; conn->nq.unreliableReceiveSequence = sequence + 1; conn->lastMessageTime = realtime; conn->timeout = realtime + newtimeout; @@ -1108,7 +1208,7 @@ static int NetConn_ReceivedMessage(netconn_t *conn, unsigned char *data, int len } else if (flags & NETFLAG_ACK) { - conn->incoming_acksize[conn->incoming_packetcounter] += originallength; + conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes += originallength + 28; if (sequence == (conn->nq.sendSequence - 1)) { if (sequence == conn->nq.ackSequence) @@ -1167,8 +1267,8 @@ static int NetConn_ReceivedMessage(netconn_t *conn, unsigned char *data, int len else if (flags & NETFLAG_DATA) { unsigned int temppacket[2]; - conn->incoming_reliablesize[conn->incoming_packetcounter] += originallength; - conn->outgoing_acksize[conn->outgoing_packetcounter] += 8; + conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes += originallength + 28; + conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes += 8 + 28; temppacket[0] = BigLong(8 | NETFLAG_ACK); temppacket[1] = BigLong(sequence); NetConn_Write(conn->mysocket, (unsigned char *)temppacket, 8, &conn->peeraddress); @@ -1309,7 +1409,18 @@ static void NetConn_ClientParsePacket_ServerList_UpdateCache(int n) serverlist_info_t *info = &entry->info; // update description strings for engine menu and console output dpsnprintf(entry->line1, sizeof(serverlist_cache[n].line1), "^%c%5d^7 ^%c%3u^7/%3u %-65.65s", info->ping >= 300 ? '1' : (info->ping >= 200 ? '3' : '7'), (int)info->ping, ((info->numhumans > 0 && info->numhumans < info->maxplayers) ? (info->numhumans >= 4 ? '7' : '3') : '1'), info->numplayers, info->maxplayers, info->name); - dpsnprintf(entry->line2, sizeof(serverlist_cache[n].line2), "^4%-21.21s %-19.19s ^%c%-17.17s^4 %-20.20s", info->cname, info->game, (info->gameversion != gameversion.integer) ? '1' : '4', info->mod, info->map); + dpsnprintf(entry->line2, sizeof(serverlist_cache[n].line2), "^4%-21.21s %-19.19s ^%c%-17.17s^4 %-20.20s", info->cname, info->game, + ( + info->gameversion != gameversion.integer + && + !( + gameversion_min.integer >= 0 // min/max range set by user/mod? + && gameversion_max.integer >= 0 + && gameversion_min.integer >= info->gameversion // version of server in min/max range? + && gameversion_max.integer <= info->gameversion + ) + ) ? '1' : '4', + info->mod, info->map); if (entry->query == SQS_QUERIED) { if(!serverlist_paused) @@ -1326,7 +1437,7 @@ static void NetConn_ClientParsePacket_ServerList_UpdateCache(int n) } // returns true, if it's sensible to continue the processing -static qboolean NetConn_ClientParsePacket_ServerList_PrepareQuery( int protocol, const char *ipstring ) { +static qboolean NetConn_ClientParsePacket_ServerList_PrepareQuery( int protocol, const char *ipstring, qboolean isfavorite ) { int n; serverlist_entry_t *entry; @@ -1349,6 +1460,8 @@ static qboolean NetConn_ClientParsePacket_ServerList_PrepareQuery( int protocol, entry->protocol = protocol; // store the data the engine cares about (address and ping) strlcpy (entry->info.cname, ipstring, sizeof(entry->info.cname)); + + entry->info.isfavorite = isfavorite; // no, then reset the ping right away entry->info.ping = -1; @@ -1361,6 +1474,79 @@ static qboolean NetConn_ClientParsePacket_ServerList_PrepareQuery( int protocol, return true; } +static void NetConn_ClientParsePacket_ServerList_ParseDPList(lhnetaddress_t *senderaddress, const unsigned char *data, int length, qboolean isextended) +{ + masterreplycount++; + if (serverlist_consoleoutput) + Con_Printf("received DarkPlaces %sserver list...\n", isextended ? "extended " : ""); + while (length >= 7) + { + char ipstring [128]; + + // IPv4 address + if (data[0] == '\\') + { + unsigned short port = data[5] * 256 + data[6]; + + if (port != 0 && (data[1] != 0xFF || data[2] != 0xFF || data[3] != 0xFF || data[4] != 0xFF)) + dpsnprintf (ipstring, sizeof (ipstring), "%u.%u.%u.