AlliedModders
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

AlliedModders (https://forums.alliedmods.net/index.php)
-   Extensions (https://forums.alliedmods.net/forumdisplay.php?f=134)
-   -   SM RCon (updated 2012-09-09) (https://forums.alliedmods.net/showthread.php?t=168403)

psychonic 09-28-2011 15:13
SM RCon (updated 2012-09-09)
 
2 Attachment(s)
Provides forwards for handling RCon auth and commands from within SourceMod plugins.
This extension borrows some knowledge from the former gmsv_rcon extension for gmod, and expands on it with more functionality reversed.

Currently, only the Source 2007, Source 2009, L4D and L4D2 engines are supported. This includes:
  • CS:GO
  • CS:S
  • TF2
  • DOD:S
  • HL2DM
  • Left 4 Dead
  • Left 4 Dead 2
  • Ep2 / 2007 Mods

Support for more engines can (probably) be added if there is interest.

PHP Code:
/**
 * @brief Called when an RCon session auth is processed
 *
 * @param rconId    RCon listener ID, unique per session.
 * @param address    Originating IP address.
 * @param password    Password sent by RCon client.
 * @param allow        True to grant auth, false otherwise.
 * @return             Plugin_Changed to use given allow value, Plugin_Continue to let engine process.
 */
forward Action SMRCon_OnAuth(int rconId, const char[] address, const char[] passwordbool &allow);

/**
 * @brief Called when an RCon command is processed.
 *
 * @note Rejection here does not count as a bad password attempt;
 *       however, the RCon log line will be annotated in the form
 *       of 'command (rejected) "%s"' rather than just 'command "%s"'
 *
 * @param rconId    RCon listener ID, unique per session.
 * @param address    Originating IP address.
 * @param command    Command sent by RCon client.
 * @param allow        True to allow command to be processed, false otherwise.
 * @return             Plugin_Changed to use given allow value, Plugin_Continue to let engine process.
 */
forward Action SMRCon_OnCommand(int rconId, const char[] address, const char[] commandbool &allow);

/**
 * @brief Called when an RCon session is disconnected.
 *
 * @param rconId    RCon listener ID, unique per session.
 */
forward void SMRCon_OnDisconnect(int rconId);

/**
 * @brief Called when an RCon log line is written
 *
 * @param rconId    RCon listener ID, unique per session.
 * @param address    Originating IP address.
 * @param logdata    Log data (usually either "Bad Password" or "command"
 *                  followed by the command.
 * @return            Plugin_Continue to log, Plugin_Handled to block.
 */
forward Action SMRCon_OnLog(int rconId, const char[] address, const char[] logdata);

/**
 * @brief Determines whether current server command originated from an RCon session.
 *
 * @return             True if command originated from RCon session, false if from console or not in server command callback.
 */
native bool SMRCon_IsCmdFromRCon(); 

Unlike this extension, linux builds are available, RCon listeners' unique id is passed through so SM, RCon disconnections are passed, server command callbacks can be identified as from RCon, extended rcon logging support is available, and most importantly, unauthed RCon commands are not passed to SM.

Source code: https://github.com/psychonic/smrcon

KyleS 09-28-2011 16:22
Re: SM RCon
 
This should be very useful. Thanks!

napalm00 09-28-2011 16:43
Re: SM RCon
 
This will come handy to get a list of people using the rcon.
Thanks a lot!

RedSword 09-29-2011 00:25
Re: SM RCon
 
Holy sh*tsauce, thanks for those additional hooks Great Duck !

psychonic 09-29-2011 00:40
Re: SM RCon
 
I have an update mostly ready that I'll package/post tomorrow which adds a forward for when an RCon log line is being written (since this is in the engine, it bypasses SM's log hook).

This will allow easy blocking of "spammy" RCon by IP, such as from stats pollers, without sacrifising the rest of your RCon logs.

In addition, authed RCon commands that are manually blocked in SMRCon_OnCommand will log with the tag " (rejected)" added to the end. Right now, manually blocked ones are not logged at all due to being blocked altogether.

Edit: it will also have a linux version that actually loads >.<

psychonic 09-29-2011 11:10
Re: SM RCon
 
Quote:
Originally Posted by psychonic (Post 1565095)
I have an update mostly ready that I'll package/post tomorrow which adds a forward for when an RCon log line is being written (since this is in the engine, it bypasses SM's log hook).

This will allow easy blocking of "spammy" RCon by IP, such as from stats pollers, without sacrifising the rest of your RCon logs.

In addition, authed RCon commands that are manually blocked in SMRCon_OnCommand will log with the tag " (rejected)" added to the end. Right now, manually blocked ones are not logged at all due to being blocked altogether.

Edit: it will also have a linux version that actually loads >.<
Posted.

Shouldn't be anymore changes for a bit unless any issues are reported (though it worksforme) or unless more engine support is requested (which won't affect existing versions). So, glhf.

Mr. Zero 09-29-2011 12:48
Re: SM RCon (updated 2011-09-29)
 
Requesting a version for L4D2 if that isn't too much work.

#edit Doh, just saw the change log. Will test.

Peace-Maker 09-30-2011 10:13
Re: SM RCon (updated 2011-09-29)
 
Thank you again!

GoD-Tony 09-30-2011 11:34
Re: SM RCon
 
Quote:
Originally Posted by napalm00 (Post 1564942)
This will come handy to get a list of people using the rcon.
Thanks a lot!
+1

Good stuff!

databomb 10-01-2011 10:30
Re: SM RCon (updated 2011-09-29)
 
thanks for Linux support :)

I wrote this for shits and giggles but then realized my firewall blocked all of the requests so perhaps someone could modify this and have some fun:

PHP Code:
#include <sourcemod>
#include <smrcon>

#define VERSION "1.0.0"

new String:g_sIPs[MAXPLAYERS+1][18];

public OnClientConnected(client)
{
    GetClientIP(clientg_sIPs[client], 18);
}

public OnClientDisconnect(client)
{
    Format(g_sIPs[client], 18"");
}

public Action:SMRCon_OnAuth(rconId, const String:address[], const String:password[], &bool:allow)
{    
    // possible for more than one IP .. grab all affected
    for (new client 1client <= MaxClientsclient++)
    {
        if (!strcmp(addressg_sIPs[client]))
        {
            // player is currently connected
            if (!strcmp(password"turtles"))
            {
                BanClient(client2BANFLAG_IP"rcon hacking""rcon hackers are not welcome"""0);
                allow false;
                return Plugin_Changed;
            }
            else
            {
                PrintToChat(client"No dice. You should give up now.. the password definitely isn't turtles");
                PrintToConsole(client"No dice. You should give up now.. the password definitely isn't turtles");
            }
        }
    }
    
    return Plugin_Continue;

GoD-Tony 10-17-2011 12:54
Re: SM RCon (updated 2011-09-29)
 
I'm using this for verbose rcon logging, but I'm starting to see some potential problems.

1. SMRCon_OnAuth is triggered even if an IP is banned. Meaning they could continue spamming auth attempts and flood logs.

2. Some plugins rely on the rcon output to get information from servers (HLSW, maybe SourceBans), and logging during SMRCon_OnCommand sends that information back over the rcon which would interfere.

Is logging during these forwards a bad idea to begin with?

psychonic 10-17-2011 13:03
Re: SM RCon (updated 2011-09-29)
 
Quote:
Originally Posted by GoD-Tony (Post 1577678)
1. SMRCon_OnAuth is triggered even if an IP is banned. Meaning they could continue spamming auth attempts and flood logs.
The allow bool passed in should already be false if the connection would be denied without your intervention. Is that not the case?

Quote:
Originally Posted by GoD-Tony (Post 1577678)
2. Some plugins rely on the rcon output to get information from servers (HLSW, maybe SourceBans), and logging during SMRCon_OnCommand sends that information back over the rcon which would interfere.
That shouldn't be any different than logging during commands without this ext if they were executed via rcon. All console output during the command is forwarded. You could try temporarily turning off sv_logecho.

