From 4ad3342f6ce8ac4e9976f5eab5410c58b420a6a4 Mon Sep 17 00:00:00 2001
From: BobTheBob <32057864+BobTheBob9@users.noreply.github.com>
Date: Sun, 2 Jan 2022 01:28:48 +0000
Subject: don't enforce netchan limits during level transitions, change how
limit mode workss
---
NorthstarDedicatedTest/serverauthentication.cpp | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
(limited to 'NorthstarDedicatedTest/serverauthentication.cpp')
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index 32eb67fc..c4208130 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -142,6 +142,9 @@ bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid,
if (authFail)
{
+ // set persistent data as ready, we use 0x3 internally to mark the client as using local persistence
+ *((char*)player + 0x4a0) = (char)0x3;
+
if (!CVar_ns_auth_allow_insecure->m_nValue) // no auth data and insecure connections aren't allowed, so dc the client
return false;
@@ -167,9 +170,6 @@ bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid,
pdataStream.read((char*)player + 0x4FA, length);
pdataStream.close();
-
- // set persistent data as ready, we use 0x3 internally to mark the client as using local persistence
- *((char*)player + 0x4a0) = (char)0x3;
}
return true; // auth successful, client stays on
@@ -329,8 +329,8 @@ char __fastcall CNetChan___ProcessMessagesHook(void* self, void* buf)
double startTime = Plat_FloatTime();
char ret = CNetChan___ProcessMessages(self, buf);
- // check processing limit
- if (Cvar_net_chan_limit_mode->m_nValue != 0)
+ // check processing limits, unless we're in a level transition
+ if (g_pHostState->m_iCurrentState == HostState_t::HS_RUN)
{
// player that sent the message
void* sender = *(void**)((char*)self + 368);
@@ -346,19 +346,14 @@ char __fastcall CNetChan___ProcessMessagesHook(void* self, void* buf)
g_ServerAuthenticationManager->m_additionalPlayerData[sender].lastNetChanProcessingLimitStart = startTime;
g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime = 0.0;
}
-
g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime += (Plat_FloatTime() * 1000) - (startTime * 1000);
- int32_t limit = Cvar_net_chan_limit_msec_per_sec->m_nValue;
- if (g_pHostState->m_iCurrentState != HostState_t::HS_RUN)
- limit *= 2; // give clients more headroom in these states, as alot of clients will tend to time out here
-
- if (g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime >= limit)
+ if (g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime >= Cvar_net_chan_limit_msec_per_sec->m_nValue)
{
spdlog::warn("Client {} hit netchan processing limit with {}ms of processing time this second (max is {})", (char*)sender + 0x16, g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime, Cvar_net_chan_limit_msec_per_sec->m_nValue);
- // mode 1 = kick, mode 2 = log without kicking
- if (Cvar_net_chan_limit_mode->m_nValue == 1)
+ // nonzero = kick, 0 = warn
+ if (Cvar_net_chan_limit_mode->m_nValue)
{
CBaseClient__Disconnect(sender, 1, "Exceeded net channel processing limit");
return false;
@@ -434,7 +429,7 @@ void InitialiseServerAuthentication(HMODULE baseAddress)
// literally just stolen from a fix valve used in csgo
CVar_sv_quota_stringcmdspersecond = RegisterConVar("sv_quota_stringcmdspersecond", "60", FCVAR_GAMEDLL, "How many string commands per second clients are allowed to submit, 0 to disallow all string commands");
// https://blog.counter-strike.net/index.php/2019/07/24922/ but different because idk how to check what current tick number is
