1 | //FIXME Not checked on threadsafety yet; after checking please remove this line
|
---|
2 | #include "globals.h"
|
---|
3 |
|
---|
4 | #ifdef CS_ANTICASC
|
---|
5 |
|
---|
6 | //static time_t ac_last_chk;
|
---|
7 | static uchar ac_ecmd5[CS_ECMSTORESIZE];
|
---|
8 | struct s_acasc ac_stat[CS_MAXPID];
|
---|
9 |
|
---|
10 | int ac_init_log(char *file)
|
---|
11 | {
|
---|
12 | if( (!fpa) && (file[0]))
|
---|
13 | {
|
---|
14 | if( (fpa=fopen(file, "a+"))<=(FILE *)0 )
|
---|
15 | {
|
---|
16 | fpa=(FILE *)0;
|
---|
17 | fprintf(stderr, "can't open anti-cascading logfile: %s\n", file);
|
---|
18 | }
|
---|
19 | else
|
---|
20 | cs_log("anti-cascading log initialized");
|
---|
21 | }
|
---|
22 |
|
---|
23 | return(fpa<=(FILE *)0);
|
---|
24 | }
|
---|
25 |
|
---|
26 | void ac_init_stat()
|
---|
27 | {
|
---|
28 | memset(ac_stat, 0, sizeof(ac_stat));
|
---|
29 | memset(acasc, 0, sizeof(acasc));
|
---|
30 |
|
---|
31 | if( fpa )
|
---|
32 | fclose(fpa);
|
---|
33 | fpa=(FILE *)0;
|
---|
34 | if( ac_init_log(cfg->ac_logfile) )
|
---|
35 | cs_exit(0);
|
---|
36 | }
|
---|
37 |
|
---|
38 | static struct s_client *idx_from_ac_idx(int ac_idx)
|
---|
39 | {
|
---|
40 | struct s_client *cl;
|
---|
41 | for (cl=first_client; ; cl=cl->next) {
|
---|
42 | if( cl->ac_idx==ac_idx )
|
---|
43 | return cl;
|
---|
44 | if (cl->next == NULL)
|
---|
45 | return NULL;
|
---|
46 | }
|
---|
47 | }
|
---|
48 |
|
---|
49 | void ac_do_stat()
|
---|
50 | {
|
---|
51 | int i, j, idx, exceeds, maxval, prev_deny=0;
|
---|
52 | struct s_client *cl_idx;
|
---|
53 |
|
---|
54 | struct s_client *prev, *cl;
|
---|
55 | for (prev=first_client, cl=first_client->next; prev->next != NULL; prev=prev->next, cl=cl->next)
|
---|
56 | for( i=0; i<CS_MAXPID; i++ )
|
---|
57 | {
|
---|
58 | idx = ac_stat[i].idx;
|
---|
59 | ac_stat[i].stat[idx] = acasc[i].ac_count;
|
---|
60 | acasc[i].ac_count=0;
|
---|
61 | cl_idx = idx_from_ac_idx(i);
|
---|
62 |
|
---|
63 | if( ac_stat[i].stat[idx] )
|
---|
64 | {
|
---|
65 | if( cl_idx == NULL ) {
|
---|
66 | cs_log("ERROR: can't find client with ac_idx=%d", i);
|
---|
67 | continue;
|
---|
68 | }
|
---|
69 |
|
---|
70 | if( cl_idx->ac_penalty==2 ) {// banned
|
---|
71 | cs_debug("user '%s' banned", cl_idx->usr);
|
---|
72 | acasc[i].ac_deny=1;
|
---|
73 | }
|
---|
74 | else
|
---|
75 | {
|
---|
76 | for( j=exceeds=maxval=0; j<cfg->ac_samples; j++ )
|
---|
77 | {
|
---|
78 | if( ac_stat[i].stat[j] > maxval )
|
---|
79 | maxval=ac_stat[i].stat[j];
|
---|
80 | exceeds+=(ac_stat[i].stat[j]>cl_idx->ac_limit);
|
---|
81 | }
|
---|
82 | prev_deny=acasc[i].ac_deny;
|
---|
83 | acasc[i].ac_deny = (exceeds >= cfg->ac_denysamples);
|
---|
84 |
|
---|
85 | cs_debug("%s limit=%d, max=%d, samples=%d, dsamples=%d, ac[ci=%d][si=%d]:",
|
---|
86 | cl_idx->usr, cl_idx->ac_limit, maxval,
|
---|
87 | cfg->ac_samples, cfg->ac_denysamples, i, idx);
|
---|
88 | cs_debug("%d %d %d %d %d %d %d %d %d %d ", ac_stat[i].stat[0],
|
---|
89 | ac_stat[i].stat[1], ac_stat[i].stat[2], ac_stat[i].stat[3],
|
---|
90 | ac_stat[i].stat[4], ac_stat[i].stat[5], ac_stat[i].stat[6],
|
---|
91 | ac_stat[i].stat[7], ac_stat[i].stat[8], ac_stat[i].stat[9]);
|
---|
92 | if( acasc[i].ac_deny ) {
|
---|
