(banfil, authfil): Remove. Matching user is useless, because the

player can send whatever he wants. Banning IPs is better done with a packet filter. That leaves restricting deity IPs. (privip): New econfig key to restrict deity IPs. (may_play): Implement it. (match_user): Unused, remove.
2006-02-22 20:57:51 +00:00 · 2006-02-22 20:57:51 +00:00 · 02ddee69fb
commit 02ddee69fb
parent 342d7b33ce
7 changed files with 10 additions and 59 deletions
--- a/doc/troubleshooting
+++ b/doc/troubleshooting
@ -1,13 +0,0 @@
 Here are some of the most common problems with solutions.  This file
 will probably grow over time.
 (Q) I try to log in as POGO, but the server says, "You're not a deity".  Why?
 (A) If you get a "You're not a deity!" message and logged off, check the
    "data/server.log" file and look at the end for a "NON-AUTH" entry.
    There should be a "user@host" message in there that failed to log in.
    The user and host that your system is using may be different than the
    one you put in your build.conf file.  So, enter this new user and host
    in the auth file, and you should be able to log into the server as a
    deity now.  Note that if you rebuild the server again, the auth file
    will be overwritten.
--- a/include/econfig-spec.h
+++ b/include/econfig-spec.h
@ -68,7 +68,7 @@ EMPCFBOTH((fvname), (vname), int, NSC_INT, KM_OPTION, (descr))
 EMPCF_COMMENT("\n### Server configuration and information")
 EMPCFBOTH("config_tables", config_tables, char *, NSC_STRING, KM_INTERNAL,
-    "Configuration table files, separated by space, relative to econfig's directory")
+    "Configuration table files, separated by space")
 EMPCFBOTH("data", gamedir, char *, NSC_STRING, KM_INTERNAL,
    "Directory where this game's data is stored")
 EMPCFBOTH("info", infodir, char *, NSC_STRING, KM_INTERNAL,
@ -80,13 +80,16 @@ EMPCFBOTH("builtin", builtindir, char *, NSC_STRING, KM_INTERNAL,
 EMPCF_COMMENT("# Set this to your source tree's src/lib/global to run the server\n"
 	      "# without installing it, else leave it alone.")
 EMPCFBOTH("listen_addr", listen_addr, char *, NSC_STRING, KM_INTERNAL,
-    "Local IP address the server should listen on.  \"\" listens on all.")
+    "Local IP address the server should listen on.")
 EMPCF_COMMENT("# \"\" listens on all, localhost just on the loopback interface")
 EMPCFBOTH("port", loginport, char *, NSC_STRING, KM_INTERNAL,
    "TCP port the server will bind")
 EMPCFBOTH("privname", privname, char *, NSC_STRING, 0,
    "Name of the deity")
 EMPCFBOTH("privlog", privlog, char *, NSC_STRING, 0,
    "E-mail of the deity")
 EMPCFBOTH("privip", privip, char *, NSC_STRING, KM_INTERNAL,
    "Deities may connect from these IPs or networks")
 EMPCFBOTH("WORLD_X", WORLD_X, int, NSC_INT, 0,
    "World size X dimension (enforced to be even by subtracting 1 if necessary)")
 EMPCFBOTH("WORLD_Y", WORLD_Y, int, NSC_INT, 0,
--- a/include/optlist.h
+++ b/include/optlist.h
@ -49,8 +49,6 @@ extern char *configdir;
 extern char *motdfil;
 extern char *downfil;
 extern char *disablefil;
 extern char *banfil;
 extern char *authfil;
 extern char *annfil;
 extern char *timestampfil;
 extern char *teldir;
--- a/include/prototypes.h
+++ b/include/prototypes.h
@ -439,7 +439,6 @@ extern int natpass(int, s_char *);
 extern struct player *player;	/* current player's context */
 extern char *praddr(struct player *);
 extern void player_main(struct player *);
 extern int match_user(char *, struct player *);
 extern int command(void);
 /* more under Commands */
 /* recvclient.c */
--- a/src/lib/global/path.c.in
+++ b/src/lib/global/path.c.in
@ -66,8 +66,6 @@ char *downfil	= "down";
 char *disablefil = "disable";
 char *telfil	= "tel/tel";
 char *annfil	= "ann";
 char *banfil	= "ban";
 char *authfil	= "auth";
 char *timestampfil = "timestamp";
 char *listen_addr = "";
--- a/src/lib/player/login.c
+++ b/src/lib/player/login.c
@ -266,15 +266,12 @@ may_play(void)
 	pr_id(player, C_CMDERR, "need country and password\n");
 	return 0;
    }
-    if (match_user(banfil, player)) {
+    /* TODO strstr() cheesy, compare IP against IP/BITS ... */
 	logerror("Attempted login by BANNED host %s", praddr(player));
 	pr_id(player, C_EXIT, "Your login has been banned from this game\n");
 	io_shutdown(player->iop, IO_READ);
 	return 0;
    }
    np = getnatp(player->cnum);
-    if (np->nat_stat == STAT_GOD && !match_user(authfil, player)) {
+    if (np->nat_stat == STAT_GOD && *privip
-	logerror("NON-AUTHed Login attempted by %s", praddr(player));
+	&& !strstr(privip, player->hostaddr)) {
 	logerror("Deity login from untrusted host attempted by %s",
 		 praddr(player));
 	pr_id(player, C_EXIT, "You're not a deity!\n");
 	return 0;
    }
--- a/src/lib/player/player.c
+++ b/src/lib/player/player.c
@ -360,37 +360,6 @@ show_motd(void)
    return RET_OK;
 }
 int
 match_user(char *file, struct player *p)
 {
    FILE *fp;
    int match = 0;
    char host[256];
    char user[256];
    if ((fp = fopen(file, "r")) == NULL) {
 	/*logerror("Cannot find file %s", file); */
 	return 0;
    }
    match = 0;
    while (!feof(fp) && !match) {
 	if (fgets(host, sizeof(host), fp) == NULL)
 	    break;
 	if (host[0] == '#')
 	    continue;
 	if (fgets(user, sizeof(user), fp) == NULL)
 	    break;
 	host[strlen(host) - 1] = '\0';
 	user[strlen(user) - 1] = '\0';
 	if (strstr(p->userid, user) &&
 	    (strstr(p->hostaddr, host) ||
 	     strstr(p->hostname, host)))
 	    ++match;
    }
    fclose(fp);
    return match;
 }
 int
 quit(void)
 {