Arma 3 CfgRemoteExec

From Bohemia Interactive Community
Jump to navigation Jump to search
Introduced with Arma 3 version 1.501.50

Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.


Format

class CfgRemoteExec
{
	// List of Functions allowed to be sent from client via remoteExec
	class Functions
	{
		// RemoteExec modes:
		// 0 - disabled
		// 1 - allowed, taking whitelist into account
		// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
		mode = 2;

		// Ability to send JIP messages:
		// 0 - disable JIP messages
		// 1 - allow JIP messages (default)
		jip = 1;

		class BIS_fnc_aFunction
		{
			// Remote Execution from clients:
			// 0 - allowed on other clients and server (default)
			// 1 - allowed on other clients only
			// 2 - allowed on server only
			// any other value will be treated as 0
			allowedTargets = 0;

			// overrides the global Functions setting for this function
			jip = 0;
		};
	};

	// List of Commands allowed to be sent from client via remoteExec
	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
		// etc
	};
};


Safe Config

This config only allows needed default game functions - see Notes below.

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	// whitelist
		jip = 0;	// JIP not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar						{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; // allow debug console - optional
*/
	};
};


initPlayerServer.sqf

If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions:

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};
class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

and have it run from init.sqf: if (hasInterface) then { [] spawn { waitUntil { not isNull player }; [player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2]; }; };


Default Config

The default CfgRemoteExec in game's main config has outdated format and is left for backward compatibility only.

It was used by the old BIS_fnc_MP directly. Classes Client and Server are obsolete.

The new RemoteExec mechanics ignores it and by default all functions and commands are allowed.

This is the default config.cpp entry (obsolete): Show text


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
    class BIS_fnc_effectKilledAirDestruction {};
    class BIS_fnc_effectKilledSecondaries {};
    class BIS_fnc_objectVar {};
    class BIS_fnc_setCustomSoundController {};
    
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.