R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
r5sdk/r5dev/engine/server/sv_rcon.cpp

781 lines
24 KiB
C++
Raw Normal View History

RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//===========================================================================//
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
//
// Purpose: Implementation of the rcon server.
//
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//===========================================================================//
#include "core/stdafx.h"
Move ConVar/ConCommand stuff to tier1 instead and cleanup KeyValues/KeyValuesSystem
2022-04-09 16:16:40 +02:00
#include "tier1/cvar.h"
RCON system refactor and improvements * Use game's CNetAdr RCON and socket creator. * Add support for constructing host from [ip]:port format in the netconsole client. * Pass 'netadr_t' parameter by reference to 'CSocketCreator::OnSocketAccepted'.
2023-01-29 15:24:24 +01:00
#include "tier1/NetAdr.h"
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
#include "tier2/socketcreator.h"
Initial port to CMake * All libraries have been isolated from each other, and build into separate artifacts. * Project has been restructured to support isolating libraries. * CCrashHandler now calls a callback on crash (setup from core/dllmain.cpp, this can be setup in any way for any project. This callback is getting called when the apllication crashes. Useful for flushing buffers before closing handles to logging files for example). * Tier0 'CoreMsgV' function now calls a callback sink, which could be set by the user (currently setup to the SDK's internal logger in core/dllmain.cpp). TODO: * Add a batch file to autogenerate all projects. * Add support for dedicated server. * Add support for client dll. Bugs: * Game crashes on the title screen after the UI script compiler has finished (root cause unknown). * Curl error messages are getting logged twice for the dedicated server due to the removal of all "DEDICATED" preprocessor directives to support isolating projects. This has to be fixed properly!
2023-05-10 00:05:38 +02:00
#include "engine/cmd.h"
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
#include "engine/net.h"
Light project restructure Moved server/client headers and implementations into dedicated subfolder. Renamed Some classes to match the game binary (e.g. CBaseClient is now CClient). Removed redundant files.
2022-05-20 11:52:19 +02:00
#include "engine/server/sv_rcon.h"
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
#include "protoc/sv_rcon.pb.h"
#include "protoc/cl_rcon.pb.h"
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
#include "common/igameserverdata.h"
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
#include "mbedtls/include/mbedtls/sha512.h"
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
//-----------------------------------------------------------------------------
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
// Purpose: constants
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
//-----------------------------------------------------------------------------
static const char s_NoAuthMessage[] = "This server is password protected for console access; authenticate with 'PASS <password>' command.\n";
static const char s_WrongPwMessage[] = "Admin password incorrect.\n";
static const char s_AuthMessage[] = "Authentication successful.\n";
static const char s_BannedMessage[] = "Go away.\n";
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
//-----------------------------------------------------------------------------
// Purpose: console variables
//-----------------------------------------------------------------------------
static void RCON_WhiteListAddresChanged_f(IConVar* pConVar, const char* pOldString);
static void RCON_ConnectionCountChanged_f(IConVar* pConVar, const char* pOldString);
static void RCON_PasswordChanged_f(IConVar* pConVar, const char* pOldString);
static ConVar rcon_password("rcon_password", "", FCVAR_SERVER_CANNOT_QUERY | FCVAR_DONTRECORD | FCVAR_RELEASE, "Remote server access password (rcon is disabled if empty)", false, 0.f, false, 0.f, &RCON_PasswordChanged_f);
static ConVar sv_rcon_debug("sv_rcon_debug", "0", FCVAR_RELEASE, "Show rcon debug information ( !slower! )");
static ConVar sv_rcon_sendlogs("sv_rcon_sendlogs", "0", FCVAR_RELEASE, "Network console logs to connected and authenticated sockets");
//static ConVar sv_rcon_banpenalty("sv_rcon_banpenalty" , "10", FCVAR_RELEASE, "Number of minutes to ban users who fail rcon authentication");
static ConVar sv_rcon_maxfailures("sv_rcon_maxfailures", "10", FCVAR_RELEASE, "Max number of times an user can fail rcon authentication before being banned", true, 1.f, false, 0.f);
static ConVar sv_rcon_maxignores("sv_rcon_maxignores", "15", FCVAR_RELEASE, "Max number of times an user can ignore the instruction message before being banned", true, 1.f, false, 0.f);
static ConVar sv_rcon_maxsockets("sv_rcon_maxsockets", "32", FCVAR_RELEASE, "Max number of accepted sockets before the server starts closing redundant sockets", true, 1.f, true, MAX_PLAYERS);
static ConVar sv_rcon_maxconnections("sv_rcon_maxconnections", "1", FCVAR_RELEASE, "Max number of authenticated connections before the server closes the listen socket", true, 1.f, true, MAX_PLAYERS, &RCON_ConnectionCountChanged_f);
static ConVar sv_rcon_maxpacketsize("sv_rcon_maxpacketsize", "1024", FCVAR_RELEASE, "Max number of bytes allowed in a command packet from a non-authenticated netconsole", true, 0.f, false, 0.f);
static ConVar sv_rcon_whitelist_address("sv_rcon_whitelist_address", "", FCVAR_RELEASE, "This address is not considered a 'redundant' socket and will never be banned for failed authentication attempts", &RCON_WhiteListAddresChanged_f, "Format: '::ffff:127.0.0.1'");
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
//-----------------------------------------------------------------------------
Additional RCON system cleanup
2022-08-03 09:32:48 +02:00
// Purpose:
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
//-----------------------------------------------------------------------------
Additional RCON system cleanup
2022-08-03 09:32:48 +02:00
CRConServer::CRConServer(void)
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
: m_nConnIndex(0)
, m_nAuthConnections(0)
, m_bInitialized(false)
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
{
}
Additional RCON system cleanup
2022-08-03 09:32:48 +02:00
//-----------------------------------------------------------------------------
// Purpose:
//-----------------------------------------------------------------------------
CRConServer::~CRConServer(void)
{
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
// NOTE: do not call Shutdown() from the destructor as the OS's socket
// system would be shutdown by now, call Shutdown() in application
// shutdown code instead
Additional RCON system cleanup
2022-08-03 09:32:48 +02:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
Initial game client RCON implementation
2022-02-14 23:16:24 +01:00
// Purpose: NETCON systems init
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
void CRConServer::Init(void)
{
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
if (!m_bInitialized)
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (!SetPassword(rcon_password.GetString()))
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
return;
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
RCON socket bind improvement Check 'net_usesocketsforloopback' before binding sockets; allows binding to loopback as well.