%u:%hu", data[1], data[2], data[3], data[4], port); + + // move on to next address in packet + data += 7; + length -= 7; + } + // IPv6 address + else if (data[0] == '/' && isextended && length >= 19) + { + unsigned short port = data[17] * 256 + data[18]; + + if (port != 0) + { + const char *ifname; + + /// \TODO: make some basic checks of the IP address (broadcast, ...) + + ifname = LHNETADDRESS_GetInterfaceName(senderaddress); + if (ifname != NULL) + { + dpsnprintf (ipstring, sizeof (ipstring), "[%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x%%%s]:%hu", + data[1], data[2], data[3], data[4], data[5], data[6], data[7], data[8], + data[9], data[10], data[11], data[12], data[13], data[14], data[15], data[16], + ifname, port); + } + else + { + dpsnprintf (ipstring, sizeof (ipstring), "[%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x:%x%02x]:%hu", + data[1], data[2], data[3], data[4], data[5], data[6], data[7], data[8], + data[9], data[10], data[11], data[12], data[13], data[14], data[15], data[16], + port); + } + } + + // move on to next address in packet + data += 19; + length -= 19; + } + else + { + Con_Print("Error while parsing the server list\n"); + break; + } + + if (serverlist_consoleoutput && developer_networking.integer) + Con_Printf("Requesting info from DarkPlaces server %s\n", ipstring); + + if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_DARKPLACES7, ipstring, false ) ) { + break; + } + + } + + // begin or resume serverlist queries + serverlist_querysleep = false; + serverlist_querywaittime = realtime + 3; +} + static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress) { qboolean fromserver; @@ -1392,6 +1578,54 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat Com_HexDumpToConsole(data, length); } + if (length > 10 && !memcmp(string, "challenge ", 10) && cls.rcon_trying) + { + int i, j; + for (j = 0;j < MAX_RCONS;j++) + { + i = (cls.rcon_ringpos + j) % MAX_RCONS; + if(cls.rcon_commands[i][0]) + if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[i])) + break; + } + if (j < MAX_RCONS) + { + char buf[1500]; + char argbuf[1500]; + const char *e; + int n; + dpsnprintf(argbuf, sizeof(argbuf), "%s %s", string + 10, cls.rcon_commands[i]); + memcpy(buf, "\377\377\377\377srcon HMAC-MD4 CHALLENGE ", 29); + + e = strchr(rcon_password.string, ' '); + n = e ? e-rcon_password.string : (int)strlen(rcon_password.string); + + if(HMAC_MDFOUR_16BYTES((unsigned char *) (buf + 29), (unsigned char *) argbuf, strlen(argbuf), (unsigned char *) rcon_password.string, n)) + { + buf[45] = ' '; + strlcpy(buf + 46, argbuf, sizeof(buf) - 46); + NetConn_Write(mysocket, buf, 46 + strlen(buf + 46), peeraddress); + cls.rcon_commands[i][0] = 0; + --cls.rcon_trying; + + for (i = 0;i < MAX_RCONS;i++) + if(cls.rcon_commands[i][0]) + if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[i])) + break; + if(i < MAX_RCONS) + { + NetConn_WriteString(mysocket, "\377\377\377\377getchallenge", peeraddress); + // extend the timeout on other requests as we asked for a challenge + for (i = 0;i < MAX_RCONS;i++) + if(cls.rcon_commands[i][0]) + if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[i])) + cls.rcon_timeout[i] = realtime + rcon_secure_challengetimeout.value; + } + + return true; // we used up the challenge, so we can't use this oen for connecting now anyway + } + } + } if (length > 10 && !memcmp(string, "challenge ", 10) && cls.connect_trying) { // darkplaces or quake3 @@ -1417,7 +1651,7 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat char rejectreason[32]; cls.connect_trying = false; string += 7; - length = max(length - 7, (int)sizeof(rejectreason) - 1); + length = min(length - 7, (int)sizeof(rejectreason) - 1); memcpy(rejectreason, string, length); rejectreason[length] = 0; M_Update_Return_Reason(rejectreason); @@ -1521,26 +1755,15 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat // Extract the IP addresses data += 18; length -= 18; - masterreplycount++; - if (serverlist_consoleoutput) - Con_Print("received DarkPlaces server list...\n"); - while (length >= 7 && data[0] == '\\' && (data[1] != 0xFF || data[2] != 0xFF || data[3] != 0xFF || data[4] != 0xFF) && data[5] * 256 + data[6] != 0) - { - dpsnprintf (ipstring, sizeof (ipstring), "%u.%u.%u.