Commit Graph

61 Commits

Author SHA1 Message Date
Jordie 8a66665e95 Ban system and interface update (#41176)
Spiritual successor and extension to #17798, an almost entire rebuild of the SQL ban system backend and interface.
Bantypes are removed per #8584 and #6174. All bans are now 'role bans', server bans are when a ban's role is server. Admin bans are a column, meaning it's possible to ban admins from jobs.
Bans now have only an expiry datetime, duration is calculated from this when queried.
unbanned column is removed as it's superfluous, checking unban status is now done through checking unban_datetime. unban_round_id column added. Each ip and computerid columns rearranged so ip is always first, like in other tables. Bans now permit a null ckey, ip and computerid.

Ban checking is split into two procs now is_banned_from() does a check if a ckey is banned from one or more roles and returns true or false. This effectively replaces jobban_isbanned() used in simple if() statements. If connected a client's ban cache is checked rather than querying the DB. This makes it possible for a client connected to two or more servers to ignore any bans made on one server until their ban cache is rebuilt on the others. Could be avoided with cross-server calls to update ban caches or just the removal of the ban cache but as is I've done neither since I think it's enough of an edge case to not be worth it.
The second proc is is_banned_from_with_details(), this queries the DB for a role ban on a player's ckey, ip or CID and returns the details. This replaces direct queries in IsBanned.dm and the preferences menu.

The legacy ban system is removed.

The interfaces for banning, unbanning and editing bans have been remade to require less clicking and easier simultaneous operations. The banning and jobban panel are combined. They also store player connection details when opened so a client disconnecting no longer stops a ban being placed.

New banning panel:
Key, IP and CID can all be toggled to allow excluding them from a ban.
Checking Use IP and CID from last connection lets you enter only a ckey and have the DB fill these fields in for you, if possible.
Temporary bans have a drop-menu which lets you select between seconds, minutes, hours, days, weeks, months and years so you don't need to calculate how many minutes a long ban would be. The ban is still converted into minutes on the DB however.
Checking any of the head roles will check both of the boxes for you.
The red role box indicates there is already a ban on that role for this ckey. You can apply additional role bans to stack them.

New unbanning panel:
Unbanning panel is now separate from the banning panel but otherwise functionally the same.

Ban editing panel:
Actually just a modified banning panel, all the features from it work the same here.
You can now edit almost all parameters of a ban instead of just the reason.
You can't edit severity as it's not really part of the ban.
The panels have been tested but I've not been able to get my local server to be accessible so ban functionality isn't properly confirmed. Plenty of testing will be required as I'd rather not break bans.



cl
admin: Ban interface rework. The banning and unbanning panels have received a new design which is easier to use and allows multiple role bans to be made at once.
prefix: Ban search and unbanning moved to unbanning panel, which is now a separate panel to the old banning panel.
/cl
2018-12-05 08:48:37 +13:00
ShizCalev 41a2935b67 Clean up redundant text2num in ban messages (#41024) 2018-10-20 11:35:57 -07:00
Jordie c56f2a81ff fix ban time check runtime 2018-10-19 10:54:35 +11:00
ShizCalev d470262007 Ban Message Duration (#40986) 2018-10-18 14:02:12 -04:00
Jordie0608 3f881722e8 adds query safety for getting ckeys not in player table 2018-08-26 01:45:25 +10:00
Jordie 0d7ef3ed65 Key instead of ckey for user facing logs and ui (#39009)
* converts to using key instead of ckey for user facing logs and ui

* more key_name for airlock wires

* futureproofing check for if key changes

* --onlyckeymatch script argument and fail/success counter

* fix
2018-08-11 02:15:50 +10:00
Jordan Brown 9633016e8e Move IsBanned query to async (#39178) 2018-07-18 22:53:17 +03:00
Jordan Brown cf7e8aa9ec Qdels queries, adds sleep safety checks, DBcore checks for leaks (#38363)
* Qdels all queries, adds sleep handling

* DB Core messages admins about undeleted queries

* Compile fixes. Adds missing set waitfor

* Remove world/New shennanigans. Add DBQuery/BlockingExecute()

* Less spammy notifications to admins about undeleted queries

* Increase dbcore fire time to 1 minute

* Upgrade undeleted query warning

* Better place of death

* Fix build

* Remove BlockingExecute, see BSQL PR for why

* Yep, missed that one.

* Psyche, that's the WRONG QUERY!!
2018-06-18 22:48:35 +03:00
Jordie 8485269fc6 Adds round id to server ban messages (#37114)
* adds round id to server ban message

* adds round id to ban denied connection message

* adds round id for legacy ban message

* B

* erroneous space
2018-04-12 12:48:33 -04:00
Kyle Spier-Swenson 4e929c74a9 Deadmin tweaks: Admins without +AUTOLOGIN start deadmined. AUTOLOGIN defaults to on. (#33480)
* Deadmin tweaks, Admins without +ADMIN start deadmined.
Deadmining no longer destroys the admin datum.
Admins without +ADMIN start deadmined, reloading admins re-deadmins them.
Moved some code around to make it more sane
People with +PERMISSION can now deadmin or readmin other admins at will.

* Adds new flag for if the role should automatically log in, defaults to on, can be removed with -AUTOLOGIN
Also fixes a bug in permission panel not handling these cases gracefully
2017-12-13 22:03:37 -05:00
swindly d3df913402 fixes spelling and stuff (#32531) 2017-11-09 11:03:50 -06:00
McBawbaggings 4ebacfbfa5 Hopefully fixes guest accounts being able to log in 2017-11-03 15:18:02 +00:00
Emmett Gaines 879b84da64 Makes isbanned have an arg for only checking real bans (#32248)
* makes isbanned have an arg for only checking real bans

* makes it return false if invalid data is passed in on a real bans check
2017-11-01 09:09:10 +13:00
Jordan Brown 4178c209f1 Configuration datum refactor (#30763)
* Configuration datum refactor

* More WIP

* New easier on the eyes format

* More WIP

* Finished config.txt

* Fucktons more WIP

* The end of conversion draws near...

* Add all this shit

* Done converting entries finally

* Hunting down compile errors

* More WIP

* MORE CONVERSIONS

* More WIP

* More WIP

* Oh shit only 90 errors this time!

* IT COMPILES!!!

* Fixes world start runtimes
2017-09-29 15:36:51 +13:00
Kyle Spier-Swenson 4318caa102 Show ban id to banned players
So we can look up what ban is matching and other details like roundid.
2017-06-29 11:22:01 -07:00
Cyberboss fa135a10b3 Makes a thing use the right proc (#27071) 2017-05-09 16:34:56 -03:00
Jordie0608 69a07b5ecf persistent investigate and game logs separated by round ID 2017-04-27 22:10:51 +10:00
Cyberboss 3c3f7d3b60 Refactors dbcon into a subsystem (#26134)
* Refactors dbcon into a subsystem

* Swear I got that already...
2017-04-17 15:18:17 +10:00
Cyberboss 9e1ef0ffe2 Global variable wrappers (#25325)
* Add the system for managed global variables

* Travis ban old globals

* So you CAN inline proccall, that's neat

* Fix that

* master.dm

* Remove the hack procs

* Move InitGlobals to the proper spot

* configuration.dm

* Fix the missing pre-slash

* clockcult.dm

* This is probably for the best

* Doy

* Fix shit

* Rest of the DEFINES tree

* Fix

* Use global. for access

* Update find_references_in_globals

Always hated that proc

Whoever made it must've bee a r e a l idiot...

* __HELPERS tree

* Move global initialization to master.

Fix the declaration

* database.dm

* Dat newline

* I said DECLARATIVE order!

