server AUTHORIZE_SUPPORT code removal refs #31

src/server/server.h

@@ -235,16 +235,14 @@ typedef struct client_s
 // while not allowing a single ip to grab all challenge resources
 #define MAX_CHALLENGES_MULTI (MAX_CHALLENGES / 2)
 
-#define AUTHORIZE_TIMEOUT   5000
-
 typedef struct
 {
 	netadr_t adr;
 	int challenge;
 	int clientChallenge;            // challenge number coming from the client
 	int time;                       // time the last packet was sent to the autherize server
 	int pingTime;                   // time the challenge response was sent to client
-	int firstTime;                  // time the adr was first used, for authorize timeout checks
+	int firstTime;                  // time the adr was first used
 	int firstPing;                  // Used for min and max ping checks
 	qboolean wasrefused;
 	qboolean connected;
@@ -295,10 +293,6 @@ typedef struct
 	netadr_t redirectAddress;               // for rcon return messages
 	tempBan_t tempBanAddresses[MAX_TEMPBAN_ADDRESSES];
 
-#ifdef AUTHORIZE_SUPPORT
-	netadr_t authorizeAddress;
-#endif // AUTHORIZE_SUPPORT
-
 	int sampleTimes[SERVER_PERFORMANCECOUNTER_SAMPLES];
 	int currentSampleIndex;
 	int totalFrameTime;
@@ -418,8 +412,6 @@ void SV_GetChallenge(netadr_t from);
 
 void SV_DirectConnect(netadr_t from);
 
-void SV_AuthorizeIpPacket(netadr_t from);
-
 void SV_ExecuteClientMessage(client_t *cl, msg_t *msg);
 void SV_UserinfoChanged(client_t *cl);
 void SV_UpdateUserinfo_f(client_t *cl);

src/server/sv_ccmds.c

@@ -634,134 +634,6 @@ void    SV_LoadGame_f(void)
 
 //===============================================================
 
-#ifdef AUTHORIZE_SUPPORT
-/*
-==================
-SV_Ban_f
-
-Ban a user from being able to play on this server through the auth
-server
-==================
-*/
-static void SV_Ban_f(void)
-{
-	client_t *cl;
-
-	// make sure server is running
-	if (!com_sv_running->integer)
-	{
-		Com_Printf("Server is not running.\n");
-		return;
-	}
-
-	if (Cmd_Argc() != 2)
-	{
-		Com_Printf("Usage: banUser <player name>\n");
-		return;
-	}
-
-	cl = SV_GetPlayerByName();
-
-	if (!cl)
-	{
-		return;
-	}
-
-	if (cl->netchan.remoteAddress.type == NA_LOOPBACK)
-	{
-		SV_SendServerCommand(NULL, "print \"%s\"", "Cannot kick host player\n");
-		return;
-	}
-
-	// look up the authorize server's IP
-	if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD)
-	{
-		Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME);
-		if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress))
-		{
-			Com_Printf("Couldn't resolve address\n");
-			return;
-		}
-		svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE);
-		Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME,
-		           svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1],
-		           svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3],
-		           BigShort(svs.authorizeAddress.port));
-	}
-
-	// otherwise send their ip to the authorize server
-	if (svs.authorizeAddress.type != NA_BAD)
-	{
-		NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress,
-		                   "banUser %i.%i.%i.%i", cl->netchan.remoteAddress.ip[0], cl->netchan.remoteAddress.ip[1],
-		                   cl->netchan.remoteAddress.ip[2], cl->netchan.remoteAddress.ip[3]);
-		Com_Printf("%s was banned from coming back\n", rc(cl->name));
-	}
-}
-
-/*
-==================
-SV_BanNum_f
-
-Ban a user from being able to play on this server through the auth
-server
-==================
-*/
-static void SV_BanNum_f(void)
-{
-	client_t *cl;
-
-	// make sure server is running
-	if (!com_sv_running->integer)
-	{
-		Com_Printf("Server is not running.\n");
-		return;
-	}
-
-	if (Cmd_Argc() != 2)
-	{
-		Com_Printf("Usage: banClient <client number>\n");
-		return;
-	}
-
-	cl = SV_GetPlayerByNum();
-	if (!cl)
-	{
-		return;
-	}
-	if (cl->netchan.remoteAddress.type == NA_LOOPBACK)
-	{
-		SV_SendServerCommand(NULL, "print \"%s\"", "Cannot kick host player\n");
-		return;
-	}
-
-	// look up the authorize server's IP
-	if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD)
-	{
-		Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME);
-		if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress))
-		{
-			Com_Printf("Couldn't resolve address\n");
-			return;
-		}
-		svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE);
-		Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME,
-		           svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1],
-		           svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3],
-		           BigShort(svs.authorizeAddress.port));
-	}
-
-	// otherwise send their ip to the authorize server
-	if (svs.authorizeAddress.type != NA_BAD)
-	{
-		NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress,
-		                   "banUser %i.%i.%i.%i", cl->netchan.remoteAddress.ip[0], cl->netchan.remoteAddress.ip[1],
-		                   cl->netchan.remoteAddress.ip[2], cl->netchan.remoteAddress.ip[3]);
-		Com_Printf("%s was banned from coming back\n", rc(cl->name));
-	}
-}
-#endif // AUTHORIZE_SUPPORT
-
 /*
 ==================
 ==================
@@ -1051,11 +923,6 @@ void SV_AddOperatorCommands(void)
 	initialized = qtrue;
 