- Cvar_net_chan_limit_mode = RegisterConVar("net_chan_limit_mode", "0", FCVAR_GAMEDLL, "The mode for netchan processing limits: 0 = none, 1 = kick, 2 = log");
+ Cvar_net_chan_limit_mode = RegisterConVar("net_chan_limit_mode", "0", FCVAR_GAMEDLL, "The mode for netchan processing limits: 0 = log, 1 = kick");
Cvar_net_chan_limit_msec_per_sec = RegisterConVar("net_chan_limit_msec_per_sec", "0", FCVAR_GAMEDLL, "Netchannel processing is limited to so many milliseconds, abort connection if exceeding budget");
Cvar_ns_player_auth_port = RegisterConVar("ns_player_auth_port", "8081", FCVAR_GAMEDLL, "");
Cvar_sv_querylimit_per_sec = RegisterConVar("sv_querylimit_per_sec", "15", FCVAR_GAMEDLL, "");
--
cgit v1.2.3
From 5514ff036dbdbf7f4000934223a0d21bf0b9085d Mon Sep 17 00:00:00 2001
From: BobTheBob <32057864+BobTheBob9@users.noreply.github.com>
Date: Sun, 2 Jan 2022 03:06:04 +0000
Subject: initial work for ban system
---
.../NorthstarDedicatedTest.vcxproj | 2 +
.../NorthstarDedicatedTest.vcxproj.filters | 6 +++
NorthstarDedicatedTest/bansystem.cpp | 58 ++++++++++++++++++++++
NorthstarDedicatedTest/bansystem.h | 17 +++++++
NorthstarDedicatedTest/miscserverscript.h | 3 +-
NorthstarDedicatedTest/serverauthentication.cpp | 7 ++-
6 files changed, 90 insertions(+), 3 deletions(-)
create mode 100644 NorthstarDedicatedTest/bansystem.cpp
create mode 100644 NorthstarDedicatedTest/bansystem.h
(limited to 'NorthstarDedicatedTest/serverauthentication.cpp')
diff --git a/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj b/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj
index 67e9126f..bd0d9eb6 100644
--- a/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj
+++ b/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj
@@ -176,6 +176,7 @@
+
@@ -612,6 +613,7 @@
+
diff --git a/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj.filters b/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj.filters
index 6e379a71..8d6bc246 100644
--- a/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj.filters
+++ b/NorthstarDedicatedTest/NorthstarDedicatedTest.vcxproj.filters
@@ -1425,6 +1425,9 @@
Header Files\Shared
+
+ Header Files\Server\Authentication
+
@@ -1538,6 +1541,9 @@
Source Files\Shared
+
+ Source Files\Server\Authentication
+
diff --git a/NorthstarDedicatedTest/bansystem.cpp b/NorthstarDedicatedTest/bansystem.cpp
new file mode 100644
index 00000000..16c25b6b
--- /dev/null
+++ b/NorthstarDedicatedTest/bansystem.cpp
@@ -0,0 +1,58 @@
+#pragma once
+#include "pch.h"
+#include "bansystem.h"
+#include "serverauthentication.h"
+#include "concommand.h"
+#include
+
+const char* BANLIST_PATH = "R2Northstar/banlist.txt";
+
+ServerBanSystem* g_ServerBanSystem;
+
+void ServerBanSystem::OpenBanlist()
+{
+ std::filesystem::create_directories(BANLIST_PATH);
+
+ std::ifstream enabledModsStream(BANLIST_PATH);
+ std::stringstream enabledModsStringStream;
+
+ if (!enabledModsStream.fail())
+ {
+ std::string line;
+ while (std::getline(enabledModsStream, line))
+ m_vBannedUids.push_back(strtoll(line.c_str(), nullptr, 10));
+
+ enabledModsStream.close();
+ }
+
+ // open write stream for banlist
+ m_sBanlistStream.open(BANLIST_PATH, std::ios::in | std::ios::binary);
+}
+
+void ServerBanSystem::BanUID(uint64_t uid)
+{
+ m_vBannedUids.push_back(uid);
+
+ m_sBanlistStream << std::to_string(uid) << std::endl;
+}
+
+bool ServerBanSystem::IsUIDAllowed(uint64_t uid)
+{