2023-04-30 11:32:51 +02:00
else
{
// Already initialized.
return;
}
const char* pszAddress = net_usesocketsforloopback->GetBool() ? NET_IPV6_UNSPEC : NET_IPV6_LOOPBACK;
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
RCON socket bind improvement Check 'net_usesocketsforloopback' before binding sockets; allows binding to loopback as well.
2023-04-30 11:32:51 +02:00
m_Address.SetFromString(Format("[%s]:%i", pszAddress, hostport->GetInt()).c_str(), true);
Fixed bug causing RCON server socket to only listen on IPv6 Ip address must be unspecified (::) to bind sockets properly.
2023-04-16 00:24:06 +02:00
m_Socket.CreateListenSocket(m_Address);
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
Utilize 'DevMsg()' for uncertain builds only Only uncertain builds will contain DevMsg()/DevWarning() prints. For retail, Msg() and Warning() should be used instead.
2023-08-21 19:12:29 +02:00
Msg(eDLL_T::SERVER, "Remote server access initialized ('%s')\n", m_Address.ToString());
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
m_bInitialized = true;
}
Initial game client RCON implementation
2022-02-14 23:16:24 +01:00
//-----------------------------------------------------------------------------
// Purpose: NETCON systems shutdown
//-----------------------------------------------------------------------------
void CRConServer::Shutdown(void)
{
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
m_bInitialized = false;
const int nConnCount = m_Socket.GetAcceptedSocketCount();
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
m_Socket.CloseAllAcceptedSockets();
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
if (m_Socket.IsListening())
Initial game client RCON implementation
2022-02-14 23:16:24 +01:00
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
m_Socket.CloseListenSocket();
Initial game client RCON implementation
2022-02-14 23:16:24 +01:00
}
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
Msg(eDLL_T::SERVER, "Remote server access deinitialized ('%i' accepted sockets closed)\n", nConnCount);
Initial game client RCON implementation
2022-02-14 23:16:24 +01:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
// Purpose: run tasks for the RCON server
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
void CRConServer::Think(void)
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
const int nCount = m_Socket.GetAcceptedSocketCount();
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
// Close redundant sockets if there are too many except for whitelisted and authenticated.
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (nCount > sv_rcon_maxsockets.GetInt())
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
for (m_nConnIndex = nCount - 1; m_nConnIndex >= 0; m_nConnIndex--)
{
RCON system refactor and improvements * Use game's CNetAdr RCON and socket creator. * Add support for constructing host from [ip]:port format in the netconsole client. * Pass 'netadr_t' parameter by reference to 'CSocketCreator::OnSocketAccepted'.
2023-01-29 15:24:24 +01:00
const netadr_t& netAdr = m_Socket.GetAcceptedSocketAddress(m_nConnIndex);
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
if (!m_WhiteListAddress.CompareAdr(netAdr))
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
const CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(m_nConnIndex);
if (!data.m_bAuthorized)
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
Disconnect("redundant");
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
}
}
}
}
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
// Create a new listen socket if authenticated connection is closed.
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
if (nCount == 0)
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
if (!m_Socket.IsListening())
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
Fixed bug causing RCON server socket to only listen on IPv6 Ip address must be unspecified (::) to bind sockets properly.
2023-04-16 00:24:06 +02:00
m_Socket.CreateListenSocket(m_Address);
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
}
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
//-----------------------------------------------------------------------------
// Purpose: changes the password
// Input : *pszPassword -
// Output : true on success, false otherwise
//-----------------------------------------------------------------------------
bool CRConServer::SetPassword(const char* pszPassword)
{
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
const size_t nLen = strlen(pszPassword);
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
if (nLen < RCON_MIN_PASSWORD_LEN)
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
{
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
if (nLen > NULL)
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
{
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
Warning(eDLL_T::SERVER, "Remote server access requires a password of at least %i characters\n",
RCON_MIN_PASSWORD_LEN);
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
}
Many small code improvements and optimizations * Use c++ methods as much as possible. * Use enum types for accessing NavMesh objects from array. * Use size_t for for loops when testing against size types. * Don't compute strlen twice of more on the same string. * Don't use unnecessary c string casts if there is a method with a std::string overload. * Don't create string objects from string pointers if we could use them directly. * Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
2022-08-11 11:07:45 +02:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Shutdown();
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
return false;
}
Many small code improvements and optimizations * Use c++ methods as much as possible. * Use enum types for accessing NavMesh objects from array. * Use size_t for for loops when testing against size types. * Don't compute strlen twice of more on the same string. * Don't use unnecessary c string casts if there is a method with a std::string overload. * Don't create string objects from string pointers if we could use them directly. * Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
2022-08-11 11:07:45 +02:00
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
// This is here so we only print the confirmation message if the user
// actually requested to change the password rather than initializing
// the RCON server
const bool wasInitialized = m_bInitialized;
m_bInitialized = false;
m_Socket.CloseAllAcceptedSockets();
const int nHashRet = mbedtls_sha512(reinterpret_cast<const uint8_t*>(pszPassword), nLen, m_PasswordHash, NULL);
if (nHashRet != 0)
{
Error(eDLL_T::SERVER, 0, "SHA-512 algorithm failed on RCON password [%i]\n", nHashRet);
return false;
}
if (wasInitialized)
{
Msg(eDLL_T::SERVER, "Successfully changed RCON server password\n");
}
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
m_bInitialized = true;
return true;
}
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
//-----------------------------------------------------------------------------
// Purpose: sets the white list address
// Input : *pszAddress -
// Output : true on success, false otherwise
//-----------------------------------------------------------------------------
bool CRConServer::SetWhiteListAddress(const char* pszAddress)
{
return m_WhiteListAddress.SetFromString(pszAddress);
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
// Purpose: server RCON main loop (run this every frame)
//-----------------------------------------------------------------------------
void CRConServer::RunFrame(void)
{
if (m_bInitialized)
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
m_Socket.RunFrame();
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Think();
const int nCount = m_Socket.GetAcceptedSocketCount();
for (m_nConnIndex = nCount - 1; m_nConnIndex >= 0; m_nConnIndex--)
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(m_nConnIndex);
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (CheckForBan(data))
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
SendEncode(data.m_hSocket, s_BannedMessage, "",
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
sv_rcon::response_t::SERVERDATA_RESPONSE_AUTH, int(eDLL_T::NETCON));
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
Disconnect("banned");
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
continue;
}
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
Recv(data, sv_rcon_maxpacketsize.GetInt());
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
}
//-----------------------------------------------------------------------------
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
// Purpose: send message to all connected sockets
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Input : *pMsgBuf -
// nMsgLen -
// Output: true on success, false otherwise
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
bool CRConServer::SendToAll(const char* pMsgBuf, const int nMsgLen) const
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
ostringstream sendbuf;
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
const u_long nLen = htonl(u_long(nMsgLen));
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
bool bSuccess = true;
sendbuf.write(reinterpret_cast<const char*>(&nLen), sizeof(u_long));
sendbuf.write(pMsgBuf, nMsgLen);
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
const int nCount = m_Socket.GetAcceptedSocketCount();
for (int i = nCount - 1; i >= 0; i--)
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
const CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(i);
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (data.m_bAuthorized && !data.m_bInputOnly)
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
int ret = ::send(data.m_hSocket, sendbuf.str().data(),
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
int(sendbuf.str().size()), MSG_NOSIGNAL);
if (ret == SOCKET_ERROR)
{
if (!bSuccess)
{
bSuccess = false;
}
}
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
}
}
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return bSuccess;
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
}
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Purpose: encode and send message to all connected sockets
// Input : *pResponseMsg -
// *pResponseVal -
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
// responseType -
RCON system upgrade RCON upgrade with additional logging system improvements: * Netconsole's can now log received messages in color, even when the RCON server has ANSI colors disabled; logs are fully composed locally. * RCON server now also sends the log type over the wire, along with the (already existing) context. * SDK logging code is now shared with the standalone netconsole application. * Improved logging readability for the standalone netconsole application.
2023-03-27 02:01:48 +02:00
// nMessageId -
// nMessageType -
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Output: true on success, false otherwise
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
bool CRConServer::SendEncode(const char* pResponseMsg, const char* pResponseVal,
const sv_rcon::response_t responseType, const int nMessageId, const int nMessageType) const
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
vector<char> vecMsg;
if (!Serialize(vecMsg, pResponseMsg, pResponseVal,
responseType, nMessageId, nMessageType))
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return false;
}
if (!SendToAll(vecMsg.data(), int(vecMsg.size())))
{
Error(eDLL_T::SERVER, NO_ERROR, "Failed to send RCON message: (%s)\n", "SOCKET_ERROR");
return false;
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return true;
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
}
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Purpose: encode and send message to specific socket
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
// Input : hSocket -
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// *pResponseMsg -
// *pResponseVal -
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
// responseType -
RCON system upgrade RCON upgrade with additional logging system improvements: * Netconsole's can now log received messages in color, even when the RCON server has ANSI colors disabled; logs are fully composed locally. * RCON server now also sends the log type over the wire, along with the (already existing) context. * SDK logging code is now shared with the standalone netconsole application. * Improved logging readability for the standalone netconsole application.
2023-03-27 02:01:48 +02:00
// nMessageId -
// nMessageType -
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Output: true on success, false otherwise
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
bool CRConServer::SendEncode(const SocketHandle_t hSocket, const char* pResponseMsg, const char* pResponseVal,
const sv_rcon::response_t responseType, const int nMessageId, const int nMessageType) const
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
vector<char> vecMsg;
if (!Serialize(vecMsg, pResponseMsg, pResponseVal,
responseType, nMessageId, nMessageType))
Fix crash during init If an error occurs during init, and 'Error' is called, the program will segfault. Fixed by only running the 'send' code from RCON after it has been initialized.