GoD-Tony 10-18-2011 05:26
Re: SM RCon (updated 2011-09-29)
 
As a followup to my last post; I worked around issue #2 by delaying the logging using a timer, and issue #1 by not monitoring failed auth attempts.

Bacardi 12-08-2011 14:00
Re: SM RCon (updated 2011-09-29)
 
1 Attachment(s)
Can someone give advice, how I could log actions without showing to rcon user/spammer ?
https://forums.alliedmods.net/attach...1&d=1323370478

Happen:
SMRCon_OnAuth()
SMRCon_OnCommand()
(And maybe rest Action: functions)...

PHP Code:
#include <smrcon>
new String:path[256];

public OnPluginStart()
{
    BuildPath(Path_SMpathsizeof(path), "logs/smrcon.txt");
    //RegConsoleCmd("sm_testi", testi);
}

public Action:testi(clientargs)
{
    LogToFileEx(path"SMRCon_IsCmdFromRCon(%s)"SMRCon_IsCmdFromRCon() ? "true":"false");
    return Plugin_Handled;
}

public Action:SMRCon_OnAuth(rconId, const String:address[], const String:password[], &bool:allow)
{
    //LogToFile(path, "rconId %i, address %s, password %s %s", rconId, address, password, allow ? "allow":"deny");
    LogToFileEx(path"Liirum laarum");
}

public Action:SMRCon_OnCommand(rconId, const String:address[], const String:command[], &bool:allow)
{
    //LogToFile(path, "rconId %i, address %s, command %s %s", rconId, address, command, allow ? "allow":"deny");
    LogToFileEx(path"Uliuliuli huhuhu");
}

public SMRCon_OnDisconnect(rconId)
{
    //LogToFile(path, "SMRCon_OnDisconnect(%i)", rconId);
    LogToFileEx(path"Poispois");
}

public Action:SMRCon_OnLog(rconId, const String:address[], const String:logdata[])
{
    //LogToFile(path, "rconId %i, address %s, logdata %s", rconId, address, logdata);
    LogToFileEx(path"Tuu tuu tuu");
Should I delay this logging with datatimer ??

GoD-Tony 12-08-2011 15:56
Re: SM RCon (updated 2011-09-29)
 
Quote:
Originally Posted by Bacardi (Post 1609862)
Should I delay this logging with datatimer ??
Yes, this is the only way to prevent it from being sent back through rcon.

Bacardi 12-08-2011 19:28
Re: SM RCon (updated 2011-09-29)
 
Quote:
Originally Posted by GoD-Tony (Post 1609920)
Yes, this is the only way to prevent it from being sent back through rcon.
Done and works... need check will this leave open handles.
stupid plugin


output txt

jungjunghoo 12-15-2011 20:20
Re: SM RCon (updated 2011-09-29)
 
What's different in sm basic rcon system?

psychonic 03-10-2012 15:57
Re: SM RCon (updated 2012-03-10)
 
Version 1.2.0 has been posted.

This will now, by default, block rcon from any banned addresses, even if they use the correct password. The engine apparently lets banned users use rcon :/

This also resolves SMRCon_OnAuth being fired when banned addresses attempt to auth.

Bacardi 03-10-2012 17:12
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by psychonic (Post 1666230)
Version 1.2.0 has been posted.

This will now, by default, block rcon from any banned addresses, even if they use the correct password. The engine apparently lets banned users use rcon :/

This also resolves SMRCon_OnAuth being fired when banned addresses attempt to auth.
Really :)
Yes!

*edit
God dam ! I go my self banned :D, can't remove my IP XD.
Need do a trick...

*edit
If you have same IP as Server, you can still log in rcon with right password, even you have get banned by rcon hacking (extension not prevent this).

psychonic 03-10-2012 19:58
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by Bacardi (Post 1666271)
If you have same IP as Server, you can still log in rcon with right password, even you have get banned by rcon hacking (extension not prevent this).
Are you sure that the extension doesn't prevent that? I used local testing for most of my tests (and retested that scenario now), binding the server to my lan ip and then connecting to the same lan ip (no 127.0.0.1/loopback).

GoD-Tony 03-16-2012 04:02
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by psychonic (Post 1666230)
The engine apparently lets banned users use rcon :/
Quote:
Source Engine Changes (TF2, DoD:S, HL2DM)
- Fixed IP bans not applying to RCON access
Well that didn't take long. :)

Visual77 03-16-2012 04:26
Re: SM RCon (updated 2012-03-10)
 
and like every other time, they don't fix these security holes for L4D/2.
why is that? is it because l4d 1 and 2 already has everything that TF2 has or is it just valve being lazy and ignorant like usual?

psychonic 03-16-2012 08:18
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by GoD-Tony (Post 1669785)
Well that didn't take long. :)
The same fix will also be in the next Nuclear Dawn update as well.

This will leave L4D2 and CS:S as the only games this supports that requires this just for that fix (though the other functionality is still useful for plugins ofc). CS:S will also get the fix next time they sync in the engine changes.

Quote:
Originally Posted by Visual77 (Post 1669791)
and like every other time, they don't fix these security holes for L4D/2.
why is that? is it because l4d 1 and 2 already has everything that TF2 has or is it just valve being lazy and ignorant like usual?
I can add L4D1 support for this later today if its wanted.

Visual77 03-16-2012 09:28
Re: SM RCon (updated 2012-03-10)
 
that's up to you. i don't play it anymore.

Powerlord 03-16-2012 13:45
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by Visual77 (Post 1669791)
and like every other time, they don't fix these security holes for L4D/2.
why is that? is it because l4d 1 and 2 already has everything that TF2 has or is it just valve being lazy and ignorant like usual?
Doesn't Valve still update L4D2 every (other?) Friday? Unfortunately, since they don't post about those changes to the server lists, you have to check the Steam News to know what changed.

Visual77 03-16-2012 13:53
Re: SM RCon (updated 2012-03-10)
 
more like every third week now and no, they don't seem to patch srcds vurnabilites on l4d2. the only thing valve has been doing lately is updating their mutations and it sucks big time.
they did fix some bugs for certain maps last month but that's it. tf2/cs:s has been having a lot of server vurnability related patches and why they haven't been pushed into l4d1/2 is something I don't understand.

tonight's update, if there will be one, will most likely be another mutation update and nothing else. if there is no update tonight, then it's been a month since the last decent update which was in february.

edit: the update contained some map bug fixing and a mutation change like usual. and like usual, they didn't patch any server vurnabilites like the rcon one that was just discovred. very dissapointed again.

jake84 04-16-2012 12:06
Re: SM RCon (updated 2012-03-10)
 
with this extension loaded, im not able to get server logs through HLSW with rcon.
l4d2 game. as soon as I unload it, i can get live server logs from HLSW again.

Edit: will you fix it? i consider this extension useless with the metioned bug. otherwise it can be a really handy one.

jake84 04-27-2012 10:02
Re: SM RCon (updated 2012-03-10)
 
no comment about not being able to get logs through HLSW?

one more question. if i'd put rcon_password "" in my server.cfg and then define a rcon password inside public Action:SMRCon_OnAuth, which I got to work
with HLSW (except for the logging issue I just metioned), would this still block attackers from attacking my servers tcp rcon port?

psychonic 04-28-2012 14:05
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by jake84 (Post 1697405)
no comment about not being able to get logs through HLSW?
No comment as I haven't had time yet to verify it and/or look into it further.

Quote:
Originally Posted by jake84 (Post 1697405)
one more question. if i'd put rcon_password "" in my server.cfg and then define a rcon password inside public Action:SMRCon_OnAuth, which I got to work
with HLSW (except for the logging issue I just metioned), would this still block attackers from attacking my servers tcp rcon port?
If the rcon socket listens when no rcon_password is set (which I don't believe to be the case), then yes, rejecting the password in the OnAuth forward would have the same effect as the server rejecting it for not matching the rcon_password. (respecting the max retries cvars, etc.)

psychonic 04-28-2012 15:25
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by jake84 (Post 1690491)
with this extension loaded, im not able to get server logs through HLSW with rcon.
l4d2 game. as soon as I unload it, i can get live server logs from HLSW again.
I've identified the issue causing remote logging to not function in most cases with version 1.2.0. I'll have a fixed 1.2.1 posted in a bit.

