From: bones_was_here Date: Wed, 16 Mar 2022 11:16:20 +0000 (+1000) Subject: Update CA files to match srv03 deployment X-Git-Tag: xonotic-v0.8.5~16 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=d84785b6b4506a2cd012f64fbd17814246511f4e;p=xonotic%2Fxonotic.git Update CA files to match srv03 deployment --- diff --git a/misc/infrastructure/keygen/config.pl b/misc/infrastructure/keygen/config.pl index 28f9a79f..65108fd7 100644 --- a/misc/infrastructure/keygen/config.pl +++ b/misc/infrastructure/keygen/config.pl @@ -6,15 +6,20 @@ { my ($inc) = @_; return 0 if ($inc >= 0) && check_dnsbl([qr/.*:.*:.*/], [], ['torexit.dan.me.uk', 'aspews.ext.sorbs.net']); - return 0 if ($inc >= 0) && check_banlist('http://rm.endoftheinternet.org/~xonotic/bans/?action=list&servers=*'); - return 0 if check_sql('dbi:mysql:dbname=xonotic_ca', 'xonotic_ca', '************', 'ip', $inc); + return 0 if ($inc >= 0) && check_banlist('http://rm.sudo.rm-f.org/~xonotic/bans/?action=list&servers=*'); + return 0 if check_sql('dbi:mysql:dbname=xonotic-ca', 'xonotic-ca', '************', 'ip', 0.2, 1, 20, 1000, $inc); 1; } }, - 15 => + 1 => { - name => "Xonotic testing", - check => sub { 1; } + name => "Xonotic Hub", + check => sub + { + my ($inc) = @_; + return 0 if check_ipfiles('/home/xonotic-build/xonotic-release-build/misc/infrastructure/xhub/ips'); + 1; + } } ); -$default_ca = 15; +$default_ca = 0; diff --git a/misc/infrastructure/keygen/crypto-keygen-standalone b/misc/infrastructure/keygen/crypto-keygen-standalone index af632f45..852b24bc 100755 Binary files a/misc/infrastructure/keygen/crypto-keygen-standalone and b/misc/infrastructure/keygen/crypto-keygen-standalone differ diff --git a/misc/infrastructure/keygen/response.d0ir b/misc/infrastructure/keygen/response.d0ir index a74fb37a..3396ce1e 100755 --- a/misc/infrastructure/keygen/response.d0ir +++ b/misc/infrastructure/keygen/response.d0ir @@ -2,7 +2,7 @@ BEGIN { - $ENV{PATH} = "/usr/bin:/bin"; + $ENV{PATH} = "/usr/bin:/bin"; } # if we are suid, set uid := euid @@ -24,6 +24,14 @@ sub error($) exit 0; } +sub check_ipfiles($) +{ + my ($dir) = @_; + my $ip = $ENV{REMOTE_ADDR}; + return 0 if -f "$dir/$ip"; + return -1; +} + sub check_dnsbl($$@) { my ($goodpatterns, $badpatterns, $list) = @_; @@ -34,20 +42,28 @@ sub check_dnsbl($$@) # check goodpatterns for(@$goodpatterns) { - return 0 - if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/; + if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/) + { + return 0; + } } # check badpatterns for(@$badpatterns) { - return -1 - if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/; + if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/) + { + warn "$addr/$name blocked by $_"; + return -1; + } } # is he tor? my $h = gethostbyname $addr; - return -1 - if not defined $h; + if(not defined $h) + { + warn "$addr blocked by gethostbyname()"; + return -1; + } my $blprefix = join '.', reverse unpack 'C4', $h; my $i = 0; @@ -58,6 +74,8 @@ sub check_dnsbl($$@) my $h2 = gethostbyname $hn; next if not defined $h2; + my $h2_text = join '.', reverse unpack 'C4', $h2; + warn "$addr blocked by $hn -> $h2_text"; return -1; } @@ -67,54 +85,83 @@ sub check_dnsbl($$@) # create table ip ( id INT AUTO_INCREMENT PRIMARY KEY, ip VARCHAR(64), t DATETIME, error BOOLEAN, INDEX(ip), INDEX(t), INDEX(error) ); our $__CACHED_DBH__; -sub check_sql($$$$$) +sub check_ip_record +{ + my ($DBH, $tbl, $ip) = @_; + my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip) + or die "DBI/DBD: $!"; + return $status->[0]; +} +sub insert_ip_record +{ + my ($DBH, $tbl, $ip) = @_; + my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip) + or die "DBI/DBD: $!"; + if(@$status) + { + if($status->[0][0] || !$status->[0][1]) # error, or after interval + { + $DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip); + return 0; + } + else # too soon + { + return 1; + } + } + else + { + $DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip); + return 0; + } +} +sub delete_ip_record +{ + my ($DBH, $tbl, $ip) = @_; + $DBH->do("update $tbl set error=true where ip=?", undef, $ip); +} + +sub check_sql($$$$$$$$$) { - my ($dsn, $u, $p, $tbl, $inc) = @_; + my ($dsn, $u, $p, $tbl, $per32, $per24, $per16, $per8, $inc) = @_; my $ip = $ENV{REMOTE_ADDR}; my $DBH = ($__CACHED_DBH__ ? $__CACHED_DBH__ : ($__CACHED_DBH__ = DBI->connect($dsn, $u, $p, { RaiseError => 1, AutoCommit => 0 }))) or die "DBI/DBD: $!"; - $DBH->do("set character set utf8"); - $DBH->do("set names utf8"); + eval { + $DBH->do("set character set utf8"); + $DBH->do("set names utf8"); + $DBH->do("set time_zone = '+0:00'"); + } or do { + undef $__CACHED_DBH__; + die $@; + }; if($inc < 0) { - $DBH->do("update $tbl set error=true where ip=?", undef, $ip); + delete_ip_record($DBH, $tbl, $ip); $DBH->commit(); $DBH->disconnect(); return 0; } elsif($inc == 0) { - my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip) - or die "DBI/DBD: $!"; + my $status = check_ip_record($DBH, $tbl, $ip); $DBH->disconnect(); - return $status->[0] ? -1 : 0; + if ($status) + { + warn "$ip blocked by SQL"; + } + return $status; } else { - my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip) - or die "DBI/DBD: $!"; - if(@$status) - { - if($status->[0][0] || !$status->[0][1]) # error, or after interval - { - $DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip); - $DBH->commit(); - $DBH->disconnect(); - return 0; - } - else # too soon - { - $DBH->disconnect(); - return -1; - } - } - else + my $status = insert_ip_record($DBH, $tbl, $ip); + $DBH->commit(); + $DBH->disconnect(); + if ($status) { - $DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip); - $DBH->commit(); - $DBH->disconnect(); - return 0; + warn "$ip blocked by SQL"; } + return $status; } } @@ -126,7 +173,11 @@ sub check_banlist($) for(0..@s/4-1) { my $i = $s[4*$_]; - return 1 if "$ip." =~ /^\Q$i\E\./; + if("$ip." =~ /^\Q$i\E\./) + { + warn "$ip blocked by SQL"; + return 1; + } } return 0; } @@ -214,6 +265,9 @@ Content-type: text/html
To use another CA, please enter its number here before using this page: +
+ REMOTE_HOST=$ENV{REMOTE_HOST}
+ REMOTE_ADDR=$ENV{REMOTE_ADDR} EOF