2023-02-04 01:34:08 +01:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return false;
Fix crash during init If an error occurs during init, and 'Error' is called, the program will segfault. Fixed by only running the 'send' code from RCON after it has been initialized.
2023-02-04 01:34:08 +01:00
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
if (!Send(hSocket, vecMsg.data(), int(vecMsg.size())))
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Error(eDLL_T::SERVER, NO_ERROR, "Failed to send RCON message: (%s)\n", "SOCKET_ERROR");
return false;
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return true;
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
//-----------------------------------------------------------------------------
// Purpose: serializes input
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
// Input : &vecBuf -
// *responseMsg -
RCON system upgrade RCON upgrade with additional logging system improvements: * Netconsole's can now log received messages in color, even when the RCON server has ANSI colors disabled; logs are fully composed locally. * RCON server now also sends the log type over the wire, along with the (already existing) context. * SDK logging code is now shared with the standalone netconsole application. * Improved logging readability for the standalone netconsole application.
2023-03-27 02:01:48 +02:00
// *responseVal -
Add cvar for determining whether or not to send rcon console logs to netconsole
2022-08-17 02:20:04 +02:00
// responseType -
RCON system upgrade RCON upgrade with additional logging system improvements: * Netconsole's can now log received messages in color, even when the RCON server has ANSI colors disabled; logs are fully composed locally. * RCON server now also sends the log type over the wire, along with the (already existing) context. * SDK logging code is now shared with the standalone netconsole application. * Improved logging readability for the standalone netconsole application.
2023-03-27 02:01:48 +02:00
// nMessageId -
// nMessageType -
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
// Output : serialized results as string
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
bool CRConServer::Serialize(vector<char>& vecBuf, const char* pResponseMsg, const char* pResponseVal,
RCON system upgrade RCON upgrade with additional logging system improvements: * Netconsole's can now log received messages in color, even when the RCON server has ANSI colors disabled; logs are fully composed locally. * RCON server now also sends the log type over the wire, along with the (already existing) context. * SDK logging code is now shared with the standalone netconsole application. * Improved logging readability for the standalone netconsole application.
2023-03-27 02:01:48 +02:00
const sv_rcon::response_t responseType, const int nMessageId, const int nMessageType) const
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
sv_rcon::response response;
response.set_messageid(nMessageId);
response.set_messagetype(nMessageType);
response.set_responsetype(responseType);
response.set_responsemsg(pResponseMsg);
response.set_responseval(pResponseVal);
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
const size_t msgLen = response.ByteSizeLong();
vecBuf.resize(msgLen);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
if (!Encode(&response, &vecBuf[0], msgLen))
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Error(eDLL_T::SERVER, NO_ERROR, "Failed to encode RCON buffer\n");
return false;
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return true;
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
//-----------------------------------------------------------------------------
// Purpose: authenticate new connections
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
// Input : &request -
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
// &data -
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
void CRConServer::Authenticate(const cl_rcon::request& request, CConnectedNetConsoleData& data)
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (data.m_bAuthorized)
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
return;
}
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
else // Authorize.
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
if (Comparator(request.requestmsg()))
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
data.m_bAuthorized = true;
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (++m_nAuthConnections >= sv_rcon_maxconnections.GetInt())
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
{
m_Socket.CloseListenSocket();
CloseNonAuthConnection();
}
RCON QOL improvements
2022-02-24 16:44:33 +01:00
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
const char* pSendLogs = (!sv_rcon_sendlogs.GetBool() || data.m_bInputOnly) ? "0" : "1";
Make use of 'CConnectedNetConsoleData::m_bInputOnly' properly This member was in the class when RCON was added to the r5sdk, but it was never utilized. Now, each netconsole can toggle whether they are input only or not, the server only sends logs to netconsoles that are not input only. This patch also contains a fix in which the listen server sends logs to the client of its own process, causing an infinite recursive call to DevMsg.
2023-08-04 17:28:01 +02:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
SendEncode(data.m_hSocket, s_AuthMessage, pSendLogs,
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
sv_rcon::response_t::SERVERDATA_RESPONSE_AUTH, static_cast<int>(eDLL_T::NETCON));
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
else // Bad password.
{
RConServer: remove extraneous copy CSocketCreator::GetAcceptedSocketAddress() returns a reference.
2024-01-01 20:09:32 +01:00
const netadr_t& netAdr = m_Socket.GetAcceptedSocketAddress(m_nConnIndex);
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (sv_rcon_debug.GetBool())
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
{
Utilize 'DevMsg()' for uncertain builds only Only uncertain builds will contain DevMsg()/DevWarning() prints. For retail, Msg() and Warning() should be used instead.
2023-08-21 19:12:29 +02:00
Msg(eDLL_T::SERVER, "Bad RCON password attempt from '%s'\n", netAdr.ToString());
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
}
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
SendEncode(data.m_hSocket, s_WrongPwMessage, "",
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
sv_rcon::response_t::SERVERDATA_RESPONSE_AUTH, static_cast<int>(eDLL_T::NETCON));
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
data.m_bAuthorized = false;
data.m_bValidated = false;
data.m_nFailedAttempts++;
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
}
}
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
//-----------------------------------------------------------------------------
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
// Purpose: sha512 hashed password comparison
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
// Input : &svPassword -
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
// Output : true if matches, false otherwise
//-----------------------------------------------------------------------------
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
bool CRConServer::Comparator(const string& svPassword) const
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
{
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
uint8_t clientPasswordHash[RCON_SHA512_HASH_SIZE];
mbedtls_sha512(reinterpret_cast<const uint8_t*>(svPassword.c_str()), svPassword.length(),
clientPasswordHash, NULL);
if (memcmp(clientPasswordHash, m_PasswordHash, RCON_SHA512_HASH_SIZE) == 0)
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
{
return true;
}
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
Use SHA256 for password comparison Put debug logging under cvar to avoid abusing by attempting to slow down server.