 	Cmd_AddCommand("heartbeat", SV_Heartbeat_f);
-#ifdef AUTHORIZE_SUPPORT
-	// Arnout: banning requires auth server
-	Cmd_AddCommand("banUser", SV_Ban_f);
-	Cmd_AddCommand("banClient", SV_BanNum_f);
-#endif // AUTHORIZE_SUPPORT
 	Cmd_AddCommand("status", SV_Status_f);
 	Cmd_AddCommand("serverinfo", SV_Serverinfo_f);
 	Cmd_AddCommand("systeminfo", SV_Systeminfo_f);

src/server/sv_client.c

@@ -47,11 +47,6 @@ We do this to prevent denial of service attacks that
 flood the server with invalid connection IPs.  With a
 challenge, they must give a valid IP address.
 
-If we are authorizing, a challenge request will cause a packet
-to be sent to the authorize server.
-
-When an authorizeip is returned, a challenge response will be
-sent to that ip.
 =================
 */
 void SV_GetChallenge(netadr_t from)
@@ -99,178 +94,20 @@ void SV_GetChallenge(netadr_t from)
 		i                    = oldest;
 	}
 
-#if !defined(AUTHORIZE_SUPPORT)
-	// FIXME: deal with restricted filesystem
-	if (1)
-	{
-#else
-	// if they are on a lan address, send the challengeResponse immediately
-	if (Sys_IsLANAddress(from))
-	{
-#endif
-		challenge->pingTime = svs.time;
-		if (sv_onlyVisibleClients->integer)
-		{
-			NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer);
-		}
-		else
-		{
-			NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i", challenge->challenge);
-		}
-		return;
-	}
-
-#ifdef AUTHORIZE_SUPPORT
-	// look up the authorize server's IP
-	if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD)
-	{
-		Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME);
-		if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress))
-		{
-			Com_Printf("Couldn't resolve address\n");
-			return;
-		}
-		svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE);
-		Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME,
-		           svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1],
-		           svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3],
-		           BigShort(svs.authorizeAddress.port));
-	}
-
-	// if they have been challenging for a long time and we
-	// haven't heard anything from the authoirze server, go ahead and
-	// let them in, assuming the id server is down
-	if (svs.time - challenge->firstTime > AUTHORIZE_TIMEOUT)
-	{
-		Com_DPrintf("authorize server timed out\n");
-
-		challenge->pingTime = svs.time;
-		if (sv_onlyVisibleClients->integer)
-		{
-			NET_OutOfBandPrint(NS_SERVER, challenge->adr,
-			                   "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer);
-		}
-		else
-		{
-			NET_OutOfBandPrint(NS_SERVER, challenge->adr,
-			                   "challengeResponse %i", challenge->challenge);
-		}
-
-		return;
-	}
-
-	// otherwise send their ip to the authorize server
-	if (svs.authorizeAddress.type != NA_BAD)
-	{
-		cvar_t *fs;
-		char   game[1024];
-
-		game[0] = 0;
-		fs      = Cvar_Get("fs_game", "", CVAR_INIT | CVAR_SYSTEMINFO);
-		if (fs && fs->string[0] != 0)
-		{
-			strcpy(game, fs->string);
-		}
-		Com_DPrintf("sending getIpAuthorize for %s\n", NET_AdrToString(from));
-		fs = Cvar_Get("sv_allowAnonymous", "0", CVAR_SERVERINFO);
-
