CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
mNo edit summary
m (Text replacement - "</dd> </dl> " to "</dd> </dl> ")
(25 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{GVI|arma3|1.50|category}}
{{TOC|side}}<div style="float: left; margin: 0.5em 1em 0.5em 0">{{GVI|arma3|1.50}}</div>
Class containing a list of all scripted functions and commands which can be remotely executed by [[remoteExec]] / [[remoteExecCall]] (and [[BIS_fnc_MP]], obsolete) on server or client machines.
This can be defined in main [[config.cpp]] or in campaign or mission [[Description.ext]].
{{Feature | Informative | Config priority goes: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) &gt; [[Campaign Description.ext]] ([[campaignConfigFile]]) &gt; Game/Mod Config ([[configFile]])}}


==== Description ====
Class containing a list of all scripted functions and commands which can be remotely executed by [[BIS_fnc_MP]] / [[remoteExec]] / [[remoteExecCall]] on server or client machines. Can be defined in [[Config.cpp]] or in campaign's or mission's [[Description.ext]]. The most local variant is used. See also [[CfgRemoteExecCommands]].


==== Format ====
== Format ==
class CfgRemoteExec
 
{      
<syntaxhighlight lang="cpp">
        // List of script functions allowed to be sent from client via remoteExec
class CfgRemoteExec
        class Functions
{
        {
// List of Functions allowed to be sent from client via remoteExec
                // State of remoteExec: 0-turned off, 1-turned on, taking whitelist into account, 2-turned on, however, ignoring whitelists ('''default''' because of backward compatibility)
class Functions
                mode = 2;
{
                // Ability to send jip messages: 0-disabled, 1-enabled (default)
// RemoteExec modes:
                jip = 1;
// 0 - disabled
                /*your functions here*/
// 1 - allowed, taking whitelist into account
                class YourFunction1
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
                {
mode = 2;
                      allowedTargets=0; // can target anyone (default)
 
                      jip = 0; // sending jip messages is disabled for this function (overrides settings in the Functions class)
// Ability to send JIP messages:
                };
// 0 - disable JIP messages
                class YourFunction2 { allowedTargets=1; }; // can target only clients
// 1 - allow JIP messages (default)
                class YourFunction3 { allowedTargets=2; }; // can target only the server
jip = 1;
        };      
 
        // List of script commands allowed to be sent from client via remoteExec
class BIS_fnc_aFunction
        class Commands
{
        {
// Remote Execution from clients:
              /*your commands here*/
// 0 - allowed on other clients and server (default)
              class YourCommand1 { allowedTargets=0; jip=0; } // can target anyone, sending jip is turned off (overrides settings in the Commands class)
// 1 - allowed on other clients only
};
// 2 - allowed on server only
};
// any other value will be treated as 0
allowedTargets = 0;
 
// overrides the global Functions setting for this function
jip = 0;
};
};
 
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
 
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
</syntaxhighlight>
 
 
== Safe Config ==
 
This config only allows needed default game functions - see [[#Notes|Notes]] below.
 
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
 
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
 
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
</syntaxhighlight>
 
 
== initPlayerServer.sqf ==
 
If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed.
To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3 Functions Library|CfgFunctions]]:
<syntaxhighlight lang="cpp">
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
</syntaxhighlight>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
</syntaxhighlight>
and have it run from [[Event Scripts|init.sqf]]:
<code>[[if]] ([[hasInterface]]) [[then]]
{
[] [[spawn]]
{
[[waitUntil]] { [[not]] [[isNull]] [[player]] };
[<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2];
};
};</code>
 
 
== Default Config ==
 
{{Feature | Informative |
'''The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only'''.
It was used by the old [[BIS_fnc_MP]] directly.
Classes <tt>Client</tt> and <tt>Server</tt> are obsolete.
The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed.
}}
This is the default [[config.cpp]] entry (obsolete):
<spoiler>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
</syntaxhighlight>
</spoiler>




== Notes ==
== Notes ==
<dl class="command_description">
<dl class="command_description">
<dt></dt>
<dd class="notedate">Posted on January 1, 2016</dd>
<dd class="notedate">Posted on January 1, 2016</dd>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dd class="note">
<dd class="note">
<ul>
<ul>
<li>As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1;</tt>
<li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>:
<code>class BIS_fnc_effectKilledAirDestruction {};
<syntaxhighlight lang="cpp">
class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_objectVar {};
</code><br/>
class BIS_fnc_setCustomSoundController {};
<li>For [[Event_Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.<br/><br/>
</syntaxhighlight></li>
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.<br/><br/>
<li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li>
<li>remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li>
<li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
<code>!="\w+?_fnc_\w+? \[.*\]"</code>
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code>
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual BE exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed.
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
</ul>
</ul>
</dd>
</dd>
</dl>
</dl>




[[Category:Arma_3:_Editing]]
{{GameCategory|arma3|Remote Execution}}
[[Category:Introduced with Arma 3 version 1.50]]

Revision as of 16:45, 12 June 2021

Arma 3 logo black.png1.50

Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.


Format

class CfgRemoteExec
{
	// List of Functions allowed to be sent from client via remoteExec
	class Functions
	{
		// RemoteExec modes:
		// 0 - disabled
		// 1 - allowed, taking whitelist into account
		// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
		mode = 2;

		// Ability to send JIP messages:
		// 0 - disable JIP messages
		// 1 - allow JIP messages (default)
		jip = 1;

		class BIS_fnc_aFunction
		{
			// Remote Execution from clients:
			// 0 - allowed on other clients and server (default)
			// 1 - allowed on other clients only
			// 2 - allowed on server only
			// any other value will be treated as 0
			allowedTargets = 0;

			// overrides the global Functions setting for this function
			jip = 0;
		};
	};

	// List of Commands allowed to be sent from client via remoteExec
	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
		// etc
	};
};


Safe Config

This config only allows needed default game functions - see Notes below. 

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	// whitelist
		jip = 0;	// JIP not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar						{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; // allow debug console - optional
*/
	};
};


initPlayerServer.sqf

If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions: 

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

and have it run from init.sqf: if (hasInterface) then { [] spawn { waitUntil { not isNull player }; [player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2]; }; };


Default Config

The default CfgRemoteExec in game's main config has outdated format and is left for backward compatibility only.

It was used by the old BIS_fnc_MP directly. Classes Client and Server are obsolete.

The new RemoteExec mechanics ignores it and by default all functions and commands are allowed.

This is the default config.cpp entry (obsolete): 

class CfgRemoteExec
{
	class Server
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
	class Client
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: 
    class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_setCustomSoundController {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Retrieved from "https://community.bistudio.com/wiki?title=Arma_3:_CfgRemoteExec&oldid=269026"