2022-02-14 03:02:38 +01:00
return false;
}
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
//-----------------------------------------------------------------------------
// Purpose: processes received message
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Input : *pMsgBuf -
// nMsgLen -
// Output : true on success, false otherwise
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
//-----------------------------------------------------------------------------
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
bool CRConServer::ProcessMessage(const char* pMsgBuf, const int nMsgLen)
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(m_nConnIndex);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
cl_rcon::request request;
if (!Decode(&request, pMsgBuf, nMsgLen))
{
Error(eDLL_T::SERVER, NO_ERROR, "Failed to decode RCON buffer\n");
return false;
}
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (!data.m_bAuthorized &&
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
request.requesttype() != cl_rcon::request_t::SERVERDATA_REQUEST_AUTH)
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Force name consistency Renamed to just 'netconsole' as it was phrased like that throughout other files.
2023-05-15 18:00:51 +02:00
// Notify netconsole that authentication is required.
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
SendEncode(data.m_hSocket, s_NoAuthMessage, "",
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
sv_rcon::response_t::SERVERDATA_RESPONSE_AUTH, static_cast<int>(eDLL_T::NETCON));
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
data.m_bValidated = false;
data.m_nIgnoredMessage++;
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return true;
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
switch (request.requesttype())
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
case cl_rcon::request_t::SERVERDATA_REQUEST_AUTH:
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
Authenticate(request, data);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
break;
}
case cl_rcon::request_t::SERVERDATA_REQUEST_EXECCOMMAND:
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (data.m_bAuthorized) // Only execute if auth was successful.
RCON system overhaul * Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client). * Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server). * Process max 1024 bytes each recv buffer iteration. * Additional optimizations and cleanup.
2022-08-02 23:58:43 +02:00
{
Cleanup proto structure Removed unused/extraneous enumerants.
2023-08-04 11:20:24 +02:00
Execute(request);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
break;
}
case cl_rcon::request_t::SERVERDATA_REQUEST_SEND_CONSOLE_LOG:
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (data.m_bAuthorized)
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Flip 'sv_rcon_sendlogs' if netcon is not input only
2023-08-05 01:11:32 +02:00
// request value "0" means the netconsole is input only.
const bool bWantLog = atoi(request.requestval().c_str()) != NULL;
data.m_bInputOnly = !bWantLog;
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (bWantLog && !sv_rcon_sendlogs.GetBool())
Flip 'sv_rcon_sendlogs' if netcon is not input only
2023-08-05 01:11:32 +02:00
{
// Toggle it on since there's at least 1 netconsole that
// wants to receive logs.
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
sv_rcon_sendlogs.SetValue(bWantLog);
Flip 'sv_rcon_sendlogs' if netcon is not input only
2023-08-05 01:11:32 +02:00
}
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
break;
}
default:
{
break;
}
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
return true;
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
// Purpose: execute commands issued from netconsole (ignores all protection flags)
// Input : &request -
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
Cleanup proto structure Removed unused/extraneous enumerants.
2023-08-04 11:20:24 +02:00
void CRConServer::Execute(const cl_rcon::request& request) const
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
Temporarily fix convar value assignment bug in 'CRConServer::Execute()' Command string buffer contains "sv_cheats" and value buffer contains "sv_cheats 1". Ideally value buffer only contains "1", and we just concatenate to "sv_cheats 1" for 'Cmd_Dispatch()' to avoid confusion on the netconsole's programmer side. This will be refactored in the future.
2023-08-05 20:29:07 +02:00
const string& commandString = request.requestmsg().c_str();
const char* const pCommandString = commandString.c_str();
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
ConCommandBase* pCommandBase = g_pCVar->FindCommandBase(pCommandString);
if (!pCommandBase)
{
// Found nothing.
return;
}
Temporarily fix convar value assignment bug in 'CRConServer::Execute()' Command string buffer contains "sv_cheats" and value buffer contains "sv_cheats 1". Ideally value buffer only contains "1", and we just concatenate to "sv_cheats 1" for 'Cmd_Dispatch()' to avoid confusion on the netconsole's programmer side. This will be refactored in the future.
2023-08-05 20:29:07 +02:00
const char* const pValueString = request.requestval().c_str();
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
Temporarily fix convar value assignment bug in 'CRConServer::Execute()' Command string buffer contains "sv_cheats" and value buffer contains "sv_cheats 1". Ideally value buffer only contains "1", and we just concatenate to "sv_cheats 1" for 'Cmd_Dispatch()' to avoid confusion on the netconsole's programmer side. This will be refactored in the future.
2023-08-05 20:29:07 +02:00
if (!pCommandBase->IsCommand())
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Temporarily fix convar value assignment bug in 'CRConServer::Execute()' Command string buffer contains "sv_cheats" and value buffer contains "sv_cheats 1". Ideally value buffer only contains "1", and we just concatenate to "sv_cheats 1" for 'Cmd_Dispatch()' to avoid confusion on the netconsole's programmer side. This will be refactored in the future.
2023-08-05 20:29:07 +02:00
// Here we want to skip over the command string in the value buffer.
