CfgRemoteExec – Arma 3
Jump to navigation
Jump to search
Lou Montana (talk | contribs) m (Text replacement - "<br/>" to "<br>") |
Lou Montana (talk | contribs) (Page refresh) |
||
| Line 1: | Line 1: | ||
{{GVI|arma3|1.50|category}} | {{SideTOC}}<div style="float: left; margin: 0.5em 1em 0.5em 0">{{GVI|arma3|1.50|category}}</div> | ||
Class containing a list of all scripted functions and commands which can be remotely executed by [[remoteExec]] / [[remoteExecCall]] (and [[BIS_fnc_MP]], obsolete) on server or client machines. | |||
This can be defined in main [[config.cpp]] or in campaign or mission [[Description.ext]]. | |||
{{Informative | Config priority goes: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) > [[Campaign Description.ext]] ([[campaignConfigFile]]) > Game/Mod Config ([[configFile]])}} | |||
== Format == | == Format == | ||
<syntaxhighlight lang=cpp> | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | class CfgRemoteExec | ||
{ | { | ||
// List of | // List of Functions allowed to be sent from client via remoteExec | ||
class Functions | class Functions | ||
{ | { | ||
// RemoteExec modes: | // RemoteExec modes: | ||
// 0- | // 0 - disabled | ||
// 1- | // 1 - allowed, taking whitelist into account | ||
// 2- | // 2 - allowed, ignoring whitelist (default, because of backward compatibility) | ||
mode = 2; | mode = 2; | ||
// Ability to send | // Ability to send JIP messages: | ||
// 0 - disable JIP messages | |||
// 1 - allow JIP messages (default) | |||
jip = 1; | jip = 1; | ||
class BIS_fnc_aFunction | class BIS_fnc_aFunction | ||
{ | { | ||
// Remote Execution from clients: | |||
// 0 - allowed on other clients and server (default) | |||
// 1 - allowed on other clients only | |||
// 2 - allowed on server only | |||
// any other value will be treated as 0 | |||
allowedTargets = 0; | |||
// overrides the global Functions setting for this function | |||
jip = 0; | |||
}; | }; | ||
}; | }; | ||
// List of | // List of Commands allowed to be sent from client via remoteExec | ||
class Commands | class Commands | ||
{ | { | ||
mode = 1; | |||
class setDir | class setDir | ||
{ | { | ||
allowedTargets = 2; // | allowedTargets = 2; | ||
jip = 0; | |||
}; | |||
// etc | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
== Safe Config == | |||
This config only allows needed default game functions - see [[#Notes|Notes]] below. | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
class Functions | |||
{ | |||
mode = 1; // whitelist | |||
jip = 0; // JIP not allowed | |||
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; }; | |||
/* | |||
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional | |||
*/ | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
== initPlayerServer.sqf == | |||
If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed. | |||
To have it functional without allowing [[execVM]], use the following workaround: | |||
<syntaxhighlight lang="cpp"> | |||
class CfgFunctions | |||
{ | |||
class Mafia | |||
{ | |||
class TAG | |||
{ | |||
class initPlayerServer { file = "initPlayerServer.sqf"; }; | |||
}; | }; | ||
}; | }; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
class Functions | |||
{ | |||
mode = 1; | |||
class TAG_fnc_initPlayerServer { allowedTargets = 2; }; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
and have it run from [[Event Scripts|init.sqf]]: | |||
<code>if (hasInterface) then | |||
{ | |||
[] spawn | |||
{ | |||
[[waitUntil]] { [[not]] [[isNull]] [[player]] }; | |||
[[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2]; | |||
}; | |||
};</code> | |||
== Default Config == | == Default Config == | ||
{{Informative | | |||
'''The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only'''. | |||
<syntaxhighlight lang=cpp> | It was used by the old [[BIS_fnc_MP]] directly. | ||
Classes <tt>Client</tt> and <tt>Server</tt> are obsolete. | |||
The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed. | |||
}} | |||
This is the default [[config.cpp]] entry (obsolete): | |||
<spoiler> | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | class CfgRemoteExec | ||
{ | { | ||
class Server | |||
{ | |||
class Functions | |||
{ | |||
mode = 2; | |||
}; | |||
class Commands | |||
{ | |||
mode = 2; | |||
}; | |||
}; | |||
class Client | |||
{ | |||
class Functions | |||
{ | |||
mode = 2; | |||
}; | |||
class Commands | |||
{ | |||
mode = 2; | |||
}; | |||
}; | |||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
</spoiler> | |||
== Notes == | == Notes == | ||
<dl class="command_description"> | <dl class="command_description"> | ||
<dd class="notedate">Posted on January 1, 2016</dd> | <dd class="notedate">Posted on January 1, 2016</dd> | ||
| Line 86: | Line 163: | ||
<dd class="note"> | <dd class="note"> | ||
<ul> | <ul> | ||
<li>As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1 | <li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>: | ||
< | <syntaxhighlight lang="cpp"> | ||
class BIS_fnc_effectKilledAirDestruction {}; | |||
class BIS_fnc_effectKilledSecondaries {}; | class BIS_fnc_effectKilledSecondaries {}; | ||
class BIS_fnc_objectVar {}; | class BIS_fnc_objectVar {}; | ||
class BIS_fnc_setCustomSoundController {}; | class BIS_fnc_setCustomSoundController {}; | ||
</ | </syntaxhighlight></li> | ||
<li>For [[ | <li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li> | ||
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.< | <li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li> | ||
<li>remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: | <li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: | ||
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code> | <code>[[format]] ["%1 %2", functionName, [[str]] params]</code> | ||
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: | The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: | ||
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code> | <code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code> | ||
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion. | Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. | ||
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion. | |||
</ul> | </ul> | ||
</dd> | </dd> | ||
Revision as of 21:05, 10 May 2020
Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.
Format
class CfgRemoteExec
{
// List of Functions allowed to be sent from client via remoteExec
class Functions
{
// RemoteExec modes:
// 0 - disabled
// 1 - allowed, taking whitelist into account
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
mode = 2;
// Ability to send JIP messages:
// 0 - disable JIP messages
// 1 - allow JIP messages (default)
jip = 1;
class BIS_fnc_aFunction
{
// Remote Execution from clients:
// 0 - allowed on other clients and server (default)
// 1 - allowed on other clients only
// 2 - allowed on server only
// any other value will be treated as 0
allowedTargets = 0;
// overrides the global Functions setting for this function
jip = 0;
};
};
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
Safe Config
This config only allows needed default game functions - see Notes below.
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
initPlayerServer.sqf
If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround:
class CfgFunctions
{
class Mafia
{
class TAG
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
and have it run from init.sqf:
if (hasInterface) then
{
[] spawn
{
waitUntil { not isNull player };
[[[player]], didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
};
};
Default Config
This is the default config.cpp entry (obsolete):
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
Notes
- Posted on January 1, 2016
- AgentRev
-
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {}; class BIS_fnc_setCustomSoundController {};
- For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
- For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
- remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
format ["%1 %2", functionName, str params]The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:!="\w+?_fnc_\w+? \[[\S\s]*\]"Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: