mirror of
https://github.com/Bubberstation/Bubberstation.git
synced 2026-01-25 16:45:42 +00:00
912815f1d1
- Adds two new types of bans: admin tempbans and admin permabans. These ban types are in reaction to the rising number of banworthy admin issues. The original intent was to make admins unbannable ingame, so players could not spoof admin computer ids to get admins banned, with the assumption that admin issues will be rare and a big deal when they happen. They have however started becoming ever more common, so some tools are required to allow for admin self-policing. - Each admin can have a maximum of one active admin ban (temporary or permanent) logged to their name. This is to prevent rogue admins from just banning everyone who could ban them. These bans are also not intended to be 'permanent-permanent'. They are intended to serve as a temporary fix, to get rid of rogue admins until the server host or another admin with rdp access (or +PERMISSIONS if you use DB_Admin) can deal with the rogue admin's removal. Once that is done, a normal permaban or tempban can be applied, and the admin permaban/tempban removed, restoring the banning admin's 1 allowed admin ban. - Admin bans are considered a big deal, so they also send a message to irc, when they are applied. - NOTE: Admin bans only check the connecting person's ckey. The risk of computer id spoofing still exists, so it's better not to have them check ips and computer ids. The admin abilities are given based on ckey anyway, so a ckey ban should be enough in most cases. Other changes to bans - Added a few variables to the funciton that adds a ban: maxadminbanchec (which is for admin bans and checks how many bans the admin can still apply); announceinirc and blockselfban (which prevents admins from applying the ban type on themselves. Currently applied for permaban, tempban, admin permaban, admin tempban) - Changed the appearance ban database constant from APPEARANCE_BAN to APPEARANCE_PERMABAN, to make it more compatible with the ban log at http://www.ss13.eu/tgdb/banoverview.php - Added a missing sanity check to topic.dm for appearance bans - Renamed appearance bans to identity bans in admin panels (as per Pete's request)
119 lines
5.1 KiB
Plaintext
119 lines
5.1 KiB
Plaintext
//Blocks an attempt to connect before even creating our client datum thing.
|
|
|
|
world/IsBanned(key,address,computer_id)
|
|
if(ckey(key) in admin_datums)
|
|
//It has proven to be a bad idea to make admins completely immune to bans, making them have to wait for someone with daemon access
|
|
//to add a daemon ban to finally stop them. Admin tempbans and admin permabans are special, high-level ban types, which are there to help
|
|
//deal with rogue admins quicker. If admin tempbans or admin permabans are ever needed, it should be consider a big deal. The same applies if
|
|
//admin bans are ever abused. This ban type does NOT check for IP or Computer ID. The reason for this is so a player cannot find/steal an admin's
|
|
//computer id, set it on his computer, get himself banned, resulting in the admin getting banned aswell. - this happens to also be the reason why
|
|
//admins were immune to bans in the first place.
|
|
if(!config.ban_legacy_system)
|
|
var/ckeytext = ckey(key)
|
|
|
|
if(!establish_db_connection())
|
|
world.log << "Ban database connection failure. Admin [ckeytext] not checked"
|
|
diary << "Ban database connection failure. Admin [ckeytext] not checked"
|
|
return
|
|
|
|
var/DBQuery/query = dbcon.NewQuery("SELECT ckey, ip, computerid, a_ckey, reason, expiration_time, duration, bantime, bantype FROM erro_Ban WHERE (ckey = '[ckeytext]') AND (bantype = 'ADMIN_PERMABAN' OR (bantype = 'ADMIN_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)")
|
|
|
|
query.Execute()
|
|
|
|
while(query.NextRow())
|
|
var/pckey = query.item[1]
|
|
//var/pip = query.item[2]
|
|
//var/pcid = query.item[3]
|
|
var/ackey = query.item[4]
|
|
var/reason = query.item[5]
|
|
var/expiration = query.item[6]
|
|
var/duration = query.item[7]
|
|
var/bantime = query.item[8]
|
|
var/bantype = query.item[9]
|
|
|
|
var/expires = ""
|
|
if(text2num(duration) > 0)
|
|
expires = " The ban is for [duration] minutes and expires on [expiration] (server time)."