// So if we got 'sv_cheats 1' in our value buffer, we want to skip
// over 'sv_cheats ', so that we are pointing directly to the value.
const char* pFound = V_strstr(pValueString, pCommandString);
const char* pValue = nullptr;
if (pFound)
{
pValue = pFound + commandString.length();
// Skip any leading space characters.
while (*pValue == ' ')
{
++pValue;
}
}
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
ConVar* pConVar = reinterpret_cast<ConVar*>(pCommandBase);
Temporarily fix convar value assignment bug in 'CRConServer::Execute()' Command string buffer contains "sv_cheats" and value buffer contains "sv_cheats 1". Ideally value buffer only contains "1", and we just concatenate to "sv_cheats 1" for 'Cmd_Dispatch()' to avoid confusion on the netconsole's programmer side. This will be refactored in the future.
2023-08-05 20:29:07 +02:00
pConVar->SetValue(pValue ? pValue : pValueString);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
else // Invoke command callback directly.
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
{
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
CCommand cmd;
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
// Only tokenize if we actually have strings in the value buffer, some
// commands (like 'status') don't need any additional parameters.
if (VALID_CHARSTAR(pValueString))
{
cmd.Tokenize(pValueString, cmd_source_t::kCommandSrcCode);
}
Promote RCON command execution authority Allow RCON to execute any commands and set any cvar, regardless of their flags.
2023-08-04 11:53:46 +02:00
v_Cmd_Dispatch(ECommandTarget_t::CBUF_SERVER, pCommandBase, &cmd, false);
Implement stream serialization/deserialization in RCON server and client
2022-02-13 15:10:38 +01:00
}
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
//-----------------------------------------------------------------------------
Force name consistency Renamed to just 'netconsole' as it was phrased like that throughout other files.
2023-05-15 18:00:51 +02:00
// Purpose: checks for amount of failed attempts and bans netconsole accordingly
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
// Input : &data -
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
bool CRConServer::CheckForBan(CConnectedNetConsoleData& data)
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (data.m_bValidated)
Optimize RCON Don't run CheckForBan each iteration if no failed attempts are made
2022-05-13 21:41:03 +02:00
{
return false;
}
RConServer: remove extraneous copy CSocketCreator::GetAcceptedSocketAddress() returns a reference.
2024-01-01 20:09:32 +01:00
const netadr_t& netAdr = m_Socket.GetAcceptedSocketAddress(m_nConnIndex);
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
const char* szNetAdr = netAdr.ToString(true);
if (m_BannedList.size() >= RCON_MAX_BANNEDLIST_SIZE)
{
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
const char* pszWhiteListAddress = sv_rcon_whitelist_address.GetString();
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
if (!pszWhiteListAddress[0])
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Warning(eDLL_T::SERVER, "Banned list overflowed; please use a whitelist address. RCON shutting down...\n");
Shutdown();
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
return true;
}
// Only allow whitelisted at this point.
if (!m_WhiteListAddress.CompareAdr(netAdr))
{
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (sv_rcon_debug.GetBool())
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
{
Utilize 'DevMsg()' for uncertain builds only Only uncertain builds will contain DevMsg()/DevWarning() prints. For retail, Msg() and Warning() should be used instead.
2023-08-21 19:12:29 +02:00
Msg(eDLL_T::SERVER, "Banned list is full; dropping '%s'\n", szNetAdr);
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
}
return true;
}
}
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
data.m_bValidated = true;
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
// Check if IP is in the banned list.
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
if (m_BannedList.find(szNetAdr) != m_BannedList.end())
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
return true;
}
Force name consistency Renamed to just 'netconsole' as it was phrased like that throughout other files.
2023-05-15 18:00:51 +02:00
// Check if netconsole has reached maximum number of attempts > add to banned list.
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (data.m_nFailedAttempts >= sv_rcon_maxfailures.GetInt()
|| data.m_nIgnoredMessage >= sv_rcon_maxignores.GetInt())
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
// Don't add white listed address to banned list.
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
if (m_WhiteListAddress.CompareAdr(netAdr))
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
data.m_nFailedAttempts = 0;
data.m_nIgnoredMessage = 0;
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
return false;
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Warning(eDLL_T::SERVER, "Banned '%s' for RCON hacking attempts\n", szNetAdr);
RCON server improvements * Prevent attacker from being able to abuse and overflow the banned list vector. * Improved IPv6 comparison performance. * Change size fields of payload frame from unsigned to signed. * Close all accepted sockets on RCON server shutdown.
2023-04-16 17:51:48 +02:00
m_BannedList.insert(szNetAdr);
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
return true;
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
return false;
}
//-----------------------------------------------------------------------------
Add change callback for 'sv_rcon_maxconnections' If 'sv_rcon_maxconnections' is set higher than current auth socket count, reopen listen socket. If its set lower, close all sockets until auth socket count matches 'sv_rcon_maxconnections'. Sockets are getting closed in reverse order, so the netcon that connected last will be disconnected first.
2023-04-22 16:51:18 +02:00
// Purpose: close connection on current index
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
//-----------------------------------------------------------------------------
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
void CRConServer::Disconnect(const char* szReason) // NETMGR
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
{
Add change callback for 'sv_rcon_maxconnections' If 'sv_rcon_maxconnections' is set higher than current auth socket count, reopen listen socket. If its set lower, close all sockets until auth socket count matches 'sv_rcon_maxconnections'. Sockets are getting closed in reverse order, so the netcon that connected last will be disconnected first.