%u:%u", data[1], data[2], data[3], data[4], data[5] * 256 + data[6]); - if (serverlist_consoleoutput && developer_networking.integer) - Con_Printf("Requesting info from DarkPlaces server %s\n", ipstring); - - if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_DARKPLACES7, ipstring ) ) { - break; - } - - // move on to next address in packet - data += 7; - length -= 7; - } - // begin or resume serverlist queries - serverlist_querysleep = false; - serverlist_querywaittime = realtime + 3; + NetConn_ClientParsePacket_ServerList_ParseDPList(peeraddress, data, length, false); + return true; + } + if (!strncmp(string, "getserversExtResponse", 21) && serverlist_cachecount < SERVERLIST_TOTALSIZE) + { + // Extract the IP addresses + data += 21; + length -= 21; + NetConn_ClientParsePacket_ServerList_ParseDPList(peeraddress, data, length, true); return true; } if (!memcmp(string, "d\n", 2) && serverlist_cachecount < SERVERLIST_TOTALSIZE) @@ -1557,7 +1780,7 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat if (serverlist_consoleoutput && developer_networking.integer) Con_Printf("Requesting info from QuakeWorld server %s\n", ipstring); - if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_QUAKEWORLD, ipstring ) ) { + if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_QUAKEWORLD, ipstring, false ) ) { break; } @@ -1572,11 +1795,11 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat } if (!strncmp(string, "extResponse ", 12)) { - ++net_extresponse_count; - if(net_extresponse_count > NET_EXTRESPONSE_MAX) - net_extresponse_count = NET_EXTRESPONSE_MAX; - net_extresponse_last = (net_extresponse_last + 1) % NET_EXTRESPONSE_MAX; - dpsnprintf(net_extresponse[net_extresponse_last], sizeof(net_extresponse[net_extresponse_last]), "'%s' %s", addressstring2, string + 12); + ++cl_net_extresponse_count; + if(cl_net_extresponse_count > NET_EXTRESPONSE_MAX) + cl_net_extresponse_count = NET_EXTRESPONSE_MAX; + cl_net_extresponse_last = (cl_net_extresponse_last + 1) % NET_EXTRESPONSE_MAX; + dpsnprintf(cl_net_extresponse[cl_net_extresponse_last], sizeof(cl_net_extresponse[cl_net_extresponse_last]), "\"%s\" %s", addressstring2, string + 12); return true; } if (!strncmp(string, "ping", 4)) @@ -1727,6 +1950,12 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat NetConn_ClientParsePacket_ServerList_UpdateCache(n); + break; + case CCREP_RCON: // RocketGuy: ProQuake rcon support + if (developer.integer >= 10) + Con_Printf("Datagram_ParseConnectionless: received CCREP_RCON from %s.\n", addressstring2); + + Con_Printf("%s\n", MSG_ReadString()); break; case CCREP_PLAYER_INFO: // we got a CCREP_PLAYER_INFO?? @@ -1762,7 +1991,7 @@ void NetConn_QueryQueueFrame(void) if(!net_slist_pause.integer && serverlist_paused) ServerList_RebuildViewList(); - serverlist_paused = net_slist_pause.integer; + serverlist_paused = net_slist_pause.integer != 0; if (serverlist_querysleep) return; @@ -1907,12 +2136,13 @@ static void NetConn_BuildChallengeString(char *buffer, int bufferlength) buffer[i] = 0; } -// (div0) build the full response only if possible; better a getinfo response than no response at all if getstatus won't fit +/// (div0) build the full response only if possible; better a getinfo response than no response at all if getstatus won't fit static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg, size_t out_size, qboolean fullstatus) { - const char *qcstatus = NULL; + char qcstatus[256]; unsigned int nb_clients = 0, nb_bots = 0, i; int length; + char teambuf[3]; SV_VM_Begin(); @@ -1927,6 +2157,7 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg } } + *qcstatus = 0; if(prog->globaloffsets.worldstatus >= 0) { const char *str = PRVM_G_STRING(prog->globaloffsets.worldstatus); @@ -1934,15 +2165,15 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg { char *p; const char *q; - qcstatus = p = Mem_Alloc(tempmempool, strlen(str) + 1); + p = qcstatus; for(q = str; *q; ++q) - if(*q != '\\') + if(*q != '\\' && *q != '\n') *p++ = *q; *p = 0; } } - // TODO: we should add more information for the full status string + /// \TODO: we should