diff --git a/src/server/server.h b/src/server/server.h index 128d466a6..77f81685b 100644 --- a/src/server/server.h +++ b/src/server/server.h @@ -235,8 +235,6 @@ typedef struct client_s // while not allowing a single ip to grab all challenge resources #define MAX_CHALLENGES_MULTI (MAX_CHALLENGES / 2) -#define AUTHORIZE_TIMEOUT 5000 - typedef struct { netadr_t adr; @@ -244,7 +242,7 @@ typedef struct int clientChallenge; // challenge number coming from the client int time; // time the last packet was sent to the autherize server int pingTime; // time the challenge response was sent to client - int firstTime; // time the adr was first used, for authorize timeout checks + int firstTime; // time the adr was first used int firstPing; // Used for min and max ping checks qboolean wasrefused; qboolean connected; @@ -295,10 +293,6 @@ typedef struct netadr_t redirectAddress; // for rcon return messages tempBan_t tempBanAddresses[MAX_TEMPBAN_ADDRESSES]; -#ifdef AUTHORIZE_SUPPORT - netadr_t authorizeAddress; -#endif // AUTHORIZE_SUPPORT - int sampleTimes[SERVER_PERFORMANCECOUNTER_SAMPLES]; int currentSampleIndex; int totalFrameTime; @@ -418,8 +412,6 @@ void SV_GetChallenge(netadr_t from); void SV_DirectConnect(netadr_t from); -void SV_AuthorizeIpPacket(netadr_t from); - void SV_ExecuteClientMessage(client_t *cl, msg_t *msg); void SV_UserinfoChanged(client_t *cl); void SV_UpdateUserinfo_f(client_t *cl); diff --git a/src/server/sv_ccmds.c b/src/server/sv_ccmds.c index 3bd08c85e..41a8c591e 100644 --- a/src/server/sv_ccmds.c +++ b/src/server/sv_ccmds.c @@ -634,134 +634,6 @@ void SV_LoadGame_f(void) //=============================================================== -#ifdef AUTHORIZE_SUPPORT -/* -================== -SV_Ban_f - -Ban a user from being able to play on this server through the auth -server -================== -*/ -static void SV_Ban_f(void) -{ - client_t *cl; - - // make sure server is running - if (!com_sv_running->integer) - { - Com_Printf("Server is not running.\n"); - return; - } - - if (Cmd_Argc() != 2) - { - Com_Printf("Usage: banUser \n"); - return; - } - - cl = SV_GetPlayerByName(); - - if (!cl) - { - return; - } - - if (cl->netchan.remoteAddress.type == NA_LOOPBACK) - { - SV_SendServerCommand(NULL, "print \"%s\"", "Cannot kick host player\n"); - return; - } - - // look up the authorize server's IP - if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD) - { - Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME); - if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress)) - { - Com_Printf("Couldn't resolve address\n"); - return; - } - svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE); - Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME, - svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1], - svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3], - BigShort(svs.authorizeAddress.port)); - } - - // otherwise send their ip to the authorize server - if (svs.authorizeAddress.type != NA_BAD) - { - NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress, - "banUser %i.%i.%i.%i", cl->netchan.remoteAddress.ip[0], cl->netchan.remoteAddress.ip[1], - cl->netchan.remoteAddress.ip[2], cl->netchan.remoteAddress.ip[3]); - Com_Printf("%s was banned from coming back\n", rc(cl->name)); - } -} - -/* -================== -SV_BanNum_f - -Ban a user from being able to play on this server through the auth -server -================== -*/ -static void SV_BanNum_f(void) -{ - client_t *cl; - - // make sure server is running - if (!com_sv_running->integer) - { - Com_Printf("Server is not running.