2023-04-22 16:51:18 +02:00
Disconnect(m_nConnIndex, szReason);
}
//-----------------------------------------------------------------------------
// Purpose: close specific connection by index
//-----------------------------------------------------------------------------
void CRConServer::Disconnect(const int nIndex, const char* szReason) // NETMGR
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(nIndex);
Remove extraneous check Should not fire this code if that cvar is set.
2023-09-17 17:19:32 +02:00
if (data.m_bAuthorized)
RCON QOL improvements
2022-02-24 16:44:33 +01:00
{
// Inform server owner when authenticated connection has been closed.
RConServer: remove extraneous copy CSocketCreator::GetAcceptedSocketAddress() returns a reference.
2024-01-01 20:09:32 +01:00
const netadr_t& netAdr = m_Socket.GetAcceptedSocketAddress(nIndex);
RCON system improvements * Added more error handling throughout code. * Marked function parameters 'const' where possible. * Updated comments.
2023-04-22 16:02:54 +02:00
if (!szReason)
{
szReason = "unknown reason";
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Utilize 'DevMsg()' for uncertain builds only Only uncertain builds will contain DevMsg()/DevWarning() prints. For retail, Msg() and Warning() should be used instead.
2023-08-21 19:12:29 +02:00
Msg(eDLL_T::SERVER, "Connection to '%s' lost (%s)\n", netAdr.ToString(), szReason);
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
m_nAuthConnections--;
RCON QOL improvements
2022-02-24 16:44:33 +01:00
}
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
Add change callback for 'sv_rcon_maxconnections' If 'sv_rcon_maxconnections' is set higher than current auth socket count, reopen listen socket. If its set lower, close all sockets until auth socket count matches 'sv_rcon_maxconnections'. Sockets are getting closed in reverse order, so the netcon that connected last will be disconnected first.
2023-04-22 16:51:18 +02:00
m_Socket.CloseAcceptedSocket(nIndex);
RCON implementation (see description) * Fully rewritten protocol agnostic CNetAdr class * Fully rebuilded legacy CNetAdr class * Fully rebuilded dual-stack CSocketCreator class * New project "netconsole" added (lightweight netconsole for RCON) RCON is still work in progress
2022-02-06 16:48:52 +01:00
}
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
//-----------------------------------------------------------------------------
// Purpose: close all connections except for authenticated
//-----------------------------------------------------------------------------
void CRConServer::CloseNonAuthConnection(void)
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
int nCount = m_Socket.GetAcceptedSocketCount();
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
for (int i = nCount - 1; i >= 0; i--)
{
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
CConnectedNetConsoleData& data = m_Socket.GetAcceptedSocketData(i);
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
Adjust names Adjust since previously they were pointers but now references.
2023-08-04 17:41:55 +02:00
if (!data.m_bAuthorized)
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
{
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
m_Socket.CloseAcceptedSocket(i);
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
}
}
}
Many small code improvements and optimizations * Use c++ methods as much as possible. * Use enum types for accessing NavMesh objects from array. * Use size_t for for loops when testing against size types. * Don't compute strlen twice of more on the same string. * Don't use unnecessary c string casts if there is a method with a std::string overload. * Don't create string objects from string pointers if we could use them directly. * Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
2022-08-11 11:07:45 +02:00
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
//-----------------------------------------------------------------------------
// Purpose: checks if this message should be send or not
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Input : responseType -
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
// Output : true if it should send, false otherwise
//-----------------------------------------------------------------------------
bool CRConServer::ShouldSend(const sv_rcon::response_t responseType) const
{
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
if (!IsInitialized() || !m_Socket.GetAcceptedSocketCount())
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
{
// Not initialized or no sockets...
return false;
}
if (responseType == sv_rcon::response_t::SERVERDATA_RESPONSE_CONSOLE_LOG)
{
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
if (!sv_rcon_sendlogs.GetBool() || !m_Socket.GetAuthorizedSocketCount())
RCONServer: send/serialize optimizations Check if we are initialized, have at least one socket, and in case of a console log, if we have at least 1 authorized netconsole before serializing the message and sending the result.
2023-03-13 21:20:20 +01:00
{
// Disabled or no authorized clients to send to...
return false;
}
}
return true;
}
Many small code improvements and optimizations * Use c++ methods as much as possible. * Use enum types for accessing NavMesh objects from array. * Use size_t for for loops when testing against size types. * Don't compute strlen twice of more on the same string. * Don't use unnecessary c string casts if there is a method with a std::string overload. * Don't create string objects from string pointers if we could use them directly. * Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
2022-08-11 11:07:45 +02:00
//-----------------------------------------------------------------------------
Initial large refactor of the RCON implementation * Decoding and encoding is done into a single buffer, from raw buffers to avoid extraneous copies. * Added base class holding all core logic for encoding, decoding, receiving and processing of the RCON protocol. This code was initially identical between all implementations of RCON, deduplicating this avoids bugs. * Added more sophisticated error handling, stop right away when decoding for example fails. * Added ability to have more than one active authenticated net console on the server. Controlled by cvar 'sv_rcon_maxconnections' (default 1). * Max packet size for accepted, but not authenticated sockets is now controled by cvar 'sv_rcon_maxpacketsize' (default 1024).