add more information for the full status string length = dpsnprintf(out_msg, out_size, "\377\377\377\377%s\x0A" "\\gamename\\%s\\modname\\%s\\gameversion\\%d\\sv_maxclients\\%d" @@ -1953,16 +2184,10 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg fullstatus ? "statusResponse" : "infoResponse", gamename, com_modname, gameversion.integer, svs.maxclients, nb_clients, nb_bots, sv.name, hostname.string, NET_PROTOCOL_VERSION, - qcstatus ? "\\qcstatus\\" : "", qcstatus ? qcstatus : "", + *qcstatus ? "\\qcstatus\\" : "", qcstatus, challenge ? "\\challenge\\" : "", challenge ? challenge : "", fullstatus ? "\n" : ""); - if(qcstatus) - { - Mem_Free((char *)qcstatus); - qcstatus = NULL; - } - // Make sure it fits in the buffer if (length < 0) goto bad; @@ -2000,6 +2225,7 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg break; } } while (curchar != '\0'); + cleanname[cleanind] = 0; // cleanind is always a valid index even at this point pingvalue = (int)(cl->ping * 1000.0f); if(cl->netconnection) @@ -2007,6 +2233,7 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg else pingvalue = 0; + *qcstatus = 0; if(prog->fieldoffsets.clientstatus >= 0) { const char *str = PRVM_E_STRING(PRVM_EDICT_NUM(i + 1), prog->fieldoffsets.clientstatus); @@ -2014,27 +2241,44 @@ static qboolean NetConn_BuildStatusResponse(const char* challenge, char* out_msg { char *p; const char *q; - qcstatus = p = Mem_Alloc(tempmempool, strlen(str) + 1); - for(q = str; *q; ++q) - if(*q != '\\' && *q != ' ') + p = qcstatus; + for(q = str; *q && p != qcstatus + sizeof(qcstatus) - 1; ++q) + if(*q != '\\' && *q != '"' && !ISWHITESPACE(*q)) *p++ = *q; *p = 0; } } - if(qcstatus) + if ((gamemode == GAME_NEXUIZ) && (teamplay.integer > 0)) { - length = dpsnprintf(ptr, left, "%s %d \"%s\"\n", + if(cl->frags == -666) // spectator + strlcpy(teambuf, " 0", sizeof(teambuf)); + else if(cl->colors == 0x44) // red team + strlcpy(teambuf, " 1", sizeof(teambuf)); + else if(cl->colors == 0xDD) // blue team + strlcpy(teambuf, " 2", sizeof(teambuf)); + else if(cl->colors == 0xCC) // yellow team + strlcpy(teambuf, " 3", sizeof(teambuf)); + else if(cl->colors == 0x99) // pink team + strlcpy(teambuf, " 4", sizeof(teambuf)); + else + strlcpy(teambuf, " 0", sizeof(teambuf)); + } + else + *teambuf = 0; + + // note: team number is inserted according to SoF2 protocol + if(*qcstatus) + length = dpsnprintf(ptr, left, "%s %d%s \"%s\"\n", qcstatus, pingvalue, + teambuf, cleanname); - Mem_Free((char *)qcstatus); - qcstatus = NULL; - } else - length = dpsnprintf(ptr, left, "%d %d \"%s\"\n", + length = dpsnprintf(ptr, left, "%d %d%s \"%s\"\n", cl->frags, pingvalue, + teambuf, cleanname); if(length < 0) @@ -2120,20 +2364,108 @@ void NetConn_ClearConnectFlood(lhnetaddress_t *peeraddress) } } -// returns a string describing the user level, or NULL for auth failure -const char *RCon_Authenticate(const char *password, const char *s, const char *endpos) +typedef qboolean (*rcon_matchfunc_t) (lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen); + +qboolean hmac_mdfour_time_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen) +{ + char mdfourbuf[16]; + long t1, t2; + + t1 = (long) time(NULL); + t2 = strtol(s, NULL, 0); + if(abs(t1 - t2) > rcon_secure_maxdiff.integer) + return false; + + if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, strlen(password))) + return false; + + return !memcmp(mdfourbuf, hash, 16); +} + +qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen) { - const char *text; + char mdfourbuf[16]; + int i; + + if(slen < (int)(sizeof(challenge[0].string)) - 1) + return false; + + // validate the challenge + for (i = 0;i < MAX_CHALLENGES;i++) + if(challenge[i].time > 0) + if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address) && !strncmp(challenge[i].string, s, sizeof(challenge[0].string) - 1)) + break; + // if the challenge is not recognized, drop the packet + if (i == MAX_CHALLENGES) + return false; + + if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, strlen(password))) + return false; + + if(memcmp(mdfourbuf, hash, 16)) + return