summaryrefslogblamecommitdiff
path: root/src/login/ipban.c
blob: 32ee1a19b0850aa7fe6dfa4a617c7d4929a3406f (plain) (tree)
1
2
3
4
5



                                                         
                                             














                                                                        



                     


                              
                        
                          
                           
                       


                          
                   
 
                                      
                              
                                   

             
                            
 
                             
 
                                  

                                        
                                




                                                                                                               

                                   

                                                                                                                      
 

                                                                                

                                                                                                                                                     

                                                                                                           
                                        
         


           
                             
 
                                  

                                        
                                                      
                               
                                                                       
 
                                                                        

                            

                                     

 









                                                                                   
                                                                        
 



                                                
 
                                     
 








                                                                                                    
         
                                                                                                                       
 




                                                                                                            
                                                                    

                                               

         












                                                                                          
                                                                                                      










                                                                                                                                            

         

                                                                                                                                   
 



                                                                                                                                   












                                                                                                
                                                                                                   





























                                                                                                                                                  
                                                                                           






                                                
                          


















                                                                                                                 


                                    
                                  
 


                               
 
                                  
                                              
 

                                                                                                                                                                                                              
         
                                                 


                                                                               
 
                                                            
                             
 
                                                        
                             
                                           
 
                              


                     
                                
 
                               
 
                                  
                                        
 
                                                                                                                                              
 
                                                       
                                                                      

                                       

                                                                                                                                                                                                    
                 
                                                         
                 
         


                      

                                                                    
                                  
                                          
 

                                                                                                                      
 
                 
 
 

                         


























                                                                     
/**
 * This file is part of Hercules.
 * http://herc.ws - http://github.com/HerculesWS/Hercules
 *
 * Copyright (C) 2012-2018  Hercules Dev Team
 * Copyright (C)  Athena Dev Teams
 *
 * Hercules is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
#define HERCULES_CORE

#include "ipban.h"

#include "login/login.h"
#include "login/loginlog.h"
#include "common/cbasetypes.h"
#include "common/conf.h"
#include "common/nullpo.h"
#include "common/showmsg.h"
#include "common/sql.h"
#include "common/strlib.h"
#include "common/timer.h"

#include <stdlib.h>

static struct ipban_interface ipban_s;
struct ipban_interface *ipban;
static struct s_ipban_dbs ipbandbs;

// initialize
static void ipban_init(void)
{
	ipban->inited = true;

	if (!login->config->ipban)
		return;// ipban disabled

	// establish connections
	ipban->sql_handle = SQL->Malloc();
	if (SQL_ERROR == SQL->Connect(ipban->sql_handle, ipban->dbs->db_username, ipban->dbs->db_password,
	                              ipban->dbs->db_hostname, ipban->dbs->db_port, ipban->dbs->db_database)) {
		Sql_ShowDebug(ipban->sql_handle);
		SQL->Free(ipban->sql_handle);
		exit(EXIT_FAILURE);
	}
	if (ipban->dbs->codepage[0] != '\0' && SQL_ERROR == SQL->SetEncoding(ipban->sql_handle, ipban->dbs->codepage))
		Sql_ShowDebug(ipban->sql_handle);

	if (login->config->ipban_cleanup_interval > 0) {
		// set up periodic cleanup of connection history and active bans
		timer->add_func_list(ipban->cleanup, "ipban_cleanup");
		ipban->cleanup_timer_id = timer->add_interval(timer->gettick()+10, ipban->cleanup, 0, 0, login->config->ipban_cleanup_interval*1000);
	} else {
		// make sure it gets cleaned up on login-server start regardless of interval-based cleanups
		ipban->cleanup(0,0,0,0);
	}
}

// finalize
static void ipban_final(void)
{
	if (!login->config->ipban)
		return;// ipban disabled

	if (login->config->ipban_cleanup_interval > 0)
		// release data
		timer->delete(ipban->cleanup_timer_id, ipban->cleanup);

	ipban->cleanup(0,0,0,0); // always clean up on login-server stop

	// close connections
	SQL->Free(ipban->sql_handle);
	ipban->sql_handle = NULL;
}

/**
 * Reads 'inter_configuration' and initializes required variables/Sets global
 * configuration.
 *
 * @param filename Path to configuration file (used in error and warning messages).
 * @param imported Whether the current config is imported from another file.
 *
 * @retval false in case of error.

