mirror of
				https://github.com/OpenFusionProject/OpenFusion.git
				synced 2025-10-25 06:10:04 +00:00 
			
		
		
		
	Compare commits
	
		
			17 Commits
		
	
	
		
			575754f727
			...
			landlock
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 6a0d8ca436 | |||
| 0e32a8974f | |||
| c196171034 | |||
| 8137921154 | |||
| 7c66041a6f | |||
| 2c822e210b | |||
|   | c116794c83 | ||
|   | 4ebda6066c | ||
| 6de21277d6 | |||
|   | 397700e909 | ||
| d9b6aedd5b | |||
|   | 145113062b | ||
| d717c5d74d | |||
| a6eb0e2349 | |||
| 52833f7fb3 | |||
|   | 3aed24de26 | ||
|   | 17362b2ea6 | 
							
								
								
									
										6
									
								
								.github/workflows/check-builds.yaml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								.github/workflows/check-builds.yaml
									
									
									
									
										vendored
									
									
								
							| @@ -52,7 +52,7 @@ jobs: | |||||||
|           Copy-Item -Path "config.ini" -Destination "bin" |           Copy-Item -Path "config.ini" -Destination "bin" | ||||||
|         shell: pwsh |         shell: pwsh | ||||||
|       - name: Upload build artifact |       - name: Upload build artifact | ||||||
|         uses: actions/upload-artifact@v2 |         uses: actions/upload-artifact@v4 | ||||||
|         with: |         with: | ||||||
|           name: 'ubuntu22_04-bin-x64-${{ env.SHORT_SHA }}' |           name: 'ubuntu22_04-bin-x64-${{ env.SHORT_SHA }}' | ||||||
|           path: bin |           path: bin | ||||||
| @@ -106,7 +106,7 @@ jobs: | |||||||
|           } |           } | ||||||
|         shell: pwsh |         shell: pwsh | ||||||
|       - name: Upload build artifact |       - name: Upload build artifact | ||||||
|         uses: actions/upload-artifact@v2 |         uses: actions/upload-artifact@v4 | ||||||
|         with: |         with: | ||||||
|           name: 'windows-vs2019-bin-x64-${{ env.SHORT_SHA }}' |           name: 'windows-vs2019-bin-x64-${{ env.SHORT_SHA }}' | ||||||
|           path: bin |           path: bin | ||||||
| @@ -127,7 +127,7 @@ jobs: | |||||||
|           GITDESC=$(git describe --tags) |           GITDESC=$(git describe --tags) | ||||||
|           mkdir $GITDESC |           mkdir $GITDESC | ||||||
|           echo "ARTDIR=$GITDESC" >> $GITHUB_ENV |           echo "ARTDIR=$GITDESC" >> $GITHUB_ENV | ||||||
|       - uses: actions/download-artifact@v3 |       - uses: actions/download-artifact@v4 | ||||||
|         with: |         with: | ||||||
|           path: ${{ env.ARTDIR }} |           path: ${{ env.ARTDIR }} | ||||||
|       - name: Upload artifacts |       - name: Upload artifacts | ||||||
|   | |||||||
							
								
								
									
										3
									
								
								.github/workflows/push-docker-image.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.github/workflows/push-docker-image.yml
									
									
									
									
										vendored
									
									
								
							| @@ -3,6 +3,7 @@ name: Push Docker Image | |||||||
| on: | on: | ||||||
|   release: |   release: | ||||||
|     types: [published] |     types: [published] | ||||||
|  |   workflow_dispatch: | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   push-docker-image: |   push-docker-image: | ||||||
| @@ -28,6 +29,8 @@ jobs: | |||||||
|         with: |         with: | ||||||
|           password: ${{ secrets.DOCKERHUB_TOKEN }} |           password: ${{ secrets.DOCKERHUB_TOKEN }} | ||||||
|           username: ${{ secrets.DOCKERHUB_USERNAME }} |           username: ${{ secrets.DOCKERHUB_USERNAME }} | ||||||
|  |       - name: Set up QEMU | ||||||
|  |         uses: docker/setup-qemu-action@v3 | ||||||
|       - name: Build and push the Docker image |       - name: Build and push the Docker image | ||||||
|         uses: docker/build-push-action@v5 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|   | |||||||
							
								
								
									
										7
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										7
									
								
								Makefile
									
									
									
									
									
								
							| @@ -133,6 +133,8 @@ HDR=$(CHDR) $(CXXHDR) | |||||||
| all: $(SERVER) | all: $(SERVER) | ||||||
|  |  | ||||||
| windows: $(SERVER) | windows: $(SERVER) | ||||||
|  | nosandbox: $(SERVER) | ||||||
|  | nolandlock: $(SERVER) | ||||||
|  |  | ||||||
| # assign Windows-specific values if targeting Windows | # assign Windows-specific values if targeting Windows | ||||||
| windows : CC=$(WIN_CC) | windows : CC=$(WIN_CC) | ||||||
| @@ -142,6 +144,9 @@ windows : CXXFLAGS=$(WIN_CXXFLAGS) | |||||||
| windows : LDFLAGS=$(WIN_LDFLAGS) | windows : LDFLAGS=$(WIN_LDFLAGS) | ||||||
| windows : SERVER=$(WIN_SERVER) | windows : SERVER=$(WIN_SERVER) | ||||||
|  |  | ||||||
|  | nosandbox : CFLAGS+=-DCONFIG_NOSANDBOX=1 | ||||||
|  | nolandlock : CFLAGS+=-DCONFIG_NOLANDLOCK=1 | ||||||
|  |  | ||||||
| .SUFFIXES: .o .c .cpp .h .hpp | .SUFFIXES: .o .c .cpp .h .hpp | ||||||
|  |  | ||||||
| .c.o: | .c.o: | ||||||
| @@ -163,7 +168,7 @@ version.h: | |||||||
|  |  | ||||||
| src/main.o: version.h | src/main.o: version.h | ||||||
|  |  | ||||||
| .PHONY: all windows clean nuke | .PHONY: all windows nosandbox nolandlock clean nuke | ||||||
|  |  | ||||||
| # only gets rid of OpenFusion objects, so we don't need to | # only gets rid of OpenFusion objects, so we don't need to | ||||||
| # recompile the libs every time | # recompile the libs every time | ||||||
|   | |||||||
							
								
								