false; + + // unmark challenge to prevent replay attacks + challenge[i].time = 0; + + return true; +} + +qboolean plaintext_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen) +{ + return !strcmp(password, hash); +} + +/// returns a string describing the user level, or NULL for auth failure +const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *password, const char *s, const char *endpos, rcon_matchfunc_t comparator, const char *cs, int cslen) +{ + const char *text, *userpass_start, *userpass_end, *userpass_startpass; + char buf[MAX_INPUTLINE]; qboolean hasquotes; + qboolean restricted = false; + qboolean have_usernames = false; - if(!strcmp(rcon_password.string, password)) - return "rcon"; + userpass_start = rcon_password.string; + while((userpass_end = strchr(userpass_start, ' '))) + { + have_usernames = true; + strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1)); + if(buf[0]) + if(comparator(peeraddress, buf, password, cs, cslen)) + goto allow; + userpass_start = userpass_end + 1; + } + if(userpass_start[0]) + { + userpass_end = userpass_start + strlen(userpass_start); + if(comparator(peeraddress, userpass_start, password, cs, cslen)) + goto allow; + } + + restricted = true; + have_usernames = false; + userpass_start = rcon_restricted_password.string; + while((userpass_end = strchr(userpass_start, ' '))) + { + have_usernames = true; + strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1)); + if(buf[0]) + if(comparator(peeraddress, buf, password, cs, cslen)) + goto check; + userpass_start = userpass_end + 1; + } + if(userpass_start[0]) + { + userpass_end = userpass_start + strlen(userpass_start); + if(comparator(peeraddress, userpass_start, password, cs, cslen)) + goto check; + } - if(strcmp(rcon_restricted_password.string, password)) - return NULL; + return NULL; // DENIED +check: for(text = s; text != endpos; ++text) - if(*text > 0 && (*text < ' ' || *text == ';')) + if((signed char) *text > 0 && ((signed char) *text < (signed char) ' ' || *text == ';')) return NULL; // block possible exploits against the parser/alias expansion while(s != endpos) @@ -2174,9 +2506,54 @@ match: s += l + 1; } +allow: + userpass_startpass = strchr(userpass_start, ':'); + if(have_usernames && userpass_startpass && userpass_startpass < userpass_end) + return va("%srcon (username %.*s)", restricted ? "restricted " : "", (int)(userpass_startpass-userpass_start), userpass_start); + else + return va("%srcon", restricted ? "restricted " : ""); + return "restricted rcon"; } +void RCon_Execute(lhnetsocket_t *mysocket, lhnetaddress_t *peeraddress, const char *addressstring2, const char *userlevel, const char *s, const char *endpos) +{ + if(userlevel) + { + // looks like a legitimate rcon command with the correct password + const char *s_ptr = s; + Con_Printf("server received %s command from %s: ", userlevel, host_client ? host_client->name : addressstring2); + while(s_ptr != endpos) + { + size_t l = strlen(s_ptr); + if(l) + Con_Printf(" %s;", s_ptr); + s_ptr += l + 1; + } + Con_Printf("\n"); + + if (!host_client || !host_client->netconnection || LHNETADDRESS_GetAddressType(&host_client->netconnection->peeraddress) != LHNETADDRESSTYPE_LOOP) + Con_Rcon_Redirect_Init(mysocket, peeraddress); + while(s != endpos) + { + size_t l = strlen(s); + if(l) + { + client_t *host_client_save = host_client; + Cmd_ExecuteString(s, src_command); + host_client = host_client_save; + // in case it is a command that changes host_client (like restart) + } + s += l + 1; + } + Con_Rcon_Redirect_End(); + } + else + { + Con_Printf("server denied rcon access to %s\n", host_client ? host_client->name : addressstring2); + } +} + extern void SV_SendServerinfo (client_t *client); static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress) { @@ -2222,8 +2599,9 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat { for (i = 0, best = 0, besttime = realtime;i < MAX_CHALLENGES;i++) { - if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address)) - break; + if(challenge[i].time > 0) + if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address)) + break; if (besttime > challenge[i].time) besttime = challenge[best = i].time; } @@ -2249,14 +2627,15 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat return true; // validate the challenge for (i = 0;i < MAX_CHALLENGES;i++) - if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address) && !strcmp(challenge[i].string, s)) - break; + if(challenge[i].time > 0) + if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address) && !strcmp(challenge[i].string, s)) + break; // if the challenge is not recognized, drop the packet if (i == MAX_CHALLENGES) return true; // check engine protocol - if (strcmp(SearchInfostring(string, "protocol"), "darkplaces 3")) + if(!(s = SearchInfostring(string, "protocol")) || strcmp(s, "darkplaces 3")) { if (developer.integer >= 10) Con_Printf("Datagram_ParseConnectionless: sending \"reject Wrong game protocol.\" to %s.\n", addressstring2); @@ -2355,77 +2734,72 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat } return true; } + if (length >= 37 && !memcmp(string, "srcon HMAC-MD4 TIME ", 20)) + { + char *password = string + 20; + char *timeval = string + 37; + char *s = strchr(timeval, ' '); + char *endpos = string + length + 1; // one behind the NUL, so adding strlen+1 will eventually reach it + const char *userlevel; + + if(rcon_secure.integer > 1) + return true; + + if(!s) + return true; // invalid packet + ++s; + + userlevel = RCon_Authenticate(peeraddress, password, s, endpos, hmac_mdfour_time_matching, timeval, endpos - timeval - 1); // not including the appended \0 into the HMAC + RCon_Execute(mysocket, peeraddress, addressstring2, userlevel, s, endpos); + return true; + } + if (length >= 42 && !memcmp(string, "srcon HMAC-MD4 CHALLENGE ", 25)) + { + char *password = string + 25; + char *challenge = string + 42; + char *s = strchr(challenge, ' '); + char *endpos = string + length + 1; // one behind the NUL, so adding strlen+1 will eventually reach it + const char *userlevel; + if(!s) + return true; // invalid packet + ++s; + + userlevel = RCon_Authenticate(peeraddress, password, s, endpos, hmac_mdfour_challenge_matching, challenge, endpos - challenge - 1); // not including the appended \0 into the HMAC + RCon_Execute(mysocket, peeraddress, addressstring2, userlevel, s, endpos); + return true; + } if (length >= 5 && !memcmp(string, "rcon ", 5)) { int i; char *s = string + 5; char *endpos = string + length + 1; // one behind the NUL, so adding strlen+1 will eventually reach it char password[64]; - for (i = 0;*s > ' ';s++) + + if(rcon_secure.integer > 0) + return true; + + for (i = 0;!ISWHITESPACE(*s);s++) if (i < (int)sizeof(password) - 1) password[i++] = *s; - if(*s <= ' ' && s != endpos) // skip leading ugly space + if(ISWHITESPACE(*s) && s != endpos) // skip leading ugly space ++s; password[i] = 0; - if (password[0] > ' ') + if (!ISWHITESPACE(password[0])) { - const char *userlevel = RCon_Authenticate(password, s, endpos); - if(userlevel) - { - // looks like a legitimate rcon command with the correct password - char *s_ptr = s; - Con_Printf("server received %s command from %s: ", userlevel, host_client ? host_client->name : addressstring2); - while(s_ptr != endpos) - { - size_t l = strlen(s_ptr); - if(l) - Con_Printf(" %s;", s_ptr); - s_ptr += l + 1; - } - Con_Printf("\n"); - rcon_redirect = true; - rcon_redirect_bufferpos = 0; - while(s != endpos) - { - size_t l = strlen(s); - if(l) - { - client_t *host_client_save = host_client; - Cmd_ExecuteString(s, src_command); - host_client = host_client_save; - // in case it is a command that changes host_client (like restart) - } - s += l + 1; - } - rcon_redirect_buffer[rcon_redirect_bufferpos] = 0; - rcon_redirect = false; - // print resulting text to client - // if client is playing, send a reliable reply instead of - // a command packet - if (host_client) - { - // if the netconnection is loop, then this is the - // local player on a listen mode server, and it would - // result in duplicate printing to the console - // (not that the local player should be using rcon - // when they