* Here's something you can chew on @Iamgoofball

* game_modes.dm

* Fix this

* genetics.dm

* flavor_misc.dm

* More stuff

* Do it mso's way. Keep the controllers as global

* Make master actually see it

* Fix

* Finish _globalvars/lists

* Finish the rest of the _globalvars tree

* This is weird

* Migrate the controllers

* SLOTH -> GLOB

* Lighting globals

* round_start_time -> ticker

* PAI card list -> pai SS

* record_id_num -> static

* Diseases list -> SSdisease

* More disease globals to the SS

* More disease stuff

* Emote list

* Better and better

* Bluh

* So much stuff

* Ahh

* Wires

* dview

* station_areas

* Teleportlocs

* blood_splatter_icons

* Stuff and such

* More stuff

* RAD IO

* More stuff and such

* Blob shit

* Changeling stuff

* Add "Balance" to changelogs

* Balance for changelog compiler + Auto Tagging

* Update the PR template

* hivemind_bank

* Bip

* sacrificed

* Good shit

* Better define

* More cult shit

* Devil shit

* Gang shit

* > borers

Fix shit

* Rename the define

* Nuke

* Objectives

* Sandbox

* Multiverse sword

* Announce systems

* Stuff and such

* TC con

* Airlock

* doppllllerrrrrr

* holopads

* Shut up byond you inconsistent fuck

* Sneaky fuck

* Burp

* Bip

* Fixnshit

* Port without regard

* askdlfjs;

* asdfjasoidojfi

* Protected globals and more

* SO MANY

* ajsimkvahsaoisd

* akfdsiaopwimfeoiwafaw

* gsdfigjosidjfgiosdg

* AHHHHHHHHHHHHHHHHHHHHHHH!!!!!

* facerolll

* ASDFASDFASDF

* Removes the unused parts of dmm_suite

* WIP

* Fix quote

* asdfjauwfnkjs

* afwlunhskjfda

* asfjlaiwuefhaf

* SO CLOSE

* wwwweeeeeewwwww

* agdgmoewranwg

* HOLY MOTHER OF FUCK AND THATS JUST HALF THE JOB?!?

* Fix syntax errors

* 100 errors

* Another 100

* So many...

* Ugh

* More shit

* kilme

* Stuuuuuufffff

* ajrgmrlshio;djfa;sdkl

* jkbhkhjbmjvjmh

* soi soi soi

* butt

* TODAY WE LEARNED THAT GLOBAL AND STATIC ARE THE EXACT SAME FUCKING THING

* lllllllllllllllllllllllllllllllllllllllllll

* afsdijfiawhnflnjhnwsdfs

* yugykihlugk,kj

* time to go

* STUFFF!!!

* AAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!

* ngoaijdjlfkamsdlkf

* Break time

* aufjsdklfalsjfi

* CONTROL KAY AND PRAY

* IT COMPILEELEELELAKLJFKLDAFJLKFDJLADKJHFLJKAJGAHIEJALDFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

* Goteem

* Fix testing mode

* This does not belong in this PR

* Convert it to a controller

* Eh, fuck this option

* Revert controllerization Ill do it some other time

* Fix

* Working controllerization

* FOR THE LOVE OF CHRIST PROTECT THE LOGS

* Protect admins and deadmins

* Use the inbuilt proc
2017-04-06 23:26:13 -06:00
Lzimann 5a618297ce Replaces the default output with the to_chat wrapper. 2017-03-10 01:32:05 -03:00
Jordie 63b3699cdd MySQL Execute error handling (#24738)
* wip commit

* mysql execute proc now handles errors itself

* adds log_sql()

* implements log_sql()
2017-03-07 10:55:42 +01:00
Jordie 72a93bae7d Continues to add default sql indexes and table optimisations (#24456)
* adds default sql indexes and table optimisations

* fixes warnings

* edits to text and better update queries

* wrong table

* superior copypaste skills

* who has

* names

* that long

* add inet

* fix for badmins giving 2 billion brainloss

* fixes rank name and adds sanitizing
2017-02-27 22:44:26 +11:00
oranges 17a7c01e36 Revert "Adds default sql indexes and table optimisations" 2017-02-21 17:53:41 +13:00
Jordie 62da82fcd9 Adds default sql indexes and table optimisations (#24277)
* adds default sql indexes and table optimisations

* fixes warnings
2017-02-21 09:49:48 +13:00
Cyberboss 2d424cf6be Moves some stuff that belongs in dbcore to dbcore (#24145)
* Moves some stuff that belongs in dbcore to dbcore

* Wew garbage

* Ree

* Fixed
2017-02-19 14:21:53 +13:00
Leo 9c6803ae19 Ports Paradise error handler, with in game runtime viewer! (#24036)
* Ports paradise error handler, with in game runtime viewer!