 */
static bool ipban_config_read_inter(const char *filename, bool imported)
{
	struct config_t config;
	struct config_setting_t *setting = NULL;
	const char *import = NULL;
	bool retval = true;

	nullpo_retr(false, filename);

	if (!libconfig->load_file(&config, filename))
		return false; // Error message is already shown by libconfig->read_file

	if ((setting = libconfig->lookup(&config, "inter_configuration/database_names")) == NULL) {
		libconfig->destroy(&config);
		if (imported)
			return true;
		ShowError("ipban_config_read: inter_configuration/database_names was not found!\n");
		return false;
	}
	libconfig->setting_lookup_mutable_string(setting, "ipban_table", ipban->dbs->table, sizeof(ipban->dbs->table));

	// import should overwrite any previous configuration, so it should be called last
	if (libconfig->lookup_string(&config, "import", &import) == CONFIG_TRUE) {
		if (strcmp(import, filename) == 0 || strcmp(import, "conf/common/inter-server.conf") == 0) {
			ShowWarning("ipban_config_read_inter: Loop detected! Skipping 'import'...\n");
		} else {
			if (!ipban->config_read_inter(import, true))
				retval = false;
		}
	}

	libconfig->destroy(&config);
	return retval;
}

/**
 * Reads login_configuration/account/ipban/sql_connection and loads configuration options.
 *
 * @param filename Path to configuration file (used in error and warning messages).
 * @param config   The current config being parsed.
 * @param imported Whether the current config is imported from another file.
 *
 * @retval false in case of error.
 */
static bool ipban_config_read_connection(const char *filename, struct config_t *config, bool imported)
{
	struct config_setting_t *setting = NULL;

	nullpo_retr(false, filename);
	nullpo_retr(false, config);

	if ((setting = libconfig->lookup(config, "login_configuration/account/ipban/sql_connection")) == NULL) {
		if (imported)
			return true;
		ShowError("account_db_sql_set_property: login_configuration/account/ipban/sql_connection was not found in %s!\n", filename);
		return false;
	}

	libconfig->setting_lookup_mutable_string(setting, "db_hostname", ipban->dbs->db_hostname, sizeof(ipban->dbs->db_hostname));
	libconfig->setting_lookup_mutable_string(setting, "db_database", ipban->dbs->db_database, sizeof(ipban->dbs->db_database));

	libconfig->setting_lookup_mutable_string(setting, "db_username", ipban->dbs->db_username, sizeof(ipban->dbs->db_username));
	libconfig->setting_lookup_mutable_string(setting, "db_password", ipban->dbs->db_password, sizeof(ipban->dbs->db_password));
	libconfig->setting_lookup_mutable_string(setting, "codepage", ipban->dbs->codepage, sizeof(ipban->dbs->codepage));
	libconfig->setting_lookup_uint16(setting, "db_port", &ipban->dbs->db_port);

	return true;
}

/**
 * Reads login_configuration/account/ipban/dynamic_pass_failure and loads configuration options.
 *
 * @param filename Path to configuration file (used in error and warning messages).
 * @param config   The current config being parsed.
 * @param imported Whether the current config is imported from another file.
 *
 * @retval false in case of error.
 */
static bool ipban_config_read_dynamic(const char *filename, struct config_t *config, bool imported)
{
	struct config_setting_t *setting = NULL;

	nullpo_retr(false, filename);
	nullpo_retr(false, config);

	if ((setting = libconfig->lookup(config, "login_configuration/account/ipban/dynamic_pass_failure")) == NULL) {
		if (imported)
			return true;
		ShowError("account_db_sql_set_property: login_configuration/account/ipban/dynamic_pass_failure was not found in %s!\n", filename);
		return false;
	}

	libconfig->setting_lookup_bool_real(setting, "enabled", &login->config->dynamic_pass_failure_ban);
	libconfig->setting_lookup_uint32(setting, "ban_interval", &login->config->dynamic_pass_failure_ban_interval);
	libconfig->setting_lookup_uint32(setting, "ban_limit", &login->config->dynamic_pass_failure_ban_limit);
	libconfig->setting_lookup_uint32(setting, "ban_duration", &login->config->dynamic_pass_failure_ban_duration);

	return true;
}

/**
 * Reads login_configuration.account.ipban and loads configuration options.
 *
 * @param filename Path to configuration file (used in error and warning messages).
 * @param config   The current config being parsed.
 * @param imported Whether the current config is imported from another file.
 *
 * @retval false in case of error.
 */
static bool ipban_config_read(const char *filename, struct config_t *config, bool imported)
{
	struct config_setting_t *setting = NULL;
	bool retval = true;