+ return std::find(m_vBannedUids.begin(), m_vBannedUids.end(), uid) == m_vBannedUids.end();
+}
+
+void BanPlayerCommand(const CCommand& args)
+{
+ if (args.ArgC() < 2)
+ return;
+
+
+}
+
+void InitialiseBanSystem(HMODULE baseAddress)
+{
+ g_ServerBanSystem = new ServerBanSystem;
+ g_ServerBanSystem->OpenBanlist();
+
+ RegisterConCommand("ban", BanPlayerCommand, "bans a given player by uid or name", FCVAR_GAMEDLL);
+}
\ No newline at end of file
diff --git a/NorthstarDedicatedTest/bansystem.h b/NorthstarDedicatedTest/bansystem.h
new file mode 100644
index 00000000..ea715ea2
--- /dev/null
+++ b/NorthstarDedicatedTest/bansystem.h
@@ -0,0 +1,17 @@
+#pragma once
+
+class ServerBanSystem
+{
+private:
+ std::ofstream m_sBanlistStream;
+ std::vector m_vBannedUids;
+
+public:
+ void OpenBanlist();
+ void BanUID(uint64_t uid);
+ bool IsUIDAllowed(uint64_t uid);
+};
+
+extern ServerBanSystem* g_ServerBanSystem;
+
+void InitialiseBanSystem(HMODULE baseAddress);
\ No newline at end of file
diff --git a/NorthstarDedicatedTest/miscserverscript.h b/NorthstarDedicatedTest/miscserverscript.h
index b3e0580a..8197e502 100644
--- a/NorthstarDedicatedTest/miscserverscript.h
+++ b/NorthstarDedicatedTest/miscserverscript.h
@@ -1 +1,2 @@
-void InitialiseMiscServerScriptCommand(HMODULE baseAddress);
\ No newline at end of file
+void InitialiseMiscServerScriptCommand(HMODULE baseAddress);
+void* GetPlayerByIndex(int playerIndex);
\ No newline at end of file
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index c4208130..0fdb8664 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -5,6 +5,7 @@
#include "masterserver.h"
#include "httplib.h"
#include "gameutils.h"
+#include "bansystem.h"
#include
#include
#include
@@ -116,8 +117,10 @@ void ServerAuthenticationManager::StopPlayerAuthServer()
bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid, char* authToken)
{
- std::string strUid = std::to_string(uid);
+ if (!g_ServerBanSystem->IsUIDAllowed(uid))
+ return false;
+ std::string strUid = std::to_string(uid);
std::lock_guard guard(m_authDataMutex);
bool authFail = true;
@@ -221,7 +224,7 @@ void ServerAuthenticationManager::WritePersistentData(void* player)
// store these in vars so we can use them in CBaseClient::Connect
// this is fine because ptrs won't decay by the time we use this, just don't use it outside of cbaseclient::connect
char* nextPlayerToken;
-int64_t nextPlayerUid;
+uint64_t nextPlayerUid;
void* CBaseServer__ConnectClientHook(void* server, void* a2, void* a3, uint32_t a4, uint32_t a5, int32_t a6, void* a7, void* a8, char* serverFilter, void* a10, char a11, void* a12, char a13, char a14, int64_t uid, uint32_t a16, uint32_t a17)
{
--
cgit v1.2.3
From ed0f27914710b75a246645380e167dad071adaa7 Mon Sep 17 00:00:00 2001
From: BobTheBob <32057864+BobTheBob9@users.noreply.github.com>
Date: Sun, 2 Jan 2022 03:52:39 +0000
Subject: add disconnects to ban system
---
NorthstarDedicatedTest/bansystem.cpp | 16 ++++++++++++----
NorthstarDedicatedTest/serverauthentication.cpp | 11 +++++++----
NorthstarDedicatedTest/serverauthentication.h | 3 +++
3 files changed, 22 insertions(+), 8 deletions(-)
(limited to 'NorthstarDedicatedTest/serverauthentication.cpp')
diff --git a/NorthstarDedicatedTest/bansystem.cpp b/NorthstarDedicatedTest/bansystem.cpp
index 16c25b6b..40813f17 100644
--- a/NorthstarDedicatedTest/bansystem.cpp
+++ b/NorthstarDedicatedTest/bansystem.cpp
@@ -3,6 +3,7 @@
#include "bansystem.h"
#include "serverauthentication.h"
#include "concommand.h"