* Changes to the old runtime error and removes inerror reference

* Oops

* Adds a wrapper for world.log so it displays both in the runtime diary and in DD window
2017-02-14 11:39:31 +11:00
oranges f3acff4706 Adds a ckey whitelist, stripping out some dead code (#21875)
* Adds a whitelist, stripping out some dead code in the process

Old job whitelist that wasn't used has been removed.

Config has been repurposed, uncomment USEWHITELIST, only ckey's in
admins.txt or whitelist.txt in the config will be allowed to connect to
the server

* More examples

* Add a guy

* Update whitelist.txt

* Put him in
2016-12-04 15:33:15 +11:00
Kyle Spier-Swenson c1b14680c4 Rogue stickyban detection system. (#19201)
* Rogue stickyban detection system.

This will detect when stickybans go rogue and revert them to whatever their state was when the world started.

* does the remie

* Increases STICKYBAN_MAX_MATCHES to 20 to prevent gaming
2016-07-16 12:00:47 +12:00
MrStonedOne d220416ed3 Makes ipintel only warn, fixes some cache things. 2016-06-17 03:54:42 -07:00
MrStonedOne c37ae784e7 Adds local cache, doesn't check reconnects, fixes bugs 2016-06-16 21:04:52 -07:00
MrStonedOne d67b9cbe0c Removes debugging messages 2016-06-16 21:04:51 -07:00
MrStonedOne 2366eb1a20 PUTS NIKNAK OUT OF A JOB! 2016-06-16 21:04:50 -07:00
Remie Richards da295d9f9f Computer ID is a string, Thanks byond.
I chose text2num() over putting the integer max in quotes since I believe text2num() is nicer than doing a string comparison.
2015-12-11 18:08:19 +00:00
Remie Richards 0ae0f84325 Revert "[s]Fixes the logic of IsBanned and bad CIDs" 2015-12-11 17:49:30 +00:00
Remie Richards 1efcc64990 Fixes the logic of IsBanned and bad CIDs
the bad CIDs aren't perfectly the Integer max, they're above it.
2015-12-11 17:27:42 +00:00
Kyle Spier-Swenson 88a795a0c6 fixes typo in is banned() 2015-12-06 12:54:36 -08:00
Kyle Spier-Swenson 0d55edc2b0 Hot fix for stickybans going hey wire 2015-12-06 12:20:12 -08:00
Kyle Spier-Swenson 714c460416 Adds missing closing span tags to admin ban bypass notices. 2015-09-27 17:50:18 -07:00
MrStonedOne eb8b97cb2b Cleans up isbanned() and stickyban handling
isbanned() cleaned up, it logs sticky ban matches, and better handles admins being exempt from bans
Adminbans now still work once the admin is demoted.
Admins bypassing a ban because they are an admin is logged and announced to all admins including the one who walked past it.
Admins are now exempt from host bans. (this only applies to host bans for ss13, global host bans (where the 'apply to this game only' checkbox is not checked (defaults to not checked)) do not trigger isbanned() and thus, admins can not bypass them, no matter what we do.)

Added a system to queue a message for a client, to be shown next time they connect, this was needed because isbanned() is called before the client is created, so if you want to send a message to an admin, letting them know they just walked pass a matching ban, you have to do it this way.
2015-09-26 23:30:26 -07:00
Firecage f79e0fc1aa Updates more paths, for example obj/stuff to /obj/stuff 2015-05-31 17:48:33 +02:00
MrStonedOne eb6279a5a4 Removes admin notices on failed logins in isbanned
This could be used to spam admins, without them having any way to stop it, and as tobba has informed me, isbanned() is called before byond does much validation on the data (like checking that the claimed username exist or validating that they own it), leaving these notices vulnerable to html injection
2015-04-15 10:11:37 -07:00
MrStonedOne b0b4d7f580 IsBanned() now rejects blank ckeys/ips/cids
Also removes the admin notice. Its still logged, but this way the admins don't get spammed during world reboot.
2015-03-05 19:35:33 -08:00
MrStonedOne 5529222b62 Fixes guests being allowed to connect while panic bunker is active
I was tempted to move all the panic bunker shit to isbanned(), but doing so would mean adding yet ANOTHER query that gets run on every connection, and run for every player on world restart.

