[Dragokas]

Description:

This is additional protection against using stolen Steam apptickets / SteamId spoofing.
Plugin allows you to adjust admin access defined by:

1. SteamID + IP.
2. User name + pass + IP.

simply in admins_simple.cfg (or admins.cfg) without breaking its structure.

IP could be static or dynamic (subnet) or set of IPs (subnets).

How to use:

example of configs/admins_simple.ini lines:

- you can setup concrete ip:
"STEAM_1:1:12345678" "99:z" "" // 180.255.3.5 // Dragon

- you can setup several ip-s, as well as whole subnet if admin uses dynamic ip:
"STEAM_1:1:222712714" "99:z" "" // 87.250.34. 87.250.35. 190.34. // CrazyAdmin

- you can use "Name authentication" method together with confirming user's dynamic ip:
"Dragokas" "99:z" "" // 180.255.3.

- (default behaviour - this plugin does not interfere):
"STEAM_1:1:12345678" "99:z" // some comment (or without)

- Note: SteamId v3 is also supported here (not my merit).

Admins who failed to pass ip check (depending on settings):
- will be kicked
- will be removed from admins
- will lose all of their admin flags, except the flag defined in settings.

Note: if you want to use "name" authentification method you need to:
- setup admin password in addons/sourcemod/configs/core.cfg => PassInfoVar
- (optionally) install the same password in autoexec.cfg, like: setinfo "password" "Dragokas"
Details: https://wiki.alliedmods.net/Adding_A...Mod)#Passwords

ENSURE: legal comments of your admins_simple.ini file does not begin with digit,
otherwise they can be considered as IP.

Settings (ConVars):

- sm_admins_simple_ip_enabled - def: "1" - Enable plugin (1 - On / 0 - Off)
- sm_admins_simple_ip_lock_mode - def: "0" - Restriction method for admin who failed ip check (0 - kick / 1 - remove admin permissions / 2 - restrict admin to use only defined flag(s)
- sm_admins_simple_ip_lock_flags - def: "k" - List of admin flags to assign to administrator (if lock mode = 2)
- sm_admins_simple_ip_lock_unkn - def: "1" - Restrict unknown admins (if they cannot be found in config file, like one dynamically added by 3rd party plugins)
- sm_admins_simple_ip_log - def: "1" - Log when admin failed to pass validation (1 - On / 0 - Off).

Logs are stored in: sourcemod/logs/admin_ip.log

Note about unknown admins:
this plugins also ensures client didn't spoof Steam Id on authorization stage
in the way his SteamId doesn't match Id present in config file anymore.
This not conflict with admins added dynamically in the middle game by 3rd-party plugin.
However, such admin will be checked when client is authorized next time and will be a subject for removing.
So, just in case, you can disable such behaviour by "sm_admins_simple_ip_lock_unkn" ConVar.

Useful commands:

sm_reloadadmins - refresh admin list, restore default admin permissions, validate in-game admins.
sm_dump_admcache - dump admin cache list to addons/sourcemod/data/admin_cache_dump.txt (no IP info, though).

Requirements:

- "SourceMod Admin File Reader Plugin" (admin-flatfile.smx) by AlliedModders LLC (included in SourceMod)
- GeoIP extension (included in SourceMod).

Credits:

- AlliedModders LLC - Plugin is based on "admin-simple.sp" source code as a part of SourceMod.

Changelog:

1.0 (21-May-2019)
- Initial release

TODO:

add admin.cfg

Related plugins:

Ultimate SteamID Protection - No passwords

Donate

Donates are very appreciated and welcomed for further inspiration, make me happy, and make next updates came out more often:
- Patreon (Paypal)
- BitCoin
- Ю.Money

[Dragokas]

Updated

Quote:

1.1 (25-Aug-2019) - Fixed mistake when admin is kicked if "sm_admins_simple_ip_lock_flags" is not include flag assigned to him. - AuthId_Steam2 is now logged instead of AuthId_Steam3.