									
										21
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										21
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,34 +1,35 @@ | |||||||
| <p align="center"><img width="640" src="res/openfusion-hero.png" alt=""></p> | <p align="center"><img width="640" src="res/openfusion-hero.png" alt="OpenFusion Logo"></p> | ||||||
|  |  | ||||||
| <p align="center"> | <p align="center"> | ||||||
|     <a href="https://github.com/OpenFusionProject/OpenFusion/releases/latest"><img src="https://img.shields.io/github/v/release/OpenFusionProject/OpenFusion" alt="Current Release"></a> |     <a href="https://github.com/OpenFusionProject/OpenFusion/releases/latest"><img src="https://img.shields.io/github/v/release/OpenFusionProject/OpenFusion" alt="Current Release"></a> | ||||||
|     <a href="https://github.com/OpenFusionProject/OpenFusion/actions/workflows/check-builds.yaml"><img src="https://github.com/OpenFusionProject/OpenFusion/actions/workflows/check-builds.yaml/badge.svg" alt="Workflow"></a> |     <a href="https://github.com/OpenFusionProject/OpenFusion/actions/workflows/check-builds.yaml"><img src="https://github.com/OpenFusionProject/OpenFusion/actions/workflows/check-builds.yaml/badge.svg" alt="Workflow"></a> | ||||||
|  |     <a href="https://hub.docker.com/repository/docker/openfusion/openfusion/"><img src="https://badgen.net/docker/pulls/openfusion/openfusion?icon=docker&label=pulls"></a> | ||||||
|     <a href="https://discord.gg/DYavckB"><img src="https://img.shields.io/badge/chat-on%20discord-7289da.svg?logo=discord" alt="Discord"></a> |     <a href="https://discord.gg/DYavckB"><img src="https://img.shields.io/badge/chat-on%20discord-7289da.svg?logo=discord" alt="Discord"></a> | ||||||
|     <a href="https://github.com/OpenFusionProject/OpenFusion/blob/master/LICENSE.md"><img src="https://img.shields.io/github/license/OpenFusionProject/OpenFusion" alt="License"></a> |     <a href="https://github.com/OpenFusionProject/OpenFusion/blob/master/LICENSE.md"><img src="https://img.shields.io/github/license/OpenFusionProject/OpenFusion" alt="License"></a> | ||||||
| </p> | </p> | ||||||
|  |  | ||||||
| OpenFusion is a reverse-engineered server for FusionFall. It primarily targets versions `beta-20100104` and `beta-20111013` of the original game, with [limited support](https://github.com/OpenFusionProject/OpenFusion/wiki/FusionFall-Version-Support) for others. | OpenFusion is a reverse-engineered server for FusionFall. It primarily targets versions `beta-20100104` and `beta-20111013` of the original game, with [limited support](https://openfusion.dev/docs/reference/fusionfall-version-support/) for others. | ||||||
|  |  | ||||||
| ## Usage | ## Usage | ||||||
|  |  | ||||||
| ### Getting Started | ### Getting Started | ||||||
| #### Method A: Installer (Easiest) | #### Method A: Installer (Easiest) | ||||||
| 1. Download the client installer by clicking [here](https://github.com/OpenFusionProject/OpenFusion/releases/download/1.5/OpenFusionClient-1.5-Installer.exe) - choose to run the file. | 1. Download the client installer by clicking [here](https://github.com/OpenFusionProject/OpenFusion/releases/download/1.6/OpenFusionClient-1.6-Installer.exe) - choose to run the file. | ||||||
| 2. After a few moments, the client should open: you will be given a choice between two public servers by default. Select the one you wish to play and click connect. | 2. After a few moments, the client should open: you will be given a choice between two public servers by default. Select the one you wish to play and click connect. | ||||||
| 3. To create an account, simply enter the details you wish to use at the login screen then click Log In. Do *not* click register, as this will just lead to a blank screen. | 3. To create an account, simply enter the details you wish to use at the login screen then click Log In. Do *not* click register, as this will just lead to a blank screen. | ||||||
| 4. Make a new character, and enjoy the game! Your progress will be saved automatically, and you can resume playing by entering the login details you used in step 3. | 4. Make a new character, and enjoy the game! Your progress will be saved automatically, and you can resume playing by entering the login details you used in step 3. | ||||||
|  |  | ||||||
| #### Method B: Standalone .zip file | #### Method B: Standalone .zip file | ||||||
| 1. Download the client from [here](https://github.com/OpenFusionProject/OpenFusion/releases/download/1.5/OpenFusionClient-1.5.zip). | 1. Download the client from [here](https://github.com/OpenFusionProject/OpenFusion/releases/download/1.6/OpenFusionClient-1.6.zip). | ||||||
| 2. Extract it to a folder of your choice. Note: if you are upgrading from an older version, it is preferable to start with a fresh folder rather than overwriting a previous install. | 2. Extract it to a folder of your choice. Note: if you are upgrading from an older version, it is preferable to start with a fresh folder rather than overwriting a previous install. | ||||||
| 3. Run OpenFusionClient.exe - you will be given a choice between two public servers by default. Select the one you wish to play and click connect. | 3. Run OpenFusionClient.exe - you will be given a choice between two public servers by default. Select the one you wish to play and click connect. | ||||||
| 4. To create an account, simply enter the details you wish to use at the login screen then click Log In. Do *not* click register, as this will just lead to a blank screen. | 4. To create an account, simply enter the details you wish to use at the login screen then click Log In. Do *not* click register, as this will just lead to a blank screen. | ||||||
| 5. Make a new character, and enjoy the game! Your progress will be saved automatically, and you can resume playing by entering the login details you used in step 4. | 5. Make a new character, and enjoy the game! Your progress will be saved automatically, and you can resume playing by entering the login details you used in step 4. | ||||||
|  |  | ||||||
| Instructions for getting the client to run on Linux through Wine can be found [here](https://github.com/OpenFusionProject/OpenFusion/wiki/Running-the-game-client-on-Linux). | Instructions for getting the client to run on Linux through Wine can be found [here](https://openfusion.dev/docs/guides/running-on-linux/). | ||||||
|  |  | ||||||
| ### Hosting a server | ### Hosting a server | ||||||
| 1. Grab `OpenFusionServer-1.5-Original.zip` or `OpenFusionServer-1.5-Academy.zip` from [here](https://github.com/OpenFusionProject/OpenFusion/releases/tag/1.5). | 1. Grab `OpenFusionServer-1.6-Original.zip` or `OpenFusionServer-1.6-Academy.zip` from [here](https://github.com/OpenFusionProject/OpenFusion/releases/tag/1.6). | ||||||
| 2. Extract it to a folder of your choice, then run `winfusion.exe` (Windows) or `fusion` (Linux) to start the server. | 2. Extract it to a folder of your choice, then run `winfusion.exe` (Windows) or `fusion` (Linux) to start the server. | ||||||
| 3. Add a new server to the client's list: | 3. Add a new server to the client's list: | ||||||
|     1. For Description, enter anything you want. This is what will show up in the server list. |     1. For Description, enter anything you want. This is what will show up in the server list. | ||||||
| @@ -79,17 +80,17 @@ This just works if you're all under the same LAN, but if you want to play over t | |||||||
|  |  | ||||||
| ## Compiling  | ## Compiling  | ||||||
|  |  | ||||||
| OpenFusion has one external dependency: SQLite. The oldest compatible version is `3.33.0`. You can install it on Windows using `vcpkg`, and on Unix/Linux using your distribution's package manager. For a more indepth guide on how to set up vcpkg, [read this guide on the wiki](https://github.com/OpenFusionProject/OpenFusion/wiki/Installing-SQLite-on-Windows-using-vcpkg). | OpenFusion has one external dependency: SQLite. The oldest compatible version is `3.33.0`. You can install it on Windows using `vcpkg`, and on Unix/Linux using your distribution's package manager. For a more indepth guide on how to set up vcpkg, [read this guide](https://openfusion.dev/docs/development/installing-sqlite-on-windows-using-vcpkg/). | ||||||
|  |  | ||||||
| You have two choices for compiling OpenFusion: the included Makefile and the included CMakeLists file. | You have two choices for compiling OpenFusion: the included Makefile and the included CMakeLists file. | ||||||
|  |  | ||||||
| ### Makefile | ### Makefile | ||||||
|  |  | ||||||
| A detailed compilation guide is available for Windows users in the wiki [using MinGW-w64 and MSYS2](https://github.com/OpenFusionProject/OpenFusion/wiki/Compilation-on-Windows). Otherwise, to compile it for the current platform you're on, just run `make` with the correct build tools installed (currently make and clang). | A detailed compilation guide is available for Windows users on the website [using MinGW-w64 and MSYS2](https://openfusion.dev/docs/development/compilation-on-windows-msys2-mingw/). Otherwise, to compile it for the current platform you're on, just run `make` with the correct build tools installed (currently make and clang). | ||||||
|  |  | ||||||
| ### CMake | ### CMake | ||||||
|  |  | ||||||
| A detailed guide is available [on the wiki](https://github.com/OpenFusionProject/OpenFusion/wiki/Compilation-with-CMake-or-Visual-Studio) for people using regular old CMake or the version of CMake that comes with Visual Studio. tl;dr: `cmake -B build` | A detailed guide is available [in our documentation](https://openfusion.dev/docs/development/compilation-with-cmake-or-visual-studio/) for people using regular old CMake or the version of CMake that comes with Visual Studio. TL;DR: `cmake -B build` | ||||||
|  |  | ||||||
| ## Contributing | ## Contributing | ||||||
|  |  | ||||||
| @@ -107,4 +108,4 @@ Meanwhile the Academy server is more meant for legitimate playthroughs (default | |||||||
|  |  | ||||||
| When hosting a local server, you will have access to all commands by default (account level 1). | When hosting a local server, you will have access to all commands by default (account level 1). | ||||||
|  |  | ||||||
| For a list of available commands, see [this wiki page](https://github.com/OpenFusionProject/OpenFusion/wiki/Ingame-Command-list). | For a list of available commands, see [this page](https://openfusion.dev/docs/reference/ingame-command-list/). | ||||||
|   | |||||||
| @@ -17,6 +17,10 @@ acceptallcustomnames=true | |||||||
| # should attempts to log into non-existent accounts | # should attempts to log into non-existent accounts | ||||||
| # automatically create them? | # automatically create them? | ||||||
| autocreateaccounts=true | autocreateaccounts=true | ||||||
|  | # list of supported authentication methods (comma-separated) | ||||||
|  | # password = allow login type 1 with plaintext passwords | ||||||
|  | # cookie = allow login type 2 with one-shot auth cookies | ||||||
|  | authmethods=password | ||||||
| # how often should everything be flushed to the database? | # how often should everything be flushed to the database? | ||||||
| # the default is 4 minutes | # the default is 4 minutes | ||||||
| dbsaveinterval=240 | dbsaveinterval=240 | ||||||
|   | |||||||
							
								
								
