CfgRemoteExec – Arma 3
Jump to navigation
Jump to search
Lou Montana (talk | contribs) (Page refresh) |
Lou Montana (talk | contribs) m (Fix initPlayerServer.sqf workaround) |
||
| Line 82: | Line 82: | ||
If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed. | If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed. | ||
To have it functional without allowing [[execVM]], use the following workaround: | To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3 Functions Library|CfgFunctions]]: | ||
<syntaxhighlight lang="cpp"> | <syntaxhighlight lang="cpp"> | ||
class CfgFunctions | class CfgFunctions | ||
{ | { | ||
class | class TAG | ||
{ | { | ||
class | class Category | ||
{ | { | ||
class initPlayerServer { file = "initPlayerServer.sqf"; }; | class initPlayerServer { file = "initPlayerServer.sqf"; }; | ||
| Line 106: | Line 106: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
and have it run from [[Event Scripts|init.sqf]]: | and have it run from [[Event Scripts|init.sqf]]: | ||
<code>if (hasInterface) then | <code>[[if]] ([[hasInterface]]) [[then]] | ||
{ | { | ||
[] spawn | [] [[spawn]] | ||
{ | { | ||
[[waitUntil]] { [[not]] [[isNull]] [[player]] }; | [[waitUntil]] { [[not]] [[isNull]] [[player]] }; | ||
[[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2]; | [<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2]; | ||
}; | }; | ||
};</code> | };</code> | ||
Revision as of 09:48, 11 May 2020
Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.
Format
class CfgRemoteExec
{
// List of Functions allowed to be sent from client via remoteExec
class Functions
{
// RemoteExec modes:
// 0 - disabled
// 1 - allowed, taking whitelist into account
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
mode = 2;
// Ability to send JIP messages:
// 0 - disable JIP messages
// 1 - allow JIP messages (default)
jip = 1;
class BIS_fnc_aFunction
{
// Remote Execution from clients:
// 0 - allowed on other clients and server (default)
// 1 - allowed on other clients only
// 2 - allowed on server only
// any other value will be treated as 0
allowedTargets = 0;
// overrides the global Functions setting for this function
jip = 0;
};
};
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
Safe Config
This config only allows needed default game functions - see Notes below.
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
initPlayerServer.sqf
If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions:
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
and have it run from init.sqf:
if (hasInterface) then
{
[] spawn
{
waitUntil { not isNull player };
[player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
};
};
Default Config
This is the default config.cpp entry (obsolete):
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
Notes
- Posted on January 1, 2016
- AgentRev
-
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {}; class BIS_fnc_setCustomSoundController {};
- For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
- For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
- remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
format ["%1 %2", functionName, str params]The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:!="\w+?_fnc_\w+? \[[\S\s]*\]"Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: