diff --git a/Content.Server.Database/Model.cs b/Content.Server.Database/Model.cs index bd62bdda9b..88d0a582b2 100644 --- a/Content.Server.Database/Model.cs +++ b/Content.Server.Database/Model.cs @@ -987,6 +987,8 @@ namespace Content.Server.Database BabyJail = 4, /// Results from rejected connections with external API checking tools IPChecks = 5, + /// Results from rejected connections who are authenticated but have no modern hwid associated with them. + NoHwid = 6 } public class ServerBanHit diff --git a/Content.Server/Connection/ConnectionManager.cs b/Content.Server/Connection/ConnectionManager.cs index bc0f06de98..dbc43ac47a 100644 --- a/Content.Server/Connection/ConnectionManager.cs +++ b/Content.Server/Connection/ConnectionManager.cs @@ -220,6 +220,11 @@ namespace Content.Server.Connection var modernHwid = e.UserData.ModernHWIds; + if (modernHwid.Length == 0 && e.AuthType == LoginType.LoggedIn && _cfg.GetCVar(CCVars.RequireModernHardwareId)) + { + return (ConnectionDenyReason.NoHwid, Loc.GetString("hwid-required"), null); + } + var bans = await _db.GetServerBansAsync(addr, userId, hwId, modernHwid, includeUnbanned: false); if (bans.Count > 0) { diff --git a/Content.Shared/CCVar/CCVars.Admin.cs b/Content.Shared/CCVar/CCVars.Admin.cs index f05eb3376e..7f26106ff1 100644 --- a/Content.Shared/CCVar/CCVars.Admin.cs +++ b/Content.Shared/CCVar/CCVars.Admin.cs @@ -183,6 +183,12 @@ public sealed partial class CCVars public static readonly CVarDef BanHardwareIds = CVarDef.Create("ban.hardware_ids", true, CVar.SERVERONLY); + /// + /// Determines if we'll reject connections from clients who don't have a modern hwid. + /// + public static readonly CVarDef RequireModernHardwareId = + CVarDef.Create("admin.require_modern_hwid", true, CVar.SERVERONLY); + /// /// If true, players are allowed to connect to multiple game servers at once. /// If false, they will be kicked from the first when connecting to another. diff --git a/Resources/Locale/en-US/connection-messages.ftl b/Resources/Locale/en-US/connection-messages.ftl index 3d41049fd4..befe646676 100644 --- a/Resources/Locale/en-US/connection-messages.ftl +++ b/Resources/Locale/en-US/connection-messages.ftl @@ -60,3 +60,5 @@ generic-misconfigured = The server is misconfigured and is not accepting players ipintel-server-ratelimited = This server uses a security system with external verification, which has reached its maximum verification limit. Please contact the administration team of the server for assistance and try again later. ipintel-unknown = This server uses a security system with external verification, but it encountered an error. Please contact the administration team of the server for assistance and try again later. ipintel-suspicious = You seem to be connecting through a datacenter or VPN. For administrative reasons we do not allow VPN connections to play. Please contact the administration team of the server for assistance if you believe this is false. + +hwid-required = Your client has refused to send a hardware id. Please contact the administration team for further assistance.