CfgRemoteExec – Arma 3
Jump to navigation
Jump to search
No edit summary |
Lou Montana (talk | contribs) m (Text replacement - "</dd> </dl> " to "</dd> </dl> ") |
||
| (44 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
{{GVI| | {{TOC|side}}<div style="float: left; margin: 0.5em 1em 0.5em 0">{{GVI|arma3|1.50}}</div> | ||
Class containing a list of all scripted functions and commands which can be remotely executed by [[remoteExec]] / [[remoteExecCall]] (and [[BIS_fnc_MP]], obsolete) on server or client machines. | |||
This can be defined in main [[config.cpp]] or in campaign or mission [[Description.ext]]. | |||
{{Feature | Informative | Config priority goes: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) > [[Campaign Description.ext]] ([[campaignConfigFile]]) > Game/Mod Config ([[configFile]])}} | |||
== Format == | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
// List of Functions allowed to be sent from client via remoteExec | |||
class Functions | |||
{ | |||
// RemoteExec modes: | |||
// 0 - disabled | |||
// 1 - allowed, taking whitelist into account | |||
// 2 - allowed, ignoring whitelist (default, because of backward compatibility) | |||
mode = 2; | |||
[[Category: | // Ability to send JIP messages: | ||
// 0 - disable JIP messages | |||
// 1 - allow JIP messages (default) | |||
jip = 1; | |||
class BIS_fnc_aFunction | |||
{ | |||
// Remote Execution from clients: | |||
// 0 - allowed on other clients and server (default) | |||
// 1 - allowed on other clients only | |||
// 2 - allowed on server only | |||
// any other value will be treated as 0 | |||
allowedTargets = 0; | |||
// overrides the global Functions setting for this function | |||
jip = 0; | |||
}; | |||
}; | |||
// List of Commands allowed to be sent from client via remoteExec | |||
class Commands | |||
{ | |||
mode = 1; | |||
class setDir | |||
{ | |||
allowedTargets = 2; | |||
jip = 0; | |||
}; | |||
// etc | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
== Safe Config == | |||
This config only allows needed default game functions - see [[#Notes|Notes]] below. | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
class Functions | |||
{ | |||
mode = 1; // whitelist | |||
jip = 0; // JIP not allowed | |||
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; }; | |||
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; }; | |||
/* | |||
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional | |||
*/ | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
== initPlayerServer.sqf == | |||
If [[execVM]] is not in the commands whitelist, [[Event Scripts|initPlayerServer.sqf]] will '''not''' be executed. | |||
To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3 Functions Library|CfgFunctions]]: | |||
<syntaxhighlight lang="cpp"> | |||
class CfgFunctions | |||
{ | |||
class TAG | |||
{ | |||
class Category | |||
{ | |||
class initPlayerServer { file = "initPlayerServer.sqf"; }; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
class Functions | |||
{ | |||
mode = 1; | |||
class TAG_fnc_initPlayerServer { allowedTargets = 2; }; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
and have it run from [[Event Scripts|init.sqf]]: | |||
<code>[[if]] ([[hasInterface]]) [[then]] | |||
{ | |||
[] [[spawn]] | |||
{ | |||
[[waitUntil]] { [[not]] [[isNull]] [[player]] }; | |||
[<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2]; | |||
}; | |||
};</code> | |||
== Default Config == | |||
{{Feature | Informative | | |||
'''The default <tt>CfgRemoteExec</tt> in game's main config has outdated format and is left for backward compatibility only'''. | |||
It was used by the old [[BIS_fnc_MP]] directly. | |||
Classes <tt>Client</tt> and <tt>Server</tt> are obsolete. | |||
The new <tt>RemoteExec</tt> mechanics ignores it and by default all functions and commands are allowed. | |||
}} | |||
This is the default [[config.cpp]] entry (obsolete): | |||
<spoiler> | |||
<syntaxhighlight lang="cpp"> | |||
class CfgRemoteExec | |||
{ | |||
class Server | |||
{ | |||
class Functions | |||
{ | |||
mode = 2; | |||
}; | |||
class Commands | |||
{ | |||
mode = 2; | |||
}; | |||
}; | |||
class Client | |||
{ | |||
class Functions | |||
{ | |||
mode = 2; | |||
}; | |||
class Commands | |||
{ | |||
mode = 2; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
</spoiler> | |||
== Notes == | |||
<dl class="command_description"> | |||
<dt></dt> | |||
<dd class="notedate">Posted on January 1, 2016</dd> | |||
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt> | |||
<dd class="note"> | |||
<ul> | |||
<li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>: | |||
<syntaxhighlight lang="cpp"> | |||
class BIS_fnc_effectKilledAirDestruction {}; | |||
class BIS_fnc_effectKilledSecondaries {}; | |||
class BIS_fnc_objectVar {}; | |||
class BIS_fnc_setCustomSoundController {}; | |||
</syntaxhighlight></li> | |||
<li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li> | |||
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li> | |||
<li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: | |||
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code> | |||
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: | |||
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code> | |||
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. | |||
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion. | |||
</ul> | |||
</dd> | |||
</dl> | |||
{{GameCategory|arma3|Remote Execution}} | |||
[[Category:Introduced with Arma 3 version 1.50]] | |||
Revision as of 16:45, 12 June 2021
Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.
Format
class CfgRemoteExec
{
// List of Functions allowed to be sent from client via remoteExec
class Functions
{
// RemoteExec modes:
// 0 - disabled
// 1 - allowed, taking whitelist into account
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
mode = 2;
// Ability to send JIP messages:
// 0 - disable JIP messages
// 1 - allow JIP messages (default)
jip = 1;
class BIS_fnc_aFunction
{
// Remote Execution from clients:
// 0 - allowed on other clients and server (default)
// 1 - allowed on other clients only
// 2 - allowed on server only
// any other value will be treated as 0
allowedTargets = 0;
// overrides the global Functions setting for this function
jip = 0;
};
};
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
Safe Config
This config only allows needed default game functions - see Notes below.
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
initPlayerServer.sqf
If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions:
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
and have it run from init.sqf:
if (hasInterface) then
{
[] spawn
{
waitUntil { not isNull player };
[player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
};
};
Default Config
This is the default config.cpp entry (obsolete):
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
Notes
- Posted on January 1, 2016
- AgentRev
-
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {}; class BIS_fnc_setCustomSoundController {};
- For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
- For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
- remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
format ["%1 %2", functionName, str params]The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:!="\w+?_fnc_\w+? \[[\S\s]*\]"Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: