]> git.rm.cloudns.org Git - xonotic/xonotic.git/commitdiff
Update CA files to match srv03 deployment
authorbones_was_here <bones_was_here@xa.org.au>
Wed, 16 Mar 2022 11:16:20 +0000 (21:16 +1000)
committerbones_was_here <bones_was_here@xa.org.au>
Wed, 16 Mar 2022 11:16:20 +0000 (21:16 +1000)
misc/infrastructure/keygen/config.pl
misc/infrastructure/keygen/crypto-keygen-standalone
misc/infrastructure/keygen/response.d0ir

index 28f9a79f7e15fceab240dbd2fda0596670d6e017..65108fd794e28e975c2eef6665f0ad91b89726f8 100644 (file)
@@ -6,15 +6,20 @@
                {
                        my ($inc) = @_;
                        return 0 if ($inc >= 0) && check_dnsbl([qr/.*:.*:.*/], [], ['torexit.dan.me.uk', 'aspews.ext.sorbs.net']);
-                       return 0 if ($inc >= 0) && check_banlist('http://rm.endoftheinternet.org/~xonotic/bans/?action=list&servers=*');
-                       return 0 if check_sql('dbi:mysql:dbname=xonotic_ca', 'xonotic_ca', '************', 'ip', $inc);
+                       return 0 if ($inc >= 0) && check_banlist('http://rm.sudo.rm-f.org/~xonotic/bans/?action=list&servers=*');
+                       return 0 if check_sql('dbi:mysql:dbname=xonotic-ca', 'xonotic-ca', '************', 'ip', 0.2, 1, 20, 1000, $inc);
                        1;
                }
        },
-       15 =>
+       1 =>
        {
-               name => "Xonotic testing",
-               check => sub { 1; }
+               name => "Xonotic Hub",
+               check => sub
+               {
+                       my ($inc) = @_;
+                       return 0 if check_ipfiles('/home/xonotic-build/xonotic-release-build/misc/infrastructure/xhub/ips');
+                       1;
+               }
        }
 );
-$default_ca = 15;
+$default_ca = 0;
index af632f45820c4647ddbd9f81b3bb5cdfa13e5223..852b24bc485aad736b17fabedc21cfb53f6ce8b3 100755 (executable)
Binary files a/misc/infrastructure/keygen/crypto-keygen-standalone and b/misc/infrastructure/keygen/crypto-keygen-standalone differ
index a74fb37a746fd92681c3f34c990eb0bf4cba4800..3396ce1e97905d9dda5013eb6d30a24f452e603d 100755 (executable)
@@ -2,7 +2,7 @@
 
 BEGIN
 {
-        $ENV{PATH} = "/usr/bin:/bin";
+       $ENV{PATH} = "/usr/bin:/bin";
 }
 
 # if we are suid, set uid := euid
@@ -24,6 +24,14 @@ sub error($)
        exit 0;
 }
 
+sub check_ipfiles($)
+{
+       my ($dir) = @_;
+       my $ip = $ENV{REMOTE_ADDR};
+       return 0 if -f "$dir/$ip";
+       return -1;
+}
+
 sub check_dnsbl($$@)
 {
        my ($goodpatterns, $badpatterns, $list) = @_;
@@ -34,20 +42,28 @@ sub check_dnsbl($$@)
        # check goodpatterns
        for(@$goodpatterns)
        {
-               return 0
-                       if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/;
+               if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/)
+               {
+                       return 0;
+               }
        }
        # check badpatterns
        for(@$badpatterns)
        {
-               return -1
-                       if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/;
+               if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/)
+               {
+                       warn "$addr/$name blocked by $_";
+                       return -1;
+               }
        }
 
        # is he tor?
        my $h = gethostbyname $addr;
-       return -1
-               if not defined $h;
+       if(not defined $h)
+       {
+               warn "$addr blocked by gethostbyname()";
+               return -1;
+       }
        
        my $blprefix = join '.', reverse unpack 'C4', $h;
        my $i = 0;
@@ -58,6 +74,8 @@ sub check_dnsbl($$@)
                my $h2 = gethostbyname $hn;
                next
                        if not defined $h2;
+               my $h2_text = join '.', reverse unpack 'C4', $h2;
+               warn "$addr blocked by $hn -> $h2_text";
                return -1;
        }
 
@@ -67,54 +85,83 @@ sub check_dnsbl($$@)
 # create table ip ( id INT AUTO_INCREMENT PRIMARY KEY, ip VARCHAR(64), t DATETIME, error BOOLEAN, INDEX(ip), INDEX(t), INDEX(error) );
 our $__CACHED_DBH__;
 
-sub check_sql($$$$$)
+sub check_ip_record
+{
+       my ($DBH, $tbl, $ip) = @_;
+       my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip)
+               or die "DBI/DBD: $!";
+       return $status->[0];
+}
+sub insert_ip_record
+{
+       my ($DBH, $tbl, $ip) = @_;
+       my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip)
+               or die "DBI/DBD: $!";
+       if(@$status)
+       {
+               if($status->[0][0] || !$status->[0][1]) # error, or after interval
+               {
+                       $DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip);
+                       return 0;
+               }
+               else # too soon
+               {
+                       return 1;
+               }
+       }
+       else
+       {
+               $DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip);
+               return 0;
+       }
+}
+sub delete_ip_record
+{
+       my ($DBH, $tbl, $ip) = @_;
+       $DBH->do("update $tbl set error=true where ip=?", undef, $ip);
+}
+
+sub check_sql($$$$$$$$$)
 {
-       my ($dsn, $u, $p, $tbl, $inc) = @_;
+       my ($dsn, $u, $p, $tbl, $per32, $per24, $per16, $per8, $inc) = @_;
        my $ip = $ENV{REMOTE_ADDR};
        my $DBH = ($__CACHED_DBH__ ? $__CACHED_DBH__ : ($__CACHED_DBH__ = DBI->connect($dsn, $u, $p, { RaiseError => 1, AutoCommit => 0 })))
                or die "DBI/DBD: $!";
-       $DBH->do("set character set utf8");
-       $DBH->do("set names utf8");
+       eval {
+               $DBH->do("set character set utf8");
+               $DBH->do("set names utf8");
+               $DBH->do("set time_zone = '+0:00'");
+       } or do {
+               undef $__CACHED_DBH__;
+               die $@;
+       };
        if($inc < 0)
        {
-               $DBH->do("update $tbl set error=true where ip=?", undef, $ip);
+               delete_ip_record($DBH, $tbl, $ip);
                $DBH->commit();
                $DBH->disconnect();
                return 0;
        }
        elsif($inc == 0)
        {
-               my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip)
-                       or die "DBI/DBD: $!";
+               my $status = check_ip_record($DBH, $tbl, $ip);
                $DBH->disconnect();
-               return $status->[0] ? -1 : 0;
+               if ($status)
+               {
+                       warn "$ip blocked by SQL";
+               }
+               return $status;
        }
        else
        {
-               my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip)
-                       or die "DBI/DBD: $!";
-               if(@$status)
-               {
-                       if($status->[0][0] || !$status->[0][1]) # error, or after interval
-                       {
-                               $DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip);
-                               $DBH->commit();
-                               $DBH->disconnect();
-                               return 0;
-                       }
-                       else # too soon
-                       {
-                               $DBH->disconnect();
-                               return -1;
-                       }
-               }
-               else
+               my $status = insert_ip_record($DBH, $tbl, $ip);
+               $DBH->commit();
+               $DBH->disconnect();
+               if ($status)
                {
-                       $DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip);
-                       $DBH->commit();
-                       $DBH->disconnect();
-                       return 0;
+                       warn "$ip blocked by SQL";
                }
+               return $status;
        }
 }
 
@@ -126,7 +173,11 @@ sub check_banlist($)
        for(0..@s/4-1)
        {
                my $i = $s[4*$_];
-               return 1 if "$ip." =~ /^\Q$i\E\./;
+               if("$ip." =~ /^\Q$i\E\./)
+               {
+                       warn "$ip blocked by SQL";
+                       return 1;
+               }
        }
        return 0;
 }
@@ -214,6 +265,9 @@ Content-type: text/html
        <hr>
        To use another CA, please enter its number here before using this page:
        <input type="text" name="ca" value="$default_ca" size="2">
+       <hr>
+       REMOTE_HOST=$ENV{REMOTE_HOST}<br>
+       REMOTE_ADDR=$ENV{REMOTE_ADDR}
 </body>
 </html>
 EOF