admin stuff (TauCetiStation#12432)

TgT4 · Nov 13, 2023 · 2603fc0 · 2603fc0
1 parent ab3e83f
commit 2603fc0
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 12 deletions.
diff --git a/code/game/world.dm b/code/game/world.dm
@@ -41,6 +41,7 @@ var/global/it_is_a_snow_day = FALSE
 	if(config.usealienwhitelist)
 		load_whitelistSQL()
 	LoadBans()
+	load_guard_blacklist()
 
 	spawn
 		changelog_hash = trim(get_webpage(config.changelog_hash_link))
@@ -378,6 +379,31 @@ var/global/shutdown_processed = FALSE
 			var/active_hours_left = num2text((active_until - world.realtime) / 36000, 1)
 			log_game("Round with registration panic bunker! Panic age: [config.registration_panic_bunker_age]. Enabled by [enabled_by]. Active hours left: [active_hours_left]")
 
+/world/proc/load_guard_blacklist()
+	if(!config.guard_enabled || !fexists("config/guard_blacklist.txt"))
+		return
+
+	var/L = file2list("config/guard_blacklist.txt")
+
+	for(var/line in L)
+		line = trim(line)
+
+		if(!length(line) || line[1] == "#")
+			continue
+
+		var/pos = findtext(line," ")
+		var/code = trim(copytext(line, 1, pos))
+		var/value = trim(copytext(line, pos))
+
+		if(!length(value)) // don't fuck up
+			continue
+
+		switch(code)
+			if("IP")
+				guard_blacklist["IP"] += value
+			if("ISP")
+				guard_blacklist["ISP"] += value
+
 /world/proc/load_supporters()
 	if(config.allow_donators && fexists("config/donators.txt"))
 		var/L = file2list("config/donators.txt")

diff --git a/code/modules/admin/IsBanned.dm b/code/modules/admin/IsBanned.dm
@@ -6,28 +6,29 @@
 
 // Blocks an attempt to connect before even creating our client datum thing.
 // real_bans_only check exists bans, not resticts(WhiteList, GuestPass)
-/world/IsBanned(key, address, computer_id, type, real_bans_only = FALSE)
+/world/IsBanned(key, address, computer_id, type, real_bans_only = FALSE, provided_ckey)
+	key = ckey(key) // for better logs
+	var/ckey = key  // for better code readability
 	log_access("ISBANNED: '[args.Join("', '")]'")
 
 	// Shunt world topic banchecks to purely to byond's internal ban system
 	if (type == "world")
 		return ..()
 
 	var/is_admin = FALSE
-	var/ckey = ckey(key)
 	var/client/C = global.directory[ckey]
 
 	// Don't recheck connected clients.
 	if (!real_bans_only && istype(C) && ckey == C.ckey && computer_id == C.computer_id && address == C.address)
 		return
 
 	// Whitelist
-	if(!real_bans_only && config.bunker_ban_mode && is_blocked_by_regisration_panic_bunker_ban_mode(key))
+	if(!real_bans_only && config.bunker_ban_mode && is_blocked_by_regisration_panic_bunker_ban_mode(ckey))
 		return list(BANKEY_REASON="", "desc"="[config.bunker_ban_mode_message]")
 	//Guest Checking
-	if(!real_bans_only && !guests_allowed && IsGuestKey(key))
-		log_access("Failed Login: [key] - Guests not allowed")
-		message_admins("<span class='notice'>Failed Login: [key] - Guests not allowed</span>")
+	if(!real_bans_only && !guests_allowed && IsGuestKey(ckey))
+		log_access("Failed Login: [ckey] - Guests not allowed")
+		message_admins("<span class='notice'>Failed Login: [ckey] - Guests not allowed</span>")
 		return list("reason"="guest", "desc"="\nReason: Guests not allowed. Please sign in with a byond account.")
 	// Admin allowed anyway
 	if (ckey in admin_datums)

diff --git a/code/modules/admin/admin.dm b/code/modules/admin/admin.dm
@@ -74,6 +74,7 @@ var/global/BSACooldown = 0
 		<b>Guard:</b> <A href='?src=\ref[src];guard=\ref[M]'>Show</A> |
 		<b>List of CIDs:</b> <A href='?src=\ref[src];cid_list=\ref[M]'>Get</A>|<A href='?src=\ref[src];cid_ignore=\ref[M]'>Ignore Warning</A><br>
 		<b>Related accounts by IP and cid</b>: <A href='?src=\ref[src];related_accounts=\ref[M]'>Get</A><br>
+		<b>CentCom (other server bans)</b>: <A target='_blank' href='https://centcom.melonmesa.com/viewer/view/[M.ckey]'>CentCom (ENG)</A><br>
 		<b>BYOND profile</b>: <A target='_blank' href='http://byond.com/members/[M.ckey]'>[M.ckey]</A><br><br>
 		<A href='?src=\ref[src];boot2=\ref[M]'>Kick</A> |
 		<A href='?_src_=holder;warn=[M.ckey]'>Warn</A> |

diff --git a/code/modules/client/guard.dm b/code/modules/client/guard.dm
@@ -1,3 +1,5 @@
+var/global/list/guard_blacklist = list("IP" = list(), "ISP" = list())
+
 /datum/guard
 	var/client/holder
 	var/total_alert_weight = 0
@@ -41,11 +43,12 @@
 			process_autoban()
 
