diff options
author | oy <Tom_Adams@web.de> | 2018-09-16 15:58:53 +0200 |
---|---|---|
committer | oy <Tom_Adams@web.de> | 2018-09-16 15:58:53 +0200 |
commit | 4c00063b2fd9c25998f3d308723e1ae65c20548d (patch) | |
tree | a9a751dae3e074865ed112da0d51be02ba8350f0 | |
parent | 73216445c3446e76854a9409f175b34f37761108 (diff) |
added a simple challenge response mechanism for connecting clients
-rw-r--r-- | src/engine/server/server.cpp | 42 | ||||
-rw-r--r-- | src/engine/server/server.h | 9 | ||||
-rw-r--r-- | src/engine/shared/config_variables.h | 1 |
3 files changed, 51 insertions, 1 deletions
diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp index 6c459257f..8b3d9d53a 100644 --- a/src/engine/server/server.cpp +++ b/src/engine/server/server.cpp @@ -268,6 +268,16 @@ void CServer::CClient::Reset() m_Score = 0; } +bool CServer::CClient::CRCheck() +{ + if(m_CRSuccess || (m_CRCounter == m_CRCheckVal)) + { + m_CRSuccess = true; + return true; + } + return false; +} + CServer::CServer() : m_DemoRecorder(&m_SnapshotDelta) { m_TickSpeed = SERVER_TICK_SPEED; @@ -690,6 +700,9 @@ int CServer::NewClientCallback(int ClientID, void *pUser) { CServer *pThis = (CServer *)pUser; pThis->m_aClients[ClientID].m_State = CClient::STATE_AUTH; + pThis->m_aClients[ClientID].m_CRCounter = 0; + pThis->m_aClients[ClientID].m_CRCheckVal = rand()%CClient::CR_MAXVAL; + pThis->m_aClients[ClientID].m_CRSuccess = false; pThis->m_aClients[ClientID].m_aName[0] = 0; pThis->m_aClients[ClientID].m_aClan[0] = 0; pThis->m_aClients[ClientID].m_Country = -1; @@ -796,6 +809,17 @@ void CServer::UpdateClientRconCommands() } } +void CServer::CRAuthentification(int ClientID) +{ + if((g_Config.m_SvCRFailBantime >= 0) && (!m_aClients[ClientID].CRCheck())) + { + if(g_Config.m_SvCRFailBantime == 0) + m_NetServer.Drop(ClientID, "Failed challenge response"); + else + m_ServerBan.BanAddr(m_NetServer.ClientAddr(ClientID), g_Config.m_SvCRFailBantime * 60, "Failed challenge response"); + } +} + void CServer::ProcessClientPacket(CNetChunk *pPacket) { int ClientID = pPacket->m_ClientID; @@ -836,6 +860,14 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket) } m_aClients[ClientID].m_State = CClient::STATE_CONNECTING; + + // send challenge response (via ping requests) + for (int i = 0; i < m_aClients[ClientID].m_CRCheckVal; ++i) + { + CMsgPacker CRMsg(NETMSG_PING); + SendMsgEx(&CRMsg, 0, ClientID, true); + } + SendMap(ClientID); } } @@ -844,6 +876,9 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket) if((pPacket->m_Flags&NET_CHUNKFLAG_VITAL) == 0 || m_aClients[ClientID].m_State < CClient::STATE_CONNECTING) return; + // check challenge response + CRAuthentification(ClientID); + int Chunk = Unpacker.GetInt(); unsigned int ChunkSize = 1024-128; unsigned int Offset = Chunk * ChunkSize; @@ -880,6 +915,9 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket) { if((pPacket->m_Flags&NET_CHUNKFLAG_VITAL) != 0 && m_aClients[ClientID].m_State == CClient::STATE_CONNECTING) { + // check challenge response + CRAuthentification(ClientID); + char aAddrStr[NETADDR_MAXSTRSIZE]; net_addr_str(m_NetServer.ClientAddr(ClientID), aAddrStr, sizeof(aAddrStr), true); @@ -1044,6 +1082,10 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket) CMsgPacker Msg(NETMSG_PING_REPLY); SendMsgEx(&Msg, 0, ClientID, true); } + else if(Msg == NETMSG_PING_REPLY) + { + m_aClients[ClientID].m_CRCounter++; + } else { if(g_Config.m_Debug) diff --git a/src/engine/server/server.h b/src/engine/server/server.h index c3c1794dc..0bddf1def 100644 --- a/src/engine/server/server.h +++ b/src/engine/server/server.h @@ -92,7 +92,9 @@ public: SNAPRATE_INIT=0, SNAPRATE_FULL, - SNAPRATE_RECOVER + SNAPRATE_RECOVER, + + CR_MAXVAL=128, }; class CInput @@ -104,6 +106,9 @@ public: // connection state info int m_State; + int m_CRCounter; + int m_CRCheckVal; + int m_CRSuccess; int m_Latency; int m_SnapRate; @@ -125,6 +130,7 @@ public: const IConsole::CCommandInfo *m_pRconCmdToSend; void Reset(); + bool CRCheck(); }; CClient m_aClients[MAX_CLIENTS]; @@ -204,6 +210,7 @@ public: void SendRconCmdAdd(const IConsole::CCommandInfo *pCommandInfo, int ClientID); void SendRconCmdRem(const IConsole::CCommandInfo *pCommandInfo, int ClientID); void UpdateClientRconCommands(); + void CRAuthentification(int ClientID); void ProcessClientPacket(CNetChunk *pPacket); diff --git a/src/engine/shared/config_variables.h b/src/engine/shared/config_variables.h index 025a9cf38..ed20d42d3 100644 --- a/src/engine/shared/config_variables.h +++ b/src/engine/shared/config_variables.h @@ -91,6 +91,7 @@ MACRO_CONFIG_STR(SvRconPassword, sv_rcon_password, 32, "", CFGFLAG_SERVER, "Remo MACRO_CONFIG_STR(SvRconModPassword, sv_rcon_mod_password, 32, "", CFGFLAG_SERVER, "Remote console password for moderators (limited access)") MACRO_CONFIG_INT(SvRconMaxTries, sv_rcon_max_tries, 3, 0, 100, CFGFLAG_SERVER, "Maximum number of tries for remote console authentication") MACRO_CONFIG_INT(SvRconBantime, sv_rcon_bantime, 5, 0, 1440, CFGFLAG_SERVER, "The time a client gets banned if remote console authentication fails. 0 makes it just use kick") +MACRO_CONFIG_INT(SvCRFailBantime, sv_crfail_bantime, 3, -1, 1440, CFGFLAG_SERVER, "The time a client gets banned if challenge response authentification fails. 0 makes it just use kick. -1 disables it") MACRO_CONFIG_INT(SvAutoDemoRecord, sv_auto_demo_record, 0, 0, 1, CFGFLAG_SERVER, "Automatically record demos") MACRO_CONFIG_INT(SvAutoDemoMax, sv_auto_demo_max, 10, 0, 1000, CFGFLAG_SERVER, "Maximum number of automatically recorded demos (0 = no limit)") |