CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
m (Text replacement - "{{SideTOC}}" to "{{TOC|side}}")
m (Fix wording)
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{TOC|side}}<div style="float: left; margin: 0.5em 1em 0.5em 0">{{GVI|arma3|1.50|category}}</div>
{{TOC|side}}
Class containing a list of all scripted functions and commands which can be remotely executed by [[remoteExec]] / [[remoteExecCall]] (and [[BIS_fnc_MP]], obsolete) on server or client machines.
 
This can be defined in main [[config.cpp]] or in campaign or mission [[Description.ext]].
CfgRemoteExec defines rules for the remote execution of functions and commands. These rules only apply to clients. The server is not subject to any limitations, everything is enabled and allowed for it.
{{Informative | Config priority goes: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) &gt; [[Campaign Description.ext]] ([[campaignConfigFile]]) &gt; Game/Mod Config ([[configFile]])}}
 
{{Feature|informative|
As usual, the more local config takes precedence: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) &gt; [[Campaign Description.ext]] ([[campaignConfigFile]]) &gt; Game / Mod Config ([[configFile]]).
If several definitions for {{hl|CfgRemoteExec}} exist, the {{hl|mode}} attribute will be overridden by the last parsed config and whitelisted functions and commands will be merged.<br>
<br>
To allow for a mission's mod compatibility, see {{Link|#Mission Compatibility With Mods}}.
}}
 
See [[Arma 3: Remote Execution]] for more information about remote execution.




== Format ==
== Format ==
 
<syntaxhighlight lang="cpp" class="float-right" style="min-width: 30em">
<syntaxhighlight lang="cpp">
class CfgRemoteExec
class CfgRemoteExec
{
{
// List of Functions allowed to be sent from client via remoteExec
class Functions
class Functions
{
{
// RemoteExec modes:
// 0 - disabled
// 1 - allowed, taking whitelist into account
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
mode = 2;
mode = 2;
// Ability to send JIP messages:
// 0 - disable JIP messages
// 1 - allow JIP messages (default)
jip = 1;
jip = 1;


class BIS_fnc_aFunction
class BIS_fnc_someFunction
{
{
// Remote Execution from clients:
// 0 - allowed on other clients and server (default)
// 1 - allowed on other clients only
// 2 - allowed on server only
// any other value will be treated as 0
allowedTargets = 0;
allowedTargets = 0;
// overrides the global Functions setting for this function
jip = 0;
jip = 0;
};
};
};
};


// List of Commands allowed to be sent from client via remoteExec
class Commands
class Commands
{
{
Line 48: Line 38:
jip = 0;
jip = 0;
};
};
// etc
};
};
};
};
</syntaxhighlight>
</syntaxhighlight>
In a <syntaxhighlight lang="cpp" inline>class CfgRemoteExec</syntaxhighlight> block, two objects can be defined:
* Functions
** children of this object are named like the [[:Category:Functions|function]] they filter (e.g <syntaxhighlight lang="cpp" inline>class BIS_fnc_showSubtitle</syntaxhighlight>)
* Commands
** children of this object are named like the [[:Category:Scripting Commands|command]] they filter (e.g <syntaxhighlight lang="cpp" inline>class setDir</syntaxhighlight>)
Both main objects can be configured using the following values:
* {{hl|mode}} - operation mode
** 0 - remote execution is blocked
** 1 - only whitelisted functions / commands are allowed
** 2 - remote execution is fully allowed, ignoring the whitelist (default, because of backward compatibility)
* {{hl|jip}} - {{Link|Multiplayer Scripting#Join In Progress|Join In Progress}} settings
** 0 - JIP flag can not be set
** 1 - JIP flag can be set (default)
Their elements (functions, commands) can be configured with the following values:
* {{hl|allowedTargets}} - which machine can be reached by it
** 0 - can target all machines (default)
** 1 - can only target clients, execution on the server is denied
** 2 - can only target the server, execution on clients is denied
* {{hl|jip}} - {{Link|Multiplayer Scripting#Join In Progress|Join In Progress}} settings parent override
** 0 - JIP flag can not be set
** 1 - JIP flag can be set




== Safe Config ==
== Safe Config ==


This config only allows needed default game functions - see [[#Notes|Notes]] below.
This config only allows required default game functions (see {{Link|#Notes}}).
 