									
										19
									
								
								sql/migration4.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								sql/migration4.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | /* | ||||||
|  |     It is recommended in the SQLite manual to turn off | ||||||
|  |     foreign keys when making schema changes that involve them | ||||||
|  | */ | ||||||
|  | PRAGMA foreign_keys=OFF; | ||||||
|  | BEGIN TRANSACTION; | ||||||
|  | -- New table to store auth cookies | ||||||
|  | CREATE TABLE Auth ( | ||||||
|  |     AccountID   INTEGER NOT NULL, | ||||||
|  |     Cookie      TEXT NOT NULL, | ||||||
|  |     Expires     INTEGER DEFAULT 0 NOT NULL, | ||||||
|  |     FOREIGN KEY(AccountID) REFERENCES Accounts(AccountID) ON DELETE CASCADE, | ||||||
|  |     UNIQUE (AccountID) | ||||||
|  | ); | ||||||
|  | -- Update DB Version | ||||||
|  | UPDATE Meta SET Value = 5 WHERE Key = 'DatabaseVersion'; | ||||||
|  | UPDATE Meta SET Value = strftime('%s', 'now') WHERE Key = 'LastMigration'; | ||||||
|  | COMMIT; | ||||||
|  | PRAGMA foreign_keys=ON; | ||||||
| @@ -143,7 +143,7 @@ CREATE TABLE IF NOT EXISTS EmailItems ( | |||||||
|     UNIQUE (PlayerID, MsgIndex, Slot) |     UNIQUE (PlayerID, MsgIndex, Slot) | ||||||
| ); | ); | ||||||
|  |  | ||||||
| CREATE TABLE IF NOT EXISTS RaceResults( | CREATE TABLE IF NOT EXISTS RaceResults ( | ||||||
|     EPID      INTEGER NOT NULL, |     EPID      INTEGER NOT NULL, | ||||||
|     PlayerID  INTEGER NOT NULL, |     PlayerID  INTEGER NOT NULL, | ||||||
|     Score     INTEGER NOT NULL, |     Score     INTEGER NOT NULL, | ||||||
| @@ -153,9 +153,17 @@ CREATE TABLE IF NOT EXISTS RaceResults( | |||||||
|     FOREIGN KEY(PlayerID) REFERENCES Players(PlayerID) ON DELETE CASCADE |     FOREIGN KEY(PlayerID) REFERENCES Players(PlayerID) ON DELETE CASCADE | ||||||
| ); | ); | ||||||
|  |  | ||||||
| CREATE TABLE IF NOT EXISTS RedeemedCodes( | CREATE TABLE IF NOT EXISTS RedeemedCodes ( | ||||||
|     PlayerID    INTEGER NOT NULL, |     PlayerID    INTEGER NOT NULL, | ||||||
|     Code        TEXT NOT NULL, |     Code        TEXT NOT NULL, | ||||||
|     FOREIGN KEY(PlayerID) REFERENCES Players(PlayerID) ON DELETE CASCADE, |     FOREIGN KEY(PlayerID) REFERENCES Players(PlayerID) ON DELETE CASCADE, | ||||||
|     UNIQUE (PlayerID, Code) |     UNIQUE (PlayerID, Code) | ||||||
| ) | ); | ||||||
|  |  | ||||||
|  | CREATE TABLE IF NOT EXISTS Auth ( | ||||||
|  |     AccountID   INTEGER NOT NULL, | ||||||
|  |     Cookie      TEXT NOT NULL, | ||||||
|  |     Expires     INTEGER DEFAULT 0 NOT NULL, | ||||||
|  |     FOREIGN KEY(AccountID) REFERENCES Accounts(AccountID) ON DELETE CASCADE, | ||||||
|  |     UNIQUE (AccountID) | ||||||
|  | ); | ||||||
|   | |||||||
| @@ -368,7 +368,6 @@ void Abilities::useNPCSkill(EntityRef npc, int skillID, std::vector<ICombatant*> | |||||||
|     SkillData* skill = &SkillTable[skillID]; |     SkillData* skill = &SkillTable[skillID]; | ||||||
|  |  | ||||||
|     std::vector<SkillResult> results = handleSkill(skill, 0, src, affected); |     std::vector<SkillResult> results = handleSkill(skill, 0, src, affected); | ||||||
|     if(results.empty()) return; // no effect; no need for confirmation packets |  | ||||||
|  |  | ||||||
|     // lazy validation since skill results might be different sizes |     // lazy validation since skill results might be different sizes | ||||||
|     if (!validOutVarPacket(sizeof(sP_FE2CL_NPC_SKILL_HIT), results.size(), MAX_SKILLRESULT_SIZE)) { |     if (!validOutVarPacket(sizeof(sP_FE2CL_NPC_SKILL_HIT), results.size(), MAX_SKILLRESULT_SIZE)) { | ||||||
|   | |||||||
| @@ -30,7 +30,7 @@ static bool playerHasBuddyWithID(Player* plr, int buddyID) { | |||||||
| #pragma endregion | #pragma endregion | ||||||
|  |  | ||||||
| // Refresh buddy list | // Refresh buddy list | ||||||
| void Buddies::refreshBuddyList(CNSocket* sock) { | void Buddies::sendBuddyList(CNSocket* sock) { | ||||||
|     Player* plr = PlayerManager::getPlayer(sock); |     Player* plr = PlayerManager::getPlayer(sock); | ||||||
|     int buddyCnt = Database::getNumBuddies(plr); |     int buddyCnt = Database::getNumBuddies(plr); | ||||||
|  |  | ||||||
| @@ -278,15 +278,6 @@ static void reqFindNameBuddyAccept(CNSocket* sock, CNPacketData* data) { | |||||||
| static void reqPktGetBuddyState(CNSocket* sock, CNPacketData* data) { | static void reqPktGetBuddyState(CNSocket* sock, CNPacketData* data) { | ||||||
|     Player* plr = PlayerManager::getPlayer(sock); |     Player* plr = PlayerManager::getPlayer(sock); | ||||||
|      |      | ||||||
|     /* |  | ||||||
|      * If the buddy list wasn't synced a second time yet, sync it. |  | ||||||
|      * Not sure why we have to do it again for the client not to trip up. |  | ||||||
|      */ |  | ||||||
|     if (!plr->buddiesSynced) { |  | ||||||
|         refreshBuddyList(sock); |  | ||||||
|         plr->buddiesSynced = true; |  | ||||||
|     } |  | ||||||
|      |  | ||||||
|     INITSTRUCT(sP_FE2CL_REP_GET_BUDDY_STATE_SUCC, resp); |     INITSTRUCT(sP_FE2CL_REP_GET_BUDDY_STATE_SUCC, resp); | ||||||
|      |      | ||||||
|     for (int slot = 0; slot < 50; slot++) { |     for (int slot = 0; slot < 50; slot++) { | ||||||
|   | |||||||
| @@ -6,5 +6,5 @@ namespace Buddies { | |||||||
|     void init(); |     void init(); | ||||||
|  |  | ||||||
|     // Buddy list |     // Buddy list | ||||||
|     void refreshBuddyList(CNSocket* sock); |     void sendBuddyList(CNSocket* sock); | ||||||
| } | } | ||||||
|   | |||||||
| @@ -72,8 +72,8 @@ struct Player : public Entity, public ICombatant { | |||||||
|     bool notify = false; |     bool notify = false; | ||||||
|     bool hidden = false; |     bool hidden = false; | ||||||
|     bool unwarpable = false; |     bool unwarpable = false; | ||||||
|  |     bool initialLoadDone = false; | ||||||
|  |  | ||||||
|     bool buddiesSynced = false; |  | ||||||
|     int64_t buddyIDs[50] = {}; |     int64_t buddyIDs[50] = {}; | ||||||
|     bool isBuddyBlocked[50] = {}; |     bool isBuddyBlocked[50] = {}; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -155,16 +155,21 @@ void PlayerManager::sendPlayerTo(CNSocket* sock, int X, int Y, int Z) { | |||||||
|  * Nanos the player hasn't unlocked will (and should) be greyed out. Thus, all nanos should be accounted |  * Nanos the player hasn't unlocked will (and should) be greyed out. Thus, all nanos should be accounted | ||||||
|  * for in these packets, even if the player hasn't unlocked them. |  * for in these packets, even if the player hasn't unlocked them. | ||||||
|  */ |  */ | ||||||
| static void sendNanoBookSubset(CNSocket *sock) { | static void sendNanoBook(CNSocket *sock, Player *plr, bool resizeOnly) { | ||||||
| #ifdef ACADEMY | #ifdef ACADEMY | ||||||
|     Player *plr = getPlayer(sock); |  | ||||||
|  |  | ||||||
|     int16_t id = 0; |     int16_t id = 0; | ||||||
|     INITSTRUCT(sP_FE2CL_REP_NANO_BOOK_SUBSET, pkt); |     INITSTRUCT(sP_FE2CL_REP_NANO_BOOK_SUBSET, pkt); | ||||||
|  |  | ||||||
|     pkt.PCUID = plr->iID; |     pkt.PCUID = plr->iID; | ||||||
|     pkt.bookSize = NANO_COUNT; |     pkt.bookSize = NANO_COUNT; | ||||||
|  |  | ||||||
|  |     if (resizeOnly) { | ||||||
|  |         // triggers nano array resizing without | ||||||
|  |         // actually sending nanos | ||||||
|  |         sock->sendPacket(pkt, P_FE2CL_REP_NANO_BOOK_SUBSET); | ||||||
|  |         return; | ||||||
|  |     } | ||||||
|  |  | ||||||
|     while (id < NANO_COUNT) { |     while (id < NANO_COUNT) { | ||||||
|         pkt.elementOffset = id; |         pkt.elementOffset = id; | ||||||
|  |  | ||||||
| @@ -295,27 +300,21 @@ static void enterPlayer(CNSocket* sock, CNPacketData* data) { | |||||||
|     sock->setFEKey(lm->FEKey); |     sock->setFEKey(lm->FEKey); | ||||||
|     sock->setActiveKey(SOCKETKEY_FE); // send all packets using the FE key from now on |     sock->setActiveKey(SOCKETKEY_FE); // send all packets using the FE key from now on | ||||||
|  |  | ||||||
|  |     // Academy builds receive nanos in a separate packet. An initial one with the size of the | ||||||
|  |     // nano book needs to be sent before PC_ENTER_SUCC so the client can resize its nano arrays, | ||||||
|  |     // and then proper packets with the nanos included must be sent after, while the game is loading. | ||||||
|  |     sendNanoBook(sock, plr, true); | ||||||
|  |  | ||||||
|     sock->sendPacket(response, P_FE2CL_REP_PC_ENTER_SUCC); |     sock->sendPacket(response, P_FE2CL_REP_PC_ENTER_SUCC); | ||||||
|  |  | ||||||
|     // transmit MOTD after entering the game, so the client hopefully changes modes on time |     sendNanoBook(sock, plr, false); | ||||||
|     Chat::sendServerMessage(sock, settings::MOTDSTRING); |  | ||||||
|  |  | ||||||
|     // transfer ownership of Player object into the shard (still valid in this function though) |     // transfer ownership of Player object into the shard (still valid in this function though) | ||||||
|     addPlayer(sock, plr); |     addPlayer(sock, plr); | ||||||
