| 3136 | SERVPARLIST(auth_verify_ip, 0, 0, 0, endis, "sVerify server IP reported by the client during auth"); |
| 3137 | |
| 3138 | void process(ENetPacket *packet, int sender, int chan) |
| 3139 | { |
| 3140 | ucharbuf p(packet->data, packet->dataLength); |
| 3141 | char text[MAXTRANS]; |
| 3142 | client *cl = sender>=0 ? clients[sender] : NULL; |
| 3143 | pwddetail pd; |
| 3144 | int type; |
| 3145 | |
| 3146 | if(cl && !cl->isauthed) |
| 3147 | { |
| 3148 | int clientrole = CR_DEFAULT; |
| 3149 | |
| 3150 | if(chan==0) return; |
| 3151 | else if(chan!=1 || ((type = getint(p)) != SV_SERVINFO_RESPONSE && type != SV_CONNECT)) disconnect_client(sender, DISC_TAGT); |
| 3152 | else if(type == SV_SERVINFO_RESPONSE) |
| 3153 | { |
| 3154 | if(servinfoauths.full()) disconnect_client(sender, DISC_OVERLOAD); |
| 3155 | else |
| 3156 | { |
| 3157 | string tmp1, tmp2; |
| 3158 | servinfoauth *sa = servinfoauths.stage(new servinfoauth); |
| 3159 | memset(sa, 0, sizeof(servinfoauth)); |
| 3160 | int clientsalt = getint(p), clientclock = getint(p), curpeerport = getint(p); |
| 3161 | enet_uint32 curpeerip = getip4(p); |
| 3162 | if((sa->wantauth = getint(p))) |
| 3163 | { |
| 3164 | p.get(sa->clientpubkey, 32); |
| 3165 | p.get((uchar*)sa->clientmsg, 64); |
| 3166 | } |
| 3167 | bool ipfail = servownip && servownip != curpeerip; |
| 3168 | if(ipfail) mlog(ACLOG_INFO, "[%s] client reported different server IP %s:%d (known own IP is %s)", cl->hostname, iptoa(curpeerip, tmp1), curpeerport, iptoa(servownip, tmp2)); |
| 3169 | formatstring(text)("SERVINFOCHALLENGE<(%d) cn: %d c: %s (%s) s: %s:%d", cl->salt, sender, iptoa(cl->ip_censored, tmp1), cl->country, iptoa(servownip, tmp2), curpeerport); |
| 3170 | concatformatstring(text, " %s st: %d ct: %d (%d)>", bin2hex(tmp1, spk, 32), cl->connectclock, clientclock, clientsalt); |
| 3171 | sa->clientmsglen = (int)strlen(text); |
| 3172 | if(sa->clientmsglen < MAXSTRLEN - 65) memcpy(sa->clientmsg + 64, text, sa->clientmsglen); |
| 3173 | else sa->clientmsglen = 0; |
| 3174 | formatstring(sa->servermsg)("SERVINFOSIGNED<%s>", bin2hex(tmp1, (uchar*)sa->clientmsg, 64)); |
| 3175 | sa->servermsglen = (int)strlen(sa->servermsg); |
| 3176 | if((!sa->wantauth && cl->needsauth) || (ipfail && auth_verify_ip)) { delete sa; disconnect_client(sender, DISC_AUTH); } |
| 3177 | else |
| 3178 | { |
| 3179 | sa->type = type; |
| 3180 | sa->cn = sender; |
| 3181 | sa->clientsequence = cl->clientsequence; |
| 3182 | servinfoauths.commit(); |
| 3183 | } |
| 3184 | } |
| 3185 | return; |
| 3186 | } |
| 3187 | else |
| 3188 | { // SV_CONNECT |
| 3189 | cl->acversion = getint(p); |
| 3190 | cl->acbuildtype = getint(p); |
| 3191 | defformatstring(tags)(", AC: %d|%x", cl->acversion, cl->acbuildtype); |
| 3192 | getstring(text, p); |
| 3193 | filtertext(text, text, FTXT__PLAYERNAME, MAXNAMELEN); |
| 3194 | if(!text[0]) copystring(text, "unarmed"); |
| 3195 | copystring(cl->name, text, MAXNAMELEN+1); |
no test coverage detected