2023-04-19 01:35:31 +02:00
// Purpose: returns whether the rcon server is initialized
Many small code improvements and optimizations * Use c++ methods as much as possible. * Use enum types for accessing NavMesh objects from array. * Use size_t for for loops when testing against size types. * Don't compute strlen twice of more on the same string. * Don't use unnecessary c string casts if there is a method with a std::string overload. * Don't create string objects from string pointers if we could use them directly. * Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
2022-08-11 11:07:45 +02:00
//-----------------------------------------------------------------------------
bool CRConServer::IsInitialized(void) const
{
return m_bInitialized;
}
Add change callback for 'sv_rcon_maxconnections' If 'sv_rcon_maxconnections' is set higher than current auth socket count, reopen listen socket. If its set lower, close all sockets until auth socket count matches 'sv_rcon_maxconnections'. Sockets are getting closed in reverse order, so the netcon that connected last will be disconnected first.
2023-04-22 16:51:18 +02:00
//-----------------------------------------------------------------------------
// Purpose: returns the number of authenticated connections
//-----------------------------------------------------------------------------
int CRConServer::GetAuthenticatedCount(void) const
{
return m_nAuthConnections;
}
Tier1: static construction of ConVar objects during link time Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project. This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console). Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
2024-02-24 02:15:09 +01:00
//-----------------------------------------------------------------------------
// Purpose: change whitelist address on RCON server
//-----------------------------------------------------------------------------
static void RCON_WhiteListAddresChanged_f(IConVar* pConVar, const char* pOldString)
{
if (ConVar* pConVarRef = g_pCVar->FindVar(pConVar->GetName()))
{
if (strcmp(pOldString, pConVarRef->GetString()) == NULL)
return; // Same address.
if (!RCONServer()->SetWhiteListAddress(pConVarRef->GetString()))
{
Warning(eDLL_T::SERVER, "Failed to set RCON whitelist address: %s\n", pConVarRef->GetString());
}
}
}
//-----------------------------------------------------------------------------
// Purpose: change max connection count on RCON server
//-----------------------------------------------------------------------------
static void RCON_ConnectionCountChanged_f(IConVar* pConVar, const char* pOldString)
{
if (!RCONServer()->IsInitialized())
return; // Not initialized; no sockets at this point.
if (ConVar* pConVarRef = g_pCVar->FindVar(pConVar->GetName()))
{
if (strcmp(pOldString, pConVarRef->GetString()) == NULL)
return; // Same count.
const int maxCount = pConVarRef->GetInt();
int count = RCONServer()->GetAuthenticatedCount();
CSocketCreator* pCreator = RCONServer()->GetSocketCreator();
if (count < maxCount)
{
if (!pCreator->IsListening())
{
pCreator->CreateListenSocket(*RCONServer()->GetNetAddress());
}
}
else
{
while (count > maxCount)
{
RCONServer()->Disconnect(count - 1, "too many authenticated sockets");
count = RCONServer()->GetAuthenticatedCount();
}
pCreator->CloseListenSocket();
RCONServer()->CloseNonAuthConnection();
}
}
}
//-----------------------------------------------------------------------------
// Purpose: change RCON password on server and drop all connections
//-----------------------------------------------------------------------------
void RCON_PasswordChanged_f(IConVar* pConVar, const char* pOldString)
{
if (ConVar* pConVarRef = g_pCVar->FindVar(pConVar->GetName()))
{
if (strcmp(pOldString, pConVarRef->GetString()) == NULL)
return; // Same password.
if (RCONServer()->IsInitialized())
RCONServer()->SetPassword(pConVarRef->GetString());
else
RCONServer()->Init(); // Initialize first.
}
}
RCON improvements (see description) ** SERVER ** * Close redundant connections if max sockets have been reached. * Ban if client keeps spamming without authing first (ignoring message). * Check for whitelisted address before issuing bans (whitelisted address in ConVar 'sv_rcon_whitelist_address' will never get banned or get its connection terminated. * Transmit SQVM and DevMsg logs over the wire to the net console. ** NETCON ** * IPv6 support. * Close connection properly after FIN request. * Prompt user to reconnect after connection has been terminated instead of closing the application. * Add proper quit command. ** SDKLAUNCHER ** * Rename to 'launcher.exe' to describe its purpose better. Our logo gets printed nice and large on the console during startup. ** SDK ** * Cleanup.
2022-02-08 16:32:00 +01:00
///////////////////////////////////////////////////////////////////////////////
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
static CRConServer s_RCONServer;
RCON system light refactor * Used 'htonl'/'ntohl' for constructing the length prefix. * Used static socket/address members instead of pointers. * Used const qualifier where possible. * Changed length prefix field type to 'u_long'. * Removed extraneous include. * Properly escaped percentage characters on the RCON game client for the ImGui console.
2022-11-14 21:00:41 +01:00
CRConServer* RCONServer() // Singleton RCON Server.
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
{
Engine: fix RCON bugs and improve security - Upgraded hashing algorithm to SHA-512, and store the raw hash instead of a string copy, which is way cheaper to compute and compare. - Only ever close sockets once in CRConServer::SetPassword(). - Made the game server & game client RCON singletons static. - Added calls to gracefully shutdown RCON server and RCON client on Engine/SDK shutdown. - Added more prints so RCON user knows when its shutdown, or when their password change is in effect, etc. - Fixed bug where we could tokenize an empty string when we dispatch a console command.
2024-02-22 01:55:08 +01:00
return &s_RCONServer;
Implement RCON_PasswordChanged_f and ConVar improvements * Changing RCON passwords on the server now closes all connections and re-initializes the system. * Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
2022-07-25 19:35:08 +02:00
}
Reference in New Issue Copy Permalink