|  |  | ||||||
|     // check if there is an expiring vehicle |  | ||||||
|     Items::checkItemExpire(sock, plr); |  | ||||||
|  |  | ||||||
|     // set player equip stats |     // set player equip stats | ||||||
|     Items::setItemStats(plr); |     Items::setItemStats(plr); | ||||||
|  |  | ||||||
|     Missions::failInstancedMissions(sock); |  | ||||||
|  |  | ||||||
|     sendNanoBookSubset(sock); |  | ||||||
|  |  | ||||||
|     // initial buddy sync |  | ||||||
|     Buddies::refreshBuddyList(sock); |  | ||||||
|  |  | ||||||
|     for (auto& pair : players) |     for (auto& pair : players) | ||||||
|         if (pair.second->notify) |         if (pair.second->notify) | ||||||
|             Chat::sendServerMessage(pair.first, "[ADMIN]" + getPlayerName(plr) + " has joined."); |             Chat::sendServerMessage(pair.first, "[ADMIN]" + getPlayerName(plr) + " has joined."); | ||||||
| @@ -378,6 +377,17 @@ static void loadPlayer(CNSocket* sock, CNPacketData* data) { | |||||||
|  |  | ||||||
|         sock->sendPacket(pkt, P_FE2CL_INSTANCE_MAP_INFO); |         sock->sendPacket(pkt, P_FE2CL_INSTANCE_MAP_INFO); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     if (!plr->initialLoadDone) { | ||||||
|  |         // these should be called only once, but not until after | ||||||
|  |         // first load-in or else the client may ignore the packets | ||||||
|  |         Chat::sendServerMessage(sock, settings::MOTDSTRING); // MOTD | ||||||
|  |         Missions::failInstancedMissions(sock); // auto-fail missions | ||||||
|  |         Buddies::sendBuddyList(sock); // buddy list | ||||||
|  |         Items::checkItemExpire(sock, plr); // vehicle expiration | ||||||
|  |  | ||||||
|  |         plr->initialLoadDone = true; | ||||||
|  |     } | ||||||
| } | } | ||||||
|  |  | ||||||
| static void heartbeatPlayer(CNSocket* sock, CNPacketData* data) { | static void heartbeatPlayer(CNSocket* sock, CNPacketData* data) { | ||||||
|   | |||||||
| @@ -40,6 +40,7 @@ | |||||||
|  |  | ||||||
| // wrapper for U16toU8 | // wrapper for U16toU8 | ||||||
| #define ARRLEN(x) (sizeof(x)/sizeof(*x)) | #define ARRLEN(x) (sizeof(x)/sizeof(*x)) | ||||||
|  | #define AUTOU8(x) std::string((char*)x, ARRLEN(x)) | ||||||
| #define AUTOU16TOU8(x) U16toU8(x, ARRLEN(x))  | #define AUTOU16TOU8(x) U16toU8(x, ARRLEN(x))  | ||||||
|  |  | ||||||
| // TODO: rewrite U16toU8 & U8toU16 to not use codecvt | // TODO: rewrite U16toU8 & U8toU16 to not use codecvt | ||||||
|   | |||||||
| @@ -5,7 +5,7 @@ | |||||||
| #include <string> | #include <string> | ||||||
| #include <vector> | #include <vector> | ||||||
|  |  | ||||||
| #define DATABASE_VERSION 4 | #define DATABASE_VERSION 5 | ||||||
|  |  | ||||||
| namespace Database { | namespace Database { | ||||||
|  |  | ||||||
| @@ -53,6 +53,10 @@ namespace Database { | |||||||
|  |  | ||||||
|     void updateAccountLevel(int accountId, int accountLevel); |     void updateAccountLevel(int accountId, int accountLevel); | ||||||
|  |  | ||||||
|  |     // return true if cookie is valid for the account. | ||||||
|  |     // invalidates the stored cookie afterwards | ||||||
|  |     bool checkCookie(int accountId, const char *cookie); | ||||||
|  |  | ||||||
|     // interface for the /ban command |     // interface for the /ban command | ||||||
|     bool banPlayer(int playerId, std::string& reason); |     bool banPlayer(int playerId, std::string& reason); | ||||||
|     bool unbanPlayer(int playerId); |     bool unbanPlayer(int playerId); | ||||||
|   | |||||||
| @@ -98,6 +98,55 @@ void Database::updateAccountLevel(int accountId, int accountLevel) { | |||||||
|     sqlite3_finalize(stmt); |     sqlite3_finalize(stmt); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | bool Database::checkCookie(int accountId, const char *tryCookie) { | ||||||
|  |     std::lock_guard<std::mutex> lock(dbCrit); | ||||||
|  |  | ||||||
|  |     const char* sql_get = R"( | ||||||
|  |         SELECT Cookie | ||||||
|  |         FROM Auth | ||||||
|  |         WHERE AccountID = ? AND Expires > ?; | ||||||
|  |         )"; | ||||||
|  |  | ||||||
|  |     const char* sql_invalidate = R"( | ||||||
|  |         UPDATE Auth | ||||||
|  |         SET Expires = 0 | ||||||
|  |         WHERE AccountID = ?; | ||||||
|  |         )"; | ||||||
|  |  | ||||||
|  |     sqlite3_stmt* stmt; | ||||||
|  |  | ||||||
|  |     sqlite3_prepare_v2(db, sql_get, -1, &stmt, NULL); | ||||||
|  |     sqlite3_bind_int(stmt, 1, accountId); | ||||||
|  |     sqlite3_bind_int(stmt, 2, getTimestamp()); | ||||||
|  |     int rc = sqlite3_step(stmt); | ||||||
|  |     if (rc != SQLITE_ROW) { | ||||||
|  |         sqlite3_finalize(stmt); | ||||||
|  |         return false; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     const char *cookie = reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)); | ||||||
|  |     if (strlen(cookie) != strlen(tryCookie)) { | ||||||
|  |         sqlite3_finalize(stmt); | ||||||
|  |         return false; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /* | ||||||
|  |      * since cookies are immediately invalidated, we don't need to be concerned about | ||||||
|  |      * timing-related side channel attacks, so strcmp is fine here | ||||||
|  |      */ | ||||||
|  |     bool match = (strcmp(cookie, tryCookie) == 0); | ||||||
|  |     sqlite3_finalize(stmt); | ||||||
|  |  | ||||||
|  |     sqlite3_prepare_v2(db, sql_invalidate, -1, &stmt, NULL); | ||||||
|  |     sqlite3_bind_int(stmt, 1, accountId); | ||||||
|  |     rc = sqlite3_step(stmt); | ||||||
|  |     sqlite3_finalize(stmt); | ||||||
|  |     if (rc != SQLITE_DONE) | ||||||
|  |         std::cout << "[WARN] Database fail on checkCookie(): " << sqlite3_errmsg(db) << std::endl; | ||||||
|  |  | ||||||
|  |     return match; | ||||||
|  | } | ||||||
|  |  | ||||||
| void Database::updateSelected(int accountId, int slot) { | void Database::updateSelected(int accountId, int slot) { | ||||||
|     std::lock_guard<std::mutex> lock(dbCrit); |     std::lock_guard<std::mutex> lock(dbCrit); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -49,6 +49,7 @@ CNShardServer *shardServer = nullptr; | |||||||
| std::thread *shardThread = nullptr; | std::thread *shardThread = nullptr; | ||||||
|  |  | ||||||
| void startShard(CNShardServer* server) { | void startShard(CNShardServer* server) { | ||||||
|  |     sandbox_thread_start(); | ||||||
|     server->start(); |     server->start(); | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -150,6 +151,8 @@ int main() { | |||||||
|         /* not reached */ |         /* not reached */ | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     sandbox_init(); | ||||||
|  |  | ||||||
|     std::cout << "[INFO] Starting Server Threads..." << std::endl; |     std::cout << "[INFO] Starting Server Threads..." << std::endl; | ||||||
|     CNLoginServer loginServer(settings::LOGINPORT); |     CNLoginServer loginServer(settings::LOGINPORT); | ||||||
|     shardServer = new CNShardServer(settings::SHARDPORT); |     shardServer = new CNShardServer(settings::SHARDPORT); | ||||||
| @@ -157,6 +160,7 @@ int main() { | |||||||
|     shardThread = new std::thread(startShard, (CNShardServer*)shardServer); |     shardThread = new std::thread(startShard, (CNShardServer*)shardServer); | ||||||
|  |  | ||||||
|     sandbox_start(); |     sandbox_start(); | ||||||
|  |     sandbox_thread_start(); | ||||||
|  |  | ||||||
|     loginServer.start(); |     loginServer.start(); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -4,11 +4,16 @@ | |||||||
| #if defined(__linux__) || defined(__OpenBSD__) | #if defined(__linux__) || defined(__OpenBSD__) | ||||||
|  |  | ||||||
| # if !defined(CONFIG_NOSANDBOX) | # if !defined(CONFIG_NOSANDBOX) | ||||||
|  | void sandbox_init(); | ||||||
| void sandbox_start(); | void sandbox_start(); | ||||||
|  | void sandbox_thread_start(); | ||||||
| # else | # else | ||||||
|  |  | ||||||
| #include <iostream> | #include <iostream> | ||||||
|  |  | ||||||
|  | inline void sandbox_init() {} | ||||||
|  | inline void sandbox_thread_start() {} | ||||||
|  |  | ||||||
| inline void sandbox_start() { | inline void sandbox_start() { | ||||||
|     std::cout << "[WARN] Built without a sandbox" << std::endl; |     std::cout << "[WARN] Built without a sandbox" << std::endl; | ||||||
| } | } | ||||||
| @@ -17,5 +22,7 @@ inline void sandbox_start() { | |||||||
|  |  | ||||||
| #else | #else | ||||||
| // stub for unsupported platforms | // stub for unsupported platforms | ||||||
|  | inline void sandbox_init() {} | ||||||
| inline void sandbox_start() {} | inline void sandbox_start() {} | ||||||
|  | inline void sandbox_thread_start() {} | ||||||
| #endif | #endif | ||||||
|   | |||||||
| @@ -13,6 +13,9 @@ static void eunveil(const char *path, const char *permissions) { | |||||||
|         err(1, "unveil"); |         err(1, "unveil"); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | void sandbox_init() {} | ||||||