have the console) - if (host_client->netconnection && LHNETADDRESS_GetAddressType(&host_client->netconnection->peeraddress) != LHNETADDRESSTYPE_LOOP) - SV_ClientPrintf("%s", rcon_redirect_buffer); - } - else - { - // qw print command - dpsnprintf(response, sizeof(response), "\377\377\377\377n%s", rcon_redirect_buffer); - NetConn_WriteString(mysocket, response, peeraddress); - } - } - else - { - Con_Printf("server denied rcon access to %s\n", host_client ? host_client->name : addressstring2); - } + const char *userlevel = RCon_Authenticate(peeraddress, password, s, endpos, plaintext_matching, NULL, 0); + RCon_Execute(mysocket, peeraddress, addressstring2, userlevel, s, endpos); } return true; } + if (!strncmp(string, "extResponse ", 12)) + { + ++sv_net_extresponse_count; + if(sv_net_extresponse_count > NET_EXTRESPONSE_MAX) + sv_net_extresponse_count = NET_EXTRESPONSE_MAX; + sv_net_extresponse_last = (sv_net_extresponse_last + 1) % NET_EXTRESPONSE_MAX; + dpsnprintf(sv_net_extresponse[sv_net_extresponse_last], sizeof(sv_net_extresponse[sv_net_extresponse_last]), "'%s' %s", addressstring2, string + 12); + return true; + } if (!strncmp(string, "ping", 4)) { if (developer.integer >= 10) @@ -2699,7 +3073,7 @@ void NetConn_SleepMicroseconds(int microseconds) void NetConn_QueryMasters(qboolean querydp, qboolean queryqw) { - int i; + int i, j; int masternum; lhnetaddress_t masteraddress; lhnetaddress_t broadcastaddress; @@ -2719,32 +3093,58 @@ void NetConn_QueryMasters(qboolean querydp, qboolean queryqw) { if (cl_sockets[i]) { - // search LAN for Quake servers - SZ_Clear(&net_message); - // save space for the header, filled in later - MSG_WriteLong(&net_message, 0); - MSG_WriteByte(&net_message, CCREQ_SERVER_INFO); - MSG_WriteString(&net_message, "QUAKE"); - MSG_WriteByte(&net_message, NET_PROTOCOL_VERSION); - *((int *)net_message.data) = BigLong(NETFLAG_CTL | (net_message.cursize & NETFLAG_LENGTH_MASK)); - NetConn_Write(cl_sockets[i], net_message.data, net_message.cursize, &broadcastaddress); - SZ_Clear(&net_message); + const char *cmdname, *extraoptions; + int af = LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(cl_sockets[i])); - // search LAN for DarkPlaces servers - NetConn_WriteString(cl_sockets[i], "\377\377\377\377getstatus", &broadcastaddress); + if(LHNETADDRESS_GetAddressType(&broadcastaddress) == af) + { + // search LAN for Quake servers + SZ_Clear(&net_message); + // save space for the header, filled in later + MSG_WriteLong(&net_message, 0); + MSG_WriteByte(&net_message, CCREQ_SERVER_INFO); + MSG_WriteString(&net_message, "QUAKE"); + MSG_WriteByte(&net_message, NET_PROTOCOL_VERSION); + *((int *)net_message.data) = BigLong(NETFLAG_CTL | (net_message.cursize & NETFLAG_LENGTH_MASK)); + NetConn_Write(cl_sockets[i], net_message.data, net_message.cursize, &broadcastaddress); + SZ_Clear(&net_message); + + // search LAN for DarkPlaces servers + NetConn_WriteString(cl_sockets[i], "\377\377\377\377getstatus", &broadcastaddress); + } // build the getservers message to send to the dpmaster master servers - dpsnprintf(request, sizeof(request), "\377\377\377\377getservers %s %u empty full\x0A", gamename, NET_PROTOCOL_VERSION); + if (LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(cl_sockets[i])) == LHNETADDRESSTYPE_INET6) + { + cmdname = "getserversExt"; + extraoptions = " ipv4 ipv6"; // ask for IPv4 and IPv6 servers + } + else + { + cmdname = "getservers"; + extraoptions = ""; + } + dpsnprintf(request, sizeof(request), "\377\377\377\377%s %s %u empty full%s", cmdname, gamename, NET_PROTOCOL_VERSION, extraoptions); // search internet for (masternum = 0;sv_masters[masternum].name;masternum++) { - if (sv_masters[masternum].string && sv_masters[masternum].string[0] && LHNETADDRESS_FromString(&masteraddress, sv_masters[masternum].string, DPMASTER_PORT) && LHNETADDRESS_GetAddressType(&masteraddress) == LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(cl_sockets[i]))) + if (sv_masters[masternum].string && sv_masters[masternum].string[0] && LHNETADDRESS_FromString(&masteraddress, sv_masters[masternum].string, DPMASTER_PORT) && LHNETADDRESS_GetAddressType(&masteraddress) == af) { masterquerycount++; NetConn_WriteString(cl_sockets[i], request, &masteraddress); } } + + // search favorite servers + for(j = 0; j < nFavorites; ++j) + { + if(LHNETADDRESS_GetAddressType(&favorites[j]) == af) + { + if(LHNETADDRESS_ToString(&favorites[j], request, sizeof(request), true)) + NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_DARKPLACES7, request, true ); + } + } } } } @@ -2756,12 +3156,17 @@ void NetConn_QueryMasters(qboolean querydp, qboolean queryqw) { if (cl_sockets[i]) { - // search LAN for QuakeWorld servers - NetConn_WriteString(cl_sockets[i], "\377\377\377\377status\n", &broadcastaddress); + int af = LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(cl_sockets[i])); + + if(LHNETADDRESS_GetAddressType(&broadcastaddress) == af) + { + // search LAN for QuakeWorld servers + NetConn_WriteString(cl_sockets[i], "\377\377\377\377status\n", &broadcastaddress); - // build the getservers message to send to the qwmaster master servers - // note this has no -1 prefix, and the trailing nul byte is sent - dpsnprintf(request, sizeof(request), "c\n"); + // build the getservers message to send to the qwmaster master servers + // note this has no -1 prefix, and the trailing nul byte is sent + dpsnprintf(request, sizeof(request), "c\n"); + } // search internet for (masternum = 0;sv_qwmasters[masternum].name;masternum++) @@ -2778,6 +3183,19 @@ void NetConn_QueryMasters(qboolean querydp, qboolean queryqw) NetConn_Write(cl_sockets[i], request, (int)strlen(request) + 1, &masteraddress); } } + + // search favorite servers + for(j = 0; j < nFavorites; ++j) + { + if(LHNETADDRESS_GetAddressType(&favorites[j]) == af) + { + if(LHNETADDRESS_ToString(&favorites[j], request, sizeof(request), true)) + { + NetConn_WriteString(cl_sockets[i], "\377\377\377\377status\n", &favorites[j]); + NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_QUAKEWORLD, request, true ); + } + } + } } } } @@ -2866,7 +3284,7 @@ void Net_Slist_f(void) { ServerList_ResetMasks(); serverlist_sortbyfield = SLIF_PING; - serverlist_sortdescending = false; + serverlist_sortflags = 0; if (m_state != m_slist) { Con_Print("Sending requests to master servers\n"); ServerList_QueryList(true, true, false, true); @@ -2879,7 +3297,7 @@ void Net_SlistQW_f(void) { ServerList_ResetMasks(); serverlist_sortbyfield = SLIF_PING; - serverlist_sortdescending = false; + serverlist_sortflags = 0; if (m_state != m_slist) { Con_Print("Sending requests to master servers\n"); ServerList_QueryList(true, false, true, true); @@ -2901,10 +3319,12 @@ void NetConn_Init(void) Cmd_AddCommand("heartbeat", Net_Heartbeat_f, "send a heartbeat to the master server (updates your server information)"); Cvar_RegisterVariable(&rcon_restricted_password); Cvar_RegisterVariable(&rcon_restricted_commands); + Cvar_RegisterVariable(&rcon_secure_maxdiff); Cvar_RegisterVariable(&net_slist_queriespersecond); Cvar_RegisterVariable(&net_slist_queriesperframe); Cvar_RegisterVariable(&net_slist_timeout); Cvar_RegisterVariable(&net_slist_maxtries); + Cvar_RegisterVariable(&net_slist_favorites); Cvar_RegisterVariable(&net_slist_pause); Cvar_RegisterVariable(&net_messagetimeout); Cvar_RegisterVariable(&net_connecttimeout); @@ -2917,12 +3337,14 @@ void NetConn_Init(void) Cvar_RegisterVariable(&cl_netport); Cvar_RegisterVariable(&sv_netport); Cvar_RegisterVariable(&net_address); - //Cvar_RegisterVariable(&net_address_ipv6); + Cvar_RegisterVariable(&net_address_ipv6); Cvar_RegisterVariable(&sv_public); Cvar_RegisterVariable(&sv_heartbeatperiod); for (i = 0;sv_masters[i].name;i++) Cvar_RegisterVariable(&sv_masters[i]); Cvar_RegisterVariable(&gameversion); + Cvar_RegisterVariable(&gameversion_min); + Cvar_RegisterVariable(&gameversion_max); // COMMANDLINEOPTION: Server: -ip sets the ip address of this machine for purposes of networking (default 0.0.0.0 also known as INADDR_ANY), use only if you have multiple network adapters and need to choose one specifically. if ((i = COM_CheckParm("-ip")) && i + 1 < com_argc) {