That just seemed like not worth the effort to just make panic bunker trigger a little bit earier.
2015-02-26 16:48:43 -08:00
Incoming 7903aba6d3 Adds optional population caps for those that want them. These be dark measures, so tread carefully ye who dare enter this place.
There are three "levels" of popcaps, and you can use them in any assortment you like:

The "soft" cap produces a message on join, and takes no action.

The "hard" cap disallows joining whilst too many other people are alive and playing in game, but allows observing.

The "extreme" cap prevents people from joining the server at all while the cap is exceeded. It won't kick out people who failed to qualify during roundstart, but if they leave they won't be able to get back in.

In each case a customizable message config option has been given. Admins are also immune to most population caps (they still are hit by the ones in job shuffling, but can late join as normal afterwards)
2015-02-04 01:58:02 -05:00
MrStonedOne e21ed011af Fixes some erros in the database system
Replaces erro_ with a configurable table prefix system
Defaults to erro_ if not configured, but configuation files default to SS13_
2014-09-19 13:37:58 -07:00
Firecage 6d259e10ec Spanclass fixes 2014-09-03 20:00:35 +02:00
Firecage 6c7af5eb32 SPANCLASSES!!!!! 2014-08-26 09:52:13 +02:00
EuroNumbers 31d4f16e62 Fixes incompabilities of ban DB with Linux system
ALWAYS USE LOWERCASE
2014-01-22 23:58:57 +01:00
carnie fc8ba2112d Removes TorBan.
Better alternatives are so cheap nowadays as to render it pretty useless.
2013-08-12 13:28:11 +01:00
errorage 912815f1d1 Admin bans
- Adds two new types of bans: admin tempbans and admin permabans. These ban types are in reaction to the rising number of banworthy admin issues. The original intent was to make admins unbannable ingame, so players could not spoof admin computer ids to get admins banned, with the assumption that admin issues will be rare and a big deal when they happen. They have however started becoming ever more common, so some tools are required to allow for admin self-policing.
- Each admin can have a maximum of one active admin ban (temporary or permanent) logged to their name. This is to prevent rogue admins from just banning everyone who could ban them. These bans are also not intended to be 'permanent-permanent'. They are intended to serve as a temporary fix, to get rid of rogue admins until the server host or another admin with rdp access (or +PERMISSIONS if you use DB_Admin) can deal with the rogue admin's removal. Once that is done, a normal permaban or tempban can be applied, and the admin permaban/tempban removed, restoring the banning admin's 1 allowed admin ban.
- Admin bans are considered a big deal, so they also send a message to irc, when they are applied.
- NOTE: Admin bans only check the connecting person's ckey. The risk of computer id spoofing still exists, so it's better not to have them check ips and computer ids. The admin abilities are given based on ckey anyway, so a ckey ban should be enough in most cases.

Other changes to bans
- Added a few variables to the funciton that adds a ban: maxadminbanchec (which is for admin bans and checks how many bans the admin can still apply); announceinirc and blockselfban (which prevents admins from applying the ban type on themselves. Currently applied for permaban, tempban, admin permaban, admin tempban)
- Changed the appearance ban database constant from APPEARANCE_BAN to APPEARANCE_PERMABAN, to make it more compatible with the ban log at http://www.ss13.eu/tgdb/banoverview.php
- Added a missing sanity check to topic.dm for appearance bans
- Renamed appearance bans to identity bans in admin panels (as per Pete's request)
2013-04-03 23:28:24 +02:00