|  | void sandbox_thread_start() {} | ||||||
|  |  | ||||||
| void sandbox_start() { | void sandbox_start() { | ||||||
|     /* |     /* | ||||||
|      * There shouldn't ever be a reason to disable this one, but might as well |      * There shouldn't ever be a reason to disable this one, but might as well | ||||||
|   | |||||||
| @@ -4,6 +4,9 @@ | |||||||
| #include "settings.hpp" | #include "settings.hpp" | ||||||
|  |  | ||||||
| #include <stdlib.h> | #include <stdlib.h> | ||||||
|  | #include <fcntl.h> | ||||||
|  |  | ||||||
|  | #include <filesystem> | ||||||
|  |  | ||||||
| #include <sys/prctl.h> | #include <sys/prctl.h> | ||||||
| #include <sys/ptrace.h> | #include <sys/ptrace.h> | ||||||
| @@ -17,6 +20,10 @@ | |||||||
| #include <linux/audit.h> | #include <linux/audit.h> | ||||||
| #include <linux/net.h> // for socketcall() args | #include <linux/net.h> // for socketcall() args | ||||||
|  |  | ||||||
|  | #ifndef CONFIG_NOLANDLOCK | ||||||
|  | #include <linux/landlock.h> | ||||||
|  | #endif | ||||||
|  |  | ||||||
| /* | /* | ||||||
|  * Macros adapted from https://outflux.net/teach-seccomp/ |  * Macros adapted from https://outflux.net/teach-seccomp/ | ||||||
|  * Relevant license: |  * Relevant license: | ||||||
| @@ -54,7 +61,7 @@ | |||||||
|     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) |     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) | ||||||
|  |  | ||||||
| #define KILL_PROCESS \ | #define KILL_PROCESS \ | ||||||
|     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_PROCESS) |     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP) | ||||||
|  |  | ||||||
| /* | /* | ||||||
|  * Macros adapted from openssh's sandbox-seccomp-filter.c |  * Macros adapted from openssh's sandbox-seccomp-filter.c | ||||||
| @@ -297,25 +304,201 @@ static sock_fprog prog = { | |||||||
|     ARRLEN(filter), filter |     ARRLEN(filter), filter | ||||||
| }; | }; | ||||||
|  |  | ||||||
| // our own wrapper for the seccomp() syscall | // Our own wrapper for the seccomp() syscall. | ||||||
| int seccomp(unsigned int operation, unsigned int flags, void *args) { | int seccomp(unsigned int operation, unsigned int flags, void *args) { | ||||||
|     return syscall(__NR_seccomp, operation, flags, args); |     return syscall(__NR_seccomp, operation, flags, args); | ||||||
| } | } | ||||||
|  |  | ||||||
| void sandbox_start() { | #ifndef CONFIG_NOLANDLOCK | ||||||
|  |  | ||||||
|  | // Support compilation on systems that only have older Landlock headers. | ||||||
|  | #ifndef LANDLOCK_ACCESS_FS_REFER | ||||||
|  | #define LANDLOCK_ACCESS_FS_REFER 0 | ||||||
|  | #endif | ||||||
|  | #ifndef LANDLOCK_ACCESS_FS_TRUNCATE | ||||||
|  | #define LANDLOCK_ACCESS_FS_TRUNCATE 0 | ||||||
|  | #endif | ||||||
|  |  | ||||||
|  | struct landlock_ruleset_attr ruleset_attr = { | ||||||
|  |     .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | ||||||
|  |         | LANDLOCK_ACCESS_FS_WRITE_FILE | ||||||
|  |         | LANDLOCK_ACCESS_FS_READ_DIR | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_REG | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_DIR | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_SYM | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_SOCK | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_FIFO | ||||||
|  |         | LANDLOCK_ACCESS_FS_MAKE_BLOCK | ||||||
|  |         | LANDLOCK_ACCESS_FS_REMOVE_FILE | ||||||
|  |         | LANDLOCK_ACCESS_FS_REMOVE_DIR | ||||||
|  |         | LANDLOCK_ACCESS_FS_TRUNCATE | ||||||
|  |         | LANDLOCK_ACCESS_FS_REFER | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | uint64_t landlock_perms = LANDLOCK_ACCESS_FS_READ_FILE | ||||||
|  |     | LANDLOCK_ACCESS_FS_WRITE_FILE | ||||||
|  |     | LANDLOCK_ACCESS_FS_TRUNCATE | ||||||
|  |     | LANDLOCK_ACCESS_FS_MAKE_REG | ||||||
|  |     | LANDLOCK_ACCESS_FS_REMOVE_FILE; | ||||||
|  |  | ||||||
|  | int landlock_fd; | ||||||
|  | bool landlock_supported; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * Our own wrappers for Landlock syscalls. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | int landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size, uint32_t flags) { | ||||||
|  |     return syscall(__NR_landlock_create_ruleset, attr, size, flags); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | int landlock_add_rule(int ruleset_fd, enum landlock_rule_type rule_type, const void *rule_attr, uint32_t flags) { | ||||||
|  |     return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, flags); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | int landlock_restrict_self(int ruleset_fd, uint32_t flags) { | ||||||
|  |     return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | static void landlock_path(std::string path, uint32_t perms) { | ||||||
|  |     struct landlock_path_beneath_attr path_beneath = { | ||||||
|  |         .allowed_access = perms | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     path_beneath.parent_fd = open(path.c_str(), O_PATH|O_CLOEXEC); | ||||||
|  |     if (path_beneath.parent_fd < 0) { | ||||||
|  |         perror(path.c_str()); | ||||||
|  |         exit(1); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     if (landlock_add_rule(landlock_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0)) { | ||||||
|  |         perror("landlock_add_rule"); | ||||||
|  |         exit(1); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     close(path_beneath.parent_fd); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | static bool landlock_detect() { | ||||||
|  |     int abi = landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION); | ||||||
|  |  | ||||||
|  |     if (abi < 0) { | ||||||
|  |         if (errno == ENOSYS || errno == EOPNOTSUPP) { | ||||||
|  |             std::cout << "[WARN] No Landlock support on this system" << std::endl; | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         perror("landlock_create_ruleset"); | ||||||
|  |         exit(1); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     std::cout << "[INFO] Landlock ABI version: " << abi << std::endl; | ||||||
|  |  | ||||||
|  |     switch (abi) { | ||||||
|  |     case 1: | ||||||
|  |         ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER; | ||||||
|  |         landlock_perms &= ~LANDLOCK_ACCESS_FS_REFER; | ||||||
|  |         // fallthrough | ||||||
|  |     case 2: | ||||||
|  |         ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE; | ||||||
|  |         landlock_perms &= ~LANDLOCK_ACCESS_FS_TRUNCATE; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     return true; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | static void landlock_init() { | ||||||
|  |     std::cout << "[INFO] Setting up Landlock sandbox..." << std::endl; | ||||||
|  |  | ||||||
|  |     landlock_supported = landlock_detect(); | ||||||
|  |  | ||||||
|  |     if (!landlock_supported) | ||||||
|  |         return; | ||||||
|  |  | ||||||
|  |     landlock_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); | ||||||
|  |     if (landlock_fd < 0) { | ||||||
|  |         perror("landlock_create_ruleset"); | ||||||
|  |         exit(1); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     std::string dbdir = std::filesystem::path(settings::DBPATH).parent_path(); | ||||||
|  |  | ||||||
|  |     // for the DB files (we can't rely on them being in the working directory) | ||||||
|  |     landlock_path(dbdir == "" ? "." : dbdir, landlock_perms); | ||||||
|  |     // for writing the gruntwork file | ||||||
|  |     landlock_path(settings::TDATADIR, landlock_perms); | ||||||
|  |     // for passowrd salting during account creation | ||||||
|  |     landlock_path("/dev/urandom", LANDLOCK_ACCESS_FS_READ_FILE); | ||||||
|  |     // for core dumps, optionally | ||||||
|  |     if (settings::SANDBOXEXTRAPATH != "") | ||||||
|  |         landlock_path(settings::SANDBOXEXTRAPATH, landlock_perms); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | #endif // !CONFIG_NOLANDLOCK | ||||||
|  |  | ||||||
|  | static void sigsys_handler(int signo, siginfo_t *info, void *context) { | ||||||
|  |     // report the unhandled syscall | ||||||
|  |     std::cout << "[FATAL] Unhandled syscall " << info->si_syscall | ||||||
|  |        << " at " << std::hex << info->si_call_addr << " on arch " << info->si_arch << std::endl; | ||||||
|  |  | ||||||
|  |     std::cout << "If you're unsure why this is happening, please read https://openfusion.dev/docs/development/the-sandbox/" << std::endl | ||||||
|  |               << "for more information and possibly open an issue at https://github.com/OpenFusionProject/OpenFusion/issues to report" | ||||||
|  |               << " needed changes in our seccomp filter." << std::endl; | ||||||
|  |  | ||||||
|  |     exit(1); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | void sandbox_init() { | ||||||
|     if (!settings::SANDBOX) { |     if (!settings::SANDBOX) { | ||||||
|         std::cout << "[WARN] Running without a sandbox" << std::endl; |         std::cout << "[WARN] Running without a sandbox" << std::endl; | ||||||
|         return; |         return; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // listen to SIGSYS to report unhandled syscalls | ||||||
|  |     struct sigaction sa = {}; | ||||||
|  |  | ||||||
|  |     sa.sa_flags = SA_SIGINFO; | ||||||
|  |     sa.sa_sigaction = sigsys_handler; | ||||||
|  |  | ||||||
|  |     if (sigaction(SIGSYS, &sa, NULL) < 0) { | ||||||
|  |         perror("sigaction"); | ||||||
|  |         exit(1); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  | #ifndef CONFIG_NOLANDLOCK | ||||||
|  |     landlock_init(); | ||||||
|  | #else | ||||||
|  |     std::cout << "[WARN] Built without Landlock" << std::endl; | ||||||
|  | #endif | ||||||
|  | } | ||||||
|  |  | ||||||
|  | void sandbox_start() { | ||||||
|  |     if (!settings::SANDBOX) | ||||||
|  |         return; | ||||||
|  |  | ||||||
|     std::cout << "[INFO] Starting seccomp-bpf sandbox..." << std::endl; |     std::cout << "[INFO] Starting seccomp-bpf sandbox..." << std::endl; | ||||||
|  |  | ||||||
|  |     // Sandboxing starts in sandbox_thread_start(). | ||||||
|  | } | ||||||
|  |  | ||||||
|  | void sandbox_thread_start() { | ||||||
|  |     if (!settings::SANDBOX) | ||||||
|  |         return; | ||||||
|  |  | ||||||
|     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { |     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { | ||||||
|         perror("prctl"); |         perror("prctl"); | ||||||
|         exit(1); |         exit(1); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     if (seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, &prog) < 0) { | #ifndef CONFIG_NOLANDLOCK | ||||||
|  |     if (landlock_supported) { | ||||||
|  |         if (landlock_restrict_self(landlock_fd, 0)) { | ||||||
|  |             perror("landlock_restrict_self"); | ||||||
|  |             exit(1); | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | #endif | ||||||
|  |  | ||||||
|  |     if (seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog) < 0) { | ||||||
|         perror("seccomp"); |         perror("seccomp"); | ||||||
|         exit(1); |         exit(1); | ||||||
|     } |     } | ||||||
|   | |||||||
| @@ -105,57 +105,95 @@ void loginFail(LoginError errorCode, std::string userLogin, CNSocket* sock) { | |||||||
|  |  | ||||||
| void CNLoginServer::login(CNSocket* sock, CNPacketData* data) { | void CNLoginServer::login(CNSocket* sock, CNPacketData* data) { | ||||||
|     auto login = (sP_CL2LS_REQ_LOGIN*)data->buf; |     auto login = (sP_CL2LS_REQ_LOGIN*)data->buf; | ||||||
|     // TODO: implement better way of sending credentials |  | ||||||
|     std::string userLogin((char*)login->szCookie_TEGid); |     std::string userLogin; | ||||||
|     std::string userPassword((char*)login->szCookie_authid); |     std::string userToken; // could be password or auth cookie | ||||||
|  |  | ||||||
|     /* |     /* | ||||||
|      * Sometimes the client sends garbage cookie data. |      * The std::string -> char* -> std::string maneuver should remove any | ||||||
|      * Validate it as normal credentials instead of using a length check before falling back. |      * trailing garbage after the null terminator. | ||||||
|      */ |      */ | ||||||
|     if (!CNLoginServer::isLoginDataGood(userLogin, userPassword)) { |     if (login->iLoginType == (int32_t)LoginType::COOKIE) { | ||||||
|         /* |         userLogin = std::string(AUTOU8(login->szCookie_TEGid).c_str()); | ||||||
|          * The std::string -> char* -> std::string maneuver should remove any |         userToken = std::string(AUTOU8(login->szCookie_authid).c_str()); | ||||||
|          * trailing garbage after the null terminator. |     } else { | ||||||
|          */ |  | ||||||
|         userLogin = std::string(AUTOU16TOU8(login->szID).c_str()); |         userLogin = std::string(AUTOU16TOU8(login->szID).c_str()); | ||||||
|         userPassword = std::string(AUTOU16TOU8(login->szPassword).c_str()); |         userToken = std::string(AUTOU16TOU8(login->szPassword).c_str()); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     // the client inserts a "\n" in the password if you press enter key in the middle of the password |     // check username regex | ||||||
|     // (not at the start or the end of the password field) |     if (!CNLoginServer::isUsernameGood(userLogin)) { | ||||||
|     if (int(userPassword.find("\n")) > 0) |  | ||||||
|         userPassword.erase(userPassword.find("\n"), 1); |  | ||||||
|  |  | ||||||
|     // check regex |  | ||||||
|     if (!CNLoginServer::isLoginDataGood(userLogin, userPassword)) { |  | ||||||
|         // send a custom error message |         // send a custom error message | ||||||
|         INITSTRUCT(sP_FE2CL_GM_REP_PC_ANNOUNCE, msg); |         INITSTRUCT(sP_FE2CL_GM_REP_PC_ANNOUNCE, msg); | ||||||
|         std::string text = "Invalid login or password\n"; |         std::string text = "Invalid login\n"; | ||||||
|         text += "Login has to be 4 - 32 characters long and can't contain special characters other than dash and underscore\n"; |         text += "Login has to be 4 - 32 characters long and can't contain special characters other than dash and underscore"; | ||||||
|         text += "Password has to be 8 - 32 characters long";           |  | ||||||
|         U8toU16(text, msg.szAnnounceMsg, sizeof(msg.szAnnounceMsg)); |         U8toU16(text, msg.szAnnounceMsg, sizeof(msg.szAnnounceMsg)); | ||||||
|         msg.iDuringTime = 15; |         msg.iDuringTime = 10; | ||||||
|         sock->sendPacket(msg, P_FE2CL_GM_REP_PC_ANNOUNCE); |         sock->sendPacket(msg, P_FE2CL_GM_REP_PC_ANNOUNCE); | ||||||
|  |  | ||||||
|         // we still have to send login fail to prevent softlock |         // we still have to send login fail to prevent softlock | ||||||
|         return loginFail(LoginError::LOGIN_ERROR, userLogin, sock); |         return loginFail(LoginError::LOGIN_ERROR, userLogin, sock); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // we only interpret the token as a cookie if cookie login was used and it's allowed. | ||||||
|  |     // otherwise we interpret it as a password, and this maintains compatibility with | ||||||
|  |     // the auto-login trick used on older clients | ||||||
|  |     bool isCookieAuth = login->iLoginType == (int32_t)LoginType::COOKIE | ||||||
|  |                         && CNLoginServer::isLoginTypeAllowed(LoginType::COOKIE); | ||||||
|  |  | ||||||
|  |     // password login checks | ||||||
|  |     if (!isCookieAuth) { | ||||||
|  |         // bail if password auth isn't allowed | ||||||
|  |         if (!CNLoginServer::isLoginTypeAllowed(LoginType::PASSWORD)) { | ||||||
|  |             // send a custom error message | ||||||
|  |             INITSTRUCT(sP_FE2CL_GM_REP_PC_ANNOUNCE, msg); | ||||||
|  |             std::string text = "Password login disabled\n"; | ||||||
|  |             text += "This server has disabled logging in with plaintext passwords.\n"; | ||||||
|  |             text += "Please contact an admin for assistance."; | ||||||
|  |             U8toU16(text, msg.szAnnounceMsg, sizeof(msg.szAnnounceMsg)); | ||||||
|  |             msg.iDuringTime = 12; | ||||||
|  |             sock->sendPacket(msg, P_FE2CL_GM_REP_PC_ANNOUNCE); | ||||||
|  |  | ||||||
|  |             // we still have to send login fail to prevent softlock | ||||||
|  |             return loginFail(LoginError::LOGIN_ERROR, userLogin, sock); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         // check regex | ||||||
|  |         if (!CNLoginServer::isPasswordGood(userToken)) { | ||||||
|  |             // send a custom error message | ||||||
|  |             INITSTRUCT(sP_FE2CL_GM_REP_PC_ANNOUNCE, msg); | ||||||
|  |             std::string text = "Invalid password\n"; | ||||||
|  |             text += "Password has to be 8 - 32 characters long"; | ||||||
|  |             U8toU16(text, msg.szAnnounceMsg, sizeof(msg.szAnnounceMsg)); | ||||||
|  |             msg.iDuringTime = 10; | ||||||
|  |             sock->sendPacket(msg, P_FE2CL_GM_REP_PC_ANNOUNCE); | ||||||
|  |  | ||||||
|  |             // we still have to send login fail to prevent softlock | ||||||
|  |             return loginFail(LoginError::LOGIN_ERROR, userLogin, sock); | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  |  | ||||||
|     Database::Account findUser = {}; |     Database::Account findUser = {}; | ||||||
|     Database::findAccount(&findUser, userLogin); |     Database::findAccount(&findUser, userLogin); | ||||||
|      |      | ||||||
|     // account was not found |     // account was not found | ||||||
|     if (findUser.AccountID == 0) { |     if (findUser.AccountID == 0) { | ||||||
|         if (settings::AUTOCREATEACCOUNTS) |         // don't auto-create an account if it's a cookie auth for whatever reason | ||||||
