RepoMirrors/xonotic
1
0
Fork 0
mirror of https://gitlab.com/xonotic/xonotic synced 2025-03-04 18:37:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CA files to match srv03 deployment

Browse Source
This commit is contained in:
bones_was_here 2022-03-16 21:16:20 +10:00
parent dd0d27bf95
commit d84785b6b4
3 changed files with 103 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
misc/infrastructure/keygen/config.pl
View File

@ -6,15 +6,20 @@
{ {
my ($inc) = @_; my ($inc) = @_;
return 0 if ($inc >= 0) && check_dnsbl([qr/.*:.*:.*/], [], ['torexit.dan.me.uk', 'aspews.ext.sorbs.net']); return 0 if ($inc >= 0) && check_dnsbl([qr/.*:.*:.*/], [], ['torexit.dan.me.uk', 'aspews.ext.sorbs.net']);
return 0 if ($inc >= 0) && check_banlist('http://rm.endoftheinternet.org/~xonotic/bans/?action=list&servers=*'); return 0 if ($inc >= 0) && check_banlist('http://rm.sudo.rm-f.org/~xonotic/bans/?action=list&servers=*');
return 0 if check_sql('dbi:mysql:dbname=xonotic_ca', 'xonotic_ca', '************', 'ip', $inc); return 0 if check_sql('dbi:mysql:dbname=xonotic-ca', 'xonotic-ca', '************', 'ip', 0.2, 1, 20, 1000, $inc);
1; 1;
} }
}, },
15 => 1 =>
{ {
name => "Xonotic testing", name => "Xonotic Hub",
check => sub { 1; } check => sub
{
my ($inc) = @_;
return 0 if check_ipfiles('/home/xonotic-build/xonotic-release-build/misc/infrastructure/xhub/ips');
1;
}
} }
); );
$default_ca = 15; $default_ca = 0;

BIN
misc/infrastructure/keygen/crypto-keygen-standalone
View File

Binary file not shown.

