CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
Line 45: Line 45:
== Default Config ==
== Default Config ==


By default all functions and commands are allowed. This is default [[config.cpp]] entry:
<b>The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only</b>. It was used by the old [[BIS_fnc_MP]] directly. The classes <tt>Client</tt> and <tt>Server</tt> are obsolete. The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed. This is default [[config.cpp]] entry:


<syntaxhighlight lang=cpp>
<syntaxhighlight lang=cpp>

Revision as of 07:11, 9 October 2019

Arma 3 logo black.png1.50

Description

Class containing a list of all scripted functions and commands which can be remotely executed by BIS_fnc_MP / remoteExec / remoteExecCall on server or client machines. Can be defined in main config.cpp or in campaign or mission description.ext. Mission or campaign config overrides main config.

Format

class CfgRemoteExec
{
	// List of script functions allowed to be sent from client via remoteExec
	class Functions
	{
		// RemoteExec modes:
		// 0- turned off
		// 1- turned on, taking whitelist into account
		// 2- turned on, ignoring whitelist (default, because of backward compatibility)
		mode = 2;

		// Ability to send jip messages: 0-disabled, 1-enabled (default)
		jip = 1;

		// your functions here
		class BIS_fnc_aFunction
		{
			allowedTargets = 0;	// can target anyone (default)
			jip = 0;			// sending JIP messages is disabled for this function (overrides settings in the Functions class)
		};
		class YourFunctionOne { allowedTargets = 1; }; // can target only clients
		class YourFunctionTwo { allowedTargets = 2; }; // can target only the server
	};

	// List of script commands allowed to be sent from client via remoteExec
	class Commands
	{
		// your commands here
		class setDir
		{
			allowedTargets = 2;	// can target only the server
			jip = 0;			// sending JIP is turned off (overrides settings in the Commands class)
		};
	};
};

Default Config

The default CfgRemoteExec in game's main config has outdated format and is left for backward compatibility only. It was used by the old BIS_fnc_MP directly. The classes Client and Server are obsolete. The new RemoteExec mechanics ignores it and by default all functions and commands are allowed. This is default config.cpp entry:

class CfgRemoteExec
{
    class Server
    {
        class Functions
        {
            mode = 2;
        };
        class Commands
        {
            mode = 2;
        };
    };
    class Client
    {
        class Functions
        {
            mode = 2;
        };
        class Commands
        {
            mode = 2;
        };
    };
};

Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1; class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.

  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.

  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.