|             return newAccount(sock, userLogin, userPassword, login->iClientVerC); |         if (settings::AUTOCREATEACCOUNTS && !isCookieAuth) | ||||||
|  |             return newAccount(sock, userLogin, userToken, login->iClientVerC); | ||||||
|  |  | ||||||
|         return loginFail(LoginError::ID_DOESNT_EXIST, userLogin, sock); |         return loginFail(LoginError::ID_DOESNT_EXIST, userLogin, sock); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     if (!CNLoginServer::isPasswordCorrect(findUser.Password, userPassword)) |     if (isCookieAuth) { | ||||||
|         return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock); |         const char *cookie = userToken.c_str(); | ||||||
|  |         if (!Database::checkCookie(findUser.AccountID, cookie)) | ||||||
|  |             return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock); | ||||||
|  |     } else { | ||||||
|  |         // simple password check | ||||||
|  |         if (!CNLoginServer::isPasswordCorrect(findUser.Password, userToken)) | ||||||
|  |             return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // is the account banned |     // is the account banned | ||||||
|     if (findUser.BannedUntil > getTimestamp()) { |     if (findUser.BannedUntil > getTimestamp()) { | ||||||
| @@ -621,11 +659,14 @@ bool CNLoginServer::exitDuplicate(int accountId) { | |||||||
|     return false; |     return false; | ||||||
| } | } | ||||||
|  |  | ||||||
| bool CNLoginServer::isLoginDataGood(std::string login, std::string password) { | bool CNLoginServer::isUsernameGood(std::string login) { | ||||||
|     std::regex loginRegex("[a-zA-Z0-9_-]{4,32}"); |     const std::regex loginRegex("[a-zA-Z0-9_-]{4,32}"); | ||||||
|     std::regex passwordRegex("[a-zA-Z0-9!@#$%^&*()_+]{8,32}"); |     return (std::regex_match(login, loginRegex)); | ||||||
|  | } | ||||||
|  |  | ||||||
|     return (std::regex_match(login, loginRegex) && std::regex_match(password, passwordRegex)); | bool CNLoginServer::isPasswordGood(std::string password) { | ||||||
|  |     const std::regex passwordRegex("[a-zA-Z0-9!@#$%^&*()_+]{8,32}"); | ||||||
|  |     return (std::regex_match(password, passwordRegex)); | ||||||
| } | } | ||||||
|  |  | ||||||
| bool CNLoginServer::isPasswordCorrect(std::string actualPassword, std::string tryPassword) { | bool CNLoginServer::isPasswordCorrect(std::string actualPassword, std::string tryPassword) { | ||||||
| @@ -638,4 +679,17 @@ bool CNLoginServer::isCharacterNameGood(std::string Firstname, std::string Lastn | |||||||
|     std::regex lastnamecheck(R"(((?! )(?!\.)[a-zA-Z0-9]*\.{0,1}(?!\.+ +)[a-zA-Z0-9]* {0,1}(?! +))*$)"); |     std::regex lastnamecheck(R"(((?! )(?!\.)[a-zA-Z0-9]*\.{0,1}(?!\.+ +)[a-zA-Z0-9]* {0,1}(?! +))*$)"); | ||||||
|     return (std::regex_match(Firstname, firstnamecheck) && std::regex_match(Lastname, lastnamecheck)); |     return (std::regex_match(Firstname, firstnamecheck) && std::regex_match(Lastname, lastnamecheck)); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | bool CNLoginServer::isLoginTypeAllowed(LoginType loginType) { | ||||||
|  |     // the config file specifies "comma-separated" but tbh we don't care | ||||||
|  |     switch (loginType) { | ||||||
|  |     case LoginType::PASSWORD: | ||||||
|  |         return settings::AUTHMETHODS.find("password") != std::string::npos; | ||||||
|  |     case LoginType::COOKIE: | ||||||
|  |         return settings::AUTHMETHODS.find("cookie") != std::string::npos; | ||||||
|  |     default: | ||||||
|  |         break; | ||||||
|  |     } | ||||||
|  |     return false; | ||||||
|  | } | ||||||
| #pragma endregion | #pragma endregion | ||||||
|   | |||||||
| @@ -23,6 +23,11 @@ enum class LoginError { | |||||||
|     UPDATED_EUALA_REQUIRED = 9 |     UPDATED_EUALA_REQUIRED = 9 | ||||||
| }; | }; | ||||||
|  |  | ||||||
|  | enum class LoginType { | ||||||
|  |     PASSWORD = 1, | ||||||
|  |     COOKIE = 2 | ||||||
|  | }; | ||||||
|  |  | ||||||
| // WARNING: THERE CAN ONLY BE ONE OF THESE SERVERS AT A TIME!!!!!! TODO: change loginSessions & packet handlers to be non-static | // WARNING: THERE CAN ONLY BE ONE OF THESE SERVERS AT A TIME!!!!!! TODO: change loginSessions & packet handlers to be non-static | ||||||
| class CNLoginServer : public CNServer { | class CNLoginServer : public CNServer { | ||||||
| private: | private: | ||||||
| @@ -39,10 +44,12 @@ private: | |||||||
|     static void changeName(CNSocket* sock, CNPacketData* data); |     static void changeName(CNSocket* sock, CNPacketData* data); | ||||||
|     static void duplicateExit(CNSocket* sock, CNPacketData* data); |     static void duplicateExit(CNSocket* sock, CNPacketData* data); | ||||||
|  |  | ||||||
|     static bool isLoginDataGood(std::string login, std::string password); |     static bool isUsernameGood(std::string login); | ||||||
|  |     static bool isPasswordGood(std::string password); | ||||||
|     static bool isPasswordCorrect(std::string actualPassword, std::string tryPassword); |     static bool isPasswordCorrect(std::string actualPassword, std::string tryPassword); | ||||||
|     static bool isAccountInUse(int accountId); |     static bool isAccountInUse(int accountId); | ||||||
|     static bool isCharacterNameGood(std::string Firstname, std::string Lastname); |     static bool isCharacterNameGood(std::string Firstname, std::string Lastname); | ||||||
|  |     static bool isLoginTypeAllowed(LoginType loginType); | ||||||
|     static void newAccount(CNSocket* sock, std::string userLogin, std::string userPassword, int32_t clientVerC); |     static void newAccount(CNSocket* sock, std::string userLogin, std::string userPassword, int32_t clientVerC); | ||||||
|     // returns true if success |     // returns true if success | ||||||
|     static bool exitDuplicate(int accountId); |     static bool exitDuplicate(int accountId); | ||||||
|   | |||||||
| @@ -9,10 +9,12 @@ | |||||||
| // defaults :) | // defaults :) | ||||||
| int settings::VERBOSITY = 1; | int settings::VERBOSITY = 1; | ||||||
| bool settings::SANDBOX = true; | bool settings::SANDBOX = true; | ||||||
|  | std::string settings::SANDBOXEXTRAPATH = ""; | ||||||
|  |  | ||||||
| int settings::LOGINPORT = 23000; | int settings::LOGINPORT = 23000; | ||||||
| bool settings::APPROVEALLNAMES = true; | bool settings::APPROVEALLNAMES = true; | ||||||
| bool settings::AUTOCREATEACCOUNTS = true; | bool settings::AUTOCREATEACCOUNTS = true; | ||||||
|  | std::string settings::AUTHMETHODS = "password"; | ||||||
| int settings::DBSAVEINTERVAL = 240; | int settings::DBSAVEINTERVAL = 240; | ||||||
|  |  | ||||||
| int settings::SHARDPORT = 23001; | int settings::SHARDPORT = 23001; | ||||||
| @@ -84,9 +86,11 @@ void settings::init() { | |||||||
|  |  | ||||||
|     VERBOSITY = reader.GetInteger("", "verbosity", VERBOSITY); |     VERBOSITY = reader.GetInteger("", "verbosity", VERBOSITY); | ||||||
|     SANDBOX = reader.GetBoolean("", "sandbox", SANDBOX); |     SANDBOX = reader.GetBoolean("", "sandbox", SANDBOX); | ||||||
|  |     SANDBOXEXTRAPATH = reader.Get("", "sandboxextrapath", SANDBOXEXTRAPATH); | ||||||
|     LOGINPORT = reader.GetInteger("login", "port", LOGINPORT); |     LOGINPORT = reader.GetInteger("login", "port", LOGINPORT); | ||||||
|     APPROVEALLNAMES = reader.GetBoolean("login", "acceptallcustomnames", APPROVEALLNAMES); |     APPROVEALLNAMES = reader.GetBoolean("login", "acceptallcustomnames", APPROVEALLNAMES); | ||||||
|     AUTOCREATEACCOUNTS = reader.GetBoolean("login", "autocreateaccounts", AUTOCREATEACCOUNTS); |     AUTOCREATEACCOUNTS = reader.GetBoolean("login", "autocreateaccounts", AUTOCREATEACCOUNTS); | ||||||
|  |     AUTHMETHODS = reader.Get("login", "authmethods", AUTHMETHODS); | ||||||
|     DBSAVEINTERVAL = reader.GetInteger("login", "dbsaveinterval", DBSAVEINTERVAL); |     DBSAVEINTERVAL = reader.GetInteger("login", "dbsaveinterval", DBSAVEINTERVAL); | ||||||
|     SHARDPORT = reader.GetInteger("shard", "port", SHARDPORT); |     SHARDPORT = reader.GetInteger("shard", "port", SHARDPORT); | ||||||
|     SHARDSERVERIP = reader.Get("shard", "ip", SHARDSERVERIP); |     SHARDSERVERIP = reader.Get("shard", "ip", SHARDSERVERIP); | ||||||
|   | |||||||
| @@ -5,9 +5,11 @@ | |||||||
| namespace settings { | namespace settings { | ||||||
|     extern int VERBOSITY; |     extern int VERBOSITY; | ||||||
|     extern bool SANDBOX; |     extern bool SANDBOX; | ||||||
|  |     extern std::string SANDBOXEXTRAPATH; | ||||||
|     extern int LOGINPORT; |     extern int LOGINPORT; | ||||||
|     extern bool APPROVEALLNAMES; |     extern bool APPROVEALLNAMES; | ||||||
|     extern bool AUTOCREATEACCOUNTS; |     extern bool AUTOCREATEACCOUNTS; | ||||||
|  |     extern std::string AUTHMETHODS; | ||||||
|     extern int DBSAVEINTERVAL; |     extern int DBSAVEINTERVAL; | ||||||
|     extern int SHARDPORT; |     extern int SHARDPORT; | ||||||
|     extern std::string SHARDSERVERIP; |     extern std::string SHARDSERVERIP; | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								tdata
									