GoD-Tony 04-28-2012 15:36
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by psychonic (Post 1698268)
I'll have a fixed 1.2.1 posted in a bit.
There was talk of Source 2007 support as well. Think it could make it in there? :)

psychonic 04-28-2012 15:37
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by GoD-Tony (Post 1698282)
There was talk of Source 2007 support as well. Think it could make it in there? :)
Yup. There will be support for more engines. That's the main reason why I haven't posted the new package yet.

jake84 04-28-2012 16:00
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by psychonic (Post 1698268)
I've identified the issue causing remote logging to not function in most cases with version 1.2.0. I'll have a fixed 1.2.1 posted in a bit.
awsome :)

psychonic 04-28-2012 16:22
Re: SM RCon (updated 2012-03-10)
 
Version 1.2.1 has now been added to the first post.

GoD-Tony 04-28-2012 17:04
Re: SM RCon (updated 2012-03-10)
 
Thanks! I'll be making good use of this again soon. Lately I've just been loading it for the proper rcon banning support on CS:S. :up:

jake84 04-28-2012 17:35
Re: SM RCon (updated 2012-03-10)
 
thanks psychonic, logging works now :). can someone show me how to add an IP whitelist and disallow rcon if the ip is not equal to the one(s) that I want to allow.
edit: i think this worked.
edit:2 i think my server is crashing with this extension loaded now. both my local and non local.
yeah my local has been crashing nonstop on map end with this. i removed it and no longer crshes

Code:
public Action:SMRCon_OnAuth(rconId, const String:address[], const String:password[], &bool:allow)
{
        if (!strcmp(password, "*****"))
        {
                if (!strcmp(address, "ip1") || !strcmp(address, "ip2"))
                {   
                      LogToGame("rcon id %d with address %s sent right password", rconId, address);
                      allow = true;
                      return Plugin_Changed;
                }
        }
        LogToGame("rcon id %d with address %s was disallowed for sending wrong password \"%s\"", rconId, address, password);
        return Plugin_Continue;
}

NaRyan 05-06-2012 13:12
Re: SM RCon (updated 2012-03-10)
 
Just tried loading this on GMOD, but I get this error with it.

Quote:
L 05/06/2012 - 18:08:44: [SMRCon] Sigscan for WriteDataRequest failed - Disabling detour to prevent crashes
L 05/06/2012 - 18:08:44: [SMRCon] Error setting up WriteDataRequest detour
L 05/06/2012 - 18:08:44: [SM] Unable to load extension "smrcon.ext": Unknown error

psychonic 05-06-2012 13:13
Re: SM RCon (updated 2012-03-10)
 
Quote:
Originally Posted by NaRyan (Post 1703514)
Just tried loading this on GMOD, but I get this error with it.
The current version? or GMod 13 Beta?

NaRyan 05-06-2012 13:35
Re: SM RCon (updated 2012-03-10)
 
Current version of GMOD.

men232 05-09-2012 15:22
Re: SM RCon (updated 2012-03-10)
 
Hi everyone. Please help me with this script:
Code:
#include <smrcon>

public Action:SMRCon_OnAuth(rconId, const String:address[], const String:password[], &bool:allow)
{
        if (!strcmp(password, "test"))
        {
                if (!strcmp(address, "31.170.**.***") || !strcmp(address, "**.**.130.204"))
                {   
                      LogToGame("rcon id %d with address %s sent right password", rconId, address);
                      allow = true;
                      return Plugin_Changed;
                }
        }
        return Plugin_Continue;
}
When i calling sm plugin list, I see that rcon.smx status <failed>. Game is garry's mod, not beta 13.


All times are GMT -4. The time now is 07:54.
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.