CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
(BattlEye)
m (Text replacement - "</dd> </dl> " to "</dd> </dl> ")
(28 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{GVI|arma3|1.50|category}}
{{TOC|side}}<div style="float: left; margin: 0.5em 1em 0.5em 0">{{GVI|arma3|1.50}}</div>
Class containing a list of all scripted functions and commands which can be remotely executed by [[remoteExec]] / [[remoteExecCall]] (and [[BIS_fnc_MP]], obsolete) on server or client machines.
This can be defined in main [[config.cpp]] or in campaign or mission [[Description.ext]].
{{Feature | Informative | Config priority goes: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) &gt; [[Campaign Description.ext]] ([[campaignConfigFile]]) &gt; Game/Mod Config ([[configFile]])}}


==== Description ====
Class containing a list of all scripted functions and commands which can be remotely executed by [[BIS_fnc_MP]] / [[remoteExec]] / [[remoteExecCall]] on server or client machines. Can be defined in [[Config.cpp]] or in campaign's or mission's [[Description.ext]]. The most local variant is used. See also [[CfgRemoteExecCommands]].


==== Format ====
== Format ==
class CfgRemoteExec
 
{      
<syntaxhighlight lang="cpp">
        // List of script functions allowed to be sent from client via remoteExec
class CfgRemoteExec
        class Functions
{
        {
// List of Functions allowed to be sent from client via remoteExec
                // State of remoteExec: 0-turned off, 1-turned on, taking whitelist into account, 2-turned on, however, ignoring whitelists ('''default''' because of backward compatibility)
class Functions
                mode = 2;
{
                // Ability to send jip messages: 0-disabled, 1-enabled (default)
// RemoteExec modes:
                jip = 1;
// 0 - disabled
                /*your functions here*/
// 1 - allowed, taking whitelist into account
                class YourFunction1
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
                {
mode = 2;
                      allowedTargets=0; // can target anyone (default)
 
                      jip = 0; // sending jip messages is disabled for this function (overrides settings in the Functions class)
// Ability to send JIP messages:
                };
// 0 - disable JIP messages
                class YourFunction2 { allowedTargets=1; }; // can target only clients
// 1 - allow JIP messages (default)
                class YourFunction3 { allowedTargets=2; }; // can target only the server
jip = 1;
        };      
 
        // List of script commands allowed to be sent from client via remoteExec
class BIS_fnc_aFunction
        class Commands
{
        {
// Remote Execution from clients:
              /*your commands here*/
// 0 - allowed on other clients and server (default)
              class YourCommand1 { allowedTargets=0; jip=0; } // can target anyone, sending jip is turned off (overrides settings in the Commands class)
// 1 - allowed on other clients only
};
// 2 - allowed on server only
};
// any other value will be treated as 0
allowedTargets = 0;
 
// overrides the global Functions setting for this function
jip = 0;
};
};
 
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
 
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
</syntaxhighlight>
 
 
== Safe Config ==
 
This config only allows needed default game functions - see [[#Notes|Notes]] below.
 
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
 
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
 
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
</syntaxhighlight>
 
 
== initPlayerServer.sqf ==
 
If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed.
To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3 Functions Library|CfgFunctions]]:
<syntaxhighlight lang="cpp">
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
</syntaxhighlight>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
</syntaxhighlight>
and have it run from [[Event Scripts|init.sqf]]:
<code>[[if]] ([[hasInterface]]) [[then]]
{
[] [[spawn]]
{
[[waitUntil]] { [[not]] [[isNull]] [[player]] };
[<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2];
};
};</code>
 
 
== Default Config ==
 
{{Feature | Informative |
'''The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only'''.
It was used by the old [[BIS_fnc_MP]] directly.
Classes <tt>Client</tt> and <tt>Server</tt> are obsolete.
The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed.
}}
This is the default [[config.cpp]] entry (obsolete):
<spoiler>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
</syntaxhighlight>
</spoiler>




== Notes ==
== Notes ==
<dl class="command_description">
<dl class="command_description">
<dt></dt>
<dd class="notedate">Posted on January 1, 2016</dd>
<dd class="notedate">Posted on January 1, 2016</dd>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dd class="note">
<dd class="note">
<ul>
<ul>
<li>As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1;</tt>
<li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>:
<code>class BIS_fnc_effectKilledAirDestruction {};
<syntaxhighlight lang="cpp">
class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_objectVar {};
</code><br/>
class BIS_fnc_setCustomSoundController {};
<li>For [[Event_Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.<br/><br/>
</syntaxhighlight></li>
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.<br/><br/>
<li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li>
<li>remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li>
<li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
<code>!="\w+?_fnc_\w+? \[.*\]"</code>
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code>
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, and instead use functions, as commands need to be excluded individually for BE, while all functions are covered by the above exclusion.
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed.
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
</ul>
</ul>
</dd>
</dd>
</dl>
</dl>




[[Category:Arma_3:_Editing]]
{{GameCategory|arma3|Remote Execution}}
[[Category:Introduced with Arma 3 version 1.50]]

Revision as of 16:45, 12 June 2021

Arma 3 logo black.png1.50

Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.


Format

class CfgRemoteExec
{
	// List of Functions allowed to be sent from client via remoteExec
	class Functions
	{
		// RemoteExec modes:
		// 0 - disabled
		// 1 - allowed, taking whitelist into account
		// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
		mode = 2;

		// Ability to send JIP messages:
		// 0 - disable JIP messages
		// 1 - allow JIP messages (default)
		jip = 1;

		class BIS_fnc_aFunction
		{
			// Remote Execution from clients:
			// 0 - allowed on other clients and server (default)
			// 1 - allowed on other clients only
			// 2 - allowed on server only
			// any other value will be treated as 0
			allowedTargets = 0;

			// overrides the global Functions setting for this function
			jip = 0;
		};
	};

	// List of Commands allowed to be sent from client via remoteExec
	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
		// etc
	};
};


Safe Config

This config only allows needed default game functions - see Notes below. 

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	// whitelist
		jip = 0;	// JIP not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar						{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; // allow debug console - optional
*/
	};
};


initPlayerServer.sqf

If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions: 

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

and have it run from init.sqf: if (hasInterface) then { [] spawn { waitUntil { not isNull player }; [player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2]; }; };


Default Config

The default CfgRemoteExec in game's main config has outdated format and is left for backward compatibility only.

It was used by the old BIS_fnc_MP directly. Classes Client and Server are obsolete.

The new RemoteExec mechanics ignores it and by default all functions and commands are allowed.

This is the default config.cpp entry (obsolete): 

class CfgRemoteExec
{
	class Server
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
	class Client
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: 
    class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_setCustomSoundController {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Retrieved from "https://community.bistudio.com/wiki?title=Arma_3:_CfgRemoteExec&oldid=269026"