									
									
									
									
								
							
							
								
								
								
								
								
							
						
						
									
										2
									
								
								tdata
									
									
									
									
									
								
							 Submodule tdata updated: 8c98c83682...bdb611b092
									
								
							
							
								
								
									
										8
									
								
								vendor/bcrypt/bcrypt.c
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/bcrypt/bcrypt.c
									
									
									
									
										vendored
									
									
								
							| @@ -22,13 +22,14 @@ | |||||||
| #endif | #endif | ||||||
| #include <errno.h> | #include <errno.h> | ||||||
|  |  | ||||||
| #if defined(_WIN32) || defined(_WIN64) |  | ||||||
| // On windows we need to generate random bytes differently. |  | ||||||
| #if defined(_WIN32) && !defined(_WIN64) | #if defined(_WIN32) && !defined(_WIN64) | ||||||
| typedef __int32 ssize_t; | typedef __int32 ssize_t; | ||||||
| #elif defined(_WIN32) && defined(_WIN64) | #elif defined(_WIN32) && defined(_WIN64) | ||||||
| typedef __int64 ssize_t; | typedef __int64 ssize_t; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|  | #if defined(_WIN32) || defined(_WIN64) | ||||||
|  | // On windows we need to generate random bytes differently. | ||||||
| #define BCRYPT_HASHSIZE 60 | #define BCRYPT_HASHSIZE 60 | ||||||
|  |  | ||||||
| #include "bcrypt.h" | #include "bcrypt.h" | ||||||
| @@ -37,9 +38,10 @@ typedef __int64 ssize_t; | |||||||
| #include <wincrypt.h> /* CryptAcquireContext, CryptGenRandom */ | #include <wincrypt.h> /* CryptAcquireContext, CryptGenRandom */ | ||||||
| #else | #else | ||||||
| #include "bcrypt.h" | #include "bcrypt.h" | ||||||
| #include "ow-crypt.h" |  | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|  | #include "ow-crypt.h" | ||||||
|  |  | ||||||
| #define RANDBYTES (16) | #define RANDBYTES (16) | ||||||
|  |  | ||||||
| static int try_close(int fd) | static int try_close(int fd) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user