 /datum/guard/proc/do_announce()
+	log_admin("GUARD: new player [key_name(holder)] is suspicious with [total_alert_weight] weight[log_end] | [short_report]")
+
 	if(!total_alert_weight || total_alert_weight < 1)
 		return
 
 	message_admins("GUARD: new player [key_name_admin(holder)] is suspicious with [total_alert_weight] weight (<a href='?_src_=holder;guard=\ref[holder.mob]'>report</a>)", R_LOG)
-	log_admin("GUARD: new player [key_name(holder)] is suspicious with [total_alert_weight] weight[log_end]\nGUARD: [short_report]")
 
 	if(!bridge_reported)
 		bridge_reported = TRUE
@@ -96,10 +99,35 @@
 		Remember: next flags may be false-positives!<br>
 		Proxy: [geoip_data["proxy"]];<br> Mobile: [geoip_data["mobile"]];<br> Hosting: [geoip_data["hosting"]];<br> Ipintel: [geoip_data["ipintel"]];</div>"}
 
-		new_short_report += "Geoip:[geoip_data["proxy"]],[geoip_data["mobile"]],[geoip_data["hosting"]],[geoip_data["ipintel"]]; "
-
+		new_short_report += "Geoip([geoip_data["isp"]]):[geoip_data["proxy"]],[geoip_data["mobile"]],[geoip_data["hosting"]],[geoip_data["ipintel"]]; "
 		total_alert_weight += geoip_weight
 
+	/* blacklist */
+	if(geoip_processed && geoip_data["isp"])
+		var/blacklist_weight = 0
+
+		var/bad_isp = FALSE
+		var/bad_ip = FALSE
+
+		if(geoip_data["isp"] in guard_blacklist["ISP"])
+			bad_isp = TRUE
+
+		for(var/mask in guard_blacklist["ISP"]) 
+			if(findtext(holder.address, mask)) // real ip masks?
+				bad_isp = TRUE
+				break
+
+		if(bad_isp | bad_ip)
+			blacklist_weight += 1
+			new_report += {"<div class='Section'><h3>GeoIP Blacklist ([blacklist_weight]):</h3>
+			[bad_isp ? "ISP in blacklist; " : ""]
+			[bad_ip ? "IP in blacklist; " : ""]
+			</div>"}
+
+			new_short_report += "[bad_isp ? "BADISP " : ""][bad_ip ? "BADIP " : ""](tw: [blacklist_weight]); "
+
+		total_alert_weight += blacklist_weight
+
 	/* country */
 	if(geoip_processed && geoip_data["countryCode"] && length(config.guard_whitelisted_country_codes))
 		var/country_weight = 0
@@ -287,8 +315,8 @@
 	if(config.banappeals)
 		to_chat(holder, "<span class='red'>To try to resolve this matter head to [config.banappeals]</span>")
 
-	log_admin("Tau Kitty has banned [holder.ckey].\nReason: [reason]\nThis is a permanent ban.")
-	message_admins("Tau Kitty has banned [holder.ckey].\nReason: [reason]\nThis is a permanent ban.")
+	log_admin("GUARD: Tau Kitty has banned [holder.ckey].\nReason: [reason]\nThis is a permanent ban.")
+	message_admins("GUARD: Tau Kitty has banned [holder.ckey].\nReason: [reason]\nThis is a permanent ban.")
 
 	if(config.guard_autoban_sticky)
 		var/list/ban = list()

diff --git a/code/modules/tgui_panel/telemetry.dm b/code/modules/tgui_panel/telemetry.dm
@@ -86,7 +86,7 @@
 		if (!(row["ckey"] && row["address"] && row["computer_id"]))
 			continue
 
-		if (world.IsBanned(row["ckey"], row["address"], row["computer_id"], real_bans_only = TRUE))
+		if (world.IsBanned(row["ckey"], row["address"], row["computer_id"], real_bans_only = TRUE, provided_ckey=ckey(client.ckey)))
 			found = row
 			break
 

diff --git a/config/example/guard_blacklist.txt b/config/example/guard_blacklist.txt
@@ -0,0 +1,3 @@
+# Format:
+# ISP Provider name
+# IP 123.456.789.