\n"); - return; - } - - if (Cmd_Argc() != 2) - { - Com_Printf("Usage: banClient \n"); - return; - } - - cl = SV_GetPlayerByNum(); - if (!cl) - { - return; - } - if (cl->netchan.remoteAddress.type == NA_LOOPBACK) - { - SV_SendServerCommand(NULL, "print \"%s\"", "Cannot kick host player\n"); - return; - } - - // look up the authorize server's IP - if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD) - { - Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME); - if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress)) - { - Com_Printf("Couldn't resolve address\n"); - return; - } - svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE); - Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME, - svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1], - svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3], - BigShort(svs.authorizeAddress.port)); - } - - // otherwise send their ip to the authorize server - if (svs.authorizeAddress.type != NA_BAD) - { - NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress, - "banUser %i.%i.%i.%i", cl->netchan.remoteAddress.ip[0], cl->netchan.remoteAddress.ip[1], - cl->netchan.remoteAddress.ip[2], cl->netchan.remoteAddress.ip[3]); - Com_Printf("%s was banned from coming back\n", rc(cl->name)); - } -} -#endif // AUTHORIZE_SUPPORT - /* ================== ================== @@ -1051,11 +923,6 @@ void SV_AddOperatorCommands(void) initialized = qtrue; Cmd_AddCommand("heartbeat", SV_Heartbeat_f); -#ifdef AUTHORIZE_SUPPORT - // Arnout: banning requires auth server - Cmd_AddCommand("banUser", SV_Ban_f); - Cmd_AddCommand("banClient", SV_BanNum_f); -#endif // AUTHORIZE_SUPPORT Cmd_AddCommand("status", SV_Status_f); Cmd_AddCommand("serverinfo", SV_Serverinfo_f); Cmd_AddCommand("systeminfo", SV_Systeminfo_f); diff --git a/src/server/sv_client.c b/src/server/sv_client.c index a8c7b46ff..00a1a7a7e 100644 --- a/src/server/sv_client.c +++ b/src/server/sv_client.c @@ -47,11 +47,6 @@ We do this to prevent denial of service attacks that flood the server with invalid connection IPs. With a challenge, they must give a valid IP address. -If we are authorizing, a challenge request will cause a packet -to be sent to the authorize server. - -When an authorizeip is returned, a challenge response will be -sent to that ip. ================= */ void SV_GetChallenge(netadr_t from) @@ -99,178 +94,20 @@ void SV_GetChallenge(netadr_t from) i = oldest; } -#if !defined(AUTHORIZE_SUPPORT) - // FIXME: deal with restricted filesystem - if (1) - { -#else - // if they are on a lan address, send the challengeResponse immediately - if (Sys_IsLANAddress(from)) - { -#endif - challenge->pingTime = svs.time; - if (sv_onlyVisibleClients->integer) - { - NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer); - } - else - { - NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i", challenge->challenge); - } - return; - } - -#ifdef AUTHORIZE_SUPPORT - // look up the authorize server's IP - if (!svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD) - { - Com_Printf("Resolving %s\n", AUTHORIZE_SERVER_NAME); - if (!NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress)) - { - Com_Printf("Couldn't resolve address\n"); - return; - } - svs.authorizeAddress.port = BigShort(PORT_AUTHORIZE); - Com_Printf("%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME, - svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1], - svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3], - BigShort(svs.authorizeAddress.port)); - } - - // if they have been challenging for a long time and we - // haven't heard anything from the authoirze server, go ahead and - // let them in, assuming the id server is down - if (svs.time - challenge->firstTime > AUTHORIZE_TIMEOUT) - { - Com_DPrintf("authorize server timed out\n"); - - challenge->pingTime = svs.time; - if (sv_onlyVisibleClients->integer) - { - NET_OutOfBandPrint(NS_SERVER, challenge->adr, - "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer); - } - else - { - NET_OutOfBandPrint(NS_SERVER, challenge->adr, - "challengeResponse %i", challenge->challenge); - } - - return; - } - - // otherwise send their ip to the authorize server - if (svs.authorizeAddress.type != NA_BAD) - { - cvar_t *fs; - char game[1024]; - - game[0] = 0; - fs = Cvar_Get("fs_game", "", CVAR_INIT | CVAR_SYSTEMINFO); - if (fs && fs->string[0] != 0) - { - strcpy(game, fs->string); - } - Com_DPrintf("sending getIpAuthorize for %s\n", NET_AdrToString(from)); - fs = Cvar_Get("sv_allowAnonymous", "0", CVAR_SERVERINFO); - - // NERVE - SMF - fixed parsing on sv_allowAnonymous - NET_OutOfBandPrint(NS_SERVER, svs.authorizeAddress, - "getIpAuthorize %i %i.%i.%i.%i %s %i", svs.challenges[i].challenge, - from.ip[0], from.ip[1], from.ip[2], from.ip[3], game, fs->integer); - } -#endif // AUTHORIZE_SUPPORT -} - -#ifdef AUTHORIZE_SUPPORT -/* -==================== -SV_AuthorizeIpPacket - -A packet has been returned from the authorize server. -If we have a challenge adr for that ip, send the -challengeResponse to it -==================== -*/ -void SV_AuthorizeIpPacket(netadr_t from) -{ - int challenge; - int i; - char *s; - char *r; - char ret[1024]; - - if (!NET_CompareBaseAdr(from, svs.authorizeAddress)) - { - Com_Printf("SV_AuthorizeIpPacket: not from authorize server\n"); - return; - } - - challenge = atoi(Cmd_Argv(1)); - - for (i = 0 ; i < MAX_CHALLENGES ; i++) - { - if (svs.challenges[i].challenge == challenge) - { - break; - } - } - if (i == MAX_CHALLENGES) - { - Com_Printf("SV_AuthorizeIpPacket: challenge not found\n"); - return; - } - - // send a packet back to the original client - svs.challenges[i].pingTime = svs.time; - s = Cmd_Argv(2); - r = Cmd_Argv(3); // reason - - if (!Q_stricmp(s, "accept")) - { - if (sv_onlyVisibleClients->integer) - { - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, - "challengeResponse %i %i", svs.challenges[i].challenge, sv_onlyVisibleClients->integer); - } - else - { - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, - "challengeResponse %i", svs.challenges[i].challenge); - } - return; - } - if (!Q_stricmp(s, "unknown")) - { - if (!r) - { - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n"); - } - else - { - sprintf(ret, "print\n%s\n", r); - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, ret); - } - // clear the challenge record so it won't timeout and let them through - memset(&svs.challenges[i], 0, sizeof(svs.challenges[i])); - return; - } + // FIXME: deal with restricted filesystem - done with sv_pure check ? - // authorization failed - if (!r) + challenge->pingTime = svs.time; + if (sv_onlyVisibleClients->integer) { - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n"); + NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i %i", challenge->challenge, sv_onlyVisibleClients->integer); } else { - sprintf(ret, "print\n%s\n", r); - NET_OutOfBandPrint(NS_SERVER, svs.challenges[i].adr, ret); + NET_OutOfBandPrint(NS_SERVER, from, "challengeResponse %i", challenge->challenge); } - // clear the challenge record so it won't timeout and let them through - memset(&svs.challenges[i], 0, sizeof(svs.challenges[i])); + return; } -#endif // AUTHORIZE_SUPPORT /* ================== diff --git a/src/server/sv_main.c b/src/server/sv_main.c index 39bdb3db7..394f1dc5d 100644 --- a/src/server/sv_main.c +++ b/src/server/sv_main.c @@ -1004,12 +1004,6 @@ static void SV_ConnectionlessPacket(netadr_t from, msg_t *msg) else if (!Q_stricmp(c, "connect")) { SV_DirectConnect(from); -#ifdef AUTHORIZE_SUPPORT - } - else if (!Q_stricmp(c, "ipAuthorize")) - { - SV_AuthorizeIpPacket(from); -#endif // AUTHORIZE_SUPPORT } else if (!Q_stricmp(c, "rcon")) {