|
|
|
|
var/desc = "\nReason: You, or another user of this computer or connection ([pckey]) is banned from playing here. The ban reason is:\n[reason]\nThis ban was applied by [ackey] on [bantime], [expires]"
|
|
|
|
return list("reason"="[bantype]", "desc"="[desc]")
|
|
|
|
return ..()
|
|
|
|
//Guest Checking
|
|
if(!guests_allowed && IsGuestKey(key))
|
|
log_access("Failed Login: [key] - Guests not allowed")
|
|
message_admins("\blue Failed Login: [key] - Guests not allowed")
|
|
return list("reason"="guest", "desc"="\nReason: Guests not allowed. Please sign in with a byond account.")
|
|
|
|
//check if the IP address is a known TOR node
|
|
if(config && config.ToRban && ToRban_isbanned(address))
|
|
log_access("Failed Login: [src] - Banned: ToR")
|
|
message_admins("\blue Failed Login: [src] - Banned: ToR")
|
|
//ban their computer_id and ckey for posterity
|
|
AddBan(ckey(key), computer_id, "Use of ToR", "Automated Ban", 0, 0)
|
|
return list("reason"="Using ToR", "desc"="\nReason: The network you are using to connect has been banned.\nIf you believe this is a mistake, please request help at [config.banappeals]")
|
|
|
|
|
|
if(config.ban_legacy_system)
|
|
|
|
//Ban Checking
|
|
. = CheckBan( ckey(key), computer_id, address )
|
|
if(.)
|
|
log_access("Failed Login: [key] [computer_id] [address] - Banned [.["reason"]]")
|
|
message_admins("\blue Failed Login: [key] id:[computer_id] ip:[address] - Banned [.["reason"]]")
|
|
return .
|
|
|
|
return ..() //default pager ban stuff
|
|
|
|
else
|
|
|
|
var/ckeytext = ckey(key)
|
|
|
|
if(!establish_db_connection())
|
|
world.log << "Ban database connection failure. Key [ckeytext] not checked"
|
|
diary << "Ban database connection failure. Key [ckeytext] not checked"
|
|
return
|
|
|
|
var/failedcid = 1
|
|
var/failedip = 1
|
|
|
|
var/ipquery = ""
|
|
var/cidquery = ""
|
|
if(address)
|
|
failedip = 0
|
|
ipquery = " OR ip = '[address]' "
|
|
|
|
if(computer_id)
|
|
failedcid = 0
|
|
cidquery = " OR computerid = '[computer_id]' "
|
|
|
|
var/DBQuery/query = dbcon.NewQuery("SELECT ckey, ip, computerid, a_ckey, reason, expiration_time, duration, bantime, bantype FROM erro_Ban WHERE (ckey = '[ckeytext]' [ipquery] [cidquery]) AND (bantype = 'PERMABAN' OR (bantype = 'TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)")
|
|
|
|
query.Execute()
|
|
|
|
while(query.NextRow())
|
|
var/pckey = query.item[1]
|
|
//var/pip = query.item[2]
|
|
//var/pcid = query.item[3]
|
|
var/ackey = query.item[4]
|
|
var/reason = query.item[5]
|
|
var/expiration = query.item[6]
|
|
var/duration = query.item[7]
|
|
var/bantime = query.item[8]
|
|
var/bantype = query.item[9]
|
|
|
|
var/expires = ""
|
|
if(text2num(duration) > 0)
|
|
expires = " The ban is for [duration] minutes and expires on [expiration] (server time)."
|
|
|
|
var/desc = "\nReason: You, or another user of this computer or connection ([pckey]) is banned from playing here. The ban reason is:\n[reason]\nThis ban was applied by [ackey] on [bantime], [expires]"
|
|
|
|
return list("reason"="[bantype]", "desc"="[desc]")
|
|
|
|
if (failedcid)
|
|
message_admins("[key] has logged in with a blank computer id in the ban check.")
|
|
if (failedip)
|
|
message_admins("[key] has logged in with a blank ip in the ban check.")
|
|
return ..() //default pager ban stuff |