-		// NERVE - SMF - fixed parsing on sv_allowAnonymous
-		NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress,
-		                   "getIpAuthorize %i %i.%i.%i.%i %s %i", svs.challenges[i].challenge,
-		                   from.ip[0], from.ip[1], from.ip[2], from.ip[3], game, fs->integer);
-	}
-#endif // AUTHORIZE_SUPPORT
-}
-
-#ifdef AUTHORIZE_SUPPORT
-/*
-====================
-SV_AuthorizeIpPacket
-
-A packet has been returned from the authorize server.
-If we have a challenge adr for that ip, send the
-challengeResponse to it
-====================
-*/
-void SV_AuthorizeIpPacket(netadr_t from)
-{
-	int  challenge;
-	int  i;
-	char *s;
-	char *r;
-	char ret[1024];
-
-	if (!NET_CompareBaseAdr(from, svs.authorizeAddress))
-	{
-		Com_Printf("SV_AuthorizeIpPacket: not from authorize server\n");
-		return;
-	}
-
-	challenge = atoi(Cmd_Argv(1));
-
-	for (i = 0 ; i < MAX_CHALLENGES ; i++)
-	{
-		if (svs.challenges[i].challenge == challenge)
-		{
-			break;
-		}
-	}
-	if (i == MAX_CHALLENGES)
-	{
-		Com_Printf("SV_AuthorizeIpPacket: challenge not found\n");
-		return;
-	}
-
-	// send a packet back to the original client
-	svs.challenges[i].pingTime = svs.time;
-	s                          = Cmd_Argv(2);
-	r                          = Cmd_Argv(3); // reason
-
-	if (!Q_stricmp(s, "accept"))
-	{
-		if (sv_onlyVisibleClients->integer)
-		{
-			NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr,
-			                   "challengeResponse %i %i", svs.challenges[i].challenge, sv_onlyVisibleClients->integer);
-		}
-		else
-		{
-			NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr,
-			                   "challengeResponse %i", svs.challenges[i].challenge);
-		}
-		return;
-	}
-	if (!Q_stricmp(s, "unknown"))
-	{
-		if (!r)
-		{
-			NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n");
-		}
-		else
-		{
-			sprintf(ret, "print\n%s\n", r);
-			NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, ret);
-		}
-		// clear the challenge record so it won't timeout and let them through
-		memset(&svs.challenges[i], 0, sizeof(svs.challenges[i]));
-		return;
-	}
+	// FIXME: deal with restricted filesystem - done with sv_pure check ?
 
-	// authorization failed
-	if (!r)
+	challenge->pingTime = svs.time;
+	if (sv_onlyVisibleClients->integer)
 	{
-		NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n");
+		NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer);
 	}
 	else
 	{
-		sprintf(ret, "print\n%s\n", r);
-		NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, ret);
+		NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i", challenge->challenge);
 	}
 
-	// clear the challenge record so it won't timeout and let them through
-	memset(&svs.challenges[i], 0, sizeof(svs.challenges[i]));
+	return;
 }
-#endif // AUTHORIZE_SUPPORT
 
 /*
 ==================

src/server/sv_main.c

@@ -1004,12 +1004,6 @@ static void SV_ConnectionlessPacket(netadr_t from, msg_t *msg)
 	else if (!Q_stricmp(c, "connect"))
 	{
 		SV_DirectConnect(from);
-#ifdef AUTHORIZE_SUPPORT
-	}
-	else if (!Q_stricmp(c, "ipAuthorize"))
-	{
-		SV_AuthorizeIpPacket(from);
-#endif // AUTHORIZE_SUPPORT
 	}
 	else if (!Q_stricmp(c, "rcon"))
 	{