<syntaxhighlight lang="cpp">
<syntaxhighlight lang="cpp">
class CfgRemoteExec
class CfgRemoteExec
Line 63: Line 74:
class Functions
class Functions
{
{
mode = 1; // whitelist
mode = 1; // whitelist only
jip = 0; // JIP not allowed
jip = 0; // JIP flag not allowed


class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_fire { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };


/*
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; //Allow debug console (optional)
*/
*/
};
};
};
</syntaxhighlight>
{{ArgTitle|2|Mission Compatibility With Mods|{{GVI|arma3|2.14}}}}
A mod can define its own {{hl|CfgRemoteExec}} to allow its own functions. If a mission defines it too, the mission overrides all the existing settings.
To circumvent that, use {{Link|import (Config)|import}} in the mission's [[Description.ext]]:
<syntaxhighlight lang="cpp">
import CfgRemoteExec as CfgRemoteExecMod;
class CfgRemoteExec : CfgRemoteExecMod
{
// your settings
};
};
</syntaxhighlight>
</syntaxhighlight>
Line 81: Line 108:
== initPlayerServer.sqf ==
== initPlayerServer.sqf ==


If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed.
If [[execVM]] is not whitelisted, [[Event Scripts|initPlayerServer.sqf]] will not be executed.
To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3 Functions Library|CfgFunctions]]:
To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3: Functions Library|CfgFunctions]]:
<syntaxhighlight lang="cpp">
<syntaxhighlight lang="cpp">
class CfgFunctions
class CfgFunctions
Line 105: Line 132:
};
};
</syntaxhighlight>
</syntaxhighlight>
and have it run from [[Event Scripts|init.sqf]]:
Then execute it from [[Event Scripts|init.sqf]]:
<code>[[if]] ([[hasInterface]]) [[then]]
<sqf>
if (hasInterface) then
{
{
[] [[spawn]]
[] spawn {
{
waitUntil {!isNull player};
[[waitUntil]] { [[not]] [[isNull]] [[player]] };
[player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
[<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2];
};
};
};</code>
};
</sqf>




== Default Config ==
== Default Config ==


{{Informative |
{{Feature|informative|The default {{hl|CfgRemoteExec}} in the game's main config uses an outdated format and is left for backward compatibility only (it was used directly by [[BIS_fnc_MP]]). The {{hl|Client}} and {{hl|Server}} classes are obsolete now. The new [[Arma_3:_Remote_Execution#Remote_Execution_Framework|Remote Execution Framework]] ignores it (by default, all functions and commands are allowed).}}
'''The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only'''.
It was used by the old [[BIS_fnc_MP]] directly.
Classes <tt>Client</tt> and <tt>Server</tt> are obsolete.
The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed.
}}
This is the default [[config.cpp]] entry (obsolete):
This is the default [[config.cpp]] entry (obsolete):
<spoiler>
<spoiler>
Line 158: Line 181:
== Notes ==
== Notes ==


<dl class="command_description">
{{Note
<dd class="notedate">Posted on January 1, 2016</dd>
|user= AgentRev
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
|timestamp= 20160102052800
<dd class="note">
|text= <nowiki/>
<ul>
* As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if {{hl|class Functions}} is set to {{hl|c= mode = 1}}: <syntaxhighlight lang="cpp">
<li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>:
<syntaxhighlight lang="cpp">
class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_fire {};
class BIS_fnc_objectVar {};
class BIS_fnc_objectVar {};
class BIS_fnc_setCustomSoundController {};
class BIS_fnc_setCustomSoundController {};
</syntaxhighlight></li>
</syntaxhighlight>
<li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li>
* For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use {{Link|https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/|this method}} instead.
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li>
* For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.
<li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
* [[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: <sqf>
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
format ["%1 %2", functionName, str arguments]</sqf><!--
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
-->The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: <sqf>!="\w+?_fnc_\w+? \[[\S\s]*\]"</sqf><!--
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code>
-->Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed.<!--
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed.
--> Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
}}
</ul>
</dd>
</dl>