93 | cs_log("user '%s' exceeds limit", cl_idx->usr);
|
---|
94 | ac_stat[i].stat[idx] = 0;
|
---|
95 | } else if( prev_deny )
|
---|
96 | cs_log("user '%s' restored access", cl_idx->usr);
|
---|
97 | }
|
---|
98 | }
|
---|
99 | else if( acasc[i].ac_deny )
|
---|
100 | {
|
---|
101 | prev_deny=1;
|
---|
102 | acasc[i].ac_deny=0;
|
---|
103 | if( cl_idx != NULL )
|
---|
104 | cs_log("restored access for inactive user '%s'", cl_idx->usr);
|
---|
105 | else
|
---|
106 | cs_log("restored access for unknown user (ac_idx=%d)", i);
|
---|
107 | }
|
---|
108 |
|
---|
109 | if( !acasc[i].ac_deny && !prev_deny )
|
---|
110 | ac_stat[i].idx = (ac_stat[i].idx + 1) % cfg->ac_samples;
|
---|
111 | }
|
---|
112 | }
|
---|
113 |
|
---|
114 | void ac_init_client(struct s_auth *account)
|
---|
115 | {
|
---|
116 | cur_client()->ac_idx = account->ac_idx;
|
---|
117 | cur_client()->ac_limit = 0;
|
---|
118 | if( cfg->ac_enabled )
|
---|
119 | {
|
---|
120 | if( account->ac_users )
|
---|
121 | {
|
---|
122 | cur_client()->ac_limit = (account->ac_users*100+80)*cfg->ac_stime;
|
---|
123 | cur_client()->ac_penalty = account->ac_penalty;
|
---|
124 | cs_debug("login '%s', ac_idx=%d, users=%d, stime=%d min, dwlimit=%d per min, penalty=%d",
|
---|
125 | account->usr, account->ac_idx, account->ac_users, cfg->ac_stime,
|
---|
126 | account->ac_users*100+80, account->ac_penalty);
|
---|
127 | }
|
---|
128 | else
|
---|
129 | {
|
---|
130 | cs_debug("anti-cascading not used for login '%s'", account->usr);
|
---|
131 | }
|
---|
132 | }
|
---|
133 | }
|
---|
134 |
|
---|
135 | static int ac_dw_weight(ECM_REQUEST *er)
|
---|
136 | {
|
---|
137 | struct s_cpmap *cpmap;
|
---|
138 |
|
---|
139 | for( cpmap=cfg->cpmap; (cpmap) ; cpmap=cpmap->next )
|
---|
140 | if( (cpmap->caid ==0 || cpmap->caid ==er->caid) &&
|
---|
141 | (cpmap->provid==0 || cpmap->provid==er->prid) &&
|
---|
142 | (cpmap->sid ==0 || cpmap->sid ==er->srvid) &&
|
---|
143 | (cpmap->chid ==0 || cpmap->chid ==er->chid) )
|
---|
144 | return (cpmap->dwtime*100/60);
|
---|
145 |
|
---|
146 | cs_debug("WARNING: CAID %04X, PROVID %06X, SID %04X, CHID %04X not found in oscam.ac",
|
---|
147 | er->caid, er->prid, er->srvid, er->chid);
|
---|
148 | cs_debug("set DW lifetime 10 sec");
|
---|
149 | return 16; // 10*100/60
|
---|
150 | }
|
---|
151 |
|
---|
152 | void ac_chk(ECM_REQUEST *er, int level)
|
---|
153 | {
|
---|
154 | if( !cur_client()->ac_limit || !cfg->ac_enabled ) return;
|
---|
155 |
|
---|
156 | if( level==1 )
|
---|
157 | {
|
---|
158 | if( er->rc==7 ) acasc[cur_client()->ac_idx].ac_count++;
|
---|
159 | if( er->rc>3 ) return; // not found
|
---|
160 | if( memcmp(ac_ecmd5, er->ecmd5, CS_ECMSTORESIZE) != 0 )
|
---|
161 | {
|
---|
162 | acasc[cur_client()->ac_idx].ac_count+=ac_dw_weight(er);
|
---|
163 | memcpy(ac_ecmd5, er->ecmd5, CS_ECMSTORESIZE);
|
---|
164 | }
|
---|
165 | return;
|
---|
166 | }
|
---|
167 |
|
---|
168 | if( acasc[cur_client()->ac_idx].ac_deny )
|
---|
169 | if( cur_client()->ac_penalty )
|
---|
170 | {
|
---|
171 | cs_debug("send fake dw");
|
---|
172 | er->rc=7; // fake
|
---|
173 | er->rcEx=0;
|
---|
174 | cs_sleepms(cfg->ac_fakedelay);
|
---|
175 | }
|
---|
176 | }
|
---|
177 | #endif
|
---|