about summary refs log tree commit diff
diff options
context:
space:
mode:
authoroy <Tom_Adams@web.de>2010-09-16 13:06:11 +0200
committeroy <Tom_Adams@web.de>2010-09-16 13:06:11 +0200
commit7714454829dc8165abd5786ae59881ca7576dfdb (patch)
tree14b7dfbc9e8c88d6c11953930cb8e2c55c5fccdf
parenta2083b31e3692c97c3f74291d94b4fbb32a36cc6 (diff)
downloadzcatch-7714454829dc8165abd5786ae59881ca7576dfdb.tar.gz
zcatch-7714454829dc8165abd5786ae59881ca7576dfdb.zip
added maximum number of tries for rcon authentication
Diffstat
-rw-r--r--src/engine/server/server.cpp40


-rw-r--r--src/engine/server/server.h1


-rw-r--r--src/engine/shared/config_variables.h2


3 files changed, 32 insertions, 11 deletions
diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp
index 40ad9e23..329b4b3a 100644
--- a/src/engine/server/server.cpp
+++ b/src/engine/server/server.cpp
@@ -542,6 +542,7 @@ int CServer::NewClientCallback(int ClientId, void *pUser)
 	pThis->m_aClients[ClientId].m_aName[0] = 0;
 	pThis->m_aClients[ClientId].m_aClan[0] = 0;
 	pThis->m_aClients[ClientId].m_Authed = 0;
+	pThis->m_aClients[ClientId].m_AuthTries = 0;
 	pThis->m_aClients[ClientId].Reset();
 	return 0;
 }
@@ -567,6 +568,7 @@ int CServer::DelClientCallback(int ClientId, const char *pReason, void *pUser)
 	pThis->m_aClients[ClientId].m_aName[0] = 0;
 	pThis->m_aClients[ClientId].m_aClan[0] = 0;
 	pThis->m_aClients[ClientId].m_Authed = 0;
+	pThis->m_aClients[ClientId].m_AuthTries = 0;
 	pThis->m_aClients[ClientId].m_Snapshots.PurgeAll();
 	return 0;
 }
@@ -806,6 +808,23 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket)
 						str_format(aBuf, sizeof(aBuf), "ClientId=%d authed", ClientId);
 						Console()->Print(IConsole::OUTPUT_LEVEL_STANDARD, "server", aBuf);
 					}
+					else if(g_Config.m_SvRconMaxTries)
+					{
+						m_aClients[ClientId].m_AuthTries++;
+						char aBuf[128];
+						str_format(aBuf, sizeof(aBuf), "Wrong password %d/%d.", m_aClients[ClientId].m_AuthTries, g_Config.m_SvRconMaxTries);
+						SendRconLine(ClientId, aBuf);
+						if(m_aClients[ClientId].m_AuthTries >= g_Config.m_SvRconMaxTries)
+						{
+							if(!g_Config.m_SvRconBantime)
+								m_NetServer.Drop(ClientId, "Too many remote console authentication tries");
+							else
+							{
+								NETADDR Addr = m_NetServer.ClientAddr(ClientId);
+								BanAdd(Addr, g_Config.m_SvRconBantime*60);
+							}
+						}
+					}
 					else
 					{
 						SendRconLine(ClientId, "Wrong password.");
@@ -928,6 +947,16 @@ void CServer::UpdateServerInfo()
 
 int CServer::BanAdd(NETADDR Addr, int Seconds)
 {
+	Addr.port = 0;
+	char aAddrStr[128];
+	net_addr_str(&Addr, aAddrStr, sizeof(aAddrStr));
+	char aBuf[256];
+	if(Seconds)
+		str_format(aBuf, sizeof(aBuf), "banned %s for %d minutes", aAddrStr, Seconds/60);
+	else
+		str_format(aBuf, sizeof(aBuf), "banned %s for life", aAddrStr);
+	Console()->Print(IConsole::OUTPUT_LEVEL_STANDARD, "server", aBuf);
+
 	return m_NetServer.BanAdd(Addr, Seconds);	
 }
 
@@ -1228,7 +1257,6 @@ void CServer::ConKick(IConsole::IResult *pResult, void *pUser)
 void CServer::ConBan(IConsole::IResult *pResult, void *pUser)
 {
 	NETADDR Addr;
-	char aAddrStr[128];
 	CServer *pServer = (CServer *)pUser;
 	const char *pStr = pResult->GetString(0);
 	int Minutes = 30;
@@ -1273,16 +1301,6 @@ void CServer::ConBan(IConsole::IResult *pResult, void *pUser)
 		pServer->Console()->Print(IConsole::OUTPUT_LEVEL_STANDARD, "server", "invalid network address to ban");
 		return;
  	}
-	
-	Addr.port = 0;
-	net_addr_str(&Addr, aAddrStr, sizeof(aAddrStr));
-	
-	char aBuf[256];
-	if(Minutes)
-		str_format(aBuf, sizeof(aBuf), "banned %s for %d minutes", aAddrStr, Minutes);
-	else
-		str_format(aBuf, sizeof(aBuf), "banned %s for life", aAddrStr);
-	pServer->Console()->Print(IConsole::OUTPUT_LEVEL_STANDARD, "server", aBuf);
 }
 
 void CServer::ConUnban(IConsole::IResult *pResult, void *pUser)
diff --git a/src/engine/server/server.h b/src/engine/server/server.h
index d5b872f0..98ba50bb 100644
--- a/src/engine/server/server.h
+++ b/src/engine/server/server.h
@@ -89,6 +89,7 @@ public:
 		char m_aClan[MAX_CLANNAME_LENGTH];
 		int m_Score;
 		int m_Authed;
+		int m_AuthTries;
 		
 		void Reset();
 	};
diff --git a/src/engine/shared/config_variables.h b/src/engine/shared/config_variables.h
index 03d8f907..54895b7c 100644
--- a/src/engine/shared/config_variables.h
+++ b/src/engine/shared/config_variables.h
@@ -69,6 +69,8 @@ MACRO_CONFIG_INT(SvMaxClientsPerIP, sv_max_clients_per_ip, 8, 1, MAX_CLIENTS, CF
 MACRO_CONFIG_INT(SvHighBandwidth, sv_high_bandwidth, 0, 0, 1, CFGFLAG_SERVER, "Use high bandwidth mode. Doubles the bandwidth required for the server. LAN use only")
 MACRO_CONFIG_INT(SvRegister, sv_register, 1, 0, 1, CFGFLAG_SERVER, "Register server with master server for public listing")
 MACRO_CONFIG_STR(SvRconPassword, sv_rcon_password, 32, "", CFGFLAG_SERVER, "Remote console password")
+MACRO_CONFIG_INT(SvRconMaxTries, sv_rcon_max_tries, 3, 0, 100, CFGFLAG_SERVER, "Maximum number of tries for remote console authentication")
+MACRO_CONFIG_INT(SvRconBantime, sv_rcon_bantime, 5, 0, 1440, CFGFLAG_SERVER, "The time a client gets banned if remote console authentication fails. 0 makes it just use kick")
 
 MACRO_CONFIG_INT(Debug, debug, 0, 0, 1, CFGFLAG_CLIENT|CFGFLAG_SERVER, "Debug mode")
 MACRO_CONFIG_INT(DbgStress, dbg_stress, 0, 0, 0, CFGFLAG_CLIENT|CFGFLAG_SERVER, "Stress systems")

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-09 22:42:35 +0000