+#include "miscserverscript.h"
#include
const char* BANLIST_PATH = "R2Northstar/banlist.txt";
@@ -11,8 +12,6 @@ ServerBanSystem* g_ServerBanSystem;
void ServerBanSystem::OpenBanlist()
{
- std::filesystem::create_directories(BANLIST_PATH);
-
std::ifstream enabledModsStream(BANLIST_PATH);
std::stringstream enabledModsStringStream;
@@ -26,13 +25,12 @@ void ServerBanSystem::OpenBanlist()
}
// open write stream for banlist
- m_sBanlistStream.open(BANLIST_PATH, std::ios::in | std::ios::binary);
+ m_sBanlistStream.open(BANLIST_PATH, std::ofstream::out | std::ofstream::binary | std::ofstream::app);
}
void ServerBanSystem::BanUID(uint64_t uid)
{
m_vBannedUids.push_back(uid);
-
m_sBanlistStream << std::to_string(uid) << std::endl;
}
@@ -46,7 +44,17 @@ void BanPlayerCommand(const CCommand& args)
if (args.ArgC() < 2)
return;
+ for (int i = 0; i < 32; i++)
+ {
+ void* player = GetPlayerByIndex(i);
+ if (!strcmp((char*)player + 0x16, args.Arg(1)) || strcmp((char*)player + 0xF500, args.Arg(1)))
+ {
+ g_ServerBanSystem->BanUID(strtoll((char*)player + 0xF500, nullptr, 10));
+ CBaseClient__Disconnect(player, 1, "Banned from server");
+ break;
+ }
+ }
}
void InitialiseBanSystem(HMODULE baseAddress)
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index 0fdb8664..e0ac5d57 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -23,7 +23,6 @@ CBaseClient__ConnectType CBaseClient__Connect;
typedef void(*CBaseClient__ActivatePlayerType)(void* self);
CBaseClient__ActivatePlayerType CBaseClient__ActivatePlayer;
-typedef void(*CBaseClient__DisconnectType)(void* self, uint32_t unknownButAlways1, const char* reason, ...);
CBaseClient__DisconnectType CBaseClient__Disconnect;
typedef char(*CGameClient__ExecuteStringCommandType)(void* self, uint32_t unknown, const char* pCommandString);
@@ -117,9 +116,6 @@ void ServerAuthenticationManager::StopPlayerAuthServer()
bool ServerAuthenticationManager::AuthenticatePlayer(void* player, int64_t uid, char* authToken)
{
- if (!g_ServerBanSystem->IsUIDAllowed(uid))
- return false;
-
std::string strUid = std::to_string(uid);
std::lock_guard guard(m_authDataMutex);
@@ -240,6 +236,13 @@ char CBaseClient__ConnectHook(void* self, char* name, __int64 netchan_ptr_arg, c
// try to auth player, dc if it fails
// we connect irregardless of auth, because returning bad from this function can fuck client state p bad
char ret = CBaseClient__Connect(self, name, netchan_ptr_arg, b_fake_player_arg, a5, Buffer, a7);
+
+ if (!g_ServerBanSystem->IsUIDAllowed(nextPlayerUid))
+ {
+ CBaseClient__Disconnect(self, 1, "Banned from server");
+ return ret;
+ }
+
if (strlen(name) >= 64) // fix for name overflow bug
CBaseClient__Disconnect(self, 1, "Invalid name");
else if (!g_ServerAuthenticationManager->AuthenticatePlayer(self, nextPlayerUid, nextPlayerToken) && g_MasterServerManager->m_bRequireClientAuth)
diff --git a/NorthstarDedicatedTest/serverauthentication.h b/NorthstarDedicatedTest/serverauthentication.h
index a8863b2f..8b346f1d 100644
--- a/NorthstarDedicatedTest/serverauthentication.h
+++ b/NorthstarDedicatedTest/serverauthentication.h
@@ -94,6 +94,9 @@ public:
void WritePersistentData(void* player);
};
+typedef void(*CBaseClient__DisconnectType)(void* self, uint32_t unknownButAlways1, const char* reason, ...);
+extern CBaseClient__DisconnectType CBaseClient__Disconnect;
+
void InitialiseServerAuthentication(HMODULE baseAddress);
extern ServerAuthenticationManager* g_ServerAuthenticationManager;
--
cgit v1.2.3