	nullpo_retr(false, filename);
	nullpo_retr(false, config);

	if (ipban->inited)
		return false; // settings can only be changed before init

	if ((setting = libconfig->lookup(config, "login_configuration/account/ipban")) == NULL) {
		if (!imported)
			ShowError("login_config_read: login_configuration/log was not found in %s!\n", filename);
		return false;
	}

	libconfig->setting_lookup_bool_real(setting, "enabled", &login->config->ipban);
	libconfig->setting_lookup_uint32(setting, "cleanup_interval", &login->config->ipban_cleanup_interval);

	if (!ipban_config_read_inter("conf/common/inter-server.conf", imported))
		retval = false;
	if (!ipban_config_read_connection(filename, config, imported))
		retval = false;
	if (!ipban_config_read_dynamic(filename, config, imported))
		retval = false;

	return retval;
}

// check ip against active bans list
static bool ipban_check(uint32 ip)
{
	uint8* p = (uint8*)&ip;
	char* data = NULL;
	int matches;

	if (!login->config->ipban)
		return false;// ipban disabled

	if( SQL_ERROR == SQL->Query(ipban->sql_handle, "SELECT count(*) FROM `%s` WHERE `rtime` > NOW() AND (`list` = '%u.*.*.*' OR `list` = '%u.%u.*.*' OR `list` = '%u.%u.%u.*' OR `list` = '%u.%u.%u.%u')",
		ipban->dbs->table, p[3], p[3], p[2], p[3], p[2], p[1], p[3], p[2], p[1], p[0]) )
	{
		Sql_ShowDebug(ipban->sql_handle);
		// close connection because we can't verify their connectivity.
		return true;
	}

	if( SQL_SUCCESS != SQL->NextRow(ipban->sql_handle) )
		return false;

	SQL->GetData(ipban->sql_handle, 0, &data, NULL);
	matches = atoi(data);
	SQL->FreeResult(ipban->sql_handle);

	return( matches > 0 );
}

// log failed attempt
static void ipban_log(uint32 ip)
{
	unsigned long failures;

	if (!login->config->ipban)
		return;// ipban disabled

	failures = loginlog->failedattempts(ip, login->config->dynamic_pass_failure_ban_interval);// how many times failed account? in one ip.

	// if over the limit, add a temporary ban entry
	if (failures >= login->config->dynamic_pass_failure_ban_limit)
	{
		uint8* p = (uint8*)&ip;
		if (SQL_ERROR == SQL->Query(ipban->sql_handle, "INSERT INTO `%s`(`list`,`btime`,`rtime`,`reason`) VALUES ('%u.%u.%u.*', NOW() , NOW() +  INTERVAL %u MINUTE ,'Password error ban')",
			ipban->dbs->table, p[3], p[2], p[1], login->config->dynamic_pass_failure_ban_duration))
		{
			Sql_ShowDebug(ipban->sql_handle);
		}
	}
}

// remove expired bans
static int ipban_cleanup(int tid, int64 tick, int id, intptr_t data)
{
	if (!login->config->ipban)
		return 0;// ipban disabled

	if( SQL_ERROR == SQL->Query(ipban->sql_handle, "DELETE FROM `%s` WHERE `rtime` <= NOW()", ipban->dbs->table) )
		Sql_ShowDebug(ipban->sql_handle);

	return 0;
}

void ipban_defaults(void)
{
	ipban = &ipban_s;

	ipban->dbs = &ipbandbs;

	ipban->sql_handle = NULL;
	ipban->cleanup_timer_id = INVALID_TIMER;
	ipban->inited = false;

	// Sql settings
	strcpy(ipban->dbs->db_hostname, "127.0.0.1");
	ipban->dbs->db_port = 3306;
	strcpy(ipban->dbs->db_username, "ragnarok");
	strcpy(ipban->dbs->db_password, "ragnarok");
	strcpy(ipban->dbs->db_database, "ragnarok");
	*ipban->dbs->codepage = 0;
	strcpy(ipban->dbs->table, "ipbanlist");

	ipban->init = ipban_init;
	ipban->final = ipban_final;
	ipban->cleanup = ipban_cleanup;
	ipban->config_read_inter = ipban_config_read_inter;
	ipban->config_read_connection = ipban_config_read_connection;
	ipban->config_read_dynamic = ipban_config_read_dynamic;
	ipban->config_read = ipban_config_read;
	ipban->check = ipban_check;
	ipban->log = ipban_log;
}