[[Category:Arma 3: Remote Execution]]
{{GameCategory|arma3|Remote Execution}}
[[Category:Introduced with Arma 3 version 1.50]]

Latest revision as of 18:55, 6 September 2024

CfgRemoteExec defines rules for the remote execution of functions and commands. These rules only apply to clients. The server is not subject to any limitations, everything is enabled and allowed for it.

As usual, the more local config takes precedence: Mission Description.ext (missionConfigFile) > Campaign Description.ext (campaignConfigFile) > Game / Mod Config (configFile).

If several definitions for CfgRemoteExec exist, the mode attribute will be overridden by the last parsed config and whitelisted functions and commands will be merged.

To allow for a mission's mod compatibility, see Mission Compatibility With Mods.

See Arma 3: Remote Execution for more information about remote execution.


Format

class CfgRemoteExec
{
	class Functions
	{
		mode = 2;
		jip = 1;

		class BIS_fnc_someFunction
		{
			allowedTargets = 0;
			jip = 0;
		};
	};

	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
	};
};

In a class CfgRemoteExec block, two objects can be defined:

  • Functions
    • children of this object are named like the function they filter (e.g class BIS_fnc_showSubtitle)
  • Commands
    • children of this object are named like the command they filter (e.g class setDir)

Both main objects can be configured using the following values:

  • mode - operation mode
    • 0 - remote execution is blocked
    • 1 - only whitelisted functions / commands are allowed
    • 2 - remote execution is fully allowed, ignoring the whitelist (default, because of backward compatibility)
  • jip - Join In Progress settings
    • 0 - JIP flag can not be set
    • 1 - JIP flag can be set (default)

Their elements (functions, commands) can be configured with the following values:

  • allowedTargets - which machine can be reached by it
    • 0 - can target all machines (default)
    • 1 - can only target clients, execution on the server is denied
    • 2 - can only target the server, execution on clients is denied
  • jip - Join In Progress settings parent override
    • 0 - JIP flag can not be set
    • 1 - JIP flag can be set


Safe Config

This config only allows required default game functions (see Notes).

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	// whitelist only
		jip = 0;	// JIP flag not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_fire							{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar						{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; //Allow debug console (optional)
*/
	};
};


Mission Compatibility With Mods

A mod can define its own CfgRemoteExec to allow its own functions. If a mission defines it too, the mission overrides all the existing settings.

To circumvent that, use import in the mission's Description.ext:

import CfgRemoteExec as CfgRemoteExecMod;

class CfgRemoteExec : CfgRemoteExecMod
{
	// your settings
};


initPlayerServer.sqf

If execVM is not whitelisted, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions:

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};
class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

Then execute it from init.sqf:

if (hasInterface) then { [] spawn { waitUntil {!isNull player}; [player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2]; }; };


Default Config

The default CfgRemoteExec in the game's main config uses an outdated format and is left for backward compatibility only (it was used directly by BIS_fnc_MP). The Client and Server classes are obsolete now. The new Remote Execution Framework ignores it (by default, all functions and commands are allowed).

This is the default config.cpp entry (obsolete):

class CfgRemoteExec
{
	class Server
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
	class Client
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
};


Notes

AgentRev - c
Posted on Jan 02, 2016 - 05:28 (UTC)
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
    class BIS_fnc_effectKilledAirDestruction {};
    class BIS_fnc_effectKilledSecondaries {};
    class BIS_fnc_fire {};
    class BIS_fnc_objectVar {};
    class BIS_fnc_setCustomSoundController {};
    
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
    format ["%1 %2", functionName, str arguments]
    The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
    !="\w+?_fnc_\w+? \[[\S\s]*\]"
    Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.