114
misc/infrastructure/keygen/response.d0ir
View File

@ -24,6 +24,14 @@ sub error($)
exit 0; exit 0;
} }
sub check_ipfiles($)
{
my ($dir) = @_;
my $ip = $ENV{REMOTE_ADDR};
return 0 if -f "$dir/$ip";
return -1;
}
sub check_dnsbl($$@) sub check_dnsbl($$@)
{ {
my ($goodpatterns, $badpatterns, $list) = @_; my ($goodpatterns, $badpatterns, $list) = @_;
@ -34,20 +42,28 @@ sub check_dnsbl($$@)
# check goodpatterns # check goodpatterns
for(@$goodpatterns) for(@$goodpatterns)
{ {
return 0 if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/)
if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/; {
return 0;
}
} }
# check badpatterns # check badpatterns
for(@$badpatterns) for(@$badpatterns)
{ {
return -1 if($name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/)
if $name =~ /^(??{$_})$/ || $addr =~ /^(??{$_})$/; {
warn "$addr/$name blocked by $_";
return -1;
}
} }
# is he tor? # is he tor?
my $h = gethostbyname $addr; my $h = gethostbyname $addr;
return -1 if(not defined $h)
if not defined $h; {
warn "$addr blocked by gethostbyname()";
return -1;
}
my $blprefix = join '.', reverse unpack 'C4', $h; my $blprefix = join '.', reverse unpack 'C4', $h;
my $i = 0; my $i = 0;
@ -58,6 +74,8 @@ sub check_dnsbl($$@)
my $h2 = gethostbyname $hn; my $h2 = gethostbyname $hn;
next next
if not defined $h2; if not defined $h2;
my $h2_text = join '.', reverse unpack 'C4', $h2;
warn "$addr blocked by $hn -> $h2_text";
return -1; return -1;
} }
@ -67,30 +85,16 @@ sub check_dnsbl($$@)
# create table ip ( id INT AUTO_INCREMENT PRIMARY KEY, ip VARCHAR(64), t DATETIME, error BOOLEAN, INDEX(ip), INDEX(t), INDEX(error) ); # create table ip ( id INT AUTO_INCREMENT PRIMARY KEY, ip VARCHAR(64), t DATETIME, error BOOLEAN, INDEX(ip), INDEX(t), INDEX(error) );
our $__CACHED_DBH__; our $__CACHED_DBH__;
sub check_sql($$$$$) sub check_ip_record
{
my ($dsn, $u, $p, $tbl, $inc) = @_;
my $ip = $ENV{REMOTE_ADDR};
my $DBH = ($__CACHED_DBH__ ? $__CACHED_DBH__ : ($__CACHED_DBH__ = DBI->connect($dsn, $u, $p, { RaiseError => 1, AutoCommit => 0 })))
or die "DBI/DBD: $!";
$DBH->do("set character set utf8");
$DBH->do("set names utf8");
if($inc < 0)
{
$DBH->do("update $tbl set error=true where ip=?", undef, $ip);
$DBH->commit();
$DBH->disconnect();
return 0;
}
elsif($inc == 0)
{ {
my ($DBH, $tbl, $ip) = @_;
my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip) my $status = $DBH->selectrow_arrayref("select count(*) from $tbl where ip=? and error=false and t>date_sub(now(), interval 7 day)", undef, $ip)
or die "DBI/DBD: $!"; or die "DBI/DBD: $!";
$DBH->disconnect(); return $status->[0];
return $status->[0] ? -1 : 0;
} }
else sub insert_ip_record
{ {
my ($DBH, $tbl, $ip) = @_;
my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip) my $status = $DBH->selectall_arrayref("select error, t>date_sub(now(), interval 7 day) from $tbl where ip=?", undef, $ip)
or die "DBI/DBD: $!"; or die "DBI/DBD: $!";
if(@$status) if(@$status)
@ -98,23 +102,66 @@ sub check_sql($$$$$)
if($status->[0][0] || !$status->[0][1]) # error, or after interval if($status->[0][0] || !$status->[0][1]) # error, or after interval
{ {
$DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip); $DBH->do("update $tbl set error=false, t=now() where ip=?", undef, $ip);
$DBH->commit();
$DBH->disconnect();
return 0; return 0;
} }
else # too soon else # too soon
{ {
$DBH->disconnect(); return 1;
return -1;
} }
} }
else else
{ {
$DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip); $DBH->do("insert into $tbl(ip, error, t) values(?, false, now())", undef, $ip);
return 0;
}
}
sub delete_ip_record
{
my ($DBH, $tbl, $ip) = @_;
$DBH->do("update $tbl set error=true where ip=?", undef, $ip);
}
sub check_sql($$$$$$$$$)
{
my ($dsn, $u, $p, $tbl, $per32, $per24, $per16, $per8, $inc) = @_;
my $ip = $ENV{REMOTE_ADDR};
my $DBH = ($__CACHED_DBH__ ? $__CACHED_DBH__ : ($__CACHED_DBH__ = DBI->connect($dsn, $u, $p, { RaiseError => 1, AutoCommit => 0 })))
or die "DBI/DBD: $!";
eval {
$DBH->do("set character set utf8");
$DBH->do("set names utf8");
$DBH->do("set time_zone = '+0:00'");
} or do {
undef $__CACHED_DBH__;
die $@;
};
if($inc < 0)
{
delete_ip_record($DBH, $tbl, $ip);
$DBH->commit(); $DBH->commit();
$DBH->disconnect(); $DBH->disconnect();
return 0; return 0;
} }
elsif($inc == 0)
{
my $status = check_ip_record($DBH, $tbl, $ip);
$DBH->disconnect();
if ($status)
{
warn "$ip blocked by SQL";
}
return $status;
}
else
{
my $status = insert_ip_record($DBH, $tbl, $ip);
$DBH->commit();
$DBH->disconnect();
if ($status)
{
warn "$ip blocked by SQL";
}
return $status;
} }
} }
@ -126,7 +173,11 @@ sub check_banlist($)
for(0..@s/4-1) for(0..@s/4-1)
{ {
my $i = $s[4*$_]; my $i = $s[4*$_];
return 1 if "$ip." =~ /^\Q$i\E\./; if("$ip." =~ /^\Q$i\E\./)
{
warn "$ip blocked by SQL";
return 1;
}
} }
return 0; return 0;
} }
@ -214,6 +265,9 @@ Content-type: text/html
<hr> <hr>
To use another CA, please enter its number here before using this page: To use another CA, please enter its number here before using this page:
<input type="text" name="ca" value="$default_ca" size="2"> <input type="text" name="ca" value="$default_ca" size="2">
<hr>
REMOTE_HOST=$ENV{REMOTE_HOST}<br>
REMOTE_ADDR=$ENV{REMOTE_ADDR}
